improve haip check & align with Oid4Vp draft 22 (#218)

* remove haip check & align with Oid4Vp draft 22 Signed-off-by: kenkosmowski <[email protected]> * improve haip check Signed-off-by: kenkosmowski <[email protected]> --------- Signed-off-by: kenkosmowski <[email protected]>
openwallet-foundation-labs · Nov 20, 2024 · a517cba · a517cba
1 parent b7fa3c5
commit a517cba
Showing 1 changed file with 31 additions and 8 deletions.
diff --git a/src/WalletFramework.Oid4Vc/Oid4Vp/Models/AuthorizationRequest.cs b/src/WalletFramework.Oid4Vc/Oid4Vp/Models/AuthorizationRequest.cs
@@ -16,6 +16,9 @@ public record AuthorizationRequest
     public const string DirectPost = "direct_post";
     public const string DirectPostJwt = "direct_post.jwt";
 
+    public static readonly string[] SupportedClientIdSchemes =
+        [RedirectUriScheme, VerifierAttestationScheme, X509SanDnsScheme];
+
     private const string VpToken = "vp_token";
 
     /// <summary>
@@ -100,8 +103,17 @@ private AuthorizationRequest(
         string? scope,
         string? state)
     {
-        ClientId = clientId;
-        ClientIdScheme = clientIdScheme;
+        if (SupportedClientIdSchemes.Exists(supportedClientIdScheme => clientId.StartsWith($"{supportedClientIdScheme}:")))
+        {
+            ClientIdScheme = clientId.Split(':')[0];
+            ClientId = clientId.Split(':')[1];
+        }
+        else
+        {
+            ClientId = clientId;
+            ClientIdScheme = clientIdScheme;    
+        }
+
         ClientMetadata = clientMetadata;
         ClientMetadataUri = clientMetadataUri;
         Nonce = nonce;
@@ -120,23 +132,34 @@ private AuthorizationRequest(
     /// <exception cref="InvalidOperationException">Thrown when the request does not match the HAIP.</exception>
     public static AuthorizationRequest CreateAuthorizationRequest(string authorizationRequestJson)
         => CreateAuthorizationRequest(JObject.Parse(authorizationRequestJson));
-    
+
     private static AuthorizationRequest CreateAuthorizationRequest(JObject authorizationRequestJson) =>
         IsHaipConform(authorizationRequestJson)
             ? authorizationRequestJson.ToObject<AuthorizationRequest>()
               ?? throw new InvalidOperationException("Could not parse the Authorization Request")
             : throw new InvalidOperationException(
-                "Invalid Authorization Request. The request does not match the HAIP"
-            );
-
+                "Invalid Authorization Request. The request does not match the HAIP");
+
     private static bool IsHaipConform(JObject authorizationRequestJson)
     {
         var responseType = authorizationRequestJson["response_type"]!.ToString();
         var responseUri = authorizationRequestJson["response_uri"]!.ToString();
         var responseMode = authorizationRequestJson["response_mode"]!.ToString();
         var redirectUri = authorizationRequestJson["redirect_uri"];
-        var clientIdScheme = authorizationRequestJson["client_id_scheme"]!.ToString();
-        var clientId = authorizationRequestJson["client_id"]!.ToString();
+        var authorizationRequestClientId = authorizationRequestJson["client_id"]!.ToString();
+
+        string clientId;
+        string clientIdScheme;
+        if (SupportedClientIdSchemes.Exists(supportedClientIdScheme => authorizationRequestClientId.StartsWith($"{supportedClientIdScheme}:")))
+        {
+            clientIdScheme = authorizationRequestClientId.Split(':')[0]; 
+            clientId = authorizationRequestClientId.Split(':')[1];
+        }
+        else
+        {
+            clientIdScheme = authorizationRequestJson["client_id_scheme"]!.ToString();
+            clientId = authorizationRequestClientId;    
+        }
 
         return
             responseType == VpToken