Merge pull request #916 from walt-id/wal-887

release 0.11.0
walt-id · Feb 3, 2025 · a34cdf0 · a34cdf0
2 parents 864f0b7 + f515df0
commit a34cdf0
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 19 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -36,6 +36,7 @@ jobs:
       deployment: prod
       namespace: default
       portals: portals
+      kubeconfig_secret: NL_KUBE_CONFIG
   tag:
     uses: walt-id/waltid-identity/.github/workflows/tag.yml@266f5c09359450c39019a6da38f2b331e7122918
     needs: [ version, deploy ]

diff --git a/.run/Issuer.run.xml b/.run/Issuer.run.xml
@@ -5,7 +5,7 @@
     <option name="MAIN_CLASS_NAME" value="id.walt.issuer.MainKt" />
     <module name="waltid-identity.waltid-services.waltid-issuer-api.main" />
     <option name="PROGRAM_PARAMETERS" value="-l trace" />
-    <shortenClasspath name="NONE" />
+    <shortenClasspath name="ARGS_FILE" />
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/waltid-services/waltid-issuer-api" />
     <method v="2">
       <option name="Make" enabled="true" />

diff --git a/docker-compose/.env b/docker-compose/.env
@@ -23,6 +23,6 @@ MSSQL_DB_PORT=1433
 
 #sqlite | postgres | mssql
 DATABASE_ENGINE=postgres
-VERSION_TAG=0.10.0
+VERSION_TAG=0.11.0
 #identity | identity,tse | all
 COMPOSE_PROFILES=identity
diff --git a/waltid-applications/waltid-web-portal/pages/verify/index.tsx b/waltid-applications/waltid-web-portal/pages/verify/index.tsx
@@ -41,11 +41,18 @@ export default function Verification() {
         return false;
       });
 
+      const standardVersion = 'draft13'; // ['draft13', 'draft11']
+      const issuerMetadataConfigSelector = {
+        'draft13': 'credential_configurations_supported',
+        'draft11': 'credentials_supported',
+      }
+
+      const issuerMetadata = await axios.get(`${env.NEXT_PUBLIC_ISSUER ? env.NEXT_PUBLIC_ISSUER : nextConfig.publicRuntimeConfig!.NEXT_PUBLIC_ISSUER}/${standardVersion}/.well-known/openid-credential-issuer`);
       const request_credentials = credentials.map((credential) => {
         if (mapFormat(format) === 'vc+sd-jwt') {
-          let url = `${env.NEXT_PUBLIC_ISSUER ? env.NEXT_PUBLIC_ISSUER : nextConfig.publicRuntimeConfig!.NEXT_PUBLIC_ISSUER}`;
+          let url = issuerMetadata.data[issuerMetadataConfigSelector[standardVersion]][`${credential.offer.type[credential.offer.type.length - 1]}_vc+sd-jwt`].vct;
           return {
-            vct: `${url}/${credential.offer.type[credential.offer.type.length - 1]}`,
+            vct: url,
             format: mapFormat(format),
           };
         } else {
@@ -75,7 +82,7 @@ export default function Verification() {
 
       const response = await axios.post(
         `${env.NEXT_PUBLIC_VERIFIER ? env.NEXT_PUBLIC_VERIFIER : nextConfig.publicRuntimeConfig!.NEXT_PUBLIC_VERIFIER}/openid4vc/verify`,
-          requestBody,
+        requestBody,
         {
           headers: {
             successRedirectUri: `${window.location.origin}/success/$id`,

diff --git a/waltid-services/waltid-issuer-api/src/main/kotlin/id/walt/issuer/issuance/OidcApi.kt b/waltid-services/waltid-issuer-api/src/main/kotlin/id/walt/issuer/issuance/OidcApi.kt
@@ -1,8 +1,6 @@
 package id.walt.issuer.issuance
 
 
-import id.walt.policies.Verifier
-import id.walt.policies.models.PolicyRequest.Companion.parsePolicyRequests
 import id.walt.oid4vc.OpenID4VC
 import id.walt.oid4vc.data.*
 import id.walt.oid4vc.data.dif.PresentationDefinition
@@ -19,6 +17,8 @@ import id.walt.oid4vc.responses.AuthorizationErrorCode
 import id.walt.oid4vc.responses.CredentialErrorCode
 import id.walt.oid4vc.responses.PushedAuthorizationResponse
 import id.walt.oid4vc.util.randomUUID
+import id.walt.policies.Verifier
+import id.walt.policies.models.PolicyRequest.Companion.parsePolicyRequests
 import id.walt.sdjwt.JWTVCIssuerMetadata
 import id.walt.sdjwt.SDJWTVCTypeMetadata
 import io.github.oshai.kotlinlogging.KotlinLogging
@@ -61,7 +61,7 @@ object OidcApi : CIProvider() {
         }) {
             get("{standardVersion}/.well-known/openid-configuration", {
                 request {
-                    standardVersionQueryParameter()
+                    standardVersionPathParameter()
                 }
             }) {
                 val metadata = getMetadataForVersion(
@@ -73,7 +73,7 @@ object OidcApi : CIProvider() {
 
             get("{standardVersion}/.well-known/openid-credential-issuer", {
                 request {
-                    standardVersionQueryParameter()
+                    standardVersionPathParameter()
                 }
             }) {
                 val metadata = getMetadataForVersion(
@@ -85,7 +85,7 @@ object OidcApi : CIProvider() {
 
             get("{standardVersion}/.well-known/oauth-authorization-server", {
                 request {
-                    standardVersionQueryParameter()
+                    standardVersionPathParameter()
                 }
             }) {
                 val metadata = getMetadataForVersion(
@@ -97,13 +97,18 @@ object OidcApi : CIProvider() {
 
             get("/.well-known/jwt-vc-issuer/{standardVersion}", {
                 request {
-                    standardVersionQueryParameter()
+                    standardVersionPathParameter()
                 }
             }) {
                 call.respond(HttpStatusCode.OK, JWTVCIssuerMetadata(issuer = metadata.issuer, jwksUri = metadata.jwksUri))
             }
 
-            get("/.well-known/vct/{standardVersion}/{type}") {
+            get("/.well-known/vct/{standardVersion}/{type}", {
+                request{
+                    standardVersionPathParameter()
+                    typePathParameter()
+                }
+            }) {
                 val credType = call.parameters["type"] ?: throw IllegalArgumentException("Type required")
 
                 // issuer api is the <authority>
@@ -139,7 +144,7 @@ object OidcApi : CIProvider() {
 
             get("{standardVersion}/jwks", {
                 request {
-                    standardVersionQueryParameter()
+                    standardVersionPathParameter()
                 }
             }) {
                 call.respond(HttpStatusCode.OK, getJwksSessions())
@@ -441,7 +446,7 @@ object OidcApi : CIProvider() {
                 } else {
                     val credReq = CredentialRequest.fromJSON(call.receive<JsonObject>())
                     try {
-                        val session = parsedToken.get(JWTClaims.Payload.subject)?.jsonPrimitive?.content?.let { getSession(it) }
+                        val session = parsedToken[JWTClaims.Payload.subject]?.jsonPrimitive?.content?.let { getSession(it) }
                             ?: throw CredentialError(credReq, CredentialErrorCode.invalid_request, "Session not found for access token")
                         call.respond(generateCredentialResponse(credReq, session).toJSON())
                     } catch (exc: CredentialError) {
@@ -477,7 +482,7 @@ object OidcApi : CIProvider() {
                 } else {
                     val req = BatchCredentialRequest.fromJSON(call.receive())
                     try {
-                        val session = parsedToken.get(JWTClaims.Payload.subject)?.jsonPrimitive?.content?.let { getSession(it) }
+                        val session = parsedToken[JWTClaims.Payload.subject]?.jsonPrimitive?.content?.let { getSession(it) }
                             ?: throw BatchCredentialError(req, CredentialErrorCode.invalid_request, "Session not found for access token")
                         call.respond(generateBatchCredentialResponse(req, session).toJSON())
                     } catch (exc: BatchCredentialError) {
@@ -550,12 +555,18 @@ object OidcApi : CIProvider() {
         }
     }
 
-    private fun OpenApiRequest.standardVersionQueryParameter() = queryParameter<String>("standardVersion") {
+    private fun OpenApiRequest.standardVersionPathParameter() = pathParameter<String>("standardVersion") {
         description = "The value of the standard version. Supported values are: draft13 and draft11"
         example("Example") { value = "draft13" }
         required = true
     }
 
+    private fun OpenApiRequest.typePathParameter() = pathParameter<String>("type") {
+        description = "The value of the credential type."
+        example("Example") { value = "identity_credential" }
+        required = true
+    }
+
     private fun getPushedAuthorizationSession(authorizationRequest: AuthorizationRequest): IssuanceSession {
         return authorizationRequest.requestUri?.let {
             getVerifiedSession(OpenID4VC.getPushedAuthorizationSessionId(it)) ?: throw AuthorizationError(

diff --git a/waltid-services/waltid-wallet-api/Dockerfile b/waltid-services/waltid-wallet-api/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/gradle:jdk17 AS buildstage
+FROM docker.io/gradle:jdk21 AS buildstage
 
 COPY gradle/ /work/gradle
 COPY settings.gradle.kts build.gradle.kts gradle.properties gradlew /work/
@@ -45,7 +45,7 @@ COPY waltid-services/waltid-wallet-api/build.gradle.kts waltid-services/waltid-w
 
 RUN gradle clean installDist
 
-FROM docker.io/eclipse-temurin:17
+FROM docker.io/eclipse-temurin:21
 
 # Non-root user
 RUN useradd --create-home waltid

diff --git a/waltid-services/waltid-wallet-api/k8s/deployment-dev.yaml b/waltid-services/waltid-wallet-api/k8s/deployment-dev.yaml
@@ -201,7 +201,7 @@ spec:
             - name: NUXT_PUBLIC_DEV_WALLET_URL
               value: "https://wallet-dev.test.waltid.cloud"
             - name: NUXT_PUBLIC_CREDENTIALS_REPOSITORY_URL
-              value: "https://vc-repo.walt-test.cloud"
+              value: "https://credentials.test.waltid.cloud"
           ports:
             - containerPort: 7101
               name: http-api