feat: integrate post to credential_issuer/credential in chain

wallet/7_holder_sends_credential_request_to_api_credential.zen

@@ -0,0 +1,81 @@
+scenario 'w3c': DPoP
+
+# keys
+Given I have a 'keyring'
+Given I have a 'string' named 'client_id'
+
+# data
+Given I have a 'string' named 'format' inside 'oauth_flow_parameters'
+Given I have a 'string' named 'vct' inside 'oauth_flow_parameters'
+Given I have a 'string' named 'Authorization' inside 'oauth_flow_parameters'
+Given I have a 'string' named 'credential_endpoint' inside 'oauth_flow_parameters'
+Given I have a 'string' named 'resource' inside '!external-qr-code-content'
+
+Given I have a 'string' named 'access_token'
+Given I have a 'string' named 'c_nonce'
+
+
+When I create jwk of es256 public key
+
+When I copy 'resource' to 'aud'
+
+If I verify 'resource' has suffix '/'
+When I split the rightmost '1' bytes of 'resource'
+Endif
+When I append 'credential_endpoint' to 'resource'
+and I rename 'resource' to 'authorization_server_credential_endpoint'
+
+## 1. Create proof-payload
+
+When I create the 'string dictionary' named 'proof-payload'
+
+When I create the timestamp
+When I rename the 'timestamp' to 'iat'
+
+When I move 'iat' in 'proof-payload'
+
+When I rename the 'client_id' to 'iss'
+When I move 'iss' in 'proof-payload'
+When I move 'aud' in 'proof-payload'
+
+When I rename the 'c_nonce' to 'nonce'
+When I move 'nonce' in 'proof-payload'
+
+## end 1.
+
+## 2. create proof-header
+
+When I create the 'string dictionary' named 'proof-header'
+When I set 'alg' to 'ES256' as 'string'
+When I set 'typ' to 'open4vci-proof+jwt' as 'string'
+
+When I move 'alg' in 'proof-header'
+When I move 'typ' in 'proof-header'
+When I move 'jwk' in 'proof-header'
+
+## end 2,
+
+# 3. create jws from proof-header and proof-payload and create proof
+
+When I create the 'string dictionary' named 'proof'
+
+When I create the jws signature of header 'proof-header' and payload 'proof-payload'
+When I rename the 'jws signature' to 'jwt'
+
+When I move 'jwt' in 'proof'
+When I set 'proof_type' to 'jwt' as 'string'
+When I move 'proof_type' in 'proof'
+
+## end 3.
+When I create the 'string dictionary' named 'headers'
+When I append 'access_token' to 'Authorization'
+and I move 'Authorization' in 'headers'
+
+When I create the 'string dictionary' named 'data'
+and I move 'proof' in 'data'
+and I move 'vct' in 'data'
+and I move 'format' in 'data'
+
+Then print the 'data'
+Then print the 'authorization_server_credential_endpoint'
+Then print the 'headers'

wallet/holder_request_authorizationCode.data.json

@@ -10,13 +10,18 @@
 		"par_endpoint": "/par",
 		"token_endpoint": "/token",
 		"grant_type": "authorization_code",
+		"credential_endpoint": "/credential",
 		"jwt-body-params": {
 			"response_type": "code",
 			"code_challenge_method": "S256",
 			"state": "xyz",
 			"redirectUris": [
 				"https://didroom.com/"
 			]
-		}
+		},
+		"format": "vc+sd-jwt",
+		"vct": "SD_JWT_VC_Auth1",
+		"Authorization": "BEARER "
 	}
-}
+}
+

wallet/holder_request_authorizationCode.keys.json

@@ -8,12 +8,18 @@
     "code_path": "code",
     "data_path": "data",
     "code_verifier_path": "code_verifier",
+    "access_token_path": "access_token",
+    "c_nonce_path": "c_nonce",
+    "headers_path": "headers",
     "authorization_server_endpoint_par_path": "authorization_server_endpoint_par",
     "authorization_server_authorize_endpoint_path": "authorization_server_authorize_endpoint",
     "!authorization_server_token_endpoint_path": "!authorization_server_token_endpoint",
+    "authorization_server_credential_endpoint_path": "authorization_server_credential_endpoint",
     "r.code_path": "result.code",
     "r.request_uri_path": "result.request_uri",
     "r.expires_in_path": "result.expires_in",
+    "r.access_token": "result.access_token",
+    "r.c_nonce": "result.c_nonce",
     "zen_1_path": "wallet/1_holder_to_par_on_authz_server.zen",
     "zen_3_path": "wallet/3_holder_fetch_request_uri.zen",
     "zen_5_path": "wallet/5_holder_sends_authorizationCode_and_more_to_api_token.zen",
@@ -31,5 +37,6 @@
     "client_id": "did:dyne:sandbox.signroom:PTDvvQn1iWQiVxkfsDnUid8FbieKbHq46Qs8c9CZx67",
     "zen_1": "Scenario 'http' : create GET\nScenario 'w3c' : create JWS\n\nGiven I have a 'string dictionary' named '!external-qr-code-content'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'client_id'\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\nGiven I have a 'string' named 'par_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'keyring'\n\n\n#- create Code Verifier (rng in url64) (used in step 7)\nWhen I create the random object of '256' bits\nWhen I write the string '' in 'code_verifier'\nWhen I append the 'url64' of 'random_object' to 'code_verifier'\n\n# - create Code Challenge (sha256 of Code Verifier printed in url64 ) (sent to /PAR)\nWhen I create the hash of 'code_verifier'\nWhen I write the string '' in 'code_challenge'\nWhen I append the 'url64' of 'hash' to 'code_challenge'\n\n# - create ClientSecret\nWhen I create the 'url64 dictionary' \nWhen I rename the 'url64 dictionary' to 'jws payload'\n\nWhen I copy 'code_challenge' in 'jws payload'\nWhen I create jws header for p256 signature\n\nWhen I create jws signature of header 'jws header' and payload 'jws payload'\nWhen I rename the 'jws signature' to 'clientSecret'\n\n\n# - pickup stuff from jwt-body\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I pickup from path 'jwt-body-params.response_type'\nWhen I pickup from path 'jwt-body-params.state'\nWhen I pickup from path 'jwt-body-params.code_challenge_method'\n\n# - fix redirectUris\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\n# - pickup stuff drom qrcode\nWhen I pickup from path '!external-qr-code-content.scope'\nWhen I pickup from path '!external-qr-code-content.resource'\n\n# - create par endpoint\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif\nWhen I append 'par_endpoint' to 'authorization_server' \nand I rename 'authorization_server' to 'authorization_server_endpoint_par'\n\n# - create par post body\nWhen I create the 'string dictionary' named 'data'\nand I move 'response_type' in 'data'\nand I move 'client_id' in 'data'\nand I move 'clientSecret' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_challenge' in 'data'\nand I move 'code_challenge_method' in 'data'\nand I move 'state' in 'data'\nand I move 'scope' in 'data'\nand I move 'resource' in 'data'\n\nthen print the 'authorization_server_endpoint_par'\nthen print the 'data'\n\n# this needs to saved into a state for later usage\n# code verifier will be sent authz server in a later stage\nthen print the 'code_verifier'\n",
     "zen_3": "Scenario 'http': url\n# keys\nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'request_uri'\nGiven I have a 'number' named 'expires_in'\nGiven I have a 'string dictionary' named 'oauth_flow_parameters'\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\nGiven I have a 'string' named 'authorize_endpoint' inside 'oauth_flow_parameters'\n# Given I have a 'string' named 'authorize_endpoint' inside '!external-qr-code-content'\n\n\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif \n\nWhen I append 'authorize_endpoint' to 'authorization_server' \nWhen I rename the 'authorization_server' to 'authorization_server_authorize_endpoint'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'request_uri' in 'data'\nand I move 'client_id' in 'data'\n\nThen print the 'data'\nThen print the 'authorization_server_authorize_endpoint'\n",
-    "zen_5": "scenario 'w3c': DPoP\n\n# keys\nGiven I have a 'keyring' \nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'grant_type' inside 'oauth_flow_parameters'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'token_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\n\n\nGiven I have a 'string' named 'code_verifier'\nGiven I have a 'string' named 'code'\n\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\nWhen I create jwk of es256 public key \n\nWhen I create the random 'ramdom_jti'\nWhen I write the string '' in 'jti'\nWhen I append the 'url64' of 'ramdom_jti' to 'jti'\n\n\n\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif \n\nWhen I append 'token_endpoint' to 'authorization_server' \nWhen I copy 'authorization_server' to '!authorization_server_token_endpoint'\nWhen I rename the 'authorization_server' to 'htu'\n\n#   jti: randomBytes(16).toString('base64url'),\n#   htm: 'POST',\n#          htu: 'https://server.example.com/token',\n\nWhen I create the timestamp\nWhen I rename the 'timestamp' to 'iat'\n\nWhen I set 'htm' to 'POST' as 'string'\nWhen I set 'alg' to 'ES256' as 'string'\nWhen I set 'typ' to 'dpop+jwt' as 'string'\n\nWhen I create the 'string dictionary' named 'DPoP-payload'\nWhen I move 'iat' in 'DPoP-payload'\nWhen I move 'jti' in 'DPoP-payload'\nWhen I move 'htu' in 'DPoP-payload'\nWhen I move 'htm' in 'DPoP-payload'\n\nWhen I create the 'string dictionary' named 'DPoP-header'\nWhen I move 'alg' in 'DPoP-header'\nWhen I move 'typ' in 'DPoP-header'\nWhen I move 'jwk' in 'DPoP-header'\n\nWhen I create the jws signature of header 'DPoP-header' and payload 'DPoP-payload'\n\nWhen I rename the 'jws signature' to 'DPoP'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'DPoP' in 'data'\nand I move 'client_id' in 'data'\nand I move 'code' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_verifier' in 'data'\nand I move 'grant_type' in 'data'\n\nThen print the 'data'\nThen print the '!authorization_server_token_endpoint'\n"
+    "zen_5": "scenario 'w3c': DPoP\n\n# keys\nGiven I have a 'keyring' \nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'grant_type' inside 'oauth_flow_parameters'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'token_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\n\n\nGiven I have a 'string' named 'code_verifier'\nGiven I have a 'string' named 'code'\n\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\nWhen I create jwk of es256 public key \n\nWhen I create the random 'ramdom_jti'\nWhen I write the string '' in 'jti'\nWhen I append the 'url64' of 'ramdom_jti' to 'jti'\n\n\n\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif \n\nWhen I append 'token_endpoint' to 'authorization_server' \nWhen I copy 'authorization_server' to '!authorization_server_token_endpoint'\nWhen I rename the 'authorization_server' to 'htu'\n\n#   jti: randomBytes(16).toString('base64url'),\n#   htm: 'POST',\n#          htu: 'https://server.example.com/token',\n\nWhen I create the timestamp\nWhen I rename the 'timestamp' to 'iat'\n\nWhen I set 'htm' to 'POST' as 'string'\nWhen I set 'alg' to 'ES256' as 'string'\nWhen I set 'typ' to 'dpop+jwt' as 'string'\n\nWhen I create the 'string dictionary' named 'DPoP-payload'\nWhen I move 'iat' in 'DPoP-payload'\nWhen I move 'jti' in 'DPoP-payload'\nWhen I move 'htu' in 'DPoP-payload'\nWhen I move 'htm' in 'DPoP-payload'\n\nWhen I create the 'string dictionary' named 'DPoP-header'\nWhen I move 'alg' in 'DPoP-header'\nWhen I move 'typ' in 'DPoP-header'\nWhen I move 'jwk' in 'DPoP-header'\n\nWhen I create the jws signature of header 'DPoP-header' and payload 'DPoP-payload'\n\nWhen I rename the 'jws signature' to 'DPoP'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'DPoP' in 'data'\nand I move 'client_id' in 'data'\nand I move 'code' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_verifier' in 'data'\nand I move 'grant_type' in 'data'\n\nThen print the 'data'\nThen print the '!authorization_server_token_endpoint'\n",
+    "zen_7": "scenario 'w3c': DPoP\n\n# keys\nGiven I have a 'keyring' \nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'format' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'vct' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'Authorization' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'credential_endpoint' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'resource' inside '!external-qr-code-content'\n\nGiven I have a 'string' named 'access_token'\nGiven I have a 'string' named 'c_nonce'\n\n\nWhen I create jwk of es256 public key \n\nWhen I copy 'resource' to 'aud'\n\nIf I verify 'resource' has suffix '/'\nWhen I split the rightmost '1' bytes of 'resource'\nEndif \nWhen I append 'credential_endpoint' to 'resource'\nand I rename 'resource' to 'authorization_server_credential_endpoint'\n\n## 1. Create proof-payload\n\nWhen I create the 'string dictionary' named 'proof-payload'\n\nWhen I create the timestamp\nWhen I rename the 'timestamp' to 'iat'\n\nWhen I move 'iat' in 'proof-payload'\n\nWhen I rename the 'client_id' to 'iss'\nWhen I move 'iss' in 'proof-payload'\nWhen I move 'aud' in 'proof-payload'\n\nWhen I rename the 'c_nonce' to 'nonce'\nWhen I move 'nonce' in 'proof-payload'\n\n## end 1.\n\n## 2. create proof-header\n\nWhen I create the 'string dictionary' named 'proof-header'\nWhen I set 'alg' to 'ES256' as 'string'\nWhen I set 'typ' to 'open4vci-proof+jwt' as 'string'\n\nWhen I move 'alg' in 'proof-header'\nWhen I move 'typ' in 'proof-header'\nWhen I move 'jwk' in 'proof-header'\n\n## end 2, \n\n# 3. create jws from proof-header and proof-payload and create proof\n\nWhen I create the 'string dictionary' named 'proof'\n\nWhen I create the jws signature of header 'proof-header' and payload 'proof-payload'\nWhen I rename the 'jws signature' to 'jwt'\n\nWhen I move 'jwt' in 'proof'\nWhen I set 'proof_type' to 'jwt' as 'string'\nWhen I move 'proof_type' in 'proof'\n\n## end 3.\nWhen I create the 'string dictionary' named 'headers'\nWhen I append 'access_token' to 'Authorization'\nand I move 'Authorization' in 'headers'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'proof' in 'data'\nand I move 'vct' in 'data'\nand I move 'format' in 'data'\n\nThen print the 'data'\nThen print the 'authorization_server_credential_endpoint'\nThen print the 'headers'\n"
 }

wallet/holder_request_authorizationCode.zen

@@ -57,8 +57,29 @@ Given I send object 'zen_5_output' and send path 'data_path' and manipulate and
 Given I send object 'zen_5_output' and send path '!authorization_server_token_endpoint_path' and manipulate and get and output into '!authorization_server_token_endpoint'
 
 # execute post 5
-Given I connect to '!authorization_server_token_endpoint' and send object 'post_5' and do post and output into '!authorization_server_token_endpoint_path_response'
+Given I connect to '!authorization_server_token_endpoint' and send object 'post_5' and do post and output into '!authorization_server_token_endpoint_response'
+
+# add results to data
+Given I send object '!authorization_server_token_endpoint_response' and send path 'r.access_token' and manipulate and get and output into 'access_token'
+Given I send object '!authorization_server_token_endpoint_response' and send path 'r.c_nonce' and manipulate and get and output into 'c_nonce'
+Given I send object 'data' and send path 'access_token_path' and send value 'access_token' and manipulate and set and output into 'data'
+Given I send object 'data' and send path 'c_nonce_path' and send value 'c_nonce' and manipulate and set and output into 'data'
+
+#######
+# execute zen_7
+#######
+# Given I send path 'zen_7_path' and read verbatim file content and output into 'zen_7'
+Given I send keys 'keys' and send data 'data' and send script 'zen_7' and execute zencode and output into 'zen_7_output'
+
+# extract post parameters
+Given I send object 'zen_7_output' and send path 'data_path' and manipulate and get and output into 'post_7'
+Given I send object 'zen_7_output' and send path 'authorization_server_credential_endpoint_path' and manipulate and get and output into 'authorization_server_credential_endpoint'
+Given I send object 'zen_7_output' and send path 'headers_path' and manipulate and get and output into 'headers'
+
+# set header to authorization
+# execute post 7
+Given I connect to 'authorization_server_credential_endpoint' and send object 'post_7' and send headers 'headers' and do post and output into 'authorization_server_credential_endpoint_response'
 
 # read accessToken_jwt
-Given I have a 'string dictionary' in path '!authorization_server_token_endpoint_path_response.result'
+Given I have a 'string dictionary' in path 'authorization_server_credential_endpoint_response.result'
 Then print the data