feat: Initiate issuance - add new param for supporting multiple issuance

Signed-off-by: Mykhailo Sizov <[email protected]>
mishasizov-SK · Mar 7, 2024 · 1fd14b9 · 1fd14b9
1 parent 927d107
commit 1fd14b9
Show file tree

Hide file tree

Showing 7 changed files with 365 additions and 109 deletions.
diff --git a/docs/v1/openapi.yaml b/docs/v1/openapi.yaml
@@ -1424,15 +1424,19 @@ components:
         credential_expires_at:
           type: string
           format: date-time
+          deprecated: true
           description: Date when credentials should be consider as expired
         credential_name:
           type: string
+          deprecated: true
           description: Credential name
         credential_description:
           type: string
+          deprecated: true
           description: Credential description
         credential_template_id:
           type: string
+          deprecated: true
           description: 'Template of the credential to be issued while successfully concluding this interaction. REQUIRED, if the profile is configured to use multiple credential templates.'
         client_initiate_issuance_url:
           type: string
@@ -1444,6 +1448,7 @@ components:
           type: string
           description: 'String value created by the Credential Issuer and opaque to the Wallet that is used to bind the sub-sequent authentication request with the Credential Issuer to a context set up during previous steps. If the client receives a value for this parameter, it MUST include it in the subsequent Authentication Request to the Credential Issuer as the op_state parameter value. MUST NOT be used in Authorization Code flow when pre-authorized_code is present.'
         claim_endpoint:
+          deprecated: true
           type: string
           description: Claim endpoint of the Issuer from where credential claim data has to be requested after successfully acquiring access tokens.
         grant_type:
@@ -1464,11 +1469,17 @@ components:
           type: boolean
           description: Required for Pre-Authorized Code Flow. Boolean value specifying whether the issuer expects presentation of a user PIN along with the Token Request in a pre-authorized code flow.
         claim_data:
+          deprecated: true
           type: object
           description: Required for Pre-Authorized Code Flow. VCS OIDC Service acts as OP for wallet applications
         wallet_initiated_issuance:
           type: boolean
           description: Boolean flags indicates whether given transaction is initiated by Wallet.
+        credential_configuration:
+          type: object
+          additionalProperties:
+            $ref: '#/components/schemas/InitiateIssuanceCredentialConfiguration'
+          description: An object that describes specifics of the Multiple Credential Issuance, where key refers to relevant credential_configurations_supported from Issuer metadata.
       x-tags:
         - issuer
     InitiateOIDC4CIResponse:
@@ -1974,6 +1985,34 @@ components:
             $ref: '#/components/schemas/CredentialDisplay'
       required:
         - format
+    InitiateIssuanceCredentialConfiguration:
+      title: InitiateIssuanceCredentialConfiguration object definition.
+      x-tags:
+        - issuer
+      type: object
+      description: An object that describes specifics of the Multiple Credential Issuance.
+      properties:
+        claim_data:
+          type: object
+          description: Required for Pre-Authorized Code Flow. VCS OIDC Service acts as OP for wallet applications
+        claim_endpoint:
+          type: string
+          description: Claim endpoint of the Issuer from where credential claim data has to be requested after successfully acquiring access tokens.
+        credential_template_id:
+          type: string
+          description: 'Template of the credential to be issued while successfully concluding this interaction. REQUIRED, if the profile is configured to use multiple credential templates.'
+        credential_expires_at:
+          type: string
+          format: date-time
+          description: Date when credentials should be consider as expired
+        credential_name:
+          type: string
+          description: Credential name
+        credential_description:
+          type: string
+          description: Credential description
+      required:
+        - format
     CredentialResponseEncryptionSupported:
       title: CredentialResponseEncryption object definition.
       x-tags:

diff --git a/pkg/restapi/v1/issuer/controller.go b/pkg/restapi/v1/issuer/controller.go
@@ -449,6 +449,18 @@ func (c *Controller) initiateIssuance(
 		CredentialName:            lo.FromPtr(req.CredentialName),
 		CredentialDescription:     lo.FromPtr(req.CredentialDescription),
 		WalletInitiatedIssuance:   lo.FromPtr(req.WalletInitiatedIssuance),
+		CredentialConfiguration:   make(map[string]oidc4ci.InitiateIssuanceCredentialConfiguration),
+	}
+
+	for credentialConfigurationID, multiCredentialIssuance := range req.CredentialConfiguration.AdditionalProperties {
+		issuanceReq.CredentialConfiguration[credentialConfigurationID] = oidc4ci.InitiateIssuanceCredentialConfiguration{
+			ClaimData:             lo.FromPtr(multiCredentialIssuance.ClaimData),
+			ClaimEndpoint:         lo.FromPtr(multiCredentialIssuance.ClaimEndpoint),
+			CredentialTemplateId:  lo.FromPtr(multiCredentialIssuance.CredentialTemplateId),
+			CredentialExpiresAt:   multiCredentialIssuance.CredentialExpiresAt,
+			CredentialName:        lo.FromPtr(multiCredentialIssuance.CredentialName),
+			CredentialDescription: lo.FromPtr(multiCredentialIssuance.CredentialDescription),
+		}
 	}
 
 	resp, err := c.oidc4ciService.InitiateIssuance(ctx, issuanceReq, profile)
@@ -673,9 +685,11 @@ func (c *Controller) ValidatePreAuthorizedCodeRequest(ctx echo.Context) error {
 	}
 
 	var authorizationDetailsDTOList []common.AuthorizationDetails
-	if transaction.AuthorizationDetails != nil {
-		authorizationDetailsDTO := transaction.AuthorizationDetails.ToDTO()
-		authorizationDetailsDTOList = []common.AuthorizationDetails{authorizationDetailsDTO}
+
+	for _, credentialConfig := range transaction.CredentialConfiguration {
+		if credentialConfig.AuthorizationDetails != nil {
+			authorizationDetailsDTOList = append(authorizationDetailsDTOList, credentialConfig.AuthorizationDetails.ToDTO())
+		}
 	}
 
 	return util.WriteOutput(ctx)(ValidatePreAuthorizedCodeResponse{

diff --git a/pkg/restapi/v1/issuer/controller_test.go b/pkg/restapi/v1/issuer/controller_test.go
@@ -740,14 +740,15 @@ func TestController_InitiateCredentialIssuance(t *testing.T) {
 	}
 
 	req, err := json.Marshal(&InitiateOIDC4CIRequest{
-		CredentialTemplateId:      lo.ToPtr("templateID"),
-		ClientInitiateIssuanceUrl: lo.ToPtr("https://wallet.example.com/initiate_issuance"),
-		ClientWellknown:           lo.ToPtr("https://wallet.example.com/.well-known/openid-configuration"),
-		OpState:                   lo.ToPtr("eyJhbGciOiJSU0Et"),
-		ClaimEndpoint:             lo.ToPtr("https://vcs.pb.example.com/claim"),
-		GrantType:                 lo.ToPtr("authorization_code"),
-		Scope:                     lo.ToPtr([]string{"openid"}),
-		ResponseType:              lo.ToPtr("token"),
+		CredentialTemplateId:       lo.ToPtr("templateID"),
+		CredentialConfigurationIds: lo.ToPtr([]string{"VerifiedEmployeeIdentifier"}),
+		ClientInitiateIssuanceUrl:  lo.ToPtr("https://wallet.example.com/initiate_issuance"),
+		ClientWellknown:            lo.ToPtr("https://wallet.example.com/.well-known/openid-configuration"),
+		OpState:                    lo.ToPtr("eyJhbGciOiJSU0Et"),
+		ClaimEndpoint:              lo.ToPtr("https://vcs.pb.example.com/claim"),
+		GrantType:                  lo.ToPtr("authorization_code"),
+		Scope:                      lo.ToPtr([]string{"openid"}),
+		ResponseType:               lo.ToPtr("token"),
 	})
 	require.NoError(t, err)
 

diff --git a/pkg/restapi/v1/issuer/openapi.gen.go b/pkg/restapi/v1/issuer/openapi.gen.go
diff --git a/pkg/service/oidc4ci/api.go b/pkg/service/oidc4ci/api.go
@@ -65,34 +65,38 @@ type TransactionStore transactionStore
 type TransactionData struct {
 	ProfileID                          profileapi.ID
 	ProfileVersion                     profileapi.Version
-	OrgID                              string
-	CredentialTemplate                 *profileapi.CredentialTemplate
 	CredentialFormat                   vcsverifiable.Format // Format, that represents issued VC format (JWT, LDP).
-	OIDCCredentialFormat               vcsverifiable.OIDCFormat
+	IsPreAuthFlow                      bool
+	PreAuthCode                        string
+	OrgID                              string
 	AuthorizationEndpoint              string
 	PushedAuthorizationRequestEndpoint string
 	TokenEndpoint                      string
-	ClaimEndpoint                      string
+	OpState                            string
 	RedirectURI                        string
 	GrantType                          string
 	ResponseType                       string
 	Scope                              []string
-	AuthorizationDetails               *AuthorizationDetails
 	IssuerAuthCode                     string
 	IssuerToken                        string
-	OpState                            string
-	IsPreAuthFlow                      bool
-	PreAuthCode                        string
-	PreAuthCodeExpiresAt               *time.Time
-	ClaimDataID                        string
 	State                              TransactionState
 	WebHookURL                         string
 	UserPin                            string
 	DID                                string
-	CredentialExpiresAt                *time.Time
-	CredentialName                     string
-	CredentialDescription              string
 	WalletInitiatedIssuance            bool
+	CredentialConfiguration            map[string]TxCredentialConfiguration
+}
+
+type TxCredentialConfiguration struct {
+	CredentialTemplate    *profileapi.CredentialTemplate
+	OIDCCredentialFormat  vcsverifiable.OIDCFormat
+	ClaimEndpoint         string
+	ClaimDataID           string
+	CredentialName        string
+	CredentialDescription string
+	CredentialExpiresAt   *time.Time
+	PreAuthCodeExpiresAt  *time.Time
+	AuthorizationDetails  *AuthorizationDetails
 }
 
 // AuthorizationDetails represents the domain model for Authorization Details request.
@@ -149,20 +153,37 @@ type IssuerIDPOIDCConfiguration struct {
 
 // InitiateIssuanceRequest is the request used by the Issuer to initiate the OIDC VC issuance interaction.
 type InitiateIssuanceRequest struct {
+	// Deprecated. Use CredentialConfiguration instead.
 	CredentialTemplateID      string
 	ClientInitiateIssuanceURL string
 	ClientWellKnownURL        string
-	ClaimEndpoint             string
-	GrantType                 string
-	ResponseType              string
-	Scope                     []string
-	OpState                   string
-	ClaimData                 map[string]interface{}
-	UserPinRequired           bool
-	CredentialExpiresAt       *time.Time
-	CredentialName            string
-	CredentialDescription     string
-	WalletInitiatedIssuance   bool
+	// Deprecated. Use CredentialConfiguration instead.
+	ClaimEndpoint string
+	GrantType     string
+	ResponseType  string
+	Scope         []string
+	OpState       string
+	// Deprecated. Use CredentialConfiguration instead.
+	ClaimData       map[string]interface{}
+	UserPinRequired bool
+	// Deprecated. Use CredentialConfiguration instead.
+	CredentialExpiresAt *time.Time
+	// Deprecated. Use CredentialConfiguration instead.
+	CredentialName string
+	// Deprecated. Use CredentialConfiguration instead.
+	CredentialDescription   string
+	WalletInitiatedIssuance bool
+	// CredentialConfiguration aimed to initialise multi credential issuance.
+	CredentialConfiguration map[string]InitiateIssuanceCredentialConfiguration
+}
+
+type InitiateIssuanceCredentialConfiguration struct {
+	ClaimData             map[string]interface{} `json:"claim_data,omitempty"`
+	ClaimEndpoint         string                 `json:"claim_endpoint,omitempty"`
+	CredentialTemplateId  string                 `json:"credential_template_id,omitempty"`
+	CredentialExpiresAt   *time.Time             `json:"credential_expires_at,omitempty"`
+	CredentialName        string                 `json:"credential_name,omitempty"`
+	CredentialDescription string                 `json:"credential_description,omitempty"`
 }
 
 // InitiateIssuanceResponse is the response from the Issuer to the Wallet with initiate issuance URL.