diff --git a/auth/api/iam/api.go b/auth/api/iam/api.go index 76bf483d75..e0d002a280 100644 --- a/auth/api/iam/api.go +++ b/auth/api/iam/api.go @@ -283,8 +283,7 @@ func (r Wrapper) HandleAuthorizeRequest(ctx context.Context, request HandleAutho // OAuthAuthorizationServerMetadata returns the Authorization Server's metadata func (r Wrapper) OAuthAuthorizationServerMetadata(ctx context.Context, request OAuthAuthorizationServerMetadataRequestObject) (OAuthAuthorizationServerMetadataResponseObject, error) { - // TODO: must be web DID once web DID creation and DB are implemented - ownDID := idToNutsDID(request.Id) + ownDID := r.idToDID(request.Id) owned, err := r.vdr.IsOwner(ctx, ownDID) if err != nil { if resolver.IsFunctionalResolveError(err) { diff --git a/auth/api/iam/api_test.go b/auth/api/iam/api_test.go index d20d9047e2..6e2c38f043 100644 --- a/auth/api/iam/api_test.go +++ b/auth/api/iam/api_test.go @@ -48,14 +48,15 @@ import ( var nutsDID = did.MustParseDID("did:nuts:123") var webDID = did.MustParseDID("did:web:example.com:iam:123") +var webIDPart = "123" func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) { t.Run("ok", func(t *testing.T) { // 200 ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(true, nil) + ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(true, nil) - res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID}) + res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: webIDPart}) require.NoError(t, err) assert.IsType(t, OAuthAuthorizationServerMetadata200JSONResponse{}, res) @@ -64,9 +65,9 @@ func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) { t.Run("error - did not managed by this node", func(t *testing.T) { //404 ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID) + ctx.vdr.EXPECT().IsOwner(nil, webDID) - res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID}) + res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: webIDPart}) assert.Equal(t, 404, statusCodeFrom(err)) assert.EqualError(t, err, "authz server metadata: did not owned") @@ -75,9 +76,9 @@ func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) { t.Run("error - did does not exist", func(t *testing.T) { //404 ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(false, resolver.ErrNotFound) + ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(false, resolver.ErrNotFound) - res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID}) + res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: webIDPart}) assert.Equal(t, 404, statusCodeFrom(err)) assert.EqualError(t, err, "authz server metadata: unable to find the DID document") @@ -86,9 +87,9 @@ func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) { t.Run("error - internal error 500", func(t *testing.T) { //500 ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(false, errors.New("unknown error")) + ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(false, errors.New("unknown error")) - res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID}) + res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: webIDPart}) assert.Equal(t, 500, statusCodeFrom(err)) assert.EqualError(t, err, "authz server metadata: unknown error") diff --git a/cmd/root.go b/cmd/root.go index 154a429323..c9d1d9eda2 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -209,7 +209,7 @@ func CreateSystem(shutdownCallback context.CancelFunc) *core.System { Updater: vdrInstance, Resolver: vdrInstance.Resolver(), }}) - system.RegisterRoutes(&vdrAPIv2.Wrapper{VDR: vdrInstance, Storage: storageInstance, Crypto: cryptoInstance}) + system.RegisterRoutes(&vdrAPIv2.Wrapper{VDR: vdrInstance}) system.RegisterRoutes(&vcrAPI.Wrapper{VCR: credentialInstance, ContextManager: jsonld}) system.RegisterRoutes(&openid4vciAPI.Wrapper{ VCR: credentialInstance, diff --git a/e2e-tests/oauth-flow/rfc021/run-test.sh b/e2e-tests/oauth-flow/rfc021/run-test.sh index 4e0604161d..6e68322cd3 100755 --- a/e2e-tests/oauth-flow/rfc021/run-test.sh +++ b/e2e-tests/oauth-flow/rfc021/run-test.sh @@ -29,7 +29,7 @@ VENDOR_B_DID=$(echo $VENDOR_B_DIDDOC | jq -r .id) echo Vendor B DID: $VENDOR_B_DID # Issue NutsOrganizationCredential for Vendor B -REQUEST="{\"type\":\"NutsOrganizationCredential\",\"issuer\":\"${VENDOR_B_DID}\", \"credentialSubject\": {\"id\":\"${VENDOR_B_DID}\", \"organization\":{\"name\":\"Caresoft B.V.\", \"city\":\"Caretown\"}},\"visibility\": \"private\"}" +REQUEST="{\"type\":\"NutsOrganizationCredential\",\"issuer\":\"${VENDOR_B_DID}\", \"credentialSubject\": {\"id\":\"${VENDOR_B_DID}\", \"organization\":{\"name\":\"Caresoft B.V.\", \"city\":\"Caretown\"}},\"publishToNetwork\": false}" RESPONSE=$(echo $REQUEST | curl -X POST --data-binary @- http://localhost:21323/internal/vcr/v2/issuer/vc -H "Content-Type:application/json") if echo $RESPONSE | grep -q "VerifiableCredential"; then echo "VC issued" @@ -39,6 +39,15 @@ else exitWithDockerLogs 1 fi +RESPONSE=$(echo $RESPONSE | curl -X POST --data-binary @- http://localhost:21323/internal/vcr/v2/holder/${VENDOR_B_DID}/vc -H "Content-Type:application/json") +if echo $RESPONSE == ""; then + echo "VC stored in wallet" +else + echo "FAILED: Could not load NutsOrganizationCredential in node-B wallet" 1>&2 + echo $RESPONSE + exitWithDockerLogs 1 +fi + echo "---------------------------------------" echo "Perform OAuth 2.0 rfc021 flow..." echo "---------------------------------------"