Add access token request call for the OpenID4VP user flow #2619
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
reinkrul
reviewed
Dec 4, 2023
| if err != nil { | ||
| return nil, core.NotFoundError("did not found: %w", err) | ||
| } | ||
| isWallet, err := r.vdr.IsOwner(ctx, *requestHolder) |
There was a problem hiding this comment.
use idToOwnedDID (or something)
There was a problem hiding this comment.
This API does not use the id from the path but a DID from the request body.
reinkrul
reviewed
Dec 4, 2023
reinkrul
reviewed
Dec 4, 2023
reinkrul
reviewed
Dec 4, 2023
reinkrul
requested changes
Dec 4, 2023
| }, nil | ||
| } | ||
|
|
||
| // handleUserLanding is the handler for the landing page of the user. |
There was a problem hiding this comment.
yes it should switch when more different types are added (overview, addDevice, listDevices, whatever). But currently that's not needed yet.
auth/api/iam/user.go
Outdated
| err := store.Get(token, &redirectSession) | ||
| if err != nil { | ||
| log.Logger().Debug("token not found in store") | ||
| return echoCtx.String(http.StatusForbidden, "") |
There was a problem hiding this comment.
shouldn't we render a user-friendly HTML page here?
There was a problem hiding this comment.
See PR description: #2621
reinkrul
requested changes
Dec 5, 2023
auth/services/oauth/relying_party.go
Outdated
| @@ -110,6 +111,31 @@ func (s *relyingParty) CreateJwtGrant(ctx context.Context, request services.Crea | |||
| return &services.JwtBearerTokenResult{BearerToken: signingString, AuthorizationServerEndpoint: endpointURL}, nil | |||
| } | |||
|
|
|||
| func (s *relyingParty) AuthorizationRequest(ctx context.Context, requestHolder did.DID, verifier did.DID, scopes string, clientState string) (*url.URL, error) { | |||
There was a problem hiding this comment.
clientState is passed, tokens are (currently) stored on API layer
reinkrul
approved these changes
Dec 11, 2023
auth/api/iam/user.go
Outdated
Comment on lines
36
to
38
| oAuthFlowTimeout = time.Minute | ||
| userRedirectTimeout = time.Second * 5 | ||
| userSessionTimeout = time.Hour |
There was a problem hiding this comment.
can you document these here? At least for my understanding how they differ
additional tests additional test PR feedback PR feedback test fix remove failing test (#2618) added e2e test for OpenID4VP s2s flow (#2617) PEX: Provide ParseEnvelope to correctly parse PEX VP envelopes (#2620) Bump schneider.vip/problem from 1.8.1 to 1.9.0 (#2622) Bumps [schneider.vip/problem](https://github.com/mschneider82/problem) from 1.8.1 to 1.9.0. - [Commits](mschneider82/problem@v1.8.1...v1.9.0) --- updated-dependencies: - dependency-name: schneider.vip/problem dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#2628) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0. - [Commits](golang/crypto@v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump golang.org/x/time from 0.4.0 to 0.5.0 (#2627) Bumps [golang.org/x/time](https://github.com/golang/time) from 0.4.0 to 0.5.0. - [Commits](golang/time@v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/time dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Missing rfc021 e2e tests changes (#2623) Discovery: SQLite-based server implementation (#2589) Bump github.com/nuts-foundation/go-leia/v4 from 4.0.0 to 4.0.1 (#2632) Bumps [github.com/nuts-foundation/go-leia/v4](https://github.com/nuts-foundation/go-leia) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/nuts-foundation/go-leia/releases) - [Commits](nuts-foundation/go-leia@v4.0.0...v4.0.1) --- updated-dependencies: - dependency-name: github.com/nuts-foundation/go-leia/v4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Root URL server config property to replace auth.publicurl (#2633) change idToDID to use did:web in iam API (#2635) Bump github.com/lestrrat-go/jwx/v2 from 2.0.17 to 2.0.18 (#2645) Bumps [github.com/lestrrat-go/jwx/v2](https://github.com/lestrrat-go/jwx) from 2.0.17 to 2.0.18. - [Release notes](https://github.com/lestrrat-go/jwx/releases) - [Changelog](https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes) - [Commits](lestrrat-go/jwx@v2.0.17...v2.0.18) --- updated-dependencies: - dependency-name: github.com/lestrrat-go/jwx/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump github.com/nats-io/nats-server/v2 from 2.10.5 to 2.10.6 (#2644) Bumps [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) from 2.10.5 to 2.10.6. - [Release notes](https://github.com/nats-io/nats-server/releases) - [Changelog](https://github.com/nats-io/nats-server/blob/main/.goreleaser.yml) - [Commits](nats-io/nats-server@v2.10.5...v2.10.6) --- updated-dependencies: - dependency-name: github.com/nats-io/nats-server/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump alpine from 3.18.4 to 3.18.5 (#2636) Bumps alpine from 3.18.4 to 3.18.5. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> more NO_CONTENT timeout godoc
woutslakhorst
force-pushed
the
feature/2604/access_token_request
branch
from
8d0cbf5 to
5a5f4e7
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes #2604
it extends the access token request with a user ID. If a user ID is given, the user flow is started. The API then returns a 302 with the location for the user. The user is redirected to
baseURL/iam/did/user. If an active redirect token is present, the rest of the flow is started by creating a redirectURL to the remote authorization server.There are 3 different error states;
The last two would require i18n. #2621 is created for the user facing design which includes error codes.