From cb5f9c1c12285508c6d403814d032e8883a59e7d Mon Sep 17 00:00:00 2001
From: Niels Klomp <nklomp@sphereon.com>
Date: Thu, 28 Sep 2023 02:06:18 +0200
Subject: [PATCH] fix: relax auth_endpoint handling. Doesn't have to be
 available when doing pre-auth flow. Client handles errors anyway in case of
 auth/par flow

---
 packages/client/lib/MetadataClient.ts         |  2 +-
 .../lib/__tests__/MetadataClient.spec.ts      | 45 +++++++++++++++++++
 .../lib/functions/IssuerMetadataUtils.ts      | 14 +++---
 3 files changed, 53 insertions(+), 8 deletions(-)

diff --git a/packages/client/lib/MetadataClient.ts b/packages/client/lib/MetadataClient.ts
index 59bb1778..448fec0d 100644
--- a/packages/client/lib/MetadataClient.ts
+++ b/packages/client/lib/MetadataClient.ts
@@ -91,7 +91,7 @@ export class MetadataClient {
       }
       debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
       if (!authMetadata.authorization_endpoint) {
-        throw Error(`Authorization Sever ${authorization_server} did not provide an authorization_endpoint`);
+        console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}`);
       } else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
         throw Error(
           `Credential issuer has a different authorization_endpoint (${authorization_endpoint}) from the Authorization Server (${authMetadata.authorization_endpoint})`,
diff --git a/packages/client/lib/__tests__/MetadataClient.spec.ts b/packages/client/lib/__tests__/MetadataClient.spec.ts
index 6b135029..e278a525 100644
--- a/packages/client/lib/__tests__/MetadataClient.spec.ts
+++ b/packages/client/lib/__tests__/MetadataClient.spec.ts
@@ -210,3 +210,48 @@ describe('Metadataclient with Walt-id should', () => {
     );
   });
 });
+
+describe('Metadataclient with SpruceId should', () => {
+  beforeAll(() => {
+    nock.cleanAll();
+  });
+
+  afterEach(() => {
+    nock.cleanAll();
+  });
+  it('succeed without OID4VCI and with OIDC metadata', async () => {
+    /*nock(WALT_ISSUER_URL).get(WellKnownEndpoints.OPENID4VCI_ISSUER).reply(200, JSON.stringify(WALT_OID4VCI_METADATA));
+
+    nock(WALT_ISSUER_URL)
+      .get(/.well-known\/.*!/)
+      .times(2)
+      .reply(404, JSON.stringify({ error: 'does not exist' }));
+*/
+    const metadata = await MetadataClient.retrieveAllMetadata('https://ngi-oidc4vci-test.spruceid.xyz');
+    expect(metadata.credential_endpoint).toEqual('https://ngi-oidc4vci-test.spruceid.xyz/credential');
+    expect(metadata.token_endpoint).toEqual('https://ngi-oidc4vci-test.spruceid.xyz/token');
+    expect(metadata.credentialIssuerMetadata).toEqual({
+      issuer: 'https://ngi-oidc4vci-test.spruceid.xyz',
+      credential_endpoint: 'https://ngi-oidc4vci-test.spruceid.xyz/credential',
+      token_endpoint: 'https://ngi-oidc4vci-test.spruceid.xyz/token',
+      jwks_uri: 'https://ngi-oidc4vci-test.spruceid.xyz/jwks',
+      grant_types_supported: ['urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+      credentials_supported: {
+        OpenBadgeCredential: {
+          formats: {
+            jwt_vc: {
+              types: ['VerifiableCredential', 'OpenBadgeCredential'],
+              cryptographic_binding_methods_supported: ['did'],
+              cryptographic_suites_supported: ['ES256', 'ES256K'],
+            },
+            ldp_vc: {
+              types: ['VerifiableCredential', 'OpenBadgeCredential'],
+              cryptographic_binding_methods_supported: ['did'],
+              cryptographic_suites_supported: ['Ed25519Signature2018'],
+            },
+          },
+        },
+      },
+    });
+  });
+});
diff --git a/packages/common/lib/functions/IssuerMetadataUtils.ts b/packages/common/lib/functions/IssuerMetadataUtils.ts
index 7323d8fa..a8f872ea 100644
--- a/packages/common/lib/functions/IssuerMetadataUtils.ts
+++ b/packages/common/lib/functions/IssuerMetadataUtils.ts
@@ -7,8 +7,8 @@ import {
   IssuerMetadataV1_0_08,
   MetadataDisplay,
   OID4VCICredentialFormat,
-  OpenId4VCIVersion
-} from '../types'
+  OpenId4VCIVersion,
+} from '../types';
 
 export function getSupportedCredentials(opts?: {
   issuerMetadata?: CredentialIssuerMetadata | IssuerMetadataV1_0_08;
@@ -56,16 +56,16 @@ export function getSupportedCredential(opts?: {
   /**
    * the following (not array part is a legacy code from version 1_0-08 which JFF plugfest 2 implementors used)
    */
-  let initiationTypes  :string[] | undefined
+  let initiationTypes: string[] | undefined;
   if (opts?.types) {
     if (typeof opts.types === 'string') {
-      initiationTypes = [opts.types]
+      initiationTypes = [opts.types];
     } else {
-      initiationTypes = opts.types
+      initiationTypes = opts.types;
     }
   }
   if (version === OpenId4VCIVersion.VER_1_0_08 && (!initiationTypes || initiationTypes?.length === 0)) {
-    initiationTypes = formats
+    initiationTypes = formats;
   }
   const supportedFormats: (CredentialOfferFormat | string)[] = formats && formats.length > 0 ? formats : ['jwt_vc_json', 'jwt_vc_json-ld', 'ldp_vc'];
 
@@ -73,7 +73,7 @@ export function getSupportedCredential(opts?: {
   if (opts?.types && typeof opts?.types === 'string') {
     const supported = credentialsSupported.filter(
       (sup) => sup.id === opts.types || (initiationTypes && arrayEqualsIgnoreOrder(sup.types, initiationTypes)),
-    )
+    );
     if (supported) {
       credentialSupportedOverlap.push(...supported);
     }