Skip to content

Commit

Permalink
fix: Make sure we use 'JWT' as typ instead of the lower case version …
Browse files Browse the repository at this point in the history
…as suggested in the JWT RFC.
  • Loading branch information
nklomp committed Jun 28, 2024
1 parent 2759750 commit 1ff4e40
Show file tree
Hide file tree
Showing 17 changed files with 68 additions and 62 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@ describe('issuerCallback', () => {
// format: 'jwt_vc_json',
proof: {
jwt: expect.stringContaining('eyJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFj'),
proof_type: 'jwt',
proof_type: 'JWT',
},
credential_identifier: 'VerifiableCredential',
})
Expand Down
4 changes: 3 additions & 1 deletion packages/client/lib/AccessTokenClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ export class AccessTokenClient {
redirectUri,
pin,
pinMetadata,
credentialIssuer: issuer,
}),
pinMetadata,
metadata,
Expand Down Expand Up @@ -95,7 +96,8 @@ export class AccessTokenClient {
if (asOpts?.clientOpts?.clientId) {
request.client_id = asOpts.clientOpts.clientId;
}
await createJwtBearerClientAssertion(request, opts);
const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer;
await createJwtBearerClientAssertion(request, { ...opts, credentialIssuer });

if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
this.assertAlphanumericPin(opts.pinMetadata, pin);
Expand Down
3 changes: 2 additions & 1 deletion packages/client/lib/AccessTokenClientV1_0_11.ts
Original file line number Diff line number Diff line change
Expand Up @@ -95,11 +95,12 @@ export class AccessTokenClientV1_0_11 {
? await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_11 | CredentialOfferV1_0_13)
: undefined;
const request: Partial<AccessTokenRequest> = { ...opts.additionalParams };
const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer;

if (asOpts?.clientOpts?.clientId) {
request.client_id = asOpts.clientOpts.clientId;
}
await createJwtBearerClientAssertion(request, { ...opts, version: OpenId4VCIVersion.VER_1_0_11 });
await createJwtBearerClientAssertion(request, { ...opts, version: OpenId4VCIVersion.VER_1_0_11, credentialIssuer });

if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
Expand Down
4 changes: 2 additions & 2 deletions packages/client/lib/AuthorizationCodeClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -52,14 +52,14 @@ export async function createSignedAuthRequestWhenNeeded(requestObject: Record<st
const iss = requestObject.iss ?? opts.iss ?? requestObject.client_id;

const jwt: Jwt = {
header: { alg: 'ES256', kid: opts.kid, typ: 'jwt' },
header: { alg: 'ES256', kid: opts.kid, typ: 'JWT' },
payload: { ...requestObject, iss, authorization_details, ...(client_metadata && { client_metadata }) },
};
const pop = await ProofOfPossessionBuilder.fromJwt({
jwt,
callbacks: opts.signCallbacks,
version: OpenId4VCIVersion.VER_1_0_11,
mode: 'jwt',
mode: 'JWT',
}).build();
requestObject['request'] = pop.jwt;
}
Expand Down
12 changes: 6 additions & 6 deletions packages/client/lib/ProofOfPossessionBuilder.ts
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
if (jwt) {
this.withJwt(jwt);
} else {
this.withTyp(version < OpenId4VCIVersion.VER_1_0_11 || mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt');
this.withTyp(version < OpenId4VCIVersion.VER_1_0_11 || mode === 'JWT' ? 'JWT' : 'openid4vci-proof+jwt');
}
if (accessTokenResponse) {
this.withAccessTokenResponse(accessTokenResponse);
Expand All @@ -64,7 +64,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
jwt,
callbacks,
version,
mode = 'jwt',
mode = 'JWT',
}: {
jwt?: Jwt;
callbacks: ProofOfPossessionCallbacks<DIDDoc>;
Expand Down Expand Up @@ -144,11 +144,11 @@ export class ProofOfPossessionBuilder<DIDDoc> {
withTyp(typ: Typ): this {
if (this.mode === 'pop' && this.version >= OpenId4VCIVersion.VER_1_0_11) {
if (!!typ && typ !== 'openid4vci-proof+jwt') {
throw Error('typ must be openid4vci-proof+jwt for version 1.0.11 and up');
throw Error(`typ must be openid4vci-proof+jwt for version 1.0.11 and up. Provided: ${typ}`);
}
} else {
if (!!typ && typ !== 'jwt') {
throw Error('typ must be jwt for version 1.0.10 and below');
if (!!typ && typ !== 'JWT') {
throw Error(`typ must be jwt for version 1.0.10 and below. Provided: ${typ}`);
}
}
this.typ = typ;
Expand Down Expand Up @@ -216,7 +216,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
this.mode,
this.callbacks,
{
typ: this.typ ?? (this.version < OpenId4VCIVersion.VER_1_0_11 || this.mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt'),
typ: this.typ ?? (this.version < OpenId4VCIVersion.VER_1_0_11 || this.mode === 'JWT' ? 'JWT' : 'openid4vci-proof+jwt'),
kid: this.kid,
jwk: this.jwk,
jti: this.jti,
Expand Down
16 changes: 8 additions & 8 deletions packages/client/lib/__tests__/CredentialRequestClient.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ import { getMockData } from './data/VciDataFixtures';
const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';

const jwt1_0_08: Jwt = {
header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
};

Expand Down Expand Up @@ -184,7 +184,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('spruce')?.credential.request.proof.jwt as string,
},
credentialTypes: 'OpenBadgeCredential',
Expand All @@ -208,7 +208,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('walt')?.credential.request.proof.jwt as string,
},
credentialTypes: ['OpenBadgeCredential'],
Expand All @@ -231,7 +231,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('uniissuer')?.credential.request.proof.jwt as string,
},
credentialIdentifier: 'OpenBadgeCredential',
Expand All @@ -253,7 +253,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('mattr')?.credential.request.proof.jwt as string,
},
credentialTypes: ['OpenBadgeCredential'],
Expand All @@ -276,7 +276,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('diwala')?.credential.request.proof.jwt as string,
},
credentialTypes: ['OpenBadgeCredential'],
Expand Down Expand Up @@ -318,7 +318,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('diwala')?.credential.request.proof.jwt as string,
},
credentialIdentifier: 'BevoegdheidUittreksel_jwt_vc_json',
Expand All @@ -337,7 +337,7 @@ describe('Credential Request Client with different issuers ', () => {
expect(credentialRequest.credential_identifier).toEqual('BevoegdheidUittreksel_jwt_vc_json');
expect(credentialRequest.proof).toEqual({
jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa3AxM3N6QUFMVFN0cDV1OGtMcnl5YW5vYWtrVWtFUGZXazdvOHY3dms0RW1KI3o2TWtwMTNzekFBTFRTdHA1dThrTHJ5eWFub2Fra1VrRVBmV2s3bzh2N3ZrNEVtSiJ9.eyJhdWQiOiJodHRwczovL29pZGM0dmMuZGl3YWxhLmlvIiwiaWF0IjoxNjgxOTE1MDk1LjIwMiwiZXhwIjoxNjgxOTE1NzU1LjIwMiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6IjYxN2MwM2EzLTM3MTUtNGJlMy1hYjkxNzM4MTlmYzYxNTYzIn0.KA-cHjecaYp9FSaWHkz5cqtNyhBIVT_0I7cJnpHn03T4UWFvdhjhn8Hpe-BU247enFyWOWJ6v3NQZyZgle7xBA',
proof_type: 'jwt',
proof_type: 'JWT',
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';
const partialJWT_withoutDid = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJlYmZlYjFmNzEyZWJjNmYxYzI3N';

/*const jwtv1_0_08: Jwt = {
header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
};*/

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,12 @@ const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';
const partialJWT_withoutDid = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJlYmZlYjFmNzEyZWJjNmYxYzI3N';

const jwt: Jwt = {
header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
};

const jwt_withoutDid: Jwt = {
header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
};

Expand Down Expand Up @@ -305,7 +305,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('spruce')?.credential.request.proof.jwt as string,
},
credentialTypes: ['OpenBadgeCredential'],
Expand All @@ -329,7 +329,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('walt')?.credential.request.proof.jwt as string,
},
credentialTypes: ['OpenBadgeCredential'],
Expand All @@ -352,7 +352,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('uniissuer')?.credential.request.proof.jwt as string,
},
credentialTypes: ['OpenBadgeCredential'],
Expand All @@ -374,7 +374,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('mattr')?.credential.request.proof.jwt as string,
},
credentialTypes: ['OpenBadgeCredential'],
Expand All @@ -397,7 +397,7 @@ describe('Credential Request Client with different issuers ', () => {
.build()
.createCredentialRequest({
proofInput: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: getMockData('diwala')?.credential.request.proof.jwt as string,
},
credentialTypes: ['OpenBadgeCredential'],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@ import { ProofOfPossessionBuilder } from '..';
import { IDENTIPROOF_ISSUER_URL } from './MetadataMocks';

const jwt: Jwt = {
header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
};

const jwt_withoutDid: Jwt = {
header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
};

Expand Down
12 changes: 6 additions & 6 deletions packages/client/lib/__tests__/data/VciDataFixtures.ts
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ export interface IssuerMockData {
type?: string;
format: 'jwt_vc' | 'ldp_vc' | 'jwt_vc_json-ld' | string;
proof: {
proof_type: 'jwt' | string;
proof_type: 'JWT' | string;
jwt: string;
};
};
Expand Down Expand Up @@ -119,7 +119,7 @@ const mockData: VciMockDataStructure = {
type: 'OpenBadgeCredential',
format: 'jwt_vc',
proof: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lKclpuVmpTa0V0VEhKck9VWjBPRmx5TFVkMlQzSmpia3N3YjNkc2RqUlhNblUwU3pJeFNHZHZTVlIzSWl3aWVTSTZJalozY0ZCUE1rOUNRVXBTU0ZFMVRXdEtXVlJaV0dsQlJFUXdOMU5OTlV0amVXcDNYMkUzVUUxWmVGa2lmUSMwIn0.eyJhdWQiOiJodHRwczovL25naS1vaWRjNHZjaS10ZXN0LnNwcnVjZWlkLnh5eiIsImlhdCI6MTY4MTkxMTA2MC45NDIsImV4cCI6MTY4MTkxMTcyMC45NDIsImlzcyI6InNwaGVyZW9uOnNzaS13YWxsZXQiLCJqdGkiOiJhNjA4MzMxZi02ZmE0LTQ0ZjAtYWNkZWY5NmFjMjdmNmQ3MCJ9.NwF3_41gwnlIdd_6Uk9CczeQHzIQt6UcvTT5Cxv72j9S1vNwiY9annA2kLsjsTiR5-WMBdUhJCO7wYCtZ15mxw',
},
},
Expand Down Expand Up @@ -365,7 +365,7 @@ const mockData: VciMockDataStructure = {
types: ['OpenBadgeCredential'],
format: 'jwt_vc',
proof: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lKclpuVmpTa0V0VEhKck9VWjBPRmx5TFVkMlQzSmpia3N3YjNkc2RqUlhNblUwU3pJeFNHZHZTVlIzSWl3aWVTSTZJalozY0ZCUE1rOUNRVXBTU0ZFMVRXdEtXVlJaV0dsQlJFUXdOMU5OTlV0amVXcDNYMkUzVUUxWmVGa2lmUSMwIn0.eyJhdWQiOiJodHRwczovL2pmZi53YWx0LmlkL2lzc3Vlci1hcGkvZGVmYXVsdC9vaWRjLyIsImlhdCI6MTY4MTkxMTk0Mi4yMzgsImV4cCI6MTY4MTkxMjYwMi4yMzgsIm5vbmNlIjoiZjA2YTMxMDUtYTJlZC00NGZjLTk1NGItNGEyNTk3MDM0OTNiIiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6IjA1OWM3ODA5LTlmOGYtNGE3ZS1hZDI4YTNhMTNhMGIzNmViIn0.RfiWyybxpe3nkx3b0yIsqDHQtvB1WwhDW4t0X-kijy2dsSfv2cYhSEmAzs1shg7OV4EW8fSzt_Te79xiVl6jCw',
},
},
Expand Down Expand Up @@ -483,7 +483,7 @@ const mockData: VciMockDataStructure = {
types: ['OpenBadgeCredential'],
format: 'jwt_vc',
proof: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lKclpuVmpTa0V0VEhKck9VWjBPRmx5TFVkMlQzSmpia3N3YjNkc2RqUlhNblUwU3pJeFNHZHZTVlIzSWl3aWVTSTZJalozY0ZCUE1rOUNRVXBTU0ZFMVRXdEtXVlJaV0dsQlJFUXdOMU5OTlV0amVXcDNYMkUzVUUxWmVGa2lmUSMwIn0.eyJhdWQiOiJodHRwczovL29pZGM0dmMudW5paXNzdWVyLmlvLyIsImlhdCI6MTY4MTkxMjgzNy40MTQsImV4cCI6MTY4MTkxMzQ5Ny40MTQsIm5vbmNlIjoiMzhkMzZmM2ItNzJlMy00ODg2LWI2MGMtMzZiNzcwZDBlNGVhIiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6ImIzYWEyMmFkLWExZTItNDJjOC1iMGI4ZTdjNDgzZDg4M2U4In0.awwIJ0422HSdOsCIe8k7zjxqY6RVaHK2ItUFqbmVjqLXxWt-Mp7cXF84n9HGgC8fgGOKmjlgXdNLr_Jiio_e3g',
},
},
Expand Down Expand Up @@ -582,7 +582,7 @@ const mockData: VciMockDataStructure = {
type: 'OpenBadgeCredential',
format: 'ldp_vc',
proof: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa3AxM3N6QUFMVFN0cDV1OGtMcnl5YW5vYWtrVWtFUGZXazdvOHY3dms0RW1KI3o2TWtwMTNzekFBTFRTdHA1dThrTHJ5eWFub2Fra1VrRVBmV2s3bzh2N3ZrNEVtSiJ9.eyJhdWQiOiJodHRwczovL2xhdW5jaHBhZC5tYXR0cmxhYnMuY29tIiwiaWF0IjoxNjgxOTE0NDgyLjUxOSwiZXhwIjoxNjgxOTE1MTQyLjUxOSwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6ImI5NDY1ZGE5LTY4OGYtNDdjNi04MjUwNDA0ZGNiOWI5Y2E5In0.uQ8ewOfIjy_1p_Gk6PjeEWccBJnjOca1pwbTWiCAFMQX9wlIsfeUdGtXUoHjH5_PQtpwytodx7WU456_CT9iBQ',
},
},
Expand Down Expand Up @@ -696,7 +696,7 @@ const mockData: VciMockDataStructure = {
type: 'OpenBadgeCredential',
format: 'ldp_vc',
proof: {
proof_type: 'jwt',
proof_type: 'JWT',
jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa3AxM3N6QUFMVFN0cDV1OGtMcnl5YW5vYWtrVWtFUGZXazdvOHY3dms0RW1KI3o2TWtwMTNzekFBTFRTdHA1dThrTHJ5eWFub2Fra1VrRVBmV2s3bzh2N3ZrNEVtSiJ9.eyJhdWQiOiJodHRwczovL29pZGM0dmMuZGl3YWxhLmlvIiwiaWF0IjoxNjgxOTE1MDk1LjIwMiwiZXhwIjoxNjgxOTE1NzU1LjIwMiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6IjYxN2MwM2EzLTM3MTUtNGJlMy1hYjkxNzM4MTlmYzYxNTYzIn0.KA-cHjecaYp9FSaWHkz5cqtNyhBIVT_0I7cJnpHn03T4UWFvdhjhn8Hpe-BU247enFyWOWJ6v3NQZyZgle7xBA',
},
},
Expand Down
31 changes: 17 additions & 14 deletions packages/client/lib/functions/AccessTokenUtil.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,35 +9,38 @@ export const createJwtBearerClientAssertion = async (
version?: OpenId4VCIVersion;
},
): Promise<void> => {
const { asOpts } = opts;
const { asOpts, credentialIssuer } = opts;
if (asOpts?.clientOpts?.clientAssertionType === 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer') {
if (!request.client_id) {
throw Error(`Not client_id supplied, but client-assertion jwt-bearer requested.`);
} else if (!asOpts.clientOpts.kid) {
throw Error(`No kid supplied, but client-assertion jwt-bearer requested.`);
} else if (!asOpts.clientOpts.signCallbacks) {
throw Error(`No sign callback supplied, but client-assertion jwt-bearer requested.`);
const { kid, clientId = request.client_id, signCallbacks, alg } = asOpts.clientOpts;
if (!clientId) {
return Promise.reject(Error(`Not client_id supplied, but client-assertion jwt-bearer requested.`));
} else if (!kid) {
return Promise.reject(Error(`No kid supplied, but client-assertion jwt-bearer requested.`));
} else if (typeof signCallbacks !== 'function') {
return Promise.reject(Error(`No sign callback supplied, but client-assertion jwt-bearer requested.`));
} else if (!credentialIssuer) {
return Promise.reject(Error(`No credential issuer supplied, but client-assertion jwt-bearer requested.`));
}
const jwt: Jwt = {
header: {
typ: 'JWT',
kid: asOpts.clientOpts.kid,
alg: asOpts.clientOpts.alg ?? 'ES256',
kid: kid,
alg: alg ?? 'ES256',
},
payload: {
iss: request.client_id,
sub: request.client_id,
aud: opts.credentialIssuer,
iss: clientId,
sub: clientId,
aud: credentialIssuer,
jti: v4(),
exp: Date.now() / 1000 + 60,
iat: Date.now() / 1000 - 60,
},
};
const pop = await ProofOfPossessionBuilder.fromJwt({
jwt,
callbacks: asOpts.clientOpts.signCallbacks,
callbacks: signCallbacks,
version: opts.version ?? OpenId4VCIVersion.VER_1_0_13,
mode: 'jwt',
mode: 'JWT',
}).build();
request.client_assertion_type = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer';
request.client_assertion = pop.jwt;
Expand Down
2 changes: 1 addition & 1 deletion packages/common/lib/functions/FormatUtils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ export function getUniformFormat(format: string | OID4VCICredentialFormat | Cred
}

// Older formats
if (format === 'jwt_vc' || format === 'jwt') {
if (format.toLocaleLowerCase() === 'jwt_vc' || format.toLocaleLowerCase() === 'jwt') {
return 'jwt_vc';
}
if (format === 'ldp_vc' || format === 'ldp') {
Expand Down
Loading

0 comments on commit 1ff4e40

Please sign in to comment.