chore: PR feedback

packages/siop-oid4vp/lib/types/Errors.ts

@@ -1,6 +1,7 @@
 enum SIOPErrors {
   // todo: INVALID_REQUEST mapping onto response conforming to spec
   INVALID_CLIENT_ID_MUST_MATCH_REDIRECT_URI = `Invalid request object payload. The redirect_uri must match the client_id with client_id_scheme 'redirect_uri'.`,
+  INVALID_CLIENT_ID_MUST_MATCH_RESPONSE_URI = `Invalid request object payload. The response_uri must match the client_id with client_id_scheme 'redirect_uri'.`,
   INVALID_REQUEST = 'The request contained invalid or conflicting parameters',
   AUTH_REQUEST_EXPECTS_VP = 'authentication request expects a verifiable presentation in the response',
   AUTH_REQUEST_DOESNT_EXPECT_VP = "authentication request doesn't expect a verifiable presentation in the response",

packages/siop-oid4vp/lib/types/VpJwtVerifier.ts

@@ -95,8 +95,11 @@ export const getRequestObjectJwtVerifier = async (
   } else if (clientIdScheme === 'redirect_uri') {
     if (jwt.payload.redirect_uri && jwt.payload.redirect_uri !== clientId) {
       throw new Error(SIOPErrors.INVALID_CLIENT_ID_MUST_MATCH_REDIRECT_URI)
+    } else if (jwt.payload.response_uri && jwt.payload.response_uri !== clientId) {
+      throw new Error(SIOPErrors.INVALID_CLIENT_ID_MUST_MATCH_RESPONSE_URI)
     }
-    /*const parts = options.raw.split('.')  this can be signed and execution shouldn't even be here when alg = none 
+
+    /*const parts = options.raw.split('.')  this can be signed and execution can't even be here when alg = none 
     if (parts.length > 2 && parts[2]) {
       throw new Error(`${SIOPErrors.INVALID_JWT} '${type}' JWT must not be signed`)
     }*/