fix: feedback

Sphereon-Opensource · Oct 3, 2024 · b119275 · b119275
1 parent 2c1a354
commit b119275
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 5 deletions.
diff --git a/packages/jarm/__tests__/jarm.test.ts b/packages/jarm/__tests__/jarm.test.ts
@@ -0,0 +1,5 @@
+describe('jarm', () => {
+  it('should create some tests', () => {
+    expect(true).toBe(true);
+  });
+});
diff --git a/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts b/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts
@@ -42,7 +42,7 @@ export const jarmAuthResponseSend = async (input: JarmAuthResponseSendInput): Pr
     case 'fragment.jwt':
       return handleFragmentJwt(responseEndpoint, authResponse);
     case 'form_post.jwt':
-      throw new Error('Not implemented');
+      throw new Error('Not implemented. form_post.jwt is not yet supported.');
   }
 };
 

diff --git a/packages/jarm/lib/jarm-auth-response/v-jarm-auth-response-params.ts b/packages/jarm/lib/jarm-auth-response/v-jarm-auth-response-params.ts
@@ -27,12 +27,12 @@ export const vJarmAuthResponseParams = v.looseObject({
   iss: v.string(),
 
   /**
-   * The client_id of the client the response is intended for
+   * Expiration of the JWT
    */
   exp: v.number(),
 
   /**
-   * Expiration of the JWT
+   * The client_id of the client the response is intended for
    */
   aud: v.string(),
 });
@@ -50,7 +50,7 @@ export const validateJarmAuthResponseParams = (input: {
   }
 
   // 4. The client obtains the aud element from the JWT and checks whether it matches the client id the client used to identify itself in the corresponding authorization request. If the check fails, the client MUST abort processing and refuse the response.
-  if (authRequestParams.client_id !== authResponseParams.client_id) {
+  if (authRequestParams.client_id !== authResponseParams.aud) {
     throw new Error(`Invalid audience in jarm-auth-response. Expected '${authRequestParams.client_id}' received '${authResponseParams.aud}'.`);
   }
 

diff --git a/packages/siop-oid4vp/lib/op/OP.ts b/packages/siop-oid4vp/lib/op/OP.ts
@@ -159,7 +159,9 @@ export class OP {
   }
 
   public static async extractEncJwksFromClientMetadata(clientMetadata: JwksMetadataParams) {
-    // The client metadata will be parsed in the joseExtractJWKS function
+    // TODO: Currently no mechanisms are in place to deal with multiple 'enc' keys in the client metadata.
+    // TODO: Maybe we should return all 'enc' keys in the client metadata. In addition the JWKS from the jwks_uri are not fetched if jwks are present.
+    // TODO: Is that the expected behavior?
     const jwks = await extractJwksFromJwksMetadata(clientMetadata)
     const encryptionJwk = jwks?.keys.find((key) => key.use === 'enc')
     if (!encryptionJwk) {