Merge pull request #145 from TimoGlastra/fix/oid4vc-conformance-test-…

…fixes fix: changes for oid4vc conformance tests
Sphereon-Opensource · Sep 17, 2024 · b9236ad · b9236ad
2 parents 0a6c8e3 + ead518e
commit b9236ad
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/packages/common/lib/jwt/JwtVerifier.ts b/packages/common/lib/jwt/JwtVerifier.ts
@@ -66,6 +66,21 @@ export const getDidJwtVerifier = (jwt: { header: JwtHeader; payload: JwtPayload
   return { method: 'did', didUrl: jwt.header.kid, type: type, alg: jwt.header.alg };
 };
 
+const getIssuer = (type: JwtType, payload: JwtPayload): string => {
+  // For 'request-object' the `iss` value is not required so we map the issuer to client_id
+  if (type === 'request-object') {
+    if (!payload.client_id) {
+      throw new Error('Missing required field client_id in request object JWT');
+    }
+    return payload.client_id as string;
+  }
+
+  if (typeof payload.iss !== 'string') {
+    throw new Error(`Received an invalid JWT. '${type}' contains an invalid iss claim or it is missing.`);
+  }
+  return payload.iss;
+};
+
 export const getX5cVerifier = (jwt: { header: JwtHeader; payload: JwtPayload }, options: { type: JwtType }): X5cJwtVerifier => {
   const { type } = options;
   if (!jwt.header.x5c) throw new Error(`Received an invalid JWT. Missing x5c header.`);
@@ -75,11 +90,13 @@ export const getX5cVerifier = (jwt: { header: JwtHeader; payload: JwtPayload },
     throw new Error(`Received an invalid JWT.. '${type}' contains an invalid x5c header.`);
   }
 
-  if (typeof jwt.payload.iss !== 'string') {
-    throw new Error(`Received an invalid JWT. '${type}' contains an invalid iss claim.`);
-  }
-
-  return { method: 'x5c', x5c: jwt.header.x5c, issuer: jwt.payload.iss, type: type, alg: jwt.header.alg };
+  return {
+    method: 'x5c',
+    x5c: jwt.header.x5c,
+    issuer: getIssuer(type, jwt.payload),
+    type: type,
+    alg: jwt.header.alg,
+  };
 };
 
 export const getJwkVerifier = async (jwt: { header: JwtHeader; payload: JwtPayload }, options: { type: JwtType }): Promise<JwkJwtVerifier> => {

diff --git a/packages/siop-oid4vp/lib/authorization-response/Payload.ts b/packages/siop-oid4vp/lib/authorization-response/Payload.ts
@@ -21,10 +21,9 @@ export const createResponsePayload = async (
   const state: string | undefined = await authorizationRequest.getMergedProperty('state')
 
   const responsePayload: AuthorizationResponsePayload = {
-    ...(responseOpts.accessToken && { access_token: responseOpts.accessToken }),
+    ...(responseOpts.accessToken && { access_token: responseOpts.accessToken, expires_in: responseOpts.expiresIn || 3600 }),
     ...(responseOpts.tokenType && { token_type: responseOpts.tokenType }),
     ...(responseOpts.refreshToken && { refresh_token: responseOpts.refreshToken }),
-    expires_in: responseOpts.expiresIn || 3600,
     state,
   }