Merge pull request #83 from niscy-eudiw/fix/config-use-par

Use of PAR can be configured

.github/workflows/build-package.yml

@@ -8,11 +8,11 @@ on:
     tags: [ v* ]
 jobs:
   build:
-    runs-on: "macos-13"
+    runs-on: "macos-14"
     steps:
       - uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: '15.0'
+          xcode-version: '16.0'
       - uses: actions/checkout@v4
       - run:
           fastlane tests

Gemfile.lock

@@ -10,20 +10,20 @@ GEM
     artifactory (3.0.17)
     atomos (0.1.3)
     aws-eventstream (1.3.0)
-    aws-partitions (1.953.0)
-    aws-sdk-core (3.201.1)
+    aws-partitions (1.985.0)
+    aws-sdk-core (3.209.1)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.8)
+      aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.88.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
+    aws-sdk-kms (1.94.0)
+      aws-sdk-core (~> 3, >= 3.207.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.156.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
+    aws-sdk-s3 (1.167.0)
+      aws-sdk-core (~> 3, >= 3.207.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.8.0)
+    aws-sigv4 (1.10.0)
       aws-eventstream (~> 1, >= 1.0.2)
     babosa (1.0.4)
     base64 (0.2.0)
@@ -38,8 +38,8 @@ GEM
     domain_name (0.6.20240107)
     dotenv (2.8.1)
     emoji_regex (3.2.3)
-    excon (0.111.0)
-    faraday (1.10.3)
+    excon (0.112.0)
+    faraday (1.10.4)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
@@ -60,15 +60,15 @@ GEM
     faraday-httpclient (1.0.1)
     faraday-multipart (1.0.4)
       multipart-post (~> 2)
-    faraday-net_http (1.0.1)
+    faraday-net_http (1.0.2)
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
-    faraday_middleware (1.2.0)
+    faraday_middleware (1.2.1)
       faraday (~> 1.0)
     fastimage (2.3.1)
-    fastlane (2.221.1)
+    fastlane (2.224.0)
       CFPropertyList (>= 2.3, < 4.0.0)
       addressable (>= 2.8, < 3.0.0)
       artifactory (~> 3.0)
@@ -126,7 +126,7 @@ GEM
       google-apis-core (>= 0.11.0, < 2.a)
     google-apis-storage_v1 (0.31.0)
       google-apis-core (>= 0.11.0, < 2.a)
-    google-cloud-core (1.7.0)
+    google-cloud-core (1.7.1)
       google-cloud-env (>= 1.0, < 3.a)
       google-cloud-errors (~> 1.0)
     google-cloud-env (1.6.0)
@@ -147,12 +147,12 @@ GEM
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
     highline (2.0.3)
-    http-cookie (1.0.6)
+    http-cookie (1.0.7)
       domain_name (~> 0.5)
     httpclient (2.8.3)
     jmespath (1.6.2)
     json (2.7.2)
-    jwt (2.8.2)
+    jwt (2.9.3)
       base64
     mini_magick (4.13.2)
     mini_mime (1.1.5)
@@ -164,15 +164,14 @@ GEM
     optparse (0.5.0)
     os (1.1.4)
     plist (3.7.1)
-    public_suffix (6.0.0)
+    public_suffix (6.0.1)
     rake (13.2.1)
     representable (3.2.0)
       declarative (< 0.1.0)
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.2.9)
-      strscan
+    rexml (3.3.8)
     rouge (2.0.7)
     ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
@@ -185,7 +184,6 @@ GEM
     simctl (1.6.10)
       CFPropertyList
       naturally
-    strscan (3.1.0)
     terminal-notifier (2.0.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
@@ -195,15 +193,15 @@ GEM
     tty-spinner (0.9.3)
       tty-cursor (~> 0.7)
     uber (0.1.0)
-    unicode-display_width (2.5.0)
+    unicode-display_width (2.6.0)
     word_wrap (1.0.0)
-    xcodeproj (1.24.0)
+    xcodeproj (1.25.1)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
       nanaimo (~> 0.3.0)
-      rexml (~> 3.2.4)
+      rexml (>= 3.3.6, < 4.0)
     xcpretty (0.3.0)
       rouge (~> 2.0.7)
     xcpretty-travis-formatter (1.0.1)

Sources/Entities/AccessManagement/IdentityAndAccessManagementMetadata.swift

@@ -40,9 +40,15 @@ public enum IdentityAndAccessManagementMetadata {
   var pushedAuthorizationRequestEndpointURI: URL? {
     switch self {
     case .oidc(let metaData):
-      return URL(string: metaData.pushedAuthorizationRequestEndpoint ?? "")
+      if let pushedAuthorizationRequestEndpoint = metaData.pushedAuthorizationRequestEndpoint {
+        return URL(string: pushedAuthorizationRequestEndpoint)
+      }
+      return nil
     case .oauth(let metaData):
-      return URL(string: metaData.pushedAuthorizationRequestEndpoint ?? "")
+      if let pushedAuthorizationRequestEndpoint = metaData.pushedAuthorizationRequestEndpoint {
+        return URL(string: pushedAuthorizationRequestEndpoint)
+      }
+      return nil
     }
   }
 

Sources/Main/Authorisers/AuthorizationServerClient.swift

@@ -54,7 +54,7 @@ public actor AuthorizationServerClient: AuthorizationServerClientType {
   public let service: AuthorisationServiceType
   public let parPoster: PostingType
   public let tokenPoster: PostingType
-  public let parEndpoint: URL
+  public let parEndpoint: URL?
   public let authorizationEndpoint: URL
   public let tokenEndpoint: URL
   public let redirectionURI: URL
@@ -107,8 +107,9 @@ public actor AuthorizationServerClient: AuthorizationServerClientType {
       if let pushedAuthorizationRequestEndpoint = data.pushedAuthorizationRequestEndpoint, let url = URL(string: pushedAuthorizationRequestEndpoint) {
         self.parEndpoint = url
       } else {
-        throw ValidationError.error(reason: "In valid authorization endpoint")
+        self.parEndpoint = nil
       }
+
     case .oauth(let data):
 
       if let tokenEndpoint = data.tokenEndpoint, let url = URL(string: tokenEndpoint) {
@@ -126,7 +127,7 @@ public actor AuthorizationServerClient: AuthorizationServerClientType {
       if let pushedAuthorizationRequestEndpoint = data.pushedAuthorizationRequestEndpoint, let url = URL(string: pushedAuthorizationRequestEndpoint) {
         self.parEndpoint = url
       } else {
-        throw ValidationError.error(reason: "In valid pushed authorization request endpoint")
+        self.parEndpoint = nil
       }
     }
   }
@@ -168,7 +169,7 @@ public actor AuthorizationServerClient: AuthorizationServerClientType {
         ]
       )
     ) else {
-      throw ValidationError.invalidUrl(parEndpoint.absoluteString)
+      throw ValidationError.invalidUrl(parEndpoint?.absoluteString ?? "")
     }
 
     let authorizationCodeURL = try GetAuthorizationCodeURL(
@@ -204,6 +205,9 @@ public actor AuthorizationServerClient: AuthorizationServerClientType {
     )
 
     do {
+      guard let parEndpoint = parEndpoint else {
+        throw ValidationError.error(reason: "Missing PAR endpoint")
+      }
       let response: PushedAuthorizationRequestResponse = try await service.formPost(
         poster: parPoster,
         url: parEndpoint,

Tests/Constants/TestsConstants.swift

@@ -16,19 +16,16 @@
 import Foundation
 @testable import OpenID4VCI
 
-//let CREDENTIAL_ISSUER_PUBLIC_URL = "http://localhost:8080"
+let CREDENTIAL_ISSUER_PUBLIC_URL = "https://dev.issuer-backend.eudiw.dev"
+let MDL_config_id = "org.iso.18013.5.1.mDL"
+let PID_MsoMdoc_config_id = "eu.europa.ec.eudi.pid_mso_mdoc"
+let PID_SdJwtVC_config_id = "eu.europa.ec.eudi.pid_vc_sd_jwt"
 
 //let CREDENTIAL_ISSUER_PUBLIC_URL = "https://dev.issuer.eudiw.dev"
 //let PID_SdJwtVC_config_id = "eu.europa.ec.eudi.mdl_jwt_vc_json"
 //let PID_MsoMdoc_config_id = "eu.europa.ec.eudi.pid_mdoc"
 //let MDL_config_id = "eu.europa.ec.eudi.mdl_mdoc"
 
-//let CREDENTIAL_ISSUER_PUBLIC_URL = "https://localhost/pid-issuer"
-let CREDENTIAL_ISSUER_PUBLIC_URL = "https://dev.issuer-backend.eudiw.dev"
-let MDL_config_id = "org.iso.18013.5.1.mDL"
-let PID_MsoMdoc_config_id = "eu.europa.ec.eudi.pid_mso_mdoc"
-let PID_SdJwtVC_config_id = "eu.europa.ec.eudi.pid_vc_sd_jwt"
-
 //let CredentialIssuer_URL = "https://preprod.issuer.eudiw.dev/oidc"
 //let PID_SdJwtVC_SCOPE = "eu.europa.ec.eudi.pid_jwt_vc_json"
 //let PID_MsoMdoc_SCOPE = "eu.europa.ec.eudi.pid_mdoc"

Tests/Helpers/Wallet.swift

@@ -394,23 +394,19 @@ extension Wallet {
     offer: CredentialOffer
   ) async throws -> AuthorizedRequest {
 
-    var pushedAuthorizationRequestEndpoint = ""
+    var pushedAuthorizationRequestEndpoint: String? = nil
     if case let .oidc(metaData) = offer.authorizationServerMetadata {
       if let endpoint = metaData.pushedAuthorizationRequestEndpoint {
         pushedAuthorizationRequestEndpoint = endpoint
-      } else {
-        throw ValidationError.error(reason: "pushedAuthorizationRequestEndpoint is nil")
       }
 
     } else if case let .oauth(metaData) = offer.authorizationServerMetadata {
       if let endpoint = metaData.pushedAuthorizationRequestEndpoint {
         pushedAuthorizationRequestEndpoint = endpoint
-      } else {
-        throw ValidationError.error(reason: "pushedAuthorizationRequestEndpoint is nil")
       }
     }
 
-    print("--> [AUTHORIZATION] Placing PAR to AS server's endpoint \(pushedAuthorizationRequestEndpoint)")
+    print("--> [AUTHORIZATION] Placing PAR to AS server's endpoint \(pushedAuthorizationRequestEndpoint ?? "N/A")")
 
     let parPlaced = try await issuer.pushAuthorizationCodeRequest(
       credentialOffer: offer
@@ -449,7 +445,11 @@ extension Wallet {
            case let .noProofRequired(token, _, _, _) = authorized {
           print("--> [AUTHORIZATION] Authorization code exchanged with access token : \(token.accessToken)")
 
-          let hasExpired = authorized.accessToken?.isExpired(issued: authorized.timeStamp!, at: Date().timeIntervalSinceReferenceDate)
+          if let timeStamp = authorized.timeStamp {
+            _ = authorized.accessToken?.isExpired(
+              issued: timeStamp,
+              at: Date().timeIntervalSinceReferenceDate)
+          }
           return authorized
         }
 

Tests/Stubs/URL+Stub.swift

@@ -15,6 +15,7 @@
  */
 import Foundation
 
+extension URL: @retroactive Identifiable {}
 extension URL: Stubbable {
 
   public var id: ObjectIdentifier {