refactor(wallet): holder_to_par with authorization_details (#7)

* refactor(wallet): holder_to_par with authorization_details * fix(wallet): changed request data for authorization_details * fix(wallet): update cntract in keys --------- Co-authored-by: matteo-cristino <[email protected]>
ForkbombEu · Mar 18, 2024 · 266ec37 · 266ec37
1 parent 68f94c5
commit 266ec37
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 10 deletions.
diff --git a/wallet/1_holder_to_par_on_authz_server.zen b/wallet/1_holder_to_par_on_authz_server.zen
@@ -7,8 +7,24 @@ Given I have a 'string' named 'client_id'
 Given I have a 'string' named 'authorization_server' inside '!external-qr-code-content'
 Given I have a 'string' named 'par_endpoint' inside 'oauth_flow_parameters'
 
+Given I have a 'string' named 'credential_issuer' inside '!external-qr-code-content'
+Given I have a 'string array' named 'credential_configuration_ids' inside '!external-qr-code-content'
+
+Given I have a 'string dictionary' named 'holder_claims'
+
 Given I have a 'keyring'
 
+#- create authorization_details
+When I create the 'string array' named 'authorization_details'
+When I write the string 'openid_credential' in 'type'
+When I move 'type' in 'holder_claims'
+When I create copy of element '1' from array 'credential_configuration_ids'
+When I rename the 'copy' to 'credential_configuration_id'
+When I copy 'credential_configuration_id' in 'holder_claims'
+When I create the 'string array' named 'locations'
+When I copy 'credential_issuer' in 'locations'
+When I move 'locations' in 'holder_claims'
+When I move 'holder_claims' in 'authorization_details'
 
 #- create Code Verifier (rng in url64) (used in step 7)
 When I create the random object of '256' bits
@@ -41,9 +57,6 @@ When I pickup from path 'jwt-body-params.code_challenge_method'
 When I create the copy of element '1' from array 'redirectUris'
 When I rename the 'copy' to 'redirect_uri'
 
-# - pickup stuff drom qrcode
-When I pickup from path '!external-qr-code-content.scope'
-When I pickup from path '!external-qr-code-content.resource'
 
 # - create par endpoint
 If I verify 'authorization_server' has suffix '/'
@@ -61,8 +74,7 @@ and I move 'redirect_uri' in 'data'
 and I move 'code_challenge' in 'data'
 and I move 'code_challenge_method' in 'data'
 and I move 'state' in 'data'
-and I move 'scope' in 'data'
-and I move 'resource' in 'data'
+and I move 'authorization_details' in 'data'
 
 then print the 'authorization_server_endpoint_par'
 then print the 'data'

diff --git a/wallet/holder_request_authorizationCode.data.json b/wallet/holder_request_authorizationCode.data.json
@@ -1,8 +1,7 @@
 {
 	"!external-qr-code-content": {
-		"scope": "Auth1",
-		"relying_party": "https://relying-party1.zenswarm.forkbomb.eu/relying_party/",
-		"resource": "https://issuer1.zenswarm.forkbomb.eu/credential_issuer/",
+		"credential_configuration_ids": ["Auth1"],
+		"credential_issuer": "https://issuer1.zenswarm.forkbomb.eu/credential_issuer",
 		"authorization_server": "https://authz-server1.zenswarm.forkbomb.eu/authz_server/"
 	},
 	"oauth_flow_parameters": {
@@ -20,8 +19,14 @@
 			]
 		},
 		"format": "vc+sd-jwt",
-		"vct": "SD_JWT_VC_Auth1",
+		"vct": "Auth1",
 		"Authorization": "BEARER "
+	},
+	"holder_claims": {
+		"given_name": "Pippo",
+		"family_name": "Peppe",
+		"is_human": true
 	}
+
 }
 
diff --git a/wallet/holder_request_authorizationCode.keys.json b/wallet/holder_request_authorizationCode.keys.json
@@ -35,7 +35,7 @@
         "reflow": "hd74Aegfq8nRDWCqs5vOA0lHOzHQzjzIByBLtgwfLYU="
     },
     "client_id": "did:dyne:sandbox.signroom:PTDvvQn1iWQiVxkfsDnUid8FbieKbHq46Qs8c9CZx67",
-    "zen_1": "Scenario 'http' : create GET\nScenario 'w3c' : create JWS\n\nGiven I have a 'string dictionary' named '!external-qr-code-content'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'client_id'\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\nGiven I have a 'string' named 'par_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'keyring'\n\n\n#- create Code Verifier (rng in url64) (used in step 7)\nWhen I create the random object of '256' bits\nWhen I write the string '' in 'code_verifier'\nWhen I append the 'url64' of 'random_object' to 'code_verifier'\n\n# - create Code Challenge (sha256 of Code Verifier printed in url64 ) (sent to /PAR)\nWhen I create the hash of 'code_verifier'\nWhen I write the string '' in 'code_challenge'\nWhen I append the 'url64' of 'hash' to 'code_challenge'\n\n# - create ClientSecret\nWhen I create the 'url64 dictionary' \nWhen I rename the 'url64 dictionary' to 'jws payload'\n\nWhen I copy 'code_challenge' in 'jws payload'\nWhen I create jws header for p256 signature\n\nWhen I create jws signature of header 'jws header' and payload 'jws payload'\nWhen I rename the 'jws signature' to 'client_secret'\n\n\n# - pickup stuff from jwt-body\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I pickup from path 'jwt-body-params.response_type'\nWhen I pickup from path 'jwt-body-params.state'\nWhen I pickup from path 'jwt-body-params.code_challenge_method'\n\n# - fix redirectUris\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\n# - pickup stuff drom qrcode\nWhen I pickup from path '!external-qr-code-content.scope'\nWhen I pickup from path '!external-qr-code-content.resource'\n\n# - create par endpoint\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif\nWhen I append 'par_endpoint' to 'authorization_server' \nand I rename 'authorization_server' to 'authorization_server_endpoint_par'\n\n# - create par post body\nWhen I create the 'string dictionary' named 'data'\nand I move 'response_type' in 'data'\nand I move 'client_id' in 'data'\nand I move 'client_secret' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_challenge' in 'data'\nand I move 'code_challenge_method' in 'data'\nand I move 'state' in 'data'\nand I move 'scope' in 'data'\nand I move 'resource' in 'data'\n\nthen print the 'authorization_server_endpoint_par'\nthen print the 'data'\n\n# this needs to saved into a state for later usage\n# code verifier will be sent authz server in a later stage\nthen print the 'code_verifier'\n",
+    "zen_1": "Scenario 'http' : create GET\nScenario 'w3c' : create JWS\n\nGiven I have a 'string dictionary' named '!external-qr-code-content'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'client_id'\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\nGiven I have a 'string' named 'par_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'string' named 'credential_issuer' inside '!external-qr-code-content'\nGiven I have a 'string' named 'credential_configuration_id' inside '!external-qr-code-content'\n\nGiven I have a 'string dictionary' named 'authorization_details'\n\nGiven I have a 'keyring'\n\n#- create authorization_details\nWhen I write the string 'openid_credential' in 'type'\nWhen I move 'type' in 'authorization_details'\nWhen I copy 'credential_configuration_id' in 'authorization_details'\nWhen I create the 'string array' named 'locations'\nWhen I copy 'credential_issuer' in 'locations'\nWhen I move 'locations' in 'authorization_details'\n\n#- create Code Verifier (rng in url64) (used in step 7)\nWhen I create the random object of '256' bits\nWhen I write the string '' in 'code_verifier'\nWhen I append the 'url64' of 'random_object' to 'code_verifier'\n\n# - create Code Challenge (sha256 of Code Verifier printed in url64 ) (sent to /PAR)\nWhen I create the hash of 'code_verifier'\nWhen I write the string '' in 'code_challenge'\nWhen I append the 'url64' of 'hash' to 'code_challenge'\n\n# - create ClientSecret\nWhen I create the 'url64 dictionary' \nWhen I rename the 'url64 dictionary' to 'jws payload'\n\nWhen I copy 'code_challenge' in 'jws payload'\nWhen I create jws header for p256 signature\n\nWhen I create jws signature of header 'jws header' and payload 'jws payload'\nWhen I rename the 'jws signature' to 'client_secret'\n\n\n# - pickup stuff from jwt-body\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I pickup from path 'jwt-body-params.response_type'\nWhen I pickup from path 'jwt-body-params.state'\nWhen I pickup from path 'jwt-body-params.code_challenge_method'\n\n# - fix redirectUris\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\n\n# - create par endpoint\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif\nWhen I append 'par_endpoint' to 'authorization_server' \nand I rename 'authorization_server' to 'authorization_server_endpoint_par'\n\n# - create par post body\nWhen I create the 'string dictionary' named 'data'\nand I move 'response_type' in 'data'\nand I move 'client_id' in 'data'\nand I move 'client_secret' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_challenge' in 'data'\nand I move 'code_challenge_method' in 'data'\nand I move 'state' in 'data'\nand I move 'authorization_details' in 'data'\n\nthen print the 'authorization_server_endpoint_par'\nthen print the 'data'\n\n# this needs to saved into a state for later usage\n# code verifier will be sent authz server in a later stage\nthen print the 'code_verifier'\n",
     "zen_3": "Scenario 'http': url\n# keys\nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'request_uri'\nGiven I have a 'number' named 'expires_in'\nGiven I have a 'string dictionary' named 'oauth_flow_parameters'\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\nGiven I have a 'string' named 'authorize_endpoint' inside 'oauth_flow_parameters'\n# Given I have a 'string' named 'authorize_endpoint' inside '!external-qr-code-content'\n\n\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif \n\nWhen I append 'authorize_endpoint' to 'authorization_server' \nWhen I rename the 'authorization_server' to 'authorization_server_authorize_endpoint'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'request_uri' in 'data'\nand I move 'client_id' in 'data'\n\nThen print the 'data'\nThen print the 'authorization_server_authorize_endpoint'\n",
     "zen_5": "scenario 'w3c': DPoP\n\n# keys\nGiven I have a 'keyring' \nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'grant_type' inside 'oauth_flow_parameters'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'token_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\n\n\nGiven I have a 'string' named 'code_verifier'\nGiven I have a 'string' named 'code'\n\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\nWhen I create jwk of es256 public key \n\nWhen I create the random 'ramdom_jti'\nWhen I write the string '' in 'jti'\nWhen I append the 'url64' of 'ramdom_jti' to 'jti'\n\n\n\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif \n\nWhen I append 'token_endpoint' to 'authorization_server' \nWhen I copy 'authorization_server' to '!authorization_server_token_endpoint'\nWhen I rename the 'authorization_server' to 'htu'\n\n#   jti: randomBytes(16).toString('base64url'),\n#   htm: 'POST',\n#          htu: 'https://server.example.com/token',\n\nWhen I create the timestamp\nWhen I rename the 'timestamp' to 'iat'\n\nWhen I set 'htm' to 'POST' as 'string'\nWhen I set 'alg' to 'ES256' as 'string'\nWhen I set 'typ' to 'dpop+jwt' as 'string'\n\nWhen I create the 'string dictionary' named 'DPoP-payload'\nWhen I move 'iat' in 'DPoP-payload'\nWhen I move 'jti' in 'DPoP-payload'\nWhen I move 'htu' in 'DPoP-payload'\nWhen I move 'htm' in 'DPoP-payload'\n\nWhen I create the 'string dictionary' named 'DPoP-header'\nWhen I move 'alg' in 'DPoP-header'\nWhen I move 'typ' in 'DPoP-header'\nWhen I move 'jwk' in 'DPoP-header'\n\nWhen I create the jws signature of header 'DPoP-header' and payload 'DPoP-payload'\n\nWhen I rename the 'jws signature' to 'DPoP'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'DPoP' in 'data'\nand I move 'client_id' in 'data'\nand I move 'code' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_verifier' in 'data'\nand I move 'grant_type' in 'data'\n\nThen print the 'data'\nThen print the '!authorization_server_token_endpoint'\n",
     "zen_7": "scenario 'w3c': DPoP\n\n# keys\nGiven I have a 'keyring' \nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'format' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'vct' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'Authorization' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'credential_endpoint' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'resource' inside '!external-qr-code-content'\n\nGiven I have a 'string' named 'access_token'\nGiven I have a 'string' named 'c_nonce'\n\n\nWhen I create jwk of es256 public key \n\nWhen I copy 'resource' to 'aud'\n\nIf I verify 'resource' has suffix '/'\nWhen I split the rightmost '1' bytes of 'resource'\nEndif \nWhen I append 'credential_endpoint' to 'resource'\nand I rename 'resource' to 'authorization_server_credential_endpoint'\n\n## 1. Create proof-payload\n\nWhen I create the 'string dictionary' named 'proof-payload'\n\nWhen I create the timestamp\nWhen I rename the 'timestamp' to 'iat'\n\nWhen I move 'iat' in 'proof-payload'\n\nWhen I rename the 'client_id' to 'iss'\nWhen I move 'iss' in 'proof-payload'\nWhen I move 'aud' in 'proof-payload'\n\nWhen I rename the 'c_nonce' to 'nonce'\nWhen I move 'nonce' in 'proof-payload'\n\n## end 1.\n\n## 2. create proof-header\n\nWhen I create the 'string dictionary' named 'proof-header'\nWhen I set 'alg' to 'ES256' as 'string'\nWhen I set 'typ' to 'open4vci-proof+jwt' as 'string'\n\nWhen I move 'alg' in 'proof-header'\nWhen I move 'typ' in 'proof-header'\nWhen I move 'jwk' in 'proof-header'\n\n## end 2, \n\n# 3. create jws from proof-header and proof-payload and create proof\n\nWhen I create the 'string dictionary' named 'proof'\n\nWhen I create the jws signature of header 'proof-header' and payload 'proof-payload'\nWhen I rename the 'jws signature' to 'jwt'\n\nWhen I move 'jwt' in 'proof'\nWhen I set 'proof_type' to 'jwt' as 'string'\nWhen I move 'proof_type' in 'proof'\n\n## end 3.\nWhen I create the 'string dictionary' named 'headers'\nWhen I append 'access_token' to 'Authorization'\nand I move 'Authorization' in 'headers'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'proof' in 'data'\nand I move 'vct' in 'data'\nand I move 'format' in 'data'\n\nThen print the 'data'\nThen print the 'authorization_server_credential_endpoint'\nThen print the 'headers'\n"