ForkbombEu · puria · Mar 11, 2024 · Mar 11, 2024
diff --git a/wallet/1_holder_to_par_on_authz_server.zen b/wallet/1_holder_to_par_on_authz_server.zen
@@ -28,7 +28,7 @@ When I copy 'code_challenge' in 'jws payload'
 When I create jws header for p256 signature
 
 When I create jws signature of header 'jws header' and payload 'jws payload'
-When I rename the 'jws signature' to 'clientSecret'
+When I rename the 'jws signature' to 'client_secret'
 
 
 # - pickup stuff from jwt-body
@@ -56,7 +56,7 @@ and I rename 'authorization_server' to 'authorization_server_endpoint_par'
 When I create the 'string dictionary' named 'data'
 and I move 'response_type' in 'data'
 and I move 'client_id' in 'data'
-and I move 'clientSecret' in 'data'
+and I move 'client_secret' in 'data'
 and I move 'redirect_uri' in 'data'
 and I move 'code_challenge' in 'data'
 and I move 'code_challenge_method' in 'data'

diff --git a/wallet/auth-flow.md b/wallet/auth-flow.md
@@ -17,7 +17,7 @@ autonumber
   S1->>S1: Read "client_id" (DID)
   S1->>S1: Read "credential_request_specific_data" 
 
-  S1->>S1: Execute zencode and produce "clientSecret", "client_id", "code_challenge", "code_challenge_method", "redirect_uri", "resource", "response_type", "scope", "state" and "code_verifier"
+  S1->>S1: Execute zencode and produce "client_secret", "client_id", "code_challenge", "code_challenge_method", "redirect_uri", "resource", "response_type", "scope", "state" and "code_verifier"
   S1->>H: Store "code verifier" in a state
   S1->>P: Pass all the others to PAR endpoint
   P->>H: return "request_uri" and "expires_in" 

diff --git a/wallet/holder_request_authorizationCode.keys.json b/wallet/holder_request_authorizationCode.keys.json
@@ -35,7 +35,7 @@
         "reflow": "hd74Aegfq8nRDWCqs5vOA0lHOzHQzjzIByBLtgwfLYU="
     },
     "client_id": "did:dyne:sandbox.signroom:PTDvvQn1iWQiVxkfsDnUid8FbieKbHq46Qs8c9CZx67",
-    "zen_1": "Scenario 'http' : create GET\nScenario 'w3c' : create JWS\n\nGiven I have a 'string dictionary' named '!external-qr-code-content'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'client_id'\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\nGiven I have a 'string' named 'par_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'keyring'\n\n\n#- create Code Verifier (rng in url64) (used in step 7)\nWhen I create the random object of '256' bits\nWhen I write the string '' in 'code_verifier'\nWhen I append the 'url64' of 'random_object' to 'code_verifier'\n\n# - create Code Challenge (sha256 of Code Verifier printed in url64 ) (sent to /PAR)\nWhen I create the hash of 'code_verifier'\nWhen I write the string '' in 'code_challenge'\nWhen I append the 'url64' of 'hash' to 'code_challenge'\n\n# - create ClientSecret\nWhen I create the 'url64 dictionary' \nWhen I rename the 'url64 dictionary' to 'jws payload'\n\nWhen I copy 'code_challenge' in 'jws payload'\nWhen I create jws header for p256 signature\n\nWhen I create jws signature of header 'jws header' and payload 'jws payload'\nWhen I rename the 'jws signature' to 'clientSecret'\n\n\n# - pickup stuff from jwt-body\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I pickup from path 'jwt-body-params.response_type'\nWhen I pickup from path 'jwt-body-params.state'\nWhen I pickup from path 'jwt-body-params.code_challenge_method'\n\n# - fix redirectUris\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\n# - pickup stuff drom qrcode\nWhen I pickup from path '!external-qr-code-content.scope'\nWhen I pickup from path '!external-qr-code-content.resource'\n\n# - create par endpoint\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif\nWhen I append 'par_endpoint' to 'authorization_server' \nand I rename 'authorization_server' to 'authorization_server_endpoint_par'\n\n# - create par post body\nWhen I create the 'string dictionary' named 'data'\nand I move 'response_type' in 'data'\nand I move 'client_id' in 'data'\nand I move 'clientSecret' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_challenge' in 'data'\nand I move 'code_challenge_method' in 'data'\nand I move 'state' in 'data'\nand I move 'scope' in 'data'\nand I move 'resource' in 'data'\n\nthen print the 'authorization_server_endpoint_par'\nthen print the 'data'\n\n# this needs to saved into a state for later usage\n# code verifier will be sent authz server in a later stage\nthen print the 'code_verifier'\n",
+    "zen_1": "Scenario 'http' : create GET\nScenario 'w3c' : create JWS\n\nGiven I have a 'string dictionary' named '!external-qr-code-content'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'client_id'\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\nGiven I have a 'string' named 'par_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'keyring'\n\n\n#- create Code Verifier (rng in url64) (used in step 7)\nWhen I create the random object of '256' bits\nWhen I write the string '' in 'code_verifier'\nWhen I append the 'url64' of 'random_object' to 'code_verifier'\n\n# - create Code Challenge (sha256 of Code Verifier printed in url64 ) (sent to /PAR)\nWhen I create the hash of 'code_verifier'\nWhen I write the string '' in 'code_challenge'\nWhen I append the 'url64' of 'hash' to 'code_challenge'\n\n# - create ClientSecret\nWhen I create the 'url64 dictionary' \nWhen I rename the 'url64 dictionary' to 'jws payload'\n\nWhen I copy 'code_challenge' in 'jws payload'\nWhen I create jws header for p256 signature\n\nWhen I create jws signature of header 'jws header' and payload 'jws payload'\nWhen I rename the 'jws signature' to 'client_secret'\n\n\n# - pickup stuff from jwt-body\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I pickup from path 'jwt-body-params.response_type'\nWhen I pickup from path 'jwt-body-params.state'\nWhen I pickup from path 'jwt-body-params.code_challenge_method'\n\n# - fix redirectUris\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\n# - pickup stuff drom qrcode\nWhen I pickup from path '!external-qr-code-content.scope'\nWhen I pickup from path '!external-qr-code-content.resource'\n\n# - create par endpoint\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif\nWhen I append 'par_endpoint' to 'authorization_server' \nand I rename 'authorization_server' to 'authorization_server_endpoint_par'\n\n# - create par post body\nWhen I create the 'string dictionary' named 'data'\nand I move 'response_type' in 'data'\nand I move 'client_id' in 'data'\nand I move 'client_secret' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_challenge' in 'data'\nand I move 'code_challenge_method' in 'data'\nand I move 'state' in 'data'\nand I move 'scope' in 'data'\nand I move 'resource' in 'data'\n\nthen print the 'authorization_server_endpoint_par'\nthen print the 'data'\n\n# this needs to saved into a state for later usage\n# code verifier will be sent authz server in a later stage\nthen print the 'code_verifier'\n",
     "zen_3": "Scenario 'http': url\n# keys\nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'request_uri'\nGiven I have a 'number' named 'expires_in'\nGiven I have a 'string dictionary' named 'oauth_flow_parameters'\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\nGiven I have a 'string' named 'authorize_endpoint' inside 'oauth_flow_parameters'\n# Given I have a 'string' named 'authorize_endpoint' inside '!external-qr-code-content'\n\n\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif \n\nWhen I append 'authorize_endpoint' to 'authorization_server' \nWhen I rename the 'authorization_server' to 'authorization_server_authorize_endpoint'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'request_uri' in 'data'\nand I move 'client_id' in 'data'\n\nThen print the 'data'\nThen print the 'authorization_server_authorize_endpoint'\n",
     "zen_5": "scenario 'w3c': DPoP\n\n# keys\nGiven I have a 'keyring' \nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'grant_type' inside 'oauth_flow_parameters'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'token_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\n\n\nGiven I have a 'string' named 'code_verifier'\nGiven I have a 'string' named 'code'\n\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\nWhen I create jwk of es256 public key \n\nWhen I create the random 'ramdom_jti'\nWhen I write the string '' in 'jti'\nWhen I append the 'url64' of 'ramdom_jti' to 'jti'\n\n\n\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif \n\nWhen I append 'token_endpoint' to 'authorization_server' \nWhen I copy 'authorization_server' to '!authorization_server_token_endpoint'\nWhen I rename the 'authorization_server' to 'htu'\n\n#   jti: randomBytes(16).toString('base64url'),\n#   htm: 'POST',\n#          htu: 'https://server.example.com/token',\n\nWhen I create the timestamp\nWhen I rename the 'timestamp' to 'iat'\n\nWhen I set 'htm' to 'POST' as 'string'\nWhen I set 'alg' to 'ES256' as 'string'\nWhen I set 'typ' to 'dpop+jwt' as 'string'\n\nWhen I create the 'string dictionary' named 'DPoP-payload'\nWhen I move 'iat' in 'DPoP-payload'\nWhen I move 'jti' in 'DPoP-payload'\nWhen I move 'htu' in 'DPoP-payload'\nWhen I move 'htm' in 'DPoP-payload'\n\nWhen I create the 'string dictionary' named 'DPoP-header'\nWhen I move 'alg' in 'DPoP-header'\nWhen I move 'typ' in 'DPoP-header'\nWhen I move 'jwk' in 'DPoP-header'\n\nWhen I create the jws signature of header 'DPoP-header' and payload 'DPoP-payload'\n\nWhen I rename the 'jws signature' to 'DPoP'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'DPoP' in 'data'\nand I move 'client_id' in 'data'\nand I move 'code' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_verifier' in 'data'\nand I move 'grant_type' in 'data'\n\nThen print the 'data'\nThen print the '!authorization_server_token_endpoint'\n",
     "zen_7": "scenario 'w3c': DPoP\n\n# keys\nGiven I have a 'keyring' \nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'format' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'vct' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'Authorization' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'credential_endpoint' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'resource' inside '!external-qr-code-content'\n\nGiven I have a 'string' named 'access_token'\nGiven I have a 'string' named 'c_nonce'\n\n\nWhen I create jwk of es256 public key \n\nWhen I copy 'resource' to 'aud'\n\nIf I verify 'resource' has suffix '/'\nWhen I split the rightmost '1' bytes of 'resource'\nEndif \nWhen I append 'credential_endpoint' to 'resource'\nand I rename 'resource' to 'authorization_server_credential_endpoint'\n\n## 1. Create proof-payload\n\nWhen I create the 'string dictionary' named 'proof-payload'\n\nWhen I create the timestamp\nWhen I rename the 'timestamp' to 'iat'\n\nWhen I move 'iat' in 'proof-payload'\n\nWhen I rename the 'client_id' to 'iss'\nWhen I move 'iss' in 'proof-payload'\nWhen I move 'aud' in 'proof-payload'\n\nWhen I rename the 'c_nonce' to 'nonce'\nWhen I move 'nonce' in 'proof-payload'\n\n## end 1.\n\n## 2. create proof-header\n\nWhen I create the 'string dictionary' named 'proof-header'\nWhen I set 'alg' to 'ES256' as 'string'\nWhen I set 'typ' to 'open4vci-proof+jwt' as 'string'\n\nWhen I move 'alg' in 'proof-header'\nWhen I move 'typ' in 'proof-header'\nWhen I move 'jwk' in 'proof-header'\n\n## end 2, \n\n# 3. create jws from proof-header and proof-payload and create proof\n\nWhen I create the 'string dictionary' named 'proof'\n\nWhen I create the jws signature of header 'proof-header' and payload 'proof-payload'\nWhen I rename the 'jws signature' to 'jwt'\n\nWhen I move 'jwt' in 'proof'\nWhen I set 'proof_type' to 'jwt' as 'string'\nWhen I move 'proof_type' in 'proof'\n\n## end 3.\nWhen I create the 'string dictionary' named 'headers'\nWhen I append 'access_token' to 'Authorization'\nand I move 'Authorization' in 'headers'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'proof' in 'data'\nand I move 'vct' in 'data'\nand I move 'format' in 'data'\n\nThen print the 'data'\nThen print the 'authorization_server_credential_endpoint'\nThen print the 'headers'\n"