Feature/request option refactor #107
Conversation
|
given the interop tests are the failing ones, I'm pretty sure we made |
vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/RequestOptions.kt
Outdated
Show resolved
Hide resolved
I want to add that if we decide to keep the parameter nullable for interop, we can add an Exception to |
|
In order to unify |
|
The way I read this, it seems way cleaner and makes a lot of sense. Regarding interop: Maybe warn, default to the PID schema from the implementing acts and hope for the best is a valid strategy |
n0900
force-pushed
the
feature/requestOptionRefactor
branch
from
33c8d31
to
57c23d5
Compare
fix testcases Fix naming Unify RequestOptions Add test file Enforce CLA fix CHANGELOG.md Release/4.1.1 (#105) * 4.1.1: fix JSON serializer * rename kmp-crypto references to signum * easier migration fro renamed serializers
* 4.1.1: fix JSON serializer * rename kmp-crypto references to signum * easier migration fro renamed serializers (cherry picked from commit 519bb06)
n0900
force-pushed
the
feature/requestOptionRefactor
branch
from
57c23d5
to
c5b6f56
Compare
|
Split pull request into two. Please take a look at #109 for the second part. |
There was a problem hiding this comment.
Fine for me, but I am pretty sure @nodh will tell us that the property was nullable on prupose to make interop tests green, so we he will probably request changes. The fix will probably be defaulting to EU PID if it is indeed null. Of course, this requires thorough documentation
There was a problem hiding this comment.
just to add context for @nodh: this was required to not make github stuck, even though it is run on the target branch. makes no sense to me, but that's the way it is
Indeed, even now, the EUDIW verifier at https://verifier.eudiw.dev/pid-full generates authn requests that do not contain a But we should also not default to the PID scheme (which we can't, because that's an external artifact?) |
| * Refactor `OidcSiopVerifier.RequestOptions` and `WalletService.RequestOptions` into one separate class `RequestOptions` | ||
| * Adds `InputParameter.toRequestOptions()` functionality | ||
|
|
||
| Release 4.1.1 (Bugfix Release): |
There was a problem hiding this comment.
But 4.1.1 is now duplicated in the changelog?
| @@ -12,7 +12,7 @@ kotlin.mpp.enableCInteropCommonization=true | |||
| kotlin.mpp.stability.nowarn=true | |||
| kotlin.native.ignoreDisabledTargets=true | |||
|
|
|||
| artifactVersion = 4.2.0-SNAPSHOT | |||
| artifactVersion = 4.1.1 | |||
There was a problem hiding this comment.
Why is this 4.1.1 on a feature branch?
| ) | ||
|
|
||
| private fun ConstantIndex.CredentialScheme.toVcConstraint() = if (supportsVcJwt) ConstraintField( | ||
| path = listOf("$.type"), filter = ConstraintFilter( |
| credentialScheme: ConstantIndex.CredentialScheme?, | ||
| ): Collection<ConstraintField> = map { | ||
| if (credentialRepresentation == ISO_MDOC) credentialScheme.toConstraintField( | ||
| it |
|
|
||
| private fun ConstantIndex.CredentialScheme.toSdJwtConstraint() = if (supportsSdJwt) ConstraintField( | ||
| path = listOf("$.vct"), filter = ConstraintFilter( | ||
| type = "string", pattern = sdJwtType!! |
| import kotlinx.datetime.Clock | ||
|
|
||
|
|
||
| data class RequestOptions( |
There was a problem hiding this comment.
But now not all parameters here make sense for both, SIOPv2 and OID4VCI, right?
There was a problem hiding this comment.
OID4VCI does not use responseMode, clientMetadataUrl and encryption, however by their default values they do not interfere with this use case (nullable) and they are ignored for all OID4VCI use-cases.
The same goes for SIOPv2 and clock. Since we never use RequestOptions as object but rather access it's members directly this does not influence the usage. Additionally we can make clock transient for serialization to make sure that it is never leaked.
There was a problem hiding this comment.
Should i add this to the variable documentation?
| @@ -21,7 +21,7 @@ data class InputDescriptor( | |||
| @SerialName("format") | |||
| val format: FormatHolder? = null, | |||
| @SerialName("schema") | |||
| val schema: Collection<SchemaReference>? = null, | |||
| val schema: Collection<SchemaReference>, | |||
There was a problem hiding this comment.
So (see comment) better leave it nullable?
I think we need to make a general decision: do we want to be lenient or spec-conforming. This particular issue should be reported at the eudiw verifier. The simple fact that having this property simplifies processing considerably is reason enough to think that there's a very good reason why the spec demands it (assuming we did not misinterpret it).
|
It turns out I was wrong on the internet since since we cannot use schema-matching according to v2.0.0 or later. We need to update our references to the presentation exchange spec |
Merges
OidcSiopVerifier.RequestOptionsandWalletService.RequestOptionsinto a single class and into a seperate file which also contains all helper functions which were used to deal with manipulating RequestOptions only.Furthermore, after looking through https://identity.foundation/presentation-exchange/spec/v1.0.0/#input-descriptor-object again I found that
InputDescriptor.schemais actually MUST and thus can be used to get our credential scheme way easier than previously. Maybe I have misread - please double check. This breaks two interop tests, namely 'EUDI AuthnRequest can be parsed' and 'Idemia Interop Request'.