chore: working on authorization_details

sanderPostma · sanderPostma · commit 294ad69731e6 · 2025-10-16T13:20:21.000+02:00
diff --git a/packages/issuer-rest/lib/oid4vci-api-functions.ts b/packages/issuer-rest/lib/oid4vci-api-functions.ts
@@ -698,7 +698,31 @@ export function pushedAuthorizationEndpoint(
       })
     }
 
-    //TODO Implement authorization_details verification
+    // Add the authorization_details validation here:
+    if (req.body.authorization_details) {
+      const authDetails = Array.isArray(req.body.authorization_details)
+        ? req.body.authorization_details
+        : JSON.parse(req.body.authorization_details)
+
+      // Validate each authorization detail
+      for (const detail of authDetails) {
+        if (detail.type !== 'openid_credential') {
+          return sendErrorResponse(res, 400, {
+            error: 'invalid_authorization_details',
+            error_description: 'Only openid_credential type is supported'
+          })
+        }
+
+        // Validate credential_configuration_id exists in issuer metadata
+        if (detail.credential_configuration_id &&
+            !issuer.issuerMetadata.credential_configurations_supported[detail.credential_configuration_id]) {
+          return sendErrorResponse(res, 400, {
+            error: 'invalid_credential_request',
+            error_description: `Unsupported credential configuration: ${detail.credential_configuration_id}`
+          })
+        }
+      }
+    }
 
     // TODO: Both UUID and requestURI need to be configurable for the server
     const uuid = uuidv4()
diff --git a/packages/issuer/lib/tokens/index.ts b/packages/issuer/lib/tokens/index.ts
@@ -252,17 +252,24 @@ export const createAccessTokenResponse = async (
     accessTokenProvider,
   })
 
+  const credentialOfferSession = await credentialOfferSessions.getAsserted(preAuthorizedCode)
+  credentialOfferSession.status = IssueStatus.ACCESS_TOKEN_CREATED
+  credentialOfferSession.lastUpdatedAt = +new Date()
+
   const response: AccessTokenResponse = {
     access_token,
     token_type: dPoPJwk ? 'DPoP' : 'bearer',
     expires_in: tokenExpiresIn,
     c_nonce: cNonce,
     c_nonce_expires_in: cNonceExpiresIn,
     interval,
+    ...(credentialOfferSession.authorizationDetails && {
+      authorization_details: credentialOfferSession.authorizationDetails.map(detail => ({
+        ...detail,
+        credential_identifiers: generateCredentialIdentifiers(detail, credentialOfferSession)
+      }))
+    })
   }
-  const credentialOfferSession = await credentialOfferSessions.getAsserted(preAuthorizedCode)
-  credentialOfferSession.status = IssueStatus.ACCESS_TOKEN_CREATED
-  credentialOfferSession.lastUpdatedAt = +new Date()
   await credentialOfferSessions.set(preAuthorizedCode, credentialOfferSession)
   return response
 }
diff --git a/packages/oid4vci-common/lib/types/Authorization.types.ts b/packages/oid4vci-common/lib/types/Authorization.types.ts
@@ -482,6 +482,7 @@ export interface AccessTokenResponse {
   c_nonce_expires_in?: number // in seconds
   authorization_pending?: boolean
   interval?: number // in seconds
+  authorization_details?: AuthorizationDetails[]
 }
 
 export enum AuthzFlowType {
diff --git a/packages/oid4vci-common/lib/types/StateManager.types.ts b/packages/oid4vci-common/lib/types/StateManager.types.ts
@@ -1,5 +1,6 @@
 import { AssertedUniformCredentialOffer } from './CredentialIssuance.types'
 import { CredentialDataSupplierInput, NotificationRequest, StatusListOpts } from './Generic.types'
+import { AuthorizationDetails } from './Authorization.types'
 
 export interface StateType {
   createdAt: number
@@ -21,6 +22,7 @@ export interface CredentialOfferSession extends StateType {
   authorizationCode?: string
   redirectUri?: string
   statusLists?: Array<StatusListOpts>
+  authorizationDetails?: AuthorizationDetails[]
 }
 
 export enum IssueStatus {

Original file line number	Diff line number	Diff line change
`@@ -482,6 +482,7 @@ export interface AccessTokenResponse {`
`482`	`482`	`c_nonce_expires_in?: number // in seconds`
`483`	`483`	`authorization_pending?: boolean`
`484`	`484`	`interval?: number // in seconds`
	`485`	`+ authorization_details?: AuthorizationDetails[]`
`485`	`486`	`}`
`486`	`487`
`487`	`488`	`export enum AuthzFlowType {`