chore: configurable WellKnownHostLocation

Author: sanderPostma

packages/issuer-rest/lib/OID4VCIServer.ts

@@ -144,10 +144,17 @@ export interface INonceEndpointOpts extends ISingleEndpointOpts {
   baseUrl: string | URL
 }
 
+export enum WellKnownHostLocation {
+  AT_CONTEXT_PATH = 'AT_CONTEXT_PATH',
+  AT_ROOT_PATH = 'AT_ROOT_PATH',
+  AT_BOTH = 'AT_BOTH'
+}
+
 export interface IOID4VCIServerOpts extends HasEndpointOpts {
   asClientOpts?: ClientMetadata
   endpointOpts?: IOID4VCIEndpointOpts
   baseUrl?: string
+  wellKnownHostLocation?: WellKnownHostLocation
 }
 
 export class OID4VCIServer {
@@ -159,6 +166,7 @@ export class OID4VCIServer {
   // private readonly _server?: http.Server
   private readonly _router: express.Router
   private readonly _asClientOpts?: ClientMetadata
+  private readonly _wellknownHostLocation?: WellKnownHostLocation
 
   constructor(
     expressSupport: ExpressSupport,
@@ -173,18 +181,22 @@ export class OID4VCIServer {
     this._issuer = opts?.issuer ? opts.issuer : buildVCIFromEnvironment()
     this._asClientOpts =
       opts.asClientOpts || this._issuer.asClientOpts ? ({ ...opts.asClientOpts, ...this._issuer.asClientOpts } as ClientMetadata) : undefined
-
+    this._wellknownHostLocation = opts?.wellKnownHostLocation ?? (process.env.WELLKNOWN_HOST_LOCATION as WellKnownHostLocation)
     pushedAuthorizationEndpoint(this.router, this.issuer, this.authRequestsData)
 
     // Create root router for alternative .well-known endpoints if needed
     const basePath = getBasePath(this.baseUrl)
     let rootRouter: express.Router | undefined
-    if (basePath && basePath !== '/') {
+    if (basePath && basePath !== '/' && (this.wellknownHostLocation == WellKnownHostLocation.AT_ROOT_PATH || this.wellknownHostLocation == WellKnownHostLocation.AT_BOTH)) {
       rootRouter = express.Router()
       this._app.use('/', rootRouter)
     }
 
-    getMetadataEndpoints(this.router, this.issuer, rootRouter, basePath)
+    getMetadataEndpoints(this.router, this.issuer, {
+      rootRouter,
+      basePath,
+      wellKnownHostLocation: this.wellknownHostLocation
+    })
 
     let issuerPayloadPath: string | undefined
     if (this.isGetIssuePayloadEndpointEnabled(opts?.endpointOpts?.getIssuePayloadOpts)) {
@@ -310,4 +322,8 @@ export class OID4VCIServer {
   get baseUrl(): URL {
     return this._baseUrl
   }
+
+  get wellknownHostLocation(): WellKnownHostLocation | undefined {
+    return this._wellknownHostLocation
+  }
 }

packages/issuer-rest/lib/oid4vci-api-functions.ts

@@ -41,7 +41,7 @@ import {
   ICreateCredentialOfferURIResponse,
   IGetCredentialOfferEndpointOpts,
   IGetIssueStatusEndpointOpts,
-  INonceEndpointOpts
+  INonceEndpointOpts, WellKnownHostLocation
 } from './OID4VCIServer'
 import { validateRequestBody } from './expressUtils'
 
@@ -716,7 +716,15 @@ export function pushedAuthorizationEndpoint(
   })
 }
 
-export function getMetadataEndpoints(router: Router, issuer: VcIssuer, rootRouter?: Router, basePath?: string) {
+export function getMetadataEndpoints(
+  router: Router,
+  issuer: VcIssuer,
+  opts?: {
+    rootRouter?: Router
+    basePath?: string
+    wellKnownHostLocation?: WellKnownHostLocation
+  }
+) {
   const credentialIssuerHandler = (request: Request, response: Response) => {
     return response.json(issuer.issuerMetadata)
   }
@@ -725,14 +733,19 @@ export function getMetadataEndpoints(router: Router, issuer: VcIssuer, rootRoute
     return response.json(issuer.authorizationServerMetadata)
   }
 
-  // Original endpoints on the context router
-  router.get(WellKnownEndpoints.OPENID4VCI_ISSUER, credentialIssuerHandler)
-  router.get(WellKnownEndpoints.OAUTH_AS, authorizationServerHandler)
+  const location = opts?.wellKnownHostLocation ?? WellKnownHostLocation.AT_BOTH
+
+  // Register endpoints on context router if configured
+  if (location === WellKnownHostLocation.AT_CONTEXT_PATH || location === WellKnownHostLocation.AT_BOTH) {
+    router.get(WellKnownEndpoints.OPENID4VCI_ISSUER, credentialIssuerHandler)
+    router.get(WellKnownEndpoints.OAUTH_AS, authorizationServerHandler)
+  }
 
-  // Alternative root-level endpoints if rootRouter provided
-  if (rootRouter && basePath && basePath !== '/') {
-    rootRouter.get(`/.well-known/openid-credential-issuer${basePath}`, credentialIssuerHandler)
-    rootRouter.get(`/.well-known/oauth-authorization-server${basePath}`, authorizationServerHandler)
+  // Register endpoints on root router if configured
+  if (opts?.rootRouter && opts?.basePath && opts.basePath !== '/' &&
+    (location === WellKnownHostLocation.AT_ROOT_PATH || location === WellKnownHostLocation.AT_BOTH)) {
+    opts.rootRouter.get(`/.well-known/openid-credential-issuer${opts.basePath}`, credentialIssuerHandler)
+    opts.rootRouter.get(`/.well-known/oauth-authorization-server${opts.basePath}`, authorizationServerHandler)
   }
 }