fix: access token client_id not always set

nklomp · nklomp · commit 4b09936ab148 · 2025-02-18T02:16:17.000+01:00
diff --git a/packages/issuer-rest/lib/OID4VCIServer.ts b/packages/issuer-rest/lib/OID4VCIServer.ts
@@ -8,7 +8,7 @@ import {
   OID4VCICredentialFormat,
   QRCodeOpts,
 } from '@sphereon/oid4vci-common'
-import { CredentialSupportedBuilderV1_13, ITokenEndpointOpts, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'
+import { CredentialSupportedBuilderV1_13, ITokenEndpointOpts, oidcAccessTokenVerifyCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'
 import { ExpressSupport, HasEndpointOpts, ISingleEndpointOpts } from '@sphereon/ssi-express-support'
 import express, { Express } from 'express'
 
@@ -179,7 +179,7 @@ export class OID4VCIServer {
       deleteCredentialOfferEndpoint(this.router, this.issuer, opts?.endpointOpts?.deleteCredentialOfferOpts)
     }
     getCredentialOfferEndpoint(this.router, this.issuer, opts?.endpointOpts?.getCredentialOfferOpts)
-    getCredentialEndpoint(this.router, this.issuer, { ...opts?.endpointOpts?.tokenEndpointOpts, baseUrl: this.baseUrl })
+    getCredentialEndpoint(this.router, this.issuer, { ...opts?.endpointOpts?.tokenEndpointOpts, baseUrl: this.baseUrl, accessTokenVerificationCallback: opts.endpointOpts?.tokenEndpointOpts?.accessTokenVerificationCallback ?? (this._asClientOpts ? oidcAccessTokenVerifyCallback({clientMetadata: this._asClientOpts, credentialIssuer: this._issuer.issuerMetadata.credential_issuer, authorizationServer: this._issuer.issuerMetadata.authorization_servers![0]}) : undefined)})
     this.assertAccessTokenHandling()
     if (!this.isTokenEndpointDisabled(opts?.endpointOpts?.tokenEndpointOpts, opts?.asClientOpts)) {
       accessTokenEndpoint(this.router, this.issuer, { ...opts?.endpointOpts?.tokenEndpointOpts, baseUrl: this.baseUrl })
diff --git a/packages/issuer/lib/VcIssuer.ts b/packages/issuer/lib/VcIssuer.ts
@@ -180,7 +180,7 @@ export class VcIssuer {
     statusListOpts?: Array<StatusListOpts>
     sessionLifeTimeInSec?: number
   }): Promise<CreateCredentialOfferURIResult> {
-    const { offerMode = 'VALUE', correlationId = shortUUID.generate(), credential_configuration_ids, statusListOpts, credentialOfferUri } = opts
+    const { offerMode = 'VALUE', correlationId = shortUUID.generate(), credential_configuration_ids, statusListOpts, credentialOfferUri, redirectUri } = opts
     if (offerMode === 'REFERENCE' && !credentialOfferUri) {
       return Promise.reject(Error('credentialOfferUri must be supplied for offerMode REFERENCE!'))
     }
@@ -263,6 +263,7 @@ export class VcIssuer {
 
     const status = IssueStatus.OFFER_CREATED
     const session: CredentialOfferSession = {
+      redirectUri,
       preAuthorizedCode,
       issuerState,
       createdAt,
diff --git a/packages/oid4vci-common/lib/types/StateManager.types.ts b/packages/oid4vci-common/lib/types/StateManager.types.ts
@@ -19,6 +19,7 @@ export interface CredentialOfferSession extends StateType {
   issuerState?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value
   preAuthorizedCode?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value
   authorizationCode?: string;
+  redirectUri?: string;
   statusLists?: Array<StatusListOpts>;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ export interface CredentialOfferSession extends StateType {`
`19`	`19`	`issuerState?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value`
`20`	`20`	`preAuthorizedCode?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value`
`21`	`21`	`authorizationCode?: string;`
	`22`	`+ redirectUri?: string;`
`22`	`23`	`statusLists?: Array<StatusListOpts>;`
`23`	`24`	`}`
`24`	`25`