Merge pull request #132 from cre8/fix/txCode

nklomp · web-flow · commit 858a8ead3fd5 · 2024-07-30T23:05:23.000+02:00
fix: remove bug for txCode
diff --git a/packages/client/lib/AccessTokenClient.ts b/packages/client/lib/AccessTokenClient.ts
@@ -105,6 +105,7 @@ export class AccessTokenClient {
     if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
       this.assertAlphanumericPin(opts.pinMetadata, pin);
       request.user_pin = pin;
+      request.tx_code = pin;
 
       request.grant_type = GrantTypes.PRE_AUTHORIZED_CODE;
       // we actually know it is there because of the isPreAuthCode call
diff --git a/packages/common/lib/types/Authorization.types.ts b/packages/common/lib/types/Authorization.types.ts
@@ -312,7 +312,7 @@ export interface AccessTokenRequest {
   'pre-authorized_code': string;
   redirect_uri?: string;
   scope?: string;
-  user_pin?: string; //pre draft 13
+  user_pin?: string; //this is for v11, not required in v13 anymore
   tx_code?: string; //draft 13
   [s: string]: unknown;
 }
diff --git a/packages/issuer/lib/VcIssuer.ts b/packages/issuer/lib/VcIssuer.ts
@@ -192,7 +192,6 @@ export class VcIssuer<DIDDoc extends object> {
       status,
       notification_id: v4(),
       ...(userPin && { txCode: userPin }), // We used to use userPin according to older specs. We map these onto txCode now. If both are used, txCode in the end wins, even if they are different
-      ...(txCode && { txCode }),
       ...(opts.credentialDataSupplierInput && { credentialDataSupplierInput: opts.credentialDataSupplierInput }),
       credentialOffer,
     }
diff --git a/packages/issuer/lib/tokens/index.ts b/packages/issuer/lib/tokens/index.ts
@@ -102,12 +102,17 @@ export const assertValidAccessTokenRequest = async (
  invalid_request:
  the Authorization Server does not expect a PIN in the pre-authorized flow but the client provides a PIN
   */
-  if (!credentialOfferSession.credentialOffer.credential_offer?.grants?.[GrantTypes.PRE_AUTHORIZED_CODE]?.tx_code && request.tx_code) {
+  if (
+    !credentialOfferSession.credentialOffer.credential_offer?.grants?.[GrantTypes.PRE_AUTHORIZED_CODE]?.tx_code &&
+    request.tx_code &&
+    !request.user_pin
+  ) {
     // >= v13
     throw new TokenError(400, TokenErrorResponse.invalid_request, USER_PIN_NOT_REQUIRED_ERROR)
   } else if (
     !credentialOfferSession.credentialOffer.credential_offer?.grants?.[GrantTypes.PRE_AUTHORIZED_CODE]?.user_pin_required &&
-    request.user_pin
+    request.user_pin &&
+    !request.tx_code
   ) {
     // <= v12
     throw new TokenError(400, TokenErrorResponse.invalid_request, USER_PIN_NOT_REQUIRED_ERROR)

Original file line number	Diff line number	Diff line change
`@@ -312,7 +312,7 @@ export interface AccessTokenRequest {`
`312`	`312`	`'pre-authorized_code': string;`
`313`	`313`	`redirect_uri?: string;`
`314`	`314`	`scope?: string;`
`315`		`- user_pin?: string; //pre draft 13`
	`315`	`+ user_pin?: string; //this is for v11, not required in v13 anymore`
`316`	`316`	`tx_code?: string; //draft 13`
`317`	`317`	`[s: string]: unknown;`
`318`	`318`	`}`
Original file line number	Diff line number	Diff line change
`@@ -192,7 +192,6 @@ export class VcIssuer<DIDDoc extends object> {`
`192`	`192`	`status,`
`193`	`193`	`notification_id: v4(),`
`194`	`194`	`...(userPin && { txCode: userPin }), // We used to use userPin according to older specs. We map these onto txCode now. If both are used, txCode in the end wins, even if they are different`
`195`		`- ...(txCode && { txCode }),`
`196`	`195`	`...(opts.credentialDataSupplierInput && { credentialDataSupplierInput: opts.credentialDataSupplierInput }),`
`197`	`196`	`credentialOffer,`
`198`	`197`	`}`