Skip to content

Commit ce05539

Browse files
nklompnklomp
committed
chore: client assertion fixes
1 parent c1e1b4a commit ce05539

5 files changed

Lines changed: 19 additions & 8 deletions

File tree

packages/client/lib/AccessTokenClient.ts

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,8 +49,10 @@ export class AccessTokenClient {
4949
code,
5050
redirectUri,
5151
pin,
52-
pinMetadata,
5352
credentialIssuer: issuer,
53+
metadata,
54+
additionalParams: opts.additionalParams,
55+
pinMetadata,
5456
}),
5557
pinMetadata,
5658
metadata,
@@ -96,7 +98,7 @@ export class AccessTokenClient {
9698
if (asOpts?.clientOpts?.clientId) {
9799
request.client_id = asOpts.clientOpts.clientId;
98100
}
99-
const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer;
101+
const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer ?? opts.metadata?.issuer;
100102
await createJwtBearerClientAssertion(request, { ...opts, credentialIssuer });
101103

102104
if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {

packages/client/lib/AccessTokenClientV1_0_11.ts

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,10 @@ export class AccessTokenClientV1_0_11 {
5353
code,
5454
redirectUri,
5555
pin,
56+
credentialIssuer: issuer,
57+
metadata,
58+
additionalParams: opts.additionalParams,
59+
pinMetadata: opts.pinMetadata,
5660
}),
5761
isPinRequired,
5862
metadata,
@@ -95,7 +99,7 @@ export class AccessTokenClientV1_0_11 {
9599
? await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_11 | CredentialOfferV1_0_13)
96100
: undefined;
97101
const request: Partial<AccessTokenRequest> = { ...opts.additionalParams };
98-
const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer;
102+
const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer ?? opts.metadata?.issuer;
99103

100104
if (asOpts?.clientOpts?.clientId) {
101105
request.client_id = asOpts.clientOpts.clientId;

packages/client/lib/OpenID4VCIClient.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,7 @@ export class OpenID4VCIClient {
104104
pkce: { disabled: false, codeChallengeMethod: CodeChallengeMethod.S256, ...pkce },
105105
authorizationRequestOpts,
106106
authorizationCodeResponse,
107+
accessToken,
107108
jwk,
108109
endpointMetadata: endpointMetadata?.credentialIssuerMetadata?.authorization_server
109110
? (endpointMetadata as EndpointMetadataResultV1_0_11)
@@ -295,7 +296,7 @@ export class OpenID4VCIClient {
295296
const kid = asOpts.clientOpts?.kid ?? this._state.kid ?? this._state.authorizationRequestOpts?.requestObjectOpts?.kid;
296297
const clientAssertionType =
297298
asOpts.clientOpts?.clientAssertionType ??
298-
(kid && clientId && typeof asOpts.clientOpts?.signCallbacks === 'function'
299+
(kid && clientId && typeof asOpts.clientOpts?.signCallbacks?.signCallback === 'function'
299300
? 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
300301
: undefined);
301302
if (this.isEBSI() || (clientId && kid)) {

packages/client/lib/OpenID4VCIClientV1_0_11.ts

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -260,9 +260,10 @@ export class OpenID4VCIClientV1_0_11 {
260260
authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
261261
code?: string; // Directly pass in a code from an auth response
262262
redirectUri?: string;
263+
additionalRequestParams?: Record<string, any>;
263264
asOpts?: AuthorizationServerOpts;
264265
}): Promise<AccessTokenResponse> {
265-
const { pin, clientId } = opts ?? {};
266+
const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
266267
let { redirectUri } = opts ?? {};
267268
if (opts?.authorizationResponse) {
268269
this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(opts.authorizationResponse) };
@@ -294,7 +295,7 @@ export class OpenID4VCIClientV1_0_11 {
294295
const kid = asOpts.clientOpts?.kid ?? this._state.kid ?? this._state.authorizationRequestOpts?.requestObjectOpts?.kid;
295296
const clientAssertionType =
296297
asOpts.clientOpts?.clientAssertionType ??
297-
(kid && clientId && typeof asOpts.clientOpts?.signCallbacks === 'function'
298+
(kid && clientId && typeof asOpts.clientOpts?.signCallbacks?.signCallback === 'function'
298299
? 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
299300
: undefined);
300301
if (this.isEBSI() || (clientId && kid)) {
@@ -319,6 +320,7 @@ export class OpenID4VCIClientV1_0_11 {
319320
code,
320321
redirectUri,
321322
asOpts,
323+
...(opts?.additionalRequestParams && { additionalParams: opts.additionalRequestParams }),
322324
});
323325

324326
if (response.errorBody) {

packages/client/lib/OpenID4VCIClientV1_0_13.ts

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -265,9 +265,10 @@ export class OpenID4VCIClientV1_0_13 {
265265
authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
266266
code?: string; // Directly pass in a code from an auth response
267267
redirectUri?: string;
268+
additionalRequestParams?: Record<string, any>;
268269
asOpts?: AuthorizationServerOpts;
269270
}): Promise<AccessTokenResponse> {
270-
const { pin, clientId } = opts ?? {};
271+
const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
271272
let { redirectUri } = opts ?? {};
272273
if (opts?.authorizationResponse) {
273274
this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(opts.authorizationResponse) };
@@ -284,7 +285,7 @@ export class OpenID4VCIClientV1_0_13 {
284285
const kid = asOpts.clientOpts?.kid ?? this._state.kid ?? this._state.authorizationRequestOpts?.requestObjectOpts?.kid;
285286
const clientAssertionType =
286287
asOpts.clientOpts?.clientAssertionType ??
287-
(kid && clientId && typeof asOpts.clientOpts?.signCallbacks === 'function'
288+
(kid && clientId && typeof asOpts.clientOpts?.signCallbacks?.signCallback === 'function'
288289
? 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
289290
: undefined);
290291
if (this.isEBSI() || (clientId && kid)) {
@@ -323,6 +324,7 @@ export class OpenID4VCIClientV1_0_13 {
323324
code,
324325
redirectUri,
325326
asOpts,
327+
...(opts?.additionalRequestParams && { additionalParams: opts.additionalRequestParams }),
326328
});
327329

328330
if (response.errorBody) {

0 commit comments

Comments
 (0)