Merge pull request #208 from Sphereon-Opensource/feature/SSISDK-73_well-known-draftv1

feature/SSISDK-73_well-known-draftv1

Author: sanderPostma

packages/issuer-rest/lib/OID4VCIServer.ts

@@ -144,10 +144,17 @@ export interface INonceEndpointOpts extends ISingleEndpointOpts {
   baseUrl: string | URL
 }
 
+export enum WellKnownHostLocation {
+  AT_CONTEXT_PATH = 'AT_CONTEXT_PATH',
+  AT_ROOT_PATH = 'AT_ROOT_PATH',
+  AT_BOTH = 'AT_BOTH'
+}
+
 export interface IOID4VCIServerOpts extends HasEndpointOpts {
   asClientOpts?: ClientMetadata
   endpointOpts?: IOID4VCIEndpointOpts
   baseUrl?: string
+  wellKnownHostLocation?: WellKnownHostLocation
 }
 
 export class OID4VCIServer {
@@ -159,6 +166,7 @@ export class OID4VCIServer {
   // private readonly _server?: http.Server
   private readonly _router: express.Router
   private readonly _asClientOpts?: ClientMetadata
+  private readonly _wellknownHostLocation?: WellKnownHostLocation
 
   constructor(
     expressSupport: ExpressSupport,
@@ -173,9 +181,23 @@ export class OID4VCIServer {
     this._issuer = opts?.issuer ? opts.issuer : buildVCIFromEnvironment()
     this._asClientOpts =
       opts.asClientOpts || this._issuer.asClientOpts ? ({ ...opts.asClientOpts, ...this._issuer.asClientOpts } as ClientMetadata) : undefined
-
+    this._wellknownHostLocation = opts?.wellKnownHostLocation ?? (process.env.WELLKNOWN_HOST_LOCATION as WellKnownHostLocation) ?? WellKnownHostLocation.AT_BOTH
     pushedAuthorizationEndpoint(this.router, this.issuer, this.authRequestsData)
-    getMetadataEndpoints(this.router, this.issuer)
+
+    // Create root router for alternative .well-known endpoints if needed
+    const basePath = getBasePath(this.baseUrl)
+    let rootRouter: express.Router | undefined
+    if (basePath && basePath !== '/' && (this.wellknownHostLocation == WellKnownHostLocation.AT_ROOT_PATH || this.wellknownHostLocation == WellKnownHostLocation.AT_BOTH)) {
+      rootRouter = express.Router()
+      this._app.use('/', rootRouter)
+    }
+
+    getMetadataEndpoints(this.router, this.issuer, {
+      rootRouter,
+      basePath,
+      wellKnownHostLocation: this.wellknownHostLocation
+    })
+
     let issuerPayloadPath: string | undefined
     if (this.isGetIssuePayloadEndpointEnabled(opts?.endpointOpts?.getIssuePayloadOpts)) {
       issuerPayloadPath = getCredentialOfferReferenceEndpoint(this.router, this.issuer, {
@@ -227,7 +249,7 @@ export class OID4VCIServer {
         baseUrl: this.baseUrl,
       })
     }
-    this._app.use(getBasePath(this.baseUrl), this._router)
+    this._app.use(basePath, this._router)
   }
 
   public get app(): Express {
@@ -300,4 +322,8 @@ export class OID4VCIServer {
   get baseUrl(): URL {
     return this._baseUrl
   }
+
+  get wellknownHostLocation(): WellKnownHostLocation | undefined {
+    return this._wellknownHostLocation
+  }
 }

packages/issuer-rest/lib/oid4vci-api-functions.ts

@@ -41,7 +41,7 @@ import {
   ICreateCredentialOfferURIResponse,
   IGetCredentialOfferEndpointOpts,
   IGetIssueStatusEndpointOpts,
-  INonceEndpointOpts
+  INonceEndpointOpts, WellKnownHostLocation
 } from './OID4VCIServer'
 import { validateRequestBody } from './expressUtils'
 
@@ -716,16 +716,37 @@ export function pushedAuthorizationEndpoint(
   })
 }
 
-export function getMetadataEndpoints(router: Router, issuer: VcIssuer) {
+export function getMetadataEndpoints(
+  router: Router,
+  issuer: VcIssuer,
+  opts?: {
+    rootRouter?: Router
+    basePath?: string
+    wellKnownHostLocation?: WellKnownHostLocation
+  }
+) {
   const credentialIssuerHandler = (request: Request, response: Response) => {
     return response.json(issuer.issuerMetadata)
   }
-  router.get(WellKnownEndpoints.OPENID4VCI_ISSUER, credentialIssuerHandler)
 
   const authorizationServerHandler = (request: Request, response: Response) => {
     return response.json(issuer.authorizationServerMetadata)
   }
-  router.get(WellKnownEndpoints.OAUTH_AS, authorizationServerHandler)
+
+  const location = opts?.wellKnownHostLocation ?? WellKnownHostLocation.AT_BOTH
+
+  // Register endpoints on context router if configured
+  if (location === WellKnownHostLocation.AT_CONTEXT_PATH || location === WellKnownHostLocation.AT_BOTH) {
+    router.get(WellKnownEndpoints.OPENID4VCI_ISSUER, credentialIssuerHandler)
+    router.get(WellKnownEndpoints.OAUTH_AS, authorizationServerHandler)
+  }
+
+  // Register endpoints on root router if configured
+  if (opts?.rootRouter && opts?.basePath && opts.basePath !== '/' &&
+    (location === WellKnownHostLocation.AT_ROOT_PATH || location === WellKnownHostLocation.AT_BOTH)) {
+    opts.rootRouter.get(`/.well-known/openid-credential-issuer${opts.basePath}`, credentialIssuerHandler)
+    opts.rootRouter.get(`/.well-known/oauth-authorization-server${opts.basePath}`, authorizationServerHandler)
+  }
 }
 
 export function determinePath(