Merge pull request #59 from TimoGlastra/fix/openid-core-draft-11-alig…

…nment fix: alignment with openid.core and draft 11
Sphereon-Opensource · Sep 11, 2023 · 1500530 · 1500530
2 parents 21ca439 + 4567a58
commit 1500530
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 26 deletions.
diff --git a/src/authorization-response/Payload.ts b/src/authorization-response/Payload.ts
@@ -16,10 +16,9 @@ export const createResponsePayload = async (
   if (!authorizationRequest) {
     throw new Error(SIOPErrors.NO_REQUEST);
   }
-  const state: string = await authorizationRequest.getMergedProperty('state');
-  if (!state) {
-    throw Error('No state');
-  }
+
+  // If state was in request, it must be in response
+  const state: string | undefined = await authorizationRequest.getMergedProperty('state');
 
   const responsePayload: AuthorizationResponsePayload = {
     ...(responseOpts.accessToken && { access_token: responseOpts.accessToken }),

diff --git a/src/id-token/IDToken.ts b/src/id-token/IDToken.ts
@@ -37,12 +37,7 @@ export class IDToken {
     if (!authorizationRequestPayload) {
       throw new Error(SIOPErrors.NO_REQUEST);
     }
-    const mergedPayloads = await verifiedAuthorizationRequest.authorizationRequest.mergedPayloads();
-    const idToken = new IDToken(
-      null,
-      await createIDTokenPayload(mergedPayloads, responseOpts, verifiedAuthorizationRequest.requestObject),
-      responseOpts
-    );
+    const idToken = new IDToken(null, await createIDTokenPayload(verifiedAuthorizationRequest, responseOpts), responseOpts);
     if (verifyOpts) {
       await idToken.verify(verifyOpts);
     }

diff --git a/src/id-token/Payload.ts b/src/id-token/Payload.ts
@@ -1,39 +1,33 @@
 import { AuthorizationResponseOpts, mergeOAuth2AndOpenIdInRequestPayload } from '../authorization-response';
 import { assertValidResponseOpts } from '../authorization-response/Opts';
 import { authorizationRequestVersionDiscovery } from '../helpers/SIOPSpecVersion';
-import { RequestObject } from '../request-object';
 import {
-  AuthorizationRequestPayload,
   IDTokenPayload,
   isSuppliedSignature,
   JWK,
   ResponseIss,
   SIOPErrors,
   SubjectSyntaxTypesSupportedValues,
   SupportedVersion,
+  VerifiedAuthorizationRequest,
 } from '../types';
 
 export const createIDTokenPayload = async (
-  authorizationRequestPayload: AuthorizationRequestPayload,
-  responseOpts: AuthorizationResponseOpts,
-  requestObject?: RequestObject
+  verifiedAuthorizationRequest: VerifiedAuthorizationRequest,
+  responseOpts: AuthorizationResponseOpts
 ): Promise<IDTokenPayload> => {
   assertValidResponseOpts(responseOpts);
+  const authorizationRequestPayload = await verifiedAuthorizationRequest.authorizationRequest.mergedPayloads();
+  const requestObject = verifiedAuthorizationRequest.requestObject;
   if (!authorizationRequestPayload) {
     throw new Error(SIOPErrors.VERIFY_BAD_PARAMS);
   }
   const payload = await mergeOAuth2AndOpenIdInRequestPayload(authorizationRequestPayload, requestObject);
 
-  //fixme: client_metadata and fetch
-  const supportedDidMethods = payload['registration']?.subject_syntax_types_supported?.filter((sst) =>
+  const supportedDidMethods = verifiedAuthorizationRequest.registrationMetadataPayload.subject_syntax_types_supported.filter((sst) =>
     sst.includes(SubjectSyntaxTypesSupportedValues.DID.valueOf())
   );
-  if (!payload.state) {
-    throw Error('No state');
-  } else if (!payload.nonce) {
-    throw Error('No nonce');
-  }
-  // const state = payload.state;
+  const state = payload.state;
   const nonce = payload.nonce;
   const SEC_IN_MS = 1000;
 
@@ -58,7 +52,7 @@ export const createIDTokenPayload = async (
     sub: responseOpts.signature.did,
     auth_time: payload.auth_time,
     nonce,
-    // state, // ideally this is only placed in here if required
+    state,
     // ...(responseOpts.presentationExchange?._vp_token ? { _vp_token: responseOpts.presentationExchange._vp_token } : {}),
   };
   if (supportedDidMethods.indexOf(SubjectSyntaxTypesSupportedValues.JWK_THUMBPRINT) != -1 && !responseOpts.signature.did) {
@@ -85,5 +79,4 @@ const createThumbprintAndJWK = async (resOpts: AuthorizationResponseOpts): Promi
   } else {
     throw new Error(SIOPErrors.SIGNATURE_OBJECT_TYPE_NOT_SET);
   }
-  return { thumbprint, subJwk };
 };
diff --git a/src/types/SIOP.types.ts b/src/types/SIOP.types.ts
@@ -132,7 +132,7 @@ export interface AuthorizationResponsePayload {
   token_type?: string;
   refresh_token?: string;
   expires_in?: number;
-  state: string;
+  state?: string;
   id_token?: string;
   vp_token?: W3CVerifiablePresentation | W3CVerifiablePresentation[];
   presentation_submission?: PresentationSubmission;