feat(agent): define the OAS for CredentialIssuerEndpoints

Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat(agent): implement Nonce stub endpoint for OIDC credential issuer Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat(agent): add CredentialIssuerService mock and get walletId by prism DID method Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat(agent): implement the VC issuance flow with the dummy data Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat(agent): implement the VC issuance flow with the dummy data Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: credential offer endpoint and keycloak plugin wip (#935) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat(agent): add IssuanceSession and NonceService Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: add example instruction how to run Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: integrate oidc4vc CredentialOffer to IssuanceSession (#943) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> doc(agent): add the details to the readme.md and change the port of the mock server Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: resolve rebase conflict Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: resolve rebase conflict Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: resolve merge compilation conflict Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: oidc4vc issuer metadata and credential configuration CRUD (#977) Signed-off-by: Kranium Gikos Mendoza <kraniumgikos.mendoza@iohk.io> Co-authored-by: womfoo <kraniumgikos.mendoza@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> test: fix test layer make it pass Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: resolve rename conflicts Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: resolve rename conflicts Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: clean duplicate imports Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: delete the architecture folder [skip ci] (#996) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: update the references to the Cloud Agent in the documentation and tutorials (#995) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: switch linter workflows to the Hyperledger CI (#997) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: fix scala-steward after moving repo to hyperledger (#993) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: expose pg_admin port on the localhost interface only (#957) Signed-off-by: Roberto Carvajal <roberto.carvajal@gmail.com> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: cloud-agent OAS breaking change detection (#1000) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: fix megalinter PR creation (#1003) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: cleanup other prism term entries (#1001) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: update Coveralls badge [skip ci] (#1005) Signed-off-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: improve OAS docs for Event and IAM section (#1007) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: Fix OneOf OpenAPI Serialization Issue (#1010) Signed-off-by: Bassam Riman <bassam.riman@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: remove prism-crypto dependency (#1015) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: semantic-release upgrade, oasdiff fix (#1017) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore(release): cut Identus Cloud agent 1.32.1 release * expose pg_admin port on the localhost interface only ([#957](#957)) ([73674b5](73674b5)) * Fix OneOf OpenAPI Serialization Issue ([#1010](#1010)) ([393c296](393c296)) * remove prism-crypto dependency ([#1015](#1015)) ([46e594c](46e594c)) * update open-api-spec and generator script and package.json ([#990](#990)) ([88c1b5e](88c1b5e)) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: integration test (#1011) Signed-off-by: Bassam Riman <bassam.riman@iohk.io> Signed-off-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: oid4vci credential configuration and metadata endpoints (#1021) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: rename `prism-agent` to `cloud-agent` (#1019) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore(release): cut Identus Cloud agent 1.33.0 release * integration test ([#1011](#1011)) ([d674f31](d674f31)) * rename `prism-agent` to `cloud-agent` ([#1019](#1019)) ([74560da](74560da)) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> test: add tests for oid4vci credential configuration CRUD (#1027) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: update OID4VCI example script to use issuer metadata (#1036) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> Merge branch main into oidc Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> test: add tests for the new key types (#1044) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: expose new key types in rest api (#1066) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: rename ADRs in the scope of rebranding to the Identus ATL-7050 (#1053) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: fix scala steward DCO signature (#1057) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore(release): cut Identus Cloud agent 1.33.1 release * broken link for the cloud agent packages in readme file ([#1032](#1032)) ([92d17c2](92d17c2)) * expose new key types in rest api ([#1066](#1066)) ([9ce8d3a](9ce8d3a)) * rename the folder to identus for vc-jwt ([#1063](#1063)) ([364a5dc](364a5dc)) * update ts client in the performance tests, cleanup `println` ([#1041](#1041)) ([7d5ceba](7d5ceba)) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> test: add DID Registrar test scenario to use new key types (#1071) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: scala steward DCO by hardcoding the message (#1074) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore(deps): bump requests from 2.26.0 to 2.32.0 in /infrastructure/utils/python/github-helpers in the pip group across 1 directory (#1070) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: use branch name in pre-release version name (#1080) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: rebranding to the Identus, OEA->ICA (#1081) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: Pete Vielhaber <peter.vielhaber@iohk.io> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: add identus logo to README.md [skip ci] (#1084) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> build: protobuf dependency update (#1077) Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> build: internal dependency updates (#1079) Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Co-authored-by: patlo-iog <pat.losoponkul@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> build: sbt and plugins dependency update (#1078) Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: patlo-iog <pat.losoponkul@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: update new key types in DID tutorials [skip ci] (#1085) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> build: DAL dependency update (#1076) Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: patlo-iog <pat.losoponkul@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: Add ADR for resources storage (#1087) Signed-off-by: EzequielPostan <ezequiel.postan@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> test: add jwt revocation test scenario (#951) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: fail megalinter check when there are autofixes (#1092) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: fix slack notification message tag (#1091) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: update the architecture diagram and typos in ADRs [skip ci] (#1093) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: fail the build when the megalinter found the issues [skip ci] (#1095) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs: update website link to Identus (#1096) Signed-off-by: Michael Breuninger <michael.breuninger@iohk.io> Signed-off-by: mkbreuning <97112931+mkbreuningIOHK@users.noreply.github.com> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: integrate issuer metadata in oid4vci credential endpoint (#1105) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: fix linter warnings (#1109) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: Rename helm chart and its resources (#1104) Signed-off-by: Milos Backonja <milos.backonja@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore(release): cut Identus Cloud agent 1.34.0 release * Rename helm chart and its resources ([#1104](#1104)) ([84c5cea](84c5cea)) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: integrate SD JWT (#1016) Signed-off-by: FabioPinheiro <fabiomgpinheiro@gmail.com> Signed-off-by: mineme0110 <shailesh.patil@iohk.io> Co-authored-by: mineme0110 <shailesh.patil@iohk.io> build: sbt and plugins dependency update (#1102) Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> test: updates integration test tags (#1098) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat(agent): ATL-6839 migrate DIDComm endpoint to tapir (#1116) Signed-off-by: Benjamin Voiturier <benjamin.voiturier@iohk.io> Resolve merge conflicts Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: re-number migration Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: switch to the GitHub runners (#1121) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: scalafmt import rewrite (#1120) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: VC Verification API Doc (#1118) Signed-off-by: Bassam Riman <bassam.riman@iohk.io> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: SemanticCheckOfClaims In Verification API (#1124) Signed-off-by: Bassam Riman <bassam.riman@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: revert switch to the GitHub runners (#1123) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: update the jose dependency and switch back to the official library (#1117) Signed-off-by: mineme0110 <shailesh.patil@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: make oidc local script work (#1131) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: authentication for oid4vci credential and nonce endpoint (#1148) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: update issuer auth server model parity (#1154) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat(agent): validate JWT proof in the credential request, update dem… (#1165) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> feat: add claims to the VC (#1176) Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore: migrate oid4vci example to published keycloak plugin (#1174) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: add claims validation when creating oid4vci credential offer (#1178) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: Changing .chart.name reference, adding name override (#1129) Signed-off-by: Milos Backonja <milos.backonja@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore(release): cut Identus Cloud agent 1.35.0 release * SemanticCheckOfClaims In Verification API ([#1124](#1124)) ([7cb4192](7cb4192)) * update the jose dependency and switch back to the official library ([#1117](#1117)) ([3608aaf](3608aaf)) * Changing .chart.name reference, adding name override ([#1129](#1129)) ([650ae3b](650ae3b)) * VC Verification API Doc ([#1118](#1118)) ([d70d4b7](d70d4b7)) * **agent:** ATL-6839 migrate DIDComm endpoint to tapir ([#1116](#1116)) ([2f4f7c3](2f4f7c3)) * integrate SD JWT ([#1016](#1016)) ([9d7948f](9d7948f)) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> docs(agent): Regenerate PNG images from updated PUML files (#1128) Signed-off-by: Benjamin Voiturier <benjamin.voiturier@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: Add expiration time for cloud-agent (#1132) Signed-off-by: mineme0110 <shailesh.patil@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> style: remove deprecated Scala syntax (#1134) Signed-off-by: FabioPinheiro <fabiomgpinheiro@gmail.com> fix: Chart refactor (#1143) Signed-off-by: Milos Backonja <milos.backonja@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore(release): cut Identus Cloud agent 1.35.1 release * Add expiration time for cloud-agent ([#1132](#1132)) ([f719120](f719120)) * Chart refactor ([#1143](#1143)) ([f309a0e](f309a0e)) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: add custom DCO check action [skip ci] (#1142) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: Schema Error Handling (#1138) Signed-off-by: Bassam Riman <bassam.riman@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> ci: revert custom DCO check action [skip ci] (#1147) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> test: add checks for prism did creation (#1144) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: Yurii Shynbuiev - IOHK <yurii.shynbuiev@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> style: remove unused imports (#1135) Signed-off-by: FabioPinheiro <fabiomgpinheiro@gmail.com> docs: updating the hdkey ADR [skip ci] (#1149) Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: improve ZIO failures and defects in credential definition (#1133) Signed-off-by: FabioPinheiro <fabiomgpinheiro@gmail.com> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: Credential Defintion Error Handling Part 2 (#1155) Signed-off-by: Bassam Riman <bassam.riman@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: Credential Defintion Error Handling Part 2 (#1156) Signed-off-by: Bassam Riman <bassam.riman@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: Remove double Error logs in DIDController (#1140) fix: pick right key type when creating corresponding issuer (#1157) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> build: internal dependency updates (#1126) Signed-off-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> Co-authored-by: Hyperledger Bot <hyperledger-bot@hyperledger.org> Co-authored-by: patlo-iog <pat.losoponkul@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: Update the Holder to send the presentation only, No claims to disclose is needed separately (#1158) Signed-off-by: mineme0110 <shailesh.patil@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: Helm chart refactor (#1160) Signed-off-by: Milos Backonja <milos.backonja@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore(release): cut Identus Cloud agent 1.36.0 release * Credential Defintion Error Handling Part 2 ([#1155](#1155)) ([2df5306](2df5306)) * Credential Defintion Error Handling Part 2 ([#1156](#1156)) ([5755504](5755504)) * Helm chart refactor ([#1160](#1160)) ([4b59112](4b59112)) * pick right key type when creating corresponding issuer ([#1157](#1157)) ([22f0448](22f0448)) * Schema Error Handling ([#1138](#1138)) ([a9da840](a9da840)) * Update the Holder to send the presentation only, No claims to disclose is needed separately ([#1158](#1158)) ([9eaa5d4](9eaa5d4)) * improve ZIO failures and defects in credential definition ([#1133](#1133)) ([d6dfb72](d6dfb72)) * Remove double Error logs in DIDController ([#1140](#1140)) ([888ebb4](888ebb4)) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: Helm chart refactor vol2 (#1162) Signed-off-by: Milos Backonja <milos.backonja@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> chore(release): cut Identus Cloud agent 1.36.1 release * Helm chart refactor vol2 ([#1162](#1162)) ([72fc6d1](72fc6d1)) Signed-off-by: Allain Magyar <allain.magyar@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: ATL-6834 Use ZIO Failures and Defects effectively in the Issue flow (#1139) Signed-off-by: Benjamin Voiturier <benjamin.voiturier@iohk.io> feat: use the compact format in SD-JWT (#1169) Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: Present Error Handling (Part 1: Repo Changes) (#1172) Signed-off-by: Bassam Riman <bassam.riman@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> feat: ATL 6829 - Integrate ZIO failures and defects ADR in credential status list (#1175) Signed-off-by: Benjamin Voiturier <benjamin.voiturier@iohk.io> Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: resolve merge conflict and error interface chore: use latest snaptshot version for example Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> style: fix and fmt Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io>
hyperledger · Jun 13, 2024 · 109908b · 109908b
1 parent dffad1d
commit 109908b
Show file tree

Hide file tree

Showing 99 changed files with 7,064 additions and 17,280 deletions.
diff --git a/.mega-linter.yml b/.mega-linter.yml
@@ -18,11 +18,19 @@ DISABLE_LINTERS:
   - CPP_CPPLINT # For pollux/lib/anoncreds/src/main/c
   - JAVA_CHECKSTYLE # For pollux/lib/anoncreds/src/main/java
   - GHERKIN_GHERKIN_LINT
+  - OPENAPI_SPECTRAL
+  # For python, disable all except PYTHON_BLACK linter
+  - PYTHON_PYLINT
+  - PYTHON_FLAKE8
+  - PYTHON_ISORT
+  - PYTHON_BANDIT
+  - PYTHON_MYPY
+  - PYTHON_PYRIGHT
+  - PYTHON_RUFF
 
 DISABLE_ERRORS_LINTERS:
   - KOTLIN_KTLINT
   - PROTOBUF_PROTOLINT
-  - OPENAPI_SPECTRAL
   - MARKDOWN_MARKDOWN_LINK_CHECK
 
 DISABLE: [COPYPASTE, SPELL, CREDENTIALS]
@@ -45,10 +53,12 @@ PRE_COMMANDS:
     cwd: "workspace"
 
 # Linter customisation
-MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_EXCLUDE: "CHANGELOG.md"
-MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: "CHANGELOG.md"
+MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_EXCLUDE: CHANGELOG\.md|DEPENDENCIES\.md
+MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: CHANGELOG\.md|DEPENDENCIES\.md
+MARKDOWN_MARKDOWN_TABLE_FORMATTER_FILTER_REGEX_EXCLUDE: CHANGELOG\.md|DEPENDENCIES\.md
 SQL_SQL_LINT_ARGUMENTS: -d postgres --ignore-errors=postgres-invalid-alter-option,postgres-invalid-create-option,postgres-invalid-drop-option
-YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: "infrastructure/charts/agent/*|cloud-agent/service/api/http/*"
-YAML_PRETTIER_FILTER_REGEX_EXCLUDE: "infrastructure/charts/agent/*|cloud-agent/service/api/http/*"
+YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: "infrastructure/charts/agent/*|cloud-agent/service/api/http/*|examples/*"
+YAML_PRETTIER_FILTER_REGEX_EXCLUDE: "infrastructure/charts/agent/*|cloud-agent/service/api/http/*|examples/*"
 YAML_V8R_FILTER_REGEX_EXCLUDE: "infrastructure/charts/agent/*"
 JAVASCRIPT_STANDARD_FILTER_REGEX_EXCLUDE: "tests/performance-tests/agent-performance-tests-k6/src/k6chaijs.js"
+BASH_SHELLCHECK_FILTER_REGEX_EXCLUDE: "infrastructure/*"
diff --git a/build.sbt b/build.sbt
@@ -869,6 +869,7 @@ lazy val cloudAgentServer = project
     eventNotification
   )
   .dependsOn(sharedTest % "test->test")
+  .dependsOn(polluxCore % "compile->compile;test->test")
 
 // ############################
 // ####  Release process  #####

diff --git a/...nt/service/server/src/main/scala/org/hyperledger/identus/agent/server/CloudAgentApp.scala b/...nt/service/server/src/main/scala/org/hyperledger/identus/agent/server/CloudAgentApp.scala
@@ -19,6 +19,7 @@ import org.hyperledger.identus.iam.entity.http.EntityServerEndpoints
 import org.hyperledger.identus.iam.wallet.http.WalletManagementServerEndpoints
 import org.hyperledger.identus.issue.controller.IssueServerEndpoints
 import org.hyperledger.identus.mercury.{DidOps, HttpClient}
+import org.hyperledger.identus.oid4vci.CredentialIssuerServerEndpoints
 import org.hyperledger.identus.pollux.core.service.{CredentialService, PresentationService}
 import org.hyperledger.identus.pollux.credentialdefinition.CredentialDefinitionRegistryServerEndpoints
 import org.hyperledger.identus.pollux.credentialschema.{
@@ -135,6 +136,7 @@ object AgentHttpServer {
     allEntityEndpoints <- EntityServerEndpoints.all
     allWalletManagementEndpoints <- WalletManagementServerEndpoints.all
     allEventEndpoints <- EventServerEndpoints.all
+    allOIDCEndpoints <- CredentialIssuerServerEndpoints.all
   } yield allCredentialDefinitionRegistryEndpoints ++
     allSchemaRegistryEndpoints ++
     allVerificationPolicyEndpoints ++
@@ -148,7 +150,8 @@ object AgentHttpServer {
     allSystemEndpoints ++
     allEntityEndpoints ++
     allWalletManagementEndpoints ++
-    allEventEndpoints
+    allEventEndpoints ++
+    allOIDCEndpoints
   def run =
     for {
       allEndpoints <- agentRESTServiceEndpoints

diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/MainApp.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/MainApp.scala
@@ -29,12 +29,17 @@ import org.hyperledger.identus.event.controller.EventControllerImpl
 import org.hyperledger.identus.event.notification.EventNotificationServiceImpl
 import org.hyperledger.identus.iam.authentication.apikey.JdbcAuthenticationRepository
 import org.hyperledger.identus.iam.authentication.DefaultAuthenticator
+import org.hyperledger.identus.iam.authentication.{DefaultAuthenticator, Oid4vciAuthenticatorFactory}
+import org.hyperledger.identus.iam.authentication.apikey.JdbcAuthenticationRepository
 import org.hyperledger.identus.iam.authorization.core.EntityPermissionManagementService
 import org.hyperledger.identus.iam.authorization.DefaultPermissionManagementService
 import org.hyperledger.identus.iam.entity.http.controller.{EntityController, EntityControllerImpl}
 import org.hyperledger.identus.iam.wallet.http.controller.WalletManagementControllerImpl
 import org.hyperledger.identus.issue.controller.IssueControllerImpl
 import org.hyperledger.identus.mercury.*
+import org.hyperledger.identus.oid4vci.controller.CredentialIssuerControllerImpl
+import org.hyperledger.identus.oid4vci.service.OIDCCredentialIssuerServiceImpl
+import org.hyperledger.identus.oid4vci.storage.InMemoryIssuanceSessionService
 import org.hyperledger.identus.pollux.core.service.*
 import org.hyperledger.identus.pollux.core.service.verification.VcVerificationServiceImpl
 import org.hyperledger.identus.pollux.credentialdefinition.controller.CredentialDefinitionControllerImpl
@@ -48,6 +53,7 @@ import org.hyperledger.identus.pollux.sql.repository.{
   JdbcCredentialRepository,
   JdbcCredentialSchemaRepository,
   JdbcCredentialStatusListRepository,
+  JdbcOID4VCIIssuerMetadataRepository,
   JdbcPresentationRepository,
   JdbcVerificationPolicyRepository,
   Migrations as PolluxMigrations
@@ -191,6 +197,7 @@ object MainApp extends ZIOAppDefault {
           DefaultAuthenticator.layer,
           DefaultPermissionManagementService.layer,
           EntityPermissionManagementService.layer,
+          Oid4vciAuthenticatorFactory.layer,
           // grpc
           GrpcModule.prismNodeStubLayer,
           // storage
@@ -205,7 +212,13 @@ object MainApp extends ZIOAppDefault {
           RepoModule.polluxContextAwareTransactorLayer ++ RepoModule.polluxTransactorLayer >>> JdbcCredentialSchemaRepository.layer,
           RepoModule.polluxContextAwareTransactorLayer ++ RepoModule.polluxTransactorLayer >>> JdbcCredentialDefinitionRepository.layer,
           RepoModule.polluxContextAwareTransactorLayer ++ RepoModule.polluxTransactorLayer >>> JdbcPresentationRepository.layer,
+          RepoModule.polluxContextAwareTransactorLayer ++ RepoModule.polluxTransactorLayer >>> JdbcOID4VCIIssuerMetadataRepository.layer,
           RepoModule.polluxContextAwareTransactorLayer >>> JdbcVerificationPolicyRepository.layer,
+          // oidc
+          CredentialIssuerControllerImpl.layer,
+          InMemoryIssuanceSessionService.layer,
+          OID4VCIIssuerMetadataServiceImpl.layer,
+          OIDCCredentialIssuerServiceImpl.layer,
           // event notification service
           ZLayer.succeed(500) >>> EventNotificationServiceImpl.layer,
           // HTTP client

diff --git a/...erver/src/main/scala/org/hyperledger/identus/agent/server/jobs/BackgroundJobsHelper.scala b/...erver/src/main/scala/org/hyperledger/identus/agent/server/jobs/BackgroundJobsHelper.scala
@@ -6,6 +6,12 @@ import org.hyperledger.identus.agent.walletapi.service.ManagedDIDService
 import org.hyperledger.identus.agent.walletapi.storage.DIDNonSecretStorage
 import org.hyperledger.identus.castor.core.model.did.{LongFormPrismDID, PrismDID, VerificationRelationship}
 import org.hyperledger.identus.castor.core.model.did.EllipticCurve
+import org.hyperledger.identus.castor.core.model.did.{
+  EllipticCurve,
+  LongFormPrismDID,
+  PrismDID,
+  VerificationRelationship
+}
 import org.hyperledger.identus.castor.core.service.DIDService
 import org.hyperledger.identus.mercury.{AgentPeerService, DidAgent}
 import org.hyperledger.identus.mercury.model.DidId

diff --git a/...gent/service/server/src/main/scala/org/hyperledger/identus/api/http/EndpointOutputs.scala b/...gent/service/server/src/main/scala/org/hyperledger/identus/api/http/EndpointOutputs.scala
@@ -6,7 +6,7 @@ import sttp.tapir.json.zio.jsonBody
 import sttp.tapir.EndpointOutput.OneOfVariant
 
 object EndpointOutputs {
-  private def statusCodeMatcher(
+  def statusCodeMatcher(
       statusCode: StatusCode
   ): PartialFunction[Any, Boolean] = {
     case ErrorResponse(status, _, _, _, _) if status == statusCode.code => true

diff --git a/...vice/server/src/main/scala/org/hyperledger/identus/iam/authentication/Authenticator.scala b/...vice/server/src/main/scala/org/hyperledger/identus/iam/authentication/Authenticator.scala
@@ -51,8 +51,8 @@ trait Authorizer[E <: BaseEntity] {
       .mapError(msg =>
         AuthenticationError.UnexpectedError(s"Unable to retrieve entity role for entity id ${entity.id}. $msg")
       )
-      .filterOrFail(_ != EntityRole.Admin)(
-        AuthenticationError.InvalidRole("Admin role is not allowed to access the tenant's wallet.")
+      .filterOrFail(_ == EntityRole.Tenant)(
+        AuthenticationError.InvalidRole("Only Tenant role is allowed to access the tenant's wallet.")
       )
       .flatMap(_ => authorizeWalletAccessLogic(entity))
 

diff --git a/...rver/src/main/scala/org/hyperledger/identus/iam/authentication/Oid4vciAuthenticator.scala b/...rver/src/main/scala/org/hyperledger/identus/iam/authentication/Oid4vciAuthenticator.scala
@@ -0,0 +1,90 @@
+package org.hyperledger.identus.iam.authentication
+
+import org.hyperledger.identus.agent.walletapi.model.{BaseEntity, EntityRole}
+import org.hyperledger.identus.iam.authentication.oidc.{
+  AccessToken,
+  JwtAuthenticationError,
+  JwtCredentials,
+  Oauth2TokenIntrospector,
+  RemoteOauth2TokenIntrospector
+}
+import org.hyperledger.identus.oid4vci.service.OIDCCredentialIssuerService
+import org.hyperledger.identus.pollux.core.service.OID4VCIIssuerMetadataService
+import zio.*
+import zio.http.Client
+
+import java.util.UUID
+
+final case class ExternalEntity(id: UUID) extends BaseEntity {
+  override def role: Either[String, EntityRole] = Right(EntityRole.ExternalParty)
+}
+
+case class Oid4vciAuthenticator(tokenIntrospector: Oauth2TokenIntrospector) extends Authenticator[ExternalEntity] {
+
+  override def isEnabled: Boolean = true
+
+  def authenticate(credentials: Credentials): IO[AuthenticationError, ExternalEntity] = {
+    credentials match {
+      case JwtCredentials(Some(token)) if token.nonEmpty => authenticate(token)
+      case JwtCredentials(Some(_))                       => ZIO.fail(JwtAuthenticationError.emptyToken)
+      case JwtCredentials(None) => ZIO.fail(AuthenticationError.InvalidCredentials("Bearer token is not provided"))
+      case other                => ZIO.fail(AuthenticationError.InvalidCredentials("Bearer token is not provided"))
+    }
+  }
+
+  private def authenticate(token: String): IO[AuthenticationError, ExternalEntity] = {
+    for {
+      accessToken <- ZIO
+        .fromEither(AccessToken.fromString(token))
+        .mapError(AuthenticationError.InvalidCredentials.apply)
+      introspection <- tokenIntrospector
+        .introspectToken(accessToken)
+        .mapError(e => AuthenticationError.UnexpectedError(e.getMessage))
+      _ <- ZIO
+        .fail(AuthenticationError.InvalidCredentials("The accessToken is invalid."))
+        .unless(introspection.active)
+      entityId <- ZIO
+        .fromOption(introspection.sub)
+        .mapError(_ => AuthenticationError.UnexpectedError("Subject ID is not found in the accessToken."))
+        .flatMap { id =>
+          ZIO
+            .attempt(UUID.fromString(id))
+            .mapError(e => AuthenticationError.UnexpectedError(s"Subject ID in accessToken is not a UUID. $e"))
+        }
+    } yield ExternalEntity(entityId)
+  }
+}
+
+class Oid4vciAuthenticatorFactory(
+    httpClient: Client,
+    issuerService: OIDCCredentialIssuerService,
+    metadataService: OID4VCIIssuerMetadataService
+) {
+  def make(issuerState: String): IO[AuthenticationError, Oid4vciAuthenticator] =
+    issuerService
+      .getIssuanceSessionByIssuerState(issuerState)
+      .mapError(e =>
+        AuthenticationError.UnexpectedError(s"Unable to get issuanceSession from issuerState: $issuerState")
+      )
+      .flatMap(session => make(session.issuerId))
+
+  def make(issuerId: UUID): IO[AuthenticationError, Oid4vciAuthenticator] =
+    for {
+      issuer <- metadataService
+        .getCredentialIssuer(issuerId)
+        .mapError(e => AuthenticationError.UnexpectedError(s"Unable to get issuer from issuerId: $issuerId"))
+      tokenIntrospector <- RemoteOauth2TokenIntrospector
+        .fromAuthorizationServer(
+          httpClient,
+          issuer.authorizationServer,
+          issuer.authorizationServerClientId,
+          issuer.authorizationServerClientSecret
+        )
+        .mapError(e => AuthenticationError.UnexpectedError(s"Unable to create token introspector: $e"))
+    } yield Oid4vciAuthenticator(tokenIntrospector)
+}
+
+object Oid4vciAuthenticatorFactory {
+  def layer: URLayer[Client & OIDCCredentialIssuerService & OID4VCIIssuerMetadataService, Oid4vciAuthenticatorFactory] =
+    ZLayer.fromFunction(Oid4vciAuthenticatorFactory(_, _, _))
+}
diff --git a/...rc/main/scala/org/hyperledger/identus/iam/authentication/oidc/KeycloakAuthenticator.scala b/...rc/main/scala/org/hyperledger/identus/iam/authentication/oidc/KeycloakAuthenticator.scala
@@ -60,7 +60,7 @@ final class AccessToken private (token: String, claims: JwtClaim, rolesClaimPath
 }
 
 object AccessToken {
-  def fromString(token: String, rolesClaimPath: Seq[String]): Either[String, AccessToken] =
+  def fromString(token: String, rolesClaimPath: Seq[String] = Nil): Either[String, AccessToken] =
     JwtCirce
       .decode(token, JwtOptions(false, false, false))
       .map(claims => AccessToken(token, claims, rolesClaimPath))

diff --git a/...ain/scala/org/hyperledger/identus/iam/authentication/oidc/KeycloakAuthenticatorImpl.scala b/...ain/scala/org/hyperledger/identus/iam/authentication/oidc/KeycloakAuthenticatorImpl.scala
@@ -81,6 +81,8 @@ class KeycloakAuthenticatorImpl(
       ctx <- role match {
         case EntityRole.Admin  => ZIO.succeed(WalletAdministrationContext.Admin())
         case EntityRole.Tenant => selfServiceCtx
+        case EntityRole.ExternalParty =>
+          ZIO.fail(AuthenticationError.InvalidRole("External party cannot access the wallet."))
       }
     } yield ctx
   }

diff --git a/...erver/src/main/scala/org/hyperledger/identus/iam/authentication/oidc/KeycloakClient.scala b/...erver/src/main/scala/org/hyperledger/identus/iam/authentication/oidc/KeycloakClient.scala
@@ -6,17 +6,8 @@ import zio.*
 import zio.http.*
 import zio.json.*
 
-import java.net.URLEncoder
-import java.nio.charset.StandardCharsets
 import scala.jdk.CollectionConverters.*
 
-final case class TokenIntrospection(active: Boolean, sub: Option[String])
-
-object TokenIntrospection {
-  given JsonEncoder[TokenIntrospection] = JsonEncoder.derived
-  given JsonDecoder[TokenIntrospection] = JsonDecoder.derived
-}
-
 final case class TokenResponse(access_token: String, refresh_token: String)
 
 object TokenResponse {
@@ -50,51 +41,19 @@ trait KeycloakClient {
 class KeycloakClientImpl(client: AuthzClient, httpClient: Client, override val keycloakConfig: KeycloakConfig)
     extends KeycloakClient {
 
-  private val introspectionUrl = client.getServerConfiguration().getIntrospectionEndpoint()
+  private val introspector: Oauth2TokenIntrospector = RemoteOauth2TokenIntrospector(
+    client.getServerConfiguration().getIntrospectionEndpoint(),
+    httpClient,
+    keycloakConfig.clientId,
+    keycloakConfig.clientSecret
+  )
   private val tokenUrl = client.getServerConfiguration().getTokenEndpoint()
 
   private val baseFormHeaders = Headers(Header.ContentType(MediaType.application.`x-www-form-urlencoded`))
 
-  // TODO: support offline introspection
   // https://www.keycloak.org/docs/22.0.4/securing_apps/#_token_introspection_endpoint
-  override def introspectToken(token: AccessToken): IO[KeycloakClientError, TokenIntrospection] = {
-    (for {
-      url <- ZIO.fromEither(URL.decode(introspectionUrl)).orDie
-      response <- httpClient
-        .request(
-          Request(
-            url = url,
-            method = Method.POST,
-            headers = baseFormHeaders ++ Headers(
-              Header.Authorization.Basic(
-                username = URLEncoder.encode(keycloakConfig.clientId, StandardCharsets.UTF_8),
-                password = URLEncoder.encode(keycloakConfig.clientSecret, StandardCharsets.UTF_8)
-              )
-            ),
-            body = Body.fromURLEncodedForm(
-              Form(
-                FormField.simpleField("token", token.toString)
-              )
-            )
-          )
-        )
-        .logError("Fail to introspect token on keycloak.")
-        .mapError(e => KeycloakClientError.UnexpectedError("Fail to introspect the token on keycloak."))
-      body <- response.body.asString
-        .logError("Fail parse keycloak introspection response.")
-        .mapError(e => KeycloakClientError.UnexpectedError("Fail parse keycloak introspection response."))
-      result <-
-        if (response.status.code == 200) {
-          ZIO
-            .fromEither(body.fromJson[TokenIntrospection])
-            .logError("Fail to decode keycloak token introspection response")
-            .mapError(e => KeycloakClientError.UnexpectedError(e))
-        } else {
-          ZIO.logError(s"Keycloak token introspection was unsucessful. Status: ${response.status}. Response: $body") *>
-            ZIO.fail(KeycloakClientError.UnexpectedError("Token introspection was unsuccessful."))
-        }
-    } yield result).provide(Scope.default)
-  }
+  override def introspectToken(token: AccessToken): IO[KeycloakClientError, TokenIntrospection] =
+    introspector.introspectToken(token).mapError(e => KeycloakClientError.UnexpectedError(e.getMessage))
 
   override def getAccessToken(username: String, password: String): IO[KeycloakClientError, TokenResponse] = {
     (for {