Skip to content

Commit 3579417

Browse files
cicnavicicnavi
committed
WIP
1 parent 9e7e094 commit 3579417

File tree

7 files changed

+194
-384
lines changed

7 files changed

+194
-384
lines changed

routing/routes/routes.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -147,8 +147,8 @@
147147
****************************************************************************************************************/
148148

149149
$routes->add(
150-
RoutesEnum::ApiVciPreAuthorizedCredentialOffer->name,
151-
RoutesEnum::ApiVciPreAuthorizedCredentialOffer->value,
152-
)->controller([VciCredentialOfferController::class, 'preAuthorizedCredentialOffer'])
150+
RoutesEnum::ApiVciCredentialOffer->name,
151+
RoutesEnum::ApiVciCredentialOffer->value,
152+
)->controller([VciCredentialOfferController::class, 'credentialOffer'])
153153
->methods([HttpMethodsEnum::POST->value]);
154154
};

src/Codebooks/RoutesEnum.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,5 +74,5 @@ enum RoutesEnum: string
7474
* API
7575
****************************************************************************************************************/
7676

77-
case ApiVciPreAuthorizedCredentialOffer = 'api/vci/pre-authorized-credential-offer';
77+
case ApiVciCredentialOffer = 'api/vci/credential-offer';
7878
}

src/Controllers/Admin/VerifiableCredentailsTestController.php

Lines changed: 4 additions & 84 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,12 @@
44

55
namespace SimpleSAML\Module\oidc\Controllers\Admin;
66

7-
use DateTimeImmutable;
87
use SimpleSAML\Auth\Simple;
98
use SimpleSAML\Module\oidc\Admin\Authorization;
109
use SimpleSAML\Module\oidc\Bridges\SspBridge;
11-
use SimpleSAML\Module\oidc\Codebooks\ParametersEnum;
1210
use SimpleSAML\Module\oidc\Codebooks\RoutesEnum;
13-
use SimpleSAML\Module\oidc\Entities\ScopeEntity;
1411
use SimpleSAML\Module\oidc\Factories\AuthSimpleFactory;
12+
use SimpleSAML\Module\oidc\Factories\CredentialOfferUriFactory;
1513
use SimpleSAML\Module\oidc\Factories\EmailFactory;
1614
use SimpleSAML\Module\oidc\Factories\Entities\AuthCodeEntityFactory;
1715
use SimpleSAML\Module\oidc\Factories\Entities\ClientEntityFactory;
@@ -26,8 +24,6 @@
2624
use SimpleSAML\Module\oidc\Services\SessionService;
2725
use SimpleSAML\Module\oidc\Utils\ProtocolCache;
2826
use SimpleSAML\Module\oidc\Utils\Routes;
29-
use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
30-
use SimpleSAML\OpenID\Codebooks\GrantTypesEnum;
3127
use SimpleSAML\OpenID\VerifiableCredentials;
3228
use Symfony\Component\HttpFoundation\Request;
3329
use Symfony\Component\HttpFoundation\Response;
@@ -38,21 +34,13 @@ public function __construct(
3834
protected readonly ModuleConfig $moduleConfig,
3935
protected readonly TemplateFactory $templateFactory,
4036
protected readonly Authorization $authorization,
41-
protected readonly VerifiableCredentials $verifiableCredentials,
42-
protected readonly AuthCodeRepository $authCodeRepository,
43-
protected readonly AuthCodeEntityFactory $authCodeEntityFactory,
44-
protected readonly ClientRepository $clientRepository,
45-
protected readonly ClientEntityFactory $clientEntityFactory,
4637
protected readonly LoggerService $loggerService,
4738
protected readonly EmailFactory $emailFactory,
48-
protected readonly ?ProtocolCache $protocolCache,
49-
protected readonly SessionMessagesService $sessionMessagesService,
5039
protected readonly AuthSimpleFactory $authSimpleFactory,
5140
protected readonly SessionService $sessionService,
5241
protected readonly SspBridge $sspBridge,
5342
protected readonly Routes $routes,
54-
protected readonly UserRepository $userRepository,
55-
protected readonly UserEntityFactory $userEntityFactory,
43+
protected readonly CredentialOfferUriFactory $credentialOfferUriFactory,
5644
) {
5745
$this->authorization->requireAdmin(true);
5846
}
@@ -142,79 +130,11 @@ public function verifiableCredentialIssuance(Request $request): Response
142130
) {
143131
$userAttributes = $authSource->getAttributes();
144132

145-
$userId = $this->sspBridge->utils()->attributes()->getExpectedAttribute(
133+
$credentialOfferUri = $this->credentialOfferUriFactory->buildPreAuthorized(
134+
[$selectedCredentialConfigurationId],
146135
$userAttributes,
147-
$this->moduleConfig->getUserIdentifierAttribute(),
148136
);
149137

150-
// Persist / update user entity.
151-
$userEntity = $this->userRepository->getUserEntityByIdentifier($userId);
152-
153-
if ($userEntity) {
154-
$userEntity->setClaims($userAttributes);
155-
$this->userRepository->update($userEntity);
156-
} else {
157-
$userEntity = $this->userEntityFactory->fromData($userId, $userAttributes);
158-
$this->userRepository->add($userEntity);
159-
}
160-
161-
/* TODO mivanci TX Code handling
162-
$email = $this->emailFactory->build(
163-
subject: 'VC Issuance Transaction code',
164-
to: '[email protected]',
165-
);
166-
167-
$email->setData(['Transaction Code' => '1234']);
168-
try {
169-
$email->send();
170-
$this->sessionMessagesService->addMessage('Email with tx code sent to: [email protected]');
171-
} catch (Exception $e) {
172-
$this->sessionMessagesService->addMessage('Error emailing tx code.');
173-
}
174-
*/
175-
176-
// TODO mivanci Wallet (client) credential_offer_endpoint metadata
177-
// https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#client-metadata
178-
179-
180-
$client = $this->clientEntityFactory->getGenericForVciPreAuthZFlow();
181-
if ($this->clientRepository->findById($client->getIdentifier()) === null) {
182-
$this->clientRepository->add($client);
183-
} else {
184-
$this->clientRepository->update($client);
185-
}
186-
187-
188-
189-
$credentialOffer = $this->verifiableCredentials->credentialOfferFactory()->from(
190-
parameters: [
191-
ClaimsEnum::CredentialIssuer->value => $this->moduleConfig->getIssuer(),
192-
ClaimsEnum::CredentialConfigurationIds->value => [
193-
$selectedCredentialConfigurationId,
194-
],
195-
ClaimsEnum::Grants->value => [
196-
GrantTypesEnum::PreAuthorizedCode->value => [
197-
ClaimsEnum::PreAuthorizedCode->value => $authCode->getIdentifier(),
198-
// TODO mivanci support for TxCode
199-
// ClaimsEnum::TxCode->value => [
200-
// ClaimsEnum::InputMode->value => 'numeric',
201-
// ClaimsEnum::Length->value => 6,
202-
// ClaimsEnum::Description->value => 'Sent to user mail',
203-
// ],
204-
],
205-
],
206-
],
207-
);
208-
209-
$credentialOfferValue = $credentialOffer->jsonSerialize();
210-
$parameterName = ParametersEnum::CredentialOfferUri->value;
211-
if (is_array($credentialOfferValue)) {
212-
$parameterName = ParametersEnum::CredentialOffer->value;
213-
$credentialOfferValue = json_encode($credentialOfferValue);
214-
}
215-
216-
$credentialOfferUri = "openid-credential-offer://?$parameterName=$credentialOfferValue";
217-
218138
// TODO mivanci Local QR code generator
219139
// https://quickchart.io/documentation/qr-codes/
220140
$credentialOfferQrUri = 'https://quickchart.io/qr?size=200&margin=1&text=' . urlencode($credentialOfferUri);

src/Controllers/Api/VciCredentialOfferController.php

Lines changed: 1 addition & 109 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,7 @@
66

77
use SimpleSAML\Module\oidc\Bridges\SspBridge;
88
use SimpleSAML\Module\oidc\Codebooks\ApiScopesEnum;
9-
use SimpleSAML\Module\oidc\Codebooks\ParametersEnum;
10-
use SimpleSAML\Module\oidc\Entities\ScopeEntity;
11-
use SimpleSAML\Module\oidc\Entities\UserEntity;
129
use SimpleSAML\Module\oidc\Exceptions\AuthorizationException;
13-
use SimpleSAML\Module\oidc\Exceptions\OidcException;
1410
use SimpleSAML\Module\oidc\Factories\CredentialOfferUriFactory;
1511
use SimpleSAML\Module\oidc\Factories\Entities\AuthCodeEntityFactory;
1612
use SimpleSAML\Module\oidc\Factories\Entities\ClientEntityFactory;
@@ -23,8 +19,6 @@
2319
use SimpleSAML\Module\oidc\Services\Api\Authorization;
2420
use SimpleSAML\Module\oidc\Services\LoggerService;
2521
use SimpleSAML\Module\oidc\Utils\Routes;
26-
use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
27-
use SimpleSAML\OpenID\Codebooks\GrantTypesEnum;
2822
use SimpleSAML\OpenID\VerifiableCredentials;
2923
use Symfony\Component\HttpFoundation\Request;
3024
use Symfony\Component\HttpFoundation\Response;
@@ -56,7 +50,7 @@ public function __construct(
5650

5751
/**
5852
*/
59-
public function preAuthorizedCredentialOffer(Request $request): Response
53+
public function credentialOffer(Request $request): Response
6054
{
6155
try {
6256
$this->authorization->requireTokenForAnyOfScope(
@@ -89,108 +83,6 @@ public function preAuthorizedCredentialOffer(Request $request): Response
8983
$userAttributes,
9084
);
9185

92-
// TODO mivanci continue
93-
dd($credentialOfferUri);
94-
95-
96-
/////////
97-
98-
$client = $this->clientEntityFactory->getGenericForVciPreAuthZFlow();
99-
if ($this->clientRepository->findById($client->getIdentifier()) === null) {
100-
$this->clientRepository->add($client);
101-
} else {
102-
$this->clientRepository->update($client);
103-
}
104-
105-
106-
107-
$credentialConfigurationIdsSupported = $this->moduleConfig->getCredentialConfigurationIdsSupported();
108-
109-
if (empty($credentialConfigurationIdsSupported)) {
110-
throw new OidcException('No credential configuration IDs configured.');
111-
}
112-
if (!in_array($selectedCredentialConfigurationId, $credentialConfigurationIdsSupported, true)) {
113-
throw new OidcException(
114-
'Credential configuration ID not supported: ' . $selectedCredentialConfigurationId,
115-
);
116-
}
117-
118-
$userId = null;
119-
try {
120-
$userId = $this->sspBridge->utils()->attributes()->getExpectedAttribute(
121-
$userAttributes,
122-
$this->moduleConfig->getUserIdentifierAttribute(),
123-
);
124-
} catch (\Throwable $e) {
125-
$this->loggerService->warning(
126-
'Could not extract user identifier from user attributes: ' . $e->getMessage(),
127-
);
128-
}
129-
130-
if ($userId === null) {
131-
$sortedAttributes = $userAttributes;
132-
$this->verifiableCredentials->helpers()->arr()->hybridSort($sortedAttributes);
133-
$userId = 'vci_preauthz_' . hash('sha256', serialize($sortedAttributes));
134-
}
135-
136-
$oldUserEntity = $this->userRepository->getUserEntityByIdentifier($userId);
137-
138-
$userEntity = $this->userEntityFactory->fromData($userId, $userAttributes);
139-
140-
if ($oldUserEntity instanceof UserEntity) {
141-
$this->userRepository->update($userEntity);
142-
} else {
143-
$this->userRepository->add($userEntity);
144-
}
145-
146-
147-
$authCodeId = $this->sspBridge->utils()->random()->generateID();
148-
149-
if (($authCode = $this->authCodeRepository->findById($authCodeId)) === null) {
150-
$authCode = $this->authCodeEntityFactory->fromData(
151-
id: $authCodeId,
152-
client: $client,
153-
scopes: [
154-
new ScopeEntity('openid'),
155-
new ScopeEntity($selectedCredentialConfigurationId),
156-
],
157-
expiryDateTime: new \DateTimeImmutable('+10 minutes'),
158-
userIdentifier: $userId,
159-
redirectUri: 'openid-credential-offer://',
160-
);
161-
162-
$this->authCodeRepository->persistNewAuthCode($authCode);
163-
}
164-
165-
$credentialOffer = $this->verifiableCredentials->credentialOfferFactory()->from(
166-
parameters: [
167-
ClaimsEnum::CredentialIssuer->value => $this->moduleConfig->getIssuer(),
168-
ClaimsEnum::CredentialConfigurationIds->value => [
169-
$selectedCredentialConfigurationId,
170-
],
171-
ClaimsEnum::Grants->value => [
172-
GrantTypesEnum::PreAuthorizedCode->value => [
173-
ClaimsEnum::PreAuthorizedCode->value => $authCode->getIdentifier(),
174-
// TODO mivanci support for TxCode
175-
// ClaimsEnum::TxCode->value => [
176-
// ClaimsEnum::InputMode->value => 'numeric',
177-
// ClaimsEnum::Length->value => 6,
178-
// ClaimsEnum::Description->value => 'Sent to user mail',
179-
// ],
180-
],
181-
],
182-
],
183-
);
184-
185-
$credentialOfferValue = $credentialOffer->jsonSerialize();
186-
$parameterName = ParametersEnum::CredentialOfferUri->value;
187-
if (is_array($credentialOfferValue)) {
188-
$parameterName = ParametersEnum::CredentialOffer->value;
189-
$credentialOfferValue = json_encode($credentialOfferValue);
190-
}
191-
192-
$credentialOfferUri = "openid-credential-offer://?$parameterName=$credentialOfferValue";
193-
19486
return $this->routes->newJsonResponse(
19587
data: [
19688
'credential_offer_uri' => $credentialOfferUri,

0 commit comments

Comments
 (0)