Check for flow type when issuing credentials

Author: cicnavi

src/Controllers/VerifiableCredentials/CredentialIssuerCredentialController.php

@@ -100,6 +100,17 @@ public function credential(Request $request): Response
             );
         }
 
+        if (
+            ($flowType = $accessToken->getFlowTypeEnum()) === null ||
+            $flowType->isVciFlow() === false
+        ) {
+            return $this->routes->newJsonErrorResponse(
+                'invalid_token',
+                'Access token is not intended for verifiable credential issuance.',
+                401,
+            );
+        }
+
         // TODO mivanci Validate credential request
 
         $credentialFormatId = $requestData[ClaimsEnum::Format->value] ?? null;