WIP

Author: cicnavi

src/Controllers/Admin/VerifiableCredentailsTestController.php

@@ -63,6 +63,12 @@ public function __construct(
      */
     public function verifiableCredentialIssuance(Request $request): Response
     {
+        $setupErrors = [];
+
+        if (!$this->moduleConfig->getVerifiableCredentialEnabled()) {
+            $setupErrors[] = 'Verifiable Credential functionalities are not enabled.';
+        }
+
         $selectedAuthSourceId = $this->sessionService->getCurrentSession()->getData('vci', 'auth_source_id');
 
         $authSource = null;
@@ -85,20 +91,46 @@ public function verifiableCredentialIssuance(Request $request): Response
             $selectedAuthSourceId = $newAuthSourceId;
         }
 
+        $authSourceIds = array_filter(
+            $this->sspBridge->auth()->source()->getSources(),
+            fn (string $authSourceId): bool => $authSourceId !== 'admin',
+        );
 
         if (
             $authSource instanceof Simple &&
             ($authSource->isAuthenticated() === false) &&
-            is_string($selectedAuthSourceId)
+            is_string($selectedAuthSourceId) &&
+            in_array($selectedAuthSourceId, $authSourceIds, true)
         ) {
             $authSource->login(['ReturnTo' => $this->routes->urlAdminTestVerifiableCredentialIssuance()]);
         }
 
-        $authSourceIds = array_filter(
-            $this->sspBridge->auth()->source()->getSources(),
-            fn (string $authSourceId): bool => $authSourceId !== 'admin',
+        $selectedCredentialConfigurationId = $this->sessionService->getCurrentSession()->getData(
+            'vci',
+            'credential_configuration_id',
         );
 
+        if (is_string($newCredentialConfigurationId = $request->get('credentialConfigurationId'))) {
+            $this->sessionService->getCurrentSession()->setData(
+                'vci',
+                'credential_configuration_id',
+                $newCredentialConfigurationId,
+            );
+            $selectedCredentialConfigurationId = $newCredentialConfigurationId;
+        }
+
+        $credentialConfigurationIdsSupported = $this->moduleConfig->getCredentialConfigurationIdsSupported();
+
+        if (empty($credentialConfigurationIdsSupported)) {
+            $setupErrors[] = 'No credential configuration IDs configured.';
+        }
+
+        if (
+            is_null($selectedCredentialConfigurationId) ||
+            !in_array($selectedCredentialConfigurationId, $credentialConfigurationIdsSupported, true)
+        ) {
+           $selectedCredentialConfigurationId = current($credentialConfigurationIdsSupported);
+        }
 
         $credentialOfferQrUri = null;
         $credentialOfferUri = null;
@@ -147,19 +179,23 @@ public function verifiableCredentialIssuance(Request $request): Response
             $clientId = '1234567890';
             $clientSecret = '1234567890';
 
-            if (($client = $this->clientRepository->findById($clientId)) === null) {
-                $client = $this->clientEntityFactory->fromData(
-                    id: $clientId,
-                    secret: $clientSecret,
-                    name: 'VCI Pre-authorized Code Test Client',
-                    description: 'Test client for VCI Pre-authorized Code',
-                    redirectUri: ['https://example.com/oidc/callback'],
-                    scopes: ['openid', 'ResearchAndScholarshipCredentialJwtVcJson'], // TODO mivanci from config
-                    isEnabled: true,
-                );
+            $client = $this->clientEntityFactory->fromData(
+                id: $clientId,
+                secret: $clientSecret,
+                name: 'VCI Pre-authorized Code Test Client',
+                description: 'Test client for VCI Pre-authorized Code',
+                redirectUri: ['https://example.com/oidc/callback'],
+                scopes: ['openid', ...$credentialConfigurationIdsSupported], // Test Client so will have
+                isEnabled: true,
+            );
 
+            if ($this->clientRepository->findById($clientId) === null) {
                 $this->clientRepository->add($client);
+            } else {
+                $this->clientRepository->update($client);
             }
+
+            // TODO mivanci Randomly generate auth code.
             $authCodeId = '1234567890';
 
             // TODO mivanci Add indication of preauthz code to the auth code table.
@@ -170,7 +206,7 @@ public function verifiableCredentialIssuance(Request $request): Response
                     client: $client,
                     scopes: [
                         new ScopeEntity('openid'),
-                        new ScopeEntity('ResearchAndScholarshipCredentialJwtVcJson'),
+                        new ScopeEntity($selectedCredentialConfigurationId),
                     ],
                     expiryDateTime: new \DateTimeImmutable('+1 month'),
                     userIdentifier: $userId,
@@ -185,7 +221,7 @@ public function verifiableCredentialIssuance(Request $request): Response
                 parameters: [
                     ClaimsEnum::CredentialIssuer->value => $this->moduleConfig->getIssuer(),
                     ClaimsEnum::CredentialConfigurationIds->value => [
-                        'ResearchAndScholarshipCredentialJwtVcJson', // TODO mivanci from config
+                        $selectedCredentialConfigurationId,
                     ],
                     ClaimsEnum::Grants->value => [
                         GrantTypesEnum::PreAuthorizedCode->value => [
@@ -210,6 +246,7 @@ public function verifiableCredentialIssuance(Request $request): Response
 
             $credentialOfferUri = "openid-credential-offer://?$parameterName=$credentialOfferValue";
 
+            // TODO mivanci Local QR code generator
             // https://quickchart.io/documentation/qr-codes/
             $credentialOfferQrUri = 'https://quickchart.io/qr?size=200&margin=1&text=' . urlencode($credentialOfferUri);
         }
@@ -223,11 +260,14 @@ public function verifiableCredentialIssuance(Request $request): Response
         return $this->templateFactory->build(
             'oidc:tests/verifiable-credential-issuance.twig',
             compact(
+                'setupErrors',
                 'credentialOfferQrUri',
                 'credentialOfferUri',
                 'authSourceIds',
                 'authSourceActionRoute',
                 'authSource',
+                'credentialConfigurationIdsSupported',
+                'selectedCredentialConfigurationId'
             ),
             RoutesEnum::AdminTestVerifiableCredentialIssuance->value,
         );

src/ModuleConfig.php

@@ -794,6 +794,11 @@ public function getCredentialConfigurationsSupported(): array
         return $this->config()->getOptionalArray(self::OPTION_CREDENTIAL_CONFIGURATIONS_SUPPORTED, []) ?? [];
     }
 
+    public function getCredentialConfigurationIdsSupported(): array
+    {
+        return array_keys($this->getCredentialConfigurationsSupported());
+    }
+
     /**
      * Extract and parse the claims path definition from the credential configuration supported.
      * Returns an array of valid paths for the claims.

templates/tests/verifiable-credential-issuance.twig

@@ -4,54 +4,87 @@
 
 {% block oidcContent %}
 
-    <h4>Pre-Authorized Code</h4>
-    <p>
-        {{ 'You can use info below to test Verifiable Credential Issuance.'|trans }}
-    </p>
-
-    {% if not authSource or not authSource.isAuthenticated %}
-        <form method="post"
-              action="{{ authSourceActionRoute }}"
-              class="pure-form pure-form-stacked">
-            <fieldset>
-                <label for="authSourceId">{{ 'Auth Source ID'|trans }}</label>
-                <select name="authSourceId" id="authSourceId">
-                    {% for authSourceId in authSourceIds %}
-                        <option value="{{ authSourceId }}">{{ authSourceId }}</option>
-                    {% endfor %}
-                </select>
-
-                <br>
-                <button type="submit" class="pure-button ">{{ (actionText|default('Login'))|trans }}</button>
-            </fieldset>
-        </form>
-    {% else %}
+    {% if setupErrors %}
         <p>
-            You are currently authenticated with the following user data:
+            {{ 'There are some setup errors which you should deal with before proceeding.'|trans }}
             <br>
-            <code class="code-box code-box-content">
-                {{- authSource.getAttributes|json_encode(constant('JSON_PRETTY_PRINT') b-or constant('JSON_UNESCAPED_SLASHES')) -}}
-            </code>
+            {{ setupErrors|join('<br>') }}
         </p>
-        <form method="post"
-              action="{{ authSourceActionRoute }}"
-              class="pure-form pure-form-stacked">
-            <fieldset>
-                <button type="submit" name="logout" class="pure-button ">{{ (actionText|default('Logout'))|trans }}</button>
-            </fieldset>
-        </form>
-    {% endif %}
+    {% else %}
 
+        <h4>Pre-Authorized Code</h4>
+
+        {% if not authSource or not authSource.isAuthenticated %}
+
+            <p>
+                {{ 'To test Verifiable Credential issuance using pre-authorized code, choose authentication source, desired Credential Configuration ID, and click Proceed.'|trans }}
+                {{ 'Once you log in, you will be presented with a Credential Offer which you can use to test credential issuance.'|trans }}
+            </p>
+
+            <form method="post"
+                  action="{{ authSourceActionRoute }}"
+                  class="pure-form pure-form-stacked">
+                <fieldset>
+                    <label for="authSourceId">{{ 'Auth Source ID'|trans }}</label>
+                    <select name="authSourceId" id="authSourceId">
+                        {% for authSourceId in authSourceIds %}
+                            <option value="{{ authSourceId }}">{{ authSourceId }}</option>
+                        {% endfor %}
+                    </select>
+                    <span class="pure-form-message">
+                        {% trans %}Authentication source to be used for user login.{% endtrans %}
+                    </span>
+
+                    <label for="credentialConfigurationId">{{ 'Credential Configuration ID'|trans }}</label>
+                    <select name="credentialConfigurationId" id="credentialConfigurationId">
+                        {% for credentialConfigurationId in credentialConfigurationIdsSupported %}
+                            <option value="{{ credentialConfigurationId }}">{{ credentialConfigurationId }}</option>
+                        {% endfor %}
+                    </select>
+                    <span class="pure-form-message">
+                        {% trans %}Credential Configuration ID to be offered.{% endtrans %}
+                    </span>
+
+                    <br>
+                    <button type="submit" class="pure-button ">{{ (actionText|default('Proceed'))|trans }}</button>
+                </fieldset>
+            </form>
+        {% else %}
+            <p>
+                You are currently authenticated with the following user data:
+                <br>
+                <code class="code-box code-box-content">
+                    {{- authSource.getAttributes|json_encode(constant('JSON_PRETTY_PRINT') b-or constant('JSON_UNESCAPED_SLASHES')) -}}
+                </code>
+            </p>
+
+        {% endif %}
+
+
+        {% if credentialOfferUri and credentialOfferQrUri %}
+            <p>
+                Credential Offer:
+                <code class="code-box code-box-content">
+                    {{- credentialOfferUri -}}
+                </code>
+            </p>
+            <img src="{{ credentialOfferQrUri }}" alt="QR Code" />
+        {% endif %}
+
+        {% if authSource and authSource.isAuthenticated %}
+            <form method="post"
+                  action="{{ authSourceActionRoute }}"
+                  class="pure-form pure-form-stacked">
+                <fieldset>
+                    <button type="submit" name="logout" class="pure-button ">
+                        {{ (actionText|default('Clear'))|trans }}
+                    </button>
+                </fieldset>
+            </form>
+        {% endif %}
 
-    {% if credentialOfferUri and credentialOfferQrUri %}
-        <p>
-            Credential Offer (Pre-Authorized Code)
-            <code class="code-box code-box-content">
-                {{- credentialOfferUri -}}
-            </code>
-        </p>
-        <img src="{{ credentialOfferQrUri }}" alt="QR Code" />
     {% endif %}
 
 
+
 {% endblock oidcContent -%}