Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenId4VCI interoperability fixes. #823

Merged
merged 1 commit into from
Dec 19, 2024
Merged

OpenId4VCI interoperability fixes. #823

merged 1 commit into from
Dec 19, 2024

Conversation

sorotokin
Copy link
Contributor

@sorotokin sorotokin commented Dec 18, 2024

Reworked how and when we deliver credential offer to the wallet server for openid4vci provisioning. Moved to the model where the credential offer always comes as the first evidence request/response for openid4vci. This also moves more responsibility to proofing flow handler (FunkeProofingState in our code, in particular performPushedAuthorizationRequest method has been moved). This makes proofing more self-contained.

Manually tested with our openid4vci server and external servers. Also tested with our hardcoded issuer.

@sorotokin sorotokin requested a review from kdeus December 18, 2024 20:08
data class Openid4VciTxCode(
val message: String,
val numeric: Boolean,
val length: Int
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need a separate length field, or is this the length of the "message" string? What happens if there's a mismatch?

If it's not the length of the message field, please add comments indicating what each of these fields means.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added references to the spec.

@CborSerializable
data class Openid4VciTxCode(
val message: String,
val numeric: Boolean,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Maybe rename to isNumeric? ...so it's obvious from the name that this is a booean...?

...If I hadn't seen that the type was Boolean, my initial guess would have been that this was a copy of "message," but as an integer rather than a string.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

credentialOffer is Openid4VciCredentialOfferPreauthorizedCode &&
credentialOffer.txCode != null) {
val message = "<p>" +
credentialOffer.txCode!!.message.replace("<", "&lt;") +
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see we have a htmlEscape function in AdminServlet.kt. Rather than having different hacks in different areas of the code, could we move that function to a common library/utility and reuse it here? (maybe something in identity/src/commonMain/kotlin/com/android/identity/util ?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Signed-off-by: Peter Sorotokin <[email protected]>
@sorotokin sorotokin merged commit ef558dc into main Dec 19, 2024
5 checks passed
@sorotokin sorotokin deleted the openid4vci-interop branch December 19, 2024 03:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants