feature/jarm_sdk #158
feature/jarm_sdk #158
Conversation
# Conflicts: # packages/siop-oid4vp/lib/authorization-response/AuthorizationResponse.ts # packages/siop-oid4vp/lib/authorization-response/OpenID4VP.ts # packages/siop-oid4vp/lib/authorization-response/PresentationExchange.ts # packages/siop-oid4vp/lib/helpers/Revocation.ts # packages/siop-oid4vp/package.json # pnpm-lock.yaml
# Conflicts: # packages/siop-oid4vp/lib/authorization-response/PresentationExchange.ts
…adata, to make it easier for implementers to extract the enc jwks themselves
…cate versions when multiple feature branches exist simultaneously
# Conflicts: # package.json # packages/siop-oid4vp/lib/rp/RP.ts # pnpm-lock.yaml
# Conflicts: # pnpm-lock.yaml
…ect_uri Feature/sdk 35 redirect uri
# Conflicts: # packages/siop-oid4vp/lib/__tests__/TestUtils.ts # packages/siop-oid4vp/lib/__tests__/functions/LanguageTagUtils.spec.ts # packages/siop-oid4vp/lib/authorization-response/AuthorizationResponse.ts # packages/siop-oid4vp/lib/authorization-response/PresentationExchange.ts # packages/siop-oid4vp/lib/helpers/Revocation.ts # packages/siop-oid4vp/lib/op/OP.ts # packages/siop-oid4vp/lib/rp/RPBuilder.ts # pnpm-lock.yaml
…/jarm_sdk # Conflicts: # packages/siop-oid4vp/lib/op/OP.ts # pnpm-lock.yaml
| @@ -172,7 +172,7 @@ describe('RP using test vectors', () => { | |||
| ).toBeTruthy() | |||
| }) | |||
|
|
|||
| it('should decode auth response', async () => { | |||
| it.skip('should decode auth response', async () => { // FIXME pex is too lenient ATM | |||
There was a problem hiding this comment.
Has this been checked with latest version. This is a pretty core test, that should not just be disabled
There was a problem hiding this comment.
Reverted, should pass now after updating pex to 5.0.0-unstable.18
That was the credential.vp resolution I removed in pex today.
| @@ -119,7 +120,10 @@ export class AuthorizationRequest { | |||
| let requestObjectPayload: RequestObjectPayload | undefined = undefined | |||
|
|
|||
| const jwt = await this.requestObjectJwt() | |||
| const parsedJwt = jwt ? parseJWT(jwt) : undefined | |||
| let parsedJwt = undefined | |||
There was a problem hiding this comment.
Uh this is almost doing the same thing, except not for null values (which should also be taken into account). But now we have a var instead of a const, so worse
There was a problem hiding this comment.
reverted. No clue why I did this...
| @@ -164,7 +168,10 @@ export class AuthorizationRequest { | |||
| ) | |||
| assertValidRPRegistrationMedataPayload(registrationMetadataPayload) | |||
| // TODO: We need to do something with the metadata probably | |||
| } /*else { this makes test mattr.launchpad.spec.ts fail why was this check added? | |||
There was a problem hiding this comment.
Ah that was to have the following discussion:
These test are failing
It just creates an AuthorizationRequest for OpenBadge where RequestObject is undefined so there also won't be a parsedJwt / requestObjectPayload. Next mergedPayload is expected to have client_metadata which it won't, failing the test / CI pipeline with "could not fetch registrationMetadataPayload due to missing payload key client_metadata"
So the question is: is that assertion realistic to enforce? Or so we need to expand the test so it actually provides client_metadata?
There was a problem hiding this comment.
Uh, that means the test is wrong or something else is going on. The else is an assertion and should be there. There really needs to be a client_metadata(_uri) (previously called registration).
I don't get why you assume that what is clearly an assertion should all of a sudden not be needed anymore
| @@ -256,7 +270,11 @@ export class AuthorizationRequest { | |||
| } | |||
|
|
|||
| public async mergedPayloads(): Promise<RequestObjectPayload> { | |||
| return { ...this.payload, ...(this.requestObject && (await this.requestObject.getPayload())) } | |||
| const requestObjectPayload = { ...this.payload, ...(this.requestObject && (await this.requestObject.getPayload())) } | |||
| if (requestObjectPayload.scope && typeof requestObjectPayload.scope !== 'string') { // test mattr.launchpad.spec.ts does not supply a scope value | |||
There was a problem hiding this comment.
This check should probably live somewhere else that is calling the mergePayloads
There was a problem hiding this comment.
The situation I found was
Not sure why Sadjad placed it precisely there, maybe because mergedPayloads() is called in many nasty/embedded places.
But the field should be there
scope: string // REQUIRED. As specified in Section 3.1.2 of [OpenID.Core].
anyway the mattr.launchpad.spec.ts does not supply a requestObject so we also won't have a scope either.
so again these tests should either be upgraded or disabled imo
There was a problem hiding this comment.
Well something must be off with the mattr test or the way we treat request objects then. The test has been there for a very long time and always passed.
The lib should be able to work without a request object (so in plain oauth2 mode)
There was a problem hiding this comment.
Also the string assertion only applies of there is a scope to begin with. If not then the error will never be thrown
| @@ -238,7 +238,7 @@ function assertIssSelfIssuedOrDid(payload: JWTPayload) { | |||
| } | |||
| } | |||
|
|
|||
| export function getSubDidFromPayload(payload: JWTPayload, header?: JWTHeader): string { | |||
| export function getSubDidFromPayload(payload: JWTPayload, header?: JWTHeader): string | undefined { | |||
There was a problem hiding this comment.
Please revert. The assert method below ensures a string is always present
There was a problem hiding this comment.
I see it now. But my tsc does not look inside assertIssSelfIssuedOrDid, so have to return payload.sub! instead
| @@ -13,7 +13,7 @@ export class OPBuilder { | |||
| expiresIn?: number | |||
| issuer?: IIssuerId | ResponseIss | |||
| responseMode?: ResponseMode = ResponseMode.DIRECT_POST | |||
| responseRegistration?: Partial<ResponseRegistrationOpts> = {} | |||
| responseRegistration?: Partial<ResponseRegistrationOpts> //= {} | |||
There was a problem hiding this comment.
This is likely to cause issues in certain situations as the builder properties are assigned to the OP in the build phase. So why was this needed?
There was a problem hiding this comment.
I probably did this when fighting sudden issues with LanguageTagUtils.
const languageTaggedFields: Map<string, string> = LanguageTagUtils.getLanguageTaggedProperties(
opts.builder.responseRegistration,
languageTagEnabledFieldsNames,
)
when opts.builder.responseRegistration is undefined it's not going to try to translate. When an empty object it's going to throw error because of missing fields.
They also pass in languageTagEnabledFieldsNames which was actually interpreted as languageTagRequiredFieldsNames. But I think I fixed that at a later point, so I will try to revert that.
| @@ -55,6 +60,7 @@ export const createVerifyResponseOptsFromBuilderOrExistingOpts = (opts: { | |||
| return opts.builder | |||
| ? { | |||
| hasher: opts.builder.hasher ?? defaultHasher, | |||
| // correlationId: uuidv4(), We can't set a correlationId here, it will no longer check functions like this.sessionManager.getCorrelationIdByNonce(resNonce, false) | |||
There was a problem hiding this comment.
Yes, why would it need that function to begin with if you already have a correlation Id? and internally we work by correlationId
There was a problem hiding this comment.
Guess we'll never find out anymore...
I left the comment there in case anyone else would decide to "fix" something in the future
packages/siop-oid4vp/lib/rp/RP.ts
Outdated
| @@ -196,13 +198,13 @@ export class RP { | |||
| correlationId, | |||
| }) | |||
| correlationId = verifyAuthenticationResponseOpts.correlationId ?? correlationId | |||
| void this.emitEvent(AuthorizationEvents.ON_AUTH_RESPONSE_RECEIVED_SUCCESS, { | |||
| await this.emitEvent(AuthorizationEvents.ON_AUTH_RESPONSE_RECEIVED_SUCCESS, { | |||
There was a problem hiding this comment.
First why is this needed. This makes the events sync. Second. If you change it here, then at least change it everywhere in this file
There was a problem hiding this comment.
reverted all events to be sync. (also not using that one anymore)
packages/siop-oid4vp/lib/rp/RP.ts
Outdated
| @@ -225,6 +227,19 @@ export class RP { | |||
| return this._verifyResponseOptions | |||
| } | |||
|
|
|||
| public getResponseRedirectUri(mappings?: Record<string, string>): string | undefined { | |||
| if (this._responseRedirectUri === undefined) { | |||
There was a problem hiding this comment.
Why are you constantly explicitly checking against undefined. That can have undesired side effects if someone explicitly sets something to null for instance (which is a valid value for an optional const/var/param). Simply do !param
There was a problem hiding this comment.
fixed. I vaguely remember comments in Slack a year or longer ago that we had to be specific about these conditions, write them out and not use truthy / falsy.
packages/siop-oid4vp/lib/rp/RP.ts
Outdated
| if (this._responseRedirectUri === undefined) { | ||
| return undefined | ||
| } | ||
| if(mappings === undefined) { |
There was a problem hiding this comment.
Why are you constantly explicitly checking against undefined. That can have undesired side effects if someone explicitly sets something to null for instance (which is a valid value for an optional const/var/param). Simply do !param
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #158 +/- ##
============================================
- Coverage 89.22% 48.81% -40.42%
============================================
Files 17 74 +57
Lines 668 5005 +4337
Branches 170 1787 +1617
============================================
+ Hits 596 2443 +1847
- Misses 69 2560 +2491
+ Partials 3 2 -1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Fixes while testing jarm