[OID4VCI] Revisit and fix OAuthClient.authorizationRequest() #45979
Description
Description
Currently we do an Authorization Code Flow request like this ...
OID4VCAuthorizationDetail authDetail = new OID4VCAuthorizationDetail();
authDetail.setType(OPENID_CREDENTIAL);
authDetail.setCredentialConfigurationId(credConfigId);
authDetail.setLocations(List.of(ctx.issuerMetadata.getCredentialIssuer()));
oauth.loginForm().scope(SCOPE_OPENID, credScopeName).open();
oauth.fillLoginForm(ctx.appUser,"password");
AuthorizationEndpointResponse authRequestResponse = oauth.parseLoginResponse();
if (authRequestResponse.getErrorDescription() != null) {
throw new IllegalStateException(authRequestResponse.getErrorDescription() != null
? authRequestResponse.getErrorDescription()
: "Request failed with status ???");
}
String authCode = authRequestResponse.getCode();
This code has several issues ...
- The API is quite clumsy and does not support an existing AuthorizationRequest object (which might be quite rich)
- It does not support
authorization_details - Error handling relies on
error_descriptionthe http status code is lost - The API does not follow the
oauth.authorizationRequest().send()pattern like other requests
Value Proposition
- Support a provided
AuthorizationRequestdirectly to the HttpGetRequest - Add support for
authorization_details - Retain the http status code and unify the error handling with other HttpGetRequests
Goals
Cleaner and more reliable code
Non-Goals
--
Discussion
No response
Notes
No response