Supporting OID4VCI AuthZCode flow: #29685
Conversation
Step1 for without scope parameter mode Fixes keycloak#23628 Signed-off-by: Yutaka Obuchi <[email protected]>
|
@bucchi I created a sub issue for the main issue. Could you modify your commit log from
to
? |
tnorimat
left a comment
There was a problem hiding this comment.
@bucchi Thank you. I reviewed the PR and I added some review comments. Could you check them ?
Also, when you finally squash commits after the PR is approved, could you fix the PR's squashed commit message as I mentioned in the previous comment of the PR?
| Response discoveryResponse = oid4vciDiscoveryTarget.request().get(); | ||
| CredentialIssuer oid4vciIssuerConfig = JsonSerialization.readValue(discoveryResponse.readEntity(String.class), CredentialIssuer.class); | ||
|
|
||
| assertEquals(200, discoveryResponse.getStatus()); |
There was a problem hiding this comment.
IMO, it might be good if this assertion be just after L458 (line 458).
| CredentialIssuer oid4vciIssuerConfig = JsonSerialization.readValue(discoveryResponse.readEntity(String.class), CredentialIssuer.class); | ||
|
|
||
| assertEquals(200, discoveryResponse.getStatus()); | ||
| assertEquals("https://localhost:8543/auth/realms/test", oid4vciIssuerConfig.getCredentialIssuer()); |
There was a problem hiding this comment.
If possible, could you avoid hard-coded https://localhost:8543/auth/realms/test ?
|
|
||
| assertEquals(200, discoveryResponse.getStatus()); | ||
| assertEquals("https://localhost:8543/auth/realms/test", oid4vciIssuerConfig.getCredentialIssuer()); | ||
| assertEquals("https://localhost:8543/auth/realms/test/protocol/oid4vc/credential", oid4vciIssuerConfig.getCredentialEndpoint()); |
There was a problem hiding this comment.
If possible, could you avoid hard-coded https://localhost:8543/auth/realms/test/protocol/oid4vc/credential ?
| request.setFormat(oid4vciIssuerConfig.getCredentialsSupported().get("test-credential").getFormat()); | ||
| request.setCredentialIdentifier(oid4vciIssuerConfig.getCredentialsSupported().get("test-credential").getId()); | ||
|
|
||
| assertEquals("jwt_vc", oid4vciIssuerConfig.getCredentialsSupported().get("test-credential").getFormat().toString()); |
There was a problem hiding this comment.
"jwt_vc" can be Format.JWT_VC.toString() .
| Response response = credentialTarget.request().header(HttpHeaders.AUTHORIZATION, "bearer " + token).post(Entity.json(request)); | ||
| CredentialResponse credentialResponse = JsonSerialization.readValue(response.readEntity(String.class),CredentialResponse.class); | ||
|
|
||
| assertEquals(200, response.getStatus()); |
There was a problem hiding this comment.
IMO, it might be good if this assertion be just after L478 (line 478).
| assertEquals("https://localhost:8543/auth/realms/test/protocol/oid4vc/credential", oid4vciIssuerConfig.getCredentialEndpoint()); | ||
|
|
||
| // 4. With the access token, get the credential | ||
| Client clientForCredentialRequest = AdminClientUtil.createResteasyClient(); |
There was a problem hiding this comment.
The same as L454 (line 454).
| String token = getBearerToken(oauth.openid(false).scope(null)); | ||
|
|
||
| // 3. Get the credential configuration id from issuer metadata at .wellKnown | ||
| Client client = AdminClientUtil.createResteasyClient(); |
There was a problem hiding this comment.
It might be better to use try-finally clause for this Client clientForCredentialRequest.
For example, see
Or, maybe, it can be re-written as follows:
Response discoveryResponse;
CredentialIssuer oid4vciIssuerConfig;
try (Client client = AdminClientUtil.createResteasyClient()) {
UriBuilder builder = UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT);
URI oid4vciDiscoveryUri = RealmsResource.wellKnownProviderUrl(builder).build("test", OID4VCIssuerWellKnownProviderFactory.PROVIDER_ID);
WebTarget oid4vciDiscoveryTarget = client.target(oid4vciDiscoveryUri);
discoveryResponse = oid4vciDiscoveryTarget.request().get();
oid4vciIssuerConfig = JsonSerialization.readValue(discoveryResponse.readEntity(String.class), CredentialIssuer.class);
}
| assertEquals("jwt_vc", oid4vciIssuerConfig.getCredentialsSupported().get("test-credential").getFormat().toString()); | ||
| assertEquals("test-credential", oid4vciIssuerConfig.getCredentialsSupported().get("test-credential").getId()); | ||
|
|
||
| Response response = credentialTarget.request().header(HttpHeaders.AUTHORIZATION, "bearer " + token).post(Entity.json(request)); |
There was a problem hiding this comment.
The same as L454 (line 454).
francis-pouatcha
left a comment
There was a problem hiding this comment.
@bucchi all my review comment match those of @tnorimat . I sent a pull request Hitachi#707 to address those issues.
…view-2067746577 Signed-off-by: Francis Pouatcha <[email protected]>
|
@mposolda I approved the PR. Could you check it? |
|
The PR closes #29724 |
mposolda
left a comment
There was a problem hiding this comment.
@bucchi @tnorimat @francis-pouatcha Thanks for the fix and reviews!
mposolda
left a comment
There was a problem hiding this comment.
@bucchi @tnorimat @francis-pouatcha Thanks for the PR and reviews!
|
@mposolda Thank you! |
#17616 (comment)
As discussion above, commit test code for "Step1:without scope parameter mode" .
closes #29724