Thorough request object retrieval algorithm

vclib-openid/build.gradle.kts

@@ -22,20 +22,27 @@ kotlin {
     iosX64()
     sourceSets {
 
-         commonMain {
+        commonMain {
             dependencies {
                 api(project(":vclib"))
                 commonImplementationDependencies()
+                implementation(ktor("client-core"))
             }
         }
 
-         jvmMain {
+        commonTest {
+            dependencies {
+                implementation(ktor("client-mock"))
+            }
+        }
+
+        jvmMain {
             dependencies {
                 implementation(bouncycastle("bcprov"))
             }
         }
 
-         jvmTest {
+        jvmTest {
             dependencies {
                 implementation("com.nimbusds:nimbus-jose-jwt:${VcLibVersions.Jvm.`jose-jwt`}")
                 implementation("org.json:json:${VcLibVersions.Jvm.json}")

vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/AuthenticationRequestParameters.kt

@@ -26,13 +26,13 @@ data class AuthenticationRequestParameters(
      *
      * Optional when JAR (RFC9101) is used.
      */
-    @SerialName("response_type")
+    @SerialName(AuthenticationRequestConstants.SerialNames.responseType)
     val responseType: String? = null,
 
     /**
      * OIDC: REQUIRED. OAuth 2.0 Client Identifier valid at the Authorization Server.
      */
-    @SerialName("client_id")
+    @SerialName(AuthenticationRequestConstants.SerialNames.clientId)
     val clientId: String,
 
     /**
@@ -42,7 +42,7 @@ data class AuthenticationRequestParameters(
      *
      * Optional when JAR (RFC9101) is used.
      */
-    @SerialName("redirect_uri")
+    @SerialName(AuthenticationRequestConstants.SerialNames.redirectUrl)
     val redirectUrl: String? = null,
 
     /**
@@ -51,46 +51,46 @@ data class AuthenticationRequestParameters(
      * understood by an implementation SHOULD be ignored.
      * e.g. `profile` or `com.example.healthCardCredential`
      */
-    @SerialName("scope")
+    @SerialName(AuthenticationRequestConstants.SerialNames.scope)
     val scope: String? = null,
 
     /**
      * OIDC: RECOMMENDED. Opaque value used to maintain state between the request and the callback. Typically,
      * Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this
      * parameter with a browser cookie.
      */
-    @SerialName("state")
+    @SerialName(AuthenticationRequestConstants.SerialNames.state)
     val state: String? = null,
 
     /**
      * OIDC: OPTIONAL. String value used to associate a Client session with an ID Token, and to mitigate replay attacks.
      * The value is passed through unmodified from the Authentication Request to the ID Token. Sufficient entropy MUST
      * be present in the nonce values used to prevent attackers from guessing values.
      */
-    @SerialName("nonce")
+    @SerialName(AuthenticationRequestConstants.SerialNames.nonce)
     val nonce: String? = null,
 
     /**
      * OIDC: OPTIONAL. This parameter is used to request that specific Claims be returned. The value is a JSON object
      * listing the requested Claims.
      */
-    @SerialName("claims")
+    @SerialName(AuthenticationRequestConstants.SerialNames.claims)
     val claims: AuthnRequestClaims? = null,
 
     /**
      * OIDC SIOPv2: OPTIONAL. This parameter is used by the RP to provide information about itself to a Self-Issued OP
      * that would normally be provided to an OP during Dynamic RP Registration.
      * It MUST not be present if the RP uses OpenID Federation 1.0 Automatic Registration to pass its metadata.
      */
-    @SerialName("client_metadata")
+    @SerialName(AuthenticationRequestConstants.SerialNames.clientMetadata)
     val clientMetadata: RelyingPartyMetadata? = null,
 
     /**
      * OIDC SIOPv2: OPTIONAL. This parameter is used by the RP to provide information about itself to a Self-Issued OP
      * that would normally be provided to an OP during Dynamic RP Registration.
      * It MUST not be present if the RP uses OpenID Federation 1.0 Automatic Registration to pass its metadata.
      */
-    @SerialName("client_metadata_uri")
+    @SerialName(AuthenticationRequestConstants.SerialNames.clientMetadataUri)
     val clientMetadataUri: String? = null,
 
     /**
@@ -99,23 +99,23 @@ data class AuthenticationRequestParameters(
      * logged in or is logged in by the request, then the Authorization Server returns a positive response; otherwise,
      * it SHOULD return an error, such as login_required.
      */
-    @SerialName("id_token_hint")
+    @SerialName(AuthenticationRequestConstants.SerialNames.idTokenHint)
     val idTokenHint: String? = null,
 
     /**
      * OAuth 2.0 JAR: REQUIRED unless `request_uri` is specified. The Request Object that holds authorization request
      * parameters stated in Section 4 of RFC6749 (OAuth 2.0). If this parameter is present in the authorization request,
      * `request_uri` MUST NOT be present.
      */
-    @SerialName("request")
+    @SerialName(AuthenticationRequestConstants.SerialNames.request)
     val request: String? = null,
 
     /**
      * OAuth 2.0 JAR: REQUIRED unless request is specified. The absolute URI, as defined by RFC3986, that is the
      * Request Object URI referencing the authorization request parameters stated in Section 4 of RFC6749 (OAuth 2.0).
      * If this parameter is present in the authorization request, `request` MUST NOT be present.
      */
-    @SerialName("request_uri")
+    @SerialName(AuthenticationRequestConstants.SerialNames.requestUri)
     val requestUri: String? = null,
 
     /**
@@ -128,23 +128,23 @@ data class AuthenticationRequestParameters(
      *
      * See [IdTokenType] for valid values.
      */
-    @SerialName("id_token_type")
+    @SerialName(AuthenticationRequestConstants.SerialNames.idTokenType)
     val idTokenType: String? = null,
 
     /**
      * OID4VP: A string containing a Presentation Definition JSON object. This parameter MUST be present when
      * `presentation_definition_uri` parameter, or a `scope` value representing a Presentation Definition is not
      * present.
      */
-    @SerialName("presentation_definition")
+    @SerialName(AuthenticationRequestConstants.SerialNames.presentationDefinition)
     val presentationDefinition: PresentationDefinition? = null,
 
     /**
      * OID4VP: A string containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can
      * be retrieved. This parameter MUST be present when `presentation_definition` parameter, or a `scope` value
      * representing a Presentation Definition is not present.
      */
-    @SerialName("authorization_details")
+    @SerialName(AuthenticationRequestConstants.SerialNames.authorizationDetails)
     val authorizationDetails: AuthorizationDetails? = null,
 
     /**
@@ -157,30 +157,30 @@ data class AuthenticationRequestParameters(
      * Identifier schemes the Wallet supports prior to sending the Authorization Request in order to choose a supported
      * scheme.
      */
-    @SerialName("client_id_scheme")
+    @SerialName(AuthenticationRequestConstants.SerialNames.clientIdScheme)
     val clientIdScheme: String? = null,
 
     /**
      * OID4VP: OPTIONAL. String containing the Wallet's identifier. The Credential Issuer can use the discovery process
      * defined in SIOPv2 to determine the Wallet's capabilities and endpoints, using the `wallet_issuer` value as the
      * Issuer Identifier referred to in SIOPv2. This is RECOMMENDED in Dynamic Credential Requests.
      */
-    @SerialName("wallet_issuer")
+    @SerialName(AuthenticationRequestConstants.SerialNames.walletIssuer)
     val walletIssuer: String? = null,
 
     /**
      * OID4VP: OPTIONAL. String containing an opaque End-User hint that the Wallet MAY use in subsequent callbacks to
      * optimize the End-User's experience. This is RECOMMENDED in Dynamic Credential Requests.
      */
-    @SerialName("user_hint")
+    @SerialName(AuthenticationRequestConstants.SerialNames.userHint)
     val userHint: String? = null,
 
     /**
      * OID4VP: OPTIONAL. String value identifying a certain processing context at the Credential Issuer. A value for
      * this parameter is typically passed in a Credential Offer from the Credential Issuer to the Wallet. This request
      * parameter is used to pass the issuer_state value back to the Credential Issuer.
      */
-    @SerialName("issuer_state")
+    @SerialName(AuthenticationRequestConstants.SerialNames.issuerState)
     val issuerState: String? = null,
 
     /**
@@ -191,7 +191,7 @@ data class AuthenticationRequestParameters(
      * OIDC SIOPv2: This response mode `post` is used to request the Self-Issued OP to deliver the result of the
      * authentication process to a certain endpoint using the HTTP POST method.
      */
-    @SerialName("response_mode")
+    @SerialName(AuthenticationRequestConstants.SerialNames.responseMode)
     val responseMode: String? = null,
 
     /**
@@ -202,29 +202,29 @@ data class AuthenticationRequestParameters(
      * Request parameter is present when the Response Mode is `direct_post`, the Wallet MUST return an
      * `invalid_request` Authorization Response error.
      */
-    @SerialName("response_uri")
+    @SerialName(AuthenticationRequestConstants.SerialNames.responseUrl)
     val responseUrl: String? = null,
 
     /**
      * OAuth 2.0 JAR: If signed, the Authorization Request Object SHOULD contain the Claims `iss` (issuer) and `aud`
      * (audience) as members with their semantics being the same as defined in the JWT (RFC7519) specification. The
      * value of `aud` should be the value of the authorization server (AS) `issuer`, as defined in RFC 8414.
      */
-    @SerialName("aud")
+    @SerialName(AuthenticationRequestConstants.SerialNames.audience)
     val audience: String? = null,
 
     /**
      * OAuth 2.0 JAR: If signed, the Authorization Request Object SHOULD contain the Claims `iss` (issuer) and `aud`
      * (audience) as members with their semantics being the same as defined in the JWT (RFC7519) specification. The
      * value of `aud` should be the value of the authorization server (AS) `issuer`, as defined in RFC 8414.
      */
-    @SerialName("iss")
+    @SerialName(AuthenticationRequestConstants.SerialNames.issuer)
     val issuer: String? = null,
 
     /**
      * OPTIONAL. Time at which the request was issued.
      */
-    @SerialName("iat")
+    @SerialName(AuthenticationRequestConstants.SerialNames.issuedAt)
     @Serializable(with = InstantLongSerializer::class)
     val issuedAt: Instant? = null,
 ) {
@@ -240,3 +240,35 @@ data class AuthenticationRequestParameters(
         }
     }
 }
+
+// restricted to internal as there is no reason to make this public for now
+object AuthenticationRequestConstants {
+    object SerialNames {
+
+        const val audience = "aud"
+        const val authorizationDetails = "authorization_details"
+        const val claims = "claims"
+        const val clientId = "client_id"
+        const val clientIdScheme = "client_id_scheme"
+        const val clientMetadata = "client_metadata"
+        const val clientMetadataUri = "client_metadata_uri"
+        const val idTokenHint = "id_token_hint"
+        const val idTokenType = "id_token_type"
+        const val issuedAt = "iat"
+        const val issuer = "iss"
+        const val issuerState = "issuer_state"
+        const val nonce = "nonce"
+        const val presentationDefinition = "presentation_definition"
+        const val presentationDefinitionUri = "presentation_definition_uri"
+        const val redirectUrl = "redirect_uri"
+        const val request = "request"
+        const val requestUri = "request_uri"
+        const val responseMode = "response_mode"
+        const val responseType = "response_type"
+        const val responseUrl = "response_uri"
+        const val scope = "scope"
+        const val state = "state"
+        const val userHint = "user_hint"
+        const val walletIssuer = "wallet_issuer"
+    }
+}