vck-openid/at.asitplus.wallet.lib.oauth2/OAuth2Client/createTokenRequestParameters

createTokenRequestParameters

suspend fun createTokenRequestParameters(state: String, authorization: OAuth2Client.AuthorizationForToken, authorizationDetails: Set<AuthorizationDetails>? = null, scope: String? = null, resource: String? = null): TokenRequestParameters(source)

Request token with an authorization code, e.g. from createAuthRequest, or pre-auth code.

Send the result as POST parameters (form-encoded) to the server at /token (or more specific OAuth2AuthorizationServerMetadata.tokenEndpoint).

Sample ktor code for authorization code:

val authnRequest = client.createAuthRequest(requestOptions)
val authnResponse = authorizationService.authorize(authnRequest).getOrThrow()
val code = authnResponse.params.code
val tokenRequest = client.createTokenRequestParameters(state, AuthorizationForToken.Code(code))
val tokenResponse = httpClient.submitForm(
    url = issuerMetadata.tokenEndpointUrl!!,
    formParameters = parameters {
        tokenRequest.encodeToParameters().forEach { append(it.key, it.value) }
    }
)
val token = TokenResponseParameters.deserialize(tokenResponse.bodyAsText()).getOrThrow()
Content copied to clipboard

Sample ktor code for pre-authn code:

val preAuth = credentialOffer.grants.preAuthorizedCode
val transactionCode = "..." // get from user input
val authorization = WalletService.AuthorizationForToken.PreAuthCode(preAuth, transactionCode)
val tokenRequest = client.createTokenRequestParameters(state, authorization)
val tokenResponse = httpClient.submitForm(
    url = issuerMetadata.tokenEndpointUrl!!,
    formParameters = parameters {
        tokenRequest.encodeToParameters().forEach { append(it.key, it.value) }
    }
)
val token = TokenResponseParameters.deserialize(tokenResponse.bodyAsText()).getOrThrow()
Content copied to clipboard

Be sure to include a DPoP header if OAuth2AuthorizationServerMetadata.dpopSigningAlgValuesSupported is set, see JwsService.buildDPoPHeader.

Parameters

state

to keep internal state in further requests

authorization

for the token endpoint

authorizationDetails

from RFC 9396 OAuth 2.0 Rich Authorization Requests

scope

in OID4VCI flows the value scope from IssuerMetadata.supportedCredentialConfigurations

resource

from RFC 8707 Resource Indicators for OAuth 2.0, in OID4VCI flows the value of IssuerMetadata.credentialIssuer