vck-openid/at.asitplus.wallet.lib.oauth2/SimpleAuthorizationService

SimpleAuthorizationService

class SimpleAuthorizationService(strategy: AuthorizationServiceStrategy, codeService: CodeService = DefaultCodeService(), tokenService: NonceService = DefaultNonceService(), clientNonceService: NonceService = DefaultNonceService(), val publicContext: String = "https://wallet.a-sit.at/authorization-server", authorizationEndpointPath: String = "/authorize", tokenEndpointPath: String = "/token", codeToCodeChallengeStore: MapStore<String, String> = DefaultMapStore(), codeToUserInfoStore: MapStore<String, OidcUserInfoExtended> = DefaultMapStore(), accessTokenToUserInfoStore: MapStore<String, OidcUserInfoExtended> = DefaultMapStore()) : OAuth2AuthorizationServerAdapter(source)

Simple authorization server implementation, to be used for CredentialIssuer, with the actual authentication and authorization logic implemented in strategy.

Implemented from OpenID for Verifiable Credential Issuance , Draft 14, 2024-08-21.

Constructors

Link copied to clipboard
constructor(strategy: AuthorizationServiceStrategy, codeService: CodeService = DefaultCodeService(), tokenService: NonceService = DefaultNonceService(), clientNonceService: NonceService = DefaultNonceService(), publicContext: String = "https://wallet.a-sit.at/authorization-server", authorizationEndpointPath: String = "/authorize", tokenEndpointPath: String = "/token", codeToCodeChallengeStore: MapStore<String, String> = DefaultMapStore(), codeToUserInfoStore: MapStore<String, OidcUserInfoExtended> = DefaultMapStore(), accessTokenToUserInfoStore: MapStore<String, OidcUserInfoExtended> = DefaultMapStore())

Properties

Link copied to clipboard
val metadata: OAuth2AuthorizationServerMetadata

Serve this result JSON-serialized under /.well-known/openid-configuration, see OpenIdConstants.PATH_WELL_KNOWN_OPENID_CONFIGURATION

Link copied to clipboard
open override val publicContext: String

Used in several fields in OAuth2AuthorizationServerMetadata, to provide endpoint URLs to clients.

Link copied to clipboard
open override val supportsClientNonce: Boolean = true

Whether this authorization server includes at.asitplus.openid.TokenResponseParameters.clientNonce it its token response, i.e. whether the CredentialIssuer needs to verify it using verifyClientNonce.

Functions

Link copied to clipboard
suspend fun authorize(request: AuthenticationRequestParameters): KmmResult<AuthenticationResponseResult.Redirect>

Builds the authentication response. Send this result as HTTP Header Location in a 302 response to the client.

Link copied to clipboard
open suspend override fun getUserInfo(accessToken: String): KmmResult<OidcUserInfoExtended>

Get the OidcUserInfoExtended (holding at.asitplus.openid.OidcUserInfo) associated with the accessToken, that was created before at the Authorization Server.

Link copied to clipboard
open suspend override fun provideMetadata(): KmmResult<OAuth2AuthorizationServerMetadata>

Provide necessary OAuth2AuthorizationServerMetadata JSON for a client to be able to authenticate

Link copied to clipboard
open suspend override fun providePreAuthorizedCode(user: OidcUserInfoExtended): String

Provide a pre-authorized code (for flow defined in OID4VCI), to be used by the Wallet implementation to load credentials.

Link copied to clipboard
suspend fun token(params: TokenRequestParameters): KmmResult<TokenResponseParameters>

Verifies the authorization code sent by the client and issues an access token. Send this value JSON-serialized back to the client.

Link copied to clipboard
open suspend override fun verifyClientNonce(nonce: String): Boolean

Called by CredentialIssuer to verify that nonces contained in proof-of-possession statements from clients are indeed valid.