sync main

.env-issuer.sample

@@ -87,3 +87,6 @@ ISSUER_PAYMENTS_SETTINGS_PATH=./payment_settings.yaml
 
 #if you want, you can specify the content of the payments configuration encoded in base64. In this case ISSUER_PAYMENTS_SETTINGS_PATH have to be empty
 ISSUER_PAYMENTS_SETTINGS_FILE=
+
+# localstack credentials (only needed if you are using localstack)
+LOCALSTACK_AUTH_TOKEN=<localstack-auth-token>

.github/workflows/checks.yml

@@ -14,6 +14,8 @@ jobs:
           touch .env-ui
       - name: Docker Compose
         uses: hoverkraft-tech/compose-action@v2.0.1
+        env:
+          LOCALSTACK_AUTH_TOKEN: ${{ secrets.LOCALSTACK_AUTH_TOKEN }}
         with:
           compose-file: './infrastructure/local/docker-compose-infra.yml'
           services: |

Dockerfile-kms-importer

@@ -1,4 +1,4 @@
-FROM golang:1.22 AS base
+FROM golang:1.24 AS base
 ARG VERSION
 
 ARG ISSUER_KMS_ETH_PROVIDER_AWS_ACCESS_KEY

Makefile

@@ -33,6 +33,8 @@ REQUIRED_FILE := ${ISSUER_RESOLVER_PATH}
 DOTENV_CMD = $(BIN)/godotenv
 ENV = $(DOTENV_CMD) -f .env-issuer
 
+export LOCALSTACK_AUTH_TOKEN
+
 .PHONY: run-all-registry
 run-all-registry:
 	@make down

api/api.yaml

@@ -1862,6 +1862,32 @@ paths:
           $ref: '#/components/responses/400'
         '500':
           $ref: '#/components/responses/500'
+
+  /v2/identities/{identifier}/payment-request/nonce/{nonce}:
+    get:
+      summary: Get Payment Request By Nonce
+      operationId: GetPaymentRequestByNonce
+      description: Get a specific payment request for the provided identity by nonce.
+      tags:
+        - Payment
+      security:
+        - basicAuth: [ ]
+      parameters:
+        - $ref: '#/components/parameters/pathIdentifier'
+        - $ref: '#/components/parameters/pathPaymentNonce'
+      responses:
+        '200':
+          description: Retrieve a payment request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CreatePaymentRequestResponse'
+        '400':
+          $ref: '#/components/responses/400'
+        '404':
+          $ref: '#/components/responses/404'
+        '500':
+          $ref: '#/components/responses/500'
 
   /v2/payment/settings:
     get:
@@ -3526,6 +3552,13 @@ components:
       schema:
         type: string
 
+    pathPaymentNonce:
+      name: nonce
+      in: path
+      required: true
+      description: Payment nonce
+      schema:
+        type: string
 
   responses:
     '400':

infrastructure/local/docker-compose-infra.yml

@@ -84,12 +84,13 @@ services:
     command: ./vault/scripts/init.sh
 
   localstack:
-    image: localstack/localstack:latest
+    image: localstack/localstack:2026.3
     ports:
       - "4566:4566"
     environment:
       - SERVICES=secretsmanager,kms
       - DEBUG=1
+      - LOCALSTACK_AUTH_TOKEN=${LOCALSTACK_AUTH_TOKEN}
 
 networks:
   default:

internal/api/payment.go

@@ -176,6 +176,26 @@ func (s *Server) GetPaymentRequest(ctx context.Context, request GetPaymentReques
 	return GetPaymentRequest200JSONResponse(toCreatePaymentRequestResponse(ctx, paymentRequest)), nil
 }
 
+// GetPaymentRequestByNonce is the controller to get payment request by nonce
+func (s *Server) GetPaymentRequestByNonce(ctx context.Context, request GetPaymentRequestByNonceRequestObject) (GetPaymentRequestByNonceResponseObject, error) {
+	issuerDID, err := w3c.ParseDID(request.Identifier)
+	if err != nil {
+		log.Error(ctx, "parsing issuer did", "err", err, "did", request.Identifier)
+		return GetPaymentRequestByNonce400JSONResponse{N400JSONResponse{Message: "invalid issuer did"}}, nil
+	}
+	const base10 = 10
+	nonce, ok := new(big.Int).SetString(request.Nonce, base10)
+	if !ok {
+		log.Error(ctx, "parsing nonce on get payment request by nonce", "nonce", request.Nonce)
+		return GetPaymentRequestByNonce400JSONResponse{N400JSONResponse{Message: fmt.Sprintf("invalid nonce: <%s>", request.Nonce)}}, nil
+	}
+	paymentRequest, err := s.paymentService.GetPaymentRequestByNonce(ctx, issuerDID, nonce)
+	if err != nil {
+		return GetPaymentRequestByNonce500JSONResponse{N500JSONResponse{Message: fmt.Sprintf("can't get payment-request: %s", err)}}, nil
+	}
+	return GetPaymentRequestByNonce200JSONResponse(toCreatePaymentRequestResponse(ctx, paymentRequest)), nil
+}
+
 // DeletePaymentRequest is the controller to delete payment request
 func (s *Server) DeletePaymentRequest(ctx context.Context, request DeletePaymentRequestRequestObject) (DeletePaymentRequestResponseObject, error) {
 	issuerDID, err := w3c.ParseDID(request.Identifier)

internal/core/ports/payment_service.go

@@ -43,6 +43,7 @@ type PaymentService interface {
 	CreatePaymentRequest(ctx context.Context, req *CreatePaymentRequestReq) (*domain.PaymentRequest, error)
 	GetPaymentRequests(ctx context.Context, issuerDID *w3c.DID, queryParams *domain.PaymentRequestsQueryParams) ([]domain.PaymentRequest, error)
 	GetPaymentRequest(ctx context.Context, issuerDID *w3c.DID, id uuid.UUID) (*domain.PaymentRequest, error)
+	GetPaymentRequestByNonce(ctx context.Context, issuerDID *w3c.DID, nonce *big.Int) (*domain.PaymentRequest, error)
 	DeletePaymentRequest(ctx context.Context, issuerDID *w3c.DID, id uuid.UUID) error
 	CreatePaymentRequestForProposalRequest(ctx context.Context, proposalRequest *protocol.CredentialsProposalRequestMessage) (*comm.BasicMessage, error)
 	GetSettings() payments.Config

internal/core/services/payment.go

@@ -235,6 +235,23 @@ func (p *payment) GetPaymentRequest(ctx context.Context, issuerDID *w3c.DID, ID
 	return paymentRequests, nil
 }
 
+// GetPaymentRequestByNonce returns payment request by nonce and issuer DID
+func (p *payment) GetPaymentRequestByNonce(ctx context.Context, issuerDID *w3c.DID, nonce *big.Int) (*domain.PaymentRequest, error) {
+	paymentReqItem, err := p.paymentsStore.GetPaymentRequestItem(ctx, *issuerDID, nonce)
+	if err != nil {
+		log.Error(ctx, "failed to get payment request item by nonce", "err", err, "issuerDID", issuerDID, "nonce", nonce)
+		return nil, fmt.Errorf("failed to get payment request item by nonce: %w", err)
+	}
+
+	paymentReq, err := p.paymentsStore.GetPaymentRequestByID(ctx, *issuerDID, paymentReqItem.PaymentRequestID)
+	if err != nil {
+		log.Error(ctx, "failed to get payment request by ID", "err", err, "issuerDID", issuerDID, "paymentRequestID", paymentReqItem.PaymentRequestID)
+		return nil, fmt.Errorf("failed to get payment request by ID: %w", err)
+	}
+
+	return paymentReq, nil
+}
+
 // DeletePaymentRequest deletes a payment request
 func (p *payment) DeletePaymentRequest(ctx context.Context, issuerDID *w3c.DID, ID uuid.UUID) error {
 	err := p.paymentsStore.DeletePaymentRequest(ctx, *issuerDID, ID)

internal/kms/aws_kms_eth_key_provider.go

@@ -57,6 +57,7 @@ func NewAwsKMSEthKeyProvider(ctx context.Context, keyType KeyType, issuerETHTran
 		options = make([]func(*kms.Options), 1)
 		options[0] = func(o *kms.Options) {
 			o.BaseEndpoint = aws.String(awsKmsEthKeyProviderConfig.URL)
+			o.Region = "us-east-1"
 		}
 	}
 

internal/kms/aws_secret_storage_provider.go

@@ -52,6 +52,7 @@ func NewAwsSecretStorageProvider(ctx context.Context, conf AwsSecretStorageProvi
 		options = make([]func(*secretsmanager.Options), 1)
 		options[0] = func(o *secretsmanager.Options) {
 			o.BaseEndpoint = aws.String(conf.URL)
+			o.Region = "us-east-1"
 		}
 	}