Merge pull request #79 from authlete/feat/nonce_endpoint

feat: Nonce Endpoint

Author: TakahikoKawasaki

pom.xml

@@ -12,9 +12,9 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
-    <authlete.java.common.version>4.22</authlete.java.common.version>
-    <authlete.java.jaxrs.version>2.86</authlete.java.jaxrs.version>
-    <authlete.cbor.version>1.18</authlete.cbor.version>
+    <authlete.java.common.version>4.33</authlete.java.common.version>
+    <authlete.java.jaxrs.version>2.90</authlete.java.jaxrs.version>
+    <authlete.cbor.version>1.21</authlete.cbor.version>
     <javax.servlet-api.version>3.0.1</javax.servlet-api.version>
     <jersey.version>2.34</jersey.version>
     <jetty.version>9.4.27.v20200227</jetty.version>

src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJwtIssuerEndpoint.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2023 Authlete, Inc.
+ * Copyright (C) 2023-2025 Authlete, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,49 +19,28 @@
 
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
-import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialJwtIssuerMetadataRequest;
-import com.authlete.common.dto.CredentialJwtIssuerMetadataResponse;
-import com.authlete.jaxrs.server.util.ResponseUtil;
+import com.authlete.jaxrs.BaseCredentialJwtIssuerMetadataEndpoint;
 
 
 @Path("/.well-known/{path : jwt-issuer|jwt-vc-issuer}")
-public class CredentialJwtIssuerEndpoint extends AbstractCredentialEndpoint
+public class CredentialJwtIssuerEndpoint extends BaseCredentialJwtIssuerMetadataEndpoint
 {
     @GET
     public Response get()
     {
-        final AuthleteApi api = AuthleteApiFactory.getDefaultApi();
+        // Authlete API interface
+        AuthleteApi api = AuthleteApiFactory.getDefaultApi();
 
-        return metadata(api);
-    }
-
-
-    private Response metadata(AuthleteApi api) throws WebApplicationException
-    {
+        // Request to the Authlete's /api/{service-id}/vci/jwtissuer API
         CredentialJwtIssuerMetadataRequest request =
                 new CredentialJwtIssuerMetadataRequest()
                         .setPretty(true);
 
-        CredentialJwtIssuerMetadataResponse response =
-                api.credentialJwtIssuerMetadata(request);
-
-        String content = response.getResponseContent();
-
-        switch (response.getAction())
-        {
-            case NOT_FOUND:
-                return ResponseUtil.notFoundJson(content);
-
-            case OK:
-                return ResponseUtil.okJson(content);
-
-            case INTERNAL_SERVER_ERROR:
-            default:
-                return ResponseUtil.internalServerError(content);
-        }
+        // Process the request.
+        return handle(api, request);
     }
 }

src/main/java/com/authlete/jaxrs/server/api/vci/CredentialMetadataEndpoint.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2023 Authlete, Inc.
+ * Copyright (C) 2023-2025 Authlete, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,50 +19,28 @@
 
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
-import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialIssuerMetadataRequest;
-import com.authlete.common.dto.CredentialIssuerMetadataResponse;
-import com.authlete.jaxrs.server.util.ExceptionUtil;
-import com.authlete.jaxrs.server.util.ResponseUtil;
+import com.authlete.jaxrs.BaseCredentialIssuerMetadataEndpoint;
 
 
 @Path("/.well-known/openid-credential-issuer")
-public class CredentialMetadataEndpoint extends AbstractCredentialEndpoint
+public class CredentialMetadataEndpoint extends BaseCredentialIssuerMetadataEndpoint
 {
     @GET
     public Response get()
     {
-        final AuthleteApi api = AuthleteApiFactory.getDefaultApi();
+        // Authlete API interface
+        AuthleteApi api = AuthleteApiFactory.getDefaultApi();
 
-        return metadata(api);
-    }
-
-
-    private Response metadata(final AuthleteApi api)
-            throws WebApplicationException
-    {
-        final CredentialIssuerMetadataRequest request =
+        // Request to the Authlete's /api/{service-id}/vci/metadata API
+        CredentialIssuerMetadataRequest request =
                 new CredentialIssuerMetadataRequest()
                         .setPretty(true);
 
-        final CredentialIssuerMetadataResponse response =
-                api.credentialIssuerMetadata(request);
-        final String content = response.getResponseContent();
-
-        switch (response.getAction())
-        {
-            case NOT_FOUND:
-                return ResponseUtil.notFoundJson(content);
-
-            case OK:
-                return ResponseUtil.okJson(response.getResponseContent());
-
-            case INTERNAL_SERVER_ERROR:
-            default:
-                throw ExceptionUtil.internalServerErrorExceptionJson(content);
-        }
+        // Process the request.
+        return handle(api, request);
     }
 }

src/main/java/com/authlete/jaxrs/server/api/vci/CredentialNonceEndpoint.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2025 Authlete, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package com.authlete.jaxrs.server.api.vci;
+
+
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Response;
+import com.authlete.common.api.AuthleteApi;
+import com.authlete.common.api.AuthleteApiFactory;
+import com.authlete.common.dto.CredentialNonceRequest;
+import com.authlete.jaxrs.BaseCredentialNonceEndpoint;
+
+
+/**
+ * An implementation of the nonce endpoint defined in the <a href=
+ * "https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html"
+ * >OpenID for Verifiable Credential Issuance 1&#x2E;0</a> specification.
+ *
+ * @see <a href="https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html">
+ *      OpenID for Verifiable Credential Issuance 1.0</a>
+ */
+@Path("/api/nonce")
+public class CredentialNonceEndpoint extends BaseCredentialNonceEndpoint
+{
+    /**
+     * The nonce endpoint.
+     *
+     * <p>
+     * From <a href=
+     * "https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#section-7.1"
+     * >Section 7.1. Nonce Request</a> of <a href=
+     * "https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html"
+     * >OpenID for Verifiable Credential Issuance 1.0</a>:
+     * </p>
+     *
+     * <blockquote>
+     * <p>
+     * A request for a nonce is made by sending an HTTP POST request to the URL
+     * provided in the {@code nonce_endpoint} Credential Issuer Metadata parameter.
+     * The Nonce Endpoint is not a protected resource, meaning the Wallet does
+     * not need to supply an access token to access it.
+     * </p>
+     * </blockquote>
+     *
+     * @return
+     *         A response from the nonce endpoint.
+     */
+    @POST
+    public Response post()
+    {
+        // Authlete API interface
+        AuthleteApi api = AuthleteApiFactory.getDefaultApi();
+
+        // Request to the Authlete's /api/{service-id}/vci/nonce API
+        CredentialNonceRequest request =
+                new CredentialNonceRequest()
+                        .setPretty(true);
+
+        // Process the request.
+        return handle(api, request);
+    }
+}

src/main/webapp/WEB-INF/web.xml

@@ -40,6 +40,7 @@
         com.authlete.jaxrs.server.api.vci.BatchCredentialEndpoint,
         com.authlete.jaxrs.server.api.vci.CredentialEndpoint,
         com.authlete.jaxrs.server.api.vci.CredentialMetadataEndpoint,
+        com.authlete.jaxrs.server.api.vci.CredentialNonceEndpoint,
         com.authlete.jaxrs.server.api.vci.CredentialJwtIssuerEndpoint,
         com.authlete.jaxrs.server.api.vci.DeferredCredentialEndpoint,
         com.authlete.jaxrs.server.api.vci.CredentialOfferEndpoint,

src/main/webapp/index.html

@@ -79,6 +79,10 @@
           <td valign="top">JWT VC Issuer Metadata Endpoint</td>
           <td><a href="/.well-known/jwt-vc-issuer">/.well-known/jwt-vc-issuer</a></td>
         </tr>
+        <tr>
+          <td valign="top">Credential Issuer Nonce Endpoint</td>
+          <td>/api/nonce</td>
+        </tr>
       </tbody>
     </table>