|
21 | 21 | OAUTH_CLIENT_ATTESTATION_POP_HEADER = "HTTP_OAUTH_CLIENT_ATTESTATION_POP" |
22 | 22 | OAUTH_CLIENT_ATTESTATION_HEADER = "HTTP_OAUTH_CLIENT_ATTESTATION" |
23 | 23 | DPOP_HEADER = "HTTP_DPOP" |
| 24 | +METADATA_TYPE_WALLET_PROVIDER = "wallet_solution" |
24 | 25 |
|
25 | 26 | logger = logging.getLogger(__name__) |
26 | 27 |
|
@@ -204,13 +205,11 @@ def validate_oauth_client_attestation(client_attestation: str, authority_hints: |
204 | 205 | logger.error("Invalid OAuth-Client-Attestation: %s", exc) |
205 | 206 | raise InvalidRequestException("JWT validation failed: OAuth-Client-Attestation-PoP invalid structure") from exc |
206 | 207 |
|
207 | | - if not (iss_ec_payload := validate_subject_trust_chain(attestation_jwt_payload["iss"], authority_hints, httpc_params)): |
| 208 | + if not (iss_ec_jwt := validate_subject_trust_chain(attestation_jwt_payload["iss"], authority_hints, httpc_params)): |
208 | 209 | raise InvalidRequestException("Invalid Trust Chain: Cannot verify issuer for OAuth-Client-Attestation") |
209 | 210 |
|
210 | | - def extract_core_jwks() -> list[dict]: #todo generalize |
211 | | - return iss_ec_payload.get("metadata", {}).get("wallet_provider", {}).get("jwks", {}).get("keys", []) |
212 | | - |
213 | | - sign_core_jwks = extract_core_jwks() |
| 211 | + wallet_provider_metadata = iss_ec_jwt.get("metadata", {}).get(METADATA_TYPE_WALLET_PROVIDER, {}) |
| 212 | + sign_core_jwks = wallet_provider_metadata.get("jwks", {}).get("keys", []) |
214 | 213 |
|
215 | 214 | #validate OAuth-Client-Attestation |
216 | 215 | if not validate_jws(client_attestation, sign_core_jwks, signing_alg_values_supported): |
|
0 commit comments