Support credential issuer

habarthierry-hue · habarthierry-hue · commit 1e24138fed8b · 2024-06-28T20:43:20.000+02:00
diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/appsettings.json b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/appsettings.json
@@ -2,7 +2,7 @@
   "Authorization": {
     "ClientId": "CredentialIssuer",
     "ClientSecret": "password",
-    "Issuer": "https://a766-81-246-134-116.ngrok-free.app/master",
+    "Issuer": "https://e353-81-246-134-116.ngrok-free.app/master",
     "IgnoreCertificateError": true
   },
   "PublicDid": "did:key:zBhBLmYmyihtomRdJJNEKzbPj51o4a3GYFeZoRHSABKUwqdjiQPY2dh5bhPNPoUW8q8EimVSbFMYZca45j58sJ6KCVgQr4m6JfTejcB2GAN33T5TzWRCmq5vg6NUYvhFD92JhKqUSEa8o12hW92UYbKHRfMfiBQY9QuXoff28U8eJskViACfc5i"
diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website.Startup/appsettings.json b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website.Startup/appsettings.json
@@ -9,7 +9,7 @@
   "forceHttps": false,
   "CredentialIssuerUrl": "https://localhost:5005",
   "DefaultSecurityOptions": {
-    "Issuer": "https://a766-81-246-134-116.ngrok-free.app/master",
+    "Issuer": "https://e353-81-246-134-116.ngrok-free.app/master",
     "ClientId": "CredentialIssuer-manager",
     "ClientSecret": "password",
     "Scope": "openid profile",
diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Pages/Overview.razor b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Pages/Overview.razor
@@ -12,11 +12,6 @@
             <RadzenTextBox Value=@GetCredentialIssuerUrl() Class="w-100"></RadzenTextBox>
         </div>
     </div>
-    <div class="row">
-        <div class="col-2">
-            <RadzenLabel Text="@Global.CredentialIssuerDid" Style="padding: 0px;" />
-        </div>
-    </div>
 </RadzenCard>
 
 @code {
diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/CredentialController.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/CredentialController.cs
@@ -57,6 +57,7 @@ public CredentialController(
     [HttpPost]
     public async Task<IActionResult> Get([FromBody] CredentialRequest request, CancellationToken cancellationToken)
     {
+        // User subject must always be a DID.
         var scope = User.Claims.SingleOrDefault(c => c.Type == "scope")?.Value;
         var authorizedScopes = new List<string>();
         if (!string.IsNullOrWhiteSpace(scope))
@@ -77,7 +78,6 @@ private async Task<object> BuildDeferredCredential(
         CredentialValidationResult validationResult,
         CancellationToken cancellationToken)
     {
-        var userDid = User.FindFirst(ClaimTypes.NameIdentifier).Value;
         var deferredCredential = new Domains.DeferredCredential
         {
             Status = Domains.DeferredCredentialStatus.PENDING,
@@ -89,7 +89,8 @@ private async Task<object> BuildDeferredCredential(
             EncryptionJwk = request.CredentialResponseEncryption == null ? null : JsonWebKeySerializer.Write(request.CredentialResponseEncryption?.Jwk),
             EncryptionAlg = request.CredentialResponseEncryption?.Alg,
             EncryptionEnc = request.CredentialResponseEncryption?.Enc,
-            UserDid = userDid
+            UserDid = validationResult.Subject,
+            CreateDateTime = DateTime.UtcNow
         };
         _deferredCredentialStore.Add(deferredCredential);
         await _deferredCredentialStore.SaveChanges(cancellationToken);
@@ -114,18 +115,17 @@ private async Task<CredentialResult> BuildImmediateCredential(CredentialRequest
         CredentialValidationResult validationResult, 
         CancellationToken cancellationToken)
     {
-        var userDid = User.FindFirst(ClaimTypes.NameIdentifier).Value;
         Dictionary<string, string> claims = null;
         if (validationResult.Credential != null)
             claims = validationResult.Credential.Claims.ToDictionary(c => c.Name, c => c.Value);
         else
         {
-            var userClaims = await _userCredentialClaimStore.Resolve(userDid, validationResult.CredentialConfiguration.Claims, cancellationToken);
+            var userClaims = await _userCredentialClaimStore.Resolve(validationResult.Subject, validationResult.CredentialConfiguration.Claims, cancellationToken);
             claims = userClaims.ToDictionary(c => c.Name, c => c.Value);
         }
 
         return _credentialService.BuildImmediateCredential(new BuildImmediateCredentialRequest(
-            userDid, 
+            validationResult.Subject, 
             validationResult.CredentialConfiguration,
             validationResult.Credential,
             claims,
diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/Token.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/Token.cs
@@ -7,7 +7,7 @@ public class Token
     {
         public string Id { get; set; } = null!;
         public string? SessionId { get; set; } = null;
-        public string ClientId { get; set; } = null!;
+        public string? ClientId { get; set; } = null!;
         public string TokenType { get; set; } = null!;
         public AccessTokenTypes? AccessTokenType { get; set; } = null;
         public string? Data { get; set; } = null;
diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/IdServerConfiguration.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/IdServerConfiguration.cs
@@ -116,7 +116,7 @@ public class IdServerConfiguration
             ClientBuilder.BuildWalletClient("walletClient", "password")
                 .SetClientName("Wallet")
                 .Build(),
-            ClientBuilder.BuildCredentialIssuer("CredentialIssuer", "password", null, "https://e1e9-81-246-134-116.ngrok-free.app/signin-oidc", "https://localhost:5005/*", "http://localhost:5005/*", "https://credentialissuer.simpleidserver.com/*", "https://credentialissuer.localhost.com/*", "https://credentialissuer.sid.svc.cluster.local/*")
+            ClientBuilder.BuildCredentialIssuer("CredentialIssuer", "password", null, "https://8028-81-246-134-116.ngrok-free.app/signin-oidc", "https://localhost:5005/*", "http://localhost:5005/*", "https://credentialissuer.simpleidserver.com/*", "https://credentialissuer.localhost.com/*", "https://credentialissuer.sid.svc.cluster.local/*")
                 .SetClientName("Credential issuer")
                 .AddScope(
                     SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope,
diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/PreAuthorizedCodeHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/PreAuthorizedCodeHandler.cs
@@ -83,8 +83,6 @@ public override async Task<IActionResult> Handle(HandlerContext context, Cancell
 
                 context.SetClient(oauthClient);
                 var preAuthCode = await _validator.Validate(context, cancellationToken);
-                if (!isClientExists)
-                    oauthClient.ClientId = preAuthCode.ClientId;
                 activity?.SetTag("client_id", oauthClient.Id);
                 await _dpopProofValidator.Validate(context);
                 var scopes = preAuthCode.Scopes;

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ public class Token`
`7`	`7`	`{`
`8`	`8`	`public string Id { get; set; } = null!;`
`9`	`9`	`public string? SessionId { get; set; } = null;`
`10`		`- public string ClientId { get; set; } = null!;`
	`10`	`+ public string? ClientId { get; set; } = null!;`
`11`	`11`	`public string TokenType { get; set; } = null!;`
`12`	`12`	`public AccessTokenTypes? AccessTokenType { get; set; } = null;`
`13`	`13`	`public string? Data { get; set; } = null;`