Regression issue : the authorization_server endpoint in the offer is …

…not taken into account anymore #3172
TalaoDAO · Dec 20, 2024 · ce0a48b · ce0a48b
1 parent daa12b8
commit ce0a48b
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/packages/oidc4vc/lib/src/oidc4vc.dart b/packages/oidc4vc/lib/src/oidc4vc.dart
@@ -864,6 +864,23 @@ class OIDC4VC {
         /// authorization_servers in opentIdConfiguration.authorizationServers
         final listOpenIDConfiguration =
             openIdConfiguration.authorizationServers ?? [];
+
+        // check if authorization server is present in the credential offer
+        final authorizationServerFromCredentialOffer =
+            getAuthorizationServerFromCredentialOffer(credentialOfferJson);
+        // if authorization server is present in the credential offer
+        // we check if it is present in the authorization servers
+        // from credential issuer metadata
+        // https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-credential-issuer-metadata-p
+        if (authorizationServerFromCredentialOffer != null) {
+          if (listOpenIDConfiguration
+              .contains(authorizationServerFromCredentialOffer)) {
+            return '$authorizationServerFromCredentialOffer/authorize';
+          } else {
+            // that's forbidden and we can't continue the process
+            throw Exception('AUTHORIZATION_SERVER_NOT_FOUND');
+          }
+        }
         if (listOpenIDConfiguration.isNotEmpty) {
           if (listOpenIDConfiguration.length == 1) {
             authorizationEndpoint =
@@ -1978,4 +1995,23 @@ class OIDC4VC {
     };
     return jwk;
   }
+
+  String? getAuthorizationServerFromCredentialOffer(
+    dynamic credentialOfferJson,
+  ) {
+    try {
+      /// Extract the authorization endpoint from from
+      /// authorization_server in credentialOfferJson
+      final jsonPathAuthorizationServer = JsonPath(
+        r'$..authorization_server',
+      );
+      final data = jsonPathAuthorizationServer
+          .read(credentialOfferJson)
+          .first
+          .value! as String;
+      return data;
+    } catch (e) {
+      return null;
+    }
+  }
 }