Merge pull request #106 from niscy-eudiw/feature/auth-server-dpop-nonce

dtsiflit · web-flow · commit 231d188a3770 · 2025-02-04T11:41:24.000+02:00
Dpop nonce support during authorization
diff --git a/.github/workflows/build-package.yml b/.github/workflows/build-package.yml
@@ -12,7 +12,7 @@ jobs:
     steps:
       - uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: '16.0'
+          xcode-version: '16.1'
       - uses: actions/checkout@v4
       - run:
           fastlane tests
diff --git a/Sources/Entities/Issuance/UnauthorizedRequest.swift b/Sources/Entities/Issuance/UnauthorizedRequest.swift
@@ -48,12 +48,14 @@ public struct AuthorizationCodeRetrieved {
   public let authorizationCode: IssuanceAuthorization
   public let pkceVerifier: PKCEVerifier
   public let configurationIds: [CredentialConfigurationIdentifier]
+  public let dpopNonce: Nonce?
   
   public init(
     credentials: [CredentialIdentifier],
     authorizationCode: IssuanceAuthorization,
     pkceVerifier: PKCEVerifier,
-    configurationIds: [CredentialConfigurationIdentifier]
+    configurationIds: [CredentialConfigurationIdentifier],
+    dpopNonce: Nonce?
   ) throws {
     
     guard case .authorizationCode = authorizationCode else {
@@ -64,6 +66,7 @@ public struct AuthorizationCodeRetrieved {
     self.authorizationCode = authorizationCode
     self.pkceVerifier = pkceVerifier
     self.configurationIds = configurationIds
+    self.dpopNonce = dpopNonce
   }
 }
 
diff --git a/Sources/Issuers/Issuer.swift b/Sources/Issuers/Issuer.swift
@@ -316,7 +316,7 @@ public actor Issuer: IssuerType {
             authorizationCode: authorizationCode,
             codeVerifier: request.pkceVerifier.codeVerifier,
             identifiers: credConfigIdsAsAuthDetails,
-            dpopNonce: nil,
+            dpopNonce: request.dpopNonce,
             retry: true
           ).get()
           
@@ -372,7 +372,8 @@ public actor Issuer: IssuerType {
               credentials: request.credentials,
               authorizationCode: try IssuanceAuthorization(authorizationCode: code),
               pkceVerifier: request.pkceVerifier,
-              configurationIds: request.configurationIds
+              configurationIds: request.configurationIds,
+              dpopNonce: request.dpopNonce
             )
           )
         )
@@ -399,7 +400,8 @@ public actor Issuer: IssuerType {
                 credentials: request.credentials,
                 authorizationCode: try IssuanceAuthorization(authorizationCode: authorizationCode),
                 pkceVerifier: request.pkceVerifier,
-                configurationIds: request.configurationIds
+                configurationIds: request.configurationIds,
+                dpopNonce: request.dpopNonce
               )
             )
           )

Original file line number	Diff line number	Diff line change
`@@ -316,7 +316,7 @@ public actor Issuer: IssuerType {`
`316`	`316`	`authorizationCode: authorizationCode,`
`317`	`317`	`codeVerifier: request.pkceVerifier.codeVerifier,`
`318`	`318`	`identifiers: credConfigIdsAsAuthDetails,`
`319`		`- dpopNonce: nil,`
	`319`	`+ dpopNonce: request.dpopNonce,`
`320`	`320`	`retry: true`
`321`	`321`	`).get()`
`322`	`322`
`@@ -372,7 +372,8 @@ public actor Issuer: IssuerType {`
`372`	`372`	`credentials: request.credentials,`
`373`	`373`	`authorizationCode: try IssuanceAuthorization(authorizationCode: code),`
`374`	`374`	`pkceVerifier: request.pkceVerifier,`
`375`		`- configurationIds: request.configurationIds`
	`375`	`+ configurationIds: request.configurationIds,`
	`376`	`+ dpopNonce: request.dpopNonce`
`376`	`377`	`)`
`377`	`378`	`)`
`378`	`379`	`)`
`@@ -399,7 +400,8 @@ public actor Issuer: IssuerType {`
`399`	`400`	`credentials: request.credentials,`
`400`	`401`	`authorizationCode: try IssuanceAuthorization(authorizationCode: authorizationCode),`
`401`	`402`	`pkceVerifier: request.pkceVerifier,`
`402`		`- configurationIds: request.configurationIds`
	`403`	`+ configurationIds: request.configurationIds,`
	`404`	`+ dpopNonce: request.dpopNonce`
`403`	`405`	`)`
`404`	`406`	`)`
`405`	`407`	`)`