Fix dpop-nonce format, use nonce in authorizeCode request in Issuer

[pankaj-sp]

Description of change

I was getting error for invalid_dpop_proof as dpopNonce was not being passed in authorizeWithAuthorizationCode.
After making above fixes, it was still failing because of incorrect format of DPOP_NONCE_HEADER in Constant.swift file

Type of change

Please delete options that are not relevant.

• [ x ] Bug fix (non-breaking change which fixes an issue)
• [ x ] New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

• Test A
• Test B

Checklist:

• [ x ] I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the readme
• [ x ] My changes generate no new warnings
• I have added unit tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[dtsiflit]

Thanks for this @pankaj-sp we'll review this over the next day or so. Cheers.

[pankaj-sp]

Hey @dtsiflit Do you have any update on it?

[dtsiflit]

Hey @dtsiflit Do you have any update on it?

Hi @pankaj-sp we are currently working on our own PR to address this. It will be merged in over the next few days, thanks!

[dtsiflit]

Hey @pankaj-sp we have a new release that (hopefully) addresses this issue:

https://github.com/eu-digital-identity-wallet/eudi-lib-ios-openid4vci-swift/releases/tag/v0.11.0

We kept DPOP_NONCE_HEADER = "DPoP-Nonce" (not "dpop-nonce") because the OAuth 2.0 Demonstrating Proof of Possession requires it here.

If you can test this on your end and let us know we will appreciate it. Thanks!

[pankaj-sp]

@dtsiflit Shouldn't header be case insensitive, I mean dpop-nonce and DPoP-Nonce should both pass, Cc: @paulbastian

[babisRoutis]

@dtsiflit Shouldn't header be case insensitive, I mean dpop-nonce and DPoP-Nonce should both pass, Cc: @paulbastian

https://datatracker.ietf.org/doc/html/rfc9449#name-the-dpop-http-header

Note that per [RFC9110], header field names are case insensitive; thus, DPoP, DPOP, dpop, etc., are all valid and equivalent header field names. However, case is significant in the header field value

[paulbastian]

Please reopen and fix this

[dtsiflit]

Thank you everyone, looking into this based on

https://datatracker.ietf.org/doc/html/rfc9449#name-the-dpop-http-header

and we will get an update out for you @pankaj-sp @paulbastian shorty.

[dtsiflit]

Hey @pankaj-sp

https://github.com/eu-digital-identity-wallet/eudi-lib-ios-openid4vci-swift/releases/tag/v0.12.1

^ This release addresses the dpop header issue; A wallet-kit version that includes this will be released too.

Thanks!