DO NOT MERGE: Project branch for Generic Functions#3983
Draft
DO NOT MERGE: Project branch for Generic Functions#3983
Conversation
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
Coverage Impact ⬇️ Merging this pull request will decrease total coverage on Modified Files with Diff Coverage (30) 🤖 Increase coverage with AI coding...🚦 See full report on Qlty Cloud » 🛟 Help
|
The function does more than validate — it also populates access token fields — so the Validator suffix was misleading. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- policyId → policyID (Go naming convention) - Remove fmt.Sprintf with no format args in BasicProfileFunc - Remove TODO comment - Revert handleRFC021VPTokenRequest → handleS2SAccessTokenRequest to keep PR small Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Also rename constructors: SubmissionCredentialProfile → SubmissionPresentationEvaluator, BasicCredentialProfile → BasicPresentationEvaluator Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
SubmissionCredentialProfile → SubmissionPresentationEvaluator BasicCredentialProfile → BasicPresentationEvaluator Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Advertise jwt-bearer in AS metadata (grantTypesSupported) - Make client_assertion optional; remove unused parameter from handler - Fix oauth2.js to support Bearer tokens in addition to DPoP - Add jwt-bearer e2e test (SQLite only) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Extract the Jaeger trace verification out of the rfc021 OAuth flow test into a dedicated, simpler test with a single node. Keeps the rfc021 test focused on OAuth and avoids coupling tracing verification to an unrelated multi-node flow. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ly, use traced endpoint The node fails to start under strictmode without a SQL connection string, and its internal HTTP binds to 127.0.0.1 by default. Also /status/health/metrics are excluded from tracing middleware, so the test now hits an endpoint that produces spans. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- SC1091 in tracing run-test.sh: disable directive (qlty doesn't run with -x) - SC2086 on modified line in rfc021 do-test.sh: quote $REQUEST Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The node was stuck downloading IRMA schemes at startup on slower CI runners, causing the container healthcheck to time out before HTTP was ready. Switch to a nuts.yaml config that disables IRMA schema autoupdate and restricts contract validators to 'dummy' (IRMA isn't used by this test). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
handleAccessTokenRequest stopped filling InputDescriptorConstraintIdMap after createAccessToken was refactored to take an AccessToken template, causing the browser e2e Test_UserAccessToken_EmployeeCredential to fail with an empty AdditionalProperties map on introspection. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sets non-sensitive OAuth2 request params (grant_type, client_id, scope, response_type, error) as attributes on the current OTEL span so traces and logs can be filtered by them. Covers the token, authorize and authorize-response endpoints. Logs the verbose oauth.error_description separately to avoid high-cardinality trace attributes. Assisted by AI
Extracts the shared helper from auth/api/iam into auth/oauth so both the server-side token/authorize handlers and the outbound HTTPClient token request attach oauth.grant_type, oauth.client_id, oauth.scope and oauth.response_type to the current OTEL span. Assisted by AI
Assisted by AI
Without an explicit span, oauth.SetSpanAttributes ran before otelhttp created the HTTP span, so attributes landed on the parent handler span (or were dropped when no parent existed) instead of on the outbound token request span where they're useful. Assisted by AI
Assisted by AI
When using mCSD for addressing, the OAuth token endpoint must be provided to the AT-Request instead of being resolved via a DID-Document. This commit adds a request param for this.
…l Request
Adds an optional credential_details JSON object to POST /internal/auth/v2/{subjectID}/request-credential.
The node uses it as the base body of the outgoing OpenID4VCI Credential Request and overlays its own
JWT proof on top. Lets the wallet integrate with issuers (e.g. AET SDK) that accept additional fields
in the Credential Request body beyond what OpenID4VCI v1.0 defines.
Closes #4233
Assisted by AI
Switch VerifiableCredentials to TestResponseCodeWithLog so the upstream response body is surfaced in the logs, making it possible to diagnose 4xx/5xx responses from the credential endpoint. Assisted by AI
The 1.0 spec wraps credentials in a "credentials" array; pre-1.0 drafts returned a single "credential" string. Custom UnmarshalJSON on CredentialResponse handles both, taking the first entry from the array form and warning if the issuer returned more. Assisted by AI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a merger of the following feature branches:
lspxnutsiss3980-validate-idtoken-credential(DeziIDTokenCredential support)copilot/improve-client-error-message(return "credential is revoked" error message to the client)vcr-configure-revocation-maxage(configurable revocation list max-age)support-jwtbearer(RFC7523urn:ietf:params:oauth:grant-type:jwt-bearer, Update OpenID4VCI implementation to spec v1.0 #3953)feature/4233-credential-details(forwardcredential_detailsas base body of OpenID4VCI Credential Request, OpenID4VCI: Add credential_details passthrough on the credential-issuance API #4233)Standalone commits on this branch (not tied to a feature branch):
.crt)It also:
wallet.List()and always updates statuslist credentials (bypass cache)The features in these branches will be merged into the master branch individually (or not).