@bedrock/vc-delivery 4.1.1 → 4.2.0

package/lib/openId.js

@@ -63,7 +63,11 @@ export async function createRoutes({
   const routes = {
     // OID4VCI routes
     asMetadata: `/.well-known/oauth-authorization-server${exchangeRoute}`,
+    asMetadataDraftBug:
+      `${exchangeRoute}/.well-known/oauth-authorization-server`,
     ciMetadata: `/.well-known/openid-credential-issuer${exchangeRoute}`,
+    ciMetadataDraftBug:
+      `${exchangeRoute}/.well-known/openid-credential-issuer`,
     batchCredential: `${openIdRoute}/batch_credential`,
     credential: `${openIdRoute}/credential`,
     token: `${openIdRoute}/token`,
@@ -357,6 +361,57 @@ export async function createRoutes({
         {req, presentation, presentationSubmission});
       res.json(result);
     }));
+
+  /* Note: The following routes are served only because of an OID4VCI draft bug
+  that tells clients to generate `/.well-known` paths in an erroneous way and
+  some implementers have complied. */
+
+  // an authorization server meta data endpoint
+  // serves `.well-known` oauth2 AS config for each exchange; each config is
+  // based on the exchanger used to create the exchange
+  app.get(
+    routes.asMetadataDraftBug,
+    cors(),
+    getConfigMiddleware,
+    asyncHandler(async (req, res) => {
+      // generate well-known oauth2 issuer config
+      const {config: exchanger} = req.serviceObject;
+      const exchangeId = `${exchanger.id}/exchanges/${req.params.exchangeId}`;
+      // note that technically, we should not need to serve any credential
+      // issuer metadata, but we do for backwards compatibility purposes as
+      // previous versions of OID4VCI required it
+      const oauth2Config = {
+        issuer: exchangeId,
+        jwks_uri: `${exchangeId}/openid/jwks`,
+        token_endpoint: `${exchangeId}/openid/token`,
+        credential_endpoint: `${exchangeId}/openid/credential`,
+        batch_credential_endpoint: `${exchangeId}/openid/batch_credential`
+        // FIXME: add `credentials_supported`
+      };
+      res.json(oauth2Config);
+    }));
+
+  // a credential issuer meta data endpoint
+  // serves `.well-known` oauth2 AS / CI config for each exchange; each config
+  // is based on the exchanger used to create the exchange
+  app.get(
+    routes.ciMetadataDraftBug,
+    cors(),
+    getConfigMiddleware,
+    asyncHandler(async (req, res) => {
+      // generate well-known oauth2 issuer config
+      const {config: exchanger} = req.serviceObject;
+      const exchangeId = `${exchanger.id}/exchanges/${req.params.exchangeId}`;
+      const oauth2Config = {
+        issuer: exchangeId,
+        jwks_uri: `${exchangeId}/openid/jwks`,
+        token_endpoint: `${exchangeId}/openid/token`,
+        credential_endpoint: `${exchangeId}/openid/credential`,
+        batch_credential_endpoint: `${exchangeId}/openid/batch_credential`
+        // FIXME: add `credentials_supported`
+      };
+      res.json(oauth2Config);
+    }));
 }
 
 async function _createExchangeAccessToken({exchanger, exchangeRecord}) {
@@ -621,7 +676,7 @@ async function _getAuthorizationRequest({req}) {
         }
         if(client_id_scheme) {
           authorizationRequest.client_id_scheme = client_id_scheme;
-        } else if(authorizationRequest.client_id_scheme === 'undefined') {
+        } else if(authorizationRequest.client_id_scheme === undefined) {
           authorizationRequest.client_id_scheme = 'redirect_uri';
         }
         if(client_metadata) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bedrock/vc-delivery",
-  "version": "4.1.1",
+  "version": "4.2.0",
   "type": "module",
   "description": "Bedrock Verifiable Credential Delivery",
   "main": "./lib/index.js",