IAM: fix loading of server state (#3011)

* IAM: fix loading of server state * copyright * feedback
nuts-foundation · Apr 5, 2024 · 2d9db64 · 2d9db64
1 parent 457774e
commit 2d9db64
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 52 deletions.
diff --git a/auth/api/iam/api.go b/auth/api/iam/api.go
@@ -585,7 +585,7 @@ func createSession(params oauthParameters, ownDID did.DID) *OAuthSession {
 	session.ClientID = params.get(oauth.ClientIDParam)
 	session.Scope = params.get(oauth.ScopeParam)
 	session.ClientState = params.get(oauth.StateParam)
-	session.ServerState = map[string]interface{}{}
+	session.ServerState = ServerState{}
 	session.RedirectURI = params.get(oauth.RedirectURIParam)
 	session.OwnDID = &ownDID
 	session.ResponseType = params.get(oauth.ResponseTypeParam)

diff --git a/auth/api/iam/openid4vp.go b/auth/api/iam/openid4vp.go
@@ -430,10 +430,11 @@ func (r Wrapper) handleAuthorizeResponseSubmission(ctx context.Context, request
 	// we take the existing OAuthSession and add the credential map to it
 	// the credential map contains InputDescriptor.Id -> VC mappings
 	// todo: use the InputDescriptor.Path to map the Id to Value@JSONPath since this will be later used to set the state for the access token
-	oauthSession.ServerState = ServerState{}
-	oauthSession.ServerState[credentialMapStateKey] = credentialMap
-	oauthSession.ServerState[presentationsStateKey] = pexEnvelope.Presentations
-	oauthSession.ServerState[submissionStateKey] = *submission
+	oauthSession.ServerState = ServerState{
+		CredentialMap:          credentialMap,
+		Presentations:          pexEnvelope.Presentations,
+		PresentationSubmission: submission,
+	}
 
 	authorizationCode := crypto.GenerateNonce()
 	err = r.oauthCodeStore().Put(authorizationCode, oauthSession)
@@ -540,16 +541,14 @@ func (r Wrapper) handleAccessTokenRequest(ctx context.Context, verifier did.DID,
 		return nil, withCallbackURI(oauthError(oauth.InvalidRequest, fmt.Sprintf("client_id does not match: %s vs %s", oauthSession.ClientID, *clientId)), callbackURI)
 	}
 
-	presentations := oauthSession.ServerState.VerifiablePresentations()
-	submission := oauthSession.ServerState.PresentationSubmission()
+	state := oauthSession.ServerState
 	definition, err := r.policyBackend.PresentationDefinition(ctx, verifier, oauthSession.Scope)
 	if err != nil {
 		return nil, withCallbackURI(oauthError(oauth.ServerError, fmt.Sprintf("failed to fetch presentation definition: %s", err.Error())), callbackURI)
 	}
-	credentialMap := oauthSession.ServerState.CredentialMap()
 	subject, _ := did.ParseDID(oauthSession.ClientID)
 
-	response, err := r.createAccessToken(verifier, time.Now(), presentations, submission, *definition, oauthSession.Scope, *subject, credentialMap)
+	response, err := r.createAccessToken(verifier, time.Now(), state.Presentations, state.PresentationSubmission, *definition, oauthSession.Scope, *subject, state.CredentialMap)
 	if err != nil {
 		return nil, withCallbackURI(oauthError(oauth.ServerError, fmt.Sprintf("failed to create access token: %s", err.Error())), callbackURI)
 	}
@@ -737,7 +736,6 @@ func (r Wrapper) handlePresentationRequest(ctx context.Context, params oauthPara
 			credentialIDs = append(credentialIDs, matchingCredential.ID.String())
 		}
 	}
-	session.ServerState["openid4vp_credentials"] = credentialIDs
 
 	sessionID := uuid.NewString()
 	err = r.storageEngine.GetSessionDatabase().GetStore(sessionExpiry, session.OwnDID.String(), "session").Put(sessionID, *session)

diff --git a/auth/api/iam/openid4vp_test.go b/auth/api/iam/openid4vp_test.go
@@ -480,9 +480,9 @@ func Test_handleAccessTokenRequest(t *testing.T) {
 		OwnDID:      &verifierDID,
 		RedirectURI: redirectURI,
 		Scope:       "scope",
-		ServerState: map[string]interface{}{
-			"presentations":          []vc.VerifiablePresentation{*vp},
-			"presentationSubmission": submission,
+		ServerState: ServerState{
+			Presentations:          []vc.VerifiablePresentation{*vp},
+			PresentationSubmission: &submission,
 		},
 	}
 	t.Run("ok", func(t *testing.T) {

diff --git a/auth/api/iam/session.go b/auth/api/iam/session.go
@@ -44,45 +44,10 @@ type OAuthSession struct {
 }
 
 // ServerState is a convenience type for extracting different types of data from the session.
-type ServerState map[string]interface{}
-
-const (
-	credentialMapStateKey = "credentialMap"
-	presentationsStateKey = "presentations"
-	submissionStateKey    = "presentationSubmission"
-)
-
-// VerifiablePresentations returns the verifiable presentations from the server state.
-// If the server state does not contain a verifiable presentation, an empty slice is returned.
-func (s ServerState) VerifiablePresentations() []vc.VerifiablePresentation {
-	presentations := make([]vc.VerifiablePresentation, 0)
-	if val, ok := s[presentationsStateKey]; ok {
-		// each entry should be castable to a VerifiablePresentation
-		if arr, ok := val.([]interface{}); ok {
-			for _, v := range arr {
-				if vp, ok := v.(vc.VerifiablePresentation); ok {
-					presentations = append(presentations, vp)
-				}
-			}
-		}
-	}
-	return presentations
-}
-
-// PresentationSubmission returns the Presentation Submission from the server state.
-func (s ServerState) PresentationSubmission() *pe.PresentationSubmission {
-	if val, ok := s[submissionStateKey].(pe.PresentationSubmission); ok {
-		return &val
-	}
-	return nil
-}
-
-// CredentialMap returns the credential map from the server state.
-func (s ServerState) CredentialMap() map[string]vc.VerifiableCredential {
-	if mapped, ok := s[credentialMapStateKey].(map[string]vc.VerifiableCredential); ok {
-		return mapped
-	}
-	return map[string]vc.VerifiableCredential{}
+type ServerState struct {
+	CredentialMap          map[string]vc.VerifiableCredential
+	Presentations          []vc.VerifiablePresentation
+	PresentationSubmission *pe.PresentationSubmission
 }
 
 // RedirectSession is the session object that is used to redirect the user to a Nuts node website.