Merge pull request #132 from cre8/fix/txCode

fix: remove bug for txCode
Sphereon-Opensource · Jul 30, 2024 · 858a8ea · 858a8ea
2 parents 105fc37 + 5ca1eda
commit 858a8ea
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 4 deletions.
diff --git a/packages/client/lib/AccessTokenClient.ts b/packages/client/lib/AccessTokenClient.ts
@@ -105,6 +105,7 @@ export class AccessTokenClient {
  if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
  this.assertAlphanumericPin(opts.pinMetadata, pin);
  request.user_pin = pin;
+ request.tx_code = pin;
 
  request.grant_type = GrantTypes.PRE_AUTHORIZED_CODE;
  // we actually know it is there because of the isPreAuthCode call

diff --git a/packages/common/lib/types/Authorization.types.ts b/packages/common/lib/types/Authorization.types.ts
@@ -312,7 +312,7 @@ export interface AccessTokenRequest {
  'pre-authorized_code': string;
  redirect_uri?: string;
  scope?: string;
- user_pin?: string; //pre draft 13
+ user_pin?: string; //this is for v11, not required in v13 anymore
  tx_code?: string; //draft 13
  [s: string]: unknown;
 }

diff --git a/packages/issuer/lib/VcIssuer.ts b/packages/issuer/lib/VcIssuer.ts
@@ -192,7 +192,6 @@ export class VcIssuer<DIDDoc extends object> {
  status,
  notification_id: v4(),
  ...(userPin && { txCode: userPin }), // We used to use userPin according to older specs. We map these onto txCode now. If both are used, txCode in the end wins, even if they are different
- ...(txCode && { txCode }),
  ...(opts.credentialDataSupplierInput && { credentialDataSupplierInput: opts.credentialDataSupplierInput }),
  credentialOffer,
  }

diff --git a/packages/issuer/lib/tokens/index.ts b/packages/issuer/lib/tokens/index.ts
@@ -102,12 +102,17 @@ export const assertValidAccessTokenRequest = async (
  invalid_request:
  the Authorization Server does not expect a PIN in the pre-authorized flow but the client provides a PIN
  */
- if (!credentialOfferSession.credentialOffer.credential_offer?.grants?.[GrantTypes.PRE_AUTHORIZED_CODE]?.tx_code && request.tx_code) {
+ if (
+ !credentialOfferSession.credentialOffer.credential_offer?.grants?.[GrantTypes.PRE_AUTHORIZED_CODE]?.tx_code &&
+ request.tx_code &&
+ !request.user_pin
+ ) {
  // >= v13
  throw new TokenError(400, TokenErrorResponse.invalid_request, USER_PIN_NOT_REQUIRED_ERROR)
  } else if (
  !credentialOfferSession.credentialOffer.credential_offer?.grants?.[GrantTypes.PRE_AUTHORIZED_CODE]?.user_pin_required &&
- request.user_pin
+ request.user_pin &&
+ !request.tx_code
  ) {
  // <= v12
  throw new TokenError(400, TokenErrorResponse.invalid_request, USER_PIN_NOT_REQUIRED_ERROR)