Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add support for OIDC VC #3575

Merged
merged 1 commit into from
Aug 4, 2023
Merged

feat: add support for OIDC VC #3575

merged 1 commit into from
Aug 4, 2023

Conversation

hperl
Copy link
Contributor

@hperl hperl commented Jul 17, 2023

Related issue(s)

Requires ory/fosite#758

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

@hperl hperl self-assigned this Jul 17, 2023
@hperl hperl force-pushed the hperl/oidc-vc branch 2 times, most recently from a895998 to 2046994 Compare July 19, 2023 12:21
@hperl hperl marked this pull request as ready for review July 19, 2023 12:22
@hperl hperl requested a review from aeneasr as a code owner July 19, 2023 12:22
@hperl hperl force-pushed the hperl/oidc-vc branch 3 times, most recently from b9e59dd to 9f112ef Compare July 20, 2023 06:51
@hperl hperl force-pushed the hperl/oidc-vc branch 2 times, most recently from e5f2c1a to 515ffb4 Compare July 20, 2023 08:26
@codecov
Copy link

codecov bot commented Jul 20, 2023

Codecov Report

Merging #3575 (88c7c93) into master (eb89af7) will decrease coverage by 0.07%.
The diff coverage is 74.00%.

❗ Current head 88c7c93 differs from pull request most recent head 949008f. Consider uploading reports for the commit 949008f to get more accurate results

@@            Coverage Diff             @@
##           master    #3575      +/-   ##
==========================================
- Coverage   76.39%   76.32%   -0.07%     
==========================================
  Files         130      132       +2     
  Lines        9746     9879     +133     
==========================================
+ Hits         7445     7540      +95     
- Misses       1799     1824      +25     
- Partials      502      515      +13     
Files Changed Coverage Δ
aead/xchacha20.go 66.66% <0.00%> (-3.93%) ⬇️
client/manager_test_helpers.go 98.52% <ø> (ø)
oauth2/handler.go 67.56% <72.56%> (+0.42%) ⬆️
x/int_to_bytes.go 75.00% <75.00%> (ø)
persistence/sql/persister_nonce.go 80.95% <80.95%> (ø)
driver/config/provider.go 82.88% <100.00%> (+0.13%) ⬆️
driver/config/provider_fosite.go 82.60% <100.00%> (+0.79%) ⬆️
driver/registry_base.go 83.69% <100.00%> (ø)
fositex/config.go 86.11% <100.00%> (ø)

@hperl hperl force-pushed the hperl/oidc-vc branch 4 times, most recently from 6c7748c to c1a8d58 Compare July 20, 2023 11:23
oauth2/handler.go Outdated Show resolved Hide resolved
@hperl hperl force-pushed the hperl/oidc-vc branch 4 times, most recently from aa05e95 to 1270c1a Compare July 25, 2023 10:56
@hperl hperl requested review from aeneasr and alnr July 26, 2023 07:52
oauth2/handler.go Outdated Show resolved Hide resolved
oauth2/handler.go Outdated Show resolved Hide resolved
oauth2/handler.go Outdated Show resolved Hide resolved
oauth2/handler.go Outdated Show resolved Hide resolved
Copy link
Contributor

@alnr alnr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nicely done!

Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! This looks pretty good. I think there's a bit of clean-up we need to do.

Also, should we add a proper end-to-end test in playwright/cypress for this?

internal/httpclient/api/openapi.yaml Outdated Show resolved Hide resolved
internal/httpclient/api/openapi.yaml Outdated Show resolved Hide resolved
internal/httpclient/api/openapi.yaml Outdated Show resolved Hide resolved
oauth2/handler.go Show resolved Hide resolved
oauth2/handler.go Outdated Show resolved Hide resolved
oauth2/handler.go Show resolved Hide resolved
oauth2/oauth2_auth_code_test.go Show resolved Hide resolved
persistence/sql/buf.gen.yaml Outdated Show resolved Hide resolved
persistence/sql/persister_nonce.go Outdated Show resolved Hide resolved
persistence/sql/persister_nonce_test.go Show resolved Hide resolved
@alnr
Copy link
Contributor

alnr commented Jul 31, 2023

Please re-run make sdk

@hperl
Copy link
Contributor Author

hperl commented Aug 1, 2023

Thanks for the review @aeneasr and @alnr! I'll clean up this PR and we should be ready for the final round.

I don't think we need Cypress/PW E2E tests, because the credentials endpoint is already fully tested and we would just repeat building the JWT proof in JavaScript.

@hperl
Copy link
Contributor Author

hperl commented Aug 2, 2023

I addressed all review comments now. Mainly I:

  • added swagger annotations and regenerated the SDK
  • added proper hints to all errors
  • refactored the nonce manager based on @alnr's suggestion to just encrypt the timestamp, which results in a more compact representation of the nonce

@hperl hperl requested review from aeneasr and alnr August 2, 2023 08:06
@alnr
Copy link
Contributor

alnr commented Aug 2, 2023

LGTM. Needs ory/fosite#758 to be merged first, right?

@alnr
Copy link
Contributor

alnr commented Aug 2, 2023

Just a tiny lint issue

@hperl
Copy link
Contributor Author

hperl commented Aug 2, 2023

LGTM. Needs ory/fosite#758 to be merged first, right?

There is a circular dependency for pushing Fosite and Hydra. Fosite uses Hydra for the OIDC conformancy tests (which fail on the Fosite PR), and will only pass with master Hydra when this PR here is merged.

So I suggest merging this first, then the Fosite PR, then remove the replace directive in Hydra.

alnr
alnr previously approved these changes Aug 2, 2023
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice, just one minor swagger comment ...

oauth2/handler.go Outdated Show resolved Hide resolved
This adds initial support for issuing verifiable credentials
as specified in https://openid.net/specs/openid-connect-userinfo-vc-1_0.html.

Because the spec is still in draft, public identifiers are
suffixed with `draft_00`.
@aeneasr aeneasr merged commit 219a7c0 into master Aug 4, 2023
@aeneasr aeneasr deleted the hperl/oidc-vc branch August 4, 2023 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants