From c95a5d2723b4a86cfe57a0e26f4fe870773cb720 Mon Sep 17 00:00:00 2001
From: "nikos.kitmeridis" <nikos.kitmeridis@mystenlabs.com>
Date: Tue, 10 Sep 2024 13:55:53 +0300
Subject: [PATCH] Adds configuration for One

---
 .gitignore                                            | 4 +++-
 fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs | 1 +
 fastcrypto-zkp/src/bn254/utils.rs                     | 1 +
 fastcrypto-zkp/src/bn254/zk_login.rs                  | 9 +++++++++
 fastcrypto-zkp/src/bn254/zklogin_test_vectors.json    | 6 ++++++
 5 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index f62a47e40e..7ca751ec43 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,6 @@ fastcrypto/Cargo.lock
 fastcrypto-derive/Cargo.lock
 
 # .DS_Store files
-.DS_Store
\ No newline at end of file
+.DS_Store
+
+.idea
\ No newline at end of file
diff --git a/fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs b/fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs
index 806ff8af3a..0541c399b0 100644
--- a/fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs
+++ b/fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs
@@ -445,6 +445,7 @@ async fn test_get_jwks() {
         OIDCProvider::Credenza3,
         OIDCProvider::Playtron,
         OIDCProvider::Threedos,
+        OIDCProvider::Onefc,
     ] {
         let res = fetch_jwks(&p, &client).await;
         assert!(res.is_ok());
diff --git a/fastcrypto-zkp/src/bn254/utils.rs b/fastcrypto-zkp/src/bn254/utils.rs
index dbedb54826..a502472b81 100644
--- a/fastcrypto-zkp/src/bn254/utils.rs
+++ b/fastcrypto-zkp/src/bn254/utils.rs
@@ -83,6 +83,7 @@ pub fn get_oidc_url(
             OIDCProvider::Microsoft => format!("https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={}&scope=openid&response_type=id_token&redirect_uri={}&nonce={}", client_id, redirect_url, nonce),
             OIDCProvider::KarrierOne => format!("https://accounts.karrier.one/Account/PhoneLogin?ReturnUrl=/connect/authorize?nonce={}&redirect_uri={}&response_type=id_token&scope=openid&client_id={}", nonce, redirect_url, client_id),
             OIDCProvider::Credenza3 => format!("https://accounts.credenza3.com/oauth2/authorize?client_id={}&response_type=token&scope=openid+profile+email+phone&redirect_uri={}&nonce={}&state=state", client_id, redirect_url, nonce),
+            OIDCProvider::Onefc => format!("https://login.onepassport.onefc.com/de3ee5c1-5644-4113-922d-e8336569a462/b2c_1a_prod_signupsignin_onesuizklogin/oauth2/v2.0/authorize?client_id={}&scope=openid&response_type=id_token&redirect_uri={}&nonce={}", client_id, redirect_url, nonce),
             OIDCProvider::AwsTenant((region, tenant_id)) => format!("https://{}.auth.{}.amazoncognito.com/login?response_type=token&client_id={}&redirect_uri={}&nonce={}", tenant_id, region, client_id, redirect_url, nonce),
             OIDCProvider::TestIssuer => return Err(FastCryptoError::InvalidInput), // Test issuer does not issue JWTs interactively, this is not valid to call. 
             OIDCProvider::Playtron => return Err(FastCryptoError::InvalidInput), // Playtron does not issue JWTs interactively, this is not valid to call.
diff --git a/fastcrypto-zkp/src/bn254/zk_login.rs b/fastcrypto-zkp/src/bn254/zk_login.rs
index a6698feba2..2be6fb9698 100644
--- a/fastcrypto-zkp/src/bn254/zk_login.rs
+++ b/fastcrypto-zkp/src/bn254/zk_login.rs
@@ -115,6 +115,8 @@ pub enum OIDCProvider {
     Playtron,
     /// https://auth.3dos.io/.well-known/openid-configuration
     Threedos,
+    /// https://login.onepassport.onefc.com/de3ee5c1-5644-4113-922d-e8336569a462/b2c_1a_prod_signupsignin_onesuizklogin/v2.0/.well-known/openid-configuration
+    Onefc,
 }
 
 impl FromStr for OIDCProvider {
@@ -134,6 +136,7 @@ impl FromStr for OIDCProvider {
             "Credenza3" => Ok(Self::Credenza3),
             "Playtron" => Ok(Self::Playtron),
             "Threedos" => Ok(Self::Threedos),
+            "Onefc" => Ok(Self::Onefc),
             _ => {
                 let re = Regex::new(
                     r"AwsTenant-region:(?P<region>[^.]+)-tenant_id:(?P<tenant_id>[^/]+)",
@@ -166,6 +169,7 @@ impl ToString for OIDCProvider {
             Self::Credenza3 => "Credenza3".to_string(),
             Self::Playtron => "Playtron".to_string(),
             Self::Threedos => "Threedos".to_string(),
+            Self::Onefc => "Onefc".to_string(),
             Self::AwsTenant((region, tenant_id)) => {
                 format!("AwsTenant-region:{}-tenant_id:{}", region, tenant_id)
             }
@@ -231,6 +235,10 @@ impl OIDCProvider {
                 "https://auth.3dos.io",
                 "https://auth.3dos.io/.well-known/jwks.json",
             ),
+            OIDCProvider::Onefc => ProviderConfig::new(
+                "https://login.onepassport.onefc.com/de3ee5c1-5644-4113-922d-e8336569a462/v2.0/",
+                "https://login.onepassport.onefc.com/de3ee5c1-5644-4113-922d-e8336569a462/b2c_1a_prod_signupsignin_onesuizklogin/discovery/v2.0/keys",
+            ),
         }
     }
 
@@ -248,6 +256,7 @@ impl OIDCProvider {
             "https://accounts.credenza3.com" => Ok(Self::Credenza3),
             "https://oauth2.playtron.one" => Ok(Self::Playtron),
             "https://auth.3dos.io" => Ok(Self::Threedos),
+            "https://https://login.onepassport.onefc.com/de3ee5c1-5644-4113-922d-e8336569a462/v2.0/" => Ok(Self::Onefc),
             iss if match_micrsoft_iss_substring(iss) => Ok(Self::Microsoft),
             _ => match parse_aws_iss_substring(iss) {
                 Ok((region, tenant_id)) => {
diff --git a/fastcrypto-zkp/src/bn254/zklogin_test_vectors.json b/fastcrypto-zkp/src/bn254/zklogin_test_vectors.json
index 76b050aa39..421275672b 100644
--- a/fastcrypto-zkp/src/bn254/zklogin_test_vectors.json
+++ b/fastcrypto-zkp/src/bn254/zklogin_test_vectors.json
@@ -40,5 +40,11 @@
     "kid": "6d361dc9637a275eb585a915af26198ff0d97326ca13f4baf0e4805f72f2a9a0",
     "n": "y_8hHwq7w2yE4968sbQF98iGUhnu0BwyB5khTxVPAcUnMCYdp61zYcRWml2zdY4HAfq-Nnjb_pAli6I66Vpe9IE8Gf8uGRB0oYIo2S6tYMEe0lhRaEDYVbMdQkuKxTIYMNBXSd_kCHKJM1ZUAo7uFoq_bWuzt2hRG2-79z-Ycbiw0wil0rzFHlpNBKsBLKM4GSGUwOejaL2zCiE_rjf77AvOaJLRd4I_DBYG16t8D1BkxbhkcQCmOxYGG0NqjP3z0lz-w1ALqHCNfhzczZOsgaCrbSlcTKcBTq1syAUUhQmounW7nG5clBIfPQRVH7jCoPztiJUZg6Xz1AN6V07xnw",
     "provider": "Threedos"
+  },
+  {
+    "jwt": "eyJhbGciOiJSUzI1NiIsImtpZCI6IlgteXpGUEZNZFd0SlExb0pYaUdSVm5uMDYxZXpydlp6NTk2eE4zbUNmeVEiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE3MjM3MDAyOTQsIm5iZiI6MTcyMzYxMzg5NCwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9sb2dpbi5vbmVwYXNzcG9ydC5vbmVmYy5jb20vZGUzZWU1YzEtNTY0NC00MTEzLTkyMmQtZTgzMzY1NjlhNDYyL3YyLjAvIiwic3ViIjoiNzVmMTYxZDUtMGQ0Zi00Yjg1LTk0NDUtNWMxNmIzNjI2ZGYzIiwiYXVkIjoiNjE1MzFiMGMtM2JkYi00ZmIwLWJkZTUtNTY1MTBmYTRlYWVkIiwibm9uY2UiOiJoVFBwZ0Y3WEFLYlczN3JFVVM2cEVWWnFtb0kiLCJpYXQiOjE3MjM2MTM4OTQsImF1dGhfdGltZSI6MTcyMzYxMzg5MSwiZW1haWwiOiJ5LnJlZGR5QG9uZWZjLmNvbSIsImZpcnN0TmFtZSI6Illlc2h3YW50aCIsImxhc3ROYW1lIjoiV29yayBBY2NvdW50IiwibGVnYWN5QXV0aFVpZCI6IiJ9.GdLgSlr_5qkqlQDU4zxgv8qzjIC1o_eW7-dVNtJviJ62T_f-3YB4IGbBh9d__7Ihm7xwl-ACJaL4AY0gebOa2ohLJIi7MekYHFN0_OOYVzQw_Ioa_D0B8358I7dU223-PIubFlCTkoWApaUpDlL_pkIfmpPtM-7MugxRFnxqPxxRoIf-P3U8R_80iPWeiJxMmNiXhSydm8msxc8ZFT7u3U5ph9ryM3wyPZu5srRTqwfVCnHJivNgpFTvlHZTG6F_IYaAF0UejauDWh95DRsIdbX9quXemBh2FsXVZ7REM00xSQriA3EHOdp-DnNio8CxJ77n0UmZHW5kMfUNTgIVUQ",
+    "kid": "X-yzFPFMdWtJQ1oJXiGRVnn061ezrvZz596xN3mCfyQ",
+    "n": "t4ZoVgvyj7jKNq-ydYvgYVn5avBR9H4BQrKy2FWlR49siiMFWhxYXtPs7o4J6hhUgo00nk9pf-7rg7XnTiI7MFp2DluhWZK41YFfyGhDpbG9EImqvmy1N8poj5fid1lAjH2CfjtDyywgV84ViQ1hA5-noOrLhjb-zMZp_yKMSEeY_Ewx70jwhXevvrANKblNUFVJPQ7EI6_La-uALNBeQfu5OgPiMPiswhoQz0bhproUc7GiRxBw-9n72z3JU3HMy9mByrDnNfaZ13_Kmp9zgZYxynv5XXWJFGVHv3GZ_cDYg6OqahmrwMhT3GYTZ8JjMzZj4gH8MCCGPxde9SotKQ",
+    "provider": "Onefc"
   }
 ]