Merge pull request #349 from bcgov/feat/347-add-backwards-compat-sett…

…ing-for-token-claims

Add backwards compatibility setting for token claims

oidc-controller/api/core/config.py

@@ -184,7 +184,7 @@ class GlobalConfig(BaseSettings):
         os.environ.get("USE_OOB_LOCAL_DID_SERVICE", False)
     )
     SET_NON_REVOKED: bool = bool(os.environ.get("SET_NON_REVOKED", True))
-
+    
     class Config:
         case_sensitive = True
 

oidc-controller/api/core/oidc/issue_token_service.py

@@ -107,6 +107,13 @@ def get_claims(
         result[PROOF_CLAIMS_ATTRIBUTE_NAME] = json.dumps(
             {c.type: c.value for c in presentation_claims.values()}
         )
+
+        # TODO: Remove after full transistion to v2.0
+        # Add the presentation claims to the result as keys for backwards compatibility [v1.0]
+        if ver_config.include_v1_attributes:
+            for key, value in presentation_claims.items():
+                result[key] = value.value
+
         return result
 
     # TODO: Determine if this is useful to keep, and remove it if it's not. It is currently unused.

oidc-controller/api/core/oidc/tests/test_issue_token_service.py

@@ -22,13 +22,41 @@
         "sub_proof_index": 0,
         "values": {
             "email": {
-                "raw": "jamiehalebc@gmail.com",
+                "raw": "test@email.com",
                 "encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915643",
             }
         }
     }
 }
 
+multiple_valid_requested_attributes = {
+    "req_attr_0": {
+        "names": ["email_1", "age_1"],
+        "restrictions": [
+            {
+                "schema_name": "verified-email",
+                "issuer_did": "MTYqmTBoLT7KLP5RNfgK3b",
+            }
+        ],
+    },
+}
+
+multiple_valid_revealed_attr_groups = {
+    "req_attr_0": {
+        "sub_proof_index": 0,
+        "values": {
+            "email_1": {
+                "raw": "[email protected]",
+                "encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915643",
+            },
+            "age_1": {
+                "raw": "30",
+                "encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915644",
+            }
+        }
+    }
+}
+
 
 @pytest.mark.asyncio
 async def test_valid_proof_presentation_with_one_attribute_returns_claims():
@@ -66,7 +94,7 @@ async def test_valid_proof_presentation_with_multiple_attributes_returns_claims(
             "sub_proof_index": 0,
             "values": {
                 "email": {
-                    "raw": "jamiehalebc@gmail.com",
+                    "raw": "test@email.com",
                     "encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915643",
                 }
             }
@@ -87,36 +115,48 @@ async def test_valid_proof_presentation_with_multiple_attributes_returns_claims(
 
 
 @pytest.mark.asyncio
-async def test_valid_proof_presentation_with_one_attribute_and_multiple_values_returns_claims():
-    presentation['presentation_request']['requested_attributes'] = {
-        "req_attr_0": {
-            "names": ["email_1", "age_1"],
-            "restrictions": [
-                {
-                    "schema_name": "verified-email",
-                    "issuer_did": "MTYqmTBoLT7KLP5RNfgK3b",
-                }
-            ],
-        },
-    }
-    presentation['presentation']['requested_proof']['revealed_attr_groups'] = {
-        "req_attr_0": {
-            "sub_proof_index": 0,
-            "values": {
-                "email_1": {
-                    "raw": "[email protected]",
-                    "encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915643",
-                },
-                "age_1": {
-                    "raw": "30",
-                    "encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915644",
-                }
-            }
-        }
-    }
+async def test_include_v1_attributes_false_does_not_add_the_named_attributes():
+    presentation['presentation_request']['requested_attributes'] = multiple_valid_requested_attributes
+    presentation['presentation']['requested_proof']['revealed_attr_groups'] = multiple_valid_revealed_attr_groups
     with mock.patch.object(AuthSession, "presentation_exchange", presentation):
+        ver_config.include_v1_attributes = False
         claims = Token.get_claims(auth_session, ver_config)
+        vc_presented_attributes_obj = eval(claims["vc_presented_attributes"])
         assert claims is not None
+        assert vc_presented_attributes_obj["email_1"] == '[email protected]'
+        assert vc_presented_attributes_obj["age_1"] == '30'
+        assert "email_1" not in claims
+        assert "age_1" not in claims
+
+
+@pytest.mark.asyncio
+async def test_include_v1_attributes_true_adds_the_named_attributes():
+    presentation['presentation_request']['requested_attributes'] = multiple_valid_requested_attributes
+    presentation['presentation']['requested_proof']['revealed_attr_groups'] = multiple_valid_revealed_attr_groups
+    with mock.patch.object(AuthSession, "presentation_exchange", presentation):
+        ver_config.include_v1_attributes = True
+        claims = Token.get_claims(auth_session, ver_config)
+        vc_presented_attributes_obj = eval(claims["vc_presented_attributes"])
+        assert claims is not None
+        assert vc_presented_attributes_obj["email_1"] == '[email protected]'
+        assert vc_presented_attributes_obj["age_1"] == '30'
+        assert claims["email_1"] == '[email protected]'
+        assert claims["age_1"] == '30'
+
+@pytest.mark.asyncio
+async def test_include_v1_attributes_none_does_not_add_the_named_attributes():
+    presentation['presentation_request']['requested_attributes'] = multiple_valid_requested_attributes
+    presentation['presentation']['requested_proof']['revealed_attr_groups'] = multiple_valid_revealed_attr_groups
+    with mock.patch.object(AuthSession, "presentation_exchange", presentation):
+        ver_config.include_v1_attributes = None
+        print(ver_config.include_v1_attributes)
+        claims = Token.get_claims(auth_session, ver_config)
+        vc_presented_attributes_obj = eval(claims["vc_presented_attributes"])
+        assert claims is not None
+        assert vc_presented_attributes_obj["email_1"] == '[email protected]'
+        assert vc_presented_attributes_obj["age_1"] == '30'
+        assert "email_1" not in claims
+        assert "age_1" not in claims
 
 
 @pytest.mark.asyncio
@@ -137,7 +177,7 @@ async def test_revealed_attrs_dont_match_requested_attributes_throws_exception()
             "sub_proof_index": 0,
             "values": {
                 "email-wrong": {
-                    "raw": "jamiehalebc@gmail.com",
+                    "raw": "test@email.com",
                     "encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915643",
                 }
             }
@@ -155,7 +195,8 @@ async def test_valid_presentation_with_matching_subject_identifier_has_identifie
     with mock.patch.object(AuthSession, "presentation_exchange", presentation):
         claims = Token.get_claims(auth_session, ver_config)
         print(claims)
-        assert claims["sub"] == "[email protected]"
+        assert claims["sub"] == "[email protected]"
+
 
 @pytest.mark.asyncio
 async def test_valid_presentation_with_non_matching_subject_identifier_and_has_uuid_in_claims_sub():

oidc-controller/api/verificationConfigs/examples.py

@@ -1,5 +1,6 @@
 ex_ver_config = {
     "ver_config_id": "test-request-config",
+    "include_v1_attributes": False,
     "subject_identifier": "first_name",
     "proof_request": {
         "name": "Basic Proof",

oidc-controller/api/verificationConfigs/models.py

@@ -41,6 +41,7 @@ class VerificationProofRequest(BaseModel):
 class VerificationConfigBase(BaseModel):
     subject_identifier: str = Field()
     proof_request: VerificationProofRequest = Field()
+    include_v1_attributes: Optional[bool] = Field(default=False)
 
     def generate_proof_request(self):
         result = {