diff --git a/packages/agent/src/oidc.ts b/packages/agent/src/oidc.ts index 2e82778e5..3e83bc196 100644 --- a/packages/agent/src/oidc.ts +++ b/packages/agent/src/oidc.ts @@ -788,11 +788,19 @@ async function submitAuthResponse( selectedDid: string, authRequest: Web5ConnectAuthRequest, randomPin: string, - delegateBearerDid: BearerDid, - delegateGrants: DwnDataEncodedRecordsWriteMessage[] + agent: Web5Agent, ) { + const delegateBearerDid = await DidJwk.create(); const delegatePortableDid = await delegateBearerDid.export(); + // Create the permission grants for the selected DID. + const delegateGrants = await Oidc.createAuthResponseGrants( + delegatePortableDid, + selectedDid, + authRequest.permissionRequests, + agent + ); + logger.log('Generating auth response object...'); const responseObject = await Oidc.createResponseObject({ //* the IDP's did that was selected to be connected diff --git a/packages/agent/tests/connect.spec.ts b/packages/agent/tests/connect.spec.ts index 61d5c4082..8a764375b 100644 --- a/packages/agent/tests/connect.spec.ts +++ b/packages/agent/tests/connect.spec.ts @@ -363,6 +363,7 @@ describe('web5 connect', function () { it('should send the encrypted jwe authresponse to the server', async () => { sinon.stub(Oidc, 'createPermissionGrants').resolves(permissionGrants as any); sinon.stub(CryptoUtils, 'randomBytes').returns(encryptionNonce); + sinon.stub(DidJwk, 'create').resolves(delegateBearerDid); const formEncodedRequest = new URLSearchParams({ id_token : authResponseJwe, @@ -402,8 +403,7 @@ describe('web5 connect', function () { selectedDid, authRequest, randomPin, - delegateBearerDid, - delegatedGrants + testHarness.agent ); expect(fetchSpy.calledOnce).to.be.true; }); @@ -683,22 +683,13 @@ describe('web5 connect', function () { const delegatePortableDid = await delegateBearerDid.export(); - const delegatedGrants = await Oidc.createAuthResponseGrants( + await Oidc.createAuthResponseGrants( delegatePortableDid, providerIdentity.did.uri, authRequest.permissionRequests, testHarness.agent ); - // call submitAuthResponse - await Oidc.submitAuthResponse( - providerIdentity.did.uri, - authRequest, - randomPin, - delegateBearerDid, - delegatedGrants - ); - // expect the process request to only be called once for ProtocolsQuery expect(processDwnRequestStub.callCount).to.equal(1); expect(processDwnRequestStub.firstCall.args[0].messageType).to.equal(DwnInterface.ProtocolsQuery); @@ -746,22 +737,13 @@ describe('web5 connect', function () { // generate the DID const delegatePortableDid = await delegateBearerDid.export(); - const delegatedGrants = await Oidc.createAuthResponseGrants( + await Oidc.createAuthResponseGrants( delegatePortableDid, providerIdentity.did.uri, authRequest.permissionRequests, testHarness.agent ); - // call submitAuthResponse - await Oidc.submitAuthResponse( - providerIdentity.did.uri, - authRequest, - randomPin, - delegateBearerDid, - delegatedGrants - ); - // expect the process request to be called for query and configure expect(processDwnRequestStub.callCount).to.equal(2); expect(processDwnRequestStub.firstCall.args[0].messageType).to.equal(DwnInterface.ProtocolsQuery); @@ -783,22 +765,13 @@ describe('web5 connect', function () { const delegateBearerDid2 = await DidJwk.create(); const delegatePortableDid2 = await delegateBearerDid2.export(); - const delegatedGrants2 = await Oidc.createAuthResponseGrants( + await Oidc.createAuthResponseGrants( delegatePortableDid2, providerIdentity.did.uri, authRequest.permissionRequests, testHarness.agent ); - // call submitAuthResponse - await Oidc.submitAuthResponse( - providerIdentity.did.uri, - authRequest, - randomPin, - delegateBearerDid2, - delegatedGrants2 - ); - // expect the process request to be called for query and configure expect(processDwnRequestStub.callCount).to.equal(2); expect(processDwnRequestStub.firstCall.args[0].messageType).to.equal(DwnInterface.ProtocolsQuery);