-
-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
9 changed files
with
261 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
defmodule Boruta.Openid.CredentialApplication do | ||
@moduledoc """ | ||
Implement this behaviour in the application layer of your OpenID Connect provider. | ||
This behaviour gives all callbacks triggered invoking `Boruta.Openid.credential/3` function. | ||
""" | ||
|
||
@doc """ | ||
This function will be triggered in case of success invoking `Boruta.Openid.credential/3` | ||
""" | ||
@callback credential_created(conn :: Plug.Conn.t(), credential :: Boruta.Openid.CredentialResponse.t()) :: | ||
any() | ||
@doc """ | ||
This function will be triggered in case of failure invoking `Boruta.Openid.credential/3` | ||
""" | ||
@callback credential_failure(conn :: Plug.Conn.t(), error :: Boruta.Oauth.Error.t()) :: | ||
any() | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
defmodule Boruta.Openid.Json.Schema do | ||
@moduledoc false | ||
alias ExJsonSchema.Schema | ||
|
||
@uuid_pattern "\^[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}\$" | ||
|
||
def credential do | ||
%{ | ||
"type" => "object", | ||
"properties" => %{ | ||
"format" => %{"type" => "string"}, | ||
"proof" => %{ | ||
"type" => "object", | ||
"properties" => %{ | ||
"proof_type" => %{"type" => "string", "pattern" => "^jwt$"}, | ||
"jwt" => %{"type" => "string"}, | ||
}, | ||
"required" => ["proof_type", "jwt"] | ||
}, | ||
"credential_identifier" => %{"type" => "string"}, | ||
}, | ||
"required" => ["credential_identifier"] | ||
} | ||
|> Schema.resolve() | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
defmodule Boruta.Openid.CredentialResponse do | ||
@moduledoc """ | ||
Response in case of delivrance of verifiable credential | ||
""" | ||
|
||
@enforce_keys [:format, :credential] | ||
defstruct format: nil, | ||
credential: nil | ||
|
||
@type t :: %__MODULE__{ | ||
format: String.t(), | ||
credential: String.t() | ||
} | ||
|
||
def from_tokens(%{ | ||
access_token: _access_token | ||
}, _credential_params) do | ||
%__MODULE__{ | ||
format: "jwt_vc_json", | ||
credential: "" | ||
} | ||
end | ||
end |
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
defmodule Boruta.OpenidTest.CredentialTest do | ||
use Boruta.DataCase | ||
|
||
import Boruta.Factory | ||
import Plug.Conn | ||
|
||
alias Boruta.Ecto.Token | ||
alias Boruta.Oauth.Error | ||
alias Boruta.Openid | ||
alias Boruta.Openid.ApplicationMock | ||
alias Boruta.Openid.CredentialResponse | ||
|
||
describe "deliver verifiable credentials" do | ||
test "returns an error with no access token" do | ||
conn = %Plug.Conn{} | ||
|
||
assert {:credential_failure, | ||
%Boruta.Oauth.Error{ | ||
error: :invalid_request, | ||
error_description: "Invalid bearer from Authorization header.", | ||
status: :bad_request | ||
}} = Openid.credential(conn, %{}, ApplicationMock) | ||
end | ||
|
||
test "returns credential_failure with a bad authorization header" do | ||
conn = | ||
%Plug.Conn{} | ||
|> put_req_header("authorization", "not a bearer") | ||
|
||
assert {:credential_failure, | ||
%Boruta.Oauth.Error{ | ||
error: :invalid_request, | ||
error_description: "Invalid bearer from Authorization header.", | ||
status: :bad_request | ||
}} = Openid.credential(conn, %{}, ApplicationMock) | ||
end | ||
|
||
test "returns credential_failure with a bad access token" do | ||
conn = | ||
%Plug.Conn{} | ||
|> put_req_header("authorization", "Bearer bad_token") | ||
|
||
assert {:credential_failure, | ||
%Boruta.Oauth.Error{ | ||
error: :invalid_access_token, | ||
error_description: "Given access token is invalid, revoked, or expired.", | ||
status: :bad_request | ||
}} = Openid.credential(conn, %{}, ApplicationMock) | ||
end | ||
|
||
test "returns an error with a valid bearer" do | ||
credential_params = %{} | ||
%Token{value: access_token} = insert(:token) | ||
|
||
conn = | ||
%Plug.Conn{} | ||
|> put_req_header("authorization", "Bearer #{access_token}") | ||
|
||
assert Openid.credential(conn, credential_params, ApplicationMock) == | ||
{:credential_failure, | ||
%Error{ | ||
status: :bad_request, | ||
error: :invalid_request, | ||
error_description: | ||
"Request body validation failed. Required property credential_identifier is missing at #." | ||
}} | ||
end | ||
|
||
test "returns an error with an invalid credential_identifier" do | ||
credential_params = %{"credential_identifier" => "bad identifier"} | ||
%Token{value: access_token} = insert(:token) | ||
|
||
conn = | ||
%Plug.Conn{} | ||
|> put_req_header("authorization", "Bearer #{access_token}") | ||
|
||
assert Openid.credential(conn, credential_params, ApplicationMock) == | ||
{:credential_failure, | ||
%Error{ | ||
status: :bad_request, | ||
error: :invalid_request, | ||
error_description: "Invalid credential identifier." | ||
}} | ||
end | ||
|
||
test "returns a credential with a valid credential_identifier" do | ||
credential_params = %{"credential_identifier" => "identifier"} | ||
|
||
%Token{value: access_token} = | ||
insert(:token, authorization_details: [%{"credential_identifiers" => ["identifier"]}]) | ||
|
||
conn = | ||
%Plug.Conn{} | ||
|> put_req_header("authorization", "Bearer #{access_token}") | ||
|
||
assert Openid.credential(conn, credential_params, ApplicationMock) == | ||
{:credential_created, | ||
%CredentialResponse{ | ||
format: "jwt_vc_json", | ||
credential: "" | ||
}} | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters