src/issuer/issuance/oid4vci/authorize/authorize.controller.ts
issuers/:tenantId/authorize
Controller for the OpenID4VCI authorization endpoints. This controller handles the authorization requests, token requests.
Methods |
| Async authorize | ||||||||||||
authorize(queries: AuthorizeQueries, res: Response, tenantId: string)
|
||||||||||||
Decorators :
@Get()
|
||||||||||||
|
Endpoint to handle the Authorization Request.
Parameters :
Returns :
any
|
| challenge | ||||||
challenge(tenantId: string)
|
||||||
Decorators :
@Post('challenge')
|
||||||
|
Client Attestation Challenge Endpoint. Returns a nonce for inclusion in the Client Attestation PoP JWT. See OAuth2-ATCA07-8
Parameters :
Returns :
Promise<literal type>
|
| Async par | |||||||||||||||
par(tenantId: string, body: AuthorizeQueries, clientAttestationJwt?: string, clientAttestationPopJwt?: string)
|
|||||||||||||||
Decorators :
@ApiBody({description: 'Pushed Authorization Request', type: AuthorizeQueries})
|
|||||||||||||||
|
Endpoint to handle the Pushed Authorization Request (PAR).
Parameters :
Returns :
Promise<ParResponseDto>
|
| token |
token(body: any, req: Request, tenantId: string)
|
Decorators :
@Post('token')
|
|
Endpoint to validate the token request. This endpoint is used to exchange the authorization code for an access token.
Returns :
Promise<any>
|
import {
Body,
Controller,
Get,
Header,
Headers,
HttpCode,
HttpStatus,
Param,
Post,
Query,
Req,
Res,
} from "@nestjs/common";
import { ApiBody, ApiConsumes, ApiTags } from "@nestjs/swagger";
import type { Request, Response } from "express";
import { SessionService } from "../../../../session/session.service";
import { AuthorizeService } from "./authorize.service";
import { AuthorizeQueries } from "./dto/authorize-request.dto";
import { ParResponseDto } from "./dto/par-response.dto";
/**
* Controller for the OpenID4VCI authorization endpoints.
* This controller handles the authorization requests, token requests.
*/
@ApiTags("OID4VCI")
@Controller("issuers/:tenantId/authorize")
export class AuthorizeController {
constructor(
private readonly authorizeService: AuthorizeService,
private readonly sessionService: SessionService,
) {}
/**
* Endpoint to handle the Authorization Request.
* @param queries
* @param res
*/
@Get()
async authorize(
@Query() queries: AuthorizeQueries,
@Res() res: Response,
@Param("tenantId") tenantId: string,
) {
const redirectUrl =
await this.authorizeService.sendAuthorizationResponse(
queries,
tenantId,
);
res.redirect(redirectUrl);
}
/**
* Endpoint to handle the Pushed Authorization Request (PAR).
* @param body
* @returns
*/
@ApiBody({
description: "Pushed Authorization Request",
type: AuthorizeQueries,
})
@ApiConsumes("application/x-www-form-urlencoded")
@Post("par")
@HttpCode(HttpStatus.CREATED)
@Header("Cache-Control", "no-store")
async par(
@Param("tenantId") tenantId: string,
@Body() body: AuthorizeQueries,
@Headers("oauth-client-attestation") clientAttestationJwt?: string,
@Headers("oauth-client-attestation-pop")
clientAttestationPopJwt?: string,
): Promise<ParResponseDto> {
const clientAttestation =
clientAttestationJwt && clientAttestationPopJwt
? { clientAttestationJwt, clientAttestationPopJwt }
: undefined;
return this.authorizeService.handlePar(
tenantId,
body,
clientAttestation,
);
}
/**
* Endpoint to validate the token request.
* This endpoint is used to exchange the authorization code for an access token.
* @param body
* @param req
* @returns
*/
@Post("token")
@HttpCode(HttpStatus.OK)
@Header("Cache-Control", "no-store")
token(
@Body() body: any,
@Req() req: Request,
@Param("tenantId") tenantId: string,
): Promise<any> {
return this.authorizeService.validateTokenRequest(body, req, tenantId);
}
/**
* Client Attestation Challenge Endpoint.
* Returns a nonce for inclusion in the Client Attestation PoP JWT.
* @see OAuth2-ATCA07-8
*/
@Post("challenge")
@HttpCode(HttpStatus.OK)
@Header("Cache-Control", "no-store")
challenge(
@Param("tenantId") tenantId: string,
): Promise<{ attestation_challenge: string }> {
return this.authorizeService.challengeRequest(tenantId);
}
}