@eudiplo/backend documentation
  1. Injectables
  2. WellKnownService

File

src/well-known/well-known.service.ts

Description

Service to handle well-known endpoints and metadata retrieval.

Index

Methods

Constructor

constructor(oid4vciService: Oid4vciService, cryptoService: CryptoService, authorizeService: AuthorizeService, cryptoImplementationService: CryptoImplementationService)
Defined in src/well-known/well-known.service.ts:16

Constructor for WellKnownService.

Parameters :
Name Type Optional
oid4vciService Oid4vciService No
cryptoService CryptoService No
authorizeService AuthorizeService No
cryptoImplementationService CryptoImplementationService No

Methods

getAuthzMetadata
getAuthzMetadata(session: Session)
Defined in src/well-known/well-known.service.ts:77

Returns the OAuth 2.0 Authorization Server metadata for a given tenant.

Parameters :
Name Type Optional
session Session No
Returns : Oauth2AuthorizationServerResponse
Async getIssuerMetadata
getIssuerMetadata(session: Session, contentType: MediaType)
Defined in src/well-known/well-known.service.ts:39

Retrieves the issuer metadata for a given tenant for the specified content type. The metadata can be returned in two formats:

  • an unsigned JSON document using the media type application/json, or
  • a signed JSON Web Token (JWT) containing the Credential Issuer Metadata in its payload using the media type application/jwt.
Parameters :
Name Type Optional
session Session No
contentType MediaType No
Returns : unknown
getJwks
getJwks(tenantId: string)
Defined in src/well-known/well-known.service.ts:87

Returns the JSON Web Key Set (JWKS) for a given tenant.

Parameters :
Name Type Optional
tenantId string No
Returns : Promise<JwksResponseDto> 
import { Injectable } from "@nestjs/common";
import { CryptoService } from "../crypto/crypto.service";
import { CryptoImplementationService } from "../crypto/key/crypto-implementation/crypto-implementation.service";
import { AuthorizeService } from "../issuer/authorize/authorize.service";
import { Oid4vciService } from "../issuer/oid4vci/oid4vci.service";
import { Session } from "../session/entities/session.entity";
import { MediaType } from "../utils/mediaType/media-type.enum";
import { CredentialIssuerMetadataDto } from "./dto/credential-issuer-metadata.dto";
import { JwksResponseDto } from "./dto/jwks-response.dto";
import { Oauth2AuthorizationServerResponse } from "./dto/oauth-authorization-server-response.dto";

/**
 * Service to handle well-known endpoints and metadata retrieval.
 */
@Injectable()
export class WellKnownService {
    /**
     * Constructor for WellKnownService.
     * @param oid4vciService
     * @param cryptoService
     * @param authorizeService
     */
    constructor(
        private readonly oid4vciService: Oid4vciService,
        private readonly cryptoService: CryptoService,
        private readonly authorizeService: AuthorizeService,
        private readonly cryptoImplementationService: CryptoImplementationService,
    ) {}

    /**
     * Retrieves the issuer metadata for a given tenant for the specified content type.
     * The metadata can be returned in two formats:
     * - an unsigned JSON document using the media type application/json, or
     * - a signed JSON Web Token (JWT) containing the Credential Issuer Metadata in its payload using the media type application/jwt.
     * @param tenantId
     * @param contentType
     * @returns
     */
    async getIssuerMetadata(session: Session, contentType: MediaType) {
        const metadata = (await this.oid4vciService.issuerMetadata(session))
            .credentialIssuer as unknown as CredentialIssuerMetadataDto;

        if (contentType === MediaType.APPLICATION_JWT) {
            const keyId = await this.cryptoService.keyService.getKid(
                session.tenantId,
                "access",
            );
            return this.cryptoService.signJwt(
                {
                    typ: "openidvci-issuer-metadata+jwt",
                    alg: this.cryptoImplementationService.getAlg(),
                    x5c: await this.cryptoService.getCertChain(
                        "access",
                        session.tenantId,
                    ),
                },
                {
                    ...metadata,
                    iss: metadata.credential_issuer,
                    sub: metadata.credential_issuer,
                    iat: Math.floor(new Date().getTime() / 1000),
                    // [Review]: should we add `exp` value here?
                    //MM: the value makes sense when we cache the issuer metadata so it must not be signed on every request. Like when it is issued every hour, its lifetime is 1 hour and the jwt is in the cache.
                },
                session.tenantId,
                keyId,
            );
        }

        return metadata;
    }

    /**
     * Returns the OAuth 2.0 Authorization Server metadata for a given tenant.
     * @returns
     */
    getAuthzMetadata(session: Session): Oauth2AuthorizationServerResponse {
        return this.authorizeService.authzMetadata(
            session,
        ) as Oauth2AuthorizationServerResponse;
    }

    /**
     * Returns the JSON Web Key Set (JWKS) for a given tenant.
     * @returns
     */
    getJwks(tenantId: string): Promise<JwksResponseDto> {
        return this.cryptoService.getJwks(tenantId).then((key) => ({
            keys: [key],
        }));
    }
}

results matching ""

    No results matching ""