Keycloak: Change 'code' access token request key, to 'pre-authorized_code'

hugoib commented 4 months ago

For the demo, the following change was made inside the wallet:

Keycloak receives 'code' instead of 'pre-authorized-code'

Review the spec and fix where necessary.

Marcjazz commented 4 months ago

Here the section of the specs that addresses this issue https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#section-4.1.1-4.2.1

Marcjazz commented 4 months ago

@francis-pouatcha I've were the problem comes from. We read the code instead of the pre-authorized_code for the pre-authorized code grant type


  String code = formParams.getFirst(OAuth2Constants.CODE);

  if (code == null) {
      String errorMessage = "Missing parameter: " + OAuth2Constants.CODE;
      event.detail(Details.REASON, errorMessage);
      event.error(Errors.INVALID_CODE);
      throw new CorsErrorResponseException(cors, OAuthErrorException.INVALID_REQUEST,
              errorMessage, Response.Status.BAD_REQUEST);
  }

https://github.com/adorsys/keycloak-oid4vc/blob/e3f8e70f61cf7f41d6b9c79bfac8af46e781df1b/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantType.java#L53

francis-pouatcha commented 4 months ago

fixed with commit #5f5f2d1475639968970fd62f7b53f20a5723d5e7

francis-pouatcha commented 4 months ago

Resolved with:

https://github.com/keycloak/keycloak/pull/30692

adorsys / keycloak-ssi-deployment

Keycloak: Change 'code' access token request key, to 'pre-authorized_code' #42