ISO 18013-7 apv JWE header parameter

eu-digital-identity-wallet / eudi-lib-jvm-siop-openid4vp-kt

Implementation of SIOPv2 and OpenID4VP protocols (wallet's role) in Kotlin

Apache License 2.0

12 stars 2 forks source link

ISO 18013-7 apv JWE header parameter #232

Closed marinaioannou closed 7 months ago

marinaioannou commented 7 months ago

Documentation: According to the ISO 18013-7:

The mdoc shall set the apv JWT (JWE) header parameter to the base64url-encoded-with-no-padding value of the nonce Authorization Request parameter from the Authorization Request Object.

The problem: Currently, the apv has the value of nonce Authorization Request parameter from the Authorization Request Object and not the base64url-encoded-with-no-padding value of it.

Proposed resolution: Please consider replacing in the line : Base64URL(data.nonce) with Base64URL.encode(data.nonce)

babisRoutis commented 7 months ago

@dzarras Please prepare a fix for this & in addition check whether it affects verifier-endpoint

babisRoutis commented 7 months ago

@marinaioannou Thanks for reporting this. Good catch!

dzarras commented 7 months ago

@babisRoutis / @vafeini Shouldn't we also be similarly setting the apv JWE header claim when doing both signature and encryption as well?

I'm referring to https://github.com/eu-digital-identity-wallet/eudi-lib-jvm-siop-openid4vp-kt/blob/dd1d3ed216a1be6ea9ae1ff2336aa2dc25328f60/src/main/kotlin/eu/europa/ec/eudi/openid4vp/internal/response/JarmJwt.kt#L105

Shouldn't this be:

    return JWEObject(
        JWEHeader.Builder(jweAlgorithm, encryptionMethod)
            .agreementPartyVInfo(Base64URL.encode(data.nonce))
            .build(),
        Payload(signedJwt),
    ).apply { encrypt(jweEncrypter) }