feat: update SIOPv2 to WG Draft 13

README.md

@@ -18,7 +18,7 @@ This workspace includes Rust implementations for the following DCP specification
 | -------------------| ------------------------------------------ | -------
 | [OID4VCI](oid4vci) | OpenID for Verifiable Credential Issuance  | [Editor's Draft published: 30 August 2023](https://github.com/openid/OpenID4VCI/blob/111db260b1ad1915ca1462cc4904781beb179972/openid-4-verifiable-credential-issuance-1_0.md)
 | [OID4VP](oid4vp)   | OpenID for Verifiable Presentations        | [Working Group Draft 20 published: 29 November 2023](https://openid.net/specs/openid-4-verifiable-presentations-1_0-20.html)
-| [SIOPv2](siopv2)   | Self-Issued OpenID Provider v2             | [Editor's Draft published: 24 August 2023](https://github.com/openid/SIOPv2/blob/fb00ab840daa0cec614691b712e28c1f77ed43ea/openid-connect-self-issued-v2-1_0.md)
+| [SIOPv2](siopv2)   | Self-Issued OpenID Provider v2             | [Working Group Draft 13 published: 28 November 2023](https://openid.net/specs/openid-connect-self-issued-v2-1_0-13.html)
 
 ### DIF Presentation Exchange
 

oid4vc-core/src/authorization_request.rs

@@ -90,6 +90,8 @@ impl Body for ByValue {
 /// form of a [`Body`] which can be [`ByValue`], [`ByReference`], or an [`Object`].
 #[derive(Serialize, Deserialize, Debug, PartialEq, Clone)]
 pub struct AuthorizationRequest<B: Body> {
+    #[serde(skip)]
+    pub custom_url_scheme: String,
     #[serde(flatten)]
     pub body: B,
 }
@@ -100,6 +102,7 @@ impl<E: Extension + OpenID4VC> AuthorizationRequest<Object<E>> {
         original: &AuthorizationRequest<Object<Generic>>,
     ) -> anyhow::Result<AuthorizationRequest<Object<E>>> {
         Ok(AuthorizationRequest {
+            custom_url_scheme: original.custom_url_scheme.clone(),
             body: Object::from_generic(&original.body)?,
         })
     }
@@ -130,15 +133,15 @@ impl<B: Body + DeserializeOwned> std::str::FromStr for AuthorizationRequest<B> {
                 _ => None,
             })
             .collect::<Result<_, anyhow::Error>>()?;
-        let authorization_request: AuthorizationRequest<B> = serde_json::from_value(serde_json::Value::Object(map))?;
+        let mut authorization_request: AuthorizationRequest<B> =
+            serde_json::from_value(serde_json::Value::Object(map))?;
+        authorization_request.custom_url_scheme = url.scheme().to_string();
         Ok(authorization_request)
     }
 }
 
 /// In order to convert a [`AuthorizationRequest`] to a string, we need to convert all the values to strings. This is because
 /// `serde_urlencoded` does not support serializing non-primitive types.
-// TODO: Find a way to dynamically generate the `siopv2://idtoken?` part of the URL. This will require some refactoring
-// for the `AuthorizationRequest` struct.
 impl<B: Body> std::fmt::Display for AuthorizationRequest<B> {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         let map: JsonObject = json!(self)
@@ -155,7 +158,7 @@ impl<B: Body> std::fmt::Display for AuthorizationRequest<B> {
             .collect();
 
         let encoded = serde_urlencoded::to_string(map).map_err(|_| std::fmt::Error)?;
-        write!(f, "siopv2://idtoken?{}", encoded)
+        write!(f, "{}://?{}", self.custom_url_scheme, encoded)
     }
 }
 
@@ -167,6 +170,7 @@ mod tests {
     #[test]
     fn test() {
         let authorization_request = AuthorizationRequest::<Object> {
+            custom_url_scheme: "test".to_string(),
             body: Object {
                 rfc7519_claims: Default::default(),
                 client_id: "did:example:123".to_string(),

oid4vc-manager/README.md

@@ -10,6 +10,6 @@ the digital, as well as in the real world.
 
 In this library, you'll find Rust implementations for several critical DCP specifications, including:
 * [OpenID for Verifiable Credential
-  Issuance](https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html) (OpenID4VCI)
-* [OpenID for Verifiable Presentations](https://openid.bitbucket.io/connect/openid-connect-self-issued-v2-1_0.html) (OpenID4VP)
-* [Self-Issued OpenID Provider v2](https://openid.bitbucket.io/connect/openid-connect-self-issued-v2-1_0.html) (SIOPv2)
+  Issuance](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-12.html) (OpenID4VCI)
+* [OpenID for Verifiable Presentations](https://openid.net/specs/openid-4-verifiable-presentations-1_0-20.html) (OpenID4VP)
+* [Self-Issued OpenID Provider v2](https://openid.net/specs/openid-connect-self-issued-v2-1_0-13.html) (SIOPv2)

oid4vc-manager/src/servers/credential_issuer.rs

@@ -173,7 +173,7 @@ async fn credential<S: Storage<CFC>, CFC: CredentialFormatCollection>(
     AuthBearer(access_token): AuthBearer,
     Json(credential_request): Json<CredentialRequest<CFC>>,
 ) -> impl IntoResponse {
-    // TODO: The bunch of unwrap's here should be replaced with error responses as described here: https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html#name-credential-error-response
+    // TODO: The bunch of unwrap's here should be replaced with error responses as described here: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-13.html#name-credential-error-response.
     let proof = credential_issuer_manager
         .credential_issuer
         .validate_proof(
@@ -211,7 +211,7 @@ async fn batch_credential<S: Storage<CFC>, CFC: CredentialFormatCollection>(
 ) -> impl IntoResponse {
     let mut credential_responses = vec![];
     for credential_request in batch_credential_request.credential_requests {
-        // TODO: The bunch of unwrap's here should be replaced with error responses as described here: https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html#name-credential-error-response
+        // TODO: The bunch of unwrap's here should be replaced with error responses as described here: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-13.html#name-batch-credential-error-resp.
         let proof = credential_issuer_manager
             .credential_issuer
             .validate_proof(

oid4vc-manager/tests/siopv2/implicit.rs

@@ -120,6 +120,7 @@ async fn test_implicit_flow() {
 
     // Create a new RequestUrl which includes a `request_uri` pointing to the mock server's `request_uri` endpoint.
     let authorization_request = AuthorizationRequest::<ByReference> {
+        custom_url_scheme: "openid".to_string(),
         body: ByReference {
             client_id: "did:test:relyingparty".to_string(),
             request_uri: format!("{server_url}/request_uri").parse::<url::Url>().unwrap(),

oid4vci/README.md

@@ -5,7 +5,7 @@ Working Group](https://openid.net/wg/digital-credentials-protocols/).
 
 | Specification      | Description                                | Version
 | -------------------| ------------------------------------------ | -------
-| [OID4VCI](oid4vci) | OpenID for Verifiable Credential Issuance  | [Editor's Draft published: 30 August 2023](https://github.com/openid/OpenID4VCI/blob/111db260b1ad1915ca1462cc4904781beb179972/openid-4-verifiable-credential-issuance-1_0.md)
+| [OID4VCI](oid4vci) | OpenID for Verifiable Credential Issuance  | [Working Group Draft 12 published: 26 November 2023](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-12.html)
 
 An overview of all the OpenID Digital Credentials Protocols implementation in Rust can be found [here](../README.md).
 

oid4vp/src/authorization_request.rs

@@ -60,6 +60,7 @@ pub struct AuthorizationRequestBuilder {
     response_mode: Option<String>,
     nonce: Option<String>,
     client_metadata: Option<ClientMetadataResource<ClientMetadataParameters>>,
+    custom_url_scheme: Option<String>,
 }
 
 impl AuthorizationRequestBuilder {
@@ -79,6 +80,7 @@ impl AuthorizationRequestBuilder {
     builder_fn!(state, String);
     builder_fn!(presentation_definition, PresentationDefinition);
     builder_fn!(client_id_scheme, ClientIdScheme);
+    builder_fn!(custom_url_scheme, String);
 
     pub fn build(mut self) -> Result<AuthorizationRequest<Object<OID4VP>>> {
         match (self.client_id.take(), self.is_empty()) {
@@ -101,6 +103,7 @@ impl AuthorizationRequestBuilder {
                 };
 
                 Ok(AuthorizationRequest::<Object<OID4VP>> {
+                    custom_url_scheme: self.custom_url_scheme.take().unwrap_or("openid".to_string()),
                     body: Object::<OID4VP> {
                         rfc7519_claims: self.rfc7519_claims,
                         client_id,

siopv2/README.md

@@ -5,7 +5,7 @@ Working Group](https://openid.net/wg/digital-credentials-protocols/).
 
 | Specification      | Description                                | Version
 | -------------------| ------------------------------------------ | -------
-| [SIOPv2](siopv2)   | Self-Issued OpenID Provider v2             | [Editor's Draft published: 24 August 2023](https://github.com/openid/SIOPv2/blob/fb00ab840daa0cec614691b712e28c1f77ed43ea/openid-connect-self-issued-v2-1_0.md)
+| [SIOPv2](siopv2)   | Self-Issued OpenID Provider v2             | [Working Group Draft 13 published: 28 November 2023](https://openid.net/specs/openid-connect-self-issued-v2-1_0-13.html)
 
 An overview of all the OpenID Digital Credentials Protocols implementation in Rust can be found [here](../README.md).
 

siopv2/src/authorization_request.rs

@@ -70,6 +70,7 @@ pub struct AuthorizationRequestBuilder {
     nonce: Option<String>,
     claims: Option<Result<ClaimRequests>>,
     client_metadata: Option<ClientMetadataResource<ClientMetadataParameters>>,
+    custom_url_scheme: Option<String>,
 }
 
 impl AuthorizationRequestBuilder {
@@ -92,6 +93,7 @@ impl AuthorizationRequestBuilder {
     builder_fn!(nonce, String);
     builder_fn!(client_metadata, ClientMetadataResource<ClientMetadataParameters>);
     builder_fn!(state, String);
+    builder_fn!(custom_url_scheme, String);
 
     pub fn build(mut self) -> Result<AuthorizationRequest<Object<SIOPv2>>> {
         match (self.client_id.take(), self.is_empty()) {
@@ -113,6 +115,7 @@ impl AuthorizationRequestBuilder {
                 };
 
                 Ok(AuthorizationRequest::<Object<SIOPv2>> {
+                    custom_url_scheme: self.custom_url_scheme.take().unwrap_or("openid".to_string()),
                     body: Object::<SIOPv2> {
                         rfc7519_claims: self.rfc7519_claims,
                         client_id,
@@ -185,6 +188,7 @@ mod tests {
         assert_eq!(
             request_url,
             AuthorizationRequest::<Object<SIOPv2>> {
+                custom_url_scheme: "openid".to_string(),
                 body: Object::<SIOPv2> {
                     rfc7519_claims: RFC7519Claims::default(),
                     client_id: "did:example:123".to_string(),