From 9015510e99a7fdaa185c0744039842236b224975 Mon Sep 17 00:00:00 2001
From: Tom Lanser <tom@devv.nl>
Date: Wed, 18 Dec 2024 13:17:13 +0100
Subject: [PATCH] feat: Added support for openid_credential_issuer/verifier

Signed-off-by: Tom Lanser <tom@devv.nl>
---
 packages/core/src/metadata/entity/index.ts    |  2 ++
 .../metadata/entity/openIdCredentialIssuer.ts | 25 +++++++++++++++++++
 .../entity/openIdCredentialVerifier.ts        | 17 +++++++++++++
 .../src/metadata/entity/openIdRelyingParty.ts |  2 --
 packages/core/src/metadata/metadata.ts        |  4 +++
 5 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 packages/core/src/metadata/entity/openIdCredentialIssuer.ts
 create mode 100644 packages/core/src/metadata/entity/openIdCredentialVerifier.ts

diff --git a/packages/core/src/metadata/entity/index.ts b/packages/core/src/metadata/entity/index.ts
index a7635ce..34bb76a 100644
--- a/packages/core/src/metadata/entity/index.ts
+++ b/packages/core/src/metadata/entity/index.ts
@@ -4,3 +4,5 @@ export * from './oauthResource'
 export * from './openIdProvider'
 export * from './openIdRelyingParty'
 export * from './oauthAuthorizationServer'
+export * from './openIdCredentialIssuer'
+export * from './openIdCredentialVerifier'
diff --git a/packages/core/src/metadata/entity/openIdCredentialIssuer.ts b/packages/core/src/metadata/entity/openIdCredentialIssuer.ts
new file mode 100644
index 0000000..4bcecf0
--- /dev/null
+++ b/packages/core/src/metadata/entity/openIdCredentialIssuer.ts
@@ -0,0 +1,25 @@
+import { z } from 'zod'
+import { createEntity } from './utils'
+
+/**
+ *
+ * {@link https://openid.github.io/federation-wallet/main.html#name-wallet-architecture-entity- | OpenID Credential Issuer}
+ *
+ */
+export const openIdCredentialIssuerEntityMetadata = createEntity({
+  identifier: 'openid_credential_issuer',
+  passThroughUnknownProperties: true,
+  additionalValidation: {
+    client_registration_types_supported: z.array(z.union([z.literal('automatic'), z.literal('explicit')])),
+    federation_registration_endpoint: z.string().url().optional(),
+    request_authentication_methods_supported: z
+      .object({
+        authorization_endpoint: z.array(z.string()).optional(),
+        pushed_authorization_request_endpoint: z.array(z.string()).optional(),
+      })
+      .optional(),
+    request_authentication_signing_alg_values_supported: z.array(z.string()).optional(),
+  },
+})
+
+export type OpenIdCredentialIssuerMetadata = z.input<(typeof openIdCredentialIssuerEntityMetadata)['schema']>
diff --git a/packages/core/src/metadata/entity/openIdCredentialVerifier.ts b/packages/core/src/metadata/entity/openIdCredentialVerifier.ts
new file mode 100644
index 0000000..2470adb
--- /dev/null
+++ b/packages/core/src/metadata/entity/openIdCredentialVerifier.ts
@@ -0,0 +1,17 @@
+import { z } from 'zod'
+import { createEntity } from './utils'
+
+/**
+ *
+ * {@link https://openid.github.io/federation-wallet/main.html#name-wallet-architecture-entity- | OpenID Credential Verifier }
+ *
+ */
+export const openidCredentialVerifierEntityMetadata = createEntity({
+  identifier: 'openid_credential_verifier',
+  passThroughUnknownProperties: true,
+  additionalValidation: {
+    client_registration_types: z.array(z.union([z.literal('automatic'), z.literal('explicit')])),
+  },
+})
+
+export type OpenIdCredentialVerifierMetadata = z.input<(typeof openidCredentialVerifierEntityMetadata)['schema']>
diff --git a/packages/core/src/metadata/entity/openIdRelyingParty.ts b/packages/core/src/metadata/entity/openIdRelyingParty.ts
index afcd324..4b58838 100644
--- a/packages/core/src/metadata/entity/openIdRelyingParty.ts
+++ b/packages/core/src/metadata/entity/openIdRelyingParty.ts
@@ -1,8 +1,6 @@
 import { z } from 'zod'
 import { createEntity } from './utils'
 
-// TODO: In the wallet specification they are talking about a `openid_credential_verifier` property which is the exact same as the `openid_relying_party` how should we handle this?
-
 /**
  *
  * {@link https://openid.net/specs/openid-federation-1_0.html#section-5.1.2-1 | openID Relying Party }
diff --git a/packages/core/src/metadata/metadata.ts b/packages/core/src/metadata/metadata.ts
index cff4c3b..18b80fe 100644
--- a/packages/core/src/metadata/metadata.ts
+++ b/packages/core/src/metadata/metadata.ts
@@ -5,13 +5,17 @@ import {
   oauthAuthorizationServerEntityMetadata,
   oauthClientEntityMetadata,
   oauthResourceEntityMetadata,
+  openIdCredentialIssuerEntityMetadata,
   openIdProviderEntityMetadata,
+  openidCredentialVerifierEntityMetadata,
   openidRelyingPartyEntityMetadata,
 } from './entity'
 
 export const metadataSchema = z.object({
   [federationEntityMetadata.identifier]: federationEntityMetadata.schema.optional(),
   [openidRelyingPartyEntityMetadata.identifier]: openidRelyingPartyEntityMetadata.schema.optional(),
+  [openidCredentialVerifierEntityMetadata.identifier]: openidCredentialVerifierEntityMetadata.schema.optional(),
+  [openIdCredentialIssuerEntityMetadata.identifier]: openIdCredentialIssuerEntityMetadata.schema.optional(),
   [openIdProviderEntityMetadata.identifier]: openIdProviderEntityMetadata.schema.optional(),
   [oauthAuthorizationServerEntityMetadata.identifier]: oauthAuthorizationServerEntityMetadata.schema.optional(),
   [oauthClientEntityMetadata.identifier]: oauthClientEntityMetadata.schema.optional(),