Add request_uri_method post support

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

Author: JoTiTu

src/WalletFramework.Oid4Vc/Oid4Vp/Errors/InvalidRequestUriMethodError.cs

@@ -0,0 +1,12 @@
+namespace WalletFramework.Oid4Vc.Oid4Vp.Errors;
+
+/// <summary>
+/// Error indicating that the request_uri_method is not supported or invalid.
+/// This error is defined in OpenID4VP specification section 5.10.2.
+/// </summary>
+public record InvalidRequestUriMethodError : VpError
+{
+    private const string Code = "invalid_request_uri_method";
+    
+    public InvalidRequestUriMethodError(string message) : base(Code, message) { }
+} 

src/WalletFramework.Oid4Vc/Oid4Vp/Models/AuthorizationRequestByReference.cs

@@ -8,19 +8,23 @@ public record AuthorizationRequestByReference
     public Uri AuthorizationRequestUri { get; }
 
     public Uri RequestUri { get; }
+    
+    public Option<string> RequestUriMethod { get; }
 
-    private AuthorizationRequestByReference(Uri authorizationRequestUri, Uri requestUri) => (AuthorizationRequestUri, RequestUri) = (authorizationRequestUri, requestUri);
+    private AuthorizationRequestByReference(Uri authorizationRequestUri, Uri requestUri, Option<string> requestUriMethod) => 
+        (AuthorizationRequestUri, RequestUri, RequestUriMethod) = (authorizationRequestUri, requestUri, requestUriMethod);
 
     public static Option<AuthorizationRequestByReference> CreateAuthorizationRequestByReference(Uri uri)
     {
         var queryString = HttpUtility.ParseQueryString(uri.Query);
         var clientId = queryString["client_id"];
         var requestUri = queryString["request_uri"];
+        var requestUriMethod = queryString["request_uri_method"];
 
         if (string.IsNullOrEmpty(clientId)
             || string.IsNullOrEmpty(requestUri)) 
             return Option<AuthorizationRequestByReference>.None;
 
-        return new AuthorizationRequestByReference(uri, new Uri(requestUri));
+        return new AuthorizationRequestByReference(uri, new Uri(requestUri), requestUriMethod);
     }
 }

src/WalletFramework.Oid4Vc/Oid4Vp/Models/RequestObject.cs

@@ -48,7 +48,7 @@ private RequestObject(JwtSecurityToken token, AuthorizationRequest authorization
     ///     Creates a new instance of the <see cref="RequestObject" /> class.
     /// </summary>
     public static Validation<AuthorizationRequestCancellation, RequestObject> FromStr(
-        string requestObjectJson)
+        string requestObjectJson, Option<string> walletNonce)
     {
         var tokenHandler = new JwtSecurityTokenHandler();
 
@@ -66,6 +66,19 @@ public static Validation<AuthorizationRequestCancellation, RequestObject> FromSt
             return new AuthorizationRequestCancellation(Option<Uri>.None, [error]);
         }
 
+        walletNonce.IfSome(nonce => 
+        {
+            if (jwt.Payload.TryGetValue("wallet_nonce", out var nonceValue))
+            {
+                if (nonceValue.ToString() != nonce)
+                    throw new InvalidOperationException("wallet_nonce in request object does not match the provided wallet_nonce");
+            }
+            else
+            {
+                throw new InvalidOperationException("wallet_nonce is required but not present in the Request Object");
+            }
+        });
+        
         var json = jwt.Payload.SerializeToJson();
 
         return

src/WalletFramework.Oid4Vc/Oid4Vp/Services/AuthorizationRequestService.cs

@@ -1,5 +1,6 @@
 using System.Net.Http.Headers;
 using System.Web;
+using Hyperledger.Aries.Utils;
 using LanguageExt;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
@@ -18,6 +19,9 @@ public class AuthorizationRequestService(
     IHttpClientFactory httpClientFactory,
     IRpAuthService rpAuthService) : IAuthorizationRequestService
 {
+    private const string RequestUriMethodGet = "get";
+    private const string RequestUriMethodPost = "post";
+    
     public async Task<Validation<AuthorizationRequestCancellation, AuthorizationRequest>> GetAuthorizationRequest(
         AuthorizationRequestUri authorizationRequestUri) =>
         await authorizationRequestUri.Value.Match(
@@ -40,29 +44,22 @@ await authorizationRequestUri.Value.Match(
                     seq => seq
                 );
             },
-            async value =>
-            {
-                return await GetAuthRequestByValue(value);
-            }
-        );
+            async value => await GetAuthRequestByValue(value));
 
     private async Task<Validation<AuthorizationRequestCancellation, RequestObject>> GetRequestObject(
         AuthorizationRequestByReference authRequestByReference)
     {
-        var httpClient = httpClientFactory.CreateClient();
-        httpClient.DefaultRequestHeaders.Clear();
-
-        var jsonString = await httpClient.GetStringAsync(authRequestByReference.RequestUri);
-        var requestObjectValidation = FromStr(jsonString);
+        var requestObjectValidation = await FetchRequestObject(authRequestByReference);
 
-        return await requestObjectValidation.MatchAsync(async requestObject =>
+        return await requestObjectValidation.MatchAsync(
+            async requestObject =>
             {
                 var authRequest = requestObject.ToAuthorizationRequest();
                 var clientMetadataOption = 
                     await FetchClientMetadata(authRequest).OnException(_ => Option<ClientMetadata>.None);
-        
+
                 var error = new InvalidRequestError($"Client ID Scheme {requestObject.ClientIdScheme} is not supported");
-            
+    
                 Validation<AuthorizationRequestCancellation, RequestObject> result = 
                     requestObject.ClientIdScheme.Value switch
                     {
@@ -79,7 +76,7 @@ private async Task<Validation<AuthorizationRequestCancellation, RequestObject>>
                             .WithClientMetadata(clientMetadataOption),
                         _ => new AuthorizationRequestCancellation(authRequest.GetResponseUriMaybe(), [error])
                     };
-        
+
                 return result;
             },
             seq => seq);
@@ -137,6 +134,61 @@ private async Task<Validation<AuthorizationRequestCancellation, AuthorizationReq
             },
             seq => seq);
     }
+
+    private async Task<Validation<AuthorizationRequestCancellation, RequestObject>> FetchRequestObject(AuthorizationRequestByReference authRequestByReference)
+    {
+        return await authRequestByReference.RequestUriMethod.Match<Task<Validation<AuthorizationRequestCancellation, RequestObject>>>(
+            async method =>
+            {
+                return method.ToLowerInvariant() switch
+                {
+                    RequestUriMethodGet => await FetchRequestObjectViaGet(authRequestByReference),
+                    RequestUriMethodPost => await FetchRequestObjectViaPost(authRequestByReference),
+                    _ => new AuthorizationRequestCancellation(Option<Uri>.None, [new InvalidRequestUriMethodError($"Unsupported request_uri_method: '{method}'.")])
+                };
+            },
+            async () => await FetchRequestObjectViaGet(authRequestByReference));
+    }
+        
+    private async Task<Validation<AuthorizationRequestCancellation, RequestObject>> FetchRequestObjectViaPost(AuthorizationRequestByReference authRequestByReference)
+    {
+        var httpClient = httpClientFactory.CreateClient();
+        httpClient.DefaultRequestHeaders.Clear();
+        
+        var walletNonce = Base64UrlEncoder.Encode(Guid.NewGuid().ToString());
+        var keyValuePairs = new List<KeyValuePair<string, string>>();
+        keyValuePairs.Add(new KeyValuePair<string, string>("wallet_nonce", walletNonce));
+        keyValuePairs.Add(new KeyValuePair<string, string>("wallet_metadata", new JObject()
+        { 
+            ["vp_formats_supported"] = new JObject() 
+            {
+                ["dc+sd-jwt"] = new JObject() 
+                { 
+                    ["sd-jwt_alg_values"] = new JArray(){ "ES256", "ES384", "ES512", "RS256" }, 
+                    ["kb-jwt_alg_values"] = new JArray(){ "ES256" } 
+                },
+                ["mso_mdoc"] = new JObject() 
+                { 
+                    ["issuerauth_alg_values"] = new JArray(){ "ES256" }, 
+                    ["deviceauth_alg_values"] = new JArray(){ "ES256" } 
+                }
+            } 
+        }.ToString()));
+        
+        var response = await httpClient.PostAsync(authRequestByReference.RequestUri, new FormUrlEncodedContent(keyValuePairs));
+        response.EnsureSuccessStatusCode();
+        var stringContent = await response.Content.ReadAsStringAsync();
+
+        return FromStr(stringContent, walletNonce);
+    }
+    
+    private async Task<Validation<AuthorizationRequestCancellation, RequestObject>> FetchRequestObjectViaGet(AuthorizationRequestByReference authRequestByReference)
+    {
+        var httpClient = httpClientFactory.CreateClient();
+        httpClient.DefaultRequestHeaders.Clear();
+        
+        return FromStr(await httpClient.GetStringAsync(authRequestByReference.RequestUri), Option<string>.None);
+    }
 
     private async Task<Option<ClientMetadata>> FetchClientMetadata(AuthorizationRequest authorizationRequest)
     {