add redirect_uri client_id_prefix validation (#366)

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

Author: JoTiTu

src/WalletFramework.Oid4Vc/Oid4Vp/Models/RequestObject.cs

@@ -182,7 +182,13 @@ public static RequestObject ValidateTrustChain(this RequestObject requestObject)
         else
             throw new InvalidOperationException("Validation of trust chain failed");
     }
-
+    
+    public static RequestObject ValidateClientIdPrefix(this RequestObject requestObject) => 
+        requestObject.ClientIdScheme.Value == ClientIdScheme.ClientIdSchemeValue.RedirectUri 
+        && requestObject.ToAuthorizationRequest().ResponseUri != requestObject.ClientId
+        ? throw new InvalidOperationException("When client_id_prefix is 'redirect_uri', the response_uri must match the client_id")
+        : requestObject;
+    
     internal static List<X509Certificate> GetCertificates(this RequestObject requestObject)
     {
         var x5C = ((JwtSecurityToken)requestObject).Header.X5c;

src/WalletFramework.Oid4Vc/Oid4Vp/Services/AuthorizationRequestService.cs

@@ -70,6 +70,7 @@ private async Task<Validation<AuthorizationRequestCancellation, RequestObject>>
                             .WithX509()
                             .WithClientMetadata(clientMetadataOption),
                         RedirectUri => requestObject
+                            .ValidateClientIdPrefix()
                             .WithClientMetadata(clientMetadataOption),
                         //TODO: Remove Did in the future (kept for now for compatibility)
                         Did => requestObject