fix(wallet): encode data for the authorization server following the a…

…pplication/x-www-form-urlencoded format (#59)

* fix(wallet): encode data for the authorization server following the application/x-www-form-urlencoded format

* fix: correct variable name

* fix: name collision

* test: use correct Content-Type header

* chore(Makefile): checkout to updated microservice branch to test it correctly

When PR #173 on DIDRoom_microservices is merged this commit can be reverted

* test: back to DIDRoom_microservices main branch

* chore: download a specific version of ncr

* test: update tests output

* test: fix

Makefile

@@ -26,7 +26,7 @@ help: ## 🛟 Show this help message
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-7s\033[0m %s\n", $$1, $$2}'
 
 ncr: ## 📦 Install and setup the server
-	@wget -q --show-progress https://github.com/forkbombeu/ncr/releases/latest/download/ncr
+	@wget -q --show-progress https://github.com/ForkbombEu/ncr/releases/download/v1.39.5/ncr;
 	@chmod +x ./ncr
 	@echo "📦 Setup is done!"
 

test/wallet.bats

@@ -27,7 +27,7 @@ load ./bats_utils
     url=$(jq_extract_raw "authorization_server" read_authz_server.output.json)
     curl -X GET $url | jq -c '.' 1> $TMP/out
     save_tmp_output authz_server_well-known.output.json
-    assert_output --partial '{"authorization_endpoint":"http://localhost:3000/authz_server/authorize","pushed_authorization_request_endpoint":"http://localhost:3000/authz_server/par","token_endpoint":"http://localhost:3000/authz_server/token","introspection_endpoint":"http://localhost:3000/authz_server/introspection","issuer":"http://localhost:3000/authz_server","jwks":{"keys":[{"kid":"did:dyne:sandbox.genericissuer:'
+    assert_output --partial '{"authorization_endpoint":"http://localhost:3000/authz_server/authorize","pushed_authorization_request_endpoint":"http://localhost:3000/authz_server/par","token_endpoint":"http://localhost:3000/authz_server/token","introspection_endpoint":"http://localhost:3000/authz_server/introspection","issuer":"http://localhost:3000/authz_server","require_pushed_authorization_requests":true,"jwks":{"keys":[{"kid":"did:dyne:sandbox.genericissuer:'
     assert_output --partial '#es256_public_key","crv":"P-256","alg":"ES256","kty":"EC"}]},"scopes_supported":["{{ as_scopes }}"],"dpop_signing_alg_values_supported":["ES256"],"client_registration_types_supported":["automatic"],"code_challenge_methods_supported":["S256"],"authorization_details_types_supported":["openid_credential"],"grant_types_supported":["authorization_code"],"request_parameter_supported":true,"request_uri_parameter_supported":false,"response_types_supported":["code"],"subject_types_supported":["pairwise"],"token_endpoint_auth_methods_supported":["attest_jwt_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["ES256"],"request_object_signing_alg_values_supported":["ES256"]}'
 }
 
@@ -48,8 +48,8 @@ load ./bats_utils
     zexe $WALLET/call_par.zen $WALLET/call_par.keys.json holder_qr_to_well-known.output.json
     save_tmp_output call_par.output.json
     url=$(jq_extract_raw "authorization_server_endpoint_par" call_par.output.json)
-    data=$(jq_extract_raw "data" call_par.output.json)
-    curl -X POST $url -H 'Content-Type: application/json' -d ''"$(echo $data)"'' 1> $TMP/out
+    data=$(jq_extract_raw "url_encoded_data" call_par.output.json)
+    curl -X POST $url -H 'Content-Type: application/x-www-form-urlencoded' -d ''"$(echo $data)"'' 1> $TMP/out
     save_tmp_output post_par.output.json
     # (Invalid extended regular expression?) assert_output --regexp '{"request_uri":"urn:ietf:params:oauth:request_uri.*","expires_in":600}
     assert_output --partial '{"request_uri":"urn:ietf:params:oauth:request_uri'
@@ -88,7 +88,7 @@ load ./bats_utils
     save_tmp_output pre_token.output.json
     url=$(jq_extract_raw "token_endpoint" pre_token.output.json)
     data=$(jq_extract_raw "data" pre_token.output.json)
-    curl -X POST $url -H 'Content-Type: application/json' -d ''"$(echo $data)"'' 1> $TMP/out
+    curl -X POST $url -H 'Content-Type: application/x-www-form-urlencoded' -d ''"$(echo $data)"'' 1> $TMP/out
     save_tmp_output post_token.output.json
     # if --regexp resolve modify also here
     assert_output --partial '{"token_type":"bearer","access_token":"eyJhbGciOiJFUzI1NiIsImp3ayI6eyJrdHkiOiJFQyIsIngiO'

wallet/call_par.keys.json

@@ -19,5 +19,8 @@
         }
     },
     "r.request_uri_path": "result.request_uri",
-    "r.expires_in_path": "result.expires_in"
+    "r.expires_in_path": "result.expires_in",
+    "headers": {
+        "Content-Type": "application/x-www-form-urlencoded"
+    }
 }

wallet/call_par.zen

@@ -34,6 +34,11 @@ and I move 'locations' in 'dict_details'
 
 When I move 'dict_details' in 'authorization_details'
 
+# string to be able to create url encoded data
+When I create the json escaped string of 'authorization_details'
+and I remove 'authorization_details'
+and I rename the 'json escaped string' to 'authorization_details'
+
 #- create Code Verifier (rng in url64) (used in step 7)
 When I create the random object of '256' bits
 When I write the string '' in 'code_verifier'
@@ -75,21 +80,24 @@ and I move 'code_challenge_method' in 'data'
 and I move 'state' in 'data'
 and I move 'authorization_details' in 'data'
 
+When I create http get parameters from 'data' using percent encoding
+and I rename the 'http_get_parameters' to 'url_encoded_data'
+
 Then print the 'authorization_server_endpoint_par'
-and print the 'data'
+and print the 'url_encoded_data'
 and print the 'authorization_endpoint'
 and print the 'client_id'
 
 # this needs to saved into a state for later usage
 # code verifier will be sent authz server in a later stage
 Then print the 'code_verifier'
 
-Then I connect to 'authorization_server_endpoint_par' and send object 'data' and do post and output into 'par_response' 
+Then I connect to 'authorization_server_endpoint_par' and send object 'url_encoded_data' and send headers 'headers' and do post and output into 'par_response' 
 Then I send object 'par_response' and send path 'r.request_uri_path' and manipulate and get and output into 'request_uri'
 Then I send object 'par_response' and send path 'r.expires_in_path' and manipulate and get and output into 'expires_in'
 
 Then I manipulate and delete and output into 'par_response'
-Then I manipulate and delete and output into 'data'
+Then I manipulate and delete and output into 'url_encoded_data'
 Then I manipulate and delete and output into 'authorization_server_endpoint_par'
 
 # at this point visit : ${authorization_endpoint}?request_uri=${request_uri}&client_id=${client_id}

wallet/call_token_and_credential.keys.json

@@ -18,6 +18,9 @@
             ]
         }
     },
+    "token_headers": {
+        "Content-Type": "application/x-www-form-urlencoded"
+    },
     "data": {},
     "keys": {},
     "client_id_path": "client_id",

wallet/call_token_and_credential.zen

@@ -17,7 +17,7 @@ Given I send object 'zen_pre_token_output' and send path 'data_path' and manipul
 Given I send object 'zen_pre_token_output' and send path 'token_endpoint_path' and manipulate and get and output into 'token_endpoint'
 
 # execute post to /token
-Given I connect to 'token_endpoint' and send object 'token_body' and do post and output into 'token_response'
+Given I connect to 'token_endpoint' and send object 'token_body' and send headers 'token_headers' and do post and output into 'token_response'
 
 # add results to data
 Given I send object 'token_response' and send path 'r.access_token' and manipulate and get and output into 'access_token'

wallet/pre_token.zen

@@ -1,4 +1,5 @@
 scenario 'w3c': DPoP
+Scenario 'http': application/x-www-form-urlencoded
 
 # keys
 Given I have a 'keyring' 
@@ -58,5 +59,9 @@ and I move 'redirect_uri' in 'data'
 and I move 'code_verifier' in 'data'
 and I move 'grant_type' in 'data'
 
+When I create http get parameters from 'data' using percent encoding
+and I remove 'data'
+and I rename the 'http_get_parameters' to 'data'
+
 Then print the 'data'
 Then print the 'token_endpoint'