From ff6e8c87971478be8cc341e78edd1e521e565598 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oriol=20Canad=C3=A9s?= <oriol.canades@in2.es>
Date: Wed, 13 Nov 2024 12:52:25 +0100
Subject: [PATCH] Update CustomAuthorizationRequestConverter.java

---
 .../CustomAuthorizationRequestConverter.java   | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/main/java/es/in2/vcverifier/security/filters/CustomAuthorizationRequestConverter.java b/src/main/java/es/in2/vcverifier/security/filters/CustomAuthorizationRequestConverter.java
index 6367ba6..5a4fc43 100644
--- a/src/main/java/es/in2/vcverifier/security/filters/CustomAuthorizationRequestConverter.java
+++ b/src/main/java/es/in2/vcverifier/security/filters/CustomAuthorizationRequestConverter.java
@@ -162,10 +162,8 @@ private void validateOAuth2Parameters(HttpServletRequest request, SignedJWT sign
         String requestClientId = request.getParameter(CLIENT_ID);
         String requestScope = request.getParameter(SCOPE);
         Payload payload = signedJwt.getPayload();
-
         String jwtClientId = jwtService.getClaimFromPayload(payload, CLIENT_ID);
         String jwtScope = jwtService.getClaimFromPayload(payload, SCOPE);
-
         if (!requestClientId.equals(jwtClientId) || !requestScope.equals(jwtScope)) {
             throw new RequestMismatchException("OAuth 2.0 parameters do not match the JWT claims.");
         }
@@ -224,12 +222,8 @@ private Authentication getAuthentication(String state, String signedAuthRequest,
     private String buildAuthorizationRequestJwtPayload(String scope, String state) {
         // TODO this should be mapped with his presentation definition and return the presentation definition
         // Check and map the scope based on the specific requirement
-        if (scope.contains("learcredential")) {
-            scope = "dome.credentials.presentation.LEARCredentialEmployee";
-        } else {
-            throw new UnsupportedScopeException("Unsupported scope: " + scope);
-        }
-
+        checkAuthorizationRequestScope(scope);
+        
         Instant issueTime = Instant.now();
         Instant expirationTime = issueTime.plus(10, ChronoUnit.DAYS);
 
@@ -242,7 +236,7 @@ private String buildAuthorizationRequestJwtPayload(String scope, String state) {
                 .claim("client_id_scheme", "did")
                 .claim(NONCE, generateNonce())
                 .claim("response_uri", securityProperties.authorizationServer() + AUTHORIZATION_RESPONSE_ENDPOINT)
-                .claim(OAuth2ParameterNames.SCOPE, scope)
+                .claim(OAuth2ParameterNames.SCOPE, "dome.credentials.presentation.LEARCredentialEmployee")
                 .claim(OAuth2ParameterNames.STATE, state)
                 .claim(OAuth2ParameterNames.RESPONSE_TYPE, "vp_token")
                 .claim("response_mode", "direct_post")
@@ -252,6 +246,12 @@ private String buildAuthorizationRequestJwtPayload(String scope, String state) {
         return payload.toString();
     }
 
+    private void checkAuthorizationRequestScope(String scope) {
+        if (!scope.contains("learcredential")) {
+            throw new UnsupportedScopeException("Unsupported scope: " + scope);
+        }
+    }
+
     private String generateOpenId4VpUrl(String nonce) {
         String requestUri = String.format("%s/oid4vp/auth-request/%s", securityProperties.authorizationServer(), nonce);
         return String.format("openid4vp://?client_id=%s&request_uri=%s",