From 8d4fba3ac642d5af1e5798eb9f062e63d372b686 Mon Sep 17 00:00:00 2001 From: Bibash Shrestha Date: Mon, 9 Oct 2023 19:34:16 +0545 Subject: [PATCH] refactor: nonce issue solved for lowsecurity #2001 --- .../qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart | 9 +++------ packages/oidc4vc/lib/src/oidc4vc.dart | 9 ++++++--- packages/oidc4vc/lib/src/verifier_token_parameters.dart | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart b/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart index a2ce80814..813224cb9 100644 --- a/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart +++ b/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart @@ -958,17 +958,14 @@ class QRCodeScanCubit extends Cubit { final nonce = state.uri?.queryParameters['nonce']; final stateValue = state.uri?.queryParameters['state']; - final bool isEBSIV3 = - await isEBSIV3ForVerifier(client: client, uri: state.uri!); - final privateKey = await fetchPrivateKey( - isEBSIV3: isEBSIV3, + isEBSIV3: false, oidc4vc: oidc4vc, secureStorage: getSecureStorage, ); final (did, kid) = await getDidAndKid( - isEBSIV3: isEBSIV3, + isEBSIV3: false, privateKey: privateKey, didKitProvider: didKitProvider, ); @@ -979,7 +976,7 @@ class QRCodeScanCubit extends Cubit { did: did, kid: kid, redirectUri: redirectUri, - nonce: nonce!, + nonce: nonce, stateValue: stateValue, ); diff --git a/packages/oidc4vc/lib/src/oidc4vc.dart b/packages/oidc4vc/lib/src/oidc4vc.dart index d5ca768f4..b43b275d4 100644 --- a/packages/oidc4vc/lib/src/oidc4vc.dart +++ b/packages/oidc4vc/lib/src/oidc4vc.dart @@ -853,7 +853,7 @@ class OIDC4VC { required String did, required String kid, required String redirectUri, - required String nonce, + required String? nonce, required String privateKey, required String? stateValue, }) async { @@ -976,7 +976,7 @@ class OIDC4VC { 'holder': tokenParameters.did, 'verifiableCredential': tokenParameters.jsonIdOrJwtList, }, - 'nonce': tokenParameters.nonce, + 'nonce': tokenParameters.nonce!, }; final verifierVpJwt = generateToken( @@ -1037,9 +1037,12 @@ class OIDC4VC { 'exp': DateTime.now().microsecondsSinceEpoch + 1000, 'sub': tokenParameters.did, 'iss': tokenParameters.did, //'https://self-issued.me/v2', - 'nonce': tokenParameters.nonce, }; + if (tokenParameters.nonce != null) { + payload['nonce'] = tokenParameters.nonce!; + } + final verifierIdJwt = generateToken( vpTokenPayload: payload, tokenParameters: tokenParameters, diff --git a/packages/oidc4vc/lib/src/verifier_token_parameters.dart b/packages/oidc4vc/lib/src/verifier_token_parameters.dart index 967265933..1385442ad 100644 --- a/packages/oidc4vc/lib/src/verifier_token_parameters.dart +++ b/packages/oidc4vc/lib/src/verifier_token_parameters.dart @@ -13,7 +13,7 @@ class VerifierTokenParameters extends TokenParameters { required super.isIdToken, required this.audience, required this.credentials, - required this.nonce, + this.nonce, }); /// [audience] is is client id of the request @@ -23,7 +23,7 @@ class VerifierTokenParameters extends TokenParameters { final List credentials; /// [nonce] is a number given by verifier to handle request authentication - final String nonce; + final String? nonce; /// [jsonIdOrJwtList] is list of jwt or jsonIds from the credentials /// wich contains other credential's metadata