8000 [OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint by forkimenjeckayang · Pull Request #40751 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint #40751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

[OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint #40751

wants to merge 6 commits into from
+2,219 −32

Conversation

forkimenjeckayang
Copy link
Contributor
@forkimenjeckayang forkimenjeckayang commented Jun 27, 2025
edited
Loading

Summary

This PR implements support for parsing and understanding authorization_details parameter at the Token Endpoint for OpenID4VCI (OpenID for Verifiable Credential Issuance).

Implementation Includes:

1. Authorization Details Processing

  • Added support for parsing authorization_details parameter in token requests
  • Supports both credential_configuration_id and format-based authorization details
  • Validates authorization details structure and prevents invalid combinations

2. Credential Identifier Generation

  • Generates unique credential identifiers based on authorization details
  • Format: {UUID}

3. Session-based Identifier Persistence

  • Stores credential identifiers in user session notes for persistence
  • Reuses identifiers for the same credential_configuration_id within the same session
  • Generates different identifiers for different sessions (session isolation)
  • Supports both PreAuthorizedCode and AuthorizationCode grant types

4. Response Enhancement

  • Returns authorization_details in token responses with generated credential identifiers
  • Maintains backward compatibility with existing token response format
  • Includes proper validation and error handling

Closses

Issue #39278
Issue #39279

@forkimenjeckayang forkimenjeckayang requested review from a team as code owners June 27, 2025 08:19
@forkimenjeckayang forkimenjeckayang mentioned this pull request Jun 27, 2025
Open
keycloak-github-bot[bot]
keycloak-github-bot bot reviewed Jun 27, 2025
View reviewed changes
Copy link
@keycloak-github-bot keycloak-github-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.cluster.RealmInvalidationClusterTest#crudWithFailover

Keycloak CI - Clustering IT

java.lang.RuntimeException: java.lang.IllegalStateException: Keycloak unexpectedly died :(
	at org.keycloak.testsuite.arquillian.containers.KeycloakQuarkusServerDeployableContainer.start(KeycloakQuarkusServerDeployableContainer.java:71)
	at org.jboss.arquillian.container.impl.ContainerImpl.start(ContainerImpl.java:185)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController$8.perform(ContainerLifecycleController.java:137)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController$8.perform(ContainerLifecycleController.java:133)
...

Report flaky test

@forkimenjeckayang forkimenjeckayang requested a review from a team as a code owner July 7, 2025 11:46
@mposolda mposolda self-assigned this Jul 7, 2025
@forkimenjeckayang
Add support for parsing and understanding authorization_details at th…
8419995 
…e Token Endpoint

Closes keycloak#39278

Closes keycloak#39279

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@mposolda mposolda

Labels
flaky-test team/cloud-native team/core-clients team/core-iam team/ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@forkimenjeckayang @mposolda
0