refactor: nonce issue solved for lowsecurity #2001

TalaoDAO · Oct 9, 2023 · 8d4fba3 · 8d4fba3
1 parent e516e37
commit 8d4fba3
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 11 deletions.
diff --git a/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart b/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart
@@ -958,17 +958,14 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
       final nonce = state.uri?.queryParameters['nonce'];
       final stateValue = state.uri?.queryParameters['state'];
 
-      final bool isEBSIV3 =
-          await isEBSIV3ForVerifier(client: client, uri: state.uri!);
-
       final privateKey = await fetchPrivateKey(
-        isEBSIV3: isEBSIV3,
+        isEBSIV3: false,
         oidc4vc: oidc4vc,
         secureStorage: getSecureStorage,
       );
 
       final (did, kid) = await getDidAndKid(
-        isEBSIV3: isEBSIV3,
+        isEBSIV3: false,
         privateKey: privateKey,
         didKitProvider: didKitProvider,
       );
@@ -979,7 +976,7 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
         did: did,
         kid: kid,
         redirectUri: redirectUri,
-        nonce: nonce!,
+        nonce: nonce,
         stateValue: stateValue,
       );
 

diff --git a/packages/oidc4vc/lib/src/oidc4vc.dart b/packages/oidc4vc/lib/src/oidc4vc.dart
@@ -853,7 +853,7 @@ class OIDC4VC {
     required String did,
     required String kid,
     required String redirectUri,
-    required String nonce,
+    required String? nonce,
     required String privateKey,
     required String? stateValue,
   }) async {
@@ -976,7 +976,7 @@ class OIDC4VC {
         'holder': tokenParameters.did,
         'verifiableCredential': tokenParameters.jsonIdOrJwtList,
       },
-      'nonce': tokenParameters.nonce,
+      'nonce': tokenParameters.nonce!,
     };
 
     final verifierVpJwt = generateToken(
@@ -1037,9 +1037,12 @@ class OIDC4VC {
       'exp': DateTime.now().microsecondsSinceEpoch + 1000,
       'sub': tokenParameters.did,
       'iss': tokenParameters.did, //'https://self-issued.me/v2',
-      'nonce': tokenParameters.nonce,
     };
 
+    if (tokenParameters.nonce != null) {
+      payload['nonce'] = tokenParameters.nonce!;
+    }
+
     final verifierIdJwt = generateToken(
       vpTokenPayload: payload,
       tokenParameters: tokenParameters,

diff --git a/packages/oidc4vc/lib/src/verifier_token_parameters.dart b/packages/oidc4vc/lib/src/verifier_token_parameters.dart
@@ -13,7 +13,7 @@ class VerifierTokenParameters extends TokenParameters {
     required super.isIdToken,
     required this.audience,
     required this.credentials,
-    required this.nonce,
+    this.nonce,
   });
 
   /// [audience] is is client id of the request
@@ -23,7 +23,7 @@ class VerifierTokenParameters extends TokenParameters {
   final List<String> credentials;
 
   /// [nonce] is a number given by verifier to handle request authentication
-  final String nonce;
+  final String? nonce;
 
   /// [jsonIdOrJwtList] is list of jwt or jsonIds from the credentials
   ///  wich contains other credential's metadata