From d82d5aadf2dd1de82d3fc935b2ed6822cba9e1cc Mon Sep 17 00:00:00 2001 From: Francesco Grauso Date: Tue, 8 Aug 2023 12:22:18 +0200 Subject: [PATCH] chore: Refactor of Wallet Instance Attestation token endpoint Refs: #94 Fixes #80 and #93 --- docs/en/wallet-instance-attestation.rst | 25 ++++++++++++++++++++++++- docs/en/wallet-solution.rst | 5 +++-- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/docs/en/wallet-instance-attestation.rst b/docs/en/wallet-instance-attestation.rst index 7ce4641fd..a50720aaf 100644 --- a/docs/en/wallet-instance-attestation.rst +++ b/docs/en/wallet-instance-attestation.rst @@ -151,7 +151,7 @@ request where the decoded JWS headers and payload are separated by a comma: "aud": "https://wallet-provider.example.org", "jti": "6ec69324-60a8-4e5b-a697-a766d85790ea", "type": "WalletInstanceAttestationRequest", - "nonce" : "....." + "nonce" : ".....", "cnf": { "jwk": { "crv": "P-256", @@ -331,3 +331,26 @@ Below is an example of Wallet Instance Attestation: "iat": 1687281195, "exp": 1687288395 } + +Obtain a Wallet Instance Attestation +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To obtain the Wallet Instance Attestation it is necessary +to make a `POST `__ +request to the Wallet Solution `token endpoint`_. + +Below a non-normative example of the request. + +.. code-block:: http + + POST /token HTTP/1.1 + Host: wallet-provider.example.org + Content-Type: application/x-www-form-urlencoded + + grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer + &assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMiLCJ0eXAiOiJ2YXIrand0In0.eyJpc3MiOiJ2YmVYSmtzTTQ1eHBodEFObkNpRzZtQ3l1VTRqZkdOem9wR3VLdm9nZzljIiwiYXVkIjoiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmciLCJqdGkiOiJmNTY1MjA3Mi1hYmVmLTQ1OTktYjg2My05YTY5MDYwNzMyY2MiLCJ0eXBlIjoiV2FsbGV0SW5zdGFuY2VBdHRlc3RhdGlvblJlcXVlc3QiLCJub25jZSI6Ii4uLi4uIiwiY25mIjp7Imp3ayI6eyJjcnYiOiJQLTI1NiIsImt0eSI6IkVDIiwieCI6IjRITnB0SS14cjJwanlSSktHTW56NFdtZG5RRF91SlNxNFI5NU5qOThiNDQiLCJ5IjoiTElablNCMzl2RkpoWWdTM2s3alhFNHIzLUNvR0ZRd1p0UEJJUnFwTmxyZyIsImtpZCI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMifX0sImlhdCI6MTY5MTQ4ODk2MiwiZXhwIjoxNjkxNDk2MTYyfQ.Azg8zBzjCB2ms9XHVDCzP92kh3XcVR6dD4Z_aFZslBO-6i3xwGwDsk4W8uESr-ba84wXgyIzn_vKX3exVFfO6g + +the assertion parameter is used as an authentication parameter +of the Wallet Instance. + +.. _token endpoint: wallet-solution.html#wallet-instance-attestation diff --git a/docs/en/wallet-solution.rst b/docs/en/wallet-solution.rst index 0e55f84bd..fd59beb89 100644 --- a/docs/en/wallet-solution.rst +++ b/docs/en/wallet-solution.rst @@ -260,10 +260,10 @@ Below a non-normative example of the Entity Configuration. Wallet Instance Attestation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The **token** endpoint requires two parameters as input, in HTTP Post method: +The **token** endpoint (as defined in `RFC 7523 section 4`_) requires two parameters as input, in HTTP Post method: ``grant_type`` which in our case is a string: -``urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation`` +``urn:ietf:params:oauth:grant-type:jwt-bearer`` ``assertion`` which contains the signed JWT of the Wallet Instance Attestation Request. @@ -283,3 +283,4 @@ External references .. _Wallet Instance Attestation section: wallet-instance-attestation.html .. _Trusty: https://source.android.com/docs/security/features/trusty .. _Secure Enclave: https://support.apple.com/en-gb/guide/security/sec59b0b31ff/web +.. _RFC 7523 section 4: https://www.rfc-editor.org/rfc/rfc7523.html#section-4