#2714

lib/oidc4vc/get_authorization_uri_for_issuer.dart

@@ -98,21 +98,23 @@ Future<void> getAuthorizationUriForIssuer({
     vcFormatType: vcFormatType,
     clientAssertion: clientAssertion,
     secureAuthorizedFlow: secureAuthorizedFlow,
+    credentialOfferJson: credentialOfferJson,
     dio: client.dio,
   );
 
   final requirePushedAuthorizationRequests =
       openIdConfiguration.requirePushedAuthorizationRequests;
 
-  if ((requirePushedAuthorizationRequests != null &&
-          requirePushedAuthorizationRequests) ||
-      (requirePushedAuthorizationRequests == null && secureAuthorizedFlow)) {
+  if (requirePushedAuthorizationRequests || secureAuthorizedFlow) {
     final headers = <String, dynamic>{
       'Content-Type': 'application/x-www-form-urlencoded',
     };
+    final parUrl = openIdConfiguration.pushedAuthorizationRequestEndpoint ??
+        '$authorizationEndpoint/par';
 
+    /// error we shuld get it from
     final response = await client.post(
-      '$authorizationEndpoint/par',
+      parUrl,
       headers: headers,
       data: authorizationRequestParemeters,
     );

packages/credential_manifest/pubspec.yaml

@@ -10,7 +10,7 @@ dependencies:
   flutter:
     sdk: flutter
   json_annotation: ^4.8.1
-  json_path: ^0.4.4 #latest version creates test issue
+  json_path: ^0.7.2 #latest version creates test issue
 
 dev_dependencies:
   build_runner: ^2.4.4

packages/oidc4vc/lib/src/models/openid_configuration.dart

@@ -9,9 +9,11 @@ class OpenIdConfiguration extends Equatable {
   const OpenIdConfiguration({
     required this.requirePushedAuthorizationRequests,
     this.authorizationServer,
+    this.authorizationServers,
     this.credentialsSupported,
     this.credentialConfigurationsSupported,
     this.credentialEndpoint,
+    this.pushedAuthorizationRequestEndpoint,
     this.credentialIssuer,
     this.subjectSyntaxTypesSupported,
     this.tokenEndpoint,
@@ -32,6 +34,8 @@ class OpenIdConfiguration extends Equatable {
 
   @JsonKey(name: 'authorization_server')
   final String? authorizationServer;
+  @JsonKey(name: 'authorization_servers')
+  final List<String>? authorizationServers;
   @JsonKey(name: 'credential_endpoint')
   final String? credentialEndpoint;
   @JsonKey(name: 'credential_issuer')
@@ -44,6 +48,8 @@ class OpenIdConfiguration extends Equatable {
   final String? batchEndpoint;
   @JsonKey(name: 'authorization_endpoint')
   final String? authorizationEndpoint;
+  @JsonKey(name: 'pushed_authorization_request_endpoint')
+  final String? pushedAuthorizationRequestEndpoint;
   @JsonKey(name: 'subject_trust_frameworks_supported')
   final List<dynamic>? subjectTrustFrameworksSupported;
   @JsonKey(name: 'credentials_supported')
@@ -71,6 +77,7 @@ class OpenIdConfiguration extends Equatable {
   @override
   List<Object?> get props => [
         authorizationServer,
+        authorizationServers,
         credentialEndpoint,
         credentialIssuer,
         subjectSyntaxTypesSupported,

packages/oidc4vc/lib/src/oidc4vc.dart

@@ -149,6 +149,7 @@ class OIDC4VC {
     required String? clientAssertion,
     required bool secureAuthorizedFlow,
     required Dio dio,
+    required dynamic credentialOfferJson,
     SecureStorageProvider? secureStorage,
   }) async {
     try {
@@ -159,11 +160,12 @@ class OIDC4VC {
         secureStorage: secureStorage,
       );
 
-      final authorizationEndpoint = await readAuthorizationEndPoint(
+      final credentialAuthorizationEndpoint = await readAuthorizationEndPoint(
         openIdConfiguration: openIdConfiguration,
         issuer: issuer,
         oidc4vciDraftType: oidc4vciDraftType,
         dio: dio,
+        credentialOfferJson: credentialOfferJson,
         secureStorage: secureStorage,
       );
 
@@ -188,7 +190,7 @@ class OIDC4VC {
       );
 
       return (
-        authorizationEndpoint,
+        credentialAuthorizationEndpoint,
         authorizationRequestParemeters,
         openIdConfiguration,
       );
@@ -861,29 +863,75 @@ class OIDC4VC {
     required String issuer,
     required OIDC4VCIDraftType oidc4vciDraftType,
     required Dio dio,
+    required dynamic credentialOfferJson,
     SecureStorageProvider? secureStorage,
   }) async {
-    var authorizationEndpoint = '$issuer/authorize';
+    String? authorizationEndpoint;
 
-    if (openIdConfiguration.authorizationEndpoint != null) {
-      authorizationEndpoint = openIdConfiguration.authorizationEndpoint!;
-    } else {
-      final authorizationServer =
-          openIdConfiguration.authorizationServer ?? issuer;
+    switch (oidc4vciDraftType) {
+      case OIDC4VCIDraftType.draft11:
+        if (openIdConfiguration.authorizationEndpoint != null) {
+          authorizationEndpoint = openIdConfiguration.authorizationEndpoint;
+        } else {
+          final authorizationServer =
+              openIdConfiguration.authorizationServer ?? issuer;
 
-      final authorizationServerConfiguration = await getOpenIdConfig(
-        baseUrl: authorizationServer,
-        isAuthorizationServer: true,
-        dio: dio,
-        secureStorage: secureStorage,
-      );
+          final authorizationServerConfiguration = await getOpenIdConfig(
+            baseUrl: authorizationServer,
+            isAuthorizationServer: true,
+            dio: dio,
+            secureStorage: secureStorage,
+          );
 
-      if (authorizationServerConfiguration.authorizationEndpoint != null) {
-        authorizationEndpoint =
-            authorizationServerConfiguration.authorizationEndpoint!;
-      }
+          if (authorizationServerConfiguration.authorizationEndpoint != null) {
+            authorizationEndpoint =
+                authorizationServerConfiguration.authorizationEndpoint;
+          }
+        }
+      case OIDC4VCIDraftType.draft13:
+
+        /// Extract the authorization endpoint from from first element of
+        /// authorization_servers in opentIdConfiguration.authorizationServers
+        final listOpenIDConfiguration =
+            openIdConfiguration.authorizationServers ?? [];
+        if (listOpenIDConfiguration.isNotEmpty) {
+          if (listOpenIDConfiguration.length == 1) {
+            authorizationEndpoint =
+                '${listOpenIDConfiguration.first}/authorize';
+          } else {
+            try {
+              /// Extract the authorization endpoint from from
+              /// authorization_server in credentialOfferJson
+              final jsonPathCredentialOffer = JsonPath(
+                // ignore: lines_longer_than_80_chars
+                r'$..["urn:ietf:params:oauth:grant-type:pre-authorized_code"].authorization_server',
+              );
+              final data = jsonPathCredentialOffer
+                  .read(credentialOfferJson)
+                  .first
+                  .value! as String;
+              if (listOpenIDConfiguration.contains(data)) {
+                authorizationEndpoint = '$data/authorize';
+              }
+            } catch (e) {
+              final jsonPathCredentialOffer = JsonPath(
+                r'$..authorization_code.authorization_server',
+              );
+              final data = jsonPathCredentialOffer
+                  .read(credentialOfferJson)
+                  .first
+                  .value! as String;
+              if (data.isNotEmpty && listOpenIDConfiguration.contains(data)) {
+                authorizationEndpoint = '$data/authorize';
+              }
+            }
+          }
+        }
     }
-    return authorizationEndpoint;
+    // If authorizationEndpoint is null, we consider the issuer
+    // as the authorizationEndpoint
+
+    return authorizationEndpoint ??= '$issuer/authorize';
   }
 
   String readIssuerDid(
@@ -1655,7 +1703,7 @@ class OIDC4VC {
     ////openid-issuer-configuration or some are in the /openid-configuration
     ///(token endpoint etc,) and other are in the /openid-credential-issuer
     ///(credential supported) for OIDC4VP and SIOPV2, the serve is a client,
-    ///the wallet is the suthorization server the verifier metadata are in
+    ///the wallet is the authorization server the verifier metadata are in
     ////openid-configuration
 
     final url = '$baseUrl/.well-known/openid-configuration';

packages/oidc4vc/pubspec.yaml

@@ -28,7 +28,7 @@ dependencies:
   http_mock_adapter: ^0.6.0
   jose_plus: ^0.4.5
   json_annotation: ^4.8.1
-  json_path: ^0.4.4 #latest version creates test issue
+  json_path: ^0.7.2 #latest version creates test issue
   secp256k1: ^0.3.0
   secure_storage:
     path: ../secure_storage