[auth] update boruta dependency (issue credential)

malach-it · Jan 6, 2024 · 638732b · 638732b
1 parent f529c67
commit 638732b
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 8 deletions.
diff --git a/apps/boruta_identity/lib/boruta_identity/accounts/users.ex b/apps/boruta_identity/lib/boruta_identity/accounts/users.ex
@@ -40,7 +40,8 @@ defmodule BorutaIdentity.Accounts.Users do
       from(u in User,
         left_join: as in assoc(u, :authorized_scopes),
         left_join: b in assoc(u, :backend),
-        preload: [authorized_scopes: as, backend: b],
+        left_join: c in assoc(b, :client),
+        preload: [authorized_scopes: as, backend: {b, client: c}],
         where: u.id == ^id
       )
     )

diff --git a/apps/boruta_identity/lib/boruta_identity/accounts/verifiable_credentials.ex b/apps/boruta_identity/lib/boruta_identity/accounts/verifiable_credentials.ex
@@ -3,10 +3,10 @@ defmodule BorutaIdentity.Accounts.VerifiableCredentials do
 
   @credentials_supported_draft_11 [
     %{
-      "id" => "CivilEngineeringDegree-2023",
+      "id" => "FederatedAttributes",
       "types" => [
         "VerifiableCredential",
-        "UniversityDegreeCredential"
+        "BorutaCredential"
       ],
       "format" => "jwt_vc_json",
       "cryptographic_binding_methods_supported" => [
@@ -94,15 +94,25 @@ defmodule BorutaIdentity.Accounts.VerifiableCredentials do
       "credential_definition" => %{
         "type" => [
           "VerifiableCredential",
-          "UniversityDegreeCredential"
+          "BorutaCredential"
         ]
       },
       "credential_identifiers" => [
-        "CivilEngineeringDegree-2023"
+        "FederatedAttributes"
       ]
     }
   ]
 
+  @credential_configuration %{
+    "FederatedAttributes" => %{
+      types: [
+        "VerifiableCredential",
+        "BorutaCredential"
+      ],
+      claims: ["family_name", "email", "email_verified"]
+    }
+  }
+
   def credentials do
     Enum.flat_map(@authorization_details, fn detail ->
       detail["credential_definition"]["type"]
@@ -115,4 +125,6 @@ defmodule BorutaIdentity.Accounts.VerifiableCredentials do
   def credentials_supported, do: @credentials_supported_draft_11
 
   def credentials_supported_current, do: @credentials_supported_draft_12
+
+  def credential_configuration, do: @credentials_configuration
 end
diff --git a/apps/boruta_identity/lib/boruta_identity/resource_owners.ex b/apps/boruta_identity/lib/boruta_identity/resource_owners.ex
@@ -12,6 +12,7 @@ defmodule BorutaIdentity.ResourceOwners do
   alias BorutaIdentity.Accounts.User
   alias BorutaIdentity.IdentityProviders.Backend
   alias BorutaIdentity.Organizations.Organization
+  alias BorutaIdentity.Accounts.VerifiableCredentials
 
   @impl Boruta.Oauth.ResourceOwners
   def get_by(username: username) do
@@ -26,6 +27,7 @@ defmodule BorutaIdentity.ResourceOwners do
          sub: id,
          username: email,
          last_login_at: last_login_at,
+         # TODO find out why the impl user in extra_claims
          extra_claims: %{user: impl_user}
        }}
     else
@@ -36,8 +38,27 @@ defmodule BorutaIdentity.ResourceOwners do
 
   def get_by(sub: sub) when not is_nil(sub) do
     case Accounts.get_user(sub) do
-      %User{id: id, username: email, last_login_at: last_login_at} ->
-        {:ok, %ResourceOwner{sub: id, username: email, last_login_at: last_login_at}}
+      %User{
+        id: id,
+        username: email,
+        last_login_at: last_login_at,
+        metadata: metadata,
+        backend: backend
+      } ->
+        {:ok,
+         %ResourceOwner{
+           sub: id,
+           username: email,
+           last_login_at: last_login_at,
+           extra_claims: metadata,
+           authorization_details: VerifiableCredentials.authorization_details(),
+           credential_configuration:
+             VerifiableCredentials.credential_configuration()
+             |> Map.put(
+               :signature_private_key,
+               backend.client.private_key
+             )
+         }}
 
       _ ->
         {:error, "Invalid username or password."}

diff --git a/mix.lock b/mix.lock
@@ -1,7 +1,7 @@
 %{
   "argon2_elixir": {:hex, :argon2_elixir, "2.4.1", "edb27bdd326bc738f3e4614eddc2f73507be6fedc9533c6bcc6f15bbac9c85cc", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "0e21f52a373739d00bdfd5fe6da2f04eea623cb4f66899f7526dd9db03903d9f"},
   "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.0.1", "9be815469e6bfefec40fa74658ecbbe6897acfb57614df1416eeccd4903f602c", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "486bb95efb645d1efc6794c1ddd776a186a9a713abf06f45708a6ce324fb96cf"},
-  "boruta": {:git, "https://github.com/malach-it/boruta_auth.git", "bf81dffd11b462fea4f629d826d5dfb415705afb", [branch: "oid4vci-implementation"]},
+  "boruta": {:git, "https://github.com/malach-it/boruta_auth.git", "e07dd016de06f2084fc163fe6a2577c0cb16be15", [branch: "oid4vci-implementation"]},
   "bunt": {:hex, :bunt, "0.2.0", "951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38", [:mix], [], "hexpm", "7af5c7e09fe1d40f76c8e4f9dd2be7cebd83909f31fee7cd0e9eadc567da8353"},
   "bypass": {:hex, :bypass, "2.1.0", "909782781bf8e20ee86a9cabde36b259d44af8b9f38756173e8f5e2e1fabb9b1", [:mix], [{:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "d9b5df8fa5b7a6efa08384e9bbecfe4ce61c77d28a4282f79e02f1ef78d96b80"},
   "castore": {:hex, :castore, "1.0.1", "240b9edb4e9e94f8f56ab39d8d2d0a57f49e46c56aced8f873892df8ff64ff5a", [:mix], [], "hexpm", "b4951de93c224d44fac71614beabd88b71932d0b1dea80d2f80fb9044e01bbb3"},