update error types

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
wistefan · Apr 19, 2024 · 940c4af · 940c4af
1 parent bbdb87f
commit 940c4af
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 10 deletions.
diff --git a/...s/src/main/java/org/keycloak/protocol/oid4vc/OID4VCClientRegistrationProviderFactory.java b/...s/src/main/java/org/keycloak/protocol/oid4vc/OID4VCClientRegistrationProviderFactory.java
@@ -28,7 +28,7 @@
 
 /**
  * Implementation of the {@link ClientRegistrationProviderFactory} to integrate the OID4VC protocols with
- * Keycloaks client-registration.
+ * Keycloak's client-registration.
  * <p>
  * {@see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html}
  *

diff --git a/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/OID4VCIssuerEndpoint.java b/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/OID4VCIssuerEndpoint.java
@@ -55,7 +55,6 @@
 import org.keycloak.protocol.oid4vc.model.SupportedCredentialConfiguration;
 import org.keycloak.protocol.oid4vc.model.VerifiableCredential;
 import org.keycloak.protocol.oidc.grants.PreAuthorizedCodeGrantType;
-import org.keycloak.provider.ProviderFactory;
 import org.keycloak.services.managers.AppAuthManager;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.utils.MediaType;
@@ -68,7 +67,6 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
-import java.util.stream.Collectors;
 
 /**
  * Provides the (REST-)endpoints required for the OID4VCI protocol.
@@ -125,7 +123,7 @@ public Response getCredentialOfferURI(@QueryParam("credential_configuration_id")
         if (!credentialsMap.containsKey(vcId)) {
             LOGGER.debugf("No credential with id %s exists.", vcId);
             LOGGER.debugf("Supported credentials are %s.", credentialsMap);
-            throw new BadRequestException(getErrorResponse(ErrorType.INVALID_REQUEST));
+            throw new BadRequestException(getErrorResponse(ErrorType.INVALID_CREDENTIAL_REQUEST));
         }
         SupportedCredentialConfiguration supportedCredentialConfiguration = credentialsMap.get(vcId);
         Format format = supportedCredentialConfiguration.getFormat();
@@ -141,7 +139,7 @@ public Response getCredentialOfferURI(@QueryParam("credential_configuration_id")
             clientSession.setNote(nonce, objectMapper.writeValueAsString(supportedCredentialConfiguration));
         } catch (JsonProcessingException e) {
             LOGGER.errorf("Could not convert Supported Credential POJO to JSON: %s", e.getMessage());
-            throw new BadRequestException(getErrorResponse(ErrorType.INVALID_REQUEST));
+            throw new BadRequestException(getErrorResponse(ErrorType.INVALID_CREDENTIAL_REQUEST));
         }
 
         CredentialOfferURI credentialOfferURI = new CredentialOfferURI()
@@ -162,14 +160,14 @@ public Response getCredentialOfferURI(@QueryParam("credential_configuration_id")
     @Path(CREDENTIAL_OFFER_PATH + "{nonce}")
     public Response getCredentialOffer(@PathParam("nonce") String nonce) {
         if (nonce == null) {
-            throw new BadRequestException(getErrorResponse(ErrorType.INVALID_REQUEST));
+            throw new BadRequestException(getErrorResponse(ErrorType.INVALID_CREDENTIAL_REQUEST));
         }
 
         AuthenticatedClientSessionModel clientSession = getAuthenticatedClientSession();
 
         String note = clientSession.getNote(nonce);
         if (note == null) {
-            throw new BadRequestException(getErrorResponse(ErrorType.INVALID_REQUEST));
+            throw new BadRequestException(getErrorResponse(ErrorType.INVALID_CREDENTIAL_REQUEST));
         }
 
         SupportedCredentialConfiguration offeredCredential;
@@ -181,7 +179,7 @@ public Response getCredentialOffer(@PathParam("nonce") String nonce) {
             clientSession.removeNote(nonce);
         } catch (JsonProcessingException e) {
             LOGGER.errorf("Could not convert SupportedCredential JSON to POJO: %s", e);
-            throw new BadRequestException(getErrorResponse(ErrorType.INVALID_REQUEST));
+            throw new BadRequestException(getErrorResponse(ErrorType.INVALID_CREDENTIAL_REQUEST));
         }
 
         String preAuthorizedCode = generateAuthorizationCodeForClientSession(clientSession);

diff --git a/services/src/main/java/org/keycloak/protocol/oid4vc/model/ErrorType.java b/services/src/main/java/org/keycloak/protocol/oid4vc/model/ErrorType.java
@@ -26,11 +26,12 @@
  */
 public enum ErrorType {
 
-    INVALID_REQUEST("invalid_request"),
+    INVALID_CREDENTIAL_REQUEST("invalid_credential_request"),
     INVALID_TOKEN("invalid_token"),
     UNSUPPORTED_CREDENTIAL_TYPE("unsupported_credential_type"),
     UNSUPPORTED_CREDENTIAL_FORMAT("unsupported_credential_format"),
-    INVALID_OR_MISSING_PROOF("invalid_or_missing_proof");
+    INVALID_PROOF("invalid_proof"),
+    INVALID_ENCRYPTION_PARAMETER("invalid_encryption_parameters");
 
     private final String value;