Check `ClientMetadataValidator`

Question

Check `ClientMetadataValidator`

Closed this issue a year ago · 4 comments

babisRoutis commented a year ago

Please check ClientMetadataValidator

Possible problems

Usage of unsafe methods JWEAlgorithm.parse, JWSAlgorithm.parse and EncryptionMethod.parse.
Validator raises various exceptions UnsupportedOpertation, RuntimeException, IllegalArgumentException etc. Perhaps we can introduce a generic InvalidClientMetadata carrying a optional cause (String)

Answer 1 · 2023-12-14T12:59:01.000Z

Instead of JWSAlgorithm.parse() we can use something like

fun parseSignAlg(s: String) : JWSAlgorithm?  = 
  JWSAlgorithm.parse(s).takeIf { JWAlgorithm.Family.SIGNING.contains(it)}

Answer 2 · 2023-12-14T13:05:03.000Z

For the ugly part that check if an encryption algorithm and an encoding method are both either empty or non empty

We can use a helper function

  fun <T> bothOrNone(left: T, right: T): ((T) -> Boolean) -> Boolean = { test ->
            when (test(left) to test(right)) {
                true to true -> true
                false to false -> true
                else -> false
            }

With this we can add the requirement

require ( bothOrNone(alg,ec){it.isNullOrEmpty} )

Answer 3 · 2023-12-14T15:19:15.000Z

@vafeini I made some corrections to the PR #127

Please provide your input for the (3d) bullet

Answer 4 · 2023-12-15T10:24:50.000Z

Created #134 to track id token requirements