Add service side rendeing of metadata and using vctm to populate cred… #249
Conversation
…ential_configurations_supported.
There was a problem hiding this comment.
Pull request overview
This pull request implements service-side rendering of metadata for OpenID4VCI and OAuth2 authorization servers. It eliminates the need for static JSON metadata files by generating metadata at runtime from configuration, using VCTM (Verifiable Credential Type Metadata) files to populate credential_configurations_supported dynamically.
Changes:
- Added runtime metadata generation capabilities in new packages (pkg/openid4vci/metadata_loader.go and pkg/oauth2/metadata_generator.go)
- Removed the
Pathfield fromIssuerMetadataandOAuthMetadatastructs, replacing file-based metadata loading with runtime generation - Merged
VerifierProxyconfiguration struct intoVerifierstruct, consolidating verifier configuration - Added
Formatfield toCredentialConstructorfor explicit credential format specification - Updated all client initialization code to use the new runtime metadata generation approach
Reviewed changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/openid4vci/metadata_loader.go | New file implementing runtime generation and signing of OpenID4VCI issuer metadata |
| pkg/oauth2/metadata_generator.go | New file implementing runtime generation and signing of OAuth2 authorization server metadata |
| pkg/model/oidcrp_config_test.go | New test file for OIDC Relying Party configuration validation |
| pkg/model/metadata_generation_test.go | New test comparing generated metadata against reference metadata files |
| pkg/model/issuer_metadata_test.go | Comprehensive tests for issuer metadata generation with various configurations |
| pkg/model/config_test.go | Updated tests to reflect new runtime metadata generation approach |
| pkg/model/config.go | Major refactoring: removed Path fields, merged VerifierProxy into Verifier, added Format field, implemented runtime metadata generation |
| internal/verifier/httpserver/endpoints_oidc.go | Updated to use Verifier instead of VerifierProxy for configuration access |
| internal/verifier/apiv1/*.go | Multiple files updated to use Verifier configuration structure |
| internal/apigw/apiv1/client.go | Updated client initialization to load VCTM before generating metadata, ensuring display information is populated |
| config.yaml | Removed metadata path references, added format field to all credential constructors |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // Generate issuer metadata at runtime | ||
| _, c.issuerMetadataSigningKey, c.issuerMetadataSigningCert, c.issuerMetadataSigningChain, err = c.cfg.Verifier.IssuerMetadata.LoadAndSign(ctx, c.cfg.Verifier.ExternalServerURL, cfg.CredentialConstructor) | ||
| if err != nil { | ||
| return nil, err | ||
| } |
There was a problem hiding this comment.
Critical ordering issue: The issuer metadata is generated at line 94 before the VCTM files are loaded at lines 114-121. This means constructor.VCTM will be nil when LoadAndSign is called, resulting in missing display information in the generated metadata. The VCTM files must be loaded first, similar to how it's done in internal/apigw/apiv1/client.go lines 78-86. Move the VCTM loading block (lines 114-121) to before the LoadAndSign call (line 94).
…ential_configurations_supported.