Skip to content

Develop#36

Open
kneckinator wants to merge 1156 commits into
idpass:developfrom
inji:develop
Open

Develop#36
kneckinator wants to merge 1156 commits into
idpass:developfrom
inji:develop

Conversation

@kneckinator

Copy link
Copy Markdown
Collaborator

No description provided.

@kneckinator kneckinator requested a review from uocnb July 20, 2022 10:18

@uocnb uocnb left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you!

KiruthikaJeyashankar and others added 28 commits May 28, 2025 17:13
Previously CredentialMetadata was holding dataShareUrl and credentialValidity, but these fields are deleted now. Due to this the previous entries read from DB is throwing UnrecognizedPropertyException. To avoid this breaking change unknown properties are ignored

Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
[INJIWEB-1541] Enhancement for login & related APIs
Signed-off-by: Nandhukumar <nandhukumare@gmail.com>
MOSIP-41593 - Update mimoto testrig to support latest esignet 1.5.1 and above
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
[INJIWEB-1541] merge usage of 2 controllerAdvice
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
[INJIWEB-1541] update postman collections
…729)

Signed-off-by: sairam-g9162 <sairamgirirao@gmail.com>
Signed-off-by: Mahesh.Binayak <mahesh.binyak@technoforte.o>
Signed-off-by: Gurpreet41082 <gurpreet.kaur@thoughtworks.com>
…only if the request is sent with correct walletId after unlocking the wallet and update some messages in swagger annotation to keep it consistent with api json file

Signed-off-by: PuBHARGAVI <46226958+PuBHARGAVI@users.noreply.github.com>
Changing pom to migrage to maven central
Signed-off-by: Gurpreet41082 <gurpreet.kaur@thoughtworks.com>
* Changing pom to remove execution block

Signed-off-by: Gurpreet41082 <gurpreet.kaur@thoughtworks.com>

* Changing distributionmanagement

Signed-off-by: Gurpreet41082 <gurpreet.kaur@thoughtworks.com>

---------

Signed-off-by: Gurpreet41082 <gurpreet.kaur@thoughtworks.com>
[INJIWEB-1533] update the logic of delete wallet api to reset wallet correctly in different scenarios
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
Signed-off-by: Gurpreet41082 <gurpreet.kaur@thoughtworks.com>
Signed-off-by: Gurpreet41082 <gurpreet.kaur@thoughtworks.com>
…ive data

Signed-off-by: Gurpreet41082 <gurpreet.kaur@thoughtworks.com>
[INJIWEB-1563] modify oAuth success redirect url
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
[INJIWEB-1563] move auth success redirect config to default profile
Signed-off-by: Gurpreet41082 <gurpreet.kaur@thoughtworks.com>
Signed-off-by: Gurpreet41082 <gurpreet.kaur@thoughtworks.com>
Rudhhi-Shah-14 and others added 30 commits March 23, 2026 12:45
* [INJIWEB-1861] Added constructor injection for the CONTROLLER files

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* [INJIWEB-1861] Added constructor injection for the SERVICE files

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* [INJIWEB-1861] reused SecureRandom instance as a static final field

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* [INJIWEB-1861] removed the redundant word 'image' from alt attribute

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* [INJIWEB-1861] Addressed code rabbit comments

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* [INJIWEB-1861] Used static string for alt attribute in credential template

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

---------

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>
* injiweb-1871-mimoto-coverage added coverage for above 80%

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

* injiweb-1871-mimoto-coverage fixed code rabbit comments

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

* injiweb-1871-mimoto-coverage fixed code rabbit comments

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

* injiweb-1871-mimoto-coverage fixed credentialShare & pdfGen tests

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

* injiweb-1871-mimoto-coverage changed context to list type

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

* injiweb-1871-mimoto-coverage rebased changes

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

---------

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>
…le. (#1044)

* MOSIP-41353

Signed-off-by: Sradha Mohanty <mohantysradha10@gmail.com>

* MOSIP-41353

Signed-off-by: Sradha Mohanty <mohantysradha10@gmail.com>

* MOSIP-41353

Signed-off-by: Sradha Mohanty <mohantysradha10@gmail.com>

* MOSIP-41353

Signed-off-by: Sradha Mohanty <mohantysradha10@gmail.com>

* MOSIP-41353

Signed-off-by: Sradha Mohanty <mohantysradha10@gmail.com>

* MOSIP-41353

Signed-off-by: Sradha Mohanty <mohantysradha10@gmail.com>

---------

Signed-off-by: Sradha Mohanty <mohantysradha10@gmail.com>
* [INJIWEB-1861] Refactored reflection tests and addressed review comments

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* [INJIWEB-1861] addressed nitpick test comments

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

---------

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>
* MOSIP-44720 New Get Isssuer V2 API automation

Signed-off-by: Nitin Hegde <nitin.k@cyberpwn.com>

* MOSIP-44720 New Get Isssuer V2 API automation

Signed-off-by: Nitin Hegde <nitin.k@cyberpwn.com>

* MOSIP-44720 New Get Isssuer V2 API automation

Signed-off-by: Nitin Hegde <nitin.k@cyberpwn.com>

* MOSIP-44720 New Get Isssuer V2 API automation

Signed-off-by: Nitin Hegde <nitin.k@cyberpwn.com>

---------

Signed-off-by: Nitin Hegde <nitin.k@cyberpwn.com>
…nd response uris (#1055)

* [INJIWEB-1873] - Update Verifier Validation parameters to client id and response uris
update logic to consider redirect_uri from post api response
update test cases

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* [INJIWEB-1873] - Add redirect uri fallback and update test cases

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

---------

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
#1048)

* MOSIP-44432:Mimoto -Update the test case descriptions to improve clarity and readability

Signed-off-by: Mrudula <mrudula.c@cyberpwn.com>

* MOSIP-44432:Mimoto -Update the test case descriptions to improve clarity and readability

Signed-off-by: Mrudula <mrudula.c@cyberpwn.com>

* MOSIP-44432:Mimoto -Update the test case descriptions to improve clarity and readability

Signed-off-by: Mrudula <mrudula.c@cyberpwn.com>

* MOSIP-44432:Mimoto -Update the test case descriptions to improve clarity and readability

Signed-off-by: Mrudula <mrudula.c@cyberpwn.com>

* MOSIP-44432:Mimoto -Update the test case descriptions to improve clarity and readability

Signed-off-by: Mrudula <mrudula.c@cyberpwn.com>

* MOSIP-44432:resloved the coderabbit comments

Signed-off-by: Mrudula <mrudula.c@cyberpwn.com>

---------

Signed-off-by: Mrudula <mrudula.c@cyberpwn.com>
Signed-off-by: Madhuravas reddy <madhu@mosip.io>
Add Test cases in IssuersController

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
…fall back redirect logic in case of response_mode is not direct_post (#1064)

* [INJIWEB-1873] - Add conditional validation for verifer

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* [INJIWEB-1873] - bring back fallback logic  for building direct uri incase of response mode is not direct_post

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* [INJIWEB-1873] - Add Optional logic for responseUris and redirecturis

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

---------

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
…authorization server (#1058)

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
* [INJIWEB-1891] - Removed unused config from issuers config

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* [INJIWEB-1891] - Replace Config with Mock ID usecase

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* [INJIWEB-1891] - Update Token endpoint

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* [INJIWEB-1891] - Update Token endpoint in local setup

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

---------

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
* [INJIWEB-1891] Added logic to derive token_endpoint field internally in mimoto

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* [INJIWEB-1891] Addressed review comments and amended the readMe

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* [INJIWEB-1891] Removed extra values from mimoto-issuer-config json

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

---------

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>
… 13 and v1 versions ref #555 (#1074)

* feat(openid4vci): Add implementation for parsing well known for both versions part of #555

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* refactor: Fix validation, serialization, and test coverage for well-known response DTOs and parsers part of #555

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* Decouple version-specific well-known DTOs into draft13/v1 packages ref #555, use objectmapper for map

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): Add internal classes for Logo and Background Image

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): Remove redundant null checks and update test case

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): add version to CredentialIssuerWellKnownResponse

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

---------

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
…part of #555 (#1076)

* feat(openid4vci): Add factory implementation for downloading credential from issuer and support draft 13 part of #555

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* feat(openid4vci): Addressed comments, removed CredentialRequestService Interface, updated tests

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* feat(openid4vci): remove private method description from Draft13VCDownloadHandler

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* rebased, addressed comments, added tests

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* feat(openid4vci): Refactor get Credential Well Known response, update test cases

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): update Credentialmetadata object with claims and update credentialdefinition to null

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): update credentialdefinition to unassigned

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

---------

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>
Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
Co-authored-by: Durgesh Konga <kongadurgesh20@gmail.com>
Signed-off-by: Sradha Mohanty <mohantysradha10@gmail.com>
… hostname and port (#1071) (#1080)

Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>
Co-authored-by: Jack <jackjain1995@gmail.com>
…nID4VP (#1073)

* INJIWEB-1887 added error execption for Invalid transaction data in OpenID4VP

Signed-off-by: Madhuravas reddy <madhu@mosip.io>

* Added payload error exception

Signed-off-by: Madhuravas reddy <madhu@mosip.io>

* removed call name to keep existing parameter

Signed-off-by: Madhuravas reddy <madhu@mosip.io>

* Added test cases to cover toOpenId4VpException method

Signed-off-by: Madhuravas reddy <madhu@mosip.io>

* Refactor OpenID4VPService: rename toOpenId4VpException to openId4VPErrorException and make it private

Signed-off-by: Madhuravas reddy <madhu@mosip.io>

---------

Signed-off-by: Madhuravas reddy <madhu@mosip.io>
…inji-web #568 (#1079)

* feat(openid4vci): add implementation for v1 spec vc download

Add test cases

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* fix V1 credential request: add proofs JSON mapping, guard blank nonce endpoint on retry

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): Split wellknown validator into Draft13 and V1 variants with version-specific ldp_vc validation and List<Map> claims type

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): Add Error Response handling for Credential Endpoint

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): remove temporary code for mock service part of inji-web #568

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): remove unuse imports inji-web #568

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): remove unuse imports inji-web #568

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* feat(openid4vci): update logs inji-web #568

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

---------

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
* docs(mimoto) Updated the documentation to have error codes and added details in google integration doc

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

* docs(mimoto) Addressed code rabbit formatting changes

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>

---------

Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>
Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
…#1090)

* [INJIWEB-1856] - Add Logic for sd-jwt ovp credential matching



* [INJIWEB-1856] - Add Logic for Algorithm Check



* [INJIWEB-1856] - Add logic to resolve publicClaims and sdClaims in api response



* [INJIWEB-1856] - Remove metadata keys from public claims



* [INJIWEB-1856] - Add null handling scenarios, claims generation logic



* [INJIWEB-1856] - Add logic to handle nested sdClaims



# Conflicts:
#	src/main/java/io/mosip/mimoto/service/impl/VcSdJwtCredentialFormatHandler.java

* [INJIWEB-1856] - Add Junit Test cases



* [INJIWEB-1856] - Update description for claims attribute
Update logic for sdClaims
update Test cases for sdClaims



* [INJIWEB-1856] - Refactor Matches Format logic
Remove hardcoded testdata



* [INJIWEB-1856] - Code refactoring and update test cases



* [INJIWEB-1856] - Update to Constructor Injection replacing Autowired



---------

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
…rt in Inji web wallet (#1075)

* docs(vci): add design document for OpenID4VCI 1.0 specification support in Inji web wallet

Signed-off-by: jackjain <jackjain1995@gmail.com>

* docs(vci): fix lint error on markdown, add placeholders instead of actual credential data, fix interface texts

Signed-off-by: jackjain <jackjain1995@gmail.com>

* docs(vci): update v1 VCDownloadHandler class

Signed-off-by: jackjain <jackjain1995@gmail.com>

* docs(vci): update the design to process only first credential received from the issuer since wallet supports only single proof

Signed-off-by: jackjain <jackjain1995@gmail.com>

* docs(vci): fix grammar issues

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

---------

Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
Co-authored-by: Durgesh Konga <kongadurgesh20@gmail.com>
Signed-off-by: Abhi <abhishek.shankarcs@gmail.com>
[MOSIP-37808] Updated DB attributes for mimoto
* feat: add spec_version to Verifier

- This field indicates the specification version currently followed by the Verifier.
- The default value for this field will be v1

Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>

* docs: udpate docs for /verifier api

Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>

---------

Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
…#1089)

* injiweb-1855-sd-jwt-ovp add SD-JWT OVP credential presentation with selective disclosure support and fix misleading missingClaims response

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

* injiweb-1855-sd-jwt-ovp address CR comments — per-format signers, input mutation, typo fix, and test correctness

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

* injiweb-1855-sd-jwt-ovp address CR comments — alg advertisement, containsKey guard, unchecked cast

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

* feat(openid4vp): support dc+sd-jwt, per-credential SD-JWT signing, & share no disclosures when selectedSdClaims empty

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

* docs(openid4vp): harden presentation rejection request schema in API spec

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

* refactor(openid4vp): sign each VP token format with its own signer

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>

---------

Signed-off-by: cyber-titan <saiabhi2309@gmail.com>
* feat(dpop): add v2 token endpoint that passes the AS error through as-is

Add POST /v2/get-token/{issuer} so the wallet's DPoP (RFC 9449) token
exchange via the mimoto proxy receives the authorization server response
untouched:

- Accept an optional DPoP request header and forward it to the AS token
  endpoint.
- Return the AS response as a raw ResponseEntity<String>, passing the
  status, body and headers (including DPoP-Nonce and WWW-Authenticate)
  through as-is on both success and error, so a use_dpop_nonce challenge
  reaches the wallet for the nonce retry.
- The existing v1 endpoint behaviour is unchanged.

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>

* fix: add NoArgsConstructor to CredentialIssuerConfiguration and explicit PathVariable name in IdpController to fix failing tests

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>

* fix: strip Transfer-Encoding header in getTokenV2 response

Copying upstream response headers including Transfer-Encoding: chunked
caused double chunked encoding when Tomcat also applied its own chunked
encoding, resulting in HTTP 502 from reverse proxies.

Filter out Transfer-Encoding from forwarded headers to fix this.

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>

* fix: strip all hop-by-hop headers in getTokenV2 response

Per RFC 7230, hop-by-hop headers (Transfer-Encoding, Connection,
Keep-Alive, TE, Trailer, Upgrade, Proxy-Authenticate,
Proxy-Authorization) must not be forwarded by proxies.

Previously only Transfer-Encoding was stripped. Now all hop-by-hop
headers are filtered to be fully RFC-compliant.

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>

* revert: restore mosip.mimoto.database.hostname property name

Revert inji.mimoto.database.hostname back to mosip.mimoto.database.hostname
to avoid breaking existing production deployments.

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>

* refactor: extract token response header filtering

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>

* fix: preserve configured issuer token endpoints

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>

* fix: keep default config changes scoped to v2 token endpoint

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>

* fix: address v2 token review comments

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>

* chore(api-test): bump up api test version to 1.6.0

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>

---------

Signed-off-by: abhip2565 <paul.apaul.abhishek.ap@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.