This is a branch that for the Proof of Concept of the LSPxNuts project.
It adds or alters the following functionality versus the mainstream Nuts node:
- OAuth2
vp_bearertoken exchange: read presentation definition from local definitions instead of fetching it from the remote authorization server. LSP doesn't support presentation definitions, meaning that we need to look it up locally. - Add support for JWT bearer grant type. If the server supports this, it uses this grant type instead of the Nuts-specific vp_token-bearer grant type.
- Add CA certificates of Sectigo (root CA, OV and EV intermediate CA) to Docker image's OS CA bundle, because they're used by AORTA-LSP.
- Fix marshalling of Verifiable Presentations in JWT format;
typewas marshalled as JSON-LD (single-entry-array was replaced by string) - Add
policy_idfield to access token request to specify the Presentation Definition that should be used. Thescopecan then be specified as whatever the use case requires (e.g. SMART on FHIR-esque scopes). - Relax
did:x509key usage check: the certificate from UZI smart cards that is used to sign credentials, doesn't haveserverAuthkey usage, onlydigitalSignature. This broke, since we didn't specify the key usage, butx509.Verify()expects key usageserverAuthto be present by default. - Add support for
RS256(RSA 2048) signatures, since that's what UZI smart cards produce.