Add OpenID4VP server configuration, API resources, access control, and Digital Credentials connection extension#8192
Add OpenID4VP server configuration, API resources, access control, and Digital Credentials connection extension#8192Zeta201 wants to merge 5 commits into
Conversation
|
Warning Review limit reached
Next review available in: 47 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
📝 WalkthroughWalkthroughThis PR adds OpenID4VP server configuration, VP endpoint access-control rules, VP API resource and scope definitions, and digital-credentials connection extension resources. ChangesOpenID4VP and VP Management Support
Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…d Digital Credentials connection extension
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/info.json`:
- Line 5: The image path in the digital-credentials info.json should not point
to an asset in this repository. Update the image field to reference the
corresponding logo path from the identity-apps frontend assets, and verify the
target exists there; keep the change localized to the info.json entry for the
wallet/logo asset.
In
`@features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/metadata.json`:
- Around line 37-46: The metadata JSON has a trailing comma after the last entry
in the properties array, which makes it invalid and prevents the extension
metadata from loading. Remove the extra comma in the digital-credentials
metadata so the properties list in metadata.json is valid JSON and can be parsed
by ExtensionManagerComponent’s metadata loader.
In
`@features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/template.json`:
- Line 6: The image paths in the digital-credentials template should not point
to assets in the carbon-identity-framework repo; update the referenced `image`
fields in `template.json` to use the corresponding asset location from the
`identity-apps` repository. Use the existing `image` entries in this template as
the places to change, and make them consistent with the same cross-repo asset
guidance already noted for `info.json`.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: 4ae499af-4fd6-4c6a-99a6-6c2d64c1fac5
📒 Files selected for processing (10)
features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xmlfeatures/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/info.jsonfeatures/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/metadata.jsonfeatures/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/template.jsonfeatures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xmlfeatures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.jsonfeatures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xmlfeatures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2
| "name": "Digital Credentials", | ||
| "description": "Login users with their Digital Credentials.", | ||
| "docLink": "https://github.com/wso2-extensions/identity-inbound-auth-openid4vp", | ||
| "image": "assets/images/logos/wallet.svg", |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win
Same cross-repo image path concern as info.json.
assets/images/logos/wallet.svg (Lines 6 and 14) should reference an asset in identity-apps, per the same guidance flagged for info.json.
Based on learnings, "image paths ... must reference assets from the identity-apps repository where frontend code resides, not assets stored in the carbon-identity-framework repository."
Also applies to: 14-14
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/template.json`
at line 6, The image paths in the digital-credentials template should not point
to assets in the carbon-identity-framework repo; update the referenced `image`
fields in `template.json` to use the corresponding asset location from the
`identity-apps` repository. Use the existing `image` entries in this template as
the places to change, and make them consistent with the same cross-repo asset
guidance already noted for `info.json`.
Source: Learnings
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2`:
- Around line 139-178: The secured VP Template and Verification management
resources are currently placed before the login_only_mode no_access_granted
catch-all, so they can still be matched in that mode. Move the secured POST and
PUT entries for the VP management APIs in resource-access-control-v2.xml.j2 into
the same section as the other /api/server/v1/... management APIs, below the
login_only_mode block, and keep the public oid4vp/v1 endpoints unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: dc276a0b-5f4c-4d84-a1dc-8ddd4244c2a8
📒 Files selected for processing (10)
features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xmlfeatures/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/info.jsonfeatures/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/metadata.jsonfeatures/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/template.jsonfeatures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xmlfeatures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.jsonfeatures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xmlfeatures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2
✅ Files skipped from review due to trivial changes (1)
- features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml
🚧 Files skipped from review as they are similar to previous changes (5)
- features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/resources/extensions/connections/digital-credentials/info.json
- features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
- features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2
- features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml
- features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #8192 +/- ##
============================================
- Coverage 52.95% 52.35% -0.60%
- Complexity 20988 21865 +877
============================================
Files 2186 2200 +14
Lines 129041 137659 +8618
Branches 19224 21644 +2420
============================================
+ Hits 68328 72073 +3745
- Misses 52394 56677 +4283
- Partials 8319 8909 +590
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
f30611a to
84c6141
Compare
84c6141 to
99c7a25
Compare
|



Purpose
Wires up the server-side configuration and security layer required to expose the OpenID for Verifiable Presentations (OpenID4VP) feature, and introduces the Digital Credentials connection extension that surfaces it in the Console UI.
Changes
identity.xml/identity.xml.j2Adds the
<OpenID4VP>configuration block with:Enabledflag to toggle the feature.RequestAudience— theaudclaim for VP Request JWTs, defaulting tohttps://self-issued.me/v2as defined by the OpenID4VP specification.org.wso2.carbon.identity.core.server.feature.default.jsonopenid4vp.enabledopenid4vp.client_id_schemeopenid4vp.request_audienceOpenID4VPAuthenticatorto the session nonce cookie whitelist.system-api-resource.xml/system-api-resource.xml.j2Registers two new system API resources for both
TENANTandORGANIZATIONresource types:/api/server/v1/vp/template)view,create,update,delete/api/server/v1/vp/verification)create— initiate a verification sessionview— poll verification statusresource-access-control-v2.xml/resource-access-control-v2.xml.j2/oid4vp/v1/vp-request/oid4vp/v1/response/oid4vp/v1/verifications/.well-known/did.jsonas an unsecured endpoint.extensions/connections/digital-credentials/(new)Adds the Digital Credentials connection template for the extension management UI:
info.jsonWallet/Digital Credentialstags.metadata.jsonpresentationDefinitionIdtimeouttemplate.jsonOpenID4VPAuthenticator(T3BlbklENFZQQXV0aGVudGljYXRvcg) and its required properties.