Skip to content

[OID4VCI] add encrypted request/response support to OID4VC OAuth test client#48462

Merged
mposolda merged 2 commits intokeycloak:mainfrom
adorsys:oid4vci-client-encryption-support
Apr 24, 2026
Merged

[OID4VCI] add encrypted request/response support to OID4VC OAuth test client#48462
mposolda merged 2 commits intokeycloak:mainfrom
adorsys:oid4vci-client-encryption-support

Conversation

@forkimenjeckayang
Copy link
Copy Markdown
Contributor

@forkimenjeckayang forkimenjeckayang commented Apr 24, 2026
edited by mposolda
Loading

Summary

  • Added built-in encrypted OID4VC credential request support to Oid4vcCredentialRequest:
    • JWE encryption helper for request payloads
    • request content-type override to support application/jwt
  • Added encrypted response handling to Oid4vcCredentialResponse:
    • detect/store encrypted JWT response payload
    • decrypt JWE response into CredentialResponse using a private key
  • Refactored OID4VCIssuerEndpointEncryptionTest to use the OID4VC test client utility API for encrypted flows instead of direct low-level HTTP/JWE handling.

Why

Encryption tests were carrying transport/JWE mechanics inline, which made them verbose and duplicated logic.
Moving this behavior into shared test utilities keeps tests focused on behavior/assertions and simplifies adding future encryption test scenarios.

closes #48449

@forkimenjeckayang forkimenjeckayang requested review from a team as code owners April 24, 2026 12:08
This was referenced Apr 24, 2026
Merged
Closed
@forkimenjeckayang
refactor(test-oid4vci): add built-in encrypted credential request/res…
4a775a8 
…ponse support in OID4VC test client

Signed-off-by: forkimenjeckayang <[email protected]>
@mposolda mposolda self-assigned this Apr 24, 2026
@forkimenjeckayang forkimenjeckayang force-pushed the oid4vci-client-encryption-support branch from 6592873 to 4a775a8 Compare April 24, 2026 12:28
mposolda
mposolda reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mposolda mposolda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@forkimenjeckayang Thanks!

FYI. I've linked this with the issue #48449 .

For the review: Can you please also update OID4VCIssuerEndpointEncryptionTest.getCNonce() to not use RestEasy/Apache HTTP, but rather to use oauth.oid4vc().nonceRequest() (or doNonceRequest()) ?

@forkimenjeckayang
Copy link
Copy Markdown
Contributor Author

forkimenjeckayang commented Apr 24, 2026

For the review: Can you please also update OID4VCIssuerEndpointEncryptionTest.getCNonce() to not use RestEasy/Apache HTTP, but rather to use oauth.oid4vc().nonceRequest() (or doNonceRequest()) ?

Done @mposolda

@forkimenjeckayang forkimenjeckayang mentioned this pull request Apr 24, 2026
Open
@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 24, 2026
Open
mposolda
mposolda approved these changes Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mposolda mposolda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@forkimenjeckayang Nice, Thanks!

@mposolda mposolda merged commit 6ed241a into keycloak:main Apr 24, 2026
85 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mposolda mposolda mposolda approved these changes

Assignees

@mposolda mposolda

Labels

flaky-test team/cloud-native team/core-clients team/core-iam team/ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[OID4VCI] Review OID4VCIssuerEndpointEncryptionTest

2 participants

@forkimenjeckayang @mposolda