From fc7d7b4549eea9ee8e56791a86c3315156b083f4 Mon Sep 17 00:00:00 2001
From: Cayo Puigdefabregas <cayo@usody.com>
Date: Mon, 11 Dec 2023 21:30:56 +0100
Subject: [PATCH] get roles from credential

---
 ereuse_devicehub/modules/oidc/views.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/ereuse_devicehub/modules/oidc/views.py b/ereuse_devicehub/modules/oidc/views.py
index 9e21d837..36f23c4b 100644
--- a/ereuse_devicehub/modules/oidc/views.py
+++ b/ereuse_devicehub/modules/oidc/views.py
@@ -223,17 +223,30 @@ class AllowCodeOidc4vpView(GenericMixin):
 
     def dispatch_request(self):
         self.vp_token = request.values.get("vp_token")
-        # pv= self.vp_token.split(".")
-        # token = json.loads(base64.b64decode(pv[1]).decode())
+        pv = self.vp_token.split(".")
+        token = json.loads(base64.b64decode(pv[1]).decode())
         headers = {
             'Content-Type': 'application/json',
             'Authorization': f'Bearer WALLET_INX_EBSI_PLUGIN_TOKEN'
         }
+        vcredential = token.get('vp', {}).get("verifiableCredential")
+        if not vcredential:
+            return
+
         data = json.dumps({
             "type": "VerificationRequest",
-            "jwtCredential": self.vp_token
+            "jwtCredential": vcredential
         })
-        result = requests.post(WALLET_INX_EBSI_PLUGIN_URL, headers=headers, json=data)
+        result = requests.post(WALLET_INX_EBSI_PLUGIN_URL, headers=headers, data=data)
+        if result.status_code != 200:
+            return
+
+        vps = json.loads(result.text)
+        if not vps.get('verified'):
+            return
+        roles = vps['credential']['credentialSubject'].get('role')
+        if not roles:
+            return
 
         return jsonify({"result": "ok"})
         # if not self.code or not self.oidc: