feat(auth): add authorization_request_params to OpenID4VCI requestCredential API

[reinkrul]

Implements #4328.

What

Adds an optional authorization_request_params field to the requestCredential API body. The node merges these key/value pairs into the OpenID4VCI authorization request (the redirect to the Authorization Server's authorization_endpoint), mirroring the existing credential_request_params field for the Credential Request.

{
  "issuer": "https://issuer.example.com/oauth",
  "wallet_did": "did:web:example.com",
  "authorization_details": [ { "type": "openid_credential", "credential_configuration_id": "..." } ],
  "redirect_uri": "https://example.com/oauth2/org1/callback",
  "authorization_request_params": { "auth_method": "SmartCard" }
}

→ redirect: .../oauth/connect/authorize?...&auth_method=SmartCard.

Why

The AET ZORG-ID issuer requires a non-standard auth_method=SmartCard query parameter on the authorization request to start smartcard login. The authorization request query was a fixed list with no caller hook (auth/api/iam/openid4vci.go). The standard mechanism (authorization_details, RFC 9396) is preferred and already sent, but AET does not accept the smartcard selection there.

Behavior

• Applied after the node's own parameters, so caller values win for the same key (same "caller is responsible" contract as credential_request_params).
• Values are strings (map[string]string) — URL query parameters.
• Omitted/absent → no change to today's behavior. Fully additive.

Changes

• docs/_static/auth/v2.yaml — new request-body field; regenerated auth/api/iam/generated.go and e2e-tests/browser/client/iam/generated.go via make gen-api.
• auth/api/iam/openid4vci.go — merge the params in RequestOpenid4VCICredentialIssuance.
• auth/api/iam/openid4vci_test.go — assert the param lands in the redirect query.

Notes

Already running on project-gf-pilot (where the field was first added as authorization_params, then renamed here to align with credential_request_params).

🤖 Assisted by AI

[qltysh]

1 new issue

Tool	Category	Rule	Count
qlty	Structure	Function with many returns (count = 13): RequestOpenid4VCICredentialIssuance	1

[qltysh]

Coverage Impact

⬆️ Merging this pull request will increase total coverage on master by 0.01%.

Modified Files with Diff Coverage (1)

Rating	File	% Diff	Uncovered Line #s
	auth/api/iam/openid4vci.go	100.0%
	Total	100.0%

🚦 See full report on Qlty Cloud »

🛟 Help

• Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

• Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

• File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

  • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.