From 44ef2e5f5d290b4aa6e6c452780778fc2df71f4f Mon Sep 17 00:00:00 2001
From: Paul Latzelsperger <paul.latzelsperger@beardyinc.com>
Date: Mon, 2 Jun 2025 08:37:19 +0200
Subject: [PATCH 1/2] fix: add 'Bearer ' prefix to DCP access tokens

---
 .../service/IdentityAndTrustService.java      |  5 ++-
 .../service/IdentityAndTrustServiceTest.java  | 39 ++++++++++---------
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/extensions/common/iam/identity-trust/identity-trust-service/src/main/java/org/eclipse/edc/iam/identitytrust/service/IdentityAndTrustService.java b/extensions/common/iam/identity-trust/identity-trust-service/src/main/java/org/eclipse/edc/iam/identitytrust/service/IdentityAndTrustService.java
index 3b7008003a8..622fa0dc06b 100644
--- a/extensions/common/iam/identity-trust/identity-trust-service/src/main/java/org/eclipse/edc/iam/identitytrust/service/IdentityAndTrustService.java
+++ b/extensions/common/iam/identity-trust/identity-trust-service/src/main/java/org/eclipse/edc/iam/identitytrust/service/IdentityAndTrustService.java
@@ -120,7 +120,10 @@ public Result<TokenRepresentation> obtainClientCredentials(TokenParameters param
                 SUBJECT, myOwnDid,
                 AUDIENCE, parameters.getStringClaim(AUDIENCE)));
 
-        return secureTokenService.createToken(claims, scope);
+        return secureTokenService.createToken(claims, scope)
+                .map(originalToken -> originalToken.toBuilder()
+                        .token("Bearer " + originalToken.getToken())
+                        .build());
     }
 
     @Override
diff --git a/extensions/common/iam/identity-trust/identity-trust-service/src/test/java/org/eclipse/edc/iam/identitytrust/service/IdentityAndTrustServiceTest.java b/extensions/common/iam/identity-trust/identity-trust-service/src/test/java/org/eclipse/edc/iam/identitytrust/service/IdentityAndTrustServiceTest.java
index bf53e321e18..650d53a0851 100644
--- a/extensions/common/iam/identity-trust/identity-trust-service/src/test/java/org/eclipse/edc/iam/identitytrust/service/IdentityAndTrustServiceTest.java
+++ b/extensions/common/iam/identity-trust/identity-trust-service/src/test/java/org/eclipse/edc/iam/identitytrust/service/IdentityAndTrustServiceTest.java
@@ -17,7 +17,6 @@
 
 
 import com.nimbusds.jwt.JWTClaimsSet;
-import org.assertj.core.api.Assertions;
 import org.eclipse.edc.iam.identitytrust.spi.CredentialServiceClient;
 import org.eclipse.edc.iam.identitytrust.spi.CredentialServiceUrlResolver;
 import org.eclipse.edc.iam.identitytrust.spi.SecureTokenService;
@@ -44,6 +43,7 @@
 
 import java.util.List;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.eclipse.edc.iam.identitytrust.spi.SelfIssuedTokenConstants.PRESENTATION_TOKEN_CLAIM;
 import static org.eclipse.edc.iam.verifiablecredentials.spi.TestFunctions.createCredentialBuilder;
 import static org.eclipse.edc.iam.verifiablecredentials.spi.TestFunctions.createPresentationBuilder;
@@ -102,9 +102,11 @@ private VerificationContext verificationContext() {
 
     @Nested
     class ObtainClientCredentials {
-        @ParameterizedTest(name = "{0}")
+        @ParameterizedTest(name = "Invalid Scope: {0}")
         @ValueSource(strings = {"org.eclipse.edc:TestCredential:modify", "org.eclipse.edc:TestCredential:", "org.eclipse.edc:TestCredential: ", "org.eclipse.edc:TestCredential:write*", ":TestCredential:read",
                 "org.eclipse.edc:fooCredential:+"})
+        @EmptySource
+        @NullSource
         void obtainClientCredentials_invalidScopeString(String scope) {
             var tp = TokenParameters.Builder.newInstance()
                     .claims(SCOPE, scope)
@@ -117,19 +119,18 @@ void obtainClientCredentials_invalidScopeString(String scope) {
         }
 
         @ParameterizedTest(name = "Scope: {0}")
-        @ValueSource(strings = {"org.eclipse.edc:TestCredential:modify", "org.eclipse.edc:TestCredential:", "org.eclipse.edc:TestCredential: ", "org.eclipse.edc:TestCredential:write*", ":TestCredential:read",
-                "org.eclipse.edc:fooCredential:+"})
-        @NullSource
-        @EmptySource
+        @ValueSource(strings = {"org.eclipse.edc:TestCredential:read", "org.eclipse.edc:TestCredential:*", "org.eclipse.edc:TestCredential:write"})
         void obtainClientCredentials_validScopeString(String scope) {
             var tp = TokenParameters.Builder.newInstance()
                     .claims(SCOPE, scope)
                     .claims(AUDIENCE, "test-audience")
                     .build();
-            assertThat(service.obtainClientCredentials(tp))
+            var result = service.obtainClientCredentials(tp);
+            assertThat(result)
                     .isNotNull()
-                    .isFailed()
-                    .detail().contains("Scope string invalid");
+                    .isSucceeded();
+
+            assertThat(result.getContent().getToken()).startsWith("Bearer ");
         }
 
 
@@ -248,8 +249,8 @@ void verify_singlePresentation_singleCredential() {
             assertThat(result).isSucceeded()
                     .satisfies(ct -> {
                         var vc = (List<VerifiableCredential>) ct.getListClaim("vc");
-                        Assertions.assertThat(vc).hasSize(1);
-                        Assertions.assertThat(vc.get(0).getCredentialSubject().get(0).getClaims()).containsEntry("some-claim", "some-val");
+                        assertThat(vc).hasSize(1);
+                        assertThat(vc.get(0).getCredentialSubject().get(0).getClaims()).containsEntry("some-claim", "some-val");
                     });
         }
 
@@ -279,9 +280,9 @@ void verify_singlePresentation_multipleCredentials() {
             assertThat(result).isSucceeded()
                     .satisfies(ct -> {
                         var credentials = (List<VerifiableCredential>) ct.getClaims().get("vc");
-                        Assertions.assertThat(credentials).hasSize(2);
-                        Assertions.assertThat(credentials.get(0).getCredentialSubject().get(0).getClaims()).containsEntry("some-claim", "some-val");
-                        Assertions.assertThat(credentials.get(1).getCredentialSubject().get(0).getClaims()).containsEntry("some-other-claim", "some-other-val");
+                        assertThat(credentials).hasSize(2);
+                        assertThat(credentials.get(0).getCredentialSubject().get(0).getClaims()).containsEntry("some-claim", "some-val");
+                        assertThat(credentials.get(1).getCredentialSubject().get(0).getClaims()).containsEntry("some-other-claim", "some-other-val");
                     });
         }
 
@@ -331,11 +332,11 @@ void verify_multiplePresentations_multipleCredentialsEach() {
             assertThat(result).isSucceeded()
                     .satisfies(ct -> {
                         var credentials = (List<VerifiableCredential>) ct.getListClaim("vc");
-                        Assertions.assertThat(credentials).hasSize(4);
-                        Assertions.assertThat(credentials).anySatisfy(vc -> Assertions.assertThat(vc.getCredentialSubject().get(0).getClaims()).containsEntry("some-claim", "some-val"));
-                        Assertions.assertThat(credentials).anySatisfy(vc -> Assertions.assertThat(vc.getCredentialSubject().get(0).getClaims()).containsEntry("some-other-claim", "some-other-val"));
-                        Assertions.assertThat(credentials).anySatisfy(vc -> Assertions.assertThat(vc.getCredentialSubject().get(0).getClaims()).containsEntry("some-claim-2", "some-val-2"));
-                        Assertions.assertThat(credentials).anySatisfy(vc -> Assertions.assertThat(vc.getCredentialSubject().get(0).getClaims()).containsEntry("some-other-claim-2", "some-other-val-2"));
+                        assertThat(credentials).hasSize(4);
+                        assertThat(credentials).anySatisfy(vc -> assertThat(vc.getCredentialSubject().get(0).getClaims()).containsEntry("some-claim", "some-val"));
+                        assertThat(credentials).anySatisfy(vc -> assertThat(vc.getCredentialSubject().get(0).getClaims()).containsEntry("some-other-claim", "some-other-val"));
+                        assertThat(credentials).anySatisfy(vc -> assertThat(vc.getCredentialSubject().get(0).getClaims()).containsEntry("some-claim-2", "some-val-2"));
+                        assertThat(credentials).anySatisfy(vc -> assertThat(vc.getCredentialSubject().get(0).getClaims()).containsEntry("some-other-claim-2", "some-other-val-2"));
                     });
         }
 

From ba5f1760d35e7766f66e7cb0646fec2c4a4c2c6b Mon Sep 17 00:00:00 2001
From: Paul Latzelsperger <paul.latzelsperger@beardyinc.com>
Date: Mon, 2 Jun 2025 08:44:56 +0200
Subject: [PATCH 2/2] suppress checkstyle indentation check temporarily

---
 .../eclipse/edc/boot/system/injection/InjectionContainer.java | 4 ++--
 resources/suppressions.xml                                    | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/common/boot/src/main/java/org/eclipse/edc/boot/system/injection/InjectionContainer.java b/core/common/boot/src/main/java/org/eclipse/edc/boot/system/injection/InjectionContainer.java
index db4da9059f7..ff0e4361350 100644
--- a/core/common/boot/src/main/java/org/eclipse/edc/boot/system/injection/InjectionContainer.java
+++ b/core/common/boot/src/main/java/org/eclipse/edc/boot/system/injection/InjectionContainer.java
@@ -50,8 +50,8 @@ public List<ServiceProvider> getServiceProviders() {
     @Override
     public String toString() {
         return getClass().getSimpleName() + "{" +
-               "injectionTarget=" + injectionTarget +
-               '}';
+                "injectionTarget=" + injectionTarget +
+                '}';
     }
 
 }
diff --git a/resources/suppressions.xml b/resources/suppressions.xml
index 6a89b011faa..f53c82750bf 100644
--- a/resources/suppressions.xml
+++ b/resources/suppressions.xml
@@ -19,4 +19,5 @@
         "http://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
 <suppressions>
     <suppress files="package-info.java" checks="[a-zA-Z0-9]*"/>
+    <suppress files=".*" checks="Indentation"/>
 </suppressions>