feat: add support for OIDC VC

[hperl]

Related issue(s)

Requires ory/fosite#758

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

[codecov]

Codecov Report

Merging #3575 (88c7c93) into master (eb89af7) will decrease coverage by 0.07%.
The diff coverage is 74.00%.

❗ Current head 88c7c93 differs from pull request most recent head 949008f. Consider uploading reports for the commit 949008f to get more accurate results

@@            Coverage Diff             @@
##           master    #3575      +/-   ##
==========================================
- Coverage   76.39%   76.32%   -0.07%     
==========================================
  Files         130      132       +2     
  Lines        9746     9879     +133     
==========================================
+ Hits         7445     7540      +95     
- Misses       1799     1824      +25     
- Partials      502      515      +13     

Files Changed	Coverage Δ
aead/xchacha20.go	66.66% <0.00%> (-3.93%)	⬇️
client/manager_test_helpers.go	98.52% <ø> (ø)
oauth2/handler.go	67.56% <72.56%> (+0.42%)	⬆️
x/int_to_bytes.go	75.00% <75.00%> (ø)
persistence/sql/persister_nonce.go	80.95% <80.95%> (ø)
driver/config/provider.go	82.88% <100.00%> (+0.13%)	⬆️
driver/config/provider_fosite.go	82.60% <100.00%> (+0.79%)	⬆️
driver/registry_base.go	83.69% <100.00%> (ø)
fositex/config.go	86.11% <100.00%> (ø)

[alnr]

Very nicely done!

[aeneasr]

Thank you! This looks pretty good. I think there's a bit of clean-up we need to do.

Also, should we add a proper end-to-end test in playwright/cypress for this?

[alnr]

Please re-run make sdk

[hperl]

Thanks for the review @aeneasr and @alnr! I'll clean up this PR and we should be ready for the final round.

I don't think we need Cypress/PW E2E tests, because the credentials endpoint is already fully tested and we would just repeat building the JWT proof in JavaScript.

[hperl]

I addressed all review comments now. Mainly I:

• added swagger annotations and regenerated the SDK
• added proper hints to all errors
• refactored the nonce manager based on @alnr's suggestion to just encrypt the timestamp, which results in a more compact representation of the nonce

[alnr]

LGTM. Needs ory/fosite#758 to be merged first, right?

[alnr]

Just a tiny lint issue

[hperl]

LGTM. Needs ory/fosite#758 to be merged first, right?

There is a circular dependency for pushing Fosite and Hydra. Fosite uses Hydra for the OIDC conformancy tests (which fail on the Fosite PR), and will only pass with master Hydra when this PR here is merged.

So I suggest merging this first, then the Fosite PR, then remove the replace directive in Hydra.

[aeneasr]

Very nice, just one minor swagger comment ...