Centralize OID4VCI Protocol Constants in Oid4VciConstants and Refactor Usages (#41481)

Closes #40083

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

server-spi-private/src/main/java/org/keycloak/constants/Oid4VciConstants.java

@@ -29,6 +29,13 @@ public final class Oid4VciConstants {
 
     public static final String CREDENTIAL_SUBJECT = "credentialSubject";
 
+    // --- Endpoints/Well-Known ---
+    public static final String WELL_KNOWN_OPENID_CREDENTIAL_ISSUER = "openid-credential-issuer";
+    public static final String RESPONSE_TYPE_IMG_PNG = "image/png";
+    public static final String CREDENTIAL_OFFER_URI_CODE_SCOPE = "credential-offer";
+
+    // --- Keybinding/Credential Builder ---
+    public static final String SOURCE_ENDPOINT = "source_endpoint";
     public static final String BATCH_CREDENTIAL_ISSUANCE_BATCH_SIZE = "batch_credential_issuance.batch_size";
 
     private Oid4VciConstants() {

services/src/main/java/org/keycloak/protocol/oid4vc/OID4VCLoginProtocolFactory.java

@@ -51,8 +51,6 @@ public class OID4VCLoginProtocolFactory implements LoginProtocolFactory, OID4VCE
 
     private static final Logger LOGGER = Logger.getLogger(OID4VCLoginProtocolFactory.class);
 
-    public static final String PROTOCOL_ID = Oid4VciConstants.OID4VC_PROTOCOL;
-
     private static final String CLIENT_ROLES_MAPPER = "client-roles";
     private static final String USERNAME_MAPPER = "username";
     private static final String SUBJECT_ID_MAPPER = "subject-id";
@@ -60,6 +58,8 @@ public class OID4VCLoginProtocolFactory implements LoginProtocolFactory, OID4VCE
     private static final String LAST_NAME_MAPPER = "last-name";
     private static final String FIRST_NAME_MAPPER = "first-name";
 
+    public static final String PROTOCOL_ID = Oid4VciConstants.OID4VC_PROTOCOL;
+
     private Map<String, ProtocolMapperModel> builtins = new HashMap<>();
 
     @Override
@@ -100,9 +100,9 @@ public class OID4VCLoginProtocolFactory implements LoginProtocolFactory, OID4VCE
         ClientScopeModel naturalPersonScope = KeycloakModelUtils.getClientScopeByName(newRealm, "natural_person");
         if (naturalPersonScope == null) {
             LOGGER.debug("Add natural person scope");
-            naturalPersonScope = newRealm.addClientScope(String.format("%s_%s", PROTOCOL_ID, "natural_person"));
+            naturalPersonScope = newRealm.addClientScope(String.format("%s_%s", Oid4VciConstants.OID4VC_PROTOCOL, "natural_person"));
             naturalPersonScope.setDescription("OIDC$VP Scope, that adds all properties required for a natural person.");
-            naturalPersonScope.setProtocol(PROTOCOL_ID);
+            naturalPersonScope.setProtocol(Oid4VciConstants.OID4VC_PROTOCOL);
             naturalPersonScope.addProtocolMapper(builtins.get(SUBJECT_ID_MAPPER));
             naturalPersonScope.addProtocolMapper(builtins.get(CLIENT_ROLES_MAPPER));
             naturalPersonScope.addProtocolMapper(builtins.get(EMAIL_MAPPER));
@@ -149,7 +149,7 @@ public class OID4VCLoginProtocolFactory implements LoginProtocolFactory, OID4VCE
 
     @Override
     public String getId() {
-        return PROTOCOL_ID;
+        return Oid4VciConstants.OID4VC_PROTOCOL;
     }
 
     /**

services/src/main/java/org/keycloak/protocol/oid4vc/issuance/OID4VCIssuerEndpoint.java

@@ -37,6 +37,9 @@ import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.Response;
 import org.jboss.logging.Logger;
 import org.keycloak.common.util.SecretGenerator;
+import org.keycloak.component.ComponentFactory;
+import org.keycloak.component.ComponentModel;
+import org.keycloak.constants.Oid4VciConstants;
 import org.keycloak.events.Errors;
 import org.keycloak.events.EventBuilder;
 import org.keycloak.jose.jwe.JWE;
@@ -125,8 +128,8 @@ public class OID4VCIssuerEndpoint {
     public static final String NONCE_PATH = "nonce";
     public static final String CREDENTIAL_PATH = "credential";
     public static final String CREDENTIAL_OFFER_PATH = "credential-offer/";
-    public static final String RESPONSE_TYPE_IMG_PNG = "image/png";
-    public static final String CREDENTIAL_OFFER_URI_CODE_SCOPE = "credential-offer";
+    public static final String RESPONSE_TYPE_IMG_PNG = Oid4VciConstants.RESPONSE_TYPE_IMG_PNG;
+    public static final String CREDENTIAL_OFFER_URI_CODE_SCOPE = Oid4VciConstants.CREDENTIAL_OFFER_URI_CODE_SCOPE;
     private final KeycloakSession session;
     private final AppAuthManager.BearerTokenAuthenticator bearerTokenAuthenticator;
     private final TimeProvider timeProvider;

services/src/main/java/org/keycloak/protocol/oid4vc/issuance/OID4VCIssuerWellKnownProviderFactory.java

@@ -23,6 +23,7 @@ import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.protocol.oid4vc.OID4VCEnvironmentProviderFactory;
 import org.keycloak.wellknown.WellKnownProvider;
 import org.keycloak.wellknown.WellKnownProviderFactory;
+import org.keycloak.constants.Oid4VciConstants;
 
 /**
  * {@link  WellKnownProviderFactory} implementation for the OID4VCI metadata
@@ -33,7 +34,7 @@ import org.keycloak.wellknown.WellKnownProviderFactory;
  */
 public class OID4VCIssuerWellKnownProviderFactory implements WellKnownProviderFactory, OID4VCEnvironmentProviderFactory {
 
-    public static final String PROVIDER_ID = "openid-credential-issuer";
+    public static final String PROVIDER_ID = Oid4VciConstants.WELL_KNOWN_OPENID_CREDENTIAL_ISSUER;
 
     @Override
     public WellKnownProvider create(KeycloakSession session) {

services/src/main/java/org/keycloak/protocol/oid4vc/issuance/keybinding/JwtCNonceHandler.java

@@ -56,7 +56,7 @@ import java.util.Random;
  */
 public class JwtCNonceHandler implements CNonceHandler {
 
-    public static final String SOURCE_ENDPOINT = "source_endpoint";
+    public static final String SOURCE_ENDPOINT = Oid4VciConstants.SOURCE_ENDPOINT;
 
     public static final int NONCE_DEFAULT_LENGTH = 50;