fix: sd jwt validation exception on missing KID

pyeudiw/openid4vp/vp_sd_jwt.py

@@ -1,13 +1,22 @@
 from pyeudiw.jwk import JWK
 from pyeudiw.sd_jwt import verify_sd_jwt
 
+from pyeudiw.jwk.exceptions import KidNotFoundError
+
 
 class VpSdJwt:
 
     def verify_sdjwt(
         self,
         issuer_jwks_by_kid: dict = {}
     ) -> dict:
+
+        if not issuer_jwks_by_kid.get(self.credential_headers["kid"], None):
+            raise KidNotFoundError(
+                f"issuer jwks {issuer_jwks_by_kid} doesn't contains "
+                f"the KID {self.credential_headers['kid']}"
+            )
+
         issuer_jwk = JWK(issuer_jwks_by_kid[self.credential_headers["kid"]])
         holder_jwk = JWK(self.credential_payload["cnf"]["jwk"])
 

pyeudiw/satosa/backend.py

@@ -383,11 +383,11 @@ def redirect_endpoint(self, context, *args):
         state = vpt.payload.get("state", None)
         if not state:
             return self.handle_error(
-                context = context,
-                message = "invalid_request",
-                troubleshoot = "state not found in the response",
-                err_code = "400",
-                err = f"{_msg} with: {vpt.payload}"
+                context=context,
+                message="invalid_request",
+                troubleshoot="state not found in the response",
+                err_code="400",
+                err=f"{_msg} with: {vpt.payload}"
             )
 
         try:
@@ -590,7 +590,8 @@ def request_endpoint(self, context, *args):
             "state": state,
             "iss": self.client_id,
             "iat": iat_now(),
-            "exp": exp_from_now(minutes=5) # TODO: set an exp for the request in the general conf
+            # TODO: set an exp for the request in the general conf
+            "exp": exp_from_now(minutes=5)
         }
 
         try: