As part of the v1.0 refactor (#3953), tighten up the OpenID4VCI HTTP client (vcr/openid4vci/issuer_client.go, wallet_client.go) so failures are easier to diagnose in production.
Goals
- Use
core.TestResponseCodeWithLog for response-status checking instead of the local truncate-and-log block in httpDo. This gives us the standard clipped body log on unexpected statuses and the typed core.HttpError (with StatusCode / ResponseBody) that callers can inspect.
- Make the HTTP client emit OTEL spans for every OpenID4VCI request. The underlying
http/client already wraps its transport with otelhttp.NewTransport when tracing is enabled, but httpOAuth2Client.RequestAccessToken currently calls http.NewRequestWithContext(context.Background(), ...), which severs the parent span. The result is that OAuth2 token requests appear as orphan spans (or are missing entirely) in traces of a credential-issuance flow.
Scope
- Plumb
context.Context through OAuth2Client.RequestAccessToken (interface change; cascade through defaultIssuerAPIClient, mocks, and the caller in vcr/holder/openid.go:HandleCredentialOffer).
- Replace the manual body-clipping/log in
httpDo with core.TestResponseCodeWithLog.
- Preserve the existing 2xx-range semantics.
TestResponseCodeWithLog does an exact-match on the status code, so a naive swap silently rejects legitimate 201/202/204 responses. Per OpenID4VCI v1.0, deferred credential issuance returns 202 and the credential-offer endpoint typically uses 204, so the call sites need to declare the expected status code(s) (e.g. extend httpDo to take an expectedStatus int, or add a core.TestResponseCode2xx* helper). Decide on the shape during the v1.0 refactor.
- Drop the dead
var HttpClientTrace *httptrace.ClientTrace = nil global — it is exported but never assigned.
Why now
Defer to the v1.0 refactor so the status-code semantics question is settled in one pass alongside deferred-issuance support, instead of being shoehorned into an interim PR.
Out of scope
- Adding explicit OpenID4VCI-level spans on top of the
otelhttp transport spans — the transport-level spans are sufficient once context propagation is fixed.
As part of the v1.0 refactor (#3953), tighten up the OpenID4VCI HTTP client (
vcr/openid4vci/issuer_client.go,wallet_client.go) so failures are easier to diagnose in production.Goals
core.TestResponseCodeWithLogfor response-status checking instead of the local truncate-and-log block inhttpDo. This gives us the standard clipped body log on unexpected statuses and the typedcore.HttpError(withStatusCode/ResponseBody) that callers can inspect.http/clientalready wraps its transport withotelhttp.NewTransportwhen tracing is enabled, buthttpOAuth2Client.RequestAccessTokencurrently callshttp.NewRequestWithContext(context.Background(), ...), which severs the parent span. The result is that OAuth2 token requests appear as orphan spans (or are missing entirely) in traces of a credential-issuance flow.Scope
context.ContextthroughOAuth2Client.RequestAccessToken(interface change; cascade throughdefaultIssuerAPIClient, mocks, and the caller invcr/holder/openid.go:HandleCredentialOffer).httpDowithcore.TestResponseCodeWithLog.TestResponseCodeWithLogdoes an exact-match on the status code, so a naive swap silently rejects legitimate 201/202/204 responses. Per OpenID4VCI v1.0, deferred credential issuance returns 202 and the credential-offer endpoint typically uses 204, so the call sites need to declare the expected status code(s) (e.g. extendhttpDoto take anexpectedStatus int, or add acore.TestResponseCode2xx*helper). Decide on the shape during the v1.0 refactor.var HttpClientTrace *httptrace.ClientTrace = nilglobal — it is exported but never assigned.Why now
Defer to the v1.0 refactor so the status-code semantics question is settled in one pass alongside deferred-issuance support, instead of being shoehorned into an interim PR.
Out of scope
otelhttptransport spans — the transport-level spans are sufficient once context propagation is fixed.