@bedrock/vc-delivery 5.5.0 → 5.6.0

package/lib/http.js

@@ -16,6 +16,8 @@ import {getWorkflowId} from './helpers.js';
 import {logger} from './logger.js';
 import {createValidateMiddleware as validate} from '@bedrock/validation';
 
+const {util: {BedrockError}} = bedrock;
+
 // FIXME: remove and apply at top-level application
 bedrock.events.on('bedrock-express.configure.bodyParser', app => {
   app.use(bodyParser.json({
@@ -32,7 +34,8 @@ export async function addRoutes({app, service} = {}) {
   const baseUrl = `${routePrefix}/:localId`;
   const routes = {
     exchanges: `${baseUrl}/exchanges`,
-    exchange: `${baseUrl}/exchanges/:exchangeId`
+    exchange: `${baseUrl}/exchanges/:exchangeId`,
+    protocols: `${baseUrl}/exchanges/:exchangeId/protocols`
   };
 
   // used to retrieve service object (workflow) config
@@ -117,6 +120,49 @@ export async function addRoutes({app, service} = {}) {
       await processExchange({req, res, workflow, exchangeRecord});
     }));
 
+  // VC-API get interaction `{"protocols": {...}}` options
+  app.get(
+    routes.protocols,
+    cors(),
+    getExchange,
+    getConfigMiddleware,
+    asyncHandler(async (req, res) => {
+      if(!req.accepts('json')) {
+        // provide hopefully useful error for when VC API interaction URLs
+        // are processed improperly, e.g., directly loaded by a browser instead
+        // of by a digital wallet
+        throw new BedrockError(
+          'Unsupported "Accept" header. A VC API interaction URL must be ' +
+          'processed by an exchange client, e.g., a digital wallet.', {
+            name: 'NotSupportedError',
+            details: {httpStatusCode: 406, public: true}
+          });
+      }
+      // construct and return `protocols` object
+      const {config: workflow} = req.serviceObject;
+      const {exchange} = await req.getExchange();
+      const exchangeId = `${workflow.id}/exchanges/${exchange.id}`;
+      const protocols = {
+        vcapi: exchangeId
+      };
+      const openIdRoute = `${exchangeId}/openid`;
+      if(oid4.supportsOID4VCI({exchange})) {
+        // OID4VCI supported; add credential offer URL
+        const searchParams = new URLSearchParams();
+        const uri = `${openIdRoute}/credential-offer`;
+        searchParams.set('credential_offer_uri', uri);
+        protocols.OID4VCI = `openid-credential-offer://?${searchParams}`;
+      } else if(await oid4.supportsOID4VP({workflow, exchange})) {
+        // OID4VP supported; add openid4vp URL
+        const searchParams = new URLSearchParams({
+          client_id: `${openIdRoute}/client/authorization/response`,
+          request_uri: `${openIdRoute}/client/authorization/request`
+        });
+        protocols.OID4VP = `openid4vp://authorize?${searchParams}`;
+      }
+      res.json({protocols});
+    }));
+
   // create OID4* routes to be used with each individual exchange
   await oid4.createRoutes(
     {app, exchangeRoute: routes.exchange, getConfigMiddleware, getExchange});

package/lib/oid4/http.js

@@ -12,9 +12,14 @@ import {
 import {asyncHandler} from '@bedrock/express';
 import bodyParser from 'body-parser';
 import cors from 'cors';
+import {logger} from '../logger.js';
 import {UnsecuredJWT} from 'jose';
 import {createValidateMiddleware as validate} from '@bedrock/validation';
 
+// re-export support detection helpers
+export {supportsOID4VCI} from './oid4vci.js';
+export {supportsOID4VP} from './oid4vp.js';
+
 /* NOTE: Parts of the OID4VCI design imply tight integration between the
 authorization server and the credential issuance / delivery server. This
 file provides the routes for both and treats them as integrated; supporting
@@ -374,6 +379,7 @@ export async function createRoutes({
 }
 
 function _sendOID4Error({res, error}) {
+  logger.error(error.message, {error});
   const status = error.details?.httpStatusCode ?? 500;
   const oid4Error = {
     error: _camelToSnakeCase(error.name ?? 'OperationError'),

package/lib/oid4/oid4vci.js

@@ -149,6 +149,10 @@ export async function processCredentialRequests({req, res, isBatchRequest}) {
   return _processExchange({req, res, workflow, exchangeRecord, isBatchRequest});
 }
 
+export function supportsOID4VCI({exchange}) {
+  return exchange.openId?.expectedCredentialRequests !== undefined;
+}
+
 function _assertCredentialRequests({
   workflow, credentialRequests, expectedCredentialRequests
 }) {
@@ -201,7 +205,7 @@ function _assertCredentialRequests({
 }
 
 function _assertOID4VCISupported({exchange}) {
-  if(!exchange.openId?.expectedCredentialRequests) {
+  if(!supportsOID4VCI({exchange})) {
     throw new BedrockError('OID4VCI is not supported by this exchange.', {
       name: 'NotSupportedError',
       details: {httpStatusCode: 400, public: true}

package/lib/oid4/oid4vp.js

@@ -276,6 +276,18 @@ export async function processAuthorizationResponse({req}) {
   }
 }
 
+export async function supportsOID4VP({workflow, exchange}) {
+  if(!exchange.step) {
+    return false;
+  }
+  let step = workflow.steps[exchange.step];
+  if(step.stepTemplate) {
+    step = await evaluateTemplate(
+      {workflow, exchange, typedTemplate: step.stepTemplate});
+  }
+  return step.openId !== undefined;
+}
+
 function _createClientMetaData() {
   // return default supported `vp_formats`
   return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bedrock/vc-delivery",
-  "version": "5.5.0",
+  "version": "5.6.0",
   "type": "module",
   "description": "Bedrock Verifiable Credential Delivery",
   "main": "./lib/index.js",