@bedrock/vc-delivery 6.5.0 → 6.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/lib/helpers.js +12 -2
  2. package/lib/oid4/oid4vp.js +20 -4
  3. package/package.json +1 -1
  4. package/schemas/bedrock-vc-workflow.js +17 -3
package/lib/helpers.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*!
2
- * Copyright (c) 2022-2024 Digital Bazaar, Inc. All rights reserved.
2
+ * Copyright (c) 2022-2025 Digital Bazaar, Inc. All rights reserved.
3
3
  */
4
4
  import * as bedrock from '@bedrock/core';
5
5
  import * as vcjwt from './vcjwt.js';
@@ -18,6 +18,16 @@ const ALLOWED_ERROR_KEYS = [
18
18
  'status'
19
19
  ];
20
20
 
21
+ const JWT_FORMAT_ALIASES = new Set([
22
+ 'application/jwt',
23
+ 'application/vc+jwt',
24
+ 'application/vp+jwt',
25
+ 'jwt_vp',
26
+ 'jwt_vp_json',
27
+ 'jwt_vc_json-ld',
28
+ 'jwt_vc_json'
29
+ ]);
30
+
21
31
  export async function evaluateTemplate({
22
32
  workflow, exchange, typedTemplate, variables
23
33
  } = {}) {
@@ -243,7 +253,7 @@ function _getEnvelope({envelope, format}) {
243
253
  const isString = typeof envelope === 'string';
244
254
  if(isString) {
245
255
  // supported formats
246
- if(format === 'application/jwt' || format === 'jwt_vc_json-ld') {
256
+ if(JWT_FORMAT_ALIASES.has(format)) {
247
257
  format = 'application/jwt';
248
258
  }
249
259
  } else {
package/lib/oid4/oid4vp.js CHANGED
@@ -289,9 +289,20 @@ function _createClientMetaData() {
289
289
  // return default supported `vp_formats`
290
290
  return {
291
291
  vp_formats: {
292
+ // support both aliases `jwt_vp` and `jwt_vp_json`
292
293
  jwt_vp: {
293
294
  alg: ['EdDSA', 'Ed25519', 'ES256', 'ES384']
294
295
  },
296
+ jwt_vp_json: {
297
+ alg: ['EdDSA', 'Ed25519', 'ES256', 'ES384']
298
+ },
299
+ di_vp: {
300
+ proof_type: [
301
+ 'ecdsa-rdfc-2019',
302
+ 'eddsa-rdfc-2022',
303
+ 'Ed25519Signature2020'
304
+ ]
305
+ },
295
306
  ldp_vp: {
296
307
  proof_type: [
297
308
  'ecdsa-rdfc-2019',
@@ -308,7 +319,7 @@ async function _parseAuthorizationResponse({req}) {
308
319
  const {vp_token, presentation_submission} = req.body;
309
320
 
310
321
  // JSON parse and validate `vp_token` and `presentation_submission`
311
- let presentation = _jsonParse(vp_token, 'vp_token');
322
+ let presentation = _jsonParse(vp_token, 'vp_token', true);
312
323
  const presentationSubmission = _jsonParse(
313
324
  presentation_submission, 'presentation_submission');
314
325
  _validate(VALIDATORS.presentationSubmission, presentationSubmission);
@@ -319,8 +330,8 @@ async function _parseAuthorizationResponse({req}) {
319
330
  envelope: raw, presentation: contents, format
320
331
  } = await unenvelopePresentation({
321
332
  envelopedPresentation: presentation,
322
- // FIXME: check presentationSubmission for VP format
323
- format: 'jwt_vc_json-ld'
333
+ // FIXME: check `presentationSubmission` for VP format
334
+ format: 'application/jwt'
324
335
  });
325
336
  _validate(VALIDATORS.presentation, contents);
326
337
  presentation = {
@@ -336,10 +347,15 @@ async function _parseAuthorizationResponse({req}) {
336
347
  return {presentation, envelope, presentationSubmission};
337
348
  }
338
349
 
339
- function _jsonParse(x, name) {
350
+ function _jsonParse(x, name, allowJWT = false) {
340
351
  try {
341
352
  return JSON.parse(x);
342
353
  } catch(cause) {
354
+ // presume the string is a non-JSON encoded JWT and let subsequent
355
+ // checking handle it (`ey` is base64url-encoded `{`)
356
+ if(allowJWT && x?.startsWith('ey')) {
357
+ return x;
358
+ }
343
359
  throw new BedrockError(`Could not parse "${name}".`, {
344
360
  name: 'DataError',
345
361
  details: {httpStatusCode: 400, public: true},
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bedrock/vc-delivery",
3
- "version": "6.5.0",
3
+ "version": "6.6.0",
4
4
  "type": "module",
5
5
  "description": "Bedrock Verifiable Credential Delivery",
6
6
  "main": "./lib/index.js",
package/schemas/bedrock-vc-workflow.js CHANGED
@@ -181,7 +181,7 @@ const expectedCredentialRequest = {
181
181
  credential_definition: credentialDefinition,
182
182
  format: {
183
183
  type: 'string',
184
- enum: ['ldp_vc', 'jwt_vc_json-ld']
184
+ enum: ['di_vc', 'ldp_vc', 'jwt_vc_json-ld', 'jwt_vc_json']
185
185
  }
186
186
  }
187
187
  };
@@ -509,7 +509,7 @@ const openIdCredentialRequest = {
509
509
  credential_definition: credentialDefinition,
510
510
  format: {
511
511
  type: 'string',
512
- enum: ['ldp_vc', 'jwt_vc_json-ld']
512
+ enum: ['di_vc', 'ldp_vc', 'jwt_vc_json-ld', 'jwt_vc_json']
513
513
  },
514
514
  did: {
515
515
  type: 'string'
@@ -631,7 +631,21 @@ export function openIdAuthorizationResponseBody() {
631
631
  presentation_submission: {
632
632
  type: 'string'
633
633
  },
634
- // is a JSON string in the x-www-form-urlencoded body
634
+ // is a JSON-encoded string or object in the x-www-form-urlencoded body
635
+ /* Note: This can also be a simple base64url string for
636
+ backwards/forwards compatibility. While submitting VPs directly as
637
+ JSON objects has never changed in the OID4* specs, submitting VPs that
638
+ are wrapped in some envelope that is expressed as a string (e.g., a JWT)
639
+ has changed back and forth throughout the draft history. Sometimes these
640
+ vp_tokens are required to be JSON-encoded strings other times non-JSON
641
+ strings, i.e., no "extra/JSON quotes" around the string value inside the
642
+ x-www-form-urlencoded field value delimiting quotes. For example,
643
+ both of these:
644
+
645
+ `...&vp_token="non-string JSON"`
646
+ `...&vp_token="\"JSON string\""`
647
+
648
+ are accepted for these reasons. */
635
649
  vp_token: {
636
650
  type: 'string'
637
651
  },