@bedrock/vc-delivery 7.11.0 → 7.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/lib/oid4/authorizationRequest.js +17 -4
  2. package/package.json +1 -1
package/lib/oid4/authorizationRequest.js CHANGED
@@ -3,7 +3,7 @@
3
3
  */
4
4
  import * as bedrock from '@bedrock/core';
5
5
  import {AsymmetricKey, KmsClient} from '@digitalbazaar/webkms-client';
6
- import {exportJWK, generateKeyPair, UnsecuredJWT} from 'jose';
6
+ import {exportJWK, generateKeyPair} from 'jose';
7
7
  import {oid4vp, signJWT} from '@digitalbazaar/oid4-client';
8
8
  import {getClientBaseUrl} from './clientProfiles.js';
9
9
  import {getZcapClient} from '../helpers.js';
@@ -12,6 +12,9 @@ import {randomUUID} from 'node:crypto';
12
12
 
13
13
  const {util: {BedrockError}} = bedrock;
14
14
 
15
+ const OID4VP_JWT_TYP = 'oauth-authz-req+jwt';
16
+ const TEXT_ENCODER = new TextEncoder();
17
+
15
18
  export async function create({
16
19
  workflow, exchange,
17
20
  clientProfile, clientProfileId,
@@ -92,8 +95,18 @@ export async function encode({
92
95
  return _createJwt({workflow, clientProfile, authorizationRequest});
93
96
  }
94
97
 
95
- // construct authz request as unsecured JWT
96
- return new UnsecuredJWT(authorizationRequest).encode();
98
+ // construct authz request as unsecured JWT with `typ` header set
99
+ // to `OID4VP_JWT_TYP` value; note that the `UnsecuredJWT` API from `jose`
100
+ // cannot be used because it does not allow customization of the JWT header
101
+ // which is required to comply with OID4VP 1.0
102
+ const header = Buffer
103
+ .from(JSON.stringify({alg: 'none', typ: OID4VP_JWT_TYP}), 'utf8')
104
+ .toString('base64url');
105
+ const payload = Buffer
106
+ .from(TEXT_ENCODER.encode(JSON.stringify(authorizationRequest)))
107
+ .toString('base64url');
108
+ const jwt = `${header}.${payload}.`;
109
+ return jwt;
97
110
  }
98
111
 
99
112
  async function _createClientMetaData({
@@ -229,7 +242,7 @@ async function _createJwt({workflow, clientProfile, authorizationRequest}) {
229
242
  const payload = {
230
243
  ...authorizationRequest
231
244
  };
232
- const protectedHeader = {typ: 'JWT', alg: 'ES256', kid, x5c};
245
+ const protectedHeader = {typ: OID4VP_JWT_TYP, alg: 'ES256', kid, x5c};
233
246
 
234
247
  // create the JWT
235
248
  return signJWT({payload, protectedHeader, signer});
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bedrock/vc-delivery",
3
- "version": "7.11.0",
3
+ "version": "7.11.2",
4
4
  "type": "module",
5
5
  "description": "Bedrock Verifiable Credential Delivery",
6
6
  "main": "./lib/index.js",