@bedrock/vc-delivery 7.13.2 → 7.14.0

package/lib/ExchangeProcessor.js

@@ -49,6 +49,43 @@ export class ExchangeProcessor {
     this.isStepComplete = isStepComplete?.bind(this);
     this.issue = issue ?? defaultIssue.bind(this);
     this.verify = verify ?? defaultVerify.bind(this);
+    this.canRetry = false;
+  }
+
+  /**
+   * A utility function for getting the current step of the exchange without
+   * performing any other processing.
+   *
+   * @returns {Promise<object>} An object with the step information.
+   */
+  async getStep() {
+    const {
+      workflow,
+      exchangeRecord: {exchange}
+    } = this;
+
+    const currentStep = exchange.step;
+    if(!currentStep) {
+      // create default empty step
+      exchange.step = 'initial';
+      workflow.steps = {initial: {}};
+    }
+
+    const step = await evaluateExchangeStep({
+      workflow, exchange, stepName: currentStep
+    });
+
+    // if `step.nextStep` and `step.redirectUrl` and are both set, throw an
+    // error
+    if(step.nextStep && step.redirectUrl) {
+      throw new BedrockError(
+        'Only the last step of a workflow can use "redirectUrl".', {
+          name: 'DataError',
+          details: {httpStatusCode: 500, public: true}
+        });
+    }
+
+    return step;
   }
 
   /**
@@ -113,6 +150,34 @@ export class ExchangeProcessor {
     }
   }
 
+  /**
+   * A utility function for updating the exchange. This should only be called
+   * to help address differences in protocols or handle backwards compatibility
+   * behavior.
+   *
+   * @param {object} options - The options to use.
+   * @param {object} [options.step] - The current step.
+   *
+   * @returns {Promise<object>} An object with processing information.
+   */
+  async updateExchange({step} = {}) {
+    const {workflow, exchangeRecord: {exchange, meta}} = this;
+    try {
+      exchange.referenceId = globalThis.crypto.randomUUID();
+      exchange.sequence++;
+      if(exchange.state === 'complete') {
+        await exchanges.complete({workflowId: workflow.id, exchange});
+      } else {
+        await exchanges.update({workflowId: workflow.id, exchange});
+      }
+      meta.updated = Date.now();
+      await emitExchangeUpdated({workflow, exchange, step});
+    } catch(e) {
+      exchange.sequence--;
+      throw e;
+    }
+  }
+
   async _validateReceivedPresentation({
     workflow, exchange, step, receivedPresentation, verify
   }) {
@@ -287,7 +352,7 @@ export class ExchangeProcessor {
 
         // 4.1. Set `step` to the current step (evaluating a step template as
         // needed).
-        step = await _getStep({workflow, exchange});
+        step = await this.getStep();
 
         // 4.2. Call subalgorithm `prepareStep`, passing `workflow`,
         // `exchange`, `step`, `receivedPresentation`, and
@@ -358,7 +423,7 @@ export class ExchangeProcessor {
 
           // 4.7.3. Save the exchange (and call any non-blocking callback
           // in the step) and return `response`.
-          await _updateExchange({workflow, exchange, meta, step});
+          await this.updateExchange({step});
           return response;
         }
 
@@ -383,7 +448,7 @@ export class ExchangeProcessor {
             }
             // 4.9.1.2. Save the exchange (and call any non-blocking callback
             // in the step).
-            await _updateExchange({workflow, exchange, meta, step});
+            await this.updateExchange({step});
             // 4.9.1.3. Return `response`.
             return response;
           }
@@ -464,7 +529,7 @@ export class ExchangeProcessor {
 
         // 4.14. Save the exchange (and call any non-blocking callback in
         // the step).
-        await _updateExchange({workflow, exchange, meta, step});
+        await this.updateExchange({step});
 
         // 4.15. If `exchange.state` is `complete`, return `response` if it is
         // not `null`, otherwise return an empty object.
@@ -477,7 +542,9 @@ export class ExchangeProcessor {
       }
     } catch(e) {
       if(e.name === 'InvalidStateError') {
-        retryState.canRetry = !issuanceTriggered;
+        // if issuance has not been triggered or the exchange processor's
+        // `canRetry` flag has been explicitly set, allow retry
+        retryState.canRetry = !issuanceTriggered || this.canRetry;
         throw e;
       }
       // write last error if exchange hasn't been frequently updated
@@ -495,30 +562,6 @@ export class ExchangeProcessor {
   }
 }
 
-async function _getStep({workflow, exchange}) {
-  const currentStep = exchange.step;
-  if(!currentStep) {
-    // return default empty step and set dummy stepname for exchange
-    exchange.step = 'initial';
-    return {};
-  }
-
-  const step = await evaluateExchangeStep({
-    workflow, exchange, stepName: currentStep
-  });
-
-  // if `step.nextStep` and `step.redirectUrl` and are both set, throw an error
-  if(step.nextStep && step.redirectUrl) {
-    throw new BedrockError(
-      'Only the last step of a workflow can use "redirectUrl".', {
-        name: 'DataError',
-        details: {httpStatusCode: 500, public: true}
-      });
-  }
-
-  return step;
-}
-
 function _createTimeoutSignal({exchange, meta}) {
   const expires = exchange.expires !== undefined ?
     new Date(exchange.expires).getTime() :
@@ -569,20 +612,3 @@ async function _createVerifiablePresentationRequest({
 function _isInitialStep({workflow, exchange}) {
   return !workflow.initialStep || exchange.step === workflow.initialStep;
 }
-
-async function _updateExchange({workflow, exchange, meta, step}) {
-  try {
-    exchange.referenceId = globalThis.crypto.randomUUID();
-    exchange.sequence++;
-    if(exchange.state === 'complete') {
-      await exchanges.complete({workflowId: workflow.id, exchange});
-    } else {
-      await exchanges.update({workflowId: workflow.id, exchange});
-    }
-    meta.updated = Date.now();
-    await emitExchangeUpdated({workflow, exchange, step});
-  } catch(e) {
-    exchange.sequence--;
-    throw e;
-  }
-}

package/lib/helpers.js

@@ -21,6 +21,18 @@ const ALLOWED_ERROR_KEYS = [
   'status'
 ];
 
+// media type and format support constants
+export const SUPPORTED_FORMAT_TO_MEDIA_TYPE = new Map([
+  ['application/vc', 'application/vc'],
+  ['ldp_vc', 'application/vc'],
+  ['jwt_vc_json', 'application/jwt']
+]);
+// create reverse map
+export const SUPPORTED_MEDIA_TYPE_TO_FORMAT = new Map([
+  ['application/vc', 'ldp_vc'],
+  ['application/jwt', 'jwt_vc_json']
+]);
+
 export function buildPresentationFromResults({
   presentation, verifyResult
 }) {
@@ -120,6 +132,10 @@ export async function evaluateExchangeStep({
     step = await evaluateTemplate({
       workflow, exchange, typedTemplate: step.stepTemplate
     });
+  } else {
+    // ensure step is cloned to allow for changes during exchange processing
+    // that will not persist
+    step = structuredClone(step);
   }
   await validateStep({step});
   return step;
@@ -164,12 +180,35 @@ export function getWorkflowIssuerInstances({workflow} = {}) {
   if(!issuerInstances && workflow.zcaps.issue) {
     // generate dynamic issuer instance config
     issuerInstances = [{
+      // provide both media types and (deprecated) formats for backwards compat
+      supportedMediaTypes: ['application/vc'],
       supportedFormats: ['application/vc', 'ldp_vc'],
       zcapReferenceIds: {
         issue: 'issue'
       }
     }];
   }
+  // normalize `supportedFormats` to `supportedMediaTypes` and add
+  // `supportedFormats` for backwards compatibility
+  issuerInstances = issuerInstances.map(ii => {
+    if(ii.supportedMediaTypes && ii.supportedFormats) {
+      return ii;
+    }
+    if(ii.supportedFormats) {
+      return {
+        ...ii,
+        supportedMediaTypes: ii.supportedFormats.map(
+          format => SUPPORTED_FORMAT_TO_MEDIA_TYPE.get(format) ?? format)
+      };
+    }
+    if(ii.supportedMediaTypes) {
+      return {
+        ...ii,
+        supportedFormats: ii.supportedMediaTypes.map(
+          mt => SUPPORTED_MEDIA_TYPE_TO_FORMAT.get(mt) ?? mt)
+      };
+    }
+  });
   return issuerInstances;
 }
 

package/lib/issue.js

@@ -7,14 +7,16 @@ import {
   getTemplateVariables,
   getWorkflowIssuerInstances,
   getZcapClient,
-  setVariable
+  setVariable,
+  SUPPORTED_FORMAT_TO_MEDIA_TYPE,
 } from './helpers.js';
 import {createPresentation} from '@digitalbazaar/vc';
 
 const {util: {BedrockError}} = bedrock;
 
 export async function issue({
-  workflow, exchange, step, format = 'application/vc',
+  workflow, exchange, step, mediaType = 'application/vc',
+  format,
   issueRequestsParams,
   verifiablePresentation,
   // FIXME: remove `filter`
@@ -32,11 +34,16 @@ export async function issue({
     return {response: {}, exchangeChanged: false};
   }
 
+  if(format) {
+    // fall back to using `format` as media type if necessary
+    mediaType = SUPPORTED_FORMAT_TO_MEDIA_TYPE.get(format) ?? format;
+  }
+
   // run all issue requests
   const {
     credentials: issuedVcs,
     exchangeChanged
-  } = await _issue({workflow, exchange, issueRequests, format});
+  } = await _issue({workflow, exchange, issueRequests, mediaType});
 
   if(issuedVcs.length === 0 && !step?.verifiablePresentation) {
     // no issued VCs/no VP to return in response
@@ -122,6 +129,7 @@ export function getIssueRequestsParams({workflow, exchange, step}) {
       }
     }
     const params = {
+      oid4vci: r.oid4vci,
       typedTemplate,
       variables: {
         // always include globals but allow local override
@@ -140,6 +148,7 @@ async function _evalIssueRequests({
   workflow, exchange, step, issueRequestsParams, filter
 }) {
   // evaluate all issue requests in parallel
+  // FIXME: require `issueRequestsParams` and remove `filter` param
   const results = issueRequestsParams ??
     getIssueRequestsParams({workflow, exchange, step}).filter(filter);
   return Promise.all(results.map(async params => {
@@ -153,33 +162,54 @@ async function _evalIssueRequests({
   }));
 }
 
-function _getIssueZcap({workflow, zcaps, format}) {
-  const issuerInstances = getWorkflowIssuerInstances({workflow});
+function _getIssueZcap({issuerInstances, zcaps, issueRequest, mediaType}) {
+  const {
+    issuerInstanceId,
+    oid4vci: {credentialConfigurationId} = {}
+  } = issueRequest;
   const {zcapReferenceIds: {issue: issueRefId}} = issuerInstances.find(
-    ({supportedFormats}) => supportedFormats.includes(format));
+    ({id, oid4vci, supportedMediaTypes}) => {
+      // find by `issuerInstanceId` if given
+      if(id && id === issuerInstanceId) {
+        return true;
+      }
+      // find by `credentialConfigurationId` if given
+      if(credentialConfigurationId && oid4vci) {
+        return oid4vci.supportedConfigurationIds.includes(
+          credentialConfigurationId);
+      }
+      // find by `mediaType` instead
+      return supportedMediaTypes.includes(mediaType);
+    });
   return zcaps[issueRefId];
 }
 
-async function _issue({workflow, exchange, issueRequests, format} = {}) {
+async function _issue({workflow, exchange, issueRequests, mediaType} = {}) {
   // create zcap client for issuing VCs
   const {zcapClient, zcaps} = await getZcapClient({workflow});
 
-  // get the zcap to use for the issue requests
-  const capability = _getIssueZcap({workflow, zcaps, format});
-
-  // specify URL to `/credentials/issue` to handle case that capability
-  // is not specific to it
-  let url = capability.invocationTarget;
-  if(!capability.invocationTarget.endsWith('/credentials/issue')) {
-    url += capability.invocationTarget.endsWith('/credentials') ?
-      '/issue' : '/credentials/issue';
-  }
+  // get issuer instances
+  const issuerInstances = getWorkflowIssuerInstances({workflow});
 
   // issue VCs in parallel
   let exchangeChanged = false;
+  const storedCredentials = [];
   const results = await Promise.all(issueRequests.map(async issueRequest => {
     const {params, body} = issueRequest;
 
+    // get the zcap to use for the issue request
+    const capability = _getIssueZcap({
+      issuerInstances, zcaps, issueRequest, mediaType
+    });
+
+    // specify URL to `/credentials/issue` to handle case that capability
+    // is not specific to it
+    let url = capability.invocationTarget;
+    if(!capability.invocationTarget.endsWith('/credentials/issue')) {
+      url += capability.invocationTarget.endsWith('/credentials') ?
+        '/issue' : '/credentials/issue';
+    }
+
     /* Note: Issue request body can be any one of these:
 
     1. `{credential, options?}`
@@ -200,6 +230,10 @@ async function _issue({workflow, exchange, issueRequests, format} = {}) {
         name: params.result,
         value: verifiableCredential
       });
+      storedCredentials.push([{
+        name: params.result,
+        value: verifiableCredential
+      }]);
       return;
     }
 
@@ -209,5 +243,7 @@ async function _issue({workflow, exchange, issueRequests, format} = {}) {
   // filter out any undefined results, which are for results that were written
   // to exchange variables and are not to be automatically returned in a
   // presentation
-  return {credentials: results.filter(vc => vc), exchangeChanged};
+  return {
+    credentials: results.filter(vc => vc), storedCredentials, exchangeChanged
+  };
 }

package/lib/oid4/authorizationResponse.js

@@ -19,7 +19,6 @@ const VALIDATORS = {
 const VC_CONTEXT_2 = 'https://www.w3.org/ns/credentials/v2';
 
 bedrock.events.on('bedrock.init', () => {
-  // create validators for x-www-form-urlencoded parsed data
   VALIDATORS.presentation = compile({schema: verifiablePresentationSchema()});
   VALIDATORS.presentationSubmission = compile({
     schema: presentationSubmissionSchema()

package/lib/oid4/http.js

@@ -227,9 +227,16 @@ export async function createRoutes({
         check will ensure that the workflow used here only allows a single
         credential request, indicating a single type. */
 
-        // send OID4VCI response
-        result = credentials.length === 1 ?
-          {format, credential: credentials[0]} : {format, credentials};
+        if(req.body?.format) {
+          // send OID4VCI draft 13 response
+          result = credentials.length === 1 ?
+            {format, credential: credentials[0]} : {format, credentials};
+        } else {
+          // send OID4VCI 1.0+ response
+          result = {
+            credentials: credentials.map(credential => ({credential}))
+          };
+        }
       } catch(error) {
         return _sendOID4Error({res, error});
       }
@@ -264,6 +271,9 @@ export async function createRoutes({
       // serve exchange ID as nonce
       const exchangeRecord = await req.getExchange();
       const {exchange} = exchangeRecord;
+      // FIXME: consider running inside of an exchange processor that would
+      // rotate the nonce (if it had already been used) and update the exchange
+      // when this endpoint is hit
       res.json({c_nonce: exchange.id});
     }));