npm - @bifold/core - Versions diffs - 2.12.12 → 3.0.1 - Mend

@bifold/core 2.12.12 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (414) hide show

package/lib/module/modules/openid/offerResolve.js CHANGED Viewed

@@ -1,6 +1,21 @@
 import { OpenId4VciCredentialFormatProfile } from '@credo-ts/openid4vc';
-import { DidJwk, DidKey, getJwkFromKey, JwaSignatureAlgorithm, KeyBackend, Mdoc, MdocRecord, SdJwtVcRecord, W3cCredentialRecord } from '@credo-ts/core';
-import { extractOpenId4VcCredentialMetadata, setOpenId4VcCredentialMetadata, temporaryMetaVanillaObject } from './metadata';
+import { DidJwk, DidKey, Kms } from '@credo-ts/core';
+import { extractOpenId4VcCredentialMetadata, setOpenId4VcCredentialMetadata } from './metadata';
+const getCredentialConfigurationIdsToRequest = ({
+  resolvedCredentialOffer,
+  credentialConfigurationIdsToRequest
+}) => {
+  const credentialConfigurationIds = credentialConfigurationIdsToRequest ?? [Object.keys(resolvedCredentialOffer.offeredCredentialConfigurations)[0]];
+  if (credentialConfigurationIds.length === 0 || !credentialConfigurationIds[0]) {
+    throw new Error('No credential configuration ID found in the credential offer.');
+  }
+  for (const credentialConfigurationId of credentialConfigurationIds) {
+    if (!resolvedCredentialOffer.offeredCredentialConfigurations[credentialConfigurationId]) {
+      throw new Error(`Parameter 'credentialConfigurationIdsToRequest' with values ${credentialConfigurationIdsToRequest} is not a credential_configuration_id in the credential offer.`);
+    }
+  }
+  return credentialConfigurationIds;
+};
 export const resolveOpenId4VciOffer = async ({
   agent,
   data,
@@ -20,9 +35,9 @@ export const resolveOpenId4VciOffer = async ({
     data: data,
     uri: offerUri
   });
-  const resolvedCredentialOffer = await agent.modules.openId4VcHolder.resolveCredentialOffer(offerUri);
+  const resolvedCredentialOffer = await agent.openid4vc.holder.resolveCredentialOffer(offerUri);
   if (authorization) {
-    throw new Error('Authorization flow is not supported yet as of Credo 0.5.13');
+    throw new Error('Authorization code flow is not implemented in this OpenID credential offer flow.');
   }
   return resolvedCredentialOffer;
 };
@@ -31,7 +46,7 @@ export async function acquirePreAuthorizedAccessToken({
   resolvedCredentialOffer,
   txCode
 }) {
-  return await agent.modules.openId4VcHolder.requestToken({
+  return await agent.openid4vc.holder.requestToken({
     resolvedCredentialOffer,
     txCode
   });
@@ -39,64 +54,48 @@ export async function acquirePreAuthorizedAccessToken({
 export const customCredentialBindingResolver = async ({
   agent,
   supportedDidMethods,
-  keyType,
   supportsAllDidMethods,
   supportsJwk,
   credentialFormat,
-  supportedCredentialId,
-  resolvedCredentialOffer,
-  pidSchemes
+  proofTypes
 }) => {
-  // First, we try to pick a did method
-  // Prefer did:jwk, otherwise use did:key, otherwise use undefined
+  var _proofTypes$jwt;
   let didMethod = supportsAllDidMethods || supportedDidMethods !== null && supportedDidMethods !== void 0 && supportedDidMethods.includes('did:jwk') ? 'jwk' : supportedDidMethods !== null && supportedDidMethods !== void 0 && supportedDidMethods.includes('did:key') ? 'key' : undefined;
-  // If supportedDidMethods is undefined, and supportsJwk is false, we will default to did:key
-  // this is important as part of MATTR launchpad support which MUST use did:key but doesn't
-  // define which did methods they support
   if (!supportedDidMethods && !supportsJwk) {
     didMethod = 'key';
   }
-  const offeredCredentialConfiguration = supportedCredentialId ? resolvedCredentialOffer.offeredCredentialConfigurations[supportedCredentialId] : undefined;
-  const shouldKeyBeHardwareBackedForMsoMdoc = (offeredCredentialConfiguration === null || offeredCredentialConfiguration === void 0 ? void 0 : offeredCredentialConfiguration.format) === OpenId4VciCredentialFormatProfile.MsoMdoc && (pidSchemes === null || pidSchemes === void 0 ? void 0 : pidSchemes.msoMdocDoctypes.includes(offeredCredentialConfiguration.doctype));
-  const shouldKeyBeHardwareBackedForSdJwtVc = (offeredCredentialConfiguration === null || offeredCredentialConfiguration === void 0 ? void 0 : offeredCredentialConfiguration.format) === 'vc+sd-jwt' && (pidSchemes === null || pidSchemes === void 0 ? void 0 : pidSchemes.sdJwtVcVcts.includes(offeredCredentialConfiguration.vct));
-  const shouldKeyBeHardwareBacked = shouldKeyBeHardwareBackedForSdJwtVc || shouldKeyBeHardwareBackedForMsoMdoc;
-  if (!keyType) {
-    throw new Error('keyType is required!');
-  }
-  const key = await agent.wallet.createKey({
-    keyType,
-    keyBackend: shouldKeyBeHardwareBacked ? KeyBackend.SecureElement : KeyBackend.Software
+  const key = await agent.kms.createKeyForSignatureAlgorithm({
+    algorithm: (proofTypes === null || proofTypes === void 0 || (_proofTypes$jwt = proofTypes.jwt) === null || _proofTypes$jwt === void 0 ? void 0 : _proofTypes$jwt.supportedSignatureAlgorithms[0]) ?? 'EdDSA'
   });
+  const publicJwk = Kms.PublicJwk.fromPublicJwk(key.publicJwk);
   if (didMethod) {
     const didResult = await agent.dids.create({
       method: didMethod,
       options: {
-        key
+        keyId: key.keyId
       }
     });
     if (didResult.didState.state !== 'finished') {
       throw new Error('DID creation failed.');
     }
-    let verificationMethodId;
+    let didUrl;
     if (didMethod === 'jwk') {
-      const didJwk = DidJwk.fromDid(didResult.didState.did);
-      verificationMethodId = didJwk.verificationMethodId;
+      didUrl = DidJwk.fromDid(didResult.didState.did).verificationMethodId;
     } else {
       const didKey = DidKey.fromDid(didResult.didState.did);
-      verificationMethodId = `${didKey.did}#${didKey.key.fingerprint}`;
+      didUrl = `${didKey.did}#${didKey.publicJwk.fingerprint}`;
     }
     return {
-      didUrl: verificationMethodId,
-      method: 'did'
+      method: 'did',
+      didUrls: [didUrl]
     };
   }
-  // Otherwise we also support plain jwk for sd-jwt only
+  // Fallback: plain jwk for sd-jwt/mdoc only
   if (supportsJwk && (credentialFormat === OpenId4VciCredentialFormatProfile.SdJwtVc || credentialFormat === OpenId4VciCredentialFormatProfile.MsoMdoc)) {
     return {
       method: 'jwk',
-      jwk: getJwkFromKey(key)
+      keys: [publicJwk] // Need to replace getJwkFromKey here
     };
   }
   throw new Error(`No supported binding method could be found. Supported methods are did:key and did:jwk, or plain jwk for sd-jwt/mdoc. Issuer supports ${supportsJwk ? 'jwk, ' : ''}${(supportedDidMethods === null || supportedDidMethods === void 0 ? void 0 : supportedDidMethods.join(', ')) ?? 'Unknown'}`);
@@ -106,78 +105,52 @@ export const receiveCredentialFromOpenId4VciOffer = async ({
   resolvedCredentialOffer,
   tokenResponse,
   credentialConfigurationIdsToRequest,
-  clientId,
-  pidSchemes
+  clientId
 }) => {
-  const offeredCredentialsToRequest = credentialConfigurationIdsToRequest ? resolvedCredentialOffer.offeredCredentials.filter(offered => credentialConfigurationIdsToRequest.includes(offered.id)) : [resolvedCredentialOffer.offeredCredentials[0]];
-  if (offeredCredentialsToRequest.length === 0) {
-    throw new Error(`Parameter 'credentialConfigurationIdsToRequest' with values ${credentialConfigurationIdsToRequest} is not a credential_configuration_id in the credential offer.`);
-  }
-  const credentials = await agent.modules.openId4VcHolder.requestCredentials({
+  const credentialConfigurationIds = getCredentialConfigurationIdsToRequest({
+    resolvedCredentialOffer,
+    credentialConfigurationIdsToRequest
+  });
+  const credentials = await agent.openid4vc.holder.requestCredentials({
     resolvedCredentialOffer,
     ...tokenResponse,
     clientId,
-    credentialsToRequest: credentialConfigurationIdsToRequest,
+    credentialConfigurationIds,
     verifyCredentialStatus: false,
     allowedProofOfPossessionSignatureAlgorithms: [
     // NOTE: MATTR launchpad for JFF MUST use EdDSA. So it is important that the default (first allowed one)
     // is EdDSA. The list is ordered by preference, so if no suites are defined by the issuer, the first one
     // will be used
-    JwaSignatureAlgorithm.EdDSA, JwaSignatureAlgorithm.ES256],
+    'EdDSA', 'ES256'],
     credentialBindingResolver: async ({
       supportedDidMethods,
-      keyType,
+      proofTypes,
       supportsAllDidMethods,
       supportsJwk,
-      credentialFormat,
-      supportedCredentialId
+      credentialFormat
     }) => {
       return customCredentialBindingResolver({
         agent,
         supportedDidMethods,
-        keyType,
+        proofTypes,
         supportsAllDidMethods,
         supportsJwk,
-        credentialFormat,
-        supportedCredentialId,
-        resolvedCredentialOffer,
-        pidSchemes
+        credentialFormat
       });
     }
   });
   // We only support one credential for now
-  const [firstCredential] = credentials;
+  const [firstCredential] = credentials.credentials;
   if (!firstCredential) throw new Error('Error retrieving credential using pre authorized flow: firstCredential undefined!.');
-  let record;
   if (typeof firstCredential === 'string') {
     throw new Error('Error retrieving credential using pre authorized flow: firstCredential is string.');
   }
-  if ('compact' in firstCredential.credential) {
-    // TODO: add claimFormat to SdJwtVc
-    record = new SdJwtVcRecord({
-      compactSdJwtVc: firstCredential.credential.compact
-    });
-  } else if (firstCredential.credential instanceof Mdoc) {
-    record = new MdocRecord({
-      mdoc: firstCredential.credential
-    });
-  } else {
-    record = new W3cCredentialRecord({
-      credential: firstCredential.credential,
-      // We don't support expanded types right now, but would become problem when we support JSON-LD
-      tags: {}
-    });
-  }
-  const notificationMetadata = {
-    ...firstCredential.notificationMetadata
-  };
-  if (notificationMetadata) {
-    temporaryMetaVanillaObject.notificationMetadata = notificationMetadata;
-  }
-  const openId4VcMetadata = extractOpenId4VcCredentialMetadata(resolvedCredentialOffer.offeredCredentials[0], {
-    id: resolvedCredentialOffer.metadata.issuer,
-    display: resolvedCredentialOffer.metadata.credentialIssuerMetadata.display
+  const record = firstCredential.record;
+  const requestedCredentialConfiguration = resolvedCredentialOffer.offeredCredentialConfigurations[credentialConfigurationIds[0]];
+  const openId4VcMetadata = extractOpenId4VcCredentialMetadata(requestedCredentialConfiguration, {
+    id: resolvedCredentialOffer.metadata.credentialIssuer.credential_issuer,
+    display: resolvedCredentialOffer.metadata.credentialIssuer.display
   });
   setOpenId4VcCredentialMetadata(record, openId4VcMetadata);
   return record;

package/lib/module/modules/openid/offerResolve.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["OpenId4VciCredentialFormatProfile","DidJwk","DidKey","~~getJwkFromKey~~","~~JwaSignatureAlgorithm~~","~~KeyBackend~~","~~Mdoc~~","~~MdocRecord~~","~~SdJwtVcRecord~~","~~W3cCredentialRecord~~","~~extractOpenId4VcCredentialMetadata~~","~~setOpenId4VcCredentialMetadata~~","~~temporaryMetaVanillaObject~~","resolveOpenId4VciOffer","agent","data","uri","authorization","offerUri","encodeURIComponent","JSON","stringify","~~Error","~~config","logger","info","~~resolvedCredentialOffer~~","~~modules~~","~~openId4VcHolder","~~resolveCredentialOffer","acquirePreAuthorizedAccessToken","txCode","requestToken","customCredentialBindingResolver","supportedDidMethods","~~keyType","~~supportsAllDidMethods","supportsJwk","credentialFormat","~~supportedCredentialId~~","~~pidSchemes~~","didMethod","includes","undefined","~~offeredCredentialConfiguration~~","~~offeredCredentialConfigurations~~","~~shouldKeyBeHardwareBackedForMsoMdoc~~","~~format~~","~~MsoMdoc~~","~~msoMdocDoctypes~~","~~doctype~~","~~shouldKeyBeHardwareBackedForSdJwtVc~~","~~sdJwtVcVcts~~","~~vct","shouldKeyBeHardwareBacked","key","wallet","createKey","keyBackend","SecureElement","Software","~~didResult","dids","create","method","options","~~didState~~","~~state~~","~~verificationMethodId~~","~~didJwk~~","fromDid","did","didKey","fingerprint","~~didUrl~~","SdJwtVc","~~jwk~~","join","receiveCredentialFromOpenId4VciOffer","tokenResponse","~~credentialConfigurationIdsToRequest","~~clientId","~~offeredCredentialsToRequest","offeredCredentials","filter","offered","id","length","~~credentials","requestCredentials","~~credentialsToRequest","~~verifyCredentialStatus","allowedProofOfPossessionSignatureAlgorithms","~~EdDSA","ES256","~~credentialBindingResolver","firstCredential","record","~~credential~~","~~compactSdJwtVc~~","~~compact~~","~~mdoc~~","~~tags~~","~~notificationMetadata~~","~~openId4VcMetadata","metadata","issuer","~~display"~~,"credentialIssuerMetadata"~~],"sourceRoot":"../../../../src","sources":["modules/openid/offerResolve.tsx"],"mappings":"AAAA,SAGEA,iCAAiC,~~QAI5B~~,qBAAqB;AAC5B,~~SAEEC~~,MAAM,~~EACNC~~,MAAM,~~EACNC~~,~~aAAa~~,~~EACbC~~,~~qBAAqB~~,~~EAErBC~~,~~UAAU~~,~~EAEVC~~,IAAI,~~EACJC~~,~~UAAU~~,~~EACVC~~,~~aAAa~~,~~EACbC~~,~~mBAAmB~~,~~QAGd~~,~~gBAAgB~~;~~AACvB~~,~~SACEC~~,~~kCAAkC~~,~~EAClCC~~,~~8BAA8B~~,~~EAC9BC~~,0BAA0B,~~QACrB~~,~~YAAY~~;~~AAEnB~~,~~OAAO~~,MAAMC,sBAAsB,GAAG,MAAAA,CAAO;EAC3CC,KAAK;EACLC,IAAI;EACJC,GAAG;EACHC;AAQF,CAAC,KAAiD;EAChD,IAAIC,QAAQ,GAAGF,GAAG;EAElB,IAAI,CAACE,QAAQ,IAAIH,IAAI,EAAE;IACrB;IACA;IACAG,QAAQ,GAAG,8CAA8CC,kBAAkB,CAACC,IAAI,CAACC,SAAS,CAACN,IAAI,CAAC,CAAC,EAAE;EACrG,CAAC,MAAM,IAAI,CAACG,QAAQ,EAAE;IACpB,MAAM,~~IAAII~~,KAAK,CAAC,qCAAqC,CAAC;EACxD;~~EAEAR~~,KAAK,~~CAACS~~,MAAM,CAACC,MAAM,CAACC,IAAI,CAAC,~~wBAAwBP~~,QAAQ,EAAE,EAAE;IAC3DA,QAAQ;IACRH,IAAI,EAAEA,IAAI;IACVC,GAAG,EAAEE;EACP,CAAC,CAAC;EAEF,~~MAAMQ~~,uBAAuB,GAAG,~~MAAMZ~~,KAAK,~~CAACa~~,~~OAAO~~,CAACC,~~eAAe~~,CAACC,sBAAsB,~~CAACX~~,QAAQ,CAAC;~~EAEpG~~,IAAID,aAAa,EAAE;IACjB,MAAM,~~IAAIK~~,KAAK,CAAC,~~4DAA4D~~,CAAC;~~EAC/E~~;EAEA,~~OAAOI~~,uBAAuB;AAChC,CAAC;AAED,OAAO,~~eAAeI~~,+BAA+BA,CAAC;~~EACpDhB~~,KAAK;~~EACLY~~,uBAAuB;~~EACvBK~~;AAKF,CAAC,EAA2C;EAC1C,OAAO,~~MAAMjB~~,KAAK,~~CAACa~~,~~OAAO~~,CAACC,~~eAAe~~,CAACI,YAAY,CAAC;~~IACtDN~~,uBAAuB;~~IACvBK~~;EACF,CAAC,CAAC;AACJ;AAEA,OAAO,MAAME,+BAA+B,GAAG,MAAAA,CAAO;~~EACpDnB~~,KAAK;~~EACLoB~~,mBAAmB;EACnBC,~~OAAO;EACPC,~~qBAAqB;EACrBC,WAAW;EACXC,gBAAgB;EAChBC~~,qBAAqB~~;~~EACrBb~~,~~uBAAuB;EACvBc;AAKF,~~CAAC,KAAgD;~~EAC/C~~;~~EACA;EACA~~,IAAIC,SAAoC,GACtCL,qBAAqB,~~IAAIF~~,mBAAmB,aAAnBA,mBAAmB,eAAnBA,mBAAmB,~~CAAEQ~~,QAAQ,CAAC,SAAS,CAAC,GAC7D,KAAK,~~GACLR~~,mBAAmB,aAAnBA,mBAAmB,eAAnBA,mBAAmB,~~CAAEQ~~,QAAQ,CAAC,SAAS,CAAC,~~GACxC~~,KAAK,GACLC,SAAS~~;;EAEf~~;~~EACA;EACA;EACA~~,IAAI,~~CAACT~~,mBAAmB,IAAI,~~CAACG~~,WAAW,EAAE;IACxCI,SAAS,GAAG,KAAK;EACnB;EAEA,MAAMG,~~8BAA8B~~,~~GAAGL~~,~~qBAAqB~~,~~GACxDb~~,~~uBAAuB~~,~~CAACmB,+BAA+B~~,~~CAACN~~,~~qBAAqB~~,CAAC,~~GAC9EI,~~SAAS~~;EAEb~~,~~MAAMG~~,~~mCAAmC~~,~~GACvC,CAAAF,8BAA8B,aAA9BA,8BAA8B,uBAA9BA,8BAA8B,CAAEG,MAAM,MAAK/C,iCAAiC,CAACgD,OAAO,KACpFR,~~UAAU,aAAVA,UAAU,~~uBAAVA~~,UAAU,CAAES,~~eAAe~~,~~CAACP~~,~~QAAQ~~,~~CAACE~~,~~8BAA8B~~,~~CAACM~~,~~OAAO~~,CAAC~~;EAE9E~~,~~MAAMC~~,~~mCAAmC,GACvC,CAAAP,8BAA8B,aAA9BA,8BAA8B,uBAA9BA,8BAA8B,CAAEG,MAAM,MAAK,WAAW,KACtDP,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEY,WAAW,CAACV,QAAQ,CAACE,8BAA8B,CAACS,GAAG,~~CAAC~~;EAEtE~~,~~MAAMC,yBAAyB,GAAGH,mCAAmC,IAAIL,mCAAmC~~;~~EAE5G~~,~~IAAI,CAACX,OAAO,EAAE;IACZ,MAAM,IAAIb,KAAK,~~CAAC,~~sBAAsB,~~CAAC;~~EACzC;EAEA~~,~~MAAMiC~~,GAAG,GAAG,~~MAAMzC~~,~~KAAK~~,~~CAAC0C,MAAM,~~CAACC,~~SAAS,CAAC;IACvCtB,OAAO;IACPuB,UAAU,EAAEJ,yBAAyB,GAAGjD,UAAU,CAACsD,~~aAAa,~~GAAGtD~~,~~UAAU~~,~~CAACuD;EAChF~~,~~CAAC~~,CAAC;~~EAEF~~,~~IAAInB~~,SAAS,EAAE;IACb,~~MAAMoB~~,SAAS,GAAG,~~MAAM/C~~,KAAK,~~CAACgD~~,IAAI,CAACC,MAAM,CAA4C;MACnFC,MAAM,~~EAAEvB~~,SAAS;~~MACjBwB~~,OAAO,EAAE;~~QACPV~~;~~MACF~~;IACF,CAAC,CAAC;IAEF,~~IAAIM~~,SAAS,~~CAACK~~,QAAQ,CAACC,KAAK,KAAK,UAAU,EAAE;MAC3C,MAAM,~~IAAI7C~~,KAAK,CAAC,sBAAsB,CAAC;IACzC;IAEA,~~IAAI8C~~,~~oBAA4B~~;~~IAChC~~,~~IAAI3B~~,SAAS,KAAK,KAAK,EAAE;~~MACvB~~,~~MAAM4B,~~MAAM,~~GAAGpE~~,MAAM,~~CAACqE~~,OAAO,CAACT,SAAS,~~CAACK~~,QAAQ,~~CAACK~~,GAAG,CAAC~~;MACrDH~~,~~oBAAoB~~,~~GAAGC,MAAM,CAACD,~~oBAAoB;~~IACpD~~,CAAC,MAAM;MACL,~~MAAMI~~,MAAM,~~GAAGtE~~,MAAM,~~CAACoE~~,OAAO,CAACT,SAAS,~~CAACK~~,QAAQ,~~CAACK~~,GAAG,CAAC;~~MACrDH~~,~~oBAAoB~~,GAAG,GAAGI,MAAM,~~CAACD~~,GAAG,~~IAAIC~~,MAAM,~~CAACjB~~,~~GAAG~~,~~CAACkB~~,WAAW,EAAE;~~IAClE~~;IAEA,OAAO;~~MACLC~~,MAAM,~~EAAEN~~,~~oBAAoB~~;~~MAC5BJ~~,~~MAAM~~,EAAE;~~IACV~~,CAAC;EACH;;EAEA;EACA,~~IACE3B~~,WAAW,KACVC,gBAAgB,KAAKtC,iCAAiC,~~CAAC2E~~,OAAO,~~IAC7DrC~~,gBAAgB,KAAKtC,iCAAiC,~~CAACgD~~,OAAO,CAAC,EACjE;IACA,OAAO;~~MACLgB~~,MAAM,EAAE,KAAK;~~MACbY~~,~~GAAG~~,~~EAAEzE~~,~~aAAa~~,~~CAACoD~~,~~GAAG~~;~~IACxB~~,CAAC;EACH;EAEA,MAAM,~~IAAIjC~~,KAAK,CACb,~~wIACEe~~,WAAW,GAAG,OAAO,GAAG,EAAE,GACzB,~~CAAAH~~,mBAAmB,aAAnBA,mBAAmB,uBAAnBA,mBAAmB,~~CAAE2C~~,IAAI,CAAC,IAAI,CAAC,KAAI,SAAS,EACjD,CAAC;AACH,CAAC;AAED,OAAO,MAAMC,oCAAoC,GAAG,MAAAA,CAAO;~~EACzDhE~~,KAAK;~~EACLY~~,uBAAuB;~~EACvBqD~~,aAAa;~~EACbC~~,mCAAmC;~~EACnCC,QAAQ~~;~~EACRzC;AAQF~~,CAAC,~~KAAK~~;~~EACJ~~,~~MAAM0C~~,~~2BAA2B~~,~~GAAGF~~,~~mCAAmC~~,~~GACnEtD,uBAAuB,CAACyD,kBAAkB,CAACC,MAAM,CAAEC,OAAO,IACxDL,mCAAmC,CAACtC,QAAQ,CAAC2C,OAAO,CAACC,EAAE,CACzD,~~CAAC,~~GACD,CAAC5D,~~uBAAuB~~,CAACyD,kBAAkB,CAAC,CAAC,CAAC,CAAC~~;~~EAEnD~~,~~IAAID,2BAA2B,CAACK,MAAM,KAAK,~~CAAC,~~EAAE;IAC5C,MAAM,IAAIjE,KAAK,CACb,+DAA+D0D,mCAAmC,gEACpG,~~CAAC;~~EACH;EAEA~~,~~MAAMQ~~,WAAW,GAAG,~~MAAM1E~~,KAAK,~~CAACa~~,~~OAAO~~,CAACC,~~eAAe~~,~~CAAC6D~~,kBAAkB,CAAC;~~IACzE/D~~,uBAAuB;IACvB,~~GAAGqD~~,aAAa;~~IAChBE~~,QAAQ;~~IACRS~~,~~oBAAoB,EAAEV,mCAAmC~~;~~IACzDW~~,sBAAsB,EAAE,KAAK;IAC7BC,2CAA2C,EAAE;IAC3C;IACA;IACA;~~IACAxF~~,~~qBAAqB~~,~~CAACyF~~,~~KAAK~~,~~EAC3BzF,qBAAqB,CAAC0F,KAAK,CAC5B~~;IACDC,yBAAyB,EAAE,MAAAA,CAAO;~~MAChC7D~~,mBAAmB;~~MACnBC~~,~~OAAO~~;~~MACPC~~,qBAAqB;MACrBC,WAAW;MACXC~~,gBAAgB~~;~~MAChBC;~~IACkC,CAAC,KAAK;MACxC,~~OAAON~~,+BAA+B,CAAC;~~QACrCnB~~,KAAK;~~QACLoB~~,mBAAmB;~~QACnBC~~,~~OAAO~~;~~QACPC~~,qBAAqB;QACrBC,WAAW;QACXC~~,gBAAgB~~;~~QAChBC,qBAAqB;QACrBb,uBAAuB;QACvBc;~~MACF,CAAC,CAAC;IACJ;EACF,CAAC,CAAC;;EAEF;EACA,MAAM,~~CAACwD~~,eAAe,CAAC,~~GAAGR~~,WAAW;~~EAErC~~,IAAI,~~CAACQ~~,eAAe,EAClB,MAAM,~~IAAI1E~~,KAAK,CAAC,oFAAoF,CAAC;EAEvG,~~IAAI2E,MAAwD;EAE5D,~~IAAI,~~OAAOD~~,eAAe,KAAK,QAAQ,EAAE;IACvC,MAAM,~~IAAI1E~~,KAAK,CAAC,mFAAmF,CAAC;EACtG;EAEA,~~IAAI~~,~~SAAS,IAAI0E,eAAe,CAACE,UAAU,EAAE;IAC3C;IACAD,~~MAAM,~~GAAG~~,~~IAAIzF,aAAa,CAAC;MACzB2F,cAAc,EAAEH,~~eAAe,~~CAACE~~,~~UAAU,CAACE;IAC7C,CAAC,CAAC;EACJ,CAAC,~~MAAM~~,IAAIJ,eAAe,CAACE,UAAU,YAAY5F,IAAI,EAAE~~;~~IACrD2F~~,~~MAAM~~,~~GAAG~~,~~IAAI1F~~,~~UAAU~~,~~CAAC;MACtB8F~~,~~IAAI~~,~~EAAEL~~,~~eAAe,CAACE;IACxB,~~CAAC,CAAC~~;EACJ~~,CAAC,~~MAAM;IACLD,MAAM,GAAG,IAAIxF,mBAAmB,~~CAAC;~~MAC/ByF~~,~~UAAU~~,EAAEF,eAAe,CAACE,UAAwE;MACpG;MACAI,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;EACJ;EAEA,MAAMC,oBAAoB,GAAG;IAAE,GAAGP,eAAe,CAACO;EAAqB,CAAC;EACxE,IAAIA,oBAAoB,EAAE;IACxB3F,0BAA0B,CAAC2F,oBAAoB,GAAGA,oBAAoB;EACxE;EAEA,MAAMC,iBAAiB,~~GAAG9F~~,kCAAkC,~~CAC1DgB~~,~~uBAAuB~~,~~CAACyD,kBAAkB,CAAC,CAAC,CAAC,EAC7C~~;~~IACEG~~,EAAE,~~EAAE5D~~,uBAAuB,~~CAAC+E~~,QAAQ,CAACC,~~MAAM~~;~~IAC3CC~~,OAAO,~~EAAEjF~~,uBAAuB,~~CAAC+E~~,QAAQ,~~CAACG~~,~~wBAAwB~~,~~CAACD~~;~~EACrE~~,~~CACF~~,CAAC;~~EAEDhG~~,8BAA8B,~~CAACsF~~,MAAM,~~EAAEO~~,iBAAiB,CAAC;EAEzD,~~OAAOP~~,MAAM;AACf,CAAC","ignoreList":[]}
1	+ {"version":3,"names":["OpenId4VciCredentialFormatProfile","DidJwk","DidKey","Kms","extractOpenId4VcCredentialMetadata","setOpenId4VcCredentialMetadata","getCredentialConfigurationIdsToRequest","resolvedCredentialOffer","credentialConfigurationIdsToRequest","credentialConfigurationIds","Object","keys","offeredCredentialConfigurations","length","Error","credentialConfigurationId","resolveOpenId4VciOffer","agent","data","uri","authorization","offerUri","encodeURIComponent","JSON","stringify","config","logger","info","openid4vc","holder","resolveCredentialOffer","acquirePreAuthorizedAccessToken","txCode","requestToken","customCredentialBindingResolver","supportedDidMethods","supportsAllDidMethods","supportsJwk","credentialFormat","proofTypes","_proofTypes$jwt","didMethod","includes","undefined","key","kms","createKeyForSignatureAlgorithm","algorithm","jwt","supportedSignatureAlgorithms","publicJwk","PublicJwk","fromPublicJwk","didResult","dids","create","method","options","keyId","didState","state","didUrl","fromDid","did","verificationMethodId","didKey","fingerprint","didUrls","SdJwtVc","MsoMdoc","join","receiveCredentialFromOpenId4VciOffer","tokenResponse","clientId","credentials","requestCredentials","verifyCredentialStatus","allowedProofOfPossessionSignatureAlgorithms","credentialBindingResolver","firstCredential","record","requestedCredentialConfiguration","openId4VcMetadata","id","metadata","credentialIssuer","credential_issuer","display"],"sourceRoot":"../../../../src","sources":["modules/openid/offerResolve.tsx"],"mappings":"AAAA,SAGEA,iCAAiC,QAG5B,qBAAqB;AAC5B,SAAgBC,MAAM,EAAEC,MAAM,EAA4CC,GAAG,QAAQ,gBAAgB;AACrG,SAASC,kCAAkC,EAAEC,8BAA8B,QAAQ,YAAY;AAU/F,MAAMC,sCAAsC,GAAGA,CAAC;EAC9CC,uBAAuB;EACvBC;AAIF,CAAC,KAAK;EACJ,MAAMC,0BAA0B,GAAGD,mCAAmC,IAAI,CACxEE,MAAM,CAACC,IAAI,CAACJ,uBAAuB,CAACK,+BAA+B,CAAC,CAAC,CAAC,CAAC,CACxE;EAED,IAAIH,0BAA0B,CAACI,MAAM,KAAK,CAAC,IAAI,CAACJ,0BAA0B,CAAC,CAAC,CAAC,EAAE;IAC7E,MAAM,IAAIK,KAAK,CAAC,+DAA+D,CAAC;EAClF;EAEA,KAAK,MAAMC,yBAAyB,IAAIN,0BAA0B,EAAE;IAClE,IAAI,CAACF,uBAAuB,CAACK,+BAA+B,CAACG,yBAAyB,CAAC,EAAE;MACvF,MAAM,IAAID,KAAK,CACb,+DAA+DN,mCAAmC,gEACpG,CAAC;IACH;EACF;EAEA,OAAOC,0BAA0B;AACnC,CAAC;AAED,OAAO,MAAMO,sBAAsB,GAAG,MAAAA,CAAO;EAC3CC,KAAK;EACLC,IAAI;EACJC,GAAG;EACHC;AAQF,CAAC,KAAiD;EAChD,IAAIC,QAAQ,GAAGF,GAAG;EAElB,IAAI,CAACE,QAAQ,IAAIH,IAAI,EAAE;IACrB;IACA;IACAG,QAAQ,GAAG,8CAA8CC,kBAAkB,CAACC,IAAI,CAACC,SAAS,CAACN,IAAI,CAAC,CAAC,EAAE;EACrG,CAAC,MAAM,IAAI,CAACG,QAAQ,EAAE;IACpB,MAAM,IAAIP,KAAK,CAAC,qCAAqC,CAAC;EACxD;EAEAG,KAAK,CAACQ,MAAM,CAACC,MAAM,CAACC,IAAI,CAAC,wBAAwBN,QAAQ,EAAE,EAAE;IAC3DA,QAAQ;IACRH,IAAI,EAAEA,IAAI;IACVC,GAAG,EAAEE;EACP,CAAC,CAAC;EAEF,MAAMd,uBAAuB,GAAG,MAAMU,KAAK,CAACW,SAAS,CAACC,MAAM,CAACC,sBAAsB,CAACT,QAAQ,CAAC;EAE7F,IAAID,aAAa,EAAE;IACjB,MAAM,IAAIN,KAAK,CAAC,kFAAkF,CAAC;EACrG;EAEA,OAAOP,uBAAuB;AAChC,CAAC;AAED,OAAO,eAAewB,+BAA+BA,CAAC;EACpDd,KAAK;EACLV,uBAAuB;EACvByB;AAKF,CAAC,EAA2C;EAC1C,OAAO,MAAMf,KAAK,CAACW,SAAS,CAACC,MAAM,CAACI,YAAY,CAAC;IAC/C1B,uBAAuB;IACvByB;EACF,CAAC,CAAC;AACJ;AAEA,OAAO,MAAME,+BAA+B,GAAG,MAAAA,CAAO;EACpDjB,KAAK;EACLkB,mBAAmB;EACnBC,qBAAqB;EACrBC,WAAW;EACXC,gBAAgB;EAChBC;AACgC,CAAC,KAAgD;EAAA,IAAAC,eAAA;EACjF,IAAIC,SAAoC,GACtCL,qBAAqB,IAAID,mBAAmB,aAAnBA,mBAAmB,eAAnBA,mBAAmB,CAAEO,QAAQ,CAAC,SAAS,CAAC,GAC7D,KAAK,GACLP,mBAAmB,aAAnBA,mBAAmB,eAAnBA,mBAAmB,CAAEO,QAAQ,CAAC,SAAS,CAAC,GACtC,KAAK,GACLC,SAAS;EAEjB,IAAI,CAACR,mBAAmB,IAAI,CAACE,WAAW,EAAE;IACxCI,SAAS,GAAG,KAAK;EACnB;EAEA,MAAMG,GAAG,GAAG,MAAM3B,KAAK,CAAC4B,GAAG,CAACC,8BAA8B,CAAC;IACzDC,SAAS,EAAE,CAAAR,UAAU,aAAVA,UAAU,gBAAAC,eAAA,GAAVD,UAAU,CAAES,GAAG,cAAAR,eAAA,uBAAfA,eAAA,CAAiBS,4BAA4B,CAAC,CAAC,CAAC,KAAI;EACjE,CAAC,CAAC;EACF,MAAMC,SAAS,GAAG/C,GAAG,CAACgD,SAAS,CAACC,aAAa,CAACR,GAAG,CAACM,SAAS,CAAC;EAE5D,IAAIT,SAAS,EAAE;IACb,MAAMY,SAAS,GAAG,MAAMpC,KAAK,CAACqC,IAAI,CAACC,MAAM,CAA4C;MACnFC,MAAM,EAAEf,SAAS;MACjBgB,OAAO,EAAE;QACPC,KAAK,EAAEd,GAAG,CAACc;MACb;IACF,CAAC,CAAC;IAEF,IAAIL,SAAS,CAACM,QAAQ,CAACC,KAAK,KAAK,UAAU,EAAE;MAC3C,MAAM,IAAI9C,KAAK,CAAC,sBAAsB,CAAC;IACzC;IAEA,IAAI+C,MAAc;IAClB,IAAIpB,SAAS,KAAK,KAAK,EAAE;MACvBoB,MAAM,GAAG5D,MAAM,CAAC6D,OAAO,CAACT,SAAS,CAACM,QAAQ,CAACI,GAAG,CAAC,CAACC,oBAAoB;IACtE,CAAC,MAAM;MACL,MAAMC,MAAM,GAAG/D,MAAM,CAAC4D,OAAO,CAACT,SAAS,CAACM,QAAQ,CAACI,GAAG,CAAC;MACrDF,MAAM,GAAG,GAAGI,MAAM,CAACF,GAAG,IAAIE,MAAM,CAACf,SAAS,CAACgB,WAAW,EAAE;IAC1D;IAEA,OAAO;MACLV,MAAM,EAAE,KAAK;MACbW,OAAO,EAAE,CAACN,MAAM;IAClB,CAAC;EACH;;EAEA;EACA,IACExB,WAAW,KACVC,gBAAgB,KAAKtC,iCAAiC,CAACoE,OAAO,IAC7D9B,gBAAgB,KAAKtC,iCAAiC,CAACqE,OAAO,CAAC,EACjE;IACA,OAAO;MACLb,MAAM,EAAE,KAAK;MACb7C,IAAI,EAAE,CAACuC,SAAS,CAAC,CAAE;IACrB,CAAC;EACH;EAEA,MAAM,IAAIpC,KAAK,CACb,wIACEuB,WAAW,GAAG,OAAO,GAAG,EAAE,GACzB,CAAAF,mBAAmB,aAAnBA,mBAAmB,uBAAnBA,mBAAmB,CAAEmC,IAAI,CAAC,IAAI,CAAC,KAAI,SAAS,EACjD,CAAC;AACH,CAAC;AAED,OAAO,MAAMC,oCAAoC,GAAG,MAAAA,CAAO;EACzDtD,KAAK;EACLV,uBAAuB;EACvBiE,aAAa;EACbhE,mCAAmC;EACnCiE;AAOF,CAAC,KAAsC;EACrC,MAAMhE,0BAA0B,GAAGH,sCAAsC,CAAC;IACxEC,uBAAuB;IACvBC;EACF,CAAC,CAAC;EAEF,MAAMkE,WAAW,GAAG,MAAMzD,KAAK,CAACW,SAAS,CAACC,MAAM,CAAC8C,kBAAkB,CAAC;IAClEpE,uBAAuB;IACvB,GAAGiE,aAAa;IAChBC,QAAQ;IACRhE,0BAA0B;IAC1BmE,sBAAsB,EAAE,KAAK;IAC7BC,2CAA2C,EAAE;IAC3C;IACA;IACA;IACA,OAAO,EACP,OAAO,CACR;IACDC,yBAAyB,EAAE,MAAAA,CAAO;MAChC3C,mBAAmB;MACnBI,UAAU;MACVH,qBAAqB;MACrBC,WAAW;MACXC;IACkC,CAAC,KAAK;MACxC,OAAOJ,+BAA+B,CAAC;QACrCjB,KAAK;QACLkB,mBAAmB;QACnBI,UAAU;QACVH,qBAAqB;QACrBC,WAAW;QACXC;MACF,CAAC,CAAC;IACJ;EACF,CAAC,CAAC;;EAEF;EACA,MAAM,CAACyC,eAAe,CAAC,GAAGL,WAAW,CAACA,WAAW;EACjD,IAAI,CAACK,eAAe,EAClB,MAAM,IAAIjE,KAAK,CAAC,oFAAoF,CAAC;EAEvG,IAAI,OAAOiE,eAAe,KAAK,QAAQ,EAAE;IACvC,MAAM,IAAIjE,KAAK,CAAC,mFAAmF,CAAC;EACtG;EAEA,MAAMkE,MAAM,GAAGD,eAAe,CAACC,MAAM;EACrC,MAAMC,gCAAgC,GACpC1E,uBAAuB,CAACK,+BAA+B,CAACH,0BAA0B,CAAC,CAAC,CAAC,CAAC;EAExF,MAAMyE,iBAAiB,GAAG9E,kCAAkC,CAAC6E,gCAAgC,EAAS;IACpGE,EAAE,EAAE5E,uBAAuB,CAAC6E,QAAQ,CAACC,gBAAgB,CAACC,iBAAiB;IACvEC,OAAO,EAAEhF,uBAAuB,CAAC6E,QAAQ,CAACC,gBAAgB,CAACE;EAC7D,CAAC,CAAC;EAEFlF,8BAA8B,CAAC2E,MAAM,EAAEE,iBAAiB,CAAC;EAEzD,OAAOF,MAAM;AACf,CAAC","ignoreList":[]}

package/lib/module/modules/openid/refresh/operations.js ADDED Viewed

@@ -0,0 +1,31 @@
+import { toOpenIDCredentialLite } from '../credentialRecord';
+import { refreshAccessToken } from './refreshToken';
+import { credentialRegistry } from './registry';
+import { reissueCredentialWithAccessToken } from './reIssuance';
+export async function refreshAndQueueReplacement({
+  agent,
+  logger,
+  record,
+  toLite = toOpenIDCredentialLite
+}) {
+  const token = await refreshAccessToken({
+    logger,
+    cred: record,
+    agentContext: agent.context
+  });
+  if (!token) {
+    return undefined;
+  }
+  const newRecord = await reissueCredentialWithAccessToken({
+    agent,
+    logger,
+    record,
+    tokenResponse: token
+  });
+  if (!newRecord) {
+    return undefined;
+  }
+  credentialRegistry.getState().markExpiredWithReplacement(record.id, toLite(newRecord));
+  return newRecord;
+}
+//# sourceMappingURL=operations.js.map

package/lib/module/modules/openid/refresh/operations.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["toOpenIDCredentialLite","refreshAccessToken","credentialRegistry","reissueCredentialWithAccessToken","refreshAndQueueReplacement","agent","logger","record","toLite","token","cred","agentContext","context","undefined","newRecord","tokenResponse","getState","markExpiredWithReplacement","id"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/operations.ts"],"mappings":"AAEA,SAAiCA,sBAAsB,QAAQ,qBAAqB;AACpF,SAASC,kBAAkB,QAAQ,gBAAgB;AACnD,SAASC,kBAAkB,QAAQ,YAAY;AAC/C,SAASC,gCAAgC,QAAQ,cAAc;AAU/D,OAAO,eAAeC,0BAA0BA,CAAC;EAC/CC,KAAK;EACLC,MAAM;EACNC,MAAM;EACNC,MAAM,GAAGR;AACc,CAAC,EAAE;EAC1B,MAAMS,KAAK,GAAG,MAAMR,kBAAkB,CAAC;IAAEK,MAAM;IAAEI,IAAI,EAAEH,MAAM;IAAEI,YAAY,EAAEN,KAAK,CAACO;EAAQ,CAAC,CAAC;EAC7F,IAAI,CAACH,KAAK,EAAE;IACV,OAAOI,SAAS;EAClB;EAEA,MAAMC,SAAS,GAAG,MAAMX,gCAAgC,CAAC;IACvDE,KAAK;IACLC,MAAM;IACNC,MAAM;IACNQ,aAAa,EAAEN;EACjB,CAAC,CAAC;EAEF,IAAI,CAACK,SAAS,EAAE;IACd,OAAOD,SAAS;EAClB;EAEAX,kBAAkB,CAACc,QAAQ,CAAC,CAAC,CAACC,0BAA0B,CAACV,MAAM,CAACW,EAAE,EAAEV,MAAM,CAACM,SAAS,CAAC,CAAC;EACtF,OAAOA,SAAS;AAClB","ignoreList":[]}

package/lib/module/modules/openid/refresh/reIssuance.js CHANGED Viewed

@@ -1,4 +1,3 @@
-import { JwaSignatureAlgorithm, Mdoc, MdocRecord, SdJwtVcRecord, W3cCredentialRecord } from '@credo-ts/core';
 import { customCredentialBindingResolver } from '../offerResolve';
 import { extractOpenId4VcCredentialMetadata, getRefreshCredentialMetadata, setOpenId4VcCredentialMetadata, setRefreshCredentialMetadata } from '../metadata';
 import { RefreshStatus } from './types';
@@ -7,8 +6,7 @@ export async function reissueCredentialWithAccessToken({
   logger,
   record,
   tokenResponse,
-  clientId,
-  pidSchemes
+  clientId
 }) {
   if (!record) {
     throw new Error('No credential record provided for re-issuance.');
@@ -29,53 +27,49 @@ export async function reissueCredentialWithAccessToken({
   }
   logger.info('*** Starting to get new credential via re-issuance flow ***');
   // Request a **new** credential using the *existing* configuration id
-  const creds = await agent.modules.openId4VcHolder.requestCredentials({
+  const creds = await agent.openid4vc.holder.requestCredentials({
     resolvedCredentialOffer,
     accessToken: tokenResponse.access_token,
     tokenType: tokenResponse.token_type || 'Bearer',
     cNonce: tokenResponse.c_nonce,
     clientId,
-    credentialsToRequest: [credentialConfigurationId],
+    credentialConfigurationIds: [credentialConfigurationId],
     verifyCredentialStatus: false,
     // you’ll check after storing
-    allowedProofOfPossessionSignatureAlgorithms: [JwaSignatureAlgorithm.EdDSA, JwaSignatureAlgorithm.ES256],
+    allowedProofOfPossessionSignatureAlgorithms: ['EdDSA', 'ES256'],
     credentialBindingResolver: async opts => customCredentialBindingResolver({
       agent,
       supportedDidMethods: opts.supportedDidMethods,
-      keyType: opts.keyType,
+      proofTypes: opts.proofTypes,
       supportsAllDidMethods: opts.supportsAllDidMethods,
       supportsJwk: opts.supportsJwk,
-      credentialFormat: opts.credentialFormat,
-      supportedCredentialId: opts.supportedCredentialId,
-      resolvedCredentialOffer: resolvedCredentialOffer,
-      pidSchemes
+      credentialFormat: opts.credentialFormat
     })
   });
   logger.info('*** New credential received via re-issuance flow ***.');
   // Normalize to your local record types
-  const [firstCredential] = creds;
+  const [firstCredential] = creds.credentials;
   if (!firstCredential || typeof firstCredential === 'string') {
     throw new Error('Issuer returned empty or malformed credential on re-issuance.');
   }
-  let newRecord;
-  if ('compact' in firstCredential.credential) {
-    newRecord = new SdJwtVcRecord({
-      compactSdJwtVc: firstCredential.credential.compact
-    });
-  } else if ((firstCredential === null || firstCredential === void 0 ? void 0 : firstCredential.credential) instanceof Mdoc) {
-    newRecord = new MdocRecord({
-      mdoc: firstCredential.credential
-    });
-  } else {
-    newRecord = new W3cCredentialRecord({
-      credential: firstCredential.credential,
-      tags: {}
-    });
-  }
-  const openId4VcMetadata = extractOpenId4VcCredentialMetadata(resolvedCredentialOffer.offeredCredentials[0], {
-    id: resolvedCredentialOffer.metadata.issuer,
-    display: resolvedCredentialOffer.metadata.credentialIssuerMetadata.display
+  const newRecord = firstCredential.record;
+  // if ('compact' in firstCredential) {
+  //   newRecord = new SdJwtVcRecord({ c })
+  // } else if ((firstCredential as any)?.credential instanceof Mdoc) {
+  //   newRecord = new MdocRecord({ mdoc: firstCredential.credential })
+  // } else {
+  //   newRecord = new W3cCredentialRecord({
+  //     credential: firstCredential.credential as W3cJwtVerifiableCredential | W3cJsonLdVerifiableCredential,
+  //     tags: {},
+  //   })
+  // }
+  const requestedCredentialConfiguration = resolvedCredentialOffer.offeredCredentialConfigurations[credentialConfigurationId];
+  const openId4VcMetadata = extractOpenId4VcCredentialMetadata(requestedCredentialConfiguration, {
+    id: resolvedCredentialOffer.metadata.credentialIssuer.credential_issuer,
+    display: resolvedCredentialOffer.metadata.credentialIssuer.display
   });
   setOpenId4VcCredentialMetadata(newRecord, openId4VcMetadata);
   setRefreshCredentialMetadata(newRecord, {

package/lib/module/modules/openid/refresh/reIssuance.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["~~JwaSignatureAlgorithm","Mdoc","MdocRecord","SdJwtVcRecord","W3cCredentialRecord","~~customCredentialBindingResolver","extractOpenId4VcCredentialMetadata","getRefreshCredentialMetadata","setOpenId4VcCredentialMetadata","setRefreshCredentialMetadata","RefreshStatus","reissueCredentialWithAccessToken","agent","logger","record","tokenResponse","clientId","~~pidSchemes","~~Error","refreshMetaData","credentialConfigurationId","resolvedCredentialOffer","access_token","info","creds","~~modules~~","~~openId4VcHolder~~","requestCredentials","accessToken","tokenType","token_type","cNonce","c_nonce","~~credentialsToRequest~~","verifyCredentialStatus","allowedProofOfPossessionSignatureAlgorithms","~~EdDSA","ES256","~~credentialBindingResolver","opts","supportedDidMethods","~~keyType~~","supportsAllDidMethods","supportsJwk","credentialFormat","~~supportedCredentialId~~","~~firstCredential~~","newRecord","~~credential~~","~~compactSdJwtVc~~","~~compact","mdoc","tags","~~openId4VcMetadata","~~offeredCredentials","~~id","metadata","~~issuer~~","~~display~~","~~credentialIssuerMetadata~~","refreshToken","refresh_token","lastCheckedAt","Date","now","lastCheckResult","Valid"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/reIssuance.ts"],"mappings":"~~AAAA~~,~~SAEEA,qBAAqB,EACrBC,IAAI,EACJC,UAAU,EACVC,aAAa,EACbC,mBAAmB,QAGd,gBAAgB;AAOvB,SAASC~~,+BAA+B,QAAQ,iBAAiB;AAEjE,SACEC,kCAAkC,EAClCC,4BAA4B,EAC5BC,8BAA8B,EAC9BC,4BAA4B,QACvB,aAAa;AACpB,SAASC,aAAa,QAAQ,SAAS;~~AAavC~~,OAAO,eAAeC,gCAAgCA,CAAC;EACrDC,KAAK;EACLC,MAAM;EACNC,MAAM;EACNC,aAAa;EACbC~~,QAAQ~~;~~EACRC;~~AAC2B,CAAC,~~EAAyE~~;~~EACrG~~,IAAI,~~CAACH~~,MAAM,EAAE;IACX,MAAM,~~IAAII~~,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,MAAMC,eAAe,~~GAAGZ~~,4BAA4B,CAACO,MAAM,CAAC;EAC5D,IAAI,~~CAACK~~,eAAe,EAAE;IACpB,MAAM,IAAID,KAAK,CAAC,0DAA0D,CAAC;EAC7E;EACA,MAAM;IAAEE,yBAAyB;IAAEC;EAAwB,CAAC,GAAGF,eAAe;EAE9E,IAAI,CAACE,uBAAuB,EAAE;IAC5B,MAAM,IAAIH,KAAK,CAAC,6EAA6E,CAAC;EAChG;EAEA,IAAI,~~CAACH~~,aAAa,~~CAACO~~,YAAY,EAAE;IAC/B,MAAM,IAAIJ,KAAK,CAAC,8DAA8D,CAAC;EACjF;~~EAEAL~~,MAAM,~~CAACU~~,IAAI,CAAC,6DAA6D,CAAC;EAC1E~~;EACA~~,MAAMC,~~KAAK~~,GAAG,~~MAAMZ~~,KAAK,~~CAACa~~,~~OAAO~~,CAACC,~~eAAe~~,CAACC,kBAAkB,CAAC;~~IACnEN~~,uBAAuB;IACvBO,WAAW,~~EAAEb~~,aAAa,~~CAACO~~,YAAY;IACvCO,SAAS,~~EAAEd~~,aAAa,~~CAACe~~,UAAU,IAAI,QAAQ;IAC/CC,MAAM,~~EAAEhB~~,aAAa,~~CAACiB~~,OAAO;~~IAC7BhB~~,QAAQ;~~IACRiB~~,~~oBAAoB~~,EAAE,CAACb,yBAAyB,CAAC;~~IACjDc~~,sBAAsB,EAAE,KAAK;IAAE;IAC/BC,2CAA2C,EAAE,~~CAACnC~~,~~qBAAqB~~,~~CAACoC~~,~~KAAK~~,~~EAAEpC,qBAAqB,CAACqC,KAAK,~~CAAC;~~IACvGC~~,yBAAyB,EAAE,MAAOC,IAAwC,~~IACxElC~~,+BAA+B,CAAC;MAC9BO,KAAK;~~MACL4B~~,mBAAmB,EAAED,IAAI,CAACC,mBAAmB;MAC7CC,~~OAAO~~,EAAEF,IAAI,CAACE,~~OAAO~~;~~MACrBC~~,qBAAqB,EAAEH,IAAI,CAACG,qBAAqB;MACjDC,WAAW,EAAEJ,IAAI,CAACI,WAAW;MAC7BC,gBAAgB,EAAEL,IAAI,CAACK~~,gBAAgB~~;~~MACvCC~~,~~qBAAqB,EAAEN,IAAI,CAACM,qBAAqB;MACjDxB,uBAAuB,EAAEA,uBAAuB;MAChDJ;IACF,~~CAAC;EACL,CAAC,CAAC;~~EAEFJ~~,MAAM,~~CAACU~~,IAAI,CAAC,uDAAuD,CAAC;;EAEpE;EACA,MAAM,~~CAACuB~~,eAAe,CAAC,~~GAAGtB~~,KAAK;~~EAC/B~~,IAAI,~~CAACsB~~,eAAe,IAAI,OAAOA,eAAe,KAAK,QAAQ,EAAE;IAC3D,MAAM,~~IAAI5B~~,KAAK,CAAC,+DAA+D,CAAC;EAClF;EAEA,~~IAAI6B~~,~~SAA2D;EAC/D~~,~~IAAI~~,~~SAAS,IAAID,~~eAAe,~~CAACE~~,~~UAAU,EAAE~~;~~IAC3CD,SAAS,GAAG,IAAI5C,aAAa,CAAC~~;~~MAAE8C,cAAc,EAAEH,eAAe,CAACE,UAAU,CAACE~~;~~IAAQ,CAAC,CAAC~~;~~EACvF,CAAC,MAAM,IAAI,CAACJ,eAAe,aAAfA,eAAe,uBAAfA,eAAe,CAAUE,UAAU,aAAY/C,IAAI,EAAE~~;~~IAC/D8C,SAAS,GAAG,IAAI7C,UAAU,CAAC~~;~~MAAEiD,IAAI,EAAEL,eAAe,CAACE~~;~~IAAW,CAAC,CAAC~~;~~EAClE,CAAC,MAAM~~;~~IACLD,SAAS,GAAG,IAAI3C,mBAAmB,CAAC~~;~~MAClC4C~~,~~UAAU~~,~~EAAEF~~,~~eAAe~~,~~CAACE~~,~~UAAwE;MACpGI~~,~~IAAI~~,~~EAAE~~,CAAC;~~IACT~~,~~CAAC~~,~~CAAC;EACJ;EAEA,MAAMC,~~iBAAiB,~~GAAG/C~~,kCAAkC,~~CAC1De~~,~~uBAAuB~~,~~CAACiC,kBAAkB,CAAC,CAAC,CAAC,EAC7C~~;~~IACEC~~,EAAE,~~EAAElC~~,uBAAuB,~~CAACmC~~,QAAQ,CAACC,~~MAAM~~;~~IAC3CC~~,OAAO,~~EAAErC~~,uBAAuB,~~CAACmC~~,QAAQ,~~CAACG~~,~~wBAAwB~~,~~CAACD~~;~~EACrE~~,~~CACF~~,CAAC;~~EAEDlD~~,8BAA8B,~~CAACuC~~,SAAS,~~EAAEM~~,iBAAiB,CAAC;~~EAE5D5C~~,4BAA4B,~~CAACsC~~,SAAS,EAAE;IACtC,~~GAAG5B~~,eAAe;~~IAClByC~~,YAAY,~~EAAE7C~~,aAAa,~~CAAC8C~~,aAAa,~~IAAI1C~~,eAAe,~~CAACyC~~,YAAY;IACzEE,aAAa,EAAEC,IAAI,CAACC,GAAG,CAAC,CAAC;IACzBC,eAAe,~~EAAEvD~~,aAAa,~~CAACwD~~;EACjC,CAAC,CAAC;EAEF,~~OAAOnB~~,SAAS;AAClB","ignoreList":[]}
1	+ {"version":3,"names":["customCredentialBindingResolver","extractOpenId4VcCredentialMetadata","getRefreshCredentialMetadata","setOpenId4VcCredentialMetadata","setRefreshCredentialMetadata","RefreshStatus","reissueCredentialWithAccessToken","agent","logger","record","tokenResponse","clientId","Error","refreshMetaData","credentialConfigurationId","resolvedCredentialOffer","access_token","info","creds","openid4vc","holder","requestCredentials","accessToken","tokenType","token_type","cNonce","c_nonce","credentialConfigurationIds","verifyCredentialStatus","allowedProofOfPossessionSignatureAlgorithms","credentialBindingResolver","opts","supportedDidMethods","proofTypes","supportsAllDidMethods","supportsJwk","credentialFormat","firstCredential","credentials","newRecord","requestedCredentialConfiguration","offeredCredentialConfigurations","openId4VcMetadata","id","metadata","credentialIssuer","credential_issuer","display","refreshToken","refresh_token","lastCheckedAt","Date","now","lastCheckResult","Valid"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/reIssuance.ts"],"mappings":"AASA,SAASA,+BAA+B,QAAQ,iBAAiB;AAEjE,SACEC,kCAAkC,EAClCC,4BAA4B,EAC5BC,8BAA8B,EAC9BC,4BAA4B,QACvB,aAAa;AACpB,SAASC,aAAa,QAAQ,SAAS;AAYvC,OAAO,eAAeC,gCAAgCA,CAAC;EACrDC,KAAK;EACLC,MAAM;EACNC,MAAM;EACNC,aAAa;EACbC;AAC2B,CAAC,EAA+C;EAC3E,IAAI,CAACF,MAAM,EAAE;IACX,MAAM,IAAIG,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,MAAMC,eAAe,GAAGX,4BAA4B,CAACO,MAAM,CAAC;EAC5D,IAAI,CAACI,eAAe,EAAE;IACpB,MAAM,IAAID,KAAK,CAAC,0DAA0D,CAAC;EAC7E;EACA,MAAM;IAAEE,yBAAyB;IAAEC;EAAwB,CAAC,GAAGF,eAAe;EAE9E,IAAI,CAACE,uBAAuB,EAAE;IAC5B,MAAM,IAAIH,KAAK,CAAC,6EAA6E,CAAC;EAChG;EAEA,IAAI,CAACF,aAAa,CAACM,YAAY,EAAE;IAC/B,MAAM,IAAIJ,KAAK,CAAC,8DAA8D,CAAC;EACjF;EAEAJ,MAAM,CAACS,IAAI,CAAC,6DAA6D,CAAC;EAC1E;;EAQA,MAAMC,KAAe,GAAG,MAAMX,KAAK,CAACY,SAAS,CAACC,MAAM,CAACC,kBAAkB,CAAC;IACtEN,uBAAuB;IACvBO,WAAW,EAAEZ,aAAa,CAACM,YAAY;IACvCO,SAAS,EAAEb,aAAa,CAACc,UAAU,IAAI,QAAQ;IAC/CC,MAAM,EAAEf,aAAa,CAACgB,OAAO;IAC7Bf,QAAQ;IACRgB,0BAA0B,EAAE,CAACb,yBAAyB,CAAC;IACvDc,sBAAsB,EAAE,KAAK;IAAE;IAC/BC,2CAA2C,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;IAC/DC,yBAAyB,EAAE,MAAOC,IAAwC,IACxE/B,+BAA+B,CAAC;MAC9BO,KAAK;MACLyB,mBAAmB,EAAED,IAAI,CAACC,mBAAmB;MAC7CC,UAAU,EAAEF,IAAI,CAACE,UAAU;MAC3BC,qBAAqB,EAAEH,IAAI,CAACG,qBAAqB;MACjDC,WAAW,EAAEJ,IAAI,CAACI,WAAW;MAC7BC,gBAAgB,EAAEL,IAAI,CAACK;IACzB,CAAC;EACL,CAAC,CAAC;EAEF5B,MAAM,CAACS,IAAI,CAAC,uDAAuD,CAAC;;EAEpE;EACA,MAAM,CAACoB,eAAe,CAAC,GAAGnB,KAAK,CAACoB,WAAW;EAC3C,IAAI,CAACD,eAAe,IAAI,OAAOA,eAAe,KAAK,QAAQ,EAAE;IAC3D,MAAM,IAAIzB,KAAK,CAAC,+DAA+D,CAAC;EAClF;EAEA,MAAM2B,SAAiC,GAAGF,eAAe,CAAC5B,MAAM;EAChE;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM+B,gCAAgC,GACpCzB,uBAAuB,CAAC0B,+BAA+B,CAAC3B,yBAAyB,CAAC;EAEpF,MAAM4B,iBAAiB,GAAGzC,kCAAkC,CAACuC,gCAAgC,EAAS;IACpGG,EAAE,EAAE5B,uBAAuB,CAAC6B,QAAQ,CAACC,gBAAgB,CAACC,iBAAiB;IACvEC,OAAO,EAAEhC,uBAAuB,CAAC6B,QAAQ,CAACC,gBAAgB,CAACE;EAC7D,CAAC,CAAC;EAEF5C,8BAA8B,CAACoC,SAAS,EAAEG,iBAAiB,CAAC;EAE5DtC,4BAA4B,CAACmC,SAAS,EAAE;IACtC,GAAG1B,eAAe;IAClBmC,YAAY,EAAEtC,aAAa,CAACuC,aAAa,IAAIpC,eAAe,CAACmC,YAAY;IACzEE,aAAa,EAAEC,IAAI,CAACC,GAAG,CAAC,CAAC;IACzBC,eAAe,EAAEhD,aAAa,CAACiD;EACjC,CAAC,CAAC;EAEF,OAAOf,SAAS;AAClB","ignoreList":[]}

package/lib/module/modules/openid/refresh/refreshOrchestrator.js CHANGED Viewed

@@ -1,41 +1,31 @@
 // modules/openid/refresh/RefreshOrchestrator.ts
-import { ClaimFormat, SdJwtVcRecord, W3cCredentialRecord } from '@credo-ts/core';
-import { refreshAccessToken } from './refreshToken';
-import { reissueCredentialWithAccessToken } from './reIssuance';
-import { RefreshStatus } from './types';
+import { OpenIDCredentialRefreshFlowType, RefreshStatus } from './types';
 import { credentialRegistry } from './registry';
 import { verifyCredentialStatus } from './verifyCredentialStatus';
 import { getRefreshCredentialMetadata, markOpenIDCredentialStatus, persistCredentialRecord, setRefreshCredentialMetadata } from '../metadata';
-const defaultToLite = rec => {
-  var _rec$createdAt;
-  return {
-    id: rec.id,
-    // best-effort: SdJwt/W3C both expose claimFormat via tags in many setups.
-    // Fallback to JwtVc if unknown so UI has *some* value.
-    format: rec instanceof W3cCredentialRecord && ClaimFormat.JwtVc || rec instanceof SdJwtVcRecord && ClaimFormat.SdJwtVc || ClaimFormat.JwtVc,
-    createdAt: (_rec$createdAt = rec.createdAt) === null || _rec$createdAt === void 0 ? void 0 : _rec$createdAt.toISOString(),
-    issuer: undefined
-  };
-};
+import { toOpenIDCredentialLite } from '../credentialRecord';
+import { refreshAndQueueReplacement } from './operations';
 export class RefreshOrchestrator {
   intervalOn = false; // interval enabled?
   runningOnce = false; // a run is in progress?
   recentlyIssued = new Map();
-  checkStatusOnly = true;
   constructor(logger, bridge, opts) {
     this.logger = logger;
     this.opts = {
       intervalMs: 15 * 60 * 1000,
       autoStart: true,
+      flowType: OpenIDCredentialRefreshFlowType.FullReplacement,
       onError: e => this.logger.error(String(e)),
       listRecords: async () => [],
-      toLite: defaultToLite,
+      toLite: toOpenIDCredentialLite,
       ...(opts ?? {})
     };
     logger.info(`🔧 [RefreshOrchestrator] initialized -> ${JSON.stringify({
       intervalMs: this.opts.intervalMs,
-      autoStart: this.opts.autoStart
+      autoStart: this.opts.autoStart,
+      flowType: this.opts.flowType
     })}`);
     bridge.onReady(agent => {
       this.agent = agent;
@@ -58,7 +48,8 @@ export class RefreshOrchestrator {
     };
     this.logger.info(`🔧 [RefreshOrchestrator] configure -> ${JSON.stringify({
       intervalMs: this.opts.intervalMs,
-      autoStart: this.opts.autoStart
+      autoStart: this.opts.autoStart,
+      flowType: this.opts.flowType
     })}`);
     const nowIntervalMs = this.opts.intervalMs ?? null;
     const nowAutoStart = this.opts.autoStart ?? true;
@@ -132,8 +123,11 @@ export class RefreshOrchestrator {
       for (const rec of records) {
         // don’t block whole batch if one fails
         try {
-          await this.checkRecordStatus(rec);
-          // await this.refreshRecord(rec)
+          if (this.opts.flowType === OpenIDCredentialRefreshFlowType.FullReplacement) {
+            await this.refreshRecord(rec);
+          } else {
+            await this.checkRecordStatus(rec);
+          }
         } catch (e) {
           var _this$opts$onError, _this$opts;
           this.logger.error(`💥 [Refresh] record ${rec.id} failed: ${String(e)}`);
@@ -164,6 +158,7 @@ export class RefreshOrchestrator {
       shouldSkip,
       markRefreshing,
       clearRefreshing,
+      clearExpired,
       upsert,
       markInvalid,
       setLastSweep
@@ -188,19 +183,22 @@ export class RefreshOrchestrator {
     this.logger.info(`🧭 [Refresh] check credential ${id}`);
     try {
       // 3) verification
-      const isValid = await verifyCredentialStatus(rec, this.logger);
+      const status = await verifyCredentialStatus(rec, this.logger);
       const now = Date.now();
       const meta = getRefreshCredentialMetadata(rec) ?? {};
-      meta.lastCheckResult = isValid ? RefreshStatus.Valid : RefreshStatus.Invalid;
+      meta.lastCheckResult = status;
       meta.lastCheckedAt = now;
       meta.attemptCount = (meta.attemptCount ?? 0) + 1;
       setRefreshCredentialMetadata(rec, meta);
       await persistCredentialRecord(this.agent.context, rec);
-      if (isValid) {
+      if (status === RefreshStatus.Valid) {
         this.logger.info(`✅ [Refresh] valid → ${id}`);
-      } else {
+        clearExpired(id);
+      } else if (status === RefreshStatus.Invalid) {
         this.logger.info(`❌ [Refresh] invalid → ${id}`);
-        markInvalid(id); // <-- key change: we only flag invalid here
+        markInvalid(id);
+      } else {
+        this.logger.warn(`⚠️ [Refresh] status check error → ${id}`);
       }
       setLastSweep(new Date(now).toISOString());
     } catch (error) {
@@ -217,9 +215,8 @@ export class RefreshOrchestrator {
       markRefreshing,
       clearRefreshing,
       clearExpired,
-      markExpiredWithReplacement,
-      blockAsFailed,
       blockAsSucceeded,
+      markInvalid,
       upsert
     } = credentialRegistry.getState();
     const id = rec.id;
@@ -242,8 +239,8 @@ export class RefreshOrchestrator {
     this.logger.info(`🧭 [Refresh] check credential ${id}`);
     try {
       // 3) verification
-      const isValid = await verifyCredentialStatus(rec, this.logger);
-      if (isValid) {
+      const status = await verifyCredentialStatus(rec, this.logger);
+      if (status === RefreshStatus.Valid) {
         this.logger.info(`✅ [Refresh] valid → ${id}`);
         // If it was previously expired for any reason, clear that and block as succeeded
         clearExpired(id);
@@ -251,6 +248,15 @@ export class RefreshOrchestrator {
         // blockAsSucceeded(id)
         return;
       }
+      if (status === RefreshStatus.Error) {
+        this.logger.warn(`⚠️ [Refresh] status check failed; deferring re-issue → ${id}`);
+        await markOpenIDCredentialStatus({
+          credential: rec,
+          status: RefreshStatus.Error,
+          agentContext: this.agent.context
+        });
+        return;
+      }
       // Invalid case:
@@ -259,48 +265,28 @@ export class RefreshOrchestrator {
         status: RefreshStatus.Invalid,
         agentContext: this.agent.context
       });
-      // 4) needs refresh → get access token
       this.logger.info(`♻️ [Refresh] invalid, attempting re-issue → ${id}`);
-      const token = await refreshAccessToken({
-        logger: this.logger,
-        cred: rec,
-        agentContext: this.agent.context
-      });
-      if (!token) {
-        const msg = `no refresh token available`;
-        this.logger.warn(`⚠️ [Refresh] ${msg} for ${id}`);
-        blockAsFailed(id, msg);
-        return;
-      }
-      // 5) re-issue
-      const newRecord = await reissueCredentialWithAccessToken({
+      const newRecord = await refreshAndQueueReplacement({
         agent: this.agent,
         logger: this.logger,
         record: rec,
-        tokenResponse: token
+        toLite: this.opts.toLite
       });
-      if (newRecord) {
-        this.logger.info(`💾 [Refresh] new credential → ${newRecord.id}`);
-        // Queue a replacement for UI/notifications and block the old one as succeeded
-        markExpiredWithReplacement(id, this.opts.toLite(newRecord));
-        blockAsSucceeded(id);
-        this.recentlyIssued.set(newRecord.id, newRecord);
-      } else {
-        const msg = `re-issue returned no record`;
+      if (!newRecord) {
+        const msg = 'credential refresh did not yield a replacement';
         this.logger.warn(`⚠️ [Refresh] ${msg} for ${id}`);
-        blockAsFailed(id, msg);
-        await markOpenIDCredentialStatus({
-          credential: rec,
-          status: RefreshStatus.Invalid,
-          agentContext: this.agent.context
-        });
+        markInvalid(id);
+        return;
       }
+      this.logger.info(`💾 [Refresh] new credential → ${newRecord.id}`);
+      blockAsSucceeded(id);
+      this.recentlyIssued.set(newRecord.id, newRecord);
     } catch (e) {
+      var _this$opts$onError4, _this$opts4;
       const err = String(e);
       this.logger.error(`💥 [Refresh] error on ${id}: ${err}`);
-      blockAsFailed(id, err);
+      (_this$opts$onError4 = (_this$opts4 = this.opts).onError) === null || _this$opts$onError4 === void 0 || _this$opts$onError4.call(_this$opts4, e);
+      markInvalid(id);
     } finally {
       // 6) clear in-flight marker
       clearRefreshing(id);