npm - @bifold/core - Versions diffs - 2.12.12 → 3.0.1 - Mend

@bifold/core 2.12.12 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (414) hide show

package/lib/commonjs/modules/openid/refresh/refreshOrchestrator.js CHANGED Viewed

@@ -4,45 +4,34 @@ Object.defineProperty(exports, "__esModule", {
   value: true
 });
 exports.RefreshOrchestrator = void 0;
-var _core = require("@credo-ts/core");
-var _refreshToken = require("./refreshToken");
-var _reIssuance = require("./reIssuance");
 var _types = require("./types");
 var _registry = require("./registry");
 var _verifyCredentialStatus = require("./verifyCredentialStatus");
 var _metadata = require("../metadata");
+var _credentialRecord = require("../credentialRecord");
+var _operations = require("./operations");
 // modules/openid/refresh/RefreshOrchestrator.ts
-const defaultToLite = rec => {
-  var _rec$createdAt;
-  return {
-    id: rec.id,
-    // best-effort: SdJwt/W3C both expose claimFormat via tags in many setups.
-    // Fallback to JwtVc if unknown so UI has *some* value.
-    format: rec instanceof _core.W3cCredentialRecord && _core.ClaimFormat.JwtVc || rec instanceof _core.SdJwtVcRecord && _core.ClaimFormat.SdJwtVc || _core.ClaimFormat.JwtVc,
-    createdAt: (_rec$createdAt = rec.createdAt) === null || _rec$createdAt === void 0 ? void 0 : _rec$createdAt.toISOString(),
-    issuer: undefined
-  };
-};
 class RefreshOrchestrator {
   intervalOn = false; // interval enabled?
   runningOnce = false; // a run is in progress?
   recentlyIssued = new Map();
-  checkStatusOnly = true;
   constructor(logger, bridge, opts) {
     this.logger = logger;
     this.opts = {
       intervalMs: 15 * 60 * 1000,
       autoStart: true,
+      flowType: _types.OpenIDCredentialRefreshFlowType.FullReplacement,
       onError: e => this.logger.error(String(e)),
       listRecords: async () => [],
-      toLite: defaultToLite,
+      toLite: _credentialRecord.toOpenIDCredentialLite,
       ...(opts ?? {})
     };
     logger.info(`🔧 [RefreshOrchestrator] initialized -> ${JSON.stringify({
       intervalMs: this.opts.intervalMs,
-      autoStart: this.opts.autoStart
+      autoStart: this.opts.autoStart,
+      flowType: this.opts.flowType
     })}`);
     bridge.onReady(agent => {
       this.agent = agent;
@@ -65,7 +54,8 @@ class RefreshOrchestrator {
     };
     this.logger.info(`🔧 [RefreshOrchestrator] configure -> ${JSON.stringify({
       intervalMs: this.opts.intervalMs,
-      autoStart: this.opts.autoStart
+      autoStart: this.opts.autoStart,
+      flowType: this.opts.flowType
     })}`);
     const nowIntervalMs = this.opts.intervalMs ?? null;
     const nowAutoStart = this.opts.autoStart ?? true;
@@ -139,8 +129,11 @@ class RefreshOrchestrator {
       for (const rec of records) {
         // don’t block whole batch if one fails
         try {
-          await this.checkRecordStatus(rec);
-          // await this.refreshRecord(rec)
+          if (this.opts.flowType === _types.OpenIDCredentialRefreshFlowType.FullReplacement) {
+            await this.refreshRecord(rec);
+          } else {
+            await this.checkRecordStatus(rec);
+          }
         } catch (e) {
           var _this$opts$onError, _this$opts;
           this.logger.error(`💥 [Refresh] record ${rec.id} failed: ${String(e)}`);
@@ -171,6 +164,7 @@ class RefreshOrchestrator {
       shouldSkip,
       markRefreshing,
       clearRefreshing,
+      clearExpired,
       upsert,
       markInvalid,
       setLastSweep
@@ -195,19 +189,22 @@ class RefreshOrchestrator {
     this.logger.info(`🧭 [Refresh] check credential ${id}`);
     try {
       // 3) verification
-      const isValid = await (0, _verifyCredentialStatus.verifyCredentialStatus)(rec, this.logger);
+      const status = await (0, _verifyCredentialStatus.verifyCredentialStatus)(rec, this.logger);
       const now = Date.now();
       const meta = (0, _metadata.getRefreshCredentialMetadata)(rec) ?? {};
-      meta.lastCheckResult = isValid ? _types.RefreshStatus.Valid : _types.RefreshStatus.Invalid;
+      meta.lastCheckResult = status;
       meta.lastCheckedAt = now;
       meta.attemptCount = (meta.attemptCount ?? 0) + 1;
       (0, _metadata.setRefreshCredentialMetadata)(rec, meta);
       await (0, _metadata.persistCredentialRecord)(this.agent.context, rec);
-      if (isValid) {
+      if (status === _types.RefreshStatus.Valid) {
         this.logger.info(`✅ [Refresh] valid → ${id}`);
-      } else {
+        clearExpired(id);
+      } else if (status === _types.RefreshStatus.Invalid) {
         this.logger.info(`❌ [Refresh] invalid → ${id}`);
-        markInvalid(id); // <-- key change: we only flag invalid here
+        markInvalid(id);
+      } else {
+        this.logger.warn(`⚠️ [Refresh] status check error → ${id}`);
       }
       setLastSweep(new Date(now).toISOString());
     } catch (error) {
@@ -224,9 +221,8 @@ class RefreshOrchestrator {
       markRefreshing,
       clearRefreshing,
       clearExpired,
-      markExpiredWithReplacement,
-      blockAsFailed,
       blockAsSucceeded,
+      markInvalid,
       upsert
     } = _registry.credentialRegistry.getState();
     const id = rec.id;
@@ -249,8 +245,8 @@ class RefreshOrchestrator {
     this.logger.info(`🧭 [Refresh] check credential ${id}`);
     try {
       // 3) verification
-      const isValid = await (0, _verifyCredentialStatus.verifyCredentialStatus)(rec, this.logger);
-      if (isValid) {
+      const status = await (0, _verifyCredentialStatus.verifyCredentialStatus)(rec, this.logger);
+      if (status === _types.RefreshStatus.Valid) {
         this.logger.info(`✅ [Refresh] valid → ${id}`);
         // If it was previously expired for any reason, clear that and block as succeeded
         clearExpired(id);
@@ -258,6 +254,15 @@ class RefreshOrchestrator {
         // blockAsSucceeded(id)
         return;
       }
+      if (status === _types.RefreshStatus.Error) {
+        this.logger.warn(`⚠️ [Refresh] status check failed; deferring re-issue → ${id}`);
+        await (0, _metadata.markOpenIDCredentialStatus)({
+          credential: rec,
+          status: _types.RefreshStatus.Error,
+          agentContext: this.agent.context
+        });
+        return;
+      }
       // Invalid case:
@@ -266,48 +271,28 @@ class RefreshOrchestrator {
         status: _types.RefreshStatus.Invalid,
         agentContext: this.agent.context
       });
-      // 4) needs refresh → get access token
       this.logger.info(`♻️ [Refresh] invalid, attempting re-issue → ${id}`);
-      const token = await (0, _refreshToken.refreshAccessToken)({
-        logger: this.logger,
-        cred: rec,
-        agentContext: this.agent.context
-      });
-      if (!token) {
-        const msg = `no refresh token available`;
-        this.logger.warn(`⚠️ [Refresh] ${msg} for ${id}`);
-        blockAsFailed(id, msg);
-        return;
-      }
-      // 5) re-issue
-      const newRecord = await (0, _reIssuance.reissueCredentialWithAccessToken)({
+      const newRecord = await (0, _operations.refreshAndQueueReplacement)({
         agent: this.agent,
         logger: this.logger,
         record: rec,
-        tokenResponse: token
+        toLite: this.opts.toLite
       });
-      if (newRecord) {
-        this.logger.info(`💾 [Refresh] new credential → ${newRecord.id}`);
-        // Queue a replacement for UI/notifications and block the old one as succeeded
-        markExpiredWithReplacement(id, this.opts.toLite(newRecord));
-        blockAsSucceeded(id);
-        this.recentlyIssued.set(newRecord.id, newRecord);
-      } else {
-        const msg = `re-issue returned no record`;
+      if (!newRecord) {
+        const msg = 'credential refresh did not yield a replacement';
         this.logger.warn(`⚠️ [Refresh] ${msg} for ${id}`);
-        blockAsFailed(id, msg);
-        await (0, _metadata.markOpenIDCredentialStatus)({
-          credential: rec,
-          status: _types.RefreshStatus.Invalid,
-          agentContext: this.agent.context
-        });
+        markInvalid(id);
+        return;
       }
+      this.logger.info(`💾 [Refresh] new credential → ${newRecord.id}`);
+      blockAsSucceeded(id);
+      this.recentlyIssued.set(newRecord.id, newRecord);
     } catch (e) {
+      var _this$opts$onError4, _this$opts4;
       const err = String(e);
       this.logger.error(`💥 [Refresh] error on ${id}: ${err}`);
-      blockAsFailed(id, err);
+      (_this$opts$onError4 = (_this$opts4 = this.opts).onError) === null || _this$opts$onError4 === void 0 || _this$opts$onError4.call(_this$opts4, e);
+      markInvalid(id);
     } finally {
       // 6) clear in-flight marker
       clearRefreshing(id);

package/lib/commonjs/modules/openid/refresh/refreshOrchestrator.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_core","require","_refreshToken","_reIssuance","_types","_registry","_verifyCredentialStatus","_metadata","defaultToLite","rec","_rec$createdAt","id","format","W3cCredentialRecord","ClaimFormat","JwtVc","SdJwtVcRecord","SdJwtVc","createdAt","toISOString","issuer","undefined","RefreshOrchestrator","intervalOn","runningOnce","recentlyIssued","Map","checkStatusOnly","constructor","logger","bridge","opts","intervalMs","autoStart","onError","e","error","String","listRecords","toLite","info","JSON","stringify","onReady","agent","start","configure","next","prev","agentReady","nowIntervalMs","nowAutoStart","stop","isRunning","timer","setInterval","runOnce","clearInterval","reason","_this$agent","warn","isInitialized","records","length","checkRecordStatus","_this$opts$onError","_this$opts","call","_this$opts$onError2","_this$opts2","setIntervalMs","resolveFull","get","shouldSkip","markRefreshing","clearRefreshing","upsert","markInvalid","setLastSweep","credentialRegistry","getState","isValid","verifyCredentialStatus","now","Date","meta","getRefreshCredentialMetadata","lastCheckResult","RefreshStatus","Valid","Invalid","lastCheckedAt","attemptCount","setRefreshCredentialMetadata","persistCredentialRecord","context","_this$opts$onError3","_this$opts3","refreshRecord","clearExpired","markExpiredWithReplacement","blockAsFailed","blockAsSucceeded","markOpenIDCredentialStatus","credential","status","agentContext","token","refreshAccessToken","cred","msg","newRecord","reissueCredentialWithAccessToken","record","tokenResponse","set","err","exports"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/refreshOrchestrator.ts"],"mappings":";;;;;;AACA,IAAAA,KAAA,GAAAC,OAAA;AAEA,IAAAC,aAAA,GAAAD,OAAA;AACA,IAAAE,WAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAEA,IAAAI,SAAA,GAAAJ,OAAA;AACA,IAAAK,uBAAA,GAAAL,OAAA;AACA,IAAAM,SAAA,GAAAN,OAAA;AATA;;AAkBA,MAAMO,aAAa,GAAIC,GAAY;EAAA,IAAAC,cAAA;EAAA,OAAM;IACvCC,EAAE,EAAEF,GAAG,CAACE,EAAE;IACV;IACA;IACAC,MAAM,EACHH,GAAG,YAAYI,yBAAmB,IAAIC,iBAAW,CAACC,KAAK,IACvDN,GAAG,YAAYO,mBAAa,IAAIF,iBAAW,CAACG,OAAQ,IACrDH,iBAAW,CAACC,KAAK;IACnBG,SAAS,GAAAR,cAAA,GAAED,GAAG,CAACS,SAAS,cAAAR,cAAA,uBAAbA,cAAA,CAAeS,WAAW,CAAC,CAAC;IACvCC,MAAM,EAAEC;EACV,CAAC;AAAA,CAAC;AAEK,MAAMC,mBAAmB,CAAiC;EAEvDC,UAAU,GAAG,KAAK,EAAC;EACnBC,WAAW,GAAG,KAAK,EAAC;;EAGXC,cAAc,GAAG,IAAIC,GAAG,CAAkB,CAAC;EAC3CC,eAAe,GAAG,IAAI;EAEhCC,WAAWA,CAAkBC,MAAoB,EAAEC,MAAmB,EAAEC,IAA8B,EAAE;IAAA,KAA3EF,MAAoB,GAApBA,MAAoB;IACtD,IAAI,CAACE,IAAI,GAAG;MACVC,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;MAC1BC,SAAS,EAAE,IAAI;MACfC,OAAO,EAAGC,CAAC,IAAK,IAAI,CAACN,MAAM,CAACO,KAAK,CAACC,MAAM,CAACF,CAAC,CAAC,CAAC;MAC5CG,WAAW,EAAE,MAAAA,CAAA,KAAY,EAAE;MAC3BC,MAAM,EAAE/B,aAAa;MACrB,IAAIuB,IAAI,IAAI,CAAC,CAAC;IAChB,CAAC;IAEDF,MAAM,CAACW,IAAI,CACT,2CAA2CC,IAAI,CAACC,SAAS,CAAC;MACxDV,UAAU,EAAE,IAAI,CAACD,IAAI,CAACC,UAAU;MAChCC,SAAS,EAAE,IAAI,CAACF,IAAI,CAACE;IACvB,CAAC,CAAC,EACJ,CAAC;IAEDH,MAAM,CAACa,OAAO,CAAEC,KAAK,IAAK;MACxB,IAAI,CAACA,KAAK,GAAGA,KAAK;MAClB,IAAI,CAACf,MAAM,CAACW,IAAI,CAAC,sCAAsC,CAAC;MACxD,IAAI,IAAI,CAACT,IAAI,CAACE,SAAS,IAAI,IAAI,CAACF,IAAI,CAACC,UAAU,EAAE,IAAI,CAACa,KAAK,CAAC,CAAC;IAC/D,CAAC,EAAE,IAAI,CAAC;EACV;EAEOC,SAASA,CAACC,IAAsC,EAAE;IACvD,MAAMC,IAAI,GAAG;MACXzB,UAAU,EAAE,IAAI,CAACA,UAAU;MAC3BS,UAAU,EAAE,IAAI,CAACD,IAAI,CAACC,UAAU,IAAI,IAAI;MACxCC,SAAS,EAAE,IAAI,CAACF,IAAI,CAACE,SAAS,IAAI,IAAI;MACtCgB,UAAU,EAAE,CAAC,CAAC,IAAI,CAACL;IACrB,CAAC;;IAED;IACA,IAAI,CAACb,IAAI,GAAG;MAAE,GAAG,IAAI,CAACA,IAAI;MAAE,GAAGgB;IAAK,CAAC;IAErC,IAAI,CAAClB,MAAM,CAACW,IAAI,CACd,yCAAyCC,IAAI,CAACC,SAAS,CAAC;MACtDV,UAAU,EAAE,IAAI,CAACD,IAAI,CAACC,UAAU;MAChCC,SAAS,EAAE,IAAI,CAACF,IAAI,CAACE;IACvB,CAAC,CAAC,EACJ,CAAC;IAED,MAAMiB,aAAa,GAAG,IAAI,CAACnB,IAAI,CAACC,UAAU,IAAI,IAAI;IAClD,MAAMmB,YAAY,GAAG,IAAI,CAACpB,IAAI,CAACE,SAAS,IAAI,IAAI;;IAEhD;IACA,IAAIe,IAAI,CAACzB,UAAU,IAAIyB,IAAI,CAAChB,UAAU,KAAKkB,aAAa,EAAE;MACxD,IAAI,CAACE,IAAI,CAAC,CAAC;MACX,IAAIF,aAAa,EAAE,IAAI,CAACL,KAAK,CAAC,CAAC;MAC/B;IACF;;IAEA;IACA,IAAIG,IAAI,CAACzB,UAAU,IAAI2B,aAAa,KAAK,IAAI,EAAE;MAC7C,IAAI,CAACE,IAAI,CAAC,CAAC;MACX;IACF;;IAEA;IACA;IACA;IACA,IAAI,CAACJ,IAAI,CAACzB,UAAU,IAAI2B,aAAa,IAAIC,YAAY,EAAE;MACrD;MACA,IAAI,IAAI,CAACP,KAAK,EAAE,IAAI,CAACC,KAAK,CAAC,CAAC;MAC5B;MACA;IACF;;IAEA;IACA,IAAI,CAACG,IAAI,CAACzB,UAAU,IAAI,CAACyB,IAAI,CAACf,SAAS,IAAIkB,YAAY,IAAID,aAAa,EAAE;MACxE,IAAI,IAAI,CAACN,KAAK,EAAE,IAAI,CAACC,KAAK,CAAC,CAAC;MAC5B;MACA;IACF;;IAEA;EACF;EAEOQ,SAASA,CAAA,EAAG;IACjB,OAAO,IAAI,CAAC7B,WAAW;EACzB;EAEOqB,KAAKA,CAAA,EAAG;IACb,IAAI,IAAI,CAACtB,UAAU,IAAI,CAAC,IAAI,CAACQ,IAAI,CAACC,UAAU,EAAE;IAC9C,IAAI,CAACH,MAAM,CAACW,IAAI,CAAC,yCAAyC,CAAC;IAC3D,IAAI,CAACjB,UAAU,GAAG,IAAI;IACtB,IAAI,CAAC+B,KAAK,GAAGC,WAAW,CAAC,MAAM;MAC7B;MACA,KAAK,IAAI,CAACC,OAAO,CAAC,UAAU,CAAC;IAC/B,CAAC,EAAE,IAAI,CAACzB,IAAI,CAACC,UAAU,CAAC;EAC1B;EAEOoB,IAAIA,CAAA,EAAG;IACZ,IAAI,CAAC,IAAI,CAAC7B,UAAU,EAAE;IACtB,IAAI,CAACM,MAAM,CAACW,IAAI,CAAC,wCAAwC,CAAC;IAC1DiB,aAAa,CAAC,IAAI,CAACH,KAAM,CAAC;IAC1B,IAAI,CAACA,KAAK,GAAGjC,SAAS;IACtB,IAAI,CAACE,UAAU,GAAG,KAAK;EACzB;EAEA,MAAaiC,OAAOA,CAACE,MAAM,GAAG,QAAQ,EAAE;IAAA,IAAAC,WAAA;IACtC,IAAI,IAAI,CAACnC,WAAW,EAAE;MACpB,IAAI,CAACK,MAAM,CAAC+B,IAAI,CAAC,2DAA2D,CAAC;MAC7E;IACF;IACA,IAAI,CAAC,IAAI,CAAChB,KAAK,IAAI,GAAAe,WAAA,GAAC,IAAI,CAACf,KAAK,cAAAe,WAAA,eAAVA,WAAA,CAAYE,aAAa,GAAE;MAC7C,IAAI,CAAChC,MAAM,CAAC+B,IAAI,CAAC,2DAA2D,CAAC;MAC7E;IACF;IAEA,IAAI,CAACpC,WAAW,GAAG,IAAI;IACvB,IAAI,CAACK,MAAM,CAACW,IAAI,CAAC,qCAAqCkB,MAAM,GAAG,CAAC;IAEhE,IAAI;MACF,MAAMI,OAAO,GAAG,MAAM,IAAI,CAAC/B,IAAI,CAACO,WAAW,CAAC,CAAC;MAC7C,IAAI,CAACT,MAAM,CAACW,IAAI,CAAC,sBAAsBsB,OAAO,CAACC,MAAM,qBAAqB,CAAC;MAC3E,KAAK,MAAMtD,GAAG,IAAIqD,OAAO,EAAe;QACtC;QACA,IAAI;UACF,MAAM,IAAI,CAACE,iBAAiB,CAACvD,GAAG,CAAC;UACjC;QACF,CAAC,CAAC,OAAO0B,CAAC,EAAE;UAAA,IAAA8B,kBAAA,EAAAC,UAAA;UACV,IAAI,CAACrC,MAAM,CAACO,KAAK,CAAC,uBAAuB3B,GAAG,CAACE,EAAE,YAAY0B,MAAM,CAACF,CAAC,CAAC,EAAE,CAAC;UACvE,CAAA8B,kBAAA,IAAAC,UAAA,OAAI,CAACnC,IAAI,EAACG,OAAO,cAAA+B,kBAAA,eAAjBA,kBAAA,CAAAE,IAAA,CAAAD,UAAA,EAAoB/B,CAAC,CAAC;QACxB;MACF;MACA,IAAI,CAACN,MAAM,CAACW,IAAI,CAAC,2BAA2B,CAAC;IAC/C,CAAC,CAAC,OAAOL,CAAC,EAAE;MAAA,IAAAiC,mBAAA,EAAAC,WAAA;MACV,IAAI,CAACxC,MAAM,CAACO,KAAK,CAAC,8BAA8BC,MAAM,CAACF,CAAC,CAAC,EAAE,CAAC;MAC5D,CAAAiC,mBAAA,IAAAC,WAAA,OAAI,CAACtC,IAAI,EAACG,OAAO,cAAAkC,mBAAA,eAAjBA,mBAAA,CAAAD,IAAA,CAAAE,WAAA,EAAoBlC,CAAC,CAAC;IACxB,CAAC,SAAS;MACR,IAAI,CAACX,WAAW,GAAG,KAAK;IAC1B;EACF;EAEO8C,aAAaA,CAACtC,UAAyB,EAAE;IAC9C,IAAI,CAACc,SAAS,CAAC;MAAEd;IAAW,CAAC,CAAC;EAChC;EAEOuC,WAAWA,CAAC5D,EAAU,EAAuB;IAClD,OAAO,IAAI,CAACc,cAAc,CAAC+C,GAAG,CAAC7D,EAAE,CAAC;EACpC;;EAEA;EACA,MAAcqD,iBAAiBA,CAACvD,GAAY,EAAE;IAC5C,MAAM;MAAEgE,UAAU;MAAEC,cAAc;MAAEC,eAAe;MAAEC,MAAM;MAAEC,WAAW;MAAEC;IAAa,CAAC,GACtFC,4BAAkB,CAACC,QAAQ,CAAC,CAAC;IAE/B,MAAMrE,EAAE,GAAGF,GAAG,CAACE,EAAE;IAEjB,IAAI,CAAC,IAAI,CAACiC,KAAK,EAAE;MACf,IAAI,CAACf,MAAM,CAACO,KAAK,CAAC,iEAAiEzB,EAAE,EAAE,CAAC;MACxF;IACF;;IAEA;IACA,IAAI8D,UAAU,CAAC9D,EAAE,CAAC,EAAE;MAClB,IAAI,CAACkB,MAAM,CAACW,IAAI,CAAC,gCAAgC7B,EAAE,8BAA8B,CAAC;MAClF;IACF;;IAEA;IACAiE,MAAM,CAAC,IAAI,CAAC7C,IAAI,CAACQ,MAAM,CAAC9B,GAAG,CAAC,CAAC;;IAE7B;IACAiE,cAAc,CAAC/D,EAAE,CAAC;IAClB,IAAI,CAACkB,MAAM,CAACW,IAAI,CAAC,iCAAiC7B,EAAE,EAAE,CAAC;IAEvD,IAAI;MACF;MACA,MAAMsE,OAAO,GAAG,MAAM,IAAAC,8CAAsB,EAACzE,GAAG,EAAE,IAAI,CAACoB,MAAM,CAAC;MAC9D,MAAMsD,GAAG,GAAGC,IAAI,CAACD,GAAG,CAAC,CAAC;MAEtB,MAAME,IAAI,GAAG,IAAAC,sCAA4B,EAAC7E,GAAG,CAAC,IAAK,CAAC,CAA+B;MACnF4E,IAAI,CAACE,eAAe,GAAGN,OAAO,GAAGO,oBAAa,CAACC,KAAK,GAAGD,oBAAa,CAACE,OAAO;MAC5EL,IAAI,CAACM,aAAa,GAAGR,GAAG;MACxBE,IAAI,CAACO,YAAY,GAAG,CAACP,IAAI,CAACO,YAAY,IAAI,CAAC,IAAI,CAAC;MAChD,IAAAC,sCAA4B,EAACpF,GAAG,EAAE4E,IAAI,CAAC;MACvC,MAAM,IAAAS,iCAAuB,EAAC,IAAI,CAAClD,KAAK,CAACmD,OAAO,EAAEtF,GAAG,CAAC;MAEtD,IAAIwE,OAAO,EAAE;QACX,IAAI,CAACpD,MAAM,CAACW,IAAI,CAAC,uBAAuB7B,EAAE,EAAE,CAAC;MAC/C,CAAC,MAAM;QACL,IAAI,CAACkB,MAAM,CAACW,IAAI,CAAC,yBAAyB7B,EAAE,EAAE,CAAC;QAC/CkE,WAAW,CAAClE,EAAE,CAAC,EAAC;MAClB;MACAmE,YAAY,CAAC,IAAIM,IAAI,CAACD,GAAG,CAAC,CAAChE,WAAW,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,OAAOiB,KAAK,EAAE;MAAA,IAAA4D,mBAAA,EAAAC,WAAA;MACd,IAAI,CAACpE,MAAM,CAACO,KAAK,CAAC,+BAA+BzB,EAAE,KAAK0B,MAAM,CAACD,KAAK,CAAC,EAAE,CAAC;MACxE,CAAA4D,mBAAA,IAAAC,WAAA,OAAI,CAAClE,IAAI,EAACG,OAAO,cAAA8D,mBAAA,eAAjBA,mBAAA,CAAA7B,IAAA,CAAA8B,WAAA,EAAoB7D,KAAK,CAAC;IAC5B,CAAC,SAAS;MACRuC,eAAe,CAAChE,EAAE,CAAC;IACrB;EACF;EAEA,MAAcuF,aAAaA,CAACzF,GAAY,EAAE;IACxC,MAAM;MACJgE,UAAU;MACVC,cAAc;MACdC,eAAe;MACfwB,YAAY;MACZC,0BAA0B;MAC1BC,aAAa;MACbC,gBAAgB;MAChB1B;IACF,CAAC,GAAGG,4BAAkB,CAACC,QAAQ,CAAC,CAAC;IAEjC,MAAMrE,EAAE,GAAGF,GAAG,CAACE,EAAE;IAEjB,IAAI,CAAC,IAAI,CAACiC,KAAK,EAAE;MACf,IAAI,CAACf,MAAM,CAACO,KAAK,CAAC,iEAAiEzB,EAAE,EAAE,CAAC;MACxF;IACF;;IAEA;IACA,IAAI8D,UAAU,CAAC9D,EAAE,CAAC,EAAE;MAClB,IAAI,CAACkB,MAAM,CAACW,IAAI,CAAC,gCAAgC7B,EAAE,8BAA8B,CAAC;MAClF;IACF;;IAEA;IACAiE,MAAM,CAAC,IAAI,CAAC7C,IAAI,CAACQ,MAAM,CAAC9B,GAAG,CAAC,CAAC;;IAE7B;IACAiE,cAAc,CAAC/D,EAAE,CAAC;IAClB,IAAI,CAACkB,MAAM,CAACW,IAAI,CAAC,iCAAiC7B,EAAE,EAAE,CAAC;IAEvD,IAAI;MACF;MACA,MAAMsE,OAAO,GAAG,MAAM,IAAAC,8CAAsB,EAACzE,GAAG,EAAE,IAAI,CAACoB,MAAM,CAAC;MAC9D,IAAIoD,OAAO,EAAE;QACX,IAAI,CAACpD,MAAM,CAACW,IAAI,CAAC,uBAAuB7B,EAAE,EAAE,CAAC;QAC7C;QACAwF,YAAY,CAACxF,EAAE,CAAC;QAChB;QACA;QACA;MACF;;MAEA;;MAEA,MAAM,IAAA4F,oCAA0B,EAAC;QAC/BC,UAAU,EAAE/F,GAAG;QACfgG,MAAM,EAAEjB,oBAAa,CAACE,OAAO;QAC7BgB,YAAY,EAAE,IAAI,CAAC9D,KAAK,CAACmD;MAC3B,CAAC,CAAC;;MAEF;MACA,IAAI,CAAClE,MAAM,CAACW,IAAI,CAAC,+CAA+C7B,EAAE,EAAE,CAAC;MACrE,MAAMgG,KAAK,GAAG,MAAM,IAAAC,gCAAkB,EAAC;QAAE/E,MAAM,EAAE,IAAI,CAACA,MAAM;QAAEgF,IAAI,EAAEpG,GAAG;QAAEiG,YAAY,EAAE,IAAI,CAAC9D,KAAK,CAACmD;MAAQ,CAAC,CAAC;MAC5G,IAAI,CAACY,KAAK,EAAE;QACV,MAAMG,GAAG,GAAG,4BAA4B;QACxC,IAAI,CAACjF,MAAM,CAAC+B,IAAI,CAAC,gBAAgBkD,GAAG,QAAQnG,EAAE,EAAE,CAAC;QACjD0F,aAAa,CAAC1F,EAAE,EAAEmG,GAAG,CAAC;QACtB;MACF;;MAEA;MACA,MAAMC,SAAS,GAAG,MAAM,IAAAC,4CAAgC,EAAC;QACvDpE,KAAK,EAAE,IAAI,CAACA,KAAK;QACjBf,MAAM,EAAE,IAAI,CAACA,MAAM;QACnBoF,MAAM,EAAExG,GAAG;QACXyG,aAAa,EAAEP;MACjB,CAAC,CAAC;MAEF,IAAII,SAAS,EAAE;QACb,IAAI,CAAClF,MAAM,CAACW,IAAI,CAAC,iCAAiCuE,SAAS,CAACpG,EAAE,EAAE,CAAC;QACjE;QACAyF,0BAA0B,CAACzF,EAAE,EAAE,IAAI,CAACoB,IAAI,CAACQ,MAAM,CAACwE,SAAS,CAAC,CAAC;QAC3DT,gBAAgB,CAAC3F,EAAE,CAAC;QACpB,IAAI,CAACc,cAAc,CAAC0F,GAAG,CAACJ,SAAS,CAACpG,EAAE,EAAEoG,SAAS,CAAC;MAClD,CAAC,MAAM;QACL,MAAMD,GAAG,GAAG,6BAA6B;QACzC,IAAI,CAACjF,MAAM,CAAC+B,IAAI,CAAC,gBAAgBkD,GAAG,QAAQnG,EAAE,EAAE,CAAC;QACjD0F,aAAa,CAAC1F,EAAE,EAAEmG,GAAG,CAAC;QACtB,MAAM,IAAAP,oCAA0B,EAAC;UAC/BC,UAAU,EAAE/F,GAAG;UACfgG,MAAM,EAAEjB,oBAAa,CAACE,OAAO;UAC7BgB,YAAY,EAAE,IAAI,CAAC9D,KAAK,CAACmD;QAC3B,CAAC,CAAC;MACJ;IACF,CAAC,CAAC,OAAO5D,CAAC,EAAE;MACV,MAAMiF,GAAG,GAAG/E,MAAM,CAACF,CAAC,CAAC;MACrB,IAAI,CAACN,MAAM,CAACO,KAAK,CAAC,yBAAyBzB,EAAE,KAAKyG,GAAG,EAAE,CAAC;MACxDf,aAAa,CAAC1F,EAAE,EAAEyG,GAAG,CAAC;IACxB,CAAC,SAAS;MACR;MACAzC,eAAe,CAAChE,EAAE,CAAC;IACrB;EACF;AACF;AAAC0G,OAAA,CAAA/F,mBAAA,GAAAA,mBAAA","ignoreList":[]}
1	+ {"version":3,"names":["_types","require","_registry","_verifyCredentialStatus","_metadata","_credentialRecord","_operations","RefreshOrchestrator","intervalOn","runningOnce","recentlyIssued","Map","constructor","logger","bridge","opts","intervalMs","autoStart","flowType","OpenIDCredentialRefreshFlowType","FullReplacement","onError","e","error","String","listRecords","toLite","toOpenIDCredentialLite","info","JSON","stringify","onReady","agent","start","configure","next","prev","agentReady","nowIntervalMs","nowAutoStart","stop","isRunning","timer","setInterval","runOnce","clearInterval","undefined","reason","_this$agent","warn","isInitialized","records","length","rec","refreshRecord","checkRecordStatus","_this$opts$onError","_this$opts","id","call","_this$opts$onError2","_this$opts2","setIntervalMs","resolveFull","get","shouldSkip","markRefreshing","clearRefreshing","clearExpired","upsert","markInvalid","setLastSweep","credentialRegistry","getState","status","verifyCredentialStatus","now","Date","meta","getRefreshCredentialMetadata","lastCheckResult","lastCheckedAt","attemptCount","setRefreshCredentialMetadata","persistCredentialRecord","context","RefreshStatus","Valid","Invalid","toISOString","_this$opts$onError3","_this$opts3","blockAsSucceeded","Error","markOpenIDCredentialStatus","credential","agentContext","newRecord","refreshAndQueueReplacement","record","msg","set","_this$opts$onError4","_this$opts4","err","exports"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/refreshOrchestrator.ts"],"mappings":";;;;;;AAGA,IAAAA,MAAA,GAAAC,OAAA;AAQA,IAAAC,SAAA,GAAAD,OAAA;AACA,IAAAE,uBAAA,GAAAF,OAAA;AACA,IAAAG,SAAA,GAAAH,OAAA;AAMA,IAAAI,iBAAA,GAAAJ,OAAA;AACA,IAAAK,WAAA,GAAAL,OAAA;AApBA;;AAsBO,MAAMM,mBAAmB,CAAiC;EAEvDC,UAAU,GAAG,KAAK,EAAC;EACnBC,WAAW,GAAG,KAAK,EAAC;;EAGXC,cAAc,GAAG,IAAIC,GAAG,CAAiC,CAAC;EAEpEC,WAAWA,CACCC,MAAoB,EACrCC,MAAmB,EACnBC,IAA8B,EAC9B;IAAA,KAHiBF,MAAoB,GAApBA,MAAoB;IAIrC,IAAI,CAACE,IAAI,GAAG;MACVC,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;MAC1BC,SAAS,EAAE,IAAI;MACfC,QAAQ,EAAEC,sCAA+B,CAACC,eAAe;MACzDC,OAAO,EAAGC,CAAC,IAAK,IAAI,CAACT,MAAM,CAACU,KAAK,CAACC,MAAM,CAACF,CAAC,CAAC,CAAC;MAC5CG,WAAW,EAAE,MAAAA,CAAA,KAAY,EAAE;MAC3BC,MAAM,EAAEC,wCAAsB;MAC9B,IAAIZ,IAAI,IAAI,CAAC,CAAC;IAChB,CAAC;IAEDF,MAAM,CAACe,IAAI,CACT,2CAA2CC,IAAI,CAACC,SAAS,CAAC;MACxDd,UAAU,EAAE,IAAI,CAACD,IAAI,CAACC,UAAU;MAChCC,SAAS,EAAE,IAAI,CAACF,IAAI,CAACE,SAAS;MAC9BC,QAAQ,EAAE,IAAI,CAACH,IAAI,CAACG;IACtB,CAAC,CAAC,EACJ,CAAC;IAEDJ,MAAM,CAACiB,OAAO,CAAEC,KAAK,IAAK;MACxB,IAAI,CAACA,KAAK,GAAGA,KAAK;MAClB,IAAI,CAACnB,MAAM,CAACe,IAAI,CAAC,sCAAsC,CAAC;MACxD,IAAI,IAAI,CAACb,IAAI,CAACE,SAAS,IAAI,IAAI,CAACF,IAAI,CAACC,UAAU,EAAE,IAAI,CAACiB,KAAK,CAAC,CAAC;IAC/D,CAAC,EAAE,IAAI,CAAC;EACV;EAEOC,SAASA,CAACC,IAAsC,EAAE;IACvD,MAAMC,IAAI,GAAG;MACX5B,UAAU,EAAE,IAAI,CAACA,UAAU;MAC3BQ,UAAU,EAAE,IAAI,CAACD,IAAI,CAACC,UAAU,IAAI,IAAI;MACxCC,SAAS,EAAE,IAAI,CAACF,IAAI,CAACE,SAAS,IAAI,IAAI;MACtCoB,UAAU,EAAE,CAAC,CAAC,IAAI,CAACL;IACrB,CAAC;;IAED;IACA,IAAI,CAACjB,IAAI,GAAG;MAAE,GAAG,IAAI,CAACA,IAAI;MAAE,GAAGoB;IAAK,CAAC;IAErC,IAAI,CAACtB,MAAM,CAACe,IAAI,CACd,yCAAyCC,IAAI,CAACC,SAAS,CAAC;MACtDd,UAAU,EAAE,IAAI,CAACD,IAAI,CAACC,UAAU;MAChCC,SAAS,EAAE,IAAI,CAACF,IAAI,CAACE,SAAS;MAC9BC,QAAQ,EAAE,IAAI,CAACH,IAAI,CAACG;IACtB,CAAC,CAAC,EACJ,CAAC;IAED,MAAMoB,aAAa,GAAG,IAAI,CAACvB,IAAI,CAACC,UAAU,IAAI,IAAI;IAClD,MAAMuB,YAAY,GAAG,IAAI,CAACxB,IAAI,CAACE,SAAS,IAAI,IAAI;;IAEhD;IACA,IAAImB,IAAI,CAAC5B,UAAU,IAAI4B,IAAI,CAACpB,UAAU,KAAKsB,aAAa,EAAE;MACxD,IAAI,CAACE,IAAI,CAAC,CAAC;MACX,IAAIF,aAAa,EAAE,IAAI,CAACL,KAAK,CAAC,CAAC;MAC/B;IACF;;IAEA;IACA,IAAIG,IAAI,CAAC5B,UAAU,IAAI8B,aAAa,KAAK,IAAI,EAAE;MAC7C,IAAI,CAACE,IAAI,CAAC,CAAC;MACX;IACF;;IAEA;IACA;IACA;IACA,IAAI,CAACJ,IAAI,CAAC5B,UAAU,IAAI8B,aAAa,IAAIC,YAAY,EAAE;MACrD;MACA,IAAI,IAAI,CAACP,KAAK,EAAE,IAAI,CAACC,KAAK,CAAC,CAAC;MAC5B;MACA;IACF;;IAEA;IACA,IAAI,CAACG,IAAI,CAAC5B,UAAU,IAAI,CAAC4B,IAAI,CAACnB,SAAS,IAAIsB,YAAY,IAAID,aAAa,EAAE;MACxE,IAAI,IAAI,CAACN,KAAK,EAAE,IAAI,CAACC,KAAK,CAAC,CAAC;MAC5B;MACA;IACF;;IAEA;EACF;EAEOQ,SAASA,CAAA,EAAG;IACjB,OAAO,IAAI,CAAChC,WAAW;EACzB;EAEOwB,KAAKA,CAAA,EAAG;IACb,IAAI,IAAI,CAACzB,UAAU,IAAI,CAAC,IAAI,CAACO,IAAI,CAACC,UAAU,EAAE;IAC9C,IAAI,CAACH,MAAM,CAACe,IAAI,CAAC,yCAAyC,CAAC;IAC3D,IAAI,CAACpB,UAAU,GAAG,IAAI;IACtB,IAAI,CAACkC,KAAK,GAAGC,WAAW,CAAC,MAAM;MAC7B;MACA,KAAK,IAAI,CAACC,OAAO,CAAC,UAAU,CAAC;IAC/B,CAAC,EAAE,IAAI,CAAC7B,IAAI,CAACC,UAAU,CAAC;EAC1B;EAEOwB,IAAIA,CAAA,EAAG;IACZ,IAAI,CAAC,IAAI,CAAChC,UAAU,EAAE;IACtB,IAAI,CAACK,MAAM,CAACe,IAAI,CAAC,wCAAwC,CAAC;IAC1DiB,aAAa,CAAC,IAAI,CAACH,KAAM,CAAC;IAC1B,IAAI,CAACA,KAAK,GAAGI,SAAS;IACtB,IAAI,CAACtC,UAAU,GAAG,KAAK;EACzB;EAEA,MAAaoC,OAAOA,CAACG,MAAM,GAAG,QAAQ,EAAE;IAAA,IAAAC,WAAA;IACtC,IAAI,IAAI,CAACvC,WAAW,EAAE;MACpB,IAAI,CAACI,MAAM,CAACoC,IAAI,CAAC,2DAA2D,CAAC;MAC7E;IACF;IACA,IAAI,CAAC,IAAI,CAACjB,KAAK,IAAI,GAAAgB,WAAA,GAAC,IAAI,CAAChB,KAAK,cAAAgB,WAAA,eAAVA,WAAA,CAAYE,aAAa,GAAE;MAC7C,IAAI,CAACrC,MAAM,CAACoC,IAAI,CAAC,2DAA2D,CAAC;MAC7E;IACF;IAEA,IAAI,CAACxC,WAAW,GAAG,IAAI;IACvB,IAAI,CAACI,MAAM,CAACe,IAAI,CAAC,qCAAqCmB,MAAM,GAAG,CAAC;IAEhE,IAAI;MACF,MAAMI,OAAO,GAAG,MAAM,IAAI,CAACpC,IAAI,CAACU,WAAW,CAAC,CAAC;MAC7C,IAAI,CAACZ,MAAM,CAACe,IAAI,CAAC,sBAAsBuB,OAAO,CAACC,MAAM,qBAAqB,CAAC;MAC3E,KAAK,MAAMC,GAAG,IAAIF,OAAO,EAA8B;QACrD;QACA,IAAI;UACF,IAAI,IAAI,CAACpC,IAAI,CAACG,QAAQ,KAAKC,sCAA+B,CAACC,eAAe,EAAE;YAC1E,MAAM,IAAI,CAACkC,aAAa,CAACD,GAAG,CAAC;UAC/B,CAAC,MAAM;YACL,MAAM,IAAI,CAACE,iBAAiB,CAACF,GAAG,CAAC;UACnC;QACF,CAAC,CAAC,OAAO/B,CAAC,EAAE;UAAA,IAAAkC,kBAAA,EAAAC,UAAA;UACV,IAAI,CAAC5C,MAAM,CAACU,KAAK,CAAC,uBAAuB8B,GAAG,CAACK,EAAE,YAAYlC,MAAM,CAACF,CAAC,CAAC,EAAE,CAAC;UACvE,CAAAkC,kBAAA,IAAAC,UAAA,OAAI,CAAC1C,IAAI,EAACM,OAAO,cAAAmC,kBAAA,eAAjBA,kBAAA,CAAAG,IAAA,CAAAF,UAAA,EAAoBnC,CAAC,CAAC;QACxB;MACF;MACA,IAAI,CAACT,MAAM,CAACe,IAAI,CAAC,2BAA2B,CAAC;IAC/C,CAAC,CAAC,OAAON,CAAC,EAAE;MAAA,IAAAsC,mBAAA,EAAAC,WAAA;MACV,IAAI,CAAChD,MAAM,CAACU,KAAK,CAAC,8BAA8BC,MAAM,CAACF,CAAC,CAAC,EAAE,CAAC;MAC5D,CAAAsC,mBAAA,IAAAC,WAAA,OAAI,CAAC9C,IAAI,EAACM,OAAO,cAAAuC,mBAAA,eAAjBA,mBAAA,CAAAD,IAAA,CAAAE,WAAA,EAAoBvC,CAAC,CAAC;IACxB,CAAC,SAAS;MACR,IAAI,CAACb,WAAW,GAAG,KAAK;IAC1B;EACF;EAEOqD,aAAaA,CAAC9C,UAAyB,EAAE;IAC9C,IAAI,CAACkB,SAAS,CAAC;MAAElB;IAAW,CAAC,CAAC;EAChC;EAEO+C,WAAWA,CAACL,EAAU,EAAsC;IACjE,OAAO,IAAI,CAAChD,cAAc,CAACsD,GAAG,CAACN,EAAE,CAAC;EACpC;;EAEA;EACA,MAAcH,iBAAiBA,CAACF,GAA2B,EAAE;IAC3D,MAAM;MAAEY,UAAU;MAAEC,cAAc;MAAEC,eAAe;MAAEC,YAAY;MAAEC,MAAM;MAAEC,WAAW;MAAEC;IAAa,CAAC,GACpGC,4BAAkB,CAACC,QAAQ,CAAC,CAAC;IAE/B,MAAMf,EAAE,GAAGL,GAAG,CAACK,EAAE;IAEjB,IAAI,CAAC,IAAI,CAAC1B,KAAK,EAAE;MACf,IAAI,CAACnB,MAAM,CAACU,KAAK,CAAC,iEAAiEmC,EAAE,EAAE,CAAC;MACxF;IACF;;IAEA;IACA,IAAIO,UAAU,CAACP,EAAE,CAAC,EAAE;MAClB,IAAI,CAAC7C,MAAM,CAACe,IAAI,CAAC,gCAAgC8B,EAAE,8BAA8B,CAAC;MAClF;IACF;;IAEA;IACAW,MAAM,CAAC,IAAI,CAACtD,IAAI,CAACW,MAAM,CAAC2B,GAAG,CAAC,CAAC;;IAE7B;IACAa,cAAc,CAACR,EAAE,CAAC;IAClB,IAAI,CAAC7C,MAAM,CAACe,IAAI,CAAC,iCAAiC8B,EAAE,EAAE,CAAC;IAEvD,IAAI;MACF;MACA,MAAMgB,MAAM,GAAG,MAAM,IAAAC,8CAAsB,EAACtB,GAAG,EAAE,IAAI,CAACxC,MAAM,CAAC;MAC7D,MAAM+D,GAAG,GAAGC,IAAI,CAACD,GAAG,CAAC,CAAC;MAEtB,MAAME,IAAI,GAAG,IAAAC,sCAA4B,EAAC1B,GAAG,CAAC,IAAK,CAAC,CAA+B;MACnFyB,IAAI,CAACE,eAAe,GAAGN,MAAM;MAC7BI,IAAI,CAACG,aAAa,GAAGL,GAAG;MACxBE,IAAI,CAACI,YAAY,GAAG,CAACJ,IAAI,CAACI,YAAY,IAAI,CAAC,IAAI,CAAC;MAChD,IAAAC,sCAA4B,EAAC9B,GAAG,EAAEyB,IAAI,CAAC;MACvC,MAAM,IAAAM,iCAAuB,EAAC,IAAI,CAACpD,KAAK,CAACqD,OAAO,EAAEhC,GAAG,CAAC;MAEtD,IAAIqB,MAAM,KAAKY,oBAAa,CAACC,KAAK,EAAE;QAClC,IAAI,CAAC1E,MAAM,CAACe,IAAI,CAAC,uBAAuB8B,EAAE,EAAE,CAAC;QAC7CU,YAAY,CAACV,EAAE,CAAC;MAClB,CAAC,MAAM,IAAIgB,MAAM,KAAKY,oBAAa,CAACE,OAAO,EAAE;QAC3C,IAAI,CAAC3E,MAAM,CAACe,IAAI,CAAC,yBAAyB8B,EAAE,EAAE,CAAC;QAC/CY,WAAW,CAACZ,EAAE,CAAC;MACjB,CAAC,MAAM;QACL,IAAI,CAAC7C,MAAM,CAACoC,IAAI,CAAC,qCAAqCS,EAAE,EAAE,CAAC;MAC7D;MACAa,YAAY,CAAC,IAAIM,IAAI,CAACD,GAAG,CAAC,CAACa,WAAW,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,OAAOlE,KAAK,EAAE;MAAA,IAAAmE,mBAAA,EAAAC,WAAA;MACd,IAAI,CAAC9E,MAAM,CAACU,KAAK,CAAC,+BAA+BmC,EAAE,KAAKlC,MAAM,CAACD,KAAK,CAAC,EAAE,CAAC;MACxE,CAAAmE,mBAAA,IAAAC,WAAA,OAAI,CAAC5E,IAAI,EAACM,OAAO,cAAAqE,mBAAA,eAAjBA,mBAAA,CAAA/B,IAAA,CAAAgC,WAAA,EAAoBpE,KAAK,CAAC;IAC5B,CAAC,SAAS;MACR4C,eAAe,CAACT,EAAE,CAAC;IACrB;EACF;EAEA,MAAcJ,aAAaA,CAACD,GAA2B,EAAE;IACvD,MAAM;MAAEY,UAAU;MAAEC,cAAc;MAAEC,eAAe;MAAEC,YAAY;MAAEwB,gBAAgB;MAAEtB,WAAW;MAAED;IAAO,CAAC,GACxGG,4BAAkB,CAACC,QAAQ,CAAC,CAAC;IAE/B,MAAMf,EAAE,GAAGL,GAAG,CAACK,EAAE;IAEjB,IAAI,CAAC,IAAI,CAAC1B,KAAK,EAAE;MACf,IAAI,CAACnB,MAAM,CAACU,KAAK,CAAC,iEAAiEmC,EAAE,EAAE,CAAC;MACxF;IACF;;IAEA;IACA,IAAIO,UAAU,CAACP,EAAE,CAAC,EAAE;MAClB,IAAI,CAAC7C,MAAM,CAACe,IAAI,CAAC,gCAAgC8B,EAAE,8BAA8B,CAAC;MAClF;IACF;;IAEA;IACAW,MAAM,CAAC,IAAI,CAACtD,IAAI,CAACW,MAAM,CAAC2B,GAAG,CAAC,CAAC;;IAE7B;IACAa,cAAc,CAACR,EAAE,CAAC;IAClB,IAAI,CAAC7C,MAAM,CAACe,IAAI,CAAC,iCAAiC8B,EAAE,EAAE,CAAC;IAEvD,IAAI;MACF;MACA,MAAMgB,MAAM,GAAG,MAAM,IAAAC,8CAAsB,EAACtB,GAAG,EAAE,IAAI,CAACxC,MAAM,CAAC;MAC7D,IAAI6D,MAAM,KAAKY,oBAAa,CAACC,KAAK,EAAE;QAClC,IAAI,CAAC1E,MAAM,CAACe,IAAI,CAAC,uBAAuB8B,EAAE,EAAE,CAAC;QAC7C;QACAU,YAAY,CAACV,EAAE,CAAC;QAChB;QACA;QACA;MACF;MAEA,IAAIgB,MAAM,KAAKY,oBAAa,CAACO,KAAK,EAAE;QAClC,IAAI,CAAChF,MAAM,CAACoC,IAAI,CAAC,0DAA0DS,EAAE,EAAE,CAAC;QAChF,MAAM,IAAAoC,oCAA0B,EAAC;UAC/BC,UAAU,EAAE1C,GAAG;UACfqB,MAAM,EAAEY,oBAAa,CAACO,KAAK;UAC3BG,YAAY,EAAE,IAAI,CAAChE,KAAK,CAACqD;QAC3B,CAAC,CAAC;QACF;MACF;;MAEA;;MAEA,MAAM,IAAAS,oCAA0B,EAAC;QAC/BC,UAAU,EAAE1C,GAAG;QACfqB,MAAM,EAAEY,oBAAa,CAACE,OAAO;QAC7BQ,YAAY,EAAE,IAAI,CAAChE,KAAK,CAACqD;MAC3B,CAAC,CAAC;MAEF,IAAI,CAACxE,MAAM,CAACe,IAAI,CAAC,+CAA+C8B,EAAE,EAAE,CAAC;MACrE,MAAMuC,SAAS,GAAG,MAAM,IAAAC,sCAA0B,EAAC;QACjDlE,KAAK,EAAE,IAAI,CAACA,KAAK;QACjBnB,MAAM,EAAE,IAAI,CAACA,MAAM;QACnBsF,MAAM,EAAE9C,GAAG;QACX3B,MAAM,EAAE,IAAI,CAACX,IAAI,CAACW;MACpB,CAAC,CAAC;MAEF,IAAI,CAACuE,SAAS,EAAE;QACd,MAAMG,GAAG,GAAG,gDAAgD;QAC5D,IAAI,CAACvF,MAAM,CAACoC,IAAI,CAAC,gBAAgBmD,GAAG,QAAQ1C,EAAE,EAAE,CAAC;QACjDY,WAAW,CAACZ,EAAE,CAAC;QACf;MACF;MAEA,IAAI,CAAC7C,MAAM,CAACe,IAAI,CAAC,iCAAiCqE,SAAS,CAACvC,EAAE,EAAE,CAAC;MACjEkC,gBAAgB,CAAClC,EAAE,CAAC;MACpB,IAAI,CAAChD,cAAc,CAAC2F,GAAG,CAACJ,SAAS,CAACvC,EAAE,EAAEuC,SAAS,CAAC;IAClD,CAAC,CAAC,OAAO3E,CAAC,EAAE;MAAA,IAAAgF,mBAAA,EAAAC,WAAA;MACV,MAAMC,GAAG,GAAGhF,MAAM,CAACF,CAAC,CAAC;MACrB,IAAI,CAACT,MAAM,CAACU,KAAK,CAAC,yBAAyBmC,EAAE,KAAK8C,GAAG,EAAE,CAAC;MACxD,CAAAF,mBAAA,IAAAC,WAAA,OAAI,CAACxF,IAAI,EAACM,OAAO,cAAAiF,mBAAA,eAAjBA,mBAAA,CAAA3C,IAAA,CAAA4C,WAAA,EAAoBjF,CAAC,CAAC;MACtBgD,WAAW,CAACZ,EAAE,CAAC;IACjB,CAAC,SAAS;MACR;MACAS,eAAe,CAACT,EAAE,CAAC;IACrB;EACF;AACF;AAAC+C,OAAA,CAAAlG,mBAAA,GAAAA,mBAAA","ignoreList":[]}

package/lib/commonjs/modules/openid/refresh/refreshToken.js CHANGED Viewed

@@ -20,20 +20,16 @@ async function refreshAccessToken({
   logger.info(`[refreshAccessToken] Found refresh metadata for credential: ${cred.id}`);
   const {
     refreshToken,
-    authServer
+    tokenEndpoint
   } = refreshMetaData;
   try {
-    if (!authServer) {
-      throw new Error('No authorization server found in the credential offer metadata');
+    if (!tokenEndpoint) {
+      throw new Error('No token endpoint found in the credential offer metadata');
     }
-    logger.info(`[refreshAccessToken] Found auth server for credential: ${cred.id}: ${authServer}`);
-    // Build token endpoint: <AS>/token?force=false
-    // React-Native-safe URL build
-    const tokenUrl = (authServer.endsWith('/') ? authServer.slice(0, -1) : authServer) + '/token?force=false';
-    // const tokenUrl = new URL('token', authServer)
-    // tokenUrl.searchParams.set('force', 'false')
+    logger.info(`[refreshAccessToken] Found token endpoint for credential: ${cred.id}: ${tokenEndpoint}`);
+    // Build token endpoint:
+    const tokenUrl = tokenEndpoint.endsWith('/') ? tokenEndpoint.slice(0, -1) : tokenEndpoint;
     logger.info(`[refreshAccessToken] Refreshing access token at URL: ${tokenUrl} for credential: ${cred.id}`);
     const body = new URLSearchParams({
       grant_type: 'refresh_token',
@@ -51,20 +47,24 @@ async function refreshAccessToken({
       },
       body: body.toString()
     });
-    logger.info(`[refreshAccessToken] Response status: ${JSON.stringify(res)}`);
+    logger.info(`[refreshAccessToken] Token endpoint response status: ${res.status}`);
     if (!res.ok) {
       const errText = await res.text();
       throw new Error(`Refresh failed ${res.status}: ${errText}`);
     }
     const data = await res.json();
-    logger.info(`[refreshAccessToken] New access token acquired: ${JSON.stringify(data)}`);
+    logger.info(`[refreshAccessToken] Token refresh succeeded: ${JSON.stringify({
+      token_type: data.token_type,
+      expires_in: data.expires_in,
+      has_access_token: Boolean(data.access_token),
+      has_refresh_token: Boolean(data.refresh_token)
+    })}`);
     // If refresh token rotated, persist it
     if (data.refresh_token && data.refresh_token !== refreshToken) {
       logger.info(`[refreshAccessToken] Refresh token rotated; saving new one`);
       (0, _metadata.setRefreshCredentialMetadata)(cred, {
         ...refreshMetaData,
-        authServer: authServer,
         refreshToken: data.refresh_token
       });
       await (0, _metadata.persistCredentialRecord)(agentContext, cred);

package/lib/commonjs/modules/openid/refresh/refreshToken.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_metadata","require","refreshAccessToken","logger","cred","agentContext","info","id","refreshMetaData","getRefreshCredentialMetadata","error","refreshToken","~~authServer~~","Error","tokenUrl","endsWith","slice","body","URLSearchParams","grant_type","refresh_token","pre_authorized_code","pre_authorized_code_alt","user_pin","res","fetch","toString","method","headers","accept","JSON","stringify","ok","~~errText~~","~~text~~","~~status~~","~~data~~","~~json~~","setRefreshCredentialMetadata","persistCredentialRecord"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/refreshToken.ts"],"mappings":";;;;;;AAGA,IAAAA,SAAA,GAAAC,OAAA;~~AAEO~~,eAAeC,kBAAkBA,CAAC;EACvCC,MAAM;EACNC,IAAI;EACJC;AAKF,CAAC,EAAwC;EACvCF,MAAM,CAACG,IAAI,CAAC,4DAA4DF,IAAI,CAACG,EAAE,EAAE,CAAC;EAClF;EACA,MAAMC,eAAe,GAAG,IAAAC,sCAA4B,EAACL,IAAI,CAAC;EAC1D,IAAI,CAACI,eAAe,EAAE;IACpBL,MAAM,CAACO,KAAK,CAAC,kEAAkEN,IAAI,CAACG,EAAE,EAAE,CAAC;IACzF;EACF;EAEAJ,MAAM,CAACG,IAAI,CAAC,+DAA+DF,IAAI,CAACG,EAAE,EAAE,CAAC;EACrF,MAAM;IAAEI,YAAY;IAAEC;~~EAAW~~,CAAC,GAAGJ,eAAe;~~EAEpD~~,IAAI;IACF,IAAI,CAACI,~~UAAU~~,EAAE;~~MACf~~,MAAM,IAAIC,KAAK,CAAC,~~gEAAgE~~,CAAC;~~IACnF~~;IAEAV,MAAM,CAACG,IAAI,CAAC,~~0DAA0DF~~,IAAI,CAACG,EAAE,KAAKK,~~UAAU~~,EAAE,CAAC;;~~IAE/F~~;IACA~~;IACA~~,MAAME,QAAQ,~~GAAG~~,~~CAACF~~,~~UAAU,~~CAACG,QAAQ,CAAC,GAAG,CAAC,GAAGH,~~UAAU~~,CAACI,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAGJ,~~UAAU,IAAI,oBAAoB~~;~~IACzG;IACA;;IAEAT~~,MAAM,CAACG,IAAI,CAAC,wDAAwDQ,QAAQ,oBAAoBV,IAAI,CAACG,EAAE,EAAE,CAAC;IAE1G,MAAMU,IAAI,GAAG,IAAIC,eAAe,CAAC;MAC/BC,UAAU,EAAE,eAAe;MAC3BC,aAAa,EAAET,YAAY;MAC3B;MACAU,mBAAmB,EAAE,EAAE;MACvBC,uBAAuB,EAAE,EAAE;MAC3BC,QAAQ,EAAE;IACZ,CAAC,CAAC;IAEF,MAAMC,GAAG,GAAG,MAAMC,KAAK,CAACX,QAAQ,CAACY,QAAQ,CAAC,CAAC,EAAE;MAC3CC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACPC,MAAM,EAAE,kBAAkB;QAC1B,cAAc,EAAE;MAClB,CAAC;MACDZ,IAAI,EAAEA,IAAI,CAACS,QAAQ,CAAC;IACtB,CAAC,CAAC;IAEFvB,MAAM,CAACG,IAAI,CAAC,~~yCAAyCwB~~,~~IAAI~~,~~CAACC~~,~~SAAS~~,~~CAACP,GAAG,CAAC,~~EAAE,CAAC;~~IAE3E~~,IAAI,~~CAACA~~,GAAG,~~CAACQ~~,EAAE,EAAE;MACX,MAAMC,OAAO,GAAG,~~MAAMT~~,GAAG,~~CAACU~~,IAAI,CAAC,CAAC;MAChC,MAAM,~~IAAIrB~~,KAAK,CAAC,kBAAkBW,GAAG,~~CAACW~~,MAAM,~~KAAKF~~,OAAO,EAAE,CAAC;IAC7D;IAEA,~~MAAMG~~,IAAqB,GAAG,~~MAAMZ~~,GAAG,~~CAACa~~,IAAI,CAAC,CAAC;~~IAC9ClC~~,MAAM,CAACG,IAAI,~~CAAC~~,~~mDAAmDwB~~,IAAI,CAACC,SAAS,CAACK,IAAI,CAAC,~~EAAE~~,CAAC;;~~IAEtF~~;IACA,~~IAAIA~~,IAAI,~~CAAChB~~,aAAa,~~IAAIgB~~,IAAI,~~CAAChB~~,aAAa,KAAKT,YAAY,EAAE;MAC7DR,MAAM,CAACG,IAAI,CAAC,4DAA4D,CAAC;MACzE,~~IAAAgC~~,sCAA4B,~~EAAClC~~,IAAI,EAAE;QACjC,GAAGI,eAAe;~~QAClBI~~,~~UAAU,EAAEA,UAAU;QACtBD,~~YAAY,~~EAAEyB~~,IAAI,~~CAAChB~~;MACrB,CAAC,CAAC;MAEF,MAAM,~~IAAAmB~~,iCAAuB,~~EAAClC~~,YAAY,EAAED,IAAI,CAAC;IACnD;IAEA,~~OAAOgC~~,IAAI;EACb,CAAC,CAAC,~~OAAO1B~~,KAAK,EAAE;IACdP,MAAM,CAACO,KAAK,CAAC,iDAAiDA,KAAK,EAAE,CAAC;IACtE,MAAMA,KAAK;EACb;AACF","ignoreList":[]}
1	+ {"version":3,"names":["_metadata","require","refreshAccessToken","logger","cred","agentContext","info","id","refreshMetaData","getRefreshCredentialMetadata","error","refreshToken","tokenEndpoint","Error","tokenUrl","endsWith","slice","body","URLSearchParams","grant_type","refresh_token","pre_authorized_code","pre_authorized_code_alt","user_pin","res","fetch","toString","method","headers","accept","status","ok","errText","text","data","json","JSON","stringify","token_type","expires_in","has_access_token","Boolean","access_token","has_refresh_token","setRefreshCredentialMetadata","persistCredentialRecord"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/refreshToken.ts"],"mappings":";;;;;;AAGA,IAAAA,SAAA,GAAAC,OAAA;AAGO,eAAeC,kBAAkBA,CAAC;EACvCC,MAAM;EACNC,IAAI;EACJC;AAKF,CAAC,EAAwC;EACvCF,MAAM,CAACG,IAAI,CAAC,4DAA4DF,IAAI,CAACG,EAAE,EAAE,CAAC;EAClF;EACA,MAAMC,eAAe,GAAG,IAAAC,sCAA4B,EAACL,IAAI,CAAC;EAC1D,IAAI,CAACI,eAAe,EAAE;IACpBL,MAAM,CAACO,KAAK,CAAC,kEAAkEN,IAAI,CAACG,EAAE,EAAE,CAAC;IACzF;EACF;EAEAJ,MAAM,CAACG,IAAI,CAAC,+DAA+DF,IAAI,CAACG,EAAE,EAAE,CAAC;EACrF,MAAM;IAAEI,YAAY;IAAEC;EAAc,CAAC,GAAGJ,eAAe;EAEvD,IAAI;IACF,IAAI,CAACI,aAAa,EAAE;MAClB,MAAM,IAAIC,KAAK,CAAC,0DAA0D,CAAC;IAC7E;IAEAV,MAAM,CAACG,IAAI,CAAC,6DAA6DF,IAAI,CAACG,EAAE,KAAKK,aAAa,EAAE,CAAC;;IAErG;IACA,MAAME,QAAQ,GAAGF,aAAa,CAACG,QAAQ,CAAC,GAAG,CAAC,GAAGH,aAAa,CAACI,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAGJ,aAAa;IACzFT,MAAM,CAACG,IAAI,CAAC,wDAAwDQ,QAAQ,oBAAoBV,IAAI,CAACG,EAAE,EAAE,CAAC;IAE1G,MAAMU,IAAI,GAAG,IAAIC,eAAe,CAAC;MAC/BC,UAAU,EAAE,eAAe;MAC3BC,aAAa,EAAET,YAAY;MAC3B;MACAU,mBAAmB,EAAE,EAAE;MACvBC,uBAAuB,EAAE,EAAE;MAC3BC,QAAQ,EAAE;IACZ,CAAC,CAAC;IAEF,MAAMC,GAAG,GAAG,MAAMC,KAAK,CAACX,QAAQ,CAACY,QAAQ,CAAC,CAAC,EAAE;MAC3CC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACPC,MAAM,EAAE,kBAAkB;QAC1B,cAAc,EAAE;MAClB,CAAC;MACDZ,IAAI,EAAEA,IAAI,CAACS,QAAQ,CAAC;IACtB,CAAC,CAAC;IAEFvB,MAAM,CAACG,IAAI,CAAC,wDAAwDkB,GAAG,CAACM,MAAM,EAAE,CAAC;IAEjF,IAAI,CAACN,GAAG,CAACO,EAAE,EAAE;MACX,MAAMC,OAAO,GAAG,MAAMR,GAAG,CAACS,IAAI,CAAC,CAAC;MAChC,MAAM,IAAIpB,KAAK,CAAC,kBAAkBW,GAAG,CAACM,MAAM,KAAKE,OAAO,EAAE,CAAC;IAC7D;IAEA,MAAME,IAAqB,GAAG,MAAMV,GAAG,CAACW,IAAI,CAAC,CAAC;IAC9ChC,MAAM,CAACG,IAAI,CACT,iDAAiD8B,IAAI,CAACC,SAAS,CAAC;MAC9DC,UAAU,EAAEJ,IAAI,CAACI,UAAU;MAC3BC,UAAU,EAAEL,IAAI,CAACK,UAAU;MAC3BC,gBAAgB,EAAEC,OAAO,CAACP,IAAI,CAACQ,YAAY,CAAC;MAC5CC,iBAAiB,EAAEF,OAAO,CAACP,IAAI,CAACd,aAAa;IAC/C,CAAC,CAAC,EACJ,CAAC;;IAED;IACA,IAAIc,IAAI,CAACd,aAAa,IAAIc,IAAI,CAACd,aAAa,KAAKT,YAAY,EAAE;MAC7DR,MAAM,CAACG,IAAI,CAAC,4DAA4D,CAAC;MACzE,IAAAsC,sCAA4B,EAACxC,IAAI,EAAE;QACjC,GAAGI,eAAe;QAClBG,YAAY,EAAEuB,IAAI,CAACd;MACrB,CAAC,CAAC;MAEF,MAAM,IAAAyB,iCAAuB,EAACxC,YAAY,EAAED,IAAI,CAAC;IACnD;IAEA,OAAO8B,IAAI;EACb,CAAC,CAAC,OAAOxB,KAAK,EAAE;IACdP,MAAM,CAACO,KAAK,CAAC,iDAAiDA,KAAK,EAAE,CAAC;IACtE,MAAMA,KAAK;EACb;AACF","ignoreList":[]}

package/lib/commonjs/modules/openid/refresh/registry.js CHANGED Viewed

@@ -111,7 +111,7 @@ const credentialRegistry = exports.credentialRegistry = (0, _vanilla.createStore
   shouldSkip: id => {
     const s = get();
     if (s.refreshing[id]) return true; // in-progress
-    if (s.expired.includes(id)) return true; // replacement already queued
+    if (s.expired.includes(id) && Boolean(s.replacements[id])) return true; // replacement already queued
     if (s.blocked[id]) return true; // previously succeeded/failed
     return false;
   },

package/lib/commonjs/modules/openid/refresh/registry.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_vanilla","require","credentialRegistry","exports","createStore","set","get","byId","expired","checked","replacements","refreshing","blocked","lastSweepAt","undefined","upsert","cred","s","id","markRefreshing","clearRefreshing","_drop","rest","markExpiredWithReplacement","oldId","replacement","includes","markInvalid","acceptReplacement","repl","restRepl","filter","x","reason","at","Date","toISOString","clearExpired","blockAsSucceeded","blockAsFailed","error","unblock","shouldSkip","setLastSweep","iso","reset","readRegistry","getState","mutateRegistry","updater","setState","selectOldIdByReplacementId","replacementId","Object","entries"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/registry.ts"],"mappings":";;;;;;AACA,IAAAA,QAAA,GAAAC,OAAA;AAiBA;;AA4DO,MAAMC,kBAAkB,GAAAC,OAAA,CAAAD,kBAAA,GAAG,IAAAE,oBAAW,EAAgB,CAACC,GAAG,EAAEC,GAAG,MAAM;EAC1EC,IAAI,EAAE,CAAC,CAAC;EACRC,OAAO,EAAE,EAAE;EACXC,OAAO,EAAE,EAAE;EACXC,YAAY,EAAE,CAAC,CAAC;EAChBC,UAAU,EAAE,CAAC,CAAC;EACdC,OAAO,EAAE,CAAC,CAAC;EACXC,WAAW,EAAEC,SAAS;EAEtBC,MAAM,EAAGC,IAAI,IAAKX,GAAG,CAAEY,CAAC,KAAM;IAAEV,IAAI,EAAE;MAAE,GAAGU,CAAC,CAACV,IAAI;MAAE,CAACS,IAAI,CAACE,EAAE,GAAGF;IAAK;EAAE,CAAC,CAAC,CAAC;EAExEG,cAAc,EAAGD,EAAE,IAAKb,GAAG,CAAEY,CAAC,KAAM;IAAEN,UAAU,EAAE;MAAE,GAAGM,CAAC,CAACN,UAAU;MAAE,CAACO,EAAE,GAAG;IAAK;EAAE,CAAC,CAAC,CAAC;EAErFE,eAAe,EAAGF,EAAE,IAClBb,GAAG,CAAEY,CAAC,IAAK;IACT;IACA,MAAM;MAAE,CAACC,EAAE,GAAGG,KAAK;MAAE,GAAGC;IAAK,CAAC,GAAGL,CAAC,CAACN,UAAU;IAC7C,OAAO;MAAEA,UAAU,EAAEW;IAAK,CAAC;EAC7B,CAAC,CAAC;EAEJC,0BAA0B,EAAEA,CAACC,KAAK,EAAEC,WAAW,KAC7CpB,GAAG,CAAEY,CAAC,KAAM;IACVT,OAAO,EAAES,CAAC,CAACT,OAAO,CAACkB,QAAQ,CAACF,KAAK,CAAC,GAAGP,CAAC,CAACT,OAAO,GAAG,CAAC,GAAGS,CAAC,CAACT,OAAO,EAAEgB,KAAK,CAAC;IACtEf,OAAO,EAAEQ,CAAC,CAACR,OAAO,CAACiB,QAAQ,CAACF,KAAK,CAAC,GAAGP,CAAC,CAACR,OAAO,GAAG,CAAC,GAAGQ,CAAC,CAACR,OAAO,EAAEe,KAAK,CAAC;IACtEd,YAAY,EAAE;MAAE,GAAGO,CAAC,CAACP,YAAY;MAAE,CAACc,KAAK,GAAGC;IAAY;EAC1D,CAAC,CAAC,CAAC;EAELE,WAAW,EAAGT,EAAE,IACdb,GAAG,CAAEY,CAAC,KAAM;IACVT,OAAO,EAAES,CAAC,CAACT,OAAO,CAACkB,QAAQ,CAACR,EAAE,CAAC,GAAGD,CAAC,CAACT,OAAO,GAAG,CAAC,GAAGS,CAAC,CAACT,OAAO,EAAEU,EAAE,CAAC;IAChET,OAAO,EAAEQ,CAAC,CAACR,OAAO,CAACiB,QAAQ,CAACR,EAAE,CAAC,GAAGD,CAAC,CAACR,OAAO,GAAG,CAAC,GAAGQ,CAAC,CAACR,OAAO,EAAES,EAAE;EACjE,CAAC,CAAC,CAAC;EAELU,iBAAiB,EAAGJ,KAAK,IACvBnB,GAAG,CAAEY,CAAC,IAAK;IACT,MAAMY,IAAI,GAAGZ,CAAC,CAACP,YAAY,CAACc,KAAK,CAAC;IAClC,IAAI,CAACK,IAAI,EAAE,OAAOZ,CAAC;IACnB,MAAMV,IAAI,GAAG;MAAE,GAAGU,CAAC,CAACV;IAAK,CAAC;IAC1B,OAAOA,IAAI,CAACiB,KAAK,CAAC;IAClBjB,IAAI,CAACsB,IAAI,CAACX,EAAE,CAAC,GAAGW,IAAI;IACpB;IACA,MAAM;MAAE,CAACL,KAAK,GAAGH,KAAK;MAAE,GAAGS;IAAS,CAAC,GAAGb,CAAC,CAACP,YAAY;IACtD,OAAO;MACLH,IAAI;MACJG,YAAY,EAAEoB,QAAQ;MACtBtB,OAAO,EAAES,CAAC,CAACT,OAAO,CAACuB,MAAM,CAAEC,CAAC,IAAKA,CAAC,KAAKR,KAAK,CAAC;MAC7C;MACAZ,OAAO,EAAE;QAAE,GAAGK,CAAC,CAACL,OAAO;QAAE,CAACY,KAAK,GAAG;UAAES,MAAM,EAAE,WAAW;UAAEC,EAAE,EAAE,IAAIC,IAAI,CAAC,CAAC,CAACC,WAAW,CAAC;QAAE;MAAE;IAC1F,CAAC;EACH,CAAC,CAAC;EAEJC,YAAY,EAAGnB,EAAE,IACfb,GAAG,CAAEY,CAAC,KAAM;IACVT,OAAO,EAAES,CAAC,CAACT,OAAO,CAACuB,MAAM,CAAEC,CAAC,IAAKA,CAAC,KAAKd,EAAE;EAC3C,CAAC,CAAC,CAAC;EAELoB,gBAAgB,EAAGpB,EAAE,IACnBb,GAAG,CAAEY,CAAC,KAAM;IACVL,OAAO,EAAE;MAAE,GAAGK,CAAC,CAACL,OAAO;MAAE,CAACM,EAAE,GAAG;QAAEe,MAAM,EAAE,WAAW;QAAEC,EAAE,EAAE,IAAIC,IAAI,CAAC,CAAC,CAACC,WAAW,CAAC;MAAE;IAAE;EACvF,CAAC,CAAC,CAAC;EAELG,aAAa,EAAEA,CAACrB,EAAE,EAAEsB,KAAK,KACvBnC,GAAG,CAAEY,CAAC,KAAM;IACVL,OAAO,EAAE;MAAE,GAAGK,CAAC,CAACL,OAAO;MAAE,CAACM,EAAE,GAAG;QAAEe,MAAM,EAAE,QAAQ;QAAEC,EAAE,EAAE,IAAIC,IAAI,CAAC,CAAC,CAACC,WAAW,CAAC,CAAC;QAAEI;MAAM;IAAE;EAC3F,CAAC,CAAC,CAAC;EAELC,OAAO,EAAGvB,EAAE,IACVb,GAAG,CAAEY,CAAC,IAAK;IACT;IACA,MAAM;MAAE,CAACC,EAAE,GAAGG,KAAK;MAAE,GAAGC;IAAK,CAAC,GAAGL,CAAC,CAACL,OAAO;IAC1C,OAAO;MAAEA,OAAO,EAAEU;IAAK,CAAC;EAC1B,CAAC,CAAC;EAEJoB,UAAU,EAAGxB,EAAE,IAAK;IAClB,MAAMD,CAAC,GAAGX,GAAG,CAAC,CAAC;IACf,IAAIW,CAAC,CAACN,UAAU,CAACO,EAAE,CAAC,EAAE,OAAO,IAAI,EAAC;IAClC,IAAID,CAAC,CAACT,OAAO,CAACkB,QAAQ,CAACR,EAAE,CAAC,EAAE,OAAO,IAAI,EAAC;~~IACxC~~,IAAID,CAAC,CAACL,OAAO,CAACM,EAAE,CAAC,EAAE,OAAO,IAAI,EAAC;IAC/B,OAAO,KAAK;EACd,CAAC;~~EAEDyB~~,YAAY,EAAGC,GAAG,~~IAAKvC~~,GAAG,CAAC;IAAEQ,WAAW,~~EAAE+B~~;EAAI,CAAC,CAAC;EAEhDC,KAAK,EAAEA,CAAA,~~KACLxC~~,GAAG,CAAC;IACFE,IAAI,EAAE,CAAC,CAAC;IACRC,OAAO,EAAE,EAAE;IACXC,OAAO,EAAE,EAAE;IACXC,YAAY,EAAE,CAAC,CAAC;IAChBC,UAAU,EAAE,CAAC,CAAC;IACdC,OAAO,EAAE,CAAC,CAAC;IACXC,WAAW,EAAEC;EACf,CAAC;AACL,CAAC,CAAC,CAAC;;AAEH;AACO,~~MAAMgC~~,YAAY,GAAGA,CAAA,~~KAAM5C~~,kBAAkB,~~CAAC6C~~,QAAQ,CAAC,CAAC;~~AAAA5C~~,OAAA,~~CAAA2C~~,YAAA,GAAAA,YAAA;AACxD,MAAME,cAAc,GAAIC,OAAmC,~~IAChE/C~~,kBAAkB,~~CAACgD~~,QAAQ,~~CAAEjC~~,CAAC,IAAK;~~EACjCgC~~,OAAO,~~CAAChC~~,CAAC,CAAC;EACV,OAAOA,CAAC;AACV,CAAC,CAAC;AAAAd,OAAA,~~CAAA6C~~,cAAA,GAAAA,cAAA;AAEG,MAAMG,0BAA0B,GAAIC,aAAqB,IAAyB;EACvF,MAAM;~~IAAE1C~~;EAAa,CAAC,GAAGR,kBAAkB,~~CAAC6C~~,QAAQ,CAAC,CAAC;EACtD,KAAK,MAAM,~~CAACvB~~,KAAK,EAAEK,IAAI,CAAC,~~IAAIwB~~,MAAM,CAACC,OAAO,~~CAAC5C~~,YAAY,CAAC,EAAE;IACxD,IAAImB,IAAI,CAACX,EAAE,~~KAAKkC~~,aAAa,EAAE,~~OAAO5B~~,KAAK;EAC7C;EACA,OAAOV,SAAS;AAClB,CAAC;AAAAX,OAAA,~~CAAAgD~~,0BAAA,GAAAA,0BAAA","ignoreList":[]}
1	+ {"version":3,"names":["_vanilla","require","credentialRegistry","exports","createStore","set","get","byId","expired","checked","replacements","refreshing","blocked","lastSweepAt","undefined","upsert","cred","s","id","markRefreshing","clearRefreshing","_drop","rest","markExpiredWithReplacement","oldId","replacement","includes","markInvalid","acceptReplacement","repl","restRepl","filter","x","reason","at","Date","toISOString","clearExpired","blockAsSucceeded","blockAsFailed","error","unblock","shouldSkip","Boolean","setLastSweep","iso","reset","readRegistry","getState","mutateRegistry","updater","setState","selectOldIdByReplacementId","replacementId","Object","entries"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/registry.ts"],"mappings":";;;;;;AACA,IAAAA,QAAA,GAAAC,OAAA;AAiBA;;AA4DO,MAAMC,kBAAkB,GAAAC,OAAA,CAAAD,kBAAA,GAAG,IAAAE,oBAAW,EAAgB,CAACC,GAAG,EAAEC,GAAG,MAAM;EAC1EC,IAAI,EAAE,CAAC,CAAC;EACRC,OAAO,EAAE,EAAE;EACXC,OAAO,EAAE,EAAE;EACXC,YAAY,EAAE,CAAC,CAAC;EAChBC,UAAU,EAAE,CAAC,CAAC;EACdC,OAAO,EAAE,CAAC,CAAC;EACXC,WAAW,EAAEC,SAAS;EAEtBC,MAAM,EAAGC,IAAI,IAAKX,GAAG,CAAEY,CAAC,KAAM;IAAEV,IAAI,EAAE;MAAE,GAAGU,CAAC,CAACV,IAAI;MAAE,CAACS,IAAI,CAACE,EAAE,GAAGF;IAAK;EAAE,CAAC,CAAC,CAAC;EAExEG,cAAc,EAAGD,EAAE,IAAKb,GAAG,CAAEY,CAAC,KAAM;IAAEN,UAAU,EAAE;MAAE,GAAGM,CAAC,CAACN,UAAU;MAAE,CAACO,EAAE,GAAG;IAAK;EAAE,CAAC,CAAC,CAAC;EAErFE,eAAe,EAAGF,EAAE,IAClBb,GAAG,CAAEY,CAAC,IAAK;IACT;IACA,MAAM;MAAE,CAACC,EAAE,GAAGG,KAAK;MAAE,GAAGC;IAAK,CAAC,GAAGL,CAAC,CAACN,UAAU;IAC7C,OAAO;MAAEA,UAAU,EAAEW;IAAK,CAAC;EAC7B,CAAC,CAAC;EAEJC,0BAA0B,EAAEA,CAACC,KAAK,EAAEC,WAAW,KAC7CpB,GAAG,CAAEY,CAAC,KAAM;IACVT,OAAO,EAAES,CAAC,CAACT,OAAO,CAACkB,QAAQ,CAACF,KAAK,CAAC,GAAGP,CAAC,CAACT,OAAO,GAAG,CAAC,GAAGS,CAAC,CAACT,OAAO,EAAEgB,KAAK,CAAC;IACtEf,OAAO,EAAEQ,CAAC,CAACR,OAAO,CAACiB,QAAQ,CAACF,KAAK,CAAC,GAAGP,CAAC,CAACR,OAAO,GAAG,CAAC,GAAGQ,CAAC,CAACR,OAAO,EAAEe,KAAK,CAAC;IACtEd,YAAY,EAAE;MAAE,GAAGO,CAAC,CAACP,YAAY;MAAE,CAACc,KAAK,GAAGC;IAAY;EAC1D,CAAC,CAAC,CAAC;EAELE,WAAW,EAAGT,EAAE,IACdb,GAAG,CAAEY,CAAC,KAAM;IACVT,OAAO,EAAES,CAAC,CAACT,OAAO,CAACkB,QAAQ,CAACR,EAAE,CAAC,GAAGD,CAAC,CAACT,OAAO,GAAG,CAAC,GAAGS,CAAC,CAACT,OAAO,EAAEU,EAAE,CAAC;IAChET,OAAO,EAAEQ,CAAC,CAACR,OAAO,CAACiB,QAAQ,CAACR,EAAE,CAAC,GAAGD,CAAC,CAACR,OAAO,GAAG,CAAC,GAAGQ,CAAC,CAACR,OAAO,EAAES,EAAE;EACjE,CAAC,CAAC,CAAC;EAELU,iBAAiB,EAAGJ,KAAK,IACvBnB,GAAG,CAAEY,CAAC,IAAK;IACT,MAAMY,IAAI,GAAGZ,CAAC,CAACP,YAAY,CAACc,KAAK,CAAC;IAClC,IAAI,CAACK,IAAI,EAAE,OAAOZ,CAAC;IACnB,MAAMV,IAAI,GAAG;MAAE,GAAGU,CAAC,CAACV;IAAK,CAAC;IAC1B,OAAOA,IAAI,CAACiB,KAAK,CAAC;IAClBjB,IAAI,CAACsB,IAAI,CAACX,EAAE,CAAC,GAAGW,IAAI;IACpB;IACA,MAAM;MAAE,CAACL,KAAK,GAAGH,KAAK;MAAE,GAAGS;IAAS,CAAC,GAAGb,CAAC,CAACP,YAAY;IACtD,OAAO;MACLH,IAAI;MACJG,YAAY,EAAEoB,QAAQ;MACtBtB,OAAO,EAAES,CAAC,CAACT,OAAO,CAACuB,MAAM,CAAEC,CAAC,IAAKA,CAAC,KAAKR,KAAK,CAAC;MAC7C;MACAZ,OAAO,EAAE;QAAE,GAAGK,CAAC,CAACL,OAAO;QAAE,CAACY,KAAK,GAAG;UAAES,MAAM,EAAE,WAAW;UAAEC,EAAE,EAAE,IAAIC,IAAI,CAAC,CAAC,CAACC,WAAW,CAAC;QAAE;MAAE;IAC1F,CAAC;EACH,CAAC,CAAC;EAEJC,YAAY,EAAGnB,EAAE,IACfb,GAAG,CAAEY,CAAC,KAAM;IACVT,OAAO,EAAES,CAAC,CAACT,OAAO,CAACuB,MAAM,CAAEC,CAAC,IAAKA,CAAC,KAAKd,EAAE;EAC3C,CAAC,CAAC,CAAC;EAELoB,gBAAgB,EAAGpB,EAAE,IACnBb,GAAG,CAAEY,CAAC,KAAM;IACVL,OAAO,EAAE;MAAE,GAAGK,CAAC,CAACL,OAAO;MAAE,CAACM,EAAE,GAAG;QAAEe,MAAM,EAAE,WAAW;QAAEC,EAAE,EAAE,IAAIC,IAAI,CAAC,CAAC,CAACC,WAAW,CAAC;MAAE;IAAE;EACvF,CAAC,CAAC,CAAC;EAELG,aAAa,EAAEA,CAACrB,EAAE,EAAEsB,KAAK,KACvBnC,GAAG,CAAEY,CAAC,KAAM;IACVL,OAAO,EAAE;MAAE,GAAGK,CAAC,CAACL,OAAO;MAAE,CAACM,EAAE,GAAG;QAAEe,MAAM,EAAE,QAAQ;QAAEC,EAAE,EAAE,IAAIC,IAAI,CAAC,CAAC,CAACC,WAAW,CAAC,CAAC;QAAEI;MAAM;IAAE;EAC3F,CAAC,CAAC,CAAC;EAELC,OAAO,EAAGvB,EAAE,IACVb,GAAG,CAAEY,CAAC,IAAK;IACT;IACA,MAAM;MAAE,CAACC,EAAE,GAAGG,KAAK;MAAE,GAAGC;IAAK,CAAC,GAAGL,CAAC,CAACL,OAAO;IAC1C,OAAO;MAAEA,OAAO,EAAEU;IAAK,CAAC;EAC1B,CAAC,CAAC;EAEJoB,UAAU,EAAGxB,EAAE,IAAK;IAClB,MAAMD,CAAC,GAAGX,GAAG,CAAC,CAAC;IACf,IAAIW,CAAC,CAACN,UAAU,CAACO,EAAE,CAAC,EAAE,OAAO,IAAI,EAAC;IAClC,IAAID,CAAC,CAACT,OAAO,CAACkB,QAAQ,CAACR,EAAE,CAAC,IAAIyB,OAAO,CAAC1B,CAAC,CAACP,YAAY,CAACQ,EAAE,CAAC,CAAC,EAAE,OAAO,IAAI,EAAC;IACvE,IAAID,CAAC,CAACL,OAAO,CAACM,EAAE,CAAC,EAAE,OAAO,IAAI,EAAC;IAC/B,OAAO,KAAK;EACd,CAAC;EAED0B,YAAY,EAAGC,GAAG,IAAKxC,GAAG,CAAC;IAAEQ,WAAW,EAAEgC;EAAI,CAAC,CAAC;EAEhDC,KAAK,EAAEA,CAAA,KACLzC,GAAG,CAAC;IACFE,IAAI,EAAE,CAAC,CAAC;IACRC,OAAO,EAAE,EAAE;IACXC,OAAO,EAAE,EAAE;IACXC,YAAY,EAAE,CAAC,CAAC;IAChBC,UAAU,EAAE,CAAC,CAAC;IACdC,OAAO,EAAE,CAAC,CAAC;IACXC,WAAW,EAAEC;EACf,CAAC;AACL,CAAC,CAAC,CAAC;;AAEH;AACO,MAAMiC,YAAY,GAAGA,CAAA,KAAM7C,kBAAkB,CAAC8C,QAAQ,CAAC,CAAC;AAAA7C,OAAA,CAAA4C,YAAA,GAAAA,YAAA;AACxD,MAAME,cAAc,GAAIC,OAAmC,IAChEhD,kBAAkB,CAACiD,QAAQ,CAAElC,CAAC,IAAK;EACjCiC,OAAO,CAACjC,CAAC,CAAC;EACV,OAAOA,CAAC;AACV,CAAC,CAAC;AAAAd,OAAA,CAAA8C,cAAA,GAAAA,cAAA;AAEG,MAAMG,0BAA0B,GAAIC,aAAqB,IAAyB;EACvF,MAAM;IAAE3C;EAAa,CAAC,GAAGR,kBAAkB,CAAC8C,QAAQ,CAAC,CAAC;EACtD,KAAK,MAAM,CAACxB,KAAK,EAAEK,IAAI,CAAC,IAAIyB,MAAM,CAACC,OAAO,CAAC7C,YAAY,CAAC,EAAE;IACxD,IAAImB,IAAI,CAACX,EAAE,KAAKmC,aAAa,EAAE,OAAO7B,KAAK;EAC7C;EACA,OAAOV,SAAS;AAClB,CAAC;AAAAX,OAAA,CAAAiD,0BAAA,GAAAA,0BAAA","ignoreList":[]}

package/lib/commonjs/modules/openid/refresh/types.js CHANGED Viewed

@@ -3,13 +3,23 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.RefreshStatus = exports.OpenIDCustomNotificationType = void 0;
+exports.RefreshStatus = exports.OpenIDCustomNotificationType = exports.OpenIDCredentialRefreshFlowType = void 0;
 let RefreshStatus = exports.RefreshStatus = /*#__PURE__*/function (RefreshStatus) {
   RefreshStatus["Valid"] = "valid";
   RefreshStatus["Invalid"] = "invalid";
   RefreshStatus["Error"] = "error";
   return RefreshStatus;
 }({});
+/**
+ * Controls how invalid OpenID credentials are handled after status checks.
+ * - InvalidThenOnDemand: show invalid notification; replacement is attempted on user action.
+ * - FullReplacement: orchestrator attempts replacement immediately and surfaces replacement notification when available.
+ */
+let OpenIDCredentialRefreshFlowType = exports.OpenIDCredentialRefreshFlowType = /*#__PURE__*/function (OpenIDCredentialRefreshFlowType) {
+  OpenIDCredentialRefreshFlowType["InvalidThenOnDemand"] = "invalid-then-on-demand";
+  OpenIDCredentialRefreshFlowType["FullReplacement"] = "full-replacement";
+  return OpenIDCredentialRefreshFlowType;
+}({});
 let OpenIDCustomNotificationType = exports.OpenIDCustomNotificationType = /*#__PURE__*/function (OpenIDCustomNotificationType) {
   OpenIDCustomNotificationType["CredentialReplacementAvailable"] = "CustomNotificationOpenIDCredential";
   OpenIDCustomNotificationType["CredentialExpired"] = "CredentialExpired";

package/lib/commonjs/modules/openid/refresh/types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["RefreshStatus","exports","OpenIDCustomNotificationType"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/types.ts"],"mappings":";;;;;;~~IAmBYA~~,aAAa,GAAAC,OAAA,CAAAD,aAAA,0BAAbA,aAAa;EAAbA,aAAa;EAAbA,aAAa;EAAbA,aAAa;EAAA,OAAbA,aAAa;AAAA;AAAA,~~IAoDbE~~,4BAA4B,~~GAAAD~~,OAAA,~~CAAAC~~,4BAAA,0BAA5BA,4BAA4B;EAA5BA,4BAA4B;EAA5BA,4BAA4B;EAAA,OAA5BA,4BAA4B;AAAA","ignoreList":[]}
1	+ {"version":3,"names":["RefreshStatus","exports","OpenIDCredentialRefreshFlowType","OpenIDCustomNotificationType"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/types.ts"],"mappings":";;;;;;IAeYA,aAAa,GAAAC,OAAA,CAAAD,aAAA,0BAAbA,aAAa;EAAbA,aAAa;EAAbA,aAAa;EAAbA,aAAa;EAAA,OAAbA,aAAa;AAAA;AAMzB;AACA;AACA;AACA;AACA;AAJA,IAKYE,+BAA+B,GAAAD,OAAA,CAAAC,+BAAA,0BAA/BA,+BAA+B;EAA/BA,+BAA+B;EAA/BA,+BAA+B;EAAA,OAA/BA,+BAA+B;AAAA;AAAA,IAkD/BC,4BAA4B,GAAAF,OAAA,CAAAE,4BAAA,0BAA5BA,4BAA4B;EAA5BA,4BAA4B;EAA5BA,4BAA4B;EAAA,OAA5BA,4BAA4B;AAAA","ignoreList":[]}

package/lib/commonjs/modules/openid/refresh/verifyCredentialStatus.js CHANGED Viewed

@@ -5,30 +5,30 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.verifyCredentialStatus = verifyCredentialStatus;
 var _jwtStatusList = require("@sd-jwt/jwt-status-list");
+var _types = require("./types");
 // modules/openid/refresh/verifyCredentialStatus.ts
 /**
  * Verifies credential status for Sd-JWT credentials using status lists.
  * Non–Sd-JWT credentials (W3C jwt_vc_json without status list, or mdoc) are treated as valid here.
- * Returns true if valid; false if revoked/invalid or on error.
  */
 async function verifyCredentialStatus(rec, logger) {
   try {
     // Only Sd-JWT creds have compactSdJwtVc in this codebase
-    if (!('compactSdJwtVc' in rec)) return true;
+    if (!('compactSdJwtVc' in rec)) return _types.RefreshStatus.Valid;
     logger === null || logger === void 0 || logger.info(`[Verifier] Verifying credential status for Sd-JWT credential: ${rec.id}`);
-    const ref = (0, _jwtStatusList.getStatusListFromJWT)(rec.compactSdJwtVc);
+    const ref = (0, _jwtStatusList.getStatusListFromJWT)(rec.firstCredential.compact);
     const res = await fetch(ref.uri);
     if (!res.ok) throw new Error(`HTTP ${res.status}`);
     const jwt = await res.text();
     const list = (0, _jwtStatusList.getListFromStatusListJWT)(jwt);
-    const ok = list.getStatus(ref.idx) === 0;
-    logger === null || logger === void 0 || logger.info(`${ok ? '✅' : '❌'} [Verifier] ${rec.id} → ${ok ? 'valid' : 'revoked'}`);
-    return ok;
+    const status = list.getStatus(ref.idx) === 0 ? _types.RefreshStatus.Valid : _types.RefreshStatus.Invalid;
+    logger === null || logger === void 0 || logger.info(`${status === _types.RefreshStatus.Valid ? '✅' : '❌'} [Verifier] ${rec.id} → ${status}`);
+    return status;
   } catch (e) {
     var _logger$error;
     logger === null || logger === void 0 || (_logger$error = logger.error) === null || _logger$error === void 0 || _logger$error.call(logger, `💥 [Verifier] ${'id' in rec ? rec.id : 'unknown'} verify failed: ${String(e)}`);
-    return false;
+    return _types.RefreshStatus.Error;
   }
 }
 //# sourceMappingURL=verifyCredentialStatus.js.map

package/lib/commonjs/modules/openid/refresh/verifyCredentialStatus.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_jwtStatusList","require","verifyCredentialStatus","rec","logger","info","id","ref","getStatusListFromJWT","~~compactSdJwtVc~~","res","fetch","uri","ok","Error","status","jwt","text","list","getListFromStatusListJWT","getStatus","idx","e","_logger$error","error","call","String"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/verifyCredentialStatus.ts"],"mappings":";;;;;;AAEA,IAAAA,cAAA,GAAAC,OAAA;~~AAFA~~;;~~AAOA~~;AACA;AACA;AACA;~~AACA;~~AACO,~~eAAeC~~,sBAAsBA,CAACC,GAAY,EAAEC,MAAqB,~~EAAoB~~;~~EAClG~~,IAAI;IACF;IACA,IAAI,EAAE,gBAAgB,IAAID,GAAG,CAAC,EAAE,~~OAAO~~,~~IAAI~~;~~IAE3CC~~,MAAM,aAANA,MAAM,eAANA,MAAM,~~CAAEC~~,IAAI,CAAC,~~iEAAiEF~~,GAAG,~~CAACG~~,EAAE,EAAE,CAAC;IAEvF,MAAMC,GAAG,GAAG,IAAAC,mCAAoB,~~EAACL~~,GAAG,~~CAACM~~,~~cAAc~~,CAAC;~~IACpD~~,MAAMC,GAAG,GAAG,MAAMC,KAAK,~~CAACJ~~,GAAG,~~CAACK~~,GAAG,CAAC;IAChC,IAAI,CAACF,GAAG,CAACG,EAAE,EAAE,MAAM,IAAIC,KAAK,CAAC,QAAQJ,GAAG,CAACK,MAAM,EAAE,CAAC;IAClD,MAAMC,GAAG,GAAG,MAAMN,GAAG,CAACO,IAAI,CAAC,CAAC;IAE5B,MAAMC,IAAI,GAAG,IAAAC,uCAAwB,EAACH,GAAG,CAAC;IAC1C,~~MAAMH~~,~~EAAE~~,~~GAAGK~~,IAAI,CAACE,SAAS,~~CAACb~~,GAAG,~~CAACc~~,GAAG,CAAC,KAAK,CAAC;~~IAExCjB~~,MAAM,aAANA,MAAM,eAANA,MAAM,~~CAAEC~~,IAAI,CAAC,~~GAAGQ~~,~~EAAE~~,GAAG,GAAG,GAAG,GAAG,~~eAAeV~~,GAAG,~~CAACG~~,EAAE,~~MAAMO~~,~~EAAE~~,~~GAAG,OAAO,GAAG,SAAS,~~EAAE,CAAC;~~IACpF~~,OAAOA,~~EAAE~~;~~EACX~~,CAAC,CAAC,~~OAAOS~~,CAAC,EAAE;IAAA,IAAAC,aAAA;~~IACVnB~~,MAAM,aAANA,MAAM,~~gBAAAmB~~,aAAA,~~GAANnB~~,MAAM,~~CAAEoB~~,KAAK,cAAAD,aAAA,eAAbA,aAAA,CAAAE,IAAA,~~CAAArB~~,MAAM,EAAU,iBAAiB,IAAI,IAAID,GAAG,GAAGA,GAAG,~~CAACG~~,EAAE,GAAG,SAAS,~~mBAAmBoB~~,MAAM,CAACJ,CAAC,CAAC,EAAE,CAAC;IAChG,~~OAAO~~,KAAK;~~EACd~~;AACF","ignoreList":[]}
1	+ {"version":3,"names":["_jwtStatusList","require","_types","verifyCredentialStatus","rec","logger","RefreshStatus","Valid","info","id","ref","getStatusListFromJWT","firstCredential","compact","res","fetch","uri","ok","Error","status","jwt","text","list","getListFromStatusListJWT","getStatus","idx","Invalid","e","_logger$error","error","call","String"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/verifyCredentialStatus.ts"],"mappings":";;;;;;AAEA,IAAAA,cAAA,GAAAC,OAAA;AAEA,IAAAC,MAAA,GAAAD,OAAA;AAJA;;AAQA;AACA;AACA;AACA;AACO,eAAeE,sBAAsBA,CAACC,GAAY,EAAEC,MAAqB,EAA0B;EACxG,IAAI;IACF;IACA,IAAI,EAAE,gBAAgB,IAAID,GAAG,CAAC,EAAE,OAAOE,oBAAa,CAACC,KAAK;IAE1DF,MAAM,aAANA,MAAM,eAANA,MAAM,CAAEG,IAAI,CAAC,iEAAiEJ,GAAG,CAACK,EAAE,EAAE,CAAC;IAEvF,MAAMC,GAAG,GAAG,IAAAC,mCAAoB,EAACP,GAAG,CAACQ,eAAe,CAACC,OAAO,CAAC;IAC7D,MAAMC,GAAG,GAAG,MAAMC,KAAK,CAACL,GAAG,CAACM,GAAG,CAAC;IAChC,IAAI,CAACF,GAAG,CAACG,EAAE,EAAE,MAAM,IAAIC,KAAK,CAAC,QAAQJ,GAAG,CAACK,MAAM,EAAE,CAAC;IAClD,MAAMC,GAAG,GAAG,MAAMN,GAAG,CAACO,IAAI,CAAC,CAAC;IAE5B,MAAMC,IAAI,GAAG,IAAAC,uCAAwB,EAACH,GAAG,CAAC;IAC1C,MAAMD,MAAM,GAAGG,IAAI,CAACE,SAAS,CAACd,GAAG,CAACe,GAAG,CAAC,KAAK,CAAC,GAAGnB,oBAAa,CAACC,KAAK,GAAGD,oBAAa,CAACoB,OAAO;IAE1FrB,MAAM,aAANA,MAAM,eAANA,MAAM,CAAEG,IAAI,CAAC,GAAGW,MAAM,KAAKb,oBAAa,CAACC,KAAK,GAAG,GAAG,GAAG,GAAG,eAAeH,GAAG,CAACK,EAAE,MAAMU,MAAM,EAAE,CAAC;IAC9F,OAAOA,MAAM;EACf,CAAC,CAAC,OAAOQ,CAAC,EAAE;IAAA,IAAAC,aAAA;IACVvB,MAAM,aAANA,MAAM,gBAAAuB,aAAA,GAANvB,MAAM,CAAEwB,KAAK,cAAAD,aAAA,eAAbA,aAAA,CAAAE,IAAA,CAAAzB,MAAM,EAAU,iBAAiB,IAAI,IAAID,GAAG,GAAGA,GAAG,CAACK,EAAE,GAAG,SAAS,mBAAmBsB,MAAM,CAACJ,CAAC,CAAC,EAAE,CAAC;IAChG,OAAOrB,oBAAa,CAACY,KAAK;EAC5B;AACF","ignoreList":[]}

package/lib/commonjs/modules/openid/resolverProof.js CHANGED Viewed

@@ -3,15 +3,10 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.extractCertificateFromAuthorizationRequest = void 0;
 exports.fetchInvitationDataUrl = fetchInvitationDataUrl;
 exports.shareProof = exports.getCredentialsForProofRequest = void 0;
-exports.withTrustedCertificate = withTrustedCertificate;
-var _core = require("@credo-ts/core");
-var _queryString = _interopRequireDefault(require("query-string"));
 var _utils = require("./utils/utils");
 var _reactNative = require("react-native");
-function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 function handleTextResponse(text) {
   // If the text starts with 'ey' we assume it's a JWT and thus an OpenID authorization request
   if (text.startsWith('ey')) {
@@ -92,107 +87,28 @@ async function fetchInvitationDataUrl(dataUrl) {
     throw new Error(`[retrieve_invitation_error] Unable to retrieve invitation: ${error}`);
   }
 }
-const extractCertificateFromJwt = jwt => {
-  const jwtHeader = _core.Jwt.fromSerializedJwt(jwt).header;
-  return Array.isArray(jwtHeader.x5c) && typeof jwtHeader.x5c[0] === 'string' ? jwtHeader.x5c[0] : null;
-};
-/**
- * This is a temp method to allow for untrusted certificates to still work with the wallet.
- */
-const extractCertificateFromAuthorizationRequest = async ({
-  data,
-  uri
-}) => {
-  try {
-    if (data) {
-      return {
-        data,
-        certificate: extractCertificateFromJwt(data)
-      };
-    }
-    if (uri) {
-      const query = _queryString.default.parseUrl(uri).query;
-      if (query.request_uri && typeof query.request_uri === 'string') {
-        const result = await fetchInvitationDataUrl(query.request_uri);
-        if (result.success && result.result.type === 'openid-authorization-request' && typeof result.result.data === 'string') {
-          return {
-            data: result.result.data,
-            certificate: extractCertificateFromJwt(result.result.data)
-          };
-        }
-      } else if (query.request && typeof query.request === 'string') {
-        const _res = {
-          data: query.request,
-          certificate: extractCertificateFromJwt(query.request)
-        };
-        return _res;
-      }
-    }
-    return {
-      data: null,
-      certificate: null
-    };
-  } catch {
-    return {
-      data: null,
-      certificate: null
-    };
-  }
-};
-exports.extractCertificateFromAuthorizationRequest = extractCertificateFromAuthorizationRequest;
-async function withTrustedCertificate(agent, certificate, method) {
-  const x509ModuleConfig = agent.dependencyManager.resolve(_core.X509ModuleConfig);
-  const currentTrustedCertificates = x509ModuleConfig.trustedCertificates ? [...x509ModuleConfig.trustedCertificates] : [];
-  try {
-    if (certificate) agent.x509.addTrustedCertificate(certificate);
-    return await method();
-  } finally {
-    if (certificate) x509ModuleConfig.setTrustedCertificates(currentTrustedCertificates);
-  }
-}
-//This settings should be moved to an injectable config
-const allowUntrustedCertificates = false;
 const getCredentialsForProofRequest = async ({
   agent,
-  data,
-  uri
+  request
 }) => {
-  let requestUri = uri;
   try {
-    const {
-      certificate = null,
-      data: newData = null
-    } = allowUntrustedCertificates ? await extractCertificateFromAuthorizationRequest({
-      data,
-      uri
-    }) : {};
-    if (newData) {
-      // FIXME: Credo only support request string, but we already parsed it before. So we construct an request here
-      // but in the future we need to support the parsed request in Credo directly
-      requestUri = `openid://?request=${encodeURIComponent(newData)}`;
-    } else if (uri) {
-      requestUri = uri;
-    } else {
-      throw new Error('Either data or uri must be provided');
-    }
-    agent.config.logger.info(`$$Receiving openid uri ${requestUri}`);
-    // Temp solution to add and remove the trusted certificate
-    const resolved = await withTrustedCertificate(agent, certificate, () => {
-      return agent.modules.openId4VcHolder.resolveSiopAuthorizationRequest(requestUri);
-    });
+    agent.config.logger.info(`$$Receiving openid authorization request ${request}`);
+    const resolved = await agent.modules.openid4vc.holder.resolveOpenId4VpAuthorizationRequest(request);
     if (!resolved.presentationExchange) {
       throw new Error('No presentation exchange found in authorization request.');
     }
-    return {
+    const requestRecord = {
       ...resolved.presentationExchange,
-      authorizationRequest: resolved.authorizationRequest,
-      verifierHostName: resolved.authorizationRequest.responseURI ? (0, _utils.getHostNameFromUrl)(resolved.authorizationRequest.responseURI) : undefined,
+      authorizationRequestPayload: resolved.authorizationRequestPayload,
+      verifierHostName: resolved.authorizationRequestPayload.response_uri ? (0, _utils.getHostNameFromUrl)(String(resolved.authorizationRequestPayload.response_uri)) : undefined,
       createdAt: new Date(),
-      type: 'OpenId4VPRequestRecord'
+      type: 'OpenId4VPRequestRecord',
+      verifier: {
+        clientIdPrefix: resolved.verifier.clientIdPrefix,
+        effectiveClientId: resolved.verifier.effectiveClientId
+      }
     };
+    return requestRecord;
   } catch (err) {
     agent.config.logger.error(`Parsing presentation request:  ${(err === null || err === void 0 ? void 0 : err.message) ?? err}`);
     throw err;
@@ -203,8 +119,7 @@ const shareProof = async ({
   agent,
   authorizationRequest,
   credentialsForRequest,
-  selectedCredentials,
-  allowUntrustedCertificate = false
+  selectedCredentials
 }) => {
   if (!credentialsForRequest.areRequirementsSatisfied) {
     throw new Error('Requirements from proof request are not satisfied');
@@ -219,14 +134,12 @@ const shareProof = async ({
     return [entry.inputDescriptorId, [credential.credentialRecord]];
   })));
   try {
-    // Temp solution to add and remove the trusted certicaite
-    const certificate = authorizationRequest.jwt && allowUntrustedCertificate ? extractCertificateFromJwt(authorizationRequest.jwt) : null;
-    const result = await withTrustedCertificate(agent, certificate, () => agent.modules.openId4VcHolder.acceptSiopAuthorizationRequest({
-      authorizationRequest,
+    const result = await agent.openid4vc.holder.acceptOpenId4VpAuthorizationRequest({
+      authorizationRequest: authorizationRequest,
       presentationExchange: {
         credentials
       }
-    }));
+    });
     // if redirect_uri is provided, open it in the browser
     // Even if the response returned an error, we must open this uri