npm - @connectid-tools/rp-nodejs-sdk - Versions diffs - 4.1.0 → 4.2.1 - Mend

@connectid-tools/rp-nodejs-sdk 4.1.0 → 4.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +230 -169
package/config.js +2 -2
package/package.json +9 -6
package/relying-party-client-sdk.js +3 -3
package/utils/cert-utils.d.ts +1 -1
package/utils/user-agent.d.ts +1 -1
package/utils/user-agent.js +2 -4

package/README.md CHANGED Viewed

@@ -13,6 +13,7 @@ npm install @connectid-tools/rp-nodejs-sdk
 ```
 Update your `package.json` to use `module`:
 ```json
 {
   .
@@ -25,10 +26,10 @@ Update your `package.json` to use `module`:
 You can then import and instantiate an instance of the rp-nodejs-sdk using:
 ```javascript
-import { config } from './config.js';
-import RelyingPartyClientSdk from './relying-party-client-sdk';
+import { config } from './config.js'
+import RelyingPartyClientSdk from './relying-party-client-sdk'
-const rpClient = new RelyingPartyClientSdk(config);
+const rpClient = new RelyingPartyClientSdk(config)
 ```
 The above code assumes that you have a config file called `config.js` in your project folder that contains
@@ -36,12 +37,15 @@ the configuration required for the sdk, eg: the location of the certificate file
 the callback urls, etc. The configuration attributes are described below.
 ## Using Typescript
 To use Node SDK with Typescript you need to make the following changes in your `tsconfig.json`:
-* Set `"target: "es2016"` or higher
-* Have `"module": "ES2015"` or higher
-* Have `"moduleResolution": "Bundler"`
+- Set `"target: "es2016"` or higher
+- Have `"module": "ES2015"` or higher
+- Have `"moduleResolution": "Bundler"`
 Sample tsconfig:
 ```json
 {
   "compilerOptions": {
@@ -49,13 +53,16 @@ Sample tsconfig:
     "module": "ES2015",
     "moduleResolution": "Bundler",
     "strictNullChecks": true,
-    "outDir": "dist/",
+    "outDir": "dist/"
   },
   "include": ["**/*.ts"]
 }
 ```
 ### Setting up SDK config options
 `RelyingPartyClientSdkConfig` has some fixed values, specially inside `client` object, to be able to set the config options for the SDK some type gymnastics will be needed as shown below (see `as const`):
 ```typescript
 // index.ts
 import RelyingPartyClientSdk from '@connectid-tools/rp-nodejs-sdk'
@@ -112,13 +119,13 @@ the configuration properties is available from: <https://github.com/connectid-to
 The simplest way to pass in the configuration is shown below (assumes the `config.js` file is in the project directory):
 ```javascript
-const config = require('./config');
-const RelyingPartyClientSdk = require('@connectid-tools/rp-nodejs-sdk');
-const rpClient = new RelyingPartyClientSdk(config);
+const config = require('./config')
+const RelyingPartyClientSdk = require('@connectid-tools/rp-nodejs-sdk')
+const rpClient = new RelyingPartyClientSdk(config)
 ```
 | Property                              | Description                                                                                                                                                                                                                                                                                                                                          | Example value                                                                                                                                      |
-|---------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------|
+| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `ca_pem`                              | The collection of trusted root certificates that can be used for certification validation. May be an absolute or relative path.                                                                                                                                                                                                                      | `'./conf/ca.pem'  `                                                                                                                                |
 | `ca_pem_content`                      | The collection of trusted root certificates content (string) that can be used for certification validation. Overrides `ca_pem`.                                                                                                                                                                                                                      | `'-----BEGIN CERTIFICATE----- MIIFnTCCBIWgAwIBAgIUKl2OAbHVc1r9isRs6WIExS/1BLgwDQYJKoZIhvcNAQEL...'`                                                |
 | `signing_kid`                         | The id for the signing key in the JWKS. This can be found in the registry via Software Statements -> Client Details -> Certificates                                                                                                                                                                                                                  | `'Xf1Pf-GXyhryOY5wwg0ddL5yzUicIcQrOIxja0yHhpg'`                                                                                                    |
@@ -149,21 +156,21 @@ The expected interactions between the Relying Party and RP Connector as part of
 The key steps are:
-* Retrieve the list of Participants so the user can be prompted to choose their bank
-* Send a pushed authorisation request to the selected bank with the requested claims and redirect the user to their bank
-* Use the callback querystring to retrieve the access token and identity token with the claims the user has consented to share
+- Retrieve the list of Participants so the user can be prompted to choose their bank
+- Send a pushed authorisation request to the selected bank with the requested claims and redirect the user to their bank
+- Use the callback querystring to retrieve the access token and identity token with the claims the user has consented to share
 ```mermaid
 sequenceDiagram
     Customer->>+Relying Party: Use Digital ID
     Relying Party->>+rp-nodejs-sdk: getParticipants()
     rp-nodejs-sdk-->>-Relying Party: Participant metadata
-    Relying Party-->>-Customer: Display Bank Selector
+    Relying Party-->>-Customer: Display Bank Selector
     Customer->>+Relying Party: Select Bank
     Relying Party->>+rp-nodejs-sdk: sendPushedAuthorisationRequest()
     rp-nodejs-sdk-->>-Relying Party: authUrl, codeVerifier, state, nonce
     Note right of Relying Party: The RP must associate the codeVerifier,<br/>state and nonce with the user<br/>to use when retrieving claims
-    Relying Party-->>-Customer: redirect to Bank using authUrl
+    Relying Party-->>-Customer: redirect to Bank using authUrl
     Customer->>+Bank: redirect to AuthUrl
     Bank->>Bank: Authenticate & Capture Consent
     Bank-->>-Customer: Redirect customer to RP callback URI
@@ -188,126 +195,126 @@ You may also set the `required_claims` and `required_participant_certifications`
 based on the needs of your use case (eg: if you require IDPs to be TDIF certified).
 ```javascript
-const idps = await rpClient.getParticipants();
+const idps = await rpClient.getParticipants()
 ```
 The response will contain an array of Organisations and their Authorisation Server, with an object structure similar to below.
 They key fields of interest are:
-* `CustomerFriendlyName` - this is the name of the Bank to display to the customer
-* `CustomerFriendlyLogoUri` - this is a logo for the Bank that can be displayed alongside the bank name
-* `AuthorisationServerId` - this uniquely identifies the authorisation server. It will be needed as part of the next call
-in the flow to identify the Authorisation Server to send the PAR to.
+- `CustomerFriendlyName` - this is the name of the Bank to display to the customer
+- `CustomerFriendlyLogoUri` - this is a logo for the Bank that can be displayed alongside the bank name
+- `AuthorisationServerId` - this uniquely identifies the authorisation server. It will be needed as part of the next call
+  in the flow to identify the Authorisation Server to send the PAR to.
 Note that in the response there may be:
-* multiple organisations - each Bank will be its own organisation
-* multiple authorisation servers per bank - a Bank may have different authorisation servers for its different brands (or potentially
-to differentiate Business Banking from Retail Banking)
+- multiple organisations - each Bank will be its own organisation
+- multiple authorisation servers per bank - a Bank may have different authorisation servers for its different brands (or potentially
+  to differentiate Business Banking from Retail Banking)
 ```json
-    [
+[
+  {
+    "Status": "Active",
+    "OrgDomainRoleClaims": [],
+    "AuthorisationServers": [
       {
-        "Status": "Active",
-        "OrgDomainRoleClaims": [],
-        "AuthorisationServers": [
-          {
-            "PayloadSigningCertLocationUri": "https://auth.bank4.directory.sandbox.connectid.com.au/na",
-            "ParentAuthorisationServerId": null,
-            "OpenIDDiscoveryDocument": "https://auth.bank4.directory.sandbox.connectid.com.au/.well-known/openid-configuration",
-            "CustomerFriendlyName": "Bank W",
-            "CustomerFriendlyDescription": "Bank4",
-            "TermsOfServiceUri": null,
-            "ApiResources": [],
-            "AutoRegistrationSupported": true,
-            "CustomerFriendlyLogoUri": "https://static.relyingparty.net/BankW.svg",
-            "SupportsDCR": false,
-            "AuthorisationServerCertifications": [],
-            "SupportsCiba": false,
-            "DeveloperPortalUri": null,
-            "NotificationWebhookAddedDate": null,
-            "AuthorisationServerId": "cde44c30-9138-4b58-ba50-221833d14319"
-          },
-          {
-            "PayloadSigningCertLocationUri": "https://auth.bank3.directory.sandbox.connectid.com.au/na",
-            "ParentAuthorisationServerId": null,
-            "OpenIDDiscoveryDocument": "https://auth.bank3.directory.sandbox.connectid.com.au/.well-known/openid-configuration",
-            "CustomerFriendlyName": "Bank N",
-            "CustomerFriendlyDescription": "Bank3",
-            "TermsOfServiceUri": null,
-            "ApiResources": [],
-            "AutoRegistrationSupported": true,
-            "CustomerFriendlyLogoUri": "https://static.relyingparty.net/BankN.svg",
-            "SupportsDCR": false,
-            "AuthorisationServerCertifications": [],
-            "SupportsCiba": false,
-            "DeveloperPortalUri": null,
-            "NotificationWebhookAddedDate": null,
-            "AuthorisationServerId": "22c2d67e-4d95-414a-b51a-ca863e9d691d"
-          }
-        ],
-        "OrgDomainClaims": [],
-        "Size": null,
-        "RegistrationId": null,
-        "OrganisationId": "ed63c5b4-4dcb-4867-bd8b-e2b04a0ab04b",
-        "City": "Banksville",
-        "Postcode": "4103",
-        "AddressLine2": "Bank Town",
-        "RegisteredName": "RefBank",
-        "AddressLine1": "1 Reference Bank Street",
-        "LegalEntityName": "Reference Bank",
-        "OrganisationName": "Reference Banks",
-        "Country": "AU",
-        "RegistrationNumber": "ABN 123 456 7890",
-        "CreatedOn": "2021-12-14T23:09:03.581Z",
-        "Tag": null,
-        "ParentOrganisationReference": "",
-        "CompanyRegister": "ABN",
-        "CountryOfRegistration": "AU"
+        "PayloadSigningCertLocationUri": "https://auth.bank4.directory.sandbox.connectid.com.au/na",
+        "ParentAuthorisationServerId": null,
+        "OpenIDDiscoveryDocument": "https://auth.bank4.directory.sandbox.connectid.com.au/.well-known/openid-configuration",
+        "CustomerFriendlyName": "Bank W",
+        "CustomerFriendlyDescription": "Bank4",
+        "TermsOfServiceUri": null,
+        "ApiResources": [],
+        "AutoRegistrationSupported": true,
+        "CustomerFriendlyLogoUri": "https://static.relyingparty.net/BankW.svg",
+        "SupportsDCR": false,
+        "AuthorisationServerCertifications": [],
+        "SupportsCiba": false,
+        "DeveloperPortalUri": null,
+        "NotificationWebhookAddedDate": null,
+        "AuthorisationServerId": "cde44c30-9138-4b58-ba50-221833d14319"
       },
       {
-        "Status": "Active",
-        "OrgDomainRoleClaims": [],
-        "AuthorisationServers": [
-          {
-            "PayloadSigningCertLocationUri": "https://mtls.partner.idp.test.commbank.com.au/pf/JWKS",
-            "ParentAuthorisationServerId": null,
-            "OpenIDDiscoveryDocument": "https://mtls.partner.idp.test.commbank.com.au/.well-known/openid-configuration",
-            "CustomerFriendlyName": "Commonwealth Bank",
-            "CustomerFriendlyDescription": "Test IDP for CBA",
-            "TermsOfServiceUri": null,
-            "ApiResources": [],
-            "AutoRegistrationSupported": true,
-            "CustomerFriendlyLogoUri": "https://www.commbank.com.au/test.svg",
-            "SupportsDCR": false,
-            "AuthorisationServerCertifications": [],
-            "SupportsCiba": false,
-            "DeveloperPortalUri": null,
-            "NotificationWebhookAddedDate": null,
-            "AuthorisationServerId": "355df9aa-bf8f-4cec-aa4d-78b10356762e"
-          }
-        ],
-        "OrgDomainClaims": [],
-        "Size": null,
-        "RegistrationId": "",
-        "OrganisationId": "adf2af89-2782-4058-86d9-ff3a9068e4a5",
-        "City": "Sydney",
-        "Postcode": "2000",
-        "AddressLine2": "201 Sussex Street",
-        "RegisteredName": "Commonwealth Bank of Australia",
-        "AddressLine1": "Ground Floor Tower 1",
-        "LegalEntityName": "Commonwealth Bank of Australia",
-        "OrganisationName": "Commonwealth Bank of Australia",
-        "Country": "AU",
-        "RegistrationNumber": "ABN 48 123 123 124",
-        "CreatedOn": "2022-03-14T00:42:29.202Z",
-        "Tag": null,
-        "ParentOrganisationReference": "",
-        "CompanyRegister": "ABN",
-        "CountryOfRegistration": "AU"
+        "PayloadSigningCertLocationUri": "https://auth.bank3.directory.sandbox.connectid.com.au/na",
+        "ParentAuthorisationServerId": null,
+        "OpenIDDiscoveryDocument": "https://auth.bank3.directory.sandbox.connectid.com.au/.well-known/openid-configuration",
+        "CustomerFriendlyName": "Bank N",
+        "CustomerFriendlyDescription": "Bank3",
+        "TermsOfServiceUri": null,
+        "ApiResources": [],
+        "AutoRegistrationSupported": true,
+        "CustomerFriendlyLogoUri": "https://static.relyingparty.net/BankN.svg",
+        "SupportsDCR": false,
+        "AuthorisationServerCertifications": [],
+        "SupportsCiba": false,
+        "DeveloperPortalUri": null,
+        "NotificationWebhookAddedDate": null,
+        "AuthorisationServerId": "22c2d67e-4d95-414a-b51a-ca863e9d691d"
       }
-    ]
+    ],
+    "OrgDomainClaims": [],
+    "Size": null,
+    "RegistrationId": null,
+    "OrganisationId": "ed63c5b4-4dcb-4867-bd8b-e2b04a0ab04b",
+    "City": "Banksville",
+    "Postcode": "4103",
+    "AddressLine2": "Bank Town",
+    "RegisteredName": "RefBank",
+    "AddressLine1": "1 Reference Bank Street",
+    "LegalEntityName": "Reference Bank",
+    "OrganisationName": "Reference Banks",
+    "Country": "AU",
+    "RegistrationNumber": "ABN 123 456 7890",
+    "CreatedOn": "2021-12-14T23:09:03.581Z",
+    "Tag": null,
+    "ParentOrganisationReference": "",
+    "CompanyRegister": "ABN",
+    "CountryOfRegistration": "AU"
+  },
+  {
+    "Status": "Active",
+    "OrgDomainRoleClaims": [],
+    "AuthorisationServers": [
+      {
+        "PayloadSigningCertLocationUri": "https://mtls.partner.idp.test.commbank.com.au/pf/JWKS",
+        "ParentAuthorisationServerId": null,
+        "OpenIDDiscoveryDocument": "https://mtls.partner.idp.test.commbank.com.au/.well-known/openid-configuration",
+        "CustomerFriendlyName": "Commonwealth Bank",
+        "CustomerFriendlyDescription": "Test IDP for CBA",
+        "TermsOfServiceUri": null,
+        "ApiResources": [],
+        "AutoRegistrationSupported": true,
+        "CustomerFriendlyLogoUri": "https://www.commbank.com.au/test.svg",
+        "SupportsDCR": false,
+        "AuthorisationServerCertifications": [],
+        "SupportsCiba": false,
+        "DeveloperPortalUri": null,
+        "NotificationWebhookAddedDate": null,
+        "AuthorisationServerId": "355df9aa-bf8f-4cec-aa4d-78b10356762e"
+      }
+    ],
+    "OrgDomainClaims": [],
+    "Size": null,
+    "RegistrationId": "",
+    "OrganisationId": "adf2af89-2782-4058-86d9-ff3a9068e4a5",
+    "City": "Sydney",
+    "Postcode": "2000",
+    "AddressLine2": "201 Sussex Street",
+    "RegisteredName": "Commonwealth Bank of Australia",
+    "AddressLine1": "Ground Floor Tower 1",
+    "LegalEntityName": "Commonwealth Bank of Australia",
+    "OrganisationName": "Commonwealth Bank of Australia",
+    "Country": "AU",
+    "RegistrationNumber": "ABN 48 123 123 124",
+    "CreatedOn": "2022-03-14T00:42:29.202Z",
+    "Tag": null,
+    "ParentOrganisationReference": "",
+    "CompanyRegister": "ABN",
+    "CountryOfRegistration": "AU"
+  }
+]
 ```
 ## getFallbackProviderParticipants()
@@ -323,13 +330,12 @@ Note that there is only expected to be a single Fallback Provider for the scheme
 auth server should be returned here).
 ```javascript
-const fallbackProviders = await rpClient.getFallbackProviderParticipants();
+const fallbackProviders = await rpClient.getFallbackProviderParticipants()
 ```
 The response will contain an array of Organisations and their Authorisation Servers, with the structure the same
 as that for `getParticipants()`.
 ## sendPushedAuthorisationRequest(authServerId: string, essentialClaims: string[], voluntaryClaims: string[] = [], purpose: string = '{default value from config}')
 This sends a Pushed Authorisation Request to the specified Identity Server requesting the list of supplied claims. The response
@@ -338,24 +344,24 @@ process.
 The required function parameters are:
-* `authorisationServerId` - identifies the authorisation server to send the PAR to
-* `essentialClaims` - a list of the identity essential claim names that being requested for the user.
-Note that permitted claim names are defined in section 6 of the [Digital ID API Security Profile](https://docs.sandbox.connectid.com.au/docs/network-documentation/technical-specifications/) specification.
-When the IDP is obtaining user consent, the only method for a user to opt out of consenting to an `essential` claim is to cancel the entire transaction.
-* `voluntaryClaims` - a list of the identity voluntary claim names that are being requested for the user.
-Note that permitted claim names are defined in section 6 of the [Digital ID API Security Profile](https://docs.sandbox.connectid.com.au/docs/network-documentation/technical-specifications/) specification.
-When the IDP is obtaining user consent, they may allow the user to opt out of consenting to providing each of the `voluntary` claims, while still consenting to all `essential` claims.
-If a user does not consent to `voluntary` claims, but does consent to `essential` claims, this will result in a successful transaction.
-* `purpose` - the purpose to be displayed to the consumer on the IDP consent screen to indicate why their data is being requested to be shared. If not supplied, the default purpose configured in the SDK config will be used.
+- `authorisationServerId` - identifies the authorisation server to send the PAR to
+- `essentialClaims` - a list of the identity essential claim names that being requested for the user.
+  Note that permitted claim names are defined in section 6 of the [Digital ID API Security Profile](https://docs.sandbox.connectid.com.au/docs/network-documentation/technical-specifications/) specification.
+  When the IDP is obtaining user consent, the only method for a user to opt out of consenting to an `essential` claim is to cancel the entire transaction.
+- `voluntaryClaims` - a list of the identity voluntary claim names that are being requested for the user.
+  Note that permitted claim names are defined in section 6 of the [Digital ID API Security Profile](https://docs.sandbox.connectid.com.au/docs/network-documentation/technical-specifications/) specification.
+  When the IDP is obtaining user consent, they may allow the user to opt out of consenting to providing each of the `voluntary` claims, while still consenting to all `essential` claims.
+  If a user does not consent to `voluntary` claims, but does consent to `essential` claims, this will result in a successful transaction.
+- `purpose` - the purpose to be displayed to the consumer on the IDP consent screen to indicate why their data is being requested to be shared. If not supplied, the default purpose configured in the SDK config will be used.
 The method will return: `{ authUrl, code_verifier, state, nonce, xFapiInteractionId }`. The fields are:
-* `authUrl` - the URL the user must be redirected to in order to complete the authorisation process with their Identity Provider
-* `codeVerifier`
-* `state`
-* `nonce`
-* `xFapiInteractionId` - a unique identifier for this interaction with the Authorisation Server, that was sent in the `x-fapi-interaction-id` request
-header to the server. Intended as a correlation id for diagnosing issues between the client and the authorisation server.
+- `authUrl` - the URL the user must be redirected to in order to complete the authorisation process with their Identity Provider
+- `codeVerifier`
+- `state`
+- `nonce`
+- `xFapiInteractionId` - a unique identifier for this interaction with the Authorisation Server, that was sent in the `x-fapi-interaction-id` request
+  header to the server. Intended as a correlation id for diagnosing issues between the client and the authorisation server.
 The `codeVerifier`, `state` and `nonce` are all associated with this specific PAR and are required when retrieving the
 token claims when the user has authorised the request. You must securely associate these with your user request
@@ -365,19 +371,19 @@ so that you can use them on the subsequent call.
 ```typescript
 interface CallbackParamsType {
-  access_token?: string;
-  code?: string;
-  error?: string;
-  error_description?: string;
-  error_uri?: string;
-  expires_in?: string;
-  id_token?: string;
-  state?: string;
-  token_type?: string;
-  session_state?: string;
-  response?: string;
-  [key: string]: unknown;
+  access_token?: string
+  code?: string
+  error?: string
+  error_description?: string
+  error_uri?: string
+  expires_in?: string
+  id_token?: string
+  state?: string
+  token_type?: string
+  session_state?: string
+  response?: string
+  [key: string]: unknown
 }
 ```
@@ -387,11 +393,11 @@ identity token with the claims. The tokens are then returned to the API caller.
 The required function parameters are:
-* `authorisationServerId` - identifies the authorisation server providing the user information
-* `requestParams` - the full querystring from the callback to the Relying Party callback address
-* `codeVerifier` - from the response to the PAR for this identity request
-* `state` - from the response to the PAR for this identity request
-* `nonce` - from the response to the PAR for this identity request
+- `authorisationServerId` - identifies the authorisation server providing the user information
+- `requestParams` - the full querystring from the callback to the Relying Party callback address
+- `codeVerifier` - from the response to the PAR for this identity request
+- `state` - from the response to the PAR for this identity request
+- `nonce` - from the response to the PAR for this identity request
 The method will return a `ConsolidatedTokenSet` which extends [Tokenset](https://github.com/panva/node-openid-client/blob/main/docs/README.md#class-tokenset)
 that contains the access_token and id_token. The user identity claims can be retrieved using the utility method `claims()`
@@ -408,33 +414,49 @@ All user identity claims will be provided as part of the `id_token` returned by
 The required function parameters are:
-* `authorisationServerId` - identifies the authorisation server providing the user information
-* `accessToken` - the access token provided by `retrieveTokens`
+- `authorisationServerId` - identifies the authorisation server providing the user information
+- `accessToken` - the access token provided by `retrieveTokens`
 # Release Notes
-### 4.1.0 (Feb 25, 2024)
+### 4.2.1 (Nov 27, 2025)
+- Updated dependencies.
+### 4.2.0 (Aug 8, 2025)
+- `cba_loyalty` claim.
+### 4.1.0 (Feb 25, 2025)
 - Implemented user-agent support.
-### 4.0.5 (Feb 24, 2024)
+### 4.0.5 (Feb 24, 2025)
 - Add README.md and license files to bundle.
-### 4.0.4 (Feb 21, 2024)
+### 4.0.4 (Feb 21, 2025)
 - Remove `declarationMap`.
 ### 4.0.3 (Nov 29, 2024)
 - Issuer value for aud in private_key_jwt.
 ### 4.0.2 (Oct 22, 2024)
 - Single string audience in the private key jwt.
 ### 4.0.1 (Oct 1, 2024)
 - Changed type of `ApiResources` from `str` to `ApiResource`.
 ### 4.0.0 (Sep 2, 2024)
 - Breaking change: removed essential claims default value. If you are relying on essential claims default value calling `sendPushedAuthorisationRequest` then you need to provide the claims explicitly. Otherwise, no need to change anything.
 How it was:
 ```typescript
 const defaultClaimList: string[] = ['given_name', 'middle_name', 'family_name', 'phone_number', 'email', 'address', 'birthdate', 'txn']
@@ -442,37 +464,47 @@ async sendPushedAuthorisationRequest(authServerId: string, essentialClaims: stri
 ```
 How it is now:
 ```typescript
 async sendPushedAuthorisationRequest(authServerId: string, essentialClaims: string[], voluntaryClaims: string[] = [], purpose: string = this.purpose) {
 ```
 ### 4.0.0 (Sep 23, 2024)
 - Updated Node version to 20.x.
-- Removed jest and axios dependencies.
+- Removed jest and axios dependencies.
 ### 3.0.0 (Aug 27, 2024)
 - Breaking change: removed `name` from essential claims default value. If you are relying on essential claims default value calling `sendPushedAuthorisationRequest` and use `name` claim then you need to provide `name` claim explicitly. Otherwise, no need to change anything.
 ### 2.15.0 (Jun 20, 2024)
 - Updated purpose statement.
 - Dependencies updated.
 ### 2.14.1 (Jun 17, 2024)
 - Removed `got` dependency and used `fetch` instead.
 ### 2.14.0 (Jun 12, 2024)
-- Added cache to `getParticipants()` method.
+- Added cache to `getParticipants()` method.
 ### 2.13.0 (April 17, 2024)
 - Updated dependencies
 ### 2.12.3 (Nov 8, 2023)
 - `nonce` should have 43 chars.
 ### 2.12.2 (Nov 8, 2023)
 - Updated README.md to include `tsconfig` suggestion.
 ### 2.12.1 (Nov 7, 2023)
 - Made `ca_pem` optional. Although either `ca_pem` or `ca_pem_content` must be provided.
 - Made `signing_key` optional. Although either `signing_key` or `signing_key_content` must be provided.
 - Made `signing_pem` optional. Although either `signing_pem` or `signing_pem_content` must be provided.
@@ -480,97 +512,126 @@ async sendPushedAuthorisationRequest(authServerId: string, essentialClaims: stri
 - Made `transport_pem` optional. Although either `transport_pem` or `transport_pem_content` must be provided.
 ### 2.12.0 (October 19, 2023)
 - Added support to Node 18.
 ### 2.11.2 (August 22, 2023)
 - Conformance test succeed on warnings.
 ### 2.11.1 (August 3, 2023)
 - Added automated Conformance test.
 ### 2.11.0 (August 1, 2023)
 - Updated trust_framework in the PAR to contain an object `{ value: 'au_connectid' }` instead of having a string value. This
-is to bring it inline with OIDC4A spec that requires trust_framework to contain an object.
+  is to bring it inline with OIDC4A spec that requires trust_framework to contain an object.
 ### 2.10.0 (July 31, 2023)
 - Updated documentation to include `registry_participants_uri` parameter.
 - Updated two testcases.
 ### 2.9.0 (July 17, 2023)
 - Updated `getParticipants()` so it only returns participants that are active in the network by default. Can be
-overridden using config to return all if required. Also allow filtering of Auth Servers by capabilities.
+  overridden using config to return all if required. Also allow filtering of Auth Servers by capabilities.
 - Added `getFallbackProviderParticipants()` to return the manual verification authorisation server.
 - Note that `sendPushedAuthorisationRequest()` will require the auth server id to be valid for the current filter config (eg: Active auth servers).
 ### 2.8.0 (June 7, 2023)
 - Ensured that the `txn` claim is always requested so clients always have a reference for the transaction.
 ### 2.7.2 (June 6, 2023)
 - Removed `redirect_url` and `response_type` authorization request parameters from the request to the authorization endpoint to comply with FAPI2 Security Profile Implementers Draft 3.
 ### 2.7.1 (June 5, 2023)
 - Removed `scope` authorization request parameter from the request to the authorization endpoint to comply with FAPI2 Security Profile Implementers Draft 3.
 ### 2.7.0 (May 31, 2023)
 - Enhanced logging so x-fapi-interaction-id logged for PAR and token requests.
 ### 2.6.1 (May 29, 2023)
 - Fixed invalid main file definition.
 ### 2.6.0 (May 29, 2023)
 - Added support for `purpose` as request object parameter on PAR requests. Can be supplied per request or use the default supplied via config.
 ### 2.5.0 (May 24, 2023)
 - Added support for `x-fapi-interaction-id` headers on PAR, token and userinfo requests.
 ### 2.4.1 (May 5, 2023)
 - Updated clientId details for testing and documentation to use a federated clientId.
 ### 2.4.0 (March 28, 2023)
 - Reimplemented extended claims, which now supports the following claims: `over16`, `over18`, `over21`, `over25`, `over65`, `beneficiary_account_au`, `beneficiary_account_au_payid`, `beneficiary_account_international`.
 - Implemented strict mode for TypeScript to prevent the use of `any` type and other unsafe types.
 - Fix for `ClaimsRequest` type to support non-verified claims in the type definition.
 ### 2.3.0 (March 10, 2023)
 - Added support for the following extended claims: `over16`, `over18`, `over21`, `over25`, `over65`, `beneficiary_account`, `pay_id`.
 ### 2.2.0 (Feb 20, 2023)
 - Maintenance update of dependencies to address CVE-2022-36083 in JOSE library.
 ### 2.1.0 (Feb 13, 2023)
 - Moved `prompt=consent` parameter to pushed authorisation request object instead of a URL parameter.
 ### 2.0.7 (Dec 22, 2022)
 - Run on Node 14 and 16 (openid-client lib does not support Node 18 yet).
 ### 2.0.6 (Dec 21, 2022)
 - Removed the need to use `--experimental-specifier-resolution=node` flag when importing the SDK.
 - Log SDK version.
 ### 2.0.5 (Dec 20, 2022)
 - Updated documentation.
 ### 2.0.4 (Dec 20, 2022)
 - Fixed `RelyingPartyClientSdk is not a constructor`.
 ### 2.0.3 (Dec 20, 2022)
 - Made `ca_pem_content, signing_key_content, signing_pem_content, transport_key_content, transport_pem_content` from `RelyingPartyClientSdkConfig` optional.
 ### 2.0.2 (Dec 20, 2022)
 - Removed version logging when SDK is created.
 ### 2.0.1 (Dec 20, 2022)
 - Fixed npm publish.
 ### 2.0.0 (Dec 19, 2022)
-- Typescript support.
+- Typescript support.
 - Breaking change: SDK imported using `require` will need to add a `default` at the end of the import.
 ```javascript
 const RelyingPartyClientSdk = require('@idmvp/rp-nodejs-sdk').default
 ```
 ### 1.2.3 (Oct 24, 2022)
 - Code formatting. See `.prettierrc.json`.
 ### 1.2.2
 \<starting point\>

package/config.js CHANGED Viewed

@@ -1,7 +1,7 @@
 export const config = {
     data: {
         // Set the signing Key Id based on what is contained in the JWKS
-        signing_kid: 'roHtgBlRFapqTHbc8EzXIIgO_bu5YHlEjx75vIcaxfE',
+        signing_kid: 'lHf9shwoF1wEES2sB9TBafbs0AVrLiU-1_ntzCrBo8A',
         // The location of the signing certificate and key that are used for signing purposes
         signing_key: './certs/signing.key',
         signing_pem: './certs/signing.pem', // TODO not being used atm
@@ -9,7 +9,7 @@ export const config = {
         transport_key: './certs/transport.key',
         transport_pem: './certs/transport.pem',
         // The location of the root certificate for the trust authority
-        ca_pem: './certs/connectid-sandbox-ca.pem',
+        ca_pem: './certs/ca.pem',
         // This is the URL that this application is actually running on and using for callbacks (noting that multiple may be registered for the client)
         application_redirect_uri: 'https://tpp.localhost/cb',
         // The registry API endpoint that will list all participants with their auth server details

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@connectid-tools/rp-nodejs-sdk",
-  "version": "4.1.0",
+  "version": "4.2.1",
   "description": "Digital Identity Relying Party Node SDK",
   "main": "relying-party-client-sdk.js",
   "types": "relying-party-client-sdk.d.ts",
@@ -36,13 +36,16 @@
     "winston": "^3.17.0"
   },
   "devDependencies": {
-    "@types/node": "^20.17.19",
+    "@types/node": "^20.19.9",
     "@types/openid-client": "^3.7.0",
     "add-js-extension": "^1.0.4",
-    "eslint": "^9.21.0",
-    "prettier": "^3.5.2",
+    "eslint": "^9.32.0",
+    "prettier": "^3.6.2",
     "replace-in-files-cli": "^2.2.0",
-    "tsx": "^4.19.3",
-    "typescript": "^5.7.3"
+    "tsx": "^4.20.3",
+    "typescript": "^5.9.2"
+  },
+  "overrides": {
+    "node-forge": "^1.3.2"
   }
 }

package/relying-party-client-sdk.js CHANGED Viewed

@@ -17,7 +17,7 @@ import { illegalPurposeChars, isValidCertificate, validatePurpose } from './vali
 import { generatePushAuthorisationRequestParams } from './utils/request-utils.js';
 import { buildUserAgent } from './utils/user-agent.js';
 // The extended list of claims which can be requested for a user
-const extendedClaimList = ['over16', 'over18', 'over21', 'over25', 'over65', 'beneficiary_account_au', 'beneficiary_account_au_payid', 'beneficiary_account_international'];
+const extendedClaimList = ['over16', 'over18', 'over21', 'over25', 'over65', 'beneficiary_account_au', 'beneficiary_account_au_payid', 'beneficiary_account_international', 'cba_loyalty'];
 export default class RelyingPartyClientSdk {
     constructor(config) {
         this.purpose = 'verifying your identity';
@@ -43,7 +43,7 @@ export default class RelyingPartyClientSdk {
         this.signingKey = getCertificate(this.config.data.signing_key, this.config.data.signing_key_content);
         this.caPem = getCertificate(this.config.data.ca_pem, this.config.data.ca_pem_content);
         this.logger = getLogger(this.config.data.log_level);
-        this.logger.info(`Creating RelyingPartyClientSdk - version 4.1.0`);
+        this.logger.info(`Creating RelyingPartyClientSdk - version 4.2.1`);
         if (this.config.data.purpose) {
             const purposeValidation = validatePurpose(this.config.data.purpose);
             if (purposeValidation === 'INVALID_LENGTH') {
@@ -75,7 +75,7 @@ export default class RelyingPartyClientSdk {
         globalAgent.options.key = this.transportKey;
         globalAgent.options.ca = [this.caPem, ...rootCertificates];
         custom.setHttpOptionsDefaults({ timeout: 10000 });
-        // 4.1.0 is replaced with `postbuild` script in package.json (see replace-in-files)
+        // 4.2.1 is replaced with `postbuild` script in package.json (see replace-in-files)
         this.logger.info(`Using ${this.config.data.transport_key_content ? 'transport_key_content' : 'transport_key'} config prop`);
         this.logger.info(`Using ${this.config.data.transport_pem_content ? 'transport_pem_content' : 'transport_pem'} config prop`);
         this.logger.info(`Using ${this.config.data.ca_pem_content ? 'ca_pem_content' : 'ca_pem'} config prop`);

package/utils/cert-utils.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export declare const getCertificate: (certificatePath?: string, certificateContent?: string) => string \| ~~Buffer<ArrayBufferLike>;~~
1	+ export declare const getCertificate: (certificatePath?: string, certificateContent?: string) => string \| NonSharedBuffer;

package/utils/user-agent.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export declare const packageJsonVersion = "4.1.0";
+export declare const packageJsonVersion = "4.2.1";
 export declare const buildUserAgent: (clientId: string) => string;

package/utils/user-agent.js CHANGED Viewed

@@ -1,6 +1,4 @@
 import { getSystemInformation } from './system-information.js';
 // important: Update this every time the package version changes
-export const packageJsonVersion = '4.1.0';
-export const buildUserAgent = (clientId) => {
-    return `cid-rp-nodejs-sdk/${packageJsonVersion} ${getSystemInformation()} +${clientId}`;
-};
+export const packageJsonVersion = '4.2.1';
+export const buildUserAgent = (clientId) => `cid-rp-nodejs-sdk/${packageJsonVersion} ${getSystemInformation()} +${clientId}`;