@connectid-tools/rp-nodejs-sdk 4.2.1 → 5.0.1

package/relying-party-client-sdk.js

@@ -1,31 +1,19 @@
-// Simple API wrapper over the node-openid-client that provides utility methods
-// supporting the specific implementation required for the ConnectID Digital Identity
-// solution.
-//
-// The intent is the Relying Parties can use this as a simple SDK for interacting
-// with the ConnectID solution.
-import { exportJWK } from 'jose';
-import { createPrivateKey, randomUUID } from 'crypto';
-import { globalAgent } from 'node:https';
-import { rootCertificates } from 'node:tls';
-import { custom, Issuer } from 'openid-client';
 import { getCertificate } from './utils/cert-utils.js';
-import { partition } from './utils/functional-utils.js';
 import { getLogger } from './logger.js';
 import ParticipantFilters from './filter/participant-filters.js';
 import { illegalPurposeChars, isValidCertificate, validatePurpose } from './validator.js';
-import { generatePushAuthorisationRequestParams } from './utils/request-utils.js';
-import { buildUserAgent } from './utils/user-agent.js';
-// The extended list of claims which can be requested for a user
-const extendedClaimList = ['over16', 'over18', 'over21', 'over25', 'over65', 'beneficiary_account_au', 'beneficiary_account_au_payid', 'beneficiary_account_international', 'cba_loyalty'];
+import { CryptoLoader } from './crypto/crypto-loader.js';
+import { JwtHelper } from './crypto/jwt-helper.js';
+import { HttpClientFactory } from './http/http-client-factory.js';
+import { ParticipantsEndpoint } from './endpoints/participants-endpoint.js';
+import { PushedAuthorisationRequestEndpoint } from './endpoints/pushed-authorisation-request-endpoint.js';
+import { RetrieveTokenEndpoint } from './endpoints/retrieve-token-endpoint.js';
+import { UserInfoEndpoint } from './endpoints/userinfo-endpoint.js';
 export default class RelyingPartyClientSdk {
     constructor(config) {
         this.purpose = 'verifying your identity';
-        this.participantFilters = new ParticipantFilters();
-        this.default_cache_ttl = 600;
-        this.cachedParticipantsExpiry = 0;
-        this.cachedParticipants = [];
         this.config = config;
+        // Validate certificates
         if (!isValidCertificate(this.config.data.transport_key, this.config.data.transport_key_content)) {
             throw new Error('Either transport_key or transport_key_content must be provided');
         }
@@ -38,30 +26,28 @@ export default class RelyingPartyClientSdk {
         if (!isValidCertificate(this.config.data.ca_pem, this.config.data.ca_pem_content)) {
             throw new Error('Either ca_pem or ca_pem_content must be provided');
         }
-        this.transportKey = getCertificate(this.config.data.transport_key, this.config.data.transport_key_content);
-        this.transportPem = getCertificate(this.config.data.transport_pem, this.config.data.transport_pem_content);
-        this.signingKey = getCertificate(this.config.data.signing_key, this.config.data.signing_key_content);
-        this.caPem = getCertificate(this.config.data.ca_pem, this.config.data.ca_pem_content);
         this.logger = getLogger(this.config.data.log_level);
-        this.logger.info(`Creating RelyingPartyClientSdk - version 4.2.1`);
+        this.logger.info(`Creating RelyingPartyClientSdk - version 5.0.1`);
+        // Validate and set purpose
         if (this.config.data.purpose) {
             const purposeValidation = validatePurpose(this.config.data.purpose);
             if (purposeValidation === 'INVALID_LENGTH') {
                 this.logger.warn('Purpose must be between 3 and 300 characters');
-                throw new Error(`Invalid purpose for supplied in config: ${this.config.data.purpose}`);
+                throw new Error(`Invalid purpose supplied in config: ${this.config.data.purpose}`);
             }
             if (purposeValidation === 'INVALID_CHARACTERS') {
                 this.logger.warn(`Purpose cannot contain any of the following characters: ${illegalPurposeChars.join(',')}, purpose supplied: [${this.config.data.purpose}]`);
-                throw new Error(`Invalid purpose for supplied in config: ${this.config.data.purpose}`);
+                throw new Error(`Invalid purpose supplied in config: ${this.config.data.purpose}`);
             }
             this.purpose = this.config.data.purpose;
             this.logger.info(`Using default purpose supplied in config: ${this.purpose}`);
         }
         else {
-            this.logger.info(`Using built in default purpose: ${this.purpose}`);
+            this.logger.info(`Using built-in default purpose: ${this.purpose}`);
         }
+        // Log filtering configuration
         if (this.config.data.include_uncertified_participants) {
-            this.logger.info(`Identity provider list will not be filtered as include_uncertified_participants=true`);
+            this.logger.info('Identity provider list will not be filtered as include_uncertified_participants=true');
         }
         else {
             if (this.config.data.required_claims) {
@@ -71,294 +57,94 @@ export default class RelyingPartyClientSdk {
                 this.logger.info(`Identity provider list will be filtered for participants that support the following certifications: ${JSON.stringify(this.config.data.required_participant_certifications)}`);
             }
         }
-        globalAgent.options.cert = this.transportPem;
-        globalAgent.options.key = this.transportKey;
-        globalAgent.options.ca = [this.caPem, ...rootCertificates];
-        custom.setHttpOptionsDefaults({ timeout: 10000 });
-        // 4.2.1 is replaced with `postbuild` script in package.json (see replace-in-files)
+        // Log certificate source
         this.logger.info(`Using ${this.config.data.transport_key_content ? 'transport_key_content' : 'transport_key'} config prop`);
         this.logger.info(`Using ${this.config.data.transport_pem_content ? 'transport_pem_content' : 'transport_pem'} config prop`);
         this.logger.info(`Using ${this.config.data.ca_pem_content ? 'ca_pem_content' : 'ca_pem'} config prop`);
         this.logger.info(`Using ${this.config.data.signing_key_content ? 'signing_key_content' : 'signing_key'} config prop`);
-    }
-    // Get the list of Participating DPs within the scheme and their metadata
+        // Initialize crypto
+        const signingKeyObject = CryptoLoader.loadPrivateKey(getCertificate(this.config.data.signing_key, this.config.data.signing_key_content));
+        // Initialize JWT helper
+        this.jwtHelper = new JwtHelper(signingKeyObject, this.config.data.signing_kid, this.config.data.client_id);
+        // Initialize HTTP client
+        this.httpClient = HttpClientFactory.createClient({
+            transportKey: getCertificate(this.config.data.transport_key, this.config.data.transport_key_content),
+            transportPem: getCertificate(this.config.data.transport_pem, this.config.data.transport_pem_content),
+            caPem: getCertificate(this.config.data.ca_pem, this.config.data.ca_pem_content),
+            clientId: this.config.data.client_id,
+        });
+        // Initialize endpoints
+        this.participantsEndpoint = new ParticipantsEndpoint(this.config, new ParticipantFilters(), this.httpClient, this.logger, () => this.getCurrentDate());
+        this.pushedAuthorisationRequestEndpoint = new PushedAuthorisationRequestEndpoint(this.config, this.httpClient, this.jwtHelper, this.logger, this.participantsEndpoint);
+        this.retrieveTokenEndpoint = new RetrieveTokenEndpoint(this.config, this.httpClient, this.jwtHelper, this.logger, this.participantsEndpoint);
+        this.userInfoEndpoint = new UserInfoEndpoint(this.httpClient, this.logger, this.config.data.client_id, this.participantsEndpoint);
+    }
+    /**
+     * Get the list of participating identity providers within the scheme.
+     *
+     * Applies filtering based on SDK configuration.
+     *
+     * @returns List of participants
+     */
     async getParticipants() {
-        const participantsUri = this.config.data.registry_participants_uri;
-        try {
-            const participants = await this.retrieveFullParticipantsList(participantsUri);
-            this.logger.info(`Retrieved identity providers from ${participantsUri}, num orgs found: ${participants.length}`);
-            let filteredParticipants = this.participantFilters.removeFallbackIdentityServiceProvider(participants);
-            if (this.config.data.include_uncertified_participants) {
-                this.logger.info(`Identity provider list has not been filtered as include_uncertified_participants=true`);
-                filteredParticipants = this.participantFilters.removeParticipantsWithoutAuthServers(filteredParticipants);
-                return filteredParticipants;
-            }
-            filteredParticipants = this.participantFilters.removeOutOfDateCertifications(filteredParticipants, this.getCurrentDate());
-            filteredParticipants = this.participantFilters.removeUnofficialCertifications(filteredParticipants);
-            if (this.config.data.required_claims) {
-                this.logger.debug(`Identity provider list filtered for participants that support the following claims: ${JSON.stringify(this.config.data.required_claims)}`);
-                filteredParticipants = this.participantFilters.filterAuthServersForSupportedClaims(filteredParticipants, this.config.data.required_claims);
-            }
-            if (this.config.data.required_participant_certifications) {
-                this.logger.debug(`Identity provider list filtered for participants that support the following certifications: ${JSON.stringify(this.config.data.required_participant_certifications)}`);
-                filteredParticipants = this.participantFilters.filterForRequiredCertifications(filteredParticipants, this.config.data.required_participant_certifications);
-            }
-            filteredParticipants = this.participantFilters.removeInactiveAuthServers(filteredParticipants);
-            filteredParticipants = this.participantFilters.removeParticipantsWithoutAuthServers(filteredParticipants);
-            return filteredParticipants;
-        }
-        catch (e) {
-            throw new Error(`Unable to get participants from ${participantsUri}, ${e}`);
-        }
+        return this.participantsEndpoint.getParticipants();
     }
+    /**
+     * Get the list of fallback provider participants.
+     *
+     * @returns List of fallback provider participants
+     */
     async getFallbackProviderParticipants() {
-        const participantsUri = this.config.data.registry_participants_uri;
-        try {
-            const participants = await this.retrieveFullParticipantsList(participantsUri);
-            this.logger.info(`Retrieved identity providers, num orgs found: ${participants.length}`);
-            let filteredParticipants = this.participantFilters.removeOutOfDateCertifications(participants, this.getCurrentDate());
-            filteredParticipants = this.participantFilters.removeUnofficialCertifications(filteredParticipants);
-            filteredParticipants = this.participantFilters.filterForFallbackIdentityServiceProviders(filteredParticipants);
-            filteredParticipants = this.participantFilters.removeParticipantsWithoutAuthServers(filteredParticipants);
-            return filteredParticipants;
-        }
-        catch (e) {
-            throw new Error(`Unable to get participants from ${participantsUri}, ${e}`);
-        }
-    }
-    // This method is public, so we can mock the current date in tests
-    getCurrentDate() {
-        return new Date();
-    }
-    async fetchParticipants(participantsUri) {
-        const response = await fetch(participantsUri, {
-            headers: {
-                'User-Agent': buildUserAgent(this.config.data.client.client_id),
-            },
-        });
-        if (!response.ok) {
-            throw new Error(`Failed to retrieve participants from ${participantsUri}: status (${response.status})`);
-        }
-        return await response.json();
-    }
-    async retrieveFullParticipantsList(participantsUri) {
-        const currentTime = Date.now();
-        if (currentTime > this.cachedParticipantsExpiry) {
-            this.cachedParticipants = await this.fetchParticipants(participantsUri);
-            this.cachedParticipantsExpiry = currentTime + (this.config.data.cache_ttl ?? this.default_cache_ttl) * 1000;
-        }
-        // ensure the cached value remain untouched down the call stack by returning a deep copy
-        return this.cachedParticipants.map((participant) => Object.assign({}, participant));
-    }
-    // Create and send a pushed authorisation request to the specified authorisation
-    // server to allow the initiation of an OIDC flow.
+        return this.participantsEndpoint.getFallbackProviderParticipants();
+    }
+    /**
+     * Sends a Pushed Authorization Request (PAR).
+     *
+     * @param authServerId - Authorization server ID
+     * @param essentialClaims - Claims that must be provided
+     * @param voluntaryClaims - Claims that are optional
+     * @param purpose - Purpose string for data sharing
+     * @returns Object containing authorization URL and PKCE parameters
+     */
     async sendPushedAuthorisationRequest(authServerId, essentialClaims, voluntaryClaims = [], purpose = this.purpose) {
-        const purposeValidation = validatePurpose(purpose);
-        if (purposeValidation === 'INVALID_LENGTH') {
-            this.logger.warn('Purpose must be between 3 and 300 characters');
-            throw new Error(`Invalid purpose for supplied for PAR: ${purpose}`);
-        }
-        if (purposeValidation === 'INVALID_CHARACTERS') {
-            this.logger.warn(`Purpose cannot contain any of the following characters: ${illegalPurposeChars.join(',')}, purpose supplied: [${purpose}]`);
-            throw new Error(`Invalid purpose for supplied for PAR: ${purpose}`);
-        }
-        const xFapiInteractionId = this.generateXFapiInteractionId();
-        try {
-            const essentialClaimsWithTxn = [...new Set([...essentialClaims, 'txn'])];
-            const claimsRequest = this.generateClaimsRequest(essentialClaimsWithTxn, voluntaryClaims);
-            const authServer = await this.getAuthServerDetails(authServerId);
-            const { fapiClient } = await this.setupClient(authServer, xFapiInteractionId);
-            const { authUrl, code_verifier, state, nonce } = await this.generateRequest(fapiClient, claimsRequest, purpose);
-            this.logger.info(`Sent PAR to auth server: ${authServerId} - ${authServer.CustomerFriendlyName}, essential claims: ${essentialClaimsWithTxn}, voluntary claims: ${voluntaryClaims}, x-fapi-interaction-id: ${xFapiInteractionId}`);
-            return { authUrl, code_verifier, state, nonce, xFapiInteractionId };
-        }
-        catch (e) {
-            this.logger.error(`Error sending pushed authorisation request to authorisation server ${authServerId}, x-fapi-interaction-id: ${xFapiInteractionId}.`, e);
-            throw new Error(`Unable to send pushed authorisation request to ${authServerId}, x-fapi-interaction-id: ${xFapiInteractionId} - ${e}`);
-        }
-    }
-    // Process the callback response and return the tokens (access token and id token as a token set)
-    async retrieveTokens(authorisationServerId, requestParams, codeVerifier, state, nonce) {
-        const xFapiInteractionId = this.generateXFapiInteractionId();
-        try {
-            const authServer = await this.getAuthServerDetails(authorisationServerId);
-            const { fapiClient, localIssuer } = await this.setupClient(authServer, xFapiInteractionId);
-            const tokenSet = await fapiClient.callback(this.config.data.application_redirect_uri, requestParams, { code_verifier: codeVerifier, state, nonce, response_type: 'code' }, { clientAssertionPayload: { aud: localIssuer.metadata.issuer } });
-            this.logger.info(`Retrieved tokenSet from auth server: ${authorisationServerId} - ${authServer.CustomerFriendlyName}, x-fapi-interaction-id: ${xFapiInteractionId}, txn: ${tokenSet.claims().txn}`);
-            this.logger.debug(`Tokens returned from: ${authorisationServerId} - ${authServer.CustomerFriendlyName}: ${JSON.stringify(tokenSet)} claims: ${JSON.stringify(tokenSet.claims())}`);
-            // If using the OIDF test suite, need to make a call to userInfo when claims were successfully decoded
-            if (this.config.data.enable_auto_compliance_verification) {
-                this.logger.info('Auto compliance verification mode enabled, making call to userInfo since claims successfully decoded');
-                if (tokenSet.access_token != null) {
-                    await this.getUserInfo(authorisationServerId, tokenSet.access_token);
-                }
-            }
-            return this.buildConsolidatedTokenSet(tokenSet, xFapiInteractionId);
-        }
-        catch (e) {
-            this.logger.error(`Error retrieving tokens with authorisation server ${authorisationServerId}, x-fapi-interaction-id: ${xFapiInteractionId}`, e);
-            throw new Error(`Unable to retrieve tokens with authorisation server ${authorisationServerId}, x-fapi-interaction-id: ${xFapiInteractionId}`);
-        }
-    }
-    buildConsolidatedTokenSet(tokenSet, xFapiInteractionId) {
+        const { authUrl, codeVerifier, state, nonce, xFapiInteractionId } = await this.pushedAuthorisationRequestEndpoint.sendPushedAuthorisationRequest(authServerId, essentialClaims, voluntaryClaims, purpose);
         return {
-            ...tokenSet,
+            authUrl,
+            codeVerifier,
+            state,
+            nonce,
             xFapiInteractionId,
-            expired: () => tokenSet.expired(),
-            claims: () => tokenSet.claims(),
-            // @ts-ignore IdTokenClaims does not have `verified_claims` property (unknown)
-            consolidatedClaims: () => ({ ...tokenSet.claims(), ...tokenSet.claims().verified_claims?.claims }),
         };
     }
-    // Get the full details of an authorisation server given its AuthorisationServerId
-    async getAuthServerDetails(authServerId) {
-        const idps = await this.getParticipants();
-        const servers = idps.map(({ AuthorisationServers }) => AuthorisationServers).flat();
-        let found = servers.find(({ AuthorisationServerId }) => AuthorisationServerId === authServerId);
-        if (!found) {
-            // Check if it is one of the fallback servers
-            const fallbackIdps = await this.getFallbackProviderParticipants();
-            const fallbackServers = fallbackIdps.map(({ AuthorisationServers }) => AuthorisationServers).flat();
-            found = fallbackServers.find(({ AuthorisationServerId }) => AuthorisationServerId === authServerId);
-            if (!found) {
-                // Let the user know if was an auth server that was filtered out
-                const allAuthServers = (await this.retrieveFullParticipantsList(this.config.data.registry_participants_uri)).map(({ AuthorisationServers }) => AuthorisationServers).flat();
-                let exists = allAuthServers.find(({ AuthorisationServerId }) => AuthorisationServerId === authServerId);
-                let additionalLogInfo = exists ? ` Server exists but was filtered from results due to config settings for 'include_uncertified_participants', 'required_participant_certifications' and 'required_claims'` : '';
-                throw new Error(`Unable to find specified Authorisation Server: ${authServerId}${additionalLogInfo}`);
-            }
-        }
-        return found;
-    }
-    // Turn the list of claim names into the claims request to use as part of the PAR
-    generateClaimsRequest(essentialClaims, voluntaryClaims) {
-        this.logger.info(`Generating claims request with - essential claims: ${essentialClaims}, voluntary claims: ${voluntaryClaims}`);
-        const formattedVoluntaryClaims = voluntaryClaims.filter((claim) => !essentialClaims.includes(claim));
-        // Find the essential and voluntary claims.
-        const split = (claim) => extendedClaimList.includes(claim);
-        const [essentialExtendedClaims, filteredEssentialClaims] = partition(essentialClaims, split);
-        const [voluntaryExtendedClaims, filteredFormattedVoluntaryClaims] = partition(formattedVoluntaryClaims, split);
-        const buildExtendedClaims = (essentialExtendedClaims, voluntaryExtendedClaims) => [...essentialExtendedClaims, ...voluntaryExtendedClaims].reduce((acc, claim) => {
-            return {
-                ...acc,
-                [claim]: {
-                    essential: essentialExtendedClaims.includes(claim),
-                },
-            };
-        }, {});
-        // If there are any extended claims, add them to the claims request.
-        const claimsRequest = { id_token: {} };
-        if (essentialExtendedClaims.length > 0 || voluntaryExtendedClaims.length > 0) {
-            claimsRequest.id_token.verified_claims = {
-                verification: {
-                    trust_framework: {
-                        value: 'au_connectid',
-                    },
-                },
-                claims: buildExtendedClaims(essentialExtendedClaims, voluntaryExtendedClaims),
-            };
-        }
-        // Add the normal claims to the claims request.
-        filteredEssentialClaims.forEach((claim) => (claimsRequest.id_token[claim] = { essential: true }));
-        filteredFormattedVoluntaryClaims.forEach((claim) => (claimsRequest.id_token[claim] = { essential: false }));
-        this.logger.info(`Claims request: ${JSON.stringify(claimsRequest)}`);
-        return claimsRequest;
-    }
-    // Call the UserInfo endpoint to get the claims for the user
-    // TODO type return?!
+    /**
+     * Retrieves tokens using an authorisation code.
+     *
+     * @param authorisationServerId - Authorisation server ID
+     * @param requestParams - OAuth callback parameters
+     * @param codeVerifier - PKCE code verifier from PAR
+     * @param state - State parameter from PAR
+     * @param nonce - Nonce parameter from PAR
+     * @returns Consolidated token set with validated claims
+     */
+    async retrieveTokens(authorisationServerId, requestParams, codeVerifier, state, nonce) {
+        return this.retrieveTokenEndpoint.retrieveTokens(authorisationServerId, requestParams, codeVerifier, state, nonce);
+    }
+    /**
+     * Retrieves user information from the UserInfo endpoint.
+     *
+     * @param authorisationServerId - Authorization server ID
+     * @param accessToken - Access token
+     * @returns UserInfo claims
+     */
     async getUserInfo(authorisationServerId, accessToken) {
-        const authServer = await this.getAuthServerDetails(authorisationServerId);
-        const { fapiClient } = await this.setupClient(authServer, this.generateXFapiInteractionId());
-        return await fapiClient.userinfo(accessToken);
+        return this.userInfoEndpoint.getUserInfo(authorisationServerId, accessToken);
     }
-    async getKeyset() {
-        const key = createPrivateKey(this.signingKey);
-        const privateJwk = await exportJWK(key);
-        privateJwk.kid = this.config.data.signing_kid;
-        this.logger.debug(`Create private jwk key ${JSON.stringify(privateJwk)}`);
-        /*
-        SDK bug with Node 16, the error is thrown in this function below because the JWK fails the !isPlainObject(k) condition.
-    
-        // rp-nodejs-sdk/node_modules/openid-client/lib/client.js
-        function getKeystore(jwks) {
-          if (
-            !isPlainObject(jwks) ||
-            !Array.isArray(jwks.keys) ||
-            jwks.keys.some((k) => !isPlainObject(k) || !('kty' in k))
-          ) {
-            throw new TypeError('jwks must be a JSON Web Key Set formatted object');
-          }
-    
-          return KeyStore.fromJWKS(jwks, { onlyPrivate: true });
-        }
-    
-        Interesting that the code for isPlainObject is:
-        module.exports = (a) => !!a && a.constructor === Object;
-    
-        And it returns false for a.constructor === Object. It returns [Function: Object]. So going deeper, I think the private key generated by const privateJwk = await fromKeyLike(key) is not compatible with the constructor even having the same type (JWK) as TS doesn't complain:
-        new (metadata: ClientMetadata, jwks?: { keys: jose.JWK[] }, options?: ClientOptions): TClient;
-    
-        Might be different versions of JWK type (openid-client jose x jose)?!
-        To make it work then I tried recreating the JWK object using JSON.stringify and JSON.parse so the constructor returns an Object (?!)
-        ...and it worked :) So my guess is the way the JWK is generated using fromKeyLike that doesn't match the requirement when validating the JWK (constructor is not Object).
-    
-        Why does it work on Node 14?
-        jwks.keys[0].constructor === Object on Node 14 returns true
-        jwks.keys[0].constructor === Object on Node 16 returns false
-        */
-        return { keys: [JSON.parse(JSON.stringify(privateJwk))] };
-    }
-    // Create a FAPI client for the specified authorisation server
-    async setupClient(authorisationServer, xFapiInteractionId) {
-        const response = await fetch(authorisationServer.OpenIDDiscoveryDocument);
-        if (!response.ok) {
-            throw new Error(`Failed to retrieve metadata from the authorisation server ${authorisationServer.AuthorisationServerId} at ${authorisationServer.OpenIDDiscoveryDocument}`);
-        }
-        const metadata = await response.json();
-        this.logger.debug(`Retrieved metadata for server ${authorisationServer.OpenIDDiscoveryDocument} ${JSON.stringify(metadata)}`);
-        for (const [key, value] of Object.entries(metadata?.mtls_endpoint_aliases)) {
-            metadata[key] = value;
-        }
-        this.logger.debug(`Updated endpoints with mtls alias properties for server ${authorisationServer.OpenIDDiscoveryDocument} ${JSON.stringify(metadata)}`);
-        const localIssuer = new Issuer(metadata);
-        this.logger.debug(`Discovered issuer ${localIssuer.issuer} ${JSON.stringify(localIssuer.metadata)}`);
-        const keyset = await this.getKeyset();
-        const fapiClient = new localIssuer.FAPI1Client(this.config.data.client, keyset);
-        this.logger.debug(`Discovered client ${JSON.stringify(fapiClient)}`);
-        fapiClient[custom.http_options] = () => ({
-            key: this.transportKey,
-            cert: this.transportPem,
-            headers: { 'x-fapi-interaction-id': xFapiInteractionId },
-        });
-        return { fapiClient, localIssuer };
-    }
-    async generateRequest(fapiClient, claims, purpose) {
-        const { codeChallenge, codeVerifier, nonce, state } = generatePushAuthorisationRequestParams();
-        const request = await fapiClient.requestObject({
-            scope: 'openid',
-            response_type: 'code',
-            redirect_uri: this.config.data.application_redirect_uri,
-            code_challenge: codeChallenge,
-            code_challenge_method: 'S256',
-            response_mode: 'query',
-            state,
-            nonce,
-            claims,
-            prompt: 'consent',
-            max_age: 900,
-            purpose,
-        });
-        const clientAssertionPayload = {
-            clientAssertionPayload: {
-                aud: fapiClient.issuer.issuer,
-            },
-        };
-        this.logger.debug('Generated request object: ' + JSON.stringify(request));
-        const { request_uri } = await fapiClient.pushedAuthorizationRequest({ request }, clientAssertionPayload);
-        const authUrl = fapiClient.authorizationUrl({ request_uri, scope: undefined, redirect_uri: undefined, response_type: undefined });
-        return { authUrl, code_verifier: codeVerifier, state, nonce };
-    }
-    generateXFapiInteractionId() {
-        return randomUUID();
+    /**
+     * Gets the current date (for testing purposes).
+     *
+     * @returns Current date
+     */
+    getCurrentDate() {
+        return new Date();
     }
 }