@credo-ts/openid4vc 0.5.0-alpha.153 → 0.5.0-alpha.155

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/build/openid4vc-holder/OpenId4VciHolderService.js +3 -1
  2. package/build/openid4vc-holder/OpenId4VciHolderService.js.map +1 -1
  3. package/build/openid4vc-issuer/OpenId4VcIssuanceSessionState.d.ts +9 -0
  4. package/build/openid4vc-issuer/OpenId4VcIssuanceSessionState.js +14 -0
  5. package/build/openid4vc-issuer/OpenId4VcIssuanceSessionState.js.map +1 -0
  6. package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.ts +12 -19
  7. package/build/openid4vc-issuer/OpenId4VcIssuerApi.js +15 -27
  8. package/build/openid4vc-issuer/OpenId4VcIssuerApi.js.map +1 -1
  9. package/build/openid4vc-issuer/OpenId4VcIssuerEvents.d.ts +13 -0
  10. package/build/openid4vc-issuer/OpenId4VcIssuerEvents.js +8 -0
  11. package/build/openid4vc-issuer/OpenId4VcIssuerEvents.js.map +1 -0
  12. package/build/openid4vc-issuer/OpenId4VcIssuerModule.js +3 -0
  13. package/build/openid4vc-issuer/OpenId4VcIssuerModule.js.map +1 -1
  14. package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.d.ts +7 -9
  15. package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.js +11 -33
  16. package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.js.map +1 -1
  17. package/build/openid4vc-issuer/OpenId4VcIssuerService.d.ts +24 -10
  18. package/build/openid4vc-issuer/OpenId4VcIssuerService.js +76 -65
  19. package/build/openid4vc-issuer/OpenId4VcIssuerService.js.map +1 -1
  20. package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.d.ts +1 -11
  21. package/build/openid4vc-issuer/index.d.ts +2 -0
  22. package/build/openid4vc-issuer/index.js +2 -0
  23. package/build/openid4vc-issuer/index.js.map +1 -1
  24. package/build/openid4vc-issuer/repository/OpenId4VcCNonceStateManager.d.ts +17 -0
  25. package/build/openid4vc-issuer/repository/OpenId4VcCNonceStateManager.js +90 -0
  26. package/build/openid4vc-issuer/repository/OpenId4VcCNonceStateManager.js.map +1 -0
  27. package/build/openid4vc-issuer/repository/OpenId4VcCredentialOfferSessionStateManager.d.ts +21 -0
  28. package/build/openid4vc-issuer/repository/OpenId4VcCredentialOfferSessionStateManager.js +182 -0
  29. package/build/openid4vc-issuer/repository/OpenId4VcCredentialOfferSessionStateManager.js.map +1 -0
  30. package/build/openid4vc-issuer/repository/OpenId4VcCredentialOfferUriStateManager.d.ts +17 -0
  31. package/build/openid4vc-issuer/repository/OpenId4VcCredentialOfferUriStateManager.js +68 -0
  32. package/build/openid4vc-issuer/repository/OpenId4VcCredentialOfferUriStateManager.js.map +1 -0
  33. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.ts +79 -0
  34. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.js +39 -0
  35. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.js.map +1 -0
  36. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.d.ts +5 -0
  37. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.js +29 -0
  38. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.js.map +1 -0
  39. package/build/openid4vc-issuer/repository/index.d.ts +2 -0
  40. package/build/openid4vc-issuer/repository/index.js +2 -0
  41. package/build/openid4vc-issuer/repository/index.js.map +1 -1
  42. package/build/openid4vc-issuer/router/accessTokenEndpoint.js +15 -10
  43. package/build/openid4vc-issuer/router/accessTokenEndpoint.js.map +1 -1
  44. package/build/openid4vc-issuer/router/credentialEndpoint.js +22 -4
  45. package/build/openid4vc-issuer/router/credentialEndpoint.js.map +1 -1
  46. package/build/openid4vc-issuer/router/credentialOfferEndpoint.d.ts +11 -0
  47. package/build/openid4vc-issuer/router/credentialOfferEndpoint.js +54 -0
  48. package/build/openid4vc-issuer/router/credentialOfferEndpoint.js.map +1 -0
  49. package/build/openid4vc-issuer/router/index.d.ts +1 -0
  50. package/build/openid4vc-issuer/router/index.js +3 -1
  51. package/build/openid4vc-issuer/router/index.js.map +1 -1
  52. package/build/openid4vc-issuer/router/verifyAccessToken.d.ts +3 -0
  53. package/build/openid4vc-issuer/router/verifyAccessToken.js +33 -0
  54. package/build/openid4vc-issuer/router/verifyAccessToken.js.map +1 -0
  55. package/build/openid4vc-issuer/util/credentialRequest.d.ts +5 -0
  56. package/build/openid4vc-issuer/util/credentialRequest.js +18 -0
  57. package/build/openid4vc-issuer/util/credentialRequest.js.map +1 -0
  58. package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.d.ts +22 -6
  59. package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js +137 -57
  60. package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js.map +1 -1
  61. package/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.d.ts +5 -4
  62. package/build/openid4vc-verifier/OpenId4VcVerificationSessionState.d.ts +6 -0
  63. package/build/openid4vc-verifier/OpenId4VcVerificationSessionState.js +11 -0
  64. package/build/openid4vc-verifier/OpenId4VcVerificationSessionState.js.map +1 -0
  65. package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.ts +17 -5
  66. package/build/openid4vc-verifier/OpenId4VcVerifierApi.js +19 -6
  67. package/build/openid4vc-verifier/OpenId4VcVerifierApi.js.map +1 -1
  68. package/build/openid4vc-verifier/OpenId4VcVerifierEvents.d.ts +13 -0
  69. package/build/openid4vc-verifier/OpenId4VcVerifierEvents.js +8 -0
  70. package/build/openid4vc-verifier/OpenId4VcVerifierEvents.js.map +1 -0
  71. package/build/openid4vc-verifier/OpenId4VcVerifierModule.js +6 -1
  72. package/build/openid4vc-verifier/OpenId4VcVerifierModule.js.map +1 -1
  73. package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.d.ts +4 -7
  74. package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.js +6 -23
  75. package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.js.map +1 -1
  76. package/build/openid4vc-verifier/index.d.ts +2 -0
  77. package/build/openid4vc-verifier/index.js +2 -0
  78. package/build/openid4vc-verifier/index.js.map +1 -1
  79. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.d.ts +50 -0
  80. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.js +229 -0
  81. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.js.map +1 -0
  82. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.d.ts +19 -0
  83. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.js +146 -0
  84. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.js.map +1 -0
  85. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.ts +61 -0
  86. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.js +45 -0
  87. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.js.map +1 -0
  88. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.d.ts +5 -0
  89. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.js +29 -0
  90. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.js.map +1 -0
  91. package/build/openid4vc-verifier/repository/index.d.ts +2 -0
  92. package/build/openid4vc-verifier/repository/index.js +2 -0
  93. package/build/openid4vc-verifier/repository/index.js.map +1 -1
  94. package/build/openid4vc-verifier/router/authorizationEndpoint.js +9 -2
  95. package/build/openid4vc-verifier/router/authorizationEndpoint.js.map +1 -1
  96. package/build/openid4vc-verifier/router/authorizationRequestEndpoint.d.ts +11 -0
  97. package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js +59 -0
  98. package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js.map +1 -0
  99. package/build/shared/models/index.js.map +1 -1
  100. package/package.json +10 -9
@@ -0,0 +1,182 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.OpenId4VcCredentialOfferSessionStateManager = void 0;
4
+ const core_1 = require("@credo-ts/core");
5
+ const oid4vci_common_1 = require("@sphereon/oid4vci-common");
6
+ const OpenId4VcIssuanceSessionState_1 = require("../OpenId4VcIssuanceSessionState");
7
+ const OpenId4VcIssuerEvents_1 = require("../OpenId4VcIssuerEvents");
8
+ const OpenId4VcIssuanceSessionRecord_1 = require("./OpenId4VcIssuanceSessionRecord");
9
+ const OpenId4VcIssuanceSessionRepository_1 = require("./OpenId4VcIssuanceSessionRepository");
10
+ class OpenId4VcCredentialOfferSessionStateManager {
11
+ constructor(agentContext, issuerId) {
12
+ this.agentContext = agentContext;
13
+ this.issuerId = issuerId;
14
+ this.openId4VcIssuanceSessionRepository = agentContext.dependencyManager.resolve(OpenId4VcIssuanceSessionRepository_1.OpenId4VcIssuanceSessionRepository);
15
+ this.eventEmitter = agentContext.dependencyManager.resolve(core_1.EventEmitter);
16
+ }
17
+ async set(preAuthorizedCode, stateValue) {
18
+ var _a;
19
+ // Just to make sure that the preAuthorizedCode is the same as the id as that's what we use to query
20
+ // NOTE: once we support authorized flow, we need to also allow the id to be equal to issuer state
21
+ if (preAuthorizedCode !== stateValue.preAuthorizedCode) {
22
+ throw new core_1.CredoError('Expected the id of the credential offer state to be equal to the preAuthorizedCode');
23
+ }
24
+ if (!stateValue.preAuthorizedCode) {
25
+ throw new core_1.CredoError("Expected the stateValue to have a 'preAuthorizedCode' property");
26
+ }
27
+ // Record may already exist
28
+ let record = await this.openId4VcIssuanceSessionRepository.findSingleByQuery(this.agentContext, {
29
+ issuerId: this.issuerId,
30
+ preAuthorizedCode: stateValue.preAuthorizedCode,
31
+ });
32
+ const previousState = (_a = record === null || record === void 0 ? void 0 : record.state) !== null && _a !== void 0 ? _a : null;
33
+ let credentialOfferUri = stateValue.credentialOffer.credential_offer_uri;
34
+ if (!credentialOfferUri) {
35
+ throw new core_1.CredoError("Expected the stateValue to have a 'credentialOfferUri' property");
36
+ }
37
+ if (credentialOfferUri.includes('credential_offer_uri=')) {
38
+ // NOTE: it's a bit cumbersome, but the credential_offer_uri is the encoded uri. This seems
39
+ // odd to me, as this is the offer payload, which should only contain the hosted URI (I think
40
+ // this is a bug in OID4VCI). But for now we have to extract the uri from the payload.
41
+ credentialOfferUri = decodeURIComponent(credentialOfferUri.split('credential_offer_uri=')[1].split('=')[0]);
42
+ }
43
+ // NOTE: we don't use clientId at the moment, will become relevant when doing the authorized flow
44
+ if (record) {
45
+ record.issuanceMetadata = stateValue.credentialDataSupplierInput;
46
+ record.credentialOfferPayload = stateValue.credentialOffer.credential_offer;
47
+ record.userPin = stateValue.userPin;
48
+ record.preAuthorizedCode = stateValue.preAuthorizedCode;
49
+ record.errorMessage = stateValue.error;
50
+ record.credentialOfferUri = credentialOfferUri;
51
+ record.state = openId4VcIssuanceStateFromSphereon(stateValue.status);
52
+ await this.openId4VcIssuanceSessionRepository.update(this.agentContext, record);
53
+ }
54
+ else {
55
+ record = new OpenId4VcIssuanceSessionRecord_1.OpenId4VcIssuanceSessionRecord({
56
+ issuerId: this.issuerId,
57
+ preAuthorizedCode: stateValue.preAuthorizedCode,
58
+ issuanceMetadata: stateValue.credentialDataSupplierInput,
59
+ credentialOfferPayload: stateValue.credentialOffer.credential_offer,
60
+ credentialOfferUri,
61
+ userPin: stateValue.userPin,
62
+ errorMessage: stateValue.error,
63
+ state: openId4VcIssuanceStateFromSphereon(stateValue.status),
64
+ });
65
+ await this.openId4VcIssuanceSessionRepository.save(this.agentContext, record);
66
+ }
67
+ this.emitStateChangedEvent(this.agentContext, record, previousState);
68
+ }
69
+ async get(preAuthorizedCode) {
70
+ var _a, _b;
71
+ const record = await this.openId4VcIssuanceSessionRepository.findSingleByQuery(this.agentContext, {
72
+ issuerId: this.issuerId,
73
+ preAuthorizedCode,
74
+ });
75
+ if (!record)
76
+ return undefined;
77
+ // NOTE: This should not happen as we query by the preAuthorizedCode
78
+ // so it's mostly to make TS happy
79
+ if (!record.preAuthorizedCode) {
80
+ throw new core_1.CredoError("No 'preAuthorizedCode' found on record.");
81
+ }
82
+ if (!record.credentialOfferPayload) {
83
+ throw new core_1.CredoError("No 'credentialOfferPayload' found on record.");
84
+ }
85
+ return {
86
+ credentialOffer: {
87
+ credential_offer: record.credentialOfferPayload,
88
+ credential_offer_uri: record.credentialOfferUri,
89
+ },
90
+ status: sphereonIssueStatusFromOpenId4VcIssuanceState(record.state),
91
+ preAuthorizedCode: record.preAuthorizedCode,
92
+ credentialDataSupplierInput: record.issuanceMetadata,
93
+ error: record.errorMessage,
94
+ userPin: record.userPin,
95
+ createdAt: record.createdAt.getTime(),
96
+ lastUpdatedAt: (_b = (_a = record.updatedAt) === null || _a === void 0 ? void 0 : _a.getTime()) !== null && _b !== void 0 ? _b : record.createdAt.getTime(),
97
+ };
98
+ }
99
+ async has(preAuthorizedCode) {
100
+ const record = await this.openId4VcIssuanceSessionRepository.findSingleByQuery(this.agentContext, {
101
+ issuerId: this.issuerId,
102
+ preAuthorizedCode,
103
+ });
104
+ return record !== undefined;
105
+ }
106
+ async delete(preAuthorizedCode) {
107
+ const record = await this.openId4VcIssuanceSessionRepository.findSingleByQuery(this.agentContext, {
108
+ issuerId: this.issuerId,
109
+ preAuthorizedCode,
110
+ });
111
+ if (!record)
112
+ return false;
113
+ await this.openId4VcIssuanceSessionRepository.deleteById(this.agentContext, record.id);
114
+ return true;
115
+ }
116
+ async clearExpired() {
117
+ // FIXME: we should have a way to remove expired records
118
+ // or just not return the value in the get if the record is expired
119
+ throw new Error('Method not implemented.');
120
+ }
121
+ async clearAll() {
122
+ throw new Error('Method not implemented.');
123
+ }
124
+ async getAsserted(preAuthorizedCode) {
125
+ const state = await this.get(preAuthorizedCode);
126
+ if (!state) {
127
+ throw new core_1.CredoError(`No cNonce state found for id ${preAuthorizedCode}`);
128
+ }
129
+ return state;
130
+ }
131
+ async startCleanupRoutine() {
132
+ throw new Error('Method not implemented.');
133
+ }
134
+ async stopCleanupRoutine() {
135
+ throw new Error('Method not implemented.');
136
+ }
137
+ emitStateChangedEvent(agentContext, issuanceSession, previousState) {
138
+ this.eventEmitter.emit(agentContext, {
139
+ type: OpenId4VcIssuerEvents_1.OpenId4VcIssuerEvents.IssuanceSessionStateChanged,
140
+ payload: {
141
+ issuanceSession: issuanceSession.clone(),
142
+ previousState,
143
+ },
144
+ });
145
+ }
146
+ }
147
+ exports.OpenId4VcCredentialOfferSessionStateManager = OpenId4VcCredentialOfferSessionStateManager;
148
+ function openId4VcIssuanceStateFromSphereon(stateValue) {
149
+ if (stateValue === oid4vci_common_1.IssueStatus.OFFER_CREATED)
150
+ return OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.OfferCreated;
151
+ if (stateValue === oid4vci_common_1.IssueStatus.OFFER_URI_RETRIEVED)
152
+ return OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.OfferUriRetrieved;
153
+ if (stateValue === oid4vci_common_1.IssueStatus.ACCESS_TOKEN_REQUESTED)
154
+ return OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.AccessTokenRequested;
155
+ if (stateValue === oid4vci_common_1.IssueStatus.ACCESS_TOKEN_CREATED)
156
+ return OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.AccessTokenCreated;
157
+ if (stateValue === oid4vci_common_1.IssueStatus.CREDENTIAL_REQUEST_RECEIVED)
158
+ return OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.CredentialRequestReceived;
159
+ if (stateValue === oid4vci_common_1.IssueStatus.CREDENTIAL_ISSUED)
160
+ return OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.CredentialIssued;
161
+ if (stateValue === oid4vci_common_1.IssueStatus.ERROR)
162
+ return OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.Error;
163
+ throw new core_1.CredoError(`Unknown state value: ${stateValue}`);
164
+ }
165
+ function sphereonIssueStatusFromOpenId4VcIssuanceState(state) {
166
+ if (state === OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.OfferCreated)
167
+ return oid4vci_common_1.IssueStatus.OFFER_CREATED;
168
+ if (state === OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.OfferUriRetrieved)
169
+ return oid4vci_common_1.IssueStatus.OFFER_URI_RETRIEVED;
170
+ if (state === OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.AccessTokenRequested)
171
+ return oid4vci_common_1.IssueStatus.ACCESS_TOKEN_REQUESTED;
172
+ if (state === OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.AccessTokenCreated)
173
+ return oid4vci_common_1.IssueStatus.ACCESS_TOKEN_CREATED;
174
+ if (state === OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.CredentialRequestReceived)
175
+ return oid4vci_common_1.IssueStatus.CREDENTIAL_REQUEST_RECEIVED;
176
+ if (state === OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.CredentialIssued)
177
+ return oid4vci_common_1.IssueStatus.CREDENTIAL_ISSUED;
178
+ if (state === OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.Error)
179
+ return oid4vci_common_1.IssueStatus.ERROR;
180
+ throw new core_1.CredoError(`Unknown state value: ${state}`);
181
+ }
182
+ //# sourceMappingURL=OpenId4VcCredentialOfferSessionStateManager.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"OpenId4VcCredentialOfferSessionStateManager.js","sourceRoot":"","sources":["../../../src/openid4vc-issuer/repository/OpenId4VcCredentialOfferSessionStateManager.ts"],"names":[],"mappings":";;;AAIA,yCAAyD;AACzD,6DAAsD;AAEtD,oFAAgF;AAChF,oEAAgE;AAEhE,qFAAiF;AACjF,6FAAyF;AAEzF,MAAa,2CAA2C;IAItD,YAA2B,YAA0B,EAAU,QAAgB;QAApD,iBAAY,GAAZ,YAAY,CAAc;QAAU,aAAQ,GAAR,QAAQ,CAAQ;QAC7E,IAAI,CAAC,kCAAkC,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,uEAAkC,CAAC,CAAA;QACpH,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,mBAAY,CAAC,CAAA;IAC1E,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,iBAAyB,EAAE,UAAkC;;QAC5E,oGAAoG;QACpG,kGAAkG;QAClG,IAAI,iBAAiB,KAAK,UAAU,CAAC,iBAAiB,EAAE;YACtD,MAAM,IAAI,iBAAU,CAAC,oFAAoF,CAAC,CAAA;SAC3G;QAED,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE;YACjC,MAAM,IAAI,iBAAU,CAAC,gEAAgE,CAAC,CAAA;SACvF;QAED,2BAA2B;QAC3B,IAAI,MAAM,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,EAAE;YAC9F,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,iBAAiB,EAAE,UAAU,CAAC,iBAAiB;SAChD,CAAC,CAAA;QAEF,MAAM,aAAa,GAAG,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,mCAAI,IAAI,CAAA;QAE3C,IAAI,kBAAkB,GAAG,UAAU,CAAC,eAAe,CAAC,oBAAoB,CAAA;QACxE,IAAI,CAAC,kBAAkB,EAAE;YACvB,MAAM,IAAI,iBAAU,CAAC,iEAAiE,CAAC,CAAA;SACxF;QAED,IAAI,kBAAkB,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE;YACxD,2FAA2F;YAC3F,6FAA6F;YAC7F,sFAAsF;YACtF,kBAAkB,GAAG,kBAAkB,CAAC,kBAAkB,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;SAC5G;QAED,iGAAiG;QACjG,IAAI,MAAM,EAAE;YACV,MAAM,CAAC,gBAAgB,GAAG,UAAU,CAAC,2BAA2B,CAAA;YAChE,MAAM,CAAC,sBAAsB,GAAG,UAAU,CAAC,eAAe,CAAC,gBAAgB,CAAA;YAC3E,MAAM,CAAC,OAAO,GAAG,UAAU,CAAC,OAAO,CAAA;YACnC,MAAM,CAAC,iBAAiB,GAAG,UAAU,CAAC,iBAAiB,CAAA;YACvD,MAAM,CAAC,YAAY,GAAG,UAAU,CAAC,KAAK,CAAA;YACtC,MAAM,CAAC,kBAAkB,GAAG,kBAAkB,CAAA;YAC9C,MAAM,CAAC,KAAK,GAAG,kCAAkC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;YACpE,MAAM,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;SAChF;aAAM;YACL,MAAM,GAAG,IAAI,+DAA8B,CAAC;gBAC1C,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,iBAAiB,EAAE,UAAU,CAAC,iBAAiB;gBAC/C,gBAAgB,EAAE,UAAU,CAAC,2BAA2B;gBACxD,sBAAsB,EAAE,UAAU,CAAC,eAAe,CAAC,gBAAgB;gBACnE,kBAAkB;gBAClB,OAAO,EAAE,UAAU,CAAC,OAAO;gBAC3B,YAAY,EAAE,UAAU,CAAC,KAAK;gBAC9B,KAAK,EAAE,kCAAkC,CAAC,UAAU,CAAC,MAAM,CAAC;aAC7D,CAAC,CAAA;YAEF,MAAM,IAAI,CAAC,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;SAC9E;QAED,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,aAAa,CAAC,CAAA;IACtE,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,iBAAyB;;QACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,EAAE;YAChG,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,iBAAiB;SAClB,CAAC,CAAA;QAEF,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAA;QAE7B,oEAAoE;QACpE,kCAAkC;QAClC,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC7B,MAAM,IAAI,iBAAU,CAAC,yCAAyC,CAAC,CAAA;SAChE;QAED,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;YAClC,MAAM,IAAI,iBAAU,CAAC,8CAA8C,CAAC,CAAA;SACrE;QAED,OAAO;YACL,eAAe,EAAE;gBACf,gBAAgB,EAAE,MAAM,CAAC,sBAAsB;gBAC/C,oBAAoB,EAAE,MAAM,CAAC,kBAAkB;aAChD;YACD,MAAM,EAAE,6CAA6C,CAAC,MAAM,CAAC,KAAK,CAAC;YACnE,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;YAC3C,2BAA2B,EAAE,MAAM,CAAC,gBAAgB;YACpD,KAAK,EAAE,MAAM,CAAC,YAAY;YAC1B,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YACrC,aAAa,EAAE,MAAA,MAAA,MAAM,CAAC,SAAS,0CAAE,OAAO,EAAE,mCAAI,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;SACzE,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,iBAAyB;QACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,EAAE;YAChG,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,iBAAiB;SAClB,CAAC,CAAA;QAEF,OAAO,MAAM,KAAK,SAAS,CAAA;IAC7B,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,iBAAyB;QAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,EAAE;YAChG,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,iBAAiB;SAClB,CAAC,CAAA;QAEF,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QAEzB,MAAM,IAAI,CAAC,kCAAkC,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,EAAE,CAAC,CAAA;QACtF,OAAO,IAAI,CAAA;IACb,CAAC;IAEM,KAAK,CAAC,YAAY;QACvB,wDAAwD;QACxD,mEAAmE;QACnE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;IAC5C,CAAC;IAEM,KAAK,CAAC,QAAQ;QACnB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;IAC5C,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,iBAAyB;QAChD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;QAE/C,IAAI,CAAC,KAAK,EAAE;YACV,MAAM,IAAI,iBAAU,CAAC,gCAAgC,iBAAiB,EAAE,CAAC,CAAA;SAC1E;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,KAAK,CAAC,mBAAmB;QAC9B,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;IAC5C,CAAC;IAEM,KAAK,CAAC,kBAAkB;QAC7B,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;IAC5C,CAAC;IAES,qBAAqB,CAC7B,YAA0B,EAC1B,eAA+C,EAC/C,aAAmD;QAEnD,IAAI,CAAC,YAAY,CAAC,IAAI,CAA4C,YAAY,EAAE;YAC9E,IAAI,EAAE,6CAAqB,CAAC,2BAA2B;YACvD,OAAO,EAAE;gBACP,eAAe,EAAE,eAAe,CAAC,KAAK,EAAE;gBACxC,aAAa;aACd;SACF,CAAC,CAAA;IACJ,CAAC;CACF;AAnKD,kGAmKC;AAED,SAAS,kCAAkC,CAAC,UAAuB;IACjE,IAAI,UAAU,KAAK,4BAAW,CAAC,aAAa;QAAE,OAAO,6DAA6B,CAAC,YAAY,CAAA;IAC/F,IAAI,UAAU,KAAK,4BAAW,CAAC,mBAAmB;QAAE,OAAO,6DAA6B,CAAC,iBAAiB,CAAA;IAC1G,IAAI,UAAU,KAAK,4BAAW,CAAC,sBAAsB;QAAE,OAAO,6DAA6B,CAAC,oBAAoB,CAAA;IAChH,IAAI,UAAU,KAAK,4BAAW,CAAC,oBAAoB;QAAE,OAAO,6DAA6B,CAAC,kBAAkB,CAAA;IAC5G,IAAI,UAAU,KAAK,4BAAW,CAAC,2BAA2B;QACxD,OAAO,6DAA6B,CAAC,yBAAyB,CAAA;IAChE,IAAI,UAAU,KAAK,4BAAW,CAAC,iBAAiB;QAAE,OAAO,6DAA6B,CAAC,gBAAgB,CAAA;IACvG,IAAI,UAAU,KAAK,4BAAW,CAAC,KAAK;QAAE,OAAO,6DAA6B,CAAC,KAAK,CAAA;IAEhF,MAAM,IAAI,iBAAU,CAAC,wBAAwB,UAAU,EAAE,CAAC,CAAA;AAC5D,CAAC;AAED,SAAS,6CAA6C,CAAC,KAAoC;IACzF,IAAI,KAAK,KAAK,6DAA6B,CAAC,YAAY;QAAE,OAAO,4BAAW,CAAC,aAAa,CAAA;IAC1F,IAAI,KAAK,KAAK,6DAA6B,CAAC,iBAAiB;QAAE,OAAO,4BAAW,CAAC,mBAAmB,CAAA;IACrG,IAAI,KAAK,KAAK,6DAA6B,CAAC,oBAAoB;QAAE,OAAO,4BAAW,CAAC,sBAAsB,CAAA;IAC3G,IAAI,KAAK,KAAK,6DAA6B,CAAC,kBAAkB;QAAE,OAAO,4BAAW,CAAC,oBAAoB,CAAA;IACvG,IAAI,KAAK,KAAK,6DAA6B,CAAC,yBAAyB;QAAE,OAAO,4BAAW,CAAC,2BAA2B,CAAA;IACrH,IAAI,KAAK,KAAK,6DAA6B,CAAC,gBAAgB;QAAE,OAAO,4BAAW,CAAC,iBAAiB,CAAA;IAClG,IAAI,KAAK,KAAK,6DAA6B,CAAC,KAAK;QAAE,OAAO,4BAAW,CAAC,KAAK,CAAA;IAE3E,MAAM,IAAI,iBAAU,CAAC,wBAAwB,KAAK,EAAE,CAAC,CAAA;AACvD,CAAC"}
@@ -0,0 +1,17 @@
1
+ import type { AgentContext } from '@credo-ts/core';
2
+ import type { IStateManager, URIState } from '@sphereon/oid4vci-common';
3
+ export declare class OpenId4VcCredentialOfferUriStateManager implements IStateManager<URIState> {
4
+ private agentContext;
5
+ private issuerId;
6
+ private openId4VcIssuanceSessionRepository;
7
+ constructor(agentContext: AgentContext, issuerId: string);
8
+ set(uri: string, stateValue: URIState): Promise<void>;
9
+ get(uri: string): Promise<URIState | undefined>;
10
+ has(uri: string): Promise<boolean>;
11
+ delete(): Promise<boolean>;
12
+ clearExpired(): Promise<void>;
13
+ clearAll(): Promise<void>;
14
+ getAsserted(id: string): Promise<URIState>;
15
+ startCleanupRoutine(): Promise<void>;
16
+ stopCleanupRoutine(): Promise<void>;
17
+ }
@@ -0,0 +1,68 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.OpenId4VcCredentialOfferUriStateManager = void 0;
4
+ const core_1 = require("@credo-ts/core");
5
+ const OpenId4VcIssuanceSessionRepository_1 = require("./OpenId4VcIssuanceSessionRepository");
6
+ class OpenId4VcCredentialOfferUriStateManager {
7
+ constructor(agentContext, issuerId) {
8
+ this.agentContext = agentContext;
9
+ this.issuerId = issuerId;
10
+ this.openId4VcIssuanceSessionRepository = agentContext.dependencyManager.resolve(OpenId4VcIssuanceSessionRepository_1.OpenId4VcIssuanceSessionRepository);
11
+ }
12
+ async set(uri, stateValue) {
13
+ // Just to make sure that the uri is the same as the id as that's what we use to query
14
+ if (uri !== stateValue.uri) {
15
+ throw new core_1.CredoError('Expected the uri of the uri state to be equal to the id');
16
+ }
17
+ // NOTE: we're currently not ding anything here, as we store the uri in the record
18
+ // when the credential offer session is stored.
19
+ }
20
+ async get(uri) {
21
+ const record = await this.openId4VcIssuanceSessionRepository.findSingleByQuery(this.agentContext, {
22
+ issuerId: this.issuerId,
23
+ credentialOfferUri: uri,
24
+ });
25
+ if (!record)
26
+ return undefined;
27
+ return {
28
+ preAuthorizedCode: record.preAuthorizedCode,
29
+ uri: record.credentialOfferUri,
30
+ createdAt: record.createdAt.getTime(),
31
+ };
32
+ }
33
+ async has(uri) {
34
+ const record = await this.openId4VcIssuanceSessionRepository.findSingleByQuery(this.agentContext, {
35
+ issuerId: this.issuerId,
36
+ credentialOfferUri: uri,
37
+ });
38
+ return record !== undefined;
39
+ }
40
+ async delete() {
41
+ // NOTE: we're not doing anything here as the uri is stored in the credential offer session
42
+ // Not sure how to best handle this, but for now we just don't delete it
43
+ return false;
44
+ }
45
+ async clearExpired() {
46
+ // FIXME: we should have a way to remove expired records
47
+ // or just not return the value in the get if the record is expired
48
+ throw new Error('Method not implemented.');
49
+ }
50
+ async clearAll() {
51
+ throw new Error('Method not implemented.');
52
+ }
53
+ async getAsserted(id) {
54
+ const state = await this.get(id);
55
+ if (!state) {
56
+ throw new core_1.CredoError(`No uri state found for id ${id}`);
57
+ }
58
+ return state;
59
+ }
60
+ async startCleanupRoutine() {
61
+ throw new Error('Method not implemented.');
62
+ }
63
+ async stopCleanupRoutine() {
64
+ throw new Error('Method not implemented.');
65
+ }
66
+ }
67
+ exports.OpenId4VcCredentialOfferUriStateManager = OpenId4VcCredentialOfferUriStateManager;
68
+ //# sourceMappingURL=OpenId4VcCredentialOfferUriStateManager.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"OpenId4VcCredentialOfferUriStateManager.js","sourceRoot":"","sources":["../../../src/openid4vc-issuer/repository/OpenId4VcCredentialOfferUriStateManager.ts"],"names":[],"mappings":";;;AAGA,yCAA2C;AAE3C,6FAAyF;AAEzF,MAAa,uCAAuC;IAGlD,YAA2B,YAA0B,EAAU,QAAgB;QAApD,iBAAY,GAAZ,YAAY,CAAc;QAAU,aAAQ,GAAR,QAAQ,CAAQ;QAC7E,IAAI,CAAC,kCAAkC,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,uEAAkC,CAAC,CAAA;IACtH,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,UAAoB;QAChD,sFAAsF;QACtF,IAAI,GAAG,KAAK,UAAU,CAAC,GAAG,EAAE;YAC1B,MAAM,IAAI,iBAAU,CAAC,yDAAyD,CAAC,CAAA;SAChF;QAED,kFAAkF;QAClF,+CAA+C;IACjD,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,GAAW;QAC1B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,EAAE;YAChG,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,kBAAkB,EAAE,GAAG;SACxB,CAAC,CAAA;QAEF,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAA;QAE7B,OAAO;YACL,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;YAC3C,GAAG,EAAE,MAAM,CAAC,kBAAkB;YAC9B,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;SACtC,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,GAAW;QAC1B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,EAAE;YAChG,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,kBAAkB,EAAE,GAAG;SACxB,CAAC,CAAA;QAEF,OAAO,MAAM,KAAK,SAAS,CAAA;IAC7B,CAAC;IAEM,KAAK,CAAC,MAAM;QACjB,2FAA2F;QAC3F,wEAAwE;QACxE,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,KAAK,CAAC,YAAY;QACvB,wDAAwD;QACxD,mEAAmE;QACnE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;IAC5C,CAAC;IAEM,KAAK,CAAC,QAAQ;QACnB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;IAC5C,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,EAAU;QACjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QAEhC,IAAI,CAAC,KAAK,EAAE;YACV,MAAM,IAAI,iBAAU,CAAC,6BAA6B,EAAE,EAAE,CAAC,CAAA;SACxD;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,KAAK,CAAC,mBAAmB;QAC9B,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;IAC5C,CAAC;IAEM,KAAK,CAAC,kBAAkB;QAC7B,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;IAC5C,CAAC;CACF;AA1ED,0FA0EC"}
@@ -0,0 +1,79 @@
1
+ import type { OpenId4VciCredentialOfferPayload } from '../../shared';
2
+ import type { OpenId4VcIssuanceSessionState } from '../OpenId4VcIssuanceSessionState';
3
+ import type { RecordTags, TagsBase } from '@credo-ts/core';
4
+ import { BaseRecord } from '@credo-ts/core';
5
+ export type OpenId4VcIssuanceSessionRecordTags = RecordTags<OpenId4VcIssuanceSessionRecord>;
6
+ export type DefaultOpenId4VcIssuanceSessionRecordTags = {
7
+ issuerId: string;
8
+ cNonce?: string;
9
+ preAuthorizedCode?: string;
10
+ state: OpenId4VcIssuanceSessionState;
11
+ credentialOfferUri: string;
12
+ };
13
+ export interface OpenId4VcIssuanceSessionRecordProps {
14
+ id?: string;
15
+ createdAt?: Date;
16
+ tags?: TagsBase;
17
+ issuerId: string;
18
+ cNonce?: string;
19
+ preAuthorizedCode?: string;
20
+ userPin?: string;
21
+ credentialOfferUri: string;
22
+ credentialOfferPayload: OpenId4VciCredentialOfferPayload;
23
+ issuanceMetadata?: Record<string, unknown>;
24
+ state: OpenId4VcIssuanceSessionState;
25
+ errorMessage?: string;
26
+ }
27
+ export declare class OpenId4VcIssuanceSessionRecord extends BaseRecord<DefaultOpenId4VcIssuanceSessionRecordTags> {
28
+ static readonly type = "OpenId4VcIssuanceSessionRecord";
29
+ readonly type = "OpenId4VcIssuanceSessionRecord";
30
+ /**
31
+ * The id of the issuer that this session is for.
32
+ */
33
+ issuerId: string;
34
+ /**
35
+ * The state of the issuance session.
36
+ */
37
+ state: OpenId4VcIssuanceSessionState;
38
+ /**
39
+ * cNonce that should be used in the credential request by the holder.
40
+ */
41
+ cNonce?: string;
42
+ /**
43
+ * Pre authorized code used for the issuance session. Only used when a pre-authorized credential
44
+ * offer is created.
45
+ */
46
+ preAuthorizedCode?: string;
47
+ /**
48
+ * Optional user pin that needs to be provided by the user in the access token request.
49
+ */
50
+ userPin?: string;
51
+ /**
52
+ * User-defined metadata that will be provided to the credential request to credential mapper
53
+ * to allow to retrieve the needed credential input data. Can be the credential data itself,
54
+ * or some other data that is needed to retrieve the credential data.
55
+ */
56
+ issuanceMetadata?: Record<string, unknown>;
57
+ /**
58
+ * The credential offer that was used to create the issuance session.
59
+ */
60
+ credentialOfferPayload: OpenId4VciCredentialOfferPayload;
61
+ /**
62
+ * URI of the credential offer. This is the url that cn can be used to retrieve
63
+ * the credential offer
64
+ */
65
+ credentialOfferUri: string;
66
+ /**
67
+ * Optional error message of the error that occurred during the issuance session. Will be set when state is {@link OpenId4VcIssuanceSessionState.Error}
68
+ */
69
+ errorMessage?: string;
70
+ constructor(props: OpenId4VcIssuanceSessionRecordProps);
71
+ assertState(expectedStates: OpenId4VcIssuanceSessionState | OpenId4VcIssuanceSessionState[]): void;
72
+ getTags(): {
73
+ issuerId: string;
74
+ cNonce: string | undefined;
75
+ credentialOfferUri: string;
76
+ preAuthorizedCode: string | undefined;
77
+ state: OpenId4VcIssuanceSessionState;
78
+ };
79
+ }
@@ -0,0 +1,39 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.OpenId4VcIssuanceSessionRecord = void 0;
4
+ const core_1 = require("@credo-ts/core");
5
+ class OpenId4VcIssuanceSessionRecord extends core_1.BaseRecord {
6
+ constructor(props) {
7
+ var _a, _b, _c;
8
+ super();
9
+ this.type = OpenId4VcIssuanceSessionRecord.type;
10
+ if (props) {
11
+ this.id = (_a = props.id) !== null && _a !== void 0 ? _a : core_1.utils.uuid();
12
+ this.createdAt = (_b = props.createdAt) !== null && _b !== void 0 ? _b : new Date();
13
+ this._tags = (_c = props.tags) !== null && _c !== void 0 ? _c : {};
14
+ this.issuerId = props.issuerId;
15
+ this.cNonce = props.cNonce;
16
+ this.userPin = props.userPin;
17
+ this.preAuthorizedCode = props.preAuthorizedCode;
18
+ this.credentialOfferUri = props.credentialOfferUri;
19
+ this.credentialOfferPayload = props.credentialOfferPayload;
20
+ this.issuanceMetadata = props.issuanceMetadata;
21
+ this.state = props.state;
22
+ this.errorMessage = props.errorMessage;
23
+ }
24
+ }
25
+ assertState(expectedStates) {
26
+ if (!Array.isArray(expectedStates)) {
27
+ expectedStates = [expectedStates];
28
+ }
29
+ if (!expectedStates.includes(this.state)) {
30
+ throw new core_1.CredoError(`OpenId4VcIssuanceSessionRecord is in invalid state ${this.state}. Valid states are: ${expectedStates.join(', ')}.`);
31
+ }
32
+ }
33
+ getTags() {
34
+ return Object.assign(Object.assign({}, this._tags), { issuerId: this.issuerId, cNonce: this.cNonce, credentialOfferUri: this.credentialOfferUri, preAuthorizedCode: this.preAuthorizedCode, state: this.state });
35
+ }
36
+ }
37
+ exports.OpenId4VcIssuanceSessionRecord = OpenId4VcIssuanceSessionRecord;
38
+ OpenId4VcIssuanceSessionRecord.type = 'OpenId4VcIssuanceSessionRecord';
39
+ //# sourceMappingURL=OpenId4VcIssuanceSessionRecord.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"OpenId4VcIssuanceSessionRecord.js","sourceRoot":"","sources":["../../../src/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.ts"],"names":[],"mappings":";;;AAIA,yCAA8D;AA+B9D,MAAa,8BAA+B,SAAQ,iBAAqD;IAqDvG,YAAmB,KAA0C;;QAC3D,KAAK,EAAE,CAAA;QApDO,SAAI,GAAG,8BAA8B,CAAC,IAAI,CAAA;QAsDxD,IAAI,KAAK,EAAE;YACT,IAAI,CAAC,EAAE,GAAG,MAAA,KAAK,CAAC,EAAE,mCAAI,YAAK,CAAC,IAAI,EAAE,CAAA;YAClC,IAAI,CAAC,SAAS,GAAG,MAAA,KAAK,CAAC,SAAS,mCAAI,IAAI,IAAI,EAAE,CAAA;YAC9C,IAAI,CAAC,KAAK,GAAG,MAAA,KAAK,CAAC,IAAI,mCAAI,EAAE,CAAA;YAE7B,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAA;YAC9B,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAA;YAC1B,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAA;YAC5B,IAAI,CAAC,iBAAiB,GAAG,KAAK,CAAC,iBAAiB,CAAA;YAChD,IAAI,CAAC,kBAAkB,GAAG,KAAK,CAAC,kBAAkB,CAAA;YAClD,IAAI,CAAC,sBAAsB,GAAG,KAAK,CAAC,sBAAsB,CAAA;YAC1D,IAAI,CAAC,gBAAgB,GAAG,KAAK,CAAC,gBAAgB,CAAA;YAC9C,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAA;YACxB,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,YAAY,CAAA;SACvC;IACH,CAAC;IAEM,WAAW,CAAC,cAA+E;QAChG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;YAClC,cAAc,GAAG,CAAC,cAAc,CAAC,CAAA;SAClC;QAED,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;YACxC,MAAM,IAAI,iBAAU,CAClB,sDAAsD,IAAI,CAAC,KAAK,uBAAuB,cAAc,CAAC,IAAI,CACxG,IAAI,CACL,GAAG,CACL,CAAA;SACF;IACH,CAAC;IAEM,OAAO;QACZ,uCACK,IAAI,CAAC,KAAK,KACb,QAAQ,EAAE,IAAI,CAAC,QAAQ,EACvB,MAAM,EAAE,IAAI,CAAC,MAAM,EACnB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,EAC3C,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,EACzC,KAAK,EAAE,IAAI,CAAC,KAAK,IAClB;IACH,CAAC;;AAhGH,wEAiGC;AAhGwB,mCAAI,GAAG,gCAAgC,CAAA"}
@@ -0,0 +1,5 @@
1
+ import { Repository, StorageService, EventEmitter } from '@credo-ts/core';
2
+ import { OpenId4VcIssuanceSessionRecord } from './OpenId4VcIssuanceSessionRecord';
3
+ export declare class OpenId4VcIssuanceSessionRepository extends Repository<OpenId4VcIssuanceSessionRecord> {
4
+ constructor(storageService: StorageService<OpenId4VcIssuanceSessionRecord>, eventEmitter: EventEmitter);
5
+ }
@@ -0,0 +1,29 @@
1
+ "use strict";
2
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
7
+ };
8
+ var __metadata = (this && this.__metadata) || function (k, v) {
9
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
+ };
11
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
12
+ return function (target, key) { decorator(target, key, paramIndex); }
13
+ };
14
+ Object.defineProperty(exports, "__esModule", { value: true });
15
+ exports.OpenId4VcIssuanceSessionRepository = void 0;
16
+ const core_1 = require("@credo-ts/core");
17
+ const OpenId4VcIssuanceSessionRecord_1 = require("./OpenId4VcIssuanceSessionRecord");
18
+ let OpenId4VcIssuanceSessionRepository = class OpenId4VcIssuanceSessionRepository extends core_1.Repository {
19
+ constructor(storageService, eventEmitter) {
20
+ super(OpenId4VcIssuanceSessionRecord_1.OpenId4VcIssuanceSessionRecord, storageService, eventEmitter);
21
+ }
22
+ };
23
+ OpenId4VcIssuanceSessionRepository = __decorate([
24
+ (0, core_1.injectable)(),
25
+ __param(0, (0, core_1.inject)(core_1.InjectionSymbols.StorageService)),
26
+ __metadata("design:paramtypes", [Object, core_1.EventEmitter])
27
+ ], OpenId4VcIssuanceSessionRepository);
28
+ exports.OpenId4VcIssuanceSessionRepository = OpenId4VcIssuanceSessionRepository;
29
+ //# sourceMappingURL=OpenId4VcIssuanceSessionRepository.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"OpenId4VcIssuanceSessionRepository.js","sourceRoot":"","sources":["../../../src/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,yCAA+G;AAE/G,qFAAiF;AAG1E,IAAM,kCAAkC,GAAxC,MAAM,kCAAmC,SAAQ,iBAA0C;IAChG,YAC2C,cAA8D,EACvG,YAA0B;QAE1B,KAAK,CAAC,+DAA8B,EAAE,cAAc,EAAE,YAAY,CAAC,CAAA;IACrE,CAAC;CACF,CAAA;AAPY,kCAAkC;IAD9C,IAAA,iBAAU,GAAE;IAGR,WAAA,IAAA,aAAM,EAAC,uBAAgB,CAAC,cAAc,CAAC,CAAA;6CAC1B,mBAAY;GAHjB,kCAAkC,CAO9C;AAPY,gFAAkC"}
@@ -1,2 +1,4 @@
1
1
  export * from './OpenId4VcIssuerRecord';
2
2
  export * from './OpenId4VcIssuerRepository';
3
+ export * from './OpenId4VcIssuanceSessionRecord';
4
+ export * from './OpenId4VcIssuanceSessionRepository';
@@ -16,4 +16,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
17
  __exportStar(require("./OpenId4VcIssuerRecord"), exports);
18
18
  __exportStar(require("./OpenId4VcIssuerRepository"), exports);
19
+ __exportStar(require("./OpenId4VcIssuanceSessionRecord"), exports);
20
+ __exportStar(require("./OpenId4VcIssuanceSessionRepository"), exports);
19
21
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/openid4vc-issuer/repository/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0DAAuC;AACvC,8DAA2C"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/openid4vc-issuer/repository/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0DAAuC;AACvC,8DAA2C;AAC3C,mEAAgD;AAChD,uEAAoD"}
@@ -5,13 +5,14 @@ const core_1 = require("@credo-ts/core");
5
5
  const oid4vci_common_1 = require("@sphereon/oid4vci-common");
6
6
  const oid4vci_issuer_1 = require("@sphereon/oid4vci-issuer");
7
7
  const router_1 = require("../../shared/router");
8
- const OpenId4VcIssuerModuleConfig_1 = require("../OpenId4VcIssuerModuleConfig");
9
8
  const OpenId4VcIssuerService_1 = require("../OpenId4VcIssuerService");
9
+ const OpenId4VcCNonceStateManager_1 = require("../repository/OpenId4VcCNonceStateManager");
10
+ const OpenId4VcCredentialOfferSessionStateManager_1 = require("../repository/OpenId4VcCredentialOfferSessionStateManager");
10
11
  function configureAccessTokenEndpoint(router, config) {
11
12
  router.post(config.endpointPath, verifyTokenRequest({ preAuthorizedCodeExpirationInSeconds: config.preAuthorizedCodeExpirationInSeconds }), handleTokenRequest(config));
12
13
  }
13
14
  exports.configureAccessTokenEndpoint = configureAccessTokenEndpoint;
14
- function getJwtSignerCallback(agentContext, signerPublicKey) {
15
+ function getJwtSignerCallback(agentContext, signerPublicKey, config) {
15
16
  return async (jwt, _kid) => {
16
17
  var _a;
17
18
  if (_kid) {
@@ -25,6 +26,12 @@ function getJwtSignerCallback(agentContext, signerPublicKey) {
25
26
  if (!alg) {
26
27
  throw new core_1.CredoError(`No supported signature algorithms for key type: ${signerPublicKey.keyType}`);
27
28
  }
29
+ // FIXME: the iat and exp implementation in OID4VCI is incorrect so we override the values here
30
+ // https://github.com/Sphereon-Opensource/OID4VCI/pull/99
31
+ // https://github.com/Sphereon-Opensource/OID4VCI/pull/101
32
+ const iat = Math.floor(new Date().getTime() / 1000);
33
+ jwt.payload.iat = iat;
34
+ jwt.payload.exp = iat + config.tokenExpiresInSeconds;
28
35
  const jwk = (0, core_1.getJwkFromKey)(signerPublicKey);
29
36
  const signedJwt = await jwsService.createJwsCompact(agentContext, {
30
37
  protectedHeaderOptions: Object.assign(Object.assign({}, jwt.header), { jwk, alg }),
@@ -46,19 +53,18 @@ function handleTokenRequest(config) {
46
53
  error_description: oid4vci_common_1.PRE_AUTHORIZED_CODE_REQUIRED_ERROR,
47
54
  });
48
55
  }
49
- const openId4VcIssuerConfig = agentContext.dependencyManager.resolve(OpenId4VcIssuerModuleConfig_1.OpenId4VcIssuerModuleConfig);
50
56
  const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService_1.OpenId4VcIssuerService);
51
57
  const issuerMetadata = openId4VcIssuerService.getIssuerMetadata(agentContext, issuer);
52
58
  const accessTokenSigningKey = core_1.Key.fromFingerprint(issuer.accessTokenPublicKeyFingerprint);
53
59
  try {
54
60
  const accessTokenResponse = await (0, oid4vci_issuer_1.createAccessTokenResponse)(request.body, {
55
- credentialOfferSessions: openId4VcIssuerConfig.getCredentialOfferSessionStateManager(agentContext),
56
- tokenExpiresIn: tokenExpiresInSeconds,
61
+ credentialOfferSessions: new OpenId4VcCredentialOfferSessionStateManager_1.OpenId4VcCredentialOfferSessionStateManager(agentContext, issuer.issuerId),
62
+ tokenExpiresIn: tokenExpiresInSeconds * 1000,
57
63
  accessTokenIssuer: issuerMetadata.issuerUrl,
58
64
  cNonce: await agentContext.wallet.generateNonce(),
59
65
  cNonceExpiresIn: cNonceExpiresInSeconds,
60
- cNonces: openId4VcIssuerConfig.getCNonceStateManager(agentContext),
61
- accessTokenSignerCallback: getJwtSignerCallback(agentContext, accessTokenSigningKey),
66
+ cNonces: new OpenId4VcCNonceStateManager_1.OpenId4VcCNonceStateManager(agentContext, issuer.issuerId),
67
+ accessTokenSignerCallback: getJwtSignerCallback(agentContext, accessTokenSigningKey, config),
62
68
  });
63
69
  response.status(200).json(accessTokenResponse);
64
70
  }
@@ -72,13 +78,12 @@ function handleTokenRequest(config) {
72
78
  exports.handleTokenRequest = handleTokenRequest;
73
79
  function verifyTokenRequest(options) {
74
80
  return async (request, response, next) => {
75
- const { agentContext } = (0, router_1.getRequestContext)(request);
81
+ const { agentContext, issuer } = (0, router_1.getRequestContext)(request);
76
82
  try {
77
- const openId4VcIssuerConfig = agentContext.dependencyManager.resolve(OpenId4VcIssuerModuleConfig_1.OpenId4VcIssuerModuleConfig);
78
83
  await (0, oid4vci_issuer_1.assertValidAccessTokenRequest)(request.body, {
79
84
  // we use seconds instead of milliseconds for consistency
80
85
  expirationDuration: options.preAuthorizedCodeExpirationInSeconds * 1000,
81
- credentialOfferSessions: openId4VcIssuerConfig.getCredentialOfferSessionStateManager(agentContext),
86
+ credentialOfferSessions: new OpenId4VcCredentialOfferSessionStateManager_1.OpenId4VcCredentialOfferSessionStateManager(agentContext, issuer.issuerId),
82
87
  });
83
88
  }
84
89
  catch (error) {
@@ -1 +1 @@
1
- {"version":3,"file":"accessTokenEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-issuer/router/accessTokenEndpoint.ts"],"names":[],"mappings":";;;AAKA,yCAA+G;AAC/G,6DAKiC;AACjC,6DAAmG;AAEnG,gDAA0E;AAC1E,gFAA4E;AAC5E,sEAAkE;AAiClE,SAAgB,4BAA4B,CAAC,MAAc,EAAE,MAA2C;IACtG,MAAM,CAAC,IAAI,CACT,MAAM,CAAC,YAAY,EACnB,kBAAkB,CAAC,EAAE,oCAAoC,EAAE,MAAM,CAAC,oCAAoC,EAAE,CAAC,EACzG,kBAAkB,CAAC,MAAM,CAAC,CAC3B,CAAA;AACH,CAAC;AAND,oEAMC;AAED,SAAS,oBAAoB,CAAC,YAA0B,EAAE,eAAoB;IAC5E,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;;QACzB,IAAI,IAAI,EAAE;YACR,MAAM,IAAI,iBAAU,CAAC,wCAAwC,CAAC,CAAA;SAC/D;QACD,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;YACpC,MAAM,IAAI,iBAAU,CAAC,wEAAwE,CAAC,CAAA;SAC/F;QAED,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;QAErE,MAAM,GAAG,GAAG,MAAA,IAAA,6BAAsB,EAAC,eAAe,CAAC,OAAO,CAAC,0CAAE,4BAA4B,CAAC,CAAC,CAAC,CAAA;QAC5F,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,iBAAU,CAAC,mDAAmD,eAAe,CAAC,OAAO,EAAE,CAAC,CAAA;SACnG;QAED,MAAM,GAAG,GAAG,IAAA,oBAAa,EAAC,eAAe,CAAC,CAAA;QAC1C,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,YAAY,EAAE;YAChE,sBAAsB,kCAAO,GAAG,CAAC,MAAM,KAAE,GAAG,EAAE,GAAG,GAAE;YACnD,OAAO,EAAE,IAAI,iBAAU,CAAC,GAAG,CAAC,OAAO,CAAC;YACpC,GAAG,EAAE,eAAe;SACrB,CAAC,CAAA;QAEF,OAAO,SAAS,CAAA;IAClB,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,kBAAkB,CAAC,MAA2C;IAC5E,MAAM,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,GAAG,MAAM,CAAA;IAEhE,OAAO,KAAK,EAAE,OAAiC,EAAE,QAAkB,EAAE,IAAkB,EAAE,EAAE;QACzF,QAAQ,CAAC,GAAG,CAAC,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAA;QAEjE,MAAM,cAAc,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QACjD,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,cAAc,CAAA;QAE/C,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE;YAC9D,OAAO,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC/B,KAAK,EAAE,mCAAkB,CAAC,eAAe;gBACzC,iBAAiB,EAAE,mDAAkC;aACtD,CAAC,CAAA;SACH;QAED,MAAM,qBAAqB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,yDAA2B,CAAC,CAAA;QACjG,MAAM,sBAAsB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,+CAAsB,CAAC,CAAA;QAC7F,MAAM,cAAc,GAAG,sBAAsB,CAAC,iBAAiB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;QACrF,MAAM,qBAAqB,GAAG,UAAG,CAAC,eAAe,CAAC,MAAM,CAAC,+BAA+B,CAAC,CAAA;QAEzF,IAAI;YACF,MAAM,mBAAmB,GAAG,MAAM,IAAA,0CAAyB,EAAC,OAAO,CAAC,IAAI,EAAE;gBACxE,uBAAuB,EAAE,qBAAqB,CAAC,qCAAqC,CAAC,YAAY,CAAC;gBAClG,cAAc,EAAE,qBAAqB;gBACrC,iBAAiB,EAAE,cAAc,CAAC,SAAS;gBAC3C,MAAM,EAAE,MAAM,YAAY,CAAC,MAAM,CAAC,aAAa,EAAE;gBACjD,eAAe,EAAE,sBAAsB;gBACvC,OAAO,EAAE,qBAAqB,CAAC,qBAAqB,CAAC,YAAY,CAAC;gBAClE,yBAAyB,EAAE,oBAAoB,CAAC,YAAY,EAAE,qBAAqB,CAAC;aACrF,CAAC,CAAA;YACF,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;SAC/C;QAAC,OAAO,KAAK,EAAE;YACd,IAAA,0BAAiB,EAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,mCAAkB,CAAC,eAAe,EAAE,KAAK,CAAC,CAAA;SACxG;QAED,mFAAmF;QACnF,IAAI,EAAE,CAAA;IACR,CAAC,CAAA;AACH,CAAC;AAvCD,gDAuCC;AAED,SAAgB,kBAAkB,CAAC,OAAyD;IAC1F,OAAO,KAAK,EAAE,OAAiC,EAAE,QAAkB,EAAE,IAAkB,EAAE,EAAE;QACzF,MAAM,EAAE,YAAY,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAEnD,IAAI;YACF,MAAM,qBAAqB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,yDAA2B,CAAC,CAAA;YACjG,MAAM,IAAA,8CAA6B,EAAC,OAAO,CAAC,IAAI,EAAE;gBAChD,yDAAyD;gBACzD,kBAAkB,EAAE,OAAO,CAAC,oCAAoC,GAAG,IAAI;gBACvE,uBAAuB,EAAE,qBAAqB,CAAC,qCAAqC,CAAC,YAAY,CAAC;aACnG,CAAC,CAAA;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,KAAK,YAAY,2BAAU,EAAE;gBAC/B,IAAA,0BAAiB,EACf,QAAQ,EACR,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,aAAa,GAAG,KAAK,CAAC,cAAc,EAAE,EAC5C,KAAK,CACN,CAAA;aACF;iBAAM;gBACL,IAAA,0BAAiB,EAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,mCAAkB,CAAC,eAAe,EAAE,KAAK,CAAC,CAAA;aACxG;SACF;QAED,mFAAmF;QACnF,IAAI,EAAE,CAAA;IACR,CAAC,CAAA;AACH,CAAC;AA5BD,gDA4BC"}
1
+ {"version":3,"file":"accessTokenEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-issuer/router/accessTokenEndpoint.ts"],"names":[],"mappings":";;;AAKA,yCAA+G;AAC/G,6DAKiC;AACjC,6DAAmG;AAEnG,gDAA0E;AAC1E,sEAAkE;AAClE,2FAAuF;AACvF,2HAAuH;AAiCvH,SAAgB,4BAA4B,CAAC,MAAc,EAAE,MAA2C;IACtG,MAAM,CAAC,IAAI,CACT,MAAM,CAAC,YAAY,EACnB,kBAAkB,CAAC,EAAE,oCAAoC,EAAE,MAAM,CAAC,oCAAoC,EAAE,CAAC,EACzG,kBAAkB,CAAC,MAAM,CAAC,CAC3B,CAAA;AACH,CAAC;AAND,oEAMC;AAED,SAAS,oBAAoB,CAC3B,YAA0B,EAC1B,eAAoB,EACpB,MAA2C;IAE3C,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;;QACzB,IAAI,IAAI,EAAE;YACR,MAAM,IAAI,iBAAU,CAAC,wCAAwC,CAAC,CAAA;SAC/D;QACD,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;YACpC,MAAM,IAAI,iBAAU,CAAC,wEAAwE,CAAC,CAAA;SAC/F;QAED,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;QAErE,MAAM,GAAG,GAAG,MAAA,IAAA,6BAAsB,EAAC,eAAe,CAAC,OAAO,CAAC,0CAAE,4BAA4B,CAAC,CAAC,CAAC,CAAA;QAC5F,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,iBAAU,CAAC,mDAAmD,eAAe,CAAC,OAAO,EAAE,CAAC,CAAA;SACnG;QAED,+FAA+F;QAC/F,yDAAyD;QACzD,0DAA0D;QAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;QACnD,GAAG,CAAC,OAAO,CAAC,GAAG,GAAG,GAAG,CAAA;QACrB,GAAG,CAAC,OAAO,CAAC,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC,qBAAqB,CAAA;QAEpD,MAAM,GAAG,GAAG,IAAA,oBAAa,EAAC,eAAe,CAAC,CAAA;QAC1C,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,YAAY,EAAE;YAChE,sBAAsB,kCAAO,GAAG,CAAC,MAAM,KAAE,GAAG,EAAE,GAAG,GAAE;YACnD,OAAO,EAAE,IAAI,iBAAU,CAAC,GAAG,CAAC,OAAO,CAAC;YACpC,GAAG,EAAE,eAAe;SACrB,CAAC,CAAA;QAEF,OAAO,SAAS,CAAA;IAClB,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,kBAAkB,CAAC,MAA2C;IAC5E,MAAM,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,GAAG,MAAM,CAAA;IAEhE,OAAO,KAAK,EAAE,OAAiC,EAAE,QAAkB,EAAE,IAAkB,EAAE,EAAE;QACzF,QAAQ,CAAC,GAAG,CAAC,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAA;QAEjE,MAAM,cAAc,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QACjD,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,cAAc,CAAA;QAE/C,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE;YAC9D,OAAO,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC/B,KAAK,EAAE,mCAAkB,CAAC,eAAe;gBACzC,iBAAiB,EAAE,mDAAkC;aACtD,CAAC,CAAA;SACH;QAED,MAAM,sBAAsB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,+CAAsB,CAAC,CAAA;QAC7F,MAAM,cAAc,GAAG,sBAAsB,CAAC,iBAAiB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;QACrF,MAAM,qBAAqB,GAAG,UAAG,CAAC,eAAe,CAAC,MAAM,CAAC,+BAA+B,CAAC,CAAA;QAEzF,IAAI;YACF,MAAM,mBAAmB,GAAG,MAAM,IAAA,0CAAyB,EAAC,OAAO,CAAC,IAAI,EAAE;gBACxE,uBAAuB,EAAE,IAAI,yFAA2C,CAAC,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC;gBACvG,cAAc,EAAE,qBAAqB,GAAG,IAAI;gBAC5C,iBAAiB,EAAE,cAAc,CAAC,SAAS;gBAC3C,MAAM,EAAE,MAAM,YAAY,CAAC,MAAM,CAAC,aAAa,EAAE;gBACjD,eAAe,EAAE,sBAAsB;gBACvC,OAAO,EAAE,IAAI,yDAA2B,CAAC,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC;gBACvE,yBAAyB,EAAE,oBAAoB,CAAC,YAAY,EAAE,qBAAqB,EAAE,MAAM,CAAC;aAC7F,CAAC,CAAA;YACF,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;SAC/C;QAAC,OAAO,KAAK,EAAE;YACd,IAAA,0BAAiB,EAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,mCAAkB,CAAC,eAAe,EAAE,KAAK,CAAC,CAAA;SACxG;QAED,mFAAmF;QACnF,IAAI,EAAE,CAAA;IACR,CAAC,CAAA;AACH,CAAC;AAtCD,gDAsCC;AAED,SAAgB,kBAAkB,CAAC,OAAyD;IAC1F,OAAO,KAAK,EAAE,OAAiC,EAAE,QAAkB,EAAE,IAAkB,EAAE,EAAE;QACzF,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAE3D,IAAI;YACF,MAAM,IAAA,8CAA6B,EAAC,OAAO,CAAC,IAAI,EAAE;gBAChD,yDAAyD;gBACzD,kBAAkB,EAAE,OAAO,CAAC,oCAAoC,GAAG,IAAI;gBACvE,uBAAuB,EAAE,IAAI,yFAA2C,CAAC,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC;aACxG,CAAC,CAAA;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,KAAK,YAAY,2BAAU,EAAE;gBAC/B,IAAA,0BAAiB,EACf,QAAQ,EACR,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,aAAa,GAAG,KAAK,CAAC,cAAc,EAAE,EAC5C,KAAK,CACN,CAAA;aACF;iBAAM;gBACL,IAAA,0BAAiB,EAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,mCAAkB,CAAC,eAAe,EAAE,KAAK,CAAC,CAAA;aACxG;SACF;QAED,mFAAmF;QACnF,IAAI,EAAE,CAAA;IACR,CAAC,CAAA;AACH,CAAC;AA3BD,gDA2BC"}
@@ -3,17 +3,35 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.configureCredentialEndpoint = void 0;
4
4
  const router_1 = require("../../shared/router");
5
5
  const OpenId4VcIssuerService_1 = require("../OpenId4VcIssuerService");
6
+ const credentialRequest_1 = require("../util/credentialRequest");
7
+ const verifyAccessToken_1 = require("./verifyAccessToken");
6
8
  function configureCredentialEndpoint(router, config) {
7
9
  router.post(config.endpointPath, async (request, response, next) => {
8
10
  const { agentContext, issuer } = (0, router_1.getRequestContext)(request);
11
+ const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService_1.OpenId4VcIssuerService);
12
+ // Verify the access token (should at some point be moved to a middleware function or something)
13
+ try {
14
+ await (0, verifyAccessToken_1.verifyAccessToken)(agentContext, issuer, request.headers.authorization);
15
+ }
16
+ catch (error) {
17
+ return (0, router_1.sendErrorResponse)(response, agentContext.config.logger, 401, 'unauthorized', error);
18
+ }
9
19
  try {
10
- const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService_1.OpenId4VcIssuerService);
11
20
  const credentialRequest = request.body;
12
- const issueCredentialResponse = await openId4VcIssuerService.createCredentialResponse(agentContext, {
13
- issuer,
21
+ const issuanceSession = await openId4VcIssuerService.findIssuanceSessionForCredentialRequest(agentContext, {
22
+ issuerId: issuer.issuerId,
23
+ credentialRequest,
24
+ });
25
+ if (!issuanceSession) {
26
+ const cNonce = (0, credentialRequest_1.getCNonceFromCredentialRequest)(credentialRequest);
27
+ agentContext.config.logger.warn(`No issuance session found for incoming credential request with cNonce ${cNonce} and issuer ${issuer.issuerId}`);
28
+ return (0, router_1.sendErrorResponse)(response, agentContext.config.logger, 404, 'invalid_request', null);
29
+ }
30
+ const { credentialResponse } = await openId4VcIssuerService.createCredentialResponse(agentContext, {
31
+ issuanceSession,
14
32
  credentialRequest,
15
33
  });
16
- response.json(issueCredentialResponse);
34
+ response.json(credentialResponse);
17
35
  }
18
36
  catch (error) {
19
37
  (0, router_1.sendErrorResponse)(response, agentContext.config.logger, 500, 'invalid_request', error);
@@ -1 +1 @@
1
- {"version":3,"file":"credentialEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-issuer/router/credentialEndpoint.ts"],"names":[],"mappings":";;;AAKA,gDAA0E;AAC1E,sEAAkE;AAiBlE,SAAgB,2BAA2B,CAAC,MAAc,EAAE,MAA0C;IACpG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,EAAE,OAAiC,EAAE,QAAkB,EAAE,IAAI,EAAE,EAAE;QACrG,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAE3D,IAAI;YACF,MAAM,sBAAsB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,+CAAsB,CAAC,CAAA;YAC7F,MAAM,iBAAiB,GAAG,OAAO,CAAC,IAAmC,CAAA;YACrE,MAAM,uBAAuB,GAAG,MAAM,sBAAsB,CAAC,wBAAwB,CAAC,YAAY,EAAE;gBAClG,MAAM;gBACN,iBAAiB;aAClB,CAAC,CAAA;YAEF,QAAQ,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAA;SACvC;QAAC,OAAO,KAAK,EAAE;YACd,IAAA,0BAAiB,EAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAA;SACvF;QAED,mFAAmF;QACnF,IAAI,EAAE,CAAA;IACR,CAAC,CAAC,CAAA;AACJ,CAAC;AApBD,kEAoBC"}
1
+ {"version":3,"file":"credentialEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-issuer/router/credentialEndpoint.ts"],"names":[],"mappings":";;;AAOA,gDAA0E;AAC1E,sEAAkE;AAClE,iEAA0E;AAE1E,2DAAuD;AAiBvD,SAAgB,2BAA2B,CAAC,MAAc,EAAE,MAA0C;IACpG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,EAAE,OAAiC,EAAE,QAAkB,EAAE,IAAI,EAAE,EAAE;QACrG,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAC3D,MAAM,sBAAsB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,+CAAsB,CAAC,CAAA;QAE7F,gGAAgG;QAChG,IAAI;YACF,MAAM,IAAA,qCAAiB,EAAC,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;SAC7E;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,IAAA,0BAAiB,EAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,CAAC,CAAA;SAC3F;QAED,IAAI;YACF,MAAM,iBAAiB,GAAG,OAAO,CAAC,IAAmC,CAAA;YAErE,MAAM,eAAe,GAAG,MAAM,sBAAsB,CAAC,uCAAuC,CAAC,YAAY,EAAE;gBACzG,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,iBAAiB;aAClB,CAAC,CAAA;YAEF,IAAI,CAAC,eAAe,EAAE;gBACpB,MAAM,MAAM,GAAG,IAAA,kDAA8B,EAAC,iBAAiB,CAAC,CAAA;gBAChE,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAC7B,yEAAyE,MAAM,eAAe,MAAM,CAAC,QAAQ,EAAE,CAChH,CAAA;gBACD,OAAO,IAAA,0BAAiB,EAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,iBAAiB,EAAE,IAAI,CAAC,CAAA;aAC7F;YAED,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,sBAAsB,CAAC,wBAAwB,CAAC,YAAY,EAAE;gBACjG,eAAe;gBACf,iBAAiB;aAClB,CAAC,CAAA;YAEF,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;SAClC;QAAC,OAAO,KAAK,EAAE;YACd,IAAA,0BAAiB,EAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAA;SACvF;QAED,mFAAmF;QACnF,IAAI,EAAE,CAAA;IACR,CAAC,CAAC,CAAA;AACJ,CAAC;AAzCD,kEAyCC"}
@@ -0,0 +1,11 @@
1
+ import type { Router } from 'express';
2
+ export interface OpenId4VciCredentialOfferEndpointConfig {
3
+ /**
4
+ * The path at which the credential offer should should be made available. Note that it will be
5
+ * hosted at a subpath to take into account multiple tenants and issuers.
6
+ *
7
+ * @default /offers
8
+ */
9
+ endpointPath: string;
10
+ }
11
+ export declare function configureCredentialOfferEndpoint(router: Router, config: OpenId4VciCredentialOfferEndpointConfig): void;