@credo-ts/openid4vc 0.6.0-pr-2195-20250226092707 → 0.6.0-pr-2209-20250321171013
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/openid4vc-holder/OpenId4VcHolderApi.d.ts +14 -119
- package/build/openid4vc-holder/OpenId4VcHolderApi.js +9 -24
- package/build/openid4vc-holder/OpenId4VcHolderApi.js.map +1 -1
- package/build/openid4vc-holder/OpenId4VcHolderModule.js +1 -1
- package/build/openid4vc-holder/OpenId4VcHolderModule.js.map +1 -1
- package/build/openid4vc-holder/OpenId4VciHolderService.d.ts +8 -7
- package/build/openid4vc-holder/OpenId4VciHolderService.js +21 -19
- package/build/openid4vc-holder/OpenId4VciHolderService.js.map +1 -1
- package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.d.ts +4 -4
- package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.js +2 -2
- package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.js.map +1 -1
- package/build/openid4vc-holder/OpenId4vcSiopHolderService.d.ts +15 -116
- package/build/openid4vc-holder/OpenId4vcSiopHolderService.js +233 -239
- package/build/openid4vc-holder/OpenId4vcSiopHolderService.js.map +1 -1
- package/build/openid4vc-holder/OpenId4vcSiopHolderServiceOptions.d.ts +9 -25
- package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.ts +44 -194
- package/build/openid4vc-issuer/OpenId4VcIssuerEvents.d.ts +1 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerModule.d.ts +1 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerModule.js +1 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerModule.js.map +1 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.d.ts +8 -8
- package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.js +10 -2
- package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.js.map +1 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerService.d.ts +48 -198
- package/build/openid4vc-issuer/OpenId4VcIssuerService.js +27 -39
- package/build/openid4vc-issuer/OpenId4VcIssuerService.js.map +1 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.d.ts +6 -11
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.ts +2 -2
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.js +1 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.js.map +1 -1
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.d.ts +1 -1
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.d.ts +1 -1
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.js +3 -3
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.js.map +1 -1
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.d.ts +1 -1
- package/build/openid4vc-issuer/router/accessTokenEndpoint.d.ts +2 -2
- package/build/openid4vc-issuer/router/accessTokenEndpoint.js +1 -1
- package/build/openid4vc-issuer/router/accessTokenEndpoint.js.map +1 -1
- package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.js +1 -1
- package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.js.map +1 -1
- package/build/openid4vc-issuer/router/authorizationServerMetadataEndpoint.js +1 -1
- package/build/openid4vc-issuer/router/authorizationServerMetadataEndpoint.js.map +1 -1
- package/build/openid4vc-issuer/router/credentialEndpoint.d.ts +1 -1
- package/build/openid4vc-issuer/router/credentialEndpoint.js +3 -3
- package/build/openid4vc-issuer/router/credentialEndpoint.js.map +1 -1
- package/build/openid4vc-issuer/router/credentialOfferEndpoint.d.ts +1 -1
- package/build/openid4vc-issuer/router/issuerMetadataEndpoint.js +1 -1
- package/build/openid4vc-issuer/router/issuerMetadataEndpoint.js.map +1 -1
- package/build/openid4vc-issuer/router/jwksEndpoint.d.ts +1 -1
- package/build/openid4vc-issuer/router/nonceEndpoint.d.ts +1 -1
- package/build/openid4vc-issuer/util/txCode.d.ts +1 -1
- package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.d.ts +12 -20
- package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js +325 -571
- package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js.map +1 -1
- package/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.d.ts +20 -36
- package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.ts +2 -2
- package/build/openid4vc-verifier/OpenId4VcVerifierApi.js +2 -2
- package/build/openid4vc-verifier/OpenId4VcVerifierApi.js.map +1 -1
- package/build/openid4vc-verifier/OpenId4VcVerifierEvents.d.ts +1 -1
- package/build/openid4vc-verifier/OpenId4VcVerifierModule.d.ts +1 -1
- package/build/openid4vc-verifier/OpenId4VcVerifierModule.js +4 -1
- package/build/openid4vc-verifier/OpenId4VcVerifierModule.js.map +1 -1
- package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.d.ts +2 -2
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.d.ts +49 -0
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.js +230 -0
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.js.map +1 -0
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.d.ts +19 -0
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.js +144 -0
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.js.map +1 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.ts +11 -20
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.js +7 -18
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.js.map +1 -1
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.d.ts +1 -1
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.d.ts +1 -1
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.d.ts +1 -1
- package/build/openid4vc-verifier/router/authorizationEndpoint.js +103 -5
- package/build/openid4vc-verifier/router/authorizationEndpoint.js.map +1 -1
- package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js +16 -3
- package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js.map +1 -1
- package/build/shared/callbacks.d.ts +6 -14
- package/build/shared/callbacks.js +14 -102
- package/build/shared/callbacks.js.map +1 -1
- package/build/shared/issuerMetadataUtils.d.ts +144 -102
- package/build/shared/models/OpenId4VcJwtIssuer.d.ts +3 -2
- package/build/shared/models/index.d.ts +10 -10
- package/build/shared/models/index.js +5 -5
- package/build/shared/models/index.js.map +1 -1
- package/build/shared/router/context.d.ts +3 -3
- package/build/shared/router/context.js +4 -4
- package/build/shared/router/context.js.map +1 -1
- package/build/shared/router/express.js +1 -2
- package/build/shared/router/express.js.map +1 -1
- package/build/shared/transform.d.ts +5 -0
- package/build/shared/transform.js +69 -0
- package/build/shared/transform.js.map +1 -0
- package/build/shared/utils.d.ts +8 -6
- package/build/shared/utils.js +105 -34
- package/build/shared/utils.js.map +1 -1
- package/package.json +8 -6
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import type { AgentContext } from '@credo-ts/core';
|
|
2
|
+
import type { AuthorizationRequestState, AuthorizationResponseState, IRPSessionManager } from '@sphereon/did-auth-siop';
|
|
3
|
+
export declare class OpenId4VcRelyingPartySessionManager implements IRPSessionManager {
|
|
4
|
+
private agentContext;
|
|
5
|
+
private verifierId;
|
|
6
|
+
private openId4VcVerificationSessionRepository;
|
|
7
|
+
constructor(agentContext: AgentContext, verifierId: string);
|
|
8
|
+
getRequestStateByCorrelationId(correlationId: string, errorOnNotFound?: boolean): Promise<AuthorizationRequestState | undefined>;
|
|
9
|
+
getRequestStateByNonce(nonce: string, errorOnNotFound?: boolean): Promise<AuthorizationRequestState | undefined>;
|
|
10
|
+
getRequestStateByState(state: string, errorOnNotFound?: boolean): Promise<AuthorizationRequestState | undefined>;
|
|
11
|
+
getResponseStateByCorrelationId(correlationId: string, errorOnNotFound?: boolean): Promise<AuthorizationResponseState | undefined>;
|
|
12
|
+
getResponseStateByNonce(nonce: string, errorOnNotFound?: boolean): Promise<AuthorizationResponseState | undefined>;
|
|
13
|
+
getResponseStateByState(state: string, errorOnNotFound?: boolean): Promise<AuthorizationResponseState | undefined>;
|
|
14
|
+
getCorrelationIdByNonce(nonce: string, errorOnNotFound?: boolean): Promise<string | undefined>;
|
|
15
|
+
getCorrelationIdByState(state: string, errorOnNotFound?: boolean): Promise<string | undefined>;
|
|
16
|
+
deleteStateForCorrelationId(): Promise<void>;
|
|
17
|
+
private getRequestStateFromSessionRecord;
|
|
18
|
+
private getResponseStateFromSessionRecord;
|
|
19
|
+
}
|
|
@@ -0,0 +1,144 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.OpenId4VcRelyingPartySessionManager = void 0;
|
|
4
|
+
const core_1 = require("@credo-ts/core");
|
|
5
|
+
const did_auth_siop_1 = require("@sphereon/did-auth-siop");
|
|
6
|
+
const OpenId4VcVerificationSessionState_1 = require("../OpenId4VcVerificationSessionState");
|
|
7
|
+
const OpenId4VcVerificationSessionRepository_1 = require("./OpenId4VcVerificationSessionRepository");
|
|
8
|
+
class OpenId4VcRelyingPartySessionManager {
|
|
9
|
+
constructor(agentContext, verifierId) {
|
|
10
|
+
this.agentContext = agentContext;
|
|
11
|
+
this.verifierId = verifierId;
|
|
12
|
+
this.openId4VcVerificationSessionRepository = agentContext.dependencyManager.resolve(OpenId4VcVerificationSessionRepository_1.OpenId4VcVerificationSessionRepository);
|
|
13
|
+
}
|
|
14
|
+
async getRequestStateByCorrelationId(correlationId, errorOnNotFound) {
|
|
15
|
+
const verificationSession = await this.openId4VcVerificationSessionRepository.findById(this.agentContext, correlationId);
|
|
16
|
+
if (!verificationSession) {
|
|
17
|
+
if (errorOnNotFound)
|
|
18
|
+
throw new core_1.CredoError(`OpenID4VC Authorization request state for correlation id ${correlationId} not found`);
|
|
19
|
+
return undefined;
|
|
20
|
+
}
|
|
21
|
+
return this.getRequestStateFromSessionRecord(verificationSession);
|
|
22
|
+
}
|
|
23
|
+
async getRequestStateByNonce(nonce, errorOnNotFound) {
|
|
24
|
+
const verificationSession = await this.openId4VcVerificationSessionRepository.findSingleByQuery(this.agentContext, {
|
|
25
|
+
verifierId: this.verifierId,
|
|
26
|
+
nonce: nonce,
|
|
27
|
+
});
|
|
28
|
+
if (!verificationSession) {
|
|
29
|
+
if (errorOnNotFound)
|
|
30
|
+
throw new core_1.CredoError(`OpenID4VC Authorization request state for nonce ${nonce} not found`);
|
|
31
|
+
return undefined;
|
|
32
|
+
}
|
|
33
|
+
return this.getRequestStateFromSessionRecord(verificationSession);
|
|
34
|
+
}
|
|
35
|
+
async getRequestStateByState(state, errorOnNotFound) {
|
|
36
|
+
const verificationSession = await this.openId4VcVerificationSessionRepository.findSingleByQuery(this.agentContext, {
|
|
37
|
+
verifierId: this.verifierId,
|
|
38
|
+
payloadState: state,
|
|
39
|
+
});
|
|
40
|
+
if (!verificationSession) {
|
|
41
|
+
if (errorOnNotFound)
|
|
42
|
+
throw new core_1.CredoError(`OpenID4VC Authorization request state for state ${state} not found`);
|
|
43
|
+
return undefined;
|
|
44
|
+
}
|
|
45
|
+
return this.getRequestStateFromSessionRecord(verificationSession);
|
|
46
|
+
}
|
|
47
|
+
async getResponseStateByCorrelationId(correlationId, errorOnNotFound) {
|
|
48
|
+
const verificationSession = await this.openId4VcVerificationSessionRepository.findById(this.agentContext, correlationId);
|
|
49
|
+
const responseState = await this.getResponseStateFromSessionRecord(verificationSession);
|
|
50
|
+
if (!responseState) {
|
|
51
|
+
if (errorOnNotFound)
|
|
52
|
+
throw new core_1.CredoError(`OpenID4VC Authorization response state for correlation id ${correlationId} not found`);
|
|
53
|
+
return undefined;
|
|
54
|
+
}
|
|
55
|
+
return responseState;
|
|
56
|
+
}
|
|
57
|
+
async getResponseStateByNonce(nonce, errorOnNotFound) {
|
|
58
|
+
const verificationSession = await this.openId4VcVerificationSessionRepository.findSingleByQuery(this.agentContext, {
|
|
59
|
+
verifierId: this.verifierId,
|
|
60
|
+
nonce,
|
|
61
|
+
});
|
|
62
|
+
const responseState = await this.getResponseStateFromSessionRecord(verificationSession);
|
|
63
|
+
if (!responseState) {
|
|
64
|
+
if (errorOnNotFound)
|
|
65
|
+
throw new core_1.CredoError(`OpenID4VC Authorization response state for nonce ${nonce} not found`);
|
|
66
|
+
return undefined;
|
|
67
|
+
}
|
|
68
|
+
return responseState;
|
|
69
|
+
}
|
|
70
|
+
async getResponseStateByState(state, errorOnNotFound) {
|
|
71
|
+
const verificationSession = await this.openId4VcVerificationSessionRepository.findSingleByQuery(this.agentContext, {
|
|
72
|
+
verifierId: this.verifierId,
|
|
73
|
+
payloadState: state,
|
|
74
|
+
});
|
|
75
|
+
const responseState = await this.getResponseStateFromSessionRecord(verificationSession);
|
|
76
|
+
if (!responseState) {
|
|
77
|
+
if (errorOnNotFound)
|
|
78
|
+
throw new core_1.CredoError(`OpenID4VC Authorization response state for state ${state} not found`);
|
|
79
|
+
return undefined;
|
|
80
|
+
}
|
|
81
|
+
return responseState;
|
|
82
|
+
}
|
|
83
|
+
async getCorrelationIdByNonce(nonce, errorOnNotFound) {
|
|
84
|
+
const requestState = await this.getRequestStateByNonce(nonce, errorOnNotFound);
|
|
85
|
+
return requestState?.correlationId;
|
|
86
|
+
}
|
|
87
|
+
async getCorrelationIdByState(state, errorOnNotFound) {
|
|
88
|
+
const requestState = await this.getRequestStateByState(state, errorOnNotFound);
|
|
89
|
+
return requestState?.correlationId;
|
|
90
|
+
}
|
|
91
|
+
async deleteStateForCorrelationId() {
|
|
92
|
+
throw new Error('Method not implemented.');
|
|
93
|
+
}
|
|
94
|
+
async getRequestStateFromSessionRecord(sessionRecord) {
|
|
95
|
+
const lastUpdated = sessionRecord.updatedAt?.getTime() ?? sessionRecord.createdAt.getTime();
|
|
96
|
+
return {
|
|
97
|
+
lastUpdated,
|
|
98
|
+
timestamp: lastUpdated,
|
|
99
|
+
correlationId: sessionRecord.id,
|
|
100
|
+
// Not so nice that the session manager expects an error instance.....
|
|
101
|
+
error: sessionRecord.errorMessage ? new Error(sessionRecord.errorMessage) : undefined,
|
|
102
|
+
request: await did_auth_siop_1.AuthorizationRequest.fromUriOrJwt(sessionRecord.authorizationRequestJwt),
|
|
103
|
+
status: sphereonAuthorizationRequestStateFromOpenId4VcVerificationState(sessionRecord.state),
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
async getResponseStateFromSessionRecord(sessionRecord) {
|
|
107
|
+
if (!sessionRecord)
|
|
108
|
+
return undefined;
|
|
109
|
+
const lastUpdated = sessionRecord.updatedAt?.getTime() ?? sessionRecord.createdAt.getTime();
|
|
110
|
+
// If we don't have the authorization response payload yet, it means we haven't
|
|
111
|
+
// received the response yet, and thus the response state does not exist yet
|
|
112
|
+
if (!sessionRecord.authorizationResponsePayload) {
|
|
113
|
+
return undefined;
|
|
114
|
+
}
|
|
115
|
+
return {
|
|
116
|
+
lastUpdated,
|
|
117
|
+
timestamp: lastUpdated,
|
|
118
|
+
correlationId: sessionRecord.id,
|
|
119
|
+
// Not so nice that the session manager expects an error instance.....
|
|
120
|
+
error: sessionRecord.errorMessage ? new Error(sessionRecord.errorMessage) : undefined,
|
|
121
|
+
response: await did_auth_siop_1.AuthorizationResponse.fromPayload(sessionRecord.authorizationResponsePayload),
|
|
122
|
+
status: sphereonAuthorizationResponseStateFromOpenId4VcVerificationState(sessionRecord.state),
|
|
123
|
+
};
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
exports.OpenId4VcRelyingPartySessionManager = OpenId4VcRelyingPartySessionManager;
|
|
127
|
+
function sphereonAuthorizationResponseStateFromOpenId4VcVerificationState(state) {
|
|
128
|
+
if (state === OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.Error)
|
|
129
|
+
return did_auth_siop_1.AuthorizationResponseStateStatus.ERROR;
|
|
130
|
+
if (state === OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.ResponseVerified)
|
|
131
|
+
return did_auth_siop_1.AuthorizationResponseStateStatus.VERIFIED;
|
|
132
|
+
throw new core_1.CredoError(`Can not map OpenId4VcVerificationSessionState ${state} to AuthorizationResponseStateStatus`);
|
|
133
|
+
}
|
|
134
|
+
function sphereonAuthorizationRequestStateFromOpenId4VcVerificationState(state) {
|
|
135
|
+
if (state === OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.Error)
|
|
136
|
+
return did_auth_siop_1.AuthorizationRequestStateStatus.ERROR;
|
|
137
|
+
if ([OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.RequestCreated, OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.ResponseVerified].includes(state)) {
|
|
138
|
+
return did_auth_siop_1.AuthorizationRequestStateStatus.CREATED;
|
|
139
|
+
}
|
|
140
|
+
if (state === OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.RequestUriRetrieved)
|
|
141
|
+
return did_auth_siop_1.AuthorizationRequestStateStatus.SENT;
|
|
142
|
+
throw new core_1.CredoError(`Can not map OpenId4VcVerificationSessionState ${state} to AuthorizationRequestStateStatus`);
|
|
143
|
+
}
|
|
144
|
+
//# sourceMappingURL=OpenId4VcRelyingPartySessionManager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"OpenId4VcRelyingPartySessionManager.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.ts"],"names":[],"mappings":";;;AAIA,yCAA2C;AAC3C,2DAKgC;AAEhC,4FAAwF;AAExF,qGAAiG;AAEjG,MAAa,mCAAmC;IAG9C,YACU,YAA0B,EAC1B,UAAkB;QADlB,iBAAY,GAAZ,YAAY,CAAc;QAC1B,eAAU,GAAV,UAAU,CAAQ;QAE1B,IAAI,CAAC,sCAAsC,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAClF,+EAAsC,CACvC,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,8BAA8B,CACzC,aAAqB,EACrB,eAAyB;QAEzB,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,sCAAsC,CAAC,QAAQ,CACpF,IAAI,CAAC,YAAY,EACjB,aAAa,CACd,CAAA;QAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,IAAI,eAAe;gBACjB,MAAM,IAAI,iBAAU,CAAC,4DAA4D,aAAa,YAAY,CAAC,CAAA;YAC7G,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,OAAO,IAAI,CAAC,gCAAgC,CAAC,mBAAmB,CAAC,CAAA;IACnE,CAAC;IAEM,KAAK,CAAC,sBAAsB,CACjC,KAAa,EACb,eAAyB;QAEzB,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,sCAAsC,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,EAAE;YACjH,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,KAAK;SACb,CAAC,CAAA;QAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,IAAI,eAAe;gBAAE,MAAM,IAAI,iBAAU,CAAC,mDAAmD,KAAK,YAAY,CAAC,CAAA;YAC/G,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,OAAO,IAAI,CAAC,gCAAgC,CAAC,mBAAmB,CAAC,CAAA;IACnE,CAAC;IAEM,KAAK,CAAC,sBAAsB,CACjC,KAAa,EACb,eAAyB;QAEzB,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,sCAAsC,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,EAAE;YACjH,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;QAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,IAAI,eAAe;gBAAE,MAAM,IAAI,iBAAU,CAAC,mDAAmD,KAAK,YAAY,CAAC,CAAA;YAC/G,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,OAAO,IAAI,CAAC,gCAAgC,CAAC,mBAAmB,CAAC,CAAA;IACnE,CAAC;IAEM,KAAK,CAAC,+BAA+B,CAC1C,aAAqB,EACrB,eAAyB;QAEzB,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,sCAAsC,CAAC,QAAQ,CACpF,IAAI,CAAC,YAAY,EACjB,aAAa,CACd,CAAA;QAED,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAAC,mBAAmB,CAAC,CAAA;QACvF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,IAAI,eAAe;gBACjB,MAAM,IAAI,iBAAU,CAAC,6DAA6D,aAAa,YAAY,CAAC,CAAA;YAC9G,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,KAAa,EACb,eAAyB;QAEzB,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,sCAAsC,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,EAAE;YACjH,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK;SACN,CAAC,CAAA;QAEF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAAC,mBAAmB,CAAC,CAAA;QACvF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,IAAI,eAAe;gBAAE,MAAM,IAAI,iBAAU,CAAC,oDAAoD,KAAK,YAAY,CAAC,CAAA;YAChH,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,KAAa,EACb,eAAyB;QAEzB,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,sCAAsC,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,EAAE;YACjH,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;QAEF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAAC,mBAAmB,CAAC,CAAA;QACvF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,IAAI,eAAe;gBAAE,MAAM,IAAI,iBAAU,CAAC,oDAAoD,KAAK,YAAY,CAAC,CAAA;YAChH,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,KAAa,EAAE,eAAyB;QAC3E,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAA;QAC9E,OAAO,YAAY,EAAE,aAAa,CAAA;IACpC,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,KAAa,EAAE,eAAyB;QAC3E,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAA;QAC9E,OAAO,YAAY,EAAE,aAAa,CAAA;IACpC,CAAC;IAEM,KAAK,CAAC,2BAA2B;QACtC,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;IAC5C,CAAC;IAEO,KAAK,CAAC,gCAAgC,CAC5C,aAAiD;QAEjD,MAAM,WAAW,GAAG,aAAa,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,aAAa,CAAC,SAAS,CAAC,OAAO,EAAE,CAAA;QAC3F,OAAO;YACL,WAAW;YACX,SAAS,EAAE,WAAW;YACtB,aAAa,EAAE,aAAa,CAAC,EAAE;YAC/B,sEAAsE;YACtE,KAAK,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS;YACrF,OAAO,EAAE,MAAM,oCAAoB,CAAC,YAAY,CAAC,aAAa,CAAC,uBAAuB,CAAC;YACvF,MAAM,EAAE,+DAA+D,CAAC,aAAa,CAAC,KAAK,CAAC;SAC7F,CAAA;IACH,CAAC;IAEO,KAAK,CAAC,iCAAiC,CAC7C,aAAwD;QAExD,IAAI,CAAC,aAAa;YAAE,OAAO,SAAS,CAAA;QACpC,MAAM,WAAW,GAAG,aAAa,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,aAAa,CAAC,SAAS,CAAC,OAAO,EAAE,CAAA;QAE3F,+EAA+E;QAC/E,4EAA4E;QAC5E,IAAI,CAAC,aAAa,CAAC,4BAA4B,EAAE,CAAC;YAChD,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,OAAO;YACL,WAAW;YACX,SAAS,EAAE,WAAW;YACtB,aAAa,EAAE,aAAa,CAAC,EAAE;YAC/B,sEAAsE;YACtE,KAAK,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS;YACrF,QAAQ,EAAE,MAAM,qCAAqB,CAAC,WAAW,CAAC,aAAa,CAAC,4BAA4B,CAAC;YAC7F,MAAM,EAAE,gEAAgE,CAAC,aAAa,CAAC,KAAK,CAAC;SAC9F,CAAA;IACH,CAAC;CACF;AA1KD,kFA0KC;AAED,SAAS,gEAAgE,CACvE,KAAwC;IAExC,IAAI,KAAK,KAAK,qEAAiC,CAAC,KAAK;QAAE,OAAO,gDAAgC,CAAC,KAAK,CAAA;IACpG,IAAI,KAAK,KAAK,qEAAiC,CAAC,gBAAgB;QAAE,OAAO,gDAAgC,CAAC,QAAQ,CAAA;IAElH,MAAM,IAAI,iBAAU,CAAC,iDAAiD,KAAK,sCAAsC,CAAC,CAAA;AACpH,CAAC;AAED,SAAS,+DAA+D,CACtE,KAAwC;IAExC,IAAI,KAAK,KAAK,qEAAiC,CAAC,KAAK;QAAE,OAAO,+CAA+B,CAAC,KAAK,CAAA;IAEnG,IACE,CAAC,qEAAiC,CAAC,cAAc,EAAE,qEAAiC,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAC7G,KAAK,CACN,EACD,CAAC;QACD,OAAO,+CAA+B,CAAC,OAAO,CAAA;IAChD,CAAC;IAED,IAAI,KAAK,KAAK,qEAAiC,CAAC,mBAAmB;QAAE,OAAO,+CAA+B,CAAC,IAAI,CAAA;IAEhH,MAAM,IAAI,iBAAU,CAAC,iDAAiD,KAAK,qCAAqC,CAAC,CAAA;AACnH,CAAC"}
|
|
@@ -1,14 +1,14 @@
|
|
|
1
|
-
import type { OpenId4VcSiopAuthorizationRequestPayload, OpenId4VcSiopAuthorizationResponsePayload } from '../../shared/models';
|
|
2
|
-
import type { OpenId4VcVerificationSessionState } from '../OpenId4VcVerificationSessionState';
|
|
3
1
|
import type { RecordTags, TagsBase } from '@credo-ts/core';
|
|
2
|
+
import type { OpenId4VcSiopAuthorizationResponsePayload } from '../../shared/models';
|
|
3
|
+
import type { OpenId4VcVerificationSessionState } from '../OpenId4VcVerificationSessionState';
|
|
4
4
|
import { BaseRecord } from '@credo-ts/core';
|
|
5
5
|
export type OpenId4VcVerificationSessionRecordTags = RecordTags<OpenId4VcVerificationSessionRecord>;
|
|
6
6
|
export type DefaultOpenId4VcVerificationSessionRecordTags = {
|
|
7
7
|
verifierId: string;
|
|
8
8
|
state: OpenId4VcVerificationSessionState;
|
|
9
9
|
nonce: string;
|
|
10
|
-
payloadState
|
|
11
|
-
authorizationRequestUri
|
|
10
|
+
payloadState: string;
|
|
11
|
+
authorizationRequestUri: string;
|
|
12
12
|
};
|
|
13
13
|
export interface OpenId4VcVerificationSessionRecordProps {
|
|
14
14
|
id?: string;
|
|
@@ -17,9 +17,8 @@ export interface OpenId4VcVerificationSessionRecordProps {
|
|
|
17
17
|
verifierId: string;
|
|
18
18
|
state: OpenId4VcVerificationSessionState;
|
|
19
19
|
errorMessage?: string;
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
authorizationRequestPayload?: OpenId4VcSiopAuthorizationRequestPayload;
|
|
20
|
+
authorizationRequestUri: string;
|
|
21
|
+
authorizationRequestJwt: string;
|
|
23
22
|
authorizationResponsePayload?: OpenId4VcSiopAuthorizationResponsePayload;
|
|
24
23
|
/**
|
|
25
24
|
* Presentation during issuance session. This is used when issuance of a credential requires a presentation, and helps
|
|
@@ -45,18 +44,12 @@ export declare class OpenId4VcVerificationSessionRecord extends BaseRecord<Defau
|
|
|
45
44
|
/**
|
|
46
45
|
* The signed JWT containing the authorization request
|
|
47
46
|
*/
|
|
48
|
-
authorizationRequestJwt
|
|
49
|
-
/**
|
|
50
|
-
* Authorization request payload. This should be used only for unsigned requests
|
|
51
|
-
*/
|
|
52
|
-
authorizationRequestPayload?: OpenId4VcSiopAuthorizationRequestPayload;
|
|
47
|
+
authorizationRequestJwt: string;
|
|
53
48
|
/**
|
|
54
49
|
* URI of the authorization request. This is the url that can be used to
|
|
55
|
-
* retrieve the authorization request
|
|
56
|
-
*
|
|
57
|
-
* Not used for requests with response_mode of dc_api or dc_api.jwt
|
|
50
|
+
* retrieve the authorization request
|
|
58
51
|
*/
|
|
59
|
-
authorizationRequestUri
|
|
52
|
+
authorizationRequestUri: string;
|
|
60
53
|
/**
|
|
61
54
|
* The payload of the received authorization response
|
|
62
55
|
*/
|
|
@@ -67,14 +60,12 @@ export declare class OpenId4VcVerificationSessionRecord extends BaseRecord<Defau
|
|
|
67
60
|
*/
|
|
68
61
|
presentationDuringIssuanceSession?: string;
|
|
69
62
|
constructor(props: OpenId4VcVerificationSessionRecordProps);
|
|
70
|
-
get request(): string | OpenId4VcSiopAuthorizationRequestPayload;
|
|
71
|
-
get requestPayload(): OpenId4VcSiopAuthorizationRequestPayload;
|
|
72
63
|
assertState(expectedStates: OpenId4VcVerificationSessionState | OpenId4VcVerificationSessionState[]): void;
|
|
73
64
|
getTags(): {
|
|
74
65
|
verifierId: string;
|
|
75
66
|
state: OpenId4VcVerificationSessionState;
|
|
76
67
|
nonce: string;
|
|
77
|
-
payloadState: string
|
|
78
|
-
authorizationRequestUri: string
|
|
68
|
+
payloadState: string;
|
|
69
|
+
authorizationRequestUri: string;
|
|
79
70
|
};
|
|
80
71
|
}
|
|
@@ -13,29 +13,15 @@ class OpenId4VcVerificationSessionRecord extends core_1.BaseRecord {
|
|
|
13
13
|
this.verifierId = props.verifierId;
|
|
14
14
|
this.state = props.state;
|
|
15
15
|
this.errorMessage = props.errorMessage;
|
|
16
|
-
this.authorizationRequestPayload = props.authorizationRequestPayload;
|
|
17
16
|
this.authorizationRequestJwt = props.authorizationRequestJwt;
|
|
18
17
|
this.authorizationRequestUri = props.authorizationRequestUri;
|
|
19
18
|
this.authorizationResponsePayload = props.authorizationResponsePayload;
|
|
20
19
|
this.presentationDuringIssuanceSession = props.presentationDuringIssuanceSession;
|
|
21
20
|
}
|
|
22
21
|
}
|
|
23
|
-
get request() {
|
|
24
|
-
if (this.authorizationRequestJwt)
|
|
25
|
-
return this.authorizationRequestJwt;
|
|
26
|
-
if (this.authorizationRequestPayload)
|
|
27
|
-
return this.authorizationRequestPayload;
|
|
28
|
-
throw new core_1.CredoError('Unable to extract authorization payload from openid4vc session record');
|
|
29
|
-
}
|
|
30
|
-
get requestPayload() {
|
|
31
|
-
if (this.authorizationRequestJwt)
|
|
32
|
-
return core_1.Jwt.fromSerializedJwt(this.authorizationRequestJwt).payload.toJson();
|
|
33
|
-
if (this.authorizationRequestPayload)
|
|
34
|
-
return this.authorizationRequestPayload;
|
|
35
|
-
throw new core_1.CredoError('Unable to extract authorization payload from openid4vc session record');
|
|
36
|
-
}
|
|
37
22
|
assertState(expectedStates) {
|
|
38
23
|
if (!Array.isArray(expectedStates)) {
|
|
24
|
+
// biome-ignore lint/style/noParameterAssign: <explanation>
|
|
39
25
|
expectedStates = [expectedStates];
|
|
40
26
|
}
|
|
41
27
|
if (!expectedStates.includes(this.state)) {
|
|
@@ -43,16 +29,19 @@ class OpenId4VcVerificationSessionRecord extends core_1.BaseRecord {
|
|
|
43
29
|
}
|
|
44
30
|
}
|
|
45
31
|
getTags() {
|
|
46
|
-
const
|
|
47
|
-
const nonce =
|
|
32
|
+
const parsedAuthorizationRequest = core_1.Jwt.fromSerializedJwt(this.authorizationRequestJwt);
|
|
33
|
+
const nonce = parsedAuthorizationRequest.payload.additionalClaims.nonce;
|
|
48
34
|
if (!nonce || typeof nonce !== 'string')
|
|
49
35
|
throw new core_1.CredoError('Expected nonce in authorization request payload');
|
|
50
|
-
const payloadState =
|
|
36
|
+
const payloadState = parsedAuthorizationRequest.payload.additionalClaims.state;
|
|
37
|
+
if (!payloadState || typeof payloadState !== 'string')
|
|
38
|
+
throw new core_1.CredoError('Expected state in authorization request payload');
|
|
51
39
|
return {
|
|
52
40
|
...this._tags,
|
|
53
41
|
verifierId: this.verifierId,
|
|
54
42
|
state: this.state,
|
|
55
43
|
nonce,
|
|
44
|
+
// FIXME: how do we call this property so it doesn't conflict with the record state?
|
|
56
45
|
payloadState,
|
|
57
46
|
authorizationRequestUri: this.authorizationRequestUri,
|
|
58
47
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OpenId4VcVerificationSessionRecord.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"OpenId4VcVerificationSessionRecord.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.ts"],"names":[],"mappings":";;;AAIA,yCAAmE;AAiCnE,MAAa,kCAAmC,SAAQ,iBAAyD;IAyC/G,YAAmB,KAA8C;QAC/D,KAAK,EAAE,CAAA;QAxCO,SAAI,GAAG,kCAAkC,CAAC,IAAI,CAAA;QA0C5D,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC,EAAE,IAAI,YAAK,CAAC,IAAI,EAAE,CAAA;YAClC,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAA;YAC9C,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,IAAI,EAAE,CAAA;YAE7B,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAA;YAClC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAA;YACxB,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,YAAY,CAAA;YACtC,IAAI,CAAC,uBAAuB,GAAG,KAAK,CAAC,uBAAuB,CAAA;YAC5D,IAAI,CAAC,uBAAuB,GAAG,KAAK,CAAC,uBAAuB,CAAA;YAC5D,IAAI,CAAC,4BAA4B,GAAG,KAAK,CAAC,4BAA4B,CAAA;YAEtE,IAAI,CAAC,iCAAiC,GAAG,KAAK,CAAC,iCAAiC,CAAA;QAClF,CAAC;IACH,CAAC;IAEM,WAAW,CAAC,cAAuF;QACxG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YACnC,2DAA2D;YAC3D,cAAc,GAAG,CAAC,cAAc,CAAC,CAAA;QACnC,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,iBAAU,CAClB,0DAA0D,IAAI,CAAC,KAAK,uBAAuB,cAAc,CAAC,IAAI,CAC5G,IAAI,CACL,GAAG,CACL,CAAA;QACH,CAAC;IACH,CAAC;IAEM,OAAO;QACZ,MAAM,0BAA0B,GAAG,UAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAA;QAEtF,MAAM,KAAK,GAAG,0BAA0B,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAA;QACvE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,MAAM,IAAI,iBAAU,CAAC,iDAAiD,CAAC,CAAA;QAEhH,MAAM,YAAY,GAAG,0BAA0B,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAA;QAC9E,IAAI,CAAC,YAAY,IAAI,OAAO,YAAY,KAAK,QAAQ;YACnD,MAAM,IAAI,iBAAU,CAAC,iDAAiD,CAAC,CAAA;QAEzE,OAAO;YACL,GAAG,IAAI,CAAC,KAAK;YACb,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,KAAK;YACL,oFAAoF;YACpF,YAAY;YACZ,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;SACtD,CAAA;IACH,CAAC;;AA9FH,gFA+FC;AA9FwB,uCAAI,GAAG,oCAAoC,AAAvC,CAAuC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { Repository, StorageService
|
|
1
|
+
import { EventEmitter, Repository, StorageService } from '@credo-ts/core';
|
|
2
2
|
import { OpenId4VcVerificationSessionRecord } from './OpenId4VcVerificationSessionRecord';
|
|
3
3
|
export declare class OpenId4VcVerificationSessionRepository extends Repository<OpenId4VcVerificationSessionRecord> {
|
|
4
4
|
constructor(storageService: StorageService<OpenId4VcVerificationSessionRecord>, eventEmitter: EventEmitter);
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { OpenId4VcSiopVerifierClientMetadata } from '../OpenId4VcSiopVerifierServiceOptions';
|
|
2
1
|
import type { RecordTags, TagsBase } from '@credo-ts/core';
|
|
2
|
+
import type { OpenId4VcSiopVerifierClientMetadata } from '../OpenId4VcSiopVerifierServiceOptions';
|
|
3
3
|
import { BaseRecord } from '@credo-ts/core';
|
|
4
4
|
export type OpenId4VcVerifierRecordTags = RecordTags<OpenId4VcVerifierRecord>;
|
|
5
5
|
export type DefaultOpenId4VcVerifierRecordTags = {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { AgentContext } from '@credo-ts/core';
|
|
2
|
-
import { Repository, StorageService
|
|
2
|
+
import { EventEmitter, Repository, StorageService } from '@credo-ts/core';
|
|
3
3
|
import { OpenId4VcVerifierRecord } from './OpenId4VcVerifierRecord';
|
|
4
4
|
export declare class OpenId4VcVerifierRepository extends Repository<OpenId4VcVerifierRecord> {
|
|
5
5
|
constructor(storageService: StorageService<OpenId4VcVerifierRecord>, eventEmitter: EventEmitter);
|
|
@@ -1,21 +1,119 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.configureAuthorizationEndpoint = configureAuthorizationEndpoint;
|
|
4
|
-
const oauth2_1 = require("@
|
|
4
|
+
const oauth2_1 = require("@animo-id/oauth2");
|
|
5
|
+
const core_1 = require("@credo-ts/core");
|
|
6
|
+
const did_auth_siop_1 = require("@sphereon/did-auth-siop");
|
|
5
7
|
const router_1 = require("../../shared/router");
|
|
6
8
|
const OpenId4VcSiopVerifierService_1 = require("../OpenId4VcSiopVerifierService");
|
|
9
|
+
async function getVerificationSession(agentContext, options) {
|
|
10
|
+
const { verifierId, state, nonce } = options;
|
|
11
|
+
const openId4VcVerifierService = agentContext.dependencyManager.resolve(OpenId4VcSiopVerifierService_1.OpenId4VcSiopVerifierService);
|
|
12
|
+
const session = await openId4VcVerifierService.findVerificationSessionForAuthorizationResponse(agentContext, {
|
|
13
|
+
authorizationResponseParams: { state, nonce },
|
|
14
|
+
verifierId,
|
|
15
|
+
});
|
|
16
|
+
if (!session) {
|
|
17
|
+
agentContext.config.logger.warn(`No verification session found for incoming authorization response for verifier ${verifierId}`);
|
|
18
|
+
throw new core_1.CredoError(`No state or nonce provided in authorization response for verifier ${verifierId}`);
|
|
19
|
+
}
|
|
20
|
+
return session;
|
|
21
|
+
}
|
|
22
|
+
const decryptJarmResponse = (agentContext) => {
|
|
23
|
+
return async (input) => {
|
|
24
|
+
const { jwe: compactJwe, jwk: jwkJson } = input;
|
|
25
|
+
const key = core_1.Key.fromFingerprint(jwkJson.kid);
|
|
26
|
+
if (!agentContext.wallet.directDecryptCompactJweEcdhEs) {
|
|
27
|
+
throw new core_1.CredoError('Cannot decrypt Jarm Response, wallet does not support directDecryptCompactJweEcdhEs');
|
|
28
|
+
}
|
|
29
|
+
const { data, header } = await agentContext.wallet.directDecryptCompactJweEcdhEs({ compactJwe, recipientKey: key });
|
|
30
|
+
const decryptedPayload = core_1.TypedArrayEncoder.toUtf8String(data);
|
|
31
|
+
return {
|
|
32
|
+
plaintext: decryptedPayload,
|
|
33
|
+
protectedHeader: header,
|
|
34
|
+
};
|
|
35
|
+
};
|
|
36
|
+
};
|
|
7
37
|
function configureAuthorizationEndpoint(router, config) {
|
|
8
38
|
router.post(config.endpointPath, async (request, response, next) => {
|
|
9
39
|
const { agentContext, verifier } = (0, router_1.getRequestContext)(request);
|
|
40
|
+
let jarmResponseType;
|
|
10
41
|
try {
|
|
11
42
|
const openId4VcVerifierService = agentContext.dependencyManager.resolve(OpenId4VcSiopVerifierService_1.OpenId4VcSiopVerifierService);
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
43
|
+
let verificationSession;
|
|
44
|
+
let authorizationResponsePayload;
|
|
45
|
+
let jarmHeader = undefined;
|
|
46
|
+
if (request.body.response) {
|
|
47
|
+
const res = await did_auth_siop_1.RP.processJarmAuthorizationResponse(request.body.response, {
|
|
48
|
+
getAuthRequestPayload: async (input) => {
|
|
49
|
+
verificationSession = await getVerificationSession(agentContext, {
|
|
50
|
+
verifierId: verifier.verifierId,
|
|
51
|
+
state: input.state,
|
|
52
|
+
nonce: input.nonce,
|
|
53
|
+
});
|
|
54
|
+
const req = await did_auth_siop_1.AuthorizationRequest.fromUriOrJwt(verificationSession.authorizationRequestJwt);
|
|
55
|
+
const requestObjectPayload = await req.requestObject?.getPayload();
|
|
56
|
+
if (!requestObjectPayload) {
|
|
57
|
+
throw new core_1.CredoError('No request object payload found.');
|
|
58
|
+
}
|
|
59
|
+
return { authRequestParams: requestObjectPayload };
|
|
60
|
+
},
|
|
61
|
+
decryptCompact: decryptJarmResponse(agentContext),
|
|
62
|
+
hasher: core_1.Hasher.hash,
|
|
63
|
+
});
|
|
64
|
+
jarmResponseType = res.type;
|
|
65
|
+
const [header] = request.body.response.split('.');
|
|
66
|
+
jarmHeader = core_1.JsonEncoder.fromBase64(header);
|
|
67
|
+
// FIXME: verify the apv matches the nonce of the authorization reuqest
|
|
68
|
+
authorizationResponsePayload = res.authResponseParams;
|
|
69
|
+
}
|
|
70
|
+
else {
|
|
71
|
+
authorizationResponsePayload = request.body;
|
|
72
|
+
verificationSession = await getVerificationSession(agentContext, {
|
|
73
|
+
verifierId: verifier.verifierId,
|
|
74
|
+
state: authorizationResponsePayload.state,
|
|
75
|
+
nonce: authorizationResponsePayload.nonce,
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
if (typeof authorizationResponsePayload.presentation_submission === 'string') {
|
|
79
|
+
authorizationResponsePayload.presentation_submission = JSON.parse(request.body.presentation_submission);
|
|
80
|
+
}
|
|
81
|
+
// This feels hacky, and should probably be moved to OID4VP lib. However the OID4VP spec allows either object, string, or array...
|
|
82
|
+
if (typeof authorizationResponsePayload.vp_token === 'string' &&
|
|
83
|
+
(authorizationResponsePayload.vp_token.startsWith('{') || authorizationResponsePayload.vp_token.startsWith('['))) {
|
|
84
|
+
authorizationResponsePayload.vp_token = JSON.parse(authorizationResponsePayload.vp_token);
|
|
85
|
+
}
|
|
86
|
+
if (!verificationSession) {
|
|
87
|
+
throw new core_1.CredoError('Missing verification session, cannot verify authorization response.');
|
|
88
|
+
}
|
|
89
|
+
const authorizationRequest = await did_auth_siop_1.AuthorizationRequest.fromUriOrJwt(verificationSession.authorizationRequestJwt);
|
|
90
|
+
const response_mode = await authorizationRequest.getMergedProperty('response_mode');
|
|
91
|
+
if (response_mode?.includes('jwt') && !jarmResponseType) {
|
|
92
|
+
throw new oauth2_1.Oauth2ServerErrorResponseError({
|
|
93
|
+
error: oauth2_1.Oauth2ErrorCodes.InvalidRequest,
|
|
94
|
+
error_description: `JARM response is required for JWT response mode '${response_mode}'.`,
|
|
95
|
+
});
|
|
96
|
+
}
|
|
97
|
+
if (!response_mode?.includes('jwt') && jarmResponseType) {
|
|
98
|
+
throw new oauth2_1.Oauth2ServerErrorResponseError({
|
|
99
|
+
error: oauth2_1.Oauth2ErrorCodes.InvalidRequest,
|
|
100
|
+
error_description: `Recieved JARM response which is incompatible with response mode '${response_mode}'.`,
|
|
101
|
+
});
|
|
102
|
+
}
|
|
103
|
+
if (jarmResponseType && jarmResponseType !== 'encrypted') {
|
|
104
|
+
throw new oauth2_1.Oauth2ServerErrorResponseError({
|
|
105
|
+
error: oauth2_1.Oauth2ErrorCodes.InvalidRequest,
|
|
106
|
+
error_description: `Only encrypted JARM responses are supported, received '${jarmResponseType}'.`,
|
|
107
|
+
});
|
|
108
|
+
}
|
|
109
|
+
await openId4VcVerifierService.verifyAuthorizationResponse(agentContext, {
|
|
110
|
+
authorizationResponse: authorizationResponsePayload,
|
|
111
|
+
verificationSession,
|
|
112
|
+
jarmHeader,
|
|
15
113
|
});
|
|
16
114
|
return (0, router_1.sendJsonResponse)(response, next, {
|
|
17
115
|
// Used only for presentation during issuance flow, to prevent session fixation.
|
|
18
|
-
presentation_during_issuance_session:
|
|
116
|
+
presentation_during_issuance_session: verificationSession.presentationDuringIssuanceSession,
|
|
19
117
|
});
|
|
20
118
|
}
|
|
21
119
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorizationEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/authorizationEndpoint.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"authorizationEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/authorizationEndpoint.ts"],"names":[],"mappings":";;AAmEA,wEAuGC;AApKD,6CAAmF;AACnF,yCAAwF;AACxF,2DAAkE;AAElE,gDAAqH;AACrH,kFAA8E;AAY9E,KAAK,UAAU,sBAAsB,CACnC,YAA0B,EAC1B,OAIC;IAED,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;IAE5C,MAAM,wBAAwB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,2DAA4B,CAAC,CAAA;IACrG,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,+CAA+C,CAAC,YAAY,EAAE;QAC3G,2BAA2B,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE;QAC7C,UAAU;KACX,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAC7B,kFAAkF,UAAU,EAAE,CAC/F,CAAA;QACD,MAAM,IAAI,iBAAU,CAAC,qEAAqE,UAAU,EAAE,CAAC,CAAA;IACzG,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,MAAM,mBAAmB,GAAG,CAAC,YAA0B,EAAkB,EAAE;IACzE,OAAO,KAAK,EAAE,KAAK,EAAE,EAAE;QACrB,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,KAAK,CAAA;QAC/C,MAAM,GAAG,GAAG,UAAG,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC5C,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC;YACvD,MAAM,IAAI,iBAAU,CAAC,qFAAqF,CAAC,CAAA;QAC7G,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,6BAA6B,CAAC,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,CAAA;QACnH,MAAM,gBAAgB,GAAG,wBAAiB,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAE7D,OAAO;YACL,SAAS,EAAE,gBAAgB;YAC3B,eAAe,EAAE,MAAgE;SAClF,CAAA;IACH,CAAC,CAAA;AACH,CAAC,CAAA;AAED,SAAgB,8BAA8B,CAAC,MAAc,EAAE,MAAgD;IAC7G,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,EAAE,OAAqC,EAAE,QAAkB,EAAE,IAAI,EAAE,EAAE;QACzG,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAE7D,IAAI,gBAAoC,CAAA;QAExC,IAAI,CAAC;YACH,MAAM,wBAAwB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,2DAA4B,CAAC,CAAA;YAErG,IAAI,mBAAmE,CAAA;YACvE,IAAI,4BAA0D,CAAA;YAC9D,IAAI,UAAU,GAA+C,SAAS,CAAA;YAEtE,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC1B,MAAM,GAAG,GAAG,MAAM,kBAAE,CAAC,gCAAgC,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE;oBAC3E,qBAAqB,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBACrC,mBAAmB,GAAG,MAAM,sBAAsB,CAAC,YAAY,EAAE;4BAC/D,UAAU,EAAE,QAAQ,CAAC,UAAU;4BAC/B,KAAK,EAAE,KAAK,CAAC,KAAK;4BAClB,KAAK,EAAE,KAAK,CAAC,KAAe;yBAC7B,CAAC,CAAA;wBAEF,MAAM,GAAG,GAAG,MAAM,oCAAoB,CAAC,YAAY,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;wBAChG,MAAM,oBAAoB,GAAG,MAAM,GAAG,CAAC,aAAa,EAAE,UAAU,EAAE,CAAA;wBAClE,IAAI,CAAC,oBAAoB,EAAE,CAAC;4BAC1B,MAAM,IAAI,iBAAU,CAAC,kCAAkC,CAAC,CAAA;wBAC1D,CAAC;wBACD,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,CAAA;oBACpD,CAAC;oBACD,cAAc,EAAE,mBAAmB,CAAC,YAAY,CAAC;oBACjD,MAAM,EAAE,aAAM,CAAC,IAAI;iBACpB,CAAC,CAAA;gBAEF,gBAAgB,GAAG,GAAG,CAAC,IAAI,CAAA;gBAE3B,MAAM,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gBACjD,UAAU,GAAG,kBAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;gBAC3C,uEAAuE;gBACvE,4BAA4B,GAAG,GAAG,CAAC,kBAAkD,CAAA;YACvF,CAAC;iBAAM,CAAC;gBACN,4BAA4B,GAAG,OAAO,CAAC,IAAI,CAAA;gBAC3C,mBAAmB,GAAG,MAAM,sBAAsB,CAAC,YAAY,EAAE;oBAC/D,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,KAAK,EAAE,4BAA4B,CAAC,KAAK;oBACzC,KAAK,EAAE,4BAA4B,CAAC,KAAK;iBAC1C,CAAC,CAAA;YACJ,CAAC;YACD,IAAI,OAAO,4BAA4B,CAAC,uBAAuB,KAAK,QAAQ,EAAE,CAAC;gBAC7E,4BAA4B,CAAC,uBAAuB,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAA;YACzG,CAAC;YAED,kIAAkI;YAClI,IACE,OAAO,4BAA4B,CAAC,QAAQ,KAAK,QAAQ;gBACzD,CAAC,4BAA4B,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,EAChH,CAAC;gBACD,4BAA4B,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,4BAA4B,CAAC,QAAQ,CAAC,CAAA;YAC3F,CAAC;YAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,MAAM,IAAI,iBAAU,CAAC,qEAAqE,CAAC,CAAA;YAC7F,CAAC;YAED,MAAM,oBAAoB,GAAG,MAAM,oCAAoB,CAAC,YAAY,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;YACjH,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,iBAAiB,CAAS,eAAe,CAAC,CAAA;YAC3F,IAAI,aAAa,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxD,MAAM,IAAI,uCAA8B,CAAC;oBACvC,KAAK,EAAE,yBAAgB,CAAC,cAAc;oBACtC,iBAAiB,EAAE,oDAAoD,aAAa,IAAI;iBACzF,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,gBAAgB,EAAE,CAAC;gBACxD,MAAM,IAAI,uCAA8B,CAAC;oBACvC,KAAK,EAAE,yBAAgB,CAAC,cAAc;oBACtC,iBAAiB,EAAE,oEAAoE,aAAa,IAAI;iBACzG,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,gBAAgB,IAAI,gBAAgB,KAAK,WAAW,EAAE,CAAC;gBACzD,MAAM,IAAI,uCAA8B,CAAC;oBACvC,KAAK,EAAE,yBAAgB,CAAC,cAAc;oBACtC,iBAAiB,EAAE,0DAA0D,gBAAgB,IAAI;iBAClG,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,wBAAwB,CAAC,2BAA2B,CAAC,YAAY,EAAE;gBACvE,qBAAqB,EAAE,4BAA4B;gBACnD,mBAAmB;gBACnB,UAAU;aACX,CAAC,CAAA;YACF,OAAO,IAAA,yBAAgB,EAAC,QAAQ,EAAE,IAAI,EAAE;gBACtC,gFAAgF;gBAChF,oCAAoC,EAAE,mBAAmB,CAAC,iCAAiC;aAC5F,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,uCAA8B,EAAE,CAAC;gBACpD,OAAO,IAAA,gCAAuB,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;YACnF,CAAC;YAED,OAAO,IAAA,0BAAiB,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAA;QACrG,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC"}
|
|
@@ -5,7 +5,9 @@ const core_1 = require("@credo-ts/core");
|
|
|
5
5
|
const router_1 = require("../../shared/router");
|
|
6
6
|
const OpenId4VcSiopVerifierService_1 = require("../OpenId4VcSiopVerifierService");
|
|
7
7
|
const OpenId4VcVerificationSessionState_1 = require("../OpenId4VcVerificationSessionState");
|
|
8
|
+
const OpenId4VcVerifierEvents_1 = require("../OpenId4VcVerifierEvents");
|
|
8
9
|
const OpenId4VcVerifierModuleConfig_1 = require("../OpenId4VcVerifierModuleConfig");
|
|
10
|
+
const repository_1 = require("../repository");
|
|
9
11
|
function configureAuthorizationRequestEndpoint(router, config) {
|
|
10
12
|
router.get((0, core_1.joinUriParts)(config.endpointPath, [':authorizationRequestId']), async (request, response, next) => {
|
|
11
13
|
const { agentContext, verifier } = (0, router_1.getRequestContext)(request);
|
|
@@ -14,6 +16,7 @@ function configureAuthorizationRequestEndpoint(router, config) {
|
|
|
14
16
|
}
|
|
15
17
|
try {
|
|
16
18
|
const verifierService = agentContext.dependencyManager.resolve(OpenId4VcSiopVerifierService_1.OpenId4VcSiopVerifierService);
|
|
19
|
+
const verificationSessionRepository = agentContext.dependencyManager.resolve(repository_1.OpenId4VcVerificationSessionRepository);
|
|
17
20
|
const verifierConfig = agentContext.dependencyManager.resolve(OpenId4VcVerifierModuleConfig_1.OpenId4VcVerifierModuleConfig);
|
|
18
21
|
// We always use shortened URIs currently
|
|
19
22
|
const fullAuthorizationRequestUri = (0, core_1.joinUriParts)(verifierConfig.baseUrl, [
|
|
@@ -25,8 +28,7 @@ function configureAuthorizationRequestEndpoint(router, config) {
|
|
|
25
28
|
verifierId: verifier.verifierId,
|
|
26
29
|
authorizationRequestUri: fullAuthorizationRequestUri,
|
|
27
30
|
});
|
|
28
|
-
|
|
29
|
-
if (!verificationSession || !verificationSession.authorizationRequestJwt) {
|
|
31
|
+
if (!verificationSession) {
|
|
30
32
|
return (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 404, 'not_found', 'Authorization request not found');
|
|
31
33
|
}
|
|
32
34
|
if (![
|
|
@@ -37,7 +39,18 @@ function configureAuthorizationRequestEndpoint(router, config) {
|
|
|
37
39
|
}
|
|
38
40
|
// It's okay to retrieve the offer multiple times. So we only update the state if it's not already retrieved
|
|
39
41
|
if (verificationSession.state !== OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.RequestUriRetrieved) {
|
|
40
|
-
|
|
42
|
+
const previousState = verificationSession.state;
|
|
43
|
+
verificationSession.state = OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.RequestUriRetrieved;
|
|
44
|
+
await verificationSessionRepository.update(agentContext, verificationSession);
|
|
45
|
+
agentContext.dependencyManager
|
|
46
|
+
.resolve(core_1.EventEmitter)
|
|
47
|
+
.emit(agentContext, {
|
|
48
|
+
type: OpenId4VcVerifierEvents_1.OpenId4VcVerifierEvents.VerificationSessionStateChanged,
|
|
49
|
+
payload: {
|
|
50
|
+
verificationSession: verificationSession.clone(),
|
|
51
|
+
previousState,
|
|
52
|
+
},
|
|
53
|
+
});
|
|
41
54
|
}
|
|
42
55
|
response.type('application/oauth-authz-req+jwt').status(200).send(verificationSession.authorizationRequestJwt);
|
|
43
56
|
next();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorizationRequestEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/authorizationRequestEndpoint.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"authorizationRequestEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/authorizationRequestEndpoint.ts"],"names":[],"mappings":";;AAuBA,sFA2FC;AA9GD,yCAA2D;AAE3D,gDAA0E;AAC1E,kFAA8E;AAC9E,4FAAwF;AACxF,wEAAoE;AACpE,oFAAgF;AAChF,8CAAsE;AAYtE,SAAgB,qCAAqC,CACnD,MAAc,EACd,MAAuD;IAEvD,MAAM,CAAC,GAAG,CACR,IAAA,mBAAY,EAAC,MAAM,CAAC,YAAY,EAAE,CAAC,yBAAyB,CAAC,CAAC,EAC9D,KAAK,EAAE,OAAqC,EAAE,QAAkB,EAAE,IAAI,EAAE,EAAE;QACxE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAE7D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAsB,IAAI,OAAO,OAAO,CAAC,MAAM,CAAC,sBAAsB,KAAK,QAAQ,EAAE,CAAC;YACxG,OAAO,IAAA,0BAAiB,EACtB,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,iBAAiB,EACjB,mCAAmC,CACpC,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,2DAA4B,CAAC,CAAA;YAC5F,MAAM,6BAA6B,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAC1E,mDAAsC,CACvC,CAAA;YACD,MAAM,cAAc,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,6DAA6B,CAAC,CAAA;YAE5F,yCAAyC;YACzC,MAAM,2BAA2B,GAAG,IAAA,mBAAY,EAAC,cAAc,CAAC,OAAO,EAAE;gBACvE,QAAQ,CAAC,UAAU;gBACnB,cAAc,CAAC,4BAA4B,CAAC,YAAY;gBACxD,OAAO,CAAC,MAAM,CAAC,sBAAsB;aACtC,CAAC,CAAA;YAEF,MAAM,CAAC,mBAAmB,CAAC,GAAG,MAAM,eAAe,CAAC,+BAA+B,CAAC,YAAY,EAAE;gBAChG,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,uBAAuB,EAAE,2BAA2B;aACrD,CAAC,CAAA;YAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,OAAO,IAAA,0BAAiB,EACtB,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,WAAW,EACX,iCAAiC,CAClC,CAAA;YACH,CAAC;YAED,IACE,CAAC;gBACC,qEAAiC,CAAC,cAAc;gBAChD,qEAAiC,CAAC,mBAAmB;aACtD,CAAC,QAAQ,CAAC,mBAAmB,CAAC,KAAK,CAAC,EACrC,CAAC;gBACD,OAAO,IAAA,0BAAiB,EACtB,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,iBAAiB,EACjB,yCAAyC,CAC1C,CAAA;YACH,CAAC;YAED,4GAA4G;YAC5G,IAAI,mBAAmB,CAAC,KAAK,KAAK,qEAAiC,CAAC,mBAAmB,EAAE,CAAC;gBACxF,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAA;gBAE/C,mBAAmB,CAAC,KAAK,GAAG,qEAAiC,CAAC,mBAAmB,CAAA;gBACjF,MAAM,6BAA6B,CAAC,MAAM,CAAC,YAAY,EAAE,mBAAmB,CAAC,CAAA;gBAE7E,YAAY,CAAC,iBAAiB;qBAC3B,OAAO,CAAC,mBAAY,CAAC;qBACrB,IAAI,CAAgD,YAAY,EAAE;oBACjE,IAAI,EAAE,iDAAuB,CAAC,+BAA+B;oBAC7D,OAAO,EAAE;wBACP,mBAAmB,EAAE,mBAAmB,CAAC,KAAK,EAAE;wBAChD,aAAa;qBACd;iBACF,CAAC,CAAA;YACN,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;YAC9G,IAAI,EAAE,CAAA;QACR,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAA,0BAAiB,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAA;QACrG,CAAC;IACH,CAAC,CACF,CAAA;AACH,CAAC"}
|
|
@@ -1,23 +1,15 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { ClientAuthenticationCallback, SignJwtCallback, VerifyJwtCallback } from '@animo-id/oauth2';
|
|
2
2
|
import type { AgentContext } from '@credo-ts/core';
|
|
3
|
-
import type {
|
|
4
|
-
export declare function
|
|
5
|
-
export declare function
|
|
6
|
-
export declare function
|
|
7
|
-
|
|
8
|
-
export declare function getOid4vcCallbacks(agentContext: AgentContext, trustedCertificates?: string[]): {
|
|
9
|
-
hash: (data: Uint8Array, alg: import("@openid4vc/oauth2").HashAlgorithm) => Uint8Array;
|
|
3
|
+
import type { OpenId4VcIssuerRecord } from '../openid4vc-issuer/repository';
|
|
4
|
+
export declare function getOid4vciJwtVerifyCallback(agentContext: AgentContext): VerifyJwtCallback;
|
|
5
|
+
export declare function getOid4vciJwtSignCallback(agentContext: AgentContext): SignJwtCallback;
|
|
6
|
+
export declare function getOid4vciCallbacks(agentContext: AgentContext): {
|
|
7
|
+
hash: (data: Uint8Array, alg: import("@animo-id/oauth2").HashAlgorithm) => Uint8Array;
|
|
10
8
|
generateRandom: (length: number) => Uint8Array;
|
|
11
9
|
signJwt: SignJwtCallback;
|
|
12
10
|
clientAuthentication: () => void;
|
|
13
11
|
verifyJwt: VerifyJwtCallback;
|
|
14
12
|
fetch: typeof fetch;
|
|
15
|
-
encryptJwe: EncryptJweCallback;
|
|
16
|
-
decryptJwe: DecryptJweCallback;
|
|
17
|
-
getX509CertificateMetadata: (certificate: string) => {
|
|
18
|
-
sanDnsNames: string[];
|
|
19
|
-
sanUriNames: string[];
|
|
20
|
-
};
|
|
21
13
|
};
|
|
22
14
|
/**
|
|
23
15
|
* Allows us to authenticate when making requests to an external
|