@credo-ts/openid4vc 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (163) hide show
  1. package/build/OpenId4VcApi.d.mts +1 -1
  2. package/build/OpenId4VcApi.d.ts +1 -1
  3. package/build/OpenId4VcApi.js +2 -2
  4. package/build/OpenId4VcApi.mjs +2 -2
  5. package/build/OpenId4VcModule.d.mts +1 -1
  6. package/build/OpenId4VcModule.d.ts +1 -1
  7. package/build/OpenId4VcModule.js +2 -2
  8. package/build/OpenId4VcModule.mjs +2 -2
  9. package/build/OpenId4VcModuleConfig.js +1 -1
  10. package/build/OpenId4VcModuleConfig.mjs +1 -1
  11. package/build/index.d.mts +15 -14
  12. package/build/index.d.ts +15 -14
  13. package/build/index.js +22 -15
  14. package/build/index.mjs +18 -17
  15. package/build/openid4vc-holder/OpenId4VcHolderApi.d.mts.map +1 -1
  16. package/build/openid4vc-holder/OpenId4VcHolderApi.d.ts.map +1 -1
  17. package/build/openid4vc-holder/OpenId4VcHolderApi.mjs.map +1 -1
  18. package/build/openid4vc-holder/OpenId4VciHolderService.d.mts.map +1 -1
  19. package/build/openid4vc-holder/OpenId4VciHolderService.d.ts.map +1 -1
  20. package/build/openid4vc-holder/OpenId4VciHolderService.js +11 -8
  21. package/build/openid4vc-holder/OpenId4VciHolderService.mjs +11 -8
  22. package/build/openid4vc-holder/OpenId4VciHolderService.mjs.map +1 -1
  23. package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.d.mts.map +1 -1
  24. package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.d.ts.map +1 -1
  25. package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.mjs.map +1 -1
  26. package/build/openid4vc-holder/OpenId4vpHolderService.d.mts.map +1 -1
  27. package/build/openid4vc-holder/OpenId4vpHolderService.d.ts.map +1 -1
  28. package/build/openid4vc-holder/OpenId4vpHolderService.js +4 -4
  29. package/build/openid4vc-holder/OpenId4vpHolderService.mjs +4 -4
  30. package/build/openid4vc-holder/OpenId4vpHolderService.mjs.map +1 -1
  31. package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.mts +5 -214
  32. package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.mts.map +1 -1
  33. package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.ts +5 -214
  34. package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.ts.map +1 -1
  35. package/build/openid4vc-issuer/OpenId4VcIssuerApi.js +1 -1
  36. package/build/openid4vc-issuer/OpenId4VcIssuerApi.mjs +1 -1
  37. package/build/openid4vc-issuer/OpenId4VcIssuerApi.mjs.map +1 -1
  38. package/build/openid4vc-issuer/OpenId4VcIssuerModule.d.mts.map +1 -1
  39. package/build/openid4vc-issuer/OpenId4VcIssuerModule.d.ts.map +1 -1
  40. package/build/openid4vc-issuer/OpenId4VcIssuerModule.js +7 -7
  41. package/build/openid4vc-issuer/OpenId4VcIssuerModule.mjs +7 -7
  42. package/build/openid4vc-issuer/OpenId4VcIssuerModule.mjs.map +1 -1
  43. package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.d.mts.map +1 -1
  44. package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.d.ts.map +1 -1
  45. package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.mjs.map +1 -1
  46. package/build/openid4vc-issuer/OpenId4VcIssuerService.d.mts +8 -218
  47. package/build/openid4vc-issuer/OpenId4VcIssuerService.d.mts.map +1 -1
  48. package/build/openid4vc-issuer/OpenId4VcIssuerService.d.ts +8 -218
  49. package/build/openid4vc-issuer/OpenId4VcIssuerService.d.ts.map +1 -1
  50. package/build/openid4vc-issuer/OpenId4VcIssuerService.js +18 -18
  51. package/build/openid4vc-issuer/OpenId4VcIssuerService.mjs +19 -19
  52. package/build/openid4vc-issuer/OpenId4VcIssuerService.mjs.map +1 -1
  53. package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.d.mts +1 -1
  54. package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.d.ts +1 -1
  55. package/build/openid4vc-issuer/index.js +2 -2
  56. package/build/openid4vc-issuer/index.mjs +2 -2
  57. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.mts +1 -1
  58. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.mts.map +1 -1
  59. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.ts +1 -1
  60. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.ts.map +1 -1
  61. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.js +1 -1
  62. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.mjs +1 -1
  63. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.mjs.map +1 -1
  64. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.js +1 -1
  65. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.mjs +1 -1
  66. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.mjs.map +1 -1
  67. package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.d.mts.map +1 -1
  68. package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.d.ts.map +1 -1
  69. package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.mjs.map +1 -1
  70. package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.js +1 -1
  71. package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.mjs +1 -1
  72. package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.mjs.map +1 -1
  73. package/build/openid4vc-issuer/repository/index.js +2 -2
  74. package/build/openid4vc-issuer/repository/index.mjs +2 -2
  75. package/build/openid4vc-issuer/router/accessTokenEndpoint.js +3 -4
  76. package/build/openid4vc-issuer/router/accessTokenEndpoint.mjs +3 -4
  77. package/build/openid4vc-issuer/router/accessTokenEndpoint.mjs.map +1 -1
  78. package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.js +5 -6
  79. package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.mjs +6 -7
  80. package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.mjs.map +1 -1
  81. package/build/openid4vc-issuer/router/authorizationServerMetadataEndpoint.mjs.map +1 -1
  82. package/build/openid4vc-issuer/router/credentialEndpoint.js +5 -6
  83. package/build/openid4vc-issuer/router/credentialEndpoint.mjs +5 -6
  84. package/build/openid4vc-issuer/router/credentialEndpoint.mjs.map +1 -1
  85. package/build/openid4vc-issuer/router/credentialOfferEndpoint.js +2 -4
  86. package/build/openid4vc-issuer/router/credentialOfferEndpoint.mjs +3 -4
  87. package/build/openid4vc-issuer/router/credentialOfferEndpoint.mjs.map +1 -1
  88. package/build/openid4vc-issuer/router/deferredCredentialEndpoint.js +2 -4
  89. package/build/openid4vc-issuer/router/deferredCredentialEndpoint.mjs +3 -4
  90. package/build/openid4vc-issuer/router/deferredCredentialEndpoint.mjs.map +1 -1
  91. package/build/openid4vc-issuer/router/index.js +4 -4
  92. package/build/openid4vc-issuer/router/index.mjs +4 -4
  93. package/build/openid4vc-issuer/router/issuerMetadataEndpoint.mjs.map +1 -1
  94. package/build/openid4vc-issuer/router/jwksEndpoint.mjs.map +1 -1
  95. package/build/openid4vc-issuer/router/nonceEndpoint.mjs.map +1 -1
  96. package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.mts +1 -1
  97. package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.mts.map +1 -1
  98. package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.ts +1 -1
  99. package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.ts.map +1 -1
  100. package/build/openid4vc-verifier/OpenId4VcVerifierApi.js +1 -1
  101. package/build/openid4vc-verifier/OpenId4VcVerifierApi.mjs +1 -1
  102. package/build/openid4vc-verifier/OpenId4VcVerifierApi.mjs.map +1 -1
  103. package/build/openid4vc-verifier/OpenId4VcVerifierModule.d.mts.map +1 -1
  104. package/build/openid4vc-verifier/OpenId4VcVerifierModule.d.ts.map +1 -1
  105. package/build/openid4vc-verifier/OpenId4VcVerifierModule.js +2 -2
  106. package/build/openid4vc-verifier/OpenId4VcVerifierModule.mjs +2 -2
  107. package/build/openid4vc-verifier/OpenId4VcVerifierModule.mjs.map +1 -1
  108. package/build/openid4vc-verifier/OpenId4VpVerifierService.d.mts +3 -3
  109. package/build/openid4vc-verifier/OpenId4VpVerifierService.d.mts.map +1 -1
  110. package/build/openid4vc-verifier/OpenId4VpVerifierService.d.ts +3 -3
  111. package/build/openid4vc-verifier/OpenId4VpVerifierService.d.ts.map +1 -1
  112. package/build/openid4vc-verifier/OpenId4VpVerifierService.js +17 -17
  113. package/build/openid4vc-verifier/OpenId4VpVerifierService.mjs +17 -17
  114. package/build/openid4vc-verifier/OpenId4VpVerifierService.mjs.map +1 -1
  115. package/build/openid4vc-verifier/OpenId4VpVerifierServiceOptions.d.mts +1 -1
  116. package/build/openid4vc-verifier/OpenId4VpVerifierServiceOptions.d.ts +1 -1
  117. package/build/openid4vc-verifier/index.js +3 -3
  118. package/build/openid4vc-verifier/index.mjs +3 -3
  119. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.mts +1 -1
  120. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.mts.map +1 -1
  121. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.ts +1 -1
  122. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.ts.map +1 -1
  123. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.mjs.map +1 -1
  124. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.js +1 -1
  125. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.mjs +1 -1
  126. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.mjs.map +1 -1
  127. package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.d.mts.map +1 -1
  128. package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.d.ts.map +1 -1
  129. package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.mjs.map +1 -1
  130. package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.js +1 -1
  131. package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.mjs +1 -1
  132. package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.mjs.map +1 -1
  133. package/build/openid4vc-verifier/repository/index.js +2 -2
  134. package/build/openid4vc-verifier/repository/index.mjs +2 -2
  135. package/build/openid4vc-verifier/router/authorizationEndpoint.js +1 -1
  136. package/build/openid4vc-verifier/router/authorizationEndpoint.mjs +1 -1
  137. package/build/openid4vc-verifier/router/authorizationEndpoint.mjs.map +1 -1
  138. package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js +1 -1
  139. package/build/openid4vc-verifier/router/authorizationRequestEndpoint.mjs +1 -1
  140. package/build/openid4vc-verifier/router/authorizationRequestEndpoint.mjs.map +1 -1
  141. package/build/shared/callbacks.d.mts +46 -0
  142. package/build/shared/callbacks.d.mts.map +1 -0
  143. package/build/shared/callbacks.d.ts +46 -0
  144. package/build/shared/callbacks.d.ts.map +1 -0
  145. package/build/shared/callbacks.js +5 -1
  146. package/build/shared/callbacks.mjs +1 -1
  147. package/build/shared/callbacks.mjs.map +1 -1
  148. package/build/shared/index.js +2 -1
  149. package/build/shared/index.mjs +2 -1
  150. package/build/shared/issuerMetadataUtils.d.mts +2 -258
  151. package/build/shared/issuerMetadataUtils.d.mts.map +1 -1
  152. package/build/shared/issuerMetadataUtils.d.ts +2 -258
  153. package/build/shared/issuerMetadataUtils.d.ts.map +1 -1
  154. package/build/shared/issuerMetadataUtils.mjs.map +1 -1
  155. package/build/shared/models/index.d.ts +1 -1
  156. package/build/shared/router/context.mjs.map +1 -1
  157. package/build/shared/router/index.js +1 -1
  158. package/build/shared/router/index.mjs +1 -1
  159. package/build/shared/router/tenants.mjs.map +1 -1
  160. package/build/shared/utils.js +0 -8
  161. package/build/shared/utils.mjs +1 -7
  162. package/build/shared/utils.mjs.map +1 -1
  163. package/package.json +8 -8
package/build/openid4vc-issuer/router/credentialEndpoint.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"credentialEndpoint.mjs","names":["issuanceSession: OpenId4VcIssuanceSessionRecord | null","configurationsForToken: CredentialConfigurationsSupportedWithFormats"],"sources":["../../../src/openid4vc-issuer/router/credentialEndpoint.ts"],"sourcesContent":["import type { HttpMethod } from '@openid4vc/oauth2'\nimport type { Response, Router } from 'express'\nimport type { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nimport { joinUriParts, utils } from '@credo-ts/core'\nimport { Oauth2ErrorCodes, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError } from '@openid4vc/oauth2'\nimport {\n type CredentialConfigurationsSupportedWithFormats,\n Openid4vciDraftVersion,\n getCredentialConfigurationsMatchingRequestFormat,\n} from '@openid4vc/openid4vci'\n\nimport { getCredentialConfigurationsSupportedForScopes } from '../../shared'\nimport {\n getRequestContext,\n sendJsonResponse,\n sendOauth2ErrorResponse,\n sendUnauthorizedError,\n sendUnknownServerErrorResponse,\n} from '../../shared/router'\nimport { addSecondsToDate } from '../../shared/utils'\nimport { OpenId4VcIssuanceSessionState } from '../OpenId4VcIssuanceSessionState'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\nimport { OpenId4VcIssuanceSessionRecord, OpenId4VcIssuanceSessionRepository } from '../repository'\n\nexport function configureCredentialEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.post(config.credentialEndpointPath, async (request: OpenId4VcIssuanceRequest, response: Response, next) => {\n const { agentContext, issuer } = getRequestContext(request)\n const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const issuerMetadata = await openId4VcIssuerService.getIssuerMetadata(agentContext, issuer, true)\n const vcIssuer = openId4VcIssuerService.getIssuer(agentContext)\n const resourceServer = openId4VcIssuerService.getResourceServer(agentContext, issuer)\n\n const fullRequestUrl = joinUriParts(issuerMetadata.credentialIssuer.credential_issuer, [\n config.credentialEndpointPath,\n ])\n const resourceRequestResult = await resourceServer\n .verifyResourceRequest({\n authorizationServers: issuerMetadata.authorizationServers,\n resourceServer: issuerMetadata.credentialIssuer.credential_issuer,\n request: {\n headers: new Headers(request.headers as Record<string, string>),\n method: request.method as HttpMethod,\n url: fullRequestUrl,\n },\n })\n .catch((error) => {\n sendUnauthorizedError(response, next, agentContext.config.logger, error)\n })\n if (!resourceRequestResult) return\n const { tokenPayload, accessToken, scheme, authorizationServer } = resourceRequestResult\n\n const credentialRequest = request.body\n const issuanceSessionRepository = agentContext.dependencyManager.resolve(OpenId4VcIssuanceSessionRepository)\n\n const parsedCredentialRequest = vcIssuer.parseCredentialRequest({\n credentialRequest,\n issuerMetadata,\n })\n\n let issuanceSession: OpenId4VcIssuanceSessionRecord | null = null\n const preAuthorizedCode =\n typeof tokenPayload['pre-authorized_code'] === 'string' ? tokenPayload['pre-authorized_code'] : undefined\n const issuerState = typeof tokenPayload.issuer_state === 'string' ? tokenPayload.issuer_state : undefined\n\n const subject = tokenPayload.sub\n if (!subject) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.ServerError,\n },\n {\n internalMessage: `Received token without 'sub' claim. Subject is required for binding issuance session`,\n }\n )\n )\n }\n\n // Already handle request without format/credential_configuration_id. Simplifies next code sections\n if (!parsedCredentialRequest.format && !parsedCredentialRequest.credentialConfiguration) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError({\n error: parsedCredentialRequest.credentialIdentifier\n ? Oauth2ErrorCodes.InvalidCredentialRequest\n : Oauth2ErrorCodes.UnsupportedCredentialFormat,\n error_description: parsedCredentialRequest.credentialIdentifier\n ? `Credential request containing 'credential_identifier' not supported`\n : parsedCredentialRequest.credentialConfigurationId\n ? `Credential configuration '${parsedCredentialRequest.credentialConfigurationId}' not supported`\n : `Credential format '${parsedCredentialRequest.credentialRequest.format}' not supported`,\n })\n )\n }\n\n if (preAuthorizedCode || issuerState) {\n issuanceSession = await issuanceSessionRepository.findSingleByQuery(agentContext, {\n issuerId: issuer.issuerId,\n preAuthorizedCode,\n issuerState,\n })\n\n if (!issuanceSession) {\n agentContext.config.logger.warn(\n `No issuance session found for incoming credential request for issuer ${\n issuer.issuerId\n } but access token data has ${\n issuerState ? 'issuer_state' : 'pre-authorized_code'\n }. Returning error response`,\n {\n tokenPayload,\n }\n )\n\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n },\n {\n internalMessage: `No issuance session found for incoming credential request for issuer ${issuer.issuerId} and access token data`,\n }\n )\n )\n }\n\n // Use issuance session dpop config\n if (issuanceSession.dpop?.required && !resourceRequestResult.dpop) {\n return sendUnauthorizedError(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ResourceUnauthorizedError('Missing required DPoP proof', {\n scheme,\n error: Oauth2ErrorCodes.InvalidDpopProof,\n })\n )\n }\n\n const expiresAt =\n issuanceSession.expiresAt ??\n addSecondsToDate(issuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds)\n\n // Verify the issuance session subject\n if (issuanceSession.authorization?.subject) {\n if (issuanceSession.authorization.subject !== tokenPayload.sub) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n },\n {\n internalMessage: `Issuance session authorization subject does not match with the token payload subject for issuance session '${issuanceSession.id}'. Returning error response`,\n }\n )\n )\n }\n }\n\n // Stateful session expired\n else if (Date.now() > expiresAt.getTime()) {\n issuanceSession.errorMessage = 'Credential offer has expired'\n await openId4VcIssuerService.updateState(agentContext, issuanceSession, OpenId4VcIssuanceSessionState.Error)\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError({\n // What is the best error here?\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n error_description: 'Session expired',\n })\n )\n } else {\n issuanceSession.authorization = {\n ...issuanceSession.authorization,\n subject: tokenPayload.sub,\n }\n await issuanceSessionRepository.update(agentContext, issuanceSession)\n }\n }\n\n if (!issuanceSession && config.allowDynamicIssuanceSessions) {\n agentContext.config.logger.warn(\n `No issuance session found for incoming credential request for issuer ${issuer.issuerId} and access token data has no issuer_state or pre-authorized_code. Creating on-demand issuance session`,\n {\n tokenPayload,\n }\n )\n\n // Use global config when creating a dynamic session\n if (config.dpopRequired && !resourceRequestResult.dpop) {\n return sendUnauthorizedError(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ResourceUnauthorizedError('Missing required DPoP proof', {\n scheme,\n error: Oauth2ErrorCodes.InvalidDpopProof,\n })\n )\n }\n\n const configurationsForScope = getCredentialConfigurationsSupportedForScopes(\n issuerMetadata.credentialIssuer.credential_configurations_supported,\n tokenPayload.scope?.split(' ') ?? []\n )\n\n // All credential configurations that match the request scope and credential request\n // This is just so we don't create an issuance session that will fail immediately after\n let configurationsForToken: CredentialConfigurationsSupportedWithFormats = {}\n\n if (parsedCredentialRequest.credentialConfigurationId && parsedCredentialRequest.credentialConfiguration) {\n if (configurationsForScope[parsedCredentialRequest.credentialConfigurationId]) {\n configurationsForToken = {\n [parsedCredentialRequest.credentialConfigurationId]: parsedCredentialRequest.credentialConfiguration,\n }\n }\n } else if (parsedCredentialRequest.format) {\n configurationsForToken = getCredentialConfigurationsMatchingRequestFormat({\n credentialConfigurations: configurationsForScope,\n requestFormat: parsedCredentialRequest.format,\n })\n }\n\n if (Object.keys(configurationsForToken).length === 0) {\n return sendUnauthorizedError(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ResourceUnauthorizedError(\n 'No credential configurations match credential request and access token scope',\n {\n scheme,\n error: Oauth2ErrorCodes.InsufficientScope,\n }\n ),\n // Forbidden for InsufficientScope\n 403\n )\n }\n\n const createdAt = new Date()\n const expiresAt = addSecondsToDate(createdAt, config.statefulCredentialOfferExpirationInSeconds)\n\n issuanceSession = new OpenId4VcIssuanceSessionRecord({\n createdAt,\n expiresAt,\n credentialOfferPayload: {\n credential_configuration_ids: Object.keys(configurationsForToken),\n credential_issuer: issuerMetadata.credentialIssuer.credential_issuer,\n },\n credentialOfferId: utils.uuid(),\n issuerId: issuer.issuerId,\n state: OpenId4VcIssuanceSessionState.CredentialRequestReceived,\n clientId: tokenPayload.client_id,\n dpop: config.dpopRequired\n ? {\n required: true,\n }\n : undefined,\n authorization: {\n subject: tokenPayload.sub,\n },\n openId4VciVersion:\n issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 ||\n issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16\n ? 'v1.draft15'\n : 'v1.draft11-14',\n })\n\n // Save and update\n await issuanceSessionRepository.save(agentContext, issuanceSession)\n openId4VcIssuerService.emitStateChangedEvent(agentContext, issuanceSession, null)\n } else if (!issuanceSession) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n },\n {\n internalMessage: `Access token without 'issuer_state' or 'pre-authorized_code' issued by external authorization server provided, but 'allowDynamicIssuanceSessions' is disabled. Either bind the access token to a stateful credential offer, or enable 'allowDynamicIssuanceSessions'.`,\n }\n )\n )\n }\n\n try {\n const { credentialResponse } = await openId4VcIssuerService.createCredentialResponse(agentContext, {\n issuanceSession,\n credentialRequest,\n authorization: {\n authorizationServer,\n accessToken: {\n payload: tokenPayload,\n value: accessToken,\n },\n },\n })\n\n return sendJsonResponse(\n response,\n next,\n credentialResponse,\n undefined,\n credentialResponse.transaction_id ? 202 : 200\n )\n } catch (error) {\n if (error instanceof Oauth2ServerErrorResponseError) {\n return sendOauth2ErrorResponse(response, next, agentContext.config.logger, error)\n }\n if (error instanceof Oauth2ResourceUnauthorizedError) {\n return sendUnauthorizedError(response, next, agentContext.config.logger, error)\n }\n\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, error)\n }\n })\n}\n"],"mappings":";;;;;;;;;;;;;;;AA0BA,SAAgB,4BAA4B,QAAgB,QAAqC;AAC/F,QAAO,KAAK,OAAO,wBAAwB,OAAO,SAAmC,UAAoB,SAAS;EAChH,MAAM,EAAE,cAAc,WAAW,kBAAkB,QAAQ;EAC3D,MAAM,yBAAyB,aAAa,kBAAkB,QAAQ,uBAAuB;EAC7F,MAAM,iBAAiB,MAAM,uBAAuB,kBAAkB,cAAc,QAAQ,KAAK;EACjG,MAAM,WAAW,uBAAuB,UAAU,aAAa;EAC/D,MAAM,iBAAiB,uBAAuB,kBAAkB,cAAc,OAAO;EAErF,MAAM,iBAAiB,aAAa,eAAe,iBAAiB,mBAAmB,CACrF,OAAO,uBACR,CAAC;EACF,MAAM,wBAAwB,MAAM,eACjC,sBAAsB;GACrB,sBAAsB,eAAe;GACrC,gBAAgB,eAAe,iBAAiB;GAChD,SAAS;IACP,SAAS,IAAI,QAAQ,QAAQ,QAAkC;IAC/D,QAAQ,QAAQ;IAChB,KAAK;IACN;GACF,CAAC,CACD,OAAO,UAAU;AAChB,yBAAsB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;IACxE;AACJ,MAAI,CAAC,sBAAuB;EAC5B,MAAM,EAAE,cAAc,aAAa,QAAQ,wBAAwB;EAEnE,MAAM,oBAAoB,QAAQ;EAClC,MAAM,4BAA4B,aAAa,kBAAkB,QAAQ,mCAAmC;EAE5G,MAAM,0BAA0B,SAAS,uBAAuB;GAC9D;GACA;GACD,CAAC;EAEF,IAAIA,kBAAyD;EAC7D,MAAM,oBACJ,OAAO,aAAa,2BAA2B,WAAW,aAAa,yBAAyB;EAClG,MAAM,cAAc,OAAO,aAAa,iBAAiB,WAAW,aAAa,eAAe;AAGhG,MAAI,CADY,aAAa,IAE3B,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,aACzB,EACD,EACE,iBAAiB,wFAClB,CACF,CACF;AAIH,MAAI,CAAC,wBAAwB,UAAU,CAAC,wBAAwB,wBAC9D,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BAA+B;GACjC,OAAO,wBAAwB,uBAC3B,iBAAiB,2BACjB,iBAAiB;GACrB,mBAAmB,wBAAwB,uBACvC,wEACA,wBAAwB,4BACtB,6BAA6B,wBAAwB,0BAA0B,mBAC/E,sBAAsB,wBAAwB,kBAAkB,OAAO;GAC9E,CAAC,CACH;AAGH,MAAI,qBAAqB,aAAa;AACpC,qBAAkB,MAAM,0BAA0B,kBAAkB,cAAc;IAChF,UAAU,OAAO;IACjB;IACA;IACD,CAAC;AAEF,OAAI,CAAC,iBAAiB;AACpB,iBAAa,OAAO,OAAO,KACzB,wEACE,OAAO,SACR,6BACC,cAAc,iBAAiB,sBAChC,6BACD,EACE,cACD,CACF;AAED,WAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,yBACzB,EACD,EACE,iBAAiB,wEAAwE,OAAO,SAAS,yBAC1G,CACF,CACF;;AAIH,OAAI,gBAAgB,MAAM,YAAY,CAAC,sBAAsB,KAC3D,QAAO,sBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,gCAAgC,+BAA+B;IACjE;IACA,OAAO,iBAAiB;IACzB,CAAC,CACH;GAGH,MAAM,YACJ,gBAAgB,aAChB,iBAAiB,gBAAgB,WAAW,OAAO,2CAA2C;AAGhG,OAAI,gBAAgB,eAAe,SACjC;QAAI,gBAAgB,cAAc,YAAY,aAAa,IACzD,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,yBACzB,EACD,EACE,iBAAiB,8GAA8G,gBAAgB,GAAG,8BACnJ,CACF,CACF;cAKI,KAAK,KAAK,GAAG,UAAU,SAAS,EAAE;AACzC,oBAAgB,eAAe;AAC/B,UAAM,uBAAuB,YAAY,cAAc,iBAAiB,8BAA8B,MAAM;AAC5G,WAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BAA+B;KAEjC,OAAO,iBAAiB;KACxB,mBAAmB;KACpB,CAAC,CACH;UACI;AACL,oBAAgB,gBAAgB;KAC9B,GAAG,gBAAgB;KACnB,SAAS,aAAa;KACvB;AACD,UAAM,0BAA0B,OAAO,cAAc,gBAAgB;;;AAIzE,MAAI,CAAC,mBAAmB,OAAO,8BAA8B;AAC3D,gBAAa,OAAO,OAAO,KACzB,wEAAwE,OAAO,SAAS,yGACxF,EACE,cACD,CACF;AAGD,OAAI,OAAO,gBAAgB,CAAC,sBAAsB,KAChD,QAAO,sBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,gCAAgC,+BAA+B;IACjE;IACA,OAAO,iBAAiB;IACzB,CAAC,CACH;GAGH,MAAM,yBAAyB,8CAC7B,eAAe,iBAAiB,qCAChC,aAAa,OAAO,MAAM,IAAI,IAAI,EAAE,CACrC;GAID,IAAIC,yBAAuE,EAAE;AAE7E,OAAI,wBAAwB,6BAA6B,wBAAwB,yBAC/E;QAAI,uBAAuB,wBAAwB,2BACjD,0BAAyB,GACtB,wBAAwB,4BAA4B,wBAAwB,yBAC9E;cAEM,wBAAwB,OACjC,0BAAyB,iDAAiD;IACxE,0BAA0B;IAC1B,eAAe,wBAAwB;IACxC,CAAC;AAGJ,OAAI,OAAO,KAAK,uBAAuB,CAAC,WAAW,EACjD,QAAO,sBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,gCACF,gFACA;IACE;IACA,OAAO,iBAAiB;IACzB,CACF,EAED,IACD;GAGH,MAAM,4BAAY,IAAI,MAAM;AAG5B,qBAAkB,IAAI,+BAA+B;IACnD;IACA,WAJgB,iBAAiB,WAAW,OAAO,2CAA2C;IAK9F,wBAAwB;KACtB,8BAA8B,OAAO,KAAK,uBAAuB;KACjE,mBAAmB,eAAe,iBAAiB;KACpD;IACD,mBAAmB,MAAM,MAAM;IAC/B,UAAU,OAAO;IACjB,OAAO,8BAA8B;IACrC,UAAU,aAAa;IACvB,MAAM,OAAO,eACT,EACE,UAAU,MACX,GACD;IACJ,eAAe,EACb,SAAS,aAAa,KACvB;IACD,mBACE,eAAe,yBAAyB,uBAAuB,WAC/D,eAAe,yBAAyB,uBAAuB,UAC3D,eACA;IACP,CAAC;AAGF,SAAM,0BAA0B,KAAK,cAAc,gBAAgB;AACnE,0BAAuB,sBAAsB,cAAc,iBAAiB,KAAK;aACxE,CAAC,gBACV,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,yBACzB,EACD,EACE,iBAAiB,yQAClB,CACF,CACF;AAGH,MAAI;GACF,MAAM,EAAE,uBAAuB,MAAM,uBAAuB,yBAAyB,cAAc;IACjG;IACA;IACA,eAAe;KACb;KACA,aAAa;MACX,SAAS;MACT,OAAO;MACR;KACF;IACF,CAAC;AAEF,UAAO,iBACL,UACA,MACA,oBACA,QACA,mBAAmB,iBAAiB,MAAM,IAC3C;WACM,OAAO;AACd,OAAI,iBAAiB,+BACnB,QAAO,wBAAwB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;AAEnF,OAAI,iBAAiB,gCACnB,QAAO,sBAAsB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;AAGjF,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;;GAE1F"}
1
+ {"version":3,"file":"credentialEndpoint.mjs","names":["issuanceSession: OpenId4VcIssuanceSessionRecord | null","configurationsForToken: CredentialConfigurationsSupportedWithFormats"],"sources":["../../../src/openid4vc-issuer/router/credentialEndpoint.ts"],"sourcesContent":["import { joinUriParts, utils } from '@credo-ts/core'\nimport type { HttpMethod } from '@openid4vc/oauth2'\nimport { Oauth2ErrorCodes, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError } from '@openid4vc/oauth2'\nimport {\n type CredentialConfigurationsSupportedWithFormats,\n getCredentialConfigurationsMatchingRequestFormat,\n Openid4vciDraftVersion,\n} from '@openid4vc/openid4vci'\nimport type { Response, Router } from 'express'\nimport { getCredentialConfigurationsSupportedForScopes } from '../../shared'\nimport {\n getRequestContext,\n sendJsonResponse,\n sendOauth2ErrorResponse,\n sendUnauthorizedError,\n sendUnknownServerErrorResponse,\n} from '../../shared/router'\nimport { OpenId4VcIssuanceSessionState } from '../OpenId4VcIssuanceSessionState'\nimport type { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\nimport { OpenId4VcIssuanceSessionRecord, OpenId4VcIssuanceSessionRepository } from '../repository'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nexport function configureCredentialEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.post(config.credentialEndpointPath, async (request: OpenId4VcIssuanceRequest, response: Response, next) => {\n const { agentContext, issuer } = getRequestContext(request)\n const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const issuerMetadata = await openId4VcIssuerService.getIssuerMetadata(agentContext, issuer, true)\n const vcIssuer = openId4VcIssuerService.getIssuer(agentContext)\n const resourceServer = openId4VcIssuerService.getResourceServer(agentContext, issuer)\n\n const fullRequestUrl = joinUriParts(issuerMetadata.credentialIssuer.credential_issuer, [\n config.credentialEndpointPath,\n ])\n const resourceRequestResult = await resourceServer\n .verifyResourceRequest({\n authorizationServers: issuerMetadata.authorizationServers,\n resourceServer: issuerMetadata.credentialIssuer.credential_issuer,\n request: {\n headers: new Headers(request.headers as Record<string, string>),\n method: request.method as HttpMethod,\n url: fullRequestUrl,\n },\n })\n .catch((error) => {\n sendUnauthorizedError(response, next, agentContext.config.logger, error)\n })\n if (!resourceRequestResult) return\n const { tokenPayload, accessToken, scheme, authorizationServer } = resourceRequestResult\n\n const credentialRequest = request.body\n const issuanceSessionRepository = agentContext.dependencyManager.resolve(OpenId4VcIssuanceSessionRepository)\n\n const parsedCredentialRequest = vcIssuer.parseCredentialRequest({\n credentialRequest,\n issuerMetadata,\n })\n\n let issuanceSession: OpenId4VcIssuanceSessionRecord | null = null\n const preAuthorizedCode =\n typeof tokenPayload['pre-authorized_code'] === 'string' ? tokenPayload['pre-authorized_code'] : undefined\n const issuerState = typeof tokenPayload.issuer_state === 'string' ? tokenPayload.issuer_state : undefined\n\n const subject = tokenPayload.sub\n if (!subject) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.ServerError,\n },\n {\n internalMessage: `Received token without 'sub' claim. Subject is required for binding issuance session`,\n }\n )\n )\n }\n\n // Already handle request without format/credential_configuration_id. Simplifies next code sections\n if (!parsedCredentialRequest.format && !parsedCredentialRequest.credentialConfiguration) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError({\n error: parsedCredentialRequest.credentialIdentifier\n ? Oauth2ErrorCodes.InvalidCredentialRequest\n : Oauth2ErrorCodes.UnsupportedCredentialFormat,\n error_description: parsedCredentialRequest.credentialIdentifier\n ? `Credential request containing 'credential_identifier' not supported`\n : parsedCredentialRequest.credentialConfigurationId\n ? `Credential configuration '${parsedCredentialRequest.credentialConfigurationId}' not supported`\n : `Credential format '${parsedCredentialRequest.credentialRequest.format}' not supported`,\n })\n )\n }\n\n if (preAuthorizedCode || issuerState) {\n issuanceSession = await issuanceSessionRepository.findSingleByQuery(agentContext, {\n issuerId: issuer.issuerId,\n preAuthorizedCode,\n issuerState,\n })\n\n if (!issuanceSession) {\n agentContext.config.logger.warn(\n `No issuance session found for incoming credential request for issuer ${\n issuer.issuerId\n } but access token data has ${\n issuerState ? 'issuer_state' : 'pre-authorized_code'\n }. Returning error response`,\n {\n tokenPayload,\n }\n )\n\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n },\n {\n internalMessage: `No issuance session found for incoming credential request for issuer ${issuer.issuerId} and access token data`,\n }\n )\n )\n }\n\n // Use issuance session dpop config\n if (issuanceSession.dpop?.required && !resourceRequestResult.dpop) {\n return sendUnauthorizedError(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ResourceUnauthorizedError('Missing required DPoP proof', {\n scheme,\n error: Oauth2ErrorCodes.InvalidDpopProof,\n })\n )\n }\n\n const expiresAt =\n issuanceSession.expiresAt ??\n utils.addSecondsToDate(issuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds)\n\n // Verify the issuance session subject\n if (issuanceSession.authorization?.subject) {\n if (issuanceSession.authorization.subject !== tokenPayload.sub) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n },\n {\n internalMessage: `Issuance session authorization subject does not match with the token payload subject for issuance session '${issuanceSession.id}'. Returning error response`,\n }\n )\n )\n }\n }\n\n // Stateful session expired\n else if (Date.now() > expiresAt.getTime()) {\n issuanceSession.errorMessage = 'Credential offer has expired'\n await openId4VcIssuerService.updateState(agentContext, issuanceSession, OpenId4VcIssuanceSessionState.Error)\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError({\n // What is the best error here?\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n error_description: 'Session expired',\n })\n )\n } else {\n issuanceSession.authorization = {\n ...issuanceSession.authorization,\n subject: tokenPayload.sub,\n }\n await issuanceSessionRepository.update(agentContext, issuanceSession)\n }\n }\n\n if (!issuanceSession && config.allowDynamicIssuanceSessions) {\n agentContext.config.logger.warn(\n `No issuance session found for incoming credential request for issuer ${issuer.issuerId} and access token data has no issuer_state or pre-authorized_code. Creating on-demand issuance session`,\n {\n tokenPayload,\n }\n )\n\n // Use global config when creating a dynamic session\n if (config.dpopRequired && !resourceRequestResult.dpop) {\n return sendUnauthorizedError(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ResourceUnauthorizedError('Missing required DPoP proof', {\n scheme,\n error: Oauth2ErrorCodes.InvalidDpopProof,\n })\n )\n }\n\n const configurationsForScope = getCredentialConfigurationsSupportedForScopes(\n issuerMetadata.credentialIssuer.credential_configurations_supported,\n tokenPayload.scope?.split(' ') ?? []\n )\n\n // All credential configurations that match the request scope and credential request\n // This is just so we don't create an issuance session that will fail immediately after\n let configurationsForToken: CredentialConfigurationsSupportedWithFormats = {}\n\n if (parsedCredentialRequest.credentialConfigurationId && parsedCredentialRequest.credentialConfiguration) {\n if (configurationsForScope[parsedCredentialRequest.credentialConfigurationId]) {\n configurationsForToken = {\n [parsedCredentialRequest.credentialConfigurationId]: parsedCredentialRequest.credentialConfiguration,\n }\n }\n } else if (parsedCredentialRequest.format) {\n configurationsForToken = getCredentialConfigurationsMatchingRequestFormat({\n credentialConfigurations: configurationsForScope,\n requestFormat: parsedCredentialRequest.format,\n })\n }\n\n if (Object.keys(configurationsForToken).length === 0) {\n return sendUnauthorizedError(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ResourceUnauthorizedError(\n 'No credential configurations match credential request and access token scope',\n {\n scheme,\n error: Oauth2ErrorCodes.InsufficientScope,\n }\n ),\n // Forbidden for InsufficientScope\n 403\n )\n }\n\n const createdAt = new Date()\n const expiresAt = utils.addSecondsToDate(createdAt, config.statefulCredentialOfferExpirationInSeconds)\n\n issuanceSession = new OpenId4VcIssuanceSessionRecord({\n createdAt,\n expiresAt,\n credentialOfferPayload: {\n credential_configuration_ids: Object.keys(configurationsForToken),\n credential_issuer: issuerMetadata.credentialIssuer.credential_issuer,\n },\n credentialOfferId: utils.uuid(),\n issuerId: issuer.issuerId,\n state: OpenId4VcIssuanceSessionState.CredentialRequestReceived,\n clientId: tokenPayload.client_id,\n dpop: config.dpopRequired\n ? {\n required: true,\n }\n : undefined,\n authorization: {\n subject: tokenPayload.sub,\n },\n openId4VciVersion:\n issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 ||\n issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16\n ? 'v1.draft15'\n : 'v1.draft11-14',\n })\n\n // Save and update\n await issuanceSessionRepository.save(agentContext, issuanceSession)\n openId4VcIssuerService.emitStateChangedEvent(agentContext, issuanceSession, null)\n } else if (!issuanceSession) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n },\n {\n internalMessage: `Access token without 'issuer_state' or 'pre-authorized_code' issued by external authorization server provided, but 'allowDynamicIssuanceSessions' is disabled. Either bind the access token to a stateful credential offer, or enable 'allowDynamicIssuanceSessions'.`,\n }\n )\n )\n }\n\n try {\n const { credentialResponse } = await openId4VcIssuerService.createCredentialResponse(agentContext, {\n issuanceSession,\n credentialRequest,\n authorization: {\n authorizationServer,\n accessToken: {\n payload: tokenPayload,\n value: accessToken,\n },\n },\n })\n\n return sendJsonResponse(\n response,\n next,\n credentialResponse,\n undefined,\n credentialResponse.transaction_id ? 202 : 200\n )\n } catch (error) {\n if (error instanceof Oauth2ServerErrorResponseError) {\n return sendOauth2ErrorResponse(response, next, agentContext.config.logger, error)\n }\n if (error instanceof Oauth2ResourceUnauthorizedError) {\n return sendUnauthorizedError(response, next, agentContext.config.logger, error)\n }\n\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, error)\n }\n })\n}\n"],"mappings":";;;;;;;;;;;;;;AAuBA,SAAgB,4BAA4B,QAAgB,QAAqC;AAC/F,QAAO,KAAK,OAAO,wBAAwB,OAAO,SAAmC,UAAoB,SAAS;EAChH,MAAM,EAAE,cAAc,WAAW,kBAAkB,QAAQ;EAC3D,MAAM,yBAAyB,aAAa,kBAAkB,QAAQ,uBAAuB;EAC7F,MAAM,iBAAiB,MAAM,uBAAuB,kBAAkB,cAAc,QAAQ,KAAK;EACjG,MAAM,WAAW,uBAAuB,UAAU,aAAa;EAC/D,MAAM,iBAAiB,uBAAuB,kBAAkB,cAAc,OAAO;EAErF,MAAM,iBAAiB,aAAa,eAAe,iBAAiB,mBAAmB,CACrF,OAAO,uBACR,CAAC;EACF,MAAM,wBAAwB,MAAM,eACjC,sBAAsB;GACrB,sBAAsB,eAAe;GACrC,gBAAgB,eAAe,iBAAiB;GAChD,SAAS;IACP,SAAS,IAAI,QAAQ,QAAQ,QAAkC;IAC/D,QAAQ,QAAQ;IAChB,KAAK;IACN;GACF,CAAC,CACD,OAAO,UAAU;AAChB,yBAAsB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;IACxE;AACJ,MAAI,CAAC,sBAAuB;EAC5B,MAAM,EAAE,cAAc,aAAa,QAAQ,wBAAwB;EAEnE,MAAM,oBAAoB,QAAQ;EAClC,MAAM,4BAA4B,aAAa,kBAAkB,QAAQ,mCAAmC;EAE5G,MAAM,0BAA0B,SAAS,uBAAuB;GAC9D;GACA;GACD,CAAC;EAEF,IAAIA,kBAAyD;EAC7D,MAAM,oBACJ,OAAO,aAAa,2BAA2B,WAAW,aAAa,yBAAyB;EAClG,MAAM,cAAc,OAAO,aAAa,iBAAiB,WAAW,aAAa,eAAe;AAGhG,MAAI,CADY,aAAa,IAE3B,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,aACzB,EACD,EACE,iBAAiB,wFAClB,CACF,CACF;AAIH,MAAI,CAAC,wBAAwB,UAAU,CAAC,wBAAwB,wBAC9D,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BAA+B;GACjC,OAAO,wBAAwB,uBAC3B,iBAAiB,2BACjB,iBAAiB;GACrB,mBAAmB,wBAAwB,uBACvC,wEACA,wBAAwB,4BACtB,6BAA6B,wBAAwB,0BAA0B,mBAC/E,sBAAsB,wBAAwB,kBAAkB,OAAO;GAC9E,CAAC,CACH;AAGH,MAAI,qBAAqB,aAAa;AACpC,qBAAkB,MAAM,0BAA0B,kBAAkB,cAAc;IAChF,UAAU,OAAO;IACjB;IACA;IACD,CAAC;AAEF,OAAI,CAAC,iBAAiB;AACpB,iBAAa,OAAO,OAAO,KACzB,wEACE,OAAO,SACR,6BACC,cAAc,iBAAiB,sBAChC,6BACD,EACE,cACD,CACF;AAED,WAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,yBACzB,EACD,EACE,iBAAiB,wEAAwE,OAAO,SAAS,yBAC1G,CACF,CACF;;AAIH,OAAI,gBAAgB,MAAM,YAAY,CAAC,sBAAsB,KAC3D,QAAO,sBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,gCAAgC,+BAA+B;IACjE;IACA,OAAO,iBAAiB;IACzB,CAAC,CACH;GAGH,MAAM,YACJ,gBAAgB,aAChB,MAAM,iBAAiB,gBAAgB,WAAW,OAAO,2CAA2C;AAGtG,OAAI,gBAAgB,eAAe,SACjC;QAAI,gBAAgB,cAAc,YAAY,aAAa,IACzD,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,yBACzB,EACD,EACE,iBAAiB,8GAA8G,gBAAgB,GAAG,8BACnJ,CACF,CACF;cAKI,KAAK,KAAK,GAAG,UAAU,SAAS,EAAE;AACzC,oBAAgB,eAAe;AAC/B,UAAM,uBAAuB,YAAY,cAAc,iBAAiB,8BAA8B,MAAM;AAC5G,WAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BAA+B;KAEjC,OAAO,iBAAiB;KACxB,mBAAmB;KACpB,CAAC,CACH;UACI;AACL,oBAAgB,gBAAgB;KAC9B,GAAG,gBAAgB;KACnB,SAAS,aAAa;KACvB;AACD,UAAM,0BAA0B,OAAO,cAAc,gBAAgB;;;AAIzE,MAAI,CAAC,mBAAmB,OAAO,8BAA8B;AAC3D,gBAAa,OAAO,OAAO,KACzB,wEAAwE,OAAO,SAAS,yGACxF,EACE,cACD,CACF;AAGD,OAAI,OAAO,gBAAgB,CAAC,sBAAsB,KAChD,QAAO,sBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,gCAAgC,+BAA+B;IACjE;IACA,OAAO,iBAAiB;IACzB,CAAC,CACH;GAGH,MAAM,yBAAyB,8CAC7B,eAAe,iBAAiB,qCAChC,aAAa,OAAO,MAAM,IAAI,IAAI,EAAE,CACrC;GAID,IAAIC,yBAAuE,EAAE;AAE7E,OAAI,wBAAwB,6BAA6B,wBAAwB,yBAC/E;QAAI,uBAAuB,wBAAwB,2BACjD,0BAAyB,GACtB,wBAAwB,4BAA4B,wBAAwB,yBAC9E;cAEM,wBAAwB,OACjC,0BAAyB,iDAAiD;IACxE,0BAA0B;IAC1B,eAAe,wBAAwB;IACxC,CAAC;AAGJ,OAAI,OAAO,KAAK,uBAAuB,CAAC,WAAW,EACjD,QAAO,sBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,gCACF,gFACA;IACE;IACA,OAAO,iBAAiB;IACzB,CACF,EAED,IACD;GAGH,MAAM,4BAAY,IAAI,MAAM;AAG5B,qBAAkB,IAAI,+BAA+B;IACnD;IACA,WAJgB,MAAM,iBAAiB,WAAW,OAAO,2CAA2C;IAKpG,wBAAwB;KACtB,8BAA8B,OAAO,KAAK,uBAAuB;KACjE,mBAAmB,eAAe,iBAAiB;KACpD;IACD,mBAAmB,MAAM,MAAM;IAC/B,UAAU,OAAO;IACjB,OAAO,8BAA8B;IACrC,UAAU,aAAa;IACvB,MAAM,OAAO,eACT,EACE,UAAU,MACX,GACD;IACJ,eAAe,EACb,SAAS,aAAa,KACvB;IACD,mBACE,eAAe,yBAAyB,uBAAuB,WAC/D,eAAe,yBAAyB,uBAAuB,UAC3D,eACA;IACP,CAAC;AAGF,SAAM,0BAA0B,KAAK,cAAc,gBAAgB;AACnE,0BAAuB,sBAAsB,cAAc,iBAAiB,KAAK;aACxE,CAAC,gBACV,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,yBACzB,EACD,EACE,iBAAiB,yQAClB,CACF,CACF;AAGH,MAAI;GACF,MAAM,EAAE,uBAAuB,MAAM,uBAAuB,yBAAyB,cAAc;IACjG;IACA;IACA,eAAe;KACb;KACA,aAAa;MACX,SAAS;MACT,OAAO;MACR;KACF;IACF,CAAC;AAEF,UAAO,iBACL,UACA,MACA,oBACA,QACA,mBAAmB,iBAAiB,MAAM,IAC3C;WACM,OAAO;AACd,OAAI,iBAAiB,+BACnB,QAAO,wBAAwB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;AAEnF,OAAI,iBAAiB,gCACnB,QAAO,sBAAsB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;AAGjF,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;;GAE1F"}
package/build/openid4vc-issuer/router/credentialOfferEndpoint.js CHANGED
@@ -1,14 +1,12 @@
1
1
  const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.js');
2
+ const require_OpenId4VcIssuanceSessionState = require('../OpenId4VcIssuanceSessionState.js');
2
3
  const require_context = require('../../shared/router/context.js');
3
4
  require('../../shared/router/index.js');
4
- const require_OpenId4VcIssuanceSessionState = require('../OpenId4VcIssuanceSessionState.js');
5
5
  const require_OpenId4VcIssuanceSessionRepository = require('../repository/OpenId4VcIssuanceSessionRepository.js');
6
6
  require('../repository/index.js');
7
7
  const require_OpenId4VcIssuerService = require('../OpenId4VcIssuerService.js');
8
8
  let __credo_ts_core = require("@credo-ts/core");
9
9
  __credo_ts_core = require_rolldown_runtime.__toESM(__credo_ts_core);
10
- let __openid4vc_utils = require("@openid4vc/utils");
11
- __openid4vc_utils = require_rolldown_runtime.__toESM(__openid4vc_utils);
12
10
 
13
11
  //#region src/openid4vc-issuer/router/credentialOfferEndpoint.ts
14
12
  function configureCredentialOfferEndpoint(router, config) {
@@ -27,7 +25,7 @@ function configureCredentialOfferEndpoint(router, config) {
27
25
  });
28
26
  if (!openId4VcIssuanceSession) return require_context.sendNotFoundResponse(response, next, agentContext.config.logger, "Credential offer not found");
29
27
  if (openId4VcIssuanceSession.state !== require_OpenId4VcIssuanceSessionState.OpenId4VcIssuanceSessionState.OfferCreated && openId4VcIssuanceSession.state !== require_OpenId4VcIssuanceSessionState.OpenId4VcIssuanceSessionState.OfferUriRetrieved) return require_context.sendNotFoundResponse(response, next, agentContext.config.logger, "Invalid state for credential offer");
30
- const expiresAt = openId4VcIssuanceSession.expiresAt ?? (0, __openid4vc_utils.addSecondsToDate)(openId4VcIssuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds);
28
+ const expiresAt = openId4VcIssuanceSession.expiresAt ?? __credo_ts_core.utils.addSecondsToDate(openId4VcIssuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds);
31
29
  if (Date.now() > expiresAt.getTime()) return require_context.sendNotFoundResponse(response, next, agentContext.config.logger, "Session expired");
32
30
  if (openId4VcIssuanceSession.state !== require_OpenId4VcIssuanceSessionState.OpenId4VcIssuanceSessionState.OfferUriRetrieved) await issuerService.updateState(agentContext, openId4VcIssuanceSession, require_OpenId4VcIssuanceSessionState.OpenId4VcIssuanceSessionState.OfferUriRetrieved);
33
31
  return require_context.sendJsonResponse(response, next, openId4VcIssuanceSession.credentialOfferPayload);
package/build/openid4vc-issuer/router/credentialOfferEndpoint.mjs CHANGED
@@ -1,11 +1,10 @@
1
+ import { OpenId4VcIssuanceSessionState } from "../OpenId4VcIssuanceSessionState.mjs";
1
2
  import { getRequestContext, sendErrorResponse, sendJsonResponse, sendNotFoundResponse, sendUnknownServerErrorResponse } from "../../shared/router/context.mjs";
2
3
  import "../../shared/router/index.mjs";
3
- import { OpenId4VcIssuanceSessionState } from "../OpenId4VcIssuanceSessionState.mjs";
4
4
  import { OpenId4VcIssuanceSessionRepository } from "../repository/OpenId4VcIssuanceSessionRepository.mjs";
5
5
  import "../repository/index.mjs";
6
6
  import { OpenId4VcIssuerService } from "../OpenId4VcIssuerService.mjs";
7
- import { joinUriParts } from "@credo-ts/core";
8
- import { addSecondsToDate } from "@openid4vc/utils";
7
+ import { joinUriParts, utils } from "@credo-ts/core";
9
8
 
10
9
  //#region src/openid4vc-issuer/router/credentialOfferEndpoint.ts
11
10
  function configureCredentialOfferEndpoint(router, config) {
@@ -24,7 +23,7 @@ function configureCredentialOfferEndpoint(router, config) {
24
23
  });
25
24
  if (!openId4VcIssuanceSession) return sendNotFoundResponse(response, next, agentContext.config.logger, "Credential offer not found");
26
25
  if (openId4VcIssuanceSession.state !== OpenId4VcIssuanceSessionState.OfferCreated && openId4VcIssuanceSession.state !== OpenId4VcIssuanceSessionState.OfferUriRetrieved) return sendNotFoundResponse(response, next, agentContext.config.logger, "Invalid state for credential offer");
27
- const expiresAt = openId4VcIssuanceSession.expiresAt ?? addSecondsToDate(openId4VcIssuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds);
26
+ const expiresAt = openId4VcIssuanceSession.expiresAt ?? utils.addSecondsToDate(openId4VcIssuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds);
28
27
  if (Date.now() > expiresAt.getTime()) return sendNotFoundResponse(response, next, agentContext.config.logger, "Session expired");
29
28
  if (openId4VcIssuanceSession.state !== OpenId4VcIssuanceSessionState.OfferUriRetrieved) await issuerService.updateState(agentContext, openId4VcIssuanceSession, OpenId4VcIssuanceSessionState.OfferUriRetrieved);
30
29
  return sendJsonResponse(response, next, openId4VcIssuanceSession.credentialOfferPayload);
package/build/openid4vc-issuer/router/credentialOfferEndpoint.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"credentialOfferEndpoint.mjs","names":[],"sources":["../../../src/openid4vc-issuer/router/credentialOfferEndpoint.ts"],"sourcesContent":["import type { Response, Router } from 'express'\nimport type { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nimport { joinUriParts } from '@credo-ts/core'\nimport { addSecondsToDate } from '@openid4vc/utils'\nimport {\n getRequestContext,\n sendErrorResponse,\n sendJsonResponse,\n sendNotFoundResponse,\n sendUnknownServerErrorResponse,\n} from '../../shared/router'\nimport { OpenId4VcIssuanceSessionState } from '../OpenId4VcIssuanceSessionState'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\nimport { OpenId4VcIssuanceSessionRepository } from '../repository'\n\nexport function configureCredentialOfferEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.get(\n joinUriParts(config.credentialOfferEndpointPath, [':credentialOfferId']),\n async (request: OpenId4VcIssuanceRequest, response: Response, next) => {\n const { agentContext, issuer } = getRequestContext(request)\n\n if (!request.params.credentialOfferId || typeof request.params.credentialOfferId !== 'string') {\n return sendErrorResponse(\n response,\n next,\n agentContext.config.logger,\n 400,\n 'invalid_request',\n 'Invalid credential offer url'\n )\n }\n\n try {\n const issuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const issuerMetadata = await issuerService.getIssuerMetadata(agentContext, issuer)\n const openId4VcIssuanceSessionRepository = agentContext.dependencyManager.resolve(\n OpenId4VcIssuanceSessionRepository\n )\n\n const fullCredentialOfferUri = joinUriParts(issuerMetadata.credentialIssuer.credential_issuer, [\n config.credentialOfferEndpointPath,\n request.params.credentialOfferId,\n ])\n\n const openId4VcIssuanceSession = await openId4VcIssuanceSessionRepository.findSingleByQuery(agentContext, {\n issuerId: issuer.issuerId,\n credentialOfferUri: fullCredentialOfferUri,\n $or: [\n {\n credentialOfferId: request.params.credentialOfferId,\n },\n // NOTE: this can soon be removed, credential offer id is cleaner,\n // but only introduced since 0.6\n {\n credentialOfferUri: fullCredentialOfferUri,\n },\n ],\n })\n if (!openId4VcIssuanceSession) {\n return sendNotFoundResponse(response, next, agentContext.config.logger, 'Credential offer not found')\n }\n\n if (\n openId4VcIssuanceSession.state !== OpenId4VcIssuanceSessionState.OfferCreated &&\n openId4VcIssuanceSession.state !== OpenId4VcIssuanceSessionState.OfferUriRetrieved\n ) {\n return sendNotFoundResponse(response, next, agentContext.config.logger, 'Invalid state for credential offer')\n }\n\n const expiresAt =\n openId4VcIssuanceSession.expiresAt ??\n addSecondsToDate(openId4VcIssuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds)\n\n if (Date.now() > expiresAt.getTime()) {\n return sendNotFoundResponse(response, next, agentContext.config.logger, 'Session expired')\n }\n\n // It's okay to retrieve the offer multiple times. So we only update the state if it's not already retrieved\n if (openId4VcIssuanceSession.state !== OpenId4VcIssuanceSessionState.OfferUriRetrieved) {\n await issuerService.updateState(\n agentContext,\n openId4VcIssuanceSession,\n OpenId4VcIssuanceSessionState.OfferUriRetrieved\n )\n }\n\n return sendJsonResponse(response, next, openId4VcIssuanceSession.credentialOfferPayload)\n } catch (error) {\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, error)\n }\n }\n )\n}\n"],"mappings":";;;;;;;;;;AAiBA,SAAgB,iCAAiC,QAAgB,QAAqC;AACpG,QAAO,IACL,aAAa,OAAO,6BAA6B,CAAC,qBAAqB,CAAC,EACxE,OAAO,SAAmC,UAAoB,SAAS;EACrE,MAAM,EAAE,cAAc,WAAW,kBAAkB,QAAQ;AAE3D,MAAI,CAAC,QAAQ,OAAO,qBAAqB,OAAO,QAAQ,OAAO,sBAAsB,SACnF,QAAO,kBACL,UACA,MACA,aAAa,OAAO,QACpB,KACA,mBACA,+BACD;AAGH,MAAI;GACF,MAAM,gBAAgB,aAAa,kBAAkB,QAAQ,uBAAuB;GACpF,MAAM,iBAAiB,MAAM,cAAc,kBAAkB,cAAc,OAAO;GAClF,MAAM,qCAAqC,aAAa,kBAAkB,QACxE,mCACD;GAED,MAAM,yBAAyB,aAAa,eAAe,iBAAiB,mBAAmB,CAC7F,OAAO,6BACP,QAAQ,OAAO,kBAChB,CAAC;GAEF,MAAM,2BAA2B,MAAM,mCAAmC,kBAAkB,cAAc;IACxG,UAAU,OAAO;IACjB,oBAAoB;IACpB,KAAK,CACH,EACE,mBAAmB,QAAQ,OAAO,mBACnC,EAGD,EACE,oBAAoB,wBACrB,CACF;IACF,CAAC;AACF,OAAI,CAAC,yBACH,QAAO,qBAAqB,UAAU,MAAM,aAAa,OAAO,QAAQ,6BAA6B;AAGvG,OACE,yBAAyB,UAAU,8BAA8B,gBACjE,yBAAyB,UAAU,8BAA8B,kBAEjE,QAAO,qBAAqB,UAAU,MAAM,aAAa,OAAO,QAAQ,qCAAqC;GAG/G,MAAM,YACJ,yBAAyB,aACzB,iBAAiB,yBAAyB,WAAW,OAAO,2CAA2C;AAEzG,OAAI,KAAK,KAAK,GAAG,UAAU,SAAS,CAClC,QAAO,qBAAqB,UAAU,MAAM,aAAa,OAAO,QAAQ,kBAAkB;AAI5F,OAAI,yBAAyB,UAAU,8BAA8B,kBACnE,OAAM,cAAc,YAClB,cACA,0BACA,8BAA8B,kBAC/B;AAGH,UAAO,iBAAiB,UAAU,MAAM,yBAAyB,uBAAuB;WACjF,OAAO;AACd,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;;GAG7F"}
1
+ {"version":3,"file":"credentialOfferEndpoint.mjs","names":[],"sources":["../../../src/openid4vc-issuer/router/credentialOfferEndpoint.ts"],"sourcesContent":["import { joinUriParts, utils } from '@credo-ts/core'\nimport type { Response, Router } from 'express'\nimport {\n getRequestContext,\n sendErrorResponse,\n sendJsonResponse,\n sendNotFoundResponse,\n sendUnknownServerErrorResponse,\n} from '../../shared/router'\nimport { OpenId4VcIssuanceSessionState } from '../OpenId4VcIssuanceSessionState'\nimport type { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\nimport { OpenId4VcIssuanceSessionRepository } from '../repository'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nexport function configureCredentialOfferEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.get(\n joinUriParts(config.credentialOfferEndpointPath, [':credentialOfferId']),\n async (request: OpenId4VcIssuanceRequest, response: Response, next) => {\n const { agentContext, issuer } = getRequestContext(request)\n\n if (!request.params.credentialOfferId || typeof request.params.credentialOfferId !== 'string') {\n return sendErrorResponse(\n response,\n next,\n agentContext.config.logger,\n 400,\n 'invalid_request',\n 'Invalid credential offer url'\n )\n }\n\n try {\n const issuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const issuerMetadata = await issuerService.getIssuerMetadata(agentContext, issuer)\n const openId4VcIssuanceSessionRepository = agentContext.dependencyManager.resolve(\n OpenId4VcIssuanceSessionRepository\n )\n\n const fullCredentialOfferUri = joinUriParts(issuerMetadata.credentialIssuer.credential_issuer, [\n config.credentialOfferEndpointPath,\n request.params.credentialOfferId,\n ])\n\n const openId4VcIssuanceSession = await openId4VcIssuanceSessionRepository.findSingleByQuery(agentContext, {\n issuerId: issuer.issuerId,\n credentialOfferUri: fullCredentialOfferUri,\n $or: [\n {\n credentialOfferId: request.params.credentialOfferId,\n },\n // NOTE: this can soon be removed, credential offer id is cleaner,\n // but only introduced since 0.6\n {\n credentialOfferUri: fullCredentialOfferUri,\n },\n ],\n })\n if (!openId4VcIssuanceSession) {\n return sendNotFoundResponse(response, next, agentContext.config.logger, 'Credential offer not found')\n }\n\n if (\n openId4VcIssuanceSession.state !== OpenId4VcIssuanceSessionState.OfferCreated &&\n openId4VcIssuanceSession.state !== OpenId4VcIssuanceSessionState.OfferUriRetrieved\n ) {\n return sendNotFoundResponse(response, next, agentContext.config.logger, 'Invalid state for credential offer')\n }\n\n const expiresAt =\n openId4VcIssuanceSession.expiresAt ??\n utils.addSecondsToDate(openId4VcIssuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds)\n\n if (Date.now() > expiresAt.getTime()) {\n return sendNotFoundResponse(response, next, agentContext.config.logger, 'Session expired')\n }\n\n // It's okay to retrieve the offer multiple times. So we only update the state if it's not already retrieved\n if (openId4VcIssuanceSession.state !== OpenId4VcIssuanceSessionState.OfferUriRetrieved) {\n await issuerService.updateState(\n agentContext,\n openId4VcIssuanceSession,\n OpenId4VcIssuanceSessionState.OfferUriRetrieved\n )\n }\n\n return sendJsonResponse(response, next, openId4VcIssuanceSession.credentialOfferPayload)\n } catch (error) {\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, error)\n }\n }\n )\n}\n"],"mappings":";;;;;;;;;AAeA,SAAgB,iCAAiC,QAAgB,QAAqC;AACpG,QAAO,IACL,aAAa,OAAO,6BAA6B,CAAC,qBAAqB,CAAC,EACxE,OAAO,SAAmC,UAAoB,SAAS;EACrE,MAAM,EAAE,cAAc,WAAW,kBAAkB,QAAQ;AAE3D,MAAI,CAAC,QAAQ,OAAO,qBAAqB,OAAO,QAAQ,OAAO,sBAAsB,SACnF,QAAO,kBACL,UACA,MACA,aAAa,OAAO,QACpB,KACA,mBACA,+BACD;AAGH,MAAI;GACF,MAAM,gBAAgB,aAAa,kBAAkB,QAAQ,uBAAuB;GACpF,MAAM,iBAAiB,MAAM,cAAc,kBAAkB,cAAc,OAAO;GAClF,MAAM,qCAAqC,aAAa,kBAAkB,QACxE,mCACD;GAED,MAAM,yBAAyB,aAAa,eAAe,iBAAiB,mBAAmB,CAC7F,OAAO,6BACP,QAAQ,OAAO,kBAChB,CAAC;GAEF,MAAM,2BAA2B,MAAM,mCAAmC,kBAAkB,cAAc;IACxG,UAAU,OAAO;IACjB,oBAAoB;IACpB,KAAK,CACH,EACE,mBAAmB,QAAQ,OAAO,mBACnC,EAGD,EACE,oBAAoB,wBACrB,CACF;IACF,CAAC;AACF,OAAI,CAAC,yBACH,QAAO,qBAAqB,UAAU,MAAM,aAAa,OAAO,QAAQ,6BAA6B;AAGvG,OACE,yBAAyB,UAAU,8BAA8B,gBACjE,yBAAyB,UAAU,8BAA8B,kBAEjE,QAAO,qBAAqB,UAAU,MAAM,aAAa,OAAO,QAAQ,qCAAqC;GAG/G,MAAM,YACJ,yBAAyB,aACzB,MAAM,iBAAiB,yBAAyB,WAAW,OAAO,2CAA2C;AAE/G,OAAI,KAAK,KAAK,GAAG,UAAU,SAAS,CAClC,QAAO,qBAAqB,UAAU,MAAM,aAAa,OAAO,QAAQ,kBAAkB;AAI5F,OAAI,yBAAyB,UAAU,8BAA8B,kBACnE,OAAM,cAAc,YAClB,cACA,0BACA,8BAA8B,kBAC/B;AAGH,UAAO,iBAAiB,UAAU,MAAM,yBAAyB,uBAAuB;WACjF,OAAO;AACd,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;;GAG7F"}
package/build/openid4vc-issuer/router/deferredCredentialEndpoint.js CHANGED
@@ -1,7 +1,7 @@
1
1
  const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.js');
2
+ const require_OpenId4VcIssuanceSessionState = require('../OpenId4VcIssuanceSessionState.js');
2
3
  const require_context = require('../../shared/router/context.js');
3
4
  require('../../shared/router/index.js');
4
- const require_OpenId4VcIssuanceSessionState = require('../OpenId4VcIssuanceSessionState.js');
5
5
  const require_OpenId4VcIssuanceSessionRepository = require('../repository/OpenId4VcIssuanceSessionRepository.js');
6
6
  require('../repository/index.js');
7
7
  const require_OpenId4VcIssuerService = require('../OpenId4VcIssuerService.js');
@@ -9,8 +9,6 @@ let __credo_ts_core = require("@credo-ts/core");
9
9
  __credo_ts_core = require_rolldown_runtime.__toESM(__credo_ts_core);
10
10
  let __openid4vc_oauth2 = require("@openid4vc/oauth2");
11
11
  __openid4vc_oauth2 = require_rolldown_runtime.__toESM(__openid4vc_oauth2);
12
- let __openid4vc_utils = require("@openid4vc/utils");
13
- __openid4vc_utils = require_rolldown_runtime.__toESM(__openid4vc_utils);
14
12
 
15
13
  //#region src/openid4vc-issuer/router/deferredCredentialEndpoint.ts
16
14
  function configureDeferredCredentialEndpoint(router, config) {
@@ -54,7 +52,7 @@ function configureDeferredCredentialEndpoint(router, config) {
54
52
  error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidDpopProof
55
53
  }));
56
54
  if (issuanceSession.authorization?.subject && issuanceSession.authorization.subject !== tokenPayload.sub) return require_context.sendOauth2ErrorResponse(response, next, agentContext.config.logger, new __openid4vc_oauth2.Oauth2ServerErrorResponseError({ error: __openid4vc_oauth2.Oauth2ErrorCodes.CredentialRequestDenied }, { internalMessage: `Issuance session authorization subject does not match with the token payload subject for issuance session '${issuanceSession.id}'. Returning error response` }));
57
- const expiresAt = issuanceSession.expiresAt ?? (0, __openid4vc_utils.addSecondsToDate)(issuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds);
55
+ const expiresAt = issuanceSession.expiresAt ?? __credo_ts_core.utils.addSecondsToDate(issuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds);
58
56
  if (Date.now() > expiresAt.getTime()) {
59
57
  issuanceSession.errorMessage = "Credential offer has expired";
60
58
  await openId4VcIssuerService.updateState(agentContext, issuanceSession, require_OpenId4VcIssuanceSessionState.OpenId4VcIssuanceSessionState.Error);
package/build/openid4vc-issuer/router/deferredCredentialEndpoint.mjs CHANGED
@@ -1,12 +1,11 @@
1
+ import { OpenId4VcIssuanceSessionState } from "../OpenId4VcIssuanceSessionState.mjs";
1
2
  import { getRequestContext, sendJsonResponse, sendOauth2ErrorResponse, sendUnauthorizedError, sendUnknownServerErrorResponse } from "../../shared/router/context.mjs";
2
3
  import "../../shared/router/index.mjs";
3
- import { OpenId4VcIssuanceSessionState } from "../OpenId4VcIssuanceSessionState.mjs";
4
4
  import { OpenId4VcIssuanceSessionRepository } from "../repository/OpenId4VcIssuanceSessionRepository.mjs";
5
5
  import "../repository/index.mjs";
6
6
  import { OpenId4VcIssuerService } from "../OpenId4VcIssuerService.mjs";
7
- import { joinUriParts } from "@credo-ts/core";
7
+ import { joinUriParts, utils } from "@credo-ts/core";
8
8
  import { Oauth2ErrorCodes, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError } from "@openid4vc/oauth2";
9
- import { addSecondsToDate } from "@openid4vc/utils";
10
9
 
11
10
  //#region src/openid4vc-issuer/router/deferredCredentialEndpoint.ts
12
11
  function configureDeferredCredentialEndpoint(router, config) {
@@ -50,7 +49,7 @@ function configureDeferredCredentialEndpoint(router, config) {
50
49
  error: Oauth2ErrorCodes.InvalidDpopProof
51
50
  }));
52
51
  if (issuanceSession.authorization?.subject && issuanceSession.authorization.subject !== tokenPayload.sub) return sendOauth2ErrorResponse(response, next, agentContext.config.logger, new Oauth2ServerErrorResponseError({ error: Oauth2ErrorCodes.CredentialRequestDenied }, { internalMessage: `Issuance session authorization subject does not match with the token payload subject for issuance session '${issuanceSession.id}'. Returning error response` }));
53
- const expiresAt = issuanceSession.expiresAt ?? addSecondsToDate(issuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds);
52
+ const expiresAt = issuanceSession.expiresAt ?? utils.addSecondsToDate(issuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds);
54
53
  if (Date.now() > expiresAt.getTime()) {
55
54
  issuanceSession.errorMessage = "Credential offer has expired";
56
55
  await openId4VcIssuerService.updateState(agentContext, issuanceSession, OpenId4VcIssuanceSessionState.Error);
package/build/openid4vc-issuer/router/deferredCredentialEndpoint.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deferredCredentialEndpoint.mjs","names":[],"sources":["../../../src/openid4vc-issuer/router/deferredCredentialEndpoint.ts"],"sourcesContent":["import type { HttpMethod } from '@openid4vc/oauth2'\nimport type { Response, Router } from 'express'\nimport type { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nimport { joinUriParts } from '@credo-ts/core'\nimport { Oauth2ErrorCodes, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError } from '@openid4vc/oauth2'\nimport { addSecondsToDate } from '@openid4vc/utils'\nimport {\n getRequestContext,\n sendJsonResponse,\n sendOauth2ErrorResponse,\n sendUnauthorizedError,\n sendUnknownServerErrorResponse,\n} from '../../shared/router'\nimport { OpenId4VcIssuanceSessionState } from '../OpenId4VcIssuanceSessionState'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\nimport { OpenId4VcIssuanceSessionRepository } from '../repository'\n\nexport function configureDeferredCredentialEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.post(\n config.deferredCredentialEndpointPath,\n async (request: OpenId4VcIssuanceRequest, response: Response, next) => {\n const { agentContext, issuer } = getRequestContext(request)\n const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const issuerMetadata = await openId4VcIssuerService.getIssuerMetadata(agentContext, issuer, true)\n const vcIssuer = openId4VcIssuerService.getIssuer(agentContext)\n const resourceServer = openId4VcIssuerService.getResourceServer(agentContext, issuer)\n\n const fullRequestUrl = joinUriParts(issuerMetadata.credentialIssuer.credential_issuer, [\n config.deferredCredentialEndpointPath,\n ])\n\n const resourceRequestResult = await resourceServer\n .verifyResourceRequest({\n authorizationServers: issuerMetadata.authorizationServers,\n resourceServer: issuerMetadata.credentialIssuer.credential_issuer,\n request: {\n headers: new Headers(request.headers as Record<string, string>),\n method: request.method as HttpMethod,\n url: fullRequestUrl,\n },\n })\n .catch((error) => {\n sendUnauthorizedError(response, next, agentContext.config.logger, error)\n })\n\n if (!resourceRequestResult) return\n const { tokenPayload, accessToken, scheme, authorizationServer } = resourceRequestResult\n\n const deferredCredentialRequest = request.body\n const issuanceSessionRepository = agentContext.dependencyManager.resolve(OpenId4VcIssuanceSessionRepository)\n\n const parsedCredentialRequest = vcIssuer.parseDeferredCredentialRequest({\n deferredCredentialRequest,\n })\n\n const preAuthorizedCode =\n typeof tokenPayload['pre-authorized_code'] === 'string' ? tokenPayload['pre-authorized_code'] : undefined\n const issuerState = typeof tokenPayload.issuer_state === 'string' ? tokenPayload.issuer_state : undefined\n\n const subject = tokenPayload.sub\n if (!subject) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.ServerError,\n },\n {\n internalMessage: `Received token without 'sub' claim. Subject is required for binding issuance session`,\n }\n )\n )\n }\n\n if (!issuerState && !preAuthorizedCode) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidRequest,\n },\n {\n internalMessage: `Received deferred credential request without 'pre-authorized_code' or 'issuer_state' claim. At least one of these claims is required to identify the issuance session`,\n }\n )\n )\n }\n\n const issuanceSession = await issuanceSessionRepository.findSingleByQuery(agentContext, {\n preAuthorizedCode,\n issuerState,\n })\n\n if (\n !issuanceSession ||\n !issuanceSession.transactions?.find(\n (tx) => tx.transactionId === parsedCredentialRequest.deferredCredentialRequest.transaction_id\n )\n ) {\n agentContext.config.logger.warn(\n `No issuance session found for incoming deferred credential request for issuer ${\n issuer.issuerId\n } but access token data has ${\n issuerState ? 'issuer_state' : 'pre-authorized_code'\n }. Returning error response`,\n {\n tokenPayload,\n }\n )\n\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidTransactionId,\n },\n {\n internalMessage: `No issuance session found for incoming credential request for issuer ${issuer.issuerId}, access token data and transaction id`,\n }\n )\n )\n }\n\n // Use issuance session dpop config\n if (issuanceSession.dpop?.required && !resourceRequestResult.dpop) {\n return sendUnauthorizedError(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ResourceUnauthorizedError('Missing required DPoP proof', {\n scheme,\n error: Oauth2ErrorCodes.InvalidDpopProof,\n })\n )\n }\n\n // Verify the issuance session subject\n if (issuanceSession.authorization?.subject && issuanceSession.authorization.subject !== tokenPayload.sub) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n },\n {\n internalMessage: `Issuance session authorization subject does not match with the token payload subject for issuance session '${issuanceSession.id}'. Returning error response`,\n }\n )\n )\n }\n\n const expiresAt =\n issuanceSession.expiresAt ??\n addSecondsToDate(issuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds)\n\n if (Date.now() > expiresAt.getTime()) {\n issuanceSession.errorMessage = 'Credential offer has expired'\n await openId4VcIssuerService.updateState(agentContext, issuanceSession, OpenId4VcIssuanceSessionState.Error)\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError({\n // What is the best error here?\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n error_description: 'Session expired',\n })\n )\n }\n\n try {\n const { deferredCredentialResponse } = await openId4VcIssuerService.createDeferredCredentialResponse(\n agentContext,\n {\n issuanceSession,\n deferredCredentialRequest: parsedCredentialRequest.deferredCredentialRequest,\n authorization: {\n authorizationServer,\n accessToken: {\n payload: tokenPayload,\n value: accessToken,\n },\n },\n }\n )\n\n return sendJsonResponse(\n response,\n next,\n deferredCredentialResponse,\n undefined,\n deferredCredentialResponse.interval ? 202 : 200\n )\n } catch (error) {\n if (error instanceof Oauth2ServerErrorResponseError) {\n return sendOauth2ErrorResponse(response, next, agentContext.config.logger, error)\n }\n if (error instanceof Oauth2ResourceUnauthorizedError) {\n return sendUnauthorizedError(response, next, agentContext.config.logger, error)\n }\n\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, error)\n }\n }\n )\n}\n"],"mappings":";;;;;;;;;;;AAmBA,SAAgB,oCAAoC,QAAgB,QAAqC;AACvG,QAAO,KACL,OAAO,gCACP,OAAO,SAAmC,UAAoB,SAAS;EACrE,MAAM,EAAE,cAAc,WAAW,kBAAkB,QAAQ;EAC3D,MAAM,yBAAyB,aAAa,kBAAkB,QAAQ,uBAAuB;EAC7F,MAAM,iBAAiB,MAAM,uBAAuB,kBAAkB,cAAc,QAAQ,KAAK;EACjG,MAAM,WAAW,uBAAuB,UAAU,aAAa;EAC/D,MAAM,iBAAiB,uBAAuB,kBAAkB,cAAc,OAAO;EAErF,MAAM,iBAAiB,aAAa,eAAe,iBAAiB,mBAAmB,CACrF,OAAO,+BACR,CAAC;EAEF,MAAM,wBAAwB,MAAM,eACjC,sBAAsB;GACrB,sBAAsB,eAAe;GACrC,gBAAgB,eAAe,iBAAiB;GAChD,SAAS;IACP,SAAS,IAAI,QAAQ,QAAQ,QAAkC;IAC/D,QAAQ,QAAQ;IAChB,KAAK;IACN;GACF,CAAC,CACD,OAAO,UAAU;AAChB,yBAAsB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;IACxE;AAEJ,MAAI,CAAC,sBAAuB;EAC5B,MAAM,EAAE,cAAc,aAAa,QAAQ,wBAAwB;EAEnE,MAAM,4BAA4B,QAAQ;EAC1C,MAAM,4BAA4B,aAAa,kBAAkB,QAAQ,mCAAmC;EAE5G,MAAM,0BAA0B,SAAS,+BAA+B,EACtE,2BACD,CAAC;EAEF,MAAM,oBACJ,OAAO,aAAa,2BAA2B,WAAW,aAAa,yBAAyB;EAClG,MAAM,cAAc,OAAO,aAAa,iBAAiB,WAAW,aAAa,eAAe;AAGhG,MAAI,CADY,aAAa,IAE3B,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,aACzB,EACD,EACE,iBAAiB,wFAClB,CACF,CACF;AAGH,MAAI,CAAC,eAAe,CAAC,kBACnB,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,gBACzB,EACD,EACE,iBAAiB,yKAClB,CACF,CACF;EAGH,MAAM,kBAAkB,MAAM,0BAA0B,kBAAkB,cAAc;GACtF;GACA;GACD,CAAC;AAEF,MACE,CAAC,mBACD,CAAC,gBAAgB,cAAc,MAC5B,OAAO,GAAG,kBAAkB,wBAAwB,0BAA0B,eAChF,EACD;AACA,gBAAa,OAAO,OAAO,KACzB,iFACE,OAAO,SACR,6BACC,cAAc,iBAAiB,sBAChC,6BACD,EACE,cACD,CACF;AAED,UAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,sBACzB,EACD,EACE,iBAAiB,wEAAwE,OAAO,SAAS,yCAC1G,CACF,CACF;;AAIH,MAAI,gBAAgB,MAAM,YAAY,CAAC,sBAAsB,KAC3D,QAAO,sBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,gCAAgC,+BAA+B;GACjE;GACA,OAAO,iBAAiB;GACzB,CAAC,CACH;AAIH,MAAI,gBAAgB,eAAe,WAAW,gBAAgB,cAAc,YAAY,aAAa,IACnG,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,yBACzB,EACD,EACE,iBAAiB,8GAA8G,gBAAgB,GAAG,8BACnJ,CACF,CACF;EAGH,MAAM,YACJ,gBAAgB,aAChB,iBAAiB,gBAAgB,WAAW,OAAO,2CAA2C;AAEhG,MAAI,KAAK,KAAK,GAAG,UAAU,SAAS,EAAE;AACpC,mBAAgB,eAAe;AAC/B,SAAM,uBAAuB,YAAY,cAAc,iBAAiB,8BAA8B,MAAM;AAC5G,UAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BAA+B;IAEjC,OAAO,iBAAiB;IACxB,mBAAmB;IACpB,CAAC,CACH;;AAGH,MAAI;GACF,MAAM,EAAE,+BAA+B,MAAM,uBAAuB,iCAClE,cACA;IACE;IACA,2BAA2B,wBAAwB;IACnD,eAAe;KACb;KACA,aAAa;MACX,SAAS;MACT,OAAO;MACR;KACF;IACF,CACF;AAED,UAAO,iBACL,UACA,MACA,4BACA,QACA,2BAA2B,WAAW,MAAM,IAC7C;WACM,OAAO;AACd,OAAI,iBAAiB,+BACnB,QAAO,wBAAwB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;AAEnF,OAAI,iBAAiB,gCACnB,QAAO,sBAAsB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;AAGjF,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;;GAG7F"}
1
+ {"version":3,"file":"deferredCredentialEndpoint.mjs","names":[],"sources":["../../../src/openid4vc-issuer/router/deferredCredentialEndpoint.ts"],"sourcesContent":["import { joinUriParts, utils } from '@credo-ts/core'\nimport type { HttpMethod } from '@openid4vc/oauth2'\nimport { Oauth2ErrorCodes, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError } from '@openid4vc/oauth2'\nimport type { Response, Router } from 'express'\nimport {\n getRequestContext,\n sendJsonResponse,\n sendOauth2ErrorResponse,\n sendUnauthorizedError,\n sendUnknownServerErrorResponse,\n} from '../../shared/router'\nimport { OpenId4VcIssuanceSessionState } from '../OpenId4VcIssuanceSessionState'\nimport type { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\nimport { OpenId4VcIssuanceSessionRepository } from '../repository'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nexport function configureDeferredCredentialEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.post(\n config.deferredCredentialEndpointPath,\n async (request: OpenId4VcIssuanceRequest, response: Response, next) => {\n const { agentContext, issuer } = getRequestContext(request)\n const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const issuerMetadata = await openId4VcIssuerService.getIssuerMetadata(agentContext, issuer, true)\n const vcIssuer = openId4VcIssuerService.getIssuer(agentContext)\n const resourceServer = openId4VcIssuerService.getResourceServer(agentContext, issuer)\n\n const fullRequestUrl = joinUriParts(issuerMetadata.credentialIssuer.credential_issuer, [\n config.deferredCredentialEndpointPath,\n ])\n\n const resourceRequestResult = await resourceServer\n .verifyResourceRequest({\n authorizationServers: issuerMetadata.authorizationServers,\n resourceServer: issuerMetadata.credentialIssuer.credential_issuer,\n request: {\n headers: new Headers(request.headers as Record<string, string>),\n method: request.method as HttpMethod,\n url: fullRequestUrl,\n },\n })\n .catch((error) => {\n sendUnauthorizedError(response, next, agentContext.config.logger, error)\n })\n\n if (!resourceRequestResult) return\n const { tokenPayload, accessToken, scheme, authorizationServer } = resourceRequestResult\n\n const deferredCredentialRequest = request.body\n const issuanceSessionRepository = agentContext.dependencyManager.resolve(OpenId4VcIssuanceSessionRepository)\n\n const parsedCredentialRequest = vcIssuer.parseDeferredCredentialRequest({\n deferredCredentialRequest,\n })\n\n const preAuthorizedCode =\n typeof tokenPayload['pre-authorized_code'] === 'string' ? tokenPayload['pre-authorized_code'] : undefined\n const issuerState = typeof tokenPayload.issuer_state === 'string' ? tokenPayload.issuer_state : undefined\n\n const subject = tokenPayload.sub\n if (!subject) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.ServerError,\n },\n {\n internalMessage: `Received token without 'sub' claim. Subject is required for binding issuance session`,\n }\n )\n )\n }\n\n if (!issuerState && !preAuthorizedCode) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidRequest,\n },\n {\n internalMessage: `Received deferred credential request without 'pre-authorized_code' or 'issuer_state' claim. At least one of these claims is required to identify the issuance session`,\n }\n )\n )\n }\n\n const issuanceSession = await issuanceSessionRepository.findSingleByQuery(agentContext, {\n preAuthorizedCode,\n issuerState,\n })\n\n if (\n !issuanceSession ||\n !issuanceSession.transactions?.find(\n (tx) => tx.transactionId === parsedCredentialRequest.deferredCredentialRequest.transaction_id\n )\n ) {\n agentContext.config.logger.warn(\n `No issuance session found for incoming deferred credential request for issuer ${\n issuer.issuerId\n } but access token data has ${\n issuerState ? 'issuer_state' : 'pre-authorized_code'\n }. Returning error response`,\n {\n tokenPayload,\n }\n )\n\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidTransactionId,\n },\n {\n internalMessage: `No issuance session found for incoming credential request for issuer ${issuer.issuerId}, access token data and transaction id`,\n }\n )\n )\n }\n\n // Use issuance session dpop config\n if (issuanceSession.dpop?.required && !resourceRequestResult.dpop) {\n return sendUnauthorizedError(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ResourceUnauthorizedError('Missing required DPoP proof', {\n scheme,\n error: Oauth2ErrorCodes.InvalidDpopProof,\n })\n )\n }\n\n // Verify the issuance session subject\n if (issuanceSession.authorization?.subject && issuanceSession.authorization.subject !== tokenPayload.sub) {\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n },\n {\n internalMessage: `Issuance session authorization subject does not match with the token payload subject for issuance session '${issuanceSession.id}'. Returning error response`,\n }\n )\n )\n }\n\n const expiresAt =\n issuanceSession.expiresAt ??\n utils.addSecondsToDate(issuanceSession.createdAt, config.statefulCredentialOfferExpirationInSeconds)\n\n if (Date.now() > expiresAt.getTime()) {\n issuanceSession.errorMessage = 'Credential offer has expired'\n await openId4VcIssuerService.updateState(agentContext, issuanceSession, OpenId4VcIssuanceSessionState.Error)\n return sendOauth2ErrorResponse(\n response,\n next,\n agentContext.config.logger,\n new Oauth2ServerErrorResponseError({\n // What is the best error here?\n error: Oauth2ErrorCodes.CredentialRequestDenied,\n error_description: 'Session expired',\n })\n )\n }\n\n try {\n const { deferredCredentialResponse } = await openId4VcIssuerService.createDeferredCredentialResponse(\n agentContext,\n {\n issuanceSession,\n deferredCredentialRequest: parsedCredentialRequest.deferredCredentialRequest,\n authorization: {\n authorizationServer,\n accessToken: {\n payload: tokenPayload,\n value: accessToken,\n },\n },\n }\n )\n\n return sendJsonResponse(\n response,\n next,\n deferredCredentialResponse,\n undefined,\n deferredCredentialResponse.interval ? 202 : 200\n )\n } catch (error) {\n if (error instanceof Oauth2ServerErrorResponseError) {\n return sendOauth2ErrorResponse(response, next, agentContext.config.logger, error)\n }\n if (error instanceof Oauth2ResourceUnauthorizedError) {\n return sendUnauthorizedError(response, next, agentContext.config.logger, error)\n }\n\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, error)\n }\n }\n )\n}\n"],"mappings":";;;;;;;;;;AAiBA,SAAgB,oCAAoC,QAAgB,QAAqC;AACvG,QAAO,KACL,OAAO,gCACP,OAAO,SAAmC,UAAoB,SAAS;EACrE,MAAM,EAAE,cAAc,WAAW,kBAAkB,QAAQ;EAC3D,MAAM,yBAAyB,aAAa,kBAAkB,QAAQ,uBAAuB;EAC7F,MAAM,iBAAiB,MAAM,uBAAuB,kBAAkB,cAAc,QAAQ,KAAK;EACjG,MAAM,WAAW,uBAAuB,UAAU,aAAa;EAC/D,MAAM,iBAAiB,uBAAuB,kBAAkB,cAAc,OAAO;EAErF,MAAM,iBAAiB,aAAa,eAAe,iBAAiB,mBAAmB,CACrF,OAAO,+BACR,CAAC;EAEF,MAAM,wBAAwB,MAAM,eACjC,sBAAsB;GACrB,sBAAsB,eAAe;GACrC,gBAAgB,eAAe,iBAAiB;GAChD,SAAS;IACP,SAAS,IAAI,QAAQ,QAAQ,QAAkC;IAC/D,QAAQ,QAAQ;IAChB,KAAK;IACN;GACF,CAAC,CACD,OAAO,UAAU;AAChB,yBAAsB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;IACxE;AAEJ,MAAI,CAAC,sBAAuB;EAC5B,MAAM,EAAE,cAAc,aAAa,QAAQ,wBAAwB;EAEnE,MAAM,4BAA4B,QAAQ;EAC1C,MAAM,4BAA4B,aAAa,kBAAkB,QAAQ,mCAAmC;EAE5G,MAAM,0BAA0B,SAAS,+BAA+B,EACtE,2BACD,CAAC;EAEF,MAAM,oBACJ,OAAO,aAAa,2BAA2B,WAAW,aAAa,yBAAyB;EAClG,MAAM,cAAc,OAAO,aAAa,iBAAiB,WAAW,aAAa,eAAe;AAGhG,MAAI,CADY,aAAa,IAE3B,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,aACzB,EACD,EACE,iBAAiB,wFAClB,CACF,CACF;AAGH,MAAI,CAAC,eAAe,CAAC,kBACnB,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,gBACzB,EACD,EACE,iBAAiB,yKAClB,CACF,CACF;EAGH,MAAM,kBAAkB,MAAM,0BAA0B,kBAAkB,cAAc;GACtF;GACA;GACD,CAAC;AAEF,MACE,CAAC,mBACD,CAAC,gBAAgB,cAAc,MAC5B,OAAO,GAAG,kBAAkB,wBAAwB,0BAA0B,eAChF,EACD;AACA,gBAAa,OAAO,OAAO,KACzB,iFACE,OAAO,SACR,6BACC,cAAc,iBAAiB,sBAChC,6BACD,EACE,cACD,CACF;AAED,UAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,sBACzB,EACD,EACE,iBAAiB,wEAAwE,OAAO,SAAS,yCAC1G,CACF,CACF;;AAIH,MAAI,gBAAgB,MAAM,YAAY,CAAC,sBAAsB,KAC3D,QAAO,sBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,gCAAgC,+BAA+B;GACjE;GACA,OAAO,iBAAiB;GACzB,CAAC,CACH;AAIH,MAAI,gBAAgB,eAAe,WAAW,gBAAgB,cAAc,YAAY,aAAa,IACnG,QAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BACF,EACE,OAAO,iBAAiB,yBACzB,EACD,EACE,iBAAiB,8GAA8G,gBAAgB,GAAG,8BACnJ,CACF,CACF;EAGH,MAAM,YACJ,gBAAgB,aAChB,MAAM,iBAAiB,gBAAgB,WAAW,OAAO,2CAA2C;AAEtG,MAAI,KAAK,KAAK,GAAG,UAAU,SAAS,EAAE;AACpC,mBAAgB,eAAe;AAC/B,SAAM,uBAAuB,YAAY,cAAc,iBAAiB,8BAA8B,MAAM;AAC5G,UAAO,wBACL,UACA,MACA,aAAa,OAAO,QACpB,IAAI,+BAA+B;IAEjC,OAAO,iBAAiB;IACxB,mBAAmB;IACpB,CAAC,CACH;;AAGH,MAAI;GACF,MAAM,EAAE,+BAA+B,MAAM,uBAAuB,iCAClE,cACA;IACE;IACA,2BAA2B,wBAAwB;IACnD,eAAe;KACb;KACA,aAAa;MACX,SAAS;MACT,OAAO;MACR;KACF;IACF,CACF;AAED,UAAO,iBACL,UACA,MACA,4BACA,QACA,2BAA2B,WAAW,MAAM,IAC7C;WACM,OAAO;AACd,OAAI,iBAAiB,+BACnB,QAAO,wBAAwB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;AAEnF,OAAI,iBAAiB,gCACnB,QAAO,sBAAsB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;AAGjF,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;;GAG7F"}
package/build/openid4vc-issuer/router/index.js CHANGED
@@ -1,9 +1,9 @@
1
1
  const require_accessTokenEndpoint = require('./accessTokenEndpoint.js');
2
- const require_credentialEndpoint = require('./credentialEndpoint.js');
3
- const require_issuerMetadataEndpoint = require('./issuerMetadataEndpoint.js');
2
+ const require_authorizationChallengeEndpoint = require('./authorizationChallengeEndpoint.js');
4
3
  const require_authorizationServerMetadataEndpoint = require('./authorizationServerMetadataEndpoint.js');
4
+ const require_credentialEndpoint = require('./credentialEndpoint.js');
5
5
  const require_credentialOfferEndpoint = require('./credentialOfferEndpoint.js');
6
+ const require_deferredCredentialEndpoint = require('./deferredCredentialEndpoint.js');
7
+ const require_issuerMetadataEndpoint = require('./issuerMetadataEndpoint.js');
6
8
  const require_jwksEndpoint = require('./jwksEndpoint.js');
7
9
  const require_nonceEndpoint = require('./nonceEndpoint.js');
8
- const require_authorizationChallengeEndpoint = require('./authorizationChallengeEndpoint.js');
9
- const require_deferredCredentialEndpoint = require('./deferredCredentialEndpoint.js');
package/build/openid4vc-issuer/router/index.mjs CHANGED
@@ -1,9 +1,9 @@
1
1
  import { configureAccessTokenEndpoint } from "./accessTokenEndpoint.mjs";
2
- import { configureCredentialEndpoint } from "./credentialEndpoint.mjs";
3
- import { configureIssuerMetadataEndpoint } from "./issuerMetadataEndpoint.mjs";
2
+ import { configureAuthorizationChallengeEndpoint } from "./authorizationChallengeEndpoint.mjs";
4
3
  import { configureOAuthAuthorizationServerMetadataEndpoint } from "./authorizationServerMetadataEndpoint.mjs";
4
+ import { configureCredentialEndpoint } from "./credentialEndpoint.mjs";
5
5
  import { configureCredentialOfferEndpoint } from "./credentialOfferEndpoint.mjs";
6
+ import { configureDeferredCredentialEndpoint } from "./deferredCredentialEndpoint.mjs";
7
+ import { configureIssuerMetadataEndpoint } from "./issuerMetadataEndpoint.mjs";
6
8
  import { configureJwksEndpoint } from "./jwksEndpoint.mjs";
7
9
  import { configureNonceEndpoint } from "./nonceEndpoint.mjs";
8
- import { configureAuthorizationChallengeEndpoint } from "./authorizationChallengeEndpoint.mjs";
9
- import { configureDeferredCredentialEndpoint } from "./deferredCredentialEndpoint.mjs";
package/build/openid4vc-issuer/router/issuerMetadataEndpoint.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"issuerMetadataEndpoint.mjs","names":[],"sources":["../../../src/openid4vc-issuer/router/issuerMetadataEndpoint.ts"],"sourcesContent":["import type { Response, Router } from 'express'\nimport type { OpenId4VciCredentialIssuerMetadata } from '../../shared'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nimport { getAuthorizationServerMetadataFromList } from '@openid4vc/oauth2'\n\nimport { getRequestContext, sendJsonResponse, sendUnknownServerErrorResponse } from '../../shared/router'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\n\nexport function configureIssuerMetadataEndpoint(router: Router) {\n router.get(\n '/.well-known/openid-credential-issuer',\n async (_request: OpenId4VcIssuanceRequest, response: Response, next) => {\n const { agentContext, issuer } = getRequestContext(_request)\n try {\n const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const issuerMetadata = await openId4VcIssuerService.getIssuerMetadata(agentContext, issuer)\n const vcIssuer = openId4VcIssuerService.getIssuer(agentContext)\n const issuerAuthorizationServer = getAuthorizationServerMetadataFromList(\n issuerMetadata.authorizationServers,\n issuerMetadata.credentialIssuer.credential_issuer\n )\n\n const transformedMetadata = {\n // Get the draft 11 metadata (it also contains draft 14)\n ...vcIssuer.getCredentialIssuerMetadataDraft11(issuerMetadata.credentialIssuer),\n\n // TODO: these values should be removed, as they need to be hosted in the oauth-authorization-server\n // metadata. For backwards compatibility we will keep them in now.\n token_endpoint: issuerAuthorizationServer.token_endpoint,\n dpop_signing_alg_values_supported: issuerAuthorizationServer.dpop_signing_alg_values_supported,\n } satisfies OpenId4VciCredentialIssuerMetadata\n\n return sendJsonResponse(response, next, transformedMetadata)\n } catch (e) {\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, e)\n }\n }\n )\n}\n"],"mappings":";;;;;;AASA,SAAgB,gCAAgC,QAAgB;AAC9D,QAAO,IACL,yCACA,OAAO,UAAoC,UAAoB,SAAS;EACtE,MAAM,EAAE,cAAc,WAAW,kBAAkB,SAAS;AAC5D,MAAI;GACF,MAAM,yBAAyB,aAAa,kBAAkB,QAAQ,uBAAuB;GAC7F,MAAM,iBAAiB,MAAM,uBAAuB,kBAAkB,cAAc,OAAO;GAC3F,MAAM,WAAW,uBAAuB,UAAU,aAAa;GAC/D,MAAM,4BAA4B,uCAChC,eAAe,sBACf,eAAe,iBAAiB,kBACjC;AAYD,UAAO,iBAAiB,UAAU,MAVN;IAE1B,GAAG,SAAS,mCAAmC,eAAe,iBAAiB;IAI/E,gBAAgB,0BAA0B;IAC1C,mCAAmC,0BAA0B;IAC9D,CAE2D;WACrD,GAAG;AACV,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,EAAE;;GAGzF"}
1
+ {"version":3,"file":"issuerMetadataEndpoint.mjs","names":[],"sources":["../../../src/openid4vc-issuer/router/issuerMetadataEndpoint.ts"],"sourcesContent":["import { getAuthorizationServerMetadataFromList } from '@openid4vc/oauth2'\nimport type { Response, Router } from 'express'\nimport type { OpenId4VciCredentialIssuerMetadata } from '../../shared'\nimport { getRequestContext, sendJsonResponse, sendUnknownServerErrorResponse } from '../../shared/router'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nexport function configureIssuerMetadataEndpoint(router: Router) {\n router.get(\n '/.well-known/openid-credential-issuer',\n async (_request: OpenId4VcIssuanceRequest, response: Response, next) => {\n const { agentContext, issuer } = getRequestContext(_request)\n try {\n const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const issuerMetadata = await openId4VcIssuerService.getIssuerMetadata(agentContext, issuer)\n const vcIssuer = openId4VcIssuerService.getIssuer(agentContext)\n const issuerAuthorizationServer = getAuthorizationServerMetadataFromList(\n issuerMetadata.authorizationServers,\n issuerMetadata.credentialIssuer.credential_issuer\n )\n\n const transformedMetadata = {\n // Get the draft 11 metadata (it also contains draft 14)\n ...vcIssuer.getCredentialIssuerMetadataDraft11(issuerMetadata.credentialIssuer),\n\n // TODO: these values should be removed, as they need to be hosted in the oauth-authorization-server\n // metadata. For backwards compatibility we will keep them in now.\n token_endpoint: issuerAuthorizationServer.token_endpoint,\n dpop_signing_alg_values_supported: issuerAuthorizationServer.dpop_signing_alg_values_supported,\n } satisfies OpenId4VciCredentialIssuerMetadata\n\n return sendJsonResponse(response, next, transformedMetadata)\n } catch (e) {\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, e)\n }\n }\n )\n}\n"],"mappings":";;;;;;AAOA,SAAgB,gCAAgC,QAAgB;AAC9D,QAAO,IACL,yCACA,OAAO,UAAoC,UAAoB,SAAS;EACtE,MAAM,EAAE,cAAc,WAAW,kBAAkB,SAAS;AAC5D,MAAI;GACF,MAAM,yBAAyB,aAAa,kBAAkB,QAAQ,uBAAuB;GAC7F,MAAM,iBAAiB,MAAM,uBAAuB,kBAAkB,cAAc,OAAO;GAC3F,MAAM,WAAW,uBAAuB,UAAU,aAAa;GAC/D,MAAM,4BAA4B,uCAChC,eAAe,sBACf,eAAe,iBAAiB,kBACjC;AAYD,UAAO,iBAAiB,UAAU,MAVN;IAE1B,GAAG,SAAS,mCAAmC,eAAe,iBAAiB;IAI/E,gBAAgB,0BAA0B;IAC1C,mCAAmC,0BAA0B;IAC9D,CAE2D;WACrD,GAAG;AACV,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,EAAE;;GAGzF"}
package/build/openid4vc-issuer/router/jwksEndpoint.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"jwksEndpoint.mjs","names":[],"sources":["../../../src/openid4vc-issuer/router/jwksEndpoint.ts"],"sourcesContent":["import type { Jwk, JwkSet } from '@openid4vc/oauth2'\nimport type { Response, Router } from 'express'\nimport type { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nimport { getRequestContext, sendJsonResponse, sendUnknownServerErrorResponse } from '../../shared/router'\n\nexport function configureJwksEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.get(config.jwksEndpointPath, async (_request: OpenId4VcIssuanceRequest, response: Response, next) => {\n const { agentContext, issuer } = getRequestContext(_request)\n try {\n const jwks = {\n // Not needed to include kid in public facing JWKs\n keys: [issuer.resolvedAccessTokenPublicJwk.toJson({ includeKid: false }) as Jwk],\n } satisfies JwkSet\n\n return sendJsonResponse(response, next, jwks, 'application/jwk-set+json')\n } catch (e) {\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, e)\n }\n })\n}\n"],"mappings":";;;;AAOA,SAAgB,sBAAsB,QAAgB,QAAqC;AACzF,QAAO,IAAI,OAAO,kBAAkB,OAAO,UAAoC,UAAoB,SAAS;EAC1G,MAAM,EAAE,cAAc,WAAW,kBAAkB,SAAS;AAC5D,MAAI;AAMF,UAAO,iBAAiB,UAAU,MALrB,EAEX,MAAM,CAAC,OAAO,6BAA6B,OAAO,EAAE,YAAY,OAAO,CAAC,CAAQ,EACjF,EAE6C,2BAA2B;WAClE,GAAG;AACV,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,EAAE;;GAEtF"}
1
+ {"version":3,"file":"jwksEndpoint.mjs","names":[],"sources":["../../../src/openid4vc-issuer/router/jwksEndpoint.ts"],"sourcesContent":["import type { Jwk, JwkSet } from '@openid4vc/oauth2'\nimport type { Response, Router } from 'express'\nimport { getRequestContext, sendJsonResponse, sendUnknownServerErrorResponse } from '../../shared/router'\nimport type { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nexport function configureJwksEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.get(config.jwksEndpointPath, async (_request: OpenId4VcIssuanceRequest, response: Response, next) => {\n const { agentContext, issuer } = getRequestContext(_request)\n try {\n const jwks = {\n // Not needed to include kid in public facing JWKs\n keys: [issuer.resolvedAccessTokenPublicJwk.toJson({ includeKid: false }) as Jwk],\n } satisfies JwkSet\n\n return sendJsonResponse(response, next, jwks, 'application/jwk-set+json')\n } catch (e) {\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, e)\n }\n })\n}\n"],"mappings":";;;;AAMA,SAAgB,sBAAsB,QAAgB,QAAqC;AACzF,QAAO,IAAI,OAAO,kBAAkB,OAAO,UAAoC,UAAoB,SAAS;EAC1G,MAAM,EAAE,cAAc,WAAW,kBAAkB,SAAS;AAC5D,MAAI;AAMF,UAAO,iBAAiB,UAAU,MALrB,EAEX,MAAM,CAAC,OAAO,6BAA6B,OAAO,EAAE,YAAY,OAAO,CAAC,CAAQ,EACjF,EAE6C,2BAA2B;WAClE,GAAG;AACV,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,EAAE;;GAEtF"}
package/build/openid4vc-issuer/router/nonceEndpoint.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"nonceEndpoint.mjs","names":[],"sources":["../../../src/openid4vc-issuer/router/nonceEndpoint.ts"],"sourcesContent":["import type { NextFunction, Response, Router } from 'express'\nimport type { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nimport { getRequestContext, sendJsonResponse, sendUnknownServerErrorResponse } from '../../shared/router'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\n\nexport function configureNonceEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.post(\n config.nonceEndpointPath,\n async (request: OpenId4VcIssuanceRequest, response: Response, next: NextFunction) => {\n response.set({ 'Cache-Control': 'no-store', Pragma: 'no-cache' })\n const requestContext = getRequestContext(request)\n const { agentContext, issuer } = requestContext\n\n try {\n const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const vcIssuer = openId4VcIssuerService.getIssuer(agentContext)\n\n const { cNonce, cNonceExpiresInSeconds } = await openId4VcIssuerService.createNonce(agentContext, issuer)\n\n const nonceResponse = vcIssuer.createNonceResponse({\n cNonce,\n cNonceExpiresIn: cNonceExpiresInSeconds,\n })\n\n return sendJsonResponse(response, next, nonceResponse)\n } catch (error) {\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, error)\n }\n }\n )\n}\n"],"mappings":";;;;;AAOA,SAAgB,uBAAuB,QAAgB,QAAqC;AAC1F,QAAO,KACL,OAAO,mBACP,OAAO,SAAmC,UAAoB,SAAuB;AACnF,WAAS,IAAI;GAAE,iBAAiB;GAAY,QAAQ;GAAY,CAAC;EAEjE,MAAM,EAAE,cAAc,WADC,kBAAkB,QAAQ;AAGjD,MAAI;GACF,MAAM,yBAAyB,aAAa,kBAAkB,QAAQ,uBAAuB;GAC7F,MAAM,WAAW,uBAAuB,UAAU,aAAa;GAE/D,MAAM,EAAE,QAAQ,2BAA2B,MAAM,uBAAuB,YAAY,cAAc,OAAO;AAOzG,UAAO,iBAAiB,UAAU,MALZ,SAAS,oBAAoB;IACjD;IACA,iBAAiB;IAClB,CAAC,CAEoD;WAC/C,OAAO;AACd,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;;GAG7F"}
1
+ {"version":3,"file":"nonceEndpoint.mjs","names":[],"sources":["../../../src/openid4vc-issuer/router/nonceEndpoint.ts"],"sourcesContent":["import type { NextFunction, Response, Router } from 'express'\nimport { getRequestContext, sendJsonResponse, sendUnknownServerErrorResponse } from '../../shared/router'\nimport type { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nexport function configureNonceEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.post(\n config.nonceEndpointPath,\n async (request: OpenId4VcIssuanceRequest, response: Response, next: NextFunction) => {\n response.set({ 'Cache-Control': 'no-store', Pragma: 'no-cache' })\n const requestContext = getRequestContext(request)\n const { agentContext, issuer } = requestContext\n\n try {\n const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const vcIssuer = openId4VcIssuerService.getIssuer(agentContext)\n\n const { cNonce, cNonceExpiresInSeconds } = await openId4VcIssuerService.createNonce(agentContext, issuer)\n\n const nonceResponse = vcIssuer.createNonceResponse({\n cNonce,\n cNonceExpiresIn: cNonceExpiresInSeconds,\n })\n\n return sendJsonResponse(response, next, nonceResponse)\n } catch (error) {\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, error)\n }\n }\n )\n}\n"],"mappings":";;;;;AAMA,SAAgB,uBAAuB,QAAgB,QAAqC;AAC1F,QAAO,KACL,OAAO,mBACP,OAAO,SAAmC,UAAoB,SAAuB;AACnF,WAAS,IAAI;GAAE,iBAAiB;GAAY,QAAQ;GAAY,CAAC;EAEjE,MAAM,EAAE,cAAc,WADC,kBAAkB,QAAQ;AAGjD,MAAI;GACF,MAAM,yBAAyB,aAAa,kBAAkB,QAAQ,uBAAuB;GAC7F,MAAM,WAAW,uBAAuB,UAAU,aAAa;GAE/D,MAAM,EAAE,QAAQ,2BAA2B,MAAM,uBAAuB,YAAY,cAAc,OAAO;AAOzG,UAAO,iBAAiB,UAAU,MALZ,SAAS,oBAAoB;IACjD;IACA,iBAAiB;IAClB,CAAC,CAEoD;WAC/C,OAAO;AACd,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;;GAG7F"}
package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.mts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { OpenId4VcUpdateVerifierRecordOptions, OpenId4VpCreateAuthorizationRequestOptions, OpenId4VpCreateAuthorizationRequestReturn, OpenId4VpCreateVerifierOptions, OpenId4VpVerifiedAuthorizationResponse, OpenId4VpVerifyAuthorizationResponseOptions } from "./OpenId4VpVerifierServiceOptions.mjs";
2
- import { OpenId4VcVerifierRecord } from "./repository/OpenId4VcVerifierRecord.mjs";
3
2
  import { OpenId4VcVerificationSessionRecord } from "./repository/OpenId4VcVerificationSessionRecord.mjs";
3
+ import { OpenId4VcVerifierRecord } from "./repository/OpenId4VcVerifierRecord.mjs";
4
4
  import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
5
5
  import { OpenId4VpVerifierService } from "./OpenId4VpVerifierService.mjs";
6
6
  import { AgentContext, Query, QueryOptions } from "@credo-ts/core";
package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OpenId4VcVerifierApi.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierApi.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;AAkBA;AACiC,cAApB,oBAAA,CAAoB;WAEL,MAAA,EAAA,6BAAA;UAAA,YAAA;UACF,wBAAA;aACY,CAAA,MAAA,EAFV,6BAEU,EAAA,YAAA,EADZ,YACY,EAAA,wBAAA,EAAA,wBAAA;;;;iBAamB,CAAA,CAAA,EAP3B,OAO2B,CAbK,uBAAA,EAaL,CAAA;;;;yBAWV,CAAA,UAAA,EAAA,MAAA,CAAA,EAXU,OAWV,CAlBjB,uBAAA,CAkBiB;;;;gBAY5B,CAAA,OAAA,CAAA,EAhBqB,8BAgBrB,CAAA,EAhBmD,OAgBnD,CAhBmD,uBAAA,CAgBnD;wBAAY,CAAA,OAAA,EAZgB,oCAYhB,CAAA,EAZoD,OAYpD,CAAA,IAAA,CAAA;iCAAA,CAAA,KAAA,EADpB,KACoB,CADd,kCACc,CAAA,EAAA,YAAA,CAAA,EAAZ,YAAY,CAAA,EAAA,OAAA,CAAA,kCAAA,EAAA,CAAA;4BAKwC,CAAA,qBAAA,EAAA,MAAA,CAAA,EAAA,OAAA,CAAA,kCAAA,CAAA;;;;;;4BA6BnE,CAAA;IAAA,UAAA;IAAA,GAAA;GAAA,EAjBC,0CAiBD,GAAA;IAEC,UAAA,EAAA,MAAA;MAjBC,OAiB0C,CAjBlC,yCAiBkC,CAAA;;;;;;;;;;KAA3C;;MAEF,QAF6C,sCAAA;mEAU6B,QAR1E,sCAAA"}
1
+ {"version":3,"file":"OpenId4VcVerifierApi.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierApi.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;AAgBA;AACiC,cAApB,oBAAA,CAAoB;WAEL,MAAA,EAAA,6BAAA;UAAA,YAAA;UACF,wBAAA;aACY,CAAA,MAAA,EAFV,6BAEU,EAAA,YAAA,EADZ,YACY,EAAA,wBAAA,EAAA,wBAAA;;;;iBAamB,CAAA,CAAA,EAP3B,OAO2B,CAbK,uBAAA,EAaL,CAAA;;;;yBAWV,CAAA,UAAA,EAAA,MAAA,CAAA,EAXU,OAWV,CAlBjB,uBAAA,CAkBiB;;;;gBAY5B,CAAA,OAAA,CAAA,EAhBqB,8BAgBrB,CAAA,EAhBmD,OAgBnD,CAhBmD,uBAAA,CAgBnD;wBAAY,CAAA,OAAA,EAZgB,oCAYhB,CAAA,EAZoD,OAYpD,CAAA,IAAA,CAAA;iCAAA,CAAA,KAAA,EADpB,KACoB,CADd,kCACc,CAAA,EAAA,YAAA,CAAA,EAAZ,YAAY,CAAA,EAAA,OAAA,CAAA,kCAAA,EAAA,CAAA;4BAKwC,CAAA,qBAAA,EAAA,MAAA,CAAA,EAAA,OAAA,CAAA,kCAAA,CAAA;;;;;;4BA6BnE,CAAA;IAAA,UAAA;IAAA,GAAA;GAAA,EAjBC,0CAiBD,GAAA;IAEC,UAAA,EAAA,MAAA;MAjBC,OAiB0C,CAjBlC,yCAiBkC,CAAA;;;;;;;;;;KAA3C;;MAEF,QAF6C,sCAAA;mEAU6B,QAR1E,sCAAA"}
package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { OpenId4VcUpdateVerifierRecordOptions, OpenId4VpCreateAuthorizationRequestOptions, OpenId4VpCreateAuthorizationRequestReturn, OpenId4VpCreateVerifierOptions, OpenId4VpVerifiedAuthorizationResponse, OpenId4VpVerifyAuthorizationResponseOptions } from "./OpenId4VpVerifierServiceOptions.js";
2
- import { OpenId4VcVerifierRecord } from "./repository/OpenId4VcVerifierRecord.js";
3
2
  import { OpenId4VcVerificationSessionRecord } from "./repository/OpenId4VcVerificationSessionRecord.js";
3
+ import { OpenId4VcVerifierRecord } from "./repository/OpenId4VcVerifierRecord.js";
4
4
  import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.js";
5
5
  import { OpenId4VpVerifierService } from "./OpenId4VpVerifierService.js";
6
6
  import { AgentContext, Query, QueryOptions } from "@credo-ts/core";
package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OpenId4VcVerifierApi.d.ts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierApi.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;AAkBA;AACiC,cAApB,oBAAA,CAAoB;WAEL,MAAA,EAAA,6BAAA;UAAA,YAAA;UACF,wBAAA;aACY,CAAA,MAAA,EAFV,6BAEU,EAAA,YAAA,EADZ,YACY,EAAA,wBAAA,EAAA,wBAAA;;;;iBAamB,CAAA,CAAA,EAP3B,OAO2B,CAbK,uBAAA,EAaL,CAAA;;;;yBAWV,CAAA,UAAA,EAAA,MAAA,CAAA,EAXU,OAWV,CAlBjB,uBAAA,CAkBiB;;;;gBAY5B,CAAA,OAAA,CAAA,EAhBqB,8BAgBrB,CAAA,EAhBmD,OAgBnD,CAhBmD,uBAAA,CAgBnD;wBAAY,CAAA,OAAA,EAZgB,oCAYhB,CAAA,EAZoD,OAYpD,CAAA,IAAA,CAAA;iCAAA,CAAA,KAAA,EADpB,KACoB,CADd,kCACc,CAAA,EAAA,YAAA,CAAA,EAAZ,YAAY,CAAA,EAAA,OAAA,CAAA,kCAAA,EAAA,CAAA;4BAKwC,CAAA,qBAAA,EAAA,MAAA,CAAA,EAAA,OAAA,CAAA,kCAAA,CAAA;;;;;;4BA6BnE,CAAA;IAAA,UAAA;IAAA,GAAA;GAAA,EAjBC,0CAiBD,GAAA;IAEC,UAAA,EAAA,MAAA;MAjBC,OAiB0C,CAjBlC,yCAiBkC,CAAA;;;;;;;;;;KAA3C;;MAEF,QAF6C,sCAAA;mEAU6B,QAR1E,sCAAA"}
1
+ {"version":3,"file":"OpenId4VcVerifierApi.d.ts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierApi.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;AAgBA;AACiC,cAApB,oBAAA,CAAoB;WAEL,MAAA,EAAA,6BAAA;UAAA,YAAA;UACF,wBAAA;aACY,CAAA,MAAA,EAFV,6BAEU,EAAA,YAAA,EADZ,YACY,EAAA,wBAAA,EAAA,wBAAA;;;;iBAamB,CAAA,CAAA,EAP3B,OAO2B,CAbK,uBAAA,EAaL,CAAA;;;;yBAWV,CAAA,UAAA,EAAA,MAAA,CAAA,EAXU,OAWV,CAlBjB,uBAAA,CAkBiB;;;;gBAY5B,CAAA,OAAA,CAAA,EAhBqB,8BAgBrB,CAAA,EAhBmD,OAgBnD,CAhBmD,uBAAA,CAgBnD;wBAAY,CAAA,OAAA,EAZgB,oCAYhB,CAAA,EAZoD,OAYpD,CAAA,IAAA,CAAA;iCAAA,CAAA,KAAA,EADpB,KACoB,CADd,kCACc,CAAA,EAAA,YAAA,CAAA,EAAZ,YAAY,CAAA,EAAA,OAAA,CAAA,kCAAA,EAAA,CAAA;4BAKwC,CAAA,qBAAA,EAAA,MAAA,CAAA,EAAA,OAAA,CAAA,kCAAA,CAAA;;;;;;4BA6BnE,CAAA;IAAA,UAAA;IAAA,GAAA;GAAA,EAjBC,0CAiBD,GAAA;IAEC,UAAA,EAAA,MAAA;MAjBC,OAiB0C,CAjBlC,yCAiBkC,CAAA;;;;;;;;;;KAA3C;;MAEF,QAF6C,sCAAA;mEAU6B,QAR1E,sCAAA"}
package/build/openid4vc-verifier/OpenId4VcVerifierApi.js CHANGED
@@ -1,7 +1,7 @@
1
1
  const require_rolldown_runtime = require('../_virtual/rolldown_runtime.js');
2
+ const require_OpenId4VcVerifierModuleConfig = require('./OpenId4VcVerifierModuleConfig.js');
2
3
  const require_decorateMetadata = require('../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.js');
3
4
  const require_decorate = require('../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.js');
4
- const require_OpenId4VcVerifierModuleConfig = require('./OpenId4VcVerifierModuleConfig.js');
5
5
  const require_OpenId4VpVerifierService = require('./OpenId4VpVerifierService.js');
6
6
  let __credo_ts_core = require("@credo-ts/core");
7
7
  __credo_ts_core = require_rolldown_runtime.__toESM(__credo_ts_core);
package/build/openid4vc-verifier/OpenId4VcVerifierApi.mjs CHANGED
@@ -1,6 +1,6 @@
1
+ import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
1
2
  import { __decorateMetadata } from "../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.mjs";
2
3
  import { __decorate } from "../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.mjs";
3
- import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
4
4
  import { OpenId4VpVerifierService } from "./OpenId4VpVerifierService.mjs";
5
5
  import { AgentContext, injectable } from "@credo-ts/core";
6
6
 
package/build/openid4vc-verifier/OpenId4VcVerifierApi.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OpenId4VcVerifierApi.mjs","names":["OpenId4VcVerifierApi","config: OpenId4VcVerifierModuleConfig","agentContext: AgentContext","openId4VpVerifierService: OpenId4VpVerifierService"],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierApi.ts"],"sourcesContent":["import type { Query, QueryOptions } from '@credo-ts/core'\nimport type {\n OpenId4VcUpdateVerifierRecordOptions,\n OpenId4VpCreateAuthorizationRequestOptions,\n OpenId4VpCreateAuthorizationRequestReturn,\n OpenId4VpCreateVerifierOptions,\n OpenId4VpVerifyAuthorizationResponseOptions,\n} from './OpenId4VpVerifierServiceOptions'\nimport type { OpenId4VcVerificationSessionRecord } from './repository'\n\nimport { AgentContext, injectable } from '@credo-ts/core'\n\nimport { OpenId4VcVerifierModuleConfig } from './OpenId4VcVerifierModuleConfig'\nimport { OpenId4VpVerifierService } from './OpenId4VpVerifierService'\n\n/**\n * @public\n */\n@injectable()\nexport class OpenId4VcVerifierApi {\n public constructor(\n public readonly config: OpenId4VcVerifierModuleConfig,\n private agentContext: AgentContext,\n private openId4VpVerifierService: OpenId4VpVerifierService\n ) {}\n\n /**\n * Retrieve all verifier records from storage\n */\n public async getAllVerifiers() {\n return this.openId4VpVerifierService.getAllVerifiers(this.agentContext)\n }\n\n /**\n * Retrieve a verifier record from storage by its verified id\n */\n public async getVerifierByVerifierId(verifierId: string) {\n return this.openId4VpVerifierService.getVerifierByVerifierId(this.agentContext, verifierId)\n }\n\n /**\n * Create a new verifier and store the new verifier record.\n */\n public async createVerifier(options?: OpenId4VpCreateVerifierOptions) {\n return this.openId4VpVerifierService.createVerifier(this.agentContext, options)\n }\n\n public async updateVerifierMetadata(options: OpenId4VcUpdateVerifierRecordOptions) {\n const { verifierId, clientMetadata } = options\n\n const verifier = await this.openId4VpVerifierService.getVerifierByVerifierId(this.agentContext, verifierId)\n\n verifier.clientMetadata = clientMetadata\n\n return this.openId4VpVerifierService.updateVerifier(this.agentContext, verifier)\n }\n\n public async findVerificationSessionsByQuery(\n query: Query<OpenId4VcVerificationSessionRecord>,\n queryOptions?: QueryOptions\n ) {\n return this.openId4VpVerifierService.findVerificationSessionsByQuery(this.agentContext, query, queryOptions)\n }\n\n public async getVerificationSessionById(verificationSessionId: string) {\n return this.openId4VpVerifierService.getVerificationSessionById(this.agentContext, verificationSessionId)\n }\n\n /**\n * Create an OpenID4VP authorization request, acting as a Relying Party (RP).\n *\n * See {@link OpenId4VpCreateAuthorizationRequestOptions} for detailed documentation on the options.\n */\n public async createAuthorizationRequest({\n verifierId,\n ...otherOptions\n }: OpenId4VpCreateAuthorizationRequestOptions & {\n verifierId: string\n }): Promise<OpenId4VpCreateAuthorizationRequestReturn> {\n const verifier = await this.getVerifierByVerifierId(verifierId)\n return await this.openId4VpVerifierService.createAuthorizationRequest(this.agentContext, {\n ...otherOptions,\n verifier,\n })\n }\n\n /**\n * Verifies an authorization response, acting as a Relying Party (RP).\n *\n * It validates the ID Token, VP Token and the signature(s) of the received Verifiable Presentation(s)\n * as well as that the structure of the Verifiable Presentation matches the provided presentation definition.\n */\n public async verifyAuthorizationResponse({\n verificationSessionId,\n ...otherOptions\n }: OpenId4VpVerifyAuthorizationResponseOptions & {\n verificationSessionId: string\n }) {\n const verificationSession = await this.getVerificationSessionById(verificationSessionId)\n return await this.openId4VpVerifierService.verifyAuthorizationResponse(this.agentContext, {\n ...otherOptions,\n verificationSession,\n })\n }\n\n public async getVerifiedAuthorizationResponse(verificationSessionId: string) {\n const verificationSession = await this.getVerificationSessionById(verificationSessionId)\n return this.openId4VpVerifierService.getVerifiedAuthorizationResponse(this.agentContext, verificationSession)\n }\n}\n"],"mappings":";;;;;;;;AAmBO,iCAAMA,uBAAqB;CAChC,AAAO,YACL,AAAgBC,QAChB,AAAQC,cACR,AAAQC,0BACR;EAHgB;EACR;EACA;;;;;CAMV,MAAa,kBAAkB;AAC7B,SAAO,KAAK,yBAAyB,gBAAgB,KAAK,aAAa;;;;;CAMzE,MAAa,wBAAwB,YAAoB;AACvD,SAAO,KAAK,yBAAyB,wBAAwB,KAAK,cAAc,WAAW;;;;;CAM7F,MAAa,eAAe,SAA0C;AACpE,SAAO,KAAK,yBAAyB,eAAe,KAAK,cAAc,QAAQ;;CAGjF,MAAa,uBAAuB,SAA+C;EACjF,MAAM,EAAE,YAAY,mBAAmB;EAEvC,MAAM,WAAW,MAAM,KAAK,yBAAyB,wBAAwB,KAAK,cAAc,WAAW;AAE3G,WAAS,iBAAiB;AAE1B,SAAO,KAAK,yBAAyB,eAAe,KAAK,cAAc,SAAS;;CAGlF,MAAa,gCACX,OACA,cACA;AACA,SAAO,KAAK,yBAAyB,gCAAgC,KAAK,cAAc,OAAO,aAAa;;CAG9G,MAAa,2BAA2B,uBAA+B;AACrE,SAAO,KAAK,yBAAyB,2BAA2B,KAAK,cAAc,sBAAsB;;;;;;;CAQ3G,MAAa,2BAA2B,EACtC,WACA,GAAG,gBAGkD;EACrD,MAAM,WAAW,MAAM,KAAK,wBAAwB,WAAW;AAC/D,SAAO,MAAM,KAAK,yBAAyB,2BAA2B,KAAK,cAAc;GACvF,GAAG;GACH;GACD,CAAC;;;;;;;;CASJ,MAAa,4BAA4B,EACvC,sBACA,GAAG,gBAGF;EACD,MAAM,sBAAsB,MAAM,KAAK,2BAA2B,sBAAsB;AACxF,SAAO,MAAM,KAAK,yBAAyB,4BAA4B,KAAK,cAAc;GACxF,GAAG;GACH;GACD,CAAC;;CAGJ,MAAa,iCAAiC,uBAA+B;EAC3E,MAAM,sBAAsB,MAAM,KAAK,2BAA2B,sBAAsB;AACxF,SAAO,KAAK,yBAAyB,iCAAiC,KAAK,cAAc,oBAAoB;;;mCAzFhH,YAAY"}
1
+ {"version":3,"file":"OpenId4VcVerifierApi.mjs","names":["OpenId4VcVerifierApi","config: OpenId4VcVerifierModuleConfig","agentContext: AgentContext","openId4VpVerifierService: OpenId4VpVerifierService"],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierApi.ts"],"sourcesContent":["import type { Query, QueryOptions } from '@credo-ts/core'\nimport { AgentContext, injectable } from '@credo-ts/core'\nimport { OpenId4VcVerifierModuleConfig } from './OpenId4VcVerifierModuleConfig'\nimport { OpenId4VpVerifierService } from './OpenId4VpVerifierService'\nimport type {\n OpenId4VcUpdateVerifierRecordOptions,\n OpenId4VpCreateAuthorizationRequestOptions,\n OpenId4VpCreateAuthorizationRequestReturn,\n OpenId4VpCreateVerifierOptions,\n OpenId4VpVerifyAuthorizationResponseOptions,\n} from './OpenId4VpVerifierServiceOptions'\nimport type { OpenId4VcVerificationSessionRecord } from './repository'\n\n/**\n * @public\n */\n@injectable()\nexport class OpenId4VcVerifierApi {\n public constructor(\n public readonly config: OpenId4VcVerifierModuleConfig,\n private agentContext: AgentContext,\n private openId4VpVerifierService: OpenId4VpVerifierService\n ) {}\n\n /**\n * Retrieve all verifier records from storage\n */\n public async getAllVerifiers() {\n return this.openId4VpVerifierService.getAllVerifiers(this.agentContext)\n }\n\n /**\n * Retrieve a verifier record from storage by its verified id\n */\n public async getVerifierByVerifierId(verifierId: string) {\n return this.openId4VpVerifierService.getVerifierByVerifierId(this.agentContext, verifierId)\n }\n\n /**\n * Create a new verifier and store the new verifier record.\n */\n public async createVerifier(options?: OpenId4VpCreateVerifierOptions) {\n return this.openId4VpVerifierService.createVerifier(this.agentContext, options)\n }\n\n public async updateVerifierMetadata(options: OpenId4VcUpdateVerifierRecordOptions) {\n const { verifierId, clientMetadata } = options\n\n const verifier = await this.openId4VpVerifierService.getVerifierByVerifierId(this.agentContext, verifierId)\n\n verifier.clientMetadata = clientMetadata\n\n return this.openId4VpVerifierService.updateVerifier(this.agentContext, verifier)\n }\n\n public async findVerificationSessionsByQuery(\n query: Query<OpenId4VcVerificationSessionRecord>,\n queryOptions?: QueryOptions\n ) {\n return this.openId4VpVerifierService.findVerificationSessionsByQuery(this.agentContext, query, queryOptions)\n }\n\n public async getVerificationSessionById(verificationSessionId: string) {\n return this.openId4VpVerifierService.getVerificationSessionById(this.agentContext, verificationSessionId)\n }\n\n /**\n * Create an OpenID4VP authorization request, acting as a Relying Party (RP).\n *\n * See {@link OpenId4VpCreateAuthorizationRequestOptions} for detailed documentation on the options.\n */\n public async createAuthorizationRequest({\n verifierId,\n ...otherOptions\n }: OpenId4VpCreateAuthorizationRequestOptions & {\n verifierId: string\n }): Promise<OpenId4VpCreateAuthorizationRequestReturn> {\n const verifier = await this.getVerifierByVerifierId(verifierId)\n return await this.openId4VpVerifierService.createAuthorizationRequest(this.agentContext, {\n ...otherOptions,\n verifier,\n })\n }\n\n /**\n * Verifies an authorization response, acting as a Relying Party (RP).\n *\n * It validates the ID Token, VP Token and the signature(s) of the received Verifiable Presentation(s)\n * as well as that the structure of the Verifiable Presentation matches the provided presentation definition.\n */\n public async verifyAuthorizationResponse({\n verificationSessionId,\n ...otherOptions\n }: OpenId4VpVerifyAuthorizationResponseOptions & {\n verificationSessionId: string\n }) {\n const verificationSession = await this.getVerificationSessionById(verificationSessionId)\n return await this.openId4VpVerifierService.verifyAuthorizationResponse(this.agentContext, {\n ...otherOptions,\n verificationSession,\n })\n }\n\n public async getVerifiedAuthorizationResponse(verificationSessionId: string) {\n const verificationSession = await this.getVerificationSessionById(verificationSessionId)\n return this.openId4VpVerifierService.getVerifiedAuthorizationResponse(this.agentContext, verificationSession)\n }\n}\n"],"mappings":";;;;;;;;AAiBO,iCAAMA,uBAAqB;CAChC,AAAO,YACL,AAAgBC,QAChB,AAAQC,cACR,AAAQC,0BACR;EAHgB;EACR;EACA;;;;;CAMV,MAAa,kBAAkB;AAC7B,SAAO,KAAK,yBAAyB,gBAAgB,KAAK,aAAa;;;;;CAMzE,MAAa,wBAAwB,YAAoB;AACvD,SAAO,KAAK,yBAAyB,wBAAwB,KAAK,cAAc,WAAW;;;;;CAM7F,MAAa,eAAe,SAA0C;AACpE,SAAO,KAAK,yBAAyB,eAAe,KAAK,cAAc,QAAQ;;CAGjF,MAAa,uBAAuB,SAA+C;EACjF,MAAM,EAAE,YAAY,mBAAmB;EAEvC,MAAM,WAAW,MAAM,KAAK,yBAAyB,wBAAwB,KAAK,cAAc,WAAW;AAE3G,WAAS,iBAAiB;AAE1B,SAAO,KAAK,yBAAyB,eAAe,KAAK,cAAc,SAAS;;CAGlF,MAAa,gCACX,OACA,cACA;AACA,SAAO,KAAK,yBAAyB,gCAAgC,KAAK,cAAc,OAAO,aAAa;;CAG9G,MAAa,2BAA2B,uBAA+B;AACrE,SAAO,KAAK,yBAAyB,2BAA2B,KAAK,cAAc,sBAAsB;;;;;;;CAQ3G,MAAa,2BAA2B,EACtC,WACA,GAAG,gBAGkD;EACrD,MAAM,WAAW,MAAM,KAAK,wBAAwB,WAAW;AAC/D,SAAO,MAAM,KAAK,yBAAyB,2BAA2B,KAAK,cAAc;GACvF,GAAG;GACH;GACD,CAAC;;;;;;;;CASJ,MAAa,4BAA4B,EACvC,sBACA,GAAG,gBAGF;EACD,MAAM,sBAAsB,MAAM,KAAK,2BAA2B,sBAAsB;AACxF,SAAO,MAAM,KAAK,yBAAyB,4BAA4B,KAAK,cAAc;GACxF,GAAG;GACH;GACD,CAAC;;CAGJ,MAAa,iCAAiC,uBAA+B;EAC3E,MAAM,sBAAsB,MAAM,KAAK,2BAA2B,sBAAsB;AACxF,SAAO,KAAK,yBAAyB,iCAAiC,KAAK,cAAc,oBAAoB;;;mCAzFhH,YAAY"}
package/build/openid4vc-verifier/OpenId4VcVerifierModule.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OpenId4VcVerifierModule.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierModule.ts"],"sourcesContent":[],"mappings":";;;;;;AAiBA;;AAC0B,cADb,uBAAA,CACa;WAEI,MAAA,EAFJ,6BAEI;aAOO,CAAA,OAAA,EAPP,oCAOO;;;;8BAAA;+BAeO,eAAe"}
1
+ {"version":3,"file":"OpenId4VcVerifierModule.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierModule.ts"],"sourcesContent":[],"mappings":";;;;;;AAeA;;AAC0B,cADb,uBAAA,CACa;WAEI,MAAA,EAFJ,6BAEI;aAOO,CAAA,OAAA,EAPP,oCAOO;;;;8BAAA;+BAeO,eAAe"}
package/build/openid4vc-verifier/OpenId4VcVerifierModule.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OpenId4VcVerifierModule.d.ts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierModule.ts"],"sourcesContent":[],"mappings":";;;;;;AAiBA;;AAC0B,cADb,uBAAA,CACa;WAEI,MAAA,EAFJ,6BAEI;aAOO,CAAA,OAAA,EAPP,oCAOO;;;;8BAAA;+BAeO,eAAe"}
1
+ {"version":3,"file":"OpenId4VcVerifierModule.d.ts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierModule.ts"],"sourcesContent":[],"mappings":";;;;;;AAeA;;AAC0B,cADb,uBAAA,CACa;WAEI,MAAA,EAFJ,6BAEI;aAOO,CAAA,OAAA,EAPP,oCAOO;;;;8BAAA;+BAeO,eAAe"}
package/build/openid4vc-verifier/OpenId4VcVerifierModule.js CHANGED
@@ -1,5 +1,5 @@
1
- const require_express = require('../shared/router/express.js');
2
1
  const require_context = require('../shared/router/context.js');
2
+ const require_express = require('../shared/router/express.js');
3
3
  const require_tenants = require('../shared/router/tenants.js');
4
4
  require('../shared/router/index.js');
5
5
  const require_OpenId4VcVerifierModuleConfig = require('./OpenId4VcVerifierModuleConfig.js');
@@ -45,7 +45,7 @@ var OpenId4VcVerifierModule = class {
45
45
  rootAgentContext.config.logger.debug("No verifierId provided for incoming authorization response, returning 404");
46
46
  _res.status(404).send("Not found");
47
47
  }
48
- let agentContext = void 0;
48
+ let agentContext;
49
49
  try {
50
50
  agentContext = await require_tenants.getAgentContextForActorId(rootAgentContext, verifierId);
51
51
  const verifier = await agentContext.dependencyManager.resolve(require_OpenId4VcVerifierApi.OpenId4VcVerifierApi).getVerifierByVerifierId(verifierId);
package/build/openid4vc-verifier/OpenId4VcVerifierModule.mjs CHANGED
@@ -1,5 +1,5 @@
1
- import { importExpress } from "../shared/router/express.mjs";
2
1
  import { getRequestContext } from "../shared/router/context.mjs";
2
+ import { importExpress } from "../shared/router/express.mjs";
3
3
  import { getAgentContextForActorId } from "../shared/router/tenants.mjs";
4
4
  import "../shared/router/index.mjs";
5
5
  import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
@@ -45,7 +45,7 @@ var OpenId4VcVerifierModule = class {
45
45
  rootAgentContext.config.logger.debug("No verifierId provided for incoming authorization response, returning 404");
46
46
  _res.status(404).send("Not found");
47
47
  }
48
- let agentContext = void 0;
48
+ let agentContext;
49
49
  try {
50
50
  agentContext = await getAgentContextForActorId(rootAgentContext, verifierId);
51
51
  const verifier = await agentContext.dependencyManager.resolve(OpenId4VcVerifierApi).getVerifierByVerifierId(verifierId);
package/build/openid4vc-verifier/OpenId4VcVerifierModule.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OpenId4VcVerifierModule.mjs","names":["agentContext: AgentContext | undefined"],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierModule.ts"],"sourcesContent":["import type { AgentContext, DependencyManager } from '@credo-ts/core'\nimport type { NextFunction } from 'express'\nimport type { OpenId4VcVerifierModuleConfigOptions } from './OpenId4VcVerifierModuleConfig'\nimport type { OpenId4VcVerificationRequest } from './router'\n\nimport { getAgentContextForActorId, getRequestContext, importExpress } from '../shared/router'\n\nimport { OpenId4VcVerifierApi } from './OpenId4VcVerifierApi'\nimport { OpenId4VcVerifierModuleConfig } from './OpenId4VcVerifierModuleConfig'\nimport { OpenId4VpVerifierService } from './OpenId4VpVerifierService'\nimport { OpenId4VcVerifierRepository } from './repository'\nimport { configureAuthorizationEndpoint } from './router'\nimport { configureAuthorizationRequestEndpoint } from './router/authorizationRequestEndpoint'\n\n/**\n * @public\n */\nexport class OpenId4VcVerifierModule {\n public readonly config: OpenId4VcVerifierModuleConfig\n\n public constructor(options: OpenId4VcVerifierModuleConfigOptions) {\n this.config = new OpenId4VcVerifierModuleConfig(options)\n }\n\n /**\n * Registers the dependencies of the openid4vc verifier module on the dependency manager.\n */\n public register(dependencyManager: DependencyManager) {\n // Since the OpenID4VC module is a nested module (a module consisting of three modules) we register the API\n // manually. In the future we may disallow resolving the sub-api, but for now it allows for a cleaner migration path\n dependencyManager.registerContextScoped(OpenId4VcVerifierApi)\n\n // Register config\n dependencyManager.registerInstance(OpenId4VcVerifierModuleConfig, this.config)\n\n // Services\n dependencyManager.registerSingleton(OpenId4VpVerifierService)\n\n // Repository\n dependencyManager.registerSingleton(OpenId4VcVerifierRepository)\n }\n\n public async initialize(rootAgentContext: AgentContext): Promise<void> {\n this.configureRouter(rootAgentContext)\n }\n\n /**\n * Registers the endpoints on the router passed to this module.\n */\n private configureRouter(rootAgentContext: AgentContext) {\n const { Router, json, urlencoded } = importExpress()\n\n // FIXME: it is currently not possible to initialize an agent\n // shut it down, and then start it again, as the\n // express router is configured with a specific `AgentContext` instance\n // and dependency manager. One option is to always create a new router\n // but then users cannot pass their own router implementation.\n // We need to find a proper way to fix this.\n\n // We use separate context router and endpoint router. Context router handles the linking of the request\n // to a specific agent context. Endpoint router only knows about a single context\n const endpointRouter = Router()\n const contextRouter = this.config.router\n\n // parse application/x-www-form-urlencoded\n contextRouter.use(urlencoded({ extended: false }))\n // parse application/json\n contextRouter.use(json())\n\n contextRouter.param('verifierId', async (req: OpenId4VcVerificationRequest, _res, next, verifierId: string) => {\n if (!verifierId) {\n rootAgentContext.config.logger.debug(\n 'No verifierId provided for incoming authorization response, returning 404'\n )\n _res.status(404).send('Not found')\n }\n\n let agentContext: AgentContext | undefined = undefined\n\n try {\n agentContext = await getAgentContextForActorId(rootAgentContext, verifierId)\n const verifierApi = agentContext.dependencyManager.resolve(OpenId4VcVerifierApi)\n const verifier = await verifierApi.getVerifierByVerifierId(verifierId)\n\n req.requestContext = {\n agentContext,\n verifier,\n }\n } catch (error) {\n agentContext?.config.logger.error(\n 'Failed to correlate incoming openid request to existing tenant and verifier',\n {\n error,\n }\n )\n // If the opening failed\n await agentContext?.endSession()\n return _res.status(404).send('Not found')\n }\n\n next()\n })\n\n contextRouter.use('/:verifierId', endpointRouter)\n\n // Configure endpoints\n configureAuthorizationEndpoint(endpointRouter, this.config)\n configureAuthorizationRequestEndpoint(endpointRouter, this.config)\n\n // First one will be called for all requests (when next is called)\n contextRouter.use(async (req: OpenId4VcVerificationRequest, _res: unknown, next) => {\n const { agentContext } = getRequestContext(req)\n await agentContext.endSession()\n next()\n })\n\n // This one will be called for all errors that are thrown\n contextRouter.use(async (_error: unknown, req: OpenId4VcVerificationRequest, _res: unknown, next: NextFunction) => {\n const { agentContext } = getRequestContext(req)\n await agentContext.endSession()\n next()\n })\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAiBA,IAAa,0BAAb,MAAqC;CAGnC,AAAO,YAAY,SAA+C;AAChE,OAAK,SAAS,IAAI,8BAA8B,QAAQ;;;;;CAM1D,AAAO,SAAS,mBAAsC;AAGpD,oBAAkB,sBAAsB,qBAAqB;AAG7D,oBAAkB,iBAAiB,+BAA+B,KAAK,OAAO;AAG9E,oBAAkB,kBAAkB,yBAAyB;AAG7D,oBAAkB,kBAAkB,4BAA4B;;CAGlE,MAAa,WAAW,kBAA+C;AACrE,OAAK,gBAAgB,iBAAiB;;;;;CAMxC,AAAQ,gBAAgB,kBAAgC;EACtD,MAAM,EAAE,QAAQ,MAAM,eAAe,eAAe;EAWpD,MAAM,iBAAiB,QAAQ;EAC/B,MAAM,gBAAgB,KAAK,OAAO;AAGlC,gBAAc,IAAI,WAAW,EAAE,UAAU,OAAO,CAAC,CAAC;AAElD,gBAAc,IAAI,MAAM,CAAC;AAEzB,gBAAc,MAAM,cAAc,OAAO,KAAmC,MAAM,MAAM,eAAuB;AAC7G,OAAI,CAAC,YAAY;AACf,qBAAiB,OAAO,OAAO,MAC7B,4EACD;AACD,SAAK,OAAO,IAAI,CAAC,KAAK,YAAY;;GAGpC,IAAIA,eAAyC;AAE7C,OAAI;AACF,mBAAe,MAAM,0BAA0B,kBAAkB,WAAW;IAE5E,MAAM,WAAW,MADG,aAAa,kBAAkB,QAAQ,qBAAqB,CAC7C,wBAAwB,WAAW;AAEtE,QAAI,iBAAiB;KACnB;KACA;KACD;YACM,OAAO;AACd,kBAAc,OAAO,OAAO,MAC1B,+EACA,EACE,OACD,CACF;AAED,UAAM,cAAc,YAAY;AAChC,WAAO,KAAK,OAAO,IAAI,CAAC,KAAK,YAAY;;AAG3C,SAAM;IACN;AAEF,gBAAc,IAAI,gBAAgB,eAAe;AAGjD,iCAA+B,gBAAgB,KAAK,OAAO;AAC3D,wCAAsC,gBAAgB,KAAK,OAAO;AAGlE,gBAAc,IAAI,OAAO,KAAmC,MAAe,SAAS;GAClF,MAAM,EAAE,iBAAiB,kBAAkB,IAAI;AAC/C,SAAM,aAAa,YAAY;AAC/B,SAAM;IACN;AAGF,gBAAc,IAAI,OAAO,QAAiB,KAAmC,MAAe,SAAuB;GACjH,MAAM,EAAE,iBAAiB,kBAAkB,IAAI;AAC/C,SAAM,aAAa,YAAY;AAC/B,SAAM;IACN"}
1
+ {"version":3,"file":"OpenId4VcVerifierModule.mjs","names":["agentContext: AgentContext | undefined"],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierModule.ts"],"sourcesContent":["import type { AgentContext, DependencyManager } from '@credo-ts/core'\nimport type { NextFunction } from 'express'\nimport { getAgentContextForActorId, getRequestContext, importExpress } from '../shared/router'\nimport { OpenId4VcVerifierApi } from './OpenId4VcVerifierApi'\nimport type { OpenId4VcVerifierModuleConfigOptions } from './OpenId4VcVerifierModuleConfig'\nimport { OpenId4VcVerifierModuleConfig } from './OpenId4VcVerifierModuleConfig'\nimport { OpenId4VpVerifierService } from './OpenId4VpVerifierService'\nimport { OpenId4VcVerifierRepository } from './repository'\nimport type { OpenId4VcVerificationRequest } from './router'\nimport { configureAuthorizationEndpoint } from './router'\nimport { configureAuthorizationRequestEndpoint } from './router/authorizationRequestEndpoint'\n\n/**\n * @public\n */\nexport class OpenId4VcVerifierModule {\n public readonly config: OpenId4VcVerifierModuleConfig\n\n public constructor(options: OpenId4VcVerifierModuleConfigOptions) {\n this.config = new OpenId4VcVerifierModuleConfig(options)\n }\n\n /**\n * Registers the dependencies of the openid4vc verifier module on the dependency manager.\n */\n public register(dependencyManager: DependencyManager) {\n // Since the OpenID4VC module is a nested module (a module consisting of three modules) we register the API\n // manually. In the future we may disallow resolving the sub-api, but for now it allows for a cleaner migration path\n dependencyManager.registerContextScoped(OpenId4VcVerifierApi)\n\n // Register config\n dependencyManager.registerInstance(OpenId4VcVerifierModuleConfig, this.config)\n\n // Services\n dependencyManager.registerSingleton(OpenId4VpVerifierService)\n\n // Repository\n dependencyManager.registerSingleton(OpenId4VcVerifierRepository)\n }\n\n public async initialize(rootAgentContext: AgentContext): Promise<void> {\n this.configureRouter(rootAgentContext)\n }\n\n /**\n * Registers the endpoints on the router passed to this module.\n */\n private configureRouter(rootAgentContext: AgentContext) {\n const { Router, json, urlencoded } = importExpress()\n\n // FIXME: it is currently not possible to initialize an agent\n // shut it down, and then start it again, as the\n // express router is configured with a specific `AgentContext` instance\n // and dependency manager. One option is to always create a new router\n // but then users cannot pass their own router implementation.\n // We need to find a proper way to fix this.\n\n // We use separate context router and endpoint router. Context router handles the linking of the request\n // to a specific agent context. Endpoint router only knows about a single context\n const endpointRouter = Router()\n const contextRouter = this.config.router\n\n // parse application/x-www-form-urlencoded\n contextRouter.use(urlencoded({ extended: false }))\n // parse application/json\n contextRouter.use(json())\n\n contextRouter.param('verifierId', async (req: OpenId4VcVerificationRequest, _res, next, verifierId: string) => {\n if (!verifierId) {\n rootAgentContext.config.logger.debug(\n 'No verifierId provided for incoming authorization response, returning 404'\n )\n _res.status(404).send('Not found')\n }\n\n let agentContext: AgentContext | undefined\n\n try {\n agentContext = await getAgentContextForActorId(rootAgentContext, verifierId)\n const verifierApi = agentContext.dependencyManager.resolve(OpenId4VcVerifierApi)\n const verifier = await verifierApi.getVerifierByVerifierId(verifierId)\n\n req.requestContext = {\n agentContext,\n verifier,\n }\n } catch (error) {\n agentContext?.config.logger.error(\n 'Failed to correlate incoming openid request to existing tenant and verifier',\n {\n error,\n }\n )\n // If the opening failed\n await agentContext?.endSession()\n return _res.status(404).send('Not found')\n }\n\n next()\n })\n\n contextRouter.use('/:verifierId', endpointRouter)\n\n // Configure endpoints\n configureAuthorizationEndpoint(endpointRouter, this.config)\n configureAuthorizationRequestEndpoint(endpointRouter, this.config)\n\n // First one will be called for all requests (when next is called)\n contextRouter.use(async (req: OpenId4VcVerificationRequest, _res: unknown, next) => {\n const { agentContext } = getRequestContext(req)\n await agentContext.endSession()\n next()\n })\n\n // This one will be called for all errors that are thrown\n contextRouter.use(async (_error: unknown, req: OpenId4VcVerificationRequest, _res: unknown, next: NextFunction) => {\n const { agentContext } = getRequestContext(req)\n await agentContext.endSession()\n next()\n })\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAeA,IAAa,0BAAb,MAAqC;CAGnC,AAAO,YAAY,SAA+C;AAChE,OAAK,SAAS,IAAI,8BAA8B,QAAQ;;;;;CAM1D,AAAO,SAAS,mBAAsC;AAGpD,oBAAkB,sBAAsB,qBAAqB;AAG7D,oBAAkB,iBAAiB,+BAA+B,KAAK,OAAO;AAG9E,oBAAkB,kBAAkB,yBAAyB;AAG7D,oBAAkB,kBAAkB,4BAA4B;;CAGlE,MAAa,WAAW,kBAA+C;AACrE,OAAK,gBAAgB,iBAAiB;;;;;CAMxC,AAAQ,gBAAgB,kBAAgC;EACtD,MAAM,EAAE,QAAQ,MAAM,eAAe,eAAe;EAWpD,MAAM,iBAAiB,QAAQ;EAC/B,MAAM,gBAAgB,KAAK,OAAO;AAGlC,gBAAc,IAAI,WAAW,EAAE,UAAU,OAAO,CAAC,CAAC;AAElD,gBAAc,IAAI,MAAM,CAAC;AAEzB,gBAAc,MAAM,cAAc,OAAO,KAAmC,MAAM,MAAM,eAAuB;AAC7G,OAAI,CAAC,YAAY;AACf,qBAAiB,OAAO,OAAO,MAC7B,4EACD;AACD,SAAK,OAAO,IAAI,CAAC,KAAK,YAAY;;GAGpC,IAAIA;AAEJ,OAAI;AACF,mBAAe,MAAM,0BAA0B,kBAAkB,WAAW;IAE5E,MAAM,WAAW,MADG,aAAa,kBAAkB,QAAQ,qBAAqB,CAC7C,wBAAwB,WAAW;AAEtE,QAAI,iBAAiB;KACnB;KACA;KACD;YACM,OAAO;AACd,kBAAc,OAAO,OAAO,MAC1B,+EACA,EACE,OACD,CACF;AAED,UAAM,cAAc,YAAY;AAChC,WAAO,KAAK,OAAO,IAAI,CAAC,KAAK,YAAY;;AAG3C,SAAM;IACN;AAEF,gBAAc,IAAI,gBAAgB,eAAe;AAGjD,iCAA+B,gBAAgB,KAAK,OAAO;AAC3D,wCAAsC,gBAAgB,KAAK,OAAO;AAGlE,gBAAc,IAAI,OAAO,KAAmC,MAAe,SAAS;GAClF,MAAM,EAAE,iBAAiB,kBAAkB,IAAI;AAC/C,SAAM,aAAa,YAAY;AAC/B,SAAM;IACN;AAGF,gBAAc,IAAI,OAAO,QAAiB,KAAmC,MAAe,SAAuB;GACjH,MAAM,EAAE,iBAAiB,kBAAkB,IAAI;AAC/C,SAAM,aAAa,YAAY;AAC/B,SAAM;IACN"}
package/build/openid4vc-verifier/OpenId4VpVerifierService.d.mts CHANGED
@@ -1,9 +1,9 @@
1
- import { OpenId4VpCreateAuthorizationRequestOptions, OpenId4VpCreateAuthorizationRequestReturn, OpenId4VpCreateVerifierOptions, OpenId4VpVerifiedAuthorizationResponse, OpenId4VpVerifyAuthorizationResponseOptions } from "./OpenId4VpVerifierServiceOptions.mjs";
2
- import { OpenId4VcVerifierRecord } from "./repository/OpenId4VcVerifierRecord.mjs";
3
- import { OpenId4VcVerifierRepository } from "./repository/OpenId4VcVerifierRepository.mjs";
4
1
  import { OpenId4VcVerificationSessionState } from "./OpenId4VcVerificationSessionState.mjs";
2
+ import { OpenId4VpCreateAuthorizationRequestOptions, OpenId4VpCreateAuthorizationRequestReturn, OpenId4VpCreateVerifierOptions, OpenId4VpVerifiedAuthorizationResponse, OpenId4VpVerifyAuthorizationResponseOptions } from "./OpenId4VpVerifierServiceOptions.mjs";
5
3
  import { OpenId4VcVerificationSessionRecord } from "./repository/OpenId4VcVerificationSessionRecord.mjs";
6
4
  import { OpenId4VcVerificationSessionRepository } from "./repository/OpenId4VcVerificationSessionRepository.mjs";
5
+ import { OpenId4VcVerifierRecord } from "./repository/OpenId4VcVerifierRecord.mjs";
6
+ import { OpenId4VcVerifierRepository } from "./repository/OpenId4VcVerifierRepository.mjs";
7
7
  import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
8
8
  import { AgentContext, Logger, Query, QueryOptions, W3cCredentialService, W3cV2CredentialService } from "@credo-ts/core";
9
9
 
package/build/openid4vc-verifier/OpenId4VpVerifierService.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OpenId4VpVerifierService.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VpVerifierService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;cAgGa,wBAAA;EAAA,QAAA,MAAA;EAAwB,QAAA,oBAAA;UAEgB,sBAAA;UACnB,2BAAA;UACE,MAAA;UACK,sCAAA;aACrB,CAAA,MAAA,EAJiC,MAIjC,EAAA,oBAAA,EAHc,oBAGd,EAAA,sBAAA,EAFgB,sBAEhB,EAAA,2BAAA,EADqB,2BACrB,EAAA,MAAA,EAAA,6BAAA,EAAA,sCAAA,EACgC,sCADhC;UACgC,oBAAA;4BAWlC,CAAA,YAAA,EAAA,YAAA,EAAA,OAAA,EACL,0CADK,GAAA;IACL,QAAA,EAAyD,uBAAzD;MACR,OADiE,CACzD,yCADyD,CAAA;UACzD,uBAAA;UAAR,0BAAA;6BA0Ta,CAAA,YAAA,EAAA,YAAA,EAAA,OAAA,EACL,2CADK,GAAA;IACL;;;IAMR,mBAAA,EAFsB,kCAEtB;MAAA,OAwRa,CAxRL,sCAwRK,CAAA;;;;;UA8IuC,kCAAA;kCAAA,CAAA,YAAA,EA9IvC,YA8IuC,EAAA,mBAAA,EA7IhC,kCA6IgC,CAAA,EA5IpD,OA4IoD,CA5I5C,sCA4I4C,CAAA;UAIJ,0BAAA;iBAAgC,CAAA,YAAA,EAJxC,YAIwC,CAAA,EAJ5B,OAI4B,CAJ5B,uBAI4B,EAAA,CAAA;yBAAA,CAAA,YAAA,EAAhC,YAAgC,EAAA,UAAA,EAAA,MAAA,CAAA,EAAA,OAAA,CAAA,uBAAA,CAAA;gBAIzC,CAAA,YAAA,EAAA,YAAA,EAAA,QAAA,EAAwB,uBAAxB,CAAA,EAA+C,OAA/C,CAAA,IAAA,CAAA;gBAAwB,CAAA,YAAA,EAIxB,YAJwB,EAAA,OAAA,CAAA,EAIA,8BAJA,CAAA,EAI8B,OAJ9B,CAI8B,uBAJ9B,CAAA;iCAAuB,CAAA,YAAA,EAgBzE,YAhByE,EAAA,KAAA,EAiBhF,KAjBgF,CAiB1E,kCAjB0E,CAAA,EAAA,YAAA,CAAA,EAkBxE,YAlBwE,CAAA,EAkB5D,OAlB4D,CAkB5D,kCAlB4D,EAAA,CAAA;4BAI/C,CAAA,YAAA,EAmBY,YAnBZ,EAAA,qBAAA,EAAA,MAAA,CAAA,EAmBuD,OAnBvD,CAmBuD,kCAnBvD,CAAA;UAAwB,iBAAA;UAA8B,kBAAA;UAAA,kBAAA;;;;;aAcnE,CAAA,YAAA,EA4Zb,YA5Za,EAAA,mBAAA,EA6ZN,kCA7ZM,EAAA,QAAA,EA8ZjB,iCA9ZiB,CAAA,EA8ZgB,OA9ZhB,CAAA,IAAA,CAAA;YAAA,qBAAA,CAAA,YAAA,EA4ab,YA5aa,EAAA,mBAAA,EA6aN,kCA7aM,EAAA,aAAA,EA8aZ,iCA9aY,GAAA,IAAA,CAAA,EAAA,IAAA"}
1
+ {"version":3,"file":"OpenId4VpVerifierService.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VpVerifierService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;cA8Fa,wBAAA;;EAAA,QAAA,oBAAwB;EAAA,QAAA,sBAAA;UAEgB,2BAAA;UACnB,MAAA;UACE,sCAAA;aACK,CAAA,MAAA,EAHY,MAGZ,EAAA,oBAAA,EAFP,oBAEO,EAAA,sBAAA,EADL,sBACK,EAAA,2BAAA,EAAA,2BAAA,EAAA,MAAA,EACrB,6BADqB,EAAA,sCAAA,EAEW,sCAFX;UACrB,oBAAA;4BACgC,CAAA,YAAA,EAWlC,YAXkC,EAAA,OAAA,EAYvC,0CAZuC,GAAA;IAWlC,QAAA,EACoD,uBADpD;MAEb,OADQ,CACA,yCADA,CAAA;UAAyD,uBAAA;UACzD,0BAAA;6BAAR,CAAA,YAAA,EA0Ta,YA1Tb,EAAA,OAAA,EA2TQ,2CA3TR,GAAA;IA0Ta;;;IAOL,mBAAA,EAFc,kCAEd;MAAR,OAAA,CAAQ,sCAAR,CAAA;;;;;UAsawC,kCAAA;kCAAY,CAAA,YAAA,EA9IvC,YA8IuC,EAAA,mBAAA,EA7IhC,kCA6IgC,CAAA,EA5IpD,OA4IoD,CA5I5C,sCA4I4C,CAAA;UAAA,0BAAA;iBAIJ,CAAA,YAAA,EAJR,YAIQ,CAAA,EAJI,OAIJ,CAJI,uBAIJ,EAAA,CAAA;yBAAgC,CAAA,YAAA,EAAhC,YAAgC,EAAA,UAAA,EAAA,MAAA,CAAA,EAAA,OAAA,CAAA,uBAAA,CAAA;gBAAA,CAAA,YAAA,EAIzC,YAJyC,EAAA,QAAA,EAIjB,uBAJiB,CAAA,EAIM,OAJN,CAAA,IAAA,CAAA;gBAIzC,CAAA,YAAA,EAIA,YAJA,EAAA,OAAA,CAAA,EAIwB,8BAJxB,CAAA,EAIsD,OAJtD,CAIsD,uBAJtD,CAAA;iCAAwB,CAAA,YAAA,EAgBlD,YAhBkD,EAAA,KAAA,EAiBzD,KAjByD,CAiBnD,kCAjBmD,CAAA,EAAA,YAAA,CAAA,EAkBjD,YAlBiD,CAAA,EAkBrC,OAlBqC,CAkBrC,kCAlBqC,EAAA,CAAA;4BAAuB,CAAA,YAAA,EAuBnC,YAvBmC,EAAA,qBAAA,EAAA,MAAA,CAAA,EAuBQ,OAvBR,CAuBQ,kCAvBR,CAAA;UAI/C,iBAAA;UAAwB,kBAAA;UAA8B,kBAAA;;;;;aAc/E,CAAA,YAAA,EA4ZD,YA5ZC,EAAA,mBAAA,EA6ZM,kCA7ZN,EAAA,QAAA,EA8ZL,iCA9ZK,CAAA,EA8Z4B,OA9Z5B,CAAA,IAAA,CAAA;YAAY,qBAAA,CAAA,YAAA,EA4ab,YA5aa,EAAA,mBAAA,EA6aN,kCA7aM,EAAA,aAAA,EA8aZ,iCA9aY,GAAA,IAAA,CAAA,EAAA,IAAA"}
package/build/openid4vc-verifier/OpenId4VpVerifierService.d.ts CHANGED
@@ -1,9 +1,9 @@
1
- import { OpenId4VpCreateAuthorizationRequestOptions, OpenId4VpCreateAuthorizationRequestReturn, OpenId4VpCreateVerifierOptions, OpenId4VpVerifiedAuthorizationResponse, OpenId4VpVerifyAuthorizationResponseOptions } from "./OpenId4VpVerifierServiceOptions.js";
2
- import { OpenId4VcVerifierRecord } from "./repository/OpenId4VcVerifierRecord.js";
3
- import { OpenId4VcVerifierRepository } from "./repository/OpenId4VcVerifierRepository.js";
4
1
  import { OpenId4VcVerificationSessionState } from "./OpenId4VcVerificationSessionState.js";
2
+ import { OpenId4VpCreateAuthorizationRequestOptions, OpenId4VpCreateAuthorizationRequestReturn, OpenId4VpCreateVerifierOptions, OpenId4VpVerifiedAuthorizationResponse, OpenId4VpVerifyAuthorizationResponseOptions } from "./OpenId4VpVerifierServiceOptions.js";
5
3
  import { OpenId4VcVerificationSessionRecord } from "./repository/OpenId4VcVerificationSessionRecord.js";
6
4
  import { OpenId4VcVerificationSessionRepository } from "./repository/OpenId4VcVerificationSessionRepository.js";
5
+ import { OpenId4VcVerifierRecord } from "./repository/OpenId4VcVerifierRecord.js";
6
+ import { OpenId4VcVerifierRepository } from "./repository/OpenId4VcVerifierRepository.js";
7
7
  import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.js";
8
8
  import { AgentContext, Logger, Query, QueryOptions, W3cCredentialService, W3cV2CredentialService } from "@credo-ts/core";
9
9
 
package/build/openid4vc-verifier/OpenId4VpVerifierService.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OpenId4VpVerifierService.d.ts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VpVerifierService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;cAgGa,wBAAA;EAAA,QAAA,MAAA;EAAwB,QAAA,oBAAA;UAEgB,sBAAA;UACnB,2BAAA;UACE,MAAA;UACK,sCAAA;aACrB,CAAA,MAAA,EAJiC,MAIjC,EAAA,oBAAA,EAHc,oBAGd,EAAA,sBAAA,EAFgB,sBAEhB,EAAA,2BAAA,EADqB,2BACrB,EAAA,MAAA,EAAA,6BAAA,EAAA,sCAAA,EACgC,sCADhC;UACgC,oBAAA;4BAWlC,CAAA,YAAA,EAAA,YAAA,EAAA,OAAA,EACL,0CADK,GAAA;IACL,QAAA,EAAyD,uBAAzD;MACR,OADiE,CACzD,yCADyD,CAAA;UACzD,uBAAA;UAAR,0BAAA;6BA0Ta,CAAA,YAAA,EAAA,YAAA,EAAA,OAAA,EACL,2CADK,GAAA;IACL;;;IAMR,mBAAA,EAFsB,kCAEtB;MAAA,OAwRa,CAxRL,sCAwRK,CAAA;;;;;UA8IuC,kCAAA;kCAAA,CAAA,YAAA,EA9IvC,YA8IuC,EAAA,mBAAA,EA7IhC,kCA6IgC,CAAA,EA5IpD,OA4IoD,CA5I5C,sCA4I4C,CAAA;UAIJ,0BAAA;iBAAgC,CAAA,YAAA,EAJxC,YAIwC,CAAA,EAJ5B,OAI4B,CAJ5B,uBAI4B,EAAA,CAAA;yBAAA,CAAA,YAAA,EAAhC,YAAgC,EAAA,UAAA,EAAA,MAAA,CAAA,EAAA,OAAA,CAAA,uBAAA,CAAA;gBAIzC,CAAA,YAAA,EAAA,YAAA,EAAA,QAAA,EAAwB,uBAAxB,CAAA,EAA+C,OAA/C,CAAA,IAAA,CAAA;gBAAwB,CAAA,YAAA,EAIxB,YAJwB,EAAA,OAAA,CAAA,EAIA,8BAJA,CAAA,EAI8B,OAJ9B,CAI8B,uBAJ9B,CAAA;iCAAuB,CAAA,YAAA,EAgBzE,YAhByE,EAAA,KAAA,EAiBhF,KAjBgF,CAiB1E,kCAjB0E,CAAA,EAAA,YAAA,CAAA,EAkBxE,YAlBwE,CAAA,EAkB5D,OAlB4D,CAkB5D,kCAlB4D,EAAA,CAAA;4BAI/C,CAAA,YAAA,EAmBY,YAnBZ,EAAA,qBAAA,EAAA,MAAA,CAAA,EAmBuD,OAnBvD,CAmBuD,kCAnBvD,CAAA;UAAwB,iBAAA;UAA8B,kBAAA;UAAA,kBAAA;;;;;aAcnE,CAAA,YAAA,EA4Zb,YA5Za,EAAA,mBAAA,EA6ZN,kCA7ZM,EAAA,QAAA,EA8ZjB,iCA9ZiB,CAAA,EA8ZgB,OA9ZhB,CAAA,IAAA,CAAA;YAAA,qBAAA,CAAA,YAAA,EA4ab,YA5aa,EAAA,mBAAA,EA6aN,kCA7aM,EAAA,aAAA,EA8aZ,iCA9aY,GAAA,IAAA,CAAA,EAAA,IAAA"}
1
+ {"version":3,"file":"OpenId4VpVerifierService.d.ts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VpVerifierService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;cA8Fa,wBAAA;;EAAA,QAAA,oBAAwB;EAAA,QAAA,sBAAA;UAEgB,2BAAA;UACnB,MAAA;UACE,sCAAA;aACK,CAAA,MAAA,EAHY,MAGZ,EAAA,oBAAA,EAFP,oBAEO,EAAA,sBAAA,EADL,sBACK,EAAA,2BAAA,EAAA,2BAAA,EAAA,MAAA,EACrB,6BADqB,EAAA,sCAAA,EAEW,sCAFX;UACrB,oBAAA;4BACgC,CAAA,YAAA,EAWlC,YAXkC,EAAA,OAAA,EAYvC,0CAZuC,GAAA;IAWlC,QAAA,EACoD,uBADpD;MAEb,OADQ,CACA,yCADA,CAAA;UAAyD,uBAAA;UACzD,0BAAA;6BAAR,CAAA,YAAA,EA0Ta,YA1Tb,EAAA,OAAA,EA2TQ,2CA3TR,GAAA;IA0Ta;;;IAOL,mBAAA,EAFc,kCAEd;MAAR,OAAA,CAAQ,sCAAR,CAAA;;;;;UAsawC,kCAAA;kCAAY,CAAA,YAAA,EA9IvC,YA8IuC,EAAA,mBAAA,EA7IhC,kCA6IgC,CAAA,EA5IpD,OA4IoD,CA5I5C,sCA4I4C,CAAA;UAAA,0BAAA;iBAIJ,CAAA,YAAA,EAJR,YAIQ,CAAA,EAJI,OAIJ,CAJI,uBAIJ,EAAA,CAAA;yBAAgC,CAAA,YAAA,EAAhC,YAAgC,EAAA,UAAA,EAAA,MAAA,CAAA,EAAA,OAAA,CAAA,uBAAA,CAAA;gBAAA,CAAA,YAAA,EAIzC,YAJyC,EAAA,QAAA,EAIjB,uBAJiB,CAAA,EAIM,OAJN,CAAA,IAAA,CAAA;gBAIzC,CAAA,YAAA,EAIA,YAJA,EAAA,OAAA,CAAA,EAIwB,8BAJxB,CAAA,EAIsD,OAJtD,CAIsD,uBAJtD,CAAA;iCAAwB,CAAA,YAAA,EAgBlD,YAhBkD,EAAA,KAAA,EAiBzD,KAjByD,CAiBnD,kCAjBmD,CAAA,EAAA,YAAA,CAAA,EAkBjD,YAlBiD,CAAA,EAkBrC,OAlBqC,CAkBrC,kCAlBqC,EAAA,CAAA;4BAAuB,CAAA,YAAA,EAuBnC,YAvBmC,EAAA,qBAAA,EAAA,MAAA,CAAA,EAuBQ,OAvBR,CAuBQ,kCAvBR,CAAA;UAI/C,iBAAA;UAAwB,kBAAA;UAA8B,kBAAA;;;;;aAc/E,CAAA,YAAA,EA4ZD,YA5ZC,EAAA,mBAAA,EA6ZM,kCA7ZN,EAAA,QAAA,EA8ZL,iCA9ZK,CAAA,EA8Z4B,OA9Z5B,CAAA,IAAA,CAAA;YAAY,qBAAA,CAAA,YAAA,EA4ab,YA5aa,EAAA,mBAAA,EA6aN,kCA7aM,EAAA,aAAA,EA8aZ,iCA9aY,GAAA,IAAA,CAAA,EAAA,IAAA"}