@credo-ts/openid4vc 0.6.1-pr-2091-20241119140918 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/OpenId4VcApi.d.mts +24 -0
- package/build/OpenId4VcApi.d.mts.map +1 -0
- package/build/OpenId4VcApi.mjs +35 -0
- package/build/OpenId4VcApi.mjs.map +1 -0
- package/build/OpenId4VcModule.d.mts +30 -0
- package/build/OpenId4VcModule.d.mts.map +1 -0
- package/build/OpenId4VcModule.mjs +42 -0
- package/build/OpenId4VcModule.mjs.map +1 -0
- package/build/OpenId4VcModuleConfig.d.mts +44 -0
- package/build/OpenId4VcModuleConfig.d.mts.map +1 -0
- package/build/OpenId4VcModuleConfig.mjs +24 -0
- package/build/OpenId4VcModuleConfig.mjs.map +1 -0
- package/build/_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs +10 -0
- package/build/_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs +7 -0
- package/build/_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs +9 -0
- package/build/index.d.mts +42 -0
- package/build/index.mjs +37 -0
- package/build/openid4vc-holder/OpenId4VcHolderApi.d.mts +238 -0
- package/build/openid4vc-holder/OpenId4VcHolderApi.d.mts.map +1 -0
- package/build/openid4vc-holder/OpenId4VcHolderApi.mjs +174 -0
- package/build/openid4vc-holder/OpenId4VcHolderApi.mjs.map +1 -0
- package/build/openid4vc-holder/OpenId4VcHolderModule.d.mts +17 -0
- package/build/openid4vc-holder/OpenId4VcHolderModule.d.mts.map +1 -0
- package/build/openid4vc-holder/OpenId4VcHolderModule.mjs +23 -0
- package/build/openid4vc-holder/OpenId4VcHolderModule.mjs.map +1 -0
- package/build/openid4vc-holder/OpenId4VciHolderService.d.mts +69 -0
- package/build/openid4vc-holder/OpenId4VciHolderService.d.mts.map +1 -0
- package/build/openid4vc-holder/OpenId4VciHolderService.mjs +751 -0
- package/build/openid4vc-holder/OpenId4VciHolderService.mjs.map +1 -0
- package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.d.mts +398 -0
- package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.d.mts.map +1 -0
- package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.mjs +16 -0
- package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.mjs.map +1 -0
- package/build/openid4vc-holder/OpenId4vpHolderService.d.mts +130 -0
- package/build/openid4vc-holder/OpenId4vpHolderService.d.mts.map +1 -0
- package/build/openid4vc-holder/OpenId4vpHolderService.mjs +278 -0
- package/build/openid4vc-holder/OpenId4vpHolderService.mjs.map +1 -0
- package/build/openid4vc-holder/OpenId4vpHolderServiceOptions.d.mts +112 -0
- package/build/openid4vc-holder/OpenId4vpHolderServiceOptions.d.mts.map +1 -0
- package/build/openid4vc-holder/index.d.mts +6 -0
- package/build/openid4vc-holder/index.mjs +5 -0
- package/build/openid4vc-issuer/OpenId4VcIssuanceSessionState.d.mts +16 -0
- package/build/openid4vc-issuer/OpenId4VcIssuanceSessionState.d.mts.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuanceSessionState.mjs +18 -0
- package/build/openid4vc-issuer/OpenId4VcIssuanceSessionState.mjs.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.mts +137 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.mts.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerApi.mjs +108 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerApi.mjs.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerEvents.d.mts +19 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerEvents.d.mts.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerEvents.mjs +9 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerEvents.mjs.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerModule.d.mts +27 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerModule.d.mts.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerModule.mjs +150 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerModule.mjs.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.d.mts +279 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.d.mts.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.mjs +179 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.mjs.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerService.d.mts +182 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerService.d.mts.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerService.mjs +881 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerService.mjs.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.d.mts +340 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.d.mts.map +1 -0
- package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.mjs +1 -0
- package/build/openid4vc-issuer/index.d.mts +11 -0
- package/build/openid4vc-issuer/index.mjs +11 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.mts +300 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.mts.map +1 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.mjs +102 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.mjs.map +1 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.d.mts +10 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.d.mts.map +1 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.mjs +22 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.mjs.map +1 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.d.mts +84 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.d.mts.map +1 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.mjs +89 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.mjs.map +1 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.d.mts +12 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.d.mts.map +1 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.mjs +28 -0
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.mjs.map +1 -0
- package/build/openid4vc-issuer/repository/index.d.mts +4 -0
- package/build/openid4vc-issuer/repository/index.mjs +4 -0
- package/build/openid4vc-issuer/router/accessTokenEndpoint.mjs +199 -0
- package/build/openid4vc-issuer/router/accessTokenEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.mjs +241 -0
- package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/authorizationEndpoint.mjs +51 -0
- package/build/openid4vc-issuer/router/authorizationEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/authorizationServerMetadataEndpoint.mjs +25 -0
- package/build/openid4vc-issuer/router/authorizationServerMetadataEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/credentialEndpoint.mjs +142 -0
- package/build/openid4vc-issuer/router/credentialEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/credentialOfferEndpoint.mjs +38 -0
- package/build/openid4vc-issuer/router/credentialOfferEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/deferredCredentialEndpoint.mjs +84 -0
- package/build/openid4vc-issuer/router/deferredCredentialEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/index.mjs +12 -0
- package/build/openid4vc-issuer/router/issuerMetadataEndpoint.mjs +43 -0
- package/build/openid4vc-issuer/router/issuerMetadataEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/jwksEndpoint.mjs +18 -0
- package/build/openid4vc-issuer/router/jwksEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/nonceEndpoint.mjs +29 -0
- package/build/openid4vc-issuer/router/nonceEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/pushedAuthorizationRequestEndpoint.mjs +164 -0
- package/build/openid4vc-issuer/router/pushedAuthorizationRequestEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/router/redirectEndpoint.mjs +124 -0
- package/build/openid4vc-issuer/router/redirectEndpoint.mjs.map +1 -0
- package/build/openid4vc-issuer/util/txCode.mjs +18 -0
- package/build/openid4vc-issuer/util/txCode.mjs.map +1 -0
- package/build/openid4vc-verifier/OpenId4VcVerificationSessionState.d.mts +10 -0
- package/build/openid4vc-verifier/OpenId4VcVerificationSessionState.d.mts.map +1 -0
- package/build/openid4vc-verifier/OpenId4VcVerificationSessionState.mjs +12 -0
- package/build/openid4vc-verifier/OpenId4VcVerificationSessionState.mjs.map +1 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.mts +60 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.mts.map +1 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierApi.mjs +83 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierApi.mjs.map +1 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierEvents.d.mts +19 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierEvents.d.mts.map +1 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierEvents.mjs +9 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierEvents.mjs.map +1 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierModule.d.mts +25 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierModule.d.mts.map +1 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierModule.mjs +91 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierModule.mjs.map +1 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.d.mts +55 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.d.mts.map +1 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.mjs +36 -0
- package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.mjs.map +1 -0
- package/build/openid4vc-verifier/OpenId4VpVerifierService.d.mts +60 -0
- package/build/openid4vc-verifier/OpenId4VpVerifierService.d.mts.map +1 -0
- package/build/openid4vc-verifier/OpenId4VpVerifierService.mjs +714 -0
- package/build/openid4vc-verifier/OpenId4VpVerifierService.mjs.map +1 -0
- package/build/openid4vc-verifier/OpenId4VpVerifierServiceOptions.d.mts +194 -0
- package/build/openid4vc-verifier/OpenId4VpVerifierServiceOptions.d.mts.map +1 -0
- package/build/openid4vc-verifier/index.d.mts +12 -0
- package/build/openid4vc-verifier/index.mjs +11 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.mts +129 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.mts.map +1 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.mjs +64 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.mjs.map +1 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.d.mts +10 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.d.mts.map +1 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.mjs +22 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.mjs.map +1 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.d.mts +33 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.d.mts.map +1 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.mjs +32 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.mjs.map +1 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.d.mts +12 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.d.mts.map +1 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.mjs +28 -0
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.mjs.map +1 -0
- package/build/openid4vc-verifier/repository/index.d.mts +4 -0
- package/build/openid4vc-verifier/repository/index.mjs +4 -0
- package/build/openid4vc-verifier/router/authorizationEndpoint.mjs +117 -0
- package/build/openid4vc-verifier/router/authorizationEndpoint.mjs.map +1 -0
- package/build/openid4vc-verifier/router/authorizationRequestEndpoint.mjs +39 -0
- package/build/openid4vc-verifier/router/authorizationRequestEndpoint.mjs.map +1 -0
- package/build/openid4vc-verifier/router/index.mjs +1 -0
- package/build/shared/callbacks.d.mts +47 -0
- package/build/shared/callbacks.d.mts.map +1 -0
- package/build/shared/callbacks.mjs +279 -0
- package/build/shared/callbacks.mjs.map +1 -0
- package/build/shared/index.d.mts +7 -0
- package/build/shared/index.mjs +4 -0
- package/build/shared/issuerMetadataUtils.d.mts +22 -0
- package/build/shared/issuerMetadataUtils.d.mts.map +1 -0
- package/build/shared/issuerMetadataUtils.mjs +30 -0
- package/build/shared/issuerMetadataUtils.mjs.map +1 -0
- package/build/shared/models/CredentialHolderBinding.d.mts +71 -0
- package/build/shared/models/CredentialHolderBinding.d.mts.map +1 -0
- package/build/shared/models/CredentialHolderBinding.mjs +1 -0
- package/build/shared/models/OpenId4VcJwtIssuer.d.mts +46 -0
- package/build/shared/models/OpenId4VcJwtIssuer.d.mts.map +1 -0
- package/build/shared/models/OpenId4VcJwtIssuer.mjs +1 -0
- package/build/shared/models/OpenId4VciAuthorizationServerConfig.d.mts +71 -0
- package/build/shared/models/OpenId4VciAuthorizationServerConfig.d.mts.map +1 -0
- package/build/shared/models/OpenId4VciCredentialFormatProfile.d.mts +12 -0
- package/build/shared/models/OpenId4VciCredentialFormatProfile.d.mts.map +1 -0
- package/build/shared/models/OpenId4VciCredentialFormatProfile.mjs +14 -0
- package/build/shared/models/OpenId4VciCredentialFormatProfile.mjs.map +1 -0
- package/build/shared/models/index.d.mts +30 -0
- package/build/shared/models/index.d.mts.map +1 -0
- package/build/shared/models/index.mjs +6 -0
- package/build/shared/router/context.mjs +52 -0
- package/build/shared/router/context.mjs.map +1 -0
- package/build/shared/router/express.browser.d.mts +5 -0
- package/build/shared/router/express.browser.d.mts.map +1 -0
- package/build/shared/router/express.browser.mjs +8 -0
- package/build/shared/router/express.browser.mjs.map +1 -0
- package/build/shared/router/express.mjs +10 -0
- package/build/shared/router/express.mjs.map +1 -0
- package/build/shared/router/express.native.d.mts +5 -0
- package/build/shared/router/express.native.d.mts.map +1 -0
- package/build/shared/router/express.native.mjs +8 -0
- package/build/shared/router/express.native.mjs.map +1 -0
- package/build/shared/router/index.mjs +3 -0
- package/build/shared/router/tenants.mjs +36 -0
- package/build/shared/router/tenants.mjs.map +1 -0
- package/build/shared/transactionData.mjs +19 -0
- package/build/shared/transactionData.mjs.map +1 -0
- package/build/shared/utils.mjs +90 -0
- package/build/shared/utils.mjs.map +1 -0
- package/package.json +30 -23
- package/build/index.d.ts +0 -4
- package/build/index.js +0 -21
- package/build/index.js.map +0 -1
- package/build/openid4vc-holder/OpenId4VcHolderApi.d.ts +0 -124
- package/build/openid4vc-holder/OpenId4VcHolderApi.js +0 -155
- package/build/openid4vc-holder/OpenId4VcHolderApi.js.map +0 -1
- package/build/openid4vc-holder/OpenId4VcHolderModule.d.ts +0 -13
- package/build/openid4vc-holder/OpenId4VcHolderModule.js +0 -35
- package/build/openid4vc-holder/OpenId4VcHolderModule.js.map +0 -1
- package/build/openid4vc-holder/OpenId4VciHolderService.d.ts +0 -72
- package/build/openid4vc-holder/OpenId4VciHolderService.js +0 -569
- package/build/openid4vc-holder/OpenId4VciHolderService.js.map +0 -1
- package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.d.ts +0 -238
- package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.js +0 -14
- package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.js.map +0 -1
- package/build/openid4vc-holder/OpenId4vcSiopHolderService.d.ts +0 -32
- package/build/openid4vc-holder/OpenId4vcSiopHolderService.js +0 -302
- package/build/openid4vc-holder/OpenId4vcSiopHolderService.js.map +0 -1
- package/build/openid4vc-holder/OpenId4vcSiopHolderServiceOptions.d.ts +0 -38
- package/build/openid4vc-holder/OpenId4vcSiopHolderServiceOptions.js +0 -3
- package/build/openid4vc-holder/OpenId4vcSiopHolderServiceOptions.js.map +0 -1
- package/build/openid4vc-holder/index.d.ts +0 -6
- package/build/openid4vc-holder/index.js +0 -23
- package/build/openid4vc-holder/index.js.map +0 -1
- package/build/openid4vc-issuer/OpenId4VcIssuanceSessionState.d.ts +0 -12
- package/build/openid4vc-issuer/OpenId4VcIssuanceSessionState.js +0 -19
- package/build/openid4vc-issuer/OpenId4VcIssuanceSessionState.js.map +0 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.ts +0 -101
- package/build/openid4vc-issuer/OpenId4VcIssuerApi.js +0 -110
- package/build/openid4vc-issuer/OpenId4VcIssuerApi.js.map +0 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerEvents.d.ts +0 -13
- package/build/openid4vc-issuer/OpenId4VcIssuerEvents.js +0 -8
- package/build/openid4vc-issuer/OpenId4VcIssuerEvents.js.map +0 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerModule.d.ts +0 -21
- package/build/openid4vc-issuer/OpenId4VcIssuerModule.js +0 -121
- package/build/openid4vc-issuer/OpenId4VcIssuerModule.js.map +0 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.d.ts +0 -190
- package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.js +0 -141
- package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.js.map +0 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerService.d.ts +0 -116
- package/build/openid4vc-issuer/OpenId4VcIssuerService.js +0 -698
- package/build/openid4vc-issuer/OpenId4VcIssuerService.js.map +0 -1
- package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.d.ts +0 -229
- package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.js +0 -3
- package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.js.map +0 -1
- package/build/openid4vc-issuer/index.d.ts +0 -8
- package/build/openid4vc-issuer/index.js +0 -27
- package/build/openid4vc-issuer/index.js.map +0 -1
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.ts +0 -160
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.js +0 -88
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.js.map +0 -1
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.d.ts +0 -5
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.js +0 -29
- package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.js.map +0 -1
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.d.ts +0 -56
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.js +0 -83
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.js.map +0 -1
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.d.ts +0 -8
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.js +0 -35
- package/build/openid4vc-issuer/repository/OpenId4VcIssuerRepository.js.map +0 -1
- package/build/openid4vc-issuer/repository/index.d.ts +0 -4
- package/build/openid4vc-issuer/repository/index.js +0 -21
- package/build/openid4vc-issuer/repository/index.js.map +0 -1
- package/build/openid4vc-issuer/router/accessTokenEndpoint.d.ts +0 -5
- package/build/openid4vc-issuer/router/accessTokenEndpoint.js +0 -164
- package/build/openid4vc-issuer/router/accessTokenEndpoint.js.map +0 -1
- package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.d.ts +0 -3
- package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.js +0 -213
- package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.js.map +0 -1
- package/build/openid4vc-issuer/router/authorizationServerMetadataEndpoint.d.ts +0 -6
- package/build/openid4vc-issuer/router/authorizationServerMetadataEndpoint.js +0 -25
- package/build/openid4vc-issuer/router/authorizationServerMetadataEndpoint.js.map +0 -1
- package/build/openid4vc-issuer/router/credentialEndpoint.d.ts +0 -3
- package/build/openid4vc-issuer/router/credentialEndpoint.js +0 -176
- package/build/openid4vc-issuer/router/credentialEndpoint.js.map +0 -1
- package/build/openid4vc-issuer/router/credentialOfferEndpoint.d.ts +0 -3
- package/build/openid4vc-issuer/router/credentialOfferEndpoint.js +0 -45
- package/build/openid4vc-issuer/router/credentialOfferEndpoint.js.map +0 -1
- package/build/openid4vc-issuer/router/index.d.ts +0 -9
- package/build/openid4vc-issuer/router/index.js +0 -20
- package/build/openid4vc-issuer/router/index.js.map +0 -1
- package/build/openid4vc-issuer/router/issuerMetadataEndpoint.d.ts +0 -2
- package/build/openid4vc-issuer/router/issuerMetadataEndpoint.js +0 -26
- package/build/openid4vc-issuer/router/issuerMetadataEndpoint.js.map +0 -1
- package/build/openid4vc-issuer/router/jwksEndpoint.d.ts +0 -3
- package/build/openid4vc-issuer/router/jwksEndpoint.js +0 -20
- package/build/openid4vc-issuer/router/jwksEndpoint.js.map +0 -1
- package/build/openid4vc-issuer/router/nonceEndpoint.d.ts +0 -3
- package/build/openid4vc-issuer/router/nonceEndpoint.js +0 -26
- package/build/openid4vc-issuer/router/nonceEndpoint.js.map +0 -1
- package/build/openid4vc-issuer/router/requestContext.d.ts +0 -5
- package/build/openid4vc-issuer/router/requestContext.js +0 -3
- package/build/openid4vc-issuer/router/requestContext.js.map +0 -1
- package/build/openid4vc-issuer/util/txCode.d.ts +0 -3
- package/build/openid4vc-issuer/util/txCode.js +0 -18
- package/build/openid4vc-issuer/util/txCode.js.map +0 -1
- package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.d.ts +0 -55
- package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js +0 -498
- package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js.map +0 -1
- package/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.d.ts +0 -77
- package/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.js +0 -3
- package/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.js.map +0 -1
- package/build/openid4vc-verifier/OpenId4VcVerificationSessionState.d.ts +0 -6
- package/build/openid4vc-verifier/OpenId4VcVerificationSessionState.js +0 -11
- package/build/openid4vc-verifier/OpenId4VcVerificationSessionState.js.map +0 -1
- package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.ts +0 -61
- package/build/openid4vc-verifier/OpenId4VcVerifierApi.js +0 -108
- package/build/openid4vc-verifier/OpenId4VcVerifierApi.js.map +0 -1
- package/build/openid4vc-verifier/OpenId4VcVerifierEvents.d.ts +0 -13
- package/build/openid4vc-verifier/OpenId4VcVerifierEvents.js +0 -8
- package/build/openid4vc-verifier/OpenId4VcVerifierEvents.js.map +0 -1
- package/build/openid4vc-verifier/OpenId4VcVerifierModule.d.ts +0 -21
- package/build/openid4vc-verifier/OpenId4VcVerifierModule.js +0 -109
- package/build/openid4vc-verifier/OpenId4VcVerifierModule.js.map +0 -1
- package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.d.ts +0 -31
- package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.js +0 -28
- package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.js.map +0 -1
- package/build/openid4vc-verifier/index.d.ts +0 -8
- package/build/openid4vc-verifier/index.js +0 -25
- package/build/openid4vc-verifier/index.js.map +0 -1
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.d.ts +0 -49
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.js +0 -234
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.js.map +0 -1
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.d.ts +0 -19
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.js +0 -146
- package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.js.map +0 -1
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.ts +0 -71
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.js +0 -46
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.js.map +0 -1
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.d.ts +0 -5
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.js +0 -29
- package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.js.map +0 -1
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.d.ts +0 -29
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.js +0 -29
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.js.map +0 -1
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.d.ts +0 -8
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.js +0 -35
- package/build/openid4vc-verifier/repository/OpenId4VcVerifierRepository.js.map +0 -1
- package/build/openid4vc-verifier/repository/index.d.ts +0 -4
- package/build/openid4vc-verifier/repository/index.js +0 -21
- package/build/openid4vc-verifier/repository/index.js.map +0 -1
- package/build/openid4vc-verifier/router/authorizationEndpoint.d.ts +0 -11
- package/build/openid4vc-verifier/router/authorizationEndpoint.js +0 -102
- package/build/openid4vc-verifier/router/authorizationEndpoint.js.map +0 -1
- package/build/openid4vc-verifier/router/authorizationRequestEndpoint.d.ts +0 -11
- package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js +0 -63
- package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js.map +0 -1
- package/build/openid4vc-verifier/router/index.d.ts +0 -2
- package/build/openid4vc-verifier/router/index.js +0 -6
- package/build/openid4vc-verifier/router/index.js.map +0 -1
- package/build/openid4vc-verifier/router/requestContext.d.ts +0 -5
- package/build/openid4vc-verifier/router/requestContext.js +0 -3
- package/build/openid4vc-verifier/router/requestContext.js.map +0 -1
- package/build/shared/callbacks.d.ts +0 -18
- package/build/shared/callbacks.js +0 -81
- package/build/shared/callbacks.js.map +0 -1
- package/build/shared/index.d.ts +0 -2
- package/build/shared/index.js +0 -19
- package/build/shared/index.js.map +0 -1
- package/build/shared/issuerMetadataUtils.d.ts +0 -158
- package/build/shared/issuerMetadataUtils.js +0 -38
- package/build/shared/issuerMetadataUtils.js.map +0 -1
- package/build/shared/models/CredentialHolderBinding.d.ts +0 -13
- package/build/shared/models/CredentialHolderBinding.js +0 -3
- package/build/shared/models/CredentialHolderBinding.js.map +0 -1
- package/build/shared/models/OpenId4VcJwtIssuer.d.ts +0 -28
- package/build/shared/models/OpenId4VcJwtIssuer.js +0 -3
- package/build/shared/models/OpenId4VcJwtIssuer.js.map +0 -1
- package/build/shared/models/OpenId4VciAuthorizationServerConfig.d.ts +0 -10
- package/build/shared/models/OpenId4VciAuthorizationServerConfig.js +0 -3
- package/build/shared/models/OpenId4VciAuthorizationServerConfig.js.map +0 -1
- package/build/shared/models/OpenId4VciCredentialFormatProfile.d.ts +0 -7
- package/build/shared/models/OpenId4VciCredentialFormatProfile.js +0 -12
- package/build/shared/models/OpenId4VciCredentialFormatProfile.js.map +0 -1
- package/build/shared/models/index.d.ts +0 -24
- package/build/shared/models/index.js +0 -25
- package/build/shared/models/index.js.map +0 -1
- package/build/shared/router/context.d.ts +0 -17
- package/build/shared/router/context.js +0 -76
- package/build/shared/router/context.js.map +0 -1
- package/build/shared/router/express.d.ts +0 -2
- package/build/shared/router/express.js +0 -15
- package/build/shared/router/express.js.map +0 -1
- package/build/shared/router/express.native.d.ts +0 -1
- package/build/shared/router/express.native.js +0 -7
- package/build/shared/router/express.native.js.map +0 -1
- package/build/shared/router/index.d.ts +0 -3
- package/build/shared/router/index.js +0 -20
- package/build/shared/router/index.js.map +0 -1
- package/build/shared/router/tenants.d.ts +0 -13
- package/build/shared/router/tenants.js +0 -49
- package/build/shared/router/tenants.js.map +0 -1
- package/build/shared/transform.d.ts +0 -5
- package/build/shared/transform.js +0 -73
- package/build/shared/transform.js.map +0 -1
- package/build/shared/utils.d.ts +0 -22
- package/build/shared/utils.js +0 -154
- package/build/shared/utils.js.map +0 -1
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
import "../OpenId4VcIssuerModuleConfig.mjs";
|
|
2
|
+
import { getRequestContext, sendOauth2ErrorResponse, sendUnknownServerErrorResponse } from "../../shared/router/context.mjs";
|
|
3
|
+
import "../../shared/router/index.mjs";
|
|
4
|
+
import { getOid4vcCallbacks } from "../../shared/callbacks.mjs";
|
|
5
|
+
import "../../shared/index.mjs";
|
|
6
|
+
import { OpenId4VcIssuanceSessionState } from "../OpenId4VcIssuanceSessionState.mjs";
|
|
7
|
+
import { OpenId4VcIssuerService } from "../OpenId4VcIssuerService.mjs";
|
|
8
|
+
import { Kms, TypedArrayEncoder, joinUriParts } from "@credo-ts/core";
|
|
9
|
+
import { Oauth2ClientErrorResponseError, Oauth2ErrorCodes, Oauth2ServerErrorResponseError, parseAuthorizationResponseRedirectUrl, verifyIdTokenJwt } from "@openid4vc/oauth2";
|
|
10
|
+
import { addSecondsToDate } from "@openid4vc/utils";
|
|
11
|
+
|
|
12
|
+
//#region src/openid4vc-issuer/router/redirectEndpoint.ts
|
|
13
|
+
function configureRedirectEndpoint(router, config) {
|
|
14
|
+
router.get(config.redirectEndpoint, async (request, response, next) => {
|
|
15
|
+
const { agentContext, issuer } = getRequestContext(request);
|
|
16
|
+
const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService);
|
|
17
|
+
const issuerMetadata = await openId4VcIssuerService.getIssuerMetadata(agentContext, issuer);
|
|
18
|
+
let issuanceSession = null;
|
|
19
|
+
try {
|
|
20
|
+
const authorizationResponse = parseAuthorizationResponseRedirectUrl({ url: joinUriParts(issuerMetadata.credentialIssuer.credential_issuer, [request.originalUrl]) });
|
|
21
|
+
if (!authorizationResponse.state) throw new Oauth2ServerErrorResponseError({
|
|
22
|
+
error: Oauth2ErrorCodes.ServerError,
|
|
23
|
+
error_description: `Missing required 'state' parameter`
|
|
24
|
+
});
|
|
25
|
+
issuanceSession = await openId4VcIssuerService.findSingleIssuanceSessionByQuery(agentContext, {
|
|
26
|
+
issuerId: issuer.issuerId,
|
|
27
|
+
chainedIdentityState: authorizationResponse.state
|
|
28
|
+
});
|
|
29
|
+
if (!issuanceSession || issuanceSession.state !== OpenId4VcIssuanceSessionState.AuthorizationInitiated) throw new Oauth2ServerErrorResponseError({
|
|
30
|
+
error: Oauth2ErrorCodes.InvalidRequest,
|
|
31
|
+
error_description: `Invalid 'state' parameter`
|
|
32
|
+
}, { internalMessage: !issuanceSession ? `Issuance session not found for identity chaining 'state' parameter '${authorizationResponse.state}'` : `Issuance session '${issuanceSession.id}' has state '${issuanceSession.state}' but expected ${OpenId4VcIssuanceSessionState.AuthorizationInitiated}` });
|
|
33
|
+
if (!issuanceSession.chainedIdentity?.externalAuthorizationServerUrl || !issuanceSession.chainedIdentity.redirectUri) throw new Oauth2ServerErrorResponseError({
|
|
34
|
+
error: Oauth2ErrorCodes.InvalidRequest,
|
|
35
|
+
error_description: "The session is invalid or has expired."
|
|
36
|
+
}, { internalMessage: `Issuance session '${issuanceSession.id}' does not have identity chaining configured, so it's not compatible with the redirect endpoint.` });
|
|
37
|
+
if (authorizationResponse.error) throw new Oauth2ServerErrorResponseError(authorizationResponse);
|
|
38
|
+
if (!authorizationResponse.code) throw new Oauth2ServerErrorResponseError({
|
|
39
|
+
error: Oauth2ErrorCodes.ServerError,
|
|
40
|
+
error_description: `Missing required 'error' or 'code' parameter`
|
|
41
|
+
});
|
|
42
|
+
const oauth2Client = openId4VcIssuerService.getOauth2Client(agentContext, issuer);
|
|
43
|
+
const authorizationServerUrl = issuanceSession.chainedIdentity.externalAuthorizationServerUrl;
|
|
44
|
+
const authorizationServerConfig = issuer.chainedAuthorizationServerConfigs?.find((config$1) => config$1.issuer === authorizationServerUrl);
|
|
45
|
+
if (!authorizationServerConfig) throw new Oauth2ServerErrorResponseError({ error: Oauth2ErrorCodes.ServerError }, { internalMessage: `Issuer '${issuer.issuerId}' does not have a chained authorization server config for issuer '${authorizationServerUrl}'` });
|
|
46
|
+
const authorizationServerMetadata = await oauth2Client.fetchAuthorizationServerMetadata(authorizationServerConfig.issuer);
|
|
47
|
+
if (!authorizationServerMetadata) throw new Oauth2ServerErrorResponseError({
|
|
48
|
+
error: Oauth2ErrorCodes.ServerError,
|
|
49
|
+
error_description: `Unable to retrieve authorization server metadata from external identity provider.`
|
|
50
|
+
}, { internalMessage: `Unable to retrieve authorization server metadata from '${authorizationServerConfig.issuer}'` });
|
|
51
|
+
const { accessTokenResponse } = await oauth2Client.retrieveAuthorizationCodeAccessToken({
|
|
52
|
+
authorizationCode: authorizationResponse.code,
|
|
53
|
+
authorizationServerMetadata,
|
|
54
|
+
pkceCodeVerifier: issuanceSession.chainedIdentity.pkceCodeVerifier,
|
|
55
|
+
redirectUri: joinUriParts(config.baseUrl, [issuer.issuerId, "redirect"])
|
|
56
|
+
}).catch((error) => {
|
|
57
|
+
if (error instanceof Oauth2ClientErrorResponseError) switch (error.errorResponse.error) {
|
|
58
|
+
case Oauth2ErrorCodes.InvalidGrant: throw new Oauth2ServerErrorResponseError({ error: Oauth2ErrorCodes.InvalidGrant }, {
|
|
59
|
+
internalMessage: `Invalid authorization code received from '${authorizationServerMetadata.issuer}'.`,
|
|
60
|
+
cause: error
|
|
61
|
+
});
|
|
62
|
+
case Oauth2ErrorCodes.AccessDenied: throw new Oauth2ServerErrorResponseError({ error: Oauth2ErrorCodes.AccessDenied }, {
|
|
63
|
+
internalMessage: `The request has been denied by the user at '${authorizationServerMetadata.issuer}'.`,
|
|
64
|
+
cause: error
|
|
65
|
+
});
|
|
66
|
+
}
|
|
67
|
+
throw new Oauth2ServerErrorResponseError({
|
|
68
|
+
error: Oauth2ErrorCodes.ServerError,
|
|
69
|
+
error_description: "Error processing authorization code"
|
|
70
|
+
}, {
|
|
71
|
+
internalMessage: `Error occurred during retrieval of access token from ${authorizationServerMetadata.issuer}.`,
|
|
72
|
+
cause: error
|
|
73
|
+
});
|
|
74
|
+
});
|
|
75
|
+
if (accessTokenResponse.scope?.split(" ").includes("openid")) {
|
|
76
|
+
const idToken = accessTokenResponse.id_token;
|
|
77
|
+
if (typeof idToken !== "string") throw new Oauth2ServerErrorResponseError({
|
|
78
|
+
error: Oauth2ErrorCodes.ServerError,
|
|
79
|
+
error_description: `Missing 'id_token' in access token response`
|
|
80
|
+
}, { internalMessage: `id_token is missing from access token response from ${authorizationServerMetadata.issuer} even though 'openid' scope was requested.` });
|
|
81
|
+
await verifyIdTokenJwt({
|
|
82
|
+
idToken,
|
|
83
|
+
authorizationServer: authorizationServerMetadata,
|
|
84
|
+
clientId: authorizationServerConfig.clientAuthentication.clientId,
|
|
85
|
+
callbacks: getOid4vcCallbacks(agentContext)
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
const kms = agentContext.resolve(Kms.KeyManagementApi);
|
|
89
|
+
const authorizationCode = TypedArrayEncoder.toBase64URL(kms.randomBytes({ length: 32 }));
|
|
90
|
+
const authorizationCodeExpiresAt = addSecondsToDate(/* @__PURE__ */ new Date(), config.authorizationCodeExpiresInSeconds);
|
|
91
|
+
const redirectUri = new URL(issuanceSession.chainedIdentity.redirectUri);
|
|
92
|
+
redirectUri.searchParams.set("code", authorizationCode);
|
|
93
|
+
if (issuanceSession.chainedIdentity.state) redirectUri.searchParams.set("state", issuanceSession.chainedIdentity.state);
|
|
94
|
+
issuanceSession.authorization = {
|
|
95
|
+
...issuanceSession.authorization,
|
|
96
|
+
code: authorizationCode,
|
|
97
|
+
codeExpiresAt: authorizationCodeExpiresAt
|
|
98
|
+
};
|
|
99
|
+
issuanceSession.chainedIdentity = {
|
|
100
|
+
...issuanceSession.chainedIdentity,
|
|
101
|
+
externalAccessTokenResponse: accessTokenResponse
|
|
102
|
+
};
|
|
103
|
+
await openId4VcIssuerService.updateState(agentContext, issuanceSession, OpenId4VcIssuanceSessionState.AuthorizationGranted);
|
|
104
|
+
return response.redirect(redirectUri.toString());
|
|
105
|
+
} catch (error) {
|
|
106
|
+
if (error instanceof Oauth2ServerErrorResponseError) {
|
|
107
|
+
if (issuanceSession?.chainedIdentity?.redirectUri) {
|
|
108
|
+
const redirectUri = new URL(issuanceSession.chainedIdentity.redirectUri);
|
|
109
|
+
redirectUri.searchParams.set("error", error.errorResponse.error);
|
|
110
|
+
if (error.errorResponse.error_description) redirectUri.searchParams.set("error_description", error.errorResponse.error_description);
|
|
111
|
+
if (issuanceSession.chainedIdentity.state) redirectUri.searchParams.set("state", issuanceSession.chainedIdentity.state);
|
|
112
|
+
agentContext.config.logger.warn(`[OID4VC] Sending oauth2 error response: ${JSON.stringify(error.message)}`, { error });
|
|
113
|
+
return response.redirect(redirectUri.toString());
|
|
114
|
+
}
|
|
115
|
+
return sendOauth2ErrorResponse(response, next, agentContext.config.logger, error);
|
|
116
|
+
}
|
|
117
|
+
return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, error);
|
|
118
|
+
}
|
|
119
|
+
});
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
//#endregion
|
|
123
|
+
export { configureRedirectEndpoint };
|
|
124
|
+
//# sourceMappingURL=redirectEndpoint.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"redirectEndpoint.mjs","names":["issuanceSession: OpenId4VcIssuanceSessionRecord | null","config"],"sources":["../../../src/openid4vc-issuer/router/redirectEndpoint.ts"],"sourcesContent":["import { joinUriParts, Kms, TypedArrayEncoder } from '@credo-ts/core'\nimport {\n Oauth2ClientErrorResponseError,\n Oauth2ErrorCodes,\n Oauth2ServerErrorResponseError,\n parseAuthorizationResponseRedirectUrl,\n verifyIdTokenJwt,\n} from '@openid4vc/oauth2'\nimport { addSecondsToDate } from '@openid4vc/utils'\nimport type { NextFunction, Response, Router } from 'express'\nimport { getOid4vcCallbacks } from '../../shared'\nimport { getRequestContext, sendOauth2ErrorResponse, sendUnknownServerErrorResponse } from '../../shared/router'\nimport { OpenId4VcIssuanceSessionState } from '../OpenId4VcIssuanceSessionState'\nimport { OpenId4VcIssuerModuleConfig } from '../OpenId4VcIssuerModuleConfig'\nimport { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'\nimport type { OpenId4VcIssuanceSessionRecord } from '../repository'\nimport type { OpenId4VcIssuanceRequest } from './requestContext'\n\nexport function configureRedirectEndpoint(router: Router, config: OpenId4VcIssuerModuleConfig) {\n router.get(\n config.redirectEndpoint,\n async (request: OpenId4VcIssuanceRequest, response: Response, next: NextFunction) => {\n const requestContext = getRequestContext(request)\n const { agentContext, issuer } = requestContext\n const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)\n const issuerMetadata = await openId4VcIssuerService.getIssuerMetadata(agentContext, issuer)\n\n let issuanceSession: OpenId4VcIssuanceSessionRecord | null = null\n try {\n const fullRequestUrl = joinUriParts(issuerMetadata.credentialIssuer.credential_issuer, [request.originalUrl])\n const authorizationResponse = parseAuthorizationResponseRedirectUrl({\n url: fullRequestUrl,\n })\n\n if (!authorizationResponse.state) {\n throw new Oauth2ServerErrorResponseError({\n // Server error because it's an error of the external IDP\n error: Oauth2ErrorCodes.ServerError,\n error_description: `Missing required 'state' parameter`,\n })\n }\n\n issuanceSession = await openId4VcIssuerService.findSingleIssuanceSessionByQuery(agentContext, {\n issuerId: issuer.issuerId,\n chainedIdentityState: authorizationResponse.state,\n })\n\n if (!issuanceSession || issuanceSession.state !== OpenId4VcIssuanceSessionState.AuthorizationInitiated) {\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: `Invalid 'state' parameter`,\n },\n {\n internalMessage: !issuanceSession\n ? `Issuance session not found for identity chaining 'state' parameter '${authorizationResponse.state}'`\n : `Issuance session '${issuanceSession.id}' has state '${\n issuanceSession.state\n }' but expected ${OpenId4VcIssuanceSessionState.AuthorizationInitiated}`,\n }\n )\n }\n\n if (\n !issuanceSession.chainedIdentity?.externalAuthorizationServerUrl ||\n !issuanceSession.chainedIdentity.redirectUri\n ) {\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: 'The session is invalid or has expired.',\n },\n {\n internalMessage: `Issuance session '${issuanceSession.id}' does not have identity chaining configured, so it's not compatible with the redirect endpoint.`,\n }\n )\n }\n\n // Throw the error. This will be caught and processed below.\n if (authorizationResponse.error) {\n throw new Oauth2ServerErrorResponseError(authorizationResponse)\n }\n\n if (!authorizationResponse.code) {\n throw new Oauth2ServerErrorResponseError({\n error: Oauth2ErrorCodes.ServerError,\n error_description: `Missing required 'error' or 'code' parameter`,\n })\n }\n\n const oauth2Client = openId4VcIssuerService.getOauth2Client(agentContext, issuer)\n const authorizationServerUrl = issuanceSession.chainedIdentity.externalAuthorizationServerUrl\n const authorizationServerConfig = issuer.chainedAuthorizationServerConfigs?.find(\n (config) => config.issuer === authorizationServerUrl\n )\n if (!authorizationServerConfig) {\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.ServerError,\n },\n {\n internalMessage: `Issuer '${issuer.issuerId}' does not have a chained authorization server config for issuer '${authorizationServerUrl}'`,\n }\n )\n }\n\n const authorizationServerMetadata = await oauth2Client.fetchAuthorizationServerMetadata(\n authorizationServerConfig.issuer\n )\n if (!authorizationServerMetadata) {\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.ServerError,\n error_description: `Unable to retrieve authorization server metadata from external identity provider.`,\n },\n {\n internalMessage: `Unable to retrieve authorization server metadata from '${authorizationServerConfig.issuer}'`,\n }\n )\n }\n\n // Retrieve access token\n // TODO: add support for DPoP\n const { accessTokenResponse } = await oauth2Client\n .retrieveAuthorizationCodeAccessToken({\n authorizationCode: authorizationResponse.code,\n authorizationServerMetadata,\n pkceCodeVerifier: issuanceSession.chainedIdentity.pkceCodeVerifier,\n redirectUri: joinUriParts(config.baseUrl, [issuer.issuerId, 'redirect']),\n })\n .catch((error) => {\n if (error instanceof Oauth2ClientErrorResponseError) {\n switch (error.errorResponse.error) {\n case Oauth2ErrorCodes.InvalidGrant:\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidGrant,\n },\n {\n internalMessage: `Invalid authorization code received from '${authorizationServerMetadata.issuer}'.`,\n cause: error,\n }\n )\n case Oauth2ErrorCodes.AccessDenied:\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.AccessDenied,\n },\n {\n internalMessage: `The request has been denied by the user at '${authorizationServerMetadata.issuer}'.`,\n cause: error,\n }\n )\n }\n }\n\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.ServerError,\n error_description: 'Error processing authorization code',\n },\n {\n internalMessage: `Error occurred during retrieval of access token from ${authorizationServerMetadata.issuer}.`,\n cause: error,\n }\n )\n })\n\n // Verify the ID Token if 'openid' scope was requested\n if (accessTokenResponse.scope?.split(' ').includes('openid')) {\n const idToken = accessTokenResponse.id_token\n if (typeof idToken !== 'string') {\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.ServerError,\n error_description: `Missing 'id_token' in access token response`,\n },\n {\n internalMessage: `id_token is missing from access token response from ${authorizationServerMetadata.issuer} even though 'openid' scope was requested.`,\n }\n )\n }\n\n await verifyIdTokenJwt({\n idToken,\n authorizationServer: authorizationServerMetadata,\n clientId: authorizationServerConfig.clientAuthentication.clientId,\n callbacks: getOid4vcCallbacks(agentContext),\n })\n }\n\n // Grant authorization\n const kms = agentContext.resolve(Kms.KeyManagementApi)\n const authorizationCode = TypedArrayEncoder.toBase64URL(kms.randomBytes({ length: 32 }))\n const authorizationCodeExpiresAt = addSecondsToDate(new Date(), config.authorizationCodeExpiresInSeconds)\n\n const redirectUri = new URL(issuanceSession.chainedIdentity.redirectUri)\n redirectUri.searchParams.set('code', authorizationCode)\n\n if (issuanceSession.chainedIdentity.state) {\n redirectUri.searchParams.set('state', issuanceSession.chainedIdentity.state)\n }\n\n // Update authorization information\n issuanceSession.authorization = {\n ...issuanceSession.authorization,\n code: authorizationCode,\n codeExpiresAt: authorizationCodeExpiresAt,\n }\n\n // Store access token response\n issuanceSession.chainedIdentity = {\n ...issuanceSession.chainedIdentity,\n externalAccessTokenResponse: accessTokenResponse,\n }\n\n // TODO: we need to start using locks so we can't get corrupted state\n await openId4VcIssuerService.updateState(\n agentContext,\n issuanceSession,\n OpenId4VcIssuanceSessionState.AuthorizationGranted\n )\n\n return response.redirect(redirectUri.toString())\n } catch (error) {\n if (error instanceof Oauth2ServerErrorResponseError) {\n // Redirect to the redirect URI if available.\n if (issuanceSession?.chainedIdentity?.redirectUri) {\n const redirectUri = new URL(issuanceSession.chainedIdentity.redirectUri)\n redirectUri.searchParams.set('error', error.errorResponse.error)\n if (error.errorResponse.error_description) {\n redirectUri.searchParams.set('error_description', error.errorResponse.error_description)\n }\n if (issuanceSession.chainedIdentity.state) {\n redirectUri.searchParams.set('state', issuanceSession.chainedIdentity.state)\n }\n\n agentContext.config.logger.warn(\n `[OID4VC] Sending oauth2 error response: ${JSON.stringify(error.message)}`,\n {\n error,\n }\n )\n\n return response.redirect(redirectUri.toString())\n }\n\n return sendOauth2ErrorResponse(response, next, agentContext.config.logger, error)\n }\n\n return sendUnknownServerErrorResponse(response, next, agentContext.config.logger, error)\n }\n }\n )\n}\n"],"mappings":";;;;;;;;;;;;AAkBA,SAAgB,0BAA0B,QAAgB,QAAqC;AAC7F,QAAO,IACL,OAAO,kBACP,OAAO,SAAmC,UAAoB,SAAuB;EAEnF,MAAM,EAAE,cAAc,WADC,kBAAkB,QAAQ;EAEjD,MAAM,yBAAyB,aAAa,kBAAkB,QAAQ,uBAAuB;EAC7F,MAAM,iBAAiB,MAAM,uBAAuB,kBAAkB,cAAc,OAAO;EAE3F,IAAIA,kBAAyD;AAC7D,MAAI;GAEF,MAAM,wBAAwB,sCAAsC,EAClE,KAFqB,aAAa,eAAe,iBAAiB,mBAAmB,CAAC,QAAQ,YAAY,CAAC,EAG5G,CAAC;AAEF,OAAI,CAAC,sBAAsB,MACzB,OAAM,IAAI,+BAA+B;IAEvC,OAAO,iBAAiB;IACxB,mBAAmB;IACpB,CAAC;AAGJ,qBAAkB,MAAM,uBAAuB,iCAAiC,cAAc;IAC5F,UAAU,OAAO;IACjB,sBAAsB,sBAAsB;IAC7C,CAAC;AAEF,OAAI,CAAC,mBAAmB,gBAAgB,UAAU,8BAA8B,uBAC9E,OAAM,IAAI,+BACR;IACE,OAAO,iBAAiB;IACxB,mBAAmB;IACpB,EACD,EACE,iBAAiB,CAAC,kBACd,uEAAuE,sBAAsB,MAAM,KACnG,qBAAqB,gBAAgB,GAAG,eACtC,gBAAgB,MACjB,iBAAiB,8BAA8B,0BACrD,CACF;AAGH,OACE,CAAC,gBAAgB,iBAAiB,kCAClC,CAAC,gBAAgB,gBAAgB,YAEjC,OAAM,IAAI,+BACR;IACE,OAAO,iBAAiB;IACxB,mBAAmB;IACpB,EACD,EACE,iBAAiB,qBAAqB,gBAAgB,GAAG,mGAC1D,CACF;AAIH,OAAI,sBAAsB,MACxB,OAAM,IAAI,+BAA+B,sBAAsB;AAGjE,OAAI,CAAC,sBAAsB,KACzB,OAAM,IAAI,+BAA+B;IACvC,OAAO,iBAAiB;IACxB,mBAAmB;IACpB,CAAC;GAGJ,MAAM,eAAe,uBAAuB,gBAAgB,cAAc,OAAO;GACjF,MAAM,yBAAyB,gBAAgB,gBAAgB;GAC/D,MAAM,4BAA4B,OAAO,mCAAmC,MACzE,aAAWC,SAAO,WAAW,uBAC/B;AACD,OAAI,CAAC,0BACH,OAAM,IAAI,+BACR,EACE,OAAO,iBAAiB,aACzB,EACD,EACE,iBAAiB,WAAW,OAAO,SAAS,oEAAoE,uBAAuB,IACxI,CACF;GAGH,MAAM,8BAA8B,MAAM,aAAa,iCACrD,0BAA0B,OAC3B;AACD,OAAI,CAAC,4BACH,OAAM,IAAI,+BACR;IACE,OAAO,iBAAiB;IACxB,mBAAmB;IACpB,EACD,EACE,iBAAiB,0DAA0D,0BAA0B,OAAO,IAC7G,CACF;GAKH,MAAM,EAAE,wBAAwB,MAAM,aACnC,qCAAqC;IACpC,mBAAmB,sBAAsB;IACzC;IACA,kBAAkB,gBAAgB,gBAAgB;IAClD,aAAa,aAAa,OAAO,SAAS,CAAC,OAAO,UAAU,WAAW,CAAC;IACzE,CAAC,CACD,OAAO,UAAU;AAChB,QAAI,iBAAiB,+BACnB,SAAQ,MAAM,cAAc,OAA5B;KACE,KAAK,iBAAiB,aACpB,OAAM,IAAI,+BACR,EACE,OAAO,iBAAiB,cACzB,EACD;MACE,iBAAiB,6CAA6C,4BAA4B,OAAO;MACjG,OAAO;MACR,CACF;KACH,KAAK,iBAAiB,aACpB,OAAM,IAAI,+BACR,EACE,OAAO,iBAAiB,cACzB,EACD;MACE,iBAAiB,+CAA+C,4BAA4B,OAAO;MACnG,OAAO;MACR,CACF;;AAIP,UAAM,IAAI,+BACR;KACE,OAAO,iBAAiB;KACxB,mBAAmB;KACpB,EACD;KACE,iBAAiB,wDAAwD,4BAA4B,OAAO;KAC5G,OAAO;KACR,CACF;KACD;AAGJ,OAAI,oBAAoB,OAAO,MAAM,IAAI,CAAC,SAAS,SAAS,EAAE;IAC5D,MAAM,UAAU,oBAAoB;AACpC,QAAI,OAAO,YAAY,SACrB,OAAM,IAAI,+BACR;KACE,OAAO,iBAAiB;KACxB,mBAAmB;KACpB,EACD,EACE,iBAAiB,uDAAuD,4BAA4B,OAAO,6CAC5G,CACF;AAGH,UAAM,iBAAiB;KACrB;KACA,qBAAqB;KACrB,UAAU,0BAA0B,qBAAqB;KACzD,WAAW,mBAAmB,aAAa;KAC5C,CAAC;;GAIJ,MAAM,MAAM,aAAa,QAAQ,IAAI,iBAAiB;GACtD,MAAM,oBAAoB,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,IAAI,CAAC,CAAC;GACxF,MAAM,6BAA6B,iCAAiB,IAAI,MAAM,EAAE,OAAO,kCAAkC;GAEzG,MAAM,cAAc,IAAI,IAAI,gBAAgB,gBAAgB,YAAY;AACxE,eAAY,aAAa,IAAI,QAAQ,kBAAkB;AAEvD,OAAI,gBAAgB,gBAAgB,MAClC,aAAY,aAAa,IAAI,SAAS,gBAAgB,gBAAgB,MAAM;AAI9E,mBAAgB,gBAAgB;IAC9B,GAAG,gBAAgB;IACnB,MAAM;IACN,eAAe;IAChB;AAGD,mBAAgB,kBAAkB;IAChC,GAAG,gBAAgB;IACnB,6BAA6B;IAC9B;AAGD,SAAM,uBAAuB,YAC3B,cACA,iBACA,8BAA8B,qBAC/B;AAED,UAAO,SAAS,SAAS,YAAY,UAAU,CAAC;WACzC,OAAO;AACd,OAAI,iBAAiB,gCAAgC;AAEnD,QAAI,iBAAiB,iBAAiB,aAAa;KACjD,MAAM,cAAc,IAAI,IAAI,gBAAgB,gBAAgB,YAAY;AACxE,iBAAY,aAAa,IAAI,SAAS,MAAM,cAAc,MAAM;AAChE,SAAI,MAAM,cAAc,kBACtB,aAAY,aAAa,IAAI,qBAAqB,MAAM,cAAc,kBAAkB;AAE1F,SAAI,gBAAgB,gBAAgB,MAClC,aAAY,aAAa,IAAI,SAAS,gBAAgB,gBAAgB,MAAM;AAG9E,kBAAa,OAAO,OAAO,KACzB,2CAA2C,KAAK,UAAU,MAAM,QAAQ,IACxE,EACE,OACD,CACF;AAED,YAAO,SAAS,SAAS,YAAY,UAAU,CAAC;;AAGlD,WAAO,wBAAwB,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;;AAGnF,UAAO,+BAA+B,UAAU,MAAM,aAAa,OAAO,QAAQ,MAAM;;GAG7F"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { Kms } from "@credo-ts/core";
|
|
2
|
+
|
|
3
|
+
//#region src/openid4vc-issuer/util/txCode.ts
|
|
4
|
+
function generateTxCode(agentContext, txCode) {
|
|
5
|
+
const kms = agentContext.resolve(Kms.KeyManagementApi);
|
|
6
|
+
const length = txCode.length ?? 4;
|
|
7
|
+
const inputMode = txCode.input_mode ?? "numeric";
|
|
8
|
+
const numbers = "0123456789";
|
|
9
|
+
const characters = inputMode === "numeric" ? numbers : numbers + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
|
10
|
+
const random = kms.randomBytes({ length });
|
|
11
|
+
let result = "";
|
|
12
|
+
for (let i = 0; i < length; i++) result += characters[random[i] % characters.length];
|
|
13
|
+
return result;
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
//#endregion
|
|
17
|
+
export { generateTxCode };
|
|
18
|
+
//# sourceMappingURL=txCode.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"txCode.mjs","names":[],"sources":["../../../src/openid4vc-issuer/util/txCode.ts"],"sourcesContent":["import { type AgentContext, Kms } from '@credo-ts/core'\nimport type { OpenId4VciTxCode } from '../../shared'\n\nexport function generateTxCode(agentContext: AgentContext, txCode: OpenId4VciTxCode) {\n const kms = agentContext.resolve(Kms.KeyManagementApi)\n\n const length = txCode.length ?? 4\n const inputMode = txCode.input_mode ?? 'numeric'\n\n const numbers = '0123456789'\n const letters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'\n const characters = inputMode === 'numeric' ? numbers : numbers + letters\n const random = kms.randomBytes({ length })\n\n let result = ''\n for (let i = 0; i < length; i++) {\n result += characters[random[i] % characters.length]\n }\n\n return result\n}\n"],"mappings":";;;AAGA,SAAgB,eAAe,cAA4B,QAA0B;CACnF,MAAM,MAAM,aAAa,QAAQ,IAAI,iBAAiB;CAEtD,MAAM,SAAS,OAAO,UAAU;CAChC,MAAM,YAAY,OAAO,cAAc;CAEvC,MAAM,UAAU;CAEhB,MAAM,aAAa,cAAc,YAAY,UAAU,UADvC;CAEhB,MAAM,SAAS,IAAI,YAAY,EAAE,QAAQ,CAAC;CAE1C,IAAI,SAAS;AACb,MAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,IAC1B,WAAU,WAAW,OAAO,KAAK,WAAW;AAG9C,QAAO"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
//#region src/openid4vc-verifier/OpenId4VcVerificationSessionState.d.ts
|
|
2
|
+
declare enum OpenId4VcVerificationSessionState {
|
|
3
|
+
RequestCreated = "RequestCreated",
|
|
4
|
+
RequestUriRetrieved = "RequestUriRetrieved",
|
|
5
|
+
ResponseVerified = "ResponseVerified",
|
|
6
|
+
Error = "Error",
|
|
7
|
+
}
|
|
8
|
+
//#endregion
|
|
9
|
+
export { OpenId4VcVerificationSessionState };
|
|
10
|
+
//# sourceMappingURL=OpenId4VcVerificationSessionState.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"OpenId4VcVerificationSessionState.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerificationSessionState.ts"],"sourcesContent":[],"mappings":";aAAY,iCAAA;EAAA,cAAA,GAAA,gBAAA"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
//#region src/openid4vc-verifier/OpenId4VcVerificationSessionState.ts
|
|
2
|
+
let OpenId4VcVerificationSessionState = /* @__PURE__ */ function(OpenId4VcVerificationSessionState$1) {
|
|
3
|
+
OpenId4VcVerificationSessionState$1["RequestCreated"] = "RequestCreated";
|
|
4
|
+
OpenId4VcVerificationSessionState$1["RequestUriRetrieved"] = "RequestUriRetrieved";
|
|
5
|
+
OpenId4VcVerificationSessionState$1["ResponseVerified"] = "ResponseVerified";
|
|
6
|
+
OpenId4VcVerificationSessionState$1["Error"] = "Error";
|
|
7
|
+
return OpenId4VcVerificationSessionState$1;
|
|
8
|
+
}({});
|
|
9
|
+
|
|
10
|
+
//#endregion
|
|
11
|
+
export { OpenId4VcVerificationSessionState };
|
|
12
|
+
//# sourceMappingURL=OpenId4VcVerificationSessionState.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"OpenId4VcVerificationSessionState.mjs","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerificationSessionState.ts"],"sourcesContent":["export enum OpenId4VcVerificationSessionState {\n RequestCreated = 'RequestCreated',\n RequestUriRetrieved = 'RequestUriRetrieved',\n ResponseVerified = 'ResponseVerified',\n Error = 'Error',\n}\n"],"mappings":";AAAA,IAAY,kGAAL;AACL;AACA;AACA;AACA"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
import { OpenId4VcUpdateVerifierRecordOptions, OpenId4VpCreateAuthorizationRequestOptions, OpenId4VpCreateAuthorizationRequestReturn, OpenId4VpCreateVerifierOptions, OpenId4VpVerifiedAuthorizationResponse, OpenId4VpVerifyAuthorizationResponseOptions } from "./OpenId4VpVerifierServiceOptions.mjs";
|
|
2
|
+
import { OpenId4VcVerificationSessionRecord } from "./repository/OpenId4VcVerificationSessionRecord.mjs";
|
|
3
|
+
import { OpenId4VcVerifierRecord } from "./repository/OpenId4VcVerifierRecord.mjs";
|
|
4
|
+
import "./repository/index.mjs";
|
|
5
|
+
import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
|
|
6
|
+
import { OpenId4VpVerifierService } from "./OpenId4VpVerifierService.mjs";
|
|
7
|
+
import { AgentContext, Query, QueryOptions } from "@credo-ts/core";
|
|
8
|
+
|
|
9
|
+
//#region src/openid4vc-verifier/OpenId4VcVerifierApi.d.ts
|
|
10
|
+
/**
|
|
11
|
+
* @public
|
|
12
|
+
*/
|
|
13
|
+
declare class OpenId4VcVerifierApi {
|
|
14
|
+
readonly config: OpenId4VcVerifierModuleConfig;
|
|
15
|
+
private agentContext;
|
|
16
|
+
private openId4VpVerifierService;
|
|
17
|
+
constructor(config: OpenId4VcVerifierModuleConfig, agentContext: AgentContext, openId4VpVerifierService: OpenId4VpVerifierService);
|
|
18
|
+
/**
|
|
19
|
+
* Retrieve all verifier records from storage
|
|
20
|
+
*/
|
|
21
|
+
getAllVerifiers(): Promise<OpenId4VcVerifierRecord[]>;
|
|
22
|
+
/**
|
|
23
|
+
* Retrieve a verifier record from storage by its verified id
|
|
24
|
+
*/
|
|
25
|
+
getVerifierByVerifierId(verifierId: string): Promise<OpenId4VcVerifierRecord>;
|
|
26
|
+
/**
|
|
27
|
+
* Create a new verifier and store the new verifier record.
|
|
28
|
+
*/
|
|
29
|
+
createVerifier(options?: OpenId4VpCreateVerifierOptions): Promise<OpenId4VcVerifierRecord>;
|
|
30
|
+
updateVerifierMetadata(options: OpenId4VcUpdateVerifierRecordOptions): Promise<void>;
|
|
31
|
+
findVerificationSessionsByQuery(query: Query<OpenId4VcVerificationSessionRecord>, queryOptions?: QueryOptions): Promise<OpenId4VcVerificationSessionRecord[]>;
|
|
32
|
+
getVerificationSessionById(verificationSessionId: string): Promise<OpenId4VcVerificationSessionRecord>;
|
|
33
|
+
/**
|
|
34
|
+
* Create an OpenID4VP authorization request, acting as a Relying Party (RP).
|
|
35
|
+
*
|
|
36
|
+
* See {@link OpenId4VpCreateAuthorizationRequestOptions} for detailed documentation on the options.
|
|
37
|
+
*/
|
|
38
|
+
createAuthorizationRequest({
|
|
39
|
+
verifierId,
|
|
40
|
+
...otherOptions
|
|
41
|
+
}: OpenId4VpCreateAuthorizationRequestOptions & {
|
|
42
|
+
verifierId: string;
|
|
43
|
+
}): Promise<OpenId4VpCreateAuthorizationRequestReturn>;
|
|
44
|
+
/**
|
|
45
|
+
* Verifies an authorization response, acting as a Relying Party (RP).
|
|
46
|
+
*
|
|
47
|
+
* It validates the ID Token, VP Token and the signature(s) of the received Verifiable Presentation(s)
|
|
48
|
+
* as well as that the structure of the Verifiable Presentation matches the provided presentation definition.
|
|
49
|
+
*/
|
|
50
|
+
verifyAuthorizationResponse({
|
|
51
|
+
verificationSessionId,
|
|
52
|
+
...otherOptions
|
|
53
|
+
}: OpenId4VpVerifyAuthorizationResponseOptions & {
|
|
54
|
+
verificationSessionId: string;
|
|
55
|
+
}): Promise<OpenId4VpVerifiedAuthorizationResponse>;
|
|
56
|
+
getVerifiedAuthorizationResponse(verificationSessionId: string): Promise<OpenId4VpVerifiedAuthorizationResponse>;
|
|
57
|
+
}
|
|
58
|
+
//#endregion
|
|
59
|
+
export { OpenId4VcVerifierApi };
|
|
60
|
+
//# sourceMappingURL=OpenId4VcVerifierApi.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"OpenId4VcVerifierApi.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierApi.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;AAiBa,cAAA,oBAAA,CAAoB;EAEL,SAAA,MAAA,EAAA,6BAAA;EAAA,QAAA,YAAA;EACF,QAAA,wBAAA;EACY,WAAA,CAAA,MAAA,EAFV,6BAEU,EAAA,YAAA,EADZ,YACY,EAAA,wBAAA,EAAA,wBAAA;EAAwB;;;EAaL,eAAA,CAAA,CAAA,EAP3B,OAO2B,CAbK,uBAAA,EAaL,CAAA;EAOjB;;;EAIO,uBAAA,CAAA,UAAA,EAAA,MAAA,CAAA,EAXU,OAWV,CAlBjB,uBAAA,CAkBiB;EAAoC;;;EAYhE,cAAA,CAAA,OAAA,CAAA,EAhBqB,8BAgBrB,CAAA,EAhBmD,OAgBnD,CAhBmD,uBAAA,CAgBnD;EAAY,sBAAA,CAAA,OAAA,EAZgB,oCAYhB,CAAA,EAZoD,OAYpD,CAAA,IAAA,CAAA;EAAA,+BAAA,CAAA,KAAA,EADpB,KACoB,CADd,kCACc,CAAA,EAAA,YAAA,CAAA,EAAZ,YAAY,CAAA,EAAA,OAAA,CAAA,kCAAA,EAAA,CAAA;EAKwC,0BAAA,CAAA,qBAAA,EAAA,MAAA,CAAA,EAAA,OAAA,CAAA,kCAAA,CAAA;EAAA;;;;;EA6BnE,0BAAA,CAAA;IAAA,UAAA;IAAA,GAAA;EAE4C,CAF5C,EAjBC,0CAiBD,GAAA;IAEC,UAAA,EAAA,MAAA;EAA2C,CAAA,CAAA,EAjB1C,OAiB0C,CAjBlC,yCAiBkC,CAAA;EAE7C;;;;;;;;;KAFE;;MAEF,QAF6C,sCAAA;mEAU6B,QAR1E,sCAAA"}
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
|
|
2
|
+
import { __decorateMetadata } from "../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
|
|
3
|
+
import { __decorate } from "../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
|
|
4
|
+
import { OpenId4VpVerifierService } from "./OpenId4VpVerifierService.mjs";
|
|
5
|
+
import { AgentContext, injectable } from "@credo-ts/core";
|
|
6
|
+
|
|
7
|
+
//#region src/openid4vc-verifier/OpenId4VcVerifierApi.ts
|
|
8
|
+
var _ref, _ref2, _ref3;
|
|
9
|
+
let OpenId4VcVerifierApi = class OpenId4VcVerifierApi$1 {
|
|
10
|
+
constructor(config, agentContext, openId4VpVerifierService) {
|
|
11
|
+
this.config = config;
|
|
12
|
+
this.agentContext = agentContext;
|
|
13
|
+
this.openId4VpVerifierService = openId4VpVerifierService;
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Retrieve all verifier records from storage
|
|
17
|
+
*/
|
|
18
|
+
async getAllVerifiers() {
|
|
19
|
+
return this.openId4VpVerifierService.getAllVerifiers(this.agentContext);
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Retrieve a verifier record from storage by its verified id
|
|
23
|
+
*/
|
|
24
|
+
async getVerifierByVerifierId(verifierId) {
|
|
25
|
+
return this.openId4VpVerifierService.getVerifierByVerifierId(this.agentContext, verifierId);
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Create a new verifier and store the new verifier record.
|
|
29
|
+
*/
|
|
30
|
+
async createVerifier(options) {
|
|
31
|
+
return this.openId4VpVerifierService.createVerifier(this.agentContext, options);
|
|
32
|
+
}
|
|
33
|
+
async updateVerifierMetadata(options) {
|
|
34
|
+
const { verifierId, clientMetadata } = options;
|
|
35
|
+
const verifier = await this.openId4VpVerifierService.getVerifierByVerifierId(this.agentContext, verifierId);
|
|
36
|
+
verifier.clientMetadata = clientMetadata;
|
|
37
|
+
return this.openId4VpVerifierService.updateVerifier(this.agentContext, verifier);
|
|
38
|
+
}
|
|
39
|
+
async findVerificationSessionsByQuery(query, queryOptions) {
|
|
40
|
+
return this.openId4VpVerifierService.findVerificationSessionsByQuery(this.agentContext, query, queryOptions);
|
|
41
|
+
}
|
|
42
|
+
async getVerificationSessionById(verificationSessionId) {
|
|
43
|
+
return this.openId4VpVerifierService.getVerificationSessionById(this.agentContext, verificationSessionId);
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Create an OpenID4VP authorization request, acting as a Relying Party (RP).
|
|
47
|
+
*
|
|
48
|
+
* See {@link OpenId4VpCreateAuthorizationRequestOptions} for detailed documentation on the options.
|
|
49
|
+
*/
|
|
50
|
+
async createAuthorizationRequest({ verifierId, ...otherOptions }) {
|
|
51
|
+
const verifier = await this.getVerifierByVerifierId(verifierId);
|
|
52
|
+
return await this.openId4VpVerifierService.createAuthorizationRequest(this.agentContext, {
|
|
53
|
+
...otherOptions,
|
|
54
|
+
verifier
|
|
55
|
+
});
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Verifies an authorization response, acting as a Relying Party (RP).
|
|
59
|
+
*
|
|
60
|
+
* It validates the ID Token, VP Token and the signature(s) of the received Verifiable Presentation(s)
|
|
61
|
+
* as well as that the structure of the Verifiable Presentation matches the provided presentation definition.
|
|
62
|
+
*/
|
|
63
|
+
async verifyAuthorizationResponse({ verificationSessionId, ...otherOptions }) {
|
|
64
|
+
const verificationSession = await this.getVerificationSessionById(verificationSessionId);
|
|
65
|
+
return await this.openId4VpVerifierService.verifyAuthorizationResponse(this.agentContext, {
|
|
66
|
+
...otherOptions,
|
|
67
|
+
verificationSession
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
async getVerifiedAuthorizationResponse(verificationSessionId) {
|
|
71
|
+
const verificationSession = await this.getVerificationSessionById(verificationSessionId);
|
|
72
|
+
return this.openId4VpVerifierService.getVerifiedAuthorizationResponse(this.agentContext, verificationSession);
|
|
73
|
+
}
|
|
74
|
+
};
|
|
75
|
+
OpenId4VcVerifierApi = __decorate([injectable(), __decorateMetadata("design:paramtypes", [
|
|
76
|
+
typeof (_ref = typeof OpenId4VcVerifierModuleConfig !== "undefined" && OpenId4VcVerifierModuleConfig) === "function" ? _ref : Object,
|
|
77
|
+
typeof (_ref2 = typeof AgentContext !== "undefined" && AgentContext) === "function" ? _ref2 : Object,
|
|
78
|
+
typeof (_ref3 = typeof OpenId4VpVerifierService !== "undefined" && OpenId4VpVerifierService) === "function" ? _ref3 : Object
|
|
79
|
+
])], OpenId4VcVerifierApi);
|
|
80
|
+
|
|
81
|
+
//#endregion
|
|
82
|
+
export { OpenId4VcVerifierApi };
|
|
83
|
+
//# sourceMappingURL=OpenId4VcVerifierApi.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"OpenId4VcVerifierApi.mjs","names":["OpenId4VcVerifierApi","config: OpenId4VcVerifierModuleConfig","agentContext: AgentContext","openId4VpVerifierService: OpenId4VpVerifierService"],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierApi.ts"],"sourcesContent":["import type { Query, QueryOptions } from '@credo-ts/core'\nimport { AgentContext, injectable } from '@credo-ts/core'\nimport { OpenId4VcVerifierModuleConfig } from './OpenId4VcVerifierModuleConfig'\nimport { OpenId4VpVerifierService } from './OpenId4VpVerifierService'\nimport type {\n OpenId4VcUpdateVerifierRecordOptions,\n OpenId4VpCreateAuthorizationRequestOptions,\n OpenId4VpCreateAuthorizationRequestReturn,\n OpenId4VpCreateVerifierOptions,\n OpenId4VpVerifyAuthorizationResponseOptions,\n} from './OpenId4VpVerifierServiceOptions'\nimport type { OpenId4VcVerificationSessionRecord } from './repository'\n\n/**\n * @public\n */\n@injectable()\nexport class OpenId4VcVerifierApi {\n public constructor(\n public readonly config: OpenId4VcVerifierModuleConfig,\n private agentContext: AgentContext,\n private openId4VpVerifierService: OpenId4VpVerifierService\n ) {}\n\n /**\n * Retrieve all verifier records from storage\n */\n public async getAllVerifiers() {\n return this.openId4VpVerifierService.getAllVerifiers(this.agentContext)\n }\n\n /**\n * Retrieve a verifier record from storage by its verified id\n */\n public async getVerifierByVerifierId(verifierId: string) {\n return this.openId4VpVerifierService.getVerifierByVerifierId(this.agentContext, verifierId)\n }\n\n /**\n * Create a new verifier and store the new verifier record.\n */\n public async createVerifier(options?: OpenId4VpCreateVerifierOptions) {\n return this.openId4VpVerifierService.createVerifier(this.agentContext, options)\n }\n\n public async updateVerifierMetadata(options: OpenId4VcUpdateVerifierRecordOptions) {\n const { verifierId, clientMetadata } = options\n\n const verifier = await this.openId4VpVerifierService.getVerifierByVerifierId(this.agentContext, verifierId)\n\n verifier.clientMetadata = clientMetadata\n\n return this.openId4VpVerifierService.updateVerifier(this.agentContext, verifier)\n }\n\n public async findVerificationSessionsByQuery(\n query: Query<OpenId4VcVerificationSessionRecord>,\n queryOptions?: QueryOptions\n ) {\n return this.openId4VpVerifierService.findVerificationSessionsByQuery(this.agentContext, query, queryOptions)\n }\n\n public async getVerificationSessionById(verificationSessionId: string) {\n return this.openId4VpVerifierService.getVerificationSessionById(this.agentContext, verificationSessionId)\n }\n\n /**\n * Create an OpenID4VP authorization request, acting as a Relying Party (RP).\n *\n * See {@link OpenId4VpCreateAuthorizationRequestOptions} for detailed documentation on the options.\n */\n public async createAuthorizationRequest({\n verifierId,\n ...otherOptions\n }: OpenId4VpCreateAuthorizationRequestOptions & {\n verifierId: string\n }): Promise<OpenId4VpCreateAuthorizationRequestReturn> {\n const verifier = await this.getVerifierByVerifierId(verifierId)\n return await this.openId4VpVerifierService.createAuthorizationRequest(this.agentContext, {\n ...otherOptions,\n verifier,\n })\n }\n\n /**\n * Verifies an authorization response, acting as a Relying Party (RP).\n *\n * It validates the ID Token, VP Token and the signature(s) of the received Verifiable Presentation(s)\n * as well as that the structure of the Verifiable Presentation matches the provided presentation definition.\n */\n public async verifyAuthorizationResponse({\n verificationSessionId,\n ...otherOptions\n }: OpenId4VpVerifyAuthorizationResponseOptions & {\n verificationSessionId: string\n }) {\n const verificationSession = await this.getVerificationSessionById(verificationSessionId)\n return await this.openId4VpVerifierService.verifyAuthorizationResponse(this.agentContext, {\n ...otherOptions,\n verificationSession,\n })\n }\n\n public async getVerifiedAuthorizationResponse(verificationSessionId: string) {\n const verificationSession = await this.getVerificationSessionById(verificationSessionId)\n return this.openId4VpVerifierService.getVerifiedAuthorizationResponse(this.agentContext, verificationSession)\n }\n}\n"],"mappings":";;;;;;;;AAiBO,iCAAMA,uBAAqB;CAChC,AAAO,YACL,AAAgBC,QAChB,AAAQC,cACR,AAAQC,0BACR;EAHgB;EACR;EACA;;;;;CAMV,MAAa,kBAAkB;AAC7B,SAAO,KAAK,yBAAyB,gBAAgB,KAAK,aAAa;;;;;CAMzE,MAAa,wBAAwB,YAAoB;AACvD,SAAO,KAAK,yBAAyB,wBAAwB,KAAK,cAAc,WAAW;;;;;CAM7F,MAAa,eAAe,SAA0C;AACpE,SAAO,KAAK,yBAAyB,eAAe,KAAK,cAAc,QAAQ;;CAGjF,MAAa,uBAAuB,SAA+C;EACjF,MAAM,EAAE,YAAY,mBAAmB;EAEvC,MAAM,WAAW,MAAM,KAAK,yBAAyB,wBAAwB,KAAK,cAAc,WAAW;AAE3G,WAAS,iBAAiB;AAE1B,SAAO,KAAK,yBAAyB,eAAe,KAAK,cAAc,SAAS;;CAGlF,MAAa,gCACX,OACA,cACA;AACA,SAAO,KAAK,yBAAyB,gCAAgC,KAAK,cAAc,OAAO,aAAa;;CAG9G,MAAa,2BAA2B,uBAA+B;AACrE,SAAO,KAAK,yBAAyB,2BAA2B,KAAK,cAAc,sBAAsB;;;;;;;CAQ3G,MAAa,2BAA2B,EACtC,YACA,GAAG,gBAGkD;EACrD,MAAM,WAAW,MAAM,KAAK,wBAAwB,WAAW;AAC/D,SAAO,MAAM,KAAK,yBAAyB,2BAA2B,KAAK,cAAc;GACvF,GAAG;GACH;GACD,CAAC;;;;;;;;CASJ,MAAa,4BAA4B,EACvC,uBACA,GAAG,gBAGF;EACD,MAAM,sBAAsB,MAAM,KAAK,2BAA2B,sBAAsB;AACxF,SAAO,MAAM,KAAK,yBAAyB,4BAA4B,KAAK,cAAc;GACxF,GAAG;GACH;GACD,CAAC;;CAGJ,MAAa,iCAAiC,uBAA+B;EAC3E,MAAM,sBAAsB,MAAM,KAAK,2BAA2B,sBAAsB;AACxF,SAAO,KAAK,yBAAyB,iCAAiC,KAAK,cAAc,oBAAoB;;;mCAzFhH,YAAY"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { OpenId4VcVerificationSessionState } from "./OpenId4VcVerificationSessionState.mjs";
|
|
2
|
+
import { OpenId4VcVerificationSessionRecord } from "./repository/OpenId4VcVerificationSessionRecord.mjs";
|
|
3
|
+
import "./repository/index.mjs";
|
|
4
|
+
import { BaseEvent } from "@credo-ts/core";
|
|
5
|
+
|
|
6
|
+
//#region src/openid4vc-verifier/OpenId4VcVerifierEvents.d.ts
|
|
7
|
+
declare enum OpenId4VcVerifierEvents {
|
|
8
|
+
VerificationSessionStateChanged = "OpenId4VcVerifier.VerificationSessionStateChanged",
|
|
9
|
+
}
|
|
10
|
+
interface OpenId4VcVerificationSessionStateChangedEvent extends BaseEvent {
|
|
11
|
+
type: typeof OpenId4VcVerifierEvents.VerificationSessionStateChanged;
|
|
12
|
+
payload: {
|
|
13
|
+
verificationSession: OpenId4VcVerificationSessionRecord;
|
|
14
|
+
previousState: OpenId4VcVerificationSessionState | null;
|
|
15
|
+
};
|
|
16
|
+
}
|
|
17
|
+
//#endregion
|
|
18
|
+
export { OpenId4VcVerificationSessionStateChangedEvent, OpenId4VcVerifierEvents };
|
|
19
|
+
//# sourceMappingURL=OpenId4VcVerifierEvents.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"OpenId4VcVerifierEvents.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierEvents.ts"],"sourcesContent":[],"mappings":";;;;;;aAIY,uBAAA;;;AAAA,UAIK,6CAAA,SAAsD,SAJpC,CAAA;EAIlB,IAAA,EAAA,OACF,uBAAA,CAAwB,+BADwB;EAChD,OAAA,EAAA;IAEU,mBAAA,EAAA,kCAAA;IACN,aAAA,EAAA,iCAAA,GAAA,IAAA;EAJoD,CAAA"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
//#region src/openid4vc-verifier/OpenId4VcVerifierEvents.ts
|
|
2
|
+
let OpenId4VcVerifierEvents = /* @__PURE__ */ function(OpenId4VcVerifierEvents$1) {
|
|
3
|
+
OpenId4VcVerifierEvents$1["VerificationSessionStateChanged"] = "OpenId4VcVerifier.VerificationSessionStateChanged";
|
|
4
|
+
return OpenId4VcVerifierEvents$1;
|
|
5
|
+
}({});
|
|
6
|
+
|
|
7
|
+
//#endregion
|
|
8
|
+
export { OpenId4VcVerifierEvents };
|
|
9
|
+
//# sourceMappingURL=OpenId4VcVerifierEvents.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"OpenId4VcVerifierEvents.mjs","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierEvents.ts"],"sourcesContent":["import type { BaseEvent } from '@credo-ts/core'\nimport type { OpenId4VcVerificationSessionState } from './OpenId4VcVerificationSessionState'\nimport type { OpenId4VcVerificationSessionRecord } from './repository'\n\nexport enum OpenId4VcVerifierEvents {\n VerificationSessionStateChanged = 'OpenId4VcVerifier.VerificationSessionStateChanged',\n}\n\nexport interface OpenId4VcVerificationSessionStateChangedEvent extends BaseEvent {\n type: typeof OpenId4VcVerifierEvents.VerificationSessionStateChanged\n payload: {\n verificationSession: OpenId4VcVerificationSessionRecord\n previousState: OpenId4VcVerificationSessionState | null\n }\n}\n"],"mappings":";AAIA,IAAY,8EAAL;AACL"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { InternalOpenId4VcVerifierModuleConfigOptions, OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
|
|
2
|
+
import { AgentContext, DependencyManager, Module } from "@credo-ts/core";
|
|
3
|
+
|
|
4
|
+
//#region src/openid4vc-verifier/OpenId4VcVerifierModule.d.ts
|
|
5
|
+
|
|
6
|
+
/**
|
|
7
|
+
* @public
|
|
8
|
+
*/
|
|
9
|
+
declare class OpenId4VcVerifierModule implements Module {
|
|
10
|
+
readonly config: OpenId4VcVerifierModuleConfig;
|
|
11
|
+
constructor(options: InternalOpenId4VcVerifierModuleConfigOptions | OpenId4VcVerifierModuleConfig);
|
|
12
|
+
/**
|
|
13
|
+
* Registers the dependencies of the openid4vc verifier module on the dependency manager.
|
|
14
|
+
*/
|
|
15
|
+
register(dependencyManager: DependencyManager): void;
|
|
16
|
+
initialize(rootAgentContext: AgentContext): Promise<void>;
|
|
17
|
+
/**
|
|
18
|
+
* Registers the endpoints on the router passed to this module.
|
|
19
|
+
*/
|
|
20
|
+
private configureRouter;
|
|
21
|
+
private getVerifierIdParamHandler;
|
|
22
|
+
}
|
|
23
|
+
//#endregion
|
|
24
|
+
export { OpenId4VcVerifierModule };
|
|
25
|
+
//# sourceMappingURL=OpenId4VcVerifierModule.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"OpenId4VcVerifierModule.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierModule.ts"],"sourcesContent":[],"mappings":";;;;;;AAeA;;AAG8B,cAHjB,uBAAA,YAAmC,MAGlB,CAAA;EAA+C,SAAA,MAAA,EAFnD,6BAEmD;EAQxC,WAAA,CAAA,OAAA,EARP,4CAQO,GARwC,6BAQxC;EAeO;;;EA1BU,QAAA,CAAA,iBAAA,EAWjB,iBAXiB,CAAA,EAAA,IAAA;+BA0BV,eAAe"}
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
|
|
2
|
+
import { getRequestContext } from "../shared/router/context.mjs";
|
|
3
|
+
import { importExpress } from "../shared/router/express.mjs";
|
|
4
|
+
import { getAgentContextForActorId } from "../shared/router/tenants.mjs";
|
|
5
|
+
import "../shared/router/index.mjs";
|
|
6
|
+
import { OpenId4VcVerifierRepository } from "./repository/OpenId4VcVerifierRepository.mjs";
|
|
7
|
+
import "./repository/index.mjs";
|
|
8
|
+
import { OpenId4VpVerifierService } from "./OpenId4VpVerifierService.mjs";
|
|
9
|
+
import { OpenId4VcVerifierApi } from "./OpenId4VcVerifierApi.mjs";
|
|
10
|
+
import { configureAuthorizationEndpoint } from "./router/authorizationEndpoint.mjs";
|
|
11
|
+
import "./router/index.mjs";
|
|
12
|
+
import { configureAuthorizationRequestEndpoint } from "./router/authorizationRequestEndpoint.mjs";
|
|
13
|
+
|
|
14
|
+
//#region src/openid4vc-verifier/OpenId4VcVerifierModule.ts
|
|
15
|
+
/**
|
|
16
|
+
* @public
|
|
17
|
+
*/
|
|
18
|
+
var OpenId4VcVerifierModule = class {
|
|
19
|
+
constructor(options) {
|
|
20
|
+
this.getVerifierIdParamHandler = (rootAgentContext) => async (req, res, next, verifierId) => {
|
|
21
|
+
if (!verifierId) {
|
|
22
|
+
rootAgentContext.config.logger.debug("No verifierId provided for incoming authorization response, returning 404");
|
|
23
|
+
return res.status(404).send("Not found");
|
|
24
|
+
}
|
|
25
|
+
let agentContext;
|
|
26
|
+
try {
|
|
27
|
+
agentContext = await getAgentContextForActorId(rootAgentContext, verifierId);
|
|
28
|
+
const verifier = await agentContext.dependencyManager.resolve(OpenId4VcVerifierApi).getVerifierByVerifierId(verifierId);
|
|
29
|
+
req.requestContext = {
|
|
30
|
+
agentContext,
|
|
31
|
+
verifier
|
|
32
|
+
};
|
|
33
|
+
} catch (error) {
|
|
34
|
+
agentContext?.config.logger.error("Failed to correlate incoming openid request to existing tenant and verifier", { error });
|
|
35
|
+
await agentContext?.endSession();
|
|
36
|
+
return res.status(404).send("Not found");
|
|
37
|
+
}
|
|
38
|
+
next();
|
|
39
|
+
};
|
|
40
|
+
this.config = options instanceof OpenId4VcVerifierModuleConfig ? options : new OpenId4VcVerifierModuleConfig(options);
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Registers the dependencies of the openid4vc verifier module on the dependency manager.
|
|
44
|
+
*/
|
|
45
|
+
register(dependencyManager) {
|
|
46
|
+
dependencyManager.registerContextScoped(OpenId4VcVerifierApi);
|
|
47
|
+
dependencyManager.registerInstance(OpenId4VcVerifierModuleConfig, this.config);
|
|
48
|
+
dependencyManager.registerSingleton(OpenId4VpVerifierService);
|
|
49
|
+
dependencyManager.registerSingleton(OpenId4VcVerifierRepository);
|
|
50
|
+
}
|
|
51
|
+
async initialize(rootAgentContext) {
|
|
52
|
+
this.configureRouter(rootAgentContext);
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Registers the endpoints on the router passed to this module.
|
|
56
|
+
*/
|
|
57
|
+
configureRouter(rootAgentContext) {
|
|
58
|
+
const { Router, json, urlencoded } = importExpress();
|
|
59
|
+
const basePath = new URL(this.config.baseUrl).pathname;
|
|
60
|
+
const verifierEndpointRouter = Router();
|
|
61
|
+
const verifierContextRouter = Router();
|
|
62
|
+
verifierContextRouter.use(urlencoded({ extended: false }));
|
|
63
|
+
verifierContextRouter.use(json());
|
|
64
|
+
verifierContextRouter.param("verifierId", this.getVerifierIdParamHandler(rootAgentContext));
|
|
65
|
+
verifierContextRouter.use("/:verifierId", verifierEndpointRouter);
|
|
66
|
+
configureAuthorizationEndpoint(verifierEndpointRouter, this.config);
|
|
67
|
+
configureAuthorizationRequestEndpoint(verifierEndpointRouter, this.config);
|
|
68
|
+
verifierContextRouter.use(async (req, _res, next) => {
|
|
69
|
+
const { agentContext } = getRequestContext(req);
|
|
70
|
+
await agentContext.endSession();
|
|
71
|
+
next();
|
|
72
|
+
});
|
|
73
|
+
verifierContextRouter.use(async (_error, req, res, next) => {
|
|
74
|
+
const { agentContext } = getRequestContext(req);
|
|
75
|
+
if (!res.headersSent) {
|
|
76
|
+
agentContext.config.logger.warn("Error was thrown but openid4vci endpoint did not send a response. Sending generic server_error.");
|
|
77
|
+
res.status(500).json({
|
|
78
|
+
error: "server_error",
|
|
79
|
+
error_description: "An unexpected error occurred on the server."
|
|
80
|
+
});
|
|
81
|
+
}
|
|
82
|
+
await agentContext.endSession();
|
|
83
|
+
next();
|
|
84
|
+
});
|
|
85
|
+
this.config.app.use(basePath, verifierContextRouter);
|
|
86
|
+
}
|
|
87
|
+
};
|
|
88
|
+
|
|
89
|
+
//#endregion
|
|
90
|
+
export { OpenId4VcVerifierModule };
|
|
91
|
+
//# sourceMappingURL=OpenId4VcVerifierModule.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"OpenId4VcVerifierModule.mjs","names":["agentContext: AgentContext | undefined"],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierModule.ts"],"sourcesContent":["import type { AgentContext, DependencyManager, Module } from '@credo-ts/core'\nimport type { NextFunction, Response } from 'express'\nimport { getAgentContextForActorId, getRequestContext, importExpress } from '../shared/router'\nimport { OpenId4VcVerifierApi } from './OpenId4VcVerifierApi'\nimport type { InternalOpenId4VcVerifierModuleConfigOptions } from './OpenId4VcVerifierModuleConfig'\nimport { OpenId4VcVerifierModuleConfig } from './OpenId4VcVerifierModuleConfig'\nimport { OpenId4VpVerifierService } from './OpenId4VpVerifierService'\nimport { OpenId4VcVerifierRepository } from './repository'\nimport type { OpenId4VcVerificationRequest } from './router'\nimport { configureAuthorizationEndpoint } from './router'\nimport { configureAuthorizationRequestEndpoint } from './router/authorizationRequestEndpoint'\n\n/**\n * @public\n */\nexport class OpenId4VcVerifierModule implements Module {\n public readonly config: OpenId4VcVerifierModuleConfig\n\n public constructor(options: InternalOpenId4VcVerifierModuleConfigOptions | OpenId4VcVerifierModuleConfig) {\n this.config =\n options instanceof OpenId4VcVerifierModuleConfig ? options : new OpenId4VcVerifierModuleConfig(options)\n }\n\n /**\n * Registers the dependencies of the openid4vc verifier module on the dependency manager.\n */\n public register(dependencyManager: DependencyManager) {\n // Since the OpenID4VC module is a nested module (a module consisting of three modules) we register the API\n // manually. In the future we may disallow resolving the sub-api, but for now it allows for a cleaner migration path\n dependencyManager.registerContextScoped(OpenId4VcVerifierApi)\n\n // Register config\n dependencyManager.registerInstance(OpenId4VcVerifierModuleConfig, this.config)\n\n // Services\n dependencyManager.registerSingleton(OpenId4VpVerifierService)\n\n // Repository\n dependencyManager.registerSingleton(OpenId4VcVerifierRepository)\n }\n\n public async initialize(rootAgentContext: AgentContext): Promise<void> {\n this.configureRouter(rootAgentContext)\n }\n\n /**\n * Registers the endpoints on the router passed to this module.\n */\n private configureRouter(rootAgentContext: AgentContext) {\n const { Router, json, urlencoded } = importExpress()\n\n // FIXME: it is currently not possible to initialize an agent\n // shut it down, and then start it again, as the\n // express router is configured with a specific `AgentContext` instance\n // and dependency manager. One option is to always create a new router\n // but then users cannot pass their own router implementation.\n // We need to find a proper way to fix this.\n\n const basePath = new URL(this.config.baseUrl).pathname\n\n // We use separate context router and endpoint router. Context router handles the linking of the request\n // to a specific agent context. Endpoint router only knows about a single context\n const verifierEndpointRouter = Router()\n const verifierContextRouter = Router()\n\n // parse application/x-www-form-urlencoded\n verifierContextRouter.use(urlencoded({ extended: false }))\n // parse application/json\n verifierContextRouter.use(json())\n\n verifierContextRouter.param('verifierId', this.getVerifierIdParamHandler(rootAgentContext))\n verifierContextRouter.use('/:verifierId', verifierEndpointRouter)\n\n // Configure endpoints\n configureAuthorizationEndpoint(verifierEndpointRouter, this.config)\n configureAuthorizationRequestEndpoint(verifierEndpointRouter, this.config)\n\n // First one will be called for all requests (when next is called)\n verifierContextRouter.use(async (req: OpenId4VcVerificationRequest, _res: unknown, next) => {\n const { agentContext } = getRequestContext(req)\n await agentContext.endSession()\n next()\n })\n\n // This one will be called for all errors that are thrown\n verifierContextRouter.use(\n async (_error: unknown, req: OpenId4VcVerificationRequest, res: Response, next: NextFunction) => {\n const { agentContext } = getRequestContext(req)\n\n if (!res.headersSent) {\n agentContext.config.logger.warn(\n 'Error was thrown but openid4vci endpoint did not send a response. Sending generic server_error.'\n )\n\n res.status(500).json({\n error: 'server_error',\n error_description: 'An unexpected error occurred on the server.',\n })\n }\n\n await agentContext.endSession()\n next()\n }\n )\n\n this.config.app.use(basePath, verifierContextRouter)\n }\n\n private getVerifierIdParamHandler =\n (rootAgentContext: AgentContext) =>\n async (req: OpenId4VcVerificationRequest, res: Response, next: NextFunction, verifierId: string) => {\n if (!verifierId) {\n rootAgentContext.config.logger.debug(\n 'No verifierId provided for incoming authorization response, returning 404'\n )\n return res.status(404).send('Not found')\n }\n\n let agentContext: AgentContext | undefined\n\n try {\n agentContext = await getAgentContextForActorId(rootAgentContext, verifierId)\n const verifierApi = agentContext.dependencyManager.resolve(OpenId4VcVerifierApi)\n const verifier = await verifierApi.getVerifierByVerifierId(verifierId)\n\n req.requestContext = {\n agentContext,\n verifier,\n }\n } catch (error) {\n agentContext?.config.logger.error(\n 'Failed to correlate incoming openid request to existing tenant and verifier',\n {\n error,\n }\n )\n // If the opening failed\n await agentContext?.endSession()\n return res.status(404).send('Not found')\n }\n\n next()\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAeA,IAAa,0BAAb,MAAuD;CAGrD,AAAO,YAAY,SAAuF;OA0FlG,6BACL,qBACD,OAAO,KAAmC,KAAe,MAAoB,eAAuB;AAClG,OAAI,CAAC,YAAY;AACf,qBAAiB,OAAO,OAAO,MAC7B,4EACD;AACD,WAAO,IAAI,OAAO,IAAI,CAAC,KAAK,YAAY;;GAG1C,IAAIA;AAEJ,OAAI;AACF,mBAAe,MAAM,0BAA0B,kBAAkB,WAAW;IAE5E,MAAM,WAAW,MADG,aAAa,kBAAkB,QAAQ,qBAAqB,CAC7C,wBAAwB,WAAW;AAEtE,QAAI,iBAAiB;KACnB;KACA;KACD;YACM,OAAO;AACd,kBAAc,OAAO,OAAO,MAC1B,+EACA,EACE,OACD,CACF;AAED,UAAM,cAAc,YAAY;AAChC,WAAO,IAAI,OAAO,IAAI,CAAC,KAAK,YAAY;;AAG1C,SAAM;;AA1HR,OAAK,SACH,mBAAmB,gCAAgC,UAAU,IAAI,8BAA8B,QAAQ;;;;;CAM3G,AAAO,SAAS,mBAAsC;AAGpD,oBAAkB,sBAAsB,qBAAqB;AAG7D,oBAAkB,iBAAiB,+BAA+B,KAAK,OAAO;AAG9E,oBAAkB,kBAAkB,yBAAyB;AAG7D,oBAAkB,kBAAkB,4BAA4B;;CAGlE,MAAa,WAAW,kBAA+C;AACrE,OAAK,gBAAgB,iBAAiB;;;;;CAMxC,AAAQ,gBAAgB,kBAAgC;EACtD,MAAM,EAAE,QAAQ,MAAM,eAAe,eAAe;EASpD,MAAM,WAAW,IAAI,IAAI,KAAK,OAAO,QAAQ,CAAC;EAI9C,MAAM,yBAAyB,QAAQ;EACvC,MAAM,wBAAwB,QAAQ;AAGtC,wBAAsB,IAAI,WAAW,EAAE,UAAU,OAAO,CAAC,CAAC;AAE1D,wBAAsB,IAAI,MAAM,CAAC;AAEjC,wBAAsB,MAAM,cAAc,KAAK,0BAA0B,iBAAiB,CAAC;AAC3F,wBAAsB,IAAI,gBAAgB,uBAAuB;AAGjE,iCAA+B,wBAAwB,KAAK,OAAO;AACnE,wCAAsC,wBAAwB,KAAK,OAAO;AAG1E,wBAAsB,IAAI,OAAO,KAAmC,MAAe,SAAS;GAC1F,MAAM,EAAE,iBAAiB,kBAAkB,IAAI;AAC/C,SAAM,aAAa,YAAY;AAC/B,SAAM;IACN;AAGF,wBAAsB,IACpB,OAAO,QAAiB,KAAmC,KAAe,SAAuB;GAC/F,MAAM,EAAE,iBAAiB,kBAAkB,IAAI;AAE/C,OAAI,CAAC,IAAI,aAAa;AACpB,iBAAa,OAAO,OAAO,KACzB,kGACD;AAED,QAAI,OAAO,IAAI,CAAC,KAAK;KACnB,OAAO;KACP,mBAAmB;KACpB,CAAC;;AAGJ,SAAM,aAAa,YAAY;AAC/B,SAAM;IAET;AAED,OAAK,OAAO,IAAI,IAAI,UAAU,sBAAsB"}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
import { Express } from "express";
|
|
2
|
+
|
|
3
|
+
//#region src/openid4vc-verifier/OpenId4VcVerifierModuleConfig.d.ts
|
|
4
|
+
interface InternalOpenId4VcVerifierModuleConfigOptions {
|
|
5
|
+
/**
|
|
6
|
+
* Base url at which the verifier endpoints will be hosted. All endpoints will be exposed with
|
|
7
|
+
* this path as prefix.
|
|
8
|
+
*/
|
|
9
|
+
baseUrl: string;
|
|
10
|
+
/**
|
|
11
|
+
* Express app on which the openid4vp endpoints will be registered.
|
|
12
|
+
*/
|
|
13
|
+
app: Express;
|
|
14
|
+
/**
|
|
15
|
+
* The number of seconds after which a created authorization request will expire.
|
|
16
|
+
*
|
|
17
|
+
* This is used for the `exp` field of a signed authorization request.
|
|
18
|
+
*
|
|
19
|
+
* @default 300
|
|
20
|
+
*/
|
|
21
|
+
authorizationRequestExpirationInSeconds?: number;
|
|
22
|
+
endpoints?: {
|
|
23
|
+
/**
|
|
24
|
+
* @default /authorize
|
|
25
|
+
*/
|
|
26
|
+
authorization?: string;
|
|
27
|
+
/**
|
|
28
|
+
* @default /authorization-requests
|
|
29
|
+
*/
|
|
30
|
+
authorizationRequest?: string;
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
declare class OpenId4VcVerifierModuleConfig {
|
|
34
|
+
private options;
|
|
35
|
+
constructor(options: InternalOpenId4VcVerifierModuleConfigOptions);
|
|
36
|
+
get baseUrl(): string;
|
|
37
|
+
get app(): Express;
|
|
38
|
+
/**
|
|
39
|
+
* @default /authorize
|
|
40
|
+
*/
|
|
41
|
+
get authorizationRequestEndpoint(): string;
|
|
42
|
+
/**
|
|
43
|
+
* @default /authorize
|
|
44
|
+
*/
|
|
45
|
+
get authorizationEndpoint(): string;
|
|
46
|
+
/**
|
|
47
|
+
* Time in seconds after which an authorization request will expire
|
|
48
|
+
*
|
|
49
|
+
* @default 300
|
|
50
|
+
*/
|
|
51
|
+
get authorizationRequestExpiresInSeconds(): number;
|
|
52
|
+
}
|
|
53
|
+
//#endregion
|
|
54
|
+
export { InternalOpenId4VcVerifierModuleConfigOptions, OpenId4VcVerifierModuleConfig };
|
|
55
|
+
//# sourceMappingURL=OpenId4VcVerifierModuleConfig.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"OpenId4VcVerifierModuleConfig.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VcVerifierModuleConfig.ts"],"sourcesContent":[],"mappings":";;;UAEiB,4CAAA;;AAAjB;AAkCA;;;;;;OAxBO;;;;;;;;;;;;;;;;;;;;cAwBM,6BAAA;;uBAGiB;;aAQd"}
|