@digitalbazaar/oid4-client 3.6.0 → 3.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/OID4Client.js +29 -8
- package/lib/index.js +1 -0
- package/lib/oid4vp.js +20 -7
- package/lib/util.js +37 -0
- package/package.json +1 -1
package/lib/OID4Client.js
CHANGED
|
@@ -27,7 +27,9 @@ export class OID4Client {
|
|
|
27
27
|
if(!offer) {
|
|
28
28
|
throw new TypeError('"credentialDefinition" must be an object.');
|
|
29
29
|
}
|
|
30
|
-
requests = _createCredentialRequestsFromOffer({
|
|
30
|
+
requests = _createCredentialRequestsFromOffer({
|
|
31
|
+
issuerConfig, offer, format
|
|
32
|
+
});
|
|
31
33
|
if(requests.length > 1) {
|
|
32
34
|
throw new Error(
|
|
33
35
|
'More than one credential is offered; ' +
|
|
@@ -48,7 +50,9 @@ export class OID4Client {
|
|
|
48
50
|
} = {}) {
|
|
49
51
|
const {issuerConfig, offer} = this;
|
|
50
52
|
if(requests === undefined && offer) {
|
|
51
|
-
requests = _createCredentialRequestsFromOffer({
|
|
53
|
+
requests = _createCredentialRequestsFromOffer({
|
|
54
|
+
issuerConfig, offer, format
|
|
55
|
+
});
|
|
52
56
|
} else if(!(Array.isArray(requests) && requests.length > 0)) {
|
|
53
57
|
throw new TypeError('"requests" must be an array of length >= 1.');
|
|
54
58
|
}
|
|
@@ -174,7 +178,7 @@ export class OID4Client {
|
|
|
174
178
|
}
|
|
175
179
|
}
|
|
176
180
|
|
|
177
|
-
// wallet / client receives credential:
|
|
181
|
+
// wallet / client receives credential(s):
|
|
178
182
|
/* Note: The credential is not wrapped here in a VP in the current spec:
|
|
179
183
|
|
|
180
184
|
HTTP/1.1 200 OK
|
|
@@ -182,10 +186,17 @@ export class OID4Client {
|
|
|
182
186
|
Cache-Control: no-store
|
|
183
187
|
|
|
184
188
|
{
|
|
185
|
-
"format": "ldp_vc"
|
|
189
|
+
"format": "ldp_vc",
|
|
186
190
|
"credential" : {...}
|
|
187
191
|
}
|
|
188
192
|
|
|
193
|
+
OR (if multiple VCs *of the same type* were issued)
|
|
194
|
+
|
|
195
|
+
{
|
|
196
|
+
"format": "ldp_vc",
|
|
197
|
+
"credentials" : {...}
|
|
198
|
+
}
|
|
199
|
+
|
|
189
200
|
OR (if multiple `requests` were given)
|
|
190
201
|
|
|
191
202
|
{
|
|
@@ -393,19 +404,29 @@ function _isPresentationRequired(error) {
|
|
|
393
404
|
return error.status === 400 && errorType === 'presentation_required';
|
|
394
405
|
}
|
|
395
406
|
|
|
396
|
-
function _createCredentialRequestsFromOffer({
|
|
407
|
+
function _createCredentialRequestsFromOffer({
|
|
408
|
+
issuerConfig, offer, format
|
|
409
|
+
}) {
|
|
397
410
|
// get any supported credential configurations from issuer config
|
|
398
411
|
const supported = _createSupportedCredentialsMap({issuerConfig});
|
|
399
412
|
|
|
400
|
-
// build requests from credentials identified in `offer`
|
|
413
|
+
// build requests from credentials identified in `offer` and remove any
|
|
414
|
+
// that do not match the given format
|
|
401
415
|
const credentials = offer.credential_configuration_ids ?? offer.credentials;
|
|
402
|
-
|
|
416
|
+
const requests = credentials.map(c => {
|
|
403
417
|
if(typeof c === 'string') {
|
|
404
418
|
// use supported credential config
|
|
405
419
|
return _getSupportedCredentialById({id: c, supported});
|
|
406
420
|
}
|
|
407
421
|
return c;
|
|
408
|
-
});
|
|
422
|
+
}).filter(r => r.format === format);
|
|
423
|
+
|
|
424
|
+
if(requests.length === 0) {
|
|
425
|
+
throw new Error(
|
|
426
|
+
`No supported credential(s) with format "${format}" found.`);
|
|
427
|
+
}
|
|
428
|
+
|
|
429
|
+
return requests;
|
|
409
430
|
}
|
|
410
431
|
|
|
411
432
|
function _createSupportedCredentialsMap({issuerConfig}) {
|
package/lib/index.js
CHANGED
package/lib/oid4vp.js
CHANGED
|
@@ -446,7 +446,9 @@ function _filterToValue({filter, strict = false}) {
|
|
|
446
446
|
partial support as it will be treated as a simple string not a regex; regex
|
|
447
447
|
is a DoS attack vector
|
|
448
448
|
|
|
449
|
-
`array`: with `
|
|
449
|
+
`array`: with `contains` where uses a `string` filter
|
|
450
|
+
|
|
451
|
+
`allOf`: supported only with the above schemas present in it.
|
|
450
452
|
|
|
451
453
|
*/
|
|
452
454
|
let value;
|
|
@@ -455,14 +457,18 @@ function _filterToValue({filter, strict = false}) {
|
|
|
455
457
|
if(type === 'array') {
|
|
456
458
|
if(filter.contains) {
|
|
457
459
|
if(Array.isArray(filter.contains)) {
|
|
458
|
-
|
|
459
|
-
} else {
|
|
460
|
-
value = _filterToValue({filter: filter.contains, strict});
|
|
460
|
+
return filter.contains.map(filter => _filterToValue({filter, strict}));
|
|
461
461
|
}
|
|
462
|
-
|
|
462
|
+
return _filterToValue({filter: filter.contains, strict});
|
|
463
|
+
}
|
|
464
|
+
if(Array.isArray(filter.allOf) && filter.allOf.every(f => f.contains)) {
|
|
465
|
+
return filter.allOf.map(
|
|
466
|
+
f => _filterToValue({filter: f.contains, strict}));
|
|
467
|
+
}
|
|
468
|
+
if(strict) {
|
|
463
469
|
throw new Error(
|
|
464
|
-
'Unsupported filter; array filters must use "
|
|
465
|
-
'with a string filter.');
|
|
470
|
+
'Unsupported filter; array filters must use "allOf" and/or ' +
|
|
471
|
+
'"contains" with a string filter.');
|
|
466
472
|
}
|
|
467
473
|
return value;
|
|
468
474
|
}
|
|
@@ -584,6 +590,13 @@ export function _fromQueryByExampleQuery({credentialQuery, prefixJwtVcPath}) {
|
|
|
584
590
|
const filter = {};
|
|
585
591
|
if(Array.isArray(value)) {
|
|
586
592
|
filter.type = 'array';
|
|
593
|
+
// FIXME: create `allOf`
|
|
594
|
+
/*filter.allOf = value.map(v => ({
|
|
595
|
+
contains: {
|
|
596
|
+
type: 'string',
|
|
597
|
+
const: v
|
|
598
|
+
}
|
|
599
|
+
}));*/
|
|
587
600
|
filter.contains = value.map(v => ({
|
|
588
601
|
type: 'string',
|
|
589
602
|
const: v
|
package/lib/util.js
CHANGED
|
@@ -162,6 +162,43 @@ export async function generateDIDProofJWT({
|
|
|
162
162
|
return signJWT({payload, protectedHeader, signer});
|
|
163
163
|
}
|
|
164
164
|
|
|
165
|
+
export async function getCredentialOffer({url, agent} = {}) {
|
|
166
|
+
const {protocol, searchParams} = new URL(url);
|
|
167
|
+
if(protocol !== 'openid-credential-offer:') {
|
|
168
|
+
throw new SyntaxError(
|
|
169
|
+
'"url" must express a URL with the ' +
|
|
170
|
+
'"openid-credential-offer" protocol.');
|
|
171
|
+
}
|
|
172
|
+
const offer = searchParams.get('credential_offer');
|
|
173
|
+
if(offer) {
|
|
174
|
+
return JSON.parse(offer);
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
// try to fetch offer from URL
|
|
178
|
+
const offerUrl = searchParams.get('credential_offer_uri');
|
|
179
|
+
if(!offerUrl) {
|
|
180
|
+
throw new SyntaxError(
|
|
181
|
+
'OID4VCI credential offer must have "credential_offer" or ' +
|
|
182
|
+
'"credential_offer_uri".');
|
|
183
|
+
}
|
|
184
|
+
|
|
185
|
+
if(!offerUrl.startsWith('https://')) {
|
|
186
|
+
const error = new Error(
|
|
187
|
+
`"credential_offer_uri" (${offerUrl}) must start with "https://".`);
|
|
188
|
+
error.name = 'NotSupportedError';
|
|
189
|
+
throw error;
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
const response = await fetchJSON({url: offerUrl, agent});
|
|
193
|
+
if(!response.data) {
|
|
194
|
+
const error = new Error(
|
|
195
|
+
`Credential offer fetched from "${offerUrl}" is not JSON.`);
|
|
196
|
+
error.name = 'DataError';
|
|
197
|
+
throw error;
|
|
198
|
+
}
|
|
199
|
+
return response.data;
|
|
200
|
+
}
|
|
201
|
+
|
|
165
202
|
export function parseCredentialOfferUrl({url} = {}) {
|
|
166
203
|
assert(url, 'url', 'string');
|
|
167
204
|
|