@kya-os/mcp-i-cloudflare 1.6.24 → 1.6.26

package/dist/services/consent.service.js

@@ -8,17 +8,20 @@
  */
 import { ConsentConfigService } from "./consent-config.service";
 import { ConsentPageRenderer } from "./consent-page-renderer";
-import { DEFAULT_AGENTSHIELD_URL, DEFAULT_SESSION_CACHE_TTL, } from "../constants";
+import { DEFAULT_AGENTSHIELD_URL, DEFAULT_SESSION_CACHE_TTL, KEY_PAIR_TTL_SECONDS, } from "../constants";
 import { STORAGE_KEYS } from "../constants/storage-keys";
 import { loadDay0Config, getDelegationFieldName } from "../utils/day0-config";
 import { validateConsentApprovalRequest, } from "@kya-os/contracts/consent";
 import { AGENTSHIELD_ENDPOINTS, createDelegationAPIResponseSchema, createDelegationResponseSchema, } from "@kya-os/contracts/agentshield-api";
-import { fetchRemoteConfig, createUnsignedVCJWT, completeVCJWT, parseVCJWT, base64urlEncodeFromBytes, base64urlDecodeToBytes, bytesToBase64, createDelegationVerifier, createDidKeyResolver, } from "@kya-os/mcp-i-core";
+import { fetchRemoteConfig, createUnsignedVCJWT, completeVCJWT, parseVCJWT, base64urlEncodeFromBytes, base64urlDecodeToBytes, bytesToBase64, generateDidKeyFromBase64, createDelegationVerifier, createDidKeyResolver, } from "@kya-os/mcp-i-core";
 import { wrapDelegationAsVC } from "@kya-os/contracts";
 import { WebCryptoProvider } from "../providers/crypto";
 import { ConsentAuditService } from "./consent-audit.service";
 import { CloudflareProofGenerator } from "../proof-generator";
 import { ProofService } from "./proof.service";
+import { createCredentialAuthHandler } from "./credential-auth.handler";
+import { IdpTokenStorage } from "./idp-token-storage";
+import { OAuthSecurityService } from "./oauth-security.service";
 export class ConsentService {
     configService;
     renderer;
@@ -179,16 +182,6 @@ export class ConsentService {
             return undefined;
         }
     }
-    /**
-     * Get or generate User DID for a session
-     *
-     * Phase 4 PR #1: Generates ephemeral DIDs for sessions
-     * Phase 4 PR #3: Checks OAuth mappings for persistent DIDs
-     *
-     * @param sessionId - Session ID
-     * @param oauthIdentity - Optional OAuth provider identity
-     * @returns User DID (did:key format)
-     */
     /**
      * Get user DID for a session
      *
@@ -316,16 +309,123 @@ export class ConsentService {
      * @returns UserKeyPair or null if not available
      */
     async getKeyPairForSession(sessionId, oauthIdentity) {
-        // Ensure UserDidManager is initialized
+        // Priority 1: Check direct KV storage by OAuth identity
+        // This is the primary storage location used by getOrCreateKeyPairForUser()
+        if (this.env.DELEGATION_STORAGE &&
+            oauthIdentity?.provider &&
+            oauthIdentity?.subject) {
+            try {
+                const key = STORAGE_KEYS.userKeyPair(oauthIdentity.provider, oauthIdentity.subject);
+                const stored = (await this.env.DELEGATION_STORAGE.get(key, "json"));
+                if (stored) {
+                    console.log("[ConsentService] Found key pair in KV storage");
+                    return stored;
+                }
+            }
+            catch (error) {
+                console.warn("[ConsentService] KV key pair lookup failed:", error);
+            }
+        }
+        // Priority 2: Try UserDidManager (legacy path, may not be initialized)
         if (!this.userDidManager) {
             // Initialize with storage if available
             await this.getUserDidForSession(sessionId, oauthIdentity);
         }
-        if (!this.userDidManager) {
-            console.warn("[ConsentService] UserDidManager not initialized");
+        if (this.userDidManager) {
+            const keyPair = await this.userDidManager.getKeyPairForSession(sessionId, oauthIdentity);
+            if (keyPair) {
+                return keyPair;
+            }
+        }
+        // No key pair found
+        return null;
+    }
+    /**
+     * Get or create key pair for a user (OAuth flow VC signing)
+     *
+     * Unlike getKeyPairForSession which only retrieves, this method
+     * GENERATES a new key pair if one doesn't exist.
+     *
+     * NOTE: The generated key pair has its own did:key which may differ
+     * from AgentShield's persistentUserDid. Both are tied to the same
+     * OAuth identity. See docs/proposals/VC/AGENTSHIELD_SIGNING_ENDPOINT.md
+     * for the future cleaner architecture.
+     *
+     * @param sessionId - Session ID for caching
+     * @param oauthIdentity - OAuth identity for persistent storage
+     * @returns UserKeyPair or null if generation fails
+     */
+    async getOrCreateKeyPairForUser(sessionId, oauthIdentity) {
+        // 1. Try existing lookup first
+        const existingKeyPair = await this.getKeyPairForSession(sessionId, oauthIdentity);
+        if (existingKeyPair) {
+            console.log("[ConsentService] Found existing key pair for OAuth identity");
+            return existingKeyPair;
+        }
+        // 2. Check KV storage directly by OAuth identity
+        if (this.env.DELEGATION_STORAGE &&
+            oauthIdentity.provider &&
+            oauthIdentity.subject) {
+            try {
+                const key = STORAGE_KEYS.userKeyPair(oauthIdentity.provider, oauthIdentity.subject);
+                const stored = (await this.env.DELEGATION_STORAGE.get(key, "json"));
+                if (stored) {
+                    console.log("[ConsentService] Found key pair in KV storage");
+                    return stored;
+                }
+            }
+            catch (error) {
+                console.warn("[ConsentService] KV key pair lookup failed:", error);
+            }
+        }
+        // 3. Generate new key pair
+        console.log("[ConsentService] Generating new key pair for OAuth identity");
+        try {
+            const crypto = new WebCryptoProvider();
+            const rawKeyPair = await crypto.generateKeyPair();
+            // Generate did:key from public key
+            const did = this.generateDidKeyFromPublicKey(rawKeyPair.publicKey);
+            const keyId = `${did}#keys-1`;
+            const keyPair = {
+                did,
+                publicKey: rawKeyPair.publicKey,
+                privateKey: rawKeyPair.privateKey,
+                keyId,
+            };
+            // 4. Persist to KV by OAuth identity (1 year TTL)
+            // Note: Persistence failure is non-fatal - key pair can still be used
+            if (this.env.DELEGATION_STORAGE &&
+                oauthIdentity.provider &&
+                oauthIdentity.subject) {
+                try {
+                    const key = STORAGE_KEYS.userKeyPair(oauthIdentity.provider, oauthIdentity.subject);
+                    await this.env.DELEGATION_STORAGE.put(key, JSON.stringify(keyPair), {
+                        expirationTtl: KEY_PAIR_TTL_SECONDS,
+                    });
+                    console.log("[ConsentService] Key pair persisted to KV storage");
+                }
+                catch (persistError) {
+                    console.warn("[ConsentService] KV key pair persistence failed (non-fatal):", persistError);
+                }
+            }
+            console.log("[ConsentService] Key pair generated:", {
+                did: did.substring(0, 30) + "...",
+                keyId,
+            });
+            return keyPair;
+        }
+        catch (error) {
+            console.error("[ConsentService] Key pair generation failed:", error);
             return null;
         }
-        return await this.userDidManager.getKeyPairForSession(sessionId, oauthIdentity);
+    }
+    /**
+     * Generate did:key from Ed25519 public key (base64)
+     * Delegates to shared utility in @kya-os/mcp-i-core
+     * Following spec: https://w3c-ccg.github.io/did-method-key/
+     */
+    generateDidKeyFromPublicKey(publicKeyBase64) {
+        return generateDidKeyFromBase64(publicKeyBase64);
     }
     /**
      * Issue a Delegation Verifiable Credential as JWT
@@ -338,23 +438,25 @@ export class ConsentService {
      * @param delegation - The delegation record to wrap as a VC
      * @param sessionId - Session ID for key pair retrieval
      * @param oauthIdentity - Optional OAuth identity for persistent key lookup
+     * @param providedKeyPair - Optional key pair to use directly (avoids re-lookup, handles KV persistence failures)
      * @returns JWT string (header.payload.signature) or null if key pair unavailable
      */
-    async issueDelegationVC(delegation, sessionId, oauthIdentity) {
-        // Get the key pair for signing
-        const keyPair = await this.getKeyPairForSession(sessionId, oauthIdentity);
+    async issueDelegationVC(delegation, sessionId, oauthIdentity, providedKeyPair) {
+        // Use provided key pair or look it up
+        // This allows callers to pass a key pair directly when KV persistence may have failed
+        const keyPair = providedKeyPair ??
+            (await this.getKeyPairForSession(sessionId, oauthIdentity));
         if (!keyPair) {
             console.warn("[ConsentService] Cannot issue VC: no key pair available for session");
             return null;
         }
         try {
             // Step 1: Create the unsigned VC
+            // Note: wrapDelegationAsVC handles notAfter→expirationDate conversion correctly
+            // (multiplies seconds by 1000 for Date constructor)
             const unsignedVC = wrapDelegationAsVC(delegation, {
                 id: `urn:uuid:${delegation.id}`,
                 issuanceDate: new Date().toISOString(),
-                expirationDate: delegation.constraints.notAfter
-                    ? new Date(delegation.constraints.notAfter).toISOString()
-                    : undefined,
             });
             // Override issuer with the user's DID (not the agent's DID)
             const vcWithCorrectIssuer = {
@@ -679,7 +781,9 @@ export class ConsentService {
         //
         // Examples: GitHub Apps (PKCE, no proxy), Google (PKCE, no proxy)
         // Counter-example: GitHub OAuth Apps (PKCE supported, but proxyMode=true for client_secret)
-        if (providerConfig && providerConfig.supportsPKCE && !providerConfig.proxyMode) {
+        if (providerConfig &&
+            providerConfig.supportsPKCE &&
+            !providerConfig.proxyMode) {
             // Use providerConfig.clientId from AgentShield dashboard config
             const oauthClientId = providerConfig.clientId || projectId;
             console.log("[ConsentService] Using direct OAuth mode (PKCE)", {
@@ -800,13 +904,13 @@ export class ConsentService {
      * Link OAuth identity to User DID
      *
      * Maps OAuth provider identity (provider + subject) to a persistent User DID.
-     * If an ephemeral DID exists for the session, it becomes persistent.
-     *
-     * Phase 4 PR #3: OAuth Identity Linking
+     * Phase 5: Requires existing userDid from AgentShield /identity/resolve endpoint.
+     * Throws error if session has no user DID (enforces OAuth → identity flow).
      *
      * @param oauthIdentity - OAuth provider identity
-     * @param sessionId - Current session ID (for ephemeral DID lookup)
+     * @param sessionId - Current session ID
      * @returns Persistent User DID
+     * @throws Error if no userDid exists for the session
      */
     async linkOAuthToUserDid(oauthIdentity, sessionId) {
         if (!this.env.DELEGATION_STORAGE) {
@@ -2258,6 +2362,13 @@ export class ConsentService {
                 bodyKeys: Object.keys(body || {}),
                 hasOAuthIdentity: !!body?.oauth_identity,
             });
+            // CRED-003: Check for credential provider submission
+            // Credential submissions include `provider_type: 'credential'` and are handled separately
+            const bodyObj = body;
+            if (bodyObj?.provider_type === "credential") {
+                console.log("[ConsentService] Credential submission detected");
+                return this.handleCredentialApproval(bodyObj);
+            }
             // Convert null oauth_identity to undefined for proper schema validation
             // Zod's .nullish() should handle null, but converting to undefined is more explicit
             // and avoids potential edge cases with FormData parsing
@@ -2448,10 +2559,9 @@ export class ConsentService {
             // Load Day0 configuration to determine field name and API capabilities
             await loadDay0Config(this.env.DELEGATION_STORAGE);
             const fieldName = await getDelegationFieldName(this.env.DELEGATION_STORAGE);
-            // Get userDID from session or generate new ephemeral DID
-            // Phase 4 PR #3: Use OAuth identity if provided in approval request
-            // CRITICAL: Must work with or without OAuth identity
-            // CRITICAL: Always generate ephemeral DID if session_id is available, even without DELEGATION_STORAGE
+            // Get userDID from session (Phase 5: returns null for anonymous sessions)
+            // OAuth identity is resolved via AgentShield /identity/resolve endpoint
+            // CRITICAL: Must work with or without OAuth identity - delegation is valid even without user_identifier
             let userDid;
             if (request.session_id) {
                 try {
@@ -2488,8 +2598,11 @@ export class ConsentService {
             if (request.session_id && userDid) {
                 try {
                     // Create a local delegation record for VC issuance
+                    // NOTE: notAfter/notBefore use SECONDS (per contracts schema)
+                    //       createdAt uses MILLISECONDS (per contracts schema)
                     const delegationId = crypto.randomUUID();
-                    const notAfter = Date.now() + expiresInDays * 24 * 60 * 60 * 1000;
+                    const nowSec = Math.floor(Date.now() / 1000);
+                    const notAfter = nowSec + expiresInDays * 24 * 60 * 60; // seconds
                     const scopes = request.scopes ?? [];
                     const localDelegation = {
                         id: delegationId,
@@ -2499,11 +2612,11 @@ export class ConsentService {
                         constraints: {
                             scopes,
                             notAfter,
-                            notBefore: Date.now(),
+                            notBefore: nowSec,
                         },
-                        signature: "", // Will be in JWT
+                        signature: "vc-jwt-signed", // Placeholder - actual signature is in the VC-JWT
                         status: "active",
-                        createdAt: Date.now(),
+                        createdAt: Date.now(), // milliseconds per schema
                     };
                     const vcResult = await this.issueDelegationVC(localDelegation, request.session_id, request.oauth_identity || undefined);
                     credentialJwt = vcResult ?? undefined;
@@ -2764,6 +2877,386 @@ export class ConsentService {
             simplifiedFormat: this.buildSimplifiedFormatRequest(request, userDid, expiresInDays, fieldName, credentialJwt),
         };
     }
+    // ============================================================================
+    // Credential Provider Handling (CRED-003)
+    // ============================================================================
+    /**
+     * Handle credential-based authentication submission
+     *
+     * Authenticates user credentials against customer's endpoint, resolves identity
+     * via AgentShield, stores token with usage metadata, and creates delegation.
+     *
+     * @param body - Raw request body with credential fields
+     * @returns JSON response
+     */
+    async handleCredentialApproval(body) {
+        console.log("[ConsentService] Processing credential approval");
+        // Extract standard fields
+        const { tool, scopes: rawScopes, agent_did, session_id, project_id, provider, provider_type, csrf_token, ...credentials } = body;
+        // Parse scopes - handles double JSON encoding from form submission
+        // The form stores scopes as JSON string, then JS submits it as JSON again
+        const scopes = this.parseScopes(rawScopes);
+        // Basic validation - includes provider to avoid misleading errors
+        if (!tool || !session_id || !project_id || !agent_did || !provider) {
+            const missingFields = [
+                !tool && "tool",
+                !session_id && "session_id",
+                !project_id && "project_id",
+                !agent_did && "agent_did",
+                !provider && "provider",
+            ].filter(Boolean);
+            return new Response(JSON.stringify({
+                success: false,
+                error: `Missing required fields: ${missingFields.join(", ")}`,
+                error_code: "validation_error",
+            }), { status: 400, headers: { "Content-Type": "application/json" } });
+        }
+        // Validate CSRF token
+        if (!csrf_token || typeof csrf_token !== "string") {
+            console.warn("[ConsentService] Missing or invalid CSRF token");
+            return new Response(JSON.stringify({
+                success: false,
+                error: "Invalid or missing CSRF token",
+                error_code: "csrf_error",
+            }), { status: 403, headers: { "Content-Type": "application/json" } });
+        }
+        // Validate CSRF token against stored value
+        const csrfValid = await this.validateCredentialCsrfToken(csrf_token, session_id);
+        if (!csrfValid) {
+            console.warn("[ConsentService] CSRF token validation failed", {
+                sessionId: session_id.substring(0, 20) + "...",
+            });
+            return new Response(JSON.stringify({
+                success: false,
+                error: "CSRF token validation failed",
+                error_code: "csrf_error",
+            }), { status: 403, headers: { "Content-Type": "application/json" } });
+        }
+        try {
+            // 1. Fetch credential provider config from AgentShield
+            const providerConfig = await this.getCredentialProviderConfig(project_id, provider);
+            if (!providerConfig) {
+                console.error("[ConsentService] Credential provider config not found", {
+                    projectId: project_id,
+                    provider,
+                });
+                return new Response(JSON.stringify({
+                    success: false,
+                    error: "Provider configuration not found",
+                    error_code: "provider_not_found",
+                }), { status: 400, headers: { "Content-Type": "application/json" } });
+            }
+            // 2. Authenticate with customer's endpoint
+            const credentialHandler = createCredentialAuthHandler({
+                fetch: globalThis.fetch,
+                logger: (msg, data) => console.log(msg, data),
+            });
+            const authResult = await credentialHandler.authenticate(providerConfig, credentials);
+            if (!authResult.success) {
+                console.error("[ConsentService] Credential authentication failed", {
+                    error: authResult.error,
+                });
+                return new Response(JSON.stringify({
+                    success: false,
+                    error: authResult.error || "Authentication failed",
+                    error_code: "auth_failed",
+                }), { status: 401, headers: { "Content-Type": "application/json" } });
+            }
+            console.log("[ConsentService] ✅ Credential authentication successful");
+            // 3. Resolve identity via AgentShield
+            const identityResult = await this.resolveCredentialIdentity({
+                projectId: project_id,
+                provider: provider,
+                userId: authResult.userId || "unknown",
+                userEmail: authResult.userEmail,
+                userDisplayName: authResult.userDisplayName,
+            });
+            if (!identityResult.success || !identityResult.userDid) {
+                return new Response(JSON.stringify({
+                    success: false,
+                    error: "Identity resolution failed",
+                    error_code: "identity_resolution_failed",
+                }), { status: 500, headers: { "Content-Type": "application/json" } });
+            }
+            console.log("[ConsentService] ✅ Identity resolved", {
+                userDid: identityResult.userDid.substring(0, 30) + "...",
+            });
+            // 4. Store token in IdpTokenStorage with usage metadata
+            await this.storeCredentialToken({
+                userDid: identityResult.userDid,
+                provider: provider,
+                sessionToken: authResult.sessionToken,
+                providerConfig,
+                expiresIn: authResult.expiresIn,
+                scopes,
+            });
+            console.log("[ConsentService] ✅ Token stored");
+            // 5. Create delegation using standard flow
+            const approvalRequest = {
+                tool: tool,
+                scopes,
+                agent_did: agent_did,
+                session_id: session_id,
+                project_id: project_id,
+                termsAccepted: true,
+                user_did: identityResult.userDid,
+            };
+            const delegationResult = await this.createDelegation(approvalRequest);
+            if (!delegationResult.success) {
+                return new Response(JSON.stringify({
+                    success: false,
+                    error: delegationResult.error || "Delegation creation failed",
+                    error_code: delegationResult.error_code || "delegation_failed",
+                }), { status: 500, headers: { "Content-Type": "application/json" } });
+            }
+            console.log("[ConsentService] ✅ Credential approval complete", {
+                delegationId: delegationResult.delegation_id?.substring(0, 20) + "...",
+            });
+            // Store delegation token
+            await this.storeDelegationToken(session_id, agent_did, delegationResult.delegation_token, delegationResult.delegation_id);
+            // Return success with redirect URL
+            const serverUrl = this.env.MCP_SERVER_URL || "";
+            const redirectUrl = `${serverUrl}/consent/success?delegation_id=${encodeURIComponent(delegationResult.delegation_id)}&project_id=${encodeURIComponent(project_id)}`;
+            return new Response(JSON.stringify({
+                success: true,
+                delegation_id: delegationResult.delegation_id,
+                delegation_token: delegationResult.delegation_token,
+                redirectUrl,
+            }), { status: 200, headers: { "Content-Type": "application/json" } });
+        }
+        catch (error) {
+            console.error("[ConsentService] Credential approval error:", error);
+            return new Response(JSON.stringify({
+                success: false,
+                error: error instanceof Error ? error.message : "Internal error",
+                error_code: "internal_error",
+            }), { status: 500, headers: { "Content-Type": "application/json" } });
+        }
+    }
+    /**
+     * Parse scopes from form data, handling double JSON encoding
+     *
+     * The credential form stores scopes as a JSON string in a hidden input,
+     * then the form submission script JSON-stringifies the entire form data.
+     * This causes double-encoding: "[\"scope1\"]" instead of ["scope1"]
+     *
+     * @param rawScopes - Raw scopes value from form (may be string or array)
+     * @returns Parsed string array of scopes
+     */
+    parseScopes(rawScopes) {
+        // Already an array - return as-is
+        if (Array.isArray(rawScopes)) {
+            return rawScopes;
+        }
+        // String that looks like JSON array - parse it
+        if (typeof rawScopes === "string" && rawScopes.startsWith("[")) {
+            try {
+                const parsed = JSON.parse(rawScopes);
+                if (Array.isArray(parsed)) {
+                    return parsed;
+                }
+            }
+            catch {
+                console.warn("[ConsentService] Failed to parse scopes JSON:", rawScopes);
+            }
+        }
+        // Single string scope - wrap in array
+        if (typeof rawScopes === "string" && rawScopes.length > 0) {
+            return [rawScopes];
+        }
+        // Default to empty array
+        return [];
+    }
+    /**
+     * Fetch credential provider config from AgentShield
+     */
+    async getCredentialProviderConfig(projectId, providerName) {
+        // TODO: Implement once CRED-002 V1 API is complete
+        // For now, try to fetch from the config endpoint
+        const agentShieldUrl = this.env.AGENTSHIELD_API_URL || DEFAULT_AGENTSHIELD_URL;
+        const apiKey = this.env.AGENTSHIELD_API_KEY;
+        if (!apiKey) {
+            console.warn("[ConsentService] No AgentShield API key configured");
+            return null;
+        }
+        try {
+            const response = await fetch(`${agentShieldUrl}/api/v1/bouncer/projects/${projectId}/config`, {
+                headers: {
+                    "X-API-Key": apiKey,
+                    "Content-Type": "application/json",
+                },
+            });
+            if (!response.ok) {
+                return null;
+            }
+            const data = (await response.json());
+            const providers = data?.data?.providers;
+            if (providers && providerName in providers) {
+                const provider = providers[providerName];
+                if (provider.type === "credential") {
+                    return provider;
+                }
+            }
+            return null;
+        }
+        catch (error) {
+            console.error("[ConsentService] Failed to fetch provider config:", error);
+            return null;
+        }
+    }
+    /**
+     * Resolve identity via AgentShield for credential-based auth
+     */
+    async resolveCredentialIdentity(params) {
+        const agentShieldUrl = this.env.AGENTSHIELD_API_URL || DEFAULT_AGENTSHIELD_URL;
+        const apiKey = this.env.AGENTSHIELD_API_KEY;
+        if (!apiKey) {
+            console.warn("[ConsentService] No AgentShield API key for identity resolution");
+            return { success: false };
+        }
+        try {
+            const response = await fetch(`${agentShieldUrl}/api/v1/bouncer/identity/resolve`, {
+                method: "POST",
+                headers: {
+                    "X-API-Key": apiKey,
+                    "Content-Type": "application/json",
+                },
+                body: JSON.stringify({
+                    project_id: params.projectId,
+                    credential_result: {
+                        provider: params.provider,
+                        user_id: params.userId,
+                        email: params.userEmail,
+                        name: params.userDisplayName,
+                    },
+                }),
+            });
+            if (!response.ok) {
+                return { success: false };
+            }
+            const data = (await response.json());
+            return {
+                success: true,
+                userDid: data?.data?.user_did,
+            };
+        }
+        catch (error) {
+            console.error("[ConsentService] Identity resolution failed:", error);
+            return { success: false };
+        }
+    }
+    /**
+     * Store credential token in IdpTokenStorage with usage metadata
+     */
+    async storeCredentialToken(params) {
+        const delegationStorage = this.env.DELEGATION_STORAGE;
+        if (!delegationStorage) {
+            console.warn("[ConsentService] No DELEGATION_STORAGE for credential tokens");
+            return;
+        }
+        const oauthSecurityService = new OAuthSecurityService(delegationStorage, this.env.OAUTH_ENCRYPTION_SECRET);
+        const idpTokenStorage = new IdpTokenStorage({
+            storage: delegationStorage,
+            oauthSecurityService,
+        });
+        // Default expiration: 7 days if not specified
+        const expiresAt = params.expiresIn
+            ? Date.now() + params.expiresIn * 1000
+            : Date.now() + 7 * 24 * 60 * 60 * 1000;
+        await idpTokenStorage.storeToken(params.userDid, params.provider, params.scopes, {
+            access_token: params.sessionToken,
+            expires_at: expiresAt,
+            token_type: "credential",
+            // CRED-003: Include usage metadata
+            tokenUsage: params.providerConfig.tokenUsage || "cookie",
+            tokenHeader: params.providerConfig.tokenHeader,
+            cookieFormat: params.providerConfig.cookieFormat,
+            apiHeaders: params.providerConfig.apiHeaders,
+        });
+    }
+    /**
+     * Validate CSRF token for credential form submission
+     *
+     * Uses the same KV-based storage pattern as OAuth state validation.
+     * Token is stored when rendering the credential form and validated on submission.
+     *
+     * @param token - CSRF token from form submission
+     * @param sessionId - Session ID the token was issued for
+     * @returns True if token is valid
+     */
+    async validateCredentialCsrfToken(token, sessionId) {
+        const delegationStorage = this.env.DELEGATION_STORAGE;
+        if (!delegationStorage) {
+            console.warn("[ConsentService] No DELEGATION_STORAGE for CSRF validation, skipping");
+            // Return true to allow flow to continue (graceful degradation)
+            // This matches OAuth behavior when storage is unavailable
+            return true;
+        }
+        try {
+            const csrfKey = STORAGE_KEYS.credentialCsrf(sessionId);
+            const storedToken = await delegationStorage.get(csrfKey);
+            if (!storedToken) {
+                console.warn("[ConsentService] No stored CSRF token found");
+                return false;
+            }
+            // Constant-time comparison to prevent timing attacks
+            const isValid = this.constantTimeCompare(token, storedToken);
+            // Delete token after use (one-time use)
+            if (isValid) {
+                await delegationStorage.delete(csrfKey);
+            }
+            return isValid;
+        }
+        catch (error) {
+            console.error("[ConsentService] CSRF validation error:", error);
+            return false;
+        }
+    }
+    /**
+     * Store CSRF token for credential form
+     *
+     * Called when rendering the credential form page.
+     *
+     * @param sessionId - Session ID to associate token with
+     * @returns Generated CSRF token
+     */
+    async storeCredentialCsrfToken(sessionId) {
+        const delegationStorage = this.env.DELEGATION_STORAGE;
+        // Generate cryptographically secure token
+        const tokenBytes = crypto.getRandomValues(new Uint8Array(32));
+        const token = btoa(String.fromCharCode(...tokenBytes))
+            .replace(/\+/g, "-")
+            .replace(/\//g, "_")
+            .replace(/=/g, "");
+        if (!delegationStorage) {
+            console.warn("[ConsentService] No DELEGATION_STORAGE for CSRF storage");
+            // Return token anyway - form will submit but validation will skip
+            return token;
+        }
+        try {
+            const csrfKey = STORAGE_KEYS.credentialCsrf(sessionId);
+            // 10 minute TTL matches OAuth state TTL
+            await delegationStorage.put(csrfKey, token, { expirationTtl: 600 });
+            console.log("[ConsentService] CSRF token stored for credential form");
+        }
+        catch (error) {
+            console.error("[ConsentService] CSRF token storage error:", error);
+        }
+        return token;
+    }
+    /**
+     * Constant-time string comparison to prevent timing attacks
+     */
+    constantTimeCompare(a, b) {
+        if (a.length !== b.length) {
+            return false;
+        }
+        let result = 0;
+        for (let i = 0; i < a.length; i++) {
+            result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+        }
+        return result === 0;
+    }
     /**
      * Build full DelegationRecord format request (future format)
      */
@@ -2773,7 +3266,7 @@ export class ConsentService {
         const scopes = request.scopes ?? [];
         const delegationRecord = {
             id: crypto.randomUUID(),
-            issuerDid: userDid || "did:key:z6MkEphemeral", // Use ephemeral if no userDid
+            issuerDid: userDid, // Phase 5: userDid is required; undefined if session is anonymous
             subjectDid: request.agent_did,
             constraints: {
                 scopes,
@@ -2834,7 +3327,7 @@ export class ConsentService {
             });
         }
         else {
-            console.log("[ConsentService] No user_identifier (no OAuth or ephemeral DID) - delegation will proceed without it");
+            console.log("[ConsentService] No user_identifier (session is anonymous) - delegation will proceed without it");
         }
         // Phase 2 VC-Only: Include credential_jwt if available
         if (credentialJwt) {