@mattrglobal/verifier-sdk-web 1.0.2-unstable.98 → 2.0.0-preview-digital-credential-api.1

package/README.md

@@ -2,9 +2,10 @@
 
 # Table of Contents
 
-- [Licensing](#licensing)
-- [Overview](#overview)
-- [Features](#features)
+- [General](#general)
+  - [Licensing](#licensing)
+  - [Overview](#overview)
+  - [Features](#features)
 - [Getting started](#getting-started)
   - [How to get access to the MATTR Pi Verifier Web SDK](#how-to-get-access-to-the-mattr-pi-verifier-web-sdk)
   - [Installation](#installation)
@@ -23,23 +24,27 @@
   - [Request credentials with explicit cross-device flow](#request-credentials-with-explicit-cross-device-flow)
 - [Error Handling](#error-handling)
 
-# Licensing
+# General
+
+## Licensing
 
 Request or download the
 [MATTR Pi SDK Trial Licence Agreement](https://learn.mattr.global/docs/terms/mattr-pi-sdk-licence-agreement) and the
 [MATTR Customer Agreement](https://learn.mattr.global/docs/terms/customer-agreement) and review these terms carefully.
 
-# Overview
+## Overview
 
-The Verifier Web SDK is a powerful tool for integrating online credential verification capabilities into your web applications. It enables secure and efficient verification of [Mobile Credentials](https://learn.mattr.global/docs/profiles/mobile), supporting both [same-device](https://learn.mattr.global/docs/profiles/mobile/verification-workflows/online#same-device-verification-workflow) and [cross-device](https://learn.mattr.global/docs/profiles/mobile/verification-workflows/online#cross-device-verification-workflow) verification workflows. The SDK leverages the MATTR VII platform to handle credential presentation and verification processes.
+The Verifier Web SDK is a powerful tool for integrating online credential verification capabilities into your web applications. It enables secure and efficient verification of [mDocs](https://learn.mattr.global/docs/formats/mdocs), supporting both [same-device](https://learn.mattr.global/docs/formats/mdocs/verification-workflows/online#same-device-verification-workflow) and [cross-device](https://learn.mattr.global/docs/formats/mdocs/verification-workflows/online#cross-device-verification-workflow) verification workflows. The SDK leverages the MATTR VII platform to handle credential presentation and verification processes.
 
-# Features
+## Features
 
 * Simple integration into web applications.
 * Supports both same-device and cross-device presentation flows.
-* Secure handling of credential requests and responses.
+* Secure handling of mDocs requests and responses.
 * Compliant with [ISO/IEC DTS 18013-7](https://www.iso.org/standard/82772.html).
 
+> In this SDK mDocs are referred to as Mobile Credentials.
+
 # Getting started
 
 ## How to get access to the MATTR Pi Verifier Web SDK
@@ -149,14 +154,14 @@ This behavior can be explicitly overridden by specifying the desired mode in the
 
 ## Define wallet identifiers
 
-You can define an identifier of a specific wallet you want to invoke with this verification request. The identifier defined by the SDK in the credential request must match one of the identifiers defined in the [`walletProviders` array](https://learn.mattr.global/api-reference/latest/tag/Mobile-Credentials-Verification#operation/putVerifierConfiguration!path=walletProviders/id&t=request) of the MATTR VII tenant's verifier configuration.
-* If an identifier is provided and matches the `id` of one of the objects in the `walletProviders` array, the verifier tenant will invoke that specific wallet using its corresponding [`authorizationEndpoint`](https://learn.mattr.global/api-reference/latest/tag/Mobile-Credentials-Verification#operation/putVerifierConfiguration!path=walletProviders/authorizationEndpoint&t=request).
+You can define an identifier of a specific wallet you want to invoke with this verification request. The identifier defined by the SDK in the credential request must match one of the identifiers defined in the [`walletProviders` array](https://learn.mattr.global/api-reference/latest/tag/mDocs-verification#operation/putVerifierConfiguration!path=walletProviders/id&t=request) of the MATTR VII tenant's verifier configuration.
+* If an identifier is provided and matches the `id` of one of the objects in the `walletProviders` array, the verifier tenant will invoke that specific wallet using its corresponding [`authorizationEndpoint`](https://learn.mattr.global/api-reference/latest/tag/mDocs-verification#operation/putVerifierConfiguration!path=walletProviders/authorizationEndpoint&t=request).
 * If an identifier is provided and does not match the `id` of any of the objects in the `walletProviders array`, the request will fail.
 * If an identifier is not provided, the verifier tenant will use `mdoc-openid4vp://` (default OID4VP scheme) to invoke any wallet.
 
 ## Configure redirectUri
 
-When using the same-device presentation flow, the SDK must define what URI to redirect the user to once they complete the verification workflow in their wallet app. This can be any URI (including custom URI schemes), and must match one of the values defined in the [`redirectUris` array](https://learn.mattr.global/latest/tag/Mobile-Credentials-Verification#operation/putVerifierConfiguration!path=redirectUris&t=request) in the MATTR VII tenant's verifier configuration.
+When using the same-device presentation flow, the SDK must define what URI to redirect the user to once they complete the verification workflow in their wallet app. This can be any URI (including custom URI schemes), and must match one of the values defined in the [`redirectUris` array](https://learn.mattr.global/latest/tag/mDocs-verification#operation/putVerifierConfiguration!path=redirectUris&t=request) in the MATTR VII tenant's verifier configuration.
 
 # Request credentials examples
 
@@ -182,9 +187,9 @@ const result = await MATTRVerifierSDK.requestCredentials({
 * `apiBaseUrl` : Replace with the [`tenant_url`](https://learn.mattr.global/docs/security/authentication) of your MATTR VII verifier tenant.
 * `credentialQuery`: The credential query to be used in the request.
 * `challenge`: The challenge that will be passed to the MATTR VII tenant with the request to create a presentation session. This example uses the SDK built-in method to generate the challenge, but you can replace it with a challenge generated by your backend system.
-* `walletProviderId`: Replace with a wallet identifier that matches one of the values in the [`walletProviders` array](https://learn.mattr.global/api-reference/latest/tag/Mobile-Credentials-Verification#operation/putVerifierConfiguration!path=walletProviders/id&t=request) of the MATTR VII tenant's verifier configuration.
+* `walletProviderId`: Replace with a wallet identifier that matches one of the values in the [`walletProviders` array](https://learn.mattr.global/api-reference/latest/tag/mDocs-verification#operation/putVerifierConfiguration!path=walletProviders/id&t=request) of the MATTR VII tenant's verifier configuration.
 * `mode`: When omitted, the SDK defaults to automatically selecting a flow based on the browser's user agent (set to `undefined` in the example for clarity).
-* `redirectUri` Replace with a URI that matches one of the values in the [`redirectUris` array](https://learn.mattr.global/latest/tag/Mobile-Credentials-Verification#operation/putVerifierConfiguration!path=redirectUris&t=request) in the MATTR VII tenant's verifier configuration.
+* `redirectUri` Replace with a URI that matches one of the values in the [`redirectUris` array](https://learn.mattr.global/latest/tag/mDocs-verification#operation/putVerifierConfiguration!path=redirectUris&t=request) in the MATTR VII tenant's verifier configuration.
 * `crossDeviceCallback`: Defines how to handle completion (`onComplete`) or failure (`onFailure`) of the verification workflow.
 
 ## Request credentials with explicit same-device flow

package/dist/lib/verifier-js-no-deps.cjs.js

@@ -7,8 +7,8 @@
  * Do Not Translate or Localize
  *
  * Bundle of @mattrglobal/verifier-sdk-web
- * Generated: 2024-10-18
- * Version: 1.0.1
+ * Generated: 2024-10-21
+ * Version: 2.0.0-preview-digital-credential-api.1
  * Dependencies:
  */
 
@@ -200,6 +200,11 @@ const CreateSessionResponseValidator = v__namespace.object({
     sessionUrl: v__namespace.string()
 });
 
+const CreateDigitalCredentialsApiSessionResponseValidator = v__namespace.object({
+    sessionId: v__namespace.string(),
+    request: v__namespace.object({})
+});
+
 var LocalStorageKey;
 
 (function(LocalStorageKey) {
@@ -262,7 +267,9 @@ exports.RequestCredentialsErrorType = void 0;
 })(exports.RequestCredentialsErrorType || (exports.RequestCredentialsErrorType = {}));
 
 const InitialiseOptionsValidator = v__namespace.object({
-    apiBaseUrl: v__namespace.string()
+    apiBaseUrl: v__namespace.string(),
+    enableDigitalCredentialsApiSameDeviceFlow: v__namespace.optional(v__namespace.boolean()),
+    enableDigitalCredentialsApiCrossDeviceFlow: v__namespace.optional(v__namespace.boolean())
 });
 
 let initialiseOptions = undefined;
@@ -378,6 +385,64 @@ const isMobileDetect = userAgent => isMobile.isMobile({
     tablet: false
 });
 
+const isDigitalCredentialsApiSupported = () => {
+    var _a;
+    try {
+        return typeof ((_a = navigator === null || navigator === void 0 ? void 0 : navigator.identity) === null || _a === void 0 ? void 0 : _a.get) === "function";
+    } catch (error) {
+        return false;
+    }
+};
+
+const createDigitalCredentialsApiSession = async ({credentialQuery: credentialQuery, challenge: challenge, apiBaseUrl: apiBaseUrl}) => {
+    const postData = {
+        credentialQuery: credentialQuery,
+        challenge: challenge
+    };
+    const responseResult = await safeFetch(`${apiBaseUrl}/v2/presentations/sessions/browserApi/request`, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json"
+        },
+        body: JSON.stringify(postData)
+    });
+    if (responseResult.isErr()) {
+        return neverthrow.err(responseResult.error);
+    }
+    const data = await responseResult.value.json();
+    if (!isType(CreateDigitalCredentialsApiSessionResponseValidator)(data)) {
+        return neverthrow.err({
+            type: SafeFetchCommonRespondErrorType.UnexpectedRespond,
+            message: "Create digital credentials api session return unsupported response"
+        });
+    }
+    return neverthrow.ok(data);
+};
+
+const getDigitalCredentialsApiSessionResult = async ({challenge: challenge, sessionId: sessionId, response: response, apiBaseUrl: apiBaseUrl}) => {
+    const postData = {
+        challenge: challenge,
+        sessionId: sessionId,
+        response: response
+    };
+    const fetchResultFn = async () => await safeFetch(`${apiBaseUrl}/v2/presentations/sessions/browserApi/response`, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json"
+        },
+        body: JSON.stringify(postData)
+    });
+    const responseResult = await withRetrySafeFetch(fetchResultFn, {
+        retries: 2,
+        retryHttpStatus: 404
+    });
+    if (responseResult.isErr()) {
+        return neverthrow.err(responseResult.error);
+    }
+    const data = await responseResult.value.json();
+    return neverthrow.ok(data);
+};
+
 exports.CrossDeviceCallbackErrorType = void 0;
 
 (function(CrossDeviceCallbackErrorType) {
@@ -519,12 +584,12 @@ const requestCredentialsCrossDevice = async options => {
     });
 };
 
-var SameDeviceRequestCredentialsErrorMessage;
+var SameDeviceRequestCredentialsErrorMessage$1;
 
 (function(SameDeviceRequestCredentialsErrorMessage) {
     SameDeviceRequestCredentialsErrorMessage["FailedToStoreChallenge"] = "Failed to store challenge";
     SameDeviceRequestCredentialsErrorMessage["FailedToCreateSession"] = "Failed to create session";
-})(SameDeviceRequestCredentialsErrorMessage || (SameDeviceRequestCredentialsErrorMessage = {}));
+})(SameDeviceRequestCredentialsErrorMessage$1 || (SameDeviceRequestCredentialsErrorMessage$1 = {}));
 
 const requestCredentialsSameDevice = async options => {
     const {challenge: challenge, credentialQuery: credentialQuery, redirectUri: redirectUri, walletProviderId: walletProviderId, initialiseOptions: initialiseOptions} = options;
@@ -534,7 +599,7 @@ const requestCredentialsSameDevice = async options => {
     if (!storedChallenge) {
         return neverthrow.err({
             type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
-            message: SameDeviceRequestCredentialsErrorMessage.FailedToStoreChallenge
+            message: SameDeviceRequestCredentialsErrorMessage$1.FailedToStoreChallenge
         });
     }
     const createSessionResult = await createSession({
@@ -547,7 +612,7 @@ const requestCredentialsSameDevice = async options => {
     if (createSessionResult.isErr()) {
         return neverthrow.err({
             type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
-            message: SameDeviceRequestCredentialsErrorMessage.FailedToCreateSession,
+            message: SameDeviceRequestCredentialsErrorMessage$1.FailedToCreateSession,
             cause: createSessionResult.error
         });
     }
@@ -559,6 +624,71 @@ const requestCredentialsSameDevice = async options => {
     });
 };
 
+var SameDeviceRequestCredentialsErrorMessage;
+
+(function(SameDeviceRequestCredentialsErrorMessage) {
+    SameDeviceRequestCredentialsErrorMessage["FailedToStoreChallenge"] = "Failed to store challenge";
+    SameDeviceRequestCredentialsErrorMessage["FailedToCreateSession"] = "Failed to create session";
+})(SameDeviceRequestCredentialsErrorMessage || (SameDeviceRequestCredentialsErrorMessage = {}));
+
+const requestCredentialsDigitalCredentialsApi = async options => {
+    const {challenge: challenge, credentialQuery: credentialQuery, initialiseOptions: initialiseOptions} = options;
+    const {apiBaseUrl: apiBaseUrl} = initialiseOptions;
+    window.localStorage.setItem(LocalStorageKey.challenge, challenge);
+    const storedChallenge = window.localStorage.getItem(LocalStorageKey.challenge);
+    if (!storedChallenge) {
+        return neverthrow.err({
+            type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+            message: SameDeviceRequestCredentialsErrorMessage.FailedToStoreChallenge
+        });
+    }
+    const createSessionResult = await createDigitalCredentialsApiSession({
+        credentialQuery: credentialQuery,
+        challenge: storedChallenge,
+        apiBaseUrl: apiBaseUrl
+    });
+    if (createSessionResult.isErr()) {
+        return neverthrow.err({
+            type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+            message: SameDeviceRequestCredentialsErrorMessage.FailedToCreateSession,
+            cause: createSessionResult.error
+        });
+    }
+    const {request: request, sessionId: sessionId} = createSessionResult.value;
+    window.localStorage.setItem(LocalStorageKey.sessionId, sessionId);
+    let rawResponse;
+    try {
+        rawResponse = await navigator.identity.get(request);
+    } catch (_a) {
+        return neverthrow.err({
+            type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+            message: "Failed call to digital credentials api"
+        });
+    }
+    let response;
+    try {
+        response = JSON.parse(rawResponse.data);
+    } catch (_b) {
+        response = rawResponse.data;
+    }
+    const result = await getDigitalCredentialsApiSessionResult({
+        challenge: challenge,
+        sessionId: sessionId,
+        response: response,
+        apiBaseUrl: apiBaseUrl
+    });
+    if (result.isOk()) {
+        return neverthrow.ok({
+            sessionId: sessionId,
+            result: result.value
+        });
+    }
+    return neverthrow.err({
+        type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+        message: "Invalid response from digital credentials api"
+    });
+};
+
 const requestCredentials = async options => {
     var _a;
     const initialiseOptions = getInitialiseOptions();
@@ -568,6 +698,24 @@ const requestCredentials = async options => {
     assertType(RequestCredentialsOptionsValidator, "Invalid request credential options")(options);
     const {challenge: challenge = generateChallenge()} = options;
     const mode = (_a = options.mode) !== null && _a !== void 0 ? _a : isMobileDetect(navigator.userAgent) ? exports.Mode.sameDevice : exports.Mode.crossDevice;
+    if (initialiseOptions.enableDigitalCredentialsApiCrossDeviceFlow && isDigitalCredentialsApiSupported() && mode === exports.Mode.crossDevice) {
+        console.log("Digital Credentials API support found, proceeding with request using API in cross device flow");
+        return await requestCredentialsDigitalCredentialsApi(Object.assign(Object.assign({}, options), {
+            initialiseOptions: initialiseOptions,
+            challenge: challenge
+        }));
+    } else if (initialiseOptions.enableDigitalCredentialsApiCrossDeviceFlow) {
+        console.log("Digital Credentials API support not found, falling back to OpenID4VP");
+    }
+    if (initialiseOptions.enableDigitalCredentialsApiSameDeviceFlow && isDigitalCredentialsApiSupported() && mode === exports.Mode.sameDevice) {
+        console.log("Digital Credentials API support found, proceeding with request using API in same device flow");
+        return await requestCredentialsDigitalCredentialsApi(Object.assign(Object.assign({}, options), {
+            initialiseOptions: initialiseOptions,
+            challenge: challenge
+        }));
+    } else if (initialiseOptions.enableDigitalCredentialsApiSameDeviceFlow) {
+        console.log("Digital Credentials API support not found, falling back to OpenID4VP");
+    }
     if (mode === exports.Mode.sameDevice && "redirectUri" in options) {
         return await requestCredentialsSameDevice(Object.assign(Object.assign({}, options), {
             initialiseOptions: initialiseOptions,
@@ -650,7 +798,8 @@ const handleRedirectCallback = async () => {
 
 const utils = {
     generateChallenge: generateChallenge,
-    unwrap: unwrap
+    unwrap: unwrap,
+    isDigitalCredentialsApiSupported: isDigitalCredentialsApiSupported
 };
 
 exports.handleRedirectCallback = handleRedirectCallback;