@mattrglobal/verifier-sdk-web 1.1.1-unstable.145 → 1.1.1-unstable.153

package/dist/lib/verifier-js.cjs.js

@@ -7,7 +7,7 @@
  * Do Not Translate or Localize
  *
  * Bundle of @mattrglobal/verifier-sdk-web
- * Generated: 2025-05-14
+ * Generated: 2025-05-16
  * Version: 1.1.0
  * Dependencies:
  *
@@ -697,6 +697,20 @@ function getDefault(schema, dataset, config2) {
     return typeof schema["default"] === "function" ? schema["default"](dataset, config2) : schema["default"];
 }
 
+function any() {
+    return {
+        kind: "schema",
+        type: "any",
+        reference: any,
+        expects: "any",
+        async: false,
+        _run: function _run(dataset) {
+            dataset.typed = true;
+            return dataset;
+        }
+    };
+}
+
 function array(item, message) {
     return {
         kind: "schema",
@@ -782,6 +796,45 @@ function _boolean(message) {
     };
 }
 
+function literal(literal_, message) {
+    return {
+        kind: "schema",
+        type: "literal",
+        reference: literal,
+        expects: _stringify(literal_),
+        async: false,
+        literal: literal_,
+        message: message,
+        _run: function _run(dataset, config2) {
+            if (dataset.value === this.literal) {
+                dataset.typed = true;
+            } else {
+                _addIssue(this, "type", dataset, config2);
+            }
+            return dataset;
+        }
+    };
+}
+
+function number(message) {
+    return {
+        kind: "schema",
+        type: "number",
+        reference: number,
+        expects: "number",
+        async: false,
+        message: message,
+        _run: function _run(dataset, config2) {
+            if (typeof dataset.value === "number" && !isNaN(dataset.value)) {
+                dataset.typed = true;
+            } else {
+                _addIssue(this, "type", dataset, config2);
+            }
+            return dataset;
+        }
+    };
+}
+
 function object(entries, message) {
     return {
         kind: "schema",
@@ -1362,19 +1415,45 @@ const PresentationResultRelaxValidator = object({
     error: optional(unknown())
 });
 
+exports.Mode = void 0;
+
+(function(Mode) {
+    Mode["SameDevice"] = "sameDevice";
+    Mode["CrossDevice"] = "crossDevice";
+})(exports.Mode || (exports.Mode = {}));
+
+var SessionType;
+
+(function(SessionType) {
+    SessionType["DigitalCredentialsApi"] = "digital-credentials-api";
+    SessionType["Openid4vp"] = "openid4vp";
+})(SessionType || (SessionType = {}));
+
 object({
     credentialQuery: array(CredentialQueryValidator),
     challenge: string(),
     redirectUri: optional(string()),
-    walletProviderId: optional(string())
+    walletProviderId: optional(string()),
+    dcApiSupported: optional(_boolean())
+});
+
+const CreateSessionDigitalCredentialsValidator = object({
+    type: literal(SessionType.DigitalCredentialsApi),
+    sessionId: string(),
+    sessionKey: string(),
+    sessionTtl: number(),
+    request: record(string(), any())
 });
 
-const CreateSessionResponseValidator = object({
+const CreateSessionOpenId4vpResponseValidator = object({
+    type: optional(literal(SessionType.Openid4vp)),
     sessionId: string(),
     sessionKey: string(),
     sessionUrl: string()
 });
 
+const CreateSessionResponseValidator = union([ CreateSessionDigitalCredentialsValidator, CreateSessionOpenId4vpResponseValidator ]);
+
 const GetSessionStatusResponseValidator = union([ object({
     status: picklist([ PresentationStatusCode.ResultReady ]),
     responseCode: optional(string())
@@ -1393,13 +1472,6 @@ const MATTR_SDK_VERSION_HEADER = "x-mattr-sdk-version";
 
 const MATTR_SDK_VERSION_VALUE = "2.0.0";
 
-exports.Mode = void 0;
-
-(function(Mode) {
-    Mode["sameDevice"] = "sameDevice";
-    Mode["crossDevice"] = "crossDevice";
-})(exports.Mode || (exports.Mode = {}));
-
 var MessageEventDataType;
 
 (function(MessageEventDataType) {
@@ -1408,30 +1480,28 @@ var MessageEventDataType;
     MessageEventDataType["PresentationAbort"] = "PresentationAbort";
 })(MessageEventDataType || (MessageEventDataType = {}));
 
-const RequestCredentialsSameDeviceOptionsValidator = object({
-    credentialQuery: pipe(array(CredentialQueryValidator), nonEmpty()),
-    redirectUri: string(),
-    challenge: optional(string()),
+const OpenId4vpConfigSameDeviceOptionsValidator = object({
     walletProviderId: optional(string()),
-    mode: picklist([ exports.Mode.sameDevice ])
+    mode: literal(exports.Mode.SameDevice),
+    redirectUri: string()
 });
 
-const RequestCredentialsCrossDeviceOptionsValidator = object({
-    credentialQuery: pipe(array(CredentialQueryValidator), nonEmpty()),
-    challenge: optional(string()),
+const OpenId4vpConfigCrossDeviceOptionsValidator = object({
     walletProviderId: optional(string()),
-    mode: picklist([ exports.Mode.crossDevice ])
+    mode: literal(exports.Mode.CrossDevice)
 });
 
-const RequestCredentialsAutoDetectDeviceOptionsValidator = object({
-    credentialQuery: pipe(array(CredentialQueryValidator), nonEmpty()),
-    redirectUri: string(),
-    challenge: optional(string()),
+const OpenId4vpConfigAutoDetectOptionsValidator = object({
     walletProviderId: optional(string()),
-    mode: optional(picklist([ exports.Mode.crossDevice, exports.Mode.sameDevice ]))
+    redirectUri: string(),
+    mode: optional(picklist([ exports.Mode.CrossDevice, exports.Mode.SameDevice ]))
 });
 
-const RequestCredentialsOptionsValidator = union([ RequestCredentialsSameDeviceOptionsValidator, RequestCredentialsCrossDeviceOptionsValidator, RequestCredentialsAutoDetectDeviceOptionsValidator ]);
+const RequestCredentialsOptionsValidator = object({
+    credentialQuery: pipe(array(CredentialQueryValidator), nonEmpty()),
+    challenge: optional(string()),
+    openid4vpConfiguration: optional(union([ OpenId4vpConfigSameDeviceOptionsValidator, OpenId4vpConfigCrossDeviceOptionsValidator, OpenId4vpConfigAutoDetectOptionsValidator ]))
+});
 
 exports.RequestCredentialsErrorType = void 0;
 
@@ -1447,6 +1517,10 @@ var RequestCredentialsErrorMessage;
     RequestCredentialsErrorMessage["FailedToGetSessionResult"] = "Failed to get session result";
     RequestCredentialsErrorMessage["FailedToGetSessionStatus"] = "Failed to get session status";
     RequestCredentialsErrorMessage["FailedToCreateSession"] = "Failed to create session";
+    RequestCredentialsErrorMessage["FailedToVerifyCredentialResponse"] = "Failed to verify credential response";
+    RequestCredentialsErrorMessage["MissingOpenId4vpConfig"] = "Identified openid4vp session, but missing openId4vpConfiguration on `requestCredentials`";
+    RequestCredentialsErrorMessage["DcApiError"] = "Failed to request credentials with Digital Credentials API";
+    RequestCredentialsErrorMessage["DcApiResponseParseError"] = "Failed to parse response from Digital Credentials API";
     RequestCredentialsErrorMessage["Abort"] = "User aborted the session";
     RequestCredentialsErrorMessage["Timeout"] = "User session timeout";
 })(RequestCredentialsErrorMessage || (RequestCredentialsErrorMessage = {}));
@@ -1468,11 +1542,11 @@ const InitialiseOptionsValidator = object({
     applicationId: pipe(string(), nonEmpty("Must not be empty"))
 });
 
-var SafeFetchCommonRespondErrorType;
+var SafeFetchCommonResponseErrorType;
 
-(function(SafeFetchCommonRespondErrorType) {
-    SafeFetchCommonRespondErrorType["UnexpectedRespond"] = "UnexpectedRespond";
-})(SafeFetchCommonRespondErrorType || (SafeFetchCommonRespondErrorType = {}));
+(function(SafeFetchCommonResponseErrorType) {
+    SafeFetchCommonResponseErrorType["UnexpectedResponse"] = "UnexpectedResponse";
+})(SafeFetchCommonResponseErrorType || (SafeFetchCommonResponseErrorType = {}));
 
 var SafeFetchErrorType;
 
@@ -1636,16 +1710,15 @@ const getHashParamValue = (hash, param) => {
     return urlParams.get(param);
 };
 
-const createSession = async ({credentialQuery: credentialQuery, challenge: challenge, redirectUri: redirectUri, apiBaseUrl: apiBaseUrl, applicationId: applicationId, walletProviderId: walletProviderId}) => {
-    const postData = Object.assign(Object.assign({
+const createSession = async ({credentialQuery: credentialQuery, challenge: challenge, redirectUri: redirectUri, apiBaseUrl: apiBaseUrl, walletProviderId: walletProviderId, dcApiSupported: dcApiSupported, applicationId: applicationId}) => {
+    const postData = {
         credentialQuery: credentialQuery,
         challenge: challenge,
-        applicationId: applicationId
-    }, redirectUri ? {
-        redirectUri: redirectUri
-    } : {}), walletProviderId ? {
-        walletProviderId: walletProviderId
-    } : {});
+        applicationId: applicationId,
+        redirectUri: redirectUri,
+        walletProviderId: walletProviderId,
+        dcApiSupported: dcApiSupported
+    };
     const responseResult = await safeFetch(`${apiBaseUrl}/v2/presentations/sessions`, {
         method: "POST",
         headers: {
@@ -1659,8 +1732,8 @@ const createSession = async ({credentialQuery: credentialQuery, challenge: chall
     const data = await responseResult.value.json();
     if (!isType(CreateSessionResponseValidator)(data)) {
         return err({
-            type: SafeFetchCommonRespondErrorType.UnexpectedRespond,
-            message: "Create session return unsupported response"
+            type: SafeFetchCommonResponseErrorType.UnexpectedResponse,
+            message: "Create session returned unsupported response"
         });
     }
     return ok(data);
@@ -1693,7 +1766,7 @@ const getSessionStatus = async ({apiBaseUrl: apiBaseUrl, sessionId: sessionId, s
     const data = await responseResult.value.json();
     if (!isType(GetSessionStatusResponseValidator)(data)) {
         return err({
-            type: SafeFetchCommonRespondErrorType.UnexpectedRespond,
+            type: SafeFetchCommonResponseErrorType.UnexpectedResponse,
             message: "Get session status return unsupported response"
         });
     }
@@ -1722,7 +1795,7 @@ const exchangeSessionResult = async ({challenge: challenge, responseCode: respon
     const data = await responseResult.value.json();
     if (!isType(PresentationResultRelaxValidator)(data)) {
         return err({
-            type: SafeFetchCommonRespondErrorType.UnexpectedRespond,
+            type: SafeFetchCommonResponseErrorType.UnexpectedResponse,
             message: "Exchange session result return unsupported response",
             details: {
                 data: data
@@ -1833,24 +1906,8 @@ const openCrossDeviceModal = options => {
     return modalContainer;
 };
 
-const requestCredentialsCrossDevice = async options => {
-    const {challenge: challenge, walletProviderId: walletProviderId, credentialQuery: credentialQuery, initialiseOptions: initialiseOptions} = options;
-    const {apiBaseUrl: apiBaseUrl, applicationId: applicationId} = initialiseOptions;
-    const createSessionResult = await createSession({
-        credentialQuery: credentialQuery,
-        challenge: challenge,
-        apiBaseUrl: apiBaseUrl,
-        applicationId: applicationId,
-        walletProviderId: walletProviderId
-    });
-    if (createSessionResult.isErr()) {
-        return err({
-            type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
-            message: RequestCredentialsErrorMessage.FailedToCreateSession,
-            cause: createSessionResult.error
-        });
-    }
-    const {sessionUrl: sessionUrl, sessionId: sessionId, sessionKey: sessionKey} = createSessionResult.value;
+const requestCredentialsWithCrossDevice = async options => {
+    const {challenge: challenge, apiBaseUrl: apiBaseUrl, sessionUrl: sessionUrl, sessionId: sessionId, sessionKey: sessionKey} = options;
     const container = openCrossDeviceModal({
         sessionUrl: sessionUrl
     });
@@ -1881,6 +1938,131 @@ const requestCredentialsCrossDevice = async options => {
     }));
 };
 
+const requestCredentialsWithDigitalCredentialsApi = async options => {
+    const {apiBaseUrl: apiBaseUrl, sessionId: sessionId, sessionKey: sessionKey, challenge: challenge, request: request} = options;
+    const credentialResponseResult = await getCredentials(request);
+    if (credentialResponseResult.isErr()) {
+        await abortSession({
+            apiBaseUrl: apiBaseUrl,
+            sessionId: sessionId,
+            sessionKey: sessionKey
+        });
+        return err(credentialResponseResult.error);
+    }
+    const credentialResponse = credentialResponseResult.value;
+    const parsedCredentialResponseResult = parseCredentialResponse(credentialResponse);
+    if (parsedCredentialResponseResult.isErr()) {
+        await abortSession({
+            apiBaseUrl: apiBaseUrl,
+            sessionId: sessionId,
+            sessionKey: sessionKey
+        });
+        return err(parsedCredentialResponseResult.error);
+    }
+    const parsedCredentialResponse = parsedCredentialResponseResult.value;
+    const credentialVerificationResult = await verifyCredentialResponse({
+        apiBaseUrl: apiBaseUrl,
+        sessionId: sessionId,
+        sessionKey: sessionKey,
+        challenge: challenge,
+        protocol: parsedCredentialResponse.protocol,
+        data: parsedCredentialResponse.data
+    });
+    if (credentialVerificationResult.isErr()) {
+        return err({
+            type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+            message: RequestCredentialsErrorMessage.FailedToVerifyCredentialResponse,
+            cause: credentialVerificationResult.error
+        });
+    }
+    return ok(credentialVerificationResult.value);
+};
+
+const getCredentials = async request => {
+    try {
+        const credentialResponse = await navigator.credentials.get(request);
+        return ok(credentialResponse);
+    } catch (exception) {
+        return err({
+            type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+            message: RequestCredentialsErrorMessage.DcApiError,
+            cause: exception
+        });
+    }
+};
+
+const parseCredentialResponse = credentialResponse => {
+    if (!credentialResponse) {
+        return err({
+            type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+            message: RequestCredentialsErrorMessage.DcApiResponseParseError,
+            details: {
+                response: credentialResponse
+            }
+        });
+    }
+    if (typeof credentialResponse === "object") {
+        return ok(credentialResponse);
+    }
+    if (typeof credentialResponse === "string") {
+        try {
+            const parsed = JSON.parse(credentialResponse);
+            return ok(parsed);
+        } catch (_a) {
+            return err({
+                type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+                message: RequestCredentialsErrorMessage.DcApiResponseParseError,
+                details: {
+                    response: credentialResponse
+                }
+            });
+        }
+    }
+    return err({
+        type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+        message: RequestCredentialsErrorMessage.DcApiResponseParseError,
+        details: {
+            response: credentialResponse
+        }
+    });
+};
+
+const verifyCredentialResponse = async options => {
+    const {apiBaseUrl: apiBaseUrl, sessionId: sessionId, sessionKey: sessionKey, challenge: challenge, protocol: protocol, data: data} = options;
+    const requestBody = {
+        protocol: protocol,
+        data: data,
+        challenge: challenge
+    };
+    const credentialVerificationResult = await safeFetch(`${apiBaseUrl}/v2/presentations/sessions/${sessionId}/dc-api/response`, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${sessionKey}`
+        },
+        body: JSON.stringify(requestBody)
+    });
+    if (credentialVerificationResult.isErr()) {
+        return err(credentialVerificationResult.error);
+    }
+    const credentialVerificationResponse = await credentialVerificationResult.value.json();
+    if (!isType(PresentationResultRelaxValidator)(credentialVerificationResponse)) {
+        return err({
+            type: SafeFetchCommonResponseErrorType.UnexpectedResponse,
+            message: "Verify credential returned unsupported response",
+            details: {
+                response: credentialVerificationResponse
+            }
+        });
+    }
+    return ok(credentialVerificationResponse);
+};
+
+const isDigitalCredentialsApiSupported = () => {
+    var _a;
+    return "DigitalCredential" in window && typeof window.DigitalCredential === "function" && typeof ((_a = navigator === null || navigator === void 0 ? void 0 : navigator.credentials) === null || _a === void 0 ? void 0 : _a.get) === "function";
+};
+
 const sleep = ms => new Promise((resolve => setTimeout(resolve, ms)));
 
 const SESSION_STATUS_POLLING_MAX_RETRY = 1e3;
@@ -1897,24 +2079,7 @@ var SameDeviceRequestCredentialsErrorMessage;
 })(SameDeviceRequestCredentialsErrorMessage || (SameDeviceRequestCredentialsErrorMessage = {}));
 
 const requestCredentialsSameDevice = async options => {
-    const {challenge: challenge, credentialQuery: credentialQuery, redirectUri: redirectUri, walletProviderId: walletProviderId, initialiseOptions: initialiseOptions} = options;
-    const {apiBaseUrl: apiBaseUrl, applicationId: applicationId} = initialiseOptions;
-    const createSessionResult = await createSession({
-        credentialQuery: credentialQuery,
-        challenge: challenge,
-        redirectUri: redirectUri,
-        apiBaseUrl: apiBaseUrl,
-        applicationId: applicationId,
-        walletProviderId: walletProviderId
-    });
-    if (createSessionResult.isErr()) {
-        return err({
-            type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
-            message: SameDeviceRequestCredentialsErrorMessage.FailedToCreateSession,
-            cause: createSessionResult.error
-        });
-    }
-    const {sessionUrl: sessionUrl, sessionKey: sessionKey, sessionId: sessionId} = createSessionResult.value;
+    const {challenge: challenge, apiBaseUrl: apiBaseUrl, applicationId: applicationId, sessionUrl: sessionUrl, sessionKey: sessionKey, sessionId: sessionId} = options;
     const abortController = setActiveSession({
         sessionId: sessionId,
         sessionKey: sessionKey
@@ -1970,20 +2135,78 @@ const requestCredentials = async options => {
         throw new Exception(InitialiseErrorMessage.SdkNotInitialised);
     }
     assertType(RequestCredentialsOptionsValidator, "Invalid request credential options")(options);
-    const {challenge: challenge = generateChallenge()} = options;
-    const mode = (_a = options.mode) !== null && _a !== void 0 ? _a : isMobileDetect(navigator.userAgent) ? exports.Mode.sameDevice : exports.Mode.crossDevice;
-    if (mode === exports.Mode.sameDevice && "redirectUri" in options) {
-        return await requestCredentialsSameDevice(Object.assign(Object.assign({}, options), {
-            initialiseOptions: initialiseOptions,
+    const {apiBaseUrl: apiBaseUrl, applicationId: applicationId} = initialiseOptions;
+    const {challenge: challenge = generateChallenge(), credentialQuery: credentialQuery, openid4vpConfiguration: openid4vpConfiguration} = options;
+    const dcApiSupported = isDigitalCredentialsApiSupported();
+    const openId4VpRedirectUri = deriveOpenId4vpRedirectUri(openid4vpConfiguration);
+    const createSessionResult = await createSession({
+        credentialQuery: credentialQuery,
+        challenge: challenge,
+        redirectUri: openId4VpRedirectUri,
+        walletProviderId: (_a = openid4vpConfiguration === null || openid4vpConfiguration === void 0 ? void 0 : openid4vpConfiguration.walletProviderId) !== null && _a !== void 0 ? _a : undefined,
+        apiBaseUrl: apiBaseUrl,
+        applicationId: applicationId,
+        dcApiSupported: dcApiSupported
+    });
+    if (createSessionResult.isErr()) {
+        return err({
+            type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+            message: RequestCredentialsErrorMessage.FailedToCreateSession,
+            cause: createSessionResult.error
+        });
+    }
+    const session = createSessionResult.value;
+    const {sessionKey: sessionKey, sessionId: sessionId} = session;
+    if (session.type === SessionType.DigitalCredentialsApi) {
+        const {request: request} = session;
+        return await requestCredentialsWithDigitalCredentialsApi({
+            apiBaseUrl: apiBaseUrl,
+            request: request,
+            sessionId: sessionId,
+            sessionKey: sessionKey,
+            challenge: challenge
+        });
+    }
+    if (!openid4vpConfiguration) {
+        return err({
+            type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+            message: RequestCredentialsErrorMessage.MissingOpenId4vpConfig
+        });
+    }
+    const {sessionUrl: sessionUrl} = session;
+    if (openId4VpRedirectUri) {
+        return await requestCredentialsSameDevice({
             challenge: challenge,
-            mode: mode
-        }));
+            apiBaseUrl: apiBaseUrl,
+            applicationId: applicationId,
+            sessionUrl: sessionUrl,
+            sessionKey: sessionKey,
+            sessionId: sessionId
+        });
     }
-    return await requestCredentialsCrossDevice(Object.assign(Object.assign({}, options), {
-        initialiseOptions: initialiseOptions,
+    return await requestCredentialsWithCrossDevice({
         challenge: challenge,
-        mode: exports.Mode.crossDevice
-    }));
+        apiBaseUrl: apiBaseUrl,
+        sessionUrl: sessionUrl,
+        sessionKey: sessionKey,
+        sessionId: sessionId
+    });
+};
+
+const deriveOpenId4vpRedirectUri = openid4vpConfiguration => {
+    if (!openid4vpConfiguration) {
+        return undefined;
+    }
+    let detectedMode;
+    if (openid4vpConfiguration && openid4vpConfiguration.mode) {
+        detectedMode = openid4vpConfiguration.mode;
+    } else {
+        detectedMode = isMobileDetect(navigator.userAgent) ? exports.Mode.SameDevice : exports.Mode.CrossDevice;
+    }
+    if (detectedMode === exports.Mode.SameDevice && !isType(OpenId4vpConfigCrossDeviceOptionsValidator)(openid4vpConfiguration) && openid4vpConfiguration.redirectUri) {
+        return openid4vpConfiguration.redirectUri;
+    }
+    return undefined;
 };
 
 exports.HandleRedirectCallbackErrorType = void 0;
@@ -2046,7 +2269,7 @@ const abortCredentialRequest = async () => {
     if (!initialiseOptions) {
         throw new Exception(InitialiseErrorMessage.SdkNotInitialised);
     }
-    const {apiBaseUrl: apiBaseUrl, applicationId: applicationId} = initialiseOptions;
+    const {apiBaseUrl: apiBaseUrl} = initialiseOptions;
     const session = getActiveSession();
     if (!session || !session.sessionKey) {
         return ok(undefined);
@@ -2055,7 +2278,6 @@ const abortCredentialRequest = async () => {
     removeActiveSession();
     const abortSessionResult = await abortSession({
         apiBaseUrl: apiBaseUrl,
-        applicationId: applicationId,
         sessionId: sessionId,
         sessionKey: sessionKey
     });
@@ -2081,6 +2303,8 @@ exports.handleRedirectCallback = handleRedirectCallback;
 
 exports.initialise = initialise;
 
+exports.isDigitalCredentialsApiSupported = isDigitalCredentialsApiSupported;
+
 exports.requestCredentials = requestCredentials;
 
 exports.utils = utils;