@mattrglobal/verifier-sdk-web 2.1.2-unstable.99 → 2.2.0

package/dist/lib/verifier-js.cjs.js

@@ -7,8 +7,8 @@
  * Do Not Translate or Localize
  *
  * Bundle of @mattrglobal/verifier-sdk-web
- * Generated: 2026-03-17
- * Version: 2.1.1
+ * Generated: 2026-06-08
+ * Version: 2.2.0
  * Dependencies:
  *
  * neverthrow -- 4.3.0
@@ -670,6 +670,24 @@ function _joinExpects(values$1, separator) {
     return (_list$ = list[0]) !== null && _list$ !== void 0 ? _list$ : "never";
 }
 
+function minLength(requirement, message$1) {
+    return {
+        kind: "validation",
+        type: "min_length",
+        reference: minLength,
+        async: false,
+        expects: ">=".concat(requirement),
+        requirement: requirement,
+        message: message$1,
+        "~run": function run(dataset, config$1) {
+            if (dataset.typed && dataset.value.length < this.requirement) _addIssue(this, "length", dataset, config$1, {
+                received: "".concat(dataset.value.length)
+            });
+            return dataset;
+        }
+    };
+}
+
 function nonEmpty(message$1) {
     return {
         kind: "validation",
@@ -1405,7 +1423,8 @@ const PresentationResultRelaxValidator = object({
     credentialQuery: optional(unknown()),
     credentials: optional(unknown()),
     credentialErrors: optional(unknown()),
-    error: optional(unknown())
+    error: optional(unknown()),
+    state: optional(string())
 });
 
 exports.Mode = void 0;
@@ -1427,7 +1446,8 @@ object({
     challenge: string(),
     redirectUri: optional(string()),
     walletProviderId: optional(string()),
-    dcApiSupported: optional(_boolean())
+    dcApiSupported: optional(_boolean()),
+    state: optional(pipe(string(), minLength(1)))
 });
 
 const CreateSessionDigitalCredentialsValidator = object({
@@ -1442,7 +1462,8 @@ const CreateSessionOpenId4vpResponseValidator = object({
     type: optional(literal(SessionType.Openid4vp)),
     sessionId: string(),
     sessionKey: string(),
-    sessionUrl: string()
+    sessionUrl: string(),
+    state: optional(string())
 });
 
 const CreateSessionResponseValidator = union([ CreateSessionDigitalCredentialsValidator, CreateSessionOpenId4vpResponseValidator ]);
@@ -1459,11 +1480,12 @@ var LocalStorageKey;
 (function(LocalStorageKey) {
     LocalStorageKey["challenge"] = "mattr_chg";
     LocalStorageKey["sessionId"] = "mattr_sid";
+    LocalStorageKey["state"] = "mattr_st";
 })(LocalStorageKey || (LocalStorageKey = {}));
 
 const MATTR_SDK_VERSION_HEADER = "x-mattr-sdk-version";
 
-const MATTR_SDK_VERSION_VALUE = "2.1.1";
+const MATTR_SDK_VERSION_VALUE = "2.2.0";
 
 var MessageEventDataType;
 
@@ -1493,7 +1515,8 @@ const OpenId4vpConfigAutoDetectOptionsValidator = object({
 const RequestCredentialsOptionsValidator = object({
     credentialQuery: pipe(array(CredentialQueryValidator), nonEmpty()),
     challenge: optional(string()),
-    openid4vpConfiguration: optional(union([ OpenId4vpConfigSameDeviceOptionsValidator, OpenId4vpConfigCrossDeviceOptionsValidator, OpenId4vpConfigAutoDetectOptionsValidator ]))
+    openid4vpConfiguration: optional(union([ OpenId4vpConfigSameDeviceOptionsValidator, OpenId4vpConfigCrossDeviceOptionsValidator, OpenId4vpConfigAutoDetectOptionsValidator ])),
+    state: optional(pipe(string(), minLength(1, "state must not be empty")))
 });
 
 exports.RequestCredentialsErrorType = void 0;
@@ -1516,6 +1539,7 @@ var RequestCredentialsErrorMessage;
     RequestCredentialsErrorMessage["DcApiResponseParseError"] = "Failed to parse response from Digital Credentials API";
     RequestCredentialsErrorMessage["Abort"] = "User aborted the session";
     RequestCredentialsErrorMessage["Timeout"] = "User session timeout";
+    RequestCredentialsErrorMessage["StateMismatch"] = "State mismatch between requested session and back-channel result";
 })(RequestCredentialsErrorMessage || (RequestCredentialsErrorMessage = {}));
 
 exports.AbortSessionErrorType = void 0;
@@ -1736,18 +1760,20 @@ const getHashParamValue = (hash, param) => {
     return urlParams.get(param);
 };
 
-const createSession = async ({credentialQuery: credentialQuery, challenge: challenge, redirectUri: redirectUri, apiBaseUrl: apiBaseUrl, walletProviderId: walletProviderId, dcApiSupported: dcApiSupported, applicationId: applicationId}) => {
+const createSession = async ({credentialQuery: credentialQuery, challenge: challenge, redirectUri: redirectUri, apiBaseUrl: apiBaseUrl, walletProviderId: walletProviderId, dcApiSupported: dcApiSupported, applicationId: applicationId, state: state}) => {
     const openid4vpConfiguration = !!walletProviderId || !!redirectUri ? {
         redirectUri: redirectUri,
         walletProviderId: walletProviderId
     } : undefined;
-    const postData = {
+    const postData = Object.assign({
         credentialQuery: credentialQuery,
         challenge: challenge,
         applicationId: applicationId,
         dcApiSupported: dcApiSupported,
         openid4vpConfiguration: openid4vpConfiguration
-    };
+    }, state !== undefined ? {
+        state: state
+    } : {});
     const responseResult = await safeFetch(`${apiBaseUrl}/v2/presentations/web/sessions`, {
         method: "POST",
         headers: {
@@ -1865,7 +1891,7 @@ const closeCrossDeviceModal = options => {
 };
 
 const receiveMessageHandler = options => async event => {
-    const {onComplete: onComplete, onFailure: onFailure, container: container, sessionId: sessionId, apiBaseUrl: apiBaseUrl, challenge: challenge} = options;
+    const {onComplete: onComplete, onFailure: onFailure, container: container, sessionId: sessionId, apiBaseUrl: apiBaseUrl, challenge: challenge, state: state} = options;
     if (event.origin !== apiBaseUrl) {
         return;
     }
@@ -1887,10 +1913,22 @@ const receiveMessageHandler = options => async event => {
             });
             return;
         }
+        const resultState = "challenge" in result.value ? result.value.state : undefined;
+        if (state !== undefined && resultState !== undefined && state !== resultState) {
+            onFailure({
+                type: exports.RequestCredentialsErrorType.RequestCredentialsFailed,
+                message: RequestCredentialsErrorMessage.StateMismatch
+            });
+            closeCrossDeviceModal({
+                container: container
+            });
+            return;
+        }
         onComplete({
             result: "challenge" in result.value ? result.value : undefined,
             sessionId: result.value.sessionId,
-            sessionCompletedInRedirect: false
+            sessionCompletedInRedirect: false,
+            state: resultState !== null && resultState !== void 0 ? resultState : state
         });
         closeCrossDeviceModal({
             container: container
@@ -1936,7 +1974,7 @@ const openCrossDeviceModal = options => {
 };
 
 const requestCredentialsWithCrossDevice = async options => {
-    const {challenge: challenge, apiBaseUrl: apiBaseUrl, sessionUrl: sessionUrl, sessionId: sessionId, sessionKey: sessionKey} = options;
+    const {challenge: challenge, apiBaseUrl: apiBaseUrl, sessionUrl: sessionUrl, sessionId: sessionId, sessionKey: sessionKey, state: state} = options;
     const container = openCrossDeviceModal({
         sessionUrl: sessionUrl
     });
@@ -1960,6 +1998,7 @@ const requestCredentialsWithCrossDevice = async options => {
             sessionId: sessionId,
             apiBaseUrl: apiBaseUrl,
             challenge: challenge,
+            state: state,
             onComplete: data => resolve(ok(data)),
             onFailure: error => resolve(err(error))
         });
@@ -2147,13 +2186,18 @@ var SameDeviceRequestCredentialsErrorMessage;
 })(SameDeviceRequestCredentialsErrorMessage || (SameDeviceRequestCredentialsErrorMessage = {}));
 
 const requestCredentialsSameDevice = async options => {
-    const {challenge: challenge, apiBaseUrl: apiBaseUrl, applicationId: applicationId, sessionUrl: sessionUrl, sessionKey: sessionKey, sessionId: sessionId} = options;
+    const {challenge: challenge, apiBaseUrl: apiBaseUrl, applicationId: applicationId, sessionUrl: sessionUrl, sessionKey: sessionKey, sessionId: sessionId, state: state} = options;
     const abortController = setActiveSession({
         sessionId: sessionId,
         sessionKey: sessionKey
     });
     window.localStorage.setItem(LocalStorageKey.sessionId, sessionId);
     window.localStorage.setItem(LocalStorageKey.challenge, challenge);
+    if (state !== undefined) {
+        window.localStorage.setItem(LocalStorageKey.state, state);
+    } else {
+        window.localStorage.removeItem(LocalStorageKey.state);
+    }
     window.location.assign(sessionUrl);
     await sleep(SESSION_STATUS_POLLING_INITIAL_DELAY_MS);
     const checkResult = await withRetry((async () => {
@@ -2204,7 +2248,7 @@ const requestCredentials = async options => {
     }
     assertType(RequestCredentialsOptionsValidator, "Invalid request credential options")(options);
     const {apiBaseUrl: apiBaseUrl, applicationId: applicationId} = initializeOptions;
-    const {challenge: challenge = generateChallenge(), credentialQuery: credentialQuery, openid4vpConfiguration: openid4vpConfiguration} = options;
+    const {challenge: challenge = generateChallenge(), credentialQuery: credentialQuery, openid4vpConfiguration: openid4vpConfiguration, state: state} = options;
     const dcApiSupported = isDigitalCredentialsApiSupported();
     const openId4VpRedirectUri = deriveOpenId4vpRedirectUri(openid4vpConfiguration);
     const createSessionResult = await createSession({
@@ -2214,7 +2258,8 @@ const requestCredentials = async options => {
         walletProviderId: (_a = openid4vpConfiguration === null || openid4vpConfiguration === void 0 ? void 0 : openid4vpConfiguration.walletProviderId) !== null && _a !== void 0 ? _a : undefined,
         apiBaseUrl: apiBaseUrl,
         applicationId: applicationId,
-        dcApiSupported: dcApiSupported
+        dcApiSupported: dcApiSupported,
+        state: state
     });
     if (createSessionResult.isErr()) {
         return err({
@@ -2250,7 +2295,8 @@ const requestCredentials = async options => {
             applicationId: applicationId,
             sessionUrl: sessionUrl,
             sessionKey: sessionKey,
-            sessionId: sessionId
+            sessionId: sessionId,
+            state: state
         });
     }
     return await requestCredentialsWithCrossDevice({
@@ -2258,7 +2304,8 @@ const requestCredentials = async options => {
         apiBaseUrl: apiBaseUrl,
         sessionUrl: sessionUrl,
         sessionKey: sessionKey,
-        sessionId: sessionId
+        sessionId: sessionId,
+        state: state
     });
 };
 
@@ -2291,9 +2338,11 @@ var HandleRedirectCallbackErrorMessage;
     HandleRedirectCallbackErrorMessage["FailedToFindChallenge"] = "Failed to find challenge";
     HandleRedirectCallbackErrorMessage["FailedToFindActiveSession"] = "Failed to find active session";
     HandleRedirectCallbackErrorMessage["FailedToGetSessionResult"] = "Failed to get session result";
+    HandleRedirectCallbackErrorMessage["StateMismatch"] = "State mismatch between stored session and back-channel result";
 })(HandleRedirectCallbackErrorMessage || (HandleRedirectCallbackErrorMessage = {}));
 
 const handleRedirectCallback = async () => {
+    var _a;
     const initializeOptions = getInitializeOptions();
     if (!initializeOptions) {
         throw new Exception(InitializeErrorMessage.SdkNotInitialized);
@@ -2308,6 +2357,7 @@ const handleRedirectCallback = async () => {
     }
     const sessionId = window.localStorage.getItem(LocalStorageKey.sessionId);
     const challenge = window.localStorage.getItem(LocalStorageKey.challenge);
+    const storedState = (_a = window.localStorage.getItem(LocalStorageKey.state)) !== null && _a !== void 0 ? _a : undefined;
     if (!sessionId || !challenge) {
         return err({
             type: exports.HandleRedirectCallbackErrorType.HandleRedirectCallbackFailed,
@@ -2327,9 +2377,22 @@ const handleRedirectCallback = async () => {
             cause: result.error
         });
     }
+    const resultState = "challenge" in result.value ? result.value.state : undefined;
+    if (storedState !== undefined && resultState !== undefined && storedState !== resultState) {
+        window.localStorage.removeItem(LocalStorageKey.challenge);
+        window.localStorage.removeItem(LocalStorageKey.sessionId);
+        window.localStorage.removeItem(LocalStorageKey.state);
+        return err({
+            type: exports.HandleRedirectCallbackErrorType.HandleRedirectCallbackFailed,
+            message: HandleRedirectCallbackErrorMessage.StateMismatch
+        });
+    }
+    const state = resultState !== null && resultState !== void 0 ? resultState : storedState;
+    window.localStorage.removeItem(LocalStorageKey.state);
     return ok({
         result: "challenge" in result.value ? result.value : undefined,
-        sessionId: result.value.sessionId
+        sessionId: result.value.sessionId,
+        state: state
     });
 };