@openid4vc/openid4vci 0.4.4-alpha-20260105092906 → 0.4.4-alpha-20260106132628
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +26 -2
- package/dist/index.mjs +19 -2
- package/dist/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/index.d.mts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ContentType, Fetch, FetchHeaders, HttpMethod, InferOutputUnion, Oid4vcTsConfig, OrPromise, StringWithAutoCompletion, getGlobalConfig, setGlobalConfig } from "@openid4vc/utils";
|
|
2
2
|
import * as _openid4vc_oauth20 from "@openid4vc/oauth2";
|
|
3
|
-
import { AuthorizationCodeGrantIdentifier, AuthorizationServerMetadata, CallbackContext, CreateAuthorizationRequestUrlOptions, CreateClientAttestationJwtOptions, CreatePkceReturn, DecodeJwtResult, Jwk, JwtSigner, JwtSignerWithJwk, PreAuthorizedCodeGrantIdentifier, RequestDpopOptions, ResourceRequestResponseNotOk, ResourceRequestResponseOk, RetrieveAuthorizationCodeAccessTokenOptions, RetrievePreAuthorizedCodeAccessTokenOptions, authorizationCodeGrantIdentifier, preAuthorizedCodeGrantIdentifier } from "@openid4vc/oauth2";
|
|
3
|
+
import { AuthorizationCodeGrantIdentifier, AuthorizationServerMetadata, CallbackContext, CreateAuthorizationRequestUrlOptions, CreateClientAttestationJwtOptions, CreatePkceReturn, DecodeJwtResult, Jwk, JwtSigner, JwtSignerWithJwk, ParseAuthorizationResponseOptions, PreAuthorizedCodeGrantIdentifier, RequestDpopOptions, ResourceRequestResponseNotOk, ResourceRequestResponseOk, RetrieveAuthorizationCodeAccessTokenOptions, RetrievePreAuthorizedCodeAccessTokenOptions, VerifyAuthorizationResponseOptions, authorizationCodeGrantIdentifier, preAuthorizedCodeGrantIdentifier } from "@openid4vc/oauth2";
|
|
4
4
|
import * as zod0 from "zod";
|
|
5
5
|
import z from "zod";
|
|
6
6
|
import * as zod_v4_core0 from "zod/v4/core";
|
|
@@ -3181,7 +3181,30 @@ declare class Openid4vciClient {
|
|
|
3181
3181
|
dpop?: RequestDpopOptions;
|
|
3182
3182
|
}>;
|
|
3183
3183
|
/**
|
|
3184
|
-
*
|
|
3184
|
+
* Parses the authorization (error) response redirect url, and verifies the
|
|
3185
|
+
* 'iss' value based on the authorization server metadata.
|
|
3186
|
+
*
|
|
3187
|
+
* If you need values from the authorization response (e.g. state) to retrieve the
|
|
3188
|
+
* authorization server metadata, you can manually import and call `parseAuthorizationResponseRedirectUrl` and
|
|
3189
|
+
* `verifyAuthorizationResponse`.
|
|
3190
|
+
*/
|
|
3191
|
+
parseAndVerifyAuthorizationResponseRedirectUrl(options: ParseAuthorizationResponseOptions & Omit<VerifyAuthorizationResponseOptions, 'authorizationResponse'>): {
|
|
3192
|
+
[x: string]: unknown;
|
|
3193
|
+
code: string;
|
|
3194
|
+
state?: string | undefined;
|
|
3195
|
+
iss?: string | undefined;
|
|
3196
|
+
error?: undefined;
|
|
3197
|
+
} | {
|
|
3198
|
+
[x: string]: unknown;
|
|
3199
|
+
error: string;
|
|
3200
|
+
state?: string | undefined;
|
|
3201
|
+
iss?: string | undefined;
|
|
3202
|
+
code?: undefined;
|
|
3203
|
+
error_description?: string | undefined;
|
|
3204
|
+
error_uri?: string | undefined;
|
|
3205
|
+
};
|
|
3206
|
+
/**
|
|
3207
|
+
* Convenience method around {@link Oauth2Client.retrieveAuthorizationCodeAccessToken}
|
|
3185
3208
|
* but specifically focused on a credential offer
|
|
3186
3209
|
*/
|
|
3187
3210
|
retrieveAuthorizationCodeAccessTokenFromOffer({
|
|
@@ -3464,6 +3487,7 @@ declare const zAuthorizationServerMetadata$1: z.ZodObject<{
|
|
|
3464
3487
|
authorization_challenge_endpoint: z.ZodOptional<z.ZodURL>;
|
|
3465
3488
|
'pre-authorized_grant_anonymous_access_supported': z.ZodOptional<z.ZodBoolean>;
|
|
3466
3489
|
client_attestation_pop_nonce_required: z.ZodOptional<z.ZodBoolean>;
|
|
3490
|
+
authorization_response_iss_parameter_supported: z.ZodOptional<z.ZodBoolean>;
|
|
3467
3491
|
}, z.core.$loose>;
|
|
3468
3492
|
type AuthorizationServerMetadata$1 = z.infer<typeof zAuthorizationServerMetadata$1>;
|
|
3469
3493
|
//#endregion
|
package/dist/index.mjs
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { ContentType, OpenId4VcBaseError, URL, URLSearchParams, ValidationError, arrayEqualsIgnoreOrder, createZodFetcher, dateToSeconds, encodeToBase64Url, formatZodError, getGlobalConfig, getQueryParams, isResponseContentType, joinUriParts, objectToQueryParams, parseWithErrorHandling, setGlobalConfig, zDataUrl, zHttpsUrl, zInteger, zIs } from "@openid4vc/utils";
|
|
2
|
-
import { InvalidFetchResponseError, Oauth2AuthorizationServer, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2Error, Oauth2ErrorCodes, Oauth2JwtVerificationError, Oauth2ServerErrorResponseError, authorizationCodeGrantIdentifier, createClientAttestationJwt, decodeJwt, fetchAuthorizationServerMetadata, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, getAuthorizationServerMetadataFromList, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwtHeaderFromJwtSigner, jwtSignerFromJwt, preAuthorizedCodeGrantIdentifier, resourceRequest, verifyJwt, zAuthorizationServerMetadata, zCompactJwt, zJwk, zJwtHeader, zJwtPayload } from "@openid4vc/oauth2";
|
|
2
|
+
import { InvalidFetchResponseError, Oauth2AuthorizationServer, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2Error, Oauth2ErrorCodes, Oauth2JwtVerificationError, Oauth2ServerErrorResponseError, authorizationCodeGrantIdentifier, createClientAttestationJwt, decodeJwt, fetchAuthorizationServerMetadata, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, getAuthorizationServerMetadataFromList, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, preAuthorizedCodeGrantIdentifier, resourceRequest, verifyAuthorizationResponse, verifyJwt, zAuthorizationServerMetadata, zCompactJwt, zJwk, zJwtHeader, zJwtPayload } from "@openid4vc/oauth2";
|
|
3
3
|
import z from "zod";
|
|
4
4
|
|
|
5
5
|
//#region src/version.ts
|
|
@@ -973,6 +973,7 @@ async function fetchCredentialIssuerMetadata(credentialIssuer, options) {
|
|
|
973
973
|
} catch (error) {
|
|
974
974
|
throw firstError ?? error;
|
|
975
975
|
}
|
|
976
|
+
if (!result && firstError) throw firstError;
|
|
976
977
|
let issuerMetadataWithVersion = null;
|
|
977
978
|
if (typeof result === "string") {
|
|
978
979
|
if (!options?.callbacks?.verifyJwt) throw new Oauth2Error(`Unable to verify signed credential issuer metadata, no 'verifyJwt' callback provided to fetch credential issuer metadata method.`);
|
|
@@ -1766,7 +1767,23 @@ var Openid4vciClient = class {
|
|
|
1766
1767
|
};
|
|
1767
1768
|
}
|
|
1768
1769
|
/**
|
|
1769
|
-
*
|
|
1770
|
+
* Parses the authorization (error) response redirect url, and verifies the
|
|
1771
|
+
* 'iss' value based on the authorization server metadata.
|
|
1772
|
+
*
|
|
1773
|
+
* If you need values from the authorization response (e.g. state) to retrieve the
|
|
1774
|
+
* authorization server metadata, you can manually import and call `parseAuthorizationResponseRedirectUrl` and
|
|
1775
|
+
* `verifyAuthorizationResponse`.
|
|
1776
|
+
*/
|
|
1777
|
+
parseAndVerifyAuthorizationResponseRedirectUrl(options) {
|
|
1778
|
+
const authorizationResponse = parseAuthorizationResponseRedirectUrl(options);
|
|
1779
|
+
verifyAuthorizationResponse({
|
|
1780
|
+
...options,
|
|
1781
|
+
authorizationResponse
|
|
1782
|
+
});
|
|
1783
|
+
return authorizationResponse;
|
|
1784
|
+
}
|
|
1785
|
+
/**
|
|
1786
|
+
* Convenience method around {@link Oauth2Client.retrieveAuthorizationCodeAccessToken}
|
|
1770
1787
|
* but specifically focused on a credential offer
|
|
1771
1788
|
*/
|
|
1772
1789
|
async retrieveAuthorizationCodeAccessTokenFromOffer({ issuerMetadata, additionalRequestPayload, credentialOffer, authorizationCode, pkceCodeVerifier, redirectUri, dpop }) {
|