@openid4vc/openid4vp 0.3.0-alpha-20250225095929 → 0.3.0-alpha-20250225204254

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +4 -4
  2. package/dist/index.d.ts +4 -4
  3. package/dist/index.js +27 -15
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +27 -15
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +3 -3
package/dist/index.d.mts CHANGED
@@ -7803,7 +7803,7 @@ interface CreateOpenid4vpAuthorizationRequestOptions {
7803
7803
  scheme?: string;
7804
7804
  requestParams: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi;
7805
7805
  jar?: {
7806
- requestUri: string;
7806
+ requestUri?: string;
7807
7807
  jwtSigner: JwtSigner;
7808
7808
  additionalJwtPayload?: Record<string, unknown>;
7809
7809
  };
@@ -7917,7 +7917,7 @@ declare function createOpenid4vpAuthorizationRequest(options: CreateOpenid4vpAut
7917
7917
  x5u: zod.ZodOptional<zod.ZodString>;
7918
7918
  }, zod.ZodTypeAny, "passthrough"> | undefined;
7919
7919
  requestObjectJwt: string;
7920
- requestUri: string;
7920
+ requestUri?: string;
7921
7921
  jwtSigner: JwtSigner;
7922
7922
  additionalJwtPayload?: Record<string, unknown>;
7923
7923
  };
@@ -23341,7 +23341,7 @@ declare class Openid4vpVerifier {
23341
23341
  x5u: zod.ZodOptional<zod.ZodString>;
23342
23342
  }, zod.ZodTypeAny, "passthrough"> | undefined;
23343
23343
  requestObjectJwt: string;
23344
- requestUri: string;
23344
+ requestUri?: string;
23345
23345
  jwtSigner: _openid4vc_oauth2.JwtSigner;
23346
23346
  additionalJwtPayload?: Record<string, unknown>;
23347
23347
  };
@@ -31973,4 +31973,4 @@ type CredentialFormat = z.infer<typeof zCredentialFormat>;
31973
31973
  declare const zProofFormat: z.ZodEnum<["jwt_vp_json", "ldc_vp", "ac_vp", "dc+sd-jwt", "mso_mdoc"]>;
31974
31974
  type ProofFormat = z.infer<typeof zProofFormat>;
31975
31975
 
31976
- export { type ClientIdScheme, type ClientMetadata, type CreateOpenid4vpAuthorizationRequestOptions, type CreateOpenid4vpAuthorizationResponseOptions, type CreateOpenid4vpAuthorizationResponseResult, type CredentialFormat, type JarmClientMetadata, type Openid4vpAuthorizationRequest, type Openid4vpAuthorizationRequestDcApi, type Openid4vpAuthorizationResponse, Openid4vpClient, Openid4vpVerifier, type ParseJarmAuthorizationResponseOptions, type ParseOpenid4vpAuthRequestPayloadOptions, type ParseOpenid4vpAuthorizationResponseOptions, type ParsePresentationsFromVpTokenOptions, type ParseTransactionDataOptions, type ParsedOpenid4vpAuthorizationResponse, type ProofFormat, type ResolveOpenid4vpAuthorizationRequestOptions, type ResolvedOpenid4vpAuthRequest, type SubmitOpenid4vpAuthorizationResponseOptions, type TransactionDataEntry, type ValidateOpenid4VpAuthorizationResponseResult, type ValidateOpenid4VpDcqlAuthorizationResponseResult, type ValidateOpenid4VpPexAuthorizationResponseResult, type ValidateOpenid4vpAuthorizationRequestPayloadOptions, type ValidateOpenid4vpAuthorizationResponseOptions, type VerifyJarmAuthorizationResponseOptions, type VpTokenPresentationParseResult, type WalletMetadata, type WalletVerificationOptions, createOpenid4vpAuthorizationRequest, createOpenid4vpAuthorizationResponse, isJarmResponseMode, isOpenid4vpAuthorizationRequestDcApi, parseJarmAuthorizationResponse, parseOpenid4vpAuthorizationRequestPayload, parseOpenid4vpAuthorizationResponse, parsePresentationsFromVpToken, parseTransactionData, resolveOpenid4vpAuthorizationRequest, submitOpenid4vpAuthorizationResponse, validateOpenid4vpAuthorizationRequestPayload, validateOpenid4vpAuthorizationResponse, verifyJarmAuthorizationResponse, zClientIdScheme, zClientMetadata, zCredentialFormat, zJarmClientMetadata, zOpenid4vpAuthorizationResponse, zProofFormat, zWalletMetadata };
31976
+ export { type ClientIdScheme, type ClientMetadata, type CreateOpenid4vpAuthorizationRequestOptions, type CreateOpenid4vpAuthorizationResponseOptions, type CreateOpenid4vpAuthorizationResponseResult, type CredentialFormat, type JarmClientMetadata, JarmMode, type Openid4vpAuthorizationRequest, type Openid4vpAuthorizationRequestDcApi, type Openid4vpAuthorizationResponse, Openid4vpClient, Openid4vpVerifier, type ParseJarmAuthorizationResponseOptions, type ParseOpenid4vpAuthRequestPayloadOptions, type ParseOpenid4vpAuthorizationResponseOptions, type ParsePresentationsFromVpTokenOptions, type ParseTransactionDataOptions, type ParsedOpenid4vpAuthorizationResponse, type ProofFormat, type ResolveOpenid4vpAuthorizationRequestOptions, type ResolvedOpenid4vpAuthRequest, type SubmitOpenid4vpAuthorizationResponseOptions, type TransactionDataEntry, type ValidateOpenid4VpAuthorizationResponseResult, type ValidateOpenid4VpDcqlAuthorizationResponseResult, type ValidateOpenid4VpPexAuthorizationResponseResult, type ValidateOpenid4vpAuthorizationRequestPayloadOptions, type ValidateOpenid4vpAuthorizationResponseOptions, type VerifyJarmAuthorizationResponseOptions, type VpTokenPresentationParseResult, type WalletMetadata, type WalletVerificationOptions, createOpenid4vpAuthorizationRequest, createOpenid4vpAuthorizationResponse, isJarmResponseMode, isOpenid4vpAuthorizationRequestDcApi, parseJarmAuthorizationResponse, parseOpenid4vpAuthorizationRequestPayload, parseOpenid4vpAuthorizationResponse, parsePresentationsFromVpToken, parseTransactionData, resolveOpenid4vpAuthorizationRequest, submitOpenid4vpAuthorizationResponse, validateOpenid4vpAuthorizationRequestPayload, validateOpenid4vpAuthorizationResponse, verifyJarmAuthorizationResponse, zClientIdScheme, zClientMetadata, zCredentialFormat, zJarmClientMetadata, zOpenid4vpAuthorizationResponse, zProofFormat, zWalletMetadata };
package/dist/index.d.ts CHANGED
@@ -7803,7 +7803,7 @@ interface CreateOpenid4vpAuthorizationRequestOptions {
7803
7803
  scheme?: string;
7804
7804
  requestParams: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi;
7805
7805
  jar?: {
7806
- requestUri: string;
7806
+ requestUri?: string;
7807
7807
  jwtSigner: JwtSigner;
7808
7808
  additionalJwtPayload?: Record<string, unknown>;
7809
7809
  };
@@ -7917,7 +7917,7 @@ declare function createOpenid4vpAuthorizationRequest(options: CreateOpenid4vpAut
7917
7917
  x5u: zod.ZodOptional<zod.ZodString>;
7918
7918
  }, zod.ZodTypeAny, "passthrough"> | undefined;
7919
7919
  requestObjectJwt: string;
7920
- requestUri: string;
7920
+ requestUri?: string;
7921
7921
  jwtSigner: JwtSigner;
7922
7922
  additionalJwtPayload?: Record<string, unknown>;
7923
7923
  };
@@ -23341,7 +23341,7 @@ declare class Openid4vpVerifier {
23341
23341
  x5u: zod.ZodOptional<zod.ZodString>;
23342
23342
  }, zod.ZodTypeAny, "passthrough"> | undefined;
23343
23343
  requestObjectJwt: string;
23344
- requestUri: string;
23344
+ requestUri?: string;
23345
23345
  jwtSigner: _openid4vc_oauth2.JwtSigner;
23346
23346
  additionalJwtPayload?: Record<string, unknown>;
23347
23347
  };
@@ -31973,4 +31973,4 @@ type CredentialFormat = z.infer<typeof zCredentialFormat>;
31973
31973
  declare const zProofFormat: z.ZodEnum<["jwt_vp_json", "ldc_vp", "ac_vp", "dc+sd-jwt", "mso_mdoc"]>;
31974
31974
  type ProofFormat = z.infer<typeof zProofFormat>;
31975
31975
 
31976
- export { type ClientIdScheme, type ClientMetadata, type CreateOpenid4vpAuthorizationRequestOptions, type CreateOpenid4vpAuthorizationResponseOptions, type CreateOpenid4vpAuthorizationResponseResult, type CredentialFormat, type JarmClientMetadata, type Openid4vpAuthorizationRequest, type Openid4vpAuthorizationRequestDcApi, type Openid4vpAuthorizationResponse, Openid4vpClient, Openid4vpVerifier, type ParseJarmAuthorizationResponseOptions, type ParseOpenid4vpAuthRequestPayloadOptions, type ParseOpenid4vpAuthorizationResponseOptions, type ParsePresentationsFromVpTokenOptions, type ParseTransactionDataOptions, type ParsedOpenid4vpAuthorizationResponse, type ProofFormat, type ResolveOpenid4vpAuthorizationRequestOptions, type ResolvedOpenid4vpAuthRequest, type SubmitOpenid4vpAuthorizationResponseOptions, type TransactionDataEntry, type ValidateOpenid4VpAuthorizationResponseResult, type ValidateOpenid4VpDcqlAuthorizationResponseResult, type ValidateOpenid4VpPexAuthorizationResponseResult, type ValidateOpenid4vpAuthorizationRequestPayloadOptions, type ValidateOpenid4vpAuthorizationResponseOptions, type VerifyJarmAuthorizationResponseOptions, type VpTokenPresentationParseResult, type WalletMetadata, type WalletVerificationOptions, createOpenid4vpAuthorizationRequest, createOpenid4vpAuthorizationResponse, isJarmResponseMode, isOpenid4vpAuthorizationRequestDcApi, parseJarmAuthorizationResponse, parseOpenid4vpAuthorizationRequestPayload, parseOpenid4vpAuthorizationResponse, parsePresentationsFromVpToken, parseTransactionData, resolveOpenid4vpAuthorizationRequest, submitOpenid4vpAuthorizationResponse, validateOpenid4vpAuthorizationRequestPayload, validateOpenid4vpAuthorizationResponse, verifyJarmAuthorizationResponse, zClientIdScheme, zClientMetadata, zCredentialFormat, zJarmClientMetadata, zOpenid4vpAuthorizationResponse, zProofFormat, zWalletMetadata };
31976
+ export { type ClientIdScheme, type ClientMetadata, type CreateOpenid4vpAuthorizationRequestOptions, type CreateOpenid4vpAuthorizationResponseOptions, type CreateOpenid4vpAuthorizationResponseResult, type CredentialFormat, type JarmClientMetadata, JarmMode, type Openid4vpAuthorizationRequest, type Openid4vpAuthorizationRequestDcApi, type Openid4vpAuthorizationResponse, Openid4vpClient, Openid4vpVerifier, type ParseJarmAuthorizationResponseOptions, type ParseOpenid4vpAuthRequestPayloadOptions, type ParseOpenid4vpAuthorizationResponseOptions, type ParsePresentationsFromVpTokenOptions, type ParseTransactionDataOptions, type ParsedOpenid4vpAuthorizationResponse, type ProofFormat, type ResolveOpenid4vpAuthorizationRequestOptions, type ResolvedOpenid4vpAuthRequest, type SubmitOpenid4vpAuthorizationResponseOptions, type TransactionDataEntry, type ValidateOpenid4VpAuthorizationResponseResult, type ValidateOpenid4VpDcqlAuthorizationResponseResult, type ValidateOpenid4VpPexAuthorizationResponseResult, type ValidateOpenid4vpAuthorizationRequestPayloadOptions, type ValidateOpenid4vpAuthorizationResponseOptions, type VerifyJarmAuthorizationResponseOptions, type VpTokenPresentationParseResult, type WalletMetadata, type WalletVerificationOptions, createOpenid4vpAuthorizationRequest, createOpenid4vpAuthorizationResponse, isJarmResponseMode, isOpenid4vpAuthorizationRequestDcApi, parseJarmAuthorizationResponse, parseOpenid4vpAuthorizationRequestPayload, parseOpenid4vpAuthorizationResponse, parsePresentationsFromVpToken, parseTransactionData, resolveOpenid4vpAuthorizationRequest, submitOpenid4vpAuthorizationResponse, validateOpenid4vpAuthorizationRequestPayload, validateOpenid4vpAuthorizationResponse, verifyJarmAuthorizationResponse, zClientIdScheme, zClientMetadata, zCredentialFormat, zJarmClientMetadata, zOpenid4vpAuthorizationResponse, zProofFormat, zWalletMetadata };
package/dist/index.js CHANGED
@@ -633,7 +633,7 @@ function parseClientIdentifier(options, parserConfig) {
633
633
  error_description: 'Using client identifier scheme "redirect_uri" the request MUST NOT be signed.'
634
634
  });
635
635
  }
636
- if (isDcApiRequest) {
636
+ if (isOpenid4vpAuthorizationRequestDcApi(request)) {
637
637
  throw new import_oauth212.Oauth2ServerErrorResponseError({
638
638
  error: import_oauth212.Oauth2ErrorCodes.InvalidRequest,
639
639
  error_description: `The client identifier scheme 'redirect_uri' is not supported when using the dc_api response mode.`
@@ -709,12 +709,14 @@ function parseClientIdentifier(options, parserConfig) {
709
709
  error_description: "Invalid client identifier. Client identifier must be a valid DNS name."
710
710
  });
711
711
  }
712
- const requestUri = jar.authRequestParams.request_uri ?? jar.authRequestParams.response_uri;
713
- if (getDomainFromUrl(requestUri) !== identifierPart) {
714
- throw new import_oauth212.Oauth2ServerErrorResponseError({
715
- error: import_oauth212.Oauth2ErrorCodes.InvalidRequest,
716
- error_description: "Invalid client identifier. The fully qualified domain name of the redirect_uri value MUST match the Client Identifier without the prefix x509_san_dns."
717
- });
712
+ if (!isOpenid4vpAuthorizationRequestDcApi(request)) {
713
+ const uri = request.redirect_uri ?? request.response_uri;
714
+ if (!uri || getDomainFromUrl(uri) !== identifierPart) {
715
+ throw new import_oauth212.Oauth2ServerErrorResponseError({
716
+ error: import_oauth212.Oauth2ErrorCodes.InvalidRequest,
717
+ error_description: "Invalid client identifier. The fully qualified domain name of the redirect_uri value MUST match the Client Identifier without the prefix x509_san_dns."
718
+ });
719
+ }
718
720
  }
719
721
  } else if (scheme === "x509_san_uri") {
720
722
  if (!options.callbacks.getX509CertificateMetadata) {
@@ -734,11 +736,14 @@ function parseClientIdentifier(options, parserConfig) {
734
736
  error_description: "Invalid client identifier. Client identifier must be a valid URI."
735
737
  });
736
738
  }
737
- if ((jar.authRequestParams.request_uri ?? jar.authRequestParams.response_uri) !== identifierPart) {
738
- throw new import_oauth212.Oauth2ServerErrorResponseError({
739
- error: import_oauth212.Oauth2ErrorCodes.InvalidRequest,
740
- error_description: "The redirect_uri value MUST match the Client Identifier without the prefix x509_san_uri"
741
- });
739
+ if (!isOpenid4vpAuthorizationRequestDcApi(request)) {
740
+ const uri = request.redirect_uri || request.response_uri;
741
+ if (!uri || uri !== identifierPart) {
742
+ throw new import_oauth212.Oauth2ServerErrorResponseError({
743
+ error: import_oauth212.Oauth2ErrorCodes.InvalidRequest,
744
+ error_description: "The redirect_uri value MUST match the Client Identifier without the prefix x509_san_uri"
745
+ });
746
+ }
742
747
  }
743
748
  }
744
749
  return {
@@ -771,9 +776,16 @@ function parseClientIdentifier(options, parserConfig) {
771
776
  };
772
777
  }
773
778
  function getDomainFromUrl(url) {
774
- const regex = /[#/?]/;
775
- const domain = url.split("://")[1].split(regex)[0];
776
- return domain;
779
+ try {
780
+ const regex = /[#/?]/;
781
+ const domain = url.split("://")[1].split(regex)[0];
782
+ return domain;
783
+ } catch (error) {
784
+ throw new import_oauth212.Oauth2ServerErrorResponseError({
785
+ error: import_oauth212.Oauth2ErrorCodes.ServerError,
786
+ error_description: `Url '${url}' is not a valid URL`
787
+ });
788
+ }
777
789
  }
778
790
 
779
791
  // src/jar/handle-jar-request/verify-jar-request.ts