@openid4vc/openid4vp 0.3.0-alpha-20250225095929 → 0.3.0-alpha-20250225204254

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +4 -4
  2. package/dist/index.d.ts +4 -4
  3. package/dist/index.js +27 -15
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +27 -15
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +3 -3
package/dist/index.mjs CHANGED
@@ -585,7 +585,7 @@ function parseClientIdentifier(options, parserConfig) {
585
585
  error_description: 'Using client identifier scheme "redirect_uri" the request MUST NOT be signed.'
586
586
  });
587
587
  }
588
- if (isDcApiRequest) {
588
+ if (isOpenid4vpAuthorizationRequestDcApi(request)) {
589
589
  throw new Oauth2ServerErrorResponseError4({
590
590
  error: Oauth2ErrorCodes3.InvalidRequest,
591
591
  error_description: `The client identifier scheme 'redirect_uri' is not supported when using the dc_api response mode.`
@@ -661,12 +661,14 @@ function parseClientIdentifier(options, parserConfig) {
661
661
  error_description: "Invalid client identifier. Client identifier must be a valid DNS name."
662
662
  });
663
663
  }
664
- const requestUri = jar.authRequestParams.request_uri ?? jar.authRequestParams.response_uri;
665
- if (getDomainFromUrl(requestUri) !== identifierPart) {
666
- throw new Oauth2ServerErrorResponseError4({
667
- error: Oauth2ErrorCodes3.InvalidRequest,
668
- error_description: "Invalid client identifier. The fully qualified domain name of the redirect_uri value MUST match the Client Identifier without the prefix x509_san_dns."
669
- });
664
+ if (!isOpenid4vpAuthorizationRequestDcApi(request)) {
665
+ const uri = request.redirect_uri ?? request.response_uri;
666
+ if (!uri || getDomainFromUrl(uri) !== identifierPart) {
667
+ throw new Oauth2ServerErrorResponseError4({
668
+ error: Oauth2ErrorCodes3.InvalidRequest,
669
+ error_description: "Invalid client identifier. The fully qualified domain name of the redirect_uri value MUST match the Client Identifier without the prefix x509_san_dns."
670
+ });
671
+ }
670
672
  }
671
673
  } else if (scheme === "x509_san_uri") {
672
674
  if (!options.callbacks.getX509CertificateMetadata) {
@@ -686,11 +688,14 @@ function parseClientIdentifier(options, parserConfig) {
686
688
  error_description: "Invalid client identifier. Client identifier must be a valid URI."
687
689
  });
688
690
  }
689
- if ((jar.authRequestParams.request_uri ?? jar.authRequestParams.response_uri) !== identifierPart) {
690
- throw new Oauth2ServerErrorResponseError4({
691
- error: Oauth2ErrorCodes3.InvalidRequest,
692
- error_description: "The redirect_uri value MUST match the Client Identifier without the prefix x509_san_uri"
693
- });
691
+ if (!isOpenid4vpAuthorizationRequestDcApi(request)) {
692
+ const uri = request.redirect_uri || request.response_uri;
693
+ if (!uri || uri !== identifierPart) {
694
+ throw new Oauth2ServerErrorResponseError4({
695
+ error: Oauth2ErrorCodes3.InvalidRequest,
696
+ error_description: "The redirect_uri value MUST match the Client Identifier without the prefix x509_san_uri"
697
+ });
698
+ }
694
699
  }
695
700
  }
696
701
  return {
@@ -723,9 +728,16 @@ function parseClientIdentifier(options, parserConfig) {
723
728
  };
724
729
  }
725
730
  function getDomainFromUrl(url) {
726
- const regex = /[#/?]/;
727
- const domain = url.split("://")[1].split(regex)[0];
728
- return domain;
731
+ try {
732
+ const regex = /[#/?]/;
733
+ const domain = url.split("://")[1].split(regex)[0];
734
+ return domain;
735
+ } catch (error) {
736
+ throw new Oauth2ServerErrorResponseError4({
737
+ error: Oauth2ErrorCodes3.ServerError,
738
+ error_description: `Url '${url}' is not a valid URL`
739
+ });
740
+ }
729
741
  }
730
742
 
731
743
  // src/jar/handle-jar-request/verify-jar-request.ts