@openid4vc/openid4vp 0.3.0-alpha-20250321130256 → 0.3.0-alpha-20250321132043
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +32 -11
- package/dist/index.d.ts +32 -11
- package/dist/index.js +63 -56
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +11 -4
- package/dist/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/index.d.mts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import * as zod from 'zod';
|
|
2
2
|
import zod__default, { z } from 'zod';
|
|
3
3
|
import * as _openid4vc_oauth2 from '@openid4vc/oauth2';
|
|
4
|
-
import { Jwk, JwtSignerWithJwk, CallbackContext, JwtSigner, HashAlgorithm } from '@openid4vc/oauth2';
|
|
4
|
+
import { Jwk, JwtSignerWithJwk, CallbackContext, JwtPayload, JwtSigner, JweEncryptor, HashAlgorithm } from '@openid4vc/oauth2';
|
|
5
5
|
|
|
6
6
|
declare const zOpenid4vpAuthorizationRequest: z.ZodObject<{
|
|
7
7
|
response_type: z.ZodLiteral<"vp_token">;
|
|
@@ -9263,6 +9263,25 @@ declare const zJarmClientMetadata: z.ZodObject<{
|
|
|
9263
9263
|
}>;
|
|
9264
9264
|
type JarmClientMetadata = z.infer<typeof zJarmClientMetadata>;
|
|
9265
9265
|
|
|
9266
|
+
interface CreateJarAuthorizationRequestOptions {
|
|
9267
|
+
authorizationRequestPayload: JwtPayload & {
|
|
9268
|
+
client_id?: string;
|
|
9269
|
+
};
|
|
9270
|
+
requestUri?: string;
|
|
9271
|
+
jwtSigner: JwtSigner;
|
|
9272
|
+
jweEncryptor?: JweEncryptor;
|
|
9273
|
+
callbacks: Pick<CallbackContext, 'signJwt' | 'encryptJwe'>;
|
|
9274
|
+
/**
|
|
9275
|
+
* Number of seconds after which the signed authorization request will expire
|
|
9276
|
+
*/
|
|
9277
|
+
expiresInSeconds: number;
|
|
9278
|
+
/**
|
|
9279
|
+
* Date that should be used as now. If not provided current date will be used.
|
|
9280
|
+
*/
|
|
9281
|
+
now?: Date;
|
|
9282
|
+
additionalJwtPayload?: Record<string, unknown>;
|
|
9283
|
+
}
|
|
9284
|
+
|
|
9266
9285
|
interface WalletVerificationOptions {
|
|
9267
9286
|
expectedNonce?: string;
|
|
9268
9287
|
metadata?: WalletMetadata;
|
|
@@ -9279,13 +9298,13 @@ declare const validateOpenid4vpAuthorizationRequestPayload: (options: ValidateOp
|
|
|
9279
9298
|
interface CreateOpenid4vpAuthorizationRequestOptions {
|
|
9280
9299
|
scheme?: string;
|
|
9281
9300
|
authorizationRequestPayload: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi;
|
|
9282
|
-
jar?:
|
|
9283
|
-
requestUri?: string;
|
|
9284
|
-
jwtSigner: JwtSigner;
|
|
9285
|
-
additionalJwtPayload?: Record<string, unknown>;
|
|
9286
|
-
};
|
|
9301
|
+
jar?: Pick<CreateJarAuthorizationRequestOptions, 'additionalJwtPayload' | 'requestUri' | 'jwtSigner' | 'expiresInSeconds'>;
|
|
9287
9302
|
wallet?: WalletVerificationOptions;
|
|
9288
9303
|
callbacks: Pick<CallbackContext, 'signJwt' | 'encryptJwe'>;
|
|
9304
|
+
/**
|
|
9305
|
+
* Date that should be used as now. If not provided current date will be used.
|
|
9306
|
+
*/
|
|
9307
|
+
now?: Date;
|
|
9289
9308
|
}
|
|
9290
9309
|
/**
|
|
9291
9310
|
* Creates an OpenID4VP authorization request, optionally with a JWT Secured Authorization Request (JAR)
|
|
@@ -11505,9 +11524,10 @@ declare function createOpenid4vpAuthorizationRequest(options: CreateOpenid4vpAut
|
|
|
11505
11524
|
x5u: zod.ZodOptional<zod.ZodString>;
|
|
11506
11525
|
}, zod.ZodTypeAny, "passthrough"> | undefined;
|
|
11507
11526
|
authorizationRequestJwt: string;
|
|
11508
|
-
|
|
11509
|
-
|
|
11510
|
-
|
|
11527
|
+
expiresInSeconds: number;
|
|
11528
|
+
requestUri?: string | undefined;
|
|
11529
|
+
jwtSigner: _openid4vc_oauth2.JwtSigner;
|
|
11530
|
+
additionalJwtPayload?: Record<string, unknown> | undefined;
|
|
11511
11531
|
};
|
|
11512
11532
|
} | {
|
|
11513
11533
|
authorizationRequestPayload: zod.objectOutputType<{
|
|
@@ -18457,9 +18477,10 @@ declare class Openid4vpVerifier {
|
|
|
18457
18477
|
x5u: zod.ZodOptional<zod.ZodString>;
|
|
18458
18478
|
}, zod.ZodTypeAny, "passthrough"> | undefined;
|
|
18459
18479
|
authorizationRequestJwt: string;
|
|
18460
|
-
|
|
18480
|
+
expiresInSeconds: number;
|
|
18481
|
+
requestUri?: string | undefined;
|
|
18461
18482
|
jwtSigner: _openid4vc_oauth2.JwtSigner;
|
|
18462
|
-
additionalJwtPayload?: Record<string, unknown
|
|
18483
|
+
additionalJwtPayload?: Record<string, unknown> | undefined;
|
|
18463
18484
|
};
|
|
18464
18485
|
} | {
|
|
18465
18486
|
authorizationRequestPayload: zod.objectOutputType<{
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import * as zod from 'zod';
|
|
2
2
|
import zod__default, { z } from 'zod';
|
|
3
3
|
import * as _openid4vc_oauth2 from '@openid4vc/oauth2';
|
|
4
|
-
import { Jwk, JwtSignerWithJwk, CallbackContext, JwtSigner, HashAlgorithm } from '@openid4vc/oauth2';
|
|
4
|
+
import { Jwk, JwtSignerWithJwk, CallbackContext, JwtPayload, JwtSigner, JweEncryptor, HashAlgorithm } from '@openid4vc/oauth2';
|
|
5
5
|
|
|
6
6
|
declare const zOpenid4vpAuthorizationRequest: z.ZodObject<{
|
|
7
7
|
response_type: z.ZodLiteral<"vp_token">;
|
|
@@ -9263,6 +9263,25 @@ declare const zJarmClientMetadata: z.ZodObject<{
|
|
|
9263
9263
|
}>;
|
|
9264
9264
|
type JarmClientMetadata = z.infer<typeof zJarmClientMetadata>;
|
|
9265
9265
|
|
|
9266
|
+
interface CreateJarAuthorizationRequestOptions {
|
|
9267
|
+
authorizationRequestPayload: JwtPayload & {
|
|
9268
|
+
client_id?: string;
|
|
9269
|
+
};
|
|
9270
|
+
requestUri?: string;
|
|
9271
|
+
jwtSigner: JwtSigner;
|
|
9272
|
+
jweEncryptor?: JweEncryptor;
|
|
9273
|
+
callbacks: Pick<CallbackContext, 'signJwt' | 'encryptJwe'>;
|
|
9274
|
+
/**
|
|
9275
|
+
* Number of seconds after which the signed authorization request will expire
|
|
9276
|
+
*/
|
|
9277
|
+
expiresInSeconds: number;
|
|
9278
|
+
/**
|
|
9279
|
+
* Date that should be used as now. If not provided current date will be used.
|
|
9280
|
+
*/
|
|
9281
|
+
now?: Date;
|
|
9282
|
+
additionalJwtPayload?: Record<string, unknown>;
|
|
9283
|
+
}
|
|
9284
|
+
|
|
9266
9285
|
interface WalletVerificationOptions {
|
|
9267
9286
|
expectedNonce?: string;
|
|
9268
9287
|
metadata?: WalletMetadata;
|
|
@@ -9279,13 +9298,13 @@ declare const validateOpenid4vpAuthorizationRequestPayload: (options: ValidateOp
|
|
|
9279
9298
|
interface CreateOpenid4vpAuthorizationRequestOptions {
|
|
9280
9299
|
scheme?: string;
|
|
9281
9300
|
authorizationRequestPayload: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi;
|
|
9282
|
-
jar?:
|
|
9283
|
-
requestUri?: string;
|
|
9284
|
-
jwtSigner: JwtSigner;
|
|
9285
|
-
additionalJwtPayload?: Record<string, unknown>;
|
|
9286
|
-
};
|
|
9301
|
+
jar?: Pick<CreateJarAuthorizationRequestOptions, 'additionalJwtPayload' | 'requestUri' | 'jwtSigner' | 'expiresInSeconds'>;
|
|
9287
9302
|
wallet?: WalletVerificationOptions;
|
|
9288
9303
|
callbacks: Pick<CallbackContext, 'signJwt' | 'encryptJwe'>;
|
|
9304
|
+
/**
|
|
9305
|
+
* Date that should be used as now. If not provided current date will be used.
|
|
9306
|
+
*/
|
|
9307
|
+
now?: Date;
|
|
9289
9308
|
}
|
|
9290
9309
|
/**
|
|
9291
9310
|
* Creates an OpenID4VP authorization request, optionally with a JWT Secured Authorization Request (JAR)
|
|
@@ -11505,9 +11524,10 @@ declare function createOpenid4vpAuthorizationRequest(options: CreateOpenid4vpAut
|
|
|
11505
11524
|
x5u: zod.ZodOptional<zod.ZodString>;
|
|
11506
11525
|
}, zod.ZodTypeAny, "passthrough"> | undefined;
|
|
11507
11526
|
authorizationRequestJwt: string;
|
|
11508
|
-
|
|
11509
|
-
|
|
11510
|
-
|
|
11527
|
+
expiresInSeconds: number;
|
|
11528
|
+
requestUri?: string | undefined;
|
|
11529
|
+
jwtSigner: _openid4vc_oauth2.JwtSigner;
|
|
11530
|
+
additionalJwtPayload?: Record<string, unknown> | undefined;
|
|
11511
11531
|
};
|
|
11512
11532
|
} | {
|
|
11513
11533
|
authorizationRequestPayload: zod.objectOutputType<{
|
|
@@ -18457,9 +18477,10 @@ declare class Openid4vpVerifier {
|
|
|
18457
18477
|
x5u: zod.ZodOptional<zod.ZodString>;
|
|
18458
18478
|
}, zod.ZodTypeAny, "passthrough"> | undefined;
|
|
18459
18479
|
authorizationRequestJwt: string;
|
|
18460
|
-
|
|
18480
|
+
expiresInSeconds: number;
|
|
18481
|
+
requestUri?: string | undefined;
|
|
18461
18482
|
jwtSigner: _openid4vc_oauth2.JwtSigner;
|
|
18462
|
-
additionalJwtPayload?: Record<string, unknown
|
|
18483
|
+
additionalJwtPayload?: Record<string, unknown> | undefined;
|
|
18463
18484
|
};
|
|
18464
18485
|
} | {
|
|
18465
18486
|
authorizationRequestPayload: zod.objectOutputType<{
|
package/dist/index.js
CHANGED
|
@@ -609,17 +609,24 @@ async function verifyJarmAuthorizationResponse(options) {
|
|
|
609
609
|
|
|
610
610
|
// src/authorization-request/create-authorization-request.ts
|
|
611
611
|
var import_oauth210 = require("@openid4vc/oauth2");
|
|
612
|
-
var
|
|
612
|
+
var import_utils8 = require("@openid4vc/utils");
|
|
613
613
|
|
|
614
614
|
// src/jar/create-jar-authorization-request.ts
|
|
615
615
|
var import_oauth27 = require("@openid4vc/oauth2");
|
|
616
|
+
var import_utils6 = require("@openid4vc/utils");
|
|
616
617
|
async function createJarAuthorizationRequest(options) {
|
|
617
618
|
const { jwtSigner, jweEncryptor, authorizationRequestPayload, requestUri, callbacks } = options;
|
|
618
619
|
let authorizationRequestJwt;
|
|
619
620
|
let encryptionJwk;
|
|
621
|
+
const now = options.now ?? /* @__PURE__ */ new Date();
|
|
620
622
|
const { jwt, signerJwk } = await callbacks.signJwt(jwtSigner, {
|
|
621
623
|
header: { ...(0, import_oauth27.jwtHeaderFromJwtSigner)(jwtSigner), typ: "oauth-authz-req+jwt" },
|
|
622
|
-
payload: {
|
|
624
|
+
payload: {
|
|
625
|
+
iat: (0, import_utils6.dateToSeconds)(now),
|
|
626
|
+
exp: (0, import_utils6.dateToSeconds)((0, import_utils6.addSecondsToDate)(now, options.expiresInSeconds)),
|
|
627
|
+
...options.additionalJwtPayload,
|
|
628
|
+
...authorizationRequestPayload
|
|
629
|
+
}
|
|
623
630
|
});
|
|
624
631
|
authorizationRequestJwt = jwt;
|
|
625
632
|
if (jweEncryptor) {
|
|
@@ -634,7 +641,7 @@ async function createJarAuthorizationRequest(options) {
|
|
|
634
641
|
|
|
635
642
|
// src/authorization-request/validate-authorization-request.ts
|
|
636
643
|
var import_oauth28 = require("@openid4vc/oauth2");
|
|
637
|
-
var
|
|
644
|
+
var import_utils7 = require("@openid4vc/utils");
|
|
638
645
|
var validateOpenid4vpAuthorizationRequestPayload = (options) => {
|
|
639
646
|
const { params, walletVerificationOptions } = options;
|
|
640
647
|
if (!params.redirect_uri && !params.response_uri) {
|
|
@@ -669,7 +676,7 @@ var validateOpenid4vpAuthorizationRequestPayload = (options) => {
|
|
|
669
676
|
error_description: `The 'request_uri_method' parameter MUST be 'GET' or 'POST'. Current: ${params.request_uri_method}`
|
|
670
677
|
});
|
|
671
678
|
}
|
|
672
|
-
if (params.trust_chain && !
|
|
679
|
+
if (params.trust_chain && !import_utils7.zHttpsUrl.safeParse(params.client_id).success) {
|
|
673
680
|
throw new import_oauth28.Oauth2ServerErrorResponseError({
|
|
674
681
|
error: import_oauth28.Oauth2ErrorCodes.InvalidRequest,
|
|
675
682
|
error_description: 'The "trust_chain" parameter MUST NOT be present in the authorization request if the "client_id" is not an OpenId Federation Entity Identifier starting with http:// or https://.'
|
|
@@ -733,7 +740,7 @@ async function createOpenid4vpAuthorizationRequest(options) {
|
|
|
733
740
|
let additionalJwtPayload;
|
|
734
741
|
let authorizationRequestPayload;
|
|
735
742
|
if (isOpenid4vpAuthorizationRequestDcApi(options.authorizationRequestPayload)) {
|
|
736
|
-
authorizationRequestPayload = (0,
|
|
743
|
+
authorizationRequestPayload = (0, import_utils8.parseWithErrorHandling)(
|
|
737
744
|
zOpenid4vpAuthorizationRequestDcApi,
|
|
738
745
|
options.authorizationRequestPayload,
|
|
739
746
|
"Invalid authorization request. Could not parse openid4vp dc_api authorization request."
|
|
@@ -749,7 +756,7 @@ async function createOpenid4vpAuthorizationRequest(options) {
|
|
|
749
756
|
disableOriginValidation: true
|
|
750
757
|
});
|
|
751
758
|
} else {
|
|
752
|
-
authorizationRequestPayload = (0,
|
|
759
|
+
authorizationRequestPayload = (0, import_utils8.parseWithErrorHandling)(
|
|
753
760
|
zOpenid4vpAuthorizationRequest,
|
|
754
761
|
options.authorizationRequestPayload,
|
|
755
762
|
"Invalid authorization request. Could not parse openid4vp authorization request."
|
|
@@ -769,10 +776,10 @@ async function createOpenid4vpAuthorizationRequest(options) {
|
|
|
769
776
|
additionalJwtPayload,
|
|
770
777
|
callbacks
|
|
771
778
|
});
|
|
772
|
-
const url2 = new
|
|
773
|
-
url2.search = `?${new
|
|
779
|
+
const url2 = new import_utils8.URL(scheme);
|
|
780
|
+
url2.search = `?${new import_utils8.URLSearchParams([
|
|
774
781
|
...url2.searchParams.entries(),
|
|
775
|
-
...(0,
|
|
782
|
+
...(0, import_utils8.objectToQueryParams)(jarResult.jarAuthorizationRequest).entries()
|
|
776
783
|
]).toString()}`;
|
|
777
784
|
return {
|
|
778
785
|
authorizationRequestPayload,
|
|
@@ -781,10 +788,10 @@ async function createOpenid4vpAuthorizationRequest(options) {
|
|
|
781
788
|
jar: { ...jar, ...jarResult }
|
|
782
789
|
};
|
|
783
790
|
}
|
|
784
|
-
const url = new
|
|
785
|
-
url.search = `?${new
|
|
791
|
+
const url = new import_utils8.URL(scheme);
|
|
792
|
+
url.search = `?${new import_utils8.URLSearchParams([
|
|
786
793
|
...url.searchParams.entries(),
|
|
787
|
-
...(0,
|
|
794
|
+
...(0, import_utils8.objectToQueryParams)(authorizationRequestPayload).entries()
|
|
788
795
|
]).toString()}`;
|
|
789
796
|
return {
|
|
790
797
|
authorizationRequestPayload,
|
|
@@ -796,16 +803,16 @@ async function createOpenid4vpAuthorizationRequest(options) {
|
|
|
796
803
|
|
|
797
804
|
// src/authorization-request/parse-authorization-request-params.ts
|
|
798
805
|
var import_oauth212 = require("@openid4vc/oauth2");
|
|
799
|
-
var
|
|
806
|
+
var import_utils10 = require("@openid4vc/utils");
|
|
800
807
|
var import_zod10 = __toESM(require("zod"));
|
|
801
808
|
|
|
802
809
|
// src/jar/z-jar-authorization-request.ts
|
|
803
810
|
var import_oauth211 = require("@openid4vc/oauth2");
|
|
804
|
-
var
|
|
811
|
+
var import_utils9 = require("@openid4vc/utils");
|
|
805
812
|
var import_zod9 = require("zod");
|
|
806
813
|
var zJarAuthorizationRequest = import_zod9.z.object({
|
|
807
814
|
request: import_zod9.z.optional(import_zod9.z.string()),
|
|
808
|
-
request_uri: import_zod9.z.optional(
|
|
815
|
+
request_uri: import_zod9.z.optional(import_utils9.zHttpsUrl),
|
|
809
816
|
request_uri_method: import_zod9.z.optional(import_zod9.z.string()),
|
|
810
817
|
client_id: import_zod9.z.optional(import_zod9.z.string())
|
|
811
818
|
}).passthrough();
|
|
@@ -836,7 +843,7 @@ function parseOpenid4vpAuthorizationRequest(options) {
|
|
|
836
843
|
let params;
|
|
837
844
|
if (typeof authorizationRequest === "string") {
|
|
838
845
|
if (authorizationRequest.includes("://")) {
|
|
839
|
-
params = (0,
|
|
846
|
+
params = (0, import_utils10.parseWithErrorHandling)(
|
|
840
847
|
zOpenid4vpAuthorizationRequestFromUriParams,
|
|
841
848
|
authorizationRequest,
|
|
842
849
|
"Unable to parse openid4vp authorization request uri to a valid object"
|
|
@@ -850,7 +857,7 @@ function parseOpenid4vpAuthorizationRequest(options) {
|
|
|
850
857
|
} else {
|
|
851
858
|
params = authorizationRequest;
|
|
852
859
|
}
|
|
853
|
-
const parsedRequest = (0,
|
|
860
|
+
const parsedRequest = (0, import_utils10.parseWithErrorHandling)(
|
|
854
861
|
import_zod10.default.union([zOpenid4vpAuthorizationRequest, zJarAuthorizationRequest, zOpenid4vpAuthorizationRequestDcApi]),
|
|
855
862
|
params
|
|
856
863
|
);
|
|
@@ -877,19 +884,19 @@ function parseOpenid4vpAuthorizationRequest(options) {
|
|
|
877
884
|
|
|
878
885
|
// src/authorization-request/resolve-authorization-request.ts
|
|
879
886
|
var import_oauth219 = require("@openid4vc/oauth2");
|
|
880
|
-
var
|
|
887
|
+
var import_utils14 = require("@openid4vc/utils");
|
|
881
888
|
var import_zod14 = __toESM(require("zod"));
|
|
882
889
|
|
|
883
890
|
// src/fetch-client-metadata.ts
|
|
884
891
|
var import_oauth213 = require("@openid4vc/oauth2");
|
|
885
|
-
var
|
|
892
|
+
var import_utils11 = require("@openid4vc/utils");
|
|
886
893
|
async function fetchClientMetadata(options) {
|
|
887
894
|
const { fetch, clientMetadataUri } = options;
|
|
888
|
-
const fetcher = (0,
|
|
889
|
-
const { result, response } = await fetcher(zClientMetadata,
|
|
895
|
+
const fetcher = (0, import_utils11.createZodFetcher)(fetch);
|
|
896
|
+
const { result, response } = await fetcher(zClientMetadata, import_utils11.ContentType.Json, clientMetadataUri, {
|
|
890
897
|
method: "GET",
|
|
891
898
|
headers: {
|
|
892
|
-
Accept:
|
|
899
|
+
Accept: import_utils11.ContentType.Json
|
|
893
900
|
}
|
|
894
901
|
});
|
|
895
902
|
if (!response.ok) {
|
|
@@ -974,23 +981,23 @@ function parseAuthorizationRequestVersion(request) {
|
|
|
974
981
|
|
|
975
982
|
// src/jar/jar-request-object/fetch-jar-request-object.ts
|
|
976
983
|
var import_oauth215 = require("@openid4vc/oauth2");
|
|
977
|
-
var
|
|
984
|
+
var import_utils12 = require("@openid4vc/utils");
|
|
978
985
|
var import_zod11 = require("zod");
|
|
979
986
|
async function fetchJarRequestObject(options) {
|
|
980
987
|
const { requestUri, clientIdentifierScheme, method, wallet, fetch } = options;
|
|
981
|
-
const fetcher = (0,
|
|
988
|
+
const fetcher = (0, import_utils12.createZodFetcher)(fetch);
|
|
982
989
|
let requestBody = wallet.metadata ? { wallet_metadata: wallet.metadata, wallet_nonce: wallet.nonce } : void 0;
|
|
983
990
|
if (requestBody?.wallet_metadata?.request_object_signing_alg_values_supported && clientIdentifierScheme === "redirect_uri") {
|
|
984
991
|
const { request_object_signing_alg_values_supported, ...rest } = requestBody.wallet_metadata;
|
|
985
992
|
requestBody = { ...requestBody, wallet_metadata: { ...rest } };
|
|
986
993
|
}
|
|
987
|
-
const { result, response } = await fetcher(import_zod11.z.string(),
|
|
994
|
+
const { result, response } = await fetcher(import_zod11.z.string(), import_utils12.ContentType.OAuthAuthorizationRequestJwt, requestUri, {
|
|
988
995
|
method,
|
|
989
996
|
headers: {
|
|
990
|
-
Accept: `${
|
|
991
|
-
"Content-Type":
|
|
997
|
+
Accept: `${import_utils12.ContentType.OAuthAuthorizationRequestJwt}, ${import_utils12.ContentType.Jwt};q=0.9`,
|
|
998
|
+
"Content-Type": import_utils12.ContentType.XWwwFormUrlencoded
|
|
992
999
|
},
|
|
993
|
-
body: method === "POST" ? (0,
|
|
1000
|
+
body: method === "POST" ? (0, import_utils12.objectToQueryParams)(wallet.metadata ?? {}) : void 0
|
|
994
1001
|
});
|
|
995
1002
|
if (!response.ok) {
|
|
996
1003
|
throw new import_oauth215.Oauth2ServerErrorResponseError({
|
|
@@ -1107,7 +1114,7 @@ async function verifyJarRequestObject(options) {
|
|
|
1107
1114
|
|
|
1108
1115
|
// src/transaction-data/parse-transaction-data.ts
|
|
1109
1116
|
var import_oauth218 = require("@openid4vc/oauth2");
|
|
1110
|
-
var
|
|
1117
|
+
var import_utils13 = require("@openid4vc/utils");
|
|
1111
1118
|
|
|
1112
1119
|
// src/transaction-data/z-transaction-data.ts
|
|
1113
1120
|
var import_zod13 = require("zod");
|
|
@@ -1121,7 +1128,7 @@ var zTransactionData = import_zod13.z.array(zTransactionEntry);
|
|
|
1121
1128
|
// src/transaction-data/parse-transaction-data.ts
|
|
1122
1129
|
function parseTransactionData(options) {
|
|
1123
1130
|
const { transactionData } = options;
|
|
1124
|
-
const decoded = transactionData.map((tdEntry) => (0,
|
|
1131
|
+
const decoded = transactionData.map((tdEntry) => (0, import_utils13.parseIfJson)((0, import_utils13.encodeToUtf8String)((0, import_utils13.decodeBase64)(tdEntry))));
|
|
1125
1132
|
const parsedResult = zTransactionData.safeParse(decoded);
|
|
1126
1133
|
if (!parsedResult.success) {
|
|
1127
1134
|
throw new import_oauth218.Oauth2ServerErrorResponseError({
|
|
@@ -1140,7 +1147,7 @@ function parseTransactionData(options) {
|
|
|
1140
1147
|
async function resolveOpenid4vpAuthorizationRequest(options) {
|
|
1141
1148
|
const { wallet, callbacks, origin, disableOriginValidation } = options;
|
|
1142
1149
|
let authorizationRequestPayload;
|
|
1143
|
-
const parsed = (0,
|
|
1150
|
+
const parsed = (0, import_utils14.parseWithErrorHandling)(
|
|
1144
1151
|
import_zod14.default.union([zOpenid4vpAuthorizationRequestDcApi, zOpenid4vpAuthorizationRequest, zJarAuthorizationRequest]),
|
|
1145
1152
|
options.authorizationRequestPayload,
|
|
1146
1153
|
"Invalid authorization request. Could not parse openid4vp authorization request as openid4vp or jar auth request."
|
|
@@ -1148,7 +1155,7 @@ async function resolveOpenid4vpAuthorizationRequest(options) {
|
|
|
1148
1155
|
let jar;
|
|
1149
1156
|
if (isJarAuthorizationRequest(parsed)) {
|
|
1150
1157
|
jar = await verifyJarRequest({ jarRequestParams: parsed, callbacks, wallet });
|
|
1151
|
-
const parsedJarAuthorizationRequestPayload = (0,
|
|
1158
|
+
const parsedJarAuthorizationRequestPayload = (0, import_utils14.parseWithErrorHandling)(
|
|
1152
1159
|
import_zod14.default.union([zOpenid4vpAuthorizationRequestDcApi, zOpenid4vpAuthorizationRequest]),
|
|
1153
1160
|
jar.authorizationRequestParams,
|
|
1154
1161
|
"Invalid authorization request. Could not parse jar request payload as openid4vp auth request."
|
|
@@ -1229,10 +1236,10 @@ function validateOpenId4vpAuthorizationRequestPayload(options) {
|
|
|
1229
1236
|
|
|
1230
1237
|
// src/authorization-response/create-authorization-response.ts
|
|
1231
1238
|
var import_oauth222 = require("@openid4vc/oauth2");
|
|
1232
|
-
var
|
|
1239
|
+
var import_utils15 = require("@openid4vc/utils");
|
|
1233
1240
|
|
|
1234
1241
|
// ../utils/src/date.ts
|
|
1235
|
-
function
|
|
1242
|
+
function addSecondsToDate2(date, seconds) {
|
|
1236
1243
|
return new Date(date.getTime() + seconds * 1e3);
|
|
1237
1244
|
}
|
|
1238
1245
|
|
|
@@ -1373,7 +1380,7 @@ async function createOpenid4vpAuthorizationResponse(options) {
|
|
|
1373
1380
|
additionalJwtPayload = {
|
|
1374
1381
|
iss: jarm.authorizationServer,
|
|
1375
1382
|
aud: jarm.audience,
|
|
1376
|
-
exp: jarm.expiresInSeconds ?? (0,
|
|
1383
|
+
exp: jarm.expiresInSeconds ?? (0, import_utils15.dateToSeconds)(addSecondsToDate2(/* @__PURE__ */ new Date(), 60 * 10))
|
|
1377
1384
|
// default: 10 minutes
|
|
1378
1385
|
};
|
|
1379
1386
|
}
|
|
@@ -1405,25 +1412,25 @@ async function createOpenid4vpAuthorizationResponse(options) {
|
|
|
1405
1412
|
|
|
1406
1413
|
// src/authorization-response/submit-authorization-response.ts
|
|
1407
1414
|
var import_oauth224 = require("@openid4vc/oauth2");
|
|
1408
|
-
var import_utils16 = require("@openid4vc/utils");
|
|
1409
1415
|
var import_utils17 = require("@openid4vc/utils");
|
|
1416
|
+
var import_utils18 = require("@openid4vc/utils");
|
|
1410
1417
|
|
|
1411
1418
|
// src/jarm/jarm-authorizatino-response-send.ts
|
|
1412
1419
|
var import_oauth223 = require("@openid4vc/oauth2");
|
|
1413
|
-
var
|
|
1420
|
+
var import_utils16 = require("@openid4vc/utils");
|
|
1414
1421
|
var jarmAuthorizationResponseSend = (options) => {
|
|
1415
1422
|
const { authorizationRequestPayload, jarmAuthorizationResponseJwt, callbacks } = options;
|
|
1416
1423
|
const responseEndpoint = authorizationRequestPayload.response_uri ?? authorizationRequestPayload.redirect_uri;
|
|
1417
1424
|
if (!responseEndpoint) {
|
|
1418
1425
|
throw new import_oauth223.Oauth2Error(`Either 'response_uri' or 'redirect_uri' MUST be present in the authorization request`);
|
|
1419
1426
|
}
|
|
1420
|
-
const responseEndpointUrl = new
|
|
1427
|
+
const responseEndpointUrl = new import_utils16.URL(responseEndpoint);
|
|
1421
1428
|
return handleDirectPostJwt(responseEndpointUrl, jarmAuthorizationResponseJwt, callbacks);
|
|
1422
1429
|
};
|
|
1423
1430
|
async function handleDirectPostJwt(responseEndpoint, responseJwt, callbacks) {
|
|
1424
|
-
const response = await (callbacks.fetch ??
|
|
1431
|
+
const response = await (callbacks.fetch ?? import_utils16.defaultFetcher)(responseEndpoint, {
|
|
1425
1432
|
method: "POST",
|
|
1426
|
-
headers: { "Content-Type":
|
|
1433
|
+
headers: { "Content-Type": import_utils16.ContentType.XWwwFormUrlencoded },
|
|
1427
1434
|
body: `response=${responseJwt}`
|
|
1428
1435
|
});
|
|
1429
1436
|
return {
|
|
@@ -1448,13 +1455,13 @@ async function submitOpenid4vpAuthorizationResponse(options) {
|
|
|
1448
1455
|
"Failed to submit OpenId4Vp Authorization Response. No redirect_uri or response_uri provided."
|
|
1449
1456
|
);
|
|
1450
1457
|
}
|
|
1451
|
-
const fetch = callbacks.fetch ??
|
|
1452
|
-
const encodedResponse = (0,
|
|
1458
|
+
const fetch = callbacks.fetch ?? import_utils17.defaultFetcher;
|
|
1459
|
+
const encodedResponse = (0, import_utils18.objectToQueryParams)(authorizationResponsePayload);
|
|
1453
1460
|
const submissionResponse = await fetch(url, {
|
|
1454
1461
|
method: "POST",
|
|
1455
1462
|
body: encodedResponse,
|
|
1456
1463
|
headers: {
|
|
1457
|
-
"Content-Type":
|
|
1464
|
+
"Content-Type": import_utils17.ContentType.XWwwFormUrlencoded
|
|
1458
1465
|
}
|
|
1459
1466
|
});
|
|
1460
1467
|
return {
|
|
@@ -1467,7 +1474,7 @@ async function submitOpenid4vpAuthorizationResponse(options) {
|
|
|
1467
1474
|
var import_oauth225 = require("@openid4vc/oauth2");
|
|
1468
1475
|
|
|
1469
1476
|
// src/vp-token/parse-vp-token.ts
|
|
1470
|
-
var
|
|
1477
|
+
var import_utils19 = require("@openid4vc/utils");
|
|
1471
1478
|
|
|
1472
1479
|
// src/vp-token/z-vp-token.ts
|
|
1473
1480
|
var import_zod16 = require("zod");
|
|
@@ -1487,17 +1494,17 @@ var zVpToken = zVpTokenDcql.or(zVpTokenPex);
|
|
|
1487
1494
|
|
|
1488
1495
|
// src/vp-token/parse-vp-token.ts
|
|
1489
1496
|
function parsePexVpToken(vpToken) {
|
|
1490
|
-
const parsedVpToken = (0,
|
|
1497
|
+
const parsedVpToken = (0, import_utils19.parseWithErrorHandling)(
|
|
1491
1498
|
zVpTokenPex,
|
|
1492
|
-
(0,
|
|
1499
|
+
(0, import_utils19.parseIfJson)(vpToken),
|
|
1493
1500
|
"Could not parse presentation exchange vp_token. Expected a string or an array of strings"
|
|
1494
1501
|
);
|
|
1495
1502
|
return Array.isArray(parsedVpToken) ? parsedVpToken : [parsedVpToken];
|
|
1496
1503
|
}
|
|
1497
1504
|
function parseDcqlVpToken(vpToken) {
|
|
1498
|
-
return (0,
|
|
1505
|
+
return (0, import_utils19.parseWithErrorHandling)(
|
|
1499
1506
|
zVpTokenDcql,
|
|
1500
|
-
(0,
|
|
1507
|
+
(0, import_utils19.parseIfJson)(vpToken),
|
|
1501
1508
|
"Could not parse dcql vp_token. Expected an object where the values are encoded presentations"
|
|
1502
1509
|
);
|
|
1503
1510
|
}
|
|
@@ -1550,10 +1557,10 @@ function validateOpenid4vpAuthorizationResponsePayload(options) {
|
|
|
1550
1557
|
var import_oauth227 = require("@openid4vc/oauth2");
|
|
1551
1558
|
|
|
1552
1559
|
// src/authorization-response/parse-authorization-response-payload.ts
|
|
1553
|
-
var
|
|
1560
|
+
var import_utils21 = require("@openid4vc/utils");
|
|
1554
1561
|
|
|
1555
1562
|
// src/authorization-response/z-authorization-response.ts
|
|
1556
|
-
var
|
|
1563
|
+
var import_utils20 = require("@openid4vc/utils");
|
|
1557
1564
|
var import_zod18 = require("zod");
|
|
1558
1565
|
|
|
1559
1566
|
// src/models/z-pex.ts
|
|
@@ -1566,7 +1573,7 @@ var zOpenid4vpAuthorizationResponse = import_zod18.z.object({
|
|
|
1566
1573
|
state: import_zod18.z.string().optional(),
|
|
1567
1574
|
id_token: import_zod18.z.string().optional(),
|
|
1568
1575
|
vp_token: zVpToken,
|
|
1569
|
-
presentation_submission: zPexPresentationSubmission.or(
|
|
1576
|
+
presentation_submission: zPexPresentationSubmission.or(import_utils20.zStringToJson).optional(),
|
|
1570
1577
|
refresh_token: import_zod18.z.string().optional(),
|
|
1571
1578
|
token_type: import_zod18.z.string().optional(),
|
|
1572
1579
|
access_token: import_zod18.z.string().optional(),
|
|
@@ -1575,7 +1582,7 @@ var zOpenid4vpAuthorizationResponse = import_zod18.z.object({
|
|
|
1575
1582
|
|
|
1576
1583
|
// src/authorization-response/parse-authorization-response-payload.ts
|
|
1577
1584
|
function parseOpenid4VpAuthorizationResponsePayload(payload) {
|
|
1578
|
-
return (0,
|
|
1585
|
+
return (0, import_utils21.parseWithErrorHandling)(
|
|
1579
1586
|
zOpenid4vpAuthorizationResponse,
|
|
1580
1587
|
payload,
|
|
1581
1588
|
"Failed to parse openid4vp authorization response."
|
|
@@ -1584,11 +1591,11 @@ function parseOpenid4VpAuthorizationResponsePayload(payload) {
|
|
|
1584
1591
|
|
|
1585
1592
|
// src/authorization-response/parse-jarm-authorization-response.ts
|
|
1586
1593
|
var import_oauth226 = require("@openid4vc/oauth2");
|
|
1587
|
-
var
|
|
1594
|
+
var import_utils22 = require("@openid4vc/utils");
|
|
1588
1595
|
var import_zod19 = __toESM(require("zod"));
|
|
1589
1596
|
async function parseJarmAuthorizationResponse(options) {
|
|
1590
1597
|
const { jarmResponseJwt, callbacks, authorizationRequestPayload, expectedClientId } = options;
|
|
1591
|
-
const jarmAuthorizationResponseJwt = (0,
|
|
1598
|
+
const jarmAuthorizationResponseJwt = (0, import_utils22.parseWithErrorHandling)(
|
|
1592
1599
|
import_zod19.default.union([import_oauth226.zCompactJwt, import_oauth226.zCompactJwe]),
|
|
1593
1600
|
jarmResponseJwt,
|
|
1594
1601
|
"Invalid jarm authorization response jwt."
|
|
@@ -1685,7 +1692,7 @@ var Openid4vpClient = class {
|
|
|
1685
1692
|
|
|
1686
1693
|
// src/transaction-data/verify-transaction-data.ts
|
|
1687
1694
|
var import_oauth228 = require("@openid4vc/oauth2");
|
|
1688
|
-
var
|
|
1695
|
+
var import_utils23 = require("@openid4vc/utils");
|
|
1689
1696
|
async function verifyTransactionData(options) {
|
|
1690
1697
|
const parsedTransactionData = parseTransactionData({
|
|
1691
1698
|
transactionData: options.transactionData
|
|
@@ -1712,7 +1719,7 @@ async function verifyTransactionDataEntry({
|
|
|
1712
1719
|
);
|
|
1713
1720
|
const hashes = {};
|
|
1714
1721
|
for (const alg of supportedAlgs) {
|
|
1715
|
-
hashes[alg] = (0,
|
|
1722
|
+
hashes[alg] = (0, import_utils23.encodeToBase64Url)(await callbacks.hash((0, import_utils23.decodeUtf8String)(entry.encoded), alg));
|
|
1716
1723
|
}
|
|
1717
1724
|
for (const credentialId of entry.transactionData.credential_ids) {
|
|
1718
1725
|
const transactionDataHashesCredential = credentials[credentialId];
|