@openid4vc/openid4vp 0.3.0-alpha-20250321145547 → 0.3.0-alpha-20250321202313
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +4 -3
- package/dist/index.d.ts +4 -3
- package/dist/index.js +13 -7
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +13 -7
- package/dist/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/index.d.mts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import * as zod from 'zod';
|
|
2
2
|
import zod__default, { z } from 'zod';
|
|
3
3
|
import * as _openid4vc_oauth2 from '@openid4vc/oauth2';
|
|
4
|
-
import { Jwk, JwtSignerWithJwk, CallbackContext, JwtPayload, JwtSigner, JweEncryptor, HashAlgorithm } from '@openid4vc/oauth2';
|
|
4
|
+
import { Jwk, JwtSignerWithJwk, decodeJwt, CallbackContext, JwtPayload, JwtSigner, JweEncryptor, HashAlgorithm } from '@openid4vc/oauth2';
|
|
5
5
|
|
|
6
6
|
declare const zOpenid4vpAuthorizationRequest: z.ZodObject<{
|
|
7
7
|
response_type: z.ZodLiteral<"vp_token">;
|
|
@@ -7428,10 +7428,11 @@ declare const zJarRequestObjectPayload: z.ZodObject<{
|
|
|
7428
7428
|
type JarRequestObjectPayload = z.infer<typeof zJarRequestObjectPayload>;
|
|
7429
7429
|
|
|
7430
7430
|
interface VerifiedJarRequest {
|
|
7431
|
-
|
|
7431
|
+
authorizationRequestPayload: JarRequestObjectPayload;
|
|
7432
7432
|
sendBy: 'value' | 'reference';
|
|
7433
7433
|
decryptionJwk?: Jwk;
|
|
7434
7434
|
signer: JwtSignerWithJwk;
|
|
7435
|
+
jwt: ReturnType<typeof decodeJwt<undefined, typeof zJarRequestObjectPayload>>;
|
|
7435
7436
|
}
|
|
7436
7437
|
|
|
7437
7438
|
declare const zClientMetadata: z.ZodObject<{
|
|
@@ -15811,7 +15812,7 @@ interface ResolveOpenid4vpAuthorizationRequestOptions {
|
|
|
15811
15812
|
wallet?: WalletVerificationOptions;
|
|
15812
15813
|
origin?: string;
|
|
15813
15814
|
disableOriginValidation?: boolean;
|
|
15814
|
-
callbacks: Pick<CallbackContext, 'verifyJwt' | 'decryptJwe' | 'getX509CertificateMetadata'>;
|
|
15815
|
+
callbacks: Pick<CallbackContext, 'verifyJwt' | 'decryptJwe' | 'getX509CertificateMetadata' | 'fetch'>;
|
|
15815
15816
|
}
|
|
15816
15817
|
type ResolvedOpenid4vpAuthorizationRequest = {
|
|
15817
15818
|
transactionData?: ParsedTransactionDataEntry[];
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import * as zod from 'zod';
|
|
2
2
|
import zod__default, { z } from 'zod';
|
|
3
3
|
import * as _openid4vc_oauth2 from '@openid4vc/oauth2';
|
|
4
|
-
import { Jwk, JwtSignerWithJwk, CallbackContext, JwtPayload, JwtSigner, JweEncryptor, HashAlgorithm } from '@openid4vc/oauth2';
|
|
4
|
+
import { Jwk, JwtSignerWithJwk, decodeJwt, CallbackContext, JwtPayload, JwtSigner, JweEncryptor, HashAlgorithm } from '@openid4vc/oauth2';
|
|
5
5
|
|
|
6
6
|
declare const zOpenid4vpAuthorizationRequest: z.ZodObject<{
|
|
7
7
|
response_type: z.ZodLiteral<"vp_token">;
|
|
@@ -7428,10 +7428,11 @@ declare const zJarRequestObjectPayload: z.ZodObject<{
|
|
|
7428
7428
|
type JarRequestObjectPayload = z.infer<typeof zJarRequestObjectPayload>;
|
|
7429
7429
|
|
|
7430
7430
|
interface VerifiedJarRequest {
|
|
7431
|
-
|
|
7431
|
+
authorizationRequestPayload: JarRequestObjectPayload;
|
|
7432
7432
|
sendBy: 'value' | 'reference';
|
|
7433
7433
|
decryptionJwk?: Jwk;
|
|
7434
7434
|
signer: JwtSignerWithJwk;
|
|
7435
|
+
jwt: ReturnType<typeof decodeJwt<undefined, typeof zJarRequestObjectPayload>>;
|
|
7435
7436
|
}
|
|
7436
7437
|
|
|
7437
7438
|
declare const zClientMetadata: z.ZodObject<{
|
|
@@ -15811,7 +15812,7 @@ interface ResolveOpenid4vpAuthorizationRequestOptions {
|
|
|
15811
15812
|
wallet?: WalletVerificationOptions;
|
|
15812
15813
|
origin?: string;
|
|
15813
15814
|
disableOriginValidation?: boolean;
|
|
15814
|
-
callbacks: Pick<CallbackContext, 'verifyJwt' | 'decryptJwe' | 'getX509CertificateMetadata'>;
|
|
15815
|
+
callbacks: Pick<CallbackContext, 'verifyJwt' | 'decryptJwe' | 'getX509CertificateMetadata' | 'fetch'>;
|
|
15815
15816
|
}
|
|
15816
15817
|
type ResolvedOpenid4vpAuthorizationRequest = {
|
|
15817
15818
|
transactionData?: ParsedTransactionDataEntry[];
|
package/dist/index.js
CHANGED
|
@@ -1039,7 +1039,8 @@ async function verifyJarRequest(options) {
|
|
|
1039
1039
|
requestUri: jarRequestParams.request_uri,
|
|
1040
1040
|
clientIdentifierScheme,
|
|
1041
1041
|
method,
|
|
1042
|
-
wallet
|
|
1042
|
+
wallet,
|
|
1043
|
+
fetch: callbacks.fetch
|
|
1043
1044
|
});
|
|
1044
1045
|
const requestObjectIsEncrypted = import_oauth217.zCompactJwe.safeParse(requestObject).success;
|
|
1045
1046
|
const { decryptionJwk, payload: decryptedRequestObject } = requestObjectIsEncrypted ? await decryptJarRequest({ jwe: requestObject, callbacks }) : { payload: requestObject, decryptionJwk: void 0 };
|
|
@@ -1050,17 +1051,17 @@ async function verifyJarRequest(options) {
|
|
|
1050
1051
|
error_description: "Jar Request Object is not a valid JWS."
|
|
1051
1052
|
});
|
|
1052
1053
|
}
|
|
1053
|
-
const {
|
|
1054
|
+
const { authorizationRequestPayload, signer, jwt } = await verifyJarRequestObject({
|
|
1054
1055
|
decryptedRequestObject,
|
|
1055
1056
|
callbacks
|
|
1056
1057
|
});
|
|
1057
|
-
if (!
|
|
1058
|
+
if (!authorizationRequestPayload.client_id) {
|
|
1058
1059
|
throw new import_oauth217.Oauth2ServerErrorResponseError({
|
|
1059
1060
|
error: import_oauth217.Oauth2ErrorCodes.InvalidRequestObject,
|
|
1060
1061
|
error_description: 'Jar Request Object is missing the required "client_id" field.'
|
|
1061
1062
|
});
|
|
1062
1063
|
}
|
|
1063
|
-
if (jarRequestParams.client_id !==
|
|
1064
|
+
if (jarRequestParams.client_id !== authorizationRequestPayload.client_id) {
|
|
1064
1065
|
throw new import_oauth217.Oauth2ServerErrorResponseError({
|
|
1065
1066
|
error: import_oauth217.Oauth2ErrorCodes.InvalidRequest,
|
|
1066
1067
|
error_description: "client_id does not match the request object client_id."
|
|
@@ -1068,7 +1069,8 @@ async function verifyJarRequest(options) {
|
|
|
1068
1069
|
}
|
|
1069
1070
|
return {
|
|
1070
1071
|
sendBy,
|
|
1071
|
-
|
|
1072
|
+
jwt,
|
|
1073
|
+
authorizationRequestPayload,
|
|
1072
1074
|
signer,
|
|
1073
1075
|
decryptionJwk
|
|
1074
1076
|
};
|
|
@@ -1109,7 +1111,11 @@ async function verifyJarRequestObject(options) {
|
|
|
1109
1111
|
error_description: `Invalid Jar Request Object typ header. Expected "oauth-authz-req+jwt", received "${jwt.header.typ}".`
|
|
1110
1112
|
});
|
|
1111
1113
|
}
|
|
1112
|
-
return {
|
|
1114
|
+
return {
|
|
1115
|
+
signer,
|
|
1116
|
+
jwt,
|
|
1117
|
+
authorizationRequestPayload: jwt.payload
|
|
1118
|
+
};
|
|
1113
1119
|
}
|
|
1114
1120
|
|
|
1115
1121
|
// src/transaction-data/parse-transaction-data.ts
|
|
@@ -1157,7 +1163,7 @@ async function resolveOpenid4vpAuthorizationRequest(options) {
|
|
|
1157
1163
|
jar = await verifyJarRequest({ jarRequestParams: parsed, callbacks, wallet });
|
|
1158
1164
|
const parsedJarAuthorizationRequestPayload = (0, import_utils14.parseWithErrorHandling)(
|
|
1159
1165
|
import_zod14.default.union([zOpenid4vpAuthorizationRequestDcApi, zOpenid4vpAuthorizationRequest]),
|
|
1160
|
-
jar.
|
|
1166
|
+
jar.authorizationRequestPayload,
|
|
1161
1167
|
"Invalid authorization request. Could not parse jar request payload as openid4vp auth request."
|
|
1162
1168
|
);
|
|
1163
1169
|
authorizationRequestPayload = validateOpenId4vpAuthorizationRequestPayload({
|