@openid4vc/openid4vp 0.3.0-alpha-20250324175730 → 0.3.0-alpha-20250325212250

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.js +67 -63
  2. package/dist/index.js.map +1 -1
  3. package/dist/index.mjs +6 -2
  4. package/dist/index.mjs.map +1 -1
  5. package/package.json +3 -3
package/dist/index.mjs CHANGED
@@ -168,6 +168,7 @@ function isOpenid4vpAuthorizationRequestDcApi(request) {
168
168
  }
169
169
 
170
170
  // src/client-identifier-scheme/z-client-id-scheme.ts
171
+ import { getGlobalConfig } from "@openid4vc/utils";
171
172
  import { z as z6 } from "zod";
172
173
  var zClientIdScheme = z6.enum([
173
174
  "pre-registered",
@@ -181,7 +182,10 @@ var zClientIdScheme = z6.enum([
181
182
  ]);
182
183
  var zClientIdToClientIdScheme = z6.union(
183
184
  [
184
- z6.string({ message: "client_id MUST be a string" }).includes(":").transform((clientId) => clientId.split(":")[0]).pipe(zClientIdScheme.exclude(["pre-registered"])),
185
+ z6.string({ message: "client_id MUST be a string" }).includes(":").transform((clientId) => {
186
+ const clientIdScheme = clientId.split(":")[0];
187
+ return clientIdScheme === "http" && getGlobalConfig().allowInsecureUrls ? "https" : clientIdScheme;
188
+ }).pipe(zClientIdScheme.exclude(["pre-registered"])),
185
189
  z6.string().refine((clientId) => clientId.includes(":") === false).transform(() => "pre-registered")
186
190
  ],
187
191
  {
@@ -1070,7 +1074,7 @@ async function verifyJarRequest(options) {
1070
1074
  error_description: 'Jar Request Object is missing the required "client_id" field.'
1071
1075
  });
1072
1076
  }
1073
- if (jarRequestParams.client_id && jarRequestParams.client_id !== authorizationRequestPayload.client_id) {
1077
+ if (jarRequestParams.client_id !== authorizationRequestPayload.client_id) {
1074
1078
  throw new Oauth2ServerErrorResponseError8({
1075
1079
  error: Oauth2ErrorCodes7.InvalidRequest,
1076
1080
  error_description: "client_id does not match the request object client_id."