@openid4vc/openid4vp 0.3.0-alpha-20250401105222 → 0.3.0-alpha-20250404080256
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +9 -0
- package/dist/index.d.ts +9 -0
- package/dist/index.js +20 -8
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +20 -8
- package/dist/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/index.d.mts
CHANGED
|
@@ -15926,6 +15926,15 @@ type Openid4vpAuthorizationResponse = z.infer<typeof zOpenid4vpAuthorizationResp
|
|
|
15926
15926
|
|
|
15927
15927
|
interface CreateOpenid4vpAuthorizationResponseOptions {
|
|
15928
15928
|
authorizationRequestPayload: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi;
|
|
15929
|
+
/**
|
|
15930
|
+
* Optional client metadata to use for sending the authorization response. In case of e.g. OpenID Federation
|
|
15931
|
+
* the client metadata needs to be resolved and verified externally.
|
|
15932
|
+
*/
|
|
15933
|
+
clientMetadata?: ClientMetadata;
|
|
15934
|
+
/**
|
|
15935
|
+
* The origin of the reuqest, required when creating a response for the Digital Credentials API.
|
|
15936
|
+
*/
|
|
15937
|
+
origin?: string;
|
|
15929
15938
|
authorizationResponsePayload: Openid4vpAuthorizationResponse & {
|
|
15930
15939
|
state?: never;
|
|
15931
15940
|
};
|
package/dist/index.d.ts
CHANGED
|
@@ -15926,6 +15926,15 @@ type Openid4vpAuthorizationResponse = z.infer<typeof zOpenid4vpAuthorizationResp
|
|
|
15926
15926
|
|
|
15927
15927
|
interface CreateOpenid4vpAuthorizationResponseOptions {
|
|
15928
15928
|
authorizationRequestPayload: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi;
|
|
15929
|
+
/**
|
|
15930
|
+
* Optional client metadata to use for sending the authorization response. In case of e.g. OpenID Federation
|
|
15931
|
+
* the client metadata needs to be resolved and verified externally.
|
|
15932
|
+
*/
|
|
15933
|
+
clientMetadata?: ClientMetadata;
|
|
15934
|
+
/**
|
|
15935
|
+
* The origin of the reuqest, required when creating a response for the Digital Credentials API.
|
|
15936
|
+
*/
|
|
15937
|
+
origin?: string;
|
|
15929
15938
|
authorizationResponsePayload: Openid4vpAuthorizationResponse & {
|
|
15930
15939
|
state?: never;
|
|
15931
15940
|
};
|
package/dist/index.js
CHANGED
|
@@ -1428,11 +1428,17 @@ function jarmAssertMetadataSupported(options) {
|
|
|
1428
1428
|
|
|
1429
1429
|
// src/authorization-response/create-authorization-response.ts
|
|
1430
1430
|
async function createOpenid4vpAuthorizationResponse(options) {
|
|
1431
|
-
const { authorizationRequestPayload, jarm, callbacks } = options;
|
|
1431
|
+
const { authorizationRequestPayload, jarm, callbacks, origin } = options;
|
|
1432
1432
|
const authorizationResponsePayload = {
|
|
1433
1433
|
...options.authorizationResponsePayload,
|
|
1434
1434
|
state: authorizationRequestPayload.state
|
|
1435
1435
|
};
|
|
1436
|
+
const { clientIdScheme } = getOpenid4vpClientId({
|
|
1437
|
+
responseMode: authorizationRequestPayload.response_mode,
|
|
1438
|
+
clientId: authorizationRequestPayload.client_id,
|
|
1439
|
+
legacyClientIdScheme: authorizationRequestPayload.client_id_scheme,
|
|
1440
|
+
origin
|
|
1441
|
+
});
|
|
1436
1442
|
if (authorizationRequestPayload.response_mode && isJarmResponseMode(authorizationRequestPayload.response_mode) && !jarm) {
|
|
1437
1443
|
throw new import_oauth222.Oauth2Error(
|
|
1438
1444
|
`Missing jarm options for creating Jarm response with response mode '${authorizationRequestPayload.response_mode}'`
|
|
@@ -1443,14 +1449,20 @@ async function createOpenid4vpAuthorizationResponse(options) {
|
|
|
1443
1449
|
authorizationResponsePayload
|
|
1444
1450
|
};
|
|
1445
1451
|
}
|
|
1446
|
-
if (!
|
|
1452
|
+
if (clientIdScheme === "https" && !options.clientMetadata) {
|
|
1453
|
+
throw new import_oauth222.Oauth2Error(
|
|
1454
|
+
"When OpenID Federation is used as the client id scheme (https), passing externally fetched and verified 'clientMetadata' to the 'createOpenid4vpAuthorizationResponse' is required."
|
|
1455
|
+
);
|
|
1456
|
+
}
|
|
1457
|
+
const clientMetadata = options.clientMetadata ?? authorizationRequestPayload.client_metadata;
|
|
1458
|
+
if (!clientMetadata) {
|
|
1447
1459
|
throw new import_oauth222.Oauth2Error("Missing client metadata in the request params to assert Jarm metadata support.");
|
|
1448
1460
|
}
|
|
1449
1461
|
let jwks;
|
|
1450
|
-
if (
|
|
1451
|
-
jwks =
|
|
1452
|
-
} else if (
|
|
1453
|
-
jwks = await (0, import_oauth222.fetchJwks)(
|
|
1462
|
+
if (clientMetadata.jwks) {
|
|
1463
|
+
jwks = clientMetadata.jwks;
|
|
1464
|
+
} else if (clientMetadata.jwks_uri) {
|
|
1465
|
+
jwks = await (0, import_oauth222.fetchJwks)(clientMetadata.jwks_uri, options.callbacks.fetch);
|
|
1454
1466
|
} else {
|
|
1455
1467
|
throw new import_oauth222.Oauth2ServerErrorResponseError({
|
|
1456
1468
|
error: import_oauth222.Oauth2ErrorCodes.InvalidRequest,
|
|
@@ -1458,11 +1470,11 @@ async function createOpenid4vpAuthorizationResponse(options) {
|
|
|
1458
1470
|
});
|
|
1459
1471
|
}
|
|
1460
1472
|
const supportedJarmMetadata = jarmAssertMetadataSupported({
|
|
1461
|
-
clientMetadata
|
|
1473
|
+
clientMetadata,
|
|
1462
1474
|
serverMetadata: jarm.serverMetadata
|
|
1463
1475
|
});
|
|
1464
1476
|
const clientMetaJwks = extractJwksFromClientMetadata({
|
|
1465
|
-
...
|
|
1477
|
+
...clientMetadata,
|
|
1466
1478
|
jwks
|
|
1467
1479
|
});
|
|
1468
1480
|
if (!clientMetaJwks?.encJwk) {
|