npm - @openid4vc/openid4vp - Versions diffs - 0.3.0-alpha-20251107130226 → 0.3.0-alpha-20251110114129 - Mend

@openid4vc/openid4vp 0.3.0-alpha-20251107130226 → 0.3.0-alpha-20251110114129

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -26,57 +26,6 @@ let __openid4vc_utils = require("@openid4vc/utils");
 let zod = require("zod");
 zod = __toESM(zod);
-//#region src/jar/create-jar-authorization-request.ts
-/**
-* Creates a JAR (JWT Authorization Request) request object.
-*
-* @param options - The input parameters
-* @param options.authorizationRequestPayload - The authorization request parameters
-* @param options.jwtSigner - The JWT signer
-* @param options.jweEncryptor - The JWE encryptor (optional) if provided, the request object will be encrypted
-* @param options.requestUri - The request URI (optional) if provided, the request object needs to be fetched from the URI
-* @param options.callbacks - The callback context
-* @returns the requestParams, signerJwk, encryptionJwk, and requestObjectJwt
-*/
-async function createJarAuthorizationRequest(options) {
-	const { jwtSigner, jweEncryptor, authorizationRequestPayload, requestUri, callbacks } = options;
-	let authorizationRequestJwt;
-	let encryptionJwk;
-	const now = options.now ?? /* @__PURE__ */ new Date();
-	const { jwt, signerJwk } = await callbacks.signJwt(jwtSigner, {
-		header: {
-			...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(jwtSigner),
-			typ: "oauth-authz-req+jwt"
-		},
-		payload: {
-			iat: (0, __openid4vc_utils.dateToSeconds)(now),
-			exp: (0, __openid4vc_utils.dateToSeconds)((0, __openid4vc_utils.addSecondsToDate)(now, options.expiresInSeconds)),
-			...options.additionalJwtPayload,
-			...authorizationRequestPayload
-		}
-	});
-	authorizationRequestJwt = jwt;
-	if (jweEncryptor) {
-		const encryptionResult = await callbacks.encryptJwe(jweEncryptor, authorizationRequestJwt);
-		authorizationRequestJwt = encryptionResult.jwe;
-		encryptionJwk = encryptionResult.encryptionJwk;
-	}
-	const client_id = authorizationRequestPayload.client_id;
-	return {
-		jarAuthorizationRequest: requestUri ? {
-			client_id,
-			request_uri: requestUri
-		} : {
-			client_id,
-			request: authorizationRequestJwt
-		},
-		signerJwk,
-		encryptionJwk,
-		authorizationRequestJwt
-	};
-}
-//#endregion
 //#region src/authorization-request/validate-authorization-request.ts
 /**
 * Validate the OpenId4Vp Authorization Request parameters
@@ -373,7 +322,7 @@ async function createOpenid4vpAuthorizationRequest(options) {
 			...jar.additionalJwtPayload,
 			aud: jar.requestUri
 		};
-		const jarResult = await createJarAuthorizationRequest({
+		const jarResult = await (0, __openid4vc_oauth2.createJarAuthorizationRequest)({
 			...jar,
 			authorizationRequestPayload,
 			additionalJwtPayload,
@@ -407,24 +356,7 @@ async function createOpenid4vpAuthorizationRequest(options) {
 //#endregion
 //#region src/jar/z-jar-authorization-request.ts
-const zJarAuthorizationRequest = zod.z.object({
-	request: zod.z.optional(zod.z.string()),
-	request_uri: zod.z.optional(__openid4vc_utils.zHttpsUrl),
-	request_uri_method: zod.z.optional(zod.z.string()),
-	client_id: zod.z.optional(zod.z.string())
-}).loose();
-function validateJarRequestParams(options) {
-	const { jarRequestParams } = options;
-	if (jarRequestParams.request && jarRequestParams.request_uri) throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
-		error: "invalid_request_object",
-		error_description: "request and request_uri cannot both be present in a JAR request"
-	});
-	if (!jarRequestParams.request && !jarRequestParams.request_uri) throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
-		error: "invalid_request_object",
-		error_description: "request or request_uri must be present"
-	});
-	return jarRequestParams;
-}
+const zOpenid4vpJarAuthorizationRequest = __openid4vc_oauth2.zJarAuthorizationRequest.extend({ request_uri_method: zod.z.optional(zod.z.string()) });
 function isJarAuthorizationRequest(request) {
 	return "request" in request || "request_uri" in request;
 }
@@ -445,7 +377,7 @@ function parseOpenid4vpAuthorizationRequest(options) {
 	else params = authorizationRequest;
 	const parsedRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zod.default.union([
 		zOpenid4vpAuthorizationRequest,
-		zJarAuthorizationRequest,
+		zOpenid4vpJarAuthorizationRequest,
 		zOpenid4vpAuthorizationRequestDcApi
 	]), params);
 	if (isJarAuthorizationRequest(parsedRequest)) return {
@@ -876,17 +808,8 @@ async function fetchJarRequestObject(options) {
 	return await response.text();
 }
-//#endregion
-//#region src/jar/jar-request-object/z-jar-request-object.ts
-const zJarRequestObjectPayload = zod.z.object({
-	...__openid4vc_oauth2.zJwtPayload.shape,
-	client_id: zod.z.string()
-}).loose();
 //#endregion
 //#region src/jar/handle-jar-request/verify-jar-request.ts
-const zSignedAuthorizationRequestJwtHeaderTyp = zod.default.literal("oauth-authz-req+jwt");
-const signedAuthorizationRequestJwtHeaderTyp = zSignedAuthorizationRequestJwtHeaderTyp.value;
 /**
 * Verifies a JAR (JWT Secured Authorization Request) request by validating, decrypting, and verifying signatures.
 *
@@ -897,7 +820,10 @@ const signedAuthorizationRequestJwtHeaderTyp = zSignedAuthorizationRequestJwtHea
 */
 async function verifyJarRequest(options) {
 	const { callbacks, wallet = {} } = options;
-	const jarRequestParams = validateJarRequestParams(options);
+	const jarRequestParams = {
+		...(0, __openid4vc_oauth2.validateJarRequestParams)(options),
+		...options.jarRequestParams
+	};
 	const sendBy = jarRequestParams.request ? "value" : "reference";
 	const clientIdPrefix = jarRequestParams.client_id ? zClientIdPrefix.safeParse(jarRequestParams.client_id.split(":")[0]).data : "origin";
 	const method = jarRequestParams.request_uri_method ?? "get";
@@ -956,7 +882,7 @@ async function decryptJarRequest(options) {
 	});
 	const decryptionResult = await callbacks.decryptJwe(jwe);
 	if (!decryptionResult.decrypted) throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
-		error: "invalid_request_object",
+		error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidRequestObject,
 		error_description: "Failed to decrypt jar request object."
 	});
 	return decryptionResult;
@@ -965,7 +891,7 @@ async function verifyJarRequestObject(options) {
 	const { decryptedRequestObject, callbacks } = options;
 	const jwt = (0, __openid4vc_oauth2.decodeJwt)({
 		jwt: decryptedRequestObject,
-		payloadSchema: zJarRequestObjectPayload
+		payloadSchema: __openid4vc_oauth2.zJarRequestObjectPayload
 	});
 	let jwtSigner;
 	const { clientIdPrefix } = getOpenid4vpClientId({
@@ -1014,7 +940,7 @@ async function verifyJarRequestObject(options) {
 		signer: jwtSigner
 	});
 	const version = parseAuthorizationRequestVersion(jwt.payload);
-	if (jwt.header.typ !== "oauth-authz-req+jwt" && version >= 24) throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
+	if (jwt.header.typ !== __openid4vc_oauth2.signedAuthorizationRequestJwtHeaderTyp && version >= 24) throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
 		error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidRequestObject,
 		error_description: `Invalid Jar Request Object typ header. Expected "oauth-authz-req+jwt", received "${jwt.header.typ}".`
 	});
@@ -1059,7 +985,7 @@ async function resolveOpenid4vpAuthorizationRequest(options) {
 	const parsed = (0, __openid4vc_utils.parseWithErrorHandling)(zod.default.union([
 		zOpenid4vpAuthorizationRequestDcApi,
 		zOpenid4vpAuthorizationRequest,
-		zJarAuthorizationRequest
+		zOpenid4vpJarAuthorizationRequest
 	]), options.authorizationRequestPayload, "Invalid authorization request. Could not parse openid4vp authorization request as openid4vp or jar auth request.");
 	let jar;
 	if (isJarAuthorizationRequest(parsed)) {