@pagopa/io-react-native-wallet 0.25.0 → 0.26.0
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +0 -32
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js +1 -1
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +19 -57
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/index.js +6 -0
- package/lib/commonjs/credential/issuance/index.js.map +1 -1
- package/lib/commonjs/utils/misc.js +19 -58
- package/lib/commonjs/utils/misc.js.map +1 -1
- package/lib/module/credential/issuance/03-start-user-authorization.js +1 -1
- package/lib/module/credential/issuance/04-complete-user-authorization.js +19 -58
- package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/index.js +2 -2
- package/lib/module/credential/issuance/index.js.map +1 -1
- package/lib/module/utils/misc.js +14 -51
- package/lib/module/utils/misc.js.map +1 -1
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +1 -1
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +16 -15
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/index.d.ts +3 -3
- package/lib/typescript/credential/issuance/index.d.ts.map +1 -1
- package/lib/typescript/utils/misc.d.ts +5 -25
- package/lib/typescript/utils/misc.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/credential/issuance/03-start-user-authorization.ts +1 -1
- package/src/credential/issuance/04-complete-user-authorization.ts +42 -103
- package/src/credential/issuance/index.ts +4 -0
- package/src/utils/misc.ts +16 -63
package/README.md
CHANGED
|
@@ -70,36 +70,6 @@ The
|
|
|
70
70
|
|
|
71
71
|
</details>
|
|
72
72
|
|
|
73
|
-
<details>
|
|
74
|
-
<summary>AuthorizationContext (strong authentication handling)</summary>
|
|
75
|
-
|
|
76
|
-
Whenever a strong authentication is required, the library asks the consumer application to provide a way to perform the user authentication. This is done by providing a AuthenticationContext object formed as follows:
|
|
77
|
-
|
|
78
|
-
```ts
|
|
79
|
-
/**
|
|
80
|
-
* Context for authorization during the {@link 03-start-user-authorization.ts} phase.
|
|
81
|
-
* It consists of a single method to identify the user which takes a URL and a redirect schema as input.
|
|
82
|
-
* Once the authorization is completed and the URL calls the redirect schema, the method should return the redirect URL.
|
|
83
|
-
*/
|
|
84
|
-
export interface AuthorizationContext {
|
|
85
|
-
authorize: (url: string, redirectSchema: string) => Promise<string>;
|
|
86
|
-
}
|
|
87
|
-
```
|
|
88
|
-
|
|
89
|
-
The authorize function is called with the URL to be opened and the schema to be used to redirect the user back to the application. The function should return a promise that resolves with the URL that the user has been redirected to.
|
|
90
|
-
The suggested library to manage authorizations is [io-react-native-login-utils](https://github.com/pagopa/io-react-native-login-utils), an example is shown below:
|
|
91
|
-
|
|
92
|
-
```ts
|
|
93
|
-
import { type AuthorizationContext } from "@pagopa/io-react-native-wallet";
|
|
94
|
-
import { openAuthenticationSession } from "@pagopa/io-react-native-login-utils";
|
|
95
|
-
|
|
96
|
-
const authorizationContext: AuthorizationContext = {
|
|
97
|
-
authorize: openAuthenticationSession,
|
|
98
|
-
};
|
|
99
|
-
```
|
|
100
|
-
|
|
101
|
-
</details>
|
|
102
|
-
|
|
103
73
|
<details>
|
|
104
74
|
<summary>IntegrityToken (device integrity)</summary>
|
|
105
75
|
|
|
@@ -159,7 +129,6 @@ Below there's a list of the libraries and a schema of how they interact with eac
|
|
|
159
129
|
|
|
160
130
|
- [@pagopa/io-react-native-crypto](https://github.com/pagopa/io-react-native-crypto) - Used to manage cryptographic keys and signatures
|
|
161
131
|
- [@pagopa/io-react-native-integrity](https://github.com/pagopa/io-react-native-integrity) - Used to manage and verify the integrity of the device
|
|
162
|
-
- [@pagopa/io-react-native-login-utils](https://github.com/pagopa/io-react-native-login-utils) - Used to manage strong authentication flows securely
|
|
163
132
|
- [@pagopa/io-react-native-secure-storage](https://github.com/pagopa/io-react-native-secure-storage) - Used to store data securely on the device
|
|
164
133
|
|
|
165
134
|
```mermaid
|
|
@@ -168,7 +137,6 @@ graph TD;
|
|
|
168
137
|
iornw[io-react-native-wallet]
|
|
169
138
|
iornc[io-react-native-crypto]
|
|
170
139
|
iorni[io-react-native-integrity]
|
|
171
|
-
iornlu[io-react-native-login-utils]
|
|
172
140
|
iornss[io-react-native-secure-storage]
|
|
173
141
|
iornjwt[io-react-native-jwt]
|
|
174
142
|
rncie[react-native-cie]
|
|
@@ -57,7 +57,7 @@ const selectResponseMode = (issuerConf, credentialType) => {
|
|
|
57
57
|
* the application session identifier on the Wallet Instance side (state),
|
|
58
58
|
* the method (query or form_post.jwt) by which the Authorization Server
|
|
59
59
|
* should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
|
|
60
|
-
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the
|
|
60
|
+
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
|
|
61
61
|
* should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
|
|
62
62
|
* @param issuerConf The issuer configuration
|
|
63
63
|
* @param credentialType The type of the credential to be requested returned by {@link selectCredentialDefinition}
|
|
@@ -3,12 +3,11 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.parseAuthorizationResponse = exports.getRequestedCredentialToBePresented = exports.completeUserAuthorizationWithQueryMode = exports.completeUserAuthorizationWithFormPostJwtMode = void 0;
|
|
6
|
+
exports.parseAuthorizationResponse = exports.getRequestedCredentialToBePresented = exports.completeUserAuthorizationWithQueryMode = exports.completeUserAuthorizationWithFormPostJwtMode = exports.buildAuthorizationUrl = void 0;
|
|
7
7
|
var _auth = require("../../utils/auth");
|
|
8
8
|
var _misc = require("../../utils/misc");
|
|
9
9
|
var _parseUrl = _interopRequireDefault(require("parse-url"));
|
|
10
10
|
var _errors = require("../../utils/errors");
|
|
11
|
-
var _reactNative = require("react-native");
|
|
12
11
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
13
12
|
var _types = require("../presentation/types");
|
|
14
13
|
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
|
@@ -21,25 +20,15 @@ function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { de
|
|
|
21
20
|
*/
|
|
22
21
|
|
|
23
22
|
/**
|
|
24
|
-
* WARNING: This function must be called after {@link startUserAuthorization}. The
|
|
25
|
-
*
|
|
26
|
-
* It is used to complete the user authorization by catching the redirectSchema from the authorization server which then contains the authorization response.
|
|
27
|
-
* This function utilizes the authorization context to open an in-app browser capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
28
|
-
* If the 302 redirect happens and the redirectSchema is caught, the function will return the authorization response after parsing it from the query string.
|
|
23
|
+
* WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
24
|
+
* Builds the authorization URL to which the end user should be redirected to continue the authentication flow.
|
|
29
25
|
* @param issuerRequestUri the URI of the issuer where the request is sent
|
|
30
26
|
* @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
|
|
31
27
|
* @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
|
|
32
|
-
* @param
|
|
33
|
-
*
|
|
34
|
-
* @param idphint Unique identifier of the SPID IDP selected by the user
|
|
35
|
-
* @param redirectUri The url to reach to complete the user authorization which is the custom URL scheme that the Wallet Instance is registered to handle, usually a custom URL or deeplink
|
|
36
|
-
* @param signal An optional {@link AbortSignal} to abort the operation when using the default browser
|
|
37
|
-
* @throws {AuthorizationError} if an error occurs during the authorization process
|
|
38
|
-
* @throws {AuthorizationIdpError} if an error occurs during the authorization process and the error is related to the IDP
|
|
39
|
-
* @throws {OperationAbortedError} if the caller aborts the operation via the provided signal
|
|
40
|
-
* @returns the authorization response which contains code, state and iss
|
|
28
|
+
* @param idpHint Unique identifier of the IDP selected by the user
|
|
29
|
+
* @returns An object containing the authorization URL
|
|
41
30
|
*/
|
|
42
|
-
const
|
|
31
|
+
const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerConf, idpHint) => {
|
|
43
32
|
const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
|
|
44
33
|
const params = new URLSearchParams({
|
|
45
34
|
client_id: clientId,
|
|
@@ -47,47 +36,20 @@ const completeUserAuthorizationWithQueryMode = async (issuerRequestUri, clientId
|
|
|
47
36
|
idphint: idpHint
|
|
48
37
|
});
|
|
49
38
|
const authUrl = `${authzRequestEndpoint}?${params}`;
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
throw new _errors2.AuthorizationError(e.message);
|
|
55
|
-
});
|
|
56
|
-
} else {
|
|
57
|
-
// handler for redirectUri
|
|
58
|
-
const urlEventListener = _reactNative.Linking.addEventListener("url", _ref => {
|
|
59
|
-
let {
|
|
60
|
-
url
|
|
61
|
-
} = _ref;
|
|
62
|
-
if (url.includes(redirectUri)) {
|
|
63
|
-
authRedirectUrl = url;
|
|
64
|
-
}
|
|
65
|
-
});
|
|
66
|
-
const operationIsAborted = signal ? (0, _misc.createAbortPromiseFromSignal)(signal) : undefined;
|
|
67
|
-
await _reactNative.Linking.openURL(authUrl);
|
|
68
|
-
|
|
69
|
-
/*
|
|
70
|
-
* Waits for 120 seconds for the identificationRedirectUrl variable to be set
|
|
71
|
-
* by the custom url handler. If the timeout is exceeded, throw an exception
|
|
72
|
-
*/
|
|
73
|
-
const unitAuthRedirectIsNotUndefined = (0, _misc.until)(() => authRedirectUrl !== undefined, 120);
|
|
39
|
+
return {
|
|
40
|
+
authUrl
|
|
41
|
+
};
|
|
42
|
+
};
|
|
74
43
|
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
if (winner === "OPERATION_ABORTED") {
|
|
85
|
-
throw new _errors2.OperationAbortedError("DefaultQueryModeAuthorization");
|
|
86
|
-
}
|
|
87
|
-
if (authRedirectUrl === undefined) {
|
|
88
|
-
throw new _errors2.AuthorizationError("Invalid authentication redirect url");
|
|
89
|
-
}
|
|
90
|
-
}
|
|
44
|
+
/**
|
|
45
|
+
* WARNING: This function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID.
|
|
46
|
+
* Complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
47
|
+
* This function parses the authorization redirect URL to extract the authorization response.
|
|
48
|
+
* @param authRedirectUrl The URL to which the end user should be redirected to start the authentication flow
|
|
49
|
+
* @returns the authorization response which contains code, state and iss
|
|
50
|
+
*/
|
|
51
|
+
exports.buildAuthorizationUrl = buildAuthorizationUrl;
|
|
52
|
+
const completeUserAuthorizationWithQueryMode = async authRedirectUrl => {
|
|
91
53
|
const query = (0, _parseUrl.default)(authRedirectUrl).query;
|
|
92
54
|
return parseAuthorizationResponse(query);
|
|
93
55
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_auth","require","_misc","_parseUrl","_interopRequireDefault","_errors","
|
|
1
|
+
{"version":3,"names":["_auth","require","_misc","_parseUrl","_interopRequireDefault","_errors","_ioReactNativeJwt","_types","_reactNativeUuid","_types2","_decoder","_errors2","obj","__esModule","default","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","idphint","authUrl","exports","completeUserAuthorizationWithQueryMode","authRedirectUrl","query","parseUrl","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","requestObject","toString","method","then","hasStatusOrThrow","IssuerResponseError","res","text","jws","decode","reqObj","RequestObject","safeParse","payload","success","ValidationFailed","message","reason","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","SignJWT","setProtectedHeader","alg","typ","setPayload","vp","jti","uuid","v4","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","encodeBase64","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","ResponseUriResultShape","redirect_uri","getJwtFromFormPost","cbRes","decodedJwt","authRes","authResParsed","AuthorizationResultShape","authErr","AuthorizationErrorShape","AuthorizationError","AuthorizationIdpError","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,SAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAEA,IAAAK,iBAAA,GAAAL,OAAA;AAMA,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,gBAAA,GAAAJ,sBAAA,CAAAH,OAAA;AACA,IAAAQ,OAAA,GAAAR,OAAA;AACA,IAAAS,QAAA,GAAAT,OAAA;AACA,IAAAU,QAAA,GAAAV,OAAA;AAAqE,SAAAG,uBAAAQ,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAErE;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV,gBAAgB;IAC7BW,OAAO,EAAER;EACX,CAAC,CAAC;EAEF,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAd,qBAAA,GAAAA,qBAAA;AAOO,MAAMe,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzB,MAAMC,KAAK,GAAG,IAAAC,iBAAQ,EAACF,eAAe,CAAC,CAACC,KAAK;EAE7C,OAAOE,0BAA0B,CAACF,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAXAH,OAAA,CAAAC,sCAAA,GAAAA,sCAAA;AAYO,MAAMK,mCAAwE,GACnF,eAAAA,CAAOnB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBkB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D,MAAMpB,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,MAAMyB,aAAa,GAAG,MAAML,QAAQ,CACjC,GAAEhB,oBAAqB,IAAGG,MAAM,CAACmB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAEK,GAAG,IAAK,IAAAC,wBAAM,EAACD,GAAG,CAAC,CAAC,CAC1BL,IAAI,CAAEO,MAAM,IAAKC,oBAAa,CAACC,SAAS,CAACF,MAAM,CAACG,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACb,aAAa,CAACc,OAAO,EAAE;IAC1B,MAAM,IAAIC,wBAAgB,CAAC;MACzBC,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEjB,aAAa,CAACkB,KAAK,CAACF;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOhB,aAAa,CAACmB,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfA/B,OAAA,CAAAM,mCAAA,GAAAA,mCAAA;AAgBO,MAAM0B,4CAA0F,GACrG,MAAAA,CAAOpB,aAAa,EAAEqB,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzB9B,QAAQ,GAAGI;EACb,CAAC,GAAGsB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAIC,yBAAO,CAACL,gBAAgB,CAAC,CACnDM,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,yBAAyB;IAC7BQ,GAAG,EAAEC,wBAAI,CAACC,EAAE,CAAC,CAAC,CAAClC,QAAQ,CAAC,CAAC;IACzBmC,KAAK,EAAEpC,aAAa,CAACoC;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAACvC,aAAa,CAACwC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAIf,yBAAO,CAACJ,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAER,GAAG;IACPS,GAAG,EAAEC,wBAAI,CAACC,EAAE,CAAC,CAAC,CAAClC,QAAQ,CAAC,CAAC;IACzBmC,KAAK,EAAEpC,aAAa,CAACoC;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAACvC,aAAa,CAACwC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAEV,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IAC7BU,EAAE,EAAG,GAAEX,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IAClBW,cAAc,EAAE,CACd;MACED,EAAE,EAAE,0BAA0B;MAC9BE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAG,IAAAC,8BAAY,EACvCC,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAErD,aAAa,CAACqD,KAAK;IAC1BC,uBAAuB,EAAEX,sBAAsB;IAC/CY,QAAQ,EAAE,CAACb,UAAU,EAAEhB,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM8B,IAAI,GAAG,IAAIzE,eAAe,CAAC;IAC/B0E,QAAQ,EAAER;EACZ,CAAC,CAAC,CAAChD,QAAQ,CAAC,CAAC;EACb,MAAMyD,SAAS,GAAG,MAAM/D,QAAQ,CAACK,aAAa,CAACwC,YAAY,EAAE;IAC3DtC,MAAM,EAAE,MAAM;IACdyD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACCrD,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEyD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGC,8BAAsB,CAACnD,SAAS,CAAC8C,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAChD,OAAO,EAAE;IACxB,MAAM,IAAIC,wBAAgB,CAAC;MACzBC,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAE6C,WAAW,CAAC5C,KAAK,CAACF;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMrB,QAAQ,CAACmE,WAAW,CAAC3C,IAAI,CAAC6C,YAAY,CAAC,CACjD7D,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAC8D,2BAAkB,CAAC,CACxB9D,IAAI,CAAE+D,KAAK,IAAKzE,0BAA0B,CAACyE,KAAK,CAACC,UAAU,CAACtD,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANAzB,OAAA,CAAAgC,4CAAA,GAAAA,4CAAA;AAOO,MAAM3B,0BAA0B,GACrC2E,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGC,8BAAwB,CAAC1D,SAAS,CAACwD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACvD,OAAO,EAAE;IAC1B,MAAMyD,OAAO,GAAGC,6BAAuB,CAAC5D,SAAS,CAACwD,OAAO,CAAC;IAC1D,IAAI,CAACG,OAAO,CAACzD,OAAO,EAAE;MACpB,MAAM,IAAI2D,2BAAkB,CAACJ,aAAa,CAACnD,KAAK,CAACF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAI0D,8BAAqB,CAC7BH,OAAO,CAACpD,IAAI,CAACD,KAAK,EAClBqD,OAAO,CAACpD,IAAI,CAACwD,iBACf,CAAC;EACH;EACA,OAAON,aAAa,CAAClD,IAAI;AAC3B,CAAC;AAAC/B,OAAA,CAAAK,0BAAA,GAAAA,0BAAA"}
|
|
@@ -10,6 +10,12 @@ Object.defineProperty(exports, "authorizeAccess", {
|
|
|
10
10
|
return _authorizeAccess.authorizeAccess;
|
|
11
11
|
}
|
|
12
12
|
});
|
|
13
|
+
Object.defineProperty(exports, "buildAuthorizationUrl", {
|
|
14
|
+
enumerable: true,
|
|
15
|
+
get: function () {
|
|
16
|
+
return _completeUserAuthorization.buildAuthorizationUrl;
|
|
17
|
+
}
|
|
18
|
+
});
|
|
13
19
|
Object.defineProperty(exports, "completeUserAuthorizationWithFormPostJwtMode", {
|
|
14
20
|
enumerable: true,
|
|
15
21
|
get: function () {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_completeUserAuthorization","_authorizeAccess","_obtainCredential","_verifyAndParseCredential","Errors","_interopRequireWildcard","exports","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"
|
|
1
|
+
{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_completeUserAuthorization","_authorizeAccess","_obtainCredential","_verifyAndParseCredential","Errors","_interopRequireWildcard","exports","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,oBAAA,GAAAC,OAAA;AAIA,IAAAC,uBAAA,GAAAD,OAAA;AAIA,IAAAE,0BAAA,GAAAF,OAAA;AAWA,IAAAG,gBAAA,GAAAH,OAAA;AACA,IAAAI,iBAAA,GAAAJ,OAAA;AAIA,IAAAK,yBAAA,GAAAL,OAAA;AAIA,IAAAM,MAAA,GAAAC,uBAAA,CAAAP,OAAA;AAAmCQ,OAAA,CAAAF,MAAA,GAAAA,MAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.
|
|
6
|
+
exports.safeJsonParse = exports.parseRawHttpResponse = exports.hasStatusOrThrow = exports.getCredentialHashWithouDiscloures = exports.generateRandomAlphaNumericString = void 0;
|
|
7
7
|
var _errors = require("./errors");
|
|
8
8
|
var _jsSha = require("js-sha256");
|
|
9
9
|
/**
|
|
@@ -26,9 +26,18 @@ const hasStatusOrThrow = (status, customError) => async res => {
|
|
|
26
26
|
return res;
|
|
27
27
|
};
|
|
28
28
|
|
|
29
|
+
/**
|
|
30
|
+
* Utility function to parse a raw HTTP response as JSON if supported, otherwise as text.
|
|
31
|
+
*/
|
|
32
|
+
exports.hasStatusOrThrow = hasStatusOrThrow;
|
|
33
|
+
const parseRawHttpResponse = response => {
|
|
34
|
+
var _response$headers$get;
|
|
35
|
+
return (_response$headers$get = response.headers.get("content-type")) !== null && _response$headers$get !== void 0 && _response$headers$get.includes("application/json") ? response.json() : response.text();
|
|
36
|
+
};
|
|
37
|
+
|
|
29
38
|
// extract a type from an async function output
|
|
30
39
|
// helpful to bind the input of a function to the output of another
|
|
31
|
-
exports.
|
|
40
|
+
exports.parseRawHttpResponse = parseRawHttpResponse;
|
|
32
41
|
/**
|
|
33
42
|
* TODO [SIW-1310]: replace this function with a cryptographically secure one.
|
|
34
43
|
* @param size - The size of the string to generate
|
|
@@ -36,39 +45,13 @@ exports.hasStatusOrThrow = hasStatusOrThrow;
|
|
|
36
45
|
*/
|
|
37
46
|
const generateRandomAlphaNumericString = size => Array.from(Array(size), () => Math.floor(Math.random() * 36).toString(36)).join("");
|
|
38
47
|
|
|
39
|
-
/**
|
|
40
|
-
* Repeatedly checks a condition function until it returns true,
|
|
41
|
-
* then resolves the returned promise. If the condition function does not return true
|
|
42
|
-
* within the specified timeout, the promise is rejected.
|
|
43
|
-
*
|
|
44
|
-
* @param conditionFunction - A function that returns a boolean value.
|
|
45
|
-
* The promise resolves when this function returns true.
|
|
46
|
-
* @param timeout - An optional timeout in seconds. The promise is rejected if the
|
|
47
|
-
* condition function does not return true within this time.
|
|
48
|
-
* @returns A promise that resolves once the conditionFunction returns true or rejects if timed out.
|
|
49
|
-
*/
|
|
50
|
-
exports.generateRandomAlphaNumericString = generateRandomAlphaNumericString;
|
|
51
|
-
const until = (conditionFunction, timeoutSeconds) => new Promise((resolve, reject) => {
|
|
52
|
-
const start = Date.now();
|
|
53
|
-
const poll = () => {
|
|
54
|
-
if (conditionFunction()) {
|
|
55
|
-
resolve();
|
|
56
|
-
} else if (timeoutSeconds !== undefined && Date.now() - start >= timeoutSeconds * 1000) {
|
|
57
|
-
reject(new Error("Timeout exceeded"));
|
|
58
|
-
} else {
|
|
59
|
-
setTimeout(poll, 400);
|
|
60
|
-
}
|
|
61
|
-
};
|
|
62
|
-
poll();
|
|
63
|
-
});
|
|
64
|
-
|
|
65
48
|
/**
|
|
66
49
|
* Get the hash of a credential without discloures.
|
|
67
50
|
* A credential is a string like `header.body.sign~sd1~sd2....` where `~` is the separator between the credential and the discloures.
|
|
68
51
|
* @param credential - The credential to hash
|
|
69
52
|
* @returns The hash of the credential without discloures
|
|
70
53
|
*/
|
|
71
|
-
exports.
|
|
54
|
+
exports.generateRandomAlphaNumericString = generateRandomAlphaNumericString;
|
|
72
55
|
const getCredentialHashWithouDiscloures = async credential => {
|
|
73
56
|
const tildeIndex = credential.indexOf("~");
|
|
74
57
|
if (tildeIndex === -1) {
|
|
@@ -76,35 +59,13 @@ const getCredentialHashWithouDiscloures = async credential => {
|
|
|
76
59
|
}
|
|
77
60
|
return (0, _jsSha.sha256)(credential.slice(0, tildeIndex));
|
|
78
61
|
};
|
|
79
|
-
|
|
80
|
-
/**
|
|
81
|
-
* Creates a promise that waits until the provided signal is aborted.
|
|
82
|
-
* @returns {Object} An object with `listen` and `remove` methods to handle subscribing and unsubscribing.
|
|
83
|
-
*/
|
|
84
62
|
exports.getCredentialHashWithouDiscloures = getCredentialHashWithouDiscloures;
|
|
85
|
-
const
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
}
|
|
92
|
-
listener = () => resolve("OPERATION_ABORTED");
|
|
93
|
-
signal.addEventListener("abort", listener);
|
|
94
|
-
}),
|
|
95
|
-
remove: () => signal.removeEventListener("abort", listener)
|
|
96
|
-
};
|
|
97
|
-
};
|
|
98
|
-
exports.createAbortPromiseFromSignal = createAbortPromiseFromSignal;
|
|
99
|
-
const isDefined = x => Boolean(x);
|
|
100
|
-
|
|
101
|
-
/**
|
|
102
|
-
* Utility function to parse a raw HTTP response as JSON if supported, otherwise as text.
|
|
103
|
-
*/
|
|
104
|
-
exports.isDefined = isDefined;
|
|
105
|
-
const parseRawHttpResponse = response => {
|
|
106
|
-
var _response$headers$get;
|
|
107
|
-
return (_response$headers$get = response.headers.get("content-type")) !== null && _response$headers$get !== void 0 && _response$headers$get.includes("application/json") ? response.json() : response.text();
|
|
63
|
+
const safeJsonParse = (text, withDefault) => {
|
|
64
|
+
try {
|
|
65
|
+
return JSON.parse(text);
|
|
66
|
+
} catch (_) {
|
|
67
|
+
return withDefault ?? null;
|
|
68
|
+
}
|
|
108
69
|
};
|
|
109
|
-
exports.
|
|
70
|
+
exports.safeJsonParse = safeJsonParse;
|
|
110
71
|
//# sourceMappingURL=misc.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_errors","require","_jsSha","hasStatusOrThrow","status","customError","res","ErrorClass","UnexpectedStatusCodeError","message","url","statusCode","reason","parseRawHttpResponse","exports","
|
|
1
|
+
{"version":3,"names":["_errors","require","_jsSha","hasStatusOrThrow","status","customError","res","ErrorClass","UnexpectedStatusCodeError","message","url","statusCode","reason","parseRawHttpResponse","exports","response","_response$headers$get","headers","get","includes","json","text","generateRandomAlphaNumericString","size","Array","from","Math","floor","random","toString","join","getCredentialHashWithouDiscloures","credential","tildeIndex","indexOf","IoWalletError","sha256","slice","safeJsonParse","withDefault","JSON","parse","_"],"sourceRoot":"../../../src","sources":["utils/misc.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,gBAAgB,GAC3BA,CAACC,MAAc,EAAEC,WAA8C,KAC/D,MAAOC,GAAa,IAAwB;EAC1C,IAAIA,GAAG,CAACF,MAAM,KAAKA,MAAM,EAAE;IACzB,MAAMG,UAAU,GAAGF,WAAW,IAAIG,iCAAyB;IAC3D,MAAM,IAAID,UAAU,CAAC;MACnBE,OAAO,EAAG,iCAAgCL,MAAO,SAAQE,GAAG,CAACF,MAAO,UAASE,GAAG,CAACI,GAAI,EAAC;MACtFC,UAAU,EAAEL,GAAG,CAACF,MAAM;MACtBQ,MAAM,EAAE,MAAMC,oBAAoB,CAACP,GAAG,CAAC,CAAE;IAC3C,CAAC,CAAC;EACJ;;EACA,OAAOA,GAAG;AACZ,CAAC;;AAEH;AACA;AACA;AAFAQ,OAAA,CAAAX,gBAAA,GAAAA,gBAAA;AAGO,MAAMU,oBAAoB,GAC/BE,QAAkB;EAAA,IAAAC,qBAAA;EAAA,OAElB,CAAAA,qBAAA,GAAAD,QAAQ,CAACE,OAAO,CAACC,GAAG,CAAC,cAAc,CAAC,cAAAF,qBAAA,eAApCA,qBAAA,CAAsCG,QAAQ,CAAC,kBAAkB,CAAC,GAC7DJ,QAAQ,CAACK,IAAI,CAAC,CAAC,GAChBL,QAAQ,CAACM,IAAI,CAAC,CAAC;AAAA;;AAErB;AACA;AAAAP,OAAA,CAAAD,oBAAA,GAAAA,oBAAA;AAOA;AACA;AACA;AACA;AACA;AACO,MAAMS,gCAAgC,GAAIC,IAAY,IAC3DC,KAAK,CAACC,IAAI,CAACD,KAAK,CAACD,IAAI,CAAC,EAAE,MACtBG,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,CAACC,QAAQ,CAAC,EAAE,CAC5C,CAAC,CAACC,IAAI,CAAC,EAAE,CAAC;;AAEZ;AACA;AACA;AACA;AACA;AACA;AALAhB,OAAA,CAAAQ,gCAAA,GAAAA,gCAAA;AAMO,MAAMS,iCAAiC,GAAG,MAC/CC,UAAkB,IACE;EACpB,MAAMC,UAAU,GAAGD,UAAU,CAACE,OAAO,CAAC,GAAG,CAAC;EAC1C,IAAID,UAAU,KAAK,CAAC,CAAC,EAAE;IACrB,MAAM,IAAIE,qBAAa,CAAC,2BAA2B,CAAC;EACtD;EACA,OAAO,IAAAC,aAAM,EAACJ,UAAU,CAACK,KAAK,CAAC,CAAC,EAAEJ,UAAU,CAAC,CAAC;AAChD,CAAC;AAACnB,OAAA,CAAAiB,iCAAA,GAAAA,iCAAA;AAEK,MAAMO,aAAa,GAAGA,CAAIjB,IAAY,EAAEkB,WAAe,KAAe;EAC3E,IAAI;IACF,OAAOC,IAAI,CAACC,KAAK,CAACpB,IAAI,CAAC;EACzB,CAAC,CAAC,OAAOqB,CAAC,EAAE;IACV,OAAOH,WAAW,IAAI,IAAI;EAC5B;AACF,CAAC;AAACzB,OAAA,CAAAwB,aAAA,GAAAA,aAAA"}
|
|
@@ -51,7 +51,7 @@ const selectResponseMode = (issuerConf, credentialType) => {
|
|
|
51
51
|
* the application session identifier on the Wallet Instance side (state),
|
|
52
52
|
* the method (query or form_post.jwt) by which the Authorization Server
|
|
53
53
|
* should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
|
|
54
|
-
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the
|
|
54
|
+
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
|
|
55
55
|
* should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
|
|
56
56
|
* @param issuerConf The issuer configuration
|
|
57
57
|
* @param credentialType The type of the credential to be requested returned by {@link selectCredentialDefinition}
|
|
@@ -1,39 +1,28 @@
|
|
|
1
1
|
import { AuthorizationErrorShape, AuthorizationResultShape } from "../../utils/auth";
|
|
2
|
-
import {
|
|
2
|
+
import { hasStatusOrThrow } from "../../utils/misc";
|
|
3
3
|
import parseUrl from "parse-url";
|
|
4
4
|
import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
|
|
5
|
-
import { Linking } from "react-native";
|
|
6
5
|
import { decode, encodeBase64, SignJWT } from "@pagopa/io-react-native-jwt";
|
|
7
6
|
import { RequestObject } from "../presentation/types";
|
|
8
7
|
import uuid from "react-native-uuid";
|
|
9
8
|
import { ResponseUriResultShape } from "./types";
|
|
10
9
|
import { getJwtFromFormPost } from "../../utils/decoder";
|
|
11
|
-
import { AuthorizationError, AuthorizationIdpError
|
|
10
|
+
import { AuthorizationError, AuthorizationIdpError } from "./errors";
|
|
12
11
|
|
|
13
12
|
/**
|
|
14
13
|
* The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
15
14
|
*/
|
|
16
15
|
|
|
17
16
|
/**
|
|
18
|
-
* WARNING: This function must be called after {@link startUserAuthorization}. The
|
|
19
|
-
*
|
|
20
|
-
* It is used to complete the user authorization by catching the redirectSchema from the authorization server which then contains the authorization response.
|
|
21
|
-
* This function utilizes the authorization context to open an in-app browser capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
22
|
-
* If the 302 redirect happens and the redirectSchema is caught, the function will return the authorization response after parsing it from the query string.
|
|
17
|
+
* WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
18
|
+
* Builds the authorization URL to which the end user should be redirected to continue the authentication flow.
|
|
23
19
|
* @param issuerRequestUri the URI of the issuer where the request is sent
|
|
24
20
|
* @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
|
|
25
21
|
* @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
|
|
26
|
-
* @param
|
|
27
|
-
*
|
|
28
|
-
* @param idphint Unique identifier of the SPID IDP selected by the user
|
|
29
|
-
* @param redirectUri The url to reach to complete the user authorization which is the custom URL scheme that the Wallet Instance is registered to handle, usually a custom URL or deeplink
|
|
30
|
-
* @param signal An optional {@link AbortSignal} to abort the operation when using the default browser
|
|
31
|
-
* @throws {AuthorizationError} if an error occurs during the authorization process
|
|
32
|
-
* @throws {AuthorizationIdpError} if an error occurs during the authorization process and the error is related to the IDP
|
|
33
|
-
* @throws {OperationAbortedError} if the caller aborts the operation via the provided signal
|
|
34
|
-
* @returns the authorization response which contains code, state and iss
|
|
22
|
+
* @param idpHint Unique identifier of the IDP selected by the user
|
|
23
|
+
* @returns An object containing the authorization URL
|
|
35
24
|
*/
|
|
36
|
-
export const
|
|
25
|
+
export const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerConf, idpHint) => {
|
|
37
26
|
const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
|
|
38
27
|
const params = new URLSearchParams({
|
|
39
28
|
client_id: clientId,
|
|
@@ -41,47 +30,19 @@ export const completeUserAuthorizationWithQueryMode = async (issuerRequestUri, c
|
|
|
41
30
|
idphint: idpHint
|
|
42
31
|
});
|
|
43
32
|
const authUrl = `${authzRequestEndpoint}?${params}`;
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
throw new AuthorizationError(e.message);
|
|
49
|
-
});
|
|
50
|
-
} else {
|
|
51
|
-
// handler for redirectUri
|
|
52
|
-
const urlEventListener = Linking.addEventListener("url", _ref => {
|
|
53
|
-
let {
|
|
54
|
-
url
|
|
55
|
-
} = _ref;
|
|
56
|
-
if (url.includes(redirectUri)) {
|
|
57
|
-
authRedirectUrl = url;
|
|
58
|
-
}
|
|
59
|
-
});
|
|
60
|
-
const operationIsAborted = signal ? createAbortPromiseFromSignal(signal) : undefined;
|
|
61
|
-
await Linking.openURL(authUrl);
|
|
62
|
-
|
|
63
|
-
/*
|
|
64
|
-
* Waits for 120 seconds for the identificationRedirectUrl variable to be set
|
|
65
|
-
* by the custom url handler. If the timeout is exceeded, throw an exception
|
|
66
|
-
*/
|
|
67
|
-
const unitAuthRedirectIsNotUndefined = until(() => authRedirectUrl !== undefined, 120);
|
|
33
|
+
return {
|
|
34
|
+
authUrl
|
|
35
|
+
};
|
|
36
|
+
};
|
|
68
37
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
});
|
|
78
|
-
if (winner === "OPERATION_ABORTED") {
|
|
79
|
-
throw new OperationAbortedError("DefaultQueryModeAuthorization");
|
|
80
|
-
}
|
|
81
|
-
if (authRedirectUrl === undefined) {
|
|
82
|
-
throw new AuthorizationError("Invalid authentication redirect url");
|
|
83
|
-
}
|
|
84
|
-
}
|
|
38
|
+
/**
|
|
39
|
+
* WARNING: This function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID.
|
|
40
|
+
* Complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
41
|
+
* This function parses the authorization redirect URL to extract the authorization response.
|
|
42
|
+
* @param authRedirectUrl The URL to which the end user should be redirected to start the authentication flow
|
|
43
|
+
* @returns the authorization response which contains code, state and iss
|
|
44
|
+
*/
|
|
45
|
+
export const completeUserAuthorizationWithQueryMode = async authRedirectUrl => {
|
|
85
46
|
const query = parseUrl(authRedirectUrl).query;
|
|
86
47
|
return parseAuthorizationResponse(query);
|
|
87
48
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","
|
|
1
|
+
{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","encodeBase64","SignJWT","RequestObject","uuid","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","idphint","authUrl","completeUserAuthorizationWithQueryMode","authRedirectUrl","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","requestObject","toString","method","then","res","text","jws","reqObj","safeParse","payload","success","message","reason","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","setProtectedHeader","alg","typ","setPayload","vp","jti","v4","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","authResParsed","authErr","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,YAAY,EACZC,OAAO,QAEF,6BAA6B;AACpC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;;AAEpE;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV,gBAAgB;IAC7BW,OAAO,EAAER;EACX,CAAC,CAAC;EAEF,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzB,MAAMC,KAAK,GAAG5B,QAAQ,CAAC2B,eAAe,CAAC,CAACC,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,mCAAwE,GACnF,eAAAA,CAAOjB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBgB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D,MAAMlB,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,MAAMuB,aAAa,GAAG,MAAML,QAAQ,CACjC,GAAEd,oBAAqB,IAAGG,MAAM,CAACiB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACxC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDsC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKvC,MAAM,CAACuC,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKrC,aAAa,CAACsC,SAAS,CAACD,MAAM,CAACE,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACT,aAAa,CAACU,OAAO,EAAE;IAC1B,MAAM,IAAI5C,gBAAgB,CAAC;MACzB6C,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEZ,aAAa,CAACa,KAAK,CAACF;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOX,aAAa,CAACc,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,4CAA0F,GACrG,MAAAA,CAAOf,aAAa,EAAEgB,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzBzB,QAAQ,GAAGI;EACb,CAAC,GAAGiB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAIpD,OAAO,CAACgD,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEN,yBAAyB;IAC7BO,GAAG,EAAExD,IAAI,CAACyD,EAAE,CAAC,CAAC,CAAC3B,QAAQ,CAAC,CAAC;IACzB4B,KAAK,EAAE7B,aAAa,CAAC6B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAChC,aAAa,CAACiC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAIlE,OAAO,CAACiD,gBAAgB,CAAC,CACnDI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,GAAG;IACPQ,GAAG,EAAExD,IAAI,CAACyD,EAAE,CAAC,CAAC,CAAC3B,QAAQ,CAAC,CAAC;IACzB4B,KAAK,EAAE7B,aAAa,CAAC6B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAChC,aAAa,CAACiC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAElE,IAAI,CAACyD,EAAE,CAAC,CAAE,EAAC;IAC7BU,EAAE,EAAG,GAAEnE,IAAI,CAACyD,EAAE,CAAC,CAAE,EAAC;IAClBW,cAAc,EAAE,CACd;MACED,EAAE,EAAE,0BAA0B;MAC9BE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAG1E,YAAY,CACvC2E,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAE7C,aAAa,CAAC6C,KAAK;IAC1BC,uBAAuB,EAAEV,sBAAsB;IAC/CW,QAAQ,EAAE,CAACZ,UAAU,EAAEd,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM2B,IAAI,GAAG,IAAI/D,eAAe,CAAC;IAC/BgE,QAAQ,EAAEP;EACZ,CAAC,CAAC,CAACzC,QAAQ,CAAC,CAAC;EACb,MAAMiD,SAAS,GAAG,MAAMvD,QAAQ,CAACK,aAAa,CAACiC,YAAY,EAAE;IAC3D/B,MAAM,EAAE,MAAM;IACdiD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC7C,IAAI,CAACxC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDsC,IAAI,CAAEiD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGlF,sBAAsB,CAACoC,SAAS,CAAC0C,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC5C,OAAO,EAAE;IACxB,MAAM,IAAI5C,gBAAgB,CAAC;MACzB6C,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAE0C,WAAW,CAACzC,KAAK,CAACF;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMhB,QAAQ,CAAC2D,WAAW,CAACxC,IAAI,CAACyC,YAAY,CAAC,CACjDpD,IAAI,CAACxC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDsC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC9B,kBAAkB,CAAC,CACxB8B,IAAI,CAAEqD,KAAK,IAAK/D,0BAA0B,CAAC+D,KAAK,CAACC,UAAU,CAAChD,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMhB,0BAA0B,GACrCiE,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGjG,wBAAwB,CAAC8C,SAAS,CAACkD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACjD,OAAO,EAAE;IAC1B,MAAMkD,OAAO,GAAGnG,uBAAuB,CAAC+C,SAAS,CAACkD,OAAO,CAAC;IAC1D,IAAI,CAACE,OAAO,CAAClD,OAAO,EAAE;MACpB,MAAM,IAAIpC,kBAAkB,CAACqF,aAAa,CAAC9C,KAAK,CAACF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAIpC,qBAAqB,CAC7BqF,OAAO,CAAC9C,IAAI,CAACD,KAAK,EAClB+C,OAAO,CAAC9C,IAAI,CAAC+C,iBACf,CAAC;EACH;EACA,OAAOF,aAAa,CAAC7C,IAAI;AAC3B,CAAC"}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import { evaluateIssuerTrust } from "./02-evaluate-issuer-trust";
|
|
2
2
|
import { startUserAuthorization } from "./03-start-user-authorization";
|
|
3
|
-
import { completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthorizationResponse, getRequestedCredentialToBePresented } from "./04-complete-user-authorization";
|
|
3
|
+
import { completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthorizationResponse, buildAuthorizationUrl, getRequestedCredentialToBePresented } from "./04-complete-user-authorization";
|
|
4
4
|
import { authorizeAccess } from "./05-authorize-access";
|
|
5
5
|
import { obtainCredential } from "./06-obtain-credential";
|
|
6
6
|
import { verifyAndParseCredential } from "./07-verify-and-parse-credential";
|
|
7
7
|
import * as Errors from "./errors";
|
|
8
|
-
export { evaluateIssuerTrust, startUserAuthorization, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors };
|
|
8
|
+
export { evaluateIssuerTrust, startUserAuthorization, buildAuthorizationUrl, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors };
|
|
9
9
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","parseAuthorizationResponse","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","verifyAndParseCredential","Errors"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,EACtCC,4CAA4C,EAC5CC,0BAA0B,
|
|
1
|
+
{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","parseAuthorizationResponse","buildAuthorizationUrl","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","verifyAndParseCredential","Errors"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,EACtCC,4CAA4C,EAC5CC,0BAA0B,EAC1BC,qBAAqB,EAKrBC,mCAAmC,QAC9B,kCAAkC;AACzC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACEV,mBAAmB,EACnBC,sBAAsB,EACtBI,qBAAqB,EACrBH,sCAAsC,EACtCI,mCAAmC,EACnCH,4CAA4C,EAC5CI,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB,EACxBL,0BAA0B,EAC1BM,MAAM"}
|
package/lib/module/utils/misc.js
CHANGED
|
@@ -21,6 +21,14 @@ export const hasStatusOrThrow = (status, customError) => async res => {
|
|
|
21
21
|
return res;
|
|
22
22
|
};
|
|
23
23
|
|
|
24
|
+
/**
|
|
25
|
+
* Utility function to parse a raw HTTP response as JSON if supported, otherwise as text.
|
|
26
|
+
*/
|
|
27
|
+
export const parseRawHttpResponse = response => {
|
|
28
|
+
var _response$headers$get;
|
|
29
|
+
return (_response$headers$get = response.headers.get("content-type")) !== null && _response$headers$get !== void 0 && _response$headers$get.includes("application/json") ? response.json() : response.text();
|
|
30
|
+
};
|
|
31
|
+
|
|
24
32
|
// extract a type from an async function output
|
|
25
33
|
// helpful to bind the input of a function to the output of another
|
|
26
34
|
/**
|
|
@@ -30,31 +38,6 @@ export const hasStatusOrThrow = (status, customError) => async res => {
|
|
|
30
38
|
*/
|
|
31
39
|
export const generateRandomAlphaNumericString = size => Array.from(Array(size), () => Math.floor(Math.random() * 36).toString(36)).join("");
|
|
32
40
|
|
|
33
|
-
/**
|
|
34
|
-
* Repeatedly checks a condition function until it returns true,
|
|
35
|
-
* then resolves the returned promise. If the condition function does not return true
|
|
36
|
-
* within the specified timeout, the promise is rejected.
|
|
37
|
-
*
|
|
38
|
-
* @param conditionFunction - A function that returns a boolean value.
|
|
39
|
-
* The promise resolves when this function returns true.
|
|
40
|
-
* @param timeout - An optional timeout in seconds. The promise is rejected if the
|
|
41
|
-
* condition function does not return true within this time.
|
|
42
|
-
* @returns A promise that resolves once the conditionFunction returns true or rejects if timed out.
|
|
43
|
-
*/
|
|
44
|
-
export const until = (conditionFunction, timeoutSeconds) => new Promise((resolve, reject) => {
|
|
45
|
-
const start = Date.now();
|
|
46
|
-
const poll = () => {
|
|
47
|
-
if (conditionFunction()) {
|
|
48
|
-
resolve();
|
|
49
|
-
} else if (timeoutSeconds !== undefined && Date.now() - start >= timeoutSeconds * 1000) {
|
|
50
|
-
reject(new Error("Timeout exceeded"));
|
|
51
|
-
} else {
|
|
52
|
-
setTimeout(poll, 400);
|
|
53
|
-
}
|
|
54
|
-
};
|
|
55
|
-
poll();
|
|
56
|
-
});
|
|
57
|
-
|
|
58
41
|
/**
|
|
59
42
|
* Get the hash of a credential without discloures.
|
|
60
43
|
* A credential is a string like `header.body.sign~sd1~sd2....` where `~` is the separator between the credential and the discloures.
|
|
@@ -68,31 +51,11 @@ export const getCredentialHashWithouDiscloures = async credential => {
|
|
|
68
51
|
}
|
|
69
52
|
return sha256(credential.slice(0, tildeIndex));
|
|
70
53
|
};
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
let listener;
|
|
78
|
-
return {
|
|
79
|
-
listen: () => new Promise(resolve => {
|
|
80
|
-
if (signal.aborted) {
|
|
81
|
-
return resolve("OPERATION_ABORTED");
|
|
82
|
-
}
|
|
83
|
-
listener = () => resolve("OPERATION_ABORTED");
|
|
84
|
-
signal.addEventListener("abort", listener);
|
|
85
|
-
}),
|
|
86
|
-
remove: () => signal.removeEventListener("abort", listener)
|
|
87
|
-
};
|
|
88
|
-
};
|
|
89
|
-
export const isDefined = x => Boolean(x);
|
|
90
|
-
|
|
91
|
-
/**
|
|
92
|
-
* Utility function to parse a raw HTTP response as JSON if supported, otherwise as text.
|
|
93
|
-
*/
|
|
94
|
-
export const parseRawHttpResponse = response => {
|
|
95
|
-
var _response$headers$get;
|
|
96
|
-
return (_response$headers$get = response.headers.get("content-type")) !== null && _response$headers$get !== void 0 && _response$headers$get.includes("application/json") ? response.json() : response.text();
|
|
54
|
+
export const safeJsonParse = (text, withDefault) => {
|
|
55
|
+
try {
|
|
56
|
+
return JSON.parse(text);
|
|
57
|
+
} catch (_) {
|
|
58
|
+
return withDefault ?? null;
|
|
59
|
+
}
|
|
97
60
|
};
|
|
98
61
|
//# sourceMappingURL=misc.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["IoWalletError","UnexpectedStatusCodeError","sha256","hasStatusOrThrow","status","customError","res","ErrorClass","message","url","statusCode","reason","parseRawHttpResponse","
|
|
1
|
+
{"version":3,"names":["IoWalletError","UnexpectedStatusCodeError","sha256","hasStatusOrThrow","status","customError","res","ErrorClass","message","url","statusCode","reason","parseRawHttpResponse","response","_response$headers$get","headers","get","includes","json","text","generateRandomAlphaNumericString","size","Array","from","Math","floor","random","toString","join","getCredentialHashWithouDiscloures","credential","tildeIndex","indexOf","slice","safeJsonParse","withDefault","JSON","parse","_"],"sourceRoot":"../../../src","sources":["utils/misc.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,yBAAyB,QAAQ,UAAU;AACnE,SAASC,MAAM,QAAQ,WAAW;;AAElC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAgB,GAC3BA,CAACC,MAAc,EAAEC,WAA8C,KAC/D,MAAOC,GAAa,IAAwB;EAC1C,IAAIA,GAAG,CAACF,MAAM,KAAKA,MAAM,EAAE;IACzB,MAAMG,UAAU,GAAGF,WAAW,IAAIJ,yBAAyB;IAC3D,MAAM,IAAIM,UAAU,CAAC;MACnBC,OAAO,EAAG,iCAAgCJ,MAAO,SAAQE,GAAG,CAACF,MAAO,UAASE,GAAG,CAACG,GAAI,EAAC;MACtFC,UAAU,EAAEJ,GAAG,CAACF,MAAM;MACtBO,MAAM,EAAE,MAAMC,oBAAoB,CAACN,GAAG,CAAC,CAAE;IAC3C,CAAC,CAAC;EACJ;;EACA,OAAOA,GAAG;AACZ,CAAC;;AAEH;AACA;AACA;AACA,OAAO,MAAMM,oBAAoB,GAC/BC,QAAkB;EAAA,IAAAC,qBAAA;EAAA,OAElB,CAAAA,qBAAA,GAAAD,QAAQ,CAACE,OAAO,CAACC,GAAG,CAAC,cAAc,CAAC,cAAAF,qBAAA,eAApCA,qBAAA,CAAsCG,QAAQ,CAAC,kBAAkB,CAAC,GAC7DJ,QAAQ,CAACK,IAAI,CAAC,CAAC,GAChBL,QAAQ,CAACM,IAAI,CAAC,CAAC;AAAA;;AAErB;AACA;AAOA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gCAAgC,GAAIC,IAAY,IAC3DC,KAAK,CAACC,IAAI,CAACD,KAAK,CAACD,IAAI,CAAC,EAAE,MACtBG,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,CAACC,QAAQ,CAAC,EAAE,CAC5C,CAAC,CAACC,IAAI,CAAC,EAAE,CAAC;;AAEZ;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,iCAAiC,GAAG,MAC/CC,UAAkB,IACE;EACpB,MAAMC,UAAU,GAAGD,UAAU,CAACE,OAAO,CAAC,GAAG,CAAC;EAC1C,IAAID,UAAU,KAAK,CAAC,CAAC,EAAE;IACrB,MAAM,IAAI/B,aAAa,CAAC,2BAA2B,CAAC;EACtD;EACA,OAAOE,MAAM,CAAC4B,UAAU,CAACG,KAAK,CAAC,CAAC,EAAEF,UAAU,CAAC,CAAC;AAChD,CAAC;AAED,OAAO,MAAMG,aAAa,GAAGA,CAAIf,IAAY,EAAEgB,WAAe,KAAe;EAC3E,IAAI;IACF,OAAOC,IAAI,CAACC,KAAK,CAAClB,IAAI,CAAC;EACzB,CAAC,CAAC,OAAOmB,CAAC,EAAE;IACV,OAAOH,WAAW,IAAI,IAAI;EAC5B;AACF,CAAC"}
|
|
@@ -25,7 +25,7 @@ export type StartUserAuthorization = (issuerConf: Out<EvaluateIssuerTrust>["issu
|
|
|
25
25
|
* the application session identifier on the Wallet Instance side (state),
|
|
26
26
|
* the method (query or form_post.jwt) by which the Authorization Server
|
|
27
27
|
* should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
|
|
28
|
-
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the
|
|
28
|
+
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
|
|
29
29
|
* should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
|
|
30
30
|
* @param issuerConf The issuer configuration
|
|
31
31
|
* @param credentialType The type of the credential to be requested returned by {@link selectCredentialDefinition}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { type
|
|
1
|
+
import { type AuthorizationResult } from "../../utils/auth";
|
|
2
2
|
import { type Out } from "../../utils/misc";
|
|
3
3
|
import type { StartUserAuthorization } from "./03-start-user-authorization";
|
|
4
4
|
import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
|
|
@@ -7,7 +7,7 @@ import { RequestObject } from "../presentation/types";
|
|
|
7
7
|
/**
|
|
8
8
|
* The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
9
9
|
*/
|
|
10
|
-
export type CompleteUserAuthorizationWithQueryMode = (
|
|
10
|
+
export type CompleteUserAuthorizationWithQueryMode = (authRedirectUrl: string) => Promise<AuthorizationResult>;
|
|
11
11
|
export type CompleteUserAuthorizationWithFormPostJwtMode = (requestObject: Out<GetRequestedCredentialToBePresented>, context: {
|
|
12
12
|
wiaCryptoContext: CryptoContext;
|
|
13
13
|
pidCryptoContext: CryptoContext;
|
|
@@ -16,23 +16,24 @@ export type CompleteUserAuthorizationWithFormPostJwtMode = (requestObject: Out<G
|
|
|
16
16
|
appFetch?: GlobalFetch["fetch"];
|
|
17
17
|
}) => Promise<AuthorizationResult>;
|
|
18
18
|
export type GetRequestedCredentialToBePresented = (issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"], clientId: Out<StartUserAuthorization>["clientId"], issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], appFetch?: GlobalFetch["fetch"]) => Promise<RequestObject>;
|
|
19
|
+
export type BuildAuthorizationUrl = (issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"], clientId: Out<StartUserAuthorization>["clientId"], issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], idpHint: string) => Promise<{
|
|
20
|
+
authUrl: string;
|
|
21
|
+
}>;
|
|
19
22
|
/**
|
|
20
|
-
* WARNING: This function must be called after {@link startUserAuthorization}. The
|
|
21
|
-
*
|
|
22
|
-
* It is used to complete the user authorization by catching the redirectSchema from the authorization server which then contains the authorization response.
|
|
23
|
-
* This function utilizes the authorization context to open an in-app browser capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
24
|
-
* If the 302 redirect happens and the redirectSchema is caught, the function will return the authorization response after parsing it from the query string.
|
|
23
|
+
* WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
24
|
+
* Builds the authorization URL to which the end user should be redirected to continue the authentication flow.
|
|
25
25
|
* @param issuerRequestUri the URI of the issuer where the request is sent
|
|
26
26
|
* @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
|
|
27
27
|
* @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
|
|
28
|
-
* @param
|
|
29
|
-
*
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
*
|
|
34
|
-
*
|
|
35
|
-
*
|
|
28
|
+
* @param idpHint Unique identifier of the IDP selected by the user
|
|
29
|
+
* @returns An object containing the authorization URL
|
|
30
|
+
*/
|
|
31
|
+
export declare const buildAuthorizationUrl: BuildAuthorizationUrl;
|
|
32
|
+
/**
|
|
33
|
+
* WARNING: This function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID.
|
|
34
|
+
* Complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
35
|
+
* This function parses the authorization redirect URL to extract the authorization response.
|
|
36
|
+
* @param authRedirectUrl The URL to which the end user should be redirected to start the authentication flow
|
|
36
37
|
* @returns the authorization response which contains code, state and iss
|
|
37
38
|
*/
|
|
38
39
|
export declare const completeUserAuthorizationWithQueryMode: CompleteUserAuthorizationWithQueryMode;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"04-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/04-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,
|
|
1
|
+
{"version":3,"file":"04-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/04-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAG5E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAIL,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAMtD;;GAEG;AACH,MAAM,MAAM,sCAAsC,GAAG,CACnD,eAAe,EAAE,MAAM,KACpB,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,MAAM,MAAM,4CAA4C,GAAG,CACzD,aAAa,EAAE,GAAG,CAAC,mCAAmC,CAAC,EACvD,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,gBAAgB,EAAE,aAAa,CAAC;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,MAAM,MAAM,mCAAmC,GAAG,CAChD,gBAAgB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EACjE,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,aAAa,CAAC,CAAC;AAE5B,MAAM,MAAM,qBAAqB,GAAG,CAClC,gBAAgB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EACjE,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,OAAO,EAAE,MAAM,KACZ,OAAO,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,qBAAqB,EAAE,qBAkBnC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,sCAAsC,EAAE,sCAKlD,CAAC;AAEJ;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mCAAmC,EAAE,mCAyB/C,CAAC;AAEJ;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,4CAA4C,EAAE,4CAuGxD,CAAC;AAEJ;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,YAC5B,OAAO,KACf,mBAaF,CAAC"}
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import { type StartFlow } from "./01-start-flow";
|
|
2
2
|
import { evaluateIssuerTrust, type EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
|
|
3
3
|
import { startUserAuthorization, type StartUserAuthorization } from "./03-start-user-authorization";
|
|
4
|
-
import { completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthorizationResponse, type CompleteUserAuthorizationWithQueryMode, type CompleteUserAuthorizationWithFormPostJwtMode, type GetRequestedCredentialToBePresented, getRequestedCredentialToBePresented } from "./04-complete-user-authorization";
|
|
4
|
+
import { completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthorizationResponse, buildAuthorizationUrl, type CompleteUserAuthorizationWithQueryMode, type CompleteUserAuthorizationWithFormPostJwtMode, type GetRequestedCredentialToBePresented, type BuildAuthorizationUrl, getRequestedCredentialToBePresented } from "./04-complete-user-authorization";
|
|
5
5
|
import { authorizeAccess, type AuthorizeAccess } from "./05-authorize-access";
|
|
6
6
|
import { obtainCredential, type ObtainCredential } from "./06-obtain-credential";
|
|
7
7
|
import { verifyAndParseCredential, type VerifyAndParseCredential } from "./07-verify-and-parse-credential";
|
|
8
8
|
import * as Errors from "./errors";
|
|
9
|
-
export { evaluateIssuerTrust, startUserAuthorization, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors, };
|
|
10
|
-
export type { StartFlow, EvaluateIssuerTrust, StartUserAuthorization, CompleteUserAuthorizationWithQueryMode, GetRequestedCredentialToBePresented, CompleteUserAuthorizationWithFormPostJwtMode, AuthorizeAccess, ObtainCredential, VerifyAndParseCredential, };
|
|
9
|
+
export { evaluateIssuerTrust, startUserAuthorization, buildAuthorizationUrl, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors, };
|
|
10
|
+
export type { StartFlow, EvaluateIssuerTrust, StartUserAuthorization, BuildAuthorizationUrl, CompleteUserAuthorizationWithQueryMode, GetRequestedCredentialToBePresented, CompleteUserAuthorizationWithFormPostJwtMode, AuthorizeAccess, ObtainCredential, VerifyAndParseCredential, };
|
|
11
11
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EACL,mBAAmB,EACnB,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,sBAAsB,EACtB,KAAK,sBAAsB,EAC5B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,sCAAsC,EACtC,4CAA4C,EAC5C,0BAA0B,EAC1B,KAAK,sCAAsC,EAC3C,KAAK,4CAA4C,EACjD,KAAK,mCAAmC,EACxC,mCAAmC,EACpC,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,KAAK,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACtB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,wBAAwB,EACxB,KAAK,wBAAwB,EAC9B,MAAM,kCAAkC,CAAC;AAC1C,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAEnC,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,sCAAsC,EACtC,mCAAmC,EACnC,4CAA4C,EAC5C,eAAe,EACf,gBAAgB,EAChB,wBAAwB,EACxB,0BAA0B,EAC1B,MAAM,GACP,CAAC;AACF,YAAY,EACV,SAAS,EACT,mBAAmB,EACnB,sBAAsB,EACtB,sCAAsC,EACtC,mCAAmC,EACnC,4CAA4C,EAC5C,eAAe,EACf,gBAAgB,EAChB,wBAAwB,GACzB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EACL,mBAAmB,EACnB,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,sBAAsB,EACtB,KAAK,sBAAsB,EAC5B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,sCAAsC,EACtC,4CAA4C,EAC5C,0BAA0B,EAC1B,qBAAqB,EACrB,KAAK,sCAAsC,EAC3C,KAAK,4CAA4C,EACjD,KAAK,mCAAmC,EACxC,KAAK,qBAAqB,EAC1B,mCAAmC,EACpC,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,KAAK,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACtB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,wBAAwB,EACxB,KAAK,wBAAwB,EAC9B,MAAM,kCAAkC,CAAC;AAC1C,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAEnC,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,sCAAsC,EACtC,mCAAmC,EACnC,4CAA4C,EAC5C,eAAe,EACf,gBAAgB,EAChB,wBAAwB,EACxB,0BAA0B,EAC1B,MAAM,GACP,CAAC;AACF,YAAY,EACV,SAAS,EACT,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,sCAAsC,EACtC,mCAAmC,EACnC,4CAA4C,EAC5C,eAAe,EACf,gBAAgB,EAChB,wBAAwB,GACzB,CAAC"}
|
|
@@ -7,6 +7,10 @@ import { UnexpectedStatusCodeError } from "./errors";
|
|
|
7
7
|
* @returns The given response object
|
|
8
8
|
*/
|
|
9
9
|
export declare const hasStatusOrThrow: (status: number, customError?: typeof UnexpectedStatusCodeError) => (res: Response) => Promise<Response>;
|
|
10
|
+
/**
|
|
11
|
+
* Utility function to parse a raw HTTP response as JSON if supported, otherwise as text.
|
|
12
|
+
*/
|
|
13
|
+
export declare const parseRawHttpResponse: <T extends Record<string, unknown>>(response: Response) => Promise<string> | Promise<T>;
|
|
10
14
|
export type Out<FN> = FN extends (...args: any[]) => Promise<any> ? Awaited<ReturnType<FN>> : FN extends (...args: any[]) => any ? ReturnType<FN> : never;
|
|
11
15
|
/**
|
|
12
16
|
* TODO [SIW-1310]: replace this function with a cryptographically secure one.
|
|
@@ -14,18 +18,6 @@ export type Out<FN> = FN extends (...args: any[]) => Promise<any> ? Awaited<Retu
|
|
|
14
18
|
* @returns A random alphanumeric string of the given size
|
|
15
19
|
*/
|
|
16
20
|
export declare const generateRandomAlphaNumericString: (size: number) => string;
|
|
17
|
-
/**
|
|
18
|
-
* Repeatedly checks a condition function until it returns true,
|
|
19
|
-
* then resolves the returned promise. If the condition function does not return true
|
|
20
|
-
* within the specified timeout, the promise is rejected.
|
|
21
|
-
*
|
|
22
|
-
* @param conditionFunction - A function that returns a boolean value.
|
|
23
|
-
* The promise resolves when this function returns true.
|
|
24
|
-
* @param timeout - An optional timeout in seconds. The promise is rejected if the
|
|
25
|
-
* condition function does not return true within this time.
|
|
26
|
-
* @returns A promise that resolves once the conditionFunction returns true or rejects if timed out.
|
|
27
|
-
*/
|
|
28
|
-
export declare const until: (conditionFunction: () => boolean, timeoutSeconds?: number) => Promise<void>;
|
|
29
21
|
/**
|
|
30
22
|
* Get the hash of a credential without discloures.
|
|
31
23
|
* A credential is a string like `header.body.sign~sd1~sd2....` where `~` is the separator between the credential and the discloures.
|
|
@@ -33,17 +25,5 @@ export declare const until: (conditionFunction: () => boolean, timeoutSeconds?:
|
|
|
33
25
|
* @returns The hash of the credential without discloures
|
|
34
26
|
*/
|
|
35
27
|
export declare const getCredentialHashWithouDiscloures: (credential: string) => Promise<string>;
|
|
36
|
-
|
|
37
|
-
* Creates a promise that waits until the provided signal is aborted.
|
|
38
|
-
* @returns {Object} An object with `listen` and `remove` methods to handle subscribing and unsubscribing.
|
|
39
|
-
*/
|
|
40
|
-
export declare const createAbortPromiseFromSignal: (signal: AbortSignal) => {
|
|
41
|
-
listen: () => Promise<"OPERATION_ABORTED">;
|
|
42
|
-
remove: () => void;
|
|
43
|
-
};
|
|
44
|
-
export declare const isDefined: <T>(x: "" | T | null | undefined) => x is T;
|
|
45
|
-
/**
|
|
46
|
-
* Utility function to parse a raw HTTP response as JSON if supported, otherwise as text.
|
|
47
|
-
*/
|
|
48
|
-
export declare const parseRawHttpResponse: <T extends Record<string, unknown>>(response: Response) => Promise<string> | Promise<T>;
|
|
28
|
+
export declare const safeJsonParse: <T>(text: string, withDefault?: T | undefined) => T | null;
|
|
49
29
|
//# sourceMappingURL=misc.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"misc.d.ts","sourceRoot":"","sources":["../../../src/utils/misc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,yBAAyB,EAAE,MAAM,UAAU,CAAC;AAGpE;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,WAClB,MAAM,gBAAgB,gCAAgC,WACnD,QAAQ,KAAG,QAAQ,QAAQ,CAUtC,CAAC;
|
|
1
|
+
{"version":3,"file":"misc.d.ts","sourceRoot":"","sources":["../../../src/utils/misc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,yBAAyB,EAAE,MAAM,UAAU,CAAC;AAGpE;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,WAClB,MAAM,gBAAgB,gCAAgC,WACnD,QAAQ,KAAG,QAAQ,QAAQ,CAUtC,CAAC;AAEJ;;GAEG;AACH,eAAO,MAAM,oBAAoB,gDACrB,QAAQ,iCAIC,CAAC;AAItB,MAAM,MAAM,GAAG,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG,CAAC,GAC7D,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,GACvB,EAAE,SAAS,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,GAClC,UAAU,CAAC,EAAE,CAAC,GACd,KAAK,CAAC;AAEV;;;;GAIG;AACH,eAAO,MAAM,gCAAgC,SAAU,MAAM,WAGjD,CAAC;AAEb;;;;;GAKG;AACH,eAAO,MAAM,iCAAiC,eAChC,MAAM,KACjB,QAAQ,MAAM,CAMhB,CAAC;AAEF,eAAO,MAAM,aAAa,YAAa,MAAM,0CAM5C,CAAC"}
|
package/package.json
CHANGED
|
@@ -88,7 +88,7 @@ const selectResponseMode = (
|
|
|
88
88
|
* the application session identifier on the Wallet Instance side (state),
|
|
89
89
|
* the method (query or form_post.jwt) by which the Authorization Server
|
|
90
90
|
* should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
|
|
91
|
-
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the
|
|
91
|
+
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
|
|
92
92
|
* should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
|
|
93
93
|
* @param issuerConf The issuer configuration
|
|
94
94
|
* @param credentialType The type of the credential to be requested returned by {@link selectCredentialDefinition}
|
|
@@ -1,21 +1,13 @@
|
|
|
1
1
|
import {
|
|
2
2
|
AuthorizationErrorShape,
|
|
3
3
|
AuthorizationResultShape,
|
|
4
|
-
type AuthorizationContext,
|
|
5
4
|
type AuthorizationResult,
|
|
6
5
|
} from "../../utils/auth";
|
|
7
|
-
import {
|
|
8
|
-
createAbortPromiseFromSignal,
|
|
9
|
-
hasStatusOrThrow,
|
|
10
|
-
isDefined,
|
|
11
|
-
until,
|
|
12
|
-
type Out,
|
|
13
|
-
} from "../../utils/misc";
|
|
6
|
+
import { hasStatusOrThrow, type Out } from "../../utils/misc";
|
|
14
7
|
import type { StartUserAuthorization } from "./03-start-user-authorization";
|
|
15
8
|
import parseUrl from "parse-url";
|
|
16
9
|
import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
|
|
17
10
|
import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
|
|
18
|
-
import { Linking } from "react-native";
|
|
19
11
|
import {
|
|
20
12
|
decode,
|
|
21
13
|
encodeBase64,
|
|
@@ -26,23 +18,13 @@ import { RequestObject } from "../presentation/types";
|
|
|
26
18
|
import uuid from "react-native-uuid";
|
|
27
19
|
import { ResponseUriResultShape } from "./types";
|
|
28
20
|
import { getJwtFromFormPost } from "../../utils/decoder";
|
|
29
|
-
import {
|
|
30
|
-
AuthorizationError,
|
|
31
|
-
AuthorizationIdpError,
|
|
32
|
-
OperationAbortedError,
|
|
33
|
-
} from "./errors";
|
|
21
|
+
import { AuthorizationError, AuthorizationIdpError } from "./errors";
|
|
34
22
|
|
|
35
23
|
/**
|
|
36
24
|
* The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
37
25
|
*/
|
|
38
26
|
export type CompleteUserAuthorizationWithQueryMode = (
|
|
39
|
-
|
|
40
|
-
clientId: Out<StartUserAuthorization>["clientId"],
|
|
41
|
-
issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
|
|
42
|
-
idpHint: string,
|
|
43
|
-
redirectUri: string,
|
|
44
|
-
authorizationContext?: AuthorizationContext,
|
|
45
|
-
signal?: AbortSignal
|
|
27
|
+
authRedirectUrl: string
|
|
46
28
|
) => Promise<AuthorizationResult>;
|
|
47
29
|
|
|
48
30
|
export type CompleteUserAuthorizationWithFormPostJwtMode = (
|
|
@@ -63,98 +45,55 @@ export type GetRequestedCredentialToBePresented = (
|
|
|
63
45
|
appFetch?: GlobalFetch["fetch"]
|
|
64
46
|
) => Promise<RequestObject>;
|
|
65
47
|
|
|
48
|
+
export type BuildAuthorizationUrl = (
|
|
49
|
+
issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"],
|
|
50
|
+
clientId: Out<StartUserAuthorization>["clientId"],
|
|
51
|
+
issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
|
|
52
|
+
idpHint: string
|
|
53
|
+
) => Promise<{
|
|
54
|
+
authUrl: string;
|
|
55
|
+
}>;
|
|
56
|
+
|
|
66
57
|
/**
|
|
67
|
-
* WARNING: This function must be called after {@link startUserAuthorization}. The
|
|
68
|
-
*
|
|
69
|
-
* It is used to complete the user authorization by catching the redirectSchema from the authorization server which then contains the authorization response.
|
|
70
|
-
* This function utilizes the authorization context to open an in-app browser capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
71
|
-
* If the 302 redirect happens and the redirectSchema is caught, the function will return the authorization response after parsing it from the query string.
|
|
58
|
+
* WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
59
|
+
* Builds the authorization URL to which the end user should be redirected to continue the authentication flow.
|
|
72
60
|
* @param issuerRequestUri the URI of the issuer where the request is sent
|
|
73
61
|
* @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
|
|
74
62
|
* @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
|
|
75
|
-
* @param
|
|
76
|
-
*
|
|
77
|
-
* @param idphint Unique identifier of the SPID IDP selected by the user
|
|
78
|
-
* @param redirectUri The url to reach to complete the user authorization which is the custom URL scheme that the Wallet Instance is registered to handle, usually a custom URL or deeplink
|
|
79
|
-
* @param signal An optional {@link AbortSignal} to abort the operation when using the default browser
|
|
80
|
-
* @throws {AuthorizationError} if an error occurs during the authorization process
|
|
81
|
-
* @throws {AuthorizationIdpError} if an error occurs during the authorization process and the error is related to the IDP
|
|
82
|
-
* @throws {OperationAbortedError} if the caller aborts the operation via the provided signal
|
|
83
|
-
* @returns the authorization response which contains code, state and iss
|
|
63
|
+
* @param idpHint Unique identifier of the IDP selected by the user
|
|
64
|
+
* @returns An object containing the authorization URL
|
|
84
65
|
*/
|
|
85
|
-
export const
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
signal
|
|
94
|
-
) => {
|
|
95
|
-
const authzRequestEndpoint =
|
|
96
|
-
issuerConf.oauth_authorization_server.authorization_endpoint;
|
|
97
|
-
const params = new URLSearchParams({
|
|
98
|
-
client_id: clientId,
|
|
99
|
-
request_uri: issuerRequestUri,
|
|
100
|
-
idphint: idpHint,
|
|
101
|
-
});
|
|
102
|
-
const authUrl = `${authzRequestEndpoint}?${params}`;
|
|
103
|
-
var authRedirectUrl: string | undefined;
|
|
104
|
-
|
|
105
|
-
if (authorizationContext) {
|
|
106
|
-
const redirectSchema = new URL(redirectUri).protocol.replace(":", "");
|
|
107
|
-
authRedirectUrl = await authorizationContext
|
|
108
|
-
.authorize(authUrl, redirectSchema)
|
|
109
|
-
.catch((e) => {
|
|
110
|
-
throw new AuthorizationError(e.message);
|
|
111
|
-
});
|
|
112
|
-
} else {
|
|
113
|
-
// handler for redirectUri
|
|
114
|
-
const urlEventListener = Linking.addEventListener("url", ({ url }) => {
|
|
115
|
-
if (url.includes(redirectUri)) {
|
|
116
|
-
authRedirectUrl = url;
|
|
117
|
-
}
|
|
118
|
-
});
|
|
119
|
-
|
|
120
|
-
const operationIsAborted = signal
|
|
121
|
-
? createAbortPromiseFromSignal(signal)
|
|
122
|
-
: undefined;
|
|
123
|
-
await Linking.openURL(authUrl);
|
|
66
|
+
export const buildAuthorizationUrl: BuildAuthorizationUrl = async (
|
|
67
|
+
issuerRequestUri,
|
|
68
|
+
clientId,
|
|
69
|
+
issuerConf,
|
|
70
|
+
idpHint
|
|
71
|
+
) => {
|
|
72
|
+
const authzRequestEndpoint =
|
|
73
|
+
issuerConf.oauth_authorization_server.authorization_endpoint;
|
|
124
74
|
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
() => authRedirectUrl !== undefined,
|
|
131
|
-
120
|
|
132
|
-
);
|
|
133
|
-
|
|
134
|
-
/**
|
|
135
|
-
* Simultaneously listen for the abort signal (when provided) and the redirect url.
|
|
136
|
-
* The first event that occurs will resolve the promise.
|
|
137
|
-
* This is useful to properly cleanup when the caller aborts this operation.
|
|
138
|
-
*/
|
|
139
|
-
const winner = await Promise.race(
|
|
140
|
-
[operationIsAborted?.listen(), unitAuthRedirectIsNotUndefined].filter(
|
|
141
|
-
isDefined
|
|
142
|
-
)
|
|
143
|
-
).finally(() => {
|
|
144
|
-
urlEventListener.remove();
|
|
145
|
-
operationIsAborted?.remove();
|
|
146
|
-
});
|
|
75
|
+
const params = new URLSearchParams({
|
|
76
|
+
client_id: clientId,
|
|
77
|
+
request_uri: issuerRequestUri,
|
|
78
|
+
idphint: idpHint,
|
|
79
|
+
});
|
|
147
80
|
|
|
148
|
-
|
|
149
|
-
throw new OperationAbortedError("DefaultQueryModeAuthorization");
|
|
150
|
-
}
|
|
81
|
+
const authUrl = `${authzRequestEndpoint}?${params}`;
|
|
151
82
|
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
}
|
|
155
|
-
}
|
|
83
|
+
return { authUrl };
|
|
84
|
+
};
|
|
156
85
|
|
|
86
|
+
/**
|
|
87
|
+
* WARNING: This function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID.
|
|
88
|
+
* Complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
89
|
+
* This function parses the authorization redirect URL to extract the authorization response.
|
|
90
|
+
* @param authRedirectUrl The URL to which the end user should be redirected to start the authentication flow
|
|
91
|
+
* @returns the authorization response which contains code, state and iss
|
|
92
|
+
*/
|
|
93
|
+
export const completeUserAuthorizationWithQueryMode: CompleteUserAuthorizationWithQueryMode =
|
|
94
|
+
async (authRedirectUrl) => {
|
|
157
95
|
const query = parseUrl(authRedirectUrl).query;
|
|
96
|
+
|
|
158
97
|
return parseAuthorizationResponse(query);
|
|
159
98
|
};
|
|
160
99
|
|
|
@@ -11,9 +11,11 @@ import {
|
|
|
11
11
|
completeUserAuthorizationWithQueryMode,
|
|
12
12
|
completeUserAuthorizationWithFormPostJwtMode,
|
|
13
13
|
parseAuthorizationResponse,
|
|
14
|
+
buildAuthorizationUrl,
|
|
14
15
|
type CompleteUserAuthorizationWithQueryMode,
|
|
15
16
|
type CompleteUserAuthorizationWithFormPostJwtMode,
|
|
16
17
|
type GetRequestedCredentialToBePresented,
|
|
18
|
+
type BuildAuthorizationUrl,
|
|
17
19
|
getRequestedCredentialToBePresented,
|
|
18
20
|
} from "./04-complete-user-authorization";
|
|
19
21
|
import { authorizeAccess, type AuthorizeAccess } from "./05-authorize-access";
|
|
@@ -30,6 +32,7 @@ import * as Errors from "./errors";
|
|
|
30
32
|
export {
|
|
31
33
|
evaluateIssuerTrust,
|
|
32
34
|
startUserAuthorization,
|
|
35
|
+
buildAuthorizationUrl,
|
|
33
36
|
completeUserAuthorizationWithQueryMode,
|
|
34
37
|
getRequestedCredentialToBePresented,
|
|
35
38
|
completeUserAuthorizationWithFormPostJwtMode,
|
|
@@ -43,6 +46,7 @@ export type {
|
|
|
43
46
|
StartFlow,
|
|
44
47
|
EvaluateIssuerTrust,
|
|
45
48
|
StartUserAuthorization,
|
|
49
|
+
BuildAuthorizationUrl,
|
|
46
50
|
CompleteUserAuthorizationWithQueryMode,
|
|
47
51
|
GetRequestedCredentialToBePresented,
|
|
48
52
|
CompleteUserAuthorizationWithFormPostJwtMode,
|
package/src/utils/misc.ts
CHANGED
|
@@ -22,6 +22,16 @@ export const hasStatusOrThrow =
|
|
|
22
22
|
return res;
|
|
23
23
|
};
|
|
24
24
|
|
|
25
|
+
/**
|
|
26
|
+
* Utility function to parse a raw HTTP response as JSON if supported, otherwise as text.
|
|
27
|
+
*/
|
|
28
|
+
export const parseRawHttpResponse = <T extends Record<string, unknown>>(
|
|
29
|
+
response: Response
|
|
30
|
+
) =>
|
|
31
|
+
response.headers.get("content-type")?.includes("application/json")
|
|
32
|
+
? (response.json() as Promise<T>)
|
|
33
|
+
: response.text();
|
|
34
|
+
|
|
25
35
|
// extract a type from an async function output
|
|
26
36
|
// helpful to bind the input of a function to the output of another
|
|
27
37
|
export type Out<FN> = FN extends (...args: any[]) => Promise<any>
|
|
@@ -40,39 +50,6 @@ export const generateRandomAlphaNumericString = (size: number) =>
|
|
|
40
50
|
Math.floor(Math.random() * 36).toString(36)
|
|
41
51
|
).join("");
|
|
42
52
|
|
|
43
|
-
/**
|
|
44
|
-
* Repeatedly checks a condition function until it returns true,
|
|
45
|
-
* then resolves the returned promise. If the condition function does not return true
|
|
46
|
-
* within the specified timeout, the promise is rejected.
|
|
47
|
-
*
|
|
48
|
-
* @param conditionFunction - A function that returns a boolean value.
|
|
49
|
-
* The promise resolves when this function returns true.
|
|
50
|
-
* @param timeout - An optional timeout in seconds. The promise is rejected if the
|
|
51
|
-
* condition function does not return true within this time.
|
|
52
|
-
* @returns A promise that resolves once the conditionFunction returns true or rejects if timed out.
|
|
53
|
-
*/
|
|
54
|
-
export const until = (
|
|
55
|
-
conditionFunction: () => boolean,
|
|
56
|
-
timeoutSeconds?: number
|
|
57
|
-
): Promise<void> =>
|
|
58
|
-
new Promise<void>((resolve, reject) => {
|
|
59
|
-
const start = Date.now();
|
|
60
|
-
const poll = () => {
|
|
61
|
-
if (conditionFunction()) {
|
|
62
|
-
resolve();
|
|
63
|
-
} else if (
|
|
64
|
-
timeoutSeconds !== undefined &&
|
|
65
|
-
Date.now() - start >= timeoutSeconds * 1000
|
|
66
|
-
) {
|
|
67
|
-
reject(new Error("Timeout exceeded"));
|
|
68
|
-
} else {
|
|
69
|
-
setTimeout(poll, 400);
|
|
70
|
-
}
|
|
71
|
-
};
|
|
72
|
-
|
|
73
|
-
poll();
|
|
74
|
-
});
|
|
75
|
-
|
|
76
53
|
/**
|
|
77
54
|
* Get the hash of a credential without discloures.
|
|
78
55
|
* A credential is a string like `header.body.sign~sd1~sd2....` where `~` is the separator between the credential and the discloures.
|
|
@@ -89,34 +66,10 @@ export const getCredentialHashWithouDiscloures = async (
|
|
|
89
66
|
return sha256(credential.slice(0, tildeIndex));
|
|
90
67
|
};
|
|
91
68
|
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
return {
|
|
99
|
-
listen: () =>
|
|
100
|
-
new Promise<"OPERATION_ABORTED">((resolve) => {
|
|
101
|
-
if (signal.aborted) {
|
|
102
|
-
return resolve("OPERATION_ABORTED");
|
|
103
|
-
}
|
|
104
|
-
listener = () => resolve("OPERATION_ABORTED");
|
|
105
|
-
signal.addEventListener("abort", listener);
|
|
106
|
-
}),
|
|
107
|
-
remove: () => signal.removeEventListener("abort", listener),
|
|
108
|
-
};
|
|
69
|
+
export const safeJsonParse = <T>(text: string, withDefault?: T): T | null => {
|
|
70
|
+
try {
|
|
71
|
+
return JSON.parse(text);
|
|
72
|
+
} catch (_) {
|
|
73
|
+
return withDefault ?? null;
|
|
74
|
+
}
|
|
109
75
|
};
|
|
110
|
-
|
|
111
|
-
export const isDefined = <T>(x: T | undefined | null | ""): x is T =>
|
|
112
|
-
Boolean(x);
|
|
113
|
-
|
|
114
|
-
/**
|
|
115
|
-
* Utility function to parse a raw HTTP response as JSON if supported, otherwise as text.
|
|
116
|
-
*/
|
|
117
|
-
export const parseRawHttpResponse = <T extends Record<string, unknown>>(
|
|
118
|
-
response: Response
|
|
119
|
-
) =>
|
|
120
|
-
response.headers.get("content-type")?.includes("application/json")
|
|
121
|
-
? (response.json() as Promise<T>)
|
|
122
|
-
: response.text();
|