@pagopa/io-react-native-wallet 0.25.0 → 0.27.0
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +1 -35
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js +1 -1
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +19 -57
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/05-authorize-access.js +1 -0
- package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +1 -2
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/errors.js +1 -18
- package/lib/commonjs/credential/issuance/errors.js.map +1 -1
- package/lib/commonjs/credential/issuance/index.js +6 -0
- package/lib/commonjs/credential/issuance/index.js.map +1 -1
- package/lib/commonjs/credential/status/02-status-attestation.js +2 -4
- package/lib/commonjs/credential/status/02-status-attestation.js.map +1 -1
- package/lib/commonjs/index.js +1 -3
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/utils/misc.js +19 -58
- package/lib/commonjs/utils/misc.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/issuing.js +1 -2
- package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/module/credential/issuance/03-start-user-authorization.js +1 -1
- package/lib/module/credential/issuance/04-complete-user-authorization.js +19 -58
- package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/05-authorize-access.js +1 -0
- package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +1 -2
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/errors.js +0 -16
- package/lib/module/credential/issuance/errors.js.map +1 -1
- package/lib/module/credential/issuance/index.js +2 -2
- package/lib/module/credential/issuance/index.js.map +1 -1
- package/lib/module/credential/status/02-status-attestation.js +2 -4
- package/lib/module/credential/status/02-status-attestation.js.map +1 -1
- package/lib/module/index.js +1 -2
- package/lib/module/index.js.map +1 -1
- package/lib/module/utils/misc.js +14 -51
- package/lib/module/utils/misc.js.map +1 -1
- package/lib/module/wallet-instance-attestation/issuing.js +1 -2
- package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +1 -1
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +16 -15
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts +1 -0
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/errors.d.ts +0 -9
- package/lib/typescript/credential/issuance/errors.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/index.d.ts +3 -3
- package/lib/typescript/credential/issuance/index.d.ts.map +1 -1
- package/lib/typescript/credential/status/02-status-attestation.d.ts +1 -2
- package/lib/typescript/credential/status/02-status-attestation.d.ts.map +1 -1
- package/lib/typescript/index.d.ts +1 -2
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/utils/misc.d.ts +5 -25
- package/lib/typescript/utils/misc.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts +2 -2
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
- package/package.json +2 -6
- package/src/credential/issuance/03-start-user-authorization.ts +1 -1
- package/src/credential/issuance/04-complete-user-authorization.ts +42 -103
- package/src/credential/issuance/05-authorize-access.ts +1 -0
- package/src/credential/issuance/06-obtain-credential.ts +1 -2
- package/src/credential/issuance/errors.ts +0 -15
- package/src/credential/issuance/index.ts +4 -0
- package/src/credential/status/02-status-attestation.ts +2 -4
- package/src/index.ts +0 -2
- package/src/utils/misc.ts +16 -63
- package/src/wallet-instance-attestation/issuing.ts +1 -2
- package/lib/commonjs/cie/README.md +0 -6
- package/lib/commonjs/cie/component.js +0 -182
- package/lib/commonjs/cie/component.js.map +0 -1
- package/lib/commonjs/cie/error.js +0 -44
- package/lib/commonjs/cie/error.js.map +0 -1
- package/lib/commonjs/cie/index.js +0 -32
- package/lib/commonjs/cie/index.js.map +0 -1
- package/lib/commonjs/cie/manager.js +0 -142
- package/lib/commonjs/cie/manager.js.map +0 -1
- package/lib/module/cie/README.md +0 -6
- package/lib/module/cie/component.js +0 -172
- package/lib/module/cie/component.js.map +0 -1
- package/lib/module/cie/error.js +0 -36
- package/lib/module/cie/error.js.map +0 -1
- package/lib/module/cie/index.js +0 -4
- package/lib/module/cie/index.js.map +0 -1
- package/lib/module/cie/manager.js +0 -133
- package/lib/module/cie/manager.js.map +0 -1
- package/lib/typescript/cie/component.d.ts +0 -46
- package/lib/typescript/cie/component.d.ts.map +0 -1
- package/lib/typescript/cie/error.d.ts +0 -31
- package/lib/typescript/cie/error.d.ts.map +0 -1
- package/lib/typescript/cie/index.d.ts +0 -4
- package/lib/typescript/cie/index.d.ts.map +0 -1
- package/lib/typescript/cie/manager.d.ts +0 -5
- package/lib/typescript/cie/manager.d.ts.map +0 -1
- package/src/cie/README.md +0 -6
- package/src/cie/component.tsx +0 -218
- package/src/cie/error.ts +0 -58
- package/src/cie/index.ts +0 -4
- package/src/cie/manager.ts +0 -183
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_jwk","_client","_errors","_types","getAttestationRequest","challenge","wiaCryptoContext","integrityContext","walletProviderBaseUrl","jwk","getPublicKey","parsedJwk","JWK","parse","keyThumbprint","thumbprint","publicKey","kid","clientData","jwk_thumbprint","hardwareKeyTag","getHardwareKeyTag","signature","authenticatorData","getHardwareSignatureWithAuthData","JSON","stringify","SignJWT","setPayload","iss","sub","hardware_signature","integrity_assertion","hardware_key_tag","cnf","fixBase64EncodingOnKey","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","getAttestation","_ref","appFetch","fetch","api","getWalletProviderClient","get","then","response","nonce","signedAttestationRequest","tokenResponse","post","body","grant_type","assertion","result","TokenResponse","catch","handleAttestationCreationError","wallet_attestation","exports","e","WalletProviderResponseError","ResponseErrorBuilder","handle","code","WalletProviderResponseErrorCodes","WalletInstanceRevoked","message","WalletInstanceNotFound","WalletInstanceIntegrityFailed","WalletInstanceAttestationIssuingFailed","buildFrom"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/issuing.ts"],"mappings":";;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AAKA,IAAAI,MAAA,GAAAJ,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeK,qBAAqBA,CACzCC,SAAiB,EACjBC,gBAA+B,EAC/BC,gBAAkC,EAClCC,qBAA6B,EACZ;EACjB,MAAMC,GAAG,GAAG,MAAMH,gBAAgB,CAACI,YAAY,CAAC,CAAC;EACjD,MAAMC,SAAS,GAAGC,QAAG,CAACC,KAAK,CAACJ,GAAG,CAAC;EAChC,MAAMK,aAAa,GAAG,MAAM,IAAAC,4BAAU,EAACJ,SAAS,CAAC;EACjD,MAAMK,SAAS,GAAG;IAAE,GAAGL,SAAS;IAAEM,GAAG,EAAEH;EAAc,CAAC;EAEtD,MAAMI,UAAU,GAAG;IACjBb,SAAS;IACTc,cAAc,EAAEL;EAClB,CAAC;EAED,MAAMM,cAAc,GAAGb,gBAAgB,CAACc,iBAAiB,CAAC,CAAC;EAC3D,MAAM;IAAEC,SAAS;IAAEC;EAAkB,CAAC,GACpC,MAAMhB,gBAAgB,CAACiB,gCAAgC,CACrDC,IAAI,CAACC,SAAS,CAACR,UAAU,CAC3B,CAAC;EAEH,OAAO,IAAIS,yBAAO,CAACrB,gBAAgB,CAAC,CACjCsB,UAAU,CAAC;IACVC,GAAG,EAAEf,aAAa;IAClBgB,GAAG,EAAEtB,qBAAqB;IAC1BH,SAAS;IACT0B,kBAAkB,EAAET,SAAS;IAC7BU,mBAAmB,EAAET,iBAAiB;IACtCU,gBAAgB,EAAEb,cAAc;IAChCc,GAAG,EAAE;MACHzB,GAAG,EAAE,IAAA0B,2BAAsB,EAACnB,SAAS;IACvC;EACF,CAAC,CAAC,CACDoB,kBAAkB,CAAC;IAClBnB,GAAG,EAAED,SAAS,CAACC,GAAG;IAClBoB,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_jwk","_client","_errors","_types","getAttestationRequest","challenge","wiaCryptoContext","integrityContext","walletProviderBaseUrl","jwk","getPublicKey","parsedJwk","JWK","parse","keyThumbprint","thumbprint","publicKey","kid","clientData","jwk_thumbprint","hardwareKeyTag","getHardwareKeyTag","signature","authenticatorData","getHardwareSignatureWithAuthData","JSON","stringify","SignJWT","setPayload","iss","sub","hardware_signature","integrity_assertion","hardware_key_tag","cnf","fixBase64EncodingOnKey","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","getAttestation","_ref","appFetch","fetch","api","getWalletProviderClient","get","then","response","nonce","signedAttestationRequest","tokenResponse","post","body","grant_type","assertion","result","TokenResponse","catch","handleAttestationCreationError","wallet_attestation","exports","e","WalletProviderResponseError","ResponseErrorBuilder","handle","code","WalletProviderResponseErrorCodes","WalletInstanceRevoked","message","WalletInstanceNotFound","WalletInstanceIntegrityFailed","WalletInstanceAttestationIssuingFailed","buildFrom"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/issuing.ts"],"mappings":";;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AAKA,IAAAI,MAAA,GAAAJ,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeK,qBAAqBA,CACzCC,SAAiB,EACjBC,gBAA+B,EAC/BC,gBAAkC,EAClCC,qBAA6B,EACZ;EACjB,MAAMC,GAAG,GAAG,MAAMH,gBAAgB,CAACI,YAAY,CAAC,CAAC;EACjD,MAAMC,SAAS,GAAGC,QAAG,CAACC,KAAK,CAACJ,GAAG,CAAC;EAChC,MAAMK,aAAa,GAAG,MAAM,IAAAC,4BAAU,EAACJ,SAAS,CAAC;EACjD,MAAMK,SAAS,GAAG;IAAE,GAAGL,SAAS;IAAEM,GAAG,EAAEH;EAAc,CAAC;EAEtD,MAAMI,UAAU,GAAG;IACjBb,SAAS;IACTc,cAAc,EAAEL;EAClB,CAAC;EAED,MAAMM,cAAc,GAAGb,gBAAgB,CAACc,iBAAiB,CAAC,CAAC;EAC3D,MAAM;IAAEC,SAAS;IAAEC;EAAkB,CAAC,GACpC,MAAMhB,gBAAgB,CAACiB,gCAAgC,CACrDC,IAAI,CAACC,SAAS,CAACR,UAAU,CAC3B,CAAC;EAEH,OAAO,IAAIS,yBAAO,CAACrB,gBAAgB,CAAC,CACjCsB,UAAU,CAAC;IACVC,GAAG,EAAEf,aAAa;IAClBgB,GAAG,EAAEtB,qBAAqB;IAC1BH,SAAS;IACT0B,kBAAkB,EAAET,SAAS;IAC7BU,mBAAmB,EAAET,iBAAiB;IACtCU,gBAAgB,EAAEb,cAAc;IAChCc,GAAG,EAAE;MACHzB,GAAG,EAAE,IAAA0B,2BAAsB,EAACnB,SAAS;IACvC;EACF,CAAC,CAAC,CACDoB,kBAAkB,CAAC;IAClBnB,GAAG,EAAED,SAAS,CAACC,GAAG;IAClBoB,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,cAAc,GAAG,MAAAC,IAAA,IAUP;EAAA,IAVc;IACnCpC,gBAAgB;IAChBC,gBAAgB;IAChBC,qBAAqB;IACrBmC,QAAQ,GAAGC;EAMb,CAAC,GAAAF,IAAA;EACC,MAAMG,GAAG,GAAG,IAAAC,+BAAuB,EAAC;IAClCtC,qBAAqB;IACrBmC;EACF,CAAC,CAAC;;EAEF;EACA,MAAMtC,SAAS,GAAG,MAAMwC,GAAG,CAACE,GAAG,CAAC,QAAQ,CAAC,CAACC,IAAI,CAAEC,QAAQ,IAAKA,QAAQ,CAACC,KAAK,CAAC;;EAE5E;EACA,MAAMC,wBAAwB,GAAG,MAAM/C,qBAAqB,CAC1DC,SAAS,EACTC,gBAAgB,EAChBC,gBAAgB,EAChBC,qBACF,CAAC;;EAED;EACA,MAAM4C,aAAa,GAAG,MAAMP,GAAG,CAC5BQ,IAAI,CAAC,QAAQ,EAAE;IACdC,IAAI,EAAE;MACJC,UAAU,EAAE,6CAA6C;MACzDC,SAAS,EAAEL;IACb;EACF,CAAC,CAAC,CACDH,IAAI,CAAES,MAAM,IAAKC,oBAAa,CAAC7C,KAAK,CAAC4C,MAAM,CAAC,CAAC,CAC7CE,KAAK,CAACC,8BAA8B,CAAC;EAExC,OAAOR,aAAa,CAACS,kBAAkB;AACzC,CAAC;AAACC,OAAA,CAAArB,cAAA,GAAAA,cAAA;AAEF,MAAMmB,8BAA8B,GAAIG,CAAU,IAAK;EACrD,IAAI,EAAEA,CAAC,YAAYC,mCAA2B,CAAC,EAAE;IAC/C,MAAMD,CAAC;EACT;EAEA,MAAM,IAAIE,4BAAoB,CAACD,mCAA2B,CAAC,CACxDE,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,wCAAgC,CAACC,qBAAqB;IAC5DC,OAAO,EAAE;EACX,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,wCAAgC,CAACG,sBAAsB;IAC7DD,OAAO,EACL;EACJ,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,wCAAgC,CAACI,6BAA6B;IACpEF,OAAO,EACL;EACJ,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,wCAAgC,CAACK,sCAAsC;IAC7EH,OAAO,EAAE;EACX,CAAC,CAAC,CACDI,SAAS,CAACX,CAAC,CAAC;AACjB,CAAC"}
|
|
@@ -51,7 +51,7 @@ const selectResponseMode = (issuerConf, credentialType) => {
|
|
|
51
51
|
* the application session identifier on the Wallet Instance side (state),
|
|
52
52
|
* the method (query or form_post.jwt) by which the Authorization Server
|
|
53
53
|
* should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
|
|
54
|
-
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the
|
|
54
|
+
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
|
|
55
55
|
* should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
|
|
56
56
|
* @param issuerConf The issuer configuration
|
|
57
57
|
* @param credentialType The type of the credential to be requested returned by {@link selectCredentialDefinition}
|
|
@@ -1,39 +1,28 @@
|
|
|
1
1
|
import { AuthorizationErrorShape, AuthorizationResultShape } from "../../utils/auth";
|
|
2
|
-
import {
|
|
2
|
+
import { hasStatusOrThrow } from "../../utils/misc";
|
|
3
3
|
import parseUrl from "parse-url";
|
|
4
4
|
import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
|
|
5
|
-
import { Linking } from "react-native";
|
|
6
5
|
import { decode, encodeBase64, SignJWT } from "@pagopa/io-react-native-jwt";
|
|
7
6
|
import { RequestObject } from "../presentation/types";
|
|
8
7
|
import uuid from "react-native-uuid";
|
|
9
8
|
import { ResponseUriResultShape } from "./types";
|
|
10
9
|
import { getJwtFromFormPost } from "../../utils/decoder";
|
|
11
|
-
import { AuthorizationError, AuthorizationIdpError
|
|
10
|
+
import { AuthorizationError, AuthorizationIdpError } from "./errors";
|
|
12
11
|
|
|
13
12
|
/**
|
|
14
13
|
* The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
15
14
|
*/
|
|
16
15
|
|
|
17
16
|
/**
|
|
18
|
-
* WARNING: This function must be called after {@link startUserAuthorization}. The
|
|
19
|
-
*
|
|
20
|
-
* It is used to complete the user authorization by catching the redirectSchema from the authorization server which then contains the authorization response.
|
|
21
|
-
* This function utilizes the authorization context to open an in-app browser capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
22
|
-
* If the 302 redirect happens and the redirectSchema is caught, the function will return the authorization response after parsing it from the query string.
|
|
17
|
+
* WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
18
|
+
* Builds the authorization URL to which the end user should be redirected to continue the authentication flow.
|
|
23
19
|
* @param issuerRequestUri the URI of the issuer where the request is sent
|
|
24
20
|
* @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
|
|
25
21
|
* @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
|
|
26
|
-
* @param
|
|
27
|
-
*
|
|
28
|
-
* @param idphint Unique identifier of the SPID IDP selected by the user
|
|
29
|
-
* @param redirectUri The url to reach to complete the user authorization which is the custom URL scheme that the Wallet Instance is registered to handle, usually a custom URL or deeplink
|
|
30
|
-
* @param signal An optional {@link AbortSignal} to abort the operation when using the default browser
|
|
31
|
-
* @throws {AuthorizationError} if an error occurs during the authorization process
|
|
32
|
-
* @throws {AuthorizationIdpError} if an error occurs during the authorization process and the error is related to the IDP
|
|
33
|
-
* @throws {OperationAbortedError} if the caller aborts the operation via the provided signal
|
|
34
|
-
* @returns the authorization response which contains code, state and iss
|
|
22
|
+
* @param idpHint Unique identifier of the IDP selected by the user
|
|
23
|
+
* @returns An object containing the authorization URL
|
|
35
24
|
*/
|
|
36
|
-
export const
|
|
25
|
+
export const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerConf, idpHint) => {
|
|
37
26
|
const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
|
|
38
27
|
const params = new URLSearchParams({
|
|
39
28
|
client_id: clientId,
|
|
@@ -41,47 +30,19 @@ export const completeUserAuthorizationWithQueryMode = async (issuerRequestUri, c
|
|
|
41
30
|
idphint: idpHint
|
|
42
31
|
});
|
|
43
32
|
const authUrl = `${authzRequestEndpoint}?${params}`;
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
throw new AuthorizationError(e.message);
|
|
49
|
-
});
|
|
50
|
-
} else {
|
|
51
|
-
// handler for redirectUri
|
|
52
|
-
const urlEventListener = Linking.addEventListener("url", _ref => {
|
|
53
|
-
let {
|
|
54
|
-
url
|
|
55
|
-
} = _ref;
|
|
56
|
-
if (url.includes(redirectUri)) {
|
|
57
|
-
authRedirectUrl = url;
|
|
58
|
-
}
|
|
59
|
-
});
|
|
60
|
-
const operationIsAborted = signal ? createAbortPromiseFromSignal(signal) : undefined;
|
|
61
|
-
await Linking.openURL(authUrl);
|
|
62
|
-
|
|
63
|
-
/*
|
|
64
|
-
* Waits for 120 seconds for the identificationRedirectUrl variable to be set
|
|
65
|
-
* by the custom url handler. If the timeout is exceeded, throw an exception
|
|
66
|
-
*/
|
|
67
|
-
const unitAuthRedirectIsNotUndefined = until(() => authRedirectUrl !== undefined, 120);
|
|
33
|
+
return {
|
|
34
|
+
authUrl
|
|
35
|
+
};
|
|
36
|
+
};
|
|
68
37
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
});
|
|
78
|
-
if (winner === "OPERATION_ABORTED") {
|
|
79
|
-
throw new OperationAbortedError("DefaultQueryModeAuthorization");
|
|
80
|
-
}
|
|
81
|
-
if (authRedirectUrl === undefined) {
|
|
82
|
-
throw new AuthorizationError("Invalid authentication redirect url");
|
|
83
|
-
}
|
|
84
|
-
}
|
|
38
|
+
/**
|
|
39
|
+
* WARNING: This function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID.
|
|
40
|
+
* Complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
41
|
+
* This function parses the authorization redirect URL to extract the authorization response.
|
|
42
|
+
* @param authRedirectUrl The URL to which the end user should be redirected to start the authentication flow
|
|
43
|
+
* @returns the authorization response which contains code, state and iss
|
|
44
|
+
*/
|
|
45
|
+
export const completeUserAuthorizationWithQueryMode = async authRedirectUrl => {
|
|
85
46
|
const query = parseUrl(authRedirectUrl).query;
|
|
86
47
|
return parseAuthorizationResponse(query);
|
|
87
48
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","
|
|
1
|
+
{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","encodeBase64","SignJWT","RequestObject","uuid","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","idphint","authUrl","completeUserAuthorizationWithQueryMode","authRedirectUrl","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","requestObject","toString","method","then","res","text","jws","reqObj","safeParse","payload","success","message","reason","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","setProtectedHeader","alg","typ","setPayload","vp","jti","v4","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","authResParsed","authErr","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,YAAY,EACZC,OAAO,QAEF,6BAA6B;AACpC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;;AAEpE;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV,gBAAgB;IAC7BW,OAAO,EAAER;EACX,CAAC,CAAC;EAEF,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzB,MAAMC,KAAK,GAAG5B,QAAQ,CAAC2B,eAAe,CAAC,CAACC,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,mCAAwE,GACnF,eAAAA,CAAOjB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBgB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D,MAAMlB,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,MAAMuB,aAAa,GAAG,MAAML,QAAQ,CACjC,GAAEd,oBAAqB,IAAGG,MAAM,CAACiB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACxC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDsC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKvC,MAAM,CAACuC,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKrC,aAAa,CAACsC,SAAS,CAACD,MAAM,CAACE,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACT,aAAa,CAACU,OAAO,EAAE;IAC1B,MAAM,IAAI5C,gBAAgB,CAAC;MACzB6C,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEZ,aAAa,CAACa,KAAK,CAACF;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOX,aAAa,CAACc,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,4CAA0F,GACrG,MAAAA,CAAOf,aAAa,EAAEgB,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzBzB,QAAQ,GAAGI;EACb,CAAC,GAAGiB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAIpD,OAAO,CAACgD,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEN,yBAAyB;IAC7BO,GAAG,EAAExD,IAAI,CAACyD,EAAE,CAAC,CAAC,CAAC3B,QAAQ,CAAC,CAAC;IACzB4B,KAAK,EAAE7B,aAAa,CAAC6B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAChC,aAAa,CAACiC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAIlE,OAAO,CAACiD,gBAAgB,CAAC,CACnDI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,GAAG;IACPQ,GAAG,EAAExD,IAAI,CAACyD,EAAE,CAAC,CAAC,CAAC3B,QAAQ,CAAC,CAAC;IACzB4B,KAAK,EAAE7B,aAAa,CAAC6B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAChC,aAAa,CAACiC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAElE,IAAI,CAACyD,EAAE,CAAC,CAAE,EAAC;IAC7BU,EAAE,EAAG,GAAEnE,IAAI,CAACyD,EAAE,CAAC,CAAE,EAAC;IAClBW,cAAc,EAAE,CACd;MACED,EAAE,EAAE,0BAA0B;MAC9BE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAG1E,YAAY,CACvC2E,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAE7C,aAAa,CAAC6C,KAAK;IAC1BC,uBAAuB,EAAEV,sBAAsB;IAC/CW,QAAQ,EAAE,CAACZ,UAAU,EAAEd,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM2B,IAAI,GAAG,IAAI/D,eAAe,CAAC;IAC/BgE,QAAQ,EAAEP;EACZ,CAAC,CAAC,CAACzC,QAAQ,CAAC,CAAC;EACb,MAAMiD,SAAS,GAAG,MAAMvD,QAAQ,CAACK,aAAa,CAACiC,YAAY,EAAE;IAC3D/B,MAAM,EAAE,MAAM;IACdiD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC7C,IAAI,CAACxC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDsC,IAAI,CAAEiD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGlF,sBAAsB,CAACoC,SAAS,CAAC0C,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC5C,OAAO,EAAE;IACxB,MAAM,IAAI5C,gBAAgB,CAAC;MACzB6C,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAE0C,WAAW,CAACzC,KAAK,CAACF;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMhB,QAAQ,CAAC2D,WAAW,CAACxC,IAAI,CAACyC,YAAY,CAAC,CACjDpD,IAAI,CAACxC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDsC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC9B,kBAAkB,CAAC,CACxB8B,IAAI,CAAEqD,KAAK,IAAK/D,0BAA0B,CAAC+D,KAAK,CAACC,UAAU,CAAChD,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMhB,0BAA0B,GACrCiE,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGjG,wBAAwB,CAAC8C,SAAS,CAACkD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACjD,OAAO,EAAE;IAC1B,MAAMkD,OAAO,GAAGnG,uBAAuB,CAAC+C,SAAS,CAACkD,OAAO,CAAC;IAC1D,IAAI,CAACE,OAAO,CAAClD,OAAO,EAAE;MACpB,MAAM,IAAIpC,kBAAkB,CAACqF,aAAa,CAAC9C,KAAK,CAACF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAIpC,qBAAqB,CAC7BqF,OAAO,CAAC9C,IAAI,CAACD,KAAK,EAClB+C,OAAO,CAAC9C,IAAI,CAAC+C,iBACf,CAAC;EACH;EACA,OAAOF,aAAa,CAAC7C,IAAI;AAC3B,CAAC"}
|
|
@@ -21,6 +21,7 @@ import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
|
|
|
21
21
|
* @param context.dPopCryptoContext The DPoP crypto context
|
|
22
22
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
23
23
|
* @throws {ValidationFailed} if an error occurs while parsing the token response
|
|
24
|
+
* @throws {IssuerResponseError} with a specific code for more context
|
|
24
25
|
* @return The token response containing the access token along with the token request signed with DPoP which has to be used in the {@link obtainCredential} step.
|
|
25
26
|
*/
|
|
26
27
|
export const authorizeAccess = async (issuerConf, code, clientId, redirectUri, codeVerifier, context) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["hasStatusOrThrow","createDPopToken","uuid","createPopToken","WalletInstanceAttestation","ASSERTION_TYPE","TokenResponse","IssuerResponseError","ValidationFailed","authorizeAccess","issuerConf","code","clientId","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","parEndpoint","oauth_authorization_server","pushed_authorization_request_endpoint","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","kid","tokenUrl","token_endpoint","tokenRequestSignedDPop","htm","htu","jti","v4","signedWiaPoP","requestBody","grant_type","client_id","redirect_uri","code_verifier","client_assertion_type","client_assertion","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","res","json","safeParse","success","message","reason","error","accessToken","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAG7D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,cAAc,QAAQ,iBAAiB;AAChD,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,cAAc,QAAQ,SAAS;AACxC,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAiB1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,QAAQ,EACRC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,WAAW,GACfX,UAAU,CAACY,0BAA0B,CAACC,qCAAqC;EAC7E,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACJ,WAAW,CAAC;EACnC,MAAMK,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAGzB,yBAAyB,CAAC0B,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGzB,UAAU,CAACY,0BAA0B,CAACc,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAMpC,eAAe,CAClD;IACEqC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEJ,QAAQ;IACbK,GAAG,EAAG,GAAEtC,IAAI,CAACuC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDrB,iBACF,CAAC;EAED,MAAMsB,YAAY,GAAG,MAAMvC,cAAc,CACvC;IACEqC,GAAG,EAAG,GAAEtC,IAAI,CAACuC,EAAE,CAAC,CAAE,EAAC;IACnBf,GAAG;IACHG;EACF,CAAC,EACDV,gBACF,CAAC;EAED,MAAMwB,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCC,SAAS,EAAEjC,QAAQ;IACnBD,IAAI;IACJmC,YAAY,EAAEjC,WAAW;IACzBkC,aAAa,EAAEjC,YAAY;IAC3BkC,qBAAqB,EAAE3C,cAAc;IACrC4C,gBAAgB,EAAE/B,yBAAyB,GAAG,GAAG,GAAGwB;EACtD,CAAC;EAED,MAAMQ,4BAA4B,GAAG,IAAIC,eAAe,CAACR,WAAW,CAAC;EACrE,MAAMS,QAAQ,GAAG,MAAMpC,QAAQ,CAACmB,QAAQ,EAAE;IACxCkB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAElB;IACR,CAAC;IACDmB,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAAC1D,gBAAgB,CAAC,GAAG,EAAEO,mBAAmB,CAAC,CAAC,CAChDmD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,IAAKlD,aAAa,CAACuD,SAAS,CAACL,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACU,OAAO,EAAE;IACrB,MAAM,IAAItD,gBAAgB,CAAC;MACzBuD,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEZ,QAAQ,CAACa,KAAK,CAACF;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEG,WAAW,EAAEd,QAAQ,CAACe;EAAK,CAAC;AACvC,CAAC"}
|
|
1
|
+
{"version":3,"names":["hasStatusOrThrow","createDPopToken","uuid","createPopToken","WalletInstanceAttestation","ASSERTION_TYPE","TokenResponse","IssuerResponseError","ValidationFailed","authorizeAccess","issuerConf","code","clientId","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","parEndpoint","oauth_authorization_server","pushed_authorization_request_endpoint","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","kid","tokenUrl","token_endpoint","tokenRequestSignedDPop","htm","htu","jti","v4","signedWiaPoP","requestBody","grant_type","client_id","redirect_uri","code_verifier","client_assertion_type","client_assertion","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","res","json","safeParse","success","message","reason","error","accessToken","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAG7D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,cAAc,QAAQ,iBAAiB;AAChD,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,cAAc,QAAQ,SAAS;AACxC,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAiB1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,QAAQ,EACRC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,WAAW,GACfX,UAAU,CAACY,0BAA0B,CAACC,qCAAqC;EAC7E,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACJ,WAAW,CAAC;EACnC,MAAMK,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAGzB,yBAAyB,CAAC0B,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGzB,UAAU,CAACY,0BAA0B,CAACc,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAMpC,eAAe,CAClD;IACEqC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEJ,QAAQ;IACbK,GAAG,EAAG,GAAEtC,IAAI,CAACuC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDrB,iBACF,CAAC;EAED,MAAMsB,YAAY,GAAG,MAAMvC,cAAc,CACvC;IACEqC,GAAG,EAAG,GAAEtC,IAAI,CAACuC,EAAE,CAAC,CAAE,EAAC;IACnBf,GAAG;IACHG;EACF,CAAC,EACDV,gBACF,CAAC;EAED,MAAMwB,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCC,SAAS,EAAEjC,QAAQ;IACnBD,IAAI;IACJmC,YAAY,EAAEjC,WAAW;IACzBkC,aAAa,EAAEjC,YAAY;IAC3BkC,qBAAqB,EAAE3C,cAAc;IACrC4C,gBAAgB,EAAE/B,yBAAyB,GAAG,GAAG,GAAGwB;EACtD,CAAC;EAED,MAAMQ,4BAA4B,GAAG,IAAIC,eAAe,CAACR,WAAW,CAAC;EACrE,MAAMS,QAAQ,GAAG,MAAMpC,QAAQ,CAACmB,QAAQ,EAAE;IACxCkB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAElB;IACR,CAAC;IACDmB,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAAC1D,gBAAgB,CAAC,GAAG,EAAEO,mBAAmB,CAAC,CAAC,CAChDmD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,IAAKlD,aAAa,CAACuD,SAAS,CAACL,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACU,OAAO,EAAE;IACrB,MAAM,IAAItD,gBAAgB,CAAC;MACzBuD,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEZ,QAAQ,CAACa,KAAK,CAACF;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEG,WAAW,EAAEd,QAAQ,CAACe;EAAK,CAAC;AACvC,CAAC"}
|
|
@@ -92,8 +92,7 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
|
|
|
92
92
|
* Handle the credential error by mapping it to a custom exception.
|
|
93
93
|
* If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
|
|
94
94
|
* @param e - The error to be handled
|
|
95
|
-
* @throws {
|
|
96
|
-
* @throws {@link CredentialInvalidStatusError} if the status code is 404 (meaning the credential is invalid)
|
|
95
|
+
* @throws {IssuerResponseError} with a specific code for more context
|
|
97
96
|
*/
|
|
98
97
|
const handleObtainCredentialError = e => {
|
|
99
98
|
if (!(e instanceof UnexpectedStatusCodeError)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","createDPopToken","uuid","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credentialUrl","openid_credential_issuer","credential_endpoint","signedNonceProof","c_nonce","containsCredentialDefinition","authorization_details","some","c","credential_configuration_id","format","type","message","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","tokenRequestSignedDPop","htm","htu","jti","v4","ath","access_token","credentialRes","method","headers","DPoP","Authorization","token_type","body","JSON","stringify","then","res","json","safeParse","catch","handleObtainCredentialError","success","reason","error","data","e","handle","code","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,QAAQ,SAAS;AAC5C,SAASC,eAAe,QAAQ,kBAAkB;AAClD,OAAOC,IAAI,MAAM,mBAAmB;AAcpC,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIhB,OAAO,CAACc,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM5B,gBAAgB,CAC7CiB,WAAW,CAACY,OAAO,EACnBX,QAAQ,EACRO,aAAa,EACbJ,uBACF,CAAC;;EAED;EACA,MAAMS,4BAA4B,GAAGb,WAAW,CAACc,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACC,2BAA2B,KAC3Bf,oBAAoB,CAACe,2BAA2B,IAClDD,CAAC,CAACE,MAAM,KAAKhB,oBAAoB,CAACgB,MAAM,IACxCF,CAAC,CAACG,IAAI,KAAKjB,oBAAoB,CAACiB,IACpC,CAAC;EAED,IAAI,CAACN,4BAA4B,EAAE;IACjC,MAAM,IAAIlC,gBAAgB,CAAC;MACzByC,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;EACA,MAAMC,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBH,IAAI,EAAE,CAACjB,oBAAoB,CAACe,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEhB,oBAAoB,CAACgB,MAAM;IACnCK,KAAK,EAAE;MACLC,GAAG,EAAEb,gBAAgB;MACrBc,UAAU,EAAE;IACd;EACF,CAAC;EAED,MAAMC,sBAAsB,GAAG,MAAM7C,eAAe,CAClD;IACE8C,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEpB,aAAa;IAClBqB,GAAG,EAAG,GAAE/C,IAAI,CAACgD,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,MAAM3D,cAAc,CAAC4B,WAAW,CAACgC,YAAY;EACpD,CAAC,EACDzB,iBACF,CAAC;EACD,MAAM0B,aAAa,GAAG,MAAM5B,QAAQ,CAACG,aAAa,EAAE;IAClD0B,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAEV,sBAAsB;MAC5BW,aAAa,EAAG,GAAErC,WAAW,CAACsC,UAAW,IAAGtC,WAAW,CAACgC,YAAa;IACvE,CAAC;IACDO,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACpB,yBAAyB;EAChD,CAAC,CAAC,CACCqB,IAAI,CAACpE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BoE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEH,IAAI,IAAK3D,kBAAkB,CAACiE,SAAS,CAACN,IAAI,CAAC,CAAC,CAClDO,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACd,aAAa,CAACe,OAAO,EAAE;IAC1B,MAAM,IAAIrE,gBAAgB,CAAC;MACzByC,OAAO,EAAE,uCAAuC;MAChD6B,MAAM,EAAEhB,aAAa,CAACiB,KAAK,CAAC9B;IAC9B,CAAC,CAAC;EACJ;EAEA,OAAOa,aAAa,CAACkB,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA
|
|
1
|
+
{"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","createDPopToken","uuid","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credentialUrl","openid_credential_issuer","credential_endpoint","signedNonceProof","c_nonce","containsCredentialDefinition","authorization_details","some","c","credential_configuration_id","format","type","message","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","tokenRequestSignedDPop","htm","htu","jti","v4","ath","access_token","credentialRes","method","headers","DPoP","Authorization","token_type","body","JSON","stringify","then","res","json","safeParse","catch","handleObtainCredentialError","success","reason","error","data","e","handle","code","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,QAAQ,SAAS;AAC5C,SAASC,eAAe,QAAQ,kBAAkB;AAClD,OAAOC,IAAI,MAAM,mBAAmB;AAcpC,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIhB,OAAO,CAACc,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM5B,gBAAgB,CAC7CiB,WAAW,CAACY,OAAO,EACnBX,QAAQ,EACRO,aAAa,EACbJ,uBACF,CAAC;;EAED;EACA,MAAMS,4BAA4B,GAAGb,WAAW,CAACc,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACC,2BAA2B,KAC3Bf,oBAAoB,CAACe,2BAA2B,IAClDD,CAAC,CAACE,MAAM,KAAKhB,oBAAoB,CAACgB,MAAM,IACxCF,CAAC,CAACG,IAAI,KAAKjB,oBAAoB,CAACiB,IACpC,CAAC;EAED,IAAI,CAACN,4BAA4B,EAAE;IACjC,MAAM,IAAIlC,gBAAgB,CAAC;MACzByC,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;EACA,MAAMC,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBH,IAAI,EAAE,CAACjB,oBAAoB,CAACe,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEhB,oBAAoB,CAACgB,MAAM;IACnCK,KAAK,EAAE;MACLC,GAAG,EAAEb,gBAAgB;MACrBc,UAAU,EAAE;IACd;EACF,CAAC;EAED,MAAMC,sBAAsB,GAAG,MAAM7C,eAAe,CAClD;IACE8C,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEpB,aAAa;IAClBqB,GAAG,EAAG,GAAE/C,IAAI,CAACgD,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,MAAM3D,cAAc,CAAC4B,WAAW,CAACgC,YAAY;EACpD,CAAC,EACDzB,iBACF,CAAC;EACD,MAAM0B,aAAa,GAAG,MAAM5B,QAAQ,CAACG,aAAa,EAAE;IAClD0B,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAEV,sBAAsB;MAC5BW,aAAa,EAAG,GAAErC,WAAW,CAACsC,UAAW,IAAGtC,WAAW,CAACgC,YAAa;IACvE,CAAC;IACDO,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACpB,yBAAyB;EAChD,CAAC,CAAC,CACCqB,IAAI,CAACpE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BoE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEH,IAAI,IAAK3D,kBAAkB,CAACiE,SAAS,CAACN,IAAI,CAAC,CAAC,CAClDO,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACd,aAAa,CAACe,OAAO,EAAE;IAC1B,MAAM,IAAIrE,gBAAgB,CAAC;MACzByC,OAAO,EAAE,uCAAuC;MAChD6B,MAAM,EAAEhB,aAAa,CAACiB,KAAK,CAAC9B;IAC9B,CAAC,CAAC;EACJ;EAEA,OAAOa,aAAa,CAACkB,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMJ,2BAA2B,GAAIK,CAAU,IAAK;EAClD,IAAI,EAAEA,CAAC,YAAY1E,yBAAyB,CAAC,EAAE;IAC7C,MAAM0E,CAAC;EACT;EAEA,MAAM,IAAI3E,oBAAoB,CAACF,mBAAmB,CAAC,CAChD8E,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAE9E,wBAAwB,CAAC+E,+BAA+B;IAC9DnC,OAAO,EACL;EACJ,CAAC,CAAC,CACDiC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE9E,wBAAwB,CAACgF,uBAAuB;IACtDpC,OAAO,EAAE;EACX,CAAC,CAAC,CACDiC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE9E,wBAAwB,CAACgF,uBAAuB;IACtDpC,OAAO,EAAE;EACX,CAAC,CAAC,CACDiC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE9E,wBAAwB,CAACiF,uBAAuB;IACtDrC,OAAO,EAAE;EACX,CAAC,CAAC,CACDsC,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}
|
|
@@ -25,20 +25,4 @@ export class AuthorizationIdpError extends IoWalletError {
|
|
|
25
25
|
this.errorDescription = errorDescription;
|
|
26
26
|
}
|
|
27
27
|
}
|
|
28
|
-
|
|
29
|
-
/**
|
|
30
|
-
* Error subclass thrown when an operation has been aborted.
|
|
31
|
-
*/
|
|
32
|
-
export class OperationAbortedError extends IoWalletError {
|
|
33
|
-
code = "ERR_IO_WALLET_OPERATION_ABORTED";
|
|
34
|
-
|
|
35
|
-
/** The aborted operation */
|
|
36
|
-
|
|
37
|
-
constructor(operation) {
|
|
38
|
-
super(serializeAttrs({
|
|
39
|
-
operation
|
|
40
|
-
}));
|
|
41
|
-
this.operation = operation;
|
|
42
|
-
}
|
|
43
|
-
}
|
|
44
28
|
//# sourceMappingURL=errors.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["IoWalletError","serializeAttrs","AuthorizationError","code","constructor","message","AuthorizationIdpError","error","errorDescription"
|
|
1
|
+
{"version":3,"names":["IoWalletError","serializeAttrs","AuthorizationError","code","constructor","message","AuthorizationIdpError","error","errorDescription"],"sourceRoot":"../../../../src","sources":["credential/issuance/errors.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,cAAc,QAAQ,oBAAoB;;AAElE;AACA;AACA;AACA,OAAO,MAAMC,kBAAkB,SAASF,aAAa,CAAC;EACpDG,IAAI,GAAG,mCAAmC;EAE1CC,WAAWA,CAACC,OAAgB,EAAE;IAC5B,KAAK,CAACA,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,SAASN,aAAa,CAAC;EACvDG,IAAI,GAAG,sDAAsD;EAK7DC,WAAWA,CAACG,KAAa,EAAEC,gBAAyB,EAAE;IACpD,KAAK,CAACP,cAAc,CAAC;MAAEM,KAAK;MAAEC;IAAiB,CAAC,CAAC,CAAC;IAClD,IAAI,CAACD,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACC,gBAAgB,GAAGA,gBAAgB;EAC1C;AACF"}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import { evaluateIssuerTrust } from "./02-evaluate-issuer-trust";
|
|
2
2
|
import { startUserAuthorization } from "./03-start-user-authorization";
|
|
3
|
-
import { completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthorizationResponse, getRequestedCredentialToBePresented } from "./04-complete-user-authorization";
|
|
3
|
+
import { completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthorizationResponse, buildAuthorizationUrl, getRequestedCredentialToBePresented } from "./04-complete-user-authorization";
|
|
4
4
|
import { authorizeAccess } from "./05-authorize-access";
|
|
5
5
|
import { obtainCredential } from "./06-obtain-credential";
|
|
6
6
|
import { verifyAndParseCredential } from "./07-verify-and-parse-credential";
|
|
7
7
|
import * as Errors from "./errors";
|
|
8
|
-
export { evaluateIssuerTrust, startUserAuthorization, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors };
|
|
8
|
+
export { evaluateIssuerTrust, startUserAuthorization, buildAuthorizationUrl, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors };
|
|
9
9
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","parseAuthorizationResponse","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","verifyAndParseCredential","Errors"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,EACtCC,4CAA4C,EAC5CC,0BAA0B,
|
|
1
|
+
{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","parseAuthorizationResponse","buildAuthorizationUrl","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","verifyAndParseCredential","Errors"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,EACtCC,4CAA4C,EAC5CC,0BAA0B,EAC1BC,qBAAqB,EAKrBC,mCAAmC,QAC9B,kCAAkC;AACzC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACEV,mBAAmB,EACnBC,sBAAsB,EACtBI,qBAAqB,EACrBH,sCAAsC,EACtCI,mCAAmC,EACnCH,4CAA4C,EAC5CI,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB,EACxBL,0BAA0B,EAC1BM,MAAM"}
|
|
@@ -10,8 +10,7 @@ import { IssuerResponseError, IssuerResponseErrorCodes, ResponseErrorBuilder, Un
|
|
|
10
10
|
* @param credential - The credential to be verified
|
|
11
11
|
* @param credentialCryptoContext - The credential's crypto context
|
|
12
12
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
13
|
-
* @throws {
|
|
14
|
-
* @throws {@link StatusAttestationError} if an error occurs during the status attestation
|
|
13
|
+
* @throws {IssuerResponseError} with a specific code for more context
|
|
15
14
|
* @returns The credential status attestation
|
|
16
15
|
*/
|
|
17
16
|
export const statusAttestation = async function (issuerConf, credential, credentialCryptoContext) {
|
|
@@ -48,8 +47,7 @@ export const statusAttestation = async function (issuerConf, credential, credent
|
|
|
48
47
|
* Handle the status attestation error by mapping it to a custom exception.
|
|
49
48
|
* If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
|
|
50
49
|
* @param e - The error to be handled
|
|
51
|
-
* @throws {
|
|
52
|
-
* @throws {@link CredentialInvalidStatusError} if the status code is 404 (meaning the credential is invalid)
|
|
50
|
+
* @throws {IssuerResponseError} with a specific code for more context
|
|
53
51
|
*/
|
|
54
52
|
const handleStatusAttestationError = e => {
|
|
55
53
|
if (!(e instanceof UnexpectedStatusCodeError)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["getCredentialHashWithouDiscloures","hasStatusOrThrow","SignJWT","uuid","StatusAttestationResponse","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","statusAttestation","issuerConf","credential","credentialCryptoContext","appFetch","arguments","length","undefined","fetch","jwk","getPublicKey","credentialHash","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","setPayload","aud","jti","v4","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","kid","setIssuedAt","setExpirationTime","sign","body","credential_pop","result","method","headers","JSON","stringify","then","raw","json","parse","catch","handleStatusAttestationError","status_attestation","e","handle","code","CredentialInvalidStatus","message","StatusAttestationRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-attestation.ts"],"mappings":"AAAA,SACEA,iCAAiC,EACjCC,gBAAgB,QAEX,kBAAkB;AAEzB,SAA6BC,OAAO,QAAQ,6BAA6B;AACzE,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,yBAAyB,QAAQ,SAAS;AACnD,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,QACpB,oBAAoB;AAW3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA
|
|
1
|
+
{"version":3,"names":["getCredentialHashWithouDiscloures","hasStatusOrThrow","SignJWT","uuid","StatusAttestationResponse","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","statusAttestation","issuerConf","credential","credentialCryptoContext","appFetch","arguments","length","undefined","fetch","jwk","getPublicKey","credentialHash","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","setPayload","aud","jti","v4","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","kid","setIssuedAt","setExpirationTime","sign","body","credential_pop","result","method","headers","JSON","stringify","then","raw","json","parse","catch","handleStatusAttestationError","status_attestation","e","handle","code","CredentialInvalidStatus","message","StatusAttestationRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-attestation.ts"],"mappings":"AAAA,SACEA,iCAAiC,EACjCC,gBAAgB,QAEX,kBAAkB;AAEzB,SAA6BC,OAAO,QAAQ,6BAA6B;AACzE,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,yBAAyB,QAAQ,SAAS;AACnD,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,QACpB,oBAAoB;AAW3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,iBAAoC,GAAG,eAAAA,CAClDC,UAAU,EACVC,UAAU,EACVC,uBAAuB,EAEpB;EAAA,IADHC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAEtC,MAAMC,GAAG,GAAG,MAAMN,uBAAuB,CAACO,YAAY,CAAC,CAAC;EACxD,MAAMC,cAAc,GAAG,MAAMpB,iCAAiC,CAACW,UAAU,CAAC;EAC1E,MAAMU,YAAY,GAChBX,UAAU,CAACY,wBAAwB,CAACC,2BAA2B;EACjE,MAAMC,aAAa,GAAG,MAAM,IAAItB,OAAO,CAACU,uBAAuB,CAAC,CAC7Da,UAAU,CAAC;IACVC,GAAG,EAAEL,YAAY;IACjBM,GAAG,EAAExB,IAAI,CAACyB,EAAE,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;IACzBC,eAAe,EAAEV,cAAc;IAC/BW,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,gCAAgC;IACrCC,GAAG,EAAEjB,GAAG,CAACiB;EACX,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,cAAc,EAAEhB;EAClB,CAAC;EAED,MAAMiB,MAAM,GAAG,MAAM5B,QAAQ,CAACQ,YAAY,EAAE;IAC1CqB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDJ,IAAI,EAAEK,IAAI,CAACC,SAAS,CAACN,IAAI;EAC3B,CAAC,CAAC,CACCO,IAAI,CAAC7C,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3B6C,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAK5C,yBAAyB,CAAC6C,KAAK,CAACD,IAAI,CAAC,CAAC,CACrDE,KAAK,CAACC,4BAA4B,CAAC;EAEtC,OAAO;IAAE1C,iBAAiB,EAAEgC,MAAM,CAACW;EAAmB,CAAC;AACzD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMD,4BAA4B,GAAIE,CAAU,IAAK;EACnD,IAAI,EAAEA,CAAC,YAAY7C,yBAAyB,CAAC,EAAE;IAC7C,MAAM6C,CAAC;EACT;EAEA,MAAM,IAAI9C,oBAAoB,CAACF,mBAAmB,CAAC,CAChDiD,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEjD,wBAAwB,CAACkD,uBAAuB;IACtDC,OAAO,EAAE;EACX,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEjD,wBAAwB,CAACoD,8BAA8B;IAC7DD,OAAO,EAAG;EACZ,CAAC,CAAC,CACDE,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}
|
package/lib/module/index.js
CHANGED
|
@@ -9,8 +9,7 @@ import * as Errors from "./utils/errors";
|
|
|
9
9
|
import * as WalletInstanceAttestation from "./wallet-instance-attestation";
|
|
10
10
|
import * as Trust from "./trust";
|
|
11
11
|
import * as WalletInstance from "./wallet-instance";
|
|
12
|
-
import * as Cie from "./cie";
|
|
13
12
|
import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
|
|
14
13
|
import { createCryptoContextFor } from "./utils/crypto";
|
|
15
|
-
export { SdJwt, PID, Credential, WalletInstanceAttestation, WalletInstance, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails, fixBase64EncodingOnKey
|
|
14
|
+
export { SdJwt, PID, Credential, WalletInstanceAttestation, WalletInstance, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails, fixBase64EncodingOnKey };
|
|
16
15
|
//# sourceMappingURL=index.js.map
|
package/lib/module/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["fixBase64EncodingOnKey","Credential","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","WalletInstance","
|
|
1
|
+
{"version":3,"names":["fixBase64EncodingOnKey","Credential","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","WalletInstance","AuthorizationDetail","AuthorizationDetails","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"AACA,SAASA,sBAAsB,QAAQ,aAAa;AACpD;AACA;AACA,OAAO,gCAAgC;AAEvC,OAAO,KAAKC,UAAU,MAAM,cAAc;AAC1C,OAAO,KAAKC,GAAG,MAAM,OAAO;AAC5B,OAAO,KAAKC,KAAK,MAAM,UAAU;AACjC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,yBAAyB,MAAM,+BAA+B;AAC1E,OAAO,KAAKC,KAAK,MAAM,SAAS;AAChC,OAAO,KAAKC,cAAc,MAAM,mBAAmB;AACnD,SAASC,mBAAmB,EAAEC,oBAAoB,QAAQ,aAAa;AACvE,SAASC,sBAAsB,QAAQ,gBAAgB;AAGvD,SACEP,KAAK,EACLD,GAAG,EACHD,UAAU,EACVI,yBAAyB,EACzBE,cAAc,EACdH,MAAM,EACNE,KAAK,EACLI,sBAAsB,EACtBF,mBAAmB,EACnBC,oBAAoB,EACpBT,sBAAsB"}
|
package/lib/module/utils/misc.js
CHANGED
|
@@ -21,6 +21,14 @@ export const hasStatusOrThrow = (status, customError) => async res => {
|
|
|
21
21
|
return res;
|
|
22
22
|
};
|
|
23
23
|
|
|
24
|
+
/**
|
|
25
|
+
* Utility function to parse a raw HTTP response as JSON if supported, otherwise as text.
|
|
26
|
+
*/
|
|
27
|
+
export const parseRawHttpResponse = response => {
|
|
28
|
+
var _response$headers$get;
|
|
29
|
+
return (_response$headers$get = response.headers.get("content-type")) !== null && _response$headers$get !== void 0 && _response$headers$get.includes("application/json") ? response.json() : response.text();
|
|
30
|
+
};
|
|
31
|
+
|
|
24
32
|
// extract a type from an async function output
|
|
25
33
|
// helpful to bind the input of a function to the output of another
|
|
26
34
|
/**
|
|
@@ -30,31 +38,6 @@ export const hasStatusOrThrow = (status, customError) => async res => {
|
|
|
30
38
|
*/
|
|
31
39
|
export const generateRandomAlphaNumericString = size => Array.from(Array(size), () => Math.floor(Math.random() * 36).toString(36)).join("");
|
|
32
40
|
|
|
33
|
-
/**
|
|
34
|
-
* Repeatedly checks a condition function until it returns true,
|
|
35
|
-
* then resolves the returned promise. If the condition function does not return true
|
|
36
|
-
* within the specified timeout, the promise is rejected.
|
|
37
|
-
*
|
|
38
|
-
* @param conditionFunction - A function that returns a boolean value.
|
|
39
|
-
* The promise resolves when this function returns true.
|
|
40
|
-
* @param timeout - An optional timeout in seconds. The promise is rejected if the
|
|
41
|
-
* condition function does not return true within this time.
|
|
42
|
-
* @returns A promise that resolves once the conditionFunction returns true or rejects if timed out.
|
|
43
|
-
*/
|
|
44
|
-
export const until = (conditionFunction, timeoutSeconds) => new Promise((resolve, reject) => {
|
|
45
|
-
const start = Date.now();
|
|
46
|
-
const poll = () => {
|
|
47
|
-
if (conditionFunction()) {
|
|
48
|
-
resolve();
|
|
49
|
-
} else if (timeoutSeconds !== undefined && Date.now() - start >= timeoutSeconds * 1000) {
|
|
50
|
-
reject(new Error("Timeout exceeded"));
|
|
51
|
-
} else {
|
|
52
|
-
setTimeout(poll, 400);
|
|
53
|
-
}
|
|
54
|
-
};
|
|
55
|
-
poll();
|
|
56
|
-
});
|
|
57
|
-
|
|
58
41
|
/**
|
|
59
42
|
* Get the hash of a credential without discloures.
|
|
60
43
|
* A credential is a string like `header.body.sign~sd1~sd2....` where `~` is the separator between the credential and the discloures.
|
|
@@ -68,31 +51,11 @@ export const getCredentialHashWithouDiscloures = async credential => {
|
|
|
68
51
|
}
|
|
69
52
|
return sha256(credential.slice(0, tildeIndex));
|
|
70
53
|
};
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
let listener;
|
|
78
|
-
return {
|
|
79
|
-
listen: () => new Promise(resolve => {
|
|
80
|
-
if (signal.aborted) {
|
|
81
|
-
return resolve("OPERATION_ABORTED");
|
|
82
|
-
}
|
|
83
|
-
listener = () => resolve("OPERATION_ABORTED");
|
|
84
|
-
signal.addEventListener("abort", listener);
|
|
85
|
-
}),
|
|
86
|
-
remove: () => signal.removeEventListener("abort", listener)
|
|
87
|
-
};
|
|
88
|
-
};
|
|
89
|
-
export const isDefined = x => Boolean(x);
|
|
90
|
-
|
|
91
|
-
/**
|
|
92
|
-
* Utility function to parse a raw HTTP response as JSON if supported, otherwise as text.
|
|
93
|
-
*/
|
|
94
|
-
export const parseRawHttpResponse = response => {
|
|
95
|
-
var _response$headers$get;
|
|
96
|
-
return (_response$headers$get = response.headers.get("content-type")) !== null && _response$headers$get !== void 0 && _response$headers$get.includes("application/json") ? response.json() : response.text();
|
|
54
|
+
export const safeJsonParse = (text, withDefault) => {
|
|
55
|
+
try {
|
|
56
|
+
return JSON.parse(text);
|
|
57
|
+
} catch (_) {
|
|
58
|
+
return withDefault ?? null;
|
|
59
|
+
}
|
|
97
60
|
};
|
|
98
61
|
//# sourceMappingURL=misc.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["IoWalletError","UnexpectedStatusCodeError","sha256","hasStatusOrThrow","status","customError","res","ErrorClass","message","url","statusCode","reason","parseRawHttpResponse","
|
|
1
|
+
{"version":3,"names":["IoWalletError","UnexpectedStatusCodeError","sha256","hasStatusOrThrow","status","customError","res","ErrorClass","message","url","statusCode","reason","parseRawHttpResponse","response","_response$headers$get","headers","get","includes","json","text","generateRandomAlphaNumericString","size","Array","from","Math","floor","random","toString","join","getCredentialHashWithouDiscloures","credential","tildeIndex","indexOf","slice","safeJsonParse","withDefault","JSON","parse","_"],"sourceRoot":"../../../src","sources":["utils/misc.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,yBAAyB,QAAQ,UAAU;AACnE,SAASC,MAAM,QAAQ,WAAW;;AAElC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAgB,GAC3BA,CAACC,MAAc,EAAEC,WAA8C,KAC/D,MAAOC,GAAa,IAAwB;EAC1C,IAAIA,GAAG,CAACF,MAAM,KAAKA,MAAM,EAAE;IACzB,MAAMG,UAAU,GAAGF,WAAW,IAAIJ,yBAAyB;IAC3D,MAAM,IAAIM,UAAU,CAAC;MACnBC,OAAO,EAAG,iCAAgCJ,MAAO,SAAQE,GAAG,CAACF,MAAO,UAASE,GAAG,CAACG,GAAI,EAAC;MACtFC,UAAU,EAAEJ,GAAG,CAACF,MAAM;MACtBO,MAAM,EAAE,MAAMC,oBAAoB,CAACN,GAAG,CAAC,CAAE;IAC3C,CAAC,CAAC;EACJ;;EACA,OAAOA,GAAG;AACZ,CAAC;;AAEH;AACA;AACA;AACA,OAAO,MAAMM,oBAAoB,GAC/BC,QAAkB;EAAA,IAAAC,qBAAA;EAAA,OAElB,CAAAA,qBAAA,GAAAD,QAAQ,CAACE,OAAO,CAACC,GAAG,CAAC,cAAc,CAAC,cAAAF,qBAAA,eAApCA,qBAAA,CAAsCG,QAAQ,CAAC,kBAAkB,CAAC,GAC7DJ,QAAQ,CAACK,IAAI,CAAC,CAAC,GAChBL,QAAQ,CAACM,IAAI,CAAC,CAAC;AAAA;;AAErB;AACA;AAOA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gCAAgC,GAAIC,IAAY,IAC3DC,KAAK,CAACC,IAAI,CAACD,KAAK,CAACD,IAAI,CAAC,EAAE,MACtBG,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,CAACC,QAAQ,CAAC,EAAE,CAC5C,CAAC,CAACC,IAAI,CAAC,EAAE,CAAC;;AAEZ;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,iCAAiC,GAAG,MAC/CC,UAAkB,IACE;EACpB,MAAMC,UAAU,GAAGD,UAAU,CAACE,OAAO,CAAC,GAAG,CAAC;EAC1C,IAAID,UAAU,KAAK,CAAC,CAAC,EAAE;IACrB,MAAM,IAAI/B,aAAa,CAAC,2BAA2B,CAAC;EACtD;EACA,OAAOE,MAAM,CAAC4B,UAAU,CAACG,KAAK,CAAC,CAAC,EAAEF,UAAU,CAAC,CAAC;AAChD,CAAC;AAED,OAAO,MAAMG,aAAa,GAAGA,CAAIf,IAAY,EAAEgB,WAAe,KAAe;EAC3E,IAAI;IACF,OAAOC,IAAI,CAACC,KAAK,CAAClB,IAAI,CAAC;EACzB,CAAC,CAAC,OAAOmB,CAAC,EAAE;IACV,OAAOH,WAAW,IAAI,IAAI;EAC5B;AACF,CAAC"}
|
|
@@ -53,8 +53,7 @@ export async function getAttestationRequest(challenge, wiaCryptoContext, integri
|
|
|
53
53
|
* @param params.appFetch (optional) Http client
|
|
54
54
|
* @param walletProviderBaseUrl Base url for the Wallet Provider
|
|
55
55
|
* @returns The retrieved Wallet Instance Attestation token
|
|
56
|
-
* @throws {
|
|
57
|
-
* @throws {WalletInstanceNotFoundError} The Wallet Instance does not exist
|
|
56
|
+
* @throws {WalletProviderResponseError} with a specific code for more context
|
|
58
57
|
*/
|
|
59
58
|
export const getAttestation = async _ref => {
|
|
60
59
|
let {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["SignJWT","thumbprint","fixBase64EncodingOnKey","JWK","getWalletProviderClient","ResponseErrorBuilder","WalletProviderResponseError","WalletProviderResponseErrorCodes","TokenResponse","getAttestationRequest","challenge","wiaCryptoContext","integrityContext","walletProviderBaseUrl","jwk","getPublicKey","parsedJwk","parse","keyThumbprint","publicKey","kid","clientData","jwk_thumbprint","hardwareKeyTag","getHardwareKeyTag","signature","authenticatorData","getHardwareSignatureWithAuthData","JSON","stringify","setPayload","iss","sub","hardware_signature","integrity_assertion","hardware_key_tag","cnf","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","getAttestation","_ref","appFetch","fetch","api","get","then","response","nonce","signedAttestationRequest","tokenResponse","post","body","grant_type","assertion","result","catch","handleAttestationCreationError","wallet_attestation","e","handle","code","WalletInstanceRevoked","message","WalletInstanceNotFound","WalletInstanceIntegrityFailed","WalletInstanceAttestationIssuingFailed","buildFrom"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/issuing.ts"],"mappings":"AAAA,SAEEA,OAAO,EACPC,UAAU,QACL,6BAA6B;AACpC,SAASC,sBAAsB,EAAEC,GAAG,QAAQ,cAAc;AAC1D,SAASC,uBAAuB,QAAQ,WAAW;AAEnD,SACEC,oBAAoB,EACpBC,2BAA2B,EAC3BC,gCAAgC,QAC3B,iBAAiB;AACxB,SAASC,aAAa,QAAQ,SAAS;;AAEvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,qBAAqBA,CACzCC,SAAiB,EACjBC,gBAA+B,EAC/BC,gBAAkC,EAClCC,qBAA6B,EACZ;EACjB,MAAMC,GAAG,GAAG,MAAMH,gBAAgB,CAACI,YAAY,CAAC,CAAC;EACjD,MAAMC,SAAS,GAAGb,GAAG,CAACc,KAAK,CAACH,GAAG,CAAC;EAChC,MAAMI,aAAa,GAAG,MAAMjB,UAAU,CAACe,SAAS,CAAC;EACjD,MAAMG,SAAS,GAAG;IAAE,GAAGH,SAAS;IAAEI,GAAG,EAAEF;EAAc,CAAC;EAEtD,MAAMG,UAAU,GAAG;IACjBX,SAAS;IACTY,cAAc,EAAEJ;EAClB,CAAC;EAED,MAAMK,cAAc,GAAGX,gBAAgB,CAACY,iBAAiB,CAAC,CAAC;EAC3D,MAAM;IAAEC,SAAS;IAAEC;EAAkB,CAAC,GACpC,MAAMd,gBAAgB,CAACe,gCAAgC,CACrDC,IAAI,CAACC,SAAS,CAACR,UAAU,CAC3B,CAAC;EAEH,OAAO,IAAIrB,OAAO,CAACW,gBAAgB,CAAC,CACjCmB,UAAU,CAAC;IACVC,GAAG,EAAEb,aAAa;IAClBc,GAAG,EAAEnB,qBAAqB;IAC1BH,SAAS;IACTuB,kBAAkB,EAAER,SAAS;IAC7BS,mBAAmB,EAAER,iBAAiB;IACtCS,gBAAgB,EAAEZ,cAAc;IAChCa,GAAG,EAAE;MACHtB,GAAG,EAAEZ,sBAAsB,CAACiB,SAAS;IACvC;EACF,CAAC,CAAC,CACDkB,kBAAkB,CAAC;IAClBjB,GAAG,EAAED,SAAS,CAACC,GAAG;IAClBkB,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA
|
|
1
|
+
{"version":3,"names":["SignJWT","thumbprint","fixBase64EncodingOnKey","JWK","getWalletProviderClient","ResponseErrorBuilder","WalletProviderResponseError","WalletProviderResponseErrorCodes","TokenResponse","getAttestationRequest","challenge","wiaCryptoContext","integrityContext","walletProviderBaseUrl","jwk","getPublicKey","parsedJwk","parse","keyThumbprint","publicKey","kid","clientData","jwk_thumbprint","hardwareKeyTag","getHardwareKeyTag","signature","authenticatorData","getHardwareSignatureWithAuthData","JSON","stringify","setPayload","iss","sub","hardware_signature","integrity_assertion","hardware_key_tag","cnf","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","getAttestation","_ref","appFetch","fetch","api","get","then","response","nonce","signedAttestationRequest","tokenResponse","post","body","grant_type","assertion","result","catch","handleAttestationCreationError","wallet_attestation","e","handle","code","WalletInstanceRevoked","message","WalletInstanceNotFound","WalletInstanceIntegrityFailed","WalletInstanceAttestationIssuingFailed","buildFrom"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/issuing.ts"],"mappings":"AAAA,SAEEA,OAAO,EACPC,UAAU,QACL,6BAA6B;AACpC,SAASC,sBAAsB,EAAEC,GAAG,QAAQ,cAAc;AAC1D,SAASC,uBAAuB,QAAQ,WAAW;AAEnD,SACEC,oBAAoB,EACpBC,2BAA2B,EAC3BC,gCAAgC,QAC3B,iBAAiB;AACxB,SAASC,aAAa,QAAQ,SAAS;;AAEvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,qBAAqBA,CACzCC,SAAiB,EACjBC,gBAA+B,EAC/BC,gBAAkC,EAClCC,qBAA6B,EACZ;EACjB,MAAMC,GAAG,GAAG,MAAMH,gBAAgB,CAACI,YAAY,CAAC,CAAC;EACjD,MAAMC,SAAS,GAAGb,GAAG,CAACc,KAAK,CAACH,GAAG,CAAC;EAChC,MAAMI,aAAa,GAAG,MAAMjB,UAAU,CAACe,SAAS,CAAC;EACjD,MAAMG,SAAS,GAAG;IAAE,GAAGH,SAAS;IAAEI,GAAG,EAAEF;EAAc,CAAC;EAEtD,MAAMG,UAAU,GAAG;IACjBX,SAAS;IACTY,cAAc,EAAEJ;EAClB,CAAC;EAED,MAAMK,cAAc,GAAGX,gBAAgB,CAACY,iBAAiB,CAAC,CAAC;EAC3D,MAAM;IAAEC,SAAS;IAAEC;EAAkB,CAAC,GACpC,MAAMd,gBAAgB,CAACe,gCAAgC,CACrDC,IAAI,CAACC,SAAS,CAACR,UAAU,CAC3B,CAAC;EAEH,OAAO,IAAIrB,OAAO,CAACW,gBAAgB,CAAC,CACjCmB,UAAU,CAAC;IACVC,GAAG,EAAEb,aAAa;IAClBc,GAAG,EAAEnB,qBAAqB;IAC1BH,SAAS;IACTuB,kBAAkB,EAAER,SAAS;IAC7BS,mBAAmB,EAAER,iBAAiB;IACtCS,gBAAgB,EAAEZ,cAAc;IAChCa,GAAG,EAAE;MACHtB,GAAG,EAAEZ,sBAAsB,CAACiB,SAAS;IACvC;EACF,CAAC,CAAC,CACDkB,kBAAkB,CAAC;IAClBjB,GAAG,EAAED,SAAS,CAACC,GAAG;IAClBkB,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,cAAc,GAAG,MAAAC,IAAA,IAUP;EAAA,IAVc;IACnChC,gBAAgB;IAChBC,gBAAgB;IAChBC,qBAAqB;IACrB+B,QAAQ,GAAGC;EAMb,CAAC,GAAAF,IAAA;EACC,MAAMG,GAAG,GAAG1C,uBAAuB,CAAC;IAClCS,qBAAqB;IACrB+B;EACF,CAAC,CAAC;;EAEF;EACA,MAAMlC,SAAS,GAAG,MAAMoC,GAAG,CAACC,GAAG,CAAC,QAAQ,CAAC,CAACC,IAAI,CAAEC,QAAQ,IAAKA,QAAQ,CAACC,KAAK,CAAC;;EAE5E;EACA,MAAMC,wBAAwB,GAAG,MAAM1C,qBAAqB,CAC1DC,SAAS,EACTC,gBAAgB,EAChBC,gBAAgB,EAChBC,qBACF,CAAC;;EAED;EACA,MAAMuC,aAAa,GAAG,MAAMN,GAAG,CAC5BO,IAAI,CAAC,QAAQ,EAAE;IACdC,IAAI,EAAE;MACJC,UAAU,EAAE,6CAA6C;MACzDC,SAAS,EAAEL;IACb;EACF,CAAC,CAAC,CACDH,IAAI,CAAES,MAAM,IAAKjD,aAAa,CAACS,KAAK,CAACwC,MAAM,CAAC,CAAC,CAC7CC,KAAK,CAACC,8BAA8B,CAAC;EAExC,OAAOP,aAAa,CAACQ,kBAAkB;AACzC,CAAC;AAED,MAAMD,8BAA8B,GAAIE,CAAU,IAAK;EACrD,IAAI,EAAEA,CAAC,YAAYvD,2BAA2B,CAAC,EAAE;IAC/C,MAAMuD,CAAC;EACT;EAEA,MAAM,IAAIxD,oBAAoB,CAACC,2BAA2B,CAAC,CACxDwD,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAExD,gCAAgC,CAACyD,qBAAqB;IAC5DC,OAAO,EAAE;EACX,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAExD,gCAAgC,CAAC2D,sBAAsB;IAC7DD,OAAO,EACL;EACJ,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAExD,gCAAgC,CAAC4D,6BAA6B;IACpEF,OAAO,EACL;EACJ,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAExD,gCAAgC,CAAC6D,sCAAsC;IAC7EH,OAAO,EAAE;EACX,CAAC,CAAC,CACDI,SAAS,CAACR,CAAC,CAAC;AACjB,CAAC"}
|
|
@@ -25,7 +25,7 @@ export type StartUserAuthorization = (issuerConf: Out<EvaluateIssuerTrust>["issu
|
|
|
25
25
|
* the application session identifier on the Wallet Instance side (state),
|
|
26
26
|
* the method (query or form_post.jwt) by which the Authorization Server
|
|
27
27
|
* should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
|
|
28
|
-
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the
|
|
28
|
+
* to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
|
|
29
29
|
* should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
|
|
30
30
|
* @param issuerConf The issuer configuration
|
|
31
31
|
* @param credentialType The type of the credential to be requested returned by {@link selectCredentialDefinition}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { type
|
|
1
|
+
import { type AuthorizationResult } from "../../utils/auth";
|
|
2
2
|
import { type Out } from "../../utils/misc";
|
|
3
3
|
import type { StartUserAuthorization } from "./03-start-user-authorization";
|
|
4
4
|
import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
|
|
@@ -7,7 +7,7 @@ import { RequestObject } from "../presentation/types";
|
|
|
7
7
|
/**
|
|
8
8
|
* The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
9
9
|
*/
|
|
10
|
-
export type CompleteUserAuthorizationWithQueryMode = (
|
|
10
|
+
export type CompleteUserAuthorizationWithQueryMode = (authRedirectUrl: string) => Promise<AuthorizationResult>;
|
|
11
11
|
export type CompleteUserAuthorizationWithFormPostJwtMode = (requestObject: Out<GetRequestedCredentialToBePresented>, context: {
|
|
12
12
|
wiaCryptoContext: CryptoContext;
|
|
13
13
|
pidCryptoContext: CryptoContext;
|
|
@@ -16,23 +16,24 @@ export type CompleteUserAuthorizationWithFormPostJwtMode = (requestObject: Out<G
|
|
|
16
16
|
appFetch?: GlobalFetch["fetch"];
|
|
17
17
|
}) => Promise<AuthorizationResult>;
|
|
18
18
|
export type GetRequestedCredentialToBePresented = (issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"], clientId: Out<StartUserAuthorization>["clientId"], issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], appFetch?: GlobalFetch["fetch"]) => Promise<RequestObject>;
|
|
19
|
+
export type BuildAuthorizationUrl = (issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"], clientId: Out<StartUserAuthorization>["clientId"], issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], idpHint: string) => Promise<{
|
|
20
|
+
authUrl: string;
|
|
21
|
+
}>;
|
|
19
22
|
/**
|
|
20
|
-
* WARNING: This function must be called after {@link startUserAuthorization}. The
|
|
21
|
-
*
|
|
22
|
-
* It is used to complete the user authorization by catching the redirectSchema from the authorization server which then contains the authorization response.
|
|
23
|
-
* This function utilizes the authorization context to open an in-app browser capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
24
|
-
* If the 302 redirect happens and the redirectSchema is caught, the function will return the authorization response after parsing it from the query string.
|
|
23
|
+
* WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
|
|
24
|
+
* Builds the authorization URL to which the end user should be redirected to continue the authentication flow.
|
|
25
25
|
* @param issuerRequestUri the URI of the issuer where the request is sent
|
|
26
26
|
* @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
|
|
27
27
|
* @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
|
|
28
|
-
* @param
|
|
29
|
-
*
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
*
|
|
34
|
-
*
|
|
35
|
-
*
|
|
28
|
+
* @param idpHint Unique identifier of the IDP selected by the user
|
|
29
|
+
* @returns An object containing the authorization URL
|
|
30
|
+
*/
|
|
31
|
+
export declare const buildAuthorizationUrl: BuildAuthorizationUrl;
|
|
32
|
+
/**
|
|
33
|
+
* WARNING: This function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID.
|
|
34
|
+
* Complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
35
|
+
* This function parses the authorization redirect URL to extract the authorization response.
|
|
36
|
+
* @param authRedirectUrl The URL to which the end user should be redirected to start the authentication flow
|
|
36
37
|
* @returns the authorization response which contains code, state and iss
|
|
37
38
|
*/
|
|
38
39
|
export declare const completeUserAuthorizationWithQueryMode: CompleteUserAuthorizationWithQueryMode;
|