@pagopa/io-react-native-wallet 0.28.1 → 0.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (168) hide show
  1. package/README.md +43 -0
  2. package/lib/commonjs/credential/issuance/03-start-user-authorization.js +5 -0
  3. package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
  4. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +17 -3
  5. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
  6. package/lib/commonjs/credential/issuance/05-authorize-access.js +5 -0
  7. package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
  8. package/lib/commonjs/credential/issuance/06-obtain-credential.js +13 -2
  9. package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
  10. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +10 -0
  11. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  12. package/lib/commonjs/credential/presentation/01-start-flow.js +14 -14
  13. package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -1
  14. package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js +4 -2
  15. package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js.map +1 -1
  16. package/lib/commonjs/credential/presentation/03-get-request-object.js +2 -2
  17. package/lib/commonjs/credential/presentation/03-get-request-object.js.map +1 -1
  18. package/lib/commonjs/credential/presentation/05-verify-request-object.js +11 -4
  19. package/lib/commonjs/credential/presentation/05-verify-request-object.js.map +1 -1
  20. package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js +54 -14
  21. package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js.map +1 -1
  22. package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +26 -7
  23. package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
  24. package/lib/commonjs/credential/presentation/08-send-authorization-response.js +4 -4
  25. package/lib/commonjs/credential/presentation/08-send-authorization-response.js.map +1 -1
  26. package/lib/commonjs/credential/presentation/README.md +96 -2
  27. package/lib/commonjs/credential/presentation/errors.js +16 -19
  28. package/lib/commonjs/credential/presentation/errors.js.map +1 -1
  29. package/lib/commonjs/credential/presentation/index.js +27 -2
  30. package/lib/commonjs/credential/presentation/index.js.map +1 -1
  31. package/lib/commonjs/credential/presentation/types.js +1 -1
  32. package/lib/commonjs/credential/presentation/types.js.map +1 -1
  33. package/lib/commonjs/credential/status/02-status-attestation.js +2 -0
  34. package/lib/commonjs/credential/status/02-status-attestation.js.map +1 -1
  35. package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js +3 -0
  36. package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js.map +1 -1
  37. package/lib/commonjs/credential/trustmark/get-credential-trustmark.js +5 -0
  38. package/lib/commonjs/credential/trustmark/get-credential-trustmark.js.map +1 -1
  39. package/lib/commonjs/index.js +3 -1
  40. package/lib/commonjs/index.js.map +1 -1
  41. package/lib/commonjs/utils/decoder.js +2 -0
  42. package/lib/commonjs/utils/decoder.js.map +1 -1
  43. package/lib/commonjs/utils/logging.js +68 -0
  44. package/lib/commonjs/utils/logging.js.map +1 -0
  45. package/lib/commonjs/utils/misc.js +2 -0
  46. package/lib/commonjs/utils/misc.js.map +1 -1
  47. package/lib/commonjs/utils/par.js +2 -0
  48. package/lib/commonjs/utils/par.js.map +1 -1
  49. package/lib/commonjs/wallet-instance/index.js +4 -0
  50. package/lib/commonjs/wallet-instance/index.js.map +1 -1
  51. package/lib/commonjs/wallet-instance-attestation/issuing.js +5 -0
  52. package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
  53. package/lib/module/credential/issuance/03-start-user-authorization.js +5 -0
  54. package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
  55. package/lib/module/credential/issuance/04-complete-user-authorization.js +17 -3
  56. package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
  57. package/lib/module/credential/issuance/05-authorize-access.js +5 -0
  58. package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
  59. package/lib/module/credential/issuance/06-obtain-credential.js +13 -2
  60. package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
  61. package/lib/module/credential/issuance/07-verify-and-parse-credential.js +10 -0
  62. package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  63. package/lib/module/credential/presentation/01-start-flow.js +14 -14
  64. package/lib/module/credential/presentation/01-start-flow.js.map +1 -1
  65. package/lib/module/credential/presentation/02-evaluate-rp-trust.js +4 -2
  66. package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map +1 -1
  67. package/lib/module/credential/presentation/03-get-request-object.js +2 -2
  68. package/lib/module/credential/presentation/03-get-request-object.js.map +1 -1
  69. package/lib/module/credential/presentation/05-verify-request-object.js +11 -4
  70. package/lib/module/credential/presentation/05-verify-request-object.js.map +1 -1
  71. package/lib/module/credential/presentation/07-evaluate-dcql-query.js +55 -14
  72. package/lib/module/credential/presentation/07-evaluate-dcql-query.js.map +1 -1
  73. package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +25 -6
  74. package/lib/module/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
  75. package/lib/module/credential/presentation/08-send-authorization-response.js +4 -4
  76. package/lib/module/credential/presentation/08-send-authorization-response.js.map +1 -1
  77. package/lib/module/credential/presentation/README.md +96 -2
  78. package/lib/module/credential/presentation/errors.js +13 -16
  79. package/lib/module/credential/presentation/errors.js.map +1 -1
  80. package/lib/module/credential/presentation/index.js +4 -3
  81. package/lib/module/credential/presentation/index.js.map +1 -1
  82. package/lib/module/credential/presentation/types.js +1 -1
  83. package/lib/module/credential/presentation/types.js.map +1 -1
  84. package/lib/module/credential/status/02-status-attestation.js +2 -0
  85. package/lib/module/credential/status/02-status-attestation.js.map +1 -1
  86. package/lib/module/credential/status/03-verify-and-parse-status-attestation.js +3 -0
  87. package/lib/module/credential/status/03-verify-and-parse-status-attestation.js.map +1 -1
  88. package/lib/module/credential/trustmark/get-credential-trustmark.js +5 -0
  89. package/lib/module/credential/trustmark/get-credential-trustmark.js.map +1 -1
  90. package/lib/module/index.js +2 -1
  91. package/lib/module/index.js.map +1 -1
  92. package/lib/module/utils/decoder.js +2 -0
  93. package/lib/module/utils/decoder.js.map +1 -1
  94. package/lib/module/utils/logging.js +62 -0
  95. package/lib/module/utils/logging.js.map +1 -0
  96. package/lib/module/utils/misc.js +2 -0
  97. package/lib/module/utils/misc.js.map +1 -1
  98. package/lib/module/utils/par.js +2 -0
  99. package/lib/module/utils/par.js.map +1 -1
  100. package/lib/module/wallet-instance/index.js +4 -0
  101. package/lib/module/wallet-instance/index.js.map +1 -1
  102. package/lib/module/wallet-instance-attestation/issuing.js +5 -0
  103. package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
  104. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
  105. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +2 -2
  106. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
  107. package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
  108. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +1 -1
  109. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
  110. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
  111. package/lib/typescript/credential/presentation/01-start-flow.d.ts +17 -19
  112. package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -1
  113. package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts +1 -0
  114. package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts.map +1 -1
  115. package/lib/typescript/credential/presentation/03-get-request-object.d.ts +1 -4
  116. package/lib/typescript/credential/presentation/03-get-request-object.d.ts.map +1 -1
  117. package/lib/typescript/credential/presentation/05-verify-request-object.d.ts +4 -2
  118. package/lib/typescript/credential/presentation/05-verify-request-object.d.ts.map +1 -1
  119. package/lib/typescript/credential/presentation/07-evaluate-dcql-query.d.ts +13 -5
  120. package/lib/typescript/credential/presentation/07-evaluate-dcql-query.d.ts.map +1 -1
  121. package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts +7 -2
  122. package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map +1 -1
  123. package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts +3 -3
  124. package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts.map +1 -1
  125. package/lib/typescript/credential/presentation/errors.d.ts +14 -9
  126. package/lib/typescript/credential/presentation/errors.d.ts.map +1 -1
  127. package/lib/typescript/credential/presentation/index.d.ts +5 -4
  128. package/lib/typescript/credential/presentation/index.d.ts.map +1 -1
  129. package/lib/typescript/credential/presentation/types.d.ts +3 -3
  130. package/lib/typescript/credential/status/02-status-attestation.d.ts.map +1 -1
  131. package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts.map +1 -1
  132. package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts.map +1 -1
  133. package/lib/typescript/index.d.ts +2 -1
  134. package/lib/typescript/index.d.ts.map +1 -1
  135. package/lib/typescript/utils/decoder.d.ts.map +1 -1
  136. package/lib/typescript/utils/logging.d.ts +35 -0
  137. package/lib/typescript/utils/logging.d.ts.map +1 -0
  138. package/lib/typescript/utils/misc.d.ts.map +1 -1
  139. package/lib/typescript/utils/par.d.ts.map +1 -1
  140. package/lib/typescript/wallet-instance/index.d.ts.map +1 -1
  141. package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
  142. package/package.json +3 -3
  143. package/src/credential/issuance/03-start-user-authorization.ts +18 -0
  144. package/src/credential/issuance/04-complete-user-authorization.ts +57 -3
  145. package/src/credential/issuance/05-authorize-access.ts +16 -0
  146. package/src/credential/issuance/06-obtain-credential.ts +31 -2
  147. package/src/credential/issuance/07-verify-and-parse-credential.ts +27 -1
  148. package/src/credential/presentation/01-start-flow.ts +18 -20
  149. package/src/credential/presentation/02-evaluate-rp-trust.ts +3 -2
  150. package/src/credential/presentation/03-get-request-object.ts +4 -6
  151. package/src/credential/presentation/05-verify-request-object.ts +17 -6
  152. package/src/credential/presentation/07-evaluate-dcql-query.ts +60 -17
  153. package/src/credential/presentation/07-evaluate-input-descriptor.ts +53 -39
  154. package/src/credential/presentation/08-send-authorization-response.ts +9 -7
  155. package/src/credential/presentation/README.md +96 -2
  156. package/src/credential/presentation/errors.ts +21 -14
  157. package/src/credential/presentation/index.ts +22 -4
  158. package/src/credential/presentation/types.ts +1 -1
  159. package/src/credential/status/02-status-attestation.ts +3 -0
  160. package/src/credential/status/03-verify-and-parse-status-attestation.ts +10 -0
  161. package/src/credential/trustmark/get-credential-trustmark.ts +19 -0
  162. package/src/index.ts +2 -0
  163. package/src/utils/decoder.ts +5 -0
  164. package/src/utils/logging.ts +68 -0
  165. package/src/utils/misc.ts +5 -0
  166. package/src/utils/par.ts +6 -0
  167. package/src/wallet-instance/index.ts +17 -1
  168. package/src/wallet-instance-attestation/issuing.ts +19 -0
package/lib/module/credential/issuance/03-start-user-authorization.js CHANGED
@@ -1,6 +1,7 @@
1
1
  import { generateRandomAlphaNumericString } from "../../utils/misc";
2
2
  import { makeParRequest } from "../../utils/par";
3
3
  import { ASSERTION_TYPE } from "./const";
4
+ import { LogLevel, Logger } from "../../utils/logging";
4
5
  /**
5
6
  * Ensures that the credential type requested is supported by the issuer and contained in the
6
7
  * issuer configuration.
@@ -20,6 +21,7 @@ const selectCredentialDefinition = (issuerConf, credentialType) => {
20
21
  type: "openid_credential"
21
22
  }));
22
23
  if (!result) {
24
+ Logger.log(LogLevel.ERROR, `Requested credential type ${credentialType} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
23
25
  throw new Error(`No credential support the type '${credentialType}'`);
24
26
  }
25
27
  return result;
@@ -34,7 +36,9 @@ const selectCredentialDefinition = (issuerConf, credentialType) => {
34
36
  const selectResponseMode = (issuerConf, credentialType) => {
35
37
  const responseModeSupported = issuerConf.oauth_authorization_server.response_modes_supported;
36
38
  const responseMode = credentialType === "PersonIdentificationData" ? "query" : "form_post.jwt";
39
+ Logger.log(LogLevel.DEBUG, `Selected response mode ${responseMode} for credential type ${credentialType}`);
37
40
  if (!responseModeSupported.includes(responseMode)) {
41
+ Logger.log(LogLevel.ERROR, `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`);
38
42
  throw new Error(`No response mode support the type '${credentialType}'`);
39
43
  }
40
44
  return responseMode;
@@ -67,6 +71,7 @@ export const startUserAuthorization = async (issuerConf, credentialType, ctx) =>
67
71
  } = ctx;
68
72
  const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
69
73
  if (!clientId) {
74
+ Logger.log(LogLevel.ERROR, `Public key associated with kid ${clientId} not found in the device`);
70
75
  throw new Error("No public key found");
71
76
  }
72
77
  const codeVerifier = generateRandomAlphaNumericString(64);
package/lib/module/credential/issuance/03-start-user-authorization.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","ASSERTION_TYPE","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","format","type","Error","selectResponseMode","responseModeSupported","oauth_authorization_server","response_modes_supported","responseMode","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","credentialDefinition","getPar","issuerRequestUri"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAG7E,SAA8BC,cAAc,QAAQ,iBAAiB;AACrE,SAASC,cAAc,QAAQ,SAAS;AAkBxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,cAAc,CAAC,CAAC,CACzCS,GAAG,CAAEF,CAAC,KAAM;IACXG,2BAA2B,EAAEV,cAAc;IAC3CW,MAAM,EAAEV,mCAAmC,CAACM,CAAC,CAAC,CAAEI,MAAM;IACtDC,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACT,MAAM,EAAE;IACX,MAAM,IAAIU,KAAK,CAAE,mCAAkCb,cAAe,GAAE,CAAC;EACvE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMW,kBAAkB,GAAGA,CACzBf,UAAkD,EAClDC,cAAgD,KAC/B;EACjB,MAAMe,qBAAqB,GACzBhB,UAAU,CAACiB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,YAAY,GAChBlB,cAAc,KAAK,0BAA0B,GAAG,OAAO,GAAG,eAAe;EAE3E,IAAI,CAACe,qBAAqB,CAACP,QAAQ,CAACU,YAAY,CAAC,EAAE;IACjD,MAAM,IAAIL,KAAK,CAAE,sCAAqCb,cAAe,GAAE,CAAC;EAC1E;EAEA,OAAOkB,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAA8C,GAAG,MAAAA,CAC5DpB,UAAU,EACVC,cAAc,EACdoB,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,IAAI,CAACJ,QAAQ,EAAE;IACb,MAAM,IAAIb,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAMkB,YAAY,GAAGpC,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAMqC,WAAW,GACfjC,UAAU,CAACiB,0BAA0B,CAACiB,qCAAqC;EAC7E,MAAMC,oBAAoB,GAAGpC,0BAA0B,CACrDC,UAAU,EACVC,cACF,CAAC;EACD,MAAMkB,YAAY,GAAGJ,kBAAkB,CAACf,UAAU,EAAEC,cAAc,CAAC;EAEnE,MAAMmC,MAAM,GAAGvC,cAAc,CAAC;IAAEyB,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,MAAMY,gBAAgB,GAAG,MAAMD,MAAM,CACnCT,QAAQ,EACRK,YAAY,EACZR,WAAW,EACXL,YAAY,EACZc,WAAW,EACXV,yBAAyB,EACzB,CAACY,oBAAoB,CAAC,EACtBrC,cACF,CAAC;EAED,OAAO;IAAEuC,gBAAgB;IAAEV,QAAQ;IAAEK,YAAY;IAAEG;EAAqB,CAAC;AAC3E,CAAC"}
1
+ {"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","ASSERTION_TYPE","LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","format","type","log","ERROR","JSON","stringify","Error","selectResponseMode","responseModeSupported","oauth_authorization_server","response_modes_supported","responseMode","DEBUG","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","credentialDefinition","getPar","issuerRequestUri"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAG7E,SAA8BC,cAAc,QAAQ,iBAAiB;AACrE,SAASC,cAAc,QAAQ,SAAS;AACxC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAkBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,cAAc,CAAC,CAAC,CACzCS,GAAG,CAAEF,CAAC,KAAM;IACXG,2BAA2B,EAAEV,cAAc;IAC3CW,MAAM,EAAEV,mCAAmC,CAACM,CAAC,CAAC,CAAEI,MAAM;IACtDC,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACT,MAAM,EAAE;IACXN,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAACkB,KAAK,EACb,6BAA4Bd,cAAe,kEAAiEe,IAAI,CAACC,SAAS,CAACf,mCAAmC,CAAE,EACnK,CAAC;IACD,MAAM,IAAIgB,KAAK,CAAE,mCAAkCjB,cAAe,GAAE,CAAC;EACvE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMe,kBAAkB,GAAGA,CACzBnB,UAAkD,EAClDC,cAAgD,KAC/B;EACjB,MAAMmB,qBAAqB,GACzBpB,UAAU,CAACqB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,YAAY,GAChBtB,cAAc,KAAK,0BAA0B,GAAG,OAAO,GAAG,eAAe;EAE3EH,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAAC2B,KAAK,EACb,0BAAyBD,YAAa,wBAAuBtB,cAAe,EAC/E,CAAC;EAED,IAAI,CAACmB,qBAAqB,CAACX,QAAQ,CAACc,YAAY,CAAC,EAAE;IACjDzB,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAACkB,KAAK,EACb,2BAA0BQ,YAAa,kEAAiEP,IAAI,CAACC,SAAS,CAACG,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAIF,KAAK,CAAE,sCAAqCjB,cAAe,GAAE,CAAC;EAC1E;EAEA,OAAOsB,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,sBAA8C,GAAG,MAAAA,CAC5DzB,UAAU,EACVC,cAAc,EACdyB,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,IAAI,CAACJ,QAAQ,EAAE;IACblC,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAACkB,KAAK,EACb,kCAAiCiB,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAId,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAMmB,YAAY,GAAG3C,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAM4C,WAAW,GACftC,UAAU,CAACqB,0BAA0B,CAACkB,qCAAqC;EAC7E,MAAMC,oBAAoB,GAAGzC,0BAA0B,CACrDC,UAAU,EACVC,cACF,CAAC;EACD,MAAMsB,YAAY,GAAGJ,kBAAkB,CAACnB,UAAU,EAAEC,cAAc,CAAC;EAEnE,MAAMwC,MAAM,GAAG9C,cAAc,CAAC;IAAEgC,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,MAAMY,gBAAgB,GAAG,MAAMD,MAAM,CACnCT,QAAQ,EACRK,YAAY,EACZR,WAAW,EACXN,YAAY,EACZe,WAAW,EACXV,yBAAyB,EACzB,CAACY,oBAAoB,CAAC,EACtB5C,cACF,CAAC;EAED,OAAO;IAAE8C,gBAAgB;IAAEV,QAAQ;IAAEK,YAAY;IAAEG;EAAqB,CAAC;AAC3E,CAAC"}
package/lib/module/credential/issuance/04-complete-user-authorization.js CHANGED
@@ -8,6 +8,7 @@ import { v4 as uuidv4 } from "uuid";
8
8
  import { ResponseUriResultShape } from "./types";
9
9
  import { getJwtFromFormPost } from "../../utils/decoder";
10
10
  import { AuthorizationError, AuthorizationIdpError } from "./errors";
11
+ import { LogLevel, Logger } from "../../utils/logging";
11
12
 
12
13
  /**
13
14
  * The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
@@ -19,16 +20,18 @@ import { AuthorizationError, AuthorizationIdpError } from "./errors";
19
20
  * @param issuerRequestUri the URI of the issuer where the request is sent
20
21
  * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
21
22
  * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
22
- * @param idpHint Unique identifier of the IDP selected by the user
23
+ * @param idpHint Unique identifier of the IDP selected by the user (optional)
23
24
  * @returns An object containing the authorization URL
24
25
  */
25
26
  export const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerConf, idpHint) => {
26
27
  const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
27
28
  const params = new URLSearchParams({
28
29
  client_id: clientId,
29
- request_uri: issuerRequestUri,
30
- idphint: idpHint
30
+ request_uri: issuerRequestUri
31
31
  });
32
+ if (idpHint) {
33
+ params.append("idphint", idpHint);
34
+ }
32
35
  const authUrl = `${authzRequestEndpoint}?${params}`;
33
36
  return {
34
37
  authUrl
@@ -43,6 +46,7 @@ export const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerCo
43
46
  * @returns the authorization response which contains code, state and iss
44
47
  */
45
48
  export const completeUserAuthorizationWithQueryMode = async authRedirectUrl => {
49
+ Logger.log(LogLevel.DEBUG, `The requeste credential is a PersonIdentificationData, completing the user authorization with query mode`);
46
50
  const query = parseUrl(authRedirectUrl).query;
47
51
  return parseAuthorizationResponse(query);
48
52
  };
@@ -61,15 +65,18 @@ export const completeUserAuthorizationWithQueryMode = async authRedirectUrl => {
61
65
  */
62
66
  export const getRequestedCredentialToBePresented = async function (issuerRequestUri, clientId, issuerConf) {
63
67
  let appFetch = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : fetch;
68
+ Logger.log(LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, requesting the credential to be presented`);
64
69
  const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
65
70
  const params = new URLSearchParams({
66
71
  client_id: clientId,
67
72
  request_uri: issuerRequestUri
68
73
  });
74
+ Logger.log(LogLevel.DEBUG, `Requesting the request object to ${authzRequestEndpoint}?${params.toString()}`);
69
75
  const requestObject = await appFetch(`${authzRequestEndpoint}?${params.toString()}`, {
70
76
  method: "GET"
71
77
  }).then(hasStatusOrThrow(200, IssuerResponseError)).then(res => res.text()).then(jws => decode(jws)).then(reqObj => RequestObject.safeParse(reqObj.payload));
72
78
  if (!requestObject.success) {
79
+ Logger.log(LogLevel.ERROR, `Error while validating the response object: ${requestObject.error.message}`);
73
80
  throw new ValidationFailed({
74
81
  message: "Request Object validation failed",
75
82
  reason: requestObject.error.message
@@ -95,6 +102,7 @@ export const getRequestedCredentialToBePresented = async function (issuerRequest
95
102
  * @returns the authorization response which contains code, state and iss
96
103
  */
97
104
  export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, ctx) => {
105
+ Logger.log(LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, completing the user authorization with form_post.jwt mode`);
98
106
  const {
99
107
  wiaCryptoContext,
100
108
  pidCryptoContext,
@@ -118,6 +126,7 @@ export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject
118
126
  jti: uuidv4().toString(),
119
127
  nonce: requestObject.nonce
120
128
  }).setIssuedAt().setExpirationTime("5m").setAudience(requestObject.response_uri).sign();
129
+ Logger.log(LogLevel.DEBUG, `Wallet instance attestation JWT token: ${wiaWpToken}`);
121
130
 
122
131
  /* The path parameter refers to the vp_token variable of the authzResponsePayload and must point to the plain credential which
123
132
  * is cointaned in the `vp` property of the signed jwt token payload
@@ -135,11 +144,13 @@ export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject
135
144
  format: "jwt"
136
145
  }]
137
146
  };
147
+ Logger.log(LogLevel.DEBUG, `Presentation submission: ${JSON.stringify(presentationSubmission)}`);
138
148
  const authzResponsePayload = encodeBase64(JSON.stringify({
139
149
  state: requestObject.state,
140
150
  presentation_submission: presentationSubmission,
141
151
  vp_token: [pidWpToken, wiaWpToken]
142
152
  }));
153
+ Logger.log(LogLevel.DEBUG, `Authz response payload: ${authzResponsePayload}`);
143
154
 
144
155
  // Note: according to the spec, the response should be encrypted with the public key of the RP however this is not implemented yet
145
156
  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-response
@@ -162,6 +173,7 @@ export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject
162
173
  }).then(hasStatusOrThrow(200, IssuerResponseError)).then(reqUri => reqUri.json());
163
174
  const responseUri = ResponseUriResultShape.safeParse(resUriRes);
164
175
  if (!responseUri.success) {
176
+ Logger.log(LogLevel.ERROR, `Error while validating the response uri: ${responseUri.error.message}`);
165
177
  throw new ValidationFailed({
166
178
  message: "Response Uri validation failed",
167
179
  reason: responseUri.error.message
@@ -182,9 +194,11 @@ export const parseAuthorizationResponse = authRes => {
182
194
  if (!authResParsed.success) {
183
195
  const authErr = AuthorizationErrorShape.safeParse(authRes);
184
196
  if (!authErr.success) {
197
+ Logger.log(LogLevel.ERROR, `Error while parsing the authorization response: ${authResParsed.error.message}`);
185
198
  throw new AuthorizationError(authResParsed.error.message); // an error occured while parsing the result and the error
186
199
  }
187
200
 
201
+ Logger.log(LogLevel.ERROR, `Error while authorizating with the idp: ${JSON.stringify(authErr)}`);
188
202
  throw new AuthorizationIdpError(authErr.data.error, authErr.data.error_description);
189
203
  }
190
204
  return authResParsed.data;
package/lib/module/credential/issuance/04-complete-user-authorization.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","encodeBase64","SignJWT","RequestObject","v4","uuidv4","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","idphint","authUrl","completeUserAuthorizationWithQueryMode","authRedirectUrl","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","requestObject","toString","method","then","res","text","jws","reqObj","safeParse","payload","success","message","reason","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","setProtectedHeader","alg","typ","setPayload","vp","jti","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","authResParsed","authErr","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,YAAY,EACZC,OAAO,QAEF,6BAA6B;AACpC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;;AAEpE;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV,gBAAgB;IAC7BW,OAAO,EAAER;EACX,CAAC,CAAC;EAEF,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzB,MAAMC,KAAK,GAAG7B,QAAQ,CAAC4B,eAAe,CAAC,CAACC,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,mCAAwE,GACnF,eAAAA,CAAOjB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBgB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D,MAAMlB,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,MAAMuB,aAAa,GAAG,MAAML,QAAQ,CACjC,GAAEd,oBAAqB,IAAGG,MAAM,CAACiB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACzC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKxC,MAAM,CAACwC,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKtC,aAAa,CAACuC,SAAS,CAACD,MAAM,CAACE,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACT,aAAa,CAACU,OAAO,EAAE;IAC1B,MAAM,IAAI7C,gBAAgB,CAAC;MACzB8C,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEZ,aAAa,CAACa,KAAK,CAACF;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOX,aAAa,CAACc,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,4CAA0F,GACrG,MAAAA,CAAOf,aAAa,EAAEgB,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzBzB,QAAQ,GAAGI;EACb,CAAC,GAAGiB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAIrD,OAAO,CAACiD,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEN,yBAAyB;IAC7BO,GAAG,EAAExD,MAAM,CAAC,CAAC,CAAC8B,QAAQ,CAAC,CAAC;IACxB2B,KAAK,EAAE5B,aAAa,CAAC4B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAC/B,aAAa,CAACgC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAIlE,OAAO,CAACkD,gBAAgB,CAAC,CACnDI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,GAAG;IACPQ,GAAG,EAAExD,MAAM,CAAC,CAAC,CAAC8B,QAAQ,CAAC,CAAC;IACxB2B,KAAK,EAAE5B,aAAa,CAAC4B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAC/B,aAAa,CAACgC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAEjE,MAAM,CAAC,CAAE,EAAC;IAC5BkE,EAAE,EAAG,GAAElE,MAAM,CAAC,CAAE,EAAC;IACjBmE,cAAc,EAAE,CACd;MACED,EAAE,EAAE,0BAA0B;MAC9BE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAG1E,YAAY,CACvC2E,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAE5C,aAAa,CAAC4C,KAAK;IAC1BC,uBAAuB,EAAEV,sBAAsB;IAC/CW,QAAQ,EAAE,CAACZ,UAAU,EAAEb,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM0B,IAAI,GAAG,IAAI9D,eAAe,CAAC;IAC/B+D,QAAQ,EAAEP;EACZ,CAAC,CAAC,CAACxC,QAAQ,CAAC,CAAC;EACb,MAAMgD,SAAS,GAAG,MAAMtD,QAAQ,CAACK,aAAa,CAACgC,YAAY,EAAE;IAC3D9B,MAAM,EAAE,MAAM;IACdgD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC5C,IAAI,CAACzC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuC,IAAI,CAAEgD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGjF,sBAAsB,CAACoC,SAAS,CAACyC,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC3C,OAAO,EAAE;IACxB,MAAM,IAAI7C,gBAAgB,CAAC;MACzB8C,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAEyC,WAAW,CAACxC,KAAK,CAACF;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMhB,QAAQ,CAAC0D,WAAW,CAACvC,IAAI,CAACwC,YAAY,CAAC,CACjDnD,IAAI,CAACzC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC9B,kBAAkB,CAAC,CACxB8B,IAAI,CAAEoD,KAAK,IAAK9D,0BAA0B,CAAC8D,KAAK,CAACC,UAAU,CAAC/C,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMhB,0BAA0B,GACrCgE,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGjG,wBAAwB,CAAC+C,SAAS,CAACiD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAAChD,OAAO,EAAE;IAC1B,MAAMiD,OAAO,GAAGnG,uBAAuB,CAACgD,SAAS,CAACiD,OAAO,CAAC;IAC1D,IAAI,CAACE,OAAO,CAACjD,OAAO,EAAE;MACpB,MAAM,IAAIpC,kBAAkB,CAACoF,aAAa,CAAC7C,KAAK,CAACF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAIpC,qBAAqB,CAC7BoF,OAAO,CAAC7C,IAAI,CAACD,KAAK,EAClB8C,OAAO,CAAC7C,IAAI,CAAC8C,iBACf,CAAC;EACH;EACA,OAAOF,aAAa,CAAC5C,IAAI;AAC3B,CAAC"}
1
+ {"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","encodeBase64","SignJWT","RequestObject","v4","uuidv4","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","LogLevel","Logger","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completeUserAuthorizationWithQueryMode","authRedirectUrl","log","DEBUG","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObject","method","then","res","text","jws","reqObj","safeParse","payload","success","ERROR","error","message","reason","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","setProtectedHeader","alg","typ","setPayload","vp","jti","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","JSON","stringify","authzResponsePayload","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","authResParsed","authErr","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,YAAY,EACZC,OAAO,QAEF,6BAA6B;AACpC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;AACpE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;;AAEtD;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXI,MAAM,CAACI,MAAM,CAAC,SAAS,EAAER,OAAO,CAAC;EACnC;EAEA,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzBhB,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACmB,KAAK,EACb,0GACH,CAAC;EACD,MAAMC,KAAK,GAAGjC,QAAQ,CAAC8B,eAAe,CAAC,CAACG,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,mCAAwE,GACnF,eAAAA,CAAOnB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBkB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D1B,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACmB,KAAK,EACb,sGACH,CAAC;EACD,MAAMZ,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEFF,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACmB,KAAK,EACb,oCAAmCZ,oBAAqB,IAAGG,MAAM,CAACkB,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMN,QAAQ,CACjC,GAAEhB,oBAAqB,IAAGG,MAAM,CAACkB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC7C,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChD2C,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAK5C,MAAM,CAAC4C,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAK1C,aAAa,CAAC2C,SAAS,CAACD,MAAM,CAACE,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACR,aAAa,CAACS,OAAO,EAAE;IAC1BrC,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACuC,KAAK,EACb,+CAA8CV,aAAa,CAACW,KAAK,CAACC,OAAQ,EAC7E,CAAC;IACD,MAAM,IAAIpD,gBAAgB,CAAC;MACzBoD,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEb,aAAa,CAACW,KAAK,CAACC;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOZ,aAAa,CAACc,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,4CAA0F,GACrG,MAAAA,CAAOf,aAAa,EAAEgB,GAAG,KAAK;EAC5B5C,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACmB,KAAK,EACb,sHACH,CAAC;EAED,MAAM;IACJ2B,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzB1B,QAAQ,GAAGI;EACb,CAAC,GAAGkB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAI1D,OAAO,CAACsD,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEN,yBAAyB;IAC7BO,GAAG,EAAE7D,MAAM,CAAC,CAAC,CAACiC,QAAQ,CAAC,CAAC;IACxB6B,KAAK,EAAE5B,aAAa,CAAC4B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAC/B,aAAa,CAACgC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAIvE,OAAO,CAACuD,gBAAgB,CAAC,CACnDI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,GAAG;IACPQ,GAAG,EAAE7D,MAAM,CAAC,CAAC,CAACiC,QAAQ,CAAC,CAAC;IACxB6B,KAAK,EAAE5B,aAAa,CAAC4B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAC/B,aAAa,CAACgC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET7D,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACmB,KAAK,EACb,0CAAyC+B,UAAW,EACvD,CAAC;;EAED;AACJ;AACA;EACI,MAAMc,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAEtE,MAAM,CAAC,CAAE,EAAC;IAC5BuE,EAAE,EAAG,GAAEvE,MAAM,CAAC,CAAE,EAAC;IACjBwE,cAAc,EAAE,CACd;MACED,EAAE,EAAE,0BAA0B;MAC9BE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAEDpE,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACmB,KAAK,EACb,4BAA2BmD,IAAI,CAACC,SAAS,CAACP,sBAAsB,CAAE,EACrE,CAAC;EAED,MAAMQ,oBAAoB,GAAGjF,YAAY,CACvC+E,IAAI,CAACC,SAAS,CAAC;IACbE,KAAK,EAAE5C,aAAa,CAAC4C,KAAK;IAC1BC,uBAAuB,EAAEV,sBAAsB;IAC/CW,QAAQ,EAAE,CAACZ,UAAU,EAAEb,UAAU;EACnC,CAAC,CACH,CAAC;EAEDjD,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACmB,KAAK,EACb,2BAA0BqD,oBAAqB,EAClD,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAMI,IAAI,GAAG,IAAIjE,eAAe,CAAC;IAC/BkE,QAAQ,EAAEL;EACZ,CAAC,CAAC,CAAC5C,QAAQ,CAAC,CAAC;EAEb,MAAMkD,SAAS,GAAG,MAAMvD,QAAQ,CAACM,aAAa,CAACgC,YAAY,EAAE;IAC3D/B,MAAM,EAAE,MAAM;IACdiD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC7C,IAAI,CAAC7C,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChD2C,IAAI,CAAEiD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGtF,sBAAsB,CAACwC,SAAS,CAAC0C,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC5C,OAAO,EAAE;IACxBrC,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACuC,KAAK,EACb,4CAA2C2C,WAAW,CAAC1C,KAAK,CAACC,OAAQ,EACxE,CAAC;IACD,MAAM,IAAIpD,gBAAgB,CAAC;MACzBoD,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAEwC,WAAW,CAAC1C,KAAK,CAACC;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMlB,QAAQ,CAAC2D,WAAW,CAACvC,IAAI,CAACwC,YAAY,CAAC,CACjDpD,IAAI,CAAC7C,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChD2C,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAClC,kBAAkB,CAAC,CACxBkC,IAAI,CAAEqD,KAAK,IAAK/D,0BAA0B,CAAC+D,KAAK,CAACC,UAAU,CAAChD,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMhB,0BAA0B,GACrCiE,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGtG,wBAAwB,CAACmD,SAAS,CAACkD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACjD,OAAO,EAAE;IAC1B,MAAMkD,OAAO,GAAGxG,uBAAuB,CAACoD,SAAS,CAACkD,OAAO,CAAC;IAC1D,IAAI,CAACE,OAAO,CAAClD,OAAO,EAAE;MACpBrC,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACuC,KAAK,EACb,mDAAkDgD,aAAa,CAAC/C,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAI3C,kBAAkB,CAACyF,aAAa,CAAC/C,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAxC,MAAM,CAACiB,GAAG,CACRlB,QAAQ,CAACuC,KAAK,EACb,2CAA0C+B,IAAI,CAACC,SAAS,CAACiB,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIzF,qBAAqB,CAC7ByF,OAAO,CAAC7C,IAAI,CAACH,KAAK,EAClBgD,OAAO,CAAC7C,IAAI,CAAC8C,iBACf,CAAC;EACH;EACA,OAAOF,aAAa,CAAC5C,IAAI;AAC3B,CAAC"}
package/lib/module/credential/issuance/05-authorize-access.js CHANGED
@@ -6,6 +6,7 @@ import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
6
6
  import { ASSERTION_TYPE } from "./const";
7
7
  import { TokenResponse } from "./types";
8
8
  import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
9
+ import { LogLevel, Logger } from "../../utils/logging";
9
10
  /**
10
11
  * Creates and sends the DPoP Proof JWT to be presented with the authorization code to the /token endpoint of the authorization server
11
12
  * for requesting the issuance of an access token bound to the public key of the Wallet Instance contained within the DPoP.
@@ -41,11 +42,13 @@ export const authorizeAccess = async (issuerConf, code, clientId, redirectUri, c
41
42
  htu: tokenUrl,
42
43
  jti: `${uuidv4()}`
43
44
  }, dPopCryptoContext);
45
+ Logger.log(LogLevel.DEBUG, `Token request DPoP: ${tokenRequestSignedDPop}`);
44
46
  const signedWiaPoP = await createPopToken({
45
47
  jti: `${uuidv4()}`,
46
48
  aud,
47
49
  iss
48
50
  }, wiaCryptoContext);
51
+ Logger.log(LogLevel.DEBUG, `WIA DPoP token: ${signedWiaPoP}`);
49
52
  const requestBody = {
50
53
  grant_type: "authorization_code",
51
54
  client_id: clientId,
@@ -56,6 +59,7 @@ export const authorizeAccess = async (issuerConf, code, clientId, redirectUri, c
56
59
  client_assertion: walletInstanceAttestation + "~" + signedWiaPoP
57
60
  };
58
61
  const authorizationRequestFormBody = new URLSearchParams(requestBody);
62
+ Logger.log(LogLevel.DEBUG, `Auth form request body: ${authorizationRequestFormBody}`);
59
63
  const tokenRes = await appFetch(tokenUrl, {
60
64
  method: "POST",
61
65
  headers: {
@@ -65,6 +69,7 @@ export const authorizeAccess = async (issuerConf, code, clientId, redirectUri, c
65
69
  body: authorizationRequestFormBody.toString()
66
70
  }).then(hasStatusOrThrow(200, IssuerResponseError)).then(res => res.json()).then(body => TokenResponse.safeParse(body));
67
71
  if (!tokenRes.success) {
72
+ Logger.log(LogLevel.ERROR, `Token Response validation failed: ${tokenRes.error.message}`);
68
73
  throw new ValidationFailed({
69
74
  message: "Token Response validation failed",
70
75
  reason: tokenRes.error.message
package/lib/module/credential/issuance/05-authorize-access.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["hasStatusOrThrow","createDPopToken","v4","uuidv4","createPopToken","WalletInstanceAttestation","ASSERTION_TYPE","TokenResponse","IssuerResponseError","ValidationFailed","authorizeAccess","issuerConf","code","clientId","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","parEndpoint","oauth_authorization_server","pushed_authorization_request_endpoint","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","kid","tokenUrl","token_endpoint","tokenRequestSignedDPop","htm","htu","jti","signedWiaPoP","requestBody","grant_type","client_id","redirect_uri","code_verifier","client_assertion_type","client_assertion","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","res","json","safeParse","success","message","reason","error","accessToken","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAG7D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,cAAc,QAAQ,iBAAiB;AAChD,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,cAAc,QAAQ,SAAS;AACxC,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAiB1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,QAAQ,EACRC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,WAAW,GACfX,UAAU,CAACY,0BAA0B,CAACC,qCAAqC;EAC7E,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACJ,WAAW,CAAC;EACnC,MAAMK,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAGzB,yBAAyB,CAAC0B,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGzB,UAAU,CAACY,0BAA0B,CAACc,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAMrC,eAAe,CAClD;IACEsC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEJ,QAAQ;IACbK,GAAG,EAAG,GAAEtC,MAAM,CAAC,CAAE;EACnB,CAAC,EACDkB,iBACF,CAAC;EAED,MAAMqB,YAAY,GAAG,MAAMtC,cAAc,CACvC;IACEqC,GAAG,EAAG,GAAEtC,MAAM,CAAC,CAAE,EAAC;IAClBwB,GAAG;IACHG;EACF,CAAC,EACDV,gBACF,CAAC;EAED,MAAMuB,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCC,SAAS,EAAEhC,QAAQ;IACnBD,IAAI;IACJkC,YAAY,EAAEhC,WAAW;IACzBiC,aAAa,EAAEhC,YAAY;IAC3BiC,qBAAqB,EAAE1C,cAAc;IACrC2C,gBAAgB,EAAE9B,yBAAyB,GAAG,GAAG,GAAGuB;EACtD,CAAC;EAED,MAAMQ,4BAA4B,GAAG,IAAIC,eAAe,CAACR,WAAW,CAAC;EACrE,MAAMS,QAAQ,GAAG,MAAMnC,QAAQ,CAACmB,QAAQ,EAAE;IACxCiB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEjB;IACR,CAAC;IACDkB,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAAC1D,gBAAgB,CAAC,GAAG,EAAEQ,mBAAmB,CAAC,CAAC,CAChDkD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,IAAKjD,aAAa,CAACsD,SAAS,CAACL,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACU,OAAO,EAAE;IACrB,MAAM,IAAIrD,gBAAgB,CAAC;MACzBsD,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEZ,QAAQ,CAACa,KAAK,CAACF;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEG,WAAW,EAAEd,QAAQ,CAACe;EAAK,CAAC;AACvC,CAAC"}
1
+ {"version":3,"names":["hasStatusOrThrow","createDPopToken","v4","uuidv4","createPopToken","WalletInstanceAttestation","ASSERTION_TYPE","TokenResponse","IssuerResponseError","ValidationFailed","LogLevel","Logger","authorizeAccess","issuerConf","code","clientId","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","parEndpoint","oauth_authorization_server","pushed_authorization_request_endpoint","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","kid","tokenUrl","token_endpoint","tokenRequestSignedDPop","htm","htu","jti","log","DEBUG","signedWiaPoP","requestBody","grant_type","client_id","redirect_uri","code_verifier","client_assertion_type","client_assertion","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","res","json","safeParse","success","ERROR","error","message","reason","accessToken","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAG7D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,cAAc,QAAQ,iBAAiB;AAChD,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,cAAc,QAAQ,SAAS;AACxC,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAgBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,QAAQ,EACRC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,WAAW,GACfX,UAAU,CAACY,0BAA0B,CAACC,qCAAqC;EAC7E,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACJ,WAAW,CAAC;EACnC,MAAMK,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAG3B,yBAAyB,CAAC4B,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGzB,UAAU,CAACY,0BAA0B,CAACc,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAMvC,eAAe,CAClD;IACEwC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEJ,QAAQ;IACbK,GAAG,EAAG,GAAExC,MAAM,CAAC,CAAE;EACnB,CAAC,EACDoB,iBACF,CAAC;EAEDZ,MAAM,CAACiC,GAAG,CAAClC,QAAQ,CAACmC,KAAK,EAAG,uBAAsBL,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,YAAY,GAAG,MAAM1C,cAAc,CACvC;IACEuC,GAAG,EAAG,GAAExC,MAAM,CAAC,CAAE,EAAC;IAClB0B,GAAG;IACHG;EACF,CAAC,EACDV,gBACF,CAAC;EAEDX,MAAM,CAACiC,GAAG,CAAClC,QAAQ,CAACmC,KAAK,EAAG,mBAAkBC,YAAa,EAAC,CAAC;EAE7D,MAAMC,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCC,SAAS,EAAElC,QAAQ;IACnBD,IAAI;IACJoC,YAAY,EAAElC,WAAW;IACzBmC,aAAa,EAAElC,YAAY;IAC3BmC,qBAAqB,EAAE9C,cAAc;IACrC+C,gBAAgB,EAAEhC,yBAAyB,GAAG,GAAG,GAAGyB;EACtD,CAAC;EAED,MAAMQ,4BAA4B,GAAG,IAAIC,eAAe,CAACR,WAAW,CAAC;EAErEpC,MAAM,CAACiC,GAAG,CACRlC,QAAQ,CAACmC,KAAK,EACb,2BAA0BS,4BAA6B,EAC1D,CAAC;EAED,MAAME,QAAQ,GAAG,MAAMrC,QAAQ,CAACmB,QAAQ,EAAE;IACxCmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEnB;IACR,CAAC;IACDoB,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAAC9D,gBAAgB,CAAC,GAAG,EAAEQ,mBAAmB,CAAC,CAAC,CAChDsD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,IAAKrD,aAAa,CAAC0D,SAAS,CAACL,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACU,OAAO,EAAE;IACrBvD,MAAM,CAACiC,GAAG,CACRlC,QAAQ,CAACyD,KAAK,EACb,qCAAoCX,QAAQ,CAACY,KAAK,CAACC,OAAQ,EAC9D,CAAC;IAED,MAAM,IAAI5D,gBAAgB,CAAC;MACzB4D,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEd,QAAQ,CAACY,KAAK,CAACC;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEE,WAAW,EAAEf,QAAQ,CAACgB;EAAK,CAAC;AACvC,CAAC"}
package/lib/module/credential/issuance/06-obtain-credential.js CHANGED
@@ -4,6 +4,7 @@ import { IssuerResponseError, IssuerResponseErrorCodes, ResponseErrorBuilder, Un
4
4
  import { CredentialResponse } from "./types";
5
5
  import { createDPopToken } from "../../utils/dpop";
6
6
  import { v4 as uuidv4 } from "uuid";
7
+ import { LogLevel, Logger } from "../../utils/logging";
7
8
  export const createNonceProof = async (nonce, issuer, audience, ctx) => {
8
9
  const jwk = await ctx.getPublicKey();
9
10
  return new SignJWT(ctx).setPayload({
@@ -30,7 +31,7 @@ export const createNonceProof = async (nonce, issuer, audience, ctx) => {
30
31
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
31
32
  * @returns The credential response containing the credential
32
33
  */
33
- export const obtainCredential = async (issuerConf, accessToken, clientId, credentialDefinition, context) => {
34
+ export const obtainCredential = async (issuerConf, accessToken, clientId, credentialDefinition, context, operationType) => {
34
35
  const {
35
36
  credentialCryptoContext,
36
37
  appFetch = fetch,
@@ -44,10 +45,12 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
44
45
  * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
45
46
  */
46
47
  const signedNonceProof = await createNonceProof(accessToken.c_nonce, clientId, credentialUrl, credentialCryptoContext);
48
+ Logger.log(LogLevel.DEBUG, `Signed nonce proof: ${signedNonceProof}`);
47
49
 
48
50
  // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
49
51
  const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credentialDefinition.credential_configuration_id && c.format === credentialDefinition.format && c.type === credentialDefinition.type);
50
52
  if (!containsCredentialDefinition) {
53
+ Logger.log(LogLevel.ERROR, `Credential definition not found in the access token response ${accessToken.authorization_details}`);
51
54
  throw new ValidationFailed({
52
55
  message: "The access token response does not contain the requested credential"
53
56
  });
@@ -64,27 +67,34 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
64
67
  proof_type: "jwt"
65
68
  }
66
69
  };
70
+ Logger.log(LogLevel.DEBUG, `Credential request body: ${JSON.stringify(credentialRequestFormBody)}`);
67
71
  const tokenRequestSignedDPop = await createDPopToken({
68
72
  htm: "POST",
69
73
  htu: credentialUrl,
70
74
  jti: `${uuidv4()}`,
71
75
  ath: await sha256ToBase64(accessToken.access_token)
72
76
  }, dPopCryptoContext);
77
+ Logger.log(LogLevel.DEBUG, `Token request DPoP: ${tokenRequestSignedDPop}`);
73
78
  const credentialRes = await appFetch(credentialUrl, {
74
79
  method: "POST",
75
80
  headers: {
76
81
  "Content-Type": "application/json",
77
82
  DPoP: tokenRequestSignedDPop,
78
- Authorization: `${accessToken.token_type} ${accessToken.access_token}`
83
+ Authorization: `${accessToken.token_type} ${accessToken.access_token}`,
84
+ ...(operationType === "reissuing" && {
85
+ operationType
86
+ })
79
87
  },
80
88
  body: JSON.stringify(credentialRequestFormBody)
81
89
  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(body => CredentialResponse.safeParse(body)).catch(handleObtainCredentialError);
82
90
  if (!credentialRes.success) {
91
+ Logger.log(LogLevel.ERROR, `Credential Response validation failed: ${credentialRes.error.message}`);
83
92
  throw new ValidationFailed({
84
93
  message: "Credential Response validation failed",
85
94
  reason: credentialRes.error.message
86
95
  });
87
96
  }
97
+ Logger.log(LogLevel.DEBUG, `Credential Response: ${JSON.stringify(credentialRes.data)}`);
88
98
  return credentialRes.data;
89
99
  };
90
100
 
@@ -95,6 +105,7 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
95
105
  * @throws {IssuerResponseError} with a specific code for more context
96
106
  */
97
107
  const handleObtainCredentialError = e => {
108
+ Logger.log(LogLevel.ERROR, `Error occurred while obtaining credential: ${e}`);
98
109
  if (!(e instanceof UnexpectedStatusCodeError)) {
99
110
  throw e;
100
111
  }
package/lib/module/credential/issuance/06-obtain-credential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","createDPopToken","v4","uuidv4","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credentialUrl","openid_credential_issuer","credential_endpoint","signedNonceProof","c_nonce","containsCredentialDefinition","authorization_details","some","c","credential_configuration_id","format","type","message","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","tokenRequestSignedDPop","htm","htu","jti","ath","access_token","credentialRes","method","headers","DPoP","Authorization","token_type","body","JSON","stringify","then","res","json","safeParse","catch","handleObtainCredentialError","success","reason","error","data","e","handle","code","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,QAAQ,SAAS;AAC5C,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AAcnC,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIjB,OAAO,CAACe,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM5B,gBAAgB,CAC7CiB,WAAW,CAACY,OAAO,EACnBX,QAAQ,EACRO,aAAa,EACbJ,uBACF,CAAC;;EAED;EACA,MAAMS,4BAA4B,GAAGb,WAAW,CAACc,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACC,2BAA2B,KAC3Bf,oBAAoB,CAACe,2BAA2B,IAClDD,CAAC,CAACE,MAAM,KAAKhB,oBAAoB,CAACgB,MAAM,IACxCF,CAAC,CAACG,IAAI,KAAKjB,oBAAoB,CAACiB,IACpC,CAAC;EAED,IAAI,CAACN,4BAA4B,EAAE;IACjC,MAAM,IAAInC,gBAAgB,CAAC;MACzB0C,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;EACA,MAAMC,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBH,IAAI,EAAE,CAACjB,oBAAoB,CAACe,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEhB,oBAAoB,CAACgB,MAAM;IACnCK,KAAK,EAAE;MACLC,GAAG,EAAEb,gBAAgB;MACrBc,UAAU,EAAE;IACd;EACF,CAAC;EAED,MAAMC,sBAAsB,GAAG,MAAM9C,eAAe,CAClD;IACE+C,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEpB,aAAa;IAClBqB,GAAG,EAAG,GAAE/C,MAAM,CAAC,CAAE,EAAC;IAClBgD,GAAG,EAAE,MAAM3D,cAAc,CAAC6B,WAAW,CAAC+B,YAAY;EACpD,CAAC,EACDxB,iBACF,CAAC;EACD,MAAMyB,aAAa,GAAG,MAAM3B,QAAQ,CAACG,aAAa,EAAE;IAClDyB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAET,sBAAsB;MAC5BU,aAAa,EAAG,GAAEpC,WAAW,CAACqC,UAAW,IAAGrC,WAAW,CAAC+B,YAAa;IACvE,CAAC;IACDO,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACnB,yBAAyB;EAChD,CAAC,CAAC,CACCoB,IAAI,CAACpE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BoE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEH,IAAI,IAAK3D,kBAAkB,CAACiE,SAAS,CAACN,IAAI,CAAC,CAAC,CAClDO,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACd,aAAa,CAACe,OAAO,EAAE;IAC1B,MAAM,IAAIrE,gBAAgB,CAAC;MACzB0C,OAAO,EAAE,uCAAuC;MAChD4B,MAAM,EAAEhB,aAAa,CAACiB,KAAK,CAAC7B;IAC9B,CAAC,CAAC;EACJ;EAEA,OAAOY,aAAa,CAACkB,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMJ,2BAA2B,GAAIK,CAAU,IAAK;EAClD,IAAI,EAAEA,CAAC,YAAY1E,yBAAyB,CAAC,EAAE;IAC7C,MAAM0E,CAAC;EACT;EAEA,MAAM,IAAI3E,oBAAoB,CAACF,mBAAmB,CAAC,CAChD8E,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAE9E,wBAAwB,CAAC+E,+BAA+B;IAC9DlC,OAAO,EACL;EACJ,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE9E,wBAAwB,CAACgF,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE9E,wBAAwB,CAACgF,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE9E,wBAAwB,CAACiF,uBAAuB;IACtDpC,OAAO,EAAE;EACX,CAAC,CAAC,CACDqC,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}
1
+ {"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","createDPopToken","v4","uuidv4","LogLevel","Logger","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","operationType","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credentialUrl","openid_credential_issuer","credential_endpoint","signedNonceProof","c_nonce","log","DEBUG","containsCredentialDefinition","authorization_details","some","c","credential_configuration_id","format","type","ERROR","message","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","JSON","stringify","tokenRequestSignedDPop","htm","htu","jti","ath","access_token","credentialRes","method","headers","DPoP","Authorization","token_type","body","then","res","json","safeParse","catch","handleObtainCredentialError","success","error","reason","data","e","handle","code","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,QAAQ,SAAS;AAC5C,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAetD,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAInB,OAAO,CAACiB,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,EACPC,aAAa,KACV;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,aAAa,GAAGV,UAAU,CAACW,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM7B,gBAAgB,CAC7CiB,WAAW,CAACa,OAAO,EACnBZ,QAAQ,EACRQ,aAAa,EACbJ,uBACF,CAAC;EAEDvB,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAACkC,KAAK,EAAG,uBAAsBH,gBAAiB,EAAC,CAAC;;EAErE;EACA,MAAMI,4BAA4B,GAAGhB,WAAW,CAACiB,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACC,2BAA2B,KAC3BlB,oBAAoB,CAACkB,2BAA2B,IAClDD,CAAC,CAACE,MAAM,KAAKnB,oBAAoB,CAACmB,MAAM,IACxCF,CAAC,CAACG,IAAI,KAAKpB,oBAAoB,CAACoB,IACpC,CAAC;EAED,IAAI,CAACN,4BAA4B,EAAE;IACjClC,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAAC0C,KAAK,EACb,gEAA+DvB,WAAW,CAACiB,qBAAsB,EACpG,CAAC;IACD,MAAM,IAAIzC,gBAAgB,CAAC;MACzBgD,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;EACA,MAAMC,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBJ,IAAI,EAAE,CAACpB,oBAAoB,CAACkB,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEnB,oBAAoB,CAACmB,MAAM;IACnCM,KAAK,EAAE;MACLC,GAAG,EAAEhB,gBAAgB;MACrBiB,UAAU,EAAE;IACd;EACF,CAAC;EAED/C,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAACkC,KAAK,EACb,4BAA2Be,IAAI,CAACC,SAAS,CAACN,yBAAyB,CAAE,EACxE,CAAC;EAED,MAAMO,sBAAsB,GAAG,MAAMtD,eAAe,CAClD;IACEuD,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEzB,aAAa;IAClB0B,GAAG,EAAG,GAAEvD,MAAM,CAAC,CAAE,EAAC;IAClBwD,GAAG,EAAE,MAAMnE,cAAc,CAAC+B,WAAW,CAACqC,YAAY;EACpD,CAAC,EACD7B,iBACF,CAAC;EAED1B,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAACkC,KAAK,EAAG,uBAAsBiB,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,aAAa,GAAG,MAAMhC,QAAQ,CAACG,aAAa,EAAE;IAClD8B,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAET,sBAAsB;MAC5BU,aAAa,EAAG,GAAE1C,WAAW,CAAC2C,UAAW,IAAG3C,WAAW,CAACqC,YAAa,EAAC;MACtE,IAAIjC,aAAa,KAAK,WAAW,IAAI;QAAEA;MAAc,CAAC;IACxD,CAAC;IACDwC,IAAI,EAAEd,IAAI,CAACC,SAAS,CAACN,yBAAyB;EAChD,CAAC,CAAC,CACCoB,IAAI,CAAC1E,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3B0E,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAED,IAAI,IAAKnE,kBAAkB,CAACuE,SAAS,CAACJ,IAAI,CAAC,CAAC,CAClDK,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACZ,aAAa,CAACa,OAAO,EAAE;IAC1BrE,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAAC0C,KAAK,EACb,0CAAyCe,aAAa,CAACc,KAAK,CAAC5B,OAAQ,EACxE,CAAC;IACD,MAAM,IAAIhD,gBAAgB,CAAC;MACzBgD,OAAO,EAAE,uCAAuC;MAChD6B,MAAM,EAAEf,aAAa,CAACc,KAAK,CAAC5B;IAC9B,CAAC,CAAC;EACJ;EAEA1C,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAACkC,KAAK,EACb,wBAAuBe,IAAI,CAACC,SAAS,CAACO,aAAa,CAACgB,IAAI,CAAE,EAC7D,CAAC;EAED,OAAOhB,aAAa,CAACgB,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMJ,2BAA2B,GAAIK,CAAU,IAAK;EAClDzE,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAAC0C,KAAK,EAAG,8CAA6CgC,CAAE,EAAC,CAAC;EAE7E,IAAI,EAAEA,CAAC,YAAYhF,yBAAyB,CAAC,EAAE;IAC7C,MAAMgF,CAAC;EACT;EAEA,MAAM,IAAIjF,oBAAoB,CAACF,mBAAmB,CAAC,CAChDoF,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAEpF,wBAAwB,CAACqF,+BAA+B;IAC9DlC,OAAO,EACL;EACJ,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpF,wBAAwB,CAACsF,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpF,wBAAwB,CAACsF,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpF,wBAAwB,CAACuF,uBAAuB;IACtDpC,OAAO,EAAE;EACX,CAAC,CAAC,CACDqC,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}
package/lib/module/credential/issuance/07-verify-and-parse-credential.js CHANGED
@@ -2,6 +2,7 @@ import { IoWalletError } from "../../utils/errors";
2
2
  import { SdJwt4VC } from "../../sd-jwt/types";
3
3
  import { verify as verifySdJwt } from "../../sd-jwt";
4
4
  import { getValueFromDisclosures } from "../../sd-jwt/converters";
5
+ import { LogLevel, Logger } from "../../utils/logging";
5
6
 
6
7
  // The credential as a collection of attributes in plain value
7
8
 
@@ -16,14 +17,17 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
16
17
  let includeUndefinedAttributes = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
17
18
  const credentialSubject = credentials_supported[sdJwt.payload.vct];
18
19
  if (!credentialSubject) {
20
+ Logger.log(LogLevel.ERROR, `Credential type not supported by the issuer: ${sdJwt.payload.vct}`);
19
21
  throw new IoWalletError("Credential type not supported by the issuer");
20
22
  }
21
23
  if (credentialSubject.format !== sdJwt.header.typ) {
24
+ Logger.log(LogLevel.ERROR, `Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}'`);
22
25
  throw new IoWalletError(`Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}', `);
23
26
  }
24
27
 
25
28
  // transfrom a record { key: value } in an iterable of pairs [key, value]
26
29
  if (!credentialSubject.claims) {
30
+ Logger.log(LogLevel.ERROR, "Missing claims in the credential subject");
27
31
  throw new IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
28
32
  }
29
33
 
@@ -41,6 +45,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
41
45
  const missing = attrsNotInDisclosures.map(_ => _[0 /* key */]).join(", ");
42
46
  const received = disclosures.map(_ => _[1 /* name */]).join(", ");
43
47
  if (!ignoreMissingAttributes) {
48
+ Logger.log(LogLevel.ERROR, `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
44
49
  throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
45
50
  }
46
51
  }
@@ -119,6 +124,7 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
119
124
  cnf
120
125
  } = decodedCredential.sdJwt.payload;
121
126
  if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
127
+ Logger.log(LogLevel.ERROR, `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
122
128
  throw new IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
123
129
  }
124
130
  return decodedCredential;
@@ -133,8 +139,10 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
133
139
  includeUndefinedAttributes
134
140
  } = _ref8;
135
141
  const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
142
+ Logger.log(LogLevel.DEBUG, `Decoded credential: ${JSON.stringify(decoded)}`);
136
143
  const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credential_configurations_supported, decoded, ignoreMissingAttributes, includeUndefinedAttributes);
137
144
  const maybeIssuedAt = getValueFromDisclosures(decoded.disclosures, "iat");
145
+ Logger.log(LogLevel.DEBUG, `Parsed credential: ${JSON.stringify(parsedCredential)}\nIssued at: ${maybeIssuedAt}`);
138
146
  return {
139
147
  parsedCredential,
140
148
  expiration: new Date(decoded.sdJwt.payload.exp * 1000),
@@ -157,8 +165,10 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
157
165
  */
158
166
  export const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
159
167
  if (format === "vc+sd-jwt") {
168
+ Logger.log(LogLevel.DEBUG, "Parsing credential in vc+sd-jwt format");
160
169
  return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
161
170
  }
171
+ Logger.log(LogLevel.ERROR, `Unsupported credential format: ${format}`);
162
172
  throw new IoWalletError(`Unsupported credential format: ${format}`);
163
173
  };
164
174
  //# sourceMappingURL=07-verify-and-parse-credential.js.map
package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","getValueFromDisclosures","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","credentialSubject","payload","vct","format","header","typ","claims","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","credential_configurations_supported","maybeIssuedAt","expiration","Date","exp","issuedAt","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;AACpD,SAASC,uBAAuB,QAAQ,yBAAyB;;AAyBjE;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAgI,EAAAC,IAAA,EAI3G;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,iBAAiB,GAAGT,qBAAqB,CAACE,KAAK,CAACQ,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtB,MAAM,IAAIf,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIe,iBAAiB,CAACG,MAAM,KAAKV,KAAK,CAACW,MAAM,CAACC,GAAG,EAAE;IACjD,MAAM,IAAIpB,aAAa,CACpB,gEAA+De,iBAAiB,CAACG,MAAO,gBAAeV,KAAK,CAACW,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,IAAI,CAACL,iBAAiB,CAACM,MAAM,EAAE;IAC7B,MAAM,IAAIrB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAMsB,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACT,iBAAiB,CAACM,MAAM,CAAC;;EAEhE;EACA,MAAMI,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAAClB,WAAW,CAACoB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACb,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMoB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAG3B,WAAW,CAACwB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAACzB,uBAAuB,EAAE;MAC5B,MAAM,IAAIV,aAAa,CACpB,4DAA2DgC,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd,MAAM,CAACe,WAAW,CACtChB;EACE;EAAA,CACCW,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACZ,OAAO,EAAEa,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEX,OAAO,EACP;MACE,GAAGa,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAE/B,WAAW,CAACkC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKN,OAC7B,CAAC,cAAAY,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAAChB,OAAO,EAAE;MAAEiB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEhB,OAAO,EACP;MACE,GAAGa,UAAU;MACbV,IAAI,EAAEc,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAElB;QAAK,CAAC,GAAAiB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGlB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAIjB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMoC,eAAe,GAAG3B,MAAM,CAACe,WAAW,CACxC7B,WAAW,CACRiB,MAAM,CAAEQ,CAAC,IAAK,CAACX,MAAM,CAAC4B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEZ,KAAK;QAAEX,IAAI,EAAEuB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGjB,aAAa;MAChB,GAAGa;IACL,CAAC;EACH;EAEA,OAAOb,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAekB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB3D,WAAW,CAACqD,aAAa,EAAEC,UAAU,EAAExD,QAAQ,CAAC,EAChDyD,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACnD,KAAK,CAACQ,OAAO;EAE/C,IAAI,CAACgD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAIlE,aAAa,CACpB,kDAAiD4D,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACnD,KAAK,CAACQ,OAAO,CAACgD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVnC,CAAC,EAAAoC,KAAA,KAME;EAAA,IALH;IACEC,uBAAuB;IACvB7D,uBAAuB;IACvBI;EACF,CAAC,GAAAwD,KAAA;EAED,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACvB,IAAI,EAC7CoB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAGtE,oBAAoB,CAC3C+D,UAAU,CAACK,wBAAwB,CAACG,mCAAmC,EACvEJ,OAAO,EACP9D,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAM+D,aAAa,GAAGzE,uBAAuB,CAACoE,OAAO,CAAC/D,WAAW,EAAE,KAAK,CAAC;EAEzE,OAAO;IACLkE,gBAAgB;IAChBG,UAAU,EAAE,IAAIC,IAAI,CAACP,OAAO,CAAChE,KAAK,CAACQ,OAAO,CAACgE,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOJ,aAAa,KAAK,QAAQ,GAC7B,IAAIE,IAAI,CAACF,aAAa,GAAG,IAAI,CAAC,GAC9BhE;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMqE,wBAAkD,GAAG,MAAAA,CAChEd,UAAU,EACVC,UAAU,EACVnD,MAAM,EACNiE,OAAO,KACJ;EACH,IAAIjE,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOiD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVnD,MAAM,EACNiE,OACF,CAAC;EACH;EAEA,MAAM,IAAInF,aAAa,CAAE,kCAAiCkB,MAAO,EAAC,CAAC;AACrE,CAAC"}
1
+ {"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","getValueFromDisclosures","LogLevel","Logger","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","credentialSubject","payload","vct","log","ERROR","format","header","typ","claims","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","DEBUG","JSON","stringify","parsedCredential","credential_configurations_supported","maybeIssuedAt","expiration","Date","exp","issuedAt","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;AACpD,SAASC,uBAAuB,QAAQ,yBAAyB;AAGjE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;;AAuBtD;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAgI,EAAAC,IAAA,EAI3G;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,iBAAiB,GAAGT,qBAAqB,CAACE,KAAK,CAACQ,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtBX,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,gDAA+CX,KAAK,CAACQ,OAAO,CAACC,GAAI,EACpE,CAAC;IACD,MAAM,IAAInB,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIiB,iBAAiB,CAACK,MAAM,KAAKZ,KAAK,CAACa,MAAM,CAACC,GAAG,EAAE;IACjDlB,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,gEAA+DJ,iBAAiB,CAACK,MAAO,gBAAeZ,KAAK,CAACa,MAAM,CAACC,GAAI,GAC3H,CAAC;IACD,MAAM,IAAIxB,aAAa,CACpB,gEAA+DiB,iBAAiB,CAACK,MAAO,gBAAeZ,KAAK,CAACa,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,IAAI,CAACP,iBAAiB,CAACQ,MAAM,EAAE;IAC7BnB,MAAM,CAACc,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAE,0CAA0C,CAAC;IACtE,MAAM,IAAIrB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAM0B,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACX,iBAAiB,CAACQ,MAAM,CAAC;;EAEhE;EACA,MAAMI,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAACpB,WAAW,CAACsB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACf,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMsB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAG7B,WAAW,CAAC0B,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAAC3B,uBAAuB,EAAE;MAC5BN,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,4DAA2De,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;MACD,MAAM,IAAIxC,aAAa,CACpB,4DAA2DoC,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd,MAAM,CAACe,WAAW,CACtChB;EACE;EAAA,CACCW,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACZ,OAAO,EAAEa,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEX,OAAO,EACP;MACE,GAAGa,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEjC,WAAW,CAACoC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKN,OAC7B,CAAC,cAAAY,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAAChB,OAAO,EAAE;MAAEiB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEhB,OAAO,EACP;MACE,GAAGa,UAAU;MACbV,IAAI,EAAEc,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAElB;QAAK,CAAC,GAAAiB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGlB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAInB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMsC,eAAe,GAAG3B,MAAM,CAACe,WAAW,CACxC/B,WAAW,CACRmB,MAAM,CAAEQ,CAAC,IAAK,CAACX,MAAM,CAAC4B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEZ,KAAK;QAAEX,IAAI,EAAEuB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGjB,aAAa;MAChB,GAAGa;IACL,CAAC;EACH;EAEA,OAAOb,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAekB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB/D,WAAW,CAACyD,aAAa,EAAEC,UAAU,EAAE5D,QAAQ,CAAC,EAChD6D,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACrD,KAAK,CAACQ,OAAO;EAE/C,IAAI,CAACkD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxDhE,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,kDAAiD2C,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACrD,KAAK,CAACQ,OAAO,CAACkD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;IACD,MAAM,IAAItE,aAAa,CACpB,kDAAiDgE,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACrD,KAAK,CAACQ,OAAO,CAACkD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVnC,CAAC,EAAAoC,KAAA,KAME;EAAA,IALH;IACEC,uBAAuB;IACvB/D,uBAAuB;IACvBI;EACF,CAAC,GAAA0D,KAAA;EAED,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACvB,IAAI,EAC7CoB,uBACF,CAAC;EAEDrE,MAAM,CAACc,GAAG,CAACf,QAAQ,CAAC0E,KAAK,EAAG,uBAAsBC,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EAAC,CAAC;EAE5E,MAAMM,gBAAgB,GAAG3E,oBAAoB,CAC3CiE,UAAU,CAACK,wBAAwB,CAACM,mCAAmC,EACvEP,OAAO,EACPhE,uBAAuB,EACvBI,0BACF,CAAC;EACD,MAAMoE,aAAa,GAAGhF,uBAAuB,CAACwE,OAAO,CAACjE,WAAW,EAAE,KAAK,CAAC;EAEzEL,MAAM,CAACc,GAAG,CACRf,QAAQ,CAAC0E,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACC,gBAAgB,CAAE,gBAAeE,aAAc,EACtF,CAAC;EAED,OAAO;IACLF,gBAAgB;IAChBG,UAAU,EAAE,IAAIC,IAAI,CAACV,OAAO,CAAClE,KAAK,CAACQ,OAAO,CAACqE,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOJ,aAAa,KAAK,QAAQ,GAC7B,IAAIE,IAAI,CAACF,aAAa,GAAG,IAAI,CAAC,GAC9BrE;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM0E,wBAAkD,GAAG,MAAAA,CAChEjB,UAAU,EACVC,UAAU,EACVnD,MAAM,EACNoE,OAAO,KACJ;EACH,IAAIpE,MAAM,KAAK,WAAW,EAAE;IAC1BhB,MAAM,CAACc,GAAG,CAACf,QAAQ,CAAC0E,KAAK,EAAE,wCAAwC,CAAC;IACpE,OAAOR,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVnD,MAAM,EACNoE,OACF,CAAC;EACH;EAEApF,MAAM,CAACc,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAG,kCAAiCC,MAAO,EAAC,CAAC;EACtE,MAAM,IAAItB,aAAa,CAAE,kCAAiCsB,MAAO,EAAC,CAAC;AACrE,CAAC"}
package/lib/module/credential/presentation/01-start-flow.js CHANGED
@@ -1,9 +1,9 @@
1
1
  import * as z from "zod";
2
- import { ValidationFailed } from "../../utils/errors";
2
+ import { InvalidQRCodeError } from "./errors";
3
3
  const PresentationParams = z.object({
4
- clientId: z.string().nonempty(),
5
- requestUri: z.string().url(),
6
- requestUriMethod: z.enum(["get", "post"]),
4
+ client_id: z.string().nonempty(),
5
+ request_uri: z.string().url(),
6
+ request_uri_method: z.enum(["get", "post"]),
7
7
  state: z.string().optional()
8
8
  });
9
9
 
@@ -11,26 +11,26 @@ const PresentationParams = z.object({
11
11
  * The beginning of the presentation flow.
12
12
  * To be implemented accordind to the user touchpoint
13
13
  *
14
- * @param params Presentation parameters, depending on the starting touchoint
14
+ * @param params Presentation parameters, depending on the starting touchpoint
15
15
  * @returns The url for the Relying Party to connect with
16
16
  */
17
17
 
18
18
  /**
19
- * Start a presentation flow by decoding an incoming QR-code
19
+ * Start a presentation flow by validating the required parameters.
20
+ * Parameters are extracted from a url encoded in a QR code or in a deep link.
20
21
  *
21
- * @param params The encoded QR-code content
22
+ * @param params The parameters to be validated
22
23
  * @returns The url for the Relying Party to connect with
23
- * @throws If the provided qr code fails to be decoded
24
+ * @throws If the provided parameters are not valid
24
25
  */
25
26
  export const startFlowFromQR = params => {
26
- const result = PresentationParams.safeParse(params);
27
+ const result = PresentationParams.safeParse({
28
+ ...params,
29
+ request_uri_method: params.request_uri_method ?? "get"
30
+ });
27
31
  if (result.success) {
28
32
  return result.data;
29
- } else {
30
- throw new ValidationFailed({
31
- message: "Invalid parameters provided",
32
- reason: result.error.message
33
- });
34
33
  }
34
+ throw new InvalidQRCodeError(result.error.message);
35
35
  };
36
36
  //# sourceMappingURL=01-start-flow.js.map
package/lib/module/credential/presentation/01-start-flow.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["z","ValidationFailed","PresentationParams","object","clientId","string","nonempty","requestUri","url","requestUriMethod","enum","state","optional","startFlowFromQR","params","result","safeParse","success","data","message","reason","error"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,gBAAgB,QAAQ,oBAAoB;AAErD,MAAMC,kBAAkB,GAAGF,CAAC,CAACG,MAAM,CAAC;EAClCC,QAAQ,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC/BC,UAAU,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC,CAAC;EAC5BC,gBAAgB,EAAET,CAAC,CAACU,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;EACzCC,KAAK,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AAC7B,CAAC,CAAC;;AAGF;AACA;AACA;AACA;AACA;AACA;AACA;;AAQA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAA0B,GAAIC,MAAM,IAAK;EACpD,MAAMC,MAAM,GAAGb,kBAAkB,CAACc,SAAS,CAACF,MAAM,CAAC;EAEnD,IAAIC,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIjB,gBAAgB,CAAC;MACzBkB,OAAO,EAAE,6BAA6B;MACtCC,MAAM,EAAEL,MAAM,CAACM,KAAK,CAACF;IACvB,CAAC,CAAC;EACJ;AACF,CAAC"}
1
+ {"version":3,"names":["z","InvalidQRCodeError","PresentationParams","object","client_id","string","nonempty","request_uri","url","request_uri_method","enum","state","optional","startFlowFromQR","params","result","safeParse","success","data","error","message"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,kBAAkB,QAAQ,UAAU;AAE7C,MAAMC,kBAAkB,GAAGF,CAAC,CAACG,MAAM,CAAC;EAClCC,SAAS,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAChCC,WAAW,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC,CAAC;EAC7BC,kBAAkB,EAAET,CAAC,CAACU,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;EAC3CC,KAAK,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AAC7B,CAAC,CAAC;;AAGF;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAA0B,GAAIC,MAAM,IAAK;EACpD,MAAMC,MAAM,GAAGb,kBAAkB,CAACc,SAAS,CAAC;IAC1C,GAAGF,MAAM;IACTL,kBAAkB,EAAEK,MAAM,CAACL,kBAAkB,IAAI;EACnD,CAAC,CAAC;EAEF,IAAIM,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB;EAEA,MAAM,IAAIjB,kBAAkB,CAACc,MAAM,CAACI,KAAK,CAACC,OAAO,CAAC;AACpD,CAAC"}
package/lib/module/credential/presentation/02-evaluate-rp-trust.js CHANGED
@@ -13,13 +13,15 @@ export const evaluateRelyingPartyTrust = async function (rpUrl) {
13
13
  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
14
14
  const {
15
15
  payload: {
16
- metadata: rpConf
16
+ metadata: rpConf,
17
+ sub
17
18
  }
18
19
  } = await getRelyingPartyEntityConfiguration(rpUrl, {
19
20
  appFetch
20
21
  });
21
22
  return {
22
- rpConf
23
+ rpConf,
24
+ subject: sub
23
25
  };
24
26
  };
25
27
  //# sourceMappingURL=02-evaluate-rp-trust.js.map
package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAAA,SAASA,kCAAkC,QAAQ,aAAa;AAchE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC;IAAO;EAC9B,CAAC,GAAG,MAAMV,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO;EAAO,CAAC;AACnB,CAAC"}
1
+ {"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf","sub","subject"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAAA,SAASA,kCAAkC,QAAQ,aAAa;AAehE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC,MAAM;MAAEC;IAAI;EACnC,CAAC,GAAG,MAAMX,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO,MAAM;IAAEE,OAAO,EAAED;EAAI,CAAC;AACjC,CAAC"}
package/lib/module/credential/presentation/03-get-request-object.js CHANGED
@@ -10,11 +10,11 @@ import { RequestObjectWalletCapabilities } from "./types";
10
10
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
11
11
  * @returns The Request Object that describes the presentation
12
12
  */
13
- export const getRequestObject = async (requestUri, _ref) => {
13
+ export const getRequestObject = async function (requestUri) {
14
14
  let {
15
15
  appFetch = fetch,
16
16
  walletCapabilities
17
- } = _ref;
17
+ } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
18
18
  if (walletCapabilities) {
19
19
  // Validate external input
20
20
  const {
package/lib/module/credential/presentation/03-get-request-object.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["hasStatusOrThrow","RequestObjectWalletCapabilities","getRequestObject","requestUri","_ref","appFetch","fetch","walletCapabilities","wallet_metadata","wallet_nonce","parse","formUrlEncodedBody","URLSearchParams","JSON","stringify","requestObjectEncodedJwt","method","headers","body","toString","then","res","text"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,+BAA+B,QAAQ,SAAS;AAWzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EAAAC,IAAA,KAEP;EAAA,IADH;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAAmB,CAAC,GAAAH,IAAA;EAExC,IAAIG,kBAAkB,EAAE;IACtB;IACA,MAAM;MAAEC,eAAe;MAAEC;IAAa,CAAC,GACrCR,+BAA+B,CAACS,KAAK,CAACH,kBAAkB,CAAC;IAE3D,MAAMI,kBAAkB,GAAG,IAAIC,eAAe,CAAC;MAC7CJ,eAAe,EAAEK,IAAI,CAACC,SAAS,CAACN,eAAe,CAAC;MAChD,IAAIC,YAAY,IAAI;QAAEA;MAAa,CAAC;IACtC,CAAC,CAAC;IAEF,MAAMM,uBAAuB,GAAG,MAAMV,QAAQ,CAACF,UAAU,EAAE;MACzDa,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEP,kBAAkB,CAACQ,QAAQ,CAAC;IACpC,CAAC,CAAC,CACCC,IAAI,CAACpB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BoB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;IAE5B,OAAO;MACLP;IACF,CAAC;EACH;EAEA,MAAMA,uBAAuB,GAAG,MAAMV,QAAQ,CAACF,UAAU,EAAE;IACzDa,MAAM,EAAE;EACV,CAAC,CAAC,CACCI,IAAI,CAACpB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BoB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,OAAO;IACLP;EACF,CAAC;AACH,CAAC"}
1
+ {"version":3,"names":["hasStatusOrThrow","RequestObjectWalletCapabilities","getRequestObject","requestUri","appFetch","fetch","walletCapabilities","arguments","length","undefined","wallet_metadata","wallet_nonce","parse","formUrlEncodedBody","URLSearchParams","JSON","stringify","requestObjectEncodedJwt","method","headers","body","toString","then","res","text"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAQ,kBAAkB;AACnD,SAASC,+BAA+B,QAAQ,SAAS;AAUzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,eAAAA,CAChDC,UAAU,EAEP;EAAA,IADH;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAAmB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE7C,IAAID,kBAAkB,EAAE;IACtB;IACA,MAAM;MAAEI,eAAe;MAAEC;IAAa,CAAC,GACrCV,+BAA+B,CAACW,KAAK,CAACN,kBAAkB,CAAC;IAE3D,MAAMO,kBAAkB,GAAG,IAAIC,eAAe,CAAC;MAC7CJ,eAAe,EAAEK,IAAI,CAACC,SAAS,CAACN,eAAe,CAAC;MAChD,IAAIC,YAAY,IAAI;QAAEA;MAAa,CAAC;IACtC,CAAC,CAAC;IAEF,MAAMM,uBAAuB,GAAG,MAAMb,QAAQ,CAACD,UAAU,EAAE;MACzDe,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEP,kBAAkB,CAACQ,QAAQ,CAAC;IACpC,CAAC,CAAC,CACCC,IAAI,CAACtB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BsB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;IAE5B,OAAO;MACLP;IACF,CAAC;EACH;EAEA,MAAMA,uBAAuB,GAAG,MAAMb,QAAQ,CAACD,UAAU,EAAE;IACzDe,MAAM,EAAE;EACV,CAAC,CAAC,CACCI,IAAI,CAACtB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BsB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,OAAO;IACLP;EACF,CAAC;AACH,CAAC"}