@pagopa/io-react-native-wallet 3.4.1 → 3.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/api/IssuerConfig.js +6 -0
- package/lib/commonjs/credential/issuance/api/IssuerConfig.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js +1 -0
- package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js +8 -1
- package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/03-complete-user-authorization.js +13 -7
- package/lib/commonjs/credential/issuance/v1.3.3/03-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/mappers.js +14 -6
- package/lib/commonjs/credential/issuance/v1.3.3/mappers.js.map +1 -1
- package/lib/commonjs/credential/offer/api/03-validate-credential-offer.js +6 -0
- package/lib/commonjs/credential/offer/api/03-validate-credential-offer.js.map +1 -0
- package/lib/commonjs/credential/offer/api/index.js.map +1 -1
- package/lib/commonjs/credential/offer/v1.0.0/index.js +3 -0
- package/lib/commonjs/credential/offer/v1.0.0/index.js.map +1 -1
- package/lib/commonjs/credential/offer/v1.3.3/01-resolve-credential-offer.js +7 -21
- package/lib/commonjs/credential/offer/v1.3.3/01-resolve-credential-offer.js.map +1 -1
- package/lib/commonjs/credential/offer/v1.3.3/02-extract-grant-details.js +5 -1
- package/lib/commonjs/credential/offer/v1.3.3/02-extract-grant-details.js.map +1 -1
- package/lib/commonjs/credential/offer/v1.3.3/03-validate-credential-offer.js +39 -0
- package/lib/commonjs/credential/offer/v1.3.3/03-validate-credential-offer.js.map +1 -0
- package/lib/commonjs/credential/offer/v1.3.3/index.js +3 -1
- package/lib/commonjs/credential/offer/v1.3.3/index.js.map +1 -1
- package/lib/module/credential/issuance/api/IssuerConfig.js +6 -0
- package/lib/module/credential/issuance/api/IssuerConfig.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js +1 -0
- package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js +8 -1
- package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/03-complete-user-authorization.js +13 -7
- package/lib/module/credential/issuance/v1.3.3/03-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/mappers.js +14 -6
- package/lib/module/credential/issuance/v1.3.3/mappers.js.map +1 -1
- package/lib/module/credential/offer/api/03-validate-credential-offer.js +2 -0
- package/lib/module/credential/offer/api/03-validate-credential-offer.js.map +1 -0
- package/lib/module/credential/offer/api/index.js.map +1 -1
- package/lib/module/credential/offer/v1.0.0/index.js +3 -0
- package/lib/module/credential/offer/v1.0.0/index.js.map +1 -1
- package/lib/module/credential/offer/v1.3.3/01-resolve-credential-offer.js +10 -23
- package/lib/module/credential/offer/v1.3.3/01-resolve-credential-offer.js.map +1 -1
- package/lib/module/credential/offer/v1.3.3/02-extract-grant-details.js +6 -1
- package/lib/module/credential/offer/v1.3.3/02-extract-grant-details.js.map +1 -1
- package/lib/module/credential/offer/v1.3.3/03-validate-credential-offer.js +33 -0
- package/lib/module/credential/offer/v1.3.3/03-validate-credential-offer.js.map +1 -0
- package/lib/module/credential/offer/v1.3.3/index.js +3 -1
- package/lib/module/credential/offer/v1.3.3/index.js.map +1 -1
- package/lib/typescript/credential/issuance/api/01-evaluate-issuer-trust.d.ts +4 -0
- package/lib/typescript/credential/issuance/api/01-evaluate-issuer-trust.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/api/02-start-user-authorization.d.ts +4 -0
- package/lib/typescript/credential/issuance/api/02-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/api/03-complete-user-authorization.d.ts +3 -1
- package/lib/typescript/credential/issuance/api/03-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/api/IssuerConfig.d.ts +1 -0
- package/lib/typescript/credential/issuance/api/IssuerConfig.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.0.0/mappers.d.ts +1 -0
- package/lib/typescript/credential/issuance/v1.0.0/mappers.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/01-evaluate-issuer-trust.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/02-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/03-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/mappers.d.ts +490 -4
- package/lib/typescript/credential/issuance/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/credential/offer/api/02-extract-grant-details.d.ts +1 -1
- package/lib/typescript/credential/offer/api/03-validate-credential-offer.d.ts +19 -0
- package/lib/typescript/credential/offer/api/03-validate-credential-offer.d.ts.map +1 -0
- package/lib/typescript/credential/offer/api/index.d.ts +2 -1
- package/lib/typescript/credential/offer/api/index.d.ts.map +1 -1
- package/lib/typescript/credential/offer/v1.0.0/index.d.ts.map +1 -1
- package/lib/typescript/credential/offer/v1.3.3/01-resolve-credential-offer.d.ts +5 -11
- package/lib/typescript/credential/offer/v1.3.3/01-resolve-credential-offer.d.ts.map +1 -1
- package/lib/typescript/credential/offer/v1.3.3/02-extract-grant-details.d.ts.map +1 -1
- package/lib/typescript/credential/offer/v1.3.3/03-validate-credential-offer.d.ts +15 -0
- package/lib/typescript/credential/offer/v1.3.3/03-validate-credential-offer.d.ts.map +1 -0
- package/lib/typescript/credential/offer/v1.3.3/index.d.ts.map +1 -1
- package/lib/typescript/trust/v1.3.3/types.d.ts +2 -2
- package/package.json +6 -6
- package/src/credential/issuance/api/01-evaluate-issuer-trust.ts +4 -1
- package/src/credential/issuance/api/02-start-user-authorization.ts +4 -0
- package/src/credential/issuance/api/03-complete-user-authorization.ts +3 -1
- package/src/credential/issuance/api/IssuerConfig.ts +6 -0
- package/src/credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts +1 -0
- package/src/credential/issuance/v1.3.3/02-start-user-authorization.ts +7 -0
- package/src/credential/issuance/v1.3.3/03-complete-user-authorization.ts +13 -9
- package/src/credential/issuance/v1.3.3/mappers.ts +15 -5
- package/src/credential/offer/api/02-extract-grant-details.ts +1 -1
- package/src/credential/offer/api/03-validate-credential-offer.ts +19 -0
- package/src/credential/offer/api/index.ts +3 -1
- package/src/credential/offer/v1.0.0/index.ts +3 -0
- package/src/credential/offer/v1.3.3/01-resolve-credential-offer.ts +8 -26
- package/src/credential/offer/v1.3.3/02-extract-grant-details.ts +6 -1
- package/src/credential/offer/v1.3.3/03-validate-credential-offer.ts +33 -0
- package/src/credential/offer/v1.3.3/index.ts +2 -0
|
@@ -48,6 +48,12 @@ const CredentialConfig = _zod.z.intersection(_zod.z.discriminatedUnion("format",
|
|
|
48
48
|
|
|
49
49
|
const IssuerConfig = _zod.z.object({
|
|
50
50
|
credential_issuer: _zod.z.string(),
|
|
51
|
+
/**
|
|
52
|
+
* Authorization Servers advertised by the Credential Issuer. Present when the
|
|
53
|
+
* Issuer relies on one or more external Authorization Servers; used to validate
|
|
54
|
+
* the `authorization_server` selected by a credential offer.
|
|
55
|
+
*/
|
|
56
|
+
authorization_servers: _zod.z.tuple([_zod.z.string()], _zod.z.string()).optional(),
|
|
51
57
|
pushed_authorization_request_endpoint: _zod.z.string(),
|
|
52
58
|
authorization_endpoint: _zod.z.string(),
|
|
53
59
|
token_endpoint: _zod.z.string(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_zod","require","_jwk","_types","DisplayConfig","z","object","name","string","locale","ClaimConfig","path","array","union","number","null","display","IssuanceErrorSupported","title","description","CredentialConfig","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","authentic_source","optional","issuance_errors_supported","record","IssuerConfig","credential_issuer","pushed_authorization_request_endpoint","authorization_endpoint","token_endpoint","nonce_endpoint","status_assertion_endpoint","credential_endpoint","keys","JWK","credential_configurations_supported","federation_entity","FederationEntityMetadata","credential_issuance_batch_size","encrypted_response_enc_values_supported","response_modes_supported","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/IssuerConfig.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAEA,MAAMG,aAAa,GAAGC,MAAC,CAACC,MAAM,CAAC;EAC7BC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC;AACnB,CAAC,CAAC;AAEF,MAAME,WAAW,GAAGL,MAAC,CAACC,MAAM,CAAC;EAC3BK,IAAI,EAAEN,MAAC,CAACO,KAAK,CAACP,MAAC,CAACQ,KAAK,CAAC,CAACR,MAAC,CAACG,MAAM,CAAC,CAAC,EAAEH,MAAC,CAACS,MAAM,CAAC,CAAC,EAAET,MAAC,CAACU,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAC1DC,OAAO,EAAEX,MAAC,CAACO,KAAK,CAACR,aAAa;AAChC,CAAC,CAAC;AAEF,MAAMa,sBAAsB,GAAGZ,MAAC,CAACC,MAAM,CAAC;EACtCU,OAAO,EAAEX,MAAC,CAACO,KAAK,CACdP,MAAC,CAACC,MAAM,CAAC;IACPY,KAAK,EAAEb,MAAC,CAACG,MAAM,CAAC,CAAC;IACjBW,WAAW,EAAEd,MAAC,CAACG,MAAM,CAAC,CAAC;IACvBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;AAEF,MAAMY,gBAAgB,GAAGf,MAAC,CAACgB,YAAY,CACrChB,MAAC,CAACiB,kBAAkB,CAAC,QAAQ,EAAE,CAC7BjB,MAAC,CAACC,MAAM,CAAC;EAAEiB,MAAM,EAAElB,MAAC,CAACmB,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEpB,MAAC,CAACG,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DH,MAAC,CAACC,MAAM,CAAC;EAAEiB,MAAM,EAAElB,MAAC,CAACmB,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAErB,MAAC,CAACG,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFH,MAAC,CAACC,MAAM,CAAC;EACPqB,KAAK,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC;EACjBQ,OAAO,EAAEX,MAAC,CAACO,KAAK,CAACR,aAAa,CAAC;EAC/BwB,MAAM,EAAEvB,MAAC,CAACO,KAAK,CAACF,WAAW,CAAC;EAC5B;AACJ;AACA;EACImB,gBAAgB,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvC;AACJ;AACA;EACIC,yBAAyB,EAAE1B,MAAC,CACzB2B,MAAM,CAAC3B,MAAC,CAACG,MAAM,CAAC,CAAC,EAAES,sBAAsB,CAAC,CAC1Ca,QAAQ,CAAC;AACd,CAAC,CACH,CAAC;;AAED;AACA;AACA;;AAEO,MAAMG,YAAY,GAAG5B,MAAC,CAACC,MAAM,CAAC;EACnC4B,iBAAiB,EAAE7B,MAAC,CAACG,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"names":["_zod","require","_jwk","_types","DisplayConfig","z","object","name","string","locale","ClaimConfig","path","array","union","number","null","display","IssuanceErrorSupported","title","description","CredentialConfig","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","authentic_source","optional","issuance_errors_supported","record","IssuerConfig","credential_issuer","authorization_servers","tuple","pushed_authorization_request_endpoint","authorization_endpoint","token_endpoint","nonce_endpoint","status_assertion_endpoint","credential_endpoint","keys","JWK","credential_configurations_supported","federation_entity","FederationEntityMetadata","credential_issuance_batch_size","encrypted_response_enc_values_supported","response_modes_supported","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/IssuerConfig.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAEA,MAAMG,aAAa,GAAGC,MAAC,CAACC,MAAM,CAAC;EAC7BC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC;AACnB,CAAC,CAAC;AAEF,MAAME,WAAW,GAAGL,MAAC,CAACC,MAAM,CAAC;EAC3BK,IAAI,EAAEN,MAAC,CAACO,KAAK,CAACP,MAAC,CAACQ,KAAK,CAAC,CAACR,MAAC,CAACG,MAAM,CAAC,CAAC,EAAEH,MAAC,CAACS,MAAM,CAAC,CAAC,EAAET,MAAC,CAACU,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAC1DC,OAAO,EAAEX,MAAC,CAACO,KAAK,CAACR,aAAa;AAChC,CAAC,CAAC;AAEF,MAAMa,sBAAsB,GAAGZ,MAAC,CAACC,MAAM,CAAC;EACtCU,OAAO,EAAEX,MAAC,CAACO,KAAK,CACdP,MAAC,CAACC,MAAM,CAAC;IACPY,KAAK,EAAEb,MAAC,CAACG,MAAM,CAAC,CAAC;IACjBW,WAAW,EAAEd,MAAC,CAACG,MAAM,CAAC,CAAC;IACvBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;AAEF,MAAMY,gBAAgB,GAAGf,MAAC,CAACgB,YAAY,CACrChB,MAAC,CAACiB,kBAAkB,CAAC,QAAQ,EAAE,CAC7BjB,MAAC,CAACC,MAAM,CAAC;EAAEiB,MAAM,EAAElB,MAAC,CAACmB,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEpB,MAAC,CAACG,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DH,MAAC,CAACC,MAAM,CAAC;EAAEiB,MAAM,EAAElB,MAAC,CAACmB,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAErB,MAAC,CAACG,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFH,MAAC,CAACC,MAAM,CAAC;EACPqB,KAAK,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC;EACjBQ,OAAO,EAAEX,MAAC,CAACO,KAAK,CAACR,aAAa,CAAC;EAC/BwB,MAAM,EAAEvB,MAAC,CAACO,KAAK,CAACF,WAAW,CAAC;EAC5B;AACJ;AACA;EACImB,gBAAgB,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvC;AACJ;AACA;EACIC,yBAAyB,EAAE1B,MAAC,CACzB2B,MAAM,CAAC3B,MAAC,CAACG,MAAM,CAAC,CAAC,EAAES,sBAAsB,CAAC,CAC1Ca,QAAQ,CAAC;AACd,CAAC,CACH,CAAC;;AAED;AACA;AACA;;AAEO,MAAMG,YAAY,GAAG5B,MAAC,CAACC,MAAM,CAAC;EACnC4B,iBAAiB,EAAE7B,MAAC,CAACG,MAAM,CAAC,CAAC;EAC7B;AACF;AACA;AACA;AACA;EACE2B,qBAAqB,EAAE9B,MAAC,CAAC+B,KAAK,CAAC,CAAC/B,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,EAAEH,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACnEO,qCAAqC,EAAEhC,MAAC,CAACG,MAAM,CAAC,CAAC;EACjD8B,sBAAsB,EAAEjC,MAAC,CAACG,MAAM,CAAC,CAAC;EAClC+B,cAAc,EAAElC,MAAC,CAACG,MAAM,CAAC,CAAC;EAC1BgC,cAAc,EAAEnC,MAAC,CAACG,MAAM,CAAC,CAAC;EAC1BiC,yBAAyB,EAAEpC,MAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EAChDY,mBAAmB,EAAErC,MAAC,CAACG,MAAM,CAAC,CAAC;EAC/BmC,IAAI,EAAEtC,MAAC,CAACO,KAAK,CAACgC,QAAG,CAAC;EAClBC,mCAAmC,EAAExC,MAAC,CAAC2B,MAAM,CAAC3B,MAAC,CAACG,MAAM,CAAC,CAAC,EAAEY,gBAAgB,CAAC;EAC3E0B,iBAAiB,EAAEC,+BAAwB;EAC3CC,8BAA8B,EAAE3C,MAAC,CAACS,MAAM,CAAC,CAAC,CAACgB,QAAQ,CAAC,CAAC;EACrDmB,uCAAuC,EAAE5C,MAAC,CAACO,KAAK,CAACP,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvE;AACF;AACA;EACEoB,wBAAwB,EAAE7C,MAAC,CAACO,KAAK,CAACP,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;AACzD,CAAC,CAAC;AAACqB,OAAA,CAAAlB,YAAA,GAAAA,YAAA"}
|
|
@@ -12,6 +12,7 @@ const evaluateIssuerTrust = async function (issuerUrl) {
|
|
|
12
12
|
const issuerMetadata = await (0, _ioWalletOid4vci.fetchMetadata)({
|
|
13
13
|
config: _config.sdkConfigV1_3,
|
|
14
14
|
credentialIssuerUrl: issuerUrl,
|
|
15
|
+
authorizationServer: context.authorizationServer,
|
|
15
16
|
callbacks: {
|
|
16
17
|
fetch: context.appFetch
|
|
17
18
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioWalletOid4vci","require","_config","_mappers","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","fetchMetadata","config","sdkConfigV1_3","credentialIssuerUrl","callbacks","fetch","appFetch","issuerConf","mapToIssuerConfig","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,QAAA,GAAAF,OAAA;AAEO,MAAMG,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAM,IAAAC,8BAAa,EAAC;IAC1CC,MAAM,EAAEC,qBAAa;IACrBC,mBAAmB,EAAET,SAAS;IAC9BU,SAAS,EAAE;MACTC,KAAK,
|
|
1
|
+
{"version":3,"names":["_ioWalletOid4vci","require","_config","_mappers","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","fetchMetadata","config","sdkConfigV1_3","credentialIssuerUrl","authorizationServer","callbacks","fetch","appFetch","issuerConf","mapToIssuerConfig","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,QAAA,GAAAF,OAAA;AAEO,MAAMG,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAM,IAAAC,8BAAa,EAAC;IAC1CC,MAAM,EAAEC,qBAAa;IACrBC,mBAAmB,EAAET,SAAS;IAC9BU,mBAAmB,EAAET,OAAO,CAACS,mBAAmB;IAChDC,SAAS,EAAE;MACTC,KAAK,EAAEX,OAAO,CAACY;IACjB;EACF,CAAC,CAA0B;EAE3B,OAAO;IAAEC,UAAU,EAAE,IAAAC,0BAAiB,EAACV,cAAc;EAAE,CAAC;AAC1D,CAAC;AAACW,OAAA,CAAAjB,mBAAA,GAAAA,mBAAA"}
|
|
@@ -16,7 +16,9 @@ const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) =>
|
|
|
16
16
|
wiaCryptoContext,
|
|
17
17
|
walletInstanceAttestation,
|
|
18
18
|
redirectUri,
|
|
19
|
-
appFetch = fetch
|
|
19
|
+
appFetch = fetch,
|
|
20
|
+
scope,
|
|
21
|
+
issuerState
|
|
20
22
|
} = ctx;
|
|
21
23
|
const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
|
|
22
24
|
if (!clientId) {
|
|
@@ -59,6 +61,11 @@ const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) =>
|
|
|
59
61
|
authorization_details: credentialDefinition,
|
|
60
62
|
codeChallengeMethodsSupported: ["S256"],
|
|
61
63
|
redirectUri,
|
|
64
|
+
// When the issuance is started from a Credential Offer, the `scope` and
|
|
65
|
+
// `issuer_state` carried by the authorization_code grant are forwarded to
|
|
66
|
+
// the PAR. They are `undefined` (and thus omitted) for the regular flow.
|
|
67
|
+
scope,
|
|
68
|
+
issuerState,
|
|
62
69
|
dpop: {
|
|
63
70
|
signer: wiaSigner
|
|
64
71
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioWalletOauth","require","_uuid","_logging","_callbacks","_errors","_config","_startUserAuthorization","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","Logger","log","LogLevel","ERROR","IoWalletError","credentialDefinition","map","c","selectCredentialDefinition","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","wiaSigner","method","alg","publicJwk","signJwt","createSignJwtFromCryptoContext","parRequest","createPushedAuthorizationRequest","config","sdkConfigV1_3","callbacks","partialCallbacks","authorizationServerMetadata","require_signed_request_object","jti","uuidv4","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","dpop","signer","clientAttestationPoP","createClientAttestationPopJwt","generateRandom","clientAttestation","authorizationServer","request_uri","fetchPushedAuthorizationResponse","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,cAAA,GAAAC,OAAA;AAMA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AAIA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,uBAAA,GAAAN,OAAA;AAEO,MAAMO,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;
|
|
1
|
+
{"version":3,"names":["_ioWalletOauth","require","_uuid","_logging","_callbacks","_errors","_config","_startUserAuthorization","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","scope","issuerState","clientId","getPublicKey","then","_","kid","Logger","log","LogLevel","ERROR","IoWalletError","credentialDefinition","map","c","selectCredentialDefinition","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","wiaSigner","method","alg","publicJwk","signJwt","createSignJwtFromCryptoContext","parRequest","createPushedAuthorizationRequest","config","sdkConfigV1_3","callbacks","partialCallbacks","authorizationServerMetadata","require_signed_request_object","jti","uuidv4","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","dpop","signer","clientAttestationPoP","createClientAttestationPopJwt","generateRandom","clientAttestation","authorizationServer","request_uri","fetchPushedAuthorizationResponse","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,cAAA,GAAAC,OAAA;AAMA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AAIA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,uBAAA,GAAAN,OAAA;AAEO,MAAMO,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC,KAAK;IAChBC,KAAK;IACLC;EACF,CAAC,GAAGP,GAAG;EAEP,MAAMQ,QAAQ,GAAG,MAAMP,gBAAgB,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbK,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,kCAAiCR,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIS,qBAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMC,oBAAoB,GAAGpB,aAAa,CAACqB,GAAG,CAAEC,CAAC,IAC/C,IAAAC,kDAA0B,EAACxB,UAAU,EAAEuB,CAAC,CAC1C,CAAC;EAED,IAAIrB,KAAK,CAACuB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMJ,oBAAoB,CAACK,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAE1B,KAAK,CAAC2B,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAEzB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAM0B,SAAuB,GAAG;IAC9BC,MAAM,EAAE,KAAK;IACbC,GAAG,EAAE,OAAO;IACZC,SAAS,EAAE,MAAM/B,gBAAgB,CAACQ,YAAY,CAAC;EACjD,CAAC;EAED,MAAMwB,OAAO,GAAG,IAAAC,yCAA8B,EAACjC,gBAAgB,CAAC;EAEhE,MAAMkC,UAAU,GAAG,MAAM,IAAAC,+CAAgC,EAAC;IACxDC,MAAM,EAAEC,qBAAa;IACrBC,SAAS,EAAE;MACT,GAAGC,2BAAgB;MACnBP;IACF,CAAC;IACDQ,2BAA2B,EAAE;MAC3BC,6BAA6B,EAAE;IACjC,CAAC;IACDC,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC;IACbpC,QAAQ;IACRqC,QAAQ,EAAEhD,UAAU,CAACiD,iBAAiB;IACtCC,qBAAqB,EAAE7B,oBAAoB;IAC3C8B,6BAA6B,EAAE,CAAC,MAAM,CAAC;IACvC7C,WAAW;IACX;IACA;IACA;IACAG,KAAK;IACLC,WAAW;IACX0C,IAAI,EAAE;MACJC,MAAM,EAAErB;IACV;EACF,CAAC,CAAC;EAEF,MAAMsB,oBAAoB,GAAG,MAAM,IAAAC,4CAA6B,EAAC;IAC/Df,MAAM,EAAEC,qBAAa;IACrBC,SAAS,EAAE;MACTc,cAAc,EAAEb,2BAAgB,CAACa,cAAc;MAC/CpB;IACF,CAAC;IACDqB,iBAAiB,EAAEpD,yBAAyB;IAC5CqD,mBAAmB,EAAE1D,UAAU,CAACiD,iBAAiB;IACjDI,MAAM,EAAErB,SAAS;IACjBc,GAAG,EAAE,IAAAC,QAAM,EAAC;EACd,CAAC,CAAC;EAEF,MAAM;IAAEY;EAAY,CAAC,GAAG,MAAM,IAAAC,+CAAgC,EAAC;IAC7DlB,SAAS,EAAE;MACTlC,KAAK,EAAED;IACT,CAAC;IACDsD,kCAAkC,EAChC7D,UAAU,CAAC8D,qCAAqC;IAClDC,0BAA0B,EAAEzB,UAAU;IACtC0B,qBAAqB,EAAEV,oBAAoB;IAC3CW,iBAAiB,EAAE5D;EACrB,CAAC,CAAC;EAEF,OAAO;IACL6D,gBAAgB,EAAEP,WAAW;IAC7BhD,QAAQ;IACRwD,YAAY,EAAE7B,UAAU,CAAC8B,gBAAgB;IACzC/C;EACF,CAAC;AACH,CAAC;AAACgD,OAAA,CAAAtE,sBAAA,GAAAA,sBAAA"}
|
|
@@ -115,7 +115,8 @@ const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, issue
|
|
|
115
115
|
exports.completeUserAuthorizationWithFormPostJwtMode = completeUserAuthorizationWithFormPostJwtMode;
|
|
116
116
|
const completeEaaUserAuthorizationWithQueryMode = async function (requestObject, issuerConfig, pid, clientRedirectUri) {
|
|
117
117
|
let {
|
|
118
|
-
appFetch = fetch
|
|
118
|
+
appFetch = fetch,
|
|
119
|
+
fetchFinalRedirectUri
|
|
119
120
|
} = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : {};
|
|
120
121
|
_logging.Logger.log(_logging.LogLevel.DEBUG, "The requested credential is not a PID, completing the user authorization with query mode");
|
|
121
122
|
const authzResponse = await processPidPresentationAndCreateAuthzResponse({
|
|
@@ -139,13 +140,18 @@ const completeEaaUserAuthorizationWithQueryMode = async function (requestObject,
|
|
|
139
140
|
_logging.Logger.log(_logging.LogLevel.ERROR, errorMessage);
|
|
140
141
|
throw new _errors.AuthorizationError(errorMessage);
|
|
141
142
|
}
|
|
142
|
-
|
|
143
|
-
if (
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
143
|
+
let finalRedirectUri;
|
|
144
|
+
if (fetchFinalRedirectUri) {
|
|
145
|
+
finalRedirectUri = await fetchFinalRedirectUri(redirect_uri);
|
|
146
|
+
} else {
|
|
147
|
+
const response = await appFetch(redirect_uri).catch(() => null);
|
|
148
|
+
if (!response || !response.ok) {
|
|
149
|
+
const errorMessage = `An error occurred while completing the authorization flow. Ensure ${clientRedirectUri} is a valid HTTP url for redirect`;
|
|
150
|
+
_logging.Logger.log(_logging.LogLevel.ERROR, errorMessage);
|
|
151
|
+
throw new _errors.AuthorizationError(errorMessage);
|
|
152
|
+
}
|
|
153
|
+
finalRedirectUri = response.url;
|
|
147
154
|
}
|
|
148
|
-
const finalRedirectUri = response.url;
|
|
149
155
|
if (!finalRedirectUri || !finalRedirectUri.startsWith(clientRedirectUri)) {
|
|
150
156
|
const errorMessage = `The authorization server did not redirect to the provided client redirect URI. Expected: ${clientRedirectUri}, got: ${finalRedirectUri}`;
|
|
151
157
|
_logging.Logger.log(_logging.LogLevel.ERROR, errorMessage);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_auth","require","_parseUrl","_interopRequireDefault","_ioWalletOid4vp","_ioWalletOid4vci","_ioWalletOauth","_errors","_logging","_v","_callbacks","_config","_errors2","_mappers","_misc","obj","__esModule","default","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","Logger","log","LogLevel","DEBUG","parsedChallenge","parseMrtdChallenge","redirectUrl","challenge_info","challengeJwt","err","errorMessage","Error","message","ERROR","AuthorizationError","exports","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completePidUserAuthorizationWithQueryMode","query","parseUrl","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObjectJwt","method","then","hasStatusOrThrow","IssuerResponseError","res","text","parsedAuthRequest","parseAuthorizeRequest","config","sdkConfigV1_3","callbacks","verifyJwt","createVerifyJwtFromJwks","keys","mapToRequestObject","completeUserAuthorizationWithFormPostJwtMode","requestObject","issuerConfig","pid","_ref","authzResponse","processPidPresentationAndCreateAuthzResponse","issuerSigKey","find","key","use","IoWalletError","sendAuthorizationResponseAndExtractCode","authorizationResponseJarm","jarm","responseJwe","partialCallbacks","iss","state","presentationResponseUri","response_uri","signer","alg","publicJwk","completeEaaUserAuthorizationWithQueryMode","clientRedirectUri","JSON","stringify","redirect_uri","fetchAuthorizationResponse","response","catch","ok","
|
|
1
|
+
{"version":3,"names":["_auth","require","_parseUrl","_interopRequireDefault","_ioWalletOid4vp","_ioWalletOid4vci","_ioWalletOauth","_errors","_logging","_v","_callbacks","_config","_errors2","_mappers","_misc","obj","__esModule","default","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","Logger","log","LogLevel","DEBUG","parsedChallenge","parseMrtdChallenge","redirectUrl","challenge_info","challengeJwt","err","errorMessage","Error","message","ERROR","AuthorizationError","exports","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completePidUserAuthorizationWithQueryMode","query","parseUrl","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObjectJwt","method","then","hasStatusOrThrow","IssuerResponseError","res","text","parsedAuthRequest","parseAuthorizeRequest","config","sdkConfigV1_3","callbacks","verifyJwt","createVerifyJwtFromJwks","keys","mapToRequestObject","completeUserAuthorizationWithFormPostJwtMode","requestObject","issuerConfig","pid","_ref","authzResponse","processPidPresentationAndCreateAuthzResponse","issuerSigKey","find","key","use","IoWalletError","sendAuthorizationResponseAndExtractCode","authorizationResponseJarm","jarm","responseJwe","partialCallbacks","iss","state","presentationResponseUri","response_uri","signer","alg","publicJwk","completeEaaUserAuthorizationWithQueryMode","clientRedirectUri","fetchFinalRedirectUri","JSON","stringify","redirect_uri","fetchAuthorizationResponse","finalRedirectUri","response","catch","ok","url","startsWith","authRes","authResParsed","AuthorizationResultShape","safeParse","success","authErr","AuthorizationErrorShape","error","AuthorizationIdpError","data","error_description","_ref2","dcqlQueryResult","RemotePresentationFlow","evaluateDcqlQuery","dcql_query","remotePresentation","prepareRemotePresentations","nonce","responseUri","vp_token","presentations","reduce","acc","_ref3","credentialId","vpToken","createAuthorizationResponse","sdkConfigV1_4","rpJwks","jwks","encrypted_response_enc_values_supported","encryptJwe","generateRandom"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/03-complete-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAKA,IAAAC,SAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,eAAA,GAAAH,OAAA;AAMA,IAAAI,gBAAA,GAAAJ,OAAA;AAEA,IAAAK,cAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,QAAA,GAAAP,OAAA;AACA,IAAAQ,EAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AAIA,IAAAU,OAAA,GAAAV,OAAA;AACA,IAAAW,QAAA,GAAAX,OAAA;AAEA,IAAAY,QAAA,GAAAZ,OAAA;AAEA,IAAAa,KAAA,GAAAb,OAAA;AAAuD,SAAAE,uBAAAY,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAEhD,MAAMG,6CAA2G,GACtH,MAAOC,eAAe,IAAK;EACzBC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACd,0GACF,CAAC;EACD,IAAI;IACF,MAAMC,eAAe,GAAG,IAAAC,iCAAkB,EAAC;MACzCC,WAAW,EAAEP;IACf,CAAC,CAAC;IACF,OAAO;MAAEQ,cAAc,EAAEH,eAAe,CAACI;IAAa,CAAC;EACzD,CAAC,CAAC,OAAOC,GAAG,EAAE;IACZ,MAAMC,YAAY,GAChBD,GAAG,YAAYE,KAAK,GAAGF,GAAG,CAACG,OAAO,GAAG,+BAA+B;IACtEZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACW,KAAK,EACb,mDAAkDH,YAAa,EAClE,CAAC;IACD,MAAM,IAAII,0BAAkB,CAACJ,YAAY,CAAC;EAC5C;AACF,CAAC;AAACK,OAAA,CAAAjB,6CAAA,GAAAA,6CAAA;AAEG,MAAMkB,qBAA2D,GACtE,MAAAA,CAAOC,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAEC,OAAO,KAAK;EACzD,MAAMC,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXG,MAAM,CAACI,MAAM,CAAC,SAAS,EAAEP,OAAO,CAAC;EACnC;EAEA,MAAMQ,OAAO,GAAI,GAAEP,oBAAqB,IAAGE,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;AAACb,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAEG,MAAMa,yCAAmG,GAC9G,MAAO9B,eAAe,IAAK;EACzBC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACd,sFACF,CAAC;EACD,MAAM2B,KAAK,GAAG,IAAAC,iBAAQ,EAAChC,eAAe,CAAC,CAAC+B,KAAK;EAE7C,OAAOE,0BAA0B,CAACF,KAAK,CAAC;AAC1C,CAAC;AAACf,OAAA,CAAAc,yCAAA,GAAAA,yCAAA;AAEG,MAAMI,mCAAuF,GAClG,eAAAA,CAAOhB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBe,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7DtC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACd,kFACF,CAAC;EAED,MAAMkB,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEFjB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,oCAAmCkB,oBAAqB,IAAGE,MAAM,CAACgB,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,gBAAgB,GAAG,MAAMN,QAAQ,CACpC,GAAEb,oBAAqB,IAAGE,MAAM,CAACgB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,4BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,MAAMC,iBAAiB,GAAG,MAAM,IAAAC,qCAAqB,EAAC;IACpDC,MAAM,EAAEC,qBAAa;IACrBV,gBAAgB;IAChBW,SAAS,EAAE;MACTC,SAAS,EAAE,IAAAC,kCAAuB,EAAClC,UAAU,CAACmC,IAAI;IACpD;EACF,CAAC,CAAC;EAEF,OAAO,IAAAC,2BAAkB,EAACR,iBAAiB,CAAC;AAC9C,CAAC;;AAEH;AAAAhC,OAAA,CAAAkB,mCAAA,GAAAA,mCAAA;AACO,MAAMuB,4CAAyG,GACpH,MAAAA,CAAOC,aAAa,EAAEC,YAAY,EAAEC,GAAG,EAAAC,IAAA,KAA2B;EAAA,IAAzB;IAAE1B,QAAQ,GAAGI;EAAM,CAAC,GAAAsB,IAAA;EAC3D5D,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACd,kGACF,CAAC;EAED,MAAM0D,aAAa,GAAG,MAAMC,4CAA4C,CAAC;IACvEL,aAAa;IACbC,YAAY;IACZC;EACF,CAAC,CAAC;EAEF3D,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,mBAAkB0D,aAAc,EAAC,CAAC;EAE9D,MAAME,YAAY,GAAGL,YAAY,CAACJ,IAAI,CAACU,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EACvE,IAAI,CAACH,YAAY,EAAE;IACjB,MAAMrD,YAAY,GAAG,gDAAgD;IACrEV,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACW,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAIyD,sBAAa,CAACzD,YAAY,CAAC;EACvC;EAEA,OAAO,IAAA0D,wDAAuC,EAAC;IAC7CC,yBAAyB,EAAER,aAAa,CAACS,IAAI,CAACC,WAAW;IACzDpB,SAAS,EAAE;MACT,GAAGqB,2BAAgB;MACnBlC,KAAK,EAAEJ;IACT,CAAC;IACDuC,GAAG,EAAEhB,aAAa,CAACgB,GAAG;IACtBC,KAAK,EAAEjB,aAAa,CAACiB,KAAK,IAAI,EAAE;IAChCC,uBAAuB,EAAElB,aAAa,CAACmB,YAAY;IACnDC,MAAM,EAAE;MACNC,GAAG,EAAE,OAAO;MACZrC,MAAM,EAAE,KAAK;MACbsC,SAAS,EAAEhB;IACb;EACF,CAAC,CAAC;AACJ,CAAC;AAAChD,OAAA,CAAAyC,4CAAA,GAAAA,4CAAA;AAEG,MAAMwB,yCAAmG,GAC9G,eAAAA,CACEvB,aAAa,EACbC,YAAY,EACZC,GAAG,EACHsB,iBAAiB,EAEd;EAAA,IADH;IAAE/C,QAAQ,GAAGI,KAAK;IAAE4C;EAAsB,CAAC,GAAA/C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEhDnC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACd,0FACF,CAAC;EAED,MAAM0D,aAAa,GAAG,MAAMC,4CAA4C,CAAC;IACvEL,aAAa;IACbC,YAAY;IACZC;EACF,CAAC,CAAC;EAEF3D,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,mBAAkBgF,IAAI,CAACC,SAAS,CAACvB,aAAa,CAAE,EACnD,CAAC;EAED,MAAM;IAAEwB;EAAa,CAAC,GAAG,MAAM,IAAAC,0CAA0B,EAAC;IACxDjB,yBAAyB,EAAER,aAAa,CAACS,IAAI,CAACC,WAAW;IACzDI,uBAAuB,EAAElB,aAAa,CAACmB,YAAY;IACnDzB,SAAS,EAAE;MACT,GAAGqB,2BAAgB;MACnBlC,KAAK,EAAEJ;IACT;EACF,CAAC,CAAC;EAEF,IAAI,CAACmD,YAAY,EAAE;IACjB,MAAM3E,YAAY,GAChB,2FAA2F;IAC7FV,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACW,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAII,0BAAkB,CAACJ,YAAY,CAAC;EAC5C;EAEA,IAAI6E,gBAAoC;EAExC,IAAIL,qBAAqB,EAAE;IACzBK,gBAAgB,GAAG,MAAML,qBAAqB,CAACG,YAAY,CAAC;EAC9D,CAAC,MAAM;IACL,MAAMG,QAAQ,GAAG,MAAMtD,QAAQ,CAACmD,YAAY,CAAC,CAACI,KAAK,CAAC,MAAM,IAAI,CAAC;IAC/D,IAAI,CAACD,QAAQ,IAAI,CAACA,QAAQ,CAACE,EAAE,EAAE;MAC7B,MAAMhF,YAAY,GAAI,qEAAoEuE,iBAAkB,mCAAkC;MAC9IjF,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACW,KAAK,EAAEH,YAAY,CAAC;MACxC,MAAM,IAAII,0BAAkB,CAACJ,YAAY,CAAC;IAC5C;IACA6E,gBAAgB,GAAGC,QAAQ,CAACG,GAAG;EACjC;EAEA,IAAI,CAACJ,gBAAgB,IAAI,CAACA,gBAAgB,CAACK,UAAU,CAACX,iBAAiB,CAAC,EAAE;IACxE,MAAMvE,YAAY,GAAI,4FAA2FuE,iBAAkB,UAASM,gBAAiB,EAAC;IAC9JvF,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACW,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAII,0BAAkB,CAACJ,YAAY,CAAC;EAC5C;EAEA,OAAOsB,0BAA0B,CAAC,IAAAD,iBAAQ,EAACwD,gBAAgB,CAAC,CAACzD,KAAK,CAAC;AACrE,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANAf,OAAA,CAAAiE,yCAAA,GAAAA,yCAAA;AAOO,MAAMhD,0BAA0B,GACrC6D,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGC,8BAAwB,CAACC,SAAS,CAACH,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACG,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAGC,6BAAuB,CAACH,SAAS,CAACH,OAAO,CAAC;IAC1D,IAAI,CAACK,OAAO,CAACD,OAAO,EAAE;MACpBjG,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACW,KAAK,EACb,mDAAkDiF,aAAa,CAACM,KAAK,CAACxF,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIE,0BAAkB,CAACgF,aAAa,CAACM,KAAK,CAACxF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACW,KAAK,EACb,2CAA0CsE,IAAI,CAACC,SAAS,CAACc,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIG,6BAAqB,CAC7BH,OAAO,CAACI,IAAI,CAACF,KAAK,EAClBF,OAAO,CAACI,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOT,aAAa,CAACQ,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAvF,OAAA,CAAAiB,0BAAA,GAAAA,0BAAA;AAOA,MAAM8B,4CAA4C,GAAG,MAAA0C,KAAA,IAQH;EAAA,IARU;IAC1D/C,aAAa;IACbC,YAAY;IACZC;EAKF,CAAC,GAAA6C,KAAA;EACC,MAAMC,eAAe,GAAG,MAAMC,qBAAsB,CAACC,iBAAiB,CACpElD,aAAa,CAACmD,UAAU,EACxB,CAACjD,GAAG,CACN,CAAC;EAED,MAAMkD,kBAAkB,GACtB,MAAMH,qBAAsB,CAACI,0BAA0B,CAACL,eAAe,EAAE;IACvEvF,QAAQ,EAAEuC,aAAa,CAAChC,SAAS;IACjCsF,KAAK,EAAEtD,aAAa,CAACsD,KAAK;IAC1BC,WAAW,EAAEvD,aAAa,CAACmB;EAC7B,CAAC,CAAC;EAEJ,MAAMqC,QAAQ,GAAGJ,kBAAkB,CAACK,aAAa,CAACC,MAAM,CACtD,CAACC,GAAG,EAAAC,KAAA;IAAA,IAAE;MAAEC,YAAY;MAAEC;IAAQ,CAAC,GAAAF,KAAA;IAAA,OAAM;MAAE,GAAGD,GAAG;MAAE,CAACE,YAAY,GAAG,CAACC,OAAO;IAAE,CAAC;EAAA,CAAC,EAC3E,CAAC,CACH,CAAC;EAED,OAAO,IAAAC,2CAA2B,EAAC;IACjC;IACA;IACAvE,MAAM,EAAEwE,qBAAa;IACrBhE,aAAa;IACbiE,MAAM,EAAE;MACNC,IAAI,EAAE;QAAErE,IAAI,EAAEI,YAAY,CAACJ;MAAK,CAAkB;MAClDsE,uCAAuC,EACrClE,YAAY,CAACkE;IACjB,CAAC;IACDX,QAAQ;IACR9D,SAAS,EAAE;MACT0E,UAAU,EAAErD,2BAAgB,CAACqD,UAAU;MACvCC,cAAc,EAAEtD,2BAAgB,CAACsD;IACnC;EACF,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -28,23 +28,31 @@ const mapCredentialConfigurationsSupported = oidIssuer => Object.entries(oidIssu
|
|
|
28
28
|
return acc;
|
|
29
29
|
}, {});
|
|
30
30
|
const mapToIssuerConfig = (0, _mappers.createMapper)(x => {
|
|
31
|
-
var _openid_credential_is;
|
|
31
|
+
var _x$authorization_serv, _openid_credential_is;
|
|
32
32
|
const {
|
|
33
33
|
oauth_authorization_server,
|
|
34
34
|
openid_credential_issuer,
|
|
35
35
|
openid_credential_verifier,
|
|
36
36
|
federation_entity
|
|
37
37
|
} = x.metadata;
|
|
38
|
-
|
|
38
|
+
|
|
39
|
+
// The Issuer's own `oauth_authorization_server` always describes the Issuer
|
|
40
|
+
// itself. When a credential offer selected a *different* Authorization
|
|
41
|
+
// Server, its metadata is surfaced separately through that server's
|
|
42
|
+
// federation claims, and the Authorization Server endpoints must be taken
|
|
43
|
+
// from there. Fall back to the Issuer's own server otherwise.
|
|
44
|
+
const oauthAuthorizationServer = ((_x$authorization_serv = x.authorization_server_federation_claims) === null || _x$authorization_serv === void 0 || (_x$authorization_serv = _x$authorization_serv.metadata) === null || _x$authorization_serv === void 0 ? void 0 : _x$authorization_serv.oauth_authorization_server) ?? oauth_authorization_server;
|
|
45
|
+
(0, _misc.assert)(oauthAuthorizationServer, "oauth_authorization_server is required in Issuer metadata");
|
|
39
46
|
(0, _misc.assert)(openid_credential_issuer, "openid_credential_issuer is required in Issuer metadata");
|
|
40
47
|
return {
|
|
41
|
-
authorization_endpoint:
|
|
48
|
+
authorization_endpoint: oauthAuthorizationServer.authorization_endpoint,
|
|
42
49
|
credential_endpoint: openid_credential_issuer.credential_endpoint,
|
|
43
50
|
credential_issuer: openid_credential_issuer.credential_issuer,
|
|
51
|
+
authorization_servers: openid_credential_issuer.authorization_servers,
|
|
44
52
|
credential_configurations_supported: mapCredentialConfigurationsSupported(openid_credential_issuer),
|
|
45
|
-
keys: [...openid_credential_issuer.jwks.keys, ...
|
|
46
|
-
pushed_authorization_request_endpoint:
|
|
47
|
-
token_endpoint:
|
|
53
|
+
keys: [...openid_credential_issuer.jwks.keys, ...oauthAuthorizationServer.jwks.keys],
|
|
54
|
+
pushed_authorization_request_endpoint: oauthAuthorizationServer.pushed_authorization_request_endpoint,
|
|
55
|
+
token_endpoint: oauthAuthorizationServer.token_endpoint,
|
|
48
56
|
nonce_endpoint: openid_credential_issuer.nonce_endpoint ?? "",
|
|
49
57
|
federation_entity: federation_entity ?? {},
|
|
50
58
|
credential_issuance_batch_size: (_openid_credential_is = openid_credential_issuer.batch_credential_issuance) === null || _openid_credential_is === void 0 ? void 0 : _openid_credential_is.batch_size,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_misc","require","_mappers","_IssuerConfig","mapCredentialConfigurationsSupported","oidIssuer","Object","entries","credential_configurations_supported","reduce","acc","_ref","_config$credential_me","key","config","format","vct","doctype","scope","display","credential_metadata","claims","map","claim","path","mapToIssuerConfig","createMapper","x","_openid_credential_is","oauth_authorization_server","openid_credential_issuer","openid_credential_verifier","federation_entity","metadata","assert","authorization_endpoint","credential_endpoint","credential_issuer","keys","jwks","pushed_authorization_request_endpoint","token_endpoint","nonce_endpoint","credential_issuance_batch_size","batch_credential_issuance","batch_size","encrypted_response_enc_values_supported","outputSchema","IssuerConfig","exports","mapToRequestObject","_ref2","header","payload","iss","trust_chain","x5c"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/mappers.ts"],"mappings":";;;;;;AAEA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAD,OAAA;AAGA,IAAAE,aAAA,GAAAF,OAAA;AAOA,MAAMG,oCAAoC,GACxCC,SAA8C,IAE9CC,MAAM,CAACC,OAAO,CAACF,SAAS,CAACG,mCAAmC,CAAC,CAACC,MAAM,CAClE,CAACC,GAAG,EAAAC,IAAA,KAAoB;EAAA,IAAAC,qBAAA;EAAA,IAAlB,CAACC,GAAG,EAAEC,MAAM,CAAC,GAAAH,IAAA;EACjBD,GAAG,CAACG,GAAG,CAAC,GAAG;IACT,IAAIC,MAAM,CAACC,MAAM,KAAK,WAAW,GAC7B;MAAEA,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEC,GAAG,EAAEF,MAAM,CAACE;IAAI,CAAC,GAC1C;MAAED,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEE,OAAO,EAAEH,MAAM,CAACG;IAAQ,CAAC,CAAC;IACvDC,KAAK,EAAEJ,MAAM,CAACI,KAAK;IACnBC,OAAO,EAAEL,MAAM,CAACM,mBAAmB,CAACD,OAAQ;IAC5CE,MAAM,EACJ,EAAAT,qBAAA,GAAAE,MAAM,CAACM,mBAAmB,CAACC,MAAM,cAAAT,qBAAA,uBAAjCA,qBAAA,CAAmCU,GAAG,CAAEC,KAAK,KAAM;MACjDC,IAAI,EAAED,KAAK,CAACC,IAAI;MAChBL,OAAO,EAAEI,KAAK,CAACJ,OAAO,IAAI;IAC5B,CAAC,CAAC,CAAC,KAAI;EACX,CAAC;EACD,OAAOT,GAAG;AACZ,CAAC,EACD,CAAC,CACH,CAAC;AAEI,MAAMe,iBAAiB,GAAG,IAAAC,qBAAY,EAI1CC,CAAC,IAAK;EAAA,IAAAC,qBAAA;EACL,MAAM;IACJC,0BAA0B;IAC1BC,wBAAwB;IACxBC,0BAA0B;IAC1BC;EACF,CAAC,
|
|
1
|
+
{"version":3,"names":["_misc","require","_mappers","_IssuerConfig","mapCredentialConfigurationsSupported","oidIssuer","Object","entries","credential_configurations_supported","reduce","acc","_ref","_config$credential_me","key","config","format","vct","doctype","scope","display","credential_metadata","claims","map","claim","path","mapToIssuerConfig","createMapper","x","_x$authorization_serv","_openid_credential_is","oauth_authorization_server","openid_credential_issuer","openid_credential_verifier","federation_entity","metadata","oauthAuthorizationServer","authorization_server_federation_claims","assert","authorization_endpoint","credential_endpoint","credential_issuer","authorization_servers","keys","jwks","pushed_authorization_request_endpoint","token_endpoint","nonce_endpoint","credential_issuance_batch_size","batch_credential_issuance","batch_size","encrypted_response_enc_values_supported","outputSchema","IssuerConfig","exports","mapToRequestObject","_ref2","header","payload","iss","trust_chain","x5c"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/mappers.ts"],"mappings":";;;;;;AAEA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAD,OAAA;AAGA,IAAAE,aAAA,GAAAF,OAAA;AAOA,MAAMG,oCAAoC,GACxCC,SAA8C,IAE9CC,MAAM,CAACC,OAAO,CAACF,SAAS,CAACG,mCAAmC,CAAC,CAACC,MAAM,CAClE,CAACC,GAAG,EAAAC,IAAA,KAAoB;EAAA,IAAAC,qBAAA;EAAA,IAAlB,CAACC,GAAG,EAAEC,MAAM,CAAC,GAAAH,IAAA;EACjBD,GAAG,CAACG,GAAG,CAAC,GAAG;IACT,IAAIC,MAAM,CAACC,MAAM,KAAK,WAAW,GAC7B;MAAEA,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEC,GAAG,EAAEF,MAAM,CAACE;IAAI,CAAC,GAC1C;MAAED,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEE,OAAO,EAAEH,MAAM,CAACG;IAAQ,CAAC,CAAC;IACvDC,KAAK,EAAEJ,MAAM,CAACI,KAAK;IACnBC,OAAO,EAAEL,MAAM,CAACM,mBAAmB,CAACD,OAAQ;IAC5CE,MAAM,EACJ,EAAAT,qBAAA,GAAAE,MAAM,CAACM,mBAAmB,CAACC,MAAM,cAAAT,qBAAA,uBAAjCA,qBAAA,CAAmCU,GAAG,CAAEC,KAAK,KAAM;MACjDC,IAAI,EAAED,KAAK,CAACC,IAAI;MAChBL,OAAO,EAAEI,KAAK,CAACJ,OAAO,IAAI;IAC5B,CAAC,CAAC,CAAC,KAAI;EACX,CAAC;EACD,OAAOT,GAAG;AACZ,CAAC,EACD,CAAC,CACH,CAAC;AAEI,MAAMe,iBAAiB,GAAG,IAAAC,qBAAY,EAI1CC,CAAC,IAAK;EAAA,IAAAC,qBAAA,EAAAC,qBAAA;EACL,MAAM;IACJC,0BAA0B;IAC1BC,wBAAwB;IACxBC,0BAA0B;IAC1BC;EACF,CAAC,GAAGN,CAAC,CAACO,QAAQ;;EAEd;EACA;EACA;EACA;EACA;EACA,MAAMC,wBAAwB,GAC5B,EAAAP,qBAAA,GAAAD,CAAC,CAACS,sCAAsC,cAAAR,qBAAA,gBAAAA,qBAAA,GAAxCA,qBAAA,CAA0CM,QAAQ,cAAAN,qBAAA,uBAAlDA,qBAAA,CACIE,0BAA0B,KAAIA,0BAA0B;EAE9D,IAAAO,YAAM,EACJF,wBAAwB,EACxB,2DACF,CAAC;EACD,IAAAE,YAAM,EACJN,wBAAwB,EACxB,yDACF,CAAC;EAED,OAAO;IACLO,sBAAsB,EAAEH,wBAAwB,CAACG,sBAAsB;IACvEC,mBAAmB,EAAER,wBAAwB,CAACQ,mBAAmB;IACjEC,iBAAiB,EAAET,wBAAwB,CAACS,iBAAiB;IAC7DC,qBAAqB,EAAEV,wBAAwB,CAACU,qBAAqB;IACrEjC,mCAAmC,EAAEJ,oCAAoC,CACvE2B,wBACF,CAAC;IACDW,IAAI,EAAE,CACJ,GAAGX,wBAAwB,CAACY,IAAI,CAACD,IAAI,EACrC,GAAGP,wBAAwB,CAACQ,IAAI,CAACD,IAAI,CAC7B;IACVE,qCAAqC,EACnCT,wBAAwB,CAACS,qCAAqC;IAChEC,cAAc,EAAEV,wBAAwB,CAACU,cAAc;IACvDC,cAAc,EAAEf,wBAAwB,CAACe,cAAc,IAAI,EAAE;IAC7Db,iBAAiB,EAAEA,iBAAiB,IAAI,CAAC,CAAC;IAC1Cc,8BAA8B,GAAAlB,qBAAA,GAC5BE,wBAAwB,CAACiB,yBAAyB,cAAAnB,qBAAA,uBAAlDA,qBAAA,CAAoDoB,UAAU;IAChEC,uCAAuC,EACrClB,0BAA0B,aAA1BA,0BAA0B,uBAA1BA,0BAA0B,CAAEkB;EAChC,CAAC;AACH,CAAC,EACD;EAAEC,YAAY,EAAEC;AAAa,CAAC,CAAC;AACjC,CAAC;AAACC,OAAA,CAAA5B,iBAAA,GAAAA,iBAAA;AAEK,MAAM6B,kBAAkB,GAAG,IAAA5B,qBAAY,EAG5C6B,KAAA;EAAA,IAAC;IAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAAF,KAAA;EAAA,OAAM;IAC1B,GAAGE,OAAO;IACVC,GAAG,EAAED,OAAO,CAACC,GAAG,IAAI,EAAE;IACtBC,WAAW,EAAEH,MAAM,CAACG,WAAW;IAC/BC,GAAG,EAAEJ,MAAM,CAACI;EACd,CAAC;AAAA,CAAC,CAAC;AAACP,OAAA,CAAAC,kBAAA,GAAAA,kBAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/offer/api/03-validate-credential-offer.ts"],"mappings":""}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_types","require","Object","keys","forEach","key","exports","defineProperty","enumerable","get"],"sourceRoot":"../../../../../src","sources":["credential/offer/api/index.ts"],"mappings":";;;;;
|
|
1
|
+
{"version":3,"names":["_types","require","Object","keys","forEach","key","exports","defineProperty","enumerable","get"],"sourceRoot":"../../../../../src","sources":["credential/offer/api/index.ts"],"mappings":";;;;;AASA,IAAAA,MAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,MAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,MAAA,CAAAK,GAAA;EAAAH,MAAA,CAAAK,cAAA,CAAAD,OAAA,EAAAD,GAAA;IAAAG,UAAA;IAAAC,GAAA,WAAAA,CAAA;MAAA,OAAAT,MAAA,CAAAK,GAAA;IAAA;EAAA;AAAA"}
|
|
@@ -11,6 +11,9 @@ const Offer = {
|
|
|
11
11
|
},
|
|
12
12
|
extractGrantDetails() {
|
|
13
13
|
throw new _errors.UnimplementedFeatureError("extractGrantDetails", "1.0.0");
|
|
14
|
+
},
|
|
15
|
+
validateCredentialOffer() {
|
|
16
|
+
throw new _errors.UnimplementedFeatureError("validateCredentialOffer", "1.0.0");
|
|
14
17
|
}
|
|
15
18
|
};
|
|
16
19
|
exports.Offer = Offer;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_errors","require","Offer","resolveCredentialOffer","UnimplementedFeatureError","extractGrantDetails","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.0.0/index.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAGO,MAAMC,KAAe,GAAG;EAC7B,MAAMC,sBAAsBA,CAAA,EAAG;IAC7B,MAAM,IAAIC,iCAAyB,CAAC,wBAAwB,EAAE,OAAO,CAAC;EACxE,CAAC;EACDC,mBAAmBA,CAAA,EAAG;IACpB,MAAM,IAAID,iCAAyB,CAAC,qBAAqB,EAAE,OAAO,CAAC;EACrE;AACF,CAAC;
|
|
1
|
+
{"version":3,"names":["_errors","require","Offer","resolveCredentialOffer","UnimplementedFeatureError","extractGrantDetails","validateCredentialOffer","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.0.0/index.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAGO,MAAMC,KAAe,GAAG;EAC7B,MAAMC,sBAAsBA,CAAA,EAAG;IAC7B,MAAM,IAAIC,iCAAyB,CAAC,wBAAwB,EAAE,OAAO,CAAC;EACxE,CAAC;EACDC,mBAAmBA,CAAA,EAAG;IACpB,MAAM,IAAID,iCAAyB,CAAC,qBAAqB,EAAE,OAAO,CAAC;EACrE,CAAC;EACDE,uBAAuBA,CAAA,EAAG;IACxB,MAAM,IAAIF,iCAAyB,CAAC,yBAAyB,EAAE,OAAO,CAAC;EACzE;AACF,CAAC;AAACG,OAAA,CAAAL,KAAA,GAAAA,KAAA"}
|
|
@@ -6,27 +6,22 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
6
6
|
exports.resolveCredentialOffer = void 0;
|
|
7
7
|
var _ioWalletOid4vci = require("@pagopa/io-wallet-oid4vci");
|
|
8
8
|
var _errors = require("../common/errors");
|
|
9
|
+
var _config = require("../../../utils/config");
|
|
9
10
|
/**
|
|
10
11
|
* v1.3.3 implementation — first step of the User Request Flow
|
|
11
12
|
* (IT-Wallet spec, Section 12.1.2).
|
|
12
13
|
*
|
|
13
14
|
* Delegates to the SDK's {@link sdkResolveCredentialOffer} for URI parsing
|
|
14
|
-
* and by-reference fetching
|
|
15
|
-
* IT-Wallet v1.3 structural checks:
|
|
16
|
-
* - `credential_issuer` must be an HTTPS URL
|
|
17
|
-
* - `grants` object is required
|
|
18
|
-
* - `authorization_code` grant is required
|
|
19
|
-
* - `scope` is required within `authorization_code`
|
|
15
|
+
* and by-reference fetching of the Credential Offer.
|
|
20
16
|
*
|
|
21
17
|
* Supported URI schemes: `openid-credential-offer://`, `haip-vci://`, `https://`.
|
|
22
18
|
*
|
|
23
|
-
*
|
|
24
|
-
*
|
|
25
|
-
*
|
|
19
|
+
* Structural validation and cross-validation against the Credential Issuer
|
|
20
|
+
* metadata are **not** performed here; they belong to the dedicated
|
|
21
|
+
* validate-credential-offer step of the flow.
|
|
26
22
|
*
|
|
27
23
|
* Resolution errors (bad scheme, missing params, network failure) are mapped
|
|
28
|
-
* to {@link InvalidQRCodeError}
|
|
29
|
-
* {@link InvalidCredentialOfferError}.
|
|
24
|
+
* to {@link InvalidQRCodeError}.
|
|
30
25
|
*/
|
|
31
26
|
const resolveCredentialOffer = async function (credentialOffer) {
|
|
32
27
|
let callbacks = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
|
|
@@ -36,6 +31,7 @@ const resolveCredentialOffer = async function (credentialOffer) {
|
|
|
36
31
|
|
|
37
32
|
// Parse the URI and fetch the offer when transmitted by reference
|
|
38
33
|
const resolved = await (0, _ioWalletOid4vci.resolveCredentialOffer)({
|
|
34
|
+
config: _config.sdkConfigV1_3,
|
|
39
35
|
credentialOffer,
|
|
40
36
|
callbacks: {
|
|
41
37
|
fetch: fetchFn
|
|
@@ -46,16 +42,6 @@ const resolveCredentialOffer = async function (credentialOffer) {
|
|
|
46
42
|
}
|
|
47
43
|
throw e;
|
|
48
44
|
});
|
|
49
|
-
|
|
50
|
-
// Structural validation (no metadata cross-checks at this stage)
|
|
51
|
-
await (0, _ioWalletOid4vci.validateCredentialOffer)({
|
|
52
|
-
credentialOffer: resolved
|
|
53
|
-
}).catch(e => {
|
|
54
|
-
if (e instanceof _ioWalletOid4vci.CredentialOfferError) {
|
|
55
|
-
throw new _errors.InvalidCredentialOfferError(e.message);
|
|
56
|
-
}
|
|
57
|
-
throw e;
|
|
58
|
-
});
|
|
59
45
|
return resolved;
|
|
60
46
|
};
|
|
61
47
|
exports.resolveCredentialOffer = resolveCredentialOffer;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioWalletOid4vci","require","_errors","resolveCredentialOffer","credentialOffer","callbacks","arguments","length","undefined","fetch","fetchFn","resolved","sdkResolveCredentialOffer","
|
|
1
|
+
{"version":3,"names":["_ioWalletOid4vci","require","_errors","_config","resolveCredentialOffer","credentialOffer","callbacks","arguments","length","undefined","fetch","fetchFn","resolved","sdkResolveCredentialOffer","config","sdkConfigV1_3","catch","e","CredentialOfferError","InvalidQRCodeError","message","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/01-resolve-credential-offer.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,OAAA,GAAAF,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,sBAA0D,GACrE,eAAAA,CAAOC,eAAe,EAAqB;EAAA,IAAnBC,SAAS,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACpC,MAAM;IAAEG,KAAK,EAAEC,OAAO,GAAGD;EAAM,CAAC,GAAGJ,SAAS;;EAE5C;EACA,MAAMM,QAAQ,GAAG,MAAM,IAAAC,uCAAyB,EAAC;IAC/CC,MAAM,EAAEC,qBAAa;IACrBV,eAAe;IACfC,SAAS,EAAE;MAAEI,KAAK,EAAEC;IAAQ;EAC9B,CAAC,CAAC,CAACK,KAAK,CAAEC,CAAU,IAAK;IACvB,IAAIA,CAAC,YAAYC,qCAAoB,EAAE;MACrC,MAAM,IAAIC,0BAAkB,CAACF,CAAC,CAACG,OAAO,CAAC;IACzC;IACA,MAAMH,CAAC;EACT,CAAC,CAAC;EAEF,OAAOL,QAAQ;AACjB,CAAC;AAACS,OAAA,CAAAjB,sBAAA,GAAAA,sBAAA"}
|
|
@@ -7,6 +7,7 @@ exports.extractGrantDetails = void 0;
|
|
|
7
7
|
var _ioWalletOid4vci = require("@pagopa/io-wallet-oid4vci");
|
|
8
8
|
var _errors = require("../common/errors");
|
|
9
9
|
var _errors2 = require("../../../utils/errors");
|
|
10
|
+
var _config = require("../../../utils/config");
|
|
10
11
|
/**
|
|
11
12
|
* v1.3.3 implementation — second and final step of the User Request Flow
|
|
12
13
|
* (IT-Wallet spec, Section 12.1.2).
|
|
@@ -20,6 +21,9 @@ var _errors2 = require("../../../utils/errors");
|
|
|
20
21
|
* Delegates directly to the SDK's {@link sdkExtractGrantDetails} — no local
|
|
21
22
|
* mapping is needed because the SDK already returns `ExtractGrantDetailsResult`.
|
|
22
23
|
*/
|
|
23
|
-
const extractGrantDetails = offer => (0, _errors2.withMappedErrors)(() => (0, _ioWalletOid4vci.extractGrantDetails)(
|
|
24
|
+
const extractGrantDetails = offer => (0, _errors2.withMappedErrors)(() => (0, _ioWalletOid4vci.extractGrantDetails)({
|
|
25
|
+
config: _config.sdkConfigV1_3,
|
|
26
|
+
credentialOffer: offer
|
|
27
|
+
}), _ioWalletOid4vci.CredentialOfferError, e => new _errors.InvalidCredentialOfferError(e.message));
|
|
24
28
|
exports.extractGrantDetails = extractGrantDetails;
|
|
25
29
|
//# sourceMappingURL=02-extract-grant-details.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioWalletOid4vci","require","_errors","_errors2","extractGrantDetails","offer","withMappedErrors","sdkExtractGrantDetails","CredentialOfferError","e","InvalidCredentialOfferError","message","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/02-extract-grant-details.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioWalletOid4vci","require","_errors","_errors2","_config","extractGrantDetails","offer","withMappedErrors","sdkExtractGrantDetails","config","sdkConfigV1_3","credentialOffer","CredentialOfferError","e","InvalidCredentialOfferError","message","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/02-extract-grant-details.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,mBAAoD,GAAIC,KAAK,IACxE,IAAAC,yBAAgB,EACd,MACE,IAAAC,oCAAsB,EAAC;EACrBC,MAAM,EAAEC,qBAAa;EACrBC,eAAe,EAAEL;AACnB,CAAC,CAAC,EACJM,qCAAoB,EACnBC,CAAC,IAAK,IAAIC,mCAA2B,CAACD,CAAC,CAACE,OAAO,CAClD,CAAC;AAACC,OAAA,CAAAX,mBAAA,GAAAA,mBAAA"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
exports.validateCredentialOffer = void 0;
|
|
7
|
+
var _ioWalletOid4vci = require("@pagopa/io-wallet-oid4vci");
|
|
8
|
+
var _errors = require("../common/errors");
|
|
9
|
+
var _config = require("../../../utils/config");
|
|
10
|
+
/**
|
|
11
|
+
* v1.3.3 implementation — validates a resolved Credential Offer against the
|
|
12
|
+
* Credential Issuer metadata (IT-Wallet spec, Section 12.1.2).
|
|
13
|
+
*
|
|
14
|
+
* Performs the IT-Wallet v1.3 structural checks on the offer and, when the
|
|
15
|
+
* Credential Issuer relies on multiple Authorization Servers, ensures the
|
|
16
|
+
* `authorization_server` selected by the offer matches one of the advertised
|
|
17
|
+
* `authorization_servers`.
|
|
18
|
+
*
|
|
19
|
+
* Delegates to the SDK's {@link sdkValidateCredentialOffer}; validation errors
|
|
20
|
+
* are mapped to {@link InvalidCredentialOfferError}.
|
|
21
|
+
*/
|
|
22
|
+
const validateCredentialOffer = async _ref => {
|
|
23
|
+
let {
|
|
24
|
+
offer,
|
|
25
|
+
credentialIssuerMetadata
|
|
26
|
+
} = _ref;
|
|
27
|
+
await (0, _ioWalletOid4vci.validateCredentialOffer)({
|
|
28
|
+
config: _config.sdkConfigV1_3,
|
|
29
|
+
credentialOffer: offer,
|
|
30
|
+
credentialIssuerMetadata
|
|
31
|
+
}).catch(e => {
|
|
32
|
+
if (e instanceof _ioWalletOid4vci.CredentialOfferError) {
|
|
33
|
+
throw new _errors.InvalidCredentialOfferError(e.message);
|
|
34
|
+
}
|
|
35
|
+
throw e;
|
|
36
|
+
});
|
|
37
|
+
};
|
|
38
|
+
exports.validateCredentialOffer = validateCredentialOffer;
|
|
39
|
+
//# sourceMappingURL=03-validate-credential-offer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["_ioWalletOid4vci","require","_errors","_config","validateCredentialOffer","_ref","offer","credentialIssuerMetadata","sdkValidateCredentialOffer","config","sdkConfigV1_3","credentialOffer","catch","e","CredentialOfferError","InvalidCredentialOfferError","message","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/03-validate-credential-offer.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,OAAA,GAAAF,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,uBAA4D,GACvE,MAAAC,IAAA,IAA+C;EAAA,IAAxC;IAAEC,KAAK;IAAEC;EAAyB,CAAC,GAAAF,IAAA;EACxC,MAAM,IAAAG,wCAA0B,EAAC;IAC/BC,MAAM,EAAEC,qBAAa;IACrBC,eAAe,EAAEL,KAAK;IACtBC;EACF,CAAC,CAAC,CAACK,KAAK,CAAEC,CAAU,IAAK;IACvB,IAAIA,CAAC,YAAYC,qCAAoB,EAAE;MACrC,MAAM,IAAIC,mCAA2B,CAACF,CAAC,CAACG,OAAO,CAAC;IAClD;IACA,MAAMH,CAAC;EACT,CAAC,CAAC;AACJ,CAAC;AAACI,OAAA,CAAAb,uBAAA,GAAAA,uBAAA"}
|
|
@@ -6,9 +6,11 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
6
6
|
exports.Offer = void 0;
|
|
7
7
|
var _resolveCredentialOffer = require("./01-resolve-credential-offer");
|
|
8
8
|
var _extractGrantDetails = require("./02-extract-grant-details");
|
|
9
|
+
var _validateCredentialOffer = require("./03-validate-credential-offer");
|
|
9
10
|
const Offer = {
|
|
10
11
|
resolveCredentialOffer: _resolveCredentialOffer.resolveCredentialOffer,
|
|
11
|
-
extractGrantDetails: _extractGrantDetails.extractGrantDetails
|
|
12
|
+
extractGrantDetails: _extractGrantDetails.extractGrantDetails,
|
|
13
|
+
validateCredentialOffer: _validateCredentialOffer.validateCredentialOffer
|
|
12
14
|
};
|
|
13
15
|
exports.Offer = Offer;
|
|
14
16
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_resolveCredentialOffer","require","_extractGrantDetails","Offer","resolveCredentialOffer","extractGrantDetails","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/index.ts"],"mappings":";;;;;;AACA,IAAAA,uBAAA,GAAAC,OAAA;AACA,IAAAC,oBAAA,GAAAD,OAAA;AAEO,
|
|
1
|
+
{"version":3,"names":["_resolveCredentialOffer","require","_extractGrantDetails","_validateCredentialOffer","Offer","resolveCredentialOffer","extractGrantDetails","validateCredentialOffer","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/index.ts"],"mappings":";;;;;;AACA,IAAAA,uBAAA,GAAAC,OAAA;AACA,IAAAC,oBAAA,GAAAD,OAAA;AACA,IAAAE,wBAAA,GAAAF,OAAA;AAEO,MAAMG,KAAe,GAAG;EAC7BC,sBAAsB,EAAtBA,8CAAsB;EACtBC,mBAAmB,EAAnBA,wCAAmB;EACnBC,uBAAuB,EAAvBA;AACF,CAAC;AAACC,OAAA,CAAAJ,KAAA,GAAAA,KAAA"}
|
|
@@ -42,6 +42,12 @@ const CredentialConfig = z.intersection(z.discriminatedUnion("format", [z.object
|
|
|
42
42
|
|
|
43
43
|
export const IssuerConfig = z.object({
|
|
44
44
|
credential_issuer: z.string(),
|
|
45
|
+
/**
|
|
46
|
+
* Authorization Servers advertised by the Credential Issuer. Present when the
|
|
47
|
+
* Issuer relies on one or more external Authorization Servers; used to validate
|
|
48
|
+
* the `authorization_server` selected by a credential offer.
|
|
49
|
+
*/
|
|
50
|
+
authorization_servers: z.tuple([z.string()], z.string()).optional(),
|
|
45
51
|
pushed_authorization_request_endpoint: z.string(),
|
|
46
52
|
authorization_endpoint: z.string(),
|
|
47
53
|
token_endpoint: z.string(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","JWK","FederationEntityMetadata","DisplayConfig","object","name","string","locale","ClaimConfig","path","array","union","number","null","display","IssuanceErrorSupported","title","description","CredentialConfig","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","authentic_source","optional","issuance_errors_supported","record","IssuerConfig","credential_issuer","pushed_authorization_request_endpoint","authorization_endpoint","token_endpoint","nonce_endpoint","status_assertion_endpoint","credential_endpoint","keys","credential_configurations_supported","federation_entity","credential_issuance_batch_size","encrypted_response_enc_values_supported","response_modes_supported"],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/IssuerConfig.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AACvB,SAASC,GAAG,QAAQ,oBAAoB;AACxC,SAASC,wBAAwB,QAAQ,6BAA6B;AAEtE,MAAMC,aAAa,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC7BC,IAAI,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;AACnB,CAAC,CAAC;AAEF,MAAME,WAAW,GAAGR,CAAC,CAACI,MAAM,CAAC;EAC3BK,IAAI,EAAET,CAAC,CAACU,KAAK,CAACV,CAAC,CAACW,KAAK,CAAC,CAACX,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACY,MAAM,CAAC,CAAC,EAAEZ,CAAC,CAACa,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAC1DC,OAAO,EAAEd,CAAC,CAACU,KAAK,CAACP,aAAa;AAChC,CAAC,CAAC;AAEF,MAAMY,sBAAsB,GAAGf,CAAC,CAACI,MAAM,CAAC;EACtCU,OAAO,EAAEd,CAAC,CAACU,KAAK,CACdV,CAAC,CAACI,MAAM,CAAC;IACPY,KAAK,EAAEhB,CAAC,CAACM,MAAM,CAAC,CAAC;IACjBW,WAAW,EAAEjB,CAAC,CAACM,MAAM,CAAC,CAAC;IACvBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;AAEF,MAAMY,gBAAgB,GAAGlB,CAAC,CAACmB,YAAY,CACrCnB,CAAC,CAACoB,kBAAkB,CAAC,QAAQ,EAAE,CAC7BpB,CAAC,CAACI,MAAM,CAAC;EAAEiB,MAAM,EAAErB,CAAC,CAACsB,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEvB,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DN,CAAC,CAACI,MAAM,CAAC;EAAEiB,MAAM,EAAErB,CAAC,CAACsB,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAExB,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFN,CAAC,CAACI,MAAM,CAAC;EACPqB,KAAK,EAAEzB,CAAC,CAACM,MAAM,CAAC,CAAC;EACjBQ,OAAO,EAAEd,CAAC,CAACU,KAAK,CAACP,aAAa,CAAC;EAC/BuB,MAAM,EAAE1B,CAAC,CAACU,KAAK,CAACF,WAAW,CAAC;EAC5B;AACJ;AACA;EACImB,gBAAgB,EAAE3B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvC;AACJ;AACA;EACIC,yBAAyB,EAAE7B,CAAC,CACzB8B,MAAM,CAAC9B,CAAC,CAACM,MAAM,CAAC,CAAC,EAAES,sBAAsB,CAAC,CAC1Ca,QAAQ,CAAC;AACd,CAAC,CACH,CAAC;;AAED;AACA;AACA;;AAEA,OAAO,MAAMG,YAAY,GAAG/B,CAAC,CAACI,MAAM,CAAC;EACnC4B,iBAAiB,EAAEhC,CAAC,CAACM,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"names":["z","JWK","FederationEntityMetadata","DisplayConfig","object","name","string","locale","ClaimConfig","path","array","union","number","null","display","IssuanceErrorSupported","title","description","CredentialConfig","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","authentic_source","optional","issuance_errors_supported","record","IssuerConfig","credential_issuer","authorization_servers","tuple","pushed_authorization_request_endpoint","authorization_endpoint","token_endpoint","nonce_endpoint","status_assertion_endpoint","credential_endpoint","keys","credential_configurations_supported","federation_entity","credential_issuance_batch_size","encrypted_response_enc_values_supported","response_modes_supported"],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/IssuerConfig.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AACvB,SAASC,GAAG,QAAQ,oBAAoB;AACxC,SAASC,wBAAwB,QAAQ,6BAA6B;AAEtE,MAAMC,aAAa,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC7BC,IAAI,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;AACnB,CAAC,CAAC;AAEF,MAAME,WAAW,GAAGR,CAAC,CAACI,MAAM,CAAC;EAC3BK,IAAI,EAAET,CAAC,CAACU,KAAK,CAACV,CAAC,CAACW,KAAK,CAAC,CAACX,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACY,MAAM,CAAC,CAAC,EAAEZ,CAAC,CAACa,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAC1DC,OAAO,EAAEd,CAAC,CAACU,KAAK,CAACP,aAAa;AAChC,CAAC,CAAC;AAEF,MAAMY,sBAAsB,GAAGf,CAAC,CAACI,MAAM,CAAC;EACtCU,OAAO,EAAEd,CAAC,CAACU,KAAK,CACdV,CAAC,CAACI,MAAM,CAAC;IACPY,KAAK,EAAEhB,CAAC,CAACM,MAAM,CAAC,CAAC;IACjBW,WAAW,EAAEjB,CAAC,CAACM,MAAM,CAAC,CAAC;IACvBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;AAEF,MAAMY,gBAAgB,GAAGlB,CAAC,CAACmB,YAAY,CACrCnB,CAAC,CAACoB,kBAAkB,CAAC,QAAQ,EAAE,CAC7BpB,CAAC,CAACI,MAAM,CAAC;EAAEiB,MAAM,EAAErB,CAAC,CAACsB,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEvB,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DN,CAAC,CAACI,MAAM,CAAC;EAAEiB,MAAM,EAAErB,CAAC,CAACsB,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAExB,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFN,CAAC,CAACI,MAAM,CAAC;EACPqB,KAAK,EAAEzB,CAAC,CAACM,MAAM,CAAC,CAAC;EACjBQ,OAAO,EAAEd,CAAC,CAACU,KAAK,CAACP,aAAa,CAAC;EAC/BuB,MAAM,EAAE1B,CAAC,CAACU,KAAK,CAACF,WAAW,CAAC;EAC5B;AACJ;AACA;EACImB,gBAAgB,EAAE3B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvC;AACJ;AACA;EACIC,yBAAyB,EAAE7B,CAAC,CACzB8B,MAAM,CAAC9B,CAAC,CAACM,MAAM,CAAC,CAAC,EAAES,sBAAsB,CAAC,CAC1Ca,QAAQ,CAAC;AACd,CAAC,CACH,CAAC;;AAED;AACA;AACA;;AAEA,OAAO,MAAMG,YAAY,GAAG/B,CAAC,CAACI,MAAM,CAAC;EACnC4B,iBAAiB,EAAEhC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC7B;AACF;AACA;AACA;AACA;EACE2B,qBAAqB,EAAEjC,CAAC,CAACkC,KAAK,CAAC,CAAClC,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,EAAEN,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACnEO,qCAAqC,EAAEnC,CAAC,CAACM,MAAM,CAAC,CAAC;EACjD8B,sBAAsB,EAAEpC,CAAC,CAACM,MAAM,CAAC,CAAC;EAClC+B,cAAc,EAAErC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC1BgC,cAAc,EAAEtC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC1BiC,yBAAyB,EAAEvC,CAAC,CAACM,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EAChDY,mBAAmB,EAAExC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC/BmC,IAAI,EAAEzC,CAAC,CAACU,KAAK,CAACT,GAAG,CAAC;EAClByC,mCAAmC,EAAE1C,CAAC,CAAC8B,MAAM,CAAC9B,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEY,gBAAgB,CAAC;EAC3EyB,iBAAiB,EAAEzC,wBAAwB;EAC3C0C,8BAA8B,EAAE5C,CAAC,CAACY,MAAM,CAAC,CAAC,CAACgB,QAAQ,CAAC,CAAC;EACrDiB,uCAAuC,EAAE7C,CAAC,CAACU,KAAK,CAACV,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvE;AACF;AACA;EACEkB,wBAAwB,EAAE9C,CAAC,CAACU,KAAK,CAACV,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;AACzD,CAAC,CAAC"}
|
|
@@ -6,6 +6,7 @@ export const evaluateIssuerTrust = async function (issuerUrl) {
|
|
|
6
6
|
const issuerMetadata = await fetchMetadata({
|
|
7
7
|
config: sdkConfigV1_3,
|
|
8
8
|
credentialIssuerUrl: issuerUrl,
|
|
9
|
+
authorizationServer: context.authorizationServer,
|
|
9
10
|
callbacks: {
|
|
10
11
|
fetch: context.appFetch
|
|
11
12
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["fetchMetadata","sdkConfigV1_3","mapToIssuerConfig","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","config","credentialIssuerUrl","callbacks","fetch","appFetch","issuerConf"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":"AAAA,SACEA,aAAa,QAER,2BAA2B;AAClC,SAASC,aAAa,QAAQ,uBAAuB;AAErD,SAASC,iBAAiB,QAAQ,WAAW;AAE7C,OAAO,MAAMC,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAMT,aAAa,CAAC;IAC1CU,MAAM,EAAET,aAAa;IACrBU,mBAAmB,EAAEP,SAAS;IAC9BQ,SAAS,EAAE;MACTC,KAAK,
|
|
1
|
+
{"version":3,"names":["fetchMetadata","sdkConfigV1_3","mapToIssuerConfig","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","config","credentialIssuerUrl","authorizationServer","callbacks","fetch","appFetch","issuerConf"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":"AAAA,SACEA,aAAa,QAER,2BAA2B;AAClC,SAASC,aAAa,QAAQ,uBAAuB;AAErD,SAASC,iBAAiB,QAAQ,WAAW;AAE7C,OAAO,MAAMC,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAMT,aAAa,CAAC;IAC1CU,MAAM,EAAET,aAAa;IACrBU,mBAAmB,EAAEP,SAAS;IAC9BQ,mBAAmB,EAAEP,OAAO,CAACO,mBAAmB;IAChDC,SAAS,EAAE;MACTC,KAAK,EAAET,OAAO,CAACU;IACjB;EACF,CAAC,CAA0B;EAE3B,OAAO;IAAEC,UAAU,EAAEd,iBAAiB,CAACO,cAAc;EAAE,CAAC;AAC1D,CAAC"}
|
|
@@ -10,7 +10,9 @@ export const startUserAuthorization = async (issuerConf, credentialIds, proof, c
|
|
|
10
10
|
wiaCryptoContext,
|
|
11
11
|
walletInstanceAttestation,
|
|
12
12
|
redirectUri,
|
|
13
|
-
appFetch = fetch
|
|
13
|
+
appFetch = fetch,
|
|
14
|
+
scope,
|
|
15
|
+
issuerState
|
|
14
16
|
} = ctx;
|
|
15
17
|
const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
|
|
16
18
|
if (!clientId) {
|
|
@@ -53,6 +55,11 @@ export const startUserAuthorization = async (issuerConf, credentialIds, proof, c
|
|
|
53
55
|
authorization_details: credentialDefinition,
|
|
54
56
|
codeChallengeMethodsSupported: ["S256"],
|
|
55
57
|
redirectUri,
|
|
58
|
+
// When the issuance is started from a Credential Offer, the `scope` and
|
|
59
|
+
// `issuer_state` carried by the authorization_code grant are forwarded to
|
|
60
|
+
// the PAR. They are `undefined` (and thus omitted) for the regular flow.
|
|
61
|
+
scope,
|
|
62
|
+
issuerState,
|
|
56
63
|
dpop: {
|
|
57
64
|
signer: wiaSigner
|
|
58
65
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["createPushedAuthorizationRequest","fetchPushedAuthorizationResponse","createClientAttestationPopJwt","v4","uuidv4","LogLevel","Logger","createSignJwtFromCryptoContext","partialCallbacks","IoWalletError","sdkConfigV1_3","selectCredentialDefinition","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","log","ERROR","credentialDefinition","map","c","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","wiaSigner","method","alg","publicJwk","signJwt","parRequest","config","callbacks","authorizationServerMetadata","require_signed_request_object","jti","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","dpop","signer","clientAttestationPoP","generateRandom","clientAttestation","authorizationServer","request_uri","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":"AAAA,SACEA,gCAAgC,EAChCC,gCAAgC,EAChCC,6BAA6B,QACxB,0BAA0B;AAEjC,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AAEzD,SACEC,8BAA8B,EAC9BC,gBAAgB,QACX,0BAA0B;AACjC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,0BAA0B,QAAQ,uCAAuC;AAElF,OAAO,MAAMC,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;
|
|
1
|
+
{"version":3,"names":["createPushedAuthorizationRequest","fetchPushedAuthorizationResponse","createClientAttestationPopJwt","v4","uuidv4","LogLevel","Logger","createSignJwtFromCryptoContext","partialCallbacks","IoWalletError","sdkConfigV1_3","selectCredentialDefinition","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","scope","issuerState","clientId","getPublicKey","then","_","kid","log","ERROR","credentialDefinition","map","c","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","wiaSigner","method","alg","publicJwk","signJwt","parRequest","config","callbacks","authorizationServerMetadata","require_signed_request_object","jti","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","dpop","signer","clientAttestationPoP","generateRandom","clientAttestation","authorizationServer","request_uri","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":"AAAA,SACEA,gCAAgC,EAChCC,gCAAgC,EAChCC,6BAA6B,QACxB,0BAA0B;AAEjC,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AAEzD,SACEC,8BAA8B,EAC9BC,gBAAgB,QACX,0BAA0B;AACjC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,0BAA0B,QAAQ,uCAAuC;AAElF,OAAO,MAAMC,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC,KAAK;IAChBC,KAAK;IACLC;EACF,CAAC,GAAGP,GAAG;EAEP,MAAMQ,QAAQ,GAAG,MAAMP,gBAAgB,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACblB,MAAM,CAACuB,GAAG,CACRxB,QAAQ,CAACyB,KAAK,EACb,kCAAiCN,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIf,aAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMsB,oBAAoB,GAAGjB,aAAa,CAACkB,GAAG,CAAEC,CAAC,IAC/CtB,0BAA0B,CAACE,UAAU,EAAEoB,CAAC,CAC1C,CAAC;EAED,IAAIlB,KAAK,CAACmB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMH,oBAAoB,CAACI,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAEtB,KAAK,CAACuB,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAErB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAMsB,SAAuB,GAAG;IAC9BC,MAAM,EAAE,KAAK;IACbC,GAAG,EAAE,OAAO;IACZC,SAAS,EAAE,MAAM3B,gBAAgB,CAACQ,YAAY,CAAC;EACjD,CAAC;EAED,MAAMoB,OAAO,GAAGtC,8BAA8B,CAACU,gBAAgB,CAAC;EAEhE,MAAM6B,UAAU,GAAG,MAAM9C,gCAAgC,CAAC;IACxD+C,MAAM,EAAErC,aAAa;IACrBsC,SAAS,EAAE;MACT,GAAGxC,gBAAgB;MACnBqC;IACF,CAAC;IACDI,2BAA2B,EAAE;MAC3BC,6BAA6B,EAAE;IACjC,CAAC;IACDC,GAAG,EAAE/C,MAAM,CAAC,CAAC;IACboB,QAAQ;IACR4B,QAAQ,EAAEvC,UAAU,CAACwC,iBAAiB;IACtCC,qBAAqB,EAAEvB,oBAAoB;IAC3CwB,6BAA6B,EAAE,CAAC,MAAM,CAAC;IACvCpC,WAAW;IACX;IACA;IACA;IACAG,KAAK;IACLC,WAAW;IACXiC,IAAI,EAAE;MACJC,MAAM,EAAEhB;IACV;EACF,CAAC,CAAC;EAEF,MAAMiB,oBAAoB,GAAG,MAAMxD,6BAA6B,CAAC;IAC/D6C,MAAM,EAAErC,aAAa;IACrBsC,SAAS,EAAE;MACTW,cAAc,EAAEnD,gBAAgB,CAACmD,cAAc;MAC/Cd;IACF,CAAC;IACDe,iBAAiB,EAAE1C,yBAAyB;IAC5C2C,mBAAmB,EAAEhD,UAAU,CAACwC,iBAAiB;IACjDI,MAAM,EAAEhB,SAAS;IACjBU,GAAG,EAAE/C,MAAM,CAAC;EACd,CAAC,CAAC;EAEF,MAAM;IAAE0D;EAAY,CAAC,GAAG,MAAM7D,gCAAgC,CAAC;IAC7D+C,SAAS,EAAE;MACT3B,KAAK,EAAED;IACT,CAAC;IACD2C,kCAAkC,EAChClD,UAAU,CAACmD,qCAAqC;IAClDC,0BAA0B,EAAEnB,UAAU;IACtCoB,qBAAqB,EAAER,oBAAoB;IAC3CS,iBAAiB,EAAEjD;EACrB,CAAC,CAAC;EAEF,OAAO;IACLkD,gBAAgB,EAAEN,WAAW;IAC7BtC,QAAQ;IACR6C,YAAY,EAAEvB,UAAU,CAACwB,gBAAgB;IACzCvC;EACF,CAAC;AACH,CAAC"}
|
|
@@ -103,7 +103,8 @@ export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject
|
|
|
103
103
|
};
|
|
104
104
|
export const completeEaaUserAuthorizationWithQueryMode = async function (requestObject, issuerConfig, pid, clientRedirectUri) {
|
|
105
105
|
let {
|
|
106
|
-
appFetch = fetch
|
|
106
|
+
appFetch = fetch,
|
|
107
|
+
fetchFinalRedirectUri
|
|
107
108
|
} = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : {};
|
|
108
109
|
Logger.log(LogLevel.DEBUG, "The requested credential is not a PID, completing the user authorization with query mode");
|
|
109
110
|
const authzResponse = await processPidPresentationAndCreateAuthzResponse({
|
|
@@ -127,13 +128,18 @@ export const completeEaaUserAuthorizationWithQueryMode = async function (request
|
|
|
127
128
|
Logger.log(LogLevel.ERROR, errorMessage);
|
|
128
129
|
throw new AuthorizationError(errorMessage);
|
|
129
130
|
}
|
|
130
|
-
|
|
131
|
-
if (
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
131
|
+
let finalRedirectUri;
|
|
132
|
+
if (fetchFinalRedirectUri) {
|
|
133
|
+
finalRedirectUri = await fetchFinalRedirectUri(redirect_uri);
|
|
134
|
+
} else {
|
|
135
|
+
const response = await appFetch(redirect_uri).catch(() => null);
|
|
136
|
+
if (!response || !response.ok) {
|
|
137
|
+
const errorMessage = `An error occurred while completing the authorization flow. Ensure ${clientRedirectUri} is a valid HTTP url for redirect`;
|
|
138
|
+
Logger.log(LogLevel.ERROR, errorMessage);
|
|
139
|
+
throw new AuthorizationError(errorMessage);
|
|
140
|
+
}
|
|
141
|
+
finalRedirectUri = response.url;
|
|
135
142
|
}
|
|
136
|
-
const finalRedirectUri = response.url;
|
|
137
143
|
if (!finalRedirectUri || !finalRedirectUri.startsWith(clientRedirectUri)) {
|
|
138
144
|
const errorMessage = `The authorization server did not redirect to the provided client redirect URI. Expected: ${clientRedirectUri}, got: ${finalRedirectUri}`;
|
|
139
145
|
Logger.log(LogLevel.ERROR, errorMessage);
|