@pagopa/io-react-native-wallet 3.4.4 → 3.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/README.md +10 -5
- package/lib/commonjs/credential/issuance/v1.0.0/03-complete-user-authorization.js +2 -3
- package/lib/commonjs/credential/issuance/v1.0.0/03-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/03-complete-user-authorization.js +7 -8
- package/lib/commonjs/credential/issuance/v1.3.3/03-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/presentation/api/types.js.map +1 -1
- package/lib/module/credential/issuance/README.md +10 -5
- package/lib/module/credential/issuance/v1.0.0/03-complete-user-authorization.js +2 -3
- package/lib/module/credential/issuance/v1.0.0/03-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/03-complete-user-authorization.js +7 -8
- package/lib/module/credential/issuance/v1.3.3/03-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/presentation/api/types.js.map +1 -1
- package/lib/typescript/credential/issuance/api/03-complete-user-authorization.d.ts +9 -6
- package/lib/typescript/credential/issuance/api/03-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/api/index.d.ts +1 -0
- package/lib/typescript/credential/issuance/api/index.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.0.0/03-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/03-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/api/06-evaluate-dcql-query.d.ts +2 -3
- package/lib/typescript/credential/presentation/api/06-evaluate-dcql-query.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/api/types.d.ts +2 -0
- package/lib/typescript/credential/presentation/api/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/credential/issuance/README.md +10 -5
- package/src/credential/issuance/api/03-complete-user-authorization.ts +10 -6
- package/src/credential/issuance/api/index.ts +1 -0
- package/src/credential/issuance/v1.0.0/03-complete-user-authorization.ts +2 -8
- package/src/credential/issuance/v1.3.3/03-complete-user-authorization.ts +21 -19
- package/src/credential/presentation/api/06-evaluate-dcql-query.ts +2 -2
- package/src/credential/presentation/api/types.ts +3 -0
|
@@ -90,13 +90,13 @@ This process is initiated by the Authorization Server responding to the primary
|
|
|
90
90
|
|
|
91
91
|
Complete documentation for the MRTD PoP flow can be found here: [mrtd-pop](./mrtd-pop/README.md)
|
|
92
92
|
|
|
93
|
-
## Authentication through credentials (Query
|
|
93
|
+
## Authentication through credentials (Query Mode) - v1.3
|
|
94
94
|
|
|
95
|
-
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. Starting from IT-Wallet specifications v1.3, the EAA issuance flow uses the query mode to complete the user authorization. This is done through the `
|
|
95
|
+
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. Starting from IT-Wallet specifications v1.3, the EAA issuance flow uses the query mode to complete the user authorization. This is done through `getRequestedCredentialToBePresented`, followed by evaluating the returned `dcql_query` with `RemotePresentation.evaluateDcqlQuery`, and then by completing the authorization with `completeEaaUserAuthorizationWithQueryMode`.
|
|
96
96
|
|
|
97
97
|
## Authentication through credentials (Form Post JWT Mode) - v1.0
|
|
98
98
|
|
|
99
|
-
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. This is done through the `getRequestedCredentialToBePresented
|
|
99
|
+
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. This is done through the `getRequestedCredentialToBePresented`, followed by evaluating the returned `dcql_query` with `RemotePresentation.evaluateDcqlQuery`, and then by completing the authorization with `completeUserAuthorizationWithFormPostJwtMode` or `completeEaaUserAuthorizationWithQueryMode`.
|
|
100
100
|
|
|
101
101
|
The expected result from the authentication process is in `form_post.jwt` format as defined in [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)](https://openid.net/specs/oauth-v2-jarm.html#name-response-mode-form_postjwt).
|
|
102
102
|
|
|
@@ -188,6 +188,11 @@ const requestObject =
|
|
|
188
188
|
appFetch
|
|
189
189
|
);
|
|
190
190
|
|
|
191
|
+
const evaluatedDcqlQuery = await wallet.RemotePresentation.evaluateDcqlQuery(
|
|
192
|
+
requestObject.dcql_query,
|
|
193
|
+
[[pid.keyTag, pid.credential]]
|
|
194
|
+
);
|
|
195
|
+
|
|
191
196
|
let code: string;
|
|
192
197
|
if (responseMode === "form_post.jwt") {
|
|
193
198
|
// Complete the user authorization via form_post.jwt mode
|
|
@@ -195,7 +200,7 @@ if (responseMode === "form_post.jwt") {
|
|
|
195
200
|
await wallet.CredentialIssuance.completeUserAuthorizationWithFormPostJwtMode(
|
|
196
201
|
requestObject,
|
|
197
202
|
issuerConf,
|
|
198
|
-
|
|
203
|
+
evaluatedDcqlQuery,
|
|
199
204
|
{ wiaCryptoContext, appFetch }
|
|
200
205
|
));
|
|
201
206
|
} else {
|
|
@@ -204,7 +209,7 @@ if (responseMode === "form_post.jwt") {
|
|
|
204
209
|
await wallet.CredentialIssuance.completeEaaUserAuthorizationWithQueryMode(
|
|
205
210
|
requestObject,
|
|
206
211
|
issuerConf,
|
|
207
|
-
|
|
212
|
+
evaluatedDcqlQuery,
|
|
208
213
|
REDIRECT_URI,
|
|
209
214
|
{ appFetch }
|
|
210
215
|
));
|
|
@@ -83,19 +83,18 @@ const getRequestedCredentialToBePresented = async function (issuerRequestUri, cl
|
|
|
83
83
|
return requestObject.data.payload;
|
|
84
84
|
};
|
|
85
85
|
exports.getRequestedCredentialToBePresented = getRequestedCredentialToBePresented;
|
|
86
|
-
const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, _issuerConfig,
|
|
86
|
+
const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, _issuerConfig, evaluatedDcqlQuery, _ref) => {
|
|
87
87
|
let {
|
|
88
88
|
wiaCryptoContext,
|
|
89
89
|
appFetch = fetch
|
|
90
90
|
} = _ref;
|
|
91
91
|
_logging.Logger.log(_logging.LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, completing the user authorization with form_post.jwt mode`);
|
|
92
|
-
const dcqlQueryResult = await _v.RemotePresentation.evaluateDcqlQuery(requestObject.dcql_query, [pid]);
|
|
93
92
|
const authRequestObject = {
|
|
94
93
|
nonce: requestObject.nonce,
|
|
95
94
|
clientId: requestObject.client_id,
|
|
96
95
|
responseUri: requestObject.response_uri
|
|
97
96
|
};
|
|
98
|
-
const remotePresentation = await _v.RemotePresentation.prepareRemotePresentations(
|
|
97
|
+
const remotePresentation = await _v.RemotePresentation.prepareRemotePresentations(evaluatedDcqlQuery, authRequestObject);
|
|
99
98
|
const authzResponsePayload = await createAuthzResponsePayload({
|
|
100
99
|
state: requestObject.state,
|
|
101
100
|
remotePresentation,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_auth","require","_misc","_parseUrl","_interopRequireDefault","_errors","_ioReactNativeJwt","_types","_decoder","_errors2","_logging","_types2","_v","obj","__esModule","default","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","Logger","log","LogLevel","DEBUG","query","parseUrl","authResParsed","AuthorizationChallengeResultShape","safeParse","success","authErr","AuthorizationErrorShape","ERROR","error","message","AuthorizationError","JSON","stringify","AuthorizationIdpError","data","error_description","exports","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completePidUserAuthorizationWithQueryMode","parseAuthorizationResponse","completeEaaUserAuthorizationWithQueryMode","UnimplementedFeatureError","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObject","method","then","hasStatusOrThrow","IssuerResponseError","res","text","jws","decode","reqObj","RawRequestObject","header","protectedHeader","payload","ValidationFailed","reason","completeUserAuthorizationWithFormPostJwtMode","_issuerConfig","
|
|
1
|
+
{"version":3,"names":["_auth","require","_misc","_parseUrl","_interopRequireDefault","_errors","_ioReactNativeJwt","_types","_decoder","_errors2","_logging","_types2","_v","obj","__esModule","default","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","Logger","log","LogLevel","DEBUG","query","parseUrl","authResParsed","AuthorizationChallengeResultShape","safeParse","success","authErr","AuthorizationErrorShape","ERROR","error","message","AuthorizationError","JSON","stringify","AuthorizationIdpError","data","error_description","exports","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completePidUserAuthorizationWithQueryMode","parseAuthorizationResponse","completeEaaUserAuthorizationWithQueryMode","UnimplementedFeatureError","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObject","method","then","hasStatusOrThrow","IssuerResponseError","res","text","jws","decode","reqObj","RawRequestObject","header","protectedHeader","payload","ValidationFailed","reason","completeUserAuthorizationWithFormPostJwtMode","_issuerConfig","evaluatedDcqlQuery","_ref","wiaCryptoContext","authRequestObject","nonce","responseUri","response_uri","remotePresentation","RemotePresentationFlow","prepareRemotePresentations","authzResponsePayload","createAuthzResponsePayload","state","body","response","resUriRes","headers","reqUri","json","ResponseUriResultShape","redirect_uri","getJwtFromFormPost","cbRes","decodedJwt","authRes","AuthorizationResultShape","_ref2","kid","getPublicKey","SignJWT","setProtectedHeader","typ","setPayload","vp_token","presentations","reduce","_ref3","credentialId","vpToken","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/03-complete-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAMA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,SAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAKA,IAAAK,iBAAA,GAAAL,OAAA;AAKA,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,QAAA,GAAAP,OAAA;AACA,IAAAQ,QAAA,GAAAR,OAAA;AACA,IAAAS,QAAA,GAAAT,OAAA;AACA,IAAAU,OAAA,GAAAV,OAAA;AACA,IAAAW,EAAA,GAAAX,OAAA;AAAyF,SAAAG,uBAAAS,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAIlF,MAAMG,6CAA2G,GACtH,MAAOC,eAAe,IAAK;EACzBC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,+HACH,CAAC;EACD,MAAMC,KAAK,GAAG,IAAAC,iBAAQ,EAACN,eAAe,CAAC,CAACK,KAAK;EAE7C,MAAME,aAAa,GAAGC,uCAAiC,CAACC,SAAS,CAACJ,KAAK,CAAC;EACxE,IAAI,CAACE,aAAa,CAACG,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAGC,6BAAuB,CAACH,SAAS,CAACJ,KAAK,CAAC;IACxD,IAAI,CAACM,OAAO,CAACD,OAAO,EAAE;MACpBT,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACU,KAAK,EACb,mDAAkDN,aAAa,CAACO,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIC,2BAAkB,CAACT,aAAa,CAACO,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAd,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACU,KAAK,EACb,2CAA0CI,IAAI,CAACC,SAAS,CAACP,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIQ,8BAAqB,CAC7BR,OAAO,CAACS,IAAI,CAACN,KAAK,EAClBH,OAAO,CAACS,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOd,aAAa,CAACa,IAAI;AAC3B,CAAC;AAACE,OAAA,CAAAvB,6CAAA,GAAAA,6CAAA;AAEG,MAAMwB,qBAA2D,GACtE,MAAAA,CAAOC,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAEC,OAAO,KAAK;EACzD,MAAMC,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXG,MAAM,CAACI,MAAM,CAAC,SAAS,EAAEP,OAAO,CAAC;EACnC;EAEA,MAAMQ,OAAO,GAAI,GAAEP,oBAAqB,IAAGE,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;AAACb,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAEG,MAAMa,yCAAmG,GAC9G,MAAOpC,eAAe,IAAK;EACzBC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2GACH,CAAC;EACD,MAAMC,KAAK,GAAG,IAAAC,iBAAQ,EAACN,eAAe,CAAC,CAACK,KAAK;EAE7C,OAAOgC,0BAA0B,CAAChC,KAAK,CAAC;AAC1C,CAAC;AAACiB,OAAA,CAAAc,yCAAA,GAAAA,yCAAA;AAEG,MAAME,yCAAmG,GAC9GA,CAAA,KAAM;EACJ,MAAM,IAAIC,iCAAyB,CACjC,2CAA2C,EAC3C,OACF,CAAC;AACH,CAAC;AAACjB,OAAA,CAAAgB,yCAAA,GAAAA,yCAAA;AAEG,MAAME,mCAAuF,GAClG,eAAAA,CAAOhB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBe,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D5C,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,sGACH,CAAC;EACD,MAAMwB,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEFvB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,oCAAmCwB,oBAAqB,IAAGE,MAAM,CAACgB,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMN,QAAQ,CACjC,GAAEb,oBAAqB,IAAGE,MAAM,CAACgB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAEK,GAAG,IAAK,IAAAC,wBAAM,EAACD,GAAG,CAAC,CAAC,CAC1BL,IAAI,CAAEO,MAAM,IACXC,wBAAgB,CAAChD,SAAS,CAAC;IACzBiD,MAAM,EAAEF,MAAM,CAACG,eAAe;IAC9BC,OAAO,EAAEJ,MAAM,CAACI;EAClB,CAAC,CACH,CAAC;EAEH,IAAI,CAACb,aAAa,CAACrC,OAAO,EAAE;IAC1BT,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACU,KAAK,EACb,+CAA8CkC,aAAa,CAACjC,KAAK,CAACC,OAAQ,EAC7E,CAAC;IACD,MAAM,IAAI8C,wBAAgB,CAAC;MACzB9C,OAAO,EAAE,kCAAkC;MAC3C+C,MAAM,EAAEf,aAAa,CAACjC,KAAK,CAACC;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOgC,aAAa,CAAC3B,IAAI,CAACwC,OAAO;AACnC,CAAC;AAACtC,OAAA,CAAAkB,mCAAA,GAAAA,mCAAA;AAEG,MAAMuB,4CAAyG,GACpH,MAAAA,CACEhB,aAAa,EACbiB,aAAa,EACbC,kBAAkB,EAAAC,IAAA,KAEf;EAAA,IADH;IAAEC,gBAAgB;IAAE1B,QAAQ,GAAGI;EAAM,CAAC,GAAAqB,IAAA;EAEtCjE,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,sHACH,CAAC;EAED,MAAMgE,iBAAiB,GAAG;IACxBC,KAAK,EAAEtB,aAAa,CAACsB,KAAK;IAC1B5C,QAAQ,EAAEsB,aAAa,CAACf,SAAS;IACjCsC,WAAW,EAAEvB,aAAa,CAACwB;EAC7B,CAAC;EAED,MAAMC,kBAAkB,GACtB,MAAMC,qBAAsB,CAACC,0BAA0B,CACrDT,kBAAkB,EAClBG,iBACF,CAAC;EAEH,MAAMO,oBAAoB,GAAG,MAAMC,0BAA0B,CAAC;IAC5DC,KAAK,EAAE9B,aAAa,CAAC8B,KAAK;IAC1BL,kBAAkB;IAClBL;EACF,CAAC,CAAC;EAEFlE,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0BuE,oBAAqB,EAClD,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAMG,IAAI,GAAG,IAAI/C,eAAe,CAAC;IAC/BgD,QAAQ,EAAEJ;EACZ,CAAC,CAAC,CAAC7B,QAAQ,CAAC,CAAC;EAEb,MAAMkC,SAAS,GAAG,MAAMvC,QAAQ,CAACM,aAAa,CAACwB,YAAY,EAAE;IAC3DvB,MAAM,EAAE,MAAM;IACdiC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC7B,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEiC,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMb,WAAW,GAAGc,6BAAsB,CAAC3E,SAAS,CAACuE,SAAS,CAAC;EAC/D,IAAI,CAACV,WAAW,CAAC5D,OAAO,EAAE;IACxBT,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACU,KAAK,EACb,4CAA2CyD,WAAW,CAACxD,KAAK,CAACC,OAAQ,EACxE,CAAC;IACD,MAAM,IAAI8C,wBAAgB,CAAC;MACzB9C,OAAO,EAAE,gCAAgC;MACzC+C,MAAM,EAAEQ,WAAW,CAACxD,KAAK,CAACC;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAM0B,QAAQ,CAAC6B,WAAW,CAAClD,IAAI,CAACiE,YAAY,CAAC,CACjDpC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAACqC,2BAAkB,CAAC,CACxBrC,IAAI,CAAEsC,KAAK,IAAKlD,0BAA0B,CAACkD,KAAK,CAACC,UAAU,CAAC5B,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANAtC,OAAA,CAAAyC,4CAAA,GAAAA,4CAAA;AAOO,MAAM1B,0BAA0B,GACrCoD,OAAgB,IACQ;EACxB,MAAMlF,aAAa,GAAGmF,8BAAwB,CAACjF,SAAS,CAACgF,OAAO,CAAC;EACjE,IAAI,CAAClF,aAAa,CAACG,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAGC,6BAAuB,CAACH,SAAS,CAACgF,OAAO,CAAC;IAC1D,IAAI,CAAC9E,OAAO,CAACD,OAAO,EAAE;MACpBT,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACU,KAAK,EACb,mDAAkDN,aAAa,CAACO,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIC,2BAAkB,CAACT,aAAa,CAACO,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAd,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACU,KAAK,EACb,2CAA0CI,IAAI,CAACC,SAAS,CAACP,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIQ,8BAAqB,CAC7BR,OAAO,CAACS,IAAI,CAACN,KAAK,EAClBH,OAAO,CAACS,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOd,aAAa,CAACa,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAE,OAAA,CAAAe,0BAAA,GAAAA,0BAAA;AAQA,MAAMuC,0BAA0B,GAAG,MAAAe,KAAA,IAQZ;EAAA,IARmB;IACxCd,KAAK;IACLL,kBAAkB;IAClBL;EAKF,CAAC,GAAAwB,KAAA;EACC,MAAM;IAAEC;EAAI,CAAC,GAAG,MAAMzB,gBAAgB,CAAC0B,YAAY,CAAC,CAAC;EAErD,OAAO,IAAIC,yBAAO,CAAC3B,gBAAgB,CAAC,CACjC4B,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVJ;EACF,CAAC,CAAC,CACDK,UAAU,CAAC;IACV;AACN;AACA;AACA;AACA;IACM,IAAIpB,KAAK,GAAG;MAAEA;IAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3BqB,QAAQ,EAAE1B,kBAAkB,CAAC2B,aAAa,CAACC,MAAM,CAC/C,CAACF,QAAQ,EAAAG,KAAA;MAAA,IAAE;QAAEC,YAAY;QAAEC;MAAQ,CAAC,GAAAF,KAAA;MAAA,OAAM;QACxC,GAAGH,QAAQ;QACX,CAACI,YAAY,GAAGC;MAClB,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC"}
|
|
@@ -79,7 +79,7 @@ const getRequestedCredentialToBePresented = async function (issuerRequestUri, cl
|
|
|
79
79
|
|
|
80
80
|
// NOTE: this function is not used in the 1.3 issuance flow. It may be removed in the future.
|
|
81
81
|
exports.getRequestedCredentialToBePresented = getRequestedCredentialToBePresented;
|
|
82
|
-
const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, issuerConfig,
|
|
82
|
+
const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, issuerConfig, evaluatedDcqlQuery, _ref) => {
|
|
83
83
|
let {
|
|
84
84
|
appFetch = fetch
|
|
85
85
|
} = _ref;
|
|
@@ -87,7 +87,7 @@ const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, issue
|
|
|
87
87
|
const authzResponse = await processPidPresentationAndCreateAuthzResponse({
|
|
88
88
|
requestObject,
|
|
89
89
|
issuerConfig,
|
|
90
|
-
|
|
90
|
+
evaluatedDcqlQuery
|
|
91
91
|
});
|
|
92
92
|
_logging.Logger.log(_logging.LogLevel.DEBUG, `Authz response: ${authzResponse}`);
|
|
93
93
|
const issuerSigKey = issuerConfig.keys.find(key => key.use === "sig");
|
|
@@ -113,7 +113,7 @@ const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, issue
|
|
|
113
113
|
});
|
|
114
114
|
};
|
|
115
115
|
exports.completeUserAuthorizationWithFormPostJwtMode = completeUserAuthorizationWithFormPostJwtMode;
|
|
116
|
-
const completeEaaUserAuthorizationWithQueryMode = async function (requestObject, issuerConfig,
|
|
116
|
+
const completeEaaUserAuthorizationWithQueryMode = async function (requestObject, issuerConfig, evaluatedDcqlQuery, clientRedirectUri) {
|
|
117
117
|
let {
|
|
118
118
|
appFetch = fetch,
|
|
119
119
|
fetchFinalRedirectUri
|
|
@@ -122,7 +122,7 @@ const completeEaaUserAuthorizationWithQueryMode = async function (requestObject,
|
|
|
122
122
|
const authzResponse = await processPidPresentationAndCreateAuthzResponse({
|
|
123
123
|
requestObject,
|
|
124
124
|
issuerConfig,
|
|
125
|
-
|
|
125
|
+
evaluatedDcqlQuery
|
|
126
126
|
});
|
|
127
127
|
_logging.Logger.log(_logging.LogLevel.DEBUG, `Authz response: ${JSON.stringify(authzResponse)}`);
|
|
128
128
|
const {
|
|
@@ -187,7 +187,7 @@ const parseAuthorizationResponse = authRes => {
|
|
|
187
187
|
* Utility function to process the DCQL query for PID presentation and to create the authorization response to send to the Issuer.
|
|
188
188
|
* @param params.requestObject - The request object containing the DCQL query
|
|
189
189
|
* @param params.issuerConfig - The Issuer unified configuration
|
|
190
|
-
* @param params.
|
|
190
|
+
* @param params.evaluatedDcqlQuery - Credentials that satisfy the request object's DCQL query
|
|
191
191
|
* @returns The authorization response containing the JARM to be sent to the Issuer
|
|
192
192
|
*/
|
|
193
193
|
exports.parseAuthorizationResponse = parseAuthorizationResponse;
|
|
@@ -195,10 +195,9 @@ const processPidPresentationAndCreateAuthzResponse = async _ref2 => {
|
|
|
195
195
|
let {
|
|
196
196
|
requestObject,
|
|
197
197
|
issuerConfig,
|
|
198
|
-
|
|
198
|
+
evaluatedDcqlQuery
|
|
199
199
|
} = _ref2;
|
|
200
|
-
const
|
|
201
|
-
const remotePresentation = await _v.RemotePresentation.prepareRemotePresentations(dcqlQueryResult, {
|
|
200
|
+
const remotePresentation = await _v.RemotePresentation.prepareRemotePresentations(evaluatedDcqlQuery, {
|
|
202
201
|
clientId: requestObject.client_id,
|
|
203
202
|
nonce: requestObject.nonce,
|
|
204
203
|
responseUri: requestObject.response_uri
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_auth","require","_parseUrl","_interopRequireDefault","_ioWalletOid4vp","_ioWalletOid4vci","_ioWalletOauth","_errors","_logging","_v","_callbacks","_config","_errors2","_mappers","_misc","obj","__esModule","default","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","Logger","log","LogLevel","DEBUG","parsedChallenge","parseMrtdChallenge","redirectUrl","challenge_info","challengeJwt","err","errorMessage","Error","message","ERROR","AuthorizationError","exports","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completePidUserAuthorizationWithQueryMode","query","parseUrl","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObjectJwt","method","then","hasStatusOrThrow","IssuerResponseError","res","text","parsedAuthRequest","parseAuthorizeRequest","config","sdkConfigV1_3","callbacks","verifyJwt","createVerifyJwtFromJwks","keys","mapToRequestObject","completeUserAuthorizationWithFormPostJwtMode","requestObject","issuerConfig","
|
|
1
|
+
{"version":3,"names":["_auth","require","_parseUrl","_interopRequireDefault","_ioWalletOid4vp","_ioWalletOid4vci","_ioWalletOauth","_errors","_logging","_v","_callbacks","_config","_errors2","_mappers","_misc","obj","__esModule","default","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","Logger","log","LogLevel","DEBUG","parsedChallenge","parseMrtdChallenge","redirectUrl","challenge_info","challengeJwt","err","errorMessage","Error","message","ERROR","AuthorizationError","exports","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completePidUserAuthorizationWithQueryMode","query","parseUrl","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObjectJwt","method","then","hasStatusOrThrow","IssuerResponseError","res","text","parsedAuthRequest","parseAuthorizeRequest","config","sdkConfigV1_3","callbacks","verifyJwt","createVerifyJwtFromJwks","keys","mapToRequestObject","completeUserAuthorizationWithFormPostJwtMode","requestObject","issuerConfig","evaluatedDcqlQuery","_ref","authzResponse","processPidPresentationAndCreateAuthzResponse","issuerSigKey","find","key","use","IoWalletError","sendAuthorizationResponseAndExtractCode","authorizationResponseJarm","jarm","responseJwe","partialCallbacks","iss","state","presentationResponseUri","response_uri","signer","alg","publicJwk","completeEaaUserAuthorizationWithQueryMode","clientRedirectUri","fetchFinalRedirectUri","JSON","stringify","redirect_uri","fetchAuthorizationResponse","finalRedirectUri","response","catch","ok","url","startsWith","authRes","authResParsed","AuthorizationResultShape","safeParse","success","authErr","AuthorizationErrorShape","error","AuthorizationIdpError","data","error_description","_ref2","remotePresentation","RemotePresentationFlow","prepareRemotePresentations","nonce","responseUri","vp_token","presentations","reduce","acc","_ref3","credentialId","vpToken","createAuthorizationResponse","sdkConfigV1_4","rpJwks","jwks","encrypted_response_enc_values_supported","encryptJwe","generateRandom"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/03-complete-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAKA,IAAAC,SAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAMA,IAAAI,gBAAA,GAAAJ,OAAA;AAEA,IAAAK,cAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,QAAA,GAAAP,OAAA;AACA,IAAAQ,EAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AAIA,IAAAU,OAAA,GAAAV,OAAA;AACA,IAAAW,QAAA,GAAAX,OAAA;AAEA,IAAAY,QAAA,GAAAZ,OAAA;AAEA,IAAAa,KAAA,GAAAb,OAAA;AAAuD,SAAAE,uBAAAY,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAEhD,MAAMG,6CAA2G,GACtH,MAAOC,eAAe,IAAK;EACzBC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACd,0GACF,CAAC;EACD,IAAI;IACF,MAAMC,eAAe,GAAG,IAAAC,iCAAkB,EAAC;MACzCC,WAAW,EAAEP;IACf,CAAC,CAAC;IACF,OAAO;MAAEQ,cAAc,EAAEH,eAAe,CAACI;IAAa,CAAC;EACzD,CAAC,CAAC,OAAOC,GAAG,EAAE;IACZ,MAAMC,YAAY,GAChBD,GAAG,YAAYE,KAAK,GAAGF,GAAG,CAACG,OAAO,GAAG,+BAA+B;IACtEZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACW,KAAK,EACb,mDAAkDH,YAAa,EAClE,CAAC;IACD,MAAM,IAAII,0BAAkB,CAACJ,YAAY,CAAC;EAC5C;AACF,CAAC;AAACK,OAAA,CAAAjB,6CAAA,GAAAA,6CAAA;AAEG,MAAMkB,qBAA2D,GACtE,MAAAA,CAAOC,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAEC,OAAO,KAAK;EACzD,MAAMC,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXG,MAAM,CAACI,MAAM,CAAC,SAAS,EAAEP,OAAO,CAAC;EACnC;EAEA,MAAMQ,OAAO,GAAI,GAAEP,oBAAqB,IAAGE,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;AAACb,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAEG,MAAMa,yCAAmG,GAC9G,MAAO9B,eAAe,IAAK;EACzBC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACd,sFACF,CAAC;EACD,MAAM2B,KAAK,GAAG,IAAAC,iBAAQ,EAAChC,eAAe,CAAC,CAAC+B,KAAK;EAE7C,OAAOE,0BAA0B,CAACF,KAAK,CAAC;AAC1C,CAAC;AAACf,OAAA,CAAAc,yCAAA,GAAAA,yCAAA;AAEG,MAAMI,mCAAuF,GAClG,eAAAA,CAAOhB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBe,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7DtC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACd,kFACF,CAAC;EAED,MAAMkB,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEFjB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,oCAAmCkB,oBAAqB,IAAGE,MAAM,CAACgB,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,gBAAgB,GAAG,MAAMN,QAAQ,CACpC,GAAEb,oBAAqB,IAAGE,MAAM,CAACgB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,4BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,MAAMC,iBAAiB,GAAG,MAAM,IAAAC,qCAAqB,EAAC;IACpDC,MAAM,EAAEC,qBAAa;IACrBV,gBAAgB;IAChBW,SAAS,EAAE;MACTC,SAAS,EAAE,IAAAC,kCAAuB,EAAClC,UAAU,CAACmC,IAAI;IACpD;EACF,CAAC,CAAC;EAEF,OAAO,IAAAC,2BAAkB,EAACR,iBAAiB,CAAC;AAC9C,CAAC;;AAEH;AAAAhC,OAAA,CAAAkB,mCAAA,GAAAA,mCAAA;AACO,MAAMuB,4CAAyG,GACpH,MAAAA,CACEC,aAAa,EACbC,YAAY,EACZC,kBAAkB,EAAAC,IAAA,KAEf;EAAA,IADH;IAAE1B,QAAQ,GAAGI;EAAM,CAAC,GAAAsB,IAAA;EAEpB5D,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACd,kGACF,CAAC;EAED,MAAM0D,aAAa,GAAG,MAAMC,4CAA4C,CAAC;IACvEL,aAAa;IACbC,YAAY;IACZC;EACF,CAAC,CAAC;EAEF3D,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,mBAAkB0D,aAAc,EAAC,CAAC;EAE9D,MAAME,YAAY,GAAGL,YAAY,CAACJ,IAAI,CAACU,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EACvE,IAAI,CAACH,YAAY,EAAE;IACjB,MAAMrD,YAAY,GAAG,gDAAgD;IACrEV,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACW,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAIyD,sBAAa,CAACzD,YAAY,CAAC;EACvC;EAEA,OAAO,IAAA0D,wDAAuC,EAAC;IAC7CC,yBAAyB,EAAER,aAAa,CAACS,IAAI,CAACC,WAAW;IACzDpB,SAAS,EAAE;MACT,GAAGqB,2BAAgB;MACnBlC,KAAK,EAAEJ;IACT,CAAC;IACDuC,GAAG,EAAEhB,aAAa,CAACgB,GAAG;IACtBC,KAAK,EAAEjB,aAAa,CAACiB,KAAK,IAAI,EAAE;IAChCC,uBAAuB,EAAElB,aAAa,CAACmB,YAAY;IACnDC,MAAM,EAAE;MACNC,GAAG,EAAE,OAAO;MACZrC,MAAM,EAAE,KAAK;MACbsC,SAAS,EAAEhB;IACb;EACF,CAAC,CAAC;AACJ,CAAC;AAAChD,OAAA,CAAAyC,4CAAA,GAAAA,4CAAA;AAEG,MAAMwB,yCAAmG,GAC9G,eAAAA,CACEvB,aAAa,EACbC,YAAY,EACZC,kBAAkB,EAClBsB,iBAAiB,EAEd;EAAA,IADH;IAAE/C,QAAQ,GAAGI,KAAK;IAAE4C;EAAsB,CAAC,GAAA/C,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEhDnC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACd,0FACF,CAAC;EAED,MAAM0D,aAAa,GAAG,MAAMC,4CAA4C,CAAC;IACvEL,aAAa;IACbC,YAAY;IACZC;EACF,CAAC,CAAC;EAEF3D,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,mBAAkBgF,IAAI,CAACC,SAAS,CAACvB,aAAa,CAAE,EACnD,CAAC;EAED,MAAM;IAAEwB;EAAa,CAAC,GAAG,MAAM,IAAAC,0CAA0B,EAAC;IACxDjB,yBAAyB,EAAER,aAAa,CAACS,IAAI,CAACC,WAAW;IACzDI,uBAAuB,EAAElB,aAAa,CAACmB,YAAY;IACnDzB,SAAS,EAAE;MACT,GAAGqB,2BAAgB;MACnBlC,KAAK,EAAEJ;IACT;EACF,CAAC,CAAC;EAEF,IAAI,CAACmD,YAAY,EAAE;IACjB,MAAM3E,YAAY,GAChB,2FAA2F;IAC7FV,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACW,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAII,0BAAkB,CAACJ,YAAY,CAAC;EAC5C;EAEA,IAAI6E,gBAAoC;EAExC,IAAIL,qBAAqB,EAAE;IACzBK,gBAAgB,GAAG,MAAML,qBAAqB,CAACG,YAAY,CAAC;EAC9D,CAAC,MAAM;IACL,MAAMG,QAAQ,GAAG,MAAMtD,QAAQ,CAACmD,YAAY,CAAC,CAACI,KAAK,CAAC,MAAM,IAAI,CAAC;IAC/D,IAAI,CAACD,QAAQ,IAAI,CAACA,QAAQ,CAACE,EAAE,EAAE;MAC7B,MAAMhF,YAAY,GAAI,qEAAoEuE,iBAAkB,mCAAkC;MAC9IjF,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACW,KAAK,EAAEH,YAAY,CAAC;MACxC,MAAM,IAAII,0BAAkB,CAACJ,YAAY,CAAC;IAC5C;IACA6E,gBAAgB,GAAGC,QAAQ,CAACG,GAAG;EACjC;EAEA,IAAI,CAACJ,gBAAgB,IAAI,CAACA,gBAAgB,CAACK,UAAU,CAACX,iBAAiB,CAAC,EAAE;IACxE,MAAMvE,YAAY,GAAI,4FAA2FuE,iBAAkB,UAASM,gBAAiB,EAAC;IAC9JvF,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACW,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAII,0BAAkB,CAACJ,YAAY,CAAC;EAC5C;EAEA,OAAOsB,0BAA0B,CAAC,IAAAD,iBAAQ,EAACwD,gBAAgB,CAAC,CAACzD,KAAK,CAAC;AACrE,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANAf,OAAA,CAAAiE,yCAAA,GAAAA,yCAAA;AAOO,MAAMhD,0BAA0B,GACrC6D,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGC,8BAAwB,CAACC,SAAS,CAACH,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACG,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAGC,6BAAuB,CAACH,SAAS,CAACH,OAAO,CAAC;IAC1D,IAAI,CAACK,OAAO,CAACD,OAAO,EAAE;MACpBjG,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACW,KAAK,EACb,mDAAkDiF,aAAa,CAACM,KAAK,CAACxF,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIE,0BAAkB,CAACgF,aAAa,CAACM,KAAK,CAACxF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACW,KAAK,EACb,2CAA0CsE,IAAI,CAACC,SAAS,CAACc,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIG,6BAAqB,CAC7BH,OAAO,CAACI,IAAI,CAACF,KAAK,EAClBF,OAAO,CAACI,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOT,aAAa,CAACQ,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAvF,OAAA,CAAAiB,0BAAA,GAAAA,0BAAA;AAOA,MAAM8B,4CAA4C,GAAG,MAAA0C,KAAA,IAQH;EAAA,IARU;IAC1D/C,aAAa;IACbC,YAAY;IACZC;EAKF,CAAC,GAAA6C,KAAA;EACC,MAAMC,kBAAkB,GACtB,MAAMC,qBAAsB,CAACC,0BAA0B,CACrDhD,kBAAkB,EAClB;IACEzC,QAAQ,EAAEuC,aAAa,CAAChC,SAAS;IACjCmF,KAAK,EAAEnD,aAAa,CAACmD,KAAK;IAC1BC,WAAW,EAAEpD,aAAa,CAACmB;EAC7B,CACF,CAAC;EAEH,MAAMkC,QAAQ,GAAGL,kBAAkB,CAACM,aAAa,CAACC,MAAM,CACtD,CAACC,GAAG,EAAAC,KAAA;IAAA,IAAE;MAAEC,YAAY;MAAEC;IAAQ,CAAC,GAAAF,KAAA;IAAA,OAAM;MAAE,GAAGD,GAAG;MAAE,CAACE,YAAY,GAAG,CAACC,OAAO;IAAE,CAAC;EAAA,CAAC,EAC3E,CAAC,CACH,CAAC;EAED,OAAO,IAAAC,2CAA2B,EAAC;IACjC;IACA;IACApE,MAAM,EAAEqE,qBAAa;IACrB7D,aAAa;IACb8D,MAAM,EAAE;MACNC,IAAI,EAAE;QAAElE,IAAI,EAAEI,YAAY,CAACJ;MAAK,CAAkB;MAClDmE,uCAAuC,EACrC/D,YAAY,CAAC+D;IACjB,CAAC;IACDX,QAAQ;IACR3D,SAAS,EAAE;MACTuE,UAAU,EAAElD,2BAAgB,CAACkD,UAAU;MACvCC,cAAc,EAAEnD,2BAAgB,CAACmD;IACnC;EACF,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","PresentationParams","object","client_id","string","nonempty","request","optional","request_uri","url","request_uri_method","enum","state","exports","WalletMetadata","authorization_endpoint","client_id_schemes_supported","array","client_id_prefixes_supported","response_types_supported","response_modes_supported","request_object_signing_alg_values_supported","vp_formats_supported","record","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","ErrorResponse"],"sourceRoot":"../../../../../src","sources":["credential/presentation/api/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","PresentationParams","object","client_id","string","nonempty","request","optional","request_uri","url","request_uri_method","enum","state","exports","WalletMetadata","authorization_endpoint","client_id_schemes_supported","array","client_id_prefixes_supported","response_types_supported","response_modes_supported","request_object_signing_alg_values_supported","vp_formats_supported","record","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","ErrorResponse"],"sourceRoot":"../../../../../src","sources":["credential/presentation/api/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAOlB,MAAMW,kBAAkB,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EACzCC,SAAS,EAAE3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAChCC,OAAO,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BC,WAAW,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,GAAG,CAAC,CAAC,CAACF,QAAQ,CAAC,CAAC;EACxCG,kBAAkB,EAAElC,CAAC,CAACmC,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EACtDK,KAAK,EAAEpC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AAC7B,CAAC,CAAC;AAACM,OAAA,CAAAZ,kBAAA,GAAAA,kBAAA;AAGI,MAAMa,cAAc,GAAGtC,CAAC,CAAC0B,MAAM,CAAC;EACrCa,sBAAsB,EAAEvC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,GAAG,CAAC,CAAC;EACxCO,2BAA2B,EAAExC,CAAC,CAACyC,KAAK,CAACzC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3DW,4BAA4B,EAAE1C,CAAC,CAACyC,KAAK,CAACzC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5DY,wBAAwB,EAAE3C,CAAC,CAACyC,KAAK,CAACzC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EACxDa,wBAAwB,EAAE5C,CAAC,CAACyC,KAAK,CAACzC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EACxDc,2CAA2C,EAAE7C,CAAC,CAACyC,KAAK,CAACzC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3Ee,oBAAoB,EAAE9C,CAAC,CAAC+C,MAAM,CAC5B/C,CAAC,CAAC4B,MAAM,CAAC,CAAC,EACV5B,CAAC,CAAC0B,MAAM,CAAC;IACP,mBAAmB,EAAE1B,CAAC,CAACyC,KAAK,CAACzC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;EACvD,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AAHAM,OAAA,CAAAC,cAAA,GAAAA,cAAA;AAOO,MAAMU,+BAA+B,GAAGhD,CAAC,CAAC0B,MAAM,CAAC;EACtDuB,eAAe,EAAEX,cAAc;EAC/BY,YAAY,EAAElD,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AAJAM,OAAA,CAAAW,+BAAA,GAAAA,+BAAA;AAMO,MAAMG,aAAa,GAAGnD,CAAC,CAACmC,IAAI,CAAC,CAClC,wBAAwB,EACxB,qBAAqB,EACrB,0BAA0B,EAC1B,iBAAiB,EACjB,eAAe,EACf,gBAAgB,CACjB,CAAC;;AAMF;AACA;AACA;AACA;;AAeA;AACA;AACA;;AAeA;AACA;AACA;;AAWA;AACA;AACA;;AAKA;AACA;AACA;AACA;;AAKA;AACA;AACA;AAFAE,OAAA,CAAAc,aAAA,GAAAA,aAAA"}
|
|
@@ -90,13 +90,13 @@ This process is initiated by the Authorization Server responding to the primary
|
|
|
90
90
|
|
|
91
91
|
Complete documentation for the MRTD PoP flow can be found here: [mrtd-pop](./mrtd-pop/README.md)
|
|
92
92
|
|
|
93
|
-
## Authentication through credentials (Query
|
|
93
|
+
## Authentication through credentials (Query Mode) - v1.3
|
|
94
94
|
|
|
95
|
-
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. Starting from IT-Wallet specifications v1.3, the EAA issuance flow uses the query mode to complete the user authorization. This is done through the `
|
|
95
|
+
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. Starting from IT-Wallet specifications v1.3, the EAA issuance flow uses the query mode to complete the user authorization. This is done through `getRequestedCredentialToBePresented`, followed by evaluating the returned `dcql_query` with `RemotePresentation.evaluateDcqlQuery`, and then by completing the authorization with `completeEaaUserAuthorizationWithQueryMode`.
|
|
96
96
|
|
|
97
97
|
## Authentication through credentials (Form Post JWT Mode) - v1.0
|
|
98
98
|
|
|
99
|
-
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. This is done through the `getRequestedCredentialToBePresented
|
|
99
|
+
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. This is done through the `getRequestedCredentialToBePresented`, followed by evaluating the returned `dcql_query` with `RemotePresentation.evaluateDcqlQuery`, and then by completing the authorization with `completeUserAuthorizationWithFormPostJwtMode` or `completeEaaUserAuthorizationWithQueryMode`.
|
|
100
100
|
|
|
101
101
|
The expected result from the authentication process is in `form_post.jwt` format as defined in [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)](https://openid.net/specs/oauth-v2-jarm.html#name-response-mode-form_postjwt).
|
|
102
102
|
|
|
@@ -188,6 +188,11 @@ const requestObject =
|
|
|
188
188
|
appFetch
|
|
189
189
|
);
|
|
190
190
|
|
|
191
|
+
const evaluatedDcqlQuery = await wallet.RemotePresentation.evaluateDcqlQuery(
|
|
192
|
+
requestObject.dcql_query,
|
|
193
|
+
[[pid.keyTag, pid.credential]]
|
|
194
|
+
);
|
|
195
|
+
|
|
191
196
|
let code: string;
|
|
192
197
|
if (responseMode === "form_post.jwt") {
|
|
193
198
|
// Complete the user authorization via form_post.jwt mode
|
|
@@ -195,7 +200,7 @@ if (responseMode === "form_post.jwt") {
|
|
|
195
200
|
await wallet.CredentialIssuance.completeUserAuthorizationWithFormPostJwtMode(
|
|
196
201
|
requestObject,
|
|
197
202
|
issuerConf,
|
|
198
|
-
|
|
203
|
+
evaluatedDcqlQuery,
|
|
199
204
|
{ wiaCryptoContext, appFetch }
|
|
200
205
|
));
|
|
201
206
|
} else {
|
|
@@ -204,7 +209,7 @@ if (responseMode === "form_post.jwt") {
|
|
|
204
209
|
await wallet.CredentialIssuance.completeEaaUserAuthorizationWithQueryMode(
|
|
205
210
|
requestObject,
|
|
206
211
|
issuerConf,
|
|
207
|
-
|
|
212
|
+
evaluatedDcqlQuery,
|
|
208
213
|
REDIRECT_URI,
|
|
209
214
|
{ appFetch }
|
|
210
215
|
));
|
|
@@ -71,19 +71,18 @@ export const getRequestedCredentialToBePresented = async function (issuerRequest
|
|
|
71
71
|
}
|
|
72
72
|
return requestObject.data.payload;
|
|
73
73
|
};
|
|
74
|
-
export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, _issuerConfig,
|
|
74
|
+
export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, _issuerConfig, evaluatedDcqlQuery, _ref) => {
|
|
75
75
|
let {
|
|
76
76
|
wiaCryptoContext,
|
|
77
77
|
appFetch = fetch
|
|
78
78
|
} = _ref;
|
|
79
79
|
Logger.log(LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, completing the user authorization with form_post.jwt mode`);
|
|
80
|
-
const dcqlQueryResult = await RemotePresentationFlow.evaluateDcqlQuery(requestObject.dcql_query, [pid]);
|
|
81
80
|
const authRequestObject = {
|
|
82
81
|
nonce: requestObject.nonce,
|
|
83
82
|
clientId: requestObject.client_id,
|
|
84
83
|
responseUri: requestObject.response_uri
|
|
85
84
|
};
|
|
86
|
-
const remotePresentation = await RemotePresentationFlow.prepareRemotePresentations(
|
|
85
|
+
const remotePresentation = await RemotePresentationFlow.prepareRemotePresentations(evaluatedDcqlQuery, authRequestObject);
|
|
87
86
|
const authzResponsePayload = await createAuthzResponsePayload({
|
|
88
87
|
state: requestObject.state,
|
|
89
88
|
remotePresentation,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["AuthorizationChallengeResultShape","AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","UnimplementedFeatureError","ValidationFailed","decode","SignJWT","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","LogLevel","Logger","RawRequestObject","RemotePresentation","RemotePresentationFlow","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","log","DEBUG","query","authResParsed","safeParse","success","authErr","ERROR","error","message","JSON","stringify","data","error_description","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completePidUserAuthorizationWithQueryMode","parseAuthorizationResponse","completeEaaUserAuthorizationWithQueryMode","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObject","method","then","res","text","jws","reqObj","header","protectedHeader","payload","reason","completeUserAuthorizationWithFormPostJwtMode","_issuerConfig","
|
|
1
|
+
{"version":3,"names":["AuthorizationChallengeResultShape","AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","UnimplementedFeatureError","ValidationFailed","decode","SignJWT","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","LogLevel","Logger","RawRequestObject","RemotePresentation","RemotePresentationFlow","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","log","DEBUG","query","authResParsed","safeParse","success","authErr","ERROR","error","message","JSON","stringify","data","error_description","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completePidUserAuthorizationWithQueryMode","parseAuthorizationResponse","completeEaaUserAuthorizationWithQueryMode","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObject","method","then","res","text","jws","reqObj","header","protectedHeader","payload","reason","completeUserAuthorizationWithFormPostJwtMode","_issuerConfig","evaluatedDcqlQuery","_ref","wiaCryptoContext","authRequestObject","nonce","responseUri","response_uri","remotePresentation","prepareRemotePresentations","authzResponsePayload","createAuthzResponsePayload","state","body","response","resUriRes","headers","reqUri","json","redirect_uri","cbRes","decodedJwt","authRes","_ref2","kid","getPublicKey","setProtectedHeader","typ","setPayload","vp_token","presentations","reduce","_ref3","credentialId","vpToken","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/03-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,iCAAiC,EACjCC,uBAAuB,EACvBC,wBAAwB,QAEnB,qBAAqB;AAC5B,SAASC,gBAAgB,QAAQ,qBAAqB;AACtD,OAAOC,QAAQ,MAAM,WAAW;AAChC,SACEC,mBAAmB,EACnBC,yBAAyB,EACzBC,gBAAgB,QACX,uBAAuB;AAC9B,SACEC,MAAM,EACNC,OAAO,QAEF,6BAA6B;AACpC,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,wBAAwB;AAC3D,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,kBAAkB;AAC5E,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AACzD,SAASC,gBAAgB,QAAQ,iCAAiC;AAClE,SAASC,kBAAkB,IAAIC,sBAAsB,QAAQ,2BAA2B;AAIxF,OAAO,MAAMC,6CAA2G,GACtH,MAAOC,eAAe,IAAK;EACzBL,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACQ,KAAK,EACb,+HACH,CAAC;EACD,MAAMC,KAAK,GAAGnB,QAAQ,CAACgB,eAAe,CAAC,CAACG,KAAK;EAE7C,MAAMC,aAAa,GAAGxB,iCAAiC,CAACyB,SAAS,CAACF,KAAK,CAAC;EACxE,IAAI,CAACC,aAAa,CAACE,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAG1B,uBAAuB,CAACwB,SAAS,CAACF,KAAK,CAAC;IACxD,IAAI,CAACI,OAAO,CAACD,OAAO,EAAE;MACpBX,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACc,KAAK,EACb,mDAAkDJ,aAAa,CAACK,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIlB,kBAAkB,CAACY,aAAa,CAACK,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAf,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACc,KAAK,EACb,2CAA0CG,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAId,qBAAqB,CAC7Bc,OAAO,CAACM,IAAI,CAACJ,KAAK,EAClBF,OAAO,CAACM,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOV,aAAa,CAACS,IAAI;AAC3B,CAAC;AAEH,OAAO,MAAME,qBAA2D,GACtE,MAAAA,CAAOC,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAEC,OAAO,KAAK;EACzD,MAAMC,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXG,MAAM,CAACI,MAAM,CAAC,SAAS,EAAEP,OAAO,CAAC;EACnC;EAEA,MAAMQ,OAAO,GAAI,GAAEP,oBAAqB,IAAGE,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;AAEH,OAAO,MAAMC,yCAAmG,GAC9G,MAAO5B,eAAe,IAAK;EACzBL,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACQ,KAAK,EACb,2GACH,CAAC;EACD,MAAMC,KAAK,GAAGnB,QAAQ,CAACgB,eAAe,CAAC,CAACG,KAAK;EAE7C,OAAO0B,0BAA0B,CAAC1B,KAAK,CAAC;AAC1C,CAAC;AAEH,OAAO,MAAM2B,yCAAmG,GAC9GA,CAAA,KAAM;EACJ,MAAM,IAAI5C,yBAAyB,CACjC,2CAA2C,EAC3C,OACF,CAAC;AACH,CAAC;AAEH,OAAO,MAAM6C,mCAAuF,GAClG,eAAAA,CAAOf,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBc,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7DzC,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACQ,KAAK,EACb,sGACH,CAAC;EACD,MAAMkB,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEFrB,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACQ,KAAK,EACb,oCAAmCkB,oBAAqB,IAAGE,MAAM,CAACe,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMN,QAAQ,CACjC,GAAEZ,oBAAqB,IAAGE,MAAM,CAACe,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACzD,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKvD,MAAM,CAACuD,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IACXhD,gBAAgB,CAACS,SAAS,CAAC;IACzBwC,MAAM,EAAED,MAAM,CAACE,eAAe;IAC9BC,OAAO,EAAEH,MAAM,CAACG;EAClB,CAAC,CACH,CAAC;EAEH,IAAI,CAACT,aAAa,CAAChC,OAAO,EAAE;IAC1BX,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACc,KAAK,EACb,+CAA8C8B,aAAa,CAAC7B,KAAK,CAACC,OAAQ,EAC7E,CAAC;IACD,MAAM,IAAIvB,gBAAgB,CAAC;MACzBuB,OAAO,EAAE,kCAAkC;MAC3CsC,MAAM,EAAEV,aAAa,CAAC7B,KAAK,CAACC;IAC9B,CAAC,CAAC;EACJ;EACA,OAAO4B,aAAa,CAACzB,IAAI,CAACkC,OAAO;AACnC,CAAC;AAEH,OAAO,MAAME,4CAAyG,GACpH,MAAAA,CACEX,aAAa,EACbY,aAAa,EACbC,kBAAkB,EAAAC,IAAA,KAEf;EAAA,IADH;IAAEC,gBAAgB;IAAErB,QAAQ,GAAGI;EAAM,CAAC,GAAAgB,IAAA;EAEtCzD,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACQ,KAAK,EACb,sHACH,CAAC;EAED,MAAMoD,iBAAiB,GAAG;IACxBC,KAAK,EAAEjB,aAAa,CAACiB,KAAK;IAC1BtC,QAAQ,EAAEqB,aAAa,CAACd,SAAS;IACjCgC,WAAW,EAAElB,aAAa,CAACmB;EAC7B,CAAC;EAED,MAAMC,kBAAkB,GACtB,MAAM5D,sBAAsB,CAAC6D,0BAA0B,CACrDR,kBAAkB,EAClBG,iBACF,CAAC;EAEH,MAAMM,oBAAoB,GAAG,MAAMC,0BAA0B,CAAC;IAC5DC,KAAK,EAAExB,aAAa,CAACwB,KAAK;IAC1BJ,kBAAkB;IAClBL;EACF,CAAC,CAAC;EAEF1D,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACQ,KAAK,EACb,2BAA0B0D,oBAAqB,EAClD,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAMG,IAAI,GAAG,IAAIxC,eAAe,CAAC;IAC/ByC,QAAQ,EAAEJ;EACZ,CAAC,CAAC,CAACvB,QAAQ,CAAC,CAAC;EAEb,MAAM4B,SAAS,GAAG,MAAMjC,QAAQ,CAACM,aAAa,CAACmB,YAAY,EAAE;IAC3DlB,MAAM,EAAE,MAAM;IACd2B,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACCvB,IAAI,CAACzD,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuD,IAAI,CAAE2B,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMZ,WAAW,GAAGlE,sBAAsB,CAACe,SAAS,CAAC4D,SAAS,CAAC;EAC/D,IAAI,CAACT,WAAW,CAAClD,OAAO,EAAE;IACxBX,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACc,KAAK,EACb,4CAA2CgD,WAAW,CAAC/C,KAAK,CAACC,OAAQ,EACxE,CAAC;IACD,MAAM,IAAIvB,gBAAgB,CAAC;MACzBuB,OAAO,EAAE,gCAAgC;MACzCsC,MAAM,EAAEQ,WAAW,CAAC/C,KAAK,CAACC;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMsB,QAAQ,CAACwB,WAAW,CAAC3C,IAAI,CAACwD,YAAY,CAAC,CACjD7B,IAAI,CAACzD,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACjD,kBAAkB,CAAC,CACxBiD,IAAI,CAAE8B,KAAK,IAAKzC,0BAA0B,CAACyC,KAAK,CAACC,UAAU,CAACxB,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMlB,0BAA0B,GACrC2C,OAAgB,IACQ;EACxB,MAAMpE,aAAa,GAAGtB,wBAAwB,CAACuB,SAAS,CAACmE,OAAO,CAAC;EACjE,IAAI,CAACpE,aAAa,CAACE,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAG1B,uBAAuB,CAACwB,SAAS,CAACmE,OAAO,CAAC;IAC1D,IAAI,CAACjE,OAAO,CAACD,OAAO,EAAE;MACpBX,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACc,KAAK,EACb,mDAAkDJ,aAAa,CAACK,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIlB,kBAAkB,CAACY,aAAa,CAACK,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAf,MAAM,CAACM,GAAG,CACRP,QAAQ,CAACc,KAAK,EACb,2CAA0CG,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAId,qBAAqB,CAC7Bc,OAAO,CAACM,IAAI,CAACJ,KAAK,EAClBF,OAAO,CAACM,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOV,aAAa,CAACS,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMgD,0BAA0B,GAAG,MAAAY,KAAA,IAQZ;EAAA,IARmB;IACxCX,KAAK;IACLJ,kBAAkB;IAClBL;EAKF,CAAC,GAAAoB,KAAA;EACC,MAAM;IAAEC;EAAI,CAAC,GAAG,MAAMrB,gBAAgB,CAACsB,YAAY,CAAC,CAAC;EAErD,OAAO,IAAItF,OAAO,CAACgE,gBAAgB,CAAC,CACjCuB,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH;EACF,CAAC,CAAC,CACDI,UAAU,CAAC;IACV;AACN;AACA;AACA;AACA;IACM,IAAIhB,KAAK,GAAG;MAAEA;IAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3BiB,QAAQ,EAAErB,kBAAkB,CAACsB,aAAa,CAACC,MAAM,CAC/C,CAACF,QAAQ,EAAAG,KAAA;MAAA,IAAE;QAAEC,YAAY;QAAEC;MAAQ,CAAC,GAAAF,KAAA;MAAA,OAAM;QACxC,GAAGH,QAAQ;QACX,CAACI,YAAY,GAAGC;MAClB,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC"}
|
|
@@ -68,7 +68,7 @@ export const getRequestedCredentialToBePresented = async function (issuerRequest
|
|
|
68
68
|
};
|
|
69
69
|
|
|
70
70
|
// NOTE: this function is not used in the 1.3 issuance flow. It may be removed in the future.
|
|
71
|
-
export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, issuerConfig,
|
|
71
|
+
export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, issuerConfig, evaluatedDcqlQuery, _ref) => {
|
|
72
72
|
let {
|
|
73
73
|
appFetch = fetch
|
|
74
74
|
} = _ref;
|
|
@@ -76,7 +76,7 @@ export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject
|
|
|
76
76
|
const authzResponse = await processPidPresentationAndCreateAuthzResponse({
|
|
77
77
|
requestObject,
|
|
78
78
|
issuerConfig,
|
|
79
|
-
|
|
79
|
+
evaluatedDcqlQuery
|
|
80
80
|
});
|
|
81
81
|
Logger.log(LogLevel.DEBUG, `Authz response: ${authzResponse}`);
|
|
82
82
|
const issuerSigKey = issuerConfig.keys.find(key => key.use === "sig");
|
|
@@ -101,7 +101,7 @@ export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject
|
|
|
101
101
|
}
|
|
102
102
|
});
|
|
103
103
|
};
|
|
104
|
-
export const completeEaaUserAuthorizationWithQueryMode = async function (requestObject, issuerConfig,
|
|
104
|
+
export const completeEaaUserAuthorizationWithQueryMode = async function (requestObject, issuerConfig, evaluatedDcqlQuery, clientRedirectUri) {
|
|
105
105
|
let {
|
|
106
106
|
appFetch = fetch,
|
|
107
107
|
fetchFinalRedirectUri
|
|
@@ -110,7 +110,7 @@ export const completeEaaUserAuthorizationWithQueryMode = async function (request
|
|
|
110
110
|
const authzResponse = await processPidPresentationAndCreateAuthzResponse({
|
|
111
111
|
requestObject,
|
|
112
112
|
issuerConfig,
|
|
113
|
-
|
|
113
|
+
evaluatedDcqlQuery
|
|
114
114
|
});
|
|
115
115
|
Logger.log(LogLevel.DEBUG, `Authz response: ${JSON.stringify(authzResponse)}`);
|
|
116
116
|
const {
|
|
@@ -174,17 +174,16 @@ export const parseAuthorizationResponse = authRes => {
|
|
|
174
174
|
* Utility function to process the DCQL query for PID presentation and to create the authorization response to send to the Issuer.
|
|
175
175
|
* @param params.requestObject - The request object containing the DCQL query
|
|
176
176
|
* @param params.issuerConfig - The Issuer unified configuration
|
|
177
|
-
* @param params.
|
|
177
|
+
* @param params.evaluatedDcqlQuery - Credentials that satisfy the request object's DCQL query
|
|
178
178
|
* @returns The authorization response containing the JARM to be sent to the Issuer
|
|
179
179
|
*/
|
|
180
180
|
const processPidPresentationAndCreateAuthzResponse = async _ref2 => {
|
|
181
181
|
let {
|
|
182
182
|
requestObject,
|
|
183
183
|
issuerConfig,
|
|
184
|
-
|
|
184
|
+
evaluatedDcqlQuery
|
|
185
185
|
} = _ref2;
|
|
186
|
-
const
|
|
187
|
-
const remotePresentation = await RemotePresentationFlow.prepareRemotePresentations(dcqlQueryResult, {
|
|
186
|
+
const remotePresentation = await RemotePresentationFlow.prepareRemotePresentations(evaluatedDcqlQuery, {
|
|
188
187
|
clientId: requestObject.client_id,
|
|
189
188
|
nonce: requestObject.nonce,
|
|
190
189
|
responseUri: requestObject.response_uri
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","parseUrl","createAuthorizationResponse","parseAuthorizeRequest","fetchAuthorizationResponse","sendAuthorizationResponseAndExtractCode","parseMrtdChallenge","AuthorizationError","AuthorizationIdpError","LogLevel","Logger","RemotePresentation","RemotePresentationFlow","createVerifyJwtFromJwks","partialCallbacks","sdkConfigV1_3","sdkConfigV1_4","IoWalletError","IssuerResponseError","mapToRequestObject","hasStatusOrThrow","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","log","DEBUG","parsedChallenge","redirectUrl","challenge_info","challengeJwt","err","errorMessage","Error","message","ERROR","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completePidUserAuthorizationWithQueryMode","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObjectJwt","method","then","res","text","parsedAuthRequest","config","callbacks","verifyJwt","keys","completeUserAuthorizationWithFormPostJwtMode","requestObject","issuerConfig","
|
|
1
|
+
{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","parseUrl","createAuthorizationResponse","parseAuthorizeRequest","fetchAuthorizationResponse","sendAuthorizationResponseAndExtractCode","parseMrtdChallenge","AuthorizationError","AuthorizationIdpError","LogLevel","Logger","RemotePresentation","RemotePresentationFlow","createVerifyJwtFromJwks","partialCallbacks","sdkConfigV1_3","sdkConfigV1_4","IoWalletError","IssuerResponseError","mapToRequestObject","hasStatusOrThrow","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","log","DEBUG","parsedChallenge","redirectUrl","challenge_info","challengeJwt","err","errorMessage","Error","message","ERROR","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completePidUserAuthorizationWithQueryMode","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObjectJwt","method","then","res","text","parsedAuthRequest","config","callbacks","verifyJwt","keys","completeUserAuthorizationWithFormPostJwtMode","requestObject","issuerConfig","evaluatedDcqlQuery","_ref","authzResponse","processPidPresentationAndCreateAuthzResponse","issuerSigKey","find","key","use","authorizationResponseJarm","jarm","responseJwe","iss","state","presentationResponseUri","response_uri","signer","alg","publicJwk","completeEaaUserAuthorizationWithQueryMode","clientRedirectUri","fetchFinalRedirectUri","JSON","stringify","redirect_uri","finalRedirectUri","response","catch","ok","url","startsWith","authRes","authResParsed","safeParse","success","authErr","error","data","error_description","_ref2","remotePresentation","prepareRemotePresentations","nonce","responseUri","vp_token","presentations","reduce","acc","_ref3","credentialId","vpToken","rpJwks","jwks","encrypted_response_enc_values_supported","encryptJwe","generateRandom"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/03-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,qBAAqB;AAC5B,OAAOC,QAAQ,MAAM,WAAW;AAChC,SACEC,2BAA2B,EAC3BC,qBAAqB,EACrBC,0BAA0B,QAErB,0BAA0B;AACjC,SAASC,uCAAuC,QAAQ,2BAA2B;AAEnF,SAASC,kBAAkB,QAAQ,0BAA0B;AAC7D,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,kBAAkB;AAC5E,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AACzD,SAASC,kBAAkB,IAAIC,sBAAsB,QAAQ,2BAA2B;AACxF,SACEC,uBAAuB,EACvBC,gBAAgB,QACX,0BAA0B;AACjC,SAASC,aAAa,EAAEC,aAAa,QAAQ,uBAAuB;AACpE,SAASC,aAAa,EAAEC,mBAAmB,QAAQ,uBAAuB;AAE1E,SAASC,kBAAkB,QAAQ,WAAW;AAE9C,SAASC,gBAAgB,QAAQ,qBAAqB;AAEtD,OAAO,MAAMC,6CAA2G,GACtH,MAAOC,eAAe,IAAK;EACzBZ,MAAM,CAACa,GAAG,CACRd,QAAQ,CAACe,KAAK,EACd,0GACF,CAAC;EACD,IAAI;IACF,MAAMC,eAAe,GAAGnB,kBAAkB,CAAC;MACzCoB,WAAW,EAAEJ;IACf,CAAC,CAAC;IACF,OAAO;MAAEK,cAAc,EAAEF,eAAe,CAACG;IAAa,CAAC;EACzD,CAAC,CAAC,OAAOC,GAAG,EAAE;IACZ,MAAMC,YAAY,GAChBD,GAAG,YAAYE,KAAK,GAAGF,GAAG,CAACG,OAAO,GAAG,+BAA+B;IACtEtB,MAAM,CAACa,GAAG,CACRd,QAAQ,CAACwB,KAAK,EACb,mDAAkDH,YAAa,EAClE,CAAC;IACD,MAAM,IAAIvB,kBAAkB,CAACuB,YAAY,CAAC;EAC5C;AACF,CAAC;AAEH,OAAO,MAAMI,qBAA2D,GACtE,MAAAA,CAAOC,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAEC,OAAO,KAAK;EACzD,MAAMC,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXG,MAAM,CAACI,MAAM,CAAC,SAAS,EAAEP,OAAO,CAAC;EACnC;EAEA,MAAMQ,OAAO,GAAI,GAAEP,oBAAqB,IAAGE,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;AAEH,OAAO,MAAMC,yCAAmG,GAC9G,MAAOzB,eAAe,IAAK;EACzBZ,MAAM,CAACa,GAAG,CACRd,QAAQ,CAACe,KAAK,EACd,sFACF,CAAC;EACD,MAAMwB,KAAK,GAAG/C,QAAQ,CAACqB,eAAe,CAAC,CAAC0B,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;AAEH,OAAO,MAAME,mCAAuF,GAClG,eAAAA,CAAOf,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBc,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D7C,MAAM,CAACa,GAAG,CACRd,QAAQ,CAACe,KAAK,EACd,kFACF,CAAC;EAED,MAAMe,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEFzB,MAAM,CAACa,GAAG,CACRd,QAAQ,CAACe,KAAK,EACb,oCAAmCe,oBAAqB,IAAGE,MAAM,CAACe,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,gBAAgB,GAAG,MAAMN,QAAQ,CACpC,GAAEZ,oBAAqB,IAAGE,MAAM,CAACe,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACvC,gBAAgB,CAAC,GAAG,EAAEF,mBAAmB,CAAC,CAAC,CAChDyC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,MAAMC,iBAAiB,GAAG,MAAM3D,qBAAqB,CAAC;IACpD4D,MAAM,EAAEhD,aAAa;IACrB0C,gBAAgB;IAChBO,SAAS,EAAE;MACTC,SAAS,EAAEpD,uBAAuB,CAACwB,UAAU,CAAC6B,IAAI;IACpD;EACF,CAAC,CAAC;EAEF,OAAO/C,kBAAkB,CAAC2C,iBAAiB,CAAC;AAC9C,CAAC;;AAEH;AACA,OAAO,MAAMK,4CAAyG,GACpH,MAAAA,CACEC,aAAa,EACbC,YAAY,EACZC,kBAAkB,EAAAC,IAAA,KAEf;EAAA,IADH;IAAEpB,QAAQ,GAAGI;EAAM,CAAC,GAAAgB,IAAA;EAEpB7D,MAAM,CAACa,GAAG,CACRd,QAAQ,CAACe,KAAK,EACd,kGACF,CAAC;EAED,MAAMgD,aAAa,GAAG,MAAMC,4CAA4C,CAAC;IACvEL,aAAa;IACbC,YAAY;IACZC;EACF,CAAC,CAAC;EAEF5D,MAAM,CAACa,GAAG,CAACd,QAAQ,CAACe,KAAK,EAAG,mBAAkBgD,aAAc,EAAC,CAAC;EAE9D,MAAME,YAAY,GAAGL,YAAY,CAACH,IAAI,CAACS,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EACvE,IAAI,CAACH,YAAY,EAAE;IACjB,MAAM5C,YAAY,GAAG,gDAAgD;IACrEpB,MAAM,CAACa,GAAG,CAACd,QAAQ,CAACwB,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAIb,aAAa,CAACa,YAAY,CAAC;EACvC;EAEA,OAAOzB,uCAAuC,CAAC;IAC7CyE,yBAAyB,EAAEN,aAAa,CAACO,IAAI,CAACC,WAAW;IACzDhB,SAAS,EAAE;MACT,GAAGlD,gBAAgB;MACnByC,KAAK,EAAEJ;IACT,CAAC;IACD8B,GAAG,EAAEb,aAAa,CAACa,GAAG;IACtBC,KAAK,EAAEd,aAAa,CAACc,KAAK,IAAI,EAAE;IAChCC,uBAAuB,EAAEf,aAAa,CAACgB,YAAY;IACnDC,MAAM,EAAE;MACNC,GAAG,EAAE,OAAO;MACZ5B,MAAM,EAAE,KAAK;MACb6B,SAAS,EAAEb;IACb;EACF,CAAC,CAAC;AACJ,CAAC;AAEH,OAAO,MAAMc,yCAAmG,GAC9G,eAAAA,CACEpB,aAAa,EACbC,YAAY,EACZC,kBAAkB,EAClBmB,iBAAiB,EAEd;EAAA,IADH;IAAEtC,QAAQ,GAAGI,KAAK;IAAEmC;EAAsB,CAAC,GAAAtC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEhD1C,MAAM,CAACa,GAAG,CACRd,QAAQ,CAACe,KAAK,EACd,0FACF,CAAC;EAED,MAAMgD,aAAa,GAAG,MAAMC,4CAA4C,CAAC;IACvEL,aAAa;IACbC,YAAY;IACZC;EACF,CAAC,CAAC;EAEF5D,MAAM,CAACa,GAAG,CACRd,QAAQ,CAACe,KAAK,EACb,mBAAkBmE,IAAI,CAACC,SAAS,CAACpB,aAAa,CAAE,EACnD,CAAC;EAED,MAAM;IAAEqB;EAAa,CAAC,GAAG,MAAMzF,0BAA0B,CAAC;IACxD0E,yBAAyB,EAAEN,aAAa,CAACO,IAAI,CAACC,WAAW;IACzDG,uBAAuB,EAAEf,aAAa,CAACgB,YAAY;IACnDpB,SAAS,EAAE;MACT,GAAGlD,gBAAgB;MACnByC,KAAK,EAAEJ;IACT;EACF,CAAC,CAAC;EAEF,IAAI,CAAC0C,YAAY,EAAE;IACjB,MAAM/D,YAAY,GAChB,2FAA2F;IAC7FpB,MAAM,CAACa,GAAG,CAACd,QAAQ,CAACwB,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAIvB,kBAAkB,CAACuB,YAAY,CAAC;EAC5C;EAEA,IAAIgE,gBAAoC;EAExC,IAAIJ,qBAAqB,EAAE;IACzBI,gBAAgB,GAAG,MAAMJ,qBAAqB,CAACG,YAAY,CAAC;EAC9D,CAAC,MAAM;IACL,MAAME,QAAQ,GAAG,MAAM5C,QAAQ,CAAC0C,YAAY,CAAC,CAACG,KAAK,CAAC,MAAM,IAAI,CAAC;IAC/D,IAAI,CAACD,QAAQ,IAAI,CAACA,QAAQ,CAACE,EAAE,EAAE;MAC7B,MAAMnE,YAAY,GAAI,qEAAoE2D,iBAAkB,mCAAkC;MAC9I/E,MAAM,CAACa,GAAG,CAACd,QAAQ,CAACwB,KAAK,EAAEH,YAAY,CAAC;MACxC,MAAM,IAAIvB,kBAAkB,CAACuB,YAAY,CAAC;IAC5C;IACAgE,gBAAgB,GAAGC,QAAQ,CAACG,GAAG;EACjC;EAEA,IAAI,CAACJ,gBAAgB,IAAI,CAACA,gBAAgB,CAACK,UAAU,CAACV,iBAAiB,CAAC,EAAE;IACxE,MAAM3D,YAAY,GAAI,4FAA2F2D,iBAAkB,UAASK,gBAAiB,EAAC;IAC9JpF,MAAM,CAACa,GAAG,CAACd,QAAQ,CAACwB,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAIvB,kBAAkB,CAACuB,YAAY,CAAC;EAC5C;EAEA,OAAOmB,0BAA0B,CAAChD,QAAQ,CAAC6F,gBAAgB,CAAC,CAAC9C,KAAK,CAAC;AACrE,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,0BAA0B,GACrCmD,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGrG,wBAAwB,CAACsG,SAAS,CAACF,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACE,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAGzG,uBAAuB,CAACuG,SAAS,CAACF,OAAO,CAAC;IAC1D,IAAI,CAACI,OAAO,CAACD,OAAO,EAAE;MACpB7F,MAAM,CAACa,GAAG,CACRd,QAAQ,CAACwB,KAAK,EACb,mDAAkDoE,aAAa,CAACI,KAAK,CAACzE,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIzB,kBAAkB,CAAC8F,aAAa,CAACI,KAAK,CAACzE,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAtB,MAAM,CAACa,GAAG,CACRd,QAAQ,CAACwB,KAAK,EACb,2CAA0C0D,IAAI,CAACC,SAAS,CAACY,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIhG,qBAAqB,CAC7BgG,OAAO,CAACE,IAAI,CAACD,KAAK,EAClBD,OAAO,CAACE,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAON,aAAa,CAACK,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMjC,4CAA4C,GAAG,MAAAmC,KAAA,IAQH;EAAA,IARU;IAC1DxC,aAAa;IACbC,YAAY;IACZC;EAKF,CAAC,GAAAsC,KAAA;EACC,MAAMC,kBAAkB,GACtB,MAAMjG,sBAAsB,CAACkG,0BAA0B,CACrDxC,kBAAkB,EAClB;IACElC,QAAQ,EAAEgC,aAAa,CAACzB,SAAS;IACjCoE,KAAK,EAAE3C,aAAa,CAAC2C,KAAK;IAC1BC,WAAW,EAAE5C,aAAa,CAACgB;EAC7B,CACF,CAAC;EAEH,MAAM6B,QAAQ,GAAGJ,kBAAkB,CAACK,aAAa,CAACC,MAAM,CACtD,CAACC,GAAG,EAAAC,KAAA;IAAA,IAAE;MAAEC,YAAY;MAAEC;IAAQ,CAAC,GAAAF,KAAA;IAAA,OAAM;MAAE,GAAGD,GAAG;MAAE,CAACE,YAAY,GAAG,CAACC,OAAO;IAAE,CAAC;EAAA,CAAC,EAC3E,CAAC,CACH,CAAC;EAED,OAAOrH,2BAA2B,CAAC;IACjC;IACA;IACA6D,MAAM,EAAE/C,aAAa;IACrBoD,aAAa;IACboD,MAAM,EAAE;MACNC,IAAI,EAAE;QAAEvD,IAAI,EAAEG,YAAY,CAACH;MAAK,CAAkB;MAClDwD,uCAAuC,EACrCrD,YAAY,CAACqD;IACjB,CAAC;IACDT,QAAQ;IACRjD,SAAS,EAAE;MACT2D,UAAU,EAAE7G,gBAAgB,CAAC6G,UAAU;MACvCC,cAAc,EAAE9G,gBAAgB,CAAC8G;IACnC;EACF,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","PresentationParams","object","client_id","string","nonempty","request","optional","request_uri","url","request_uri_method","enum","state","WalletMetadata","authorization_endpoint","client_id_schemes_supported","array","client_id_prefixes_supported","response_types_supported","response_modes_supported","request_object_signing_alg_values_supported","vp_formats_supported","record","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","ErrorResponse"],"sourceRoot":"../../../../../src","sources":["credential/presentation/api/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;
|
|
1
|
+
{"version":3,"names":["z","PresentationParams","object","client_id","string","nonempty","request","optional","request_uri","url","request_uri_method","enum","state","WalletMetadata","authorization_endpoint","client_id_schemes_supported","array","client_id_prefixes_supported","response_types_supported","response_modes_supported","request_object_signing_alg_values_supported","vp_formats_supported","record","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","ErrorResponse"],"sourceRoot":"../../../../../src","sources":["credential/presentation/api/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAOxB,OAAO,MAAMC,kBAAkB,GAAGD,CAAC,CAACE,MAAM,CAAC;EACzCC,SAAS,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAChCC,OAAO,EAAEN,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BC,WAAW,EAAER,CAAC,CAACI,MAAM,CAAC,CAAC,CAACK,GAAG,CAAC,CAAC,CAACF,QAAQ,CAAC,CAAC;EACxCG,kBAAkB,EAAEV,CAAC,CAACW,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EACtDK,KAAK,EAAEZ,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AAC7B,CAAC,CAAC;AAGF,OAAO,MAAMM,cAAc,GAAGb,CAAC,CAACE,MAAM,CAAC;EACrCY,sBAAsB,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC,CAACK,GAAG,CAAC,CAAC;EACxCM,2BAA2B,EAAEf,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3DU,4BAA4B,EAAEjB,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5DW,wBAAwB,EAAElB,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EACxDY,wBAAwB,EAAEnB,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EACxDa,2CAA2C,EAAEpB,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3Ec,oBAAoB,EAAErB,CAAC,CAACsB,MAAM,CAC5BtB,CAAC,CAACI,MAAM,CAAC,CAAC,EACVJ,CAAC,CAACE,MAAM,CAAC;IACP,mBAAmB,EAAEF,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;EACvD,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAIA,OAAO,MAAMgB,+BAA+B,GAAGvB,CAAC,CAACE,MAAM,CAAC;EACtDsB,eAAe,EAAEX,cAAc;EAC/BY,YAAY,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMmB,aAAa,GAAG1B,CAAC,CAACW,IAAI,CAAC,CAClC,wBAAwB,EACxB,qBAAqB,EACrB,0BAA0B,EAC1B,iBAAiB,EACjB,eAAe,EACf,gBAAgB,CACjB,CAAC;;AAMF;AACA;AACA;AACA;;AAeA;AACA;AACA;;AAeA;AACA;AACA;;AAWA;AACA;AACA;;AAKA;AACA;AACA;AACA;;AAKA;AACA;AACA"}
|
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
import type { CryptoContext } from "@pagopa/io-react-native-jwt";
|
|
2
2
|
import type { AuthorizationChallengeResult, AuthorizationResult } from "../../../utils/auth";
|
|
3
3
|
import type { RequestObject } from "../../../credential/presentation/api";
|
|
4
|
+
import type { EvaluateDcqlQueryApi } from "../../../credential/presentation/api/06-evaluate-dcql-query";
|
|
5
|
+
import type { Out } from "../../../utils/misc";
|
|
4
6
|
import type { IssuerConfig } from "./IssuerConfig";
|
|
7
|
+
export type EvaluatedDcqlQuery = Out<EvaluateDcqlQueryApi["evaluateDcqlQuery"]>;
|
|
5
8
|
export interface CompleteUserAuthorizationApi {
|
|
6
9
|
/**
|
|
7
|
-
* WARNING: This function must be called after {@link startUserAuthorization}. The next
|
|
10
|
+
* WARNING: This function must be called after {@link startUserAuthorization}. The next step is evaluating the returned request object's DCQL query with {@link EvaluateDcqlQueryApi.evaluateDcqlQuery}.
|
|
8
11
|
*
|
|
9
12
|
* The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
|
|
10
13
|
* It is used as a first step to complete the user authorization by obtaining the requested credential to be presented from the authorization server.
|
|
@@ -37,18 +40,18 @@ export interface CompleteUserAuthorizationApi {
|
|
|
37
40
|
*
|
|
38
41
|
* @param requestObject The request object containing the necessary parameters for authorization.
|
|
39
42
|
* @param issuerConfig The issuer configuration returned by {@link evaluateIssuerTrust}
|
|
40
|
-
* @param
|
|
43
|
+
* @param evaluatedDcqlQuery The result of evaluating the request object's DCQL query against the credentials to present.
|
|
41
44
|
* @param redirectUri The client redirect URI to which the authorization server will redirect after completing the authorization process.
|
|
42
45
|
* @returns The authorization response which contains code, state and iss
|
|
43
46
|
*/
|
|
44
|
-
completeEaaUserAuthorizationWithQueryMode(requestObject: RequestObject, issuerConf: IssuerConfig,
|
|
47
|
+
completeEaaUserAuthorizationWithQueryMode(requestObject: RequestObject, issuerConf: IssuerConfig, evaluatedDcqlQuery: EvaluatedDcqlQuery, redirectUri: string, context?: {
|
|
45
48
|
/** Fetch api implementation. Default: built-in fetch. */
|
|
46
49
|
appFetch?: GlobalFetch["fetch"];
|
|
47
50
|
/** Function to fetch the final redirect uri; it allows full control on how redirects are handled. If not provided, `appFetch` is used. */
|
|
48
51
|
fetchFinalRedirectUri?: (url: string) => Promise<string | undefined>;
|
|
49
52
|
}): Promise<AuthorizationResult>;
|
|
50
53
|
/**
|
|
51
|
-
* WARNING: This function must be called after {@link getRequestedCredentialToBePresented}. The next function to be called is {@link authorizeAccess}.
|
|
54
|
+
* WARNING: This function must be called after {@link getRequestedCredentialToBePresented} and after evaluating the request object's DCQL query with {@link EvaluateDcqlQueryApi.evaluateDcqlQuery}. The next function to be called is {@link authorizeAccess}.
|
|
52
55
|
*
|
|
53
56
|
* The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
|
|
54
57
|
* The information is obtained by performing a POST request to the endpoint received in the response_uri field of the requestObject, where the Authorization Response payload is posted.
|
|
@@ -56,12 +59,12 @@ export interface CompleteUserAuthorizationApi {
|
|
|
56
59
|
* @since 1.0.0
|
|
57
60
|
*
|
|
58
61
|
* @param requestObject The request object containing the necessary parameters for authorization.
|
|
59
|
-
* @param
|
|
62
|
+
* @param evaluatedDcqlQuery The result of evaluating the request object's DCQL query against the credentials to present.
|
|
60
63
|
* @param appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
61
64
|
* @returns the authorization response which contains code, state and iss
|
|
62
65
|
* @throws {ValidationFailed} if an error while validating the response
|
|
63
66
|
*/
|
|
64
|
-
completeUserAuthorizationWithFormPostJwtMode(requestObject: RequestObject, issuerConf: IssuerConfig,
|
|
67
|
+
completeUserAuthorizationWithFormPostJwtMode(requestObject: RequestObject, issuerConf: IssuerConfig, evaluatedDcqlQuery: EvaluatedDcqlQuery, context: {
|
|
65
68
|
wiaCryptoContext: CryptoContext;
|
|
66
69
|
appFetch?: GlobalFetch["fetch"];
|
|
67
70
|
}): Promise<AuthorizationResult>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"03-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/api/03-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EACV,4BAA4B,EAC5B,mBAAmB,EACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD,MAAM,WAAW,4BAA4B;IAC3C;;;;;;;;;;;;;;OAcG;IACH,mCAAmC,CACjC,gBAAgB,EAAE,MAAM,EACxB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,YAAY,EACxB,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,GAC9B,OAAO,CAAC,aAAa,CAAC,CAAC;IAE1B;;;;;;;;;OASG;IACH,yCAAyC,CACvC,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEhC;;;;;;;;;;OAUG;IACH,yCAAyC,CACvC,aAAa,EAAE,aAAa,EAC5B,UAAU,EAAE,YAAY,EACxB,
|
|
1
|
+
{"version":3,"file":"03-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/api/03-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EACV,4BAA4B,EAC5B,mBAAmB,EACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,6DAA6D,CAAC;AACxG,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD,MAAM,MAAM,kBAAkB,GAAG,GAAG,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,CAAC,CAAC;AAEhF,MAAM,WAAW,4BAA4B;IAC3C;;;;;;;;;;;;;;OAcG;IACH,mCAAmC,CACjC,gBAAgB,EAAE,MAAM,EACxB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,YAAY,EACxB,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,GAC9B,OAAO,CAAC,aAAa,CAAC,CAAC;IAE1B;;;;;;;;;OASG;IACH,yCAAyC,CACvC,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEhC;;;;;;;;;;OAUG;IACH,yCAAyC,CACvC,aAAa,EAAE,aAAa,EAC5B,UAAU,EAAE,YAAY,EACxB,kBAAkB,EAAE,kBAAkB,EACtC,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;QACR,yDAAyD;QACzD,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;QAChC,0IAA0I;QAC1I,qBAAqB,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;KACtE,GACA,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEhC;;;;;;;;;;;;;OAaG;IACH,4CAA4C,CAC1C,aAAa,EAAE,aAAa,EAC5B,UAAU,EAAE,YAAY,EACxB,kBAAkB,EAAE,kBAAkB,EACtC,OAAO,EAAE;QACP,gBAAgB,EAAE,aAAa,CAAC;QAChC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;KACjC,GACA,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEhC;;;;;;;OAOG;IACH,6CAA6C,CAC3C,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,4BAA4B,CAAC,CAAC;IAEzC;;;;;;;;;;;;OAYG;IACH,qBAAqB,CACnB,gBAAgB,EAAE,MAAM,EACxB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,YAAY,EACxB,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACjC"}
|
|
@@ -9,6 +9,7 @@ export interface IssuanceApi extends EvaluateIssuerTrustApi, StartUserAuthorizat
|
|
|
9
9
|
MRTDPoP: MRTDPoPApi;
|
|
10
10
|
}
|
|
11
11
|
export type { IssuerConfig } from "./IssuerConfig";
|
|
12
|
+
export type { EvaluatedDcqlQuery } from "./03-complete-user-authorization";
|
|
12
13
|
export type * as MRTDPoP from "./mrtd-pop";
|
|
13
14
|
export type * from "./types";
|
|
14
15
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACzE,OAAO,EAAE,KAAK,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,KAAK,4BAA4B,EAAE,MAAM,kCAAkC,CAAC;AACrF,OAAO,EAAE,KAAK,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,KAAK,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AACpF,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,MAAM,WAAW,WACf,SAAQ,sBAAsB,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,kBAAkB,EAClB,mBAAmB,EACnB,2BAA2B;IAC7B,OAAO,EAAE,UAAU,CAAC;CACrB;AAED,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACnD,YAAY,KAAK,OAAO,MAAM,YAAY,CAAC;AAC3C,mBAAmB,SAAS,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACzE,OAAO,EAAE,KAAK,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,KAAK,4BAA4B,EAAE,MAAM,kCAAkC,CAAC;AACrF,OAAO,EAAE,KAAK,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,KAAK,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AACpF,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,MAAM,WAAW,WACf,SAAQ,sBAAsB,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,kBAAkB,EAClB,mBAAmB,EACnB,2BAA2B;IAC7B,OAAO,EAAE,UAAU,CAAC;CACrB;AAED,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACnD,YAAY,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,YAAY,KAAK,OAAO,MAAM,YAAY,CAAC;AAC3C,mBAAmB,SAAS,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"03-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/v1.0.0/03-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,mBAAmB,EACzB,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"03-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/v1.0.0/03-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,mBAAmB,EACzB,MAAM,qBAAqB,CAAC;AAmB7B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAG1C,eAAO,MAAM,6CAA6C,EAAE,WAAW,CAAC,+CAA+C,CA4BpH,CAAC;AAEJ,eAAO,MAAM,qBAAqB,EAAE,WAAW,CAAC,uBAAuB,CAgBpE,CAAC;AAEJ,eAAO,MAAM,yCAAyC,EAAE,WAAW,CAAC,2CAA2C,CAS5G,CAAC;AAEJ,eAAO,MAAM,yCAAyC,EAAE,WAAW,CAAC,2CAA2C,CAM5G,CAAC;AAEJ,eAAO,MAAM,mCAAmC,EAAE,WAAW,CAAC,qCAAqC,CA0ChG,CAAC;AAEJ,eAAO,MAAM,4CAA4C,EAAE,WAAW,CAAC,8CAA8C,CA2ElH,CAAC;AAEJ;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GACrC,SAAS,OAAO,KACf,mBAqBF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"03-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/v1.3.3/03-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"03-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/v1.3.3/03-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,qBAAqB,CAAC;AAoB7B,OAAO,KAAK,EAAsB,WAAW,EAAgB,MAAM,QAAQ,CAAC;AAK5E,eAAO,MAAM,6CAA6C,EAAE,WAAW,CAAC,+CAA+C,CAoBpH,CAAC;AAEJ,eAAO,MAAM,qBAAqB,EAAE,WAAW,CAAC,uBAAuB,CAgBpE,CAAC;AAEJ,eAAO,MAAM,yCAAyC,EAAE,WAAW,CAAC,2CAA2C,CAS5G,CAAC;AAEJ,eAAO,MAAM,mCAAmC,EAAE,WAAW,CAAC,qCAAqC,CAkChG,CAAC;AAGJ,eAAO,MAAM,4CAA4C,EAAE,WAAW,CAAC,8CAA8C,CA0ClH,CAAC;AAEJ,eAAO,MAAM,yCAAyC,EAAE,WAAW,CAAC,2CAA2C,CA6D5G,CAAC;AAEJ;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GACrC,SAAS,OAAO,KACf,mBAqBF,CAAC"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import type { DcqlQuery } from "
|
|
2
|
-
import type { Credential4Dcql, CredentialFormat, PresentationFrame } from "./types";
|
|
1
|
+
import type { Credential4Dcql, CredentialFormat, DcqlQuery, PresentationFrame } from "./types";
|
|
3
2
|
/**
|
|
4
3
|
* The purpose for the credential request by the RP.
|
|
5
4
|
*/
|
|
@@ -29,7 +28,7 @@ export interface EvaluateDcqlQueryApi {
|
|
|
29
28
|
* @returns Credentials that satisfy the query, with disclosure metadata.
|
|
30
29
|
* @throws {DcqlError} if the provided DCQL query is not valid
|
|
31
30
|
*/
|
|
32
|
-
evaluateDcqlQuery(query: DcqlQuery
|
|
31
|
+
evaluateDcqlQuery(query: DcqlQuery, credentialsSdJwt: Credential4Dcql[], credentialsMdoc?: Credential4Dcql[]): Promise<({
|
|
33
32
|
id: string;
|
|
34
33
|
credential: string;
|
|
35
34
|
keyTag: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"06-evaluate-dcql-query.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/api/06-evaluate-dcql-query.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"06-evaluate-dcql-query.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/api/06-evaluate-dcql-query.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,iBAAiB,EAClB,MAAM,SAAS,CAAC;AAEjB;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM;IACN,MAAM;IACN,OAAO;CACR,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,OAAO,CAAC;CAChB,CAAC;AAEF,MAAM,WAAW,oBAAoB;IACnC;;;;;;;;;;OAUG;IACH,iBAAiB,CACf,KAAK,EAAE,SAAS,EAChB,gBAAgB,EAAE,eAAe,EAAE,EACnC,eAAe,CAAC,EAAE,eAAe,EAAE,GAClC,OAAO,CACR,CAAC;QACC,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;QACf,mBAAmB,EAAE,mBAAmB,EAAE,CAAC;QAC3C,iBAAiB,EAAE,iBAAiB,CAAC;QACrC,QAAQ,EAAE,iBAAiB,EAAE,CAAC;KAC/B,GAAG,gBAAgB,CAAC,EAAE,CACxB,CAAC;CACH"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import * as z from "zod";
|
|
2
2
|
import type { CryptoContext } from "@pagopa/io-react-native-jwt";
|
|
3
|
+
import type { DcqlQuery as DcqlQueryLib } from "dcql";
|
|
3
4
|
import type { jsonWebKeySet } from "@pagopa/io-wallet-oid-federation";
|
|
4
5
|
import type { SupportedSdJwtLegacyFormat } from "../../../sd-jwt/types";
|
|
5
6
|
export type PresentationParams = z.infer<typeof PresentationParams>;
|
|
@@ -111,6 +112,7 @@ export type RemotePresentation = {
|
|
|
111
112
|
* A pair that associate a key tag with a credential, used in DCQL queries
|
|
112
113
|
*/
|
|
113
114
|
export type Credential4Dcql = [string, string];
|
|
115
|
+
export type DcqlQuery = DcqlQueryLib.Input;
|
|
114
116
|
/**
|
|
115
117
|
* An object that defines claims to disclose. Nested claims must use a nested structure.
|
|
116
118
|
* @example { name: true, address: { country: true } }
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/api/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AACzB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AAExE,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACpE,eAAO,MAAM,kBAAkB;;;;;;;;;iBAM7B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAC5D,eAAO,MAAM,cAAc;;;;;;;;;;iBAazB,CAAC;AAEH;;;GAGG;AACH,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CACnD,OAAO,+BAA+B,CACvC,CAAC;AACF,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;iBAG1C,CAAC;AAEH;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;EAOxB,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,yBAAyB,GAAG;IACtC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,cAAc,GAAG;IACpB,IAAI,EAAE,aAAa,CAAC;IACpB,uCAAuC,EAAE,MAAM,EAAE,CAAC;IAClD,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACzE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,aAAa,EAAE,UAAU,CAAC;IAC1B,aAAa,EAAE,iBAAiB,CAAC;IACjC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,eAAe,CAAC,EAAE,cAAc,CAAC;CAClC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,aAAa,EAAE;QACb,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB,EAAE,CAAC;IACJ,cAAc,CAAC,EAAE,MAAM,CAAyD;CACjF,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,MAAM,EAAe,MAAM,CAAkB,CAAC;AAE7E;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,iBAAiB,CAAC;CACtD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,iBAAiB;IAC6B,aAAa;CACzE,CAAC;AAEF,MAAM,MAAM,gBAAgB,GACxB;IAAE,MAAM,EAAE,WAAW,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GACpC;IAAE,MAAM,EAAE,0BAA0B,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GACnD;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,OAAO,CAAC;CAChB,CAAC"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/api/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AACzB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EAAE,SAAS,IAAI,YAAY,EAAE,MAAM,MAAM,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AAExE,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACpE,eAAO,MAAM,kBAAkB;;;;;;;;;iBAM7B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAC5D,eAAO,MAAM,cAAc;;;;;;;;;;iBAazB,CAAC;AAEH;;;GAGG;AACH,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CACnD,OAAO,+BAA+B,CACvC,CAAC;AACF,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;iBAG1C,CAAC;AAEH;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;EAOxB,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,yBAAyB,GAAG;IACtC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,cAAc,GAAG;IACpB,IAAI,EAAE,aAAa,CAAC;IACpB,uCAAuC,EAAE,MAAM,EAAE,CAAC;IAClD,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACzE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,aAAa,EAAE,UAAU,CAAC;IAC1B,aAAa,EAAE,iBAAiB,CAAC;IACjC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,eAAe,CAAC,EAAE,cAAc,CAAC;CAClC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,aAAa,EAAE;QACb,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB,EAAE,CAAC;IACJ,cAAc,CAAC,EAAE,MAAM,CAAyD;CACjF,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,MAAM,EAAe,MAAM,CAAkB,CAAC;AAE7E,MAAM,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;AAE3C;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,iBAAiB,CAAC;CACtD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,iBAAiB;IAC6B,aAAa;CACzE,CAAC;AAEF,MAAM,MAAM,gBAAgB,GACxB;IAAE,MAAM,EAAE,WAAW,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GACpC;IAAE,MAAM,EAAE,0BAA0B,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GACnD;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,OAAO,CAAC;CAChB,CAAC"}
|
package/package.json
CHANGED
|
@@ -90,13 +90,13 @@ This process is initiated by the Authorization Server responding to the primary
|
|
|
90
90
|
|
|
91
91
|
Complete documentation for the MRTD PoP flow can be found here: [mrtd-pop](./mrtd-pop/README.md)
|
|
92
92
|
|
|
93
|
-
## Authentication through credentials (Query
|
|
93
|
+
## Authentication through credentials (Query Mode) - v1.3
|
|
94
94
|
|
|
95
|
-
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. Starting from IT-Wallet specifications v1.3, the EAA issuance flow uses the query mode to complete the user authorization. This is done through the `
|
|
95
|
+
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. Starting from IT-Wallet specifications v1.3, the EAA issuance flow uses the query mode to complete the user authorization. This is done through `getRequestedCredentialToBePresented`, followed by evaluating the returned `dcql_query` with `RemotePresentation.evaluateDcqlQuery`, and then by completing the authorization with `completeEaaUserAuthorizationWithQueryMode`.
|
|
96
96
|
|
|
97
97
|
## Authentication through credentials (Form Post JWT Mode) - v1.0
|
|
98
98
|
|
|
99
|
-
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. This is done through the `getRequestedCredentialToBePresented
|
|
99
|
+
When the credential is different than an eID, the flow requires the user to present other credentials in order to obtain the requested one. This is done through the `getRequestedCredentialToBePresented`, followed by evaluating the returned `dcql_query` with `RemotePresentation.evaluateDcqlQuery`, and then by completing the authorization with `completeUserAuthorizationWithFormPostJwtMode` or `completeEaaUserAuthorizationWithQueryMode`.
|
|
100
100
|
|
|
101
101
|
The expected result from the authentication process is in `form_post.jwt` format as defined in [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)](https://openid.net/specs/oauth-v2-jarm.html#name-response-mode-form_postjwt).
|
|
102
102
|
|
|
@@ -188,6 +188,11 @@ const requestObject =
|
|
|
188
188
|
appFetch
|
|
189
189
|
);
|
|
190
190
|
|
|
191
|
+
const evaluatedDcqlQuery = await wallet.RemotePresentation.evaluateDcqlQuery(
|
|
192
|
+
requestObject.dcql_query,
|
|
193
|
+
[[pid.keyTag, pid.credential]]
|
|
194
|
+
);
|
|
195
|
+
|
|
191
196
|
let code: string;
|
|
192
197
|
if (responseMode === "form_post.jwt") {
|
|
193
198
|
// Complete the user authorization via form_post.jwt mode
|
|
@@ -195,7 +200,7 @@ if (responseMode === "form_post.jwt") {
|
|
|
195
200
|
await wallet.CredentialIssuance.completeUserAuthorizationWithFormPostJwtMode(
|
|
196
201
|
requestObject,
|
|
197
202
|
issuerConf,
|
|
198
|
-
|
|
203
|
+
evaluatedDcqlQuery,
|
|
199
204
|
{ wiaCryptoContext, appFetch }
|
|
200
205
|
));
|
|
201
206
|
} else {
|
|
@@ -204,7 +209,7 @@ if (responseMode === "form_post.jwt") {
|
|
|
204
209
|
await wallet.CredentialIssuance.completeEaaUserAuthorizationWithQueryMode(
|
|
205
210
|
requestObject,
|
|
206
211
|
issuerConf,
|
|
207
|
-
|
|
212
|
+
evaluatedDcqlQuery,
|
|
208
213
|
REDIRECT_URI,
|
|
209
214
|
{ appFetch }
|
|
210
215
|
));
|
|
@@ -4,11 +4,15 @@ import type {
|
|
|
4
4
|
AuthorizationResult,
|
|
5
5
|
} from "../../../utils/auth";
|
|
6
6
|
import type { RequestObject } from "../../../credential/presentation/api";
|
|
7
|
+
import type { EvaluateDcqlQueryApi } from "../../../credential/presentation/api/06-evaluate-dcql-query";
|
|
8
|
+
import type { Out } from "../../../utils/misc";
|
|
7
9
|
import type { IssuerConfig } from "./IssuerConfig";
|
|
8
10
|
|
|
11
|
+
export type EvaluatedDcqlQuery = Out<EvaluateDcqlQueryApi["evaluateDcqlQuery"]>;
|
|
12
|
+
|
|
9
13
|
export interface CompleteUserAuthorizationApi {
|
|
10
14
|
/**
|
|
11
|
-
* WARNING: This function must be called after {@link startUserAuthorization}. The next
|
|
15
|
+
* WARNING: This function must be called after {@link startUserAuthorization}. The next step is evaluating the returned request object's DCQL query with {@link EvaluateDcqlQueryApi.evaluateDcqlQuery}.
|
|
12
16
|
*
|
|
13
17
|
* The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
|
|
14
18
|
* It is used as a first step to complete the user authorization by obtaining the requested credential to be presented from the authorization server.
|
|
@@ -50,14 +54,14 @@ export interface CompleteUserAuthorizationApi {
|
|
|
50
54
|
*
|
|
51
55
|
* @param requestObject The request object containing the necessary parameters for authorization.
|
|
52
56
|
* @param issuerConfig The issuer configuration returned by {@link evaluateIssuerTrust}
|
|
53
|
-
* @param
|
|
57
|
+
* @param evaluatedDcqlQuery The result of evaluating the request object's DCQL query against the credentials to present.
|
|
54
58
|
* @param redirectUri The client redirect URI to which the authorization server will redirect after completing the authorization process.
|
|
55
59
|
* @returns The authorization response which contains code, state and iss
|
|
56
60
|
*/
|
|
57
61
|
completeEaaUserAuthorizationWithQueryMode(
|
|
58
62
|
requestObject: RequestObject,
|
|
59
63
|
issuerConf: IssuerConfig,
|
|
60
|
-
|
|
64
|
+
evaluatedDcqlQuery: EvaluatedDcqlQuery,
|
|
61
65
|
redirectUri: string,
|
|
62
66
|
context?: {
|
|
63
67
|
/** Fetch api implementation. Default: built-in fetch. */
|
|
@@ -68,7 +72,7 @@ export interface CompleteUserAuthorizationApi {
|
|
|
68
72
|
): Promise<AuthorizationResult>;
|
|
69
73
|
|
|
70
74
|
/**
|
|
71
|
-
* WARNING: This function must be called after {@link getRequestedCredentialToBePresented}. The next function to be called is {@link authorizeAccess}.
|
|
75
|
+
* WARNING: This function must be called after {@link getRequestedCredentialToBePresented} and after evaluating the request object's DCQL query with {@link EvaluateDcqlQueryApi.evaluateDcqlQuery}. The next function to be called is {@link authorizeAccess}.
|
|
72
76
|
*
|
|
73
77
|
* The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
|
|
74
78
|
* The information is obtained by performing a POST request to the endpoint received in the response_uri field of the requestObject, where the Authorization Response payload is posted.
|
|
@@ -76,7 +80,7 @@ export interface CompleteUserAuthorizationApi {
|
|
|
76
80
|
* @since 1.0.0
|
|
77
81
|
*
|
|
78
82
|
* @param requestObject The request object containing the necessary parameters for authorization.
|
|
79
|
-
* @param
|
|
83
|
+
* @param evaluatedDcqlQuery The result of evaluating the request object's DCQL query against the credentials to present.
|
|
80
84
|
* @param appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
81
85
|
* @returns the authorization response which contains code, state and iss
|
|
82
86
|
* @throws {ValidationFailed} if an error while validating the response
|
|
@@ -84,7 +88,7 @@ export interface CompleteUserAuthorizationApi {
|
|
|
84
88
|
completeUserAuthorizationWithFormPostJwtMode(
|
|
85
89
|
requestObject: RequestObject,
|
|
86
90
|
issuerConf: IssuerConfig,
|
|
87
|
-
|
|
91
|
+
evaluatedDcqlQuery: EvaluatedDcqlQuery,
|
|
88
92
|
context: {
|
|
89
93
|
wiaCryptoContext: CryptoContext;
|
|
90
94
|
appFetch?: GlobalFetch["fetch"];
|
|
@@ -6,7 +6,6 @@ import {
|
|
|
6
6
|
} from "../../../utils/auth";
|
|
7
7
|
import { hasStatusOrThrow } from "../../../utils/misc";
|
|
8
8
|
import parseUrl from "parse-url";
|
|
9
|
-
import type { DcqlQuery } from "dcql";
|
|
10
9
|
import {
|
|
11
10
|
IssuerResponseError,
|
|
12
11
|
UnimplementedFeatureError,
|
|
@@ -141,7 +140,7 @@ export const completeUserAuthorizationWithFormPostJwtMode: IssuanceApi["complete
|
|
|
141
140
|
async (
|
|
142
141
|
requestObject,
|
|
143
142
|
_issuerConfig,
|
|
144
|
-
|
|
143
|
+
evaluatedDcqlQuery,
|
|
145
144
|
{ wiaCryptoContext, appFetch = fetch }
|
|
146
145
|
) => {
|
|
147
146
|
Logger.log(
|
|
@@ -149,11 +148,6 @@ export const completeUserAuthorizationWithFormPostJwtMode: IssuanceApi["complete
|
|
|
149
148
|
`The requeste credential is not a PersonIdentificationData, completing the user authorization with form_post.jwt mode`
|
|
150
149
|
);
|
|
151
150
|
|
|
152
|
-
const dcqlQueryResult = await RemotePresentationFlow.evaluateDcqlQuery(
|
|
153
|
-
requestObject.dcql_query as DcqlQuery,
|
|
154
|
-
[pid]
|
|
155
|
-
);
|
|
156
|
-
|
|
157
151
|
const authRequestObject = {
|
|
158
152
|
nonce: requestObject.nonce,
|
|
159
153
|
clientId: requestObject.client_id,
|
|
@@ -162,7 +156,7 @@ export const completeUserAuthorizationWithFormPostJwtMode: IssuanceApi["complete
|
|
|
162
156
|
|
|
163
157
|
const remotePresentation =
|
|
164
158
|
await RemotePresentationFlow.prepareRemotePresentations(
|
|
165
|
-
|
|
159
|
+
evaluatedDcqlQuery,
|
|
166
160
|
authRequestObject
|
|
167
161
|
);
|
|
168
162
|
|
|
@@ -4,7 +4,6 @@ import {
|
|
|
4
4
|
type AuthorizationResult,
|
|
5
5
|
} from "../../../utils/auth";
|
|
6
6
|
import parseUrl from "parse-url";
|
|
7
|
-
import type { DcqlQuery } from "dcql";
|
|
8
7
|
import {
|
|
9
8
|
createAuthorizationResponse,
|
|
10
9
|
parseAuthorizeRequest,
|
|
@@ -23,7 +22,7 @@ import {
|
|
|
23
22
|
} from "../../../utils/callbacks";
|
|
24
23
|
import { sdkConfigV1_3, sdkConfigV1_4 } from "../../../utils/config";
|
|
25
24
|
import { IoWalletError, IssuerResponseError } from "../../../utils/errors";
|
|
26
|
-
import type { IssuanceApi, IssuerConfig } from "../api";
|
|
25
|
+
import type { EvaluatedDcqlQuery, IssuanceApi, IssuerConfig } from "../api";
|
|
27
26
|
import { mapToRequestObject } from "./mappers";
|
|
28
27
|
import type { RequestObject } from "../../presentation";
|
|
29
28
|
import { hasStatusOrThrow } from "../../../utils/misc";
|
|
@@ -117,7 +116,12 @@ export const getRequestedCredentialToBePresented: IssuanceApi["getRequestedCrede
|
|
|
117
116
|
|
|
118
117
|
// NOTE: this function is not used in the 1.3 issuance flow. It may be removed in the future.
|
|
119
118
|
export const completeUserAuthorizationWithFormPostJwtMode: IssuanceApi["completeUserAuthorizationWithFormPostJwtMode"] =
|
|
120
|
-
async (
|
|
119
|
+
async (
|
|
120
|
+
requestObject,
|
|
121
|
+
issuerConfig,
|
|
122
|
+
evaluatedDcqlQuery,
|
|
123
|
+
{ appFetch = fetch }
|
|
124
|
+
) => {
|
|
121
125
|
Logger.log(
|
|
122
126
|
LogLevel.DEBUG,
|
|
123
127
|
"The requested credential is not a PID, completing the user authorization with form_post.jwt mode"
|
|
@@ -126,7 +130,7 @@ export const completeUserAuthorizationWithFormPostJwtMode: IssuanceApi["complete
|
|
|
126
130
|
const authzResponse = await processPidPresentationAndCreateAuthzResponse({
|
|
127
131
|
requestObject,
|
|
128
132
|
issuerConfig,
|
|
129
|
-
|
|
133
|
+
evaluatedDcqlQuery,
|
|
130
134
|
});
|
|
131
135
|
|
|
132
136
|
Logger.log(LogLevel.DEBUG, `Authz response: ${authzResponse}`);
|
|
@@ -159,7 +163,7 @@ export const completeEaaUserAuthorizationWithQueryMode: IssuanceApi["completeEaa
|
|
|
159
163
|
async (
|
|
160
164
|
requestObject,
|
|
161
165
|
issuerConfig,
|
|
162
|
-
|
|
166
|
+
evaluatedDcqlQuery,
|
|
163
167
|
clientRedirectUri,
|
|
164
168
|
{ appFetch = fetch, fetchFinalRedirectUri } = {}
|
|
165
169
|
) => {
|
|
@@ -171,7 +175,7 @@ export const completeEaaUserAuthorizationWithQueryMode: IssuanceApi["completeEaa
|
|
|
171
175
|
const authzResponse = await processPidPresentationAndCreateAuthzResponse({
|
|
172
176
|
requestObject,
|
|
173
177
|
issuerConfig,
|
|
174
|
-
|
|
178
|
+
evaluatedDcqlQuery,
|
|
175
179
|
});
|
|
176
180
|
|
|
177
181
|
Logger.log(
|
|
@@ -254,29 +258,27 @@ export const parseAuthorizationResponse = (
|
|
|
254
258
|
* Utility function to process the DCQL query for PID presentation and to create the authorization response to send to the Issuer.
|
|
255
259
|
* @param params.requestObject - The request object containing the DCQL query
|
|
256
260
|
* @param params.issuerConfig - The Issuer unified configuration
|
|
257
|
-
* @param params.
|
|
261
|
+
* @param params.evaluatedDcqlQuery - Credentials that satisfy the request object's DCQL query
|
|
258
262
|
* @returns The authorization response containing the JARM to be sent to the Issuer
|
|
259
263
|
*/
|
|
260
264
|
const processPidPresentationAndCreateAuthzResponse = async ({
|
|
261
265
|
requestObject,
|
|
262
266
|
issuerConfig,
|
|
263
|
-
|
|
267
|
+
evaluatedDcqlQuery,
|
|
264
268
|
}: {
|
|
265
269
|
requestObject: RequestObject;
|
|
266
270
|
issuerConfig: IssuerConfig;
|
|
267
|
-
|
|
271
|
+
evaluatedDcqlQuery: EvaluatedDcqlQuery;
|
|
268
272
|
}): Promise<CreateAuthorizationResponseResult> => {
|
|
269
|
-
const dcqlQueryResult = await RemotePresentationFlow.evaluateDcqlQuery(
|
|
270
|
-
requestObject.dcql_query as DcqlQuery,
|
|
271
|
-
[pid]
|
|
272
|
-
);
|
|
273
|
-
|
|
274
273
|
const remotePresentation =
|
|
275
|
-
await RemotePresentationFlow.prepareRemotePresentations(
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
274
|
+
await RemotePresentationFlow.prepareRemotePresentations(
|
|
275
|
+
evaluatedDcqlQuery,
|
|
276
|
+
{
|
|
277
|
+
clientId: requestObject.client_id,
|
|
278
|
+
nonce: requestObject.nonce,
|
|
279
|
+
responseUri: requestObject.response_uri,
|
|
280
|
+
}
|
|
281
|
+
);
|
|
280
282
|
|
|
281
283
|
const vp_token = remotePresentation.presentations.reduce(
|
|
282
284
|
(acc, { credentialId, vpToken }) => ({ ...acc, [credentialId]: [vpToken] }),
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import type { DcqlQuery } from "dcql";
|
|
2
1
|
import type {
|
|
3
2
|
Credential4Dcql,
|
|
4
3
|
CredentialFormat,
|
|
4
|
+
DcqlQuery,
|
|
5
5
|
PresentationFrame,
|
|
6
6
|
} from "./types";
|
|
7
7
|
|
|
@@ -38,7 +38,7 @@ export interface EvaluateDcqlQueryApi {
|
|
|
38
38
|
* @throws {DcqlError} if the provided DCQL query is not valid
|
|
39
39
|
*/
|
|
40
40
|
evaluateDcqlQuery(
|
|
41
|
-
query: DcqlQuery
|
|
41
|
+
query: DcqlQuery,
|
|
42
42
|
credentialsSdJwt: Credential4Dcql[],
|
|
43
43
|
credentialsMdoc?: Credential4Dcql[]
|
|
44
44
|
): Promise<
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import * as z from "zod";
|
|
2
2
|
import type { CryptoContext } from "@pagopa/io-react-native-jwt";
|
|
3
|
+
import type { DcqlQuery as DcqlQueryLib } from "dcql";
|
|
3
4
|
import type { jsonWebKeySet } from "@pagopa/io-wallet-oid-federation";
|
|
4
5
|
import type { SupportedSdJwtLegacyFormat } from "../../../sd-jwt/types";
|
|
5
6
|
|
|
@@ -112,6 +113,8 @@ export type RemotePresentation = {
|
|
|
112
113
|
*/
|
|
113
114
|
export type Credential4Dcql = [string /* keyTag */, string /* credential */];
|
|
114
115
|
|
|
116
|
+
export type DcqlQuery = DcqlQueryLib.Input;
|
|
117
|
+
|
|
115
118
|
/**
|
|
116
119
|
* An object that defines claims to disclose. Nested claims must use a nested structure.
|
|
117
120
|
* @example { name: true, address: { country: true } }
|