@sd-jwt/core 0.3.0 → 2.0.4-next.58

package/test/array_none_disclosed.json

@@ -0,0 +1,17 @@
+{
+  "claims": {
+    "is_over": {
+      "13": false,
+      "18": true,
+      "21": false
+    }
+  },
+  "disclosureFrame": {
+    "is_over": {
+      "_sd": ["13", "18", "21"]
+    }
+  },
+  "presentationKeys": [],
+  "presenatedClaims": {},
+  "requiredClaimKeys": []
+}

package/test/array_of_nulls.json

@@ -0,0 +1,15 @@
+{
+  "claims": {
+    "null_values": [null, null, null, null]
+  },
+  "disclosureFrame": {
+    "null_values": {
+      "_sd": [1, 2]
+    }
+  },
+  "presentationKeys": [],
+  "presenatedClaims": {
+    "null_values": [null, null]
+  },
+  "requiredClaimKeys": ["null_values.0", "null_values.1"]
+}

package/test/array_of_objects.json

@@ -0,0 +1,58 @@
+{
+  "claims": {
+    "addresses": [
+      {
+        "street": "123 Main St",
+        "city": "Anytown",
+        "state": "NY",
+        "zip": "12345",
+        "type": "main_address"
+      },
+      {
+        "street": "456 Main St",
+        "city": "Anytown",
+        "state": "NY",
+        "zip": "12345",
+        "type": "secondary_address"
+      }
+    ],
+    "array_with_one_sd_object": {
+      "foo": "bar"
+    }
+  },
+  "disclosureFrame": {
+    "addresses": {
+      "_sd": [1]
+    },
+    "array_with_one_sd_object": {
+      "_sd": ["foo"]
+    }
+  },
+  "presentationKeys": ["addresses.1", "array_with_one_sd_object.foo"],
+  "presenatedClaims": {
+    "addresses": [
+      {
+        "street": "123 Main St",
+        "city": "Anytown",
+        "state": "NY",
+        "zip": "12345",
+        "type": "main_address"
+      },
+      {
+        "street": "456 Main St",
+        "city": "Anytown",
+        "state": "NY",
+        "zip": "12345",
+        "type": "secondary_address"
+      }
+    ],
+    "array_with_one_sd_object": {
+      "foo": "bar"
+    }
+  },
+  "requiredClaimKeys": [
+    "addresses.0.type",
+    "addresses.1.city",
+    "array_with_one_sd_object.foo"
+  ]
+}

package/test/array_of_scalars.json

@@ -0,0 +1,15 @@
+{
+  "claims": {
+    "nationalities": ["US", "CA", "DE"]
+  },
+  "disclosureFrame": {
+    "nationalities": {
+      "_sd": [0, 1]
+    }
+  },
+  "presentationKeys": ["nationalities.1"],
+  "presenatedClaims": {
+    "nationalities": ["CA", "DE"]
+  },
+  "requiredClaimKeys": ["nationalities.0", "nationalities.1"]
+}

package/test/array_recursive_sd.json

@@ -0,0 +1,35 @@
+{
+  "claims": {
+    "array_with_recursive_sd": [
+      "boring",
+      {
+        "foo": "bar",
+        "baz": {
+          "qux": "quxx"
+        }
+      },
+      ["foo", "bar"]
+    ],
+    "test2": ["foo", "bar"]
+  },
+  "disclosureFrame": {
+    "array_with_recursive_sd": {
+      "_sd": [1],
+      "1": {
+        "_sd": ["baz"]
+      },
+      "2": {
+        "_sd": [0, 1]
+      }
+    },
+    "test2": {
+      "_sd": [0, 1]
+    }
+  },
+  "presentationKeys": [],
+  "presenatedClaims": {
+    "array_with_recursive_sd": ["boring", []],
+    "test2": []
+  },
+  "requiredClaimKeys": ["array_with_recursive_sd.0", "test2"]
+}

package/test/array_recursive_sd_some_disclosed.json

@@ -0,0 +1,55 @@
+{
+  "claims": {
+    "array_with_recursive_sd": [
+      "boring",
+      {
+        "foo": "bar",
+        "baz": {
+          "qux": "quxx"
+        }
+      },
+      ["foo", "bar"]
+    ],
+    "test2": ["foo", "bar"]
+  },
+  "disclosureFrame": {
+    "array_with_recursive_sd": {
+      "1": {
+        "_sd": ["baz"]
+      },
+      "2": {
+        "_sd": [0, 1]
+      }
+    },
+    "test2": {
+      "_sd": [0, 1]
+    }
+  },
+  "presentationKeys": [
+    "array_with_recursive_sd.1.baz",
+    "array_with_recursive_sd.2.1",
+    "test2.0",
+    "test2.1"
+  ],
+  "presenatedClaims": {
+    "array_with_recursive_sd": [
+      "boring",
+      {
+        "foo": "bar",
+        "baz": {
+          "qux": "quxx"
+        }
+      },
+      ["bar"]
+    ],
+    "test2": ["foo", "bar"]
+  },
+  "requiredClaimKeys": [
+    "array_with_recursive_sd.1",
+    "array_with_recursive_sd.2",
+    "array_with_recursive_sd.1.baz",
+    "array_with_recursive_sd.2.1",
+    "test2.0",
+    "test2.1"
+  ]
+}

package/test/complex.json

@@ -0,0 +1,43 @@
+{
+  "claims": {
+    "firstname": "John",
+    "lastname": "Doe",
+    "ssn": "123-45-6789",
+    "id": "1234",
+    "data": {
+      "firstname": "John",
+      "lastname": "Doe",
+      "ssn": "123-45-6789",
+      "list": [{ "r": "1" }, "b", "c"]
+    },
+    "data2": {
+      "hi": "bye"
+    }
+  },
+  "disclosureFrame": {
+    "_sd": ["firstname", "id", "data2"],
+    "data": {
+      "_sd": ["list"],
+      "_sd_decoy": 2,
+      "list": {
+        "_sd": [0, 2],
+        "_sd_decoy": 1,
+        "0": {
+          "_sd": ["r"]
+        }
+      }
+    },
+    "data2": {
+      "_sd": ["hi"]
+    }
+  },
+  "presentationKeys": ["firstname", "id"],
+  "presenatedClaims": {
+    "lastname": "Doe",
+    "ssn": "123-45-6789",
+    "data": { "firstname": "John", "lastname": "Doe", "ssn": "123-45-6789" },
+    "id": "1234",
+    "firstname": "John"
+  },
+  "requiredClaimKeys": ["firstname", "id", "data.ssn"]
+}

package/test/header_mod.json

@@ -0,0 +1,44 @@
+{
+  "claims": {
+    "sub": "john_deo_42",
+    "given_name": "John",
+    "family_name": "Deo",
+    "email": "johndeo@example.com",
+    "phone": "+1-202-555-0101",
+    "address": {
+      "street_address": "123 Main St",
+      "locality": "Anytown",
+      "region": "Anystate",
+      "country": "US"
+    },
+    "birthdate": "1940-01-01"
+  },
+  "disclosureFrame": {
+    "_sd": [
+      "sub",
+      "given_name",
+      "family_name",
+      "email",
+      "phone",
+      "address",
+      "birthdate"
+    ]
+  },
+  "presentationKeys": ["given_name", "family_name", "address"],
+  "presenatedClaims": {
+    "given_name": "John",
+    "family_name": "Deo",
+    "address": {
+      "street_address": "123 Main St",
+      "locality": "Anytown",
+      "region": "Anystate",
+      "country": "US"
+    }
+  },
+  "requiredClaimKeys": [
+    "given_name",
+    "family_name",
+    "address.street_address",
+    "address.country"
+  ]
+}

package/test/json_serialization.json

@@ -0,0 +1,44 @@
+{
+  "claims": {
+    "sub": "john_deo_42",
+    "given_name": "John",
+    "family_name": "Deo",
+    "email": "johndeo@example.com",
+    "phone": "+1-202-555-0101",
+    "address": {
+      "street_address": "123 Main St",
+      "locality": "Anytown",
+      "region": "Anystate",
+      "country": "US"
+    },
+    "birthdate": "1940-01-01"
+  },
+  "disclosureFrame": {
+    "_sd": [
+      "sub",
+      "given_name",
+      "family_name",
+      "email",
+      "phone",
+      "address",
+      "birthdate"
+    ]
+  },
+  "presentationKeys": ["given_name", "family_name", "address"],
+  "presenatedClaims": {
+    "given_name": "John",
+    "family_name": "Deo",
+    "address": {
+      "street_address": "123 Main St",
+      "locality": "Anytown",
+      "region": "Anystate",
+      "country": "US"
+    }
+  },
+  "requiredClaimKeys": [
+    "given_name",
+    "family_name",
+    "address.street_address",
+    "address.country"
+  ]
+}

package/test/key_binding.json

@@ -0,0 +1,44 @@
+{
+  "claims": {
+    "sub": "john_deo_42",
+    "given_name": "John",
+    "family_name": "Deo",
+    "email": "johndeo@example.com",
+    "phone": "+1-202-555-0101",
+    "address": {
+      "street_address": "123 Main St",
+      "locality": "Anytown",
+      "region": "Anystate",
+      "country": "US"
+    },
+    "birthdate": "1940-01-01"
+  },
+  "disclosureFrame": {
+    "_sd": [
+      "sub",
+      "given_name",
+      "family_name",
+      "email",
+      "phone",
+      "address",
+      "birthdate"
+    ]
+  },
+  "presentationKeys": ["given_name", "family_name", "address"],
+  "presenatedClaims": {
+    "given_name": "John",
+    "family_name": "Deo",
+    "address": {
+      "street_address": "123 Main St",
+      "locality": "Anytown",
+      "region": "Anystate",
+      "country": "US"
+    }
+  },
+  "requiredClaimKeys": [
+    "given_name",
+    "family_name",
+    "address.street_address",
+    "address.country"
+  ]
+}

package/test/no_sd.json

@@ -0,0 +1,36 @@
+{
+  "claims": {
+    "recursive": [
+      "boring",
+      {
+        "foo": "bar",
+        "baz": {
+          "qux": "quxx"
+        }
+      },
+      ["foo", "bar"]
+    ],
+    "test2": ["foo", "bar"]
+  },
+  "disclosureFrame": {},
+  "presentationKeys": [],
+  "presenatedClaims": {
+    "recursive": [
+      "boring",
+      {
+        "foo": "bar",
+        "baz": {
+          "qux": "quxx"
+        }
+      },
+      ["foo", "bar"]
+    ],
+    "test2": ["foo", "bar"]
+  },
+  "requiredClaimKeys": [
+    "recursive.0",
+    "recursive.1.baz.qux",
+    "recursive.2.1",
+    "test2.1"
+  ]
+}

package/test/object_data_types.json

@@ -0,0 +1,60 @@
+{
+  "claims": {
+    "value_Data_types": {
+      "test_null": null,
+      "test_int": 42,
+      "test_float": 3.14,
+      "test_str": "foo",
+      "test_bool": true,
+      "test_arr": ["Test"],
+      "test_object": {
+        "foo": "bar"
+      }
+    }
+  },
+  "disclosureFrame": {
+    "value_Data_types": {
+      "_sd": [
+        "test_null",
+        "test_int",
+        "test_float",
+        "test_str",
+        "test_bool",
+        "test_arr",
+        "test_object"
+      ]
+    }
+  },
+  "presentationKeys": [
+    "value_Data_types.test_null",
+    "value_Data_types.test_int",
+    "value_Data_types.test_float",
+    "value_Data_types.test_str",
+    "value_Data_types.test_bool",
+    "value_Data_types.test_arr",
+    "value_Data_types.test_object"
+  ],
+  "presenatedClaims": {
+    "value_Data_types": {
+      "test_null": null,
+      "test_int": 42,
+      "test_float": 3.14,
+      "test_str": "foo",
+      "test_bool": true,
+      "test_arr": ["Test"],
+      "test_object": {
+        "foo": "bar"
+      }
+    }
+  },
+  "requiredClaimKeys": [
+    "value_Data_types.test_null",
+    "value_Data_types.test_int",
+    "value_Data_types.test_float",
+    "value_Data_types.test_str",
+    "value_Data_types.test_bool",
+    "value_Data_types.test_arr",
+    "value_Data_types.test_object",
+    "value_Data_types.test_object.foo"
+  ]
+}

package/test/recursions.json

@@ -0,0 +1,98 @@
+{
+  "claims": {
+    "foo": ["one", "two"],
+    "bar": {
+      "red": 1,
+      "green": 2
+    },
+    "qux": [["blue", "yellow"]],
+    "baz": [["orange", "purple"], ["black", "white"]],
+    "animals": {
+      "snake": {
+        "name": "python",
+        "age": 10
+      },
+      "bird": {
+        "name": "eagle",
+        "age": 20
+      }
+    }
+  },
+  "disclosureFrame": {
+    "foo": {
+      "_sd": [0, 1]
+    },
+    "bar": {
+      "_sd": ["red", "green"]
+    },
+    "qux": {
+      "_sd": [0],
+      "0": {
+        "_sd": [0, 1]
+      }
+    },
+    "baz": {
+      "_sd": [0, 1],
+      "0": {
+        "_sd": [0, 1]
+      },
+      "1": {
+        "_sd": [0, 1]
+      }
+    },
+    "animals": {
+      "_sd": ["snake", "bird"],
+      "snake": {
+        "_sd": ["name", "age"]
+      },
+      "bird": {
+        "_sd": ["name", "age"]
+      }
+    }
+  },
+  "presentationKeys": [
+    "foo.1",
+    "bar.green",
+    "qux.0",
+    "qux.0.0",
+    "qux.0.1",
+    "baz.0",
+    "baz.0.0",
+    "baz.0.1",
+    "baz.1",
+    "baz.1.0",
+    "baz.1.1",
+    "animals.snake",
+    "animals.snake.age",
+    "animals.bird",
+    "animals.bird.age"
+  ],
+  "presenatedClaims": {
+    "foo": ["two"],
+    "bar": {
+      "green": 2
+    },
+    "qux": [["blue", "yellow"]],
+    "baz": [["orange", "purple"], ["black", "white"]],
+    "animals": {
+      "snake": {
+        "age": 10
+      },
+      "bird": {
+        "age": 20
+      }
+    }
+  },
+  "requiredClaimKeys": [
+    "foo.1",
+    "bar.green",
+    "qux.0.0",
+    "qux.0.1",
+    "baz.0.0",
+    "baz.0.1",
+    "baz.1.0",
+    "baz.1.1",
+    "animals.snake.age",
+    "animals.bird.age"
+  ]
+}

package/tsconfig.json

@@ -0,0 +1,7 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "rootDir": "src",
+    "outDir": "dist"
+  }
+}

package/vitest.config.mts

@@ -0,0 +1,4 @@
+// vite.config.ts
+import { allEnvs } from '../../vitest.shared';
+
+export default allEnvs;

package/README.md

@@ -1,97 +0,0 @@
-# Selective Disclosure JWT (SD-JWT) Draft 06 & Selective Disclosure JWT VC 01
-
-## Compliant with
-
--   [sd-jwt
-    06](https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/06/)
--   [sd-jwt-vc
-    01](https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/01/)
-
-## Design decisions
-
-### Bring your own crypto
-
-This library does not provide any of the cryptographic primitives required for
-encryption, decryption, signing, verification and hashing. It is expected that
-the user of this library provides this. The main reason for this is that most
-libraries have their own library and KMS. Providing private keys to this
-library adds another layer of insecurity which should be avoided. Hashing has
-not been added for platform compatibility between node,js, browser and React
-Native. In the future a platform-independent sha2-256 may be provided.
-
-### Specification backwards compatibility
-
-Since these specifications are in early drafts, no time will be spend in
-supporting earlier versions of the specifications. This library may work for
-older versions, e.g. the addition of selectively disclosable items in an array
-does not break previous implementations. Once a non-draft specification is
-released it will stay up-to-date with that version.
-
-### Dependencies
-
-This library only has one dependency on `buffer` which makes sure this library
-works in Node.js, the browser and React Native. Buffer is used internally for
-`base64-url-no-pad` encoding.
-
-### Usage
-
-I'd highly recommend to check out the [examples folder](example) to see how
-this library can be leveraged.
-
-### Issuance API
-
-The issuance API takes an object called a `disclosureFrame`. This
-`disclosureFrame` is a Boolean Map of the payload which allows you to specify
-which attributes of the payload may be selectively disclosed. If an attribute is not provided in the `disclosureFrame`, it will be included in the clear-text payload. For example:
-
-```jsonc
-// The payload
-{
-    "iss": "https://example.org/issuer",
-    "is_age_over_21": true,
-    "is_age_over_24": true,
-    "is_age_over_65": false,
-    "date_of_birth": "1990-01-01",
-    "address": {
-        "street": "some street",
-        "house_number": 200,
-        "zipcode": "2344GH"
-    }
-}
-```
-
-```jsonc
-// The disclosure frame
-{
-    "is_age_over_21": true,
-    "is_age_over_24": true,
-    "is_age_over_65": true,
-    "date_of_birth": true,
-    "address": {
-        "street": true,
-        "house_number": true,
-        "zipcode": true
-    }
-}
-
-// or to only disclose the address as a group
-{
-    "is_age_over_21": true,
-    "is_age_over_24": true,
-    "is_age_over_65": true,
-    "date_of_birth": true,
-    "address": true
-}
-```
-
-### Presentation and verification API
-
-Since there is officially standardized way to request and present a
-presentation, [High Assurance Interoperability
-Profile](https://vcstuff.github.io/oid4vc-haip-sd-jwt-vc/draft-oid4vc-haip-sd-jwt-vc.html)
-may be used, the API is defined in a way which works in a primitive manner for
-now. For example, to present you can provide a list of indices of the
-disclosures which will be included. Examples of this can be found in the
-[examples folder](example). For verification a list of keys or required
-claims can be provided. It does not matter whether these are selectively
-disclosable claims, or if they are included inside the payload.