@sd-jwt/core 0.3.2-next.99 → 0.4.0

package/CHANGELOG.md

@@ -0,0 +1,28 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+# 0.4.0 (2024-03-08)
+
+
+### Bug Fixes
+
+* add publish config ([#93](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/93)) ([2e4c5c1](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/2e4c5c176dc88e58e49d06783b7658d8ad872313))
+* add the payload that is required ([6c53580](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/6c53580d12e4361c40435b90628302749fa32b1c))
+* change SDJwtPayload to SdJwtPayload ([9f06ef7](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/9f06ef7bd31a1dff4e9bf988e425200a5e1aa82d))
+* convert any usage into  or typed version ([#80](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/80)) ([de4df54](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/de4df54f2a0a77fdbf97e10abac555a98e70c6e0))
+* implement kbverify function ([#127](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/127)) ([e5609f2](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/e5609f26fab8c4991d3bd6c36066a95a30cfb972))
+* make sdjwt instance non abstract ([#122](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/122)) ([e85aae8](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/e85aae89910f5d9468e29ef14ef3b3d3215b86fd))
+
+
+### Features
+
+* add jwk type ([#130](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/130)) ([8ce255a](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/8ce255a64b0940e92e647aa544bf5990b48279b7))
+* add new package for sd-jwt-vc ([ed99188](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/ed99188f13184d58db64b4211e39fb67f3f78cb5))
+* Apply lerna to move src to core ([#67](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/67)) ([49e272b](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/49e272b6b51c5226e22732c469e566fd3c14c57c))
+* calcuate sd_hash in kb JWT ([#117](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/117)) ([3415550](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/3415550fbcd99f97babff442a4928cc827c5c9cc))
+* checking kb header value ([#133](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/133)) ([cd2991b](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/cd2991b88a0522e39251c5ca2b67593130baa585))
+* create kb jwt when present all ([#129](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/129)) ([72ed1ad](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/72ed1ad64b850876ba3b5d5e5df6128471fb44ac))
+* fix async handling in jwt verify ([#131](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/131)) ([76cb930](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/76cb93021dd62c241c87656975f74dd44b3766cf))
+* fixing exclude _sd_alg when no disclosure ([#120](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/120)) ([dcaf1f6](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/dcaf1f6fad3289ea7cbe0f3f410fdc15c0f77fda))

package/dist/index.d.mts

@@ -1,5 +1,5 @@
 import * as _sd_jwt_types from '@sd-jwt/types';
-import { Base64urlString, Signer, Verifier, kbHeader, kbPayload, KbVerifier, JwtPayload, SDJWTCompact, Hasher, DisclosureFrame, HasherAndAlg, SaltGenerator, SDJWTConfig, KBOptions } from '@sd-jwt/types';
+import { Base64urlString, Signer, Verifier, kbHeader, kbPayload, KbVerifier, JwtPayload, SDJWTCompact, Hasher, PresentationFrame, DisclosureFrame, HasherAndAlg, SaltGenerator, SDJWTConfig, KBOptions } from '@sd-jwt/types';
 import { Disclosure } from '@sd-jwt/utils';
 
 type JwtData<Header extends Record<string, unknown>, Payload extends Record<string, unknown>> = {
@@ -55,7 +55,7 @@ declare class SDJwt<Header extends Record<string, unknown> = Record<string, unkn
         kbJwt?: KBJwt<KBHeader, KBPayload>;
     }>;
     static fromEncode<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>, KBHeader extends kbHeader = kbHeader, KBPayload extends kbPayload = kbPayload>(encodedSdJwt: SDJWTCompact, hasher: Hasher): Promise<SDJwt<Header, Payload>>;
-    present(keys: string[], hasher: Hasher): Promise<SDJWTCompact>;
+    present<T extends Record<string, unknown>>(presentFrame: PresentationFrame<T> | undefined, hasher: Hasher): Promise<SDJWTCompact>;
     encodeSDJwt(): SDJWTCompact;
     keys(hasher: Hasher): Promise<string[]>;
     presentableKeys(hasher: Hasher): Promise<string[]>;
@@ -87,7 +87,7 @@ declare class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
      * @returns
      */
     protected validateReservedFields<T extends ExtendedPayload>(disclosureFrame: DisclosureFrame<T>): void;
-    present(encodedSDJwt: string, presentationKeys?: string[], options?: {
+    present<T extends Record<string, unknown>>(encodedSDJwt: string, presentationFrame?: PresentationFrame<T>, options?: {
         kb?: KBOptions;
     }): Promise<SDJWTCompact>;
     verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean): Promise<{

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 import * as _sd_jwt_types from '@sd-jwt/types';
-import { Base64urlString, Signer, Verifier, kbHeader, kbPayload, KbVerifier, JwtPayload, SDJWTCompact, Hasher, DisclosureFrame, HasherAndAlg, SaltGenerator, SDJWTConfig, KBOptions } from '@sd-jwt/types';
+import { Base64urlString, Signer, Verifier, kbHeader, kbPayload, KbVerifier, JwtPayload, SDJWTCompact, Hasher, PresentationFrame, DisclosureFrame, HasherAndAlg, SaltGenerator, SDJWTConfig, KBOptions } from '@sd-jwt/types';
 import { Disclosure } from '@sd-jwt/utils';
 
 type JwtData<Header extends Record<string, unknown>, Payload extends Record<string, unknown>> = {
@@ -55,7 +55,7 @@ declare class SDJwt<Header extends Record<string, unknown> = Record<string, unkn
         kbJwt?: KBJwt<KBHeader, KBPayload>;
     }>;
     static fromEncode<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>, KBHeader extends kbHeader = kbHeader, KBPayload extends kbPayload = kbPayload>(encodedSdJwt: SDJWTCompact, hasher: Hasher): Promise<SDJwt<Header, Payload>>;
-    present(keys: string[], hasher: Hasher): Promise<SDJWTCompact>;
+    present<T extends Record<string, unknown>>(presentFrame: PresentationFrame<T> | undefined, hasher: Hasher): Promise<SDJWTCompact>;
     encodeSDJwt(): SDJWTCompact;
     keys(hasher: Hasher): Promise<string[]>;
     presentableKeys(hasher: Hasher): Promise<string[]>;
@@ -87,7 +87,7 @@ declare class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
      * @returns
      */
     protected validateReservedFields<T extends ExtendedPayload>(disclosureFrame: DisclosureFrame<T>): void;
-    present(encodedSDJwt: string, presentationKeys?: string[], options?: {
+    present<T extends Record<string, unknown>>(encodedSDJwt: string, presentationFrame?: PresentationFrame<T>, options?: {
         kb?: KBOptions;
     }): Promise<SDJWTCompact>;
     verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean): Promise<{

package/dist/index.js

@@ -129,7 +129,7 @@ var Jwt = class _Jwt {
       const header = (0, import_utils.Base64urlEncode)(JSON.stringify(this.header));
       const payload = (0, import_utils.Base64urlEncode)(JSON.stringify(this.payload));
       const data = `${header}.${payload}`;
-      const verified = verifier(data, this.signature);
+      const verified = yield verifier(data, this.signature);
       if (!verified) {
         throw new import_utils.SDJWTException("Verify Error: Invalid JWT Signature");
       }
@@ -140,19 +140,20 @@ var Jwt = class _Jwt {
 
 // src/kbjwt.ts
 var import_utils2 = require("@sd-jwt/utils");
+var import_types = require("@sd-jwt/types");
 var KBJwt = class _KBJwt extends Jwt {
   // Checking the validity of the key binding jwt
   // the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
   verifyKB(values) {
     return __async(this, null, function* () {
-      var _a, _b, _c, _d, _e, _f;
-      if (!((_a = this.header) == null ? void 0 : _a.alg) || !this.header.typ || !((_b = this.payload) == null ? void 0 : _b.iat) || !((_c = this.payload) == null ? void 0 : _c.aud) || !((_d = this.payload) == null ? void 0 : _d.nonce) || // this is for backward compatibility with version 06
-      !(((_e = this.payload) == null ? void 0 : _e.sd_hash) || ((_f = this.payload) == null ? void 0 : _f._sd_hash))) {
-        throw new import_utils2.SDJWTException("Invalid Key Binding Jwt");
-      }
+      var _a;
       if (!this.header || !this.payload || !this.signature) {
         throw new import_utils2.SDJWTException("Verify Error: Invalid JWT");
       }
+      if (!this.header.alg || this.header.alg === "none" || !this.header.typ || this.header.typ !== import_types.KB_JWT_TYP || !this.payload.iat || !this.payload.aud || !this.payload.nonce || // this is for backward compatibility with version 06
+      !(this.payload.sd_hash || ((_a = this.payload) == null ? void 0 : _a._sd_hash))) {
+        throw new import_utils2.SDJWTException("Invalid Key Binding Jwt");
+      }
       const header = (0, import_utils2.Base64urlEncode)(JSON.stringify(this.header));
       const payload = (0, import_utils2.Base64urlEncode)(JSON.stringify(this.payload));
       const data = `${header}.${payload}`;
@@ -192,8 +193,9 @@ var createDecoy = (hash, saltGenerator) => __async(void 0, null, function* () {
 
 // src/sdjwt.ts
 var import_utils4 = require("@sd-jwt/utils");
-var import_types = require("@sd-jwt/types");
+var import_types2 = require("@sd-jwt/types");
 var import_decode2 = require("@sd-jwt/decode");
+var import_present = require("@sd-jwt/present");
 var SDJwt = class _SDJwt {
   constructor(data) {
     this.jwt = data == null ? void 0 : data.jwt;
@@ -202,7 +204,7 @@ var SDJwt = class _SDJwt {
   }
   static decodeSDJwt(sdjwt, hasher) {
     return __async(this, null, function* () {
-      const [encodedJwt, ...encodedDisclosures] = sdjwt.split(import_types.SD_SEPARATOR);
+      const [encodedJwt, ...encodedDisclosures] = sdjwt.split(import_types2.SD_SEPARATOR);
       const jwt = Jwt.fromEncode(encodedJwt);
       if (!jwt.payload) {
         throw new Error("Payload is undefined on the JWT. Invalid state reached");
@@ -238,7 +240,7 @@ var SDJwt = class _SDJwt {
       });
     });
   }
-  present(keys, hasher) {
+  present(presentFrame, hasher) {
     return __async(this, null, function* () {
       var _a;
       if (!((_a = this.jwt) == null ? void 0 : _a.payload) || !this.disclosures) {
@@ -252,14 +254,8 @@ var SDJwt = class _SDJwt {
         this.disclosures,
         hasher
       );
-      const presentableKeys = Object.keys(disclosureKeymap);
-      const missingKeys = keys.filter((k) => !presentableKeys.includes(k));
-      if (missingKeys.length > 0) {
-        throw new import_utils4.SDJWTException(
-          `Invalid sd-jwt: invalid present keys: ${missingKeys.join(", ")}`
-        );
-      }
-      const disclosures = keys.map((k) => hashmap[disclosureKeymap[k]]);
+      const keys = presentFrame ? (0, import_present.transformPresentationFrame)(presentFrame) : yield this.presentableKeys(hasher);
+      const disclosures = keys.map((k) => hashmap[disclosureKeymap[k]]).filter((d) => d !== void 0);
       const presentSDJwt = new _SDJwt({
         jwt: this.jwt,
         disclosures,
@@ -276,11 +272,11 @@ var SDJwt = class _SDJwt {
     const encodedJwt = this.jwt.encodeJwt();
     data.push(encodedJwt);
     if (this.disclosures && this.disclosures.length > 0) {
-      const encodeddisclosures = this.disclosures.map((dc) => dc.encode()).join(import_types.SD_SEPARATOR);
+      const encodeddisclosures = this.disclosures.map((dc) => dc.encode()).join(import_types2.SD_SEPARATOR);
       data.push(encodeddisclosures);
     }
     data.push(this.kbJwt ? this.kbJwt.encodeJwt() : "");
-    return data.join(import_types.SD_SEPARATOR);
+    return data.join(import_types2.SD_SEPARATOR);
   }
   keys(hasher) {
     return __async(this, null, function* () {
@@ -337,14 +333,14 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
       disclosures: []
     };
   }
-  const sd = (_a = disclosureFrame[import_types.SD_DIGEST]) != null ? _a : [];
-  const decoyCount = (_b = disclosureFrame[import_types.SD_DECOY]) != null ? _b : 0;
+  const sd = (_a = disclosureFrame[import_types2.SD_DIGEST]) != null ? _a : [];
+  const decoyCount = (_b = disclosureFrame[import_types2.SD_DECOY]) != null ? _b : 0;
   if (Array.isArray(claims)) {
     const packedClaims2 = [];
     const disclosures2 = [];
     const recursivePackedClaims2 = {};
     for (const key in disclosureFrame) {
-      if (key !== import_types.SD_DIGEST) {
+      if (key !== import_types2.SD_DIGEST) {
         const idx = parseInt(key);
         const packed = yield pack(
           claims[idx],
@@ -362,7 +358,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
         const salt = yield saltGenerator(16);
         const disclosure = new import_utils4.Disclosure([salt, claim]);
         const digest = yield disclosure.digest(hash);
-        packedClaims2.push({ [import_types.SD_LIST_KEY]: digest });
+        packedClaims2.push({ [import_types2.SD_LIST_KEY]: digest });
         disclosures2.push(disclosure);
       } else {
         packedClaims2.push(claim);
@@ -370,7 +366,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
     }
     for (let j = 0; j < decoyCount; j++) {
       const decoyDigest = yield createDecoy(hash, saltGenerator);
-      packedClaims2.push({ [import_types.SD_LIST_KEY]: decoyDigest });
+      packedClaims2.push({ [import_types2.SD_LIST_KEY]: decoyDigest });
     }
     return { packedClaims: packedClaims2, disclosures: disclosures2 };
   }
@@ -378,7 +374,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
   const disclosures = [];
   const recursivePackedClaims = {};
   for (const key in disclosureFrame) {
-    if (key !== import_types.SD_DIGEST) {
+    if (key !== import_types2.SD_DIGEST) {
       const packed = yield pack(
         // @ts-ignore
         claims[key],
@@ -408,13 +404,13 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
     _sd.push(decoyDigest);
   }
   if (_sd.length > 0) {
-    packedClaims[import_types.SD_DIGEST] = _sd.sort();
+    packedClaims[import_types2.SD_DIGEST] = _sd.sort();
   }
   return { packedClaims, disclosures };
 });
 
 // src/index.ts
-var import_types2 = require("@sd-jwt/types");
+var import_types3 = require("@sd-jwt/types");
 var import_decode3 = require("@sd-jwt/decode");
 var _SDJwtInstance = class _SDJwtInstance {
   constructor(userConfig) {
@@ -434,7 +430,7 @@ var _SDJwtInstance = class _SDJwtInstance {
       const { payload } = options;
       const kbJwt = new KBJwt({
         header: {
-          typ: import_types2.KB_JWT_TYP,
+          typ: import_types3.KB_JWT_TYP,
           alg: this.userConfig.kbSignAlg
         },
         payload: __spreadProps(__spreadValues({}, payload), { sd_hash: sdHash })
@@ -509,11 +505,9 @@ var _SDJwtInstance = class _SDJwtInstance {
   validateReservedFields(disclosureFrame) {
     return;
   }
-  present(encodedSDJwt, presentationKeys, options) {
+  present(encodedSDJwt, presentationFrame, options) {
     return __async(this, null, function* () {
       var _a;
-      if (!presentationKeys)
-        return encodedSDJwt;
       if (!this.userConfig.hasher) {
         throw new import_utils5.SDJWTException("Hasher not found");
       }
@@ -522,7 +516,7 @@ var _SDJwtInstance = class _SDJwtInstance {
       if (!((_a = sdjwt.jwt) == null ? void 0 : _a.payload))
         throw new import_utils5.SDJWTException("Payload not found");
       const presentSdJwtWithoutKb = yield sdjwt.present(
-        presentationKeys.sort(),
+        presentationFrame,
         hasher
       );
       if (!(options == null ? void 0 : options.kb)) {
@@ -534,7 +528,7 @@ var _SDJwtInstance = class _SDJwtInstance {
         hasher
       );
       sdjwt.kbJwt = yield this.createKBJwt(options.kb, sdHashStr);
-      return sdjwt.present(presentationKeys.sort(), hasher);
+      return sdjwt.present(presentationFrame, hasher);
     });
   }
   // This function is for verifying the SD JWT

package/dist/index.mjs

@@ -102,7 +102,7 @@ var Jwt = class _Jwt {
       const header = Base64urlEncode(JSON.stringify(this.header));
       const payload = Base64urlEncode(JSON.stringify(this.payload));
       const data = `${header}.${payload}`;
-      const verified = verifier(data, this.signature);
+      const verified = yield verifier(data, this.signature);
       if (!verified) {
         throw new SDJWTException("Verify Error: Invalid JWT Signature");
       }
@@ -113,19 +113,22 @@ var Jwt = class _Jwt {
 
 // src/kbjwt.ts
 import { Base64urlEncode as Base64urlEncode2, SDJWTException as SDJWTException2 } from "@sd-jwt/utils";
+import {
+  KB_JWT_TYP
+} from "@sd-jwt/types";
 var KBJwt = class _KBJwt extends Jwt {
   // Checking the validity of the key binding jwt
   // the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
   verifyKB(values) {
     return __async(this, null, function* () {
-      var _a, _b, _c, _d, _e, _f;
-      if (!((_a = this.header) == null ? void 0 : _a.alg) || !this.header.typ || !((_b = this.payload) == null ? void 0 : _b.iat) || !((_c = this.payload) == null ? void 0 : _c.aud) || !((_d = this.payload) == null ? void 0 : _d.nonce) || // this is for backward compatibility with version 06
-      !(((_e = this.payload) == null ? void 0 : _e.sd_hash) || ((_f = this.payload) == null ? void 0 : _f._sd_hash))) {
-        throw new SDJWTException2("Invalid Key Binding Jwt");
-      }
+      var _a;
       if (!this.header || !this.payload || !this.signature) {
         throw new SDJWTException2("Verify Error: Invalid JWT");
       }
+      if (!this.header.alg || this.header.alg === "none" || !this.header.typ || this.header.typ !== KB_JWT_TYP || !this.payload.iat || !this.payload.aud || !this.payload.nonce || // this is for backward compatibility with version 06
+      !(this.payload.sd_hash || ((_a = this.payload) == null ? void 0 : _a._sd_hash))) {
+        throw new SDJWTException2("Invalid Key Binding Jwt");
+      }
       const header = Base64urlEncode2(JSON.stringify(this.header));
       const payload = Base64urlEncode2(JSON.stringify(this.payload));
       const data = `${header}.${payload}`;
@@ -172,6 +175,7 @@ import {
   SD_SEPARATOR
 } from "@sd-jwt/types";
 import { createHashMapping, getSDAlgAndPayload, unpack } from "@sd-jwt/decode";
+import { transformPresentationFrame } from "@sd-jwt/present";
 var SDJwt = class _SDJwt {
   constructor(data) {
     this.jwt = data == null ? void 0 : data.jwt;
@@ -216,7 +220,7 @@ var SDJwt = class _SDJwt {
       });
     });
   }
-  present(keys, hasher) {
+  present(presentFrame, hasher) {
     return __async(this, null, function* () {
       var _a;
       if (!((_a = this.jwt) == null ? void 0 : _a.payload) || !this.disclosures) {
@@ -230,14 +234,8 @@ var SDJwt = class _SDJwt {
         this.disclosures,
         hasher
       );
-      const presentableKeys = Object.keys(disclosureKeymap);
-      const missingKeys = keys.filter((k) => !presentableKeys.includes(k));
-      if (missingKeys.length > 0) {
-        throw new SDJWTException3(
-          `Invalid sd-jwt: invalid present keys: ${missingKeys.join(", ")}`
-        );
-      }
-      const disclosures = keys.map((k) => hashmap[disclosureKeymap[k]]);
+      const keys = presentFrame ? transformPresentationFrame(presentFrame) : yield this.presentableKeys(hasher);
+      const disclosures = keys.map((k) => hashmap[disclosureKeymap[k]]).filter((d) => d !== void 0);
       const presentSDJwt = new _SDJwt({
         jwt: this.jwt,
         disclosures,
@@ -489,11 +487,9 @@ var _SDJwtInstance = class _SDJwtInstance {
   validateReservedFields(disclosureFrame) {
     return;
   }
-  present(encodedSDJwt, presentationKeys, options) {
+  present(encodedSDJwt, presentationFrame, options) {
     return __async(this, null, function* () {
       var _a;
-      if (!presentationKeys)
-        return encodedSDJwt;
       if (!this.userConfig.hasher) {
         throw new SDJWTException4("Hasher not found");
       }
@@ -502,7 +498,7 @@ var _SDJwtInstance = class _SDJwtInstance {
       if (!((_a = sdjwt.jwt) == null ? void 0 : _a.payload))
         throw new SDJWTException4("Payload not found");
       const presentSdJwtWithoutKb = yield sdjwt.present(
-        presentationKeys.sort(),
+        presentationFrame,
         hasher
       );
       if (!(options == null ? void 0 : options.kb)) {
@@ -514,7 +510,7 @@ var _SDJwtInstance = class _SDJwtInstance {
         hasher
       );
       sdjwt.kbJwt = yield this.createKBJwt(options.kb, sdHashStr);
-      return sdjwt.present(presentationKeys.sort(), hasher);
+      return sdjwt.present(presentationFrame, hasher);
     });
   }
   // This function is for verifying the SD JWT

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sd-jwt/core",
-  "version": "0.3.2-next.99+94f33f1",
+  "version": "0.4.0",
   "description": "sd-jwt draft 7 implementation in typescript",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -38,12 +38,13 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@sd-jwt/crypto-nodejs": "0.3.2-next.99+94f33f1"
+    "@sd-jwt/crypto-nodejs": "0.4.0"
   },
   "dependencies": {
-    "@sd-jwt/decode": "0.3.2-next.99+94f33f1",
-    "@sd-jwt/types": "0.3.2-next.99+94f33f1",
-    "@sd-jwt/utils": "0.3.2-next.99+94f33f1"
+    "@sd-jwt/decode": "0.4.0",
+    "@sd-jwt/present": "0.4.0",
+    "@sd-jwt/types": "0.4.0",
+    "@sd-jwt/utils": "0.4.0"
   },
   "publishConfig": {
     "access": "public"
@@ -61,5 +62,5 @@
       "esm"
     ]
   },
-  "gitHead": "94f33f1931393345ad1d0977adad67d407615607"
+  "gitHead": "391a36550a66833b3d393ff0deb699b1b72cca59"
 }

package/src/index.ts

@@ -7,6 +7,7 @@ import {
   Hasher,
   KBOptions,
   KB_JWT_TYP,
+  PresentationFrame,
   SDJWTCompact,
   SDJWTConfig,
 } from '@sd-jwt/types';
@@ -139,14 +140,13 @@ export class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
     return;
   }
 
-  public async present(
+  public async present<T extends Record<string, unknown>>(
     encodedSDJwt: string,
-    presentationKeys?: string[],
+    presentationFrame?: PresentationFrame<T>,
     options?: {
       kb?: KBOptions;
     },
   ): Promise<SDJWTCompact> {
-    if (!presentationKeys) return encodedSDJwt;
     if (!this.userConfig.hasher) {
       throw new SDJWTException('Hasher not found');
     }
@@ -156,7 +156,7 @@ export class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
 
     if (!sdjwt.jwt?.payload) throw new SDJWTException('Payload not found');
     const presentSdJwtWithoutKb = await sdjwt.present(
-      presentationKeys.sort(),
+      presentationFrame,
       hasher,
     );
 
@@ -171,7 +171,7 @@ export class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
     );
 
     sdjwt.kbJwt = await this.createKBJwt(options.kb, sdHashStr);
-    return sdjwt.present(presentationKeys.sort(), hasher);
+    return sdjwt.present(presentationFrame, hasher);
   }
 
   // This function is for verifying the SD JWT

package/src/jwt.ts

@@ -98,7 +98,7 @@ export class Jwt<
     const payload = Base64urlEncode(JSON.stringify(this.payload));
     const data = `${header}.${payload}`;
 
-    const verified = verifier(data, this.signature);
+    const verified = await verifier(data, this.signature);
     if (!verified) {
       throw new SDJWTException('Verify Error: Invalid JWT Signature');
     }

package/src/kbjwt.ts

@@ -1,6 +1,12 @@
 import { Base64urlEncode, SDJWTException } from '@sd-jwt/utils';
 import { Jwt } from './jwt';
-import { JwtPayload, kbHeader, kbPayload, KbVerifier } from '@sd-jwt/types';
+import {
+  JwtPayload,
+  KB_JWT_TYP,
+  kbHeader,
+  kbPayload,
+  KbVerifier,
+} from '@sd-jwt/types';
 
 export class KBJwt<
   Header extends kbHeader = kbHeader,
@@ -9,23 +15,26 @@ export class KBJwt<
   // Checking the validity of the key binding jwt
   // the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
   public async verifyKB(values: { verifier: KbVerifier; payload: JwtPayload }) {
+    if (!this.header || !this.payload || !this.signature) {
+      throw new SDJWTException('Verify Error: Invalid JWT');
+    }
+
     if (
-      !this.header?.alg ||
+      !this.header.alg ||
+      this.header.alg === 'none' ||
       !this.header.typ ||
-      !this.payload?.iat ||
-      !this.payload?.aud ||
-      !this.payload?.nonce ||
+      this.header.typ !== KB_JWT_TYP ||
+      !this.payload.iat ||
+      !this.payload.aud ||
+      !this.payload.nonce ||
       // this is for backward compatibility with version 06
       !(
-        this.payload?.sd_hash ||
+        this.payload.sd_hash ||
         (this.payload as Record<string, unknown> | undefined)?._sd_hash
       )
     ) {
       throw new SDJWTException('Invalid Key Binding Jwt');
     }
-    if (!this.header || !this.payload || !this.signature) {
-      throw new SDJWTException('Verify Error: Invalid JWT');
-    }
 
     const header = Base64urlEncode(JSON.stringify(this.header));
     const payload = Base64urlEncode(JSON.stringify(this.payload));

package/src/sdjwt.ts

@@ -6,19 +6,18 @@ import {
   DisclosureFrame,
   Hasher,
   HasherAndAlg,
-  KBOptions,
-  KB_JWT_TYP,
+  PresentationFrame,
   SDJWTCompact,
   SD_DECOY,
   SD_DIGEST,
   SD_LIST_KEY,
   SD_SEPARATOR,
   SaltGenerator,
-  Signer,
   kbHeader,
   kbPayload,
 } from '@sd-jwt/types';
 import { createHashMapping, getSDAlgAndPayload, unpack } from '@sd-jwt/decode';
+import { transformPresentationFrame } from '@sd-jwt/present';
 
 export type SDJwtData<
   Header extends Record<string, unknown>,
@@ -117,7 +116,10 @@ export class SDJwt<
     });
   }
 
-  public async present(keys: string[], hasher: Hasher): Promise<SDJWTCompact> {
+  public async present<T extends Record<string, unknown>>(
+    presentFrame: PresentationFrame<T> | undefined,
+    hasher: Hasher,
+  ): Promise<SDJWTCompact> {
     if (!this.jwt?.payload || !this.disclosures) {
       throw new SDJWTException('Invalid sd-jwt: jwt or disclosures is missing');
     }
@@ -130,15 +132,12 @@ export class SDJwt<
       hasher,
     );
 
-    const presentableKeys = Object.keys(disclosureKeymap);
-    const missingKeys = keys.filter((k) => !presentableKeys.includes(k));
-    if (missingKeys.length > 0) {
-      throw new SDJWTException(
-        `Invalid sd-jwt: invalid present keys: ${missingKeys.join(', ')}`,
-      );
-    }
-
-    const disclosures = keys.map((k) => hashmap[disclosureKeymap[k]]);
+    const keys = presentFrame
+      ? transformPresentationFrame(presentFrame)
+      : await this.presentableKeys(hasher);
+    const disclosures = keys
+      .map((k) => hashmap[disclosureKeymap[k]])
+      .filter((d) => d !== undefined);
     const presentSDJwt = new SDJwt({
       jwt: this.jwt,
       disclosures,

package/src/test/index.spec.ts

@@ -1,9 +1,8 @@
 import { SDJwtInstance, SdJwtPayload } from '../index';
-import { Signer, Verifier } from '@sd-jwt/types';
+import { Signer, Verifier, KbVerifier, JwtPayload } from '@sd-jwt/types';
 import Crypto, { KeyLike } from 'node:crypto';
 import { describe, expect, test } from 'vitest';
 import { digest, generateSalt } from '@sd-jwt/crypto-nodejs';
-import { KbVerifier, JwtPayload } from '@sd-jwt/types';
 import { importJWK, exportJWK, JWK } from 'jose';
 
 export const createSignerVerifier = () => {
@@ -54,15 +53,19 @@ describe('index', () => {
 
     expect(credential).toBeDefined();
 
-    const presentation = await sdjwt.present(credential, ['foo'], {
-      kb: {
-        payload: {
-          aud: '1',
-          iat: 1,
-          nonce: '342',
+    const presentation = await sdjwt.present(
+      credential,
+      { foo: true },
+      {
+        kb: {
+          payload: {
+            aud: '1',
+            iat: 1,
+            nonce: '342',
+          },
         },
       },
-    });
+    );
 
     expect(presentation).toBeDefined();
   });
@@ -164,15 +167,19 @@ describe('index', () => {
       },
     );
 
-    const presentation = await sdjwt.present(credential, ['foo'], {
-      kb: {
-        payload: {
-          aud: '',
-          iat: 1,
-          nonce: '342',
+    const presentation = await sdjwt.present(
+      credential,
+      { foo: true },
+      {
+        kb: {
+          payload: {
+            aud: '',
+            iat: 1,
+            nonce: '342',
+          },
         },
       },
-    });
+    );
 
     try {
       await sdjwt.verify(presentation);
@@ -236,15 +243,19 @@ describe('index', () => {
       },
     );
 
-    const presentation = await sdjwt.present(credential, ['foo'], {
-      kb: {
-        payload: {
-          aud: '1',
-          iat: 1,
-          nonce: '342',
+    const presentation = await sdjwt.present(
+      credential,
+      { foo: true },
+      {
+        kb: {
+          payload: {
+            aud: '1',
+            iat: 1,
+            nonce: '342',
+          },
         },
       },
-    });
+    );
 
     const results = await sdjwt.verify(presentation, ['foo'], true);
     expect(results).toBeDefined();
@@ -342,15 +353,19 @@ describe('index', () => {
       },
     );
 
-    const presentation = await sdjwt.present(credential, ['foo'], {
-      kb: {
-        payload: {
-          aud: '1',
-          iat: 1,
-          nonce: '342',
+    const presentation = await sdjwt.present(
+      credential,
+      { foo: true },
+      {
+        kb: {
+          payload: {
+            aud: '1',
+            iat: 1,
+            nonce: '342',
+          },
         },
       },
-    });
+    );
     try {
       const results = await sdjwt.verify(presentation, ['foo'], true);
     } catch (e) {
@@ -382,15 +397,19 @@ describe('index', () => {
       },
     );
     try {
-      const presentation = await sdjwt.present(credential, ['foo'], {
-        kb: {
-          payload: {
-            aud: '1',
-            iat: 1,
-            nonce: '342',
+      const presentation = await sdjwt.present(
+        credential,
+        { foo: true },
+        {
+          kb: {
+            payload: {
+              aud: '1',
+              iat: 1,
+              nonce: '342',
+            },
           },
         },
-      });
+      );
     } catch (e) {
       expect(e).toBeDefined();
     }
@@ -420,15 +439,19 @@ describe('index', () => {
       },
     );
 
-    const presentation = await sdjwt.present(credential, ['foo'], {
-      kb: {
-        payload: {
-          aud: '1',
-          iat: 1,
-          nonce: '342',
+    const presentation = await sdjwt.present(
+      credential,
+      { foo: true },
+      {
+        kb: {
+          payload: {
+            aud: '1',
+            iat: 1,
+            nonce: '342',
+          },
         },
       },
-    });
+    );
     try {
       const results = await sdjwt.verify(presentation, ['foo'], true);
     } catch (e) {
@@ -459,15 +482,19 @@ describe('index', () => {
       },
     );
 
-    const presentation = sdjwt.present(credential, ['foo'], {
-      kb: {
-        payload: {
-          aud: '1',
-          iat: 1,
-          nonce: '342',
+    const presentation = sdjwt.present(
+      credential,
+      { foo: true },
+      {
+        kb: {
+          payload: {
+            aud: '1',
+            iat: 1,
+            nonce: '342',
+          },
         },
       },
-    });
+    );
     expect(presentation).rejects.toThrow(
       'Key Binding sign algorithm not specified',
     );
@@ -497,7 +524,7 @@ describe('index', () => {
     expect(sdjwt.presentableKeys('')).rejects.toThrow('Hasher not found');
     expect(sdjwt.getClaims('')).rejects.toThrow('Hasher not found');
     expect(() => sdjwt.decode('')).toThrowError('Hasher not found');
-    expect(sdjwt.present(credential, ['foo'])).rejects.toThrow(
+    expect(sdjwt.present(credential, { foo: true })).rejects.toThrow(
       'Hasher not found',
     );
   });
@@ -525,4 +552,42 @@ describe('index', () => {
     expect(keys).toBeDefined();
     expect(keys).toEqual(['foo']);
   });
+
+  test('present all disclosures with kb jwt', async () => {
+    const { signer } = createSignerVerifier();
+    const sdjwt = new SDJwtInstance<SdJwtPayload>({
+      signer,
+      kbSigner: signer,
+      hasher: digest,
+      saltGenerator: generateSalt,
+      signAlg: 'EdDSA',
+      kbSignAlg: 'EdDSA',
+    });
+    const credential = await sdjwt.issue(
+      {
+        foo: 'bar',
+        iss: 'Issuer',
+        iat: new Date().getTime(),
+        vct: '',
+      },
+      {
+        _sd: ['foo'],
+      },
+    );
+
+    const presentation = await sdjwt.present(credential, undefined, {
+      kb: {
+        payload: {
+          aud: '1',
+          iat: 1,
+          nonce: '342',
+        },
+      },
+    });
+
+    const decoded = await sdjwt.decode(presentation);
+    expect(decoded.jwt).toBeDefined();
+    expect(decoded.disclosures).toBeDefined();
+    expect(decoded.kbJwt).toBeDefined();
+  });
 });

package/test/app-e2e.spec.ts

@@ -1,6 +1,11 @@
 import Crypto from 'node:crypto';
 import { SDJwtInstance, SdJwtPayload } from '../src';
-import { DisclosureFrame, Signer, Verifier } from '@sd-jwt/types';
+import {
+  DisclosureFrame,
+  PresentationFrame,
+  Signer,
+  Verifier,
+} from '@sd-jwt/types';
 import fs from 'fs';
 import path from 'path';
 import { describe, expect, test } from 'vitest';
@@ -105,7 +110,10 @@ describe('App', () => {
       'id',
     ]);
 
-    const presentationFrame = ['firstname', 'id'];
+    const presentationFrame = {
+      firstname: true,
+      id: true,
+    };
     const presentedSDJwt = await sdjwt.present(encodedSdjwt, presentationFrame);
     expect(presentedSDJwt).toBeDefined();
 
@@ -215,7 +223,7 @@ async function JSONtest(filename: string) {
 
   const presentedSDJwt = await sdjwt.present(
     encodedSdjwt,
-    test.presentationKeys,
+    test.presentationFrames,
   );
 
   expect(presentedSDJwt).toBeDefined();
@@ -236,7 +244,7 @@ async function JSONtest(filename: string) {
 type TestJson = {
   claims: SdJwtPayload;
   disclosureFrame: DisclosureFrame<SdJwtPayload>;
-  presentationKeys: string[];
+  presentationFrames: PresentationFrame<SdJwtPayload>;
   presenatedClaims: object;
   requiredClaimKeys: string[];
 };

package/test/array_data_types.json

@@ -7,14 +7,16 @@
       "_sd": [0, 1, 2, 3, 4, 5]
     }
   },
-  "presentationKeys": [
-    "data_types.0",
-    "data_types.1",
-    "data_types.2",
-    "data_types.3",
-    "data_types.4",
-    "data_types.5"
-  ],
+  "presentationFrames": {
+    "data_types": {
+      "0": true,
+      "1": true,
+      "2": true,
+      "3": true,
+      "4": true,
+      "5": true
+    }
+  },
   "presenatedClaims": {
     "data_types": [null, 42, 3.14, "foo", ["Test"], { "foo": "bar" }]
   },

package/test/array_full_sd.json

@@ -11,7 +11,7 @@
       "_sd": ["13", "18", "21"]
     }
   },
-  "presentationKeys": ["is_over.18"],
+  "presentationFrames": { "is_over": { "18": true } },
   "presenatedClaims": {
     "is_over": {
       "18": false

package/test/array_in_sd.json

@@ -5,7 +5,7 @@
   "disclosureFrame": {
     "_sd": ["sd_array"]
   },
-  "presentationKeys": ["sd_array"],
+  "presentationFrames": { "sd_array": true },
   "presenatedClaims": {
     "sd_array": ["32", "23"]
   },

package/test/array_nested_in_plain.json

@@ -12,7 +12,16 @@
       }
     }
   },
-  "presentationKeys": ["nested_array.0.0", "nested_array.1.1"],
+  "presentationFrames": {
+    "nested_array": {
+      "0": {
+        "0": true
+      },
+      "1": {
+        "1": true
+      }
+    }
+  },
   "presenatedClaims": {
     "nested_array": [["foo"], ["qux"]]
   },

package/test/array_none_disclosed.json

@@ -11,7 +11,7 @@
       "_sd": ["13", "18", "21"]
     }
   },
-  "presentationKeys": [],
+  "presentationFrames": {},
   "presenatedClaims": {},
   "requiredClaimKeys": []
 }

package/test/array_of_nulls.json

@@ -7,7 +7,7 @@
       "_sd": [1, 2]
     }
   },
-  "presentationKeys": [],
+  "presentationFrames": {},
   "presenatedClaims": {
     "null_values": [null, null]
   },

package/test/array_of_objects.json

@@ -28,7 +28,14 @@
       "_sd": ["foo"]
     }
   },
-  "presentationKeys": ["addresses.1", "array_with_one_sd_object.foo"],
+  "presentationFrames": {
+    "addresses": {
+      "1": true
+    },
+    "array_with_one_sd_object": {
+      "foo": true
+    }
+  },
   "presenatedClaims": {
     "addresses": [
       {

package/test/array_of_scalars.json

@@ -7,7 +7,11 @@
       "_sd": [0, 1]
     }
   },
-  "presentationKeys": ["nationalities.1"],
+  "presentationFrames": {
+    "nationalities": {
+      "1": true
+    }
+  },
   "presenatedClaims": {
     "nationalities": ["CA", "DE"]
   },

package/test/array_recursive_sd.json

@@ -26,7 +26,7 @@
       "_sd": [0, 1]
     }
   },
-  "presentationKeys": [],
+  "presentationFrames": {},
   "presenatedClaims": {
     "array_with_recursive_sd": ["boring", []],
     "test2": []

package/test/array_recursive_sd_some_disclosed.json

@@ -25,12 +25,20 @@
       "_sd": [0, 1]
     }
   },
-  "presentationKeys": [
-    "array_with_recursive_sd.1.baz",
-    "array_with_recursive_sd.2.1",
-    "test2.0",
-    "test2.1"
-  ],
+  "presentationFrames": {
+    "array_with_recursive_sd": {
+      "1": {
+        "baz": true
+      },
+      "2": {
+        "1": true
+      }
+    },
+    "test2": {
+      "0": true,
+      "1": true
+    }
+  },
   "presenatedClaims": {
     "array_with_recursive_sd": [
       "boring",

package/test/complex.json

@@ -31,7 +31,7 @@
       "_sd": ["hi"]
     }
   },
-  "presentationKeys": ["firstname", "id"],
+  "presentationFrames": { "firstname": true, "id": true },
   "presenatedClaims": {
     "lastname": "Doe",
     "ssn": "123-45-6789",

package/test/header_mod.json

@@ -24,7 +24,11 @@
       "birthdate"
     ]
   },
-  "presentationKeys": ["given_name", "family_name", "address"],
+  "presentationFrames": {
+    "given_name": true,
+    "family_name": true,
+    "address": true
+  },
   "presenatedClaims": {
     "given_name": "John",
     "family_name": "Deo",

package/test/json_serialization.json

@@ -24,7 +24,11 @@
       "birthdate"
     ]
   },
-  "presentationKeys": ["given_name", "family_name", "address"],
+  "presentationFrames": {
+    "given_name": true,
+    "family_name": true,
+    "address": true
+  },
   "presenatedClaims": {
     "given_name": "John",
     "family_name": "Deo",

package/test/key_binding.json

@@ -24,7 +24,11 @@
       "birthdate"
     ]
   },
-  "presentationKeys": ["given_name", "family_name", "address"],
+  "presentationFrames": {
+    "given_name": true,
+    "family_name": true,
+    "address": true
+  },
   "presenatedClaims": {
     "given_name": "John",
     "family_name": "Deo",

package/test/no_sd.json

@@ -13,7 +13,7 @@
     "test2": ["foo", "bar"]
   },
   "disclosureFrame": {},
-  "presentationKeys": [],
+  "presentationFrames": {},
   "presenatedClaims": {
     "recursive": [
       "boring",

package/test/object_data_types.json

@@ -25,15 +25,17 @@
       ]
     }
   },
-  "presentationKeys": [
-    "value_Data_types.test_null",
-    "value_Data_types.test_int",
-    "value_Data_types.test_float",
-    "value_Data_types.test_str",
-    "value_Data_types.test_bool",
-    "value_Data_types.test_arr",
-    "value_Data_types.test_object"
-  ],
+  "presentationFrames": {
+    "value_Data_types": {
+      "test_null": true,
+      "test_int": true,
+      "test_float": true,
+      "test_str": true,
+      "test_bool": true,
+      "test_arr": true,
+      "test_object": true
+    }
+  },
   "presenatedClaims": {
     "value_Data_types": {
       "test_null": null,

package/test/recursions.json

@@ -50,23 +50,42 @@
       }
     }
   },
-  "presentationKeys": [
-    "foo.1",
-    "bar.green",
-    "qux.0",
-    "qux.0.0",
-    "qux.0.1",
-    "baz.0",
-    "baz.0.0",
-    "baz.0.1",
-    "baz.1",
-    "baz.1.0",
-    "baz.1.1",
-    "animals.snake",
-    "animals.snake.age",
-    "animals.bird",
-    "animals.bird.age"
-  ],
+  "presentationFrames": {
+    "foo": {
+      "1": true
+    },
+    "bar": {
+      "green": true
+    },
+    "qux": {
+      "0": {
+        "0": true,
+        "1": true
+      },
+      "1": {
+        "0": true,
+        "1": true
+      }
+    },
+    "baz": {
+      "0": {
+        "0": true,
+        "1": true
+      },
+      "1": {
+        "0": true,
+        "1": true
+      }
+    },
+    "animals": {
+      "snake": {
+        "age": true
+      },
+      "bird": {
+        "age": true
+      }
+    }
+  },
   "presenatedClaims": {
     "foo": ["two"],
     "bar": {