@sphereon/jarm 0.17.0 → 0.17.1-feature.esm.cjs.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +516 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +286 -0
- package/dist/index.d.ts +286 -4
- package/dist/index.js +462 -17
- package/dist/index.js.map +1 -1
- package/package.json +21 -12
- package/dist/index.d.ts.map +0 -1
- package/dist/jarm-auth-response/c-jarm-auth-response.d.ts +0 -55
- package/dist/jarm-auth-response/c-jarm-auth-response.d.ts.map +0 -1
- package/dist/jarm-auth-response/c-jarm-auth-response.js +0 -45
- package/dist/jarm-auth-response/c-jarm-auth-response.js.map +0 -1
- package/dist/jarm-auth-response/index.d.ts +0 -5
- package/dist/jarm-auth-response/index.d.ts.map +0 -1
- package/dist/jarm-auth-response/index.js +0 -21
- package/dist/jarm-auth-response/index.js.map +0 -1
- package/dist/jarm-auth-response/jarm-auth-response.d.ts +0 -48
- package/dist/jarm-auth-response/jarm-auth-response.d.ts.map +0 -1
- package/dist/jarm-auth-response/jarm-auth-response.js +0 -113
- package/dist/jarm-auth-response/jarm-auth-response.js.map +0 -1
- package/dist/jarm-auth-response/v-jarm-auth-response-params.d.ts +0 -31
- package/dist/jarm-auth-response/v-jarm-auth-response-params.d.ts.map +0 -1
- package/dist/jarm-auth-response/v-jarm-auth-response-params.js +0 -67
- package/dist/jarm-auth-response/v-jarm-auth-response-params.js.map +0 -1
- package/dist/jarm-auth-response/v-jarm-direct-post-jwt-auth-response-params.d.ts +0 -18
- package/dist/jarm-auth-response/v-jarm-direct-post-jwt-auth-response-params.d.ts.map +0 -1
- package/dist/jarm-auth-response/v-jarm-direct-post-jwt-auth-response-params.js +0 -38
- package/dist/jarm-auth-response/v-jarm-direct-post-jwt-auth-response-params.js.map +0 -1
- package/dist/jarm-auth-response-send/index.d.ts +0 -2
- package/dist/jarm-auth-response-send/index.d.ts.map +0 -1
- package/dist/jarm-auth-response-send/index.js +0 -18
- package/dist/jarm-auth-response-send/index.js.map +0 -1
- package/dist/jarm-auth-response-send/jarm-auth-response-send.d.ts +0 -17
- package/dist/jarm-auth-response-send/jarm-auth-response-send.d.ts.map +0 -1
- package/dist/jarm-auth-response-send/jarm-auth-response-send.js +0 -67
- package/dist/jarm-auth-response-send/jarm-auth-response-send.js.map +0 -1
- package/dist/metadata/index.d.ts +0 -4
- package/dist/metadata/index.d.ts.map +0 -1
- package/dist/metadata/index.js +0 -20
- package/dist/metadata/index.js.map +0 -1
- package/dist/metadata/jarm-validate-metadata.d.ts +0 -74
- package/dist/metadata/jarm-validate-metadata.d.ts.map +0 -1
- package/dist/metadata/jarm-validate-metadata.js +0 -98
- package/dist/metadata/jarm-validate-metadata.js.map +0 -1
- package/dist/metadata/v-jarm-client-metadata.d.ts +0 -34
- package/dist/metadata/v-jarm-client-metadata.d.ts.map +0 -1
- package/dist/metadata/v-jarm-client-metadata.js +0 -44
- package/dist/metadata/v-jarm-client-metadata.js.map +0 -1
- package/dist/metadata/v-jarm-server-metadata.d.ts +0 -11
- package/dist/metadata/v-jarm-server-metadata.d.ts.map +0 -1
- package/dist/metadata/v-jarm-server-metadata.js +0 -36
- package/dist/metadata/v-jarm-server-metadata.js.map +0 -1
- package/dist/utils.d.ts +0 -17
- package/dist/utils.d.ts.map +0 -1
- package/dist/utils.js +0 -33
- package/dist/utils.js.map +0 -1
- package/dist/v-response-mode-registry.d.ts +0 -30
- package/dist/v-response-mode-registry.d.ts.map +0 -1
- package/dist/v-response-mode-registry.js +0 -90
- package/dist/v-response-mode-registry.js.map +0 -1
- package/dist/v-response-type-registry.d.ts +0 -9
- package/dist/v-response-type-registry.d.ts.map +0 -1
- package/dist/v-response-type-registry.js +0 -38
- package/dist/v-response-type-registry.js.map +0 -1
- package/lib/__tests__/jarm.spec.ts +0 -5
- package/lib/index.ts +0 -3
- package/lib/jarm-auth-response/c-jarm-auth-response.ts +0 -41
- package/lib/jarm-auth-response/index.ts +0 -4
- package/lib/jarm-auth-response/jarm-auth-response.ts +0 -106
- package/lib/jarm-auth-response/v-jarm-auth-response-params.ts +0 -62
- package/lib/jarm-auth-response/v-jarm-direct-post-jwt-auth-response-params.ts +0 -26
- package/lib/jarm-auth-response-send/index.ts +0 -1
- package/lib/jarm-auth-response-send/jarm-auth-response-send.ts +0 -76
- package/lib/metadata/index.ts +0 -3
- package/lib/metadata/jarm-validate-metadata.ts +0 -80
- package/lib/metadata/v-jarm-client-metadata.ts +0 -42
- package/lib/metadata/v-jarm-server-metadata.ts +0 -29
- package/lib/utils.ts +0 -42
- package/lib/v-response-mode-registry.ts +0 -81
- package/lib/v-response-type-registry.ts +0 -23
|
@@ -1,55 +0,0 @@
|
|
|
1
|
-
import * as v from 'valibot';
|
|
2
|
-
import type { JarmAuthResponseParams } from './v-jarm-auth-response-params.js';
|
|
3
|
-
import type { JarmDirectPostJwtResponseParams } from './v-jarm-direct-post-jwt-auth-response-params.js';
|
|
4
|
-
export declare const vAuthRequestParams: v.LooseObjectSchema<{
|
|
5
|
-
readonly state: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
6
|
-
readonly response_mode: v.OptionalSchema<v.UnionSchema<[v.PicklistSchema<["jwt", "query.jwt", "fragment.jwt", "form_post.jwt"], undefined>, v.PicklistSchema<["direct_post.jwt"], undefined>], undefined>, never>;
|
|
7
|
-
readonly client_id: v.StringSchema<undefined>;
|
|
8
|
-
readonly response_type: v.SchemaWithPipe<[v.StringSchema<undefined>, v.TransformAction<string, string>, v.PicklistSchema<["vp_token", "id_token vp_token", "code", "token", "none", "id_token", "code token", "code id_token", "id_token token", "code id_token token"], undefined>]>;
|
|
9
|
-
readonly client_metadata: v.LooseObjectSchema<{
|
|
10
|
-
readonly jwks: v.OptionalSchema<v.ObjectSchema<{
|
|
11
|
-
readonly keys: v.ArraySchema<v.LooseObjectSchema<{
|
|
12
|
-
readonly kid: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
13
|
-
readonly kty: v.StringSchema<undefined>;
|
|
14
|
-
}, undefined>, undefined>;
|
|
15
|
-
}, undefined>, never>;
|
|
16
|
-
readonly jwks_uri: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
17
|
-
}, undefined>;
|
|
18
|
-
}, undefined>;
|
|
19
|
-
export type AuthRequestParams = v.InferInput<typeof vAuthRequestParams>;
|
|
20
|
-
export declare const vOAuthAuthRequestGetParamsOut: v.ObjectSchema<{
|
|
21
|
-
readonly authRequestParams: v.LooseObjectSchema<{
|
|
22
|
-
readonly state: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
23
|
-
readonly response_mode: v.OptionalSchema<v.UnionSchema<[v.PicklistSchema<["jwt", "query.jwt", "fragment.jwt", "form_post.jwt"], undefined>, v.PicklistSchema<["direct_post.jwt"], undefined>], undefined>, never>;
|
|
24
|
-
readonly client_id: v.StringSchema<undefined>;
|
|
25
|
-
readonly response_type: v.SchemaWithPipe<[v.StringSchema<undefined>, v.TransformAction<string, string>, v.PicklistSchema<["vp_token", "id_token vp_token", "code", "token", "none", "id_token", "code token", "code id_token", "id_token token", "code id_token token"], undefined>]>;
|
|
26
|
-
readonly client_metadata: v.LooseObjectSchema<{
|
|
27
|
-
readonly jwks: v.OptionalSchema<v.ObjectSchema<{
|
|
28
|
-
readonly keys: v.ArraySchema<v.LooseObjectSchema<{
|
|
29
|
-
readonly kid: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
30
|
-
readonly kty: v.StringSchema<undefined>;
|
|
31
|
-
}, undefined>, undefined>;
|
|
32
|
-
}, undefined>, never>;
|
|
33
|
-
readonly jwks_uri: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
34
|
-
}, undefined>;
|
|
35
|
-
}, undefined>;
|
|
36
|
-
}, undefined>;
|
|
37
|
-
export type OAuthAuthRequestGetParamsOut = v.InferOutput<typeof vOAuthAuthRequestGetParamsOut>;
|
|
38
|
-
export interface JarmDirectPostJwtAuthResponseValidationContext {
|
|
39
|
-
openid4vp: {
|
|
40
|
-
authRequest: {
|
|
41
|
-
getParams: (input: JarmAuthResponseParams | JarmDirectPostJwtResponseParams) => Promise<OAuthAuthRequestGetParamsOut>;
|
|
42
|
-
};
|
|
43
|
-
};
|
|
44
|
-
jwe: {
|
|
45
|
-
decryptCompact: (input: {
|
|
46
|
-
jwe: string;
|
|
47
|
-
jwk: {
|
|
48
|
-
kid: string;
|
|
49
|
-
};
|
|
50
|
-
}) => Promise<{
|
|
51
|
-
plaintext: string;
|
|
52
|
-
}>;
|
|
53
|
-
};
|
|
54
|
-
}
|
|
55
|
-
//# sourceMappingURL=c-jarm-auth-response.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"c-jarm-auth-response.d.ts","sourceRoot":"","sources":["../../lib/jarm-auth-response/c-jarm-auth-response.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAK7B,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,kDAAkD,CAAC;AAExG,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;aAa7B,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAExE,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;aAExC,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,WAAW,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAE/F,MAAM,WAAW,8CAA8C;IAC7D,SAAS,EAAE;QACT,WAAW,EAAE;YACX,SAAS,EAAE,CAAC,KAAK,EAAE,sBAAsB,GAAG,+BAA+B,KAAK,OAAO,CAAC,4BAA4B,CAAC,CAAC;SACvH,CAAC;KACH,CAAC;IACF,GAAG,EAAE;QACH,cAAc,EAAE,CAAC,KAAK,EAAE;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE;gBAAE,GAAG,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,KAAK,OAAO,CAAC;YAAE,SAAS,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KAClG,CAAC;CACH"}
|
|
@@ -1,45 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.vOAuthAuthRequestGetParamsOut = exports.vAuthRequestParams = void 0;
|
|
27
|
-
const v = __importStar(require("valibot"));
|
|
28
|
-
const v_response_mode_registry_js_1 = require("../v-response-mode-registry.js");
|
|
29
|
-
const v_response_type_registry_js_1 = require("../v-response-type-registry.js");
|
|
30
|
-
exports.vAuthRequestParams = v.looseObject({
|
|
31
|
-
state: v.optional(v.string()),
|
|
32
|
-
response_mode: v.optional(v.union([v_response_mode_registry_js_1.vJarmResponseMode, v_response_mode_registry_js_1.vOpenid4vpJarmResponseMode])),
|
|
33
|
-
client_id: v.string(),
|
|
34
|
-
response_type: v_response_type_registry_js_1.vResponseType,
|
|
35
|
-
client_metadata: v.looseObject({
|
|
36
|
-
jwks: v.optional(v.object({
|
|
37
|
-
keys: v.array(v.looseObject({ kid: v.optional(v.string()), kty: v.string() })),
|
|
38
|
-
})),
|
|
39
|
-
jwks_uri: v.optional(v.string()),
|
|
40
|
-
}),
|
|
41
|
-
});
|
|
42
|
-
exports.vOAuthAuthRequestGetParamsOut = v.object({
|
|
43
|
-
authRequestParams: exports.vAuthRequestParams,
|
|
44
|
-
});
|
|
45
|
-
//# sourceMappingURL=c-jarm-auth-response.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"c-jarm-auth-response.js","sourceRoot":"","sources":["../../lib/jarm-auth-response/c-jarm-auth-response.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,gFAA+F;AAC/F,gFAA+D;AAKlD,QAAA,kBAAkB,GAAG,CAAC,CAAC,WAAW,CAAC;IAC9C,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC7B,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,+CAAiB,EAAE,wDAA0B,CAAC,CAAC,CAAC;IACnF,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,aAAa,EAAE,2CAAa;IAC5B,eAAe,EAAE,CAAC,CAAC,WAAW,CAAC;QAC7B,IAAI,EAAE,CAAC,CAAC,QAAQ,CACd,CAAC,CAAC,MAAM,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;SAC/E,CAAC,CACH;QACD,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACjC,CAAC;CACH,CAAC,CAAC;AAIU,QAAA,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC;IACpD,iBAAiB,EAAE,0BAAkB;CACtC,CAAC,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../lib/jarm-auth-response/index.ts"],"names":[],"mappings":"AAAA,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,kCAAkC,CAAC;AACjD,cAAc,kDAAkD,CAAC"}
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
-
};
|
|
16
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./c-jarm-auth-response.js"), exports);
|
|
18
|
-
__exportStar(require("./jarm-auth-response.js"), exports);
|
|
19
|
-
__exportStar(require("./v-jarm-auth-response-params.js"), exports);
|
|
20
|
-
__exportStar(require("./v-jarm-direct-post-jwt-auth-response-params.js"), exports);
|
|
21
|
-
//# sourceMappingURL=index.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/jarm-auth-response/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4DAA0C;AAC1C,0DAAwC;AACxC,mEAAiD;AACjD,mFAAiE"}
|
|
@@ -1,48 +0,0 @@
|
|
|
1
|
-
import type { JarmDirectPostJwtAuthResponseValidationContext } from './c-jarm-auth-response.js';
|
|
2
|
-
export interface JarmDirectPostJwtAuthResponseValidation {
|
|
3
|
-
/**
|
|
4
|
-
* The JARM response parameter conveyed either as url query param, fragment param, or application/x-www-form-urlencoded in the body of a post request
|
|
5
|
-
*/
|
|
6
|
-
response: string;
|
|
7
|
-
}
|
|
8
|
-
/**
|
|
9
|
-
* Validate a JARM direct_post.jwt compliant authentication response
|
|
10
|
-
* * The decryption key should be resolvable using the the protected header's 'kid' field
|
|
11
|
-
* * The signature verification jwk should be resolvable using the jws protected header's 'kid' field and the payload's 'iss' field.
|
|
12
|
-
*/
|
|
13
|
-
export declare const jarmAuthResponseDirectPostJwtValidate: (input: JarmDirectPostJwtAuthResponseValidation, ctx: JarmDirectPostJwtAuthResponseValidationContext) => Promise<{
|
|
14
|
-
authRequestParams: {
|
|
15
|
-
response_type: string;
|
|
16
|
-
client_metadata: {
|
|
17
|
-
jwks?: {
|
|
18
|
-
keys: ({
|
|
19
|
-
kty: string;
|
|
20
|
-
kid?: string | undefined;
|
|
21
|
-
} & {
|
|
22
|
-
[key: string]: unknown;
|
|
23
|
-
})[];
|
|
24
|
-
} | undefined;
|
|
25
|
-
jwks_uri?: string | undefined;
|
|
26
|
-
} & {
|
|
27
|
-
[key: string]: unknown;
|
|
28
|
-
};
|
|
29
|
-
client_id: string;
|
|
30
|
-
state?: string | undefined;
|
|
31
|
-
response_mode?: "jwt" | "query.jwt" | "fragment.jwt" | "form_post.jwt" | "direct_post.jwt" | undefined;
|
|
32
|
-
} & {
|
|
33
|
-
[key: string]: unknown;
|
|
34
|
-
};
|
|
35
|
-
authResponseParams: {
|
|
36
|
-
vp_token: string | string[];
|
|
37
|
-
presentation_submission: unknown;
|
|
38
|
-
state?: string | undefined;
|
|
39
|
-
iss?: string | undefined;
|
|
40
|
-
exp?: number | undefined;
|
|
41
|
-
aud?: string | undefined;
|
|
42
|
-
nonce?: string | undefined;
|
|
43
|
-
} & {
|
|
44
|
-
[key: string]: unknown;
|
|
45
|
-
};
|
|
46
|
-
type: "signed encrypted" | "encrypted" | "signed";
|
|
47
|
-
}>;
|
|
48
|
-
//# sourceMappingURL=jarm-auth-response.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"jarm-auth-response.d.ts","sourceRoot":"","sources":["../../lib/jarm-auth-response/jarm-auth-response.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAqB,8CAA8C,EAAE,MAAM,2BAA2B,CAAC;AAInH,MAAM,WAAW,uCAAuC;IACtD;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB;AA8BD;;;;GAIG;AACH,eAAO,MAAM,qCAAqC,UACzC,uCAAuC,OACzC,8CAA8C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsDpD,CAAC"}
|
|
@@ -1,113 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
26
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
27
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
28
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
29
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
30
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
31
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
32
|
-
});
|
|
33
|
-
};
|
|
34
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
|
-
exports.jarmAuthResponseDirectPostJwtValidate = void 0;
|
|
36
|
-
const oid4vc_common_1 = require("@sphereon/oid4vc-common");
|
|
37
|
-
const v = __importStar(require("valibot"));
|
|
38
|
-
const v_jarm_auth_response_params_js_1 = require("./v-jarm-auth-response-params.js");
|
|
39
|
-
const v_jarm_direct_post_jwt_auth_response_params_js_1 = require("./v-jarm-direct-post-jwt-auth-response-params.js");
|
|
40
|
-
const parseJarmAuthResponseParams = (schema, responseParams) => {
|
|
41
|
-
if (v.is(v_jarm_auth_response_params_js_1.vJarmAuthResponseErrorParams, responseParams)) {
|
|
42
|
-
const errorResponseJson = JSON.stringify(responseParams, undefined, 2);
|
|
43
|
-
throw new Error(`Received error response from authorization server. '${errorResponseJson}'`);
|
|
44
|
-
}
|
|
45
|
-
return v.parse(schema, responseParams);
|
|
46
|
-
};
|
|
47
|
-
const decryptJarmAuthResponse = (input, ctx) => __awaiter(void 0, void 0, void 0, function* () {
|
|
48
|
-
const { response } = input;
|
|
49
|
-
const responseProtectedHeader = (0, oid4vc_common_1.decodeProtectedHeader)(response);
|
|
50
|
-
if (!responseProtectedHeader.kid) {
|
|
51
|
-
throw new Error(`Jarm JWE is missing the protected header field 'kid'.`);
|
|
52
|
-
}
|
|
53
|
-
const { plaintext } = yield ctx.jwe.decryptCompact({
|
|
54
|
-
jwe: response,
|
|
55
|
-
jwk: { kid: responseProtectedHeader.kid },
|
|
56
|
-
});
|
|
57
|
-
return plaintext;
|
|
58
|
-
});
|
|
59
|
-
/**
|
|
60
|
-
* Validate a JARM direct_post.jwt compliant authentication response
|
|
61
|
-
* * The decryption key should be resolvable using the the protected header's 'kid' field
|
|
62
|
-
* * The signature verification jwk should be resolvable using the jws protected header's 'kid' field and the payload's 'iss' field.
|
|
63
|
-
*/
|
|
64
|
-
const jarmAuthResponseDirectPostJwtValidate = (input, ctx) => __awaiter(void 0, void 0, void 0, function* () {
|
|
65
|
-
const { response } = input;
|
|
66
|
-
const responseIsEncrypted = (0, oid4vc_common_1.isJwe)(response);
|
|
67
|
-
const decryptedResponse = responseIsEncrypted ? yield decryptJarmAuthResponse(input, ctx) : response;
|
|
68
|
-
const responseIsSigned = (0, oid4vc_common_1.isJws)(decryptedResponse);
|
|
69
|
-
if (!responseIsEncrypted && !responseIsSigned) {
|
|
70
|
-
throw new Error('Jarm Auth Response must be either encrypted, signed, or signed and encrypted.');
|
|
71
|
-
}
|
|
72
|
-
let authResponseParams;
|
|
73
|
-
let authRequestParams;
|
|
74
|
-
if (responseIsSigned) {
|
|
75
|
-
throw new Error('Signed JARM responses are not supported.');
|
|
76
|
-
//const jwsProtectedHeader = decodeProtectedHeader(decryptedResponse);
|
|
77
|
-
//const jwsPayload = decodeJwt(decryptedResponse);
|
|
78
|
-
//const schema = v.required(vJarmDirectPostJwtParams, ['iss', 'aud', 'exp']);
|
|
79
|
-
//const responseParams = parseJarmAuthResponseParams(schema, jwsPayload);
|
|
80
|
-
//({ authRequestParams } = await ctx.openid4vp.authRequest.getParams(responseParams));
|
|
81
|
-
//if (!jwsProtectedHeader.kid) {
|
|
82
|
-
//throw new Error(`Jarm JWS is missing the protected header field 'kid'.`);
|
|
83
|
-
//}
|
|
84
|
-
//await ctx.jose.jws.verifyJwt({
|
|
85
|
-
//jws: decryptedResponse,
|
|
86
|
-
//jwk: { kid: jwsProtectedHeader.kid, kty: 'auto' },
|
|
87
|
-
//});
|
|
88
|
-
//authResponseParams = responseParams;
|
|
89
|
-
}
|
|
90
|
-
else {
|
|
91
|
-
const jsonResponse = JSON.parse(decryptedResponse);
|
|
92
|
-
authResponseParams = parseJarmAuthResponseParams(v_jarm_direct_post_jwt_auth_response_params_js_1.vJarmDirectPostJwtParams, jsonResponse);
|
|
93
|
-
({ authRequestParams } = yield ctx.openid4vp.authRequest.getParams(authResponseParams));
|
|
94
|
-
}
|
|
95
|
-
(0, v_jarm_direct_post_jwt_auth_response_params_js_1.jarmAuthResponseDirectPostValidateParams)({
|
|
96
|
-
authRequestParams,
|
|
97
|
-
authResponseParams,
|
|
98
|
-
});
|
|
99
|
-
let type;
|
|
100
|
-
if (responseIsSigned && responseIsEncrypted)
|
|
101
|
-
type = 'signed encrypted';
|
|
102
|
-
else if (responseIsEncrypted)
|
|
103
|
-
type = 'encrypted';
|
|
104
|
-
else
|
|
105
|
-
type = 'signed';
|
|
106
|
-
return {
|
|
107
|
-
authRequestParams,
|
|
108
|
-
authResponseParams,
|
|
109
|
-
type,
|
|
110
|
-
};
|
|
111
|
-
});
|
|
112
|
-
exports.jarmAuthResponseDirectPostJwtValidate = jarmAuthResponseDirectPostJwtValidate;
|
|
113
|
-
//# sourceMappingURL=jarm-auth-response.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"jarm-auth-response.js","sourceRoot":"","sources":["../../lib/jarm-auth-response/jarm-auth-response.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2DAA8E;AAC9E,2CAA6B;AAK7B,qFAAgF;AAChF,qHAAsI;AAStI,MAAM,2BAA2B,GAAG,CAClC,MAAc,EACd,cAAuB,EACvB,EAAE;IACF,IAAI,CAAC,CAAC,EAAE,CAAC,6DAA4B,EAAE,cAAc,CAAC,EAAE,CAAC;QACvD,MAAM,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,uDAAuD,iBAAiB,GAAG,CAAC,CAAC;IAC/F,CAAC;IAED,OAAO,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAAO,KAA2B,EAAE,GAAmD,EAAE,EAAE;IACzH,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAE3B,MAAM,uBAAuB,GAAG,IAAA,qCAAqB,EAAC,QAAQ,CAAC,CAAC;IAChE,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC;QACjD,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,EAAE,GAAG,EAAE,uBAAuB,CAAC,GAAG,EAAE;KAC1C,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;AACnB,CAAC,CAAA,CAAC;AAEF;;;;GAIG;AACI,MAAM,qCAAqC,GAAG,CACnD,KAA8C,EAC9C,GAAmD,EACnD,EAAE;IACF,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAE3B,MAAM,mBAAmB,GAAG,IAAA,qBAAK,EAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,CAAC,CAAC,MAAM,uBAAuB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IAErG,MAAM,gBAAgB,GAAG,IAAA,qBAAK,EAAC,iBAAiB,CAAC,CAAC;IAClD,IAAI,CAAC,mBAAmB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAC;IACnG,CAAC;IAED,IAAI,kBAAmD,CAAC;IACxD,IAAI,iBAAoC,CAAC;IAEzC,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC5D,sEAAsE;QACtE,kDAAkD;QAElD,6EAA6E;QAC7E,yEAAyE;QACzE,sFAAsF;QAEtF,gCAAgC;QAChC,2EAA2E;QAC3E,GAAG;QAEH,gCAAgC;QAChC,yBAAyB;QACzB,oDAAoD;QACpD,KAAK;QACL,sCAAsC;IACxC,CAAC;SAAM,CAAC;QACN,MAAM,YAAY,GAAY,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC5D,kBAAkB,GAAG,2BAA2B,CAAC,yEAAwB,EAAE,YAAY,CAAC,CAAC;QACzF,CAAC,EAAE,iBAAiB,EAAE,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC1F,CAAC;IAED,IAAA,yFAAwC,EAAC;QACvC,iBAAiB;QACjB,kBAAkB;KACnB,CAAC,CAAC;IAEH,IAAI,IAAiD,CAAC;IACtD,IAAI,gBAAgB,IAAI,mBAAmB;QAAE,IAAI,GAAG,kBAAkB,CAAC;SAClE,IAAI,mBAAmB;QAAE,IAAI,GAAG,WAAW,CAAC;;QAC5C,IAAI,GAAG,QAAQ,CAAC;IAErB,OAAO;QACL,iBAAiB;QACjB,kBAAkB;QAClB,IAAI;KACL,CAAC;AACJ,CAAC,CAAA,CAAC;AAxDW,QAAA,qCAAqC,yCAwDhD"}
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
import * as v from 'valibot';
|
|
2
|
-
export declare const vJarmAuthResponseErrorParams: v.LooseObjectSchema<{
|
|
3
|
-
readonly error: v.StringSchema<undefined>;
|
|
4
|
-
readonly state: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
5
|
-
readonly error_description: v.SchemaWithPipe<[v.OptionalSchema<v.StringSchema<undefined>, never>, v.DescriptionAction<string | undefined, "Text providing additional information, used to assist the client developer in understanding the error that occurred.">]>;
|
|
6
|
-
readonly error_uri: v.SchemaWithPipe<[v.OptionalSchema<v.SchemaWithPipe<[v.StringSchema<undefined>, v.UrlAction<string, undefined>]>, never>, v.DescriptionAction<string | undefined, "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error">]>;
|
|
7
|
-
}, undefined>;
|
|
8
|
-
export declare const vJarmAuthResponseParams: v.LooseObjectSchema<{
|
|
9
|
-
readonly state: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
10
|
-
/**
|
|
11
|
-
* The issuer URL of the authorization server that created the response
|
|
12
|
-
*/
|
|
13
|
-
readonly iss: v.StringSchema<undefined>;
|
|
14
|
-
/**
|
|
15
|
-
* Expiration of the JWT
|
|
16
|
-
*/
|
|
17
|
-
readonly exp: v.NumberSchema<undefined>;
|
|
18
|
-
/**
|
|
19
|
-
* The client_id of the client the response is intended for
|
|
20
|
-
*/
|
|
21
|
-
readonly aud: v.StringSchema<undefined>;
|
|
22
|
-
}, undefined>;
|
|
23
|
-
export type JarmAuthResponseParams = v.InferInput<typeof vJarmAuthResponseParams>;
|
|
24
|
-
export declare const validateJarmAuthResponseParams: (input: {
|
|
25
|
-
authRequestParams: {
|
|
26
|
-
client_id: string;
|
|
27
|
-
state?: string;
|
|
28
|
-
};
|
|
29
|
-
authResponseParams: JarmAuthResponseParams;
|
|
30
|
-
}) => void;
|
|
31
|
-
//# sourceMappingURL=v-jarm-auth-response-params.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"v-jarm-auth-response-params.d.ts","sourceRoot":"","sources":["../../lib/jarm-auth-response/v-jarm-auth-response-params.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAE7B,eAAO,MAAM,4BAA4B;;;;;aAevC,CAAC;AAEH,eAAO,MAAM,uBAAuB;;IAGlC;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;aAEH,CAAC;AAEH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,UAAU,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAElF,eAAO,MAAM,8BAA8B,UAAW;IACpD,iBAAiB,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACzD,kBAAkB,EAAE,sBAAsB,CAAC;CAC5C,SAiBA,CAAC"}
|
|
@@ -1,67 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.validateJarmAuthResponseParams = exports.vJarmAuthResponseParams = exports.vJarmAuthResponseErrorParams = void 0;
|
|
27
|
-
const oid4vc_common_1 = require("@sphereon/oid4vc-common");
|
|
28
|
-
const v = __importStar(require("valibot"));
|
|
29
|
-
exports.vJarmAuthResponseErrorParams = v.looseObject({
|
|
30
|
-
error: v.string(),
|
|
31
|
-
state: v.optional(v.string()),
|
|
32
|
-
error_description: v.pipe(v.optional(v.string()), v.description('Text providing additional information, used to assist the client developer in understanding the error that occurred.')),
|
|
33
|
-
error_uri: v.pipe(v.optional(v.pipe(v.string(), v.url())), v.description('A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error')),
|
|
34
|
-
});
|
|
35
|
-
exports.vJarmAuthResponseParams = v.looseObject({
|
|
36
|
-
state: v.optional(v.string()),
|
|
37
|
-
/**
|
|
38
|
-
* The issuer URL of the authorization server that created the response
|
|
39
|
-
*/
|
|
40
|
-
iss: v.string(),
|
|
41
|
-
/**
|
|
42
|
-
* Expiration of the JWT
|
|
43
|
-
*/
|
|
44
|
-
exp: v.number(),
|
|
45
|
-
/**
|
|
46
|
-
* The client_id of the client the response is intended for
|
|
47
|
-
*/
|
|
48
|
-
aud: v.string(),
|
|
49
|
-
});
|
|
50
|
-
const validateJarmAuthResponseParams = (input) => {
|
|
51
|
-
const { authRequestParams, authResponseParams } = input;
|
|
52
|
-
// 2. The client obtains the state parameter from the JWT and checks its binding to the user agent. If the check fails, the client MUST abort processing and refuse the response.
|
|
53
|
-
if (authRequestParams.state !== authResponseParams.state) {
|
|
54
|
-
throw new Error(`State missmatch in jarm-auth-response. Expected '${authRequestParams.state}' received '${authRequestParams.state}'.`);
|
|
55
|
-
}
|
|
56
|
-
// 4. The client obtains the aud element from the JWT and checks whether it matches the client id the client used to identify itself in the corresponding authorization request. If the check fails, the client MUST abort processing and refuse the response.
|
|
57
|
-
if (authRequestParams.client_id !== authResponseParams.aud) {
|
|
58
|
-
throw new Error(`Invalid audience in jarm-auth-response. Expected '${authRequestParams.client_id}' received '${authResponseParams.aud}'.`);
|
|
59
|
-
}
|
|
60
|
-
// 5. The client checks the JWT's exp element to determine if the JWT is still valid. If the check fails, the client MUST abort processing and refuse the response.
|
|
61
|
-
// 120 seconds clock skew
|
|
62
|
-
if ((0, oid4vc_common_1.checkExp)({ exp: authResponseParams.exp })) {
|
|
63
|
-
throw new Error(`The '${authRequestParams.state}' and the jarm-auth-response.`);
|
|
64
|
-
}
|
|
65
|
-
};
|
|
66
|
-
exports.validateJarmAuthResponseParams = validateJarmAuthResponseParams;
|
|
67
|
-
//# sourceMappingURL=v-jarm-auth-response-params.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"v-jarm-auth-response-params.js","sourceRoot":"","sources":["../../lib/jarm-auth-response/v-jarm-auth-response-params.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2DAAmD;AACnD,2CAA6B;AAEhB,QAAA,4BAA4B,GAAG,CAAC,CAAC,WAAW,CAAC;IACxD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAE7B,iBAAiB,EAAE,CAAC,CAAC,IAAI,CACvB,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EACtB,CAAC,CAAC,WAAW,CAAC,sHAAsH,CAAC,CACtI;IAED,SAAS,EAAE,CAAC,CAAC,IAAI,CACf,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,EACvC,CAAC,CAAC,WAAW,CACX,gKAAgK,CACjK,CACF;CACF,CAAC,CAAC;AAEU,QAAA,uBAAuB,GAAG,CAAC,CAAC,WAAW,CAAC;IACnD,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAE7B;;OAEG;IACH,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;IAEf;;OAEG;IACH,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;IAEf;;OAEG;IACH,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;CAChB,CAAC,CAAC;AAII,MAAM,8BAA8B,GAAG,CAAC,KAG9C,EAAE,EAAE;IACH,MAAM,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,GAAG,KAAK,CAAC;IACxD,iLAAiL;IACjL,IAAI,iBAAiB,CAAC,KAAK,KAAK,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,oDAAoD,iBAAiB,CAAC,KAAK,eAAe,iBAAiB,CAAC,KAAK,IAAI,CAAC,CAAC;IACzI,CAAC;IAED,8PAA8P;IAC9P,IAAI,iBAAiB,CAAC,SAAS,KAAK,kBAAkB,CAAC,GAAG,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,qDAAqD,iBAAiB,CAAC,SAAS,eAAe,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7I,CAAC;IAED,mKAAmK;IACnK,yBAAyB;IACzB,IAAI,IAAA,wBAAQ,EAAC,EAAE,GAAG,EAAE,kBAAkB,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,QAAQ,iBAAiB,CAAC,KAAK,+BAA+B,CAAC,CAAC;IAClF,CAAC;AACH,CAAC,CAAC;AApBW,QAAA,8BAA8B,kCAoBzC"}
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
import * as v from 'valibot';
|
|
2
|
-
export declare const vJarmDirectPostJwtParams: v.LooseObjectSchema<{
|
|
3
|
-
readonly vp_token: v.UnionSchema<[v.StringSchema<undefined>, v.ArraySchema<v.SchemaWithPipe<[v.StringSchema<undefined>, v.NonEmptyAction<string, undefined>]>, undefined>], undefined>;
|
|
4
|
-
readonly presentation_submission: v.UnknownSchema;
|
|
5
|
-
readonly nonce: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
6
|
-
readonly iss: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
7
|
-
readonly exp: v.OptionalSchema<v.NumberSchema<undefined>, never>;
|
|
8
|
-
readonly aud: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
9
|
-
readonly state: v.OptionalSchema<v.StringSchema<undefined>, never>;
|
|
10
|
-
}, undefined>;
|
|
11
|
-
export type JarmDirectPostJwtResponseParams = v.InferInput<typeof vJarmDirectPostJwtParams>;
|
|
12
|
-
export declare const jarmAuthResponseDirectPostValidateParams: (input: {
|
|
13
|
-
authRequestParams: {
|
|
14
|
-
state?: string;
|
|
15
|
-
};
|
|
16
|
-
authResponseParams: JarmDirectPostJwtResponseParams;
|
|
17
|
-
}) => void;
|
|
18
|
-
//# sourceMappingURL=v-jarm-direct-post-jwt-auth-response-params.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"v-jarm-direct-post-jwt-auth-response-params.d.ts","sourceRoot":"","sources":["../../lib/jarm-auth-response/v-jarm-direct-post-jwt-auth-response-params.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAI7B,eAAO,MAAM,wBAAwB;;;;;;;;aAOnC,CAAC;AAEH,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,UAAU,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE5F,eAAO,MAAM,wCAAwC,UAAW;IAC9D,iBAAiB,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACtC,kBAAkB,EAAE,+BAA+B,CAAC;CACrD,SAOA,CAAC"}
|
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.jarmAuthResponseDirectPostValidateParams = exports.vJarmDirectPostJwtParams = void 0;
|
|
27
|
-
const v = __importStar(require("valibot"));
|
|
28
|
-
const v_jarm_auth_response_params_js_1 = require("./v-jarm-auth-response-params.js");
|
|
29
|
-
exports.vJarmDirectPostJwtParams = v.looseObject(Object.assign(Object.assign(Object.assign({}, v.omit(v_jarm_auth_response_params_js_1.vJarmAuthResponseParams, ['iss', 'aud', 'exp']).entries), v.partial(v.pick(v_jarm_auth_response_params_js_1.vJarmAuthResponseParams, ['iss', 'aud', 'exp'])).entries), { vp_token: v.union([v.string(), v.array(v.pipe(v.string(), v.nonEmpty()))]), presentation_submission: v.unknown(), nonce: v.optional(v.string()) }));
|
|
30
|
-
const jarmAuthResponseDirectPostValidateParams = (input) => {
|
|
31
|
-
const { authRequestParams, authResponseParams } = input;
|
|
32
|
-
// 2. The client obtains the state parameter from the JWT and checks its binding to the user agent. If the check fails, the client MUST abort processing and refuse the response.
|
|
33
|
-
if (authRequestParams.state !== authResponseParams.state) {
|
|
34
|
-
throw new Error(`State missmatch between auth request '${authRequestParams.state}' and the jarm-auth-response.`);
|
|
35
|
-
}
|
|
36
|
-
};
|
|
37
|
-
exports.jarmAuthResponseDirectPostValidateParams = jarmAuthResponseDirectPostValidateParams;
|
|
38
|
-
//# sourceMappingURL=v-jarm-direct-post-jwt-auth-response-params.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"v-jarm-direct-post-jwt-auth-response-params.js","sourceRoot":"","sources":["../../lib/jarm-auth-response/v-jarm-direct-post-jwt-auth-response-params.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,qFAA2E;AAE9D,QAAA,wBAAwB,GAAG,CAAC,CAAC,WAAW,+CAChD,CAAC,CAAC,IAAI,CAAC,wDAAuB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,OAAO,GAC9D,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,wDAAuB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,KAE5E,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,EAC1E,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,EACpC,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,IAC7B,CAAC;AAII,MAAM,wCAAwC,GAAG,CAAC,KAGxD,EAAE,EAAE;IACH,MAAM,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,GAAG,KAAK,CAAC;IAExD,iLAAiL;IACjL,IAAI,iBAAiB,CAAC,KAAK,KAAK,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,yCAAyC,iBAAiB,CAAC,KAAK,+BAA+B,CAAC,CAAC;IACnH,CAAC;AACH,CAAC,CAAC;AAVW,QAAA,wCAAwC,4CAUnD"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../lib/jarm-auth-response-send/index.ts"],"names":[],"mappings":"AAAA,cAAc,8BAA8B,CAAC"}
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
-
};
|
|
16
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./jarm-auth-response-send.js"), exports);
|
|
18
|
-
//# sourceMappingURL=index.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/jarm-auth-response-send/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+DAA6C"}
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
import type { JarmResponseMode, Openid4vpJarmResponseMode } from '../v-response-mode-registry.js';
|
|
2
|
-
import type { ResponseTypeOut } from '../v-response-type-registry.js';
|
|
3
|
-
interface JarmAuthResponseSendInput {
|
|
4
|
-
authRequestParams: {
|
|
5
|
-
response_mode?: JarmResponseMode | Openid4vpJarmResponseMode;
|
|
6
|
-
response_type: ResponseTypeOut;
|
|
7
|
-
} & ({
|
|
8
|
-
response_uri: string;
|
|
9
|
-
} | {
|
|
10
|
-
redirect_uri: string;
|
|
11
|
-
});
|
|
12
|
-
authResponse: string;
|
|
13
|
-
state: string;
|
|
14
|
-
}
|
|
15
|
-
export declare const jarmAuthResponseSend: (input: JarmAuthResponseSendInput) => Promise<Response>;
|
|
16
|
-
export {};
|
|
17
|
-
//# sourceMappingURL=jarm-auth-response-send.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"jarm-auth-response-send.d.ts","sourceRoot":"","sources":["../../lib/jarm-auth-response-send/jarm-auth-response-send.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAElG,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AAEtE,UAAU,yBAAyB;IACjC,iBAAiB,EAAE;QACjB,aAAa,CAAC,EAAE,gBAAgB,GAAG,yBAAyB,CAAC;QAC7D,aAAa,EAAE,eAAe,CAAC;KAChC,GAAG,CACA;QACE,YAAY,EAAE,MAAM,CAAC;KACtB,GACD;QACE,YAAY,EAAE,MAAM,CAAC;KACtB,CACJ,CAAC;IAEF,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,eAAO,MAAM,oBAAoB,UAAiB,yBAAyB,KAAG,OAAO,CAAC,QAAQ,CAyB7F,CAAC"}
|
|
@@ -1,67 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
-
});
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.jarmAuthResponseSend = void 0;
|
|
13
|
-
const utils_js_1 = require("../utils.js");
|
|
14
|
-
const v_response_mode_registry_js_1 = require("../v-response-mode-registry.js");
|
|
15
|
-
const jarmAuthResponseSend = (input) => __awaiter(void 0, void 0, void 0, function* () {
|
|
16
|
-
const { authRequestParams, authResponse, state } = input;
|
|
17
|
-
const responseEndpoint = 'response_uri' in authRequestParams ? new URL(authRequestParams.response_uri) : new URL(authRequestParams.redirect_uri);
|
|
18
|
-
const responseMode = authRequestParams.response_mode && authRequestParams.response_mode !== 'jwt'
|
|
19
|
-
? authRequestParams.response_mode
|
|
20
|
-
: (0, v_response_mode_registry_js_1.getJarmDefaultResponseMode)(authRequestParams);
|
|
21
|
-
(0, v_response_mode_registry_js_1.validateResponseMode)({
|
|
22
|
-
response_type: authRequestParams.response_type,
|
|
23
|
-
response_mode: responseMode,
|
|
24
|
-
});
|
|
25
|
-
switch (responseMode) {
|
|
26
|
-
case 'direct_post.jwt':
|
|
27
|
-
return handleDirectPostJwt(responseEndpoint, authResponse, state);
|
|
28
|
-
case 'query.jwt':
|
|
29
|
-
return handleQueryJwt(responseEndpoint, authResponse, state);
|
|
30
|
-
case 'fragment.jwt':
|
|
31
|
-
return handleFragmentJwt(responseEndpoint, authResponse, state);
|
|
32
|
-
case 'form_post.jwt':
|
|
33
|
-
throw new Error('Not implemented. form_post.jwt is not yet supported.');
|
|
34
|
-
}
|
|
35
|
-
});
|
|
36
|
-
exports.jarmAuthResponseSend = jarmAuthResponseSend;
|
|
37
|
-
function handleDirectPostJwt(responseEndpoint, responseJwt, state) {
|
|
38
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
39
|
-
const response = yield fetch(responseEndpoint, {
|
|
40
|
-
method: 'POST',
|
|
41
|
-
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
42
|
-
body: `response=${responseJwt}&state=${state}`,
|
|
43
|
-
});
|
|
44
|
-
return response;
|
|
45
|
-
});
|
|
46
|
-
}
|
|
47
|
-
function handleQueryJwt(responseEndpoint, responseJwt, state) {
|
|
48
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
49
|
-
const responseUrl = (0, utils_js_1.appendQueryParams)({
|
|
50
|
-
url: responseEndpoint,
|
|
51
|
-
params: { response: responseJwt, state },
|
|
52
|
-
});
|
|
53
|
-
const response = yield fetch(responseUrl, { method: 'POST' });
|
|
54
|
-
return response;
|
|
55
|
-
});
|
|
56
|
-
}
|
|
57
|
-
function handleFragmentJwt(responseEndpoint, responseJwt, state) {
|
|
58
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
59
|
-
const responseUrl = (0, utils_js_1.appendFragmentParams)({
|
|
60
|
-
url: responseEndpoint,
|
|
61
|
-
fragments: { response: responseJwt, state },
|
|
62
|
-
});
|
|
63
|
-
const response = yield fetch(responseUrl, { method: 'POST' });
|
|
64
|
-
return response;
|
|
65
|
-
});
|
|
66
|
-
}
|
|
67
|
-
//# sourceMappingURL=jarm-auth-response-send.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"jarm-auth-response-send.js","sourceRoot":"","sources":["../../lib/jarm-auth-response-send/jarm-auth-response-send.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,0CAAsE;AAEtE,gFAAkG;AAoB3F,MAAM,oBAAoB,GAAG,CAAO,KAAgC,EAAqB,EAAE;IAChG,MAAM,EAAE,iBAAiB,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC;IAEzD,MAAM,gBAAgB,GAAG,cAAc,IAAI,iBAAiB,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;IAEjJ,MAAM,YAAY,GAChB,iBAAiB,CAAC,aAAa,IAAI,iBAAiB,CAAC,aAAa,KAAK,KAAK;QAC1E,CAAC,CAAC,iBAAiB,CAAC,aAAa;QACjC,CAAC,CAAC,IAAA,wDAA0B,EAAC,iBAAiB,CAAC,CAAC;IAEpD,IAAA,kDAAoB,EAAC;QACnB,aAAa,EAAE,iBAAiB,CAAC,aAAa;QAC9C,aAAa,EAAE,YAAY;KAC5B,CAAC,CAAC;IAEH,QAAQ,YAAY,EAAE,CAAC;QACrB,KAAK,iBAAiB;YACpB,OAAO,mBAAmB,CAAC,gBAAgB,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;QACpE,KAAK,WAAW;YACd,OAAO,cAAc,CAAC,gBAAgB,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;QAC/D,KAAK,cAAc;YACjB,OAAO,iBAAiB,CAAC,gBAAgB,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;QAClE,KAAK,eAAe;YAClB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAA,CAAC;AAzBW,QAAA,oBAAoB,wBAyB/B;AAEF,SAAe,mBAAmB,CAAC,gBAAqB,EAAE,WAAmB,EAAE,KAAa;;QAC1F,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;YAC7C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,YAAY,WAAW,UAAU,KAAK,EAAE;SAC/C,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC;IAClB,CAAC;CAAA;AAED,SAAe,cAAc,CAAC,gBAAqB,EAAE,WAAmB,EAAE,KAAa;;QACrF,MAAM,WAAW,GAAG,IAAA,4BAAiB,EAAC;YACpC,GAAG,EAAE,gBAAgB;YACrB,MAAM,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9D,OAAO,QAAQ,CAAC;IAClB,CAAC;CAAA;AAED,SAAe,iBAAiB,CAAC,gBAAqB,EAAE,WAAmB,EAAE,KAAa;;QACxF,MAAM,WAAW,GAAG,IAAA,+BAAoB,EAAC;YACvC,GAAG,EAAE,gBAAgB;YACrB,SAAS,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE;SAC5C,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9D,OAAO,QAAQ,CAAC;IAClB,CAAC;CAAA"}
|