@sphereon/oid4vci-client 0.10.3 → 0.10.4-unstable.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (105) hide show
  1. package/dist/AccessTokenClient.d.ts +5 -5
  2. package/dist/AccessTokenClient.d.ts.map +1 -1
  3. package/dist/AccessTokenClient.js +45 -25
  4. package/dist/AccessTokenClient.js.map +1 -1
  5. package/dist/AccessTokenClientV1_0_11.d.ts +29 -0
  6. package/dist/AccessTokenClientV1_0_11.d.ts.map +1 -0
  7. package/dist/AccessTokenClientV1_0_11.js +212 -0
  8. package/dist/AccessTokenClientV1_0_11.js.map +1 -0
  9. package/dist/AuthorizationCodeClient.d.ts +5 -5
  10. package/dist/AuthorizationCodeClient.d.ts.map +1 -1
  11. package/dist/AuthorizationCodeClient.js +19 -8
  12. package/dist/AuthorizationCodeClient.js.map +1 -1
  13. package/dist/AuthorizationCodeClientV1_0_11.d.ts +9 -0
  14. package/dist/AuthorizationCodeClientV1_0_11.d.ts.map +1 -0
  15. package/dist/AuthorizationCodeClientV1_0_11.js +132 -0
  16. package/dist/AuthorizationCodeClientV1_0_11.js.map +1 -0
  17. package/dist/CredentialOfferClient.d.ts.map +1 -1
  18. package/dist/CredentialOfferClient.js +14 -25
  19. package/dist/CredentialOfferClient.js.map +1 -1
  20. package/dist/CredentialOfferClientV1_0_11.d.ts +10 -0
  21. package/dist/CredentialOfferClientV1_0_11.d.ts.map +1 -0
  22. package/dist/CredentialOfferClientV1_0_11.js +103 -0
  23. package/dist/CredentialOfferClientV1_0_11.js.map +1 -0
  24. package/dist/CredentialRequestClient.d.ts +1 -1
  25. package/dist/CredentialRequestClient.d.ts.map +1 -1
  26. package/dist/CredentialRequestClient.js +11 -8
  27. package/dist/CredentialRequestClient.js.map +1 -1
  28. package/dist/CredentialRequestClientBuilder.d.ts +3 -3
  29. package/dist/CredentialRequestClientBuilder.d.ts.map +1 -1
  30. package/dist/CredentialRequestClientBuilder.js +4 -4
  31. package/dist/CredentialRequestClientBuilder.js.map +1 -1
  32. package/dist/CredentialRequestClientBuilderV1_0_11.d.ts +46 -0
  33. package/dist/CredentialRequestClientBuilderV1_0_11.d.ts.map +1 -0
  34. package/dist/CredentialRequestClientBuilderV1_0_11.js +117 -0
  35. package/dist/CredentialRequestClientBuilderV1_0_11.js.map +1 -0
  36. package/dist/CredentialRequestClientV1_0_11.d.ts +44 -0
  37. package/dist/CredentialRequestClientV1_0_11.d.ts.map +1 -0
  38. package/dist/CredentialRequestClientV1_0_11.js +151 -0
  39. package/dist/CredentialRequestClientV1_0_11.js.map +1 -0
  40. package/dist/MetadataClient.d.ts +5 -15
  41. package/dist/MetadataClient.d.ts.map +1 -1
  42. package/dist/MetadataClient.js +13 -33
  43. package/dist/MetadataClient.js.map +1 -1
  44. package/dist/MetadataClientV1_0_11.d.ts +31 -0
  45. package/dist/MetadataClientV1_0_11.d.ts.map +1 -0
  46. package/dist/MetadataClientV1_0_11.js +182 -0
  47. package/dist/MetadataClientV1_0_11.js.map +1 -0
  48. package/dist/OpenID4VCIClient.d.ts +5 -17
  49. package/dist/OpenID4VCIClient.d.ts.map +1 -1
  50. package/dist/OpenID4VCIClient.js +19 -90
  51. package/dist/OpenID4VCIClient.js.map +1 -1
  52. package/dist/OpenID4VCIClientV1_0_11.d.ts +107 -0
  53. package/dist/OpenID4VCIClientV1_0_11.d.ts.map +1 -0
  54. package/dist/OpenID4VCIClientV1_0_11.js +462 -0
  55. package/dist/OpenID4VCIClientV1_0_11.js.map +1 -0
  56. package/dist/ProofOfPossessionBuilder.js +1 -1
  57. package/dist/ProofOfPossessionBuilder.js.map +1 -1
  58. package/dist/functions/OpenIDUtils.d.ts +12 -0
  59. package/dist/functions/OpenIDUtils.d.ts.map +1 -0
  60. package/dist/functions/OpenIDUtils.js +37 -0
  61. package/dist/functions/OpenIDUtils.js.map +1 -0
  62. package/dist/functions/ProofUtil.d.ts.map +1 -1
  63. package/dist/index.d.ts +8 -1
  64. package/dist/index.d.ts.map +1 -1
  65. package/dist/index.js +8 -1
  66. package/dist/index.js.map +1 -1
  67. package/lib/AccessTokenClient.ts +277 -245
  68. package/lib/AccessTokenClientV1_0_11.ts +255 -0
  69. package/lib/AuthorizationCodeClient.ts +183 -163
  70. package/lib/AuthorizationCodeClientV1_0_11.ts +167 -0
  71. package/lib/CredentialOfferClient.ts +99 -111
  72. package/lib/CredentialOfferClientV1_0_11.ts +112 -0
  73. package/lib/CredentialRequestClient.ts +212 -208
  74. package/lib/CredentialRequestClientBuilder.ts +156 -155
  75. package/lib/CredentialRequestClientBuilderV1_0_11.ts +156 -0
  76. package/lib/CredentialRequestClientV1_0_11.ts +190 -0
  77. package/lib/MetadataClient.ts +186 -208
  78. package/lib/MetadataClientV1_0_11.ts +186 -0
  79. package/lib/OpenID4VCIClient.ts +547 -629
  80. package/lib/OpenID4VCIClientV1_0_11.ts +644 -0
  81. package/lib/ProofOfPossessionBuilder.ts +204 -204
  82. package/lib/__tests__/AccessTokenClient.spec.ts +239 -211
  83. package/lib/__tests__/CredentialRequestClient.spec.ts +328 -311
  84. package/lib/__tests__/CredentialRequestClientBuilder.spec.ts +131 -131
  85. package/lib/__tests__/CredentialRequestClientV1_0_11.spec.ts +316 -0
  86. package/lib/__tests__/EBSIE2E.spec.test.ts +145 -145
  87. package/lib/__tests__/IT.spec.ts +382 -171
  88. package/lib/__tests__/IssuanceInitiation.spec.ts +64 -61
  89. package/lib/__tests__/IssuanceInitiationV1_0_11.spec.ts +62 -0
  90. package/lib/__tests__/JsonURIConversions.spec.ts +146 -146
  91. package/lib/__tests__/MattrE2E.spec.test.ts +104 -104
  92. package/lib/__tests__/MetadataClient.spec.ts +324 -260
  93. package/lib/__tests__/MetadataMocks.ts +483 -444
  94. package/lib/__tests__/OpenID4VCIClient.spec.ts +202 -202
  95. package/lib/__tests__/{OpenID4VCIClientPAR.spec.ts → OpenID4VCIClientPARV1_0_11.spec.ts} +122 -122
  96. package/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts +202 -0
  97. package/lib/__tests__/ProofOfPossessionBuilder.spec.ts +110 -110
  98. package/lib/__tests__/SdJwt.spec.ts +170 -163
  99. package/lib/__tests__/SphereonE2E.spec.test.ts +169 -169
  100. package/lib/__tests__/data/VciDataFixtures.ts +1382 -745
  101. package/lib/functions/AuthorizationUtil.ts +18 -18
  102. package/lib/functions/OpenIDUtils.ts +25 -0
  103. package/lib/functions/ProofUtil.ts +128 -128
  104. package/lib/index.ts +16 -9
  105. package/package.json +3 -3
@@ -1,169 +1,169 @@
1
- import * as crypto from 'crypto';
2
-
3
- import { Alg, Jwt, ProofOfPossessionCallbacks } from '@sphereon/oid4vci-common';
4
- import { CredentialMapper } from '@sphereon/ssi-types';
5
- import * as didts from '@transmute/did-key.js';
6
- import { fetch } from 'cross-fetch';
7
- import debug from 'debug';
8
- import { importJWK, JWK, SignJWT } from 'jose';
9
- import { v4 } from 'uuid';
10
-
11
- import { OpenID4VCIClient } from '..';
12
-
13
- export const UNIT_TEST_TIMEOUT = 60000;
14
-
15
- const ISSUER_URL = 'https://ssi.sphereon.com/pf3';
16
-
17
- const jwk: JWK = {
18
- crv: 'Ed25519',
19
- d: 'kTRm0aONHYwNPA-w_DtjMHUIWjE3K70qgCIhWojZ0eU',
20
- x: 'NeA0d8sp86xRh3DczU4m5wPNIbl0HCSwOBcMN3sNmdk',
21
- kty: 'OKP',
22
- };
23
-
24
- // pub hex: 35e03477cb29f3ac518770dccd4e26e703cd21b9741c24b038170c377b0d99d9
25
- // priv hex: 913466d1a38d1d8c0d3c0fb0fc3b633075085a31372bbd2a8022215a88d9d1e5
26
- const did = `did:key:z6Mki5ZwZKN1dBQprfJTikUvkDxrHijiiQngkWviMF5gw2Hv`;
27
- const kid = `${did}#z6Mki5ZwZKN1dBQprfJTikUvkDxrHijiiQngkWviMF5gw2Hv`;
28
- describe('OID4VCI-Client using Sphereon issuer should', () => {
29
- async function test(format: 'ldp_vc' | 'jwt_vc_json') {
30
- debug.enable('*');
31
- const offer = await getCredentialOffer(format);
32
- const client = await OpenID4VCIClient.fromURI({
33
- uri: offer.uri,
34
- kid,
35
- alg: Alg.EdDSA,
36
- });
37
- expect(client.credentialOffer).toBeDefined();
38
- expect(client.endpointMetadata).toBeDefined();
39
- expect(client.getCredentialEndpoint()).toEqual(`${ISSUER_URL}/credentials`);
40
- expect(client.getAccessTokenEndpoint()).toEqual(`${ISSUER_URL}/token`);
41
-
42
- const accessToken = await client.acquireAccessToken();
43
- // console.log(accessToken);
44
- expect(accessToken).toMatchObject({
45
- expires_in: 300,
46
- // scope: 'GuestCredential',
47
- token_type: 'bearer',
48
- });
49
-
50
- const credentialResponse = await client.acquireCredentials({
51
- credentialTypes: 'GuestCredential',
52
- format,
53
- proofCallbacks: {
54
- signCallback: proofOfPossessionCallbackFunction,
55
- },
56
- });
57
- expect(credentialResponse.credential).toBeDefined();
58
- const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credentialResponse.credential!);
59
- expect(format.startsWith(wrappedVC.format)).toEqual(true);
60
- }
61
-
62
- xit(
63
- 'succeed in a full flow with the client using OpenID4VCI version 11 and ldp_vc',
64
- async () => {
65
- await test('ldp_vc');
66
- },
67
- UNIT_TEST_TIMEOUT,
68
- );
69
- xit(
70
- 'succeed in a full flow with the client using OpenID4VCI version 11 and jwt_vc_json',
71
- async () => {
72
- await test('jwt_vc_json');
73
- },
74
- UNIT_TEST_TIMEOUT,
75
- );
76
- });
77
-
78
- interface CreateCredentialOfferResponse {
79
- uri: string;
80
- userPinRequired: boolean;
81
- }
82
-
83
- async function getCredentialOffer(format: 'ldp_vc' | 'jwt_vc_json'): Promise<CreateCredentialOfferResponse> {
84
- const credentialOffer = await fetch('https://ssi.sphereon.com/pf3/webapp/credential-offers', {
85
- method: 'post',
86
- headers: {
87
- Accept: 'application/json',
88
- 'Content-Type': 'application/json',
89
- },
90
-
91
- //make sure to serialize your JSON body
92
- body: JSON.stringify({
93
- credentials: ['GuestCredential'],
94
- grants: {
95
- 'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
96
- 'pre-authorized_code': v4().substring(0, 10),
97
- user_pin_required: false,
98
- },
99
- },
100
- credentialDataSupplierInput: { firstName: 'Hello', lastName: 'World', email: 'hello.world@example.com' },
101
- }),
102
- });
103
-
104
- return (await credentialOffer.json()) as CreateCredentialOfferResponse;
105
- }
106
-
107
- async function proofOfPossessionCallbackFunction(args: Jwt, kid?: string): Promise<string> {
108
- const importedJwk = await importJWK(jwk, 'EdDSA');
109
- return await new SignJWT({ ...args.payload })
110
- .setProtectedHeader({ ...args.header, kid: kid! })
111
- .setIssuer(kid!)
112
- .setIssuedAt()
113
- .setExpirationTime('2h')
114
- .sign(importedJwk);
115
- }
116
-
117
- describe('ismapolis bug report #63, https://github.com/Sphereon-Opensource/OID4VC-demo/issues/63, should', () => {
118
- it('work as expected provided a correct JWT is supplied', async () => {
119
- debug.enable('*');
120
- const { uri } = await getCredentialOffer('jwt_vc_json');
121
- const client = await OpenID4VCIClient.fromURI({ uri: uri, clientId: 'test-clientID' });
122
- const metadata = await client.retrieveServerMetadata();
123
- console.log(JSON.stringify(metadata));
124
-
125
- //2. Adquire acces token from authorization server endpoint
126
-
127
- const accessToken = await client.acquireAccessToken({});
128
- console.log(`Access token: ${JSON.stringify(accessToken)}`);
129
-
130
- //3. Create DID needed for later proof of possession
131
- const { keys, didDocument } = await didts.jwk.generate({
132
- type: 'secp256k1', // 'P-256', 'P-384', 'X25519', 'secp256k1'
133
- accept: 'application/did+json',
134
- secureRandom: () => {
135
- return crypto.randomBytes(32);
136
- },
137
- });
138
- const edPrivateKey = await importJWK(keys[0].privateKeyJwk);
139
-
140
- async function signCallback(args: Jwt, kid?: string): Promise<string> {
141
- if (!args.payload.aud) {
142
- throw Error('aud required');
143
- } else if (!kid) {
144
- throw Error('kid required');
145
- }
146
- return await new SignJWT({ ...args.payload })
147
- .setProtectedHeader({ alg: args.header.alg, kid, typ: 'openid4vci-proof+jwt' })
148
- .setIssuedAt()
149
- .setIssuer(kid)
150
- .setAudience(args.payload.aud)
151
- .setExpirationTime('2h')
152
- .sign(edPrivateKey);
153
- }
154
-
155
- const callbacks: ProofOfPossessionCallbacks<never> = {
156
- signCallback: signCallback,
157
- };
158
-
159
- const credentialResponse = await client.acquireCredentials({
160
- credentialTypes: 'GuestCredential',
161
- proofCallbacks: callbacks,
162
- format: 'jwt_vc_json',
163
- alg: Alg.ES256K,
164
- kid: didDocument.verificationMethod[0].id,
165
- jti: v4(),
166
- });
167
- console.log(JSON.stringify(credentialResponse.credential));
168
- });
169
- });
1
+ import * as crypto from 'crypto';
2
+
3
+ import { Alg, Jwt, ProofOfPossessionCallbacks } from '@sphereon/oid4vci-common';
4
+ import { CredentialMapper } from '@sphereon/ssi-types';
5
+ import * as didts from '@transmute/did-key.js';
6
+ import { fetch } from 'cross-fetch';
7
+ import debug from 'debug';
8
+ import { importJWK, JWK, SignJWT } from 'jose';
9
+ import { v4 } from 'uuid';
10
+
11
+ import { OpenID4VCIClientV1_0_11 } from '..';
12
+
13
+ export const UNIT_TEST_TIMEOUT = 60000;
14
+
15
+ const ISSUER_URL = 'https://ssi.sphereon.com/pf3';
16
+
17
+ const jwk: JWK = {
18
+ crv: 'Ed25519',
19
+ d: 'kTRm0aONHYwNPA-w_DtjMHUIWjE3K70qgCIhWojZ0eU',
20
+ x: 'NeA0d8sp86xRh3DczU4m5wPNIbl0HCSwOBcMN3sNmdk',
21
+ kty: 'OKP',
22
+ };
23
+
24
+ // pub hex: 35e03477cb29f3ac518770dccd4e26e703cd21b9741c24b038170c377b0d99d9
25
+ // priv hex: 913466d1a38d1d8c0d3c0fb0fc3b633075085a31372bbd2a8022215a88d9d1e5
26
+ const did = `did:key:z6Mki5ZwZKN1dBQprfJTikUvkDxrHijiiQngkWviMF5gw2Hv`;
27
+ const kid = `${did}#z6Mki5ZwZKN1dBQprfJTikUvkDxrHijiiQngkWviMF5gw2Hv`;
28
+ describe('OID4VCI-Client using Sphereon issuer should', () => {
29
+ async function test(format: 'ldp_vc' | 'jwt_vc_json') {
30
+ debug.enable('*');
31
+ const offer = await getCredentialOffer(format);
32
+ const client = await OpenID4VCIClientV1_0_11.fromURI({
33
+ uri: offer.uri,
34
+ kid,
35
+ alg: Alg.EdDSA,
36
+ });
37
+ expect(client.credentialOffer).toBeDefined();
38
+ expect(client.endpointMetadata).toBeDefined();
39
+ expect(client.getCredentialEndpoint()).toEqual(`${ISSUER_URL}/credentials`);
40
+ expect(client.getAccessTokenEndpoint()).toEqual(`${ISSUER_URL}/token`);
41
+
42
+ const accessToken = await client.acquireAccessToken();
43
+ // console.log(accessToken);
44
+ expect(accessToken).toMatchObject({
45
+ expires_in: 300,
46
+ // scope: 'GuestCredential',
47
+ token_type: 'bearer',
48
+ });
49
+
50
+ const credentialResponse = await client.acquireCredentials({
51
+ credentialTypes: 'GuestCredential',
52
+ format,
53
+ proofCallbacks: {
54
+ signCallback: proofOfPossessionCallbackFunction,
55
+ },
56
+ });
57
+ expect(credentialResponse.credential).toBeDefined();
58
+ const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credentialResponse.credential!);
59
+ expect(format.startsWith(wrappedVC.format)).toEqual(true);
60
+ }
61
+
62
+ xit(
63
+ 'succeed in a full flow with the client using OpenID4VCI version 11 and ldp_vc',
64
+ async () => {
65
+ await test('ldp_vc');
66
+ },
67
+ UNIT_TEST_TIMEOUT,
68
+ );
69
+ xit(
70
+ 'succeed in a full flow with the client using OpenID4VCI version 11 and jwt_vc_json',
71
+ async () => {
72
+ await test('jwt_vc_json');
73
+ },
74
+ UNIT_TEST_TIMEOUT,
75
+ );
76
+ });
77
+
78
+ interface CreateCredentialOfferResponse {
79
+ uri: string;
80
+ userPinRequired: boolean;
81
+ }
82
+
83
+ async function getCredentialOffer(format: 'ldp_vc' | 'jwt_vc_json'): Promise<CreateCredentialOfferResponse> {
84
+ const credentialOffer = await fetch('https://ssi.sphereon.com/pf3/webapp/credential-offers', {
85
+ method: 'post',
86
+ headers: {
87
+ Accept: 'application/json',
88
+ 'Content-Type': 'application/json',
89
+ },
90
+
91
+ //make sure to serialize your JSON body
92
+ body: JSON.stringify({
93
+ credentials: ['GuestCredential'],
94
+ grants: {
95
+ 'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
96
+ 'pre-authorized_code': v4().substring(0, 10),
97
+ user_pin_required: false,
98
+ },
99
+ },
100
+ credentialDataSupplierInput: { firstName: 'Hello', lastName: 'World', email: 'hello.world@example.com' },
101
+ }),
102
+ });
103
+
104
+ return (await credentialOffer.json()) as CreateCredentialOfferResponse;
105
+ }
106
+
107
+ async function proofOfPossessionCallbackFunction(args: Jwt, kid?: string): Promise<string> {
108
+ const importedJwk = await importJWK(jwk, 'EdDSA');
109
+ return await new SignJWT({ ...args.payload })
110
+ .setProtectedHeader({ ...args.header, kid: kid! })
111
+ .setIssuer(kid!)
112
+ .setIssuedAt()
113
+ .setExpirationTime('2h')
114
+ .sign(importedJwk);
115
+ }
116
+
117
+ describe('ismapolis bug report #63, https://github.com/Sphereon-Opensource/OID4VC-demo/issues/63, should', () => {
118
+ it('work as expected provided a correct JWT is supplied', async () => {
119
+ debug.enable('*');
120
+ const { uri } = await getCredentialOffer('jwt_vc_json');
121
+ const client = await OpenID4VCIClientV1_0_11.fromURI({ uri: uri, clientId: 'test-clientID' });
122
+ const metadata = await client.retrieveServerMetadata();
123
+ console.log(JSON.stringify(metadata));
124
+
125
+ //2. Adquire acces token from authorization server endpoint
126
+
127
+ const accessToken = await client.acquireAccessToken({});
128
+ console.log(`Access token: ${JSON.stringify(accessToken)}`);
129
+
130
+ //3. Create DID needed for later proof of possession
131
+ const { keys, didDocument } = await didts.jwk.generate({
132
+ type: 'secp256k1', // 'P-256', 'P-384', 'X25519', 'secp256k1'
133
+ accept: 'application/did+json',
134
+ secureRandom: () => {
135
+ return crypto.randomBytes(32);
136
+ },
137
+ });
138
+ const edPrivateKey = await importJWK(keys[0].privateKeyJwk);
139
+
140
+ async function signCallback(args: Jwt, kid?: string): Promise<string> {
141
+ if (!args.payload.aud) {
142
+ throw Error('aud required');
143
+ } else if (!kid) {
144
+ throw Error('kid required');
145
+ }
146
+ return await new SignJWT({ ...args.payload })
147
+ .setProtectedHeader({ alg: args.header.alg, kid, typ: 'openid4vci-proof+jwt' })
148
+ .setIssuedAt()
149
+ .setIssuer(kid)
150
+ .setAudience(args.payload.aud)
151
+ .setExpirationTime('2h')
152
+ .sign(edPrivateKey);
153
+ }
154
+
155
+ const callbacks: ProofOfPossessionCallbacks<never> = {
156
+ signCallback: signCallback,
157
+ };
158
+
159
+ const credentialResponse = await client.acquireCredentials({
160
+ credentialTypes: 'GuestCredential',
161
+ proofCallbacks: callbacks,
162
+ format: 'jwt_vc_json',
163
+ alg: Alg.ES256K,
164
+ kid: didDocument.verificationMethod[0].id,
165
+ jti: v4(),
166
+ });
167
+ console.log(JSON.stringify(credentialResponse.credential));
168
+ });
169
+ });