@sphereon/oid4vci-client 0.10.4-next.30 → 0.10.4-unstable.106
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/AccessTokenClient.d.ts +5 -5
- package/dist/AccessTokenClient.d.ts.map +1 -1
- package/dist/AccessTokenClient.js +42 -22
- package/dist/AccessTokenClient.js.map +1 -1
- package/dist/AccessTokenClientV1_0_11.d.ts +29 -0
- package/dist/AccessTokenClientV1_0_11.d.ts.map +1 -0
- package/dist/AccessTokenClientV1_0_11.js +211 -0
- package/dist/AccessTokenClientV1_0_11.js.map +1 -0
- package/dist/AuthorizationCodeClient.d.ts +6 -4
- package/dist/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/AuthorizationCodeClient.js +61 -16
- package/dist/AuthorizationCodeClient.js.map +1 -1
- package/dist/AuthorizationCodeClientV1_0_11.d.ts +9 -0
- package/dist/AuthorizationCodeClientV1_0_11.d.ts.map +1 -0
- package/dist/AuthorizationCodeClientV1_0_11.js +132 -0
- package/dist/AuthorizationCodeClientV1_0_11.js.map +1 -0
- package/dist/CredentialOfferClient.d.ts.map +1 -1
- package/dist/CredentialOfferClient.js +17 -27
- package/dist/CredentialOfferClient.js.map +1 -1
- package/dist/CredentialOfferClientV1_0_11.d.ts +10 -0
- package/dist/CredentialOfferClientV1_0_11.d.ts.map +1 -0
- package/dist/CredentialOfferClientV1_0_11.js +102 -0
- package/dist/CredentialOfferClientV1_0_11.js.map +1 -0
- package/dist/CredentialRequestClient.d.ts +6 -4
- package/dist/CredentialRequestClient.d.ts.map +1 -1
- package/dist/CredentialRequestClient.js +30 -13
- package/dist/CredentialRequestClient.js.map +1 -1
- package/dist/CredentialRequestClientBuilder.d.ts +9 -6
- package/dist/CredentialRequestClientBuilder.d.ts.map +1 -1
- package/dist/CredentialRequestClientBuilder.js +18 -9
- package/dist/CredentialRequestClientBuilder.js.map +1 -1
- package/dist/CredentialRequestClientBuilderV1_0_11.d.ts +46 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.d.ts.map +1 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.js +117 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.js.map +1 -0
- package/dist/CredentialRequestClientV1_0_11.d.ts +44 -0
- package/dist/CredentialRequestClientV1_0_11.d.ts.map +1 -0
- package/dist/CredentialRequestClientV1_0_11.js +150 -0
- package/dist/CredentialRequestClientV1_0_11.js.map +1 -0
- package/dist/MetadataClient.d.ts +5 -15
- package/dist/MetadataClient.d.ts.map +1 -1
- package/dist/MetadataClient.js +13 -32
- package/dist/MetadataClient.js.map +1 -1
- package/dist/MetadataClientV1_0_11.d.ts +31 -0
- package/dist/MetadataClientV1_0_11.d.ts.map +1 -0
- package/dist/MetadataClientV1_0_11.js +182 -0
- package/dist/MetadataClientV1_0_11.js.map +1 -0
- package/dist/OpenID4VCIClient.d.ts +10 -10
- package/dist/OpenID4VCIClient.d.ts.map +1 -1
- package/dist/OpenID4VCIClient.js +69 -59
- package/dist/OpenID4VCIClient.js.map +1 -1
- package/dist/OpenID4VCIClientV1_0_11.d.ts +107 -0
- package/dist/OpenID4VCIClientV1_0_11.d.ts.map +1 -0
- package/dist/OpenID4VCIClientV1_0_11.js +462 -0
- package/dist/OpenID4VCIClientV1_0_11.js.map +1 -0
- package/dist/functions/OpenIDUtils.d.ts +12 -0
- package/dist/functions/OpenIDUtils.d.ts.map +1 -0
- package/dist/functions/OpenIDUtils.js +37 -0
- package/dist/functions/OpenIDUtils.js.map +1 -0
- package/dist/functions/notifications.js.map +1 -1
- package/dist/index.d.ts +8 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -1
- package/dist/index.js.map +1 -1
- package/lib/AccessTokenClient.ts +54 -22
- package/lib/AccessTokenClientV1_0_11.ts +256 -0
- package/lib/AuthorizationCodeClient.ts +88 -24
- package/lib/AuthorizationCodeClientV1_0_11.ts +168 -0
- package/lib/CredentialOfferClient.ts +16 -27
- package/lib/CredentialOfferClientV1_0_11.ts +112 -0
- package/lib/CredentialRequestClient.ts +41 -21
- package/lib/CredentialRequestClientBuilder.ts +27 -16
- package/lib/CredentialRequestClientBuilderV1_0_11.ts +156 -0
- package/lib/CredentialRequestClientV1_0_11.ts +192 -0
- package/lib/MetadataClient.ts +27 -46
- package/lib/MetadataClientV1_0_11.ts +189 -0
- package/lib/OpenID4VCIClient.ts +64 -44
- package/lib/OpenID4VCIClientV1_0_11.ts +645 -0
- package/lib/__tests__/AccessTokenClient.spec.ts +40 -12
- package/lib/__tests__/AuthorizationDetailsBuilder.spec.ts +0 -12
- package/lib/__tests__/CredentialRequestClient.spec.ts +82 -49
- package/lib/__tests__/CredentialRequestClientBuilder.spec.ts +18 -12
- package/lib/__tests__/CredentialRequestClientV1_0_11.spec.ts +317 -0
- package/lib/__tests__/EBSIE2E.spec.test.ts +2 -2
- package/lib/__tests__/IT.spec.ts +225 -14
- package/lib/__tests__/IssuanceInitiation.spec.ts +37 -4
- package/lib/__tests__/IssuanceInitiationV1_0_11.spec.ts +62 -0
- package/lib/__tests__/MattrE2E.spec.test.ts +2 -2
- package/lib/__tests__/MetadataClient.spec.ts +57 -6
- package/lib/__tests__/MetadataMocks.ts +41 -2
- package/lib/__tests__/OpenID4VCIClient.spec.ts +24 -1
- package/lib/__tests__/{OpenID4VCIClientPAR.spec.ts → OpenID4VCIClientPARV1_0_11.spec.ts} +5 -5
- package/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts +202 -0
- package/lib/__tests__/SdJwt.spec.ts +31 -27
- package/lib/__tests__/SphereonE2E.spec.test.ts +4 -3
- package/lib/__tests__/data/VciDataFixtures.ts +712 -27
- package/lib/functions/OpenIDUtils.ts +25 -0
- package/lib/functions/notifications.ts +1 -1
- package/lib/index.ts +8 -1
- package/package.json +4 -4
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
|
|
1
|
+
import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse, TxCodeAndPinRequired } from '@sphereon/oid4vci-common';
|
|
2
2
|
export declare class AccessTokenClient {
|
|
3
3
|
acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
|
|
4
|
-
acquireAccessTokenUsingRequest({ accessTokenRequest,
|
|
4
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, }: {
|
|
5
5
|
accessTokenRequest: AccessTokenRequest;
|
|
6
|
-
|
|
6
|
+
pinMetadata?: TxCodeAndPinRequired;
|
|
7
7
|
metadata?: EndpointMetadata;
|
|
8
8
|
asOpts?: AuthorizationServerOpts;
|
|
9
9
|
issuerOpts?: IssuerOpts;
|
|
@@ -11,8 +11,8 @@ export declare class AccessTokenClient {
|
|
|
11
11
|
createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
|
|
12
12
|
private assertPreAuthorizedGrantType;
|
|
13
13
|
private assertAuthorizationGrantType;
|
|
14
|
-
private
|
|
15
|
-
private
|
|
14
|
+
private getPinMetadata;
|
|
15
|
+
private assertAlphanumericPin;
|
|
16
16
|
private assertNonEmptyPreAuthorizedCode;
|
|
17
17
|
private assertNonEmptyCodeVerifier;
|
|
18
18
|
private assertNonEmptyCode;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,
|
|
1
|
+
{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAMvB,gBAAgB,EAIhB,UAAU,EAGV,cAAc,EAId,oBAAoB,EAErB,MAAM,0BAA0B,CAAC;AAMlC,qBAAa,iBAAiB;IACf,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgC9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,WAAW,CAAC,EAAE,oBAAoB,CAAC;QACnC,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,cAAc;IAgBtB,OAAO,CAAC,qBAAqB;IA+B7B,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}
|
|
@@ -20,7 +20,7 @@ class AccessTokenClient {
|
|
|
20
20
|
return __awaiter(this, void 0, void 0, function* () {
|
|
21
21
|
const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
|
|
22
22
|
const credentialOffer = opts.credentialOffer ? yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer) : undefined;
|
|
23
|
-
const
|
|
23
|
+
const pinMetadata = credentialOffer && this.getPinMetadata(credentialOffer.credential_offer);
|
|
24
24
|
const issuer = (_a = opts.credentialIssuer) !== null && _a !== void 0 ? _a : (credentialOffer ? (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : metadata === null || metadata === void 0 ? void 0 : metadata.issuer);
|
|
25
25
|
if (!issuer) {
|
|
26
26
|
throw Error('Issuer required at this point');
|
|
@@ -36,17 +36,18 @@ class AccessTokenClient {
|
|
|
36
36
|
code,
|
|
37
37
|
redirectUri,
|
|
38
38
|
pin,
|
|
39
|
+
pinMetadata,
|
|
39
40
|
}),
|
|
40
|
-
|
|
41
|
+
pinMetadata,
|
|
41
42
|
metadata,
|
|
42
43
|
asOpts,
|
|
43
44
|
issuerOpts,
|
|
44
45
|
});
|
|
45
46
|
});
|
|
46
47
|
}
|
|
47
|
-
acquireAccessTokenUsingRequest({ accessTokenRequest,
|
|
48
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, }) {
|
|
48
49
|
return __awaiter(this, void 0, void 0, function* () {
|
|
49
|
-
this.validate(accessTokenRequest,
|
|
50
|
+
this.validate(accessTokenRequest, pinMetadata);
|
|
50
51
|
const requestTokenURL = AccessTokenClient.determineTokenURL({
|
|
51
52
|
asOpts,
|
|
52
53
|
issuerOpts,
|
|
@@ -63,13 +64,16 @@ class AccessTokenClient {
|
|
|
63
64
|
var _a, _b;
|
|
64
65
|
return __awaiter(this, void 0, void 0, function* () {
|
|
65
66
|
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
66
|
-
const credentialOfferRequest = opts.credentialOffer
|
|
67
|
+
const credentialOfferRequest = opts.credentialOffer &&
|
|
68
|
+
(0, oid4vci_common_1.determineSpecVersionFromOffer)(opts.credentialOffer).valueOf() <= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_13.valueOf()
|
|
69
|
+
? yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer)
|
|
70
|
+
: undefined;
|
|
67
71
|
const request = {};
|
|
68
72
|
if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
|
|
69
73
|
request.client_id = asOpts.clientId;
|
|
70
74
|
}
|
|
71
75
|
if (credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
|
|
72
|
-
this.
|
|
76
|
+
this.assertAlphanumericPin(opts.pinMetadata, pin);
|
|
73
77
|
request.user_pin = pin;
|
|
74
78
|
request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
|
|
75
79
|
// we actually know it is there because of the isPreAuthCode call
|
|
@@ -99,29 +103,45 @@ class AccessTokenClient {
|
|
|
99
103
|
throw new Error("grant type must be 'authorization_code'");
|
|
100
104
|
}
|
|
101
105
|
}
|
|
102
|
-
|
|
103
|
-
var _a, _b
|
|
104
|
-
let isPinRequired = false;
|
|
106
|
+
getPinMetadata(requestPayload) {
|
|
107
|
+
var _a, _b;
|
|
105
108
|
if (!requestPayload) {
|
|
106
109
|
throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
|
|
107
110
|
}
|
|
108
111
|
const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
}
|
|
112
|
+
const grantDetails = (_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code'];
|
|
113
|
+
const isPinRequired = (_b = !!(grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails.tx_code)) !== null && _b !== void 0 ? _b : false;
|
|
112
114
|
types_1.LOG.warning(`Pin required for issuer ${issuer}: ${isPinRequired}`);
|
|
113
|
-
return
|
|
115
|
+
return {
|
|
116
|
+
txCode: grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails.tx_code,
|
|
117
|
+
isPinRequired,
|
|
118
|
+
};
|
|
114
119
|
}
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
+
assertAlphanumericPin(pinMeta, pin) {
|
|
121
|
+
var _a, _b;
|
|
122
|
+
if (pinMeta && pinMeta.isPinRequired) {
|
|
123
|
+
let regex;
|
|
124
|
+
if (pinMeta.txCode) {
|
|
125
|
+
const { input_mode, length } = pinMeta.txCode;
|
|
126
|
+
if (input_mode === 'numeric') {
|
|
127
|
+
// Create a regex for numeric input. If no length specified, allow any length of numeric input.
|
|
128
|
+
regex = length ? new RegExp(`^\\d{1,${length}}$`) : /^\d+$/;
|
|
129
|
+
}
|
|
130
|
+
else if (input_mode === 'text') {
|
|
131
|
+
// Create a regex for text input. If no length specified, allow any length of alphanumeric input.
|
|
132
|
+
regex = length ? new RegExp(`^[a-zA-Z0-9]{1,${length}}$`) : /^[a-zA-Z0-9]+$/;
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
// Default regex for alphanumeric with no specific length limit if no input_mode is specified.
|
|
136
|
+
regex = regex || /^[a-zA-Z0-9]+$|^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/;
|
|
137
|
+
if (!pin || !regex.test(pin)) {
|
|
138
|
+
types_1.LOG.warning(`Pin is not valid. Expected format: ${((_a = pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.txCode) === null || _a === void 0 ? void 0 : _a.input_mode) || 'alphanumeric'}, Length: up to ${((_b = pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.txCode) === null || _b === void 0 ? void 0 : _b.length) || 'any number of'} characters`);
|
|
139
|
+
throw new Error('A valid pin must be present according to the specified transaction code requirements.');
|
|
120
140
|
}
|
|
121
141
|
}
|
|
122
142
|
else if (pin) {
|
|
123
|
-
types_1.LOG.warning(
|
|
124
|
-
throw new Error('Cannot set a pin
|
|
143
|
+
types_1.LOG.warning('Pin set, whilst not required');
|
|
144
|
+
throw new Error('Cannot set a pin when the pin is not required.');
|
|
125
145
|
}
|
|
126
146
|
}
|
|
127
147
|
assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
|
|
@@ -142,11 +162,11 @@ class AccessTokenClient {
|
|
|
142
162
|
throw new Error('Authorization flow requires the code to be present');
|
|
143
163
|
}
|
|
144
164
|
}
|
|
145
|
-
validate(accessTokenRequest,
|
|
165
|
+
validate(accessTokenRequest, pinMeta) {
|
|
146
166
|
if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
|
|
147
167
|
this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
|
|
148
168
|
this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
|
|
149
|
-
this.
|
|
169
|
+
this.assertAlphanumericPin(pinMeta, accessTokenRequest.user_pin);
|
|
150
170
|
}
|
|
151
171
|
else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
|
|
152
172
|
this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAwBkC;AAClC,mDAAkD;AAElD,qDAAkD;AAClD,mCAA8B;AAE9B,MAAa,iBAAiB;IACf,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,WAAW,GAAqC,eAAe,IAAI,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YAC/H,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;oBACH,WAAW;iBACZ,CAAC;gBACF,WAAW;gBACX,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;YAE/C,MAAM,eAAe,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;gBAC1D,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAC1B,IAAI,CAAC,eAAe;gBACpB,IAAA,8CAA6B,EAAC,IAAI,CAAC,eAAgD,CAAC,CAAC,OAAO,EAAE,IAAI,kCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE;gBACtI,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAyC,CAAC;gBACvF,CAAC,CAAC,SAAS,CAAC;YAChB,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;gBAClD,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,wGAAwG,CAAC,CAAC;;KAC3H;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,cAA6C;;QAClE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QAEnE,MAAM,YAAY,GAAG,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,CAAC;QACrG,MAAM,aAAa,GAAG,MAAA,CAAC,CAAC,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,CAAA,mCAAI,KAAK,CAAC;QAEvD,WAAG,CAAC,OAAO,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QACnE,OAAO;YACL,MAAM,EAAE,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO;YAC7B,aAAa;SACd,CAAC;IACJ,CAAC;IAEO,qBAAqB,CAAC,OAA8B,EAAE,GAAY;;QACxE,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACrC,IAAI,KAAK,CAAC;YAEV,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;gBAE9C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;oBAC7B,+FAA+F;oBAC/F,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,UAAU,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;gBAC9D,CAAC;qBAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBACjC,iGAAiG;oBACjG,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,kBAAkB,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;gBAC/E,CAAC;YACH,CAAC;YAED,8FAA8F;YAC9F,KAAK,GAAG,KAAK,IAAI,iEAAiE,CAAC;YAEnF,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,WAAG,CAAC,OAAO,CACT,sCAAsC,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,UAAU,KAAI,cAAc,mBAAmB,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,MAAM,KAAI,eAAe,aAAa,CAC9J,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;YAC3G,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,WAAG,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,WAAG,CAAC,OAAO,CAAC,uDAAuD,EAAE,kBAAkB,CAAC,CAAC;YACzF,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,WAAG,CAAC,OAAO,CAAC,iDAAiD,EAAE,kBAAkB,CAAC,CAAC;YACnF,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,WAAG,CAAC,OAAO,CAAC,wCAAwC,CAAC,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,OAA8B;QACrF,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACnE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,yBAAQ,EAAC,eAAe,EAAE,IAAA,iCAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,WAAG,CAAC,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QACpD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,WAAG,CAAC,OAAO,CAAC,4DAA4D,CAAC,CAAC;QAC1E,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AArPD,8CAqPC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
|
|
2
|
+
export declare class AccessTokenClientV1_0_11 {
|
|
3
|
+
acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
|
|
4
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }: {
|
|
5
|
+
accessTokenRequest: AccessTokenRequest;
|
|
6
|
+
isPinRequired?: boolean;
|
|
7
|
+
metadata?: EndpointMetadata;
|
|
8
|
+
asOpts?: AuthorizationServerOpts;
|
|
9
|
+
issuerOpts?: IssuerOpts;
|
|
10
|
+
}): Promise<OpenIDResponse<AccessTokenResponse>>;
|
|
11
|
+
createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
|
|
12
|
+
private assertPreAuthorizedGrantType;
|
|
13
|
+
private assertAuthorizationGrantType;
|
|
14
|
+
private isPinRequiredValue;
|
|
15
|
+
private assertNumericPin;
|
|
16
|
+
private assertNonEmptyPreAuthorizedCode;
|
|
17
|
+
private assertNonEmptyCodeVerifier;
|
|
18
|
+
private assertNonEmptyCode;
|
|
19
|
+
private validate;
|
|
20
|
+
private sendAuthCode;
|
|
21
|
+
static determineTokenURL({ asOpts, issuerOpts, metadata, }: {
|
|
22
|
+
asOpts?: AuthorizationServerOpts;
|
|
23
|
+
issuerOpts?: IssuerOpts;
|
|
24
|
+
metadata?: EndpointMetadata;
|
|
25
|
+
}): string;
|
|
26
|
+
private static creatTokenURLFromURL;
|
|
27
|
+
private throwNotSupportedFlow;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=AccessTokenClientV1_0_11.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessTokenClientV1_0_11.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClientV1_0_11.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAOvB,gBAAgB,EAIhB,UAAU,EAGV,cAAc,EAMf,MAAM,0BAA0B,CAAC;AAQlC,qBAAa,wBAAwB;IACtB,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IA+B9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}
|
|
@@ -0,0 +1,211 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.AccessTokenClientV1_0_11 = void 0;
|
|
16
|
+
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
17
|
+
const ssi_types_1 = require("@sphereon/ssi-types");
|
|
18
|
+
const debug_1 = __importDefault(require("debug"));
|
|
19
|
+
const MetadataClient_1 = require("./MetadataClient");
|
|
20
|
+
const debug = (0, debug_1.default)('sphereon:oid4vci:token');
|
|
21
|
+
class AccessTokenClientV1_0_11 {
|
|
22
|
+
acquireAccessToken(opts) {
|
|
23
|
+
var _a;
|
|
24
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
25
|
+
const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
|
|
26
|
+
const credentialOffer = opts.credentialOffer ? yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer) : undefined;
|
|
27
|
+
const isPinRequired = credentialOffer && this.isPinRequiredValue(credentialOffer.credential_offer);
|
|
28
|
+
const issuer = (_a = opts.credentialIssuer) !== null && _a !== void 0 ? _a : (credentialOffer ? (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : metadata === null || metadata === void 0 ? void 0 : metadata.issuer);
|
|
29
|
+
if (!issuer) {
|
|
30
|
+
throw Error('Issuer required at this point');
|
|
31
|
+
}
|
|
32
|
+
const issuerOpts = {
|
|
33
|
+
issuer,
|
|
34
|
+
};
|
|
35
|
+
return yield this.acquireAccessTokenUsingRequest({
|
|
36
|
+
accessTokenRequest: yield this.createAccessTokenRequest({
|
|
37
|
+
credentialOffer,
|
|
38
|
+
asOpts,
|
|
39
|
+
codeVerifier,
|
|
40
|
+
code,
|
|
41
|
+
redirectUri,
|
|
42
|
+
pin,
|
|
43
|
+
}),
|
|
44
|
+
isPinRequired,
|
|
45
|
+
metadata,
|
|
46
|
+
asOpts,
|
|
47
|
+
issuerOpts,
|
|
48
|
+
});
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }) {
|
|
52
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
53
|
+
this.validate(accessTokenRequest, isPinRequired);
|
|
54
|
+
const requestTokenURL = AccessTokenClientV1_0_11.determineTokenURL({
|
|
55
|
+
asOpts,
|
|
56
|
+
issuerOpts,
|
|
57
|
+
metadata: metadata
|
|
58
|
+
? metadata
|
|
59
|
+
: (issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.fetchMetadata)
|
|
60
|
+
? yield MetadataClient_1.MetadataClient.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
|
|
61
|
+
: undefined,
|
|
62
|
+
});
|
|
63
|
+
return this.sendAuthCode(requestTokenURL, accessTokenRequest);
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
createAccessTokenRequest(opts) {
|
|
67
|
+
var _a, _b;
|
|
68
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
69
|
+
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
70
|
+
const credentialOfferRequest = opts.credentialOffer
|
|
71
|
+
? (0, oid4vci_common_1.determineSpecVersionFromOffer)(opts.credentialOffer).valueOf() <= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11.valueOf()
|
|
72
|
+
? yield (0, oid4vci_common_1.toUniformCredentialOfferRequestV1_0_11)(opts.credentialOffer)
|
|
73
|
+
: yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer)
|
|
74
|
+
: undefined;
|
|
75
|
+
const request = {};
|
|
76
|
+
if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
|
|
77
|
+
request.client_id = asOpts.clientId;
|
|
78
|
+
}
|
|
79
|
+
if (credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
|
|
80
|
+
this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
|
|
81
|
+
request.user_pin = pin;
|
|
82
|
+
request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
|
|
83
|
+
// we actually know it is there because of the isPreAuthCode call
|
|
84
|
+
request[oid4vci_common_1.PRE_AUTH_CODE_LITERAL] =
|
|
85
|
+
(_b = (_a = credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.credential_offer.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b[oid4vci_common_1.PRE_AUTH_CODE_LITERAL];
|
|
86
|
+
return request;
|
|
87
|
+
}
|
|
88
|
+
if (!credentialOfferRequest || credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
|
|
89
|
+
request.grant_type = oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE;
|
|
90
|
+
request.code = code;
|
|
91
|
+
request.redirect_uri = redirectUri;
|
|
92
|
+
if (codeVerifier) {
|
|
93
|
+
request.code_verifier = codeVerifier;
|
|
94
|
+
}
|
|
95
|
+
return request;
|
|
96
|
+
}
|
|
97
|
+
throw new Error('Credential offer request does not follow neither pre-authorized code nor authorization code flow requirements.');
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
assertPreAuthorizedGrantType(grantType) {
|
|
101
|
+
if (oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE !== grantType) {
|
|
102
|
+
throw new Error("grant type must be 'urn:ietf:params:oauth:grant-type:pre-authorized_code'");
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
assertAuthorizationGrantType(grantType) {
|
|
106
|
+
if (oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE !== grantType) {
|
|
107
|
+
throw new Error("grant type must be 'authorization_code'");
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
isPinRequiredValue(requestPayload) {
|
|
111
|
+
var _a, _b, _c;
|
|
112
|
+
let isPinRequired = false;
|
|
113
|
+
if (!requestPayload) {
|
|
114
|
+
throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
|
|
115
|
+
}
|
|
116
|
+
const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
|
|
117
|
+
if ((_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) {
|
|
118
|
+
isPinRequired = (_c = (_b = requestPayload.grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b.user_pin_required) !== null && _c !== void 0 ? _c : false;
|
|
119
|
+
}
|
|
120
|
+
debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
|
|
121
|
+
return isPinRequired;
|
|
122
|
+
}
|
|
123
|
+
assertNumericPin(isPinRequired, pin) {
|
|
124
|
+
if (isPinRequired) {
|
|
125
|
+
if (!pin || !/^\d{1,8}$/.test(pin)) {
|
|
126
|
+
debug(`Pin is not 1 to 8 digits long`);
|
|
127
|
+
throw new Error('A valid pin consisting of maximal 8 numeric characters must be present.');
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
else if (pin) {
|
|
131
|
+
debug(`Pin set, whilst not required`);
|
|
132
|
+
throw new Error('Cannot set a pin, when the pin is not required.');
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
|
|
136
|
+
if (!accessTokenRequest[oid4vci_common_1.PRE_AUTH_CODE_LITERAL]) {
|
|
137
|
+
debug(`No pre-authorized code present, whilst it is required`);
|
|
138
|
+
throw new Error('Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.');
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
assertNonEmptyCodeVerifier(accessTokenRequest) {
|
|
142
|
+
if (!accessTokenRequest.code_verifier) {
|
|
143
|
+
debug('No code_verifier present, whilst it is required');
|
|
144
|
+
throw new Error('Authorization flow requires the code_verifier to be present');
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
assertNonEmptyCode(accessTokenRequest) {
|
|
148
|
+
if (!accessTokenRequest.code) {
|
|
149
|
+
debug('No code present, whilst it is required');
|
|
150
|
+
throw new Error('Authorization flow requires the code to be present');
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
validate(accessTokenRequest, isPinRequired) {
|
|
154
|
+
if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
|
|
155
|
+
this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
|
|
156
|
+
this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
|
|
157
|
+
this.assertNumericPin(isPinRequired, accessTokenRequest.user_pin);
|
|
158
|
+
}
|
|
159
|
+
else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
|
|
160
|
+
this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
|
|
161
|
+
this.assertNonEmptyCodeVerifier(accessTokenRequest);
|
|
162
|
+
this.assertNonEmptyCode(accessTokenRequest);
|
|
163
|
+
}
|
|
164
|
+
else {
|
|
165
|
+
this.throwNotSupportedFlow();
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
sendAuthCode(requestTokenURL, accessTokenRequest) {
|
|
169
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
170
|
+
return yield (0, oid4vci_common_1.formPost)(requestTokenURL, (0, oid4vci_common_1.convertJsonToURI)(accessTokenRequest, { mode: oid4vci_common_1.JsonURIMode.X_FORM_WWW_URLENCODED }));
|
|
171
|
+
});
|
|
172
|
+
}
|
|
173
|
+
static determineTokenURL({ asOpts, issuerOpts, metadata, }) {
|
|
174
|
+
if (!asOpts && !(metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) && !issuerOpts) {
|
|
175
|
+
throw new Error('Cannot determine token URL if no issuer, metadata and no Authorization Server values are present');
|
|
176
|
+
}
|
|
177
|
+
let url;
|
|
178
|
+
if (asOpts && asOpts.as) {
|
|
179
|
+
url = this.creatTokenURLFromURL(asOpts.as, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, asOpts.tokenEndpoint);
|
|
180
|
+
}
|
|
181
|
+
else if (metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) {
|
|
182
|
+
url = metadata.token_endpoint;
|
|
183
|
+
}
|
|
184
|
+
else {
|
|
185
|
+
if (!(issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.issuer)) {
|
|
186
|
+
throw Error('Either authorization server options, a token endpoint or issuer options are required at this point');
|
|
187
|
+
}
|
|
188
|
+
url = this.creatTokenURLFromURL(issuerOpts.issuer, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, issuerOpts.tokenEndpoint);
|
|
189
|
+
}
|
|
190
|
+
if (!url || !ssi_types_1.ObjectUtils.isString(url)) {
|
|
191
|
+
throw new Error('No authorization server token URL present. Cannot acquire access token');
|
|
192
|
+
}
|
|
193
|
+
debug(`Token endpoint determined to be ${url}`);
|
|
194
|
+
return url;
|
|
195
|
+
}
|
|
196
|
+
static creatTokenURLFromURL(url, allowInsecureEndpoints, tokenEndpoint) {
|
|
197
|
+
if (allowInsecureEndpoints !== true && url.startsWith('http:')) {
|
|
198
|
+
throw Error(`Unprotected token endpoints are not allowed ${url}. Use the 'allowInsecureEndpoints' param if you really need this for dev/testing!`);
|
|
199
|
+
}
|
|
200
|
+
const hostname = url.replace(/https?:\/\//, '').replace(/\/$/, '');
|
|
201
|
+
const endpoint = tokenEndpoint ? (tokenEndpoint.startsWith('/') ? tokenEndpoint : tokenEndpoint.substring(1)) : '/token';
|
|
202
|
+
const scheme = url.split('://')[0];
|
|
203
|
+
return `${scheme ? scheme + '://' : 'https://'}${hostname}${endpoint}`;
|
|
204
|
+
}
|
|
205
|
+
throwNotSupportedFlow() {
|
|
206
|
+
debug(`Only pre-authorized or authorization code flows supported.`);
|
|
207
|
+
throw new Error('Only pre-authorized-code or authorization code flows are supported');
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
exports.AccessTokenClientV1_0_11 = AccessTokenClientV1_0_11;
|
|
211
|
+
//# sourceMappingURL=AccessTokenClientV1_0_11.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessTokenClientV1_0_11.js","sourceRoot":"","sources":["../lib/AccessTokenClientV1_0_11.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAyBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAElD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,wBAAwB;IACtB,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,aAAa,GAAG,eAAe,IAAI,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YACnG,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;iBACJ,CAAC;gBACF,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YAEjD,MAAM,eAAe,GAAG,wBAAwB,CAAC,iBAAiB,CAAC;gBACjE,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe;gBACjD,CAAC,CAAC,IAAA,8CAA6B,EAAC,IAAI,CAAC,eAAgD,CAAC,CAAC,OAAO,EAAE,IAAI,kCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE;oBACxI,CAAC,CAAC,MAAM,IAAA,uDAAsC,EAAC,IAAI,CAAC,eAAyC,CAAC;oBAC9F,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAyC,CAAC;gBACzF,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC7F,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;;KACnI;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,cAA6C;;QACtE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QACnE,IAAI,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,EAAE,CAAC;YACpF,aAAa,GAAG,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,sDAAsD,CAAC,0CAAE,iBAAiB,mCAAI,KAAK,CAAC;QAC5H,CAAC;QACD,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO,aAAa,CAAC;IACvB,CAAC;IAEO,gBAAgB,CAAC,aAAuB,EAAE,GAAY;QAC5D,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,aAAuB;QAC9E,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,yBAAQ,EAAC,eAAe,EAAE,IAAA,iCAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,4DAA4D,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AA9ND,4DA8NC"}
|
|
@@ -1,9 +1,11 @@
|
|
|
1
|
-
import { AuthorizationRequestOpts, CredentialOfferRequestWithBaseUrl,
|
|
2
|
-
export declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer,
|
|
1
|
+
import { AuthorizationRequestOpts, CredentialConfigurationSupportedV1_0_13, CredentialOfferRequestWithBaseUrl, EndpointMetadataResultV1_0_13, OpenId4VCIVersion, PKCEOpts } from '@sphereon/oid4vci-common';
|
|
2
|
+
export declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, clientId, version, }: {
|
|
3
3
|
pkce: PKCEOpts;
|
|
4
|
-
endpointMetadata:
|
|
4
|
+
endpointMetadata: EndpointMetadataResultV1_0_13;
|
|
5
5
|
authorizationRequest: AuthorizationRequestOpts;
|
|
6
6
|
credentialOffer?: CredentialOfferRequestWithBaseUrl | undefined;
|
|
7
|
-
|
|
7
|
+
credentialConfigurationSupported?: Record<string, CredentialConfigurationSupportedV1_0_13> | undefined;
|
|
8
|
+
clientId?: string | undefined;
|
|
9
|
+
version?: OpenId4VCIVersion | undefined;
|
|
8
10
|
}) => Promise<string>;
|
|
9
11
|
//# sourceMappingURL=AuthorizationCodeClient.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAGxB,iCAAiC,
|
|
1
|
+
{"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAGxB,uCAAuC,EAEvC,iCAAiC,EAEjC,6BAA6B,EAI7B,iBAAiB,EAEjB,QAAQ,EAGT,MAAM,0BAA0B,CAAC;AAmBlC,eAAO,MAAM,6BAA6B;UASlC,QAAQ;sBACI,6BAA6B;0BACzB,wBAAwB;;;;;MAK5C,QAAQ,MAAM,CAsIjB,CAAC"}
|
|
@@ -16,9 +16,33 @@ exports.createAuthorizationRequestUrl = void 0;
|
|
|
16
16
|
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
17
17
|
const debug_1 = __importDefault(require("debug"));
|
|
18
18
|
const debug = (0, debug_1.default)('sphereon:oid4vci');
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
19
|
+
function filterSupportedCredentials(credentialOffer, credentialsSupported) {
|
|
20
|
+
if (!credentialOffer.credential_configuration_ids || !credentialsSupported) {
|
|
21
|
+
return [];
|
|
22
|
+
}
|
|
23
|
+
return Object.entries(credentialsSupported)
|
|
24
|
+
.filter((entry) => { var _a; return (_a = credentialOffer.credential_configuration_ids) === null || _a === void 0 ? void 0 : _a.includes(entry[0]); })
|
|
25
|
+
.map((entry) => {
|
|
26
|
+
return Object.assign(Object.assign({}, entry[1]), { configuration_id: entry[0] });
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, clientId, version, }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
30
|
+
var _a, _b, _c, _d, _e;
|
|
31
|
+
function removeDisplayAndValueTypes(obj) {
|
|
32
|
+
for (const prop in obj) {
|
|
33
|
+
if (['display', 'value_type'].includes(prop)) {
|
|
34
|
+
delete obj[prop];
|
|
35
|
+
}
|
|
36
|
+
else if (typeof obj[prop] === 'object') {
|
|
37
|
+
removeDisplayAndValueTypes(obj[prop]);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
const { redirectUri } = authorizationRequest;
|
|
42
|
+
const client_id = clientId !== null && clientId !== void 0 ? clientId : authorizationRequest.clientId;
|
|
43
|
+
if (!client_id) {
|
|
44
|
+
throw Error(`Cannot use PAR without a client_id value set`);
|
|
45
|
+
}
|
|
22
46
|
let { scope, authorizationDetails } = authorizationRequest;
|
|
23
47
|
const parMode = ((_a = endpointMetadata === null || endpointMetadata === void 0 ? void 0 : endpointMetadata.credentialIssuerMetadata) === null || _a === void 0 ? void 0 : _a.require_pushed_authorization_requests)
|
|
24
48
|
? oid4vci_common_1.PARMode.REQUIRE
|
|
@@ -29,18 +53,39 @@ const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRe
|
|
|
29
53
|
if (!credentialOffer) {
|
|
30
54
|
throw Error('Please provide a scope or authorization_details if no credential offer is present');
|
|
31
55
|
}
|
|
32
|
-
|
|
56
|
+
if ('credentials' in credentialOffer.credential_offer) {
|
|
57
|
+
throw new Error('CredentialOffer format is wrong.');
|
|
58
|
+
}
|
|
59
|
+
const ver = (_c = version !== null && version !== void 0 ? version : (0, oid4vci_common_1.determineSpecVersionFromOffer)(credentialOffer.credential_offer)) !== null && _c !== void 0 ? _c : oid4vci_common_1.OpenId4VCIVersion.VER_1_0_13;
|
|
60
|
+
const creds = ver === oid4vci_common_1.OpenId4VCIVersion.VER_1_0_13
|
|
61
|
+
? filterSupportedCredentials(credentialOffer.credential_offer, credentialConfigurationSupported)
|
|
62
|
+
: [];
|
|
33
63
|
// FIXME: complains about VCT for sd-jwt
|
|
34
64
|
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
35
65
|
// @ts-ignore
|
|
36
|
-
authorizationDetails = creds
|
|
37
|
-
|
|
38
|
-
.
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
format
|
|
66
|
+
authorizationDetails = creds.flatMap((cred) => {
|
|
67
|
+
var _a;
|
|
68
|
+
const locations = [(_a = credentialOffer === null || credentialOffer === void 0 ? void 0 : credentialOffer.credential_offer.credential_issuer) !== null && _a !== void 0 ? _a : endpointMetadata.issuer];
|
|
69
|
+
const credential_configuration_id = cred.configuration_id;
|
|
70
|
+
const vct = cred.vct;
|
|
71
|
+
let format;
|
|
72
|
+
if (!credential_configuration_id) {
|
|
73
|
+
format = cred.format;
|
|
74
|
+
}
|
|
75
|
+
if (!credential_configuration_id && !cred.format) {
|
|
76
|
+
throw Error('format is required in authorization details');
|
|
77
|
+
}
|
|
78
|
+
const meta = {};
|
|
79
|
+
const credential_definition = cred.credential_definition;
|
|
80
|
+
if ((credential_definition === null || credential_definition === void 0 ? void 0 : credential_definition.type) && !format) {
|
|
81
|
+
// ype: OPTIONAL. Array as defined in Appendix A.1.1.2. This claim contains the type values the Wallet requests authorization for at the Credential Issuer. It MUST be present if the claim format is present in the root of the authorization details object. It MUST not be present otherwise.
|
|
82
|
+
// It meens we have a config_id, already mapping it to an explicit format and types
|
|
83
|
+
delete credential_definition.type;
|
|
84
|
+
}
|
|
85
|
+
if (credential_definition.credentialSubject) {
|
|
86
|
+
removeDisplayAndValueTypes(credential_definition.credentialSubject);
|
|
87
|
+
}
|
|
88
|
+
return Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({ type: 'openid_credential' }, meta), { locations }), (credential_definition && { credential_definition })), (credential_configuration_id && { credential_configuration_id })), (format && { format })), (vct && { vct })), (cred.claims && { claims: removeDisplayAndValueTypes(JSON.parse(JSON.stringify(cred.claims))) }));
|
|
44
89
|
});
|
|
45
90
|
if (!authorizationDetails || authorizationDetails.length === 0) {
|
|
46
91
|
throw Error(`Could not create authorization details from credential offer. Please pass in explicit details`);
|
|
@@ -49,15 +94,15 @@ const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRe
|
|
|
49
94
|
if (!(endpointMetadata === null || endpointMetadata === void 0 ? void 0 : endpointMetadata.authorization_endpoint)) {
|
|
50
95
|
throw Error('Server metadata does not contain authorization endpoint');
|
|
51
96
|
}
|
|
52
|
-
const parEndpoint = (
|
|
97
|
+
const parEndpoint = (_d = endpointMetadata.credentialIssuerMetadata) === null || _d === void 0 ? void 0 : _d.pushed_authorization_request_endpoint;
|
|
53
98
|
// add 'openid' scope if not present
|
|
54
99
|
if (!(scope === null || scope === void 0 ? void 0 : scope.includes('openid'))) {
|
|
55
100
|
scope = ['openid', scope].filter((s) => !!s).join(' ');
|
|
56
101
|
}
|
|
57
102
|
let queryObj = Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({ response_type: oid4vci_common_1.ResponseType.AUTH_CODE }, (!pkce.disabled && {
|
|
58
|
-
code_challenge_method: (
|
|
103
|
+
code_challenge_method: (_e = pkce.codeChallengeMethod) !== null && _e !== void 0 ? _e : oid4vci_common_1.CodeChallengeMethod.S256,
|
|
59
104
|
code_challenge: pkce.codeChallenge,
|
|
60
|
-
})), { authorization_details: JSON.stringify(handleAuthorizationDetails(endpointMetadata, authorizationDetails)) }), (redirectUri && { redirect_uri: redirectUri })),
|
|
105
|
+
})), { authorization_details: JSON.stringify(handleAuthorizationDetails(endpointMetadata, authorizationDetails)) }), (redirectUri && { redirect_uri: redirectUri })), { client_id }), ((credentialOffer === null || credentialOffer === void 0 ? void 0 : credentialOffer.issuerState) && { issuer_state: credentialOffer.issuerState })), { scope });
|
|
61
106
|
if (!parEndpoint && parMode === oid4vci_common_1.PARMode.REQUIRE) {
|
|
62
107
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
63
108
|
}
|
|
@@ -76,7 +121,7 @@ const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRe
|
|
|
76
121
|
}
|
|
77
122
|
else {
|
|
78
123
|
debug(`PAR response: ${(parResponse.successBody, null, 2)}`);
|
|
79
|
-
queryObj = { request_uri: parResponse.successBody.request_uri };
|
|
124
|
+
queryObj = { /*response_type: ResponseType.AUTH_CODE,*/ client_id, request_uri: parResponse.successBody.request_uri };
|
|
80
125
|
}
|
|
81
126
|
}
|
|
82
127
|
debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|