@sphereon/oid4vci-client 0.10.4-unstable.2 → 0.10.4-unstable.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/AccessTokenClient.d.ts +5 -5
- package/dist/AccessTokenClient.d.ts.map +1 -1
- package/dist/AccessTokenClient.js +42 -22
- package/dist/AccessTokenClient.js.map +1 -1
- package/dist/AccessTokenClientV1_0_11.d.ts +29 -0
- package/dist/AccessTokenClientV1_0_11.d.ts.map +1 -0
- package/dist/AccessTokenClientV1_0_11.js +212 -0
- package/dist/AccessTokenClientV1_0_11.js.map +1 -0
- package/dist/AuthorizationCodeClient.d.ts +4 -4
- package/dist/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/AuthorizationCodeClient.js +14 -3
- package/dist/AuthorizationCodeClient.js.map +1 -1
- package/dist/AuthorizationCodeClientV1_0_11.d.ts +9 -0
- package/dist/AuthorizationCodeClientV1_0_11.d.ts.map +1 -0
- package/dist/AuthorizationCodeClientV1_0_11.js +132 -0
- package/dist/AuthorizationCodeClientV1_0_11.js.map +1 -0
- package/dist/CredentialOfferClient.d.ts.map +1 -1
- package/dist/CredentialOfferClient.js +14 -25
- package/dist/CredentialOfferClient.js.map +1 -1
- package/dist/CredentialOfferClientV1_0_11.d.ts +10 -0
- package/dist/CredentialOfferClientV1_0_11.d.ts.map +1 -0
- package/dist/CredentialOfferClientV1_0_11.js +103 -0
- package/dist/CredentialOfferClientV1_0_11.js.map +1 -0
- package/dist/CredentialRequestClient.d.ts +1 -1
- package/dist/CredentialRequestClient.d.ts.map +1 -1
- package/dist/CredentialRequestClient.js +9 -6
- package/dist/CredentialRequestClient.js.map +1 -1
- package/dist/CredentialRequestClientBuilder.d.ts +3 -3
- package/dist/CredentialRequestClientBuilder.d.ts.map +1 -1
- package/dist/CredentialRequestClientBuilder.js +2 -2
- package/dist/CredentialRequestClientBuilder.js.map +1 -1
- package/dist/CredentialRequestClientBuilderV1_0_11.d.ts +46 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.d.ts.map +1 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.js +117 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.js.map +1 -0
- package/dist/CredentialRequestClientV1_0_11.d.ts +44 -0
- package/dist/CredentialRequestClientV1_0_11.d.ts.map +1 -0
- package/dist/CredentialRequestClientV1_0_11.js +151 -0
- package/dist/CredentialRequestClientV1_0_11.js.map +1 -0
- package/dist/MetadataClient.d.ts +5 -15
- package/dist/MetadataClient.d.ts.map +1 -1
- package/dist/MetadataClient.js +13 -33
- package/dist/MetadataClient.js.map +1 -1
- package/dist/MetadataClientV1_0_11.d.ts +31 -0
- package/dist/MetadataClientV1_0_11.d.ts.map +1 -0
- package/dist/MetadataClientV1_0_11.js +182 -0
- package/dist/MetadataClientV1_0_11.js.map +1 -0
- package/dist/OpenID4VCIClient.d.ts +5 -17
- package/dist/OpenID4VCIClient.d.ts.map +1 -1
- package/dist/OpenID4VCIClient.js +3 -74
- package/dist/OpenID4VCIClient.js.map +1 -1
- package/dist/OpenID4VCIClientV1_0_11.d.ts +107 -0
- package/dist/OpenID4VCIClientV1_0_11.d.ts.map +1 -0
- package/dist/OpenID4VCIClientV1_0_11.js +462 -0
- package/dist/OpenID4VCIClientV1_0_11.js.map +1 -0
- package/dist/functions/OpenIDUtils.d.ts +12 -0
- package/dist/functions/OpenIDUtils.d.ts.map +1 -0
- package/dist/functions/OpenIDUtils.js +37 -0
- package/dist/functions/OpenIDUtils.js.map +1 -0
- package/dist/index.d.ts +8 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -1
- package/dist/index.js.map +1 -1
- package/lib/AccessTokenClient.ts +54 -22
- package/lib/AccessTokenClientV1_0_11.ts +255 -0
- package/lib/AuthorizationCodeClient.ts +30 -10
- package/lib/AuthorizationCodeClientV1_0_11.ts +167 -0
- package/lib/CredentialOfferClient.ts +13 -25
- package/lib/CredentialOfferClientV1_0_11.ts +112 -0
- package/lib/CredentialRequestClient.ts +11 -7
- package/lib/CredentialRequestClientBuilder.ts +9 -8
- package/lib/CredentialRequestClientBuilderV1_0_11.ts +156 -0
- package/lib/CredentialRequestClientV1_0_11.ts +190 -0
- package/lib/MetadataClient.ts +26 -48
- package/lib/MetadataClientV1_0_11.ts +186 -0
- package/lib/OpenID4VCIClient.ts +11 -94
- package/lib/OpenID4VCIClientV1_0_11.ts +644 -0
- package/lib/__tests__/AccessTokenClient.spec.ts +34 -6
- package/lib/__tests__/CredentialRequestClient.spec.ts +56 -39
- package/lib/__tests__/CredentialRequestClientBuilder.spec.ts +4 -4
- package/lib/__tests__/CredentialRequestClientV1_0_11.spec.ts +316 -0
- package/lib/__tests__/EBSIE2E.spec.test.ts +2 -2
- package/lib/__tests__/IT.spec.ts +222 -11
- package/lib/__tests__/IssuanceInitiation.spec.ts +32 -51
- package/lib/__tests__/IssuanceInitiationV1_0_11.spec.ts +62 -0
- package/lib/__tests__/MattrE2E.spec.test.ts +2 -2
- package/lib/__tests__/MetadataClient.spec.ts +70 -6
- package/lib/__tests__/MetadataMocks.ts +41 -2
- package/lib/__tests__/OpenID4VCIClient.spec.ts +1 -1
- package/lib/__tests__/{OpenID4VCIClientPAR.spec.ts → OpenID4VCIClientPARV1_0_11.spec.ts} +5 -5
- package/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts +202 -0
- package/lib/__tests__/ProofOfPossessionBuilder.spec.ts +1 -1
- package/lib/__tests__/SdJwt.spec.ts +31 -21
- package/lib/__tests__/SphereonE2E.spec.test.ts +3 -3
- package/lib/__tests__/data/VciDataFixtures.ts +664 -27
- package/lib/functions/OpenIDUtils.ts +25 -0
- package/lib/index.ts +8 -1
- package/package.json +3 -3
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
|
|
1
|
+
import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse, TxCodeAndPinRequired } from '@sphereon/oid4vci-common';
|
|
2
2
|
export declare class AccessTokenClient {
|
|
3
3
|
acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
|
|
4
|
-
acquireAccessTokenUsingRequest({ accessTokenRequest,
|
|
4
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, }: {
|
|
5
5
|
accessTokenRequest: AccessTokenRequest;
|
|
6
|
-
|
|
6
|
+
pinMetadata?: TxCodeAndPinRequired;
|
|
7
7
|
metadata?: EndpointMetadata;
|
|
8
8
|
asOpts?: AuthorizationServerOpts;
|
|
9
9
|
issuerOpts?: IssuerOpts;
|
|
@@ -11,8 +11,8 @@ export declare class AccessTokenClient {
|
|
|
11
11
|
createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
|
|
12
12
|
private assertPreAuthorizedGrantType;
|
|
13
13
|
private assertAuthorizationGrantType;
|
|
14
|
-
private
|
|
15
|
-
private
|
|
14
|
+
private getPinMetadata;
|
|
15
|
+
private assertAlphanumericPin;
|
|
16
16
|
private assertNonEmptyPreAuthorizedCode;
|
|
17
17
|
private assertNonEmptyCodeVerifier;
|
|
18
18
|
private assertNonEmptyCode;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,
|
|
1
|
+
{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAKvB,gBAAgB,EAGhB,UAAU,EAGV,cAAc,EAId,oBAAoB,EAErB,MAAM,0BAA0B,CAAC;AASlC,qBAAa,iBAAiB;IACf,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgC9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,WAAW,CAAC,EAAE,oBAAoB,CAAC;QACnC,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,cAAc;IAgBtB,OAAO,CAAC,qBAAqB;IA+B7B,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}
|
|
@@ -25,7 +25,7 @@ class AccessTokenClient {
|
|
|
25
25
|
return __awaiter(this, void 0, void 0, function* () {
|
|
26
26
|
const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
|
|
27
27
|
const credentialOffer = opts.credentialOffer ? yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer) : undefined;
|
|
28
|
-
const
|
|
28
|
+
const pinMetadata = credentialOffer && this.getPinMetadata(credentialOffer.credential_offer);
|
|
29
29
|
const issuer = (_a = opts.credentialIssuer) !== null && _a !== void 0 ? _a : (credentialOffer ? (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : metadata === null || metadata === void 0 ? void 0 : metadata.issuer);
|
|
30
30
|
if (!issuer) {
|
|
31
31
|
throw Error('Issuer required at this point');
|
|
@@ -41,17 +41,18 @@ class AccessTokenClient {
|
|
|
41
41
|
code,
|
|
42
42
|
redirectUri,
|
|
43
43
|
pin,
|
|
44
|
+
pinMetadata,
|
|
44
45
|
}),
|
|
45
|
-
|
|
46
|
+
pinMetadata,
|
|
46
47
|
metadata,
|
|
47
48
|
asOpts,
|
|
48
49
|
issuerOpts,
|
|
49
50
|
});
|
|
50
51
|
});
|
|
51
52
|
}
|
|
52
|
-
acquireAccessTokenUsingRequest({ accessTokenRequest,
|
|
53
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, }) {
|
|
53
54
|
return __awaiter(this, void 0, void 0, function* () {
|
|
54
|
-
this.validate(accessTokenRequest,
|
|
55
|
+
this.validate(accessTokenRequest, pinMetadata);
|
|
55
56
|
const requestTokenURL = AccessTokenClient.determineTokenURL({
|
|
56
57
|
asOpts,
|
|
57
58
|
issuerOpts,
|
|
@@ -68,13 +69,16 @@ class AccessTokenClient {
|
|
|
68
69
|
var _a, _b;
|
|
69
70
|
return __awaiter(this, void 0, void 0, function* () {
|
|
70
71
|
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
71
|
-
const credentialOfferRequest = opts.credentialOffer
|
|
72
|
+
const credentialOfferRequest = opts.credentialOffer &&
|
|
73
|
+
(0, oid4vci_common_1.determineSpecVersionFromOffer)(opts.credentialOffer).valueOf() <= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_13.valueOf()
|
|
74
|
+
? yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer)
|
|
75
|
+
: undefined;
|
|
72
76
|
const request = {};
|
|
73
77
|
if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
|
|
74
78
|
request.client_id = asOpts.clientId;
|
|
75
79
|
}
|
|
76
80
|
if (credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
|
|
77
|
-
this.
|
|
81
|
+
this.assertAlphanumericPin(opts.pinMetadata, pin);
|
|
78
82
|
request.user_pin = pin;
|
|
79
83
|
request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
|
|
80
84
|
// we actually know it is there because of the isPreAuthCode call
|
|
@@ -104,29 +108,45 @@ class AccessTokenClient {
|
|
|
104
108
|
throw new Error("grant type must be 'authorization_code'");
|
|
105
109
|
}
|
|
106
110
|
}
|
|
107
|
-
|
|
108
|
-
var _a
|
|
109
|
-
let isPinRequired = false;
|
|
111
|
+
getPinMetadata(requestPayload) {
|
|
112
|
+
var _a;
|
|
110
113
|
if (!requestPayload) {
|
|
111
114
|
throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
|
|
112
115
|
}
|
|
113
116
|
const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
}
|
|
117
|
+
const grantDetails = (_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code'];
|
|
118
|
+
const isPinRequired = !!(grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails.tx_code) || !!(grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails['pre-authorized_code']);
|
|
117
119
|
debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
|
|
118
|
-
return
|
|
120
|
+
return {
|
|
121
|
+
txCode: grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails.tx_code,
|
|
122
|
+
isPinRequired,
|
|
123
|
+
};
|
|
119
124
|
}
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
+
assertAlphanumericPin(pinMeta, pin) {
|
|
126
|
+
var _a, _b;
|
|
127
|
+
if (pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.isPinRequired) {
|
|
128
|
+
let regex;
|
|
129
|
+
if (pinMeta.txCode) {
|
|
130
|
+
const { input_mode, length } = pinMeta.txCode;
|
|
131
|
+
if (input_mode === 'numeric') {
|
|
132
|
+
// Create a regex for numeric input. If no length specified, allow any length of numeric input.
|
|
133
|
+
regex = length ? new RegExp(`^\\d{1,${length}}$`) : /^\d+$/;
|
|
134
|
+
}
|
|
135
|
+
else if (input_mode === 'text') {
|
|
136
|
+
// Create a regex for text input. If no length specified, allow any length of alphanumeric input.
|
|
137
|
+
regex = length ? new RegExp(`^[a-zA-Z0-9]{1,${length}}$`) : /^[a-zA-Z0-9]+$/;
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
// Default regex for alphanumeric with no specific length limit if no input_mode is specified.
|
|
141
|
+
regex = regex || /^[a-zA-Z0-9]+$|^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/;
|
|
142
|
+
if (!pin || !regex.test(pin)) {
|
|
143
|
+
debug(`Pin is not valid. Expected format: ${((_a = pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.txCode) === null || _a === void 0 ? void 0 : _a.input_mode) || 'alphanumeric'}, Length: up to ${((_b = pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.txCode) === null || _b === void 0 ? void 0 : _b.length) || 'any number of'} characters`);
|
|
144
|
+
throw new Error('A valid pin must be present according to the specified transaction code requirements.');
|
|
125
145
|
}
|
|
126
146
|
}
|
|
127
147
|
else if (pin) {
|
|
128
|
-
debug(
|
|
129
|
-
throw new Error('Cannot set a pin
|
|
148
|
+
debug('Pin set, whilst not required');
|
|
149
|
+
throw new Error('Cannot set a pin when the pin is not required.');
|
|
130
150
|
}
|
|
131
151
|
}
|
|
132
152
|
assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
|
|
@@ -147,11 +167,11 @@ class AccessTokenClient {
|
|
|
147
167
|
throw new Error('Authorization flow requires the code to be present');
|
|
148
168
|
}
|
|
149
169
|
}
|
|
150
|
-
validate(accessTokenRequest,
|
|
170
|
+
validate(accessTokenRequest, pinMeta) {
|
|
151
171
|
if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
|
|
152
172
|
this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
|
|
153
173
|
this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
|
|
154
|
-
this.
|
|
174
|
+
this.assertAlphanumericPin(pinMeta, accessTokenRequest['pre-authorized_code']);
|
|
155
175
|
}
|
|
156
176
|
else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
|
|
157
177
|
this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAsBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAClD,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,iBAAiB;IACf,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,WAAW,GAAqC,eAAe,IAAI,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YAC/H,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;oBACH,WAAW;iBACZ,CAAC;gBACF,WAAW;gBACX,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;YAE/C,MAAM,eAAe,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;gBAC1D,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAC1B,IAAI,CAAC,eAAe;gBACpB,IAAA,8CAA6B,EAAC,IAAI,CAAC,eAAgD,CAAC,CAAC,OAAO,EAAE,IAAI,kCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE;gBACtI,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAyC,CAAC;gBACvF,CAAC,CAAC,SAAS,CAAC;YAChB,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;gBAClD,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;;KACnI;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,cAA6C;;QAClE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QAEnE,MAAM,YAAY,GAAG,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,CAAC;QACrG,MAAM,aAAa,GAAG,CAAC,CAAC,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,CAAA,IAAI,CAAC,CAAC,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAG,qBAAqB,CAAC,CAAA,CAAC;QAEzF,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO;YACL,MAAM,EAAE,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO;YAC7B,aAAa;SACd,CAAC;IACJ,CAAC;IAEO,qBAAqB,CAAC,OAA8B,EAAE,GAAY;;QACxE,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,EAAE,CAAC;YAC3B,IAAI,KAAK,CAAC;YAEV,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;gBAE9C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;oBAC7B,+FAA+F;oBAC/F,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,UAAU,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;gBAC9D,CAAC;qBAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBACjC,iGAAiG;oBACjG,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,kBAAkB,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;gBAC/E,CAAC;YACH,CAAC;YAED,8FAA8F;YAC9F,KAAK,GAAG,KAAK,IAAI,iEAAiE,CAAC;YAEnF,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,KAAK,CACH,sCAAsC,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,UAAU,KAAI,cAAc,mBAAmB,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,MAAM,KAAI,eAAe,aAAa,CAC9J,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;YAC3G,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,OAA8B;QACrF,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,kBAAkB,CAAC,qBAAqB,CAAC,CAAC,CAAC;QACjF,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,oBAAQ,EAAC,eAAe,EAAE,IAAA,4BAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,4DAA4D,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AArPD,8CAqPC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
|
|
2
|
+
export declare class AccessTokenClientV1_0_11 {
|
|
3
|
+
acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
|
|
4
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }: {
|
|
5
|
+
accessTokenRequest: AccessTokenRequest;
|
|
6
|
+
isPinRequired?: boolean;
|
|
7
|
+
metadata?: EndpointMetadata;
|
|
8
|
+
asOpts?: AuthorizationServerOpts;
|
|
9
|
+
issuerOpts?: IssuerOpts;
|
|
10
|
+
}): Promise<OpenIDResponse<AccessTokenResponse>>;
|
|
11
|
+
createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
|
|
12
|
+
private assertPreAuthorizedGrantType;
|
|
13
|
+
private assertAuthorizationGrantType;
|
|
14
|
+
private isPinRequiredValue;
|
|
15
|
+
private assertNumericPin;
|
|
16
|
+
private assertNonEmptyPreAuthorizedCode;
|
|
17
|
+
private assertNonEmptyCodeVerifier;
|
|
18
|
+
private assertNonEmptyCode;
|
|
19
|
+
private validate;
|
|
20
|
+
private sendAuthCode;
|
|
21
|
+
static determineTokenURL({ asOpts, issuerOpts, metadata, }: {
|
|
22
|
+
asOpts?: AuthorizationServerOpts;
|
|
23
|
+
issuerOpts?: IssuerOpts;
|
|
24
|
+
metadata?: EndpointMetadata;
|
|
25
|
+
}): string;
|
|
26
|
+
private static creatTokenURLFromURL;
|
|
27
|
+
private throwNotSupportedFlow;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=AccessTokenClientV1_0_11.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessTokenClientV1_0_11.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClientV1_0_11.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAMvB,gBAAgB,EAGhB,UAAU,EAGV,cAAc,EAMf,MAAM,0BAA0B,CAAC;AASlC,qBAAa,wBAAwB;IACtB,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IA+B9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}
|
|
@@ -0,0 +1,212 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.AccessTokenClientV1_0_11 = void 0;
|
|
16
|
+
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
17
|
+
const ssi_types_1 = require("@sphereon/ssi-types");
|
|
18
|
+
const debug_1 = __importDefault(require("debug"));
|
|
19
|
+
const MetadataClient_1 = require("./MetadataClient");
|
|
20
|
+
const functions_1 = require("./functions");
|
|
21
|
+
const debug = (0, debug_1.default)('sphereon:oid4vci:token');
|
|
22
|
+
class AccessTokenClientV1_0_11 {
|
|
23
|
+
acquireAccessToken(opts) {
|
|
24
|
+
var _a;
|
|
25
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
26
|
+
const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
|
|
27
|
+
const credentialOffer = opts.credentialOffer ? yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer) : undefined;
|
|
28
|
+
const isPinRequired = credentialOffer && this.isPinRequiredValue(credentialOffer.credential_offer);
|
|
29
|
+
const issuer = (_a = opts.credentialIssuer) !== null && _a !== void 0 ? _a : (credentialOffer ? (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : metadata === null || metadata === void 0 ? void 0 : metadata.issuer);
|
|
30
|
+
if (!issuer) {
|
|
31
|
+
throw Error('Issuer required at this point');
|
|
32
|
+
}
|
|
33
|
+
const issuerOpts = {
|
|
34
|
+
issuer,
|
|
35
|
+
};
|
|
36
|
+
return yield this.acquireAccessTokenUsingRequest({
|
|
37
|
+
accessTokenRequest: yield this.createAccessTokenRequest({
|
|
38
|
+
credentialOffer,
|
|
39
|
+
asOpts,
|
|
40
|
+
codeVerifier,
|
|
41
|
+
code,
|
|
42
|
+
redirectUri,
|
|
43
|
+
pin,
|
|
44
|
+
}),
|
|
45
|
+
isPinRequired,
|
|
46
|
+
metadata,
|
|
47
|
+
asOpts,
|
|
48
|
+
issuerOpts,
|
|
49
|
+
});
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }) {
|
|
53
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
54
|
+
this.validate(accessTokenRequest, isPinRequired);
|
|
55
|
+
const requestTokenURL = AccessTokenClientV1_0_11.determineTokenURL({
|
|
56
|
+
asOpts,
|
|
57
|
+
issuerOpts,
|
|
58
|
+
metadata: metadata
|
|
59
|
+
? metadata
|
|
60
|
+
: (issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.fetchMetadata)
|
|
61
|
+
? yield MetadataClient_1.MetadataClient.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
|
|
62
|
+
: undefined,
|
|
63
|
+
});
|
|
64
|
+
return this.sendAuthCode(requestTokenURL, accessTokenRequest);
|
|
65
|
+
});
|
|
66
|
+
}
|
|
67
|
+
createAccessTokenRequest(opts) {
|
|
68
|
+
var _a, _b;
|
|
69
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
70
|
+
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
71
|
+
const credentialOfferRequest = opts.credentialOffer
|
|
72
|
+
? (0, oid4vci_common_1.determineSpecVersionFromOffer)(opts.credentialOffer).valueOf() <= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11.valueOf()
|
|
73
|
+
? yield (0, oid4vci_common_1.toUniformCredentialOfferRequestV1_0_11)(opts.credentialOffer)
|
|
74
|
+
: yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer)
|
|
75
|
+
: undefined;
|
|
76
|
+
const request = {};
|
|
77
|
+
if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
|
|
78
|
+
request.client_id = asOpts.clientId;
|
|
79
|
+
}
|
|
80
|
+
if (credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
|
|
81
|
+
this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
|
|
82
|
+
request.user_pin = pin;
|
|
83
|
+
request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
|
|
84
|
+
// we actually know it is there because of the isPreAuthCode call
|
|
85
|
+
request[oid4vci_common_1.PRE_AUTH_CODE_LITERAL] =
|
|
86
|
+
(_b = (_a = credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.credential_offer.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b[oid4vci_common_1.PRE_AUTH_CODE_LITERAL];
|
|
87
|
+
return request;
|
|
88
|
+
}
|
|
89
|
+
if (!credentialOfferRequest || credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
|
|
90
|
+
request.grant_type = oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE;
|
|
91
|
+
request.code = code;
|
|
92
|
+
request.redirect_uri = redirectUri;
|
|
93
|
+
if (codeVerifier) {
|
|
94
|
+
request.code_verifier = codeVerifier;
|
|
95
|
+
}
|
|
96
|
+
return request;
|
|
97
|
+
}
|
|
98
|
+
throw new Error('Credential offer request does not follow neither pre-authorized code nor authorization code flow requirements.');
|
|
99
|
+
});
|
|
100
|
+
}
|
|
101
|
+
assertPreAuthorizedGrantType(grantType) {
|
|
102
|
+
if (oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE !== grantType) {
|
|
103
|
+
throw new Error("grant type must be 'urn:ietf:params:oauth:grant-type:pre-authorized_code'");
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
assertAuthorizationGrantType(grantType) {
|
|
107
|
+
if (oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE !== grantType) {
|
|
108
|
+
throw new Error("grant type must be 'authorization_code'");
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
isPinRequiredValue(requestPayload) {
|
|
112
|
+
var _a, _b, _c;
|
|
113
|
+
let isPinRequired = false;
|
|
114
|
+
if (!requestPayload) {
|
|
115
|
+
throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
|
|
116
|
+
}
|
|
117
|
+
const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
|
|
118
|
+
if ((_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) {
|
|
119
|
+
isPinRequired = (_c = (_b = requestPayload.grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b.user_pin_required) !== null && _c !== void 0 ? _c : false;
|
|
120
|
+
}
|
|
121
|
+
debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
|
|
122
|
+
return isPinRequired;
|
|
123
|
+
}
|
|
124
|
+
assertNumericPin(isPinRequired, pin) {
|
|
125
|
+
if (isPinRequired) {
|
|
126
|
+
if (!pin || !/^\d{1,8}$/.test(pin)) {
|
|
127
|
+
debug(`Pin is not 1 to 8 digits long`);
|
|
128
|
+
throw new Error('A valid pin consisting of maximal 8 numeric characters must be present.');
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
else if (pin) {
|
|
132
|
+
debug(`Pin set, whilst not required`);
|
|
133
|
+
throw new Error('Cannot set a pin, when the pin is not required.');
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
|
|
137
|
+
if (!accessTokenRequest[oid4vci_common_1.PRE_AUTH_CODE_LITERAL]) {
|
|
138
|
+
debug(`No pre-authorized code present, whilst it is required`);
|
|
139
|
+
throw new Error('Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.');
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
assertNonEmptyCodeVerifier(accessTokenRequest) {
|
|
143
|
+
if (!accessTokenRequest.code_verifier) {
|
|
144
|
+
debug('No code_verifier present, whilst it is required');
|
|
145
|
+
throw new Error('Authorization flow requires the code_verifier to be present');
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
assertNonEmptyCode(accessTokenRequest) {
|
|
149
|
+
if (!accessTokenRequest.code) {
|
|
150
|
+
debug('No code present, whilst it is required');
|
|
151
|
+
throw new Error('Authorization flow requires the code to be present');
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
validate(accessTokenRequest, isPinRequired) {
|
|
155
|
+
if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
|
|
156
|
+
this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
|
|
157
|
+
this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
|
|
158
|
+
this.assertNumericPin(isPinRequired, accessTokenRequest.user_pin);
|
|
159
|
+
}
|
|
160
|
+
else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
|
|
161
|
+
this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
|
|
162
|
+
this.assertNonEmptyCodeVerifier(accessTokenRequest);
|
|
163
|
+
this.assertNonEmptyCode(accessTokenRequest);
|
|
164
|
+
}
|
|
165
|
+
else {
|
|
166
|
+
this.throwNotSupportedFlow();
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
sendAuthCode(requestTokenURL, accessTokenRequest) {
|
|
170
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
171
|
+
return yield (0, functions_1.formPost)(requestTokenURL, (0, functions_1.convertJsonToURI)(accessTokenRequest, { mode: oid4vci_common_1.JsonURIMode.X_FORM_WWW_URLENCODED }));
|
|
172
|
+
});
|
|
173
|
+
}
|
|
174
|
+
static determineTokenURL({ asOpts, issuerOpts, metadata, }) {
|
|
175
|
+
if (!asOpts && !(metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) && !issuerOpts) {
|
|
176
|
+
throw new Error('Cannot determine token URL if no issuer, metadata and no Authorization Server values are present');
|
|
177
|
+
}
|
|
178
|
+
let url;
|
|
179
|
+
if (asOpts && asOpts.as) {
|
|
180
|
+
url = this.creatTokenURLFromURL(asOpts.as, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, asOpts.tokenEndpoint);
|
|
181
|
+
}
|
|
182
|
+
else if (metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) {
|
|
183
|
+
url = metadata.token_endpoint;
|
|
184
|
+
}
|
|
185
|
+
else {
|
|
186
|
+
if (!(issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.issuer)) {
|
|
187
|
+
throw Error('Either authorization server options, a token endpoint or issuer options are required at this point');
|
|
188
|
+
}
|
|
189
|
+
url = this.creatTokenURLFromURL(issuerOpts.issuer, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, issuerOpts.tokenEndpoint);
|
|
190
|
+
}
|
|
191
|
+
if (!url || !ssi_types_1.ObjectUtils.isString(url)) {
|
|
192
|
+
throw new Error('No authorization server token URL present. Cannot acquire access token');
|
|
193
|
+
}
|
|
194
|
+
debug(`Token endpoint determined to be ${url}`);
|
|
195
|
+
return url;
|
|
196
|
+
}
|
|
197
|
+
static creatTokenURLFromURL(url, allowInsecureEndpoints, tokenEndpoint) {
|
|
198
|
+
if (allowInsecureEndpoints !== true && url.startsWith('http:')) {
|
|
199
|
+
throw Error(`Unprotected token endpoints are not allowed ${url}. Use the 'allowInsecureEndpoints' param if you really need this for dev/testing!`);
|
|
200
|
+
}
|
|
201
|
+
const hostname = url.replace(/https?:\/\//, '').replace(/\/$/, '');
|
|
202
|
+
const endpoint = tokenEndpoint ? (tokenEndpoint.startsWith('/') ? tokenEndpoint : tokenEndpoint.substring(1)) : '/token';
|
|
203
|
+
const scheme = url.split('://')[0];
|
|
204
|
+
return `${scheme ? scheme + '://' : 'https://'}${hostname}${endpoint}`;
|
|
205
|
+
}
|
|
206
|
+
throwNotSupportedFlow() {
|
|
207
|
+
debug(`Only pre-authorized or authorization code flows supported.`);
|
|
208
|
+
throw new Error('Only pre-authorized-code or authorization code flows are supported');
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
exports.AccessTokenClientV1_0_11 = AccessTokenClientV1_0_11;
|
|
212
|
+
//# sourceMappingURL=AccessTokenClientV1_0_11.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessTokenClientV1_0_11.js","sourceRoot":"","sources":["../lib/AccessTokenClientV1_0_11.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAuBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAClD,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,wBAAwB;IACtB,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,aAAa,GAAG,eAAe,IAAI,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YACnG,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;iBACJ,CAAC;gBACF,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YAEjD,MAAM,eAAe,GAAG,wBAAwB,CAAC,iBAAiB,CAAC;gBACjE,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe;gBACjD,CAAC,CAAC,IAAA,8CAA6B,EAAC,IAAI,CAAC,eAAgD,CAAC,CAAC,OAAO,EAAE,IAAI,kCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE;oBACxI,CAAC,CAAC,MAAM,IAAA,uDAAsC,EAAC,IAAI,CAAC,eAAyC,CAAC;oBAC9F,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAyC,CAAC;gBACzF,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC7F,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;;KACnI;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,cAA6C;;QACtE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QACnE,IAAI,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,EAAE,CAAC;YACpF,aAAa,GAAG,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,sDAAsD,CAAC,0CAAE,iBAAiB,mCAAI,KAAK,CAAC;QAC5H,CAAC;QACD,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO,aAAa,CAAC;IACvB,CAAC;IAEO,gBAAgB,CAAC,aAAuB,EAAE,GAAY;QAC5D,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,aAAuB;QAC9E,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,oBAAQ,EAAC,eAAe,EAAE,IAAA,4BAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,4DAA4D,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AA9ND,4DA8NC"}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { AuthorizationRequestOpts,
|
|
2
|
-
export declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer,
|
|
1
|
+
import { AuthorizationRequestOpts, CredentialConfigurationSupportedV1_0_13, CredentialOfferRequestWithBaseUrl, EndpointMetadataResultV1_0_13, PKCEOpts } from '@sphereon/oid4vci-common';
|
|
2
|
+
export declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, }: {
|
|
3
3
|
pkce: PKCEOpts;
|
|
4
|
-
endpointMetadata:
|
|
4
|
+
endpointMetadata: EndpointMetadataResultV1_0_13;
|
|
5
5
|
authorizationRequest: AuthorizationRequestOpts;
|
|
6
6
|
credentialOffer?: CredentialOfferRequestWithBaseUrl | undefined;
|
|
7
|
-
|
|
7
|
+
credentialConfigurationSupported?: Record<string, CredentialConfigurationSupportedV1_0_13> | undefined;
|
|
8
8
|
}) => Promise<string>;
|
|
9
9
|
//# sourceMappingURL=AuthorizationCodeClient.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAGxB,
|
|
1
|
+
{"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAGxB,uCAAuC,EAEvC,iCAAiC,EAGjC,6BAA6B,EAK7B,QAAQ,EAGT,MAAM,0BAA0B,CAAA;AAejC,eAAO,MAAM,6BAA6B;UAOlC,QAAQ;sBACI,6BAA6B;0BACzB,wBAAwB;;;MAG5C,QAAQ,MAAM,CAkGjB,CAAC"}
|
|
@@ -16,7 +16,13 @@ exports.createAuthorizationRequestUrl = void 0;
|
|
|
16
16
|
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
17
17
|
const debug_1 = __importDefault(require("debug"));
|
|
18
18
|
const debug = (0, debug_1.default)('sphereon:oid4vci');
|
|
19
|
-
|
|
19
|
+
function filterSupportedCredentials(credentialOffer, credentialsSupported) {
|
|
20
|
+
if (!credentialOffer.credential_configuration_ids || !credentialsSupported) {
|
|
21
|
+
return [];
|
|
22
|
+
}
|
|
23
|
+
return credentialOffer.credential_configuration_ids.map((id) => credentialsSupported[id]).filter((cred) => cred !== undefined);
|
|
24
|
+
}
|
|
25
|
+
const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
20
26
|
var _a, _b, _c, _d;
|
|
21
27
|
const { redirectUri, clientId } = authorizationRequest;
|
|
22
28
|
let { scope, authorizationDetails } = authorizationRequest;
|
|
@@ -29,12 +35,17 @@ const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRe
|
|
|
29
35
|
if (!credentialOffer) {
|
|
30
36
|
throw Error('Please provide a scope or authorization_details if no credential offer is present');
|
|
31
37
|
}
|
|
32
|
-
|
|
38
|
+
if ('credentials' in credentialOffer.credential_offer) {
|
|
39
|
+
throw new Error('CredentialOffer format is wrong.');
|
|
40
|
+
}
|
|
41
|
+
const creds = (0, oid4vci_common_1.determineSpecVersionFromOffer)(credentialOffer.credential_offer) === oid4vci_common_1.OpenId4VCIVersion.VER_1_0_13
|
|
42
|
+
? filterSupportedCredentials(credentialOffer.credential_offer, credentialConfigurationSupported)
|
|
43
|
+
: [];
|
|
33
44
|
// FIXME: complains about VCT for sd-jwt
|
|
34
45
|
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
35
46
|
// @ts-ignore
|
|
36
47
|
authorizationDetails = creds
|
|
37
|
-
.flatMap((cred) =>
|
|
48
|
+
.flatMap((cred) => cred)
|
|
38
49
|
.filter((cred) => !!cred)
|
|
39
50
|
.map((cred) => {
|
|
40
51
|
return Object.assign(Object.assign({}, cred), { type: 'openid_credential', locations: [endpointMetadata.issuer],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthorizationCodeClient.js","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"AuthorizationCodeClient.js","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAkBiC;AACjC,kDAA0B;AAE1B,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,kBAAkB,CAAC,CAAC;AAExC,SAAS,0BAA0B,CACjC,eAA8C,EAC9C,oBAA8E;IAE9E,IAAI,CAAC,eAAe,CAAC,4BAA4B,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC3E,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,eAAe,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;AACjI,CAAC;AAEM,MAAM,6BAA6B,GAAG,CAAO,EAClD,IAAI,EACJ,gBAAgB,EAChB,oBAAoB,EACpB,eAAe,EACf,gCAAgC,GAOjC,EAAmB,EAAE;;IACpB,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,oBAAoB,CAAC;IACvD,IAAI,EAAE,KAAK,EAAE,oBAAoB,EAAE,GAAG,oBAAoB,CAAC;IAC3D,MAAM,OAAO,GAAG,CAAA,MAAA,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,wBAAwB,0CAAE,qCAAqC;QAC/F,CAAC,CAAC,wBAAO,CAAC,OAAO;QACjB,CAAC,CAAC,MAAA,oBAAoB,CAAC,OAAO,mCAAI,wBAAO,CAAC,IAAI,CAAC;IACjD,gFAAgF;IAChF,iGAAiG;IACjG,IAAI,CAAC,KAAK,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACpC,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,KAAK,CAAC,mFAAmF,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,aAAa,IAAI,eAAe,CAAC,gBAAgB,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,KAAK,GACT,IAAA,8CAA6B,EAAC,eAAe,CAAC,gBAAgB,CAAC,KAAK,kCAAiB,CAAC,UAAU;YAC9F,CAAC,CAAC,0BAA0B,CAAC,eAAe,CAAC,gBAAiD,EAAE,gCAAgC,CAAC;YACjI,CAAC,CAAC,EAAE,CAAC;QAET,wCAAwC;QACxC,6DAA6D;QAC7D,aAAa;QACb,oBAAoB,GAAG,KAAK;aACzB,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAA2B,CAAC;aAC9C,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;aACxB,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACZ,OAAO,gCACF,IAAI,KACP,IAAI,EAAE,mBAAmB,EACzB,SAAS,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC;gBAEpC,6DAA6D;gBAC7D,aAAa;gBACb,MAAM,EAAE,IAAK,CAAC,MAAM,GACU,CAAC;QACnC,CAAC,CAAC,CAAC;QACL,IAAI,CAAC,oBAAoB,IAAI,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CAAC,+FAA+F,CAAC,CAAC;QAC/G,CAAC;IACH,CAAC;IACD,IAAI,CAAC,CAAA,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,sBAAsB,CAAA,EAAE,CAAC;QAC9C,MAAM,KAAK,CAAC,yDAAyD,CAAC,CAAC;IACzE,CAAC;IACD,MAAM,WAAW,GAAG,MAAA,gBAAgB,CAAC,wBAAwB,0CAAE,qCAAqC,CAAC;IAErG,oCAAoC;IACpC,IAAI,CAAC,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,QAAQ,CAAC,CAAA,EAAE,CAAC;QAC/B,KAAK,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,QAAQ,yFACV,aAAa,EAAE,6BAAY,CAAC,SAAS,IAClC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI;QACpB,qBAAqB,EAAE,MAAA,IAAI,CAAC,mBAAmB,mCAAI,oCAAmB,CAAC,IAAI;QAC3E,cAAc,EAAE,IAAI,CAAC,aAAa;KACnC,CAAC,KACF,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,0BAA0B,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAC,KACtG,CAAC,WAAW,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,GAC9C,CAAC,QAAQ,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,GACrC,CAAC,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,WAAW,KAAI,EAAE,YAAY,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC,KAClF,KAAK,GACN,CAAC;IAEF,IAAI,CAAC,WAAW,IAAI,OAAO,KAAK,wBAAO,CAAC,OAAO,EAAE,CAAC;QAChD,MAAM,KAAK,CAAC,2EAA2E,CAAC,CAAC;IAC3F,CAAC;SAAM,IAAI,WAAW,IAAI,OAAO,KAAK,wBAAO,CAAC,KAAK,EAAE,CAAC;QACpD,KAAK,CAAC,2BAA2B,WAAW,EAAE,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,MAAM,IAAA,yBAAQ,EAChC,WAAW,EACX,IAAA,iCAAgB,EAAC,QAAQ,EAAE;YACzB,IAAI,EAAE,4BAAW,CAAC,qBAAqB;YACvC,iBAAiB,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,OAAO,EAAE,uBAAuB,EAAE,cAAc,CAAC;SAClH,CAAC,EACF,EAAE,WAAW,EAAE,mCAAmC,EAAE,MAAM,EAAE,kBAAkB,EAAE,CACjF,CAAC;QACF,IAAI,WAAW,CAAC,SAAS,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;YACrE,IAAI,OAAO,KAAK,wBAAO,CAAC,OAAO,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC,cAAc,WAAW,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,iBAAiB,CAAC,WAAW,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YAC7D,QAAQ,GAAG,EAAE,WAAW,EAAE,WAAW,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,wCAAwC,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACpF,MAAM,GAAG,GAAG,IAAA,iCAAgB,EAAC,QAAQ,EAAE;QACrC,OAAO,EAAE,gBAAgB,CAAC,sBAAsB;QAChD,iBAAiB,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,OAAO,EAAE,uBAAuB,EAAE,cAAc,CAAC;QACjH,kDAAkD;QAClD,IAAI,EAAE,4BAAW,CAAC,qBAAqB;QACvC,0EAA0E;KAC3E,CAAC,CAAC;IACH,KAAK,CAAC,8BAA8B,GAAG,EAAE,CAAC,CAAC;IAC3C,OAAO,GAAG,CAAC;AACb,CAAC,CAAA,CAAC;AA9GW,QAAA,6BAA6B,iCA8GxC;AAEF,MAAM,0BAA0B,GAAG,CACjC,gBAA+C,EAC/C,oBAAoE,EACT,EAAE;IAC7D,IAAI,oBAAoB,EAAE,CAAC;QACzB,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;YAC7C,iDAAiD;YACjD,OAAO,oBAAoB,CAAC;QAC9B,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACxC,OAAO,oBAAoB;iBACxB,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC;iBAC5C,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,gBAAgB,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,mBAAM,KAAK,CAAE,CAAC,CAAC,CAAC;QACzG,CAAC;aAAM,CAAC;YACN,OAAO,eAAe,CAAC,gBAAgB,oBAAO,oBAAoB,EAAG,CAAC;QACxE,CAAC;IACH,CAAC;IACD,OAAO,oBAAoB,CAAC;AAC9B,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,CAAC,gBAA+C,EAAE,oBAA0C,EAAE,EAAE;;IACtH,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;QAC7C,iDAAiD;QACjD,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IACD,IAAI,oBAAoB,IAAI,CAAC,CAAA,MAAA,gBAAgB,CAAC,wBAAwB,0CAAE,oBAAoB,KAAI,gBAAgB,CAAC,sBAAsB,CAAC,EAAE,CAAC;QACzI,IAAI,oBAAoB,CAAC,SAAS,EAAE,CAAC;YACnC,IAAI,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAE,CAAC;gBAClD,oBAAoB,CAAC,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACN,oBAAoB,CAAC,SAAS,GAAG,CAAC,oBAAoB,CAAC,SAAmB,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;YACvG,CAAC;QACH,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,SAAS,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IACD,OAAO,oBAAoB,CAAC;AAC9B,CAAC,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { AuthorizationRequestOpts, CredentialSupported, CredentialOfferRequestWithBaseUrl, EndpointMetadataResultV1_0_11, PKCEOpts } from '@sphereon/oid4vci-common';
|
|
2
|
+
export declare const createAuthorizationRequestUrlV1_0_11: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported, }: {
|
|
3
|
+
pkce: PKCEOpts;
|
|
4
|
+
endpointMetadata: EndpointMetadataResultV1_0_11;
|
|
5
|
+
authorizationRequest: AuthorizationRequestOpts;
|
|
6
|
+
credentialOffer?: CredentialOfferRequestWithBaseUrl | undefined;
|
|
7
|
+
credentialsSupported?: CredentialSupported[] | undefined;
|
|
8
|
+
}) => Promise<string>;
|
|
9
|
+
//# sourceMappingURL=AuthorizationCodeClientV1_0_11.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AuthorizationCodeClientV1_0_11.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClientV1_0_11.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAGxB,mBAAmB,EAGnB,iCAAiC,EACjC,6BAA6B,EAI7B,QAAQ,EAGT,MAAM,0BAA0B,CAAC;AAKlC,eAAO,MAAM,oCAAoC;UAOzC,QAAQ;sBACI,6BAA6B;0BACzB,wBAAwB;;;MAG5C,QAAQ,MAAM,CA8FjB,CAAC"}
|