@sphereon/oid4vci-client 0.10.4-unstable.8 → 0.10.4-unstable.98
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/AccessTokenClient.d.ts +5 -5
- package/dist/AccessTokenClient.d.ts.map +1 -1
- package/dist/AccessTokenClient.js +51 -36
- package/dist/AccessTokenClient.js.map +1 -1
- package/dist/AccessTokenClientV1_0_11.d.ts +29 -0
- package/dist/AccessTokenClientV1_0_11.d.ts.map +1 -0
- package/dist/AccessTokenClientV1_0_11.js +211 -0
- package/dist/AccessTokenClientV1_0_11.js.map +1 -0
- package/dist/AuthorizationCodeClient.d.ts +6 -4
- package/dist/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/AuthorizationCodeClient.js +61 -16
- package/dist/AuthorizationCodeClient.js.map +1 -1
- package/dist/AuthorizationCodeClientV1_0_11.d.ts +9 -0
- package/dist/AuthorizationCodeClientV1_0_11.d.ts.map +1 -0
- package/dist/AuthorizationCodeClientV1_0_11.js +132 -0
- package/dist/AuthorizationCodeClientV1_0_11.js.map +1 -0
- package/dist/CredentialOfferClient.d.ts.map +1 -1
- package/dist/CredentialOfferClient.js +18 -28
- package/dist/CredentialOfferClient.js.map +1 -1
- package/dist/CredentialOfferClientV1_0_11.d.ts +10 -0
- package/dist/CredentialOfferClientV1_0_11.d.ts.map +1 -0
- package/dist/CredentialOfferClientV1_0_11.js +102 -0
- package/dist/CredentialOfferClientV1_0_11.js.map +1 -0
- package/dist/CredentialRequestClient.d.ts +20 -7
- package/dist/CredentialRequestClient.d.ts.map +1 -1
- package/dist/CredentialRequestClient.js +46 -30
- package/dist/CredentialRequestClient.js.map +1 -1
- package/dist/CredentialRequestClientBuilder.d.ts +11 -6
- package/dist/CredentialRequestClientBuilder.d.ts.map +1 -1
- package/dist/CredentialRequestClientBuilder.js +22 -9
- package/dist/CredentialRequestClientBuilder.js.map +1 -1
- package/dist/CredentialRequestClientBuilderV1_0_11.d.ts +46 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.d.ts.map +1 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.js +117 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.js.map +1 -0
- package/dist/CredentialRequestClientV1_0_11.d.ts +44 -0
- package/dist/CredentialRequestClientV1_0_11.d.ts.map +1 -0
- package/dist/CredentialRequestClientV1_0_11.js +150 -0
- package/dist/CredentialRequestClientV1_0_11.js.map +1 -0
- package/dist/MetadataClient.d.ts +5 -15
- package/dist/MetadataClient.d.ts.map +1 -1
- package/dist/MetadataClient.js +13 -33
- package/dist/MetadataClient.js.map +1 -1
- package/dist/MetadataClientV1_0_11.d.ts +31 -0
- package/dist/MetadataClientV1_0_11.d.ts.map +1 -0
- package/dist/MetadataClientV1_0_11.js +182 -0
- package/dist/MetadataClientV1_0_11.js.map +1 -0
- package/dist/OpenID4VCIClient.d.ts +17 -11
- package/dist/OpenID4VCIClient.d.ts.map +1 -1
- package/dist/OpenID4VCIClient.js +86 -59
- package/dist/OpenID4VCIClient.js.map +1 -1
- package/dist/OpenID4VCIClientV1_0_11.d.ts +107 -0
- package/dist/OpenID4VCIClientV1_0_11.d.ts.map +1 -0
- package/dist/OpenID4VCIClientV1_0_11.js +462 -0
- package/dist/OpenID4VCIClientV1_0_11.js.map +1 -0
- package/dist/ProofOfPossessionBuilder.d.ts.map +1 -1
- package/dist/ProofOfPossessionBuilder.js +1 -2
- package/dist/ProofOfPossessionBuilder.js.map +1 -1
- package/dist/functions/OpenIDUtils.d.ts +12 -0
- package/dist/functions/OpenIDUtils.d.ts.map +1 -0
- package/dist/functions/OpenIDUtils.js +37 -0
- package/dist/functions/OpenIDUtils.js.map +1 -0
- package/dist/functions/index.d.ts +2 -3
- package/dist/functions/index.d.ts.map +1 -1
- package/dist/functions/index.js +2 -3
- package/dist/functions/index.js.map +1 -1
- package/dist/functions/notifications.d.ts +4 -0
- package/dist/functions/notifications.d.ts.map +1 -0
- package/dist/functions/notifications.js +39 -0
- package/dist/functions/notifications.js.map +1 -0
- package/dist/index.d.ts +8 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -1
- package/dist/index.js.map +1 -1
- package/dist/types/index.d.ts +2 -0
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +5 -0
- package/dist/types/index.js.map +1 -1
- package/lib/AccessTokenClient.ts +64 -33
- package/lib/AccessTokenClientV1_0_11.ts +256 -0
- package/lib/AuthorizationCodeClient.ts +88 -24
- package/lib/AuthorizationCodeClientV1_0_11.ts +168 -0
- package/lib/CredentialOfferClient.ts +18 -28
- package/lib/CredentialOfferClientV1_0_11.ts +112 -0
- package/lib/CredentialRequestClient.ts +65 -26
- package/lib/CredentialRequestClientBuilder.ts +34 -16
- package/lib/CredentialRequestClientBuilderV1_0_11.ts +156 -0
- package/lib/CredentialRequestClientV1_0_11.ts +192 -0
- package/lib/MetadataClient.ts +26 -46
- package/lib/MetadataClientV1_0_11.ts +189 -0
- package/lib/OpenID4VCIClient.ts +91 -43
- package/lib/OpenID4VCIClientV1_0_11.ts +645 -0
- package/lib/ProofOfPossessionBuilder.ts +1 -2
- package/lib/__tests__/AccessTokenClient.spec.ts +40 -12
- package/lib/__tests__/AuthorizationDetailsBuilder.spec.ts +0 -12
- package/lib/__tests__/CredentialRequestClient.spec.ts +87 -50
- package/lib/__tests__/CredentialRequestClientBuilder.spec.ts +18 -12
- package/lib/__tests__/CredentialRequestClientV1_0_11.spec.ts +317 -0
- package/lib/__tests__/EBSIE2E.spec.test.ts +2 -2
- package/lib/__tests__/HttpUtils.spec.ts +1 -1
- package/lib/__tests__/IT.spec.ts +243 -30
- package/lib/__tests__/IssuanceInitiation.spec.ts +39 -6
- package/lib/__tests__/IssuanceInitiationV1_0_11.spec.ts +62 -0
- package/lib/__tests__/MattrE2E.spec.test.ts +2 -2
- package/lib/__tests__/MetadataClient.spec.ts +57 -6
- package/lib/__tests__/MetadataMocks.ts +41 -2
- package/lib/__tests__/OpenID4VCIClient.spec.ts +24 -1
- package/lib/__tests__/{OpenID4VCIClientPAR.spec.ts → OpenID4VCIClientPARV1_0_11.spec.ts} +5 -5
- package/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts +202 -0
- package/lib/__tests__/ProofOfPossessionBuilder.spec.ts +1 -1
- package/lib/__tests__/SdJwt.spec.ts +34 -28
- package/lib/__tests__/SphereonE2E.spec.test.ts +6 -4
- package/lib/__tests__/data/VciDataFixtures.ts +712 -27
- package/lib/functions/OpenIDUtils.ts +25 -0
- package/lib/functions/index.ts +2 -3
- package/lib/functions/notifications.ts +32 -0
- package/lib/index.ts +8 -1
- package/lib/types/index.ts +6 -0
- package/package.json +4 -4
- package/dist/functions/ProofUtil.d.ts +0 -30
- package/dist/functions/ProofUtil.d.ts.map +0 -1
- package/dist/functions/ProofUtil.js +0 -106
- package/dist/functions/ProofUtil.js.map +0 -1
- package/lib/functions/ProofUtil.ts +0 -128
package/README.md
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
|
|
1
|
+
import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse, TxCodeAndPinRequired } from '@sphereon/oid4vci-common';
|
|
2
2
|
export declare class AccessTokenClient {
|
|
3
3
|
acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
|
|
4
|
-
acquireAccessTokenUsingRequest({ accessTokenRequest,
|
|
4
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, }: {
|
|
5
5
|
accessTokenRequest: AccessTokenRequest;
|
|
6
|
-
|
|
6
|
+
pinMetadata?: TxCodeAndPinRequired;
|
|
7
7
|
metadata?: EndpointMetadata;
|
|
8
8
|
asOpts?: AuthorizationServerOpts;
|
|
9
9
|
issuerOpts?: IssuerOpts;
|
|
@@ -11,8 +11,8 @@ export declare class AccessTokenClient {
|
|
|
11
11
|
createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
|
|
12
12
|
private assertPreAuthorizedGrantType;
|
|
13
13
|
private assertAuthorizationGrantType;
|
|
14
|
-
private
|
|
15
|
-
private
|
|
14
|
+
private getPinMetadata;
|
|
15
|
+
private assertAlphanumericPin;
|
|
16
16
|
private assertNonEmptyPreAuthorizedCode;
|
|
17
17
|
private assertNonEmptyCodeVerifier;
|
|
18
18
|
private assertNonEmptyCode;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,
|
|
1
|
+
{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAMvB,gBAAgB,EAIhB,UAAU,EAGV,cAAc,EAId,oBAAoB,EAErB,MAAM,0BAA0B,CAAC;AAMlC,qBAAa,iBAAiB;IACf,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgC9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,WAAW,CAAC,EAAE,oBAAoB,CAAC;QACnC,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,cAAc;IAgBtB,OAAO,CAAC,qBAAqB;IA+B7B,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}
|
|
@@ -8,24 +8,19 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
8
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
-
};
|
|
14
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
12
|
exports.AccessTokenClient = void 0;
|
|
16
13
|
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
17
14
|
const ssi_types_1 = require("@sphereon/ssi-types");
|
|
18
|
-
const debug_1 = __importDefault(require("debug"));
|
|
19
15
|
const MetadataClient_1 = require("./MetadataClient");
|
|
20
|
-
const
|
|
21
|
-
const debug = (0, debug_1.default)('sphereon:oid4vci:token');
|
|
16
|
+
const types_1 = require("./types");
|
|
22
17
|
class AccessTokenClient {
|
|
23
18
|
acquireAccessToken(opts) {
|
|
24
19
|
var _a;
|
|
25
20
|
return __awaiter(this, void 0, void 0, function* () {
|
|
26
21
|
const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
|
|
27
22
|
const credentialOffer = opts.credentialOffer ? yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer) : undefined;
|
|
28
|
-
const
|
|
23
|
+
const pinMetadata = credentialOffer && this.getPinMetadata(credentialOffer.credential_offer);
|
|
29
24
|
const issuer = (_a = opts.credentialIssuer) !== null && _a !== void 0 ? _a : (credentialOffer ? (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : metadata === null || metadata === void 0 ? void 0 : metadata.issuer);
|
|
30
25
|
if (!issuer) {
|
|
31
26
|
throw Error('Issuer required at this point');
|
|
@@ -41,17 +36,18 @@ class AccessTokenClient {
|
|
|
41
36
|
code,
|
|
42
37
|
redirectUri,
|
|
43
38
|
pin,
|
|
39
|
+
pinMetadata,
|
|
44
40
|
}),
|
|
45
|
-
|
|
41
|
+
pinMetadata,
|
|
46
42
|
metadata,
|
|
47
43
|
asOpts,
|
|
48
44
|
issuerOpts,
|
|
49
45
|
});
|
|
50
46
|
});
|
|
51
47
|
}
|
|
52
|
-
acquireAccessTokenUsingRequest({ accessTokenRequest,
|
|
48
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, }) {
|
|
53
49
|
return __awaiter(this, void 0, void 0, function* () {
|
|
54
|
-
this.validate(accessTokenRequest,
|
|
50
|
+
this.validate(accessTokenRequest, pinMetadata);
|
|
55
51
|
const requestTokenURL = AccessTokenClient.determineTokenURL({
|
|
56
52
|
asOpts,
|
|
57
53
|
issuerOpts,
|
|
@@ -68,13 +64,16 @@ class AccessTokenClient {
|
|
|
68
64
|
var _a, _b;
|
|
69
65
|
return __awaiter(this, void 0, void 0, function* () {
|
|
70
66
|
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
71
|
-
const credentialOfferRequest = opts.credentialOffer
|
|
67
|
+
const credentialOfferRequest = opts.credentialOffer &&
|
|
68
|
+
(0, oid4vci_common_1.determineSpecVersionFromOffer)(opts.credentialOffer).valueOf() <= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_13.valueOf()
|
|
69
|
+
? yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer)
|
|
70
|
+
: undefined;
|
|
72
71
|
const request = {};
|
|
73
72
|
if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
|
|
74
73
|
request.client_id = asOpts.clientId;
|
|
75
74
|
}
|
|
76
75
|
if (credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
|
|
77
|
-
this.
|
|
76
|
+
this.assertAlphanumericPin(opts.pinMetadata, pin);
|
|
78
77
|
request.user_pin = pin;
|
|
79
78
|
request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
|
|
80
79
|
// we actually know it is there because of the isPreAuthCode call
|
|
@@ -91,7 +90,7 @@ class AccessTokenClient {
|
|
|
91
90
|
}
|
|
92
91
|
return request;
|
|
93
92
|
}
|
|
94
|
-
throw new Error('Credential offer request
|
|
93
|
+
throw new Error('Credential offer request follows neither pre-authorized code nor authorization code flow requirements.');
|
|
95
94
|
});
|
|
96
95
|
}
|
|
97
96
|
assertPreAuthorizedGrantType(grantType) {
|
|
@@ -104,54 +103,70 @@ class AccessTokenClient {
|
|
|
104
103
|
throw new Error("grant type must be 'authorization_code'");
|
|
105
104
|
}
|
|
106
105
|
}
|
|
107
|
-
|
|
108
|
-
var _a, _b
|
|
109
|
-
let isPinRequired = false;
|
|
106
|
+
getPinMetadata(requestPayload) {
|
|
107
|
+
var _a, _b;
|
|
110
108
|
if (!requestPayload) {
|
|
111
109
|
throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
|
|
112
110
|
}
|
|
113
111
|
const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
}
|
|
117
|
-
|
|
118
|
-
|
|
112
|
+
const grantDetails = (_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code'];
|
|
113
|
+
const isPinRequired = (_b = !!(grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails.tx_code)) !== null && _b !== void 0 ? _b : false;
|
|
114
|
+
types_1.LOG.warning(`Pin required for issuer ${issuer}: ${isPinRequired}`);
|
|
115
|
+
return {
|
|
116
|
+
txCode: grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails.tx_code,
|
|
117
|
+
isPinRequired,
|
|
118
|
+
};
|
|
119
119
|
}
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
120
|
+
assertAlphanumericPin(pinMeta, pin) {
|
|
121
|
+
var _a, _b;
|
|
122
|
+
if (pinMeta && pinMeta.isPinRequired) {
|
|
123
|
+
let regex;
|
|
124
|
+
if (pinMeta.txCode) {
|
|
125
|
+
const { input_mode, length } = pinMeta.txCode;
|
|
126
|
+
if (input_mode === 'numeric') {
|
|
127
|
+
// Create a regex for numeric input. If no length specified, allow any length of numeric input.
|
|
128
|
+
regex = length ? new RegExp(`^\\d{1,${length}}$`) : /^\d+$/;
|
|
129
|
+
}
|
|
130
|
+
else if (input_mode === 'text') {
|
|
131
|
+
// Create a regex for text input. If no length specified, allow any length of alphanumeric input.
|
|
132
|
+
regex = length ? new RegExp(`^[a-zA-Z0-9]{1,${length}}$`) : /^[a-zA-Z0-9]+$/;
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
// Default regex for alphanumeric with no specific length limit if no input_mode is specified.
|
|
136
|
+
regex = regex || /^[a-zA-Z0-9]+$|^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/;
|
|
137
|
+
if (!pin || !regex.test(pin)) {
|
|
138
|
+
types_1.LOG.warning(`Pin is not valid. Expected format: ${((_a = pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.txCode) === null || _a === void 0 ? void 0 : _a.input_mode) || 'alphanumeric'}, Length: up to ${((_b = pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.txCode) === null || _b === void 0 ? void 0 : _b.length) || 'any number of'} characters`);
|
|
139
|
+
throw new Error('A valid pin must be present according to the specified transaction code requirements.');
|
|
125
140
|
}
|
|
126
141
|
}
|
|
127
142
|
else if (pin) {
|
|
128
|
-
|
|
129
|
-
throw new Error('Cannot set a pin
|
|
143
|
+
types_1.LOG.warning('Pin set, whilst not required');
|
|
144
|
+
throw new Error('Cannot set a pin when the pin is not required.');
|
|
130
145
|
}
|
|
131
146
|
}
|
|
132
147
|
assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
|
|
133
148
|
if (!accessTokenRequest[oid4vci_common_1.PRE_AUTH_CODE_LITERAL]) {
|
|
134
|
-
|
|
149
|
+
types_1.LOG.warning(`No pre-authorized code present, whilst it is required`, accessTokenRequest);
|
|
135
150
|
throw new Error('Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.');
|
|
136
151
|
}
|
|
137
152
|
}
|
|
138
153
|
assertNonEmptyCodeVerifier(accessTokenRequest) {
|
|
139
154
|
if (!accessTokenRequest.code_verifier) {
|
|
140
|
-
|
|
155
|
+
types_1.LOG.warning('No code_verifier present, whilst it is required', accessTokenRequest);
|
|
141
156
|
throw new Error('Authorization flow requires the code_verifier to be present');
|
|
142
157
|
}
|
|
143
158
|
}
|
|
144
159
|
assertNonEmptyCode(accessTokenRequest) {
|
|
145
160
|
if (!accessTokenRequest.code) {
|
|
146
|
-
|
|
161
|
+
types_1.LOG.warning('No code present, whilst it is required');
|
|
147
162
|
throw new Error('Authorization flow requires the code to be present');
|
|
148
163
|
}
|
|
149
164
|
}
|
|
150
|
-
validate(accessTokenRequest,
|
|
165
|
+
validate(accessTokenRequest, pinMeta) {
|
|
151
166
|
if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
|
|
152
167
|
this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
|
|
153
168
|
this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
|
|
154
|
-
this.
|
|
169
|
+
this.assertAlphanumericPin(pinMeta, accessTokenRequest.user_pin);
|
|
155
170
|
}
|
|
156
171
|
else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
|
|
157
172
|
this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
|
|
@@ -164,7 +179,7 @@ class AccessTokenClient {
|
|
|
164
179
|
}
|
|
165
180
|
sendAuthCode(requestTokenURL, accessTokenRequest) {
|
|
166
181
|
return __awaiter(this, void 0, void 0, function* () {
|
|
167
|
-
return yield (0,
|
|
182
|
+
return yield (0, oid4vci_common_1.formPost)(requestTokenURL, (0, oid4vci_common_1.convertJsonToURI)(accessTokenRequest, { mode: oid4vci_common_1.JsonURIMode.X_FORM_WWW_URLENCODED }));
|
|
168
183
|
});
|
|
169
184
|
}
|
|
170
185
|
static determineTokenURL({ asOpts, issuerOpts, metadata, }) {
|
|
@@ -187,7 +202,7 @@ class AccessTokenClient {
|
|
|
187
202
|
if (!url || !ssi_types_1.ObjectUtils.isString(url)) {
|
|
188
203
|
throw new Error('No authorization server token URL present. Cannot acquire access token');
|
|
189
204
|
}
|
|
190
|
-
debug(`Token endpoint determined to be ${url}`);
|
|
205
|
+
types_1.LOG.debug(`Token endpoint determined to be ${url}`);
|
|
191
206
|
return url;
|
|
192
207
|
}
|
|
193
208
|
static creatTokenURLFromURL(url, allowInsecureEndpoints, tokenEndpoint) {
|
|
@@ -200,7 +215,7 @@ class AccessTokenClient {
|
|
|
200
215
|
return `${scheme ? scheme + '://' : 'https://'}${hostname}${endpoint}`;
|
|
201
216
|
}
|
|
202
217
|
throwNotSupportedFlow() {
|
|
203
|
-
|
|
218
|
+
types_1.LOG.warning(`Only pre-authorized or authorization code flows supported.`);
|
|
204
219
|
throw new Error('Only pre-authorized-code or authorization code flows are supported');
|
|
205
220
|
}
|
|
206
221
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAwBkC;AAClC,mDAAkD;AAElD,qDAAkD;AAClD,mCAA8B;AAE9B,MAAa,iBAAiB;IACf,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,WAAW,GAAqC,eAAe,IAAI,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YAC/H,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;oBACH,WAAW;iBACZ,CAAC;gBACF,WAAW;gBACX,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;YAE/C,MAAM,eAAe,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;gBAC1D,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAC1B,IAAI,CAAC,eAAe;gBACpB,IAAA,8CAA6B,EAAC,IAAI,CAAC,eAAgD,CAAC,CAAC,OAAO,EAAE,IAAI,kCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE;gBACtI,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAyC,CAAC;gBACvF,CAAC,CAAC,SAAS,CAAC;YAChB,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;gBAClD,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,wGAAwG,CAAC,CAAC;;KAC3H;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,cAA6C;;QAClE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QAEnE,MAAM,YAAY,GAAG,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,CAAC;QACrG,MAAM,aAAa,GAAG,MAAA,CAAC,CAAC,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,CAAA,mCAAI,KAAK,CAAC;QAEvD,WAAG,CAAC,OAAO,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QACnE,OAAO;YACL,MAAM,EAAE,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO;YAC7B,aAAa;SACd,CAAC;IACJ,CAAC;IAEO,qBAAqB,CAAC,OAA8B,EAAE,GAAY;;QACxE,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACrC,IAAI,KAAK,CAAC;YAEV,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;gBAE9C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;oBAC7B,+FAA+F;oBAC/F,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,UAAU,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;gBAC9D,CAAC;qBAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBACjC,iGAAiG;oBACjG,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,kBAAkB,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;gBAC/E,CAAC;YACH,CAAC;YAED,8FAA8F;YAC9F,KAAK,GAAG,KAAK,IAAI,iEAAiE,CAAC;YAEnF,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,WAAG,CAAC,OAAO,CACT,sCAAsC,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,UAAU,KAAI,cAAc,mBAAmB,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,MAAM,KAAI,eAAe,aAAa,CAC9J,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;YAC3G,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,WAAG,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,WAAG,CAAC,OAAO,CAAC,uDAAuD,EAAE,kBAAkB,CAAC,CAAC;YACzF,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,WAAG,CAAC,OAAO,CAAC,iDAAiD,EAAE,kBAAkB,CAAC,CAAC;YACnF,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,WAAG,CAAC,OAAO,CAAC,wCAAwC,CAAC,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,OAA8B;QACrF,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACnE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,yBAAQ,EAAC,eAAe,EAAE,IAAA,iCAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,WAAG,CAAC,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QACpD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,WAAG,CAAC,OAAO,CAAC,4DAA4D,CAAC,CAAC;QAC1E,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AArPD,8CAqPC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
|
|
2
|
+
export declare class AccessTokenClientV1_0_11 {
|
|
3
|
+
acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
|
|
4
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }: {
|
|
5
|
+
accessTokenRequest: AccessTokenRequest;
|
|
6
|
+
isPinRequired?: boolean;
|
|
7
|
+
metadata?: EndpointMetadata;
|
|
8
|
+
asOpts?: AuthorizationServerOpts;
|
|
9
|
+
issuerOpts?: IssuerOpts;
|
|
10
|
+
}): Promise<OpenIDResponse<AccessTokenResponse>>;
|
|
11
|
+
createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
|
|
12
|
+
private assertPreAuthorizedGrantType;
|
|
13
|
+
private assertAuthorizationGrantType;
|
|
14
|
+
private isPinRequiredValue;
|
|
15
|
+
private assertNumericPin;
|
|
16
|
+
private assertNonEmptyPreAuthorizedCode;
|
|
17
|
+
private assertNonEmptyCodeVerifier;
|
|
18
|
+
private assertNonEmptyCode;
|
|
19
|
+
private validate;
|
|
20
|
+
private sendAuthCode;
|
|
21
|
+
static determineTokenURL({ asOpts, issuerOpts, metadata, }: {
|
|
22
|
+
asOpts?: AuthorizationServerOpts;
|
|
23
|
+
issuerOpts?: IssuerOpts;
|
|
24
|
+
metadata?: EndpointMetadata;
|
|
25
|
+
}): string;
|
|
26
|
+
private static creatTokenURLFromURL;
|
|
27
|
+
private throwNotSupportedFlow;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=AccessTokenClientV1_0_11.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessTokenClientV1_0_11.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClientV1_0_11.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAOvB,gBAAgB,EAIhB,UAAU,EAGV,cAAc,EAMf,MAAM,0BAA0B,CAAC;AAQlC,qBAAa,wBAAwB;IACtB,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IA+B9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}
|
|
@@ -0,0 +1,211 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.AccessTokenClientV1_0_11 = void 0;
|
|
16
|
+
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
17
|
+
const ssi_types_1 = require("@sphereon/ssi-types");
|
|
18
|
+
const debug_1 = __importDefault(require("debug"));
|
|
19
|
+
const MetadataClient_1 = require("./MetadataClient");
|
|
20
|
+
const debug = (0, debug_1.default)('sphereon:oid4vci:token');
|
|
21
|
+
class AccessTokenClientV1_0_11 {
|
|
22
|
+
acquireAccessToken(opts) {
|
|
23
|
+
var _a;
|
|
24
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
25
|
+
const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
|
|
26
|
+
const credentialOffer = opts.credentialOffer ? yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer) : undefined;
|
|
27
|
+
const isPinRequired = credentialOffer && this.isPinRequiredValue(credentialOffer.credential_offer);
|
|
28
|
+
const issuer = (_a = opts.credentialIssuer) !== null && _a !== void 0 ? _a : (credentialOffer ? (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : metadata === null || metadata === void 0 ? void 0 : metadata.issuer);
|
|
29
|
+
if (!issuer) {
|
|
30
|
+
throw Error('Issuer required at this point');
|
|
31
|
+
}
|
|
32
|
+
const issuerOpts = {
|
|
33
|
+
issuer,
|
|
34
|
+
};
|
|
35
|
+
return yield this.acquireAccessTokenUsingRequest({
|
|
36
|
+
accessTokenRequest: yield this.createAccessTokenRequest({
|
|
37
|
+
credentialOffer,
|
|
38
|
+
asOpts,
|
|
39
|
+
codeVerifier,
|
|
40
|
+
code,
|
|
41
|
+
redirectUri,
|
|
42
|
+
pin,
|
|
43
|
+
}),
|
|
44
|
+
isPinRequired,
|
|
45
|
+
metadata,
|
|
46
|
+
asOpts,
|
|
47
|
+
issuerOpts,
|
|
48
|
+
});
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }) {
|
|
52
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
53
|
+
this.validate(accessTokenRequest, isPinRequired);
|
|
54
|
+
const requestTokenURL = AccessTokenClientV1_0_11.determineTokenURL({
|
|
55
|
+
asOpts,
|
|
56
|
+
issuerOpts,
|
|
57
|
+
metadata: metadata
|
|
58
|
+
? metadata
|
|
59
|
+
: (issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.fetchMetadata)
|
|
60
|
+
? yield MetadataClient_1.MetadataClient.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
|
|
61
|
+
: undefined,
|
|
62
|
+
});
|
|
63
|
+
return this.sendAuthCode(requestTokenURL, accessTokenRequest);
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
createAccessTokenRequest(opts) {
|
|
67
|
+
var _a, _b;
|
|
68
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
69
|
+
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
70
|
+
const credentialOfferRequest = opts.credentialOffer
|
|
71
|
+
? (0, oid4vci_common_1.determineSpecVersionFromOffer)(opts.credentialOffer).valueOf() <= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11.valueOf()
|
|
72
|
+
? yield (0, oid4vci_common_1.toUniformCredentialOfferRequestV1_0_11)(opts.credentialOffer)
|
|
73
|
+
: yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer)
|
|
74
|
+
: undefined;
|
|
75
|
+
const request = {};
|
|
76
|
+
if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
|
|
77
|
+
request.client_id = asOpts.clientId;
|
|
78
|
+
}
|
|
79
|
+
if (credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
|
|
80
|
+
this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
|
|
81
|
+
request.user_pin = pin;
|
|
82
|
+
request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
|
|
83
|
+
// we actually know it is there because of the isPreAuthCode call
|
|
84
|
+
request[oid4vci_common_1.PRE_AUTH_CODE_LITERAL] =
|
|
85
|
+
(_b = (_a = credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.credential_offer.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b[oid4vci_common_1.PRE_AUTH_CODE_LITERAL];
|
|
86
|
+
return request;
|
|
87
|
+
}
|
|
88
|
+
if (!credentialOfferRequest || credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
|
|
89
|
+
request.grant_type = oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE;
|
|
90
|
+
request.code = code;
|
|
91
|
+
request.redirect_uri = redirectUri;
|
|
92
|
+
if (codeVerifier) {
|
|
93
|
+
request.code_verifier = codeVerifier;
|
|
94
|
+
}
|
|
95
|
+
return request;
|
|
96
|
+
}
|
|
97
|
+
throw new Error('Credential offer request does not follow neither pre-authorized code nor authorization code flow requirements.');
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
assertPreAuthorizedGrantType(grantType) {
|
|
101
|
+
if (oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE !== grantType) {
|
|
102
|
+
throw new Error("grant type must be 'urn:ietf:params:oauth:grant-type:pre-authorized_code'");
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
assertAuthorizationGrantType(grantType) {
|
|
106
|
+
if (oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE !== grantType) {
|
|
107
|
+
throw new Error("grant type must be 'authorization_code'");
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
isPinRequiredValue(requestPayload) {
|
|
111
|
+
var _a, _b, _c;
|
|
112
|
+
let isPinRequired = false;
|
|
113
|
+
if (!requestPayload) {
|
|
114
|
+
throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
|
|
115
|
+
}
|
|
116
|
+
const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
|
|
117
|
+
if ((_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) {
|
|
118
|
+
isPinRequired = (_c = (_b = requestPayload.grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b.user_pin_required) !== null && _c !== void 0 ? _c : false;
|
|
119
|
+
}
|
|
120
|
+
debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
|
|
121
|
+
return isPinRequired;
|
|
122
|
+
}
|
|
123
|
+
assertNumericPin(isPinRequired, pin) {
|
|
124
|
+
if (isPinRequired) {
|
|
125
|
+
if (!pin || !/^\d{1,8}$/.test(pin)) {
|
|
126
|
+
debug(`Pin is not 1 to 8 digits long`);
|
|
127
|
+
throw new Error('A valid pin consisting of maximal 8 numeric characters must be present.');
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
else if (pin) {
|
|
131
|
+
debug(`Pin set, whilst not required`);
|
|
132
|
+
throw new Error('Cannot set a pin, when the pin is not required.');
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
|
|
136
|
+
if (!accessTokenRequest[oid4vci_common_1.PRE_AUTH_CODE_LITERAL]) {
|
|
137
|
+
debug(`No pre-authorized code present, whilst it is required`);
|
|
138
|
+
throw new Error('Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.');
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
assertNonEmptyCodeVerifier(accessTokenRequest) {
|
|
142
|
+
if (!accessTokenRequest.code_verifier) {
|
|
143
|
+
debug('No code_verifier present, whilst it is required');
|
|
144
|
+
throw new Error('Authorization flow requires the code_verifier to be present');
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
assertNonEmptyCode(accessTokenRequest) {
|
|
148
|
+
if (!accessTokenRequest.code) {
|
|
149
|
+
debug('No code present, whilst it is required');
|
|
150
|
+
throw new Error('Authorization flow requires the code to be present');
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
validate(accessTokenRequest, isPinRequired) {
|
|
154
|
+
if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
|
|
155
|
+
this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
|
|
156
|
+
this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
|
|
157
|
+
this.assertNumericPin(isPinRequired, accessTokenRequest.user_pin);
|
|
158
|
+
}
|
|
159
|
+
else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
|
|
160
|
+
this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
|
|
161
|
+
this.assertNonEmptyCodeVerifier(accessTokenRequest);
|
|
162
|
+
this.assertNonEmptyCode(accessTokenRequest);
|
|
163
|
+
}
|
|
164
|
+
else {
|
|
165
|
+
this.throwNotSupportedFlow();
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
sendAuthCode(requestTokenURL, accessTokenRequest) {
|
|
169
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
170
|
+
return yield (0, oid4vci_common_1.formPost)(requestTokenURL, (0, oid4vci_common_1.convertJsonToURI)(accessTokenRequest, { mode: oid4vci_common_1.JsonURIMode.X_FORM_WWW_URLENCODED }));
|
|
171
|
+
});
|
|
172
|
+
}
|
|
173
|
+
static determineTokenURL({ asOpts, issuerOpts, metadata, }) {
|
|
174
|
+
if (!asOpts && !(metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) && !issuerOpts) {
|
|
175
|
+
throw new Error('Cannot determine token URL if no issuer, metadata and no Authorization Server values are present');
|
|
176
|
+
}
|
|
177
|
+
let url;
|
|
178
|
+
if (asOpts && asOpts.as) {
|
|
179
|
+
url = this.creatTokenURLFromURL(asOpts.as, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, asOpts.tokenEndpoint);
|
|
180
|
+
}
|
|
181
|
+
else if (metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) {
|
|
182
|
+
url = metadata.token_endpoint;
|
|
183
|
+
}
|
|
184
|
+
else {
|
|
185
|
+
if (!(issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.issuer)) {
|
|
186
|
+
throw Error('Either authorization server options, a token endpoint or issuer options are required at this point');
|
|
187
|
+
}
|
|
188
|
+
url = this.creatTokenURLFromURL(issuerOpts.issuer, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, issuerOpts.tokenEndpoint);
|
|
189
|
+
}
|
|
190
|
+
if (!url || !ssi_types_1.ObjectUtils.isString(url)) {
|
|
191
|
+
throw new Error('No authorization server token URL present. Cannot acquire access token');
|
|
192
|
+
}
|
|
193
|
+
debug(`Token endpoint determined to be ${url}`);
|
|
194
|
+
return url;
|
|
195
|
+
}
|
|
196
|
+
static creatTokenURLFromURL(url, allowInsecureEndpoints, tokenEndpoint) {
|
|
197
|
+
if (allowInsecureEndpoints !== true && url.startsWith('http:')) {
|
|
198
|
+
throw Error(`Unprotected token endpoints are not allowed ${url}. Use the 'allowInsecureEndpoints' param if you really need this for dev/testing!`);
|
|
199
|
+
}
|
|
200
|
+
const hostname = url.replace(/https?:\/\//, '').replace(/\/$/, '');
|
|
201
|
+
const endpoint = tokenEndpoint ? (tokenEndpoint.startsWith('/') ? tokenEndpoint : tokenEndpoint.substring(1)) : '/token';
|
|
202
|
+
const scheme = url.split('://')[0];
|
|
203
|
+
return `${scheme ? scheme + '://' : 'https://'}${hostname}${endpoint}`;
|
|
204
|
+
}
|
|
205
|
+
throwNotSupportedFlow() {
|
|
206
|
+
debug(`Only pre-authorized or authorization code flows supported.`);
|
|
207
|
+
throw new Error('Only pre-authorized-code or authorization code flows are supported');
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
exports.AccessTokenClientV1_0_11 = AccessTokenClientV1_0_11;
|
|
211
|
+
//# sourceMappingURL=AccessTokenClientV1_0_11.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessTokenClientV1_0_11.js","sourceRoot":"","sources":["../lib/AccessTokenClientV1_0_11.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAyBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAElD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,wBAAwB;IACtB,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,aAAa,GAAG,eAAe,IAAI,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YACnG,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;iBACJ,CAAC;gBACF,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YAEjD,MAAM,eAAe,GAAG,wBAAwB,CAAC,iBAAiB,CAAC;gBACjE,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe;gBACjD,CAAC,CAAC,IAAA,8CAA6B,EAAC,IAAI,CAAC,eAAgD,CAAC,CAAC,OAAO,EAAE,IAAI,kCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE;oBACxI,CAAC,CAAC,MAAM,IAAA,uDAAsC,EAAC,IAAI,CAAC,eAAyC,CAAC;oBAC9F,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAyC,CAAC;gBACzF,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC7F,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;;KACnI;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,cAA6C;;QACtE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QACnE,IAAI,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,EAAE,CAAC;YACpF,aAAa,GAAG,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,sDAAsD,CAAC,0CAAE,iBAAiB,mCAAI,KAAK,CAAC;QAC5H,CAAC;QACD,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO,aAAa,CAAC;IACvB,CAAC;IAEO,gBAAgB,CAAC,aAAuB,EAAE,GAAY;QAC5D,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,aAAuB;QAC9E,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,yBAAQ,EAAC,eAAe,EAAE,IAAA,iCAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,4DAA4D,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AA9ND,4DA8NC"}
|
|
@@ -1,9 +1,11 @@
|
|
|
1
|
-
import { AuthorizationRequestOpts, CredentialOfferRequestWithBaseUrl,
|
|
2
|
-
export declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer,
|
|
1
|
+
import { AuthorizationRequestOpts, CredentialConfigurationSupportedV1_0_13, CredentialOfferRequestWithBaseUrl, EndpointMetadataResultV1_0_13, OpenId4VCIVersion, PKCEOpts } from '@sphereon/oid4vci-common';
|
|
2
|
+
export declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, clientId, version, }: {
|
|
3
3
|
pkce: PKCEOpts;
|
|
4
|
-
endpointMetadata:
|
|
4
|
+
endpointMetadata: EndpointMetadataResultV1_0_13;
|
|
5
5
|
authorizationRequest: AuthorizationRequestOpts;
|
|
6
6
|
credentialOffer?: CredentialOfferRequestWithBaseUrl | undefined;
|
|
7
|
-
|
|
7
|
+
credentialConfigurationSupported?: Record<string, CredentialConfigurationSupportedV1_0_13> | undefined;
|
|
8
|
+
clientId?: string | undefined;
|
|
9
|
+
version?: OpenId4VCIVersion | undefined;
|
|
8
10
|
}) => Promise<string>;
|
|
9
11
|
//# sourceMappingURL=AuthorizationCodeClient.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAGxB,iCAAiC,
|
|
1
|
+
{"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAGxB,uCAAuC,EAEvC,iCAAiC,EAEjC,6BAA6B,EAI7B,iBAAiB,EAEjB,QAAQ,EAGT,MAAM,0BAA0B,CAAC;AAmBlC,eAAO,MAAM,6BAA6B;UASlC,QAAQ;sBACI,6BAA6B;0BACzB,wBAAwB;;;;;MAK5C,QAAQ,MAAM,CAsIjB,CAAC"}
|