@sphereon/oid4vci-client 0.10.4-unstable.81 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -9
- package/dist/AccessTokenClient.d.ts.map +1 -1
- package/dist/AccessTokenClient.js +16 -22
- package/dist/AccessTokenClient.js.map +1 -1
- package/dist/AccessTokenClientV1_0_11.d.ts.map +1 -1
- package/dist/AccessTokenClientV1_0_11.js +4 -7
- package/dist/AccessTokenClientV1_0_11.js.map +1 -1
- package/dist/AuthorizationCodeClient.d.ts +4 -1
- package/dist/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/AuthorizationCodeClient.js +47 -8
- package/dist/AuthorizationCodeClient.js.map +1 -1
- package/dist/AuthorizationCodeClientV1_0_11.d.ts.map +1 -1
- package/dist/AuthorizationCodeClientV1_0_11.js +5 -3
- package/dist/AuthorizationCodeClientV1_0_11.js.map +1 -1
- package/dist/CredentialOfferClient.d.ts.map +1 -1
- package/dist/CredentialOfferClient.js +27 -11
- package/dist/CredentialOfferClient.js.map +1 -1
- package/dist/CredentialOfferClientV1_0_11.d.ts.map +1 -1
- package/dist/CredentialOfferClientV1_0_11.js +9 -11
- package/dist/CredentialOfferClientV1_0_11.js.map +1 -1
- package/dist/CredentialOfferClientV1_0_13.d.ts +10 -0
- package/dist/CredentialOfferClientV1_0_13.d.ts.map +1 -0
- package/dist/CredentialOfferClientV1_0_13.js +94 -0
- package/dist/CredentialOfferClientV1_0_13.js.map +1 -0
- package/dist/CredentialRequestClient.d.ts +22 -6
- package/dist/CredentialRequestClient.d.ts.map +1 -1
- package/dist/CredentialRequestClient.js +54 -26
- package/dist/CredentialRequestClient.js.map +1 -1
- package/dist/CredentialRequestClientBuilder.d.ts +10 -5
- package/dist/CredentialRequestClientBuilder.d.ts.map +1 -1
- package/dist/CredentialRequestClientBuilder.js +21 -7
- package/dist/CredentialRequestClientBuilder.js.map +1 -1
- package/dist/CredentialRequestClientBuilderV1_0_11.d.ts +3 -1
- package/dist/CredentialRequestClientBuilderV1_0_11.d.ts.map +1 -1
- package/dist/CredentialRequestClientBuilderV1_0_11.js +4 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.js.map +1 -1
- package/dist/CredentialRequestClientV1_0_11.d.ts +9 -3
- package/dist/CredentialRequestClientV1_0_11.d.ts.map +1 -1
- package/dist/CredentialRequestClientV1_0_11.js +3 -3
- package/dist/CredentialRequestClientV1_0_11.js.map +1 -1
- package/dist/MetadataClient.d.ts +5 -5
- package/dist/MetadataClient.d.ts.map +1 -1
- package/dist/MetadataClient.js +30 -13
- package/dist/MetadataClient.js.map +1 -1
- package/dist/MetadataClientV1_0_13.d.ts +31 -0
- package/dist/MetadataClientV1_0_13.d.ts.map +1 -0
- package/dist/MetadataClientV1_0_13.js +181 -0
- package/dist/MetadataClientV1_0_13.js.map +1 -0
- package/dist/OpenID4VCIClient.d.ts +25 -23
- package/dist/OpenID4VCIClient.d.ts.map +1 -1
- package/dist/OpenID4VCIClient.js +157 -63
- package/dist/OpenID4VCIClient.js.map +1 -1
- package/dist/OpenID4VCIClientV1_0_11.d.ts +3 -2
- package/dist/OpenID4VCIClientV1_0_11.d.ts.map +1 -1
- package/dist/OpenID4VCIClientV1_0_11.js +5 -18
- package/dist/OpenID4VCIClientV1_0_11.js.map +1 -1
- package/dist/OpenID4VCIClientV1_0_13.d.ts +112 -0
- package/dist/OpenID4VCIClientV1_0_13.d.ts.map +1 -0
- package/dist/OpenID4VCIClientV1_0_13.js +478 -0
- package/dist/OpenID4VCIClientV1_0_13.js.map +1 -0
- package/dist/ProofOfPossessionBuilder.d.ts +14 -3
- package/dist/ProofOfPossessionBuilder.d.ts.map +1 -1
- package/dist/ProofOfPossessionBuilder.js +20 -21
- package/dist/ProofOfPossessionBuilder.js.map +1 -1
- package/dist/functions/index.d.ts +2 -3
- package/dist/functions/index.d.ts.map +1 -1
- package/dist/functions/index.js +2 -3
- package/dist/functions/index.js.map +1 -1
- package/dist/functions/notifications.d.ts +4 -0
- package/dist/functions/notifications.d.ts.map +1 -0
- package/dist/functions/notifications.js +39 -0
- package/dist/functions/notifications.js.map +1 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -0
- package/dist/index.js.map +1 -1
- package/dist/types/index.d.ts +2 -0
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +5 -0
- package/dist/types/index.js.map +1 -1
- package/lib/AccessTokenClient.ts +17 -24
- package/lib/AccessTokenClientV1_0_11.ts +5 -10
- package/lib/AuthorizationCodeClient.ts +47 -8
- package/lib/AuthorizationCodeClientV1_0_11.ts +8 -6
- package/lib/CredentialOfferClient.ts +32 -7
- package/lib/CredentialOfferClientV1_0_11.ts +8 -8
- package/lib/CredentialOfferClientV1_0_13.ts +103 -0
- package/lib/CredentialRequestClient.ts +80 -20
- package/lib/CredentialRequestClientBuilder.ts +29 -9
- package/lib/CredentialRequestClientBuilderV1_0_11.ts +7 -0
- package/lib/CredentialRequestClientV1_0_11.ts +11 -5
- package/lib/MetadataClient.ts +49 -14
- package/lib/MetadataClientV1_0_13.ts +188 -0
- package/lib/OpenID4VCIClient.ts +194 -81
- package/lib/OpenID4VCIClientV1_0_11.ts +9 -19
- package/lib/OpenID4VCIClientV1_0_13.ts +677 -0
- package/lib/ProofOfPossessionBuilder.ts +41 -11
- package/lib/__tests__/CredentialRequestClient.spec.ts +13 -81
- package/lib/__tests__/CredentialRequestClientBuilder.spec.ts +4 -41
- package/lib/__tests__/CredentialRequestClientV1_0_11.spec.ts +2 -98
- package/lib/__tests__/HttpUtils.spec.ts +1 -1
- package/lib/__tests__/IT.spec.ts +5 -135
- package/lib/__tests__/MetadataClient.spec.ts +3 -4
- package/lib/__tests__/MetadataMocks.ts +1 -0
- package/lib/__tests__/OpenID4VCIClient.spec.ts +42 -9
- package/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts +24 -0
- package/lib/__tests__/OpenID4VCIClientV1_0_13.spec.ts +204 -0
- package/lib/__tests__/ProofOfPossessionBuilder.spec.ts +1 -84
- package/lib/__tests__/SdJwt.spec.ts +10 -109
- package/lib/__tests__/SphereonE2E.spec.test.ts +5 -3
- package/lib/functions/index.ts +2 -3
- package/lib/functions/notifications.ts +32 -0
- package/lib/index.ts +8 -0
- package/lib/types/index.ts +6 -0
- package/package.json +4 -4
- package/dist/functions/ProofUtil.d.ts +0 -31
- package/dist/functions/ProofUtil.d.ts.map +0 -1
- package/dist/functions/ProofUtil.js +0 -103
- package/dist/functions/ProofUtil.js.map +0 -1
- package/lib/functions/ProofUtil.ts +0 -137
|
@@ -11,9 +11,10 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.ProofOfPossessionBuilder = void 0;
|
|
13
13
|
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
14
|
-
const functions_1 = require("./functions");
|
|
15
14
|
class ProofOfPossessionBuilder {
|
|
16
|
-
constructor({ proof, callbacks, jwt, accessTokenResponse, version, }) {
|
|
15
|
+
constructor({ proof, callbacks, jwt, accessTokenResponse, version, mode = 'pop', }) {
|
|
16
|
+
this.mode = 'pop';
|
|
17
|
+
this.mode = mode;
|
|
17
18
|
this.proof = proof;
|
|
18
19
|
this.callbacks = callbacks;
|
|
19
20
|
this.version = version;
|
|
@@ -21,21 +22,28 @@ class ProofOfPossessionBuilder {
|
|
|
21
22
|
this.withJwt(jwt);
|
|
22
23
|
}
|
|
23
24
|
else {
|
|
24
|
-
this.withTyp(version < oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11 ? 'jwt' : 'openid4vci-proof+jwt');
|
|
25
|
+
this.withTyp(version < oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11 || mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt');
|
|
25
26
|
}
|
|
26
27
|
if (accessTokenResponse) {
|
|
27
28
|
this.withAccessTokenResponse(accessTokenResponse);
|
|
28
29
|
}
|
|
29
30
|
}
|
|
30
|
-
static
|
|
31
|
-
return new ProofOfPossessionBuilder({ callbacks, jwt, version });
|
|
31
|
+
static manual({ jwt, callbacks, version, mode = 'jwt', }) {
|
|
32
|
+
return new ProofOfPossessionBuilder({ callbacks, jwt, version, mode });
|
|
32
33
|
}
|
|
33
|
-
static
|
|
34
|
-
return new ProofOfPossessionBuilder({ callbacks,
|
|
34
|
+
static fromJwt({ jwt, callbacks, version, mode = 'pop', }) {
|
|
35
|
+
return new ProofOfPossessionBuilder({ callbacks, jwt, version, mode });
|
|
36
|
+
}
|
|
37
|
+
static fromAccessTokenResponse({ accessTokenResponse, callbacks, version, mode = 'pop', }) {
|
|
38
|
+
return new ProofOfPossessionBuilder({ callbacks, accessTokenResponse, version, mode });
|
|
35
39
|
}
|
|
36
40
|
static fromProof(proof, version) {
|
|
37
41
|
return new ProofOfPossessionBuilder({ proof, version });
|
|
38
42
|
}
|
|
43
|
+
withAud(aud) {
|
|
44
|
+
this.aud = aud;
|
|
45
|
+
return this;
|
|
46
|
+
}
|
|
39
47
|
withClientId(clientId) {
|
|
40
48
|
this.clientId = clientId;
|
|
41
49
|
return this;
|
|
@@ -61,7 +69,7 @@ class ProofOfPossessionBuilder {
|
|
|
61
69
|
return this;
|
|
62
70
|
}
|
|
63
71
|
withTyp(typ) {
|
|
64
|
-
if (this.version >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11) {
|
|
72
|
+
if (this.mode === 'pop' && this.version >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11) {
|
|
65
73
|
if (!!typ && typ !== 'openid4vci-proof+jwt') {
|
|
66
74
|
throw Error('typ must be openid4vci-proof+jwt for version 1.0.11 and up');
|
|
67
75
|
}
|
|
@@ -105,7 +113,7 @@ class ProofOfPossessionBuilder {
|
|
|
105
113
|
if (jwt.header.typ) {
|
|
106
114
|
this.withTyp(jwt.header.typ);
|
|
107
115
|
}
|
|
108
|
-
if (this.version >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11) {
|
|
116
|
+
if (!this.typ && this.version >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11) {
|
|
109
117
|
this.withTyp('openid4vci-proof+jwt');
|
|
110
118
|
}
|
|
111
119
|
this.withAlg(jwt.header.alg);
|
|
@@ -115,9 +123,9 @@ class ProofOfPossessionBuilder {
|
|
|
115
123
|
}
|
|
116
124
|
if (jwt.payload) {
|
|
117
125
|
if (jwt.payload.iss)
|
|
118
|
-
this.withClientId(jwt.payload.iss);
|
|
126
|
+
this.mode === 'pop' ? this.withClientId(jwt.payload.iss) : this.withIssuer(jwt.payload.iss);
|
|
119
127
|
if (jwt.payload.aud)
|
|
120
|
-
this.withIssuer(jwt.payload.aud);
|
|
128
|
+
this.mode === 'pop' ? this.withIssuer(jwt.payload.aud) : this.withAud(jwt.payload.aud);
|
|
121
129
|
if (jwt.payload.jti)
|
|
122
130
|
this.withJti(jwt.payload.jti);
|
|
123
131
|
if (jwt.payload.nonce)
|
|
@@ -132,16 +140,7 @@ class ProofOfPossessionBuilder {
|
|
|
132
140
|
return Promise.resolve(this.proof);
|
|
133
141
|
}
|
|
134
142
|
else if (this.callbacks) {
|
|
135
|
-
return yield (0,
|
|
136
|
-
typ: (_a = this.typ) !== null && _a !== void 0 ? _a : (this.version < oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11 ? 'jwt' : 'openid4vci-proof+jwt'),
|
|
137
|
-
kid: this.kid,
|
|
138
|
-
jwk: this.jwk,
|
|
139
|
-
jti: this.jti,
|
|
140
|
-
alg: this.alg,
|
|
141
|
-
issuer: this.issuer,
|
|
142
|
-
clientId: this.clientId,
|
|
143
|
-
nonce: this.cNonce,
|
|
144
|
-
}, this.jwt);
|
|
143
|
+
return yield (0, oid4vci_common_1.createProofOfPossession)(this.mode, this.callbacks, Object.assign({ typ: (_a = this.typ) !== null && _a !== void 0 ? _a : (this.version < oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11 || this.mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt'), kid: this.kid, jwk: this.jwk, jti: this.jti, alg: this.alg, aud: this.aud, issuer: this.issuer, clientId: this.clientId }, (this.cNonce && { nonce: this.cNonce })), this.jwt);
|
|
145
144
|
}
|
|
146
145
|
throw new Error(oid4vci_common_1.PROOF_CANT_BE_CONSTRUCTED);
|
|
147
146
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ProofOfPossessionBuilder.js","sourceRoot":"","sources":["../lib/ProofOfPossessionBuilder.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"ProofOfPossessionBuilder.js","sourceRoot":"","sources":["../lib/ProofOfPossessionBuilder.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAckC;AAElC,MAAa,wBAAwB;IAiBnC,YAAoB,EAClB,KAAK,EACL,SAAS,EACT,GAAG,EACH,mBAAmB,EACnB,OAAO,EACP,IAAI,GAAG,KAAK,GAQb;QA3BgB,SAAI,GAAY,KAAK,CAAC;QA4BrC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,kCAAiB,CAAC,UAAU,IAAI,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;QAC1G,CAAC;QACD,IAAI,mBAAmB,EAAE,CAAC;YACxB,IAAI,CAAC,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,MAAM,CAAC,MAAM,CAAS,EACpB,GAAG,EACH,SAAS,EACT,OAAO,EACP,IAAI,GAAG,KAAK,GAMb;QACC,OAAO,IAAI,wBAAwB,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,OAAO,CAAS,EACrB,GAAG,EACH,SAAS,EACT,OAAO,EACP,IAAI,GAAG,KAAK,GAMb;QACC,OAAO,IAAI,wBAAwB,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,uBAAuB,CAAS,EACrC,mBAAmB,EACnB,SAAS,EACT,OAAO,EACP,IAAI,GAAG,KAAK,GAMb;QACC,OAAO,IAAI,wBAAwB,CAAC,EAAE,SAAS,EAAE,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,CAAC,SAAS,CAAS,KAAwB,EAAE,OAA0B;QAC3E,OAAO,IAAI,wBAAwB,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,CAAC,GAAsB;QAC5B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY,CAAC,QAAgB;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAW;QACjB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAQ;QACd,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,UAAU,CAAC,MAAc;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAiB;QACvB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAW;QACjB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAQ;QACd,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,OAAO,IAAI,kCAAiB,CAAC,UAAU,EAAE,CAAC;YACxE,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,KAAK,sBAAsB,EAAE,CAAC;gBAC5C,MAAM,KAAK,CAAC,4DAA4D,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBAC3B,MAAM,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oBAAoB,CAAC,MAAc;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uBAAuB,CAAC,WAAgC;QACtD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oBAAoB,CAAC,gBAAkC;QACrD,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAQ;QACd,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,gCAAe,CAAC,CAAC;QACnC,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACnB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACnB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAU,CAAC,CAAC;QACtC,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,IAAI,kCAAiB,CAAC,UAAU,EAAE,CAAC;YAC9D,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAE7B,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,4GAA4G;YAC5G,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG;gBAAE,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjH,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG;gBAAE,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC5G,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG;gBAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK;gBAAE,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEY,KAAK;;;YAChB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrC,CAAC;iBAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,OAAO,MAAM,IAAA,wCAAuB,EAClC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,SAAS,kBAEZ,GAAG,EAAE,MAAA,IAAI,CAAC,GAAG,mCAAI,CAAC,IAAI,CAAC,OAAO,GAAG,kCAAiB,CAAC,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,EACtH,GAAG,EAAE,IAAI,CAAC,GAAG,EACb,GAAG,EAAE,IAAI,CAAC,GAAG,EACb,GAAG,EAAE,IAAI,CAAC,GAAG,EACb,GAAG,EAAE,IAAI,CAAC,GAAG,EACb,GAAG,EAAE,IAAI,CAAC,GAAG,EACb,MAAM,EAAE,IAAI,CAAC,MAAM,EACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IACpB,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,GAE5C,IAAI,CAAC,GAAG,CACT,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,0CAAyB,CAAC,CAAC;;KAC5C;CACF;AAzND,4DAyNC"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
export * from '
|
|
2
|
-
export * from '
|
|
3
|
-
export * from './ProofUtil';
|
|
1
|
+
export * from './AuthorizationUtil';
|
|
2
|
+
export * from './notifications';
|
|
4
3
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../lib/functions/index.ts"],"names":[],"mappings":"AAAA,cAAc,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../lib/functions/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC"}
|
package/dist/functions/index.js
CHANGED
|
@@ -14,7 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("
|
|
18
|
-
__exportStar(require("
|
|
19
|
-
__exportStar(require("./ProofUtil"), exports);
|
|
17
|
+
__exportStar(require("./AuthorizationUtil"), exports);
|
|
18
|
+
__exportStar(require("./notifications"), exports);
|
|
20
19
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/functions/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/functions/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sDAAoC;AACpC,kDAAgC"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import { NotificationRequest, NotificationResult } from '@sphereon/oid4vci-common';
|
|
2
|
+
import { CredentialRequestOpts } from '../CredentialRequestClient';
|
|
3
|
+
export declare function sendNotification(credentialRequestOpts: Partial<CredentialRequestOpts>, request: NotificationRequest, accessToken?: string): Promise<NotificationResult>;
|
|
4
|
+
//# sourceMappingURL=notifications.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"notifications.d.ts","sourceRoot":"","sources":["../../lib/functions/notifications.ts"],"names":[],"mappings":"AAAA,OAAO,EAA6B,mBAAmB,EAAE,kBAAkB,EAAQ,MAAM,0BAA0B,CAAC;AAEpH,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAGnE,wBAAsB,gBAAgB,CACpC,qBAAqB,EAAE,OAAO,CAAC,qBAAqB,CAAC,EACrD,OAAO,EAAE,mBAAmB,EAC5B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,kBAAkB,CAAC,CAsB7B"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.sendNotification = void 0;
|
|
13
|
+
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
14
|
+
const types_1 = require("../types");
|
|
15
|
+
function sendNotification(credentialRequestOpts, request, accessToken) {
|
|
16
|
+
var _a, _b, _c;
|
|
17
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
18
|
+
types_1.LOG.info(`Sending status notification event '${request.event}' for id ${request.notification_id}`);
|
|
19
|
+
if (!credentialRequestOpts.notificationEndpoint) {
|
|
20
|
+
throw Error(`Cannot send notification when no notification endpoint is provided`);
|
|
21
|
+
}
|
|
22
|
+
const token = accessToken !== null && accessToken !== void 0 ? accessToken : credentialRequestOpts.token;
|
|
23
|
+
const response = yield (0, oid4vci_common_1.post)(credentialRequestOpts.notificationEndpoint, JSON.stringify(request), Object.assign({}, (token && { bearerToken: token })));
|
|
24
|
+
const error = ((_a = response.errorBody) === null || _a === void 0 ? void 0 : _a.error) !== undefined;
|
|
25
|
+
const result = {
|
|
26
|
+
error,
|
|
27
|
+
response: error ? yield ((_b = response.errorBody) === null || _b === void 0 ? void 0 : _b.json()) : undefined,
|
|
28
|
+
};
|
|
29
|
+
if (error) {
|
|
30
|
+
types_1.LOG.warning(`Notification endpoint returned an error for event '${request.event}' and id ${request.notification_id}: ${yield ((_c = response.errorBody) === null || _c === void 0 ? void 0 : _c.json())}`);
|
|
31
|
+
}
|
|
32
|
+
else {
|
|
33
|
+
types_1.LOG.debug(`Notification endpoint returned success for event '${request.event}' and id ${request.notification_id}`);
|
|
34
|
+
}
|
|
35
|
+
return result;
|
|
36
|
+
});
|
|
37
|
+
}
|
|
38
|
+
exports.sendNotification = sendNotification;
|
|
39
|
+
//# sourceMappingURL=notifications.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"notifications.js","sourceRoot":"","sources":["../../lib/functions/notifications.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAAoH;AAGpH,oCAA+B;AAE/B,SAAsB,gBAAgB,CACpC,qBAAqD,EACrD,OAA4B,EAC5B,WAAoB;;;QAEpB,WAAG,CAAC,IAAI,CAAC,sCAAsC,OAAO,CAAC,KAAK,YAAY,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;QACnG,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,CAAC;YAChD,MAAM,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,KAAK,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,qBAAqB,CAAC,KAAK,CAAC;QACzD,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAI,EAA4B,qBAAqB,CAAC,oBAAoB,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,oBACrH,CAAC,KAAK,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,EACpC,CAAC;QACH,MAAM,KAAK,GAAG,CAAA,MAAA,QAAQ,CAAC,SAAS,0CAAE,KAAK,MAAK,SAAS,CAAC;QACtD,MAAM,MAAM,GAAG;YACb,KAAK;YACL,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAA,MAAA,QAAQ,CAAC,SAAS,0CAAE,IAAI,EAAE,CAAA,CAAC,CAAC,CAAC,SAAS;SAC/D,CAAC;QACF,IAAI,KAAK,EAAE,CAAC;YACV,WAAG,CAAC,OAAO,CACT,sDAAsD,OAAO,CAAC,KAAK,YAAY,OAAO,CAAC,eAAe,KAAK,MAAM,CAAA,MAAA,QAAQ,CAAC,SAAS,0CAAE,IAAI,EAAE,CAAA,EAAE,CAC9I,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,WAAG,CAAC,KAAK,CAAC,qDAAqD,OAAO,CAAC,KAAK,YAAY,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;QACrH,CAAC;QACD,OAAO,MAAM,CAAC;;CACf;AA1BD,4CA0BC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
import { ISimpleLogger } from '@sphereon/ssi-types';
|
|
2
|
+
export declare const LOG: ISimpleLogger<string>;
|
|
1
3
|
export * from './AccessTokenClient';
|
|
2
4
|
export * from './AccessTokenClientV1_0_11';
|
|
3
5
|
export * from './AuthorizationCodeClient';
|
|
@@ -5,13 +7,16 @@ export * from './AuthorizationCodeClientV1_0_11';
|
|
|
5
7
|
export * from './CredentialRequestClient';
|
|
6
8
|
export * from './CredentialOfferClient';
|
|
7
9
|
export * from './CredentialOfferClientV1_0_11';
|
|
10
|
+
export * from './CredentialOfferClientV1_0_13';
|
|
8
11
|
export * from './CredentialRequestClientV1_0_11';
|
|
9
12
|
export * from './CredentialRequestClientBuilder';
|
|
10
13
|
export * from './CredentialRequestClientBuilderV1_0_11';
|
|
11
14
|
export * from './functions';
|
|
12
15
|
export * from './MetadataClient';
|
|
16
|
+
export * from './MetadataClientV1_0_13';
|
|
13
17
|
export * from './MetadataClientV1_0_11';
|
|
14
18
|
export * from './OpenID4VCIClient';
|
|
19
|
+
export * from './OpenID4VCIClientV1_0_13';
|
|
15
20
|
export * from './OpenID4VCIClientV1_0_11';
|
|
16
21
|
export * from './ProofOfPossessionBuilder';
|
|
17
22
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,eAAO,MAAM,GAAG,EAAE,aAAa,CAAC,MAAM,CAA8C,CAAC;AAErF,cAAc,qBAAqB,CAAC;AACpC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kCAAkC,CAAC;AACjD,cAAc,kCAAkC,CAAC;AACjD,cAAc,yCAAyC,CAAC;AACxD,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,yBAAyB,CAAC;AACxC,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,4BAA4B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -14,6 +14,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
exports.LOG = void 0;
|
|
18
|
+
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
19
|
+
exports.LOG = oid4vci_common_1.VCI_LOGGERS.get('sphereon:oid4vci:client');
|
|
17
20
|
__exportStar(require("./AccessTokenClient"), exports);
|
|
18
21
|
__exportStar(require("./AccessTokenClientV1_0_11"), exports);
|
|
19
22
|
__exportStar(require("./AuthorizationCodeClient"), exports);
|
|
@@ -21,13 +24,16 @@ __exportStar(require("./AuthorizationCodeClientV1_0_11"), exports);
|
|
|
21
24
|
__exportStar(require("./CredentialRequestClient"), exports);
|
|
22
25
|
__exportStar(require("./CredentialOfferClient"), exports);
|
|
23
26
|
__exportStar(require("./CredentialOfferClientV1_0_11"), exports);
|
|
27
|
+
__exportStar(require("./CredentialOfferClientV1_0_13"), exports);
|
|
24
28
|
__exportStar(require("./CredentialRequestClientV1_0_11"), exports);
|
|
25
29
|
__exportStar(require("./CredentialRequestClientBuilder"), exports);
|
|
26
30
|
__exportStar(require("./CredentialRequestClientBuilderV1_0_11"), exports);
|
|
27
31
|
__exportStar(require("./functions"), exports);
|
|
28
32
|
__exportStar(require("./MetadataClient"), exports);
|
|
33
|
+
__exportStar(require("./MetadataClientV1_0_13"), exports);
|
|
29
34
|
__exportStar(require("./MetadataClientV1_0_11"), exports);
|
|
30
35
|
__exportStar(require("./OpenID4VCIClient"), exports);
|
|
36
|
+
__exportStar(require("./OpenID4VCIClientV1_0_13"), exports);
|
|
31
37
|
__exportStar(require("./OpenID4VCIClientV1_0_11"), exports);
|
|
32
38
|
__exportStar(require("./ProofOfPossessionBuilder"), exports);
|
|
33
39
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,6DAAuD;AAG1C,QAAA,GAAG,GAA0B,4BAAW,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;AAErF,sDAAoC;AACpC,6DAA2C;AAC3C,4DAA0C;AAC1C,mEAAiD;AACjD,4DAA0C;AAC1C,0DAAwC;AACxC,iEAA+C;AAC/C,iEAA+C;AAC/C,mEAAiD;AACjD,mEAAiD;AACjD,0EAAwD;AACxD,8CAA4B;AAC5B,mDAAiC;AACjC,0DAAwC;AACxC,0DAAwC;AACxC,qDAAmC;AACnC,4DAA0C;AAC1C,4DAA0C;AAC1C,6DAA2C"}
|
package/dist/types/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../lib/types/index.ts"],"names":[],"mappings":""}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../lib/types/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAa,MAAM,qBAAqB,CAAC;AAE/D,eAAO,MAAM,GAAG,EAAE,aAAa,CAAC,MAAM,CAErC,CAAC"}
|
package/dist/types/index.js
CHANGED
|
@@ -1,2 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.LOG = void 0;
|
|
4
|
+
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
5
|
+
const ssi_types_1 = require("@sphereon/ssi-types");
|
|
6
|
+
exports.LOG = oid4vci_common_1.VCI_LOGGERS.options('sphereon:oid4vci:client', { methods: [ssi_types_1.LogMethod.EVENT, ssi_types_1.LogMethod.DEBUG_PKG] }).get('sphereon:oid4vci:client');
|
|
2
7
|
//# sourceMappingURL=index.js.map
|
package/dist/types/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/types/index.ts"],"names":[],"mappings":""}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/types/index.ts"],"names":[],"mappings":";;;AAAA,6DAAuD;AACvD,mDAA+D;AAElD,QAAA,GAAG,GAA0B,4BAAW,CAAC,OAAO,CAAC,yBAAyB,EAAE,EAAE,OAAO,EAAE,CAAC,qBAAS,CAAC,KAAK,EAAE,qBAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,GAAG,CAC/I,yBAAyB,CAC1B,CAAC"}
|
package/lib/AccessTokenClient.ts
CHANGED
|
@@ -5,15 +5,13 @@ import {
|
|
|
5
5
|
assertedUniformCredentialOffer,
|
|
6
6
|
AuthorizationServerOpts,
|
|
7
7
|
AuthzFlowType,
|
|
8
|
-
|
|
9
|
-
CredentialOfferV1_0_13,
|
|
10
|
-
determineSpecVersionFromOffer,
|
|
8
|
+
convertJsonToURI,
|
|
11
9
|
EndpointMetadata,
|
|
10
|
+
formPost,
|
|
12
11
|
getIssuerFromCredentialOfferPayload,
|
|
13
12
|
GrantTypes,
|
|
14
13
|
IssuerOpts,
|
|
15
14
|
JsonURIMode,
|
|
16
|
-
OpenId4VCIVersion,
|
|
17
15
|
OpenIDResponse,
|
|
18
16
|
PRE_AUTH_CODE_LITERAL,
|
|
19
17
|
TokenErrorResponse,
|
|
@@ -22,12 +20,9 @@ import {
|
|
|
22
20
|
UniformCredentialOfferPayload,
|
|
23
21
|
} from '@sphereon/oid4vci-common';
|
|
24
22
|
import { ObjectUtils } from '@sphereon/ssi-types';
|
|
25
|
-
import Debug from 'debug';
|
|
26
23
|
|
|
27
|
-
import {
|
|
28
|
-
import {
|
|
29
|
-
|
|
30
|
-
const debug = Debug('sphereon:oid4vci:token');
|
|
24
|
+
import { MetadataClientV1_0_13 } from './MetadataClientV1_0_13';
|
|
25
|
+
import { LOG } from './types';
|
|
31
26
|
|
|
32
27
|
export class AccessTokenClient {
|
|
33
28
|
public async acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>> {
|
|
@@ -83,7 +78,7 @@ export class AccessTokenClient {
|
|
|
83
78
|
metadata: metadata
|
|
84
79
|
? metadata
|
|
85
80
|
: issuerOpts?.fetchMetadata
|
|
86
|
-
? await
|
|
81
|
+
? await MetadataClientV1_0_13.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
|
|
87
82
|
: undefined,
|
|
88
83
|
});
|
|
89
84
|
|
|
@@ -92,11 +87,9 @@ export class AccessTokenClient {
|
|
|
92
87
|
|
|
93
88
|
public async createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest> {
|
|
94
89
|
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
? await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_13)
|
|
99
|
-
: undefined;
|
|
90
|
+
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
91
|
+
// @ts-ignore
|
|
92
|
+
const credentialOfferRequest = opts.credentialOffer ? await toUniformCredentialOfferRequest(opts.credentialOffer) : undefined;
|
|
100
93
|
const request: Partial<AccessTokenRequest> = {};
|
|
101
94
|
|
|
102
95
|
if (asOpts?.clientId) {
|
|
@@ -127,7 +120,7 @@ export class AccessTokenClient {
|
|
|
127
120
|
return request as AccessTokenRequest;
|
|
128
121
|
}
|
|
129
122
|
|
|
130
|
-
throw new Error('Credential offer request
|
|
123
|
+
throw new Error('Credential offer request follows neither pre-authorized code nor authorization code flow requirements.');
|
|
131
124
|
}
|
|
132
125
|
|
|
133
126
|
private assertPreAuthorizedGrantType(grantType: GrantTypes): void {
|
|
@@ -151,7 +144,7 @@ export class AccessTokenClient {
|
|
|
151
144
|
const grantDetails = requestPayload.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code'];
|
|
152
145
|
const isPinRequired = !!grantDetails?.tx_code ?? false;
|
|
153
146
|
|
|
154
|
-
|
|
147
|
+
LOG.warning(`Pin required for issuer ${issuer}: ${isPinRequired}`);
|
|
155
148
|
return {
|
|
156
149
|
txCode: grantDetails?.tx_code,
|
|
157
150
|
isPinRequired,
|
|
@@ -178,34 +171,34 @@ export class AccessTokenClient {
|
|
|
178
171
|
regex = regex || /^[a-zA-Z0-9]+$|^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/;
|
|
179
172
|
|
|
180
173
|
if (!pin || !regex.test(pin)) {
|
|
181
|
-
|
|
174
|
+
LOG.warning(
|
|
182
175
|
`Pin is not valid. Expected format: ${pinMeta?.txCode?.input_mode || 'alphanumeric'}, Length: up to ${pinMeta?.txCode?.length || 'any number of'} characters`,
|
|
183
176
|
);
|
|
184
177
|
throw new Error('A valid pin must be present according to the specified transaction code requirements.');
|
|
185
178
|
}
|
|
186
179
|
} else if (pin) {
|
|
187
|
-
|
|
180
|
+
LOG.warning('Pin set, whilst not required');
|
|
188
181
|
throw new Error('Cannot set a pin when the pin is not required.');
|
|
189
182
|
}
|
|
190
183
|
}
|
|
191
184
|
|
|
192
185
|
private assertNonEmptyPreAuthorizedCode(accessTokenRequest: AccessTokenRequest): void {
|
|
193
186
|
if (!accessTokenRequest[PRE_AUTH_CODE_LITERAL]) {
|
|
194
|
-
|
|
187
|
+
LOG.warning(`No pre-authorized code present, whilst it is required`, accessTokenRequest);
|
|
195
188
|
throw new Error('Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.');
|
|
196
189
|
}
|
|
197
190
|
}
|
|
198
191
|
|
|
199
192
|
private assertNonEmptyCodeVerifier(accessTokenRequest: AccessTokenRequest): void {
|
|
200
193
|
if (!accessTokenRequest.code_verifier) {
|
|
201
|
-
|
|
194
|
+
LOG.warning('No code_verifier present, whilst it is required', accessTokenRequest);
|
|
202
195
|
throw new Error('Authorization flow requires the code_verifier to be present');
|
|
203
196
|
}
|
|
204
197
|
}
|
|
205
198
|
|
|
206
199
|
private assertNonEmptyCode(accessTokenRequest: AccessTokenRequest): void {
|
|
207
200
|
if (!accessTokenRequest.code) {
|
|
208
|
-
|
|
201
|
+
LOG.warning('No code present, whilst it is required');
|
|
209
202
|
throw new Error('Authorization flow requires the code to be present');
|
|
210
203
|
}
|
|
211
204
|
}
|
|
@@ -254,7 +247,7 @@ export class AccessTokenClient {
|
|
|
254
247
|
if (!url || !ObjectUtils.isString(url)) {
|
|
255
248
|
throw new Error('No authorization server token URL present. Cannot acquire access token');
|
|
256
249
|
}
|
|
257
|
-
debug(`Token endpoint determined to be ${url}`);
|
|
250
|
+
LOG.debug(`Token endpoint determined to be ${url}`);
|
|
258
251
|
return url;
|
|
259
252
|
}
|
|
260
253
|
|
|
@@ -271,7 +264,7 @@ export class AccessTokenClient {
|
|
|
271
264
|
}
|
|
272
265
|
|
|
273
266
|
private throwNotSupportedFlow(): void {
|
|
274
|
-
|
|
267
|
+
LOG.warning(`Only pre-authorized or authorization code flows supported.`);
|
|
275
268
|
throw new Error('Only pre-authorized-code or authorization code flows are supported');
|
|
276
269
|
}
|
|
277
270
|
}
|
|
@@ -5,28 +5,25 @@ import {
|
|
|
5
5
|
assertedUniformCredentialOffer,
|
|
6
6
|
AuthorizationServerOpts,
|
|
7
7
|
AuthzFlowType,
|
|
8
|
-
|
|
8
|
+
convertJsonToURI,
|
|
9
9
|
CredentialOfferV1_0_11,
|
|
10
10
|
CredentialOfferV1_0_13,
|
|
11
|
-
determineSpecVersionFromOffer,
|
|
12
11
|
EndpointMetadata,
|
|
12
|
+
formPost,
|
|
13
13
|
getIssuerFromCredentialOfferPayload,
|
|
14
14
|
GrantTypes,
|
|
15
15
|
IssuerOpts,
|
|
16
16
|
JsonURIMode,
|
|
17
|
-
OpenId4VCIVersion,
|
|
18
17
|
OpenIDResponse,
|
|
19
18
|
PRE_AUTH_CODE_LITERAL,
|
|
20
19
|
TokenErrorResponse,
|
|
21
20
|
toUniformCredentialOfferRequest,
|
|
22
|
-
toUniformCredentialOfferRequestV1_0_11,
|
|
23
21
|
UniformCredentialOfferPayload,
|
|
24
22
|
} from '@sphereon/oid4vci-common';
|
|
25
23
|
import { ObjectUtils } from '@sphereon/ssi-types';
|
|
26
24
|
import Debug from 'debug';
|
|
27
25
|
|
|
28
|
-
import {
|
|
29
|
-
import { convertJsonToURI, formPost } from './functions';
|
|
26
|
+
import { MetadataClientV1_0_13 } from './MetadataClientV1_0_13';
|
|
30
27
|
|
|
31
28
|
const debug = Debug('sphereon:oid4vci:token');
|
|
32
29
|
|
|
@@ -83,7 +80,7 @@ export class AccessTokenClientV1_0_11 {
|
|
|
83
80
|
metadata: metadata
|
|
84
81
|
? metadata
|
|
85
82
|
: issuerOpts?.fetchMetadata
|
|
86
|
-
? await
|
|
83
|
+
? await MetadataClientV1_0_13.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
|
|
87
84
|
: undefined,
|
|
88
85
|
});
|
|
89
86
|
|
|
@@ -93,9 +90,7 @@ export class AccessTokenClientV1_0_11 {
|
|
|
93
90
|
public async createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest> {
|
|
94
91
|
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
95
92
|
const credentialOfferRequest = opts.credentialOffer
|
|
96
|
-
?
|
|
97
|
-
? await toUniformCredentialOfferRequestV1_0_11(opts.credentialOffer as CredentialOfferV1_0_11)
|
|
98
|
-
: await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_13)
|
|
93
|
+
? await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_11 | CredentialOfferV1_0_13)
|
|
99
94
|
: undefined;
|
|
100
95
|
const request: Partial<AccessTokenRequest> = {};
|
|
101
96
|
|
|
@@ -3,6 +3,7 @@ import {
|
|
|
3
3
|
AuthorizationRequestOpts,
|
|
4
4
|
CodeChallengeMethod,
|
|
5
5
|
convertJsonToURI,
|
|
6
|
+
CreateRequestObjectMode,
|
|
6
7
|
CredentialConfigurationSupportedV1_0_13,
|
|
7
8
|
CredentialOfferPayloadV1_0_13,
|
|
8
9
|
CredentialOfferRequestWithBaseUrl,
|
|
@@ -10,17 +11,56 @@ import {
|
|
|
10
11
|
EndpointMetadataResultV1_0_13,
|
|
11
12
|
formPost,
|
|
12
13
|
JsonURIMode,
|
|
14
|
+
Jwt,
|
|
13
15
|
OID4VCICredentialFormat,
|
|
14
16
|
OpenId4VCIVersion,
|
|
15
17
|
PARMode,
|
|
16
18
|
PKCEOpts,
|
|
17
19
|
PushedAuthorizationResponse,
|
|
20
|
+
RequestObjectOpts,
|
|
18
21
|
ResponseType,
|
|
19
22
|
} from '@sphereon/oid4vci-common';
|
|
20
23
|
import Debug from 'debug';
|
|
21
24
|
|
|
25
|
+
import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
|
|
26
|
+
|
|
22
27
|
const debug = Debug('sphereon:oid4vci');
|
|
23
28
|
|
|
29
|
+
export async function createSignedAuthRequestWhenNeeded(requestObject: Record<string, any>, opts: RequestObjectOpts & { aud?: string }) {
|
|
30
|
+
if (opts.requestObjectMode === CreateRequestObjectMode.REQUEST_URI) {
|
|
31
|
+
throw Error(`Request Object Mode ${opts.requestObjectMode} is not supported yet`);
|
|
32
|
+
} else if (opts.requestObjectMode === CreateRequestObjectMode.REQUEST_OBJECT) {
|
|
33
|
+
if (typeof opts.signCallbacks?.signCallback !== 'function') {
|
|
34
|
+
throw Error(`No request object sign callback found, whilst request object mode was set to ${opts.requestObjectMode}`);
|
|
35
|
+
} else if (!opts.kid) {
|
|
36
|
+
throw Error(`No kid found, whilst request object mode was set to ${opts.requestObjectMode}`);
|
|
37
|
+
}
|
|
38
|
+
let client_metadata: any
|
|
39
|
+
if (opts.clientMetadata || opts.jwksUri) {
|
|
40
|
+
client_metadata = opts.clientMetadata ?? {};
|
|
41
|
+
if (opts.jwksUri) {
|
|
42
|
+
client_metadata['jwks_uri'] = opts.jwksUri;
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
let authorization_details = requestObject['authorization_details']
|
|
46
|
+
if (typeof authorization_details === 'string') {
|
|
47
|
+
authorization_details = JSON.parse(requestObject.authorization_details);
|
|
48
|
+
}
|
|
49
|
+
if (!requestObject.aud && opts.aud) {
|
|
50
|
+
requestObject.aud = opts.aud;
|
|
51
|
+
}
|
|
52
|
+
const iss = requestObject.iss ?? opts.iss ?? requestObject.client_id
|
|
53
|
+
|
|
54
|
+
const jwt: Jwt = { header: { alg: 'ES256', kid: opts.kid, typ: 'jwt' }, payload: {...requestObject, iss, authorization_details, ...(client_metadata && {client_metadata})} };
|
|
55
|
+
const pop = await ProofOfPossessionBuilder.fromJwt({
|
|
56
|
+
jwt,
|
|
57
|
+
callbacks: opts.signCallbacks,
|
|
58
|
+
version: OpenId4VCIVersion.VER_1_0_11,
|
|
59
|
+
mode: 'jwt',
|
|
60
|
+
}).build();
|
|
61
|
+
requestObject['request'] = pop.jwt;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
24
64
|
function filterSupportedCredentials(
|
|
25
65
|
credentialOffer: CredentialOfferPayloadV1_0_13,
|
|
26
66
|
credentialsSupported?: Record<string, CredentialConfigurationSupportedV1_0_13>,
|
|
@@ -62,15 +102,13 @@ export const createAuthorizationRequestUrl = async ({
|
|
|
62
102
|
}
|
|
63
103
|
}
|
|
64
104
|
|
|
65
|
-
const { redirectUri } = authorizationRequest;
|
|
105
|
+
const { redirectUri, requestObjectOpts = { requestObjectMode: CreateRequestObjectMode.NONE } } = authorizationRequest;
|
|
66
106
|
const client_id = clientId ?? authorizationRequest.clientId;
|
|
67
|
-
|
|
68
|
-
throw Error(`Cannot use PAR without a client_id value set`);
|
|
69
|
-
}
|
|
107
|
+
|
|
70
108
|
let { scope, authorizationDetails } = authorizationRequest;
|
|
71
109
|
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests
|
|
72
110
|
? PARMode.REQUIRE
|
|
73
|
-
: authorizationRequest.parMode ?? PARMode.AUTO;
|
|
111
|
+
: authorizationRequest.parMode ?? (client_id ? PARMode.AUTO : PARMode.NEVER);
|
|
74
112
|
// Scope and authorization_details can be used in the same authorization request
|
|
75
113
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-23#name-relationship-to-scope-param
|
|
76
114
|
if (!scope && !authorizationDetails) {
|
|
@@ -138,7 +176,7 @@ export const createAuthorizationRequestUrl = async ({
|
|
|
138
176
|
scope = ['openid', scope].filter((s) => !!s).join(' ');
|
|
139
177
|
}
|
|
140
178
|
|
|
141
|
-
let queryObj:
|
|
179
|
+
let queryObj: Record<string, any> | PushedAuthorizationResponse = {
|
|
142
180
|
response_type: ResponseType.AUTH_CODE,
|
|
143
181
|
...(!pkce.disabled && {
|
|
144
182
|
code_challenge_method: pkce.codeChallengeMethod ?? CodeChallengeMethod.S256,
|
|
@@ -146,7 +184,7 @@ export const createAuthorizationRequestUrl = async ({
|
|
|
146
184
|
}),
|
|
147
185
|
authorization_details: JSON.stringify(handleAuthorizationDetails(endpointMetadata, authorizationDetails)),
|
|
148
186
|
...(redirectUri && { redirect_uri: redirectUri }),
|
|
149
|
-
client_id,
|
|
187
|
+
...(client_id && { client_id }),
|
|
150
188
|
...(credentialOffer?.issuerState && { issuer_state: credentialOffer.issuerState }),
|
|
151
189
|
scope,
|
|
152
190
|
};
|
|
@@ -170,10 +208,11 @@ export const createAuthorizationRequestUrl = async ({
|
|
|
170
208
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
171
209
|
}
|
|
172
210
|
} else {
|
|
173
|
-
debug(`PAR response: ${(parResponse.successBody, null, 2)}`);
|
|
211
|
+
debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
174
212
|
queryObj = { /*response_type: ResponseType.AUTH_CODE,*/ client_id, request_uri: parResponse.successBody.request_uri };
|
|
175
213
|
}
|
|
176
214
|
}
|
|
215
|
+
await createSignedAuthRequestWhenNeeded(queryObj, { ...requestObjectOpts, aud: endpointMetadata.authorization_server });
|
|
177
216
|
|
|
178
217
|
debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
179
218
|
const url = convertJsonToURI(queryObj, {
|
|
@@ -3,7 +3,7 @@ import {
|
|
|
3
3
|
AuthorizationRequestOpts,
|
|
4
4
|
CodeChallengeMethod,
|
|
5
5
|
convertJsonToURI,
|
|
6
|
-
|
|
6
|
+
CreateRequestObjectMode,
|
|
7
7
|
CredentialOfferFormat,
|
|
8
8
|
CredentialOfferPayloadV1_0_11,
|
|
9
9
|
CredentialOfferRequestWithBaseUrl,
|
|
@@ -18,6 +18,8 @@ import {
|
|
|
18
18
|
} from '@sphereon/oid4vci-common';
|
|
19
19
|
import Debug from 'debug';
|
|
20
20
|
|
|
21
|
+
import { createSignedAuthRequestWhenNeeded } from './AuthorizationCodeClient';
|
|
22
|
+
|
|
21
23
|
const debug = Debug('sphereon:oid4vci');
|
|
22
24
|
|
|
23
25
|
export const createAuthorizationRequestUrlV1_0_11 = async ({
|
|
@@ -33,8 +35,9 @@ export const createAuthorizationRequestUrlV1_0_11 = async ({
|
|
|
33
35
|
credentialOffer?: CredentialOfferRequestWithBaseUrl;
|
|
34
36
|
credentialsSupported?: CredentialsSupportedLegacy[];
|
|
35
37
|
}): Promise<string> => {
|
|
36
|
-
const { redirectUri, clientId } = authorizationRequest;
|
|
38
|
+
const { redirectUri, clientId, requestObjectOpts = { requestObjectMode: CreateRequestObjectMode.NONE } } = authorizationRequest;
|
|
37
39
|
let { scope, authorizationDetails } = authorizationRequest;
|
|
40
|
+
|
|
38
41
|
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests
|
|
39
42
|
? PARMode.REQUIRE
|
|
40
43
|
: authorizationRequest.parMode ?? PARMode.AUTO;
|
|
@@ -50,9 +53,7 @@ export const createAuthorizationRequestUrlV1_0_11 = async ({
|
|
|
50
53
|
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
51
54
|
// @ts-ignore
|
|
52
55
|
authorizationDetails = creds
|
|
53
|
-
.flatMap((cred) =>
|
|
54
|
-
typeof cred === 'string' && credentialsSupported ? Object.values(credentialsSupported) : (cred as CredentialConfigurationSupported),
|
|
55
|
-
)
|
|
56
|
+
.flatMap((cred) => (typeof cred === 'string' ? credentialsSupported : (cred as CredentialsSupportedLegacy)))
|
|
56
57
|
.filter((cred) => !!cred)
|
|
57
58
|
.map((cred) => {
|
|
58
59
|
return {
|
|
@@ -111,10 +112,11 @@ export const createAuthorizationRequestUrlV1_0_11 = async ({
|
|
|
111
112
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
112
113
|
}
|
|
113
114
|
} else {
|
|
114
|
-
debug(`PAR response: ${(parResponse.successBody, null, 2)}`);
|
|
115
|
+
debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
115
116
|
queryObj = { request_uri: parResponse.successBody.request_uri };
|
|
116
117
|
}
|
|
117
118
|
}
|
|
119
|
+
await createSignedAuthRequestWhenNeeded(queryObj, { ...requestObjectOpts, aud: endpointMetadata.authorization_server });
|
|
118
120
|
|
|
119
121
|
debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
120
122
|
const url = convertJsonToURI(queryObj, {
|