@sphereon/oid4vci-client 0.10.4-unstable.98 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -7
- package/dist/AccessTokenClient.d.ts.map +1 -1
- package/dist/AccessTokenClient.js +5 -6
- package/dist/AccessTokenClient.js.map +1 -1
- package/dist/AccessTokenClientV1_0_11.d.ts.map +1 -1
- package/dist/AccessTokenClientV1_0_11.js +3 -5
- package/dist/AccessTokenClientV1_0_11.js.map +1 -1
- package/dist/AuthorizationCodeClient.d.ts +4 -1
- package/dist/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/AuthorizationCodeClient.js +47 -8
- package/dist/AuthorizationCodeClient.js.map +1 -1
- package/dist/AuthorizationCodeClientV1_0_11.d.ts.map +1 -1
- package/dist/AuthorizationCodeClientV1_0_11.js +5 -3
- package/dist/AuthorizationCodeClientV1_0_11.js.map +1 -1
- package/dist/CredentialOfferClient.d.ts.map +1 -1
- package/dist/CredentialOfferClient.js +26 -12
- package/dist/CredentialOfferClient.js.map +1 -1
- package/dist/CredentialOfferClientV1_0_11.js +6 -7
- package/dist/CredentialOfferClientV1_0_11.js.map +1 -1
- package/dist/CredentialOfferClientV1_0_13.d.ts +10 -0
- package/dist/CredentialOfferClientV1_0_13.d.ts.map +1 -0
- package/dist/CredentialOfferClientV1_0_13.js +94 -0
- package/dist/CredentialOfferClientV1_0_13.js.map +1 -0
- package/dist/CredentialRequestClient.js +1 -1
- package/dist/CredentialRequestClient.js.map +1 -1
- package/dist/CredentialRequestClientBuilderV1_0_11.d.ts +3 -1
- package/dist/CredentialRequestClientBuilderV1_0_11.d.ts.map +1 -1
- package/dist/CredentialRequestClientBuilderV1_0_11.js +4 -0
- package/dist/CredentialRequestClientBuilderV1_0_11.js.map +1 -1
- package/dist/CredentialRequestClientV1_0_11.d.ts +9 -3
- package/dist/CredentialRequestClientV1_0_11.d.ts.map +1 -1
- package/dist/CredentialRequestClientV1_0_11.js +2 -1
- package/dist/CredentialRequestClientV1_0_11.js.map +1 -1
- package/dist/MetadataClient.d.ts +5 -5
- package/dist/MetadataClient.d.ts.map +1 -1
- package/dist/MetadataClient.js +30 -13
- package/dist/MetadataClient.js.map +1 -1
- package/dist/MetadataClientV1_0_13.d.ts +31 -0
- package/dist/MetadataClientV1_0_13.d.ts.map +1 -0
- package/dist/MetadataClientV1_0_13.js +181 -0
- package/dist/MetadataClientV1_0_13.js.map +1 -0
- package/dist/OpenID4VCIClient.d.ts +13 -24
- package/dist/OpenID4VCIClient.d.ts.map +1 -1
- package/dist/OpenID4VCIClient.js +126 -103
- package/dist/OpenID4VCIClient.js.map +1 -1
- package/dist/OpenID4VCIClientV1_0_11.d.ts +3 -2
- package/dist/OpenID4VCIClientV1_0_11.d.ts.map +1 -1
- package/dist/OpenID4VCIClientV1_0_11.js +5 -18
- package/dist/OpenID4VCIClientV1_0_11.js.map +1 -1
- package/dist/OpenID4VCIClientV1_0_13.d.ts +112 -0
- package/dist/OpenID4VCIClientV1_0_13.d.ts.map +1 -0
- package/dist/OpenID4VCIClientV1_0_13.js +478 -0
- package/dist/OpenID4VCIClientV1_0_13.js.map +1 -0
- package/dist/ProofOfPossessionBuilder.d.ts +14 -3
- package/dist/ProofOfPossessionBuilder.d.ts.map +1 -1
- package/dist/ProofOfPossessionBuilder.js +20 -20
- package/dist/ProofOfPossessionBuilder.js.map +1 -1
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -0
- package/dist/index.js.map +1 -1
- package/lib/AccessTokenClient.ts +5 -11
- package/lib/AccessTokenClientV1_0_11.ts +3 -9
- package/lib/AuthorizationCodeClient.ts +47 -8
- package/lib/AuthorizationCodeClientV1_0_11.ts +8 -6
- package/lib/CredentialOfferClient.ts +31 -9
- package/lib/CredentialOfferClientV1_0_11.ts +6 -6
- package/lib/CredentialOfferClientV1_0_13.ts +103 -0
- package/lib/CredentialRequestClient.ts +1 -1
- package/lib/CredentialRequestClientBuilderV1_0_11.ts +7 -0
- package/lib/CredentialRequestClientV1_0_11.ts +9 -4
- package/lib/MetadataClient.ts +49 -14
- package/lib/MetadataClientV1_0_13.ts +188 -0
- package/lib/OpenID4VCIClient.ts +131 -115
- package/lib/OpenID4VCIClientV1_0_11.ts +9 -19
- package/lib/OpenID4VCIClientV1_0_13.ts +677 -0
- package/lib/ProofOfPossessionBuilder.ts +40 -9
- package/lib/__tests__/CredentialRequestClientV1_0_11.spec.ts +2 -2
- package/lib/__tests__/MetadataClient.spec.ts +3 -4
- package/lib/__tests__/MetadataMocks.ts +1 -0
- package/lib/__tests__/OpenID4VCIClient.spec.ts +42 -9
- package/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts +24 -0
- package/lib/__tests__/OpenID4VCIClientV1_0_13.spec.ts +204 -0
- package/lib/__tests__/SdJwt.spec.ts +2 -2
- package/lib/__tests__/SphereonE2E.spec.test.ts +4 -3
- package/lib/index.ts +8 -0
- package/package.json +4 -4
|
@@ -1,10 +1,12 @@
|
|
|
1
|
-
import { AccessTokenResponse, Alg, EndpointMetadata, JWK, Jwt, OpenId4VCIVersion, ProofOfPossession, ProofOfPossessionCallbacks, Typ } from '@sphereon/oid4vci-common';
|
|
1
|
+
import { AccessTokenResponse, Alg, EndpointMetadata, JWK, Jwt, OpenId4VCIVersion, PoPMode, ProofOfPossession, ProofOfPossessionCallbacks, Typ } from '@sphereon/oid4vci-common';
|
|
2
2
|
export declare class ProofOfPossessionBuilder<DIDDoc> {
|
|
3
3
|
private readonly proof?;
|
|
4
4
|
private readonly callbacks?;
|
|
5
5
|
private readonly version;
|
|
6
|
+
private readonly mode;
|
|
6
7
|
private kid?;
|
|
7
8
|
private jwk?;
|
|
9
|
+
private aud?;
|
|
8
10
|
private clientId?;
|
|
9
11
|
private issuer?;
|
|
10
12
|
private jwt?;
|
|
@@ -13,17 +15,26 @@ export declare class ProofOfPossessionBuilder<DIDDoc> {
|
|
|
13
15
|
private cNonce?;
|
|
14
16
|
private typ?;
|
|
15
17
|
private constructor();
|
|
16
|
-
static
|
|
18
|
+
static manual<DIDDoc>({ jwt, callbacks, version, mode, }: {
|
|
19
|
+
jwt?: Jwt;
|
|
20
|
+
callbacks: ProofOfPossessionCallbacks<DIDDoc>;
|
|
21
|
+
version: OpenId4VCIVersion;
|
|
22
|
+
mode?: PoPMode;
|
|
23
|
+
}): ProofOfPossessionBuilder<DIDDoc>;
|
|
24
|
+
static fromJwt<DIDDoc>({ jwt, callbacks, version, mode, }: {
|
|
17
25
|
jwt: Jwt;
|
|
18
26
|
callbacks: ProofOfPossessionCallbacks<DIDDoc>;
|
|
19
27
|
version: OpenId4VCIVersion;
|
|
28
|
+
mode?: PoPMode;
|
|
20
29
|
}): ProofOfPossessionBuilder<DIDDoc>;
|
|
21
|
-
static fromAccessTokenResponse<DIDDoc>({ accessTokenResponse, callbacks, version, }: {
|
|
30
|
+
static fromAccessTokenResponse<DIDDoc>({ accessTokenResponse, callbacks, version, mode, }: {
|
|
22
31
|
accessTokenResponse: AccessTokenResponse;
|
|
23
32
|
callbacks: ProofOfPossessionCallbacks<DIDDoc>;
|
|
24
33
|
version: OpenId4VCIVersion;
|
|
34
|
+
mode?: PoPMode;
|
|
25
35
|
}): ProofOfPossessionBuilder<DIDDoc>;
|
|
26
36
|
static fromProof<DIDDoc>(proof: ProofOfPossession, version: OpenId4VCIVersion): ProofOfPossessionBuilder<DIDDoc>;
|
|
37
|
+
withAud(aud: string | string[]): this;
|
|
27
38
|
withClientId(clientId: string): this;
|
|
28
39
|
withKid(kid: string): this;
|
|
29
40
|
withJWK(jwk: JWK): this;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ProofOfPossessionBuilder.d.ts","sourceRoot":"","sources":["../lib/ProofOfPossessionBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,GAAG,EAEH,gBAAgB,EAChB,GAAG,EACH,GAAG,EAEH,iBAAiB,
|
|
1
|
+
{"version":3,"file":"ProofOfPossessionBuilder.d.ts","sourceRoot":"","sources":["../lib/ProofOfPossessionBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,GAAG,EAEH,gBAAgB,EAChB,GAAG,EACH,GAAG,EAEH,iBAAiB,EACjB,OAAO,EAEP,iBAAiB,EACjB,0BAA0B,EAC1B,GAAG,EACJ,MAAM,0BAA0B,CAAC;AAElC,qBAAa,wBAAwB,CAAC,MAAM;IAC1C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAoB;IAC3C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAqC;IAChE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAoB;IAC5C,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAkB;IAEvC,OAAO,CAAC,GAAG,CAAC,CAAS;IACrB,OAAO,CAAC,GAAG,CAAC,CAAM;IAClB,OAAO,CAAC,GAAG,CAAC,CAAoB;IAChC,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,GAAG,CAAC,CAAM;IAClB,OAAO,CAAC,GAAG,CAAC,CAAS;IACrB,OAAO,CAAC,GAAG,CAAC,CAAS;IACrB,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,GAAG,CAAC,CAAM;IAElB,OAAO;IA6BP,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,EACpB,GAAG,EACH,SAAS,EACT,OAAO,EACP,IAAY,GACb,EAAE;QACD,GAAG,CAAC,EAAE,GAAG,CAAC;QACV,SAAS,EAAE,0BAA0B,CAAC,MAAM,CAAC,CAAC;QAC9C,OAAO,EAAE,iBAAiB,CAAC;QAC3B,IAAI,CAAC,EAAE,OAAO,CAAC;KAChB,GAAG,wBAAwB,CAAC,MAAM,CAAC;IAIpC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EACrB,GAAG,EACH,SAAS,EACT,OAAO,EACP,IAAY,GACb,EAAE;QACD,GAAG,EAAE,GAAG,CAAC;QACT,SAAS,EAAE,0BAA0B,CAAC,MAAM,CAAC,CAAC;QAC9C,OAAO,EAAE,iBAAiB,CAAC;QAC3B,IAAI,CAAC,EAAE,OAAO,CAAC;KAChB,GAAG,wBAAwB,CAAC,MAAM,CAAC;IAIpC,MAAM,CAAC,uBAAuB,CAAC,MAAM,EAAE,EACrC,mBAAmB,EACnB,SAAS,EACT,OAAO,EACP,IAAY,GACb,EAAE;QACD,mBAAmB,EAAE,mBAAmB,CAAC;QACzC,SAAS,EAAE,0BAA0B,CAAC,MAAM,CAAC,CAAC;QAC9C,OAAO,EAAE,iBAAiB,CAAC;QAC3B,IAAI,CAAC,EAAE,OAAO,CAAC;KAChB,GAAG,wBAAwB,CAAC,MAAM,CAAC;IAIpC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,GAAG,wBAAwB,CAAC,MAAM,CAAC;IAIhH,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI;IAKrC,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAKpC,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAK1B,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,IAAI;IAKvB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAKhC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,GAAG,IAAI;IAKhC,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAK1B,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,IAAI;IAcvB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAK1C,uBAAuB,CAAC,WAAW,EAAE,mBAAmB,GAAG,IAAI;IAO/D,oBAAoB,CAAC,gBAAgB,EAAE,gBAAgB,GAAG,IAAI;IAK9D,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,IAAI;IAoCV,KAAK,IAAI,OAAO,CAAC,iBAAiB,CAAC;CAuBjD"}
|
|
@@ -12,7 +12,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
12
12
|
exports.ProofOfPossessionBuilder = void 0;
|
|
13
13
|
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
14
14
|
class ProofOfPossessionBuilder {
|
|
15
|
-
constructor({ proof, callbacks, jwt, accessTokenResponse, version, }) {
|
|
15
|
+
constructor({ proof, callbacks, jwt, accessTokenResponse, version, mode = 'pop', }) {
|
|
16
|
+
this.mode = 'pop';
|
|
17
|
+
this.mode = mode;
|
|
16
18
|
this.proof = proof;
|
|
17
19
|
this.callbacks = callbacks;
|
|
18
20
|
this.version = version;
|
|
@@ -20,21 +22,28 @@ class ProofOfPossessionBuilder {
|
|
|
20
22
|
this.withJwt(jwt);
|
|
21
23
|
}
|
|
22
24
|
else {
|
|
23
|
-
this.withTyp(version < oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11 ? 'jwt' : 'openid4vci-proof+jwt');
|
|
25
|
+
this.withTyp(version < oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11 || mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt');
|
|
24
26
|
}
|
|
25
27
|
if (accessTokenResponse) {
|
|
26
28
|
this.withAccessTokenResponse(accessTokenResponse);
|
|
27
29
|
}
|
|
28
30
|
}
|
|
29
|
-
static
|
|
30
|
-
return new ProofOfPossessionBuilder({ callbacks, jwt, version });
|
|
31
|
+
static manual({ jwt, callbacks, version, mode = 'jwt', }) {
|
|
32
|
+
return new ProofOfPossessionBuilder({ callbacks, jwt, version, mode });
|
|
31
33
|
}
|
|
32
|
-
static
|
|
33
|
-
return new ProofOfPossessionBuilder({ callbacks,
|
|
34
|
+
static fromJwt({ jwt, callbacks, version, mode = 'pop', }) {
|
|
35
|
+
return new ProofOfPossessionBuilder({ callbacks, jwt, version, mode });
|
|
36
|
+
}
|
|
37
|
+
static fromAccessTokenResponse({ accessTokenResponse, callbacks, version, mode = 'pop', }) {
|
|
38
|
+
return new ProofOfPossessionBuilder({ callbacks, accessTokenResponse, version, mode });
|
|
34
39
|
}
|
|
35
40
|
static fromProof(proof, version) {
|
|
36
41
|
return new ProofOfPossessionBuilder({ proof, version });
|
|
37
42
|
}
|
|
43
|
+
withAud(aud) {
|
|
44
|
+
this.aud = aud;
|
|
45
|
+
return this;
|
|
46
|
+
}
|
|
38
47
|
withClientId(clientId) {
|
|
39
48
|
this.clientId = clientId;
|
|
40
49
|
return this;
|
|
@@ -60,7 +69,7 @@ class ProofOfPossessionBuilder {
|
|
|
60
69
|
return this;
|
|
61
70
|
}
|
|
62
71
|
withTyp(typ) {
|
|
63
|
-
if (this.version >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11) {
|
|
72
|
+
if (this.mode === 'pop' && this.version >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11) {
|
|
64
73
|
if (!!typ && typ !== 'openid4vci-proof+jwt') {
|
|
65
74
|
throw Error('typ must be openid4vci-proof+jwt for version 1.0.11 and up');
|
|
66
75
|
}
|
|
@@ -104,7 +113,7 @@ class ProofOfPossessionBuilder {
|
|
|
104
113
|
if (jwt.header.typ) {
|
|
105
114
|
this.withTyp(jwt.header.typ);
|
|
106
115
|
}
|
|
107
|
-
if (this.version >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11) {
|
|
116
|
+
if (!this.typ && this.version >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11) {
|
|
108
117
|
this.withTyp('openid4vci-proof+jwt');
|
|
109
118
|
}
|
|
110
119
|
this.withAlg(jwt.header.alg);
|
|
@@ -114,9 +123,9 @@ class ProofOfPossessionBuilder {
|
|
|
114
123
|
}
|
|
115
124
|
if (jwt.payload) {
|
|
116
125
|
if (jwt.payload.iss)
|
|
117
|
-
this.withClientId(jwt.payload.iss);
|
|
126
|
+
this.mode === 'pop' ? this.withClientId(jwt.payload.iss) : this.withIssuer(jwt.payload.iss);
|
|
118
127
|
if (jwt.payload.aud)
|
|
119
|
-
this.withIssuer(jwt.payload.aud);
|
|
128
|
+
this.mode === 'pop' ? this.withIssuer(jwt.payload.aud) : this.withAud(jwt.payload.aud);
|
|
120
129
|
if (jwt.payload.jti)
|
|
121
130
|
this.withJti(jwt.payload.jti);
|
|
122
131
|
if (jwt.payload.nonce)
|
|
@@ -131,16 +140,7 @@ class ProofOfPossessionBuilder {
|
|
|
131
140
|
return Promise.resolve(this.proof);
|
|
132
141
|
}
|
|
133
142
|
else if (this.callbacks) {
|
|
134
|
-
return yield (0, oid4vci_common_1.createProofOfPossession)(this.callbacks, {
|
|
135
|
-
typ: (_a = this.typ) !== null && _a !== void 0 ? _a : (this.version < oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11 ? 'jwt' : 'openid4vci-proof+jwt'),
|
|
136
|
-
kid: this.kid,
|
|
137
|
-
jwk: this.jwk,
|
|
138
|
-
jti: this.jti,
|
|
139
|
-
alg: this.alg,
|
|
140
|
-
issuer: this.issuer,
|
|
141
|
-
clientId: this.clientId,
|
|
142
|
-
nonce: this.cNonce,
|
|
143
|
-
}, this.jwt);
|
|
143
|
+
return yield (0, oid4vci_common_1.createProofOfPossession)(this.mode, this.callbacks, Object.assign({ typ: (_a = this.typ) !== null && _a !== void 0 ? _a : (this.version < oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11 || this.mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt'), kid: this.kid, jwk: this.jwk, jti: this.jti, alg: this.alg, aud: this.aud, issuer: this.issuer, clientId: this.clientId }, (this.cNonce && { nonce: this.cNonce })), this.jwt);
|
|
144
144
|
}
|
|
145
145
|
throw new Error(oid4vci_common_1.PROOF_CANT_BE_CONSTRUCTED);
|
|
146
146
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ProofOfPossessionBuilder.js","sourceRoot":"","sources":["../lib/ProofOfPossessionBuilder.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"ProofOfPossessionBuilder.js","sourceRoot":"","sources":["../lib/ProofOfPossessionBuilder.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAckC;AAElC,MAAa,wBAAwB;IAiBnC,YAAoB,EAClB,KAAK,EACL,SAAS,EACT,GAAG,EACH,mBAAmB,EACnB,OAAO,EACP,IAAI,GAAG,KAAK,GAQb;QA3BgB,SAAI,GAAY,KAAK,CAAC;QA4BrC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,kCAAiB,CAAC,UAAU,IAAI,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;QAC1G,CAAC;QACD,IAAI,mBAAmB,EAAE,CAAC;YACxB,IAAI,CAAC,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,MAAM,CAAC,MAAM,CAAS,EACpB,GAAG,EACH,SAAS,EACT,OAAO,EACP,IAAI,GAAG,KAAK,GAMb;QACC,OAAO,IAAI,wBAAwB,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,OAAO,CAAS,EACrB,GAAG,EACH,SAAS,EACT,OAAO,EACP,IAAI,GAAG,KAAK,GAMb;QACC,OAAO,IAAI,wBAAwB,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,uBAAuB,CAAS,EACrC,mBAAmB,EACnB,SAAS,EACT,OAAO,EACP,IAAI,GAAG,KAAK,GAMb;QACC,OAAO,IAAI,wBAAwB,CAAC,EAAE,SAAS,EAAE,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,CAAC,SAAS,CAAS,KAAwB,EAAE,OAA0B;QAC3E,OAAO,IAAI,wBAAwB,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,CAAC,GAAsB;QAC5B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY,CAAC,QAAgB;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAW;QACjB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAQ;QACd,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,UAAU,CAAC,MAAc;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAiB;QACvB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAW;QACjB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAQ;QACd,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,OAAO,IAAI,kCAAiB,CAAC,UAAU,EAAE,CAAC;YACxE,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,KAAK,sBAAsB,EAAE,CAAC;gBAC5C,MAAM,KAAK,CAAC,4DAA4D,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBAC3B,MAAM,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oBAAoB,CAAC,MAAc;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uBAAuB,CAAC,WAAgC;QACtD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oBAAoB,CAAC,gBAAkC;QACrD,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAQ;QACd,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,gCAAe,CAAC,CAAC;QACnC,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACnB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACnB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAU,CAAC,CAAC;QACtC,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,IAAI,kCAAiB,CAAC,UAAU,EAAE,CAAC;YAC9D,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAE7B,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,4GAA4G;YAC5G,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG;gBAAE,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjH,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG;gBAAE,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC5G,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG;gBAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK;gBAAE,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEY,KAAK;;;YAChB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrC,CAAC;iBAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,OAAO,MAAM,IAAA,wCAAuB,EAClC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,SAAS,kBAEZ,GAAG,EAAE,MAAA,IAAI,CAAC,GAAG,mCAAI,CAAC,IAAI,CAAC,OAAO,GAAG,kCAAiB,CAAC,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,EACtH,GAAG,EAAE,IAAI,CAAC,GAAG,EACb,GAAG,EAAE,IAAI,CAAC,GAAG,EACb,GAAG,EAAE,IAAI,CAAC,GAAG,EACb,GAAG,EAAE,IAAI,CAAC,GAAG,EACb,GAAG,EAAE,IAAI,CAAC,GAAG,EACb,MAAM,EAAE,IAAI,CAAC,MAAM,EACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IACpB,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,GAE5C,IAAI,CAAC,GAAG,CACT,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,0CAAyB,CAAC,CAAC;;KAC5C;CACF;AAzND,4DAyNC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
import { ISimpleLogger } from '@sphereon/ssi-types';
|
|
2
|
+
export declare const LOG: ISimpleLogger<string>;
|
|
1
3
|
export * from './AccessTokenClient';
|
|
2
4
|
export * from './AccessTokenClientV1_0_11';
|
|
3
5
|
export * from './AuthorizationCodeClient';
|
|
@@ -5,13 +7,16 @@ export * from './AuthorizationCodeClientV1_0_11';
|
|
|
5
7
|
export * from './CredentialRequestClient';
|
|
6
8
|
export * from './CredentialOfferClient';
|
|
7
9
|
export * from './CredentialOfferClientV1_0_11';
|
|
10
|
+
export * from './CredentialOfferClientV1_0_13';
|
|
8
11
|
export * from './CredentialRequestClientV1_0_11';
|
|
9
12
|
export * from './CredentialRequestClientBuilder';
|
|
10
13
|
export * from './CredentialRequestClientBuilderV1_0_11';
|
|
11
14
|
export * from './functions';
|
|
12
15
|
export * from './MetadataClient';
|
|
16
|
+
export * from './MetadataClientV1_0_13';
|
|
13
17
|
export * from './MetadataClientV1_0_11';
|
|
14
18
|
export * from './OpenID4VCIClient';
|
|
19
|
+
export * from './OpenID4VCIClientV1_0_13';
|
|
15
20
|
export * from './OpenID4VCIClientV1_0_11';
|
|
16
21
|
export * from './ProofOfPossessionBuilder';
|
|
17
22
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,eAAO,MAAM,GAAG,EAAE,aAAa,CAAC,MAAM,CAA8C,CAAC;AAErF,cAAc,qBAAqB,CAAC;AACpC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kCAAkC,CAAC;AACjD,cAAc,kCAAkC,CAAC;AACjD,cAAc,yCAAyC,CAAC;AACxD,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,yBAAyB,CAAC;AACxC,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,4BAA4B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -14,6 +14,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
exports.LOG = void 0;
|
|
18
|
+
const oid4vci_common_1 = require("@sphereon/oid4vci-common");
|
|
19
|
+
exports.LOG = oid4vci_common_1.VCI_LOGGERS.get('sphereon:oid4vci:client');
|
|
17
20
|
__exportStar(require("./AccessTokenClient"), exports);
|
|
18
21
|
__exportStar(require("./AccessTokenClientV1_0_11"), exports);
|
|
19
22
|
__exportStar(require("./AuthorizationCodeClient"), exports);
|
|
@@ -21,13 +24,16 @@ __exportStar(require("./AuthorizationCodeClientV1_0_11"), exports);
|
|
|
21
24
|
__exportStar(require("./CredentialRequestClient"), exports);
|
|
22
25
|
__exportStar(require("./CredentialOfferClient"), exports);
|
|
23
26
|
__exportStar(require("./CredentialOfferClientV1_0_11"), exports);
|
|
27
|
+
__exportStar(require("./CredentialOfferClientV1_0_13"), exports);
|
|
24
28
|
__exportStar(require("./CredentialRequestClientV1_0_11"), exports);
|
|
25
29
|
__exportStar(require("./CredentialRequestClientBuilder"), exports);
|
|
26
30
|
__exportStar(require("./CredentialRequestClientBuilderV1_0_11"), exports);
|
|
27
31
|
__exportStar(require("./functions"), exports);
|
|
28
32
|
__exportStar(require("./MetadataClient"), exports);
|
|
33
|
+
__exportStar(require("./MetadataClientV1_0_13"), exports);
|
|
29
34
|
__exportStar(require("./MetadataClientV1_0_11"), exports);
|
|
30
35
|
__exportStar(require("./OpenID4VCIClient"), exports);
|
|
36
|
+
__exportStar(require("./OpenID4VCIClientV1_0_13"), exports);
|
|
31
37
|
__exportStar(require("./OpenID4VCIClientV1_0_11"), exports);
|
|
32
38
|
__exportStar(require("./ProofOfPossessionBuilder"), exports);
|
|
33
39
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,6DAAuD;AAG1C,QAAA,GAAG,GAA0B,4BAAW,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;AAErF,sDAAoC;AACpC,6DAA2C;AAC3C,4DAA0C;AAC1C,mEAAiD;AACjD,4DAA0C;AAC1C,0DAAwC;AACxC,iEAA+C;AAC/C,iEAA+C;AAC/C,mEAAiD;AACjD,mEAAiD;AACjD,0EAAwD;AACxD,8CAA4B;AAC5B,mDAAiC;AACjC,0DAAwC;AACxC,0DAAwC;AACxC,qDAAmC;AACnC,4DAA0C;AAC1C,4DAA0C;AAC1C,6DAA2C"}
|
package/lib/AccessTokenClient.ts
CHANGED
|
@@ -6,16 +6,12 @@ import {
|
|
|
6
6
|
AuthorizationServerOpts,
|
|
7
7
|
AuthzFlowType,
|
|
8
8
|
convertJsonToURI,
|
|
9
|
-
CredentialOfferPayloadV1_0_13,
|
|
10
|
-
CredentialOfferV1_0_13,
|
|
11
|
-
determineSpecVersionFromOffer,
|
|
12
9
|
EndpointMetadata,
|
|
13
10
|
formPost,
|
|
14
11
|
getIssuerFromCredentialOfferPayload,
|
|
15
12
|
GrantTypes,
|
|
16
13
|
IssuerOpts,
|
|
17
14
|
JsonURIMode,
|
|
18
|
-
OpenId4VCIVersion,
|
|
19
15
|
OpenIDResponse,
|
|
20
16
|
PRE_AUTH_CODE_LITERAL,
|
|
21
17
|
TokenErrorResponse,
|
|
@@ -25,7 +21,7 @@ import {
|
|
|
25
21
|
} from '@sphereon/oid4vci-common';
|
|
26
22
|
import { ObjectUtils } from '@sphereon/ssi-types';
|
|
27
23
|
|
|
28
|
-
import {
|
|
24
|
+
import { MetadataClientV1_0_13 } from './MetadataClientV1_0_13';
|
|
29
25
|
import { LOG } from './types';
|
|
30
26
|
|
|
31
27
|
export class AccessTokenClient {
|
|
@@ -82,7 +78,7 @@ export class AccessTokenClient {
|
|
|
82
78
|
metadata: metadata
|
|
83
79
|
? metadata
|
|
84
80
|
: issuerOpts?.fetchMetadata
|
|
85
|
-
? await
|
|
81
|
+
? await MetadataClientV1_0_13.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
|
|
86
82
|
: undefined,
|
|
87
83
|
});
|
|
88
84
|
|
|
@@ -91,11 +87,9 @@ export class AccessTokenClient {
|
|
|
91
87
|
|
|
92
88
|
public async createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest> {
|
|
93
89
|
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
? await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_13)
|
|
98
|
-
: undefined;
|
|
90
|
+
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
91
|
+
// @ts-ignore
|
|
92
|
+
const credentialOfferRequest = opts.credentialOffer ? await toUniformCredentialOfferRequest(opts.credentialOffer) : undefined;
|
|
99
93
|
const request: Partial<AccessTokenRequest> = {};
|
|
100
94
|
|
|
101
95
|
if (asOpts?.clientId) {
|
|
@@ -6,28 +6,24 @@ import {
|
|
|
6
6
|
AuthorizationServerOpts,
|
|
7
7
|
AuthzFlowType,
|
|
8
8
|
convertJsonToURI,
|
|
9
|
-
CredentialOfferPayloadV1_0_11,
|
|
10
9
|
CredentialOfferV1_0_11,
|
|
11
10
|
CredentialOfferV1_0_13,
|
|
12
|
-
determineSpecVersionFromOffer,
|
|
13
11
|
EndpointMetadata,
|
|
14
12
|
formPost,
|
|
15
13
|
getIssuerFromCredentialOfferPayload,
|
|
16
14
|
GrantTypes,
|
|
17
15
|
IssuerOpts,
|
|
18
16
|
JsonURIMode,
|
|
19
|
-
OpenId4VCIVersion,
|
|
20
17
|
OpenIDResponse,
|
|
21
18
|
PRE_AUTH_CODE_LITERAL,
|
|
22
19
|
TokenErrorResponse,
|
|
23
20
|
toUniformCredentialOfferRequest,
|
|
24
|
-
toUniformCredentialOfferRequestV1_0_11,
|
|
25
21
|
UniformCredentialOfferPayload,
|
|
26
22
|
} from '@sphereon/oid4vci-common';
|
|
27
23
|
import { ObjectUtils } from '@sphereon/ssi-types';
|
|
28
24
|
import Debug from 'debug';
|
|
29
25
|
|
|
30
|
-
import {
|
|
26
|
+
import { MetadataClientV1_0_13 } from './MetadataClientV1_0_13';
|
|
31
27
|
|
|
32
28
|
const debug = Debug('sphereon:oid4vci:token');
|
|
33
29
|
|
|
@@ -84,7 +80,7 @@ export class AccessTokenClientV1_0_11 {
|
|
|
84
80
|
metadata: metadata
|
|
85
81
|
? metadata
|
|
86
82
|
: issuerOpts?.fetchMetadata
|
|
87
|
-
? await
|
|
83
|
+
? await MetadataClientV1_0_13.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
|
|
88
84
|
: undefined,
|
|
89
85
|
});
|
|
90
86
|
|
|
@@ -94,9 +90,7 @@ export class AccessTokenClientV1_0_11 {
|
|
|
94
90
|
public async createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest> {
|
|
95
91
|
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
96
92
|
const credentialOfferRequest = opts.credentialOffer
|
|
97
|
-
?
|
|
98
|
-
? await toUniformCredentialOfferRequestV1_0_11(opts.credentialOffer as CredentialOfferV1_0_11)
|
|
99
|
-
: await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_13)
|
|
93
|
+
? await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_11 | CredentialOfferV1_0_13)
|
|
100
94
|
: undefined;
|
|
101
95
|
const request: Partial<AccessTokenRequest> = {};
|
|
102
96
|
|
|
@@ -3,6 +3,7 @@ import {
|
|
|
3
3
|
AuthorizationRequestOpts,
|
|
4
4
|
CodeChallengeMethod,
|
|
5
5
|
convertJsonToURI,
|
|
6
|
+
CreateRequestObjectMode,
|
|
6
7
|
CredentialConfigurationSupportedV1_0_13,
|
|
7
8
|
CredentialOfferPayloadV1_0_13,
|
|
8
9
|
CredentialOfferRequestWithBaseUrl,
|
|
@@ -10,17 +11,56 @@ import {
|
|
|
10
11
|
EndpointMetadataResultV1_0_13,
|
|
11
12
|
formPost,
|
|
12
13
|
JsonURIMode,
|
|
14
|
+
Jwt,
|
|
13
15
|
OID4VCICredentialFormat,
|
|
14
16
|
OpenId4VCIVersion,
|
|
15
17
|
PARMode,
|
|
16
18
|
PKCEOpts,
|
|
17
19
|
PushedAuthorizationResponse,
|
|
20
|
+
RequestObjectOpts,
|
|
18
21
|
ResponseType,
|
|
19
22
|
} from '@sphereon/oid4vci-common';
|
|
20
23
|
import Debug from 'debug';
|
|
21
24
|
|
|
25
|
+
import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
|
|
26
|
+
|
|
22
27
|
const debug = Debug('sphereon:oid4vci');
|
|
23
28
|
|
|
29
|
+
export async function createSignedAuthRequestWhenNeeded(requestObject: Record<string, any>, opts: RequestObjectOpts & { aud?: string }) {
|
|
30
|
+
if (opts.requestObjectMode === CreateRequestObjectMode.REQUEST_URI) {
|
|
31
|
+
throw Error(`Request Object Mode ${opts.requestObjectMode} is not supported yet`);
|
|
32
|
+
} else if (opts.requestObjectMode === CreateRequestObjectMode.REQUEST_OBJECT) {
|
|
33
|
+
if (typeof opts.signCallbacks?.signCallback !== 'function') {
|
|
34
|
+
throw Error(`No request object sign callback found, whilst request object mode was set to ${opts.requestObjectMode}`);
|
|
35
|
+
} else if (!opts.kid) {
|
|
36
|
+
throw Error(`No kid found, whilst request object mode was set to ${opts.requestObjectMode}`);
|
|
37
|
+
}
|
|
38
|
+
let client_metadata: any
|
|
39
|
+
if (opts.clientMetadata || opts.jwksUri) {
|
|
40
|
+
client_metadata = opts.clientMetadata ?? {};
|
|
41
|
+
if (opts.jwksUri) {
|
|
42
|
+
client_metadata['jwks_uri'] = opts.jwksUri;
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
let authorization_details = requestObject['authorization_details']
|
|
46
|
+
if (typeof authorization_details === 'string') {
|
|
47
|
+
authorization_details = JSON.parse(requestObject.authorization_details);
|
|
48
|
+
}
|
|
49
|
+
if (!requestObject.aud && opts.aud) {
|
|
50
|
+
requestObject.aud = opts.aud;
|
|
51
|
+
}
|
|
52
|
+
const iss = requestObject.iss ?? opts.iss ?? requestObject.client_id
|
|
53
|
+
|
|
54
|
+
const jwt: Jwt = { header: { alg: 'ES256', kid: opts.kid, typ: 'jwt' }, payload: {...requestObject, iss, authorization_details, ...(client_metadata && {client_metadata})} };
|
|
55
|
+
const pop = await ProofOfPossessionBuilder.fromJwt({
|
|
56
|
+
jwt,
|
|
57
|
+
callbacks: opts.signCallbacks,
|
|
58
|
+
version: OpenId4VCIVersion.VER_1_0_11,
|
|
59
|
+
mode: 'jwt',
|
|
60
|
+
}).build();
|
|
61
|
+
requestObject['request'] = pop.jwt;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
24
64
|
function filterSupportedCredentials(
|
|
25
65
|
credentialOffer: CredentialOfferPayloadV1_0_13,
|
|
26
66
|
credentialsSupported?: Record<string, CredentialConfigurationSupportedV1_0_13>,
|
|
@@ -62,15 +102,13 @@ export const createAuthorizationRequestUrl = async ({
|
|
|
62
102
|
}
|
|
63
103
|
}
|
|
64
104
|
|
|
65
|
-
const { redirectUri } = authorizationRequest;
|
|
105
|
+
const { redirectUri, requestObjectOpts = { requestObjectMode: CreateRequestObjectMode.NONE } } = authorizationRequest;
|
|
66
106
|
const client_id = clientId ?? authorizationRequest.clientId;
|
|
67
|
-
|
|
68
|
-
throw Error(`Cannot use PAR without a client_id value set`);
|
|
69
|
-
}
|
|
107
|
+
|
|
70
108
|
let { scope, authorizationDetails } = authorizationRequest;
|
|
71
109
|
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests
|
|
72
110
|
? PARMode.REQUIRE
|
|
73
|
-
: authorizationRequest.parMode ?? PARMode.AUTO;
|
|
111
|
+
: authorizationRequest.parMode ?? (client_id ? PARMode.AUTO : PARMode.NEVER);
|
|
74
112
|
// Scope and authorization_details can be used in the same authorization request
|
|
75
113
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-23#name-relationship-to-scope-param
|
|
76
114
|
if (!scope && !authorizationDetails) {
|
|
@@ -138,7 +176,7 @@ export const createAuthorizationRequestUrl = async ({
|
|
|
138
176
|
scope = ['openid', scope].filter((s) => !!s).join(' ');
|
|
139
177
|
}
|
|
140
178
|
|
|
141
|
-
let queryObj:
|
|
179
|
+
let queryObj: Record<string, any> | PushedAuthorizationResponse = {
|
|
142
180
|
response_type: ResponseType.AUTH_CODE,
|
|
143
181
|
...(!pkce.disabled && {
|
|
144
182
|
code_challenge_method: pkce.codeChallengeMethod ?? CodeChallengeMethod.S256,
|
|
@@ -146,7 +184,7 @@ export const createAuthorizationRequestUrl = async ({
|
|
|
146
184
|
}),
|
|
147
185
|
authorization_details: JSON.stringify(handleAuthorizationDetails(endpointMetadata, authorizationDetails)),
|
|
148
186
|
...(redirectUri && { redirect_uri: redirectUri }),
|
|
149
|
-
client_id,
|
|
187
|
+
...(client_id && { client_id }),
|
|
150
188
|
...(credentialOffer?.issuerState && { issuer_state: credentialOffer.issuerState }),
|
|
151
189
|
scope,
|
|
152
190
|
};
|
|
@@ -170,10 +208,11 @@ export const createAuthorizationRequestUrl = async ({
|
|
|
170
208
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
171
209
|
}
|
|
172
210
|
} else {
|
|
173
|
-
debug(`PAR response: ${(parResponse.successBody, null, 2)}`);
|
|
211
|
+
debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
174
212
|
queryObj = { /*response_type: ResponseType.AUTH_CODE,*/ client_id, request_uri: parResponse.successBody.request_uri };
|
|
175
213
|
}
|
|
176
214
|
}
|
|
215
|
+
await createSignedAuthRequestWhenNeeded(queryObj, { ...requestObjectOpts, aud: endpointMetadata.authorization_server });
|
|
177
216
|
|
|
178
217
|
debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
179
218
|
const url = convertJsonToURI(queryObj, {
|
|
@@ -3,7 +3,7 @@ import {
|
|
|
3
3
|
AuthorizationRequestOpts,
|
|
4
4
|
CodeChallengeMethod,
|
|
5
5
|
convertJsonToURI,
|
|
6
|
-
|
|
6
|
+
CreateRequestObjectMode,
|
|
7
7
|
CredentialOfferFormat,
|
|
8
8
|
CredentialOfferPayloadV1_0_11,
|
|
9
9
|
CredentialOfferRequestWithBaseUrl,
|
|
@@ -18,6 +18,8 @@ import {
|
|
|
18
18
|
} from '@sphereon/oid4vci-common';
|
|
19
19
|
import Debug from 'debug';
|
|
20
20
|
|
|
21
|
+
import { createSignedAuthRequestWhenNeeded } from './AuthorizationCodeClient';
|
|
22
|
+
|
|
21
23
|
const debug = Debug('sphereon:oid4vci');
|
|
22
24
|
|
|
23
25
|
export const createAuthorizationRequestUrlV1_0_11 = async ({
|
|
@@ -33,8 +35,9 @@ export const createAuthorizationRequestUrlV1_0_11 = async ({
|
|
|
33
35
|
credentialOffer?: CredentialOfferRequestWithBaseUrl;
|
|
34
36
|
credentialsSupported?: CredentialsSupportedLegacy[];
|
|
35
37
|
}): Promise<string> => {
|
|
36
|
-
const { redirectUri, clientId } = authorizationRequest;
|
|
38
|
+
const { redirectUri, clientId, requestObjectOpts = { requestObjectMode: CreateRequestObjectMode.NONE } } = authorizationRequest;
|
|
37
39
|
let { scope, authorizationDetails } = authorizationRequest;
|
|
40
|
+
|
|
38
41
|
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests
|
|
39
42
|
? PARMode.REQUIRE
|
|
40
43
|
: authorizationRequest.parMode ?? PARMode.AUTO;
|
|
@@ -50,9 +53,7 @@ export const createAuthorizationRequestUrlV1_0_11 = async ({
|
|
|
50
53
|
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
51
54
|
// @ts-ignore
|
|
52
55
|
authorizationDetails = creds
|
|
53
|
-
.flatMap((cred) =>
|
|
54
|
-
typeof cred === 'string' && credentialsSupported ? Object.values(credentialsSupported) : (cred as CredentialConfigurationSupported),
|
|
55
|
-
)
|
|
56
|
+
.flatMap((cred) => (typeof cred === 'string' ? credentialsSupported : (cred as CredentialsSupportedLegacy)))
|
|
56
57
|
.filter((cred) => !!cred)
|
|
57
58
|
.map((cred) => {
|
|
58
59
|
return {
|
|
@@ -111,10 +112,11 @@ export const createAuthorizationRequestUrlV1_0_11 = async ({
|
|
|
111
112
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
112
113
|
}
|
|
113
114
|
} else {
|
|
114
|
-
debug(`PAR response: ${(parResponse.successBody, null, 2)}`);
|
|
115
|
+
debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
115
116
|
queryObj = { request_uri: parResponse.successBody.request_uri };
|
|
116
117
|
}
|
|
117
118
|
}
|
|
119
|
+
await createSignedAuthRequestWhenNeeded(queryObj, { ...requestObjectOpts, aud: endpointMetadata.authorization_server });
|
|
118
120
|
|
|
119
121
|
debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
120
122
|
const url = convertJsonToURI(queryObj, {
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
import {
|
|
2
2
|
convertJsonToURI,
|
|
3
3
|
convertURIToJsonObject,
|
|
4
|
+
CredentialOffer,
|
|
5
|
+
CredentialOfferPayload,
|
|
6
|
+
CredentialOfferPayloadV1_0_09,
|
|
4
7
|
CredentialOfferRequestWithBaseUrl,
|
|
8
|
+
CredentialOfferV1_0_11,
|
|
5
9
|
CredentialOfferV1_0_13,
|
|
6
10
|
determineSpecVersionFromURI,
|
|
7
11
|
getClientIdFromCredentialOfferPayload,
|
|
@@ -10,6 +14,8 @@ import {
|
|
|
10
14
|
} from '@sphereon/oid4vci-common';
|
|
11
15
|
import Debug from 'debug';
|
|
12
16
|
|
|
17
|
+
import { LOG } from './types';
|
|
18
|
+
|
|
13
19
|
const debug = Debug('sphereon:oid4vci:offer');
|
|
14
20
|
|
|
15
21
|
export class CredentialOfferClient {
|
|
@@ -22,15 +28,27 @@ export class CredentialOfferClient {
|
|
|
22
28
|
const scheme = uri.split('://')[0];
|
|
23
29
|
const baseUrl = uri.split('?')[0];
|
|
24
30
|
const version = determineSpecVersionFromURI(uri);
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
31
|
+
LOG.log(`Offer URL determined to be of version ${version}`);
|
|
32
|
+
let credentialOffer: CredentialOffer;
|
|
33
|
+
let credentialOfferPayload: CredentialOfferPayload;
|
|
34
|
+
// credential offer was introduced in draft 9 and credential_offer_uri in draft 11
|
|
35
|
+
if (version < OpenId4VCIVersion.VER_1_0_11) {
|
|
36
|
+
credentialOfferPayload = convertURIToJsonObject(uri, {
|
|
37
|
+
arrayTypeProperties: ['credential_type'],
|
|
38
|
+
requiredProperties: uri.includes('credential_offer=') ? ['credential_offer'] : ['issuer', 'credential_type'],
|
|
39
|
+
}) as CredentialOfferPayloadV1_0_09;
|
|
40
|
+
credentialOffer = {
|
|
41
|
+
credential_offer: credentialOfferPayload,
|
|
42
|
+
};
|
|
43
|
+
} else {
|
|
44
|
+
credentialOffer = convertURIToJsonObject(uri, {
|
|
45
|
+
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
46
|
+
arrayTypeProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri='] : ['credential_offer='],
|
|
47
|
+
requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri='] : ['credential_offer='],
|
|
48
|
+
}) as CredentialOfferV1_0_11 | CredentialOfferV1_0_13;
|
|
49
|
+
if (credentialOffer?.credential_offer_uri === undefined && !credentialOffer?.credential_offer) {
|
|
50
|
+
throw Error('Either a credential_offer or credential_offer_uri should be present in ' + uri);
|
|
51
|
+
}
|
|
34
52
|
}
|
|
35
53
|
|
|
36
54
|
const request = await toUniformCredentialOfferRequest(credentialOffer, {
|
|
@@ -49,6 +67,10 @@ export class CredentialOfferClient {
|
|
|
49
67
|
...(grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.['pre-authorized_code'] && {
|
|
50
68
|
preAuthorizedCode: grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']['pre-authorized_code'],
|
|
51
69
|
}),
|
|
70
|
+
userPinRequired:
|
|
71
|
+
request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.user_pin_required ??
|
|
72
|
+
!!request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code ??
|
|
73
|
+
false,
|
|
52
74
|
...(request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code &&
|
|
53
75
|
{
|
|
54
76
|
// txCode: request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code,
|
|
@@ -10,7 +10,7 @@ import {
|
|
|
10
10
|
determineSpecVersionFromURI,
|
|
11
11
|
getClientIdFromCredentialOfferPayload,
|
|
12
12
|
OpenId4VCIVersion,
|
|
13
|
-
|
|
13
|
+
toUniformCredentialOfferRequest,
|
|
14
14
|
} from '@sphereon/oid4vci-common';
|
|
15
15
|
import Debug from 'debug';
|
|
16
16
|
|
|
@@ -31,7 +31,7 @@ export class CredentialOfferClientV1_0_11 {
|
|
|
31
31
|
if (version < OpenId4VCIVersion.VER_1_0_11) {
|
|
32
32
|
credentialOfferPayload = convertURIToJsonObject(uri, {
|
|
33
33
|
arrayTypeProperties: ['credential_type'],
|
|
34
|
-
requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri'] : ['issuer', 'credential_type'],
|
|
34
|
+
requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri='] : ['issuer', 'credential_type='],
|
|
35
35
|
}) as CredentialOfferPayloadV1_0_09;
|
|
36
36
|
credentialOffer = {
|
|
37
37
|
credential_offer: credentialOfferPayload,
|
|
@@ -39,14 +39,14 @@ export class CredentialOfferClientV1_0_11 {
|
|
|
39
39
|
} else {
|
|
40
40
|
credentialOffer = convertURIToJsonObject(uri, {
|
|
41
41
|
arrayTypeProperties: ['credentials'],
|
|
42
|
-
requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri'] : ['credential_offer'],
|
|
42
|
+
requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri='] : ['credential_offer='],
|
|
43
43
|
}) as CredentialOfferV1_0_11;
|
|
44
44
|
if (credentialOffer?.credential_offer_uri === undefined && !credentialOffer?.credential_offer) {
|
|
45
45
|
throw Error('Either a credential_offer or credential_offer_uri should be present in ' + uri);
|
|
46
46
|
}
|
|
47
47
|
}
|
|
48
48
|
|
|
49
|
-
const request = await
|
|
49
|
+
const request = await toUniformCredentialOfferRequest(credentialOffer, {
|
|
50
50
|
...opts,
|
|
51
51
|
version,
|
|
52
52
|
});
|
|
@@ -56,13 +56,13 @@ export class CredentialOfferClientV1_0_11 {
|
|
|
56
56
|
return {
|
|
57
57
|
scheme,
|
|
58
58
|
baseUrl,
|
|
59
|
-
clientId,
|
|
59
|
+
...(clientId && { clientId }),
|
|
60
60
|
...request,
|
|
61
61
|
...(grants?.authorization_code?.issuer_state && { issuerState: grants.authorization_code.issuer_state }),
|
|
62
62
|
...(grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.['pre-authorized_code'] && {
|
|
63
63
|
preAuthorizedCode: grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']['pre-authorized_code'],
|
|
64
64
|
}),
|
|
65
|
-
userPinRequired: request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.user_pin_required ?? false,
|
|
65
|
+
userPinRequired: !!request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.user_pin_required ?? false,
|
|
66
66
|
};
|
|
67
67
|
}
|
|
68
68
|
|