@sphereon/oid4vci-client 0.12.0 → 0.12.1-next.19

package/lib/__tests__/ProofOfPossessionBuilder.spec.ts

@@ -12,8 +12,15 @@ const jwt: Jwt = {
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
 
+const jwt_withoutDid: Jwt = {
+  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
+};
+
 const kid = 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1';
 
+const kid_withoutDid = 'ebfeb1f712ebc6f1c276e12ec21/keys/1';
+
 let keypair: KeyPair;
 
 async function proofOfPossessionCallbackFunction(args: Jwt, kid?: string): Promise<string> {
@@ -52,6 +59,16 @@ describe('ProofOfPossession Builder ', () => {
     ).rejects.toThrow(Error(PROOF_CANT_BE_CONSTRUCTED));
   });
 
+  it('should fail without supplied proof or callbacks and with kid without did', async function () {
+    await expect(
+      ProofOfPossessionBuilder.fromProof(undefined as never, OpenId4VCIVersion.VER_1_0_13)
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withClientId('sphereon:wallet')
+      .withKid(kid_withoutDid)
+      .build(),
+    ).rejects.toThrow(Error(PROOF_CANT_BE_CONSTRUCTED));
+  });
+
   it('should fail wit undefined jwt supplied', async function () {
     await expect(() =>
       ProofOfPossessionBuilder.fromJwt({ jwt, callbacks: { signCallback: proofOfPossessionCallbackFunction }, version: OpenId4VCIVersion.VER_1_0_08 })
@@ -63,6 +80,21 @@ describe('ProofOfPossession Builder ', () => {
     ).toThrow(Error(NO_JWT_PROVIDED));
   });
 
+  it('should fail with undefined jwt supplied and kid without did', async function () {
+    await expect(() =>
+      ProofOfPossessionBuilder.fromJwt({
+        jwt: jwt_withoutDid,
+        callbacks: { signCallback: proofOfPossessionCallbackFunction },
+        version: OpenId4VCIVersion.VER_1_0_08,
+      })
+      .withJwt(undefined as never)
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withClientId('sphereon:wallet')
+      .withKid(kid_withoutDid)
+      .build(),
+    ).toThrow(Error(NO_JWT_PROVIDED));
+  });
+
   it('should build a proof with all required params present', async function () {
     const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
       jwt,
@@ -78,6 +110,21 @@ describe('ProofOfPossession Builder ', () => {
     expect(proof).toBeDefined();
   });
 
+  it('should build a proof with all required params present without did', async function () {
+    const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
+      jwt: jwt_withoutDid,
+      callbacks: {
+        signCallback: proofOfPossessionCallbackFunction,
+      },
+      version: OpenId4VCIVersion.VER_1_0_08,
+    })
+    .withIssuer(IDENTIPROOF_ISSUER_URL)
+    .withKid(kid_withoutDid)
+    .withClientId('sphereon:wallet')
+    .build();
+    expect(proof).toBeDefined();
+  });
+
   it('should fail creating a proof of possession with simple verification', async () => {
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
     async function proofOfPossessionCallbackFunction(_args: Jwt, _kid?: string): Promise<string> {
@@ -93,6 +140,25 @@ describe('ProofOfPossession Builder ', () => {
     ).rejects.toThrow(Error(JWS_NOT_VALID));
   });
 
+  it('should fail creating a proof of possession with simple verification and without did', async () => {
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    async function proofOfPossessionCallbackFunction(_args: Jwt, _kid?: string): Promise<string> {
+      throw new Error(JWS_NOT_VALID);
+    }
+
+    await expect(
+      ProofOfPossessionBuilder.fromJwt({
+        jwt: jwt_withoutDid,
+        callbacks: { signCallback: proofOfPossessionCallbackFunction },
+        version: OpenId4VCIVersion.VER_1_0_08,
+      })
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withClientId('sphereon:wallet')
+      .withKid(kid_withoutDid)
+      .build(),
+    ).rejects.toThrow(Error(JWS_NOT_VALID));
+  });
+
   it('should fail creating a proof of possession without verify callback', async () => {
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
     async function proofOfPossessionCallbackFunction(_args: Jwt, _kid?: string): Promise<string> {
@@ -107,4 +173,23 @@ describe('ProofOfPossession Builder ', () => {
         .build(),
     ).rejects.toThrow(Error(JWS_NOT_VALID));
   });
+
+  it('should fail creating a proof of possession without verify callback and without did', async () => {
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    async function proofOfPossessionCallbackFunction(_args: Jwt, _kid?: string): Promise<string> {
+      throw new Error(JWS_NOT_VALID);
+    }
+
+    await expect(
+      ProofOfPossessionBuilder.fromJwt({
+        jwt: jwt_withoutDid,
+        callbacks: { signCallback: proofOfPossessionCallbackFunction },
+        version: OpenId4VCIVersion.VER_1_0_08,
+      })
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withClientId('sphereon:wallet')
+      .withKid(kid_withoutDid)
+      .build(),
+    ).rejects.toThrow(Error(JWS_NOT_VALID));
+  });
 });

package/lib/__tests__/SdJwt.spec.ts

@@ -166,4 +166,107 @@ describe('sd-jwt vc', () => {
     },
     UNIT_TEST_TIMEOUT,
   );
+
+  it(
+    'succeed with a full flow without did',
+    async () => {
+      const offerUri = await vcIssuer.createCredentialOfferURI({
+        grants: {
+          'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
+            tx_code: {
+              input_mode: 'text',
+              length: 3,
+            },
+            'pre-authorized_code': '123',
+          },
+        },
+        credential_configuration_ids: ['SdJwtCredential'],
+      });
+
+      nock(vcIssuer.issuerMetadata.credential_issuer).get('/.well-known/openid-credential-issuer').reply(200, JSON.stringify(issuerMetadata));
+      nock(vcIssuer.issuerMetadata.credential_issuer).get('/.well-known/openid-configuration').reply(404);
+      nock(vcIssuer.issuerMetadata.credential_issuer).get('/.well-known/oauth-authorization-server').reply(404);
+
+      expect(offerUri.uri).toEqual(
+        'openid-credential-offer://?credential_offer=%7B%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22123%22%2C%22tx_code%22%3A%7B%22input_mode%22%3A%22text%22%2C%22length%22%3A3%7D%7D%7D%2C%22credential_configuration_ids%22%3A%5B%22SdJwtCredential%22%5D%2C%22credential_issuer%22%3A%22https%3A%2F%2Fexample.com%22%7D',
+      );
+
+      const client = await OpenID4VCIClientV1_0_13.fromURI({
+        uri: offerUri.uri,
+      });
+
+      expect(client.credentialOffer?.credential_offer).toEqual({
+        credential_issuer: 'https://example.com',
+        credential_configuration_ids: ['SdJwtCredential'],
+        grants: {
+          'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
+            'pre-authorized_code': '123',
+            tx_code: {
+              input_mode: 'text',
+              length: 3,
+            },
+          },
+        },
+      });
+
+      const supported = client.getCredentialsSupported('vc+sd-jwt');
+      expect(supported).toEqual({ SdJwtCredentialId: { format: 'vc+sd-jwt', id: 'SdJwtCredentialId', vct: 'SdJwtCredentialId' } });
+
+      const offered = supported['SdJwtCredentialId'] as CredentialSupportedSdJwtVc;
+
+      nock(issuerMetadata.token_endpoint as string)
+      .post('/')
+      .reply(200, async (_, body: string) => {
+        const parsedBody = Object.fromEntries(body.split('&').map((x) => x.split('=')));
+        return createAccessTokenResponse(parsedBody as AccessTokenRequest, {
+          credentialOfferSessions: vcIssuer.credentialOfferSessions,
+          accessTokenIssuer: 'https://issuer.example.com',
+          cNonces: vcIssuer.cNonces,
+          cNonce: 'a-c-nonce',
+          accessTokenSignerCallback: async () => 'ey.val.ue',
+          tokenExpiresIn: 500,
+        });
+      });
+
+      await client.acquireAccessToken({ pin: '123' });
+      nock(issuerMetadata.credential_endpoint as string)
+      .post('/')
+      .reply(200, async (_, body) =>
+        vcIssuer.issueCredential({
+          credentialRequest: { ...(body as CredentialRequestV1_0_13), credential_identifier: offered.vct },
+          credential: {
+            vct: 'Hello',
+            iss: 'example.com',
+            iat: 123,
+            // Defines what can be disclosed (optional)
+            __disclosureFrame: {
+              name: true,
+            },
+          },
+          newCNonce: 'new-c-nonce',
+        }),
+      );
+
+      const credentials = await client.acquireCredentials({
+        credentialIdentifier: offered.vct,
+        // format: 'vc+sd-jwt',
+        alg,
+        jwk,
+        proofCallbacks: {
+          // When using sd-jwt for real, this jwt should include a jwk
+          signCallback: async () => 'ey.ja.ja',
+        },
+      });
+
+      expect(credentials).toEqual({
+        notification_id: expect.any(String),
+        access_token: 'ey.val.ue',
+        c_nonce: 'new-c-nonce',
+        c_nonce_expires_in: 300,
+        credential: 'sd-jwt',
+        // format: 'vc+sd-jwt',
+      });
+    },
+    UNIT_TEST_TIMEOUT,
+  );
 });

package/lib/index.ts

@@ -13,6 +13,7 @@ export * from './CredentialOfferClientV1_0_11';
 export * from './CredentialOfferClientV1_0_13';
 export * from './CredentialRequestClientV1_0_11';
 export * from './CredentialRequestClientBuilder';
+export * from './CredentialRequestClientBuilderV1_0_13';
 export * from './CredentialRequestClientBuilderV1_0_11';
 export * from './functions';
 export * from './MetadataClient';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/oid4vci-client",
-  "version": "0.12.0",
+  "version": "0.12.1-next.19+e6034f5",
   "description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client",
   "source": "lib/index.ts",
   "main": "dist/index.js",
@@ -15,7 +15,7 @@
     "build": "tsc"
   },
   "dependencies": {
-    "@sphereon/oid4vci-common": "0.12.0",
+    "@sphereon/oid4vci-common": "0.12.1-next.19+e6034f5",
     "@sphereon/ssi-types": "0.25.1-unstable.87",
     "cross-fetch": "^3.1.8",
     "debug": "^4.3.4"
@@ -69,5 +69,5 @@
     "OIDC4VCI",
     "OID4VCI"
   ],
-  "gitHead": "a76c382a36e38428391c9e8d1a6b67e477fc659a"
+  "gitHead": "e6034f5abd580dd657ac22ceaff9c513e43cc348"
 }