@sphereon/oid4vci-client 0.12.1-next.21 → 0.12.1-next.23

package/lib/__tests__/ProofOfPossessionBuilder.spec.ts

@@ -8,12 +8,12 @@ import { ProofOfPossessionBuilder } from '..';
 import { IDENTIPROOF_ISSUER_URL } from './MetadataMocks';
 
 const jwt: Jwt = {
-  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
 
 const jwt_withoutDid: Jwt = {
-  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
 
@@ -62,10 +62,10 @@ describe('ProofOfPossession Builder ', () => {
   it('should fail without supplied proof or callbacks and with kid without did', async function () {
     await expect(
       ProofOfPossessionBuilder.fromProof(undefined as never, OpenId4VCIVersion.VER_1_0_13)
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).rejects.toThrow(Error(PROOF_CANT_BE_CONSTRUCTED));
   });
 
@@ -87,11 +87,11 @@ describe('ProofOfPossession Builder ', () => {
         callbacks: { signCallback: proofOfPossessionCallbackFunction },
         version: OpenId4VCIVersion.VER_1_0_08,
       })
-      .withJwt(undefined as never)
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withJwt(undefined as never)
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).toThrow(Error(NO_JWT_PROVIDED));
   });
 
@@ -118,10 +118,10 @@ describe('ProofOfPossession Builder ', () => {
       },
       version: OpenId4VCIVersion.VER_1_0_08,
     })
-    .withIssuer(IDENTIPROOF_ISSUER_URL)
-    .withKid(kid_withoutDid)
-    .withClientId('sphereon:wallet')
-    .build();
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withKid(kid_withoutDid)
+      .withClientId('sphereon:wallet')
+      .build();
     expect(proof).toBeDefined();
   });
 
@@ -152,10 +152,10 @@ describe('ProofOfPossession Builder ', () => {
         callbacks: { signCallback: proofOfPossessionCallbackFunction },
         version: OpenId4VCIVersion.VER_1_0_08,
       })
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).rejects.toThrow(Error(JWS_NOT_VALID));
   });
 
@@ -186,10 +186,10 @@ describe('ProofOfPossession Builder ', () => {
         callbacks: { signCallback: proofOfPossessionCallbackFunction },
         version: OpenId4VCIVersion.VER_1_0_08,
       })
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).rejects.toThrow(Error(JWS_NOT_VALID));
   });
 });

package/lib/__tests__/SdJwt.spec.ts

@@ -215,37 +215,37 @@ describe('sd-jwt vc', () => {
       const offered = supported['SdJwtCredentialId'] as CredentialSupportedSdJwtVc;
 
       nock(issuerMetadata.token_endpoint as string)
-      .post('/')
-      .reply(200, async (_, body: string) => {
-        const parsedBody = Object.fromEntries(body.split('&').map((x) => x.split('=')));
-        return createAccessTokenResponse(parsedBody as AccessTokenRequest, {
-          credentialOfferSessions: vcIssuer.credentialOfferSessions,
-          accessTokenIssuer: 'https://issuer.example.com',
-          cNonces: vcIssuer.cNonces,
-          cNonce: 'a-c-nonce',
-          accessTokenSignerCallback: async () => 'ey.val.ue',
-          tokenExpiresIn: 500,
+        .post('/')
+        .reply(200, async (_, body: string) => {
+          const parsedBody = Object.fromEntries(body.split('&').map((x) => x.split('=')));
+          return createAccessTokenResponse(parsedBody as AccessTokenRequest, {
+            credentialOfferSessions: vcIssuer.credentialOfferSessions,
+            accessTokenIssuer: 'https://issuer.example.com',
+            cNonces: vcIssuer.cNonces,
+            cNonce: 'a-c-nonce',
+            accessTokenSignerCallback: async () => 'ey.val.ue',
+            tokenExpiresIn: 500,
+          });
         });
-      });
 
       await client.acquireAccessToken({ pin: '123' });
       nock(issuerMetadata.credential_endpoint as string)
-      .post('/')
-      .reply(200, async (_, body) =>
-        vcIssuer.issueCredential({
-          credentialRequest: { ...(body as CredentialRequestV1_0_13), credential_identifier: offered.vct },
-          credential: {
-            vct: 'Hello',
-            iss: 'example.com',
-            iat: 123,
-            // Defines what can be disclosed (optional)
-            __disclosureFrame: {
-              name: true,
+        .post('/')
+        .reply(200, async (_, body) =>
+          vcIssuer.issueCredential({
+            credentialRequest: { ...(body as CredentialRequestV1_0_13), credential_identifier: offered.vct },
+            credential: {
+              vct: 'Hello',
+              iss: 'example.com',
+              iat: 123,
+              // Defines what can be disclosed (optional)
+              __disclosureFrame: {
+                name: true,
+              },
             },
-          },
-          newCNonce: 'new-c-nonce',
-        }),
-      );
+            newCNonce: 'new-c-nonce',
+          }),
+        );
 
       const credentials = await client.acquireCredentials({
         credentialIdentifier: offered.vct,

package/lib/__tests__/data/VciDataFixtures.ts

@@ -51,7 +51,7 @@ export interface IssuerMockData {
       type?: string;
       format: 'jwt_vc' | 'ldp_vc' | 'jwt_vc_json-ld' | string;
       proof: {
-        proof_type: 'jwt' | string;
+        proof_type: 'JWT' | string;
         jwt: string;
       };
     };
@@ -119,7 +119,7 @@ const mockData: VciMockDataStructure = {
         type: 'OpenBadgeCredential',
         format: 'jwt_vc',
         proof: {
-          proof_type: 'jwt',
+          proof_type: 'JWT',
           jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lKclpuVmpTa0V0VEhKck9VWjBPRmx5TFVkMlQzSmpia3N3YjNkc2RqUlhNblUwU3pJeFNHZHZTVlIzSWl3aWVTSTZJalozY0ZCUE1rOUNRVXBTU0ZFMVRXdEtXVlJaV0dsQlJFUXdOMU5OTlV0amVXcDNYMkUzVUUxWmVGa2lmUSMwIn0.eyJhdWQiOiJodHRwczovL25naS1vaWRjNHZjaS10ZXN0LnNwcnVjZWlkLnh5eiIsImlhdCI6MTY4MTkxMTA2MC45NDIsImV4cCI6MTY4MTkxMTcyMC45NDIsImlzcyI6InNwaGVyZW9uOnNzaS13YWxsZXQiLCJqdGkiOiJhNjA4MzMxZi02ZmE0LTQ0ZjAtYWNkZWY5NmFjMjdmNmQ3MCJ9.NwF3_41gwnlIdd_6Uk9CczeQHzIQt6UcvTT5Cxv72j9S1vNwiY9annA2kLsjsTiR5-WMBdUhJCO7wYCtZ15mxw',
         },
       },
@@ -365,7 +365,7 @@ const mockData: VciMockDataStructure = {
         types: ['OpenBadgeCredential'],
         format: 'jwt_vc',
         proof: {
-          proof_type: 'jwt',
+          proof_type: 'JWT',
           jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lKclpuVmpTa0V0VEhKck9VWjBPRmx5TFVkMlQzSmpia3N3YjNkc2RqUlhNblUwU3pJeFNHZHZTVlIzSWl3aWVTSTZJalozY0ZCUE1rOUNRVXBTU0ZFMVRXdEtXVlJaV0dsQlJFUXdOMU5OTlV0amVXcDNYMkUzVUUxWmVGa2lmUSMwIn0.eyJhdWQiOiJodHRwczovL2pmZi53YWx0LmlkL2lzc3Vlci1hcGkvZGVmYXVsdC9vaWRjLyIsImlhdCI6MTY4MTkxMTk0Mi4yMzgsImV4cCI6MTY4MTkxMjYwMi4yMzgsIm5vbmNlIjoiZjA2YTMxMDUtYTJlZC00NGZjLTk1NGItNGEyNTk3MDM0OTNiIiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6IjA1OWM3ODA5LTlmOGYtNGE3ZS1hZDI4YTNhMTNhMGIzNmViIn0.RfiWyybxpe3nkx3b0yIsqDHQtvB1WwhDW4t0X-kijy2dsSfv2cYhSEmAzs1shg7OV4EW8fSzt_Te79xiVl6jCw',
         },
       },
@@ -483,7 +483,7 @@ const mockData: VciMockDataStructure = {
         types: ['OpenBadgeCredential'],
         format: 'jwt_vc',
         proof: {
-          proof_type: 'jwt',
+          proof_type: 'JWT',
           jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lKclpuVmpTa0V0VEhKck9VWjBPRmx5TFVkMlQzSmpia3N3YjNkc2RqUlhNblUwU3pJeFNHZHZTVlIzSWl3aWVTSTZJalozY0ZCUE1rOUNRVXBTU0ZFMVRXdEtXVlJaV0dsQlJFUXdOMU5OTlV0amVXcDNYMkUzVUUxWmVGa2lmUSMwIn0.eyJhdWQiOiJodHRwczovL29pZGM0dmMudW5paXNzdWVyLmlvLyIsImlhdCI6MTY4MTkxMjgzNy40MTQsImV4cCI6MTY4MTkxMzQ5Ny40MTQsIm5vbmNlIjoiMzhkMzZmM2ItNzJlMy00ODg2LWI2MGMtMzZiNzcwZDBlNGVhIiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6ImIzYWEyMmFkLWExZTItNDJjOC1iMGI4ZTdjNDgzZDg4M2U4In0.awwIJ0422HSdOsCIe8k7zjxqY6RVaHK2ItUFqbmVjqLXxWt-Mp7cXF84n9HGgC8fgGOKmjlgXdNLr_Jiio_e3g',
         },
       },
@@ -582,7 +582,7 @@ const mockData: VciMockDataStructure = {
         type: 'OpenBadgeCredential',
         format: 'ldp_vc',
         proof: {
-          proof_type: 'jwt',
+          proof_type: 'JWT',
           jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa3AxM3N6QUFMVFN0cDV1OGtMcnl5YW5vYWtrVWtFUGZXazdvOHY3dms0RW1KI3o2TWtwMTNzekFBTFRTdHA1dThrTHJ5eWFub2Fra1VrRVBmV2s3bzh2N3ZrNEVtSiJ9.eyJhdWQiOiJodHRwczovL2xhdW5jaHBhZC5tYXR0cmxhYnMuY29tIiwiaWF0IjoxNjgxOTE0NDgyLjUxOSwiZXhwIjoxNjgxOTE1MTQyLjUxOSwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6ImI5NDY1ZGE5LTY4OGYtNDdjNi04MjUwNDA0ZGNiOWI5Y2E5In0.uQ8ewOfIjy_1p_Gk6PjeEWccBJnjOca1pwbTWiCAFMQX9wlIsfeUdGtXUoHjH5_PQtpwytodx7WU456_CT9iBQ',
         },
       },
@@ -696,7 +696,7 @@ const mockData: VciMockDataStructure = {
         type: 'OpenBadgeCredential',
         format: 'ldp_vc',
         proof: {
-          proof_type: 'jwt',
+          proof_type: 'JWT',
           jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa3AxM3N6QUFMVFN0cDV1OGtMcnl5YW5vYWtrVWtFUGZXazdvOHY3dms0RW1KI3o2TWtwMTNzekFBTFRTdHA1dThrTHJ5eWFub2Fra1VrRVBmV2s3bzh2N3ZrNEVtSiJ9.eyJhdWQiOiJodHRwczovL29pZGM0dmMuZGl3YWxhLmlvIiwiaWF0IjoxNjgxOTE1MDk1LjIwMiwiZXhwIjoxNjgxOTE1NzU1LjIwMiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6IjYxN2MwM2EzLTM3MTUtNGJlMy1hYjkxNzM4MTlmYzYxNTYzIn0.KA-cHjecaYp9FSaWHkz5cqtNyhBIVT_0I7cJnpHn03T4UWFvdhjhn8Hpe-BU247enFyWOWJ6v3NQZyZgle7xBA',
         },
       },

package/lib/functions/AccessTokenUtil.ts

@@ -9,25 +9,28 @@ export const createJwtBearerClientAssertion = async (
     version?: OpenId4VCIVersion;
   },
 ): Promise<void> => {
-  const { asOpts } = opts;
+  const { asOpts, credentialIssuer } = opts;
   if (asOpts?.clientOpts?.clientAssertionType === 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer') {
-    if (!request.client_id) {
-      throw Error(`Not client_id supplied, but client-assertion jwt-bearer requested.`);
-    } else if (!asOpts.clientOpts.kid) {
-      throw Error(`No kid supplied, but client-assertion jwt-bearer requested.`);
-    } else if (!asOpts.clientOpts.signCallbacks) {
-      throw Error(`No sign callback supplied, but client-assertion jwt-bearer requested.`);
+    const { kid, clientId = request.client_id, signCallbacks, alg } = asOpts.clientOpts;
+    if (!clientId) {
+      return Promise.reject(Error(`Not client_id supplied, but client-assertion jwt-bearer requested.`));
+    } else if (!kid) {
+      return Promise.reject(Error(`No kid supplied, but client-assertion jwt-bearer requested.`));
+    } else if (typeof signCallbacks !== 'function') {
+      return Promise.reject(Error(`No sign callback supplied, but client-assertion jwt-bearer requested.`));
+    } else if (!credentialIssuer) {
+      return Promise.reject(Error(`No credential issuer supplied, but client-assertion jwt-bearer requested.`));
     }
     const jwt: Jwt = {
       header: {
         typ: 'JWT',
-        kid: asOpts.clientOpts.kid,
-        alg: asOpts.clientOpts.alg ?? 'ES256',
+        kid: kid,
+        alg: alg ?? 'ES256',
       },
       payload: {
-        iss: request.client_id,
-        sub: request.client_id,
-        aud: opts.credentialIssuer,
+        iss: clientId,
+        sub: clientId,
+        aud: credentialIssuer,
         jti: v4(),
         exp: Date.now() / 1000 + 60,
         iat: Date.now() / 1000 - 60,
@@ -35,9 +38,9 @@ export const createJwtBearerClientAssertion = async (
     };
     const pop = await ProofOfPossessionBuilder.fromJwt({
       jwt,
-      callbacks: asOpts.clientOpts.signCallbacks,
+      callbacks: signCallbacks,
       version: opts.version ?? OpenId4VCIVersion.VER_1_0_13,
-      mode: 'jwt',
+      mode: 'JWT',
     }).build();
     request.client_assertion_type = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer';
     request.client_assertion = pop.jwt;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/oid4vci-client",
-  "version": "0.12.1-next.21+03caf09",
+  "version": "0.12.1-next.23+1ff4e40",
   "description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client",
   "source": "lib/index.ts",
   "main": "dist/index.js",
@@ -15,7 +15,7 @@
     "build": "tsc"
   },
   "dependencies": {
-    "@sphereon/oid4vci-common": "0.12.1-next.21+03caf09",
+    "@sphereon/oid4vci-common": "0.12.1-next.23+1ff4e40",
     "@sphereon/ssi-types": "0.25.1-unstable.87",
     "cross-fetch": "^3.1.8",
     "debug": "^4.3.4"
@@ -69,5 +69,5 @@
     "OIDC4VCI",
     "OID4VCI"
   ],
-  "gitHead": "03caf09d9cd0e2c3bfd9d67be0acc820d62968bc"
+  "gitHead": "1ff4e40cefb183072951e3ede3f8b3a5842d645a"
 }