npm - @sphereon/oid4vci-client - Versions diffs - 0.12.1-unstable.8 → 0.13.0 - Mend

@sphereon/oid4vci-client 0.12.1-unstable.8 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/dist/AccessTokenClient.d.ts.map +1 -1
package/dist/AccessTokenClient.js +11 -5
package/dist/AccessTokenClient.js.map +1 -1
package/dist/AccessTokenClientV1_0_11.d.ts.map +1 -1
package/dist/AccessTokenClientV1_0_11.js +12 -5
package/dist/AccessTokenClientV1_0_11.js.map +1 -1
package/dist/AuthorizationCodeClient.js +2 -2
package/dist/CredentialRequestClientBuilder.d.ts.map +1 -1
package/dist/CredentialRequestClientBuilder.js.map +1 -1
package/dist/OpenID4VCIClient.d.ts +3 -1
package/dist/OpenID4VCIClient.d.ts.map +1 -1
package/dist/OpenID4VCIClient.js +30 -14
package/dist/OpenID4VCIClient.js.map +1 -1
package/dist/OpenID4VCIClientV1_0_11.d.ts +4 -2
package/dist/OpenID4VCIClientV1_0_11.d.ts.map +1 -1
package/dist/OpenID4VCIClientV1_0_11.js +32 -16
package/dist/OpenID4VCIClientV1_0_11.js.map +1 -1
package/dist/OpenID4VCIClientV1_0_13.d.ts +3 -1
package/dist/OpenID4VCIClientV1_0_13.d.ts.map +1 -1
package/dist/OpenID4VCIClientV1_0_13.js +29 -15
package/dist/OpenID4VCIClientV1_0_13.js.map +1 -1
package/dist/ProofOfPossessionBuilder.js +6 -6
package/dist/ProofOfPossessionBuilder.js.map +1 -1
package/dist/functions/AccessTokenUtil.d.ts +5 -0
package/dist/functions/AccessTokenUtil.d.ts.map +1 -0
package/dist/functions/AccessTokenUtil.js +63 -0
package/dist/functions/AccessTokenUtil.js.map +1 -0
package/dist/functions/index.d.ts +2 -0
package/dist/functions/index.d.ts.map +1 -1
package/dist/functions/index.js +2 -0
package/dist/functions/index.js.map +1 -1
package/lib/AccessTokenClient.ts +9 -4
package/lib/AccessTokenClientV1_0_11.ts +11 -3
package/lib/AuthorizationCodeClient.ts +2 -2
package/lib/CredentialRequestClientBuilder.ts +14 -14
package/lib/OpenID4VCIClient.ts +31 -3
package/lib/OpenID4VCIClientV1_0_11.ts +35 -6
package/lib/OpenID4VCIClientV1_0_13.ts +33 -6
package/lib/ProofOfPossessionBuilder.ts +6 -6
package/lib/__tests__/CredentialRequestClient.spec.ts +1 -1
package/lib/__tests__/CredentialRequestClientBuilder.spec.ts +1 -1
package/lib/__tests__/CredentialRequestClientV1_0_11.spec.ts +2 -2
package/lib/__tests__/IT.spec.ts +23 -33
package/lib/__tests__/ProofOfPossessionBuilder.spec.ts +23 -23
package/lib/__tests__/SdJwt.spec.ts +26 -26
package/lib/functions/AccessTokenUtil.ts +52 -0
package/lib/functions/index.ts +2 -0
package/package.json +4 -4

package/lib/__tests__/ProofOfPossessionBuilder.spec.ts CHANGED Viewed

@@ -8,12 +8,12 @@ import { ProofOfPossessionBuilder } from '..';
 import { IDENTIPROOF_ISSUER_URL } from './MetadataMocks';
 const jwt: Jwt = {
-  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
 const jwt_withoutDid: Jwt = {
-  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
@@ -62,10 +62,10 @@ describe('ProofOfPossession Builder ', () => {
   it('should fail without supplied proof or callbacks and with kid without did', async function () {
     await expect(
       ProofOfPossessionBuilder.fromProof(undefined as never, OpenId4VCIVersion.VER_1_0_13)
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).rejects.toThrow(Error(PROOF_CANT_BE_CONSTRUCTED));
   });
@@ -87,11 +87,11 @@ describe('ProofOfPossession Builder ', () => {
         callbacks: { signCallback: proofOfPossessionCallbackFunction },
         version: OpenId4VCIVersion.VER_1_0_08,
       })
-      .withJwt(undefined as never)
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withJwt(undefined as never)
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).toThrow(Error(NO_JWT_PROVIDED));
   });
@@ -118,10 +118,10 @@ describe('ProofOfPossession Builder ', () => {
       },
       version: OpenId4VCIVersion.VER_1_0_08,
     })
-    .withIssuer(IDENTIPROOF_ISSUER_URL)
-    .withKid(kid_withoutDid)
-    .withClientId('sphereon:wallet')
-    .build();
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withKid(kid_withoutDid)
+      .withClientId('sphereon:wallet')
+      .build();
     expect(proof).toBeDefined();
   });
@@ -152,10 +152,10 @@ describe('ProofOfPossession Builder ', () => {
         callbacks: { signCallback: proofOfPossessionCallbackFunction },
         version: OpenId4VCIVersion.VER_1_0_08,
       })
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).rejects.toThrow(Error(JWS_NOT_VALID));
   });
@@ -186,10 +186,10 @@ describe('ProofOfPossession Builder ', () => {
         callbacks: { signCallback: proofOfPossessionCallbackFunction },
         version: OpenId4VCIVersion.VER_1_0_08,
       })
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).rejects.toThrow(Error(JWS_NOT_VALID));
   });
 });

package/lib/__tests__/SdJwt.spec.ts CHANGED Viewed

@@ -215,37 +215,37 @@ describe('sd-jwt vc', () => {
       const offered = supported['SdJwtCredentialId'] as CredentialSupportedSdJwtVc;
       nock(issuerMetadata.token_endpoint as string)
-      .post('/')
-      .reply(200, async (_, body: string) => {
-        const parsedBody = Object.fromEntries(body.split('&').map((x) => x.split('=')));
-        return createAccessTokenResponse(parsedBody as AccessTokenRequest, {
-          credentialOfferSessions: vcIssuer.credentialOfferSessions,
-          accessTokenIssuer: 'https://issuer.example.com',
-          cNonces: vcIssuer.cNonces,
-          cNonce: 'a-c-nonce',
-          accessTokenSignerCallback: async () => 'ey.val.ue',
-          tokenExpiresIn: 500,
+        .post('/')
+        .reply(200, async (_, body: string) => {
+          const parsedBody = Object.fromEntries(body.split('&').map((x) => x.split('=')));
+          return createAccessTokenResponse(parsedBody as AccessTokenRequest, {
+            credentialOfferSessions: vcIssuer.credentialOfferSessions,
+            accessTokenIssuer: 'https://issuer.example.com',
+            cNonces: vcIssuer.cNonces,
+            cNonce: 'a-c-nonce',
+            accessTokenSignerCallback: async () => 'ey.val.ue',
+            tokenExpiresIn: 500,
+          });
         });
-      });
       await client.acquireAccessToken({ pin: '123' });
       nock(issuerMetadata.credential_endpoint as string)
-      .post('/')
-      .reply(200, async (_, body) =>
-        vcIssuer.issueCredential({
-          credentialRequest: { ...(body as CredentialRequestV1_0_13), credential_identifier: offered.vct },
-          credential: {
-            vct: 'Hello',
-            iss: 'example.com',
-            iat: 123,
-            // Defines what can be disclosed (optional)
-            __disclosureFrame: {
-              name: true,
+        .post('/')
+        .reply(200, async (_, body) =>
+          vcIssuer.issueCredential({
+            credentialRequest: { ...(body as CredentialRequestV1_0_13), credential_identifier: offered.vct },
+            credential: {
+              vct: 'Hello',
+              iss: 'example.com',
+              iat: 123,
+              // Defines what can be disclosed (optional)
+              __disclosureFrame: {
+                name: true,
+              },
             },
-          },
-          newCNonce: 'new-c-nonce',
-        }),
-      );
+            newCNonce: 'new-c-nonce',
+          }),
+        );
       const credentials = await client.acquireCredentials({
         credentialIdentifier: offered.vct,

package/lib/functions/AccessTokenUtil.ts ADDED Viewed

@@ -0,0 +1,52 @@
+import { AccessTokenRequest, AccessTokenRequestOpts, Jwt, OpenId4VCIVersion } from '@sphereon/oid4vci-common';
+import { v4 } from 'uuid';
+import { ProofOfPossessionBuilder } from '../ProofOfPossessionBuilder';
+export const createJwtBearerClientAssertion = async (
+  request: Partial<AccessTokenRequest>,
+  opts: AccessTokenRequestOpts & {
+    version?: OpenId4VCIVersion;
+  },
+): Promise<void> => {
+  const { asOpts, credentialIssuer } = opts;
+  if (asOpts?.clientOpts?.clientAssertionType === 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer') {
+    const { clientId = request.client_id, signCallbacks, alg } = asOpts.clientOpts;
+    let { kid } = asOpts.clientOpts;
+    if (!clientId) {
+      return Promise.reject(Error(`Not client_id supplied, but client-assertion jwt-bearer requested.`));
+    } else if (!kid) {
+      return Promise.reject(Error(`No kid supplied, but client-assertion jwt-bearer requested.`));
+    } else if (typeof signCallbacks?.signCallback !== 'function') {
+      return Promise.reject(Error(`No sign callback supplied, but client-assertion jwt-bearer requested.`));
+    } else if (!credentialIssuer) {
+      return Promise.reject(Error(`No credential issuer supplied, but client-assertion jwt-bearer requested.`));
+    }
+    if (clientId.startsWith('http') && kid.includes('#')) {
+      kid = kid.split('#')[1];
+    }
+    const jwt: Jwt = {
+      header: {
+        typ: 'JWT',
+        kid,
+        alg: alg ?? 'ES256',
+      },
+      payload: {
+        iss: clientId,
+        sub: clientId,
+        aud: credentialIssuer,
+        jti: v4(),
+        exp: Date.now() / 1000 + 60,
+        iat: Date.now() / 1000 - 60,
+      },
+    };
+    const pop = await ProofOfPossessionBuilder.fromJwt({
+      jwt,
+      callbacks: signCallbacks,
+      version: opts.version ?? OpenId4VCIVersion.VER_1_0_13,
+      mode: 'JWT',
+    }).build();
+    request.client_assertion_type = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer';
+    request.client_assertion = pop.jwt;
+  }
+};

package/lib/functions/index.ts CHANGED Viewed

@@ -1,2 +1,4 @@
 export * from './AuthorizationUtil';
 export * from './notifications';
+export * from './OpenIDUtils';
+export * from './AccessTokenUtil';

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/oid4vci-client",
-  "version": "0.12.1-unstable.8+fd384c9",
+  "version": "0.13.0",
   "description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client",
   "source": "lib/index.ts",
   "main": "dist/index.js",
@@ -15,8 +15,8 @@
     "build": "tsc"
   },
   "dependencies": {
-    "@sphereon/oid4vci-common": "0.12.1-unstable.8+fd384c9",
-    "@sphereon/ssi-types": "0.25.1-unstable.87",
+    "@sphereon/oid4vci-common": "0.13.0",
+    "@sphereon/ssi-types": "0.26.1-next.6",
     "cross-fetch": "^3.1.8",
     "debug": "^4.3.4"
   },
@@ -69,5 +69,5 @@
     "OIDC4VCI",
     "OID4VCI"
   ],
-  "gitHead": "fd384c9833d00c175fa1cd916adc21cc8869f577"
+  "gitHead": "4ae9812531dfb8bd45809127a215cdc5d02c6d4f"
 }