@sphereon/oid4vci-client 0.15.1 → 0.15.2-next.38

package/lib/__tests__/OpenID4VCIClient.spec.ts

@@ -59,27 +59,6 @@ describe('OpenID4VCIClient should', () => {
       }),
     ).rejects.toThrow(Error('Server metadata does not contain authorization endpoint'));
   });
-  it("injects 'openid' as the first scope if not provided", async () => {
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
-
-    const url = await client.createAuthorizationRequestUrl({
-      pkce: {
-        codeChallengeMethod: CodeChallengeMethod.S256,
-        codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
-      },
-      authorizationRequest: {
-        scope: 'TestCredential',
-        redirectUri: 'http://localhost:8881/cb',
-      },
-    });
-
-    const urlSearchParams = new URLSearchParams(url.split('?')[1]);
-    const scope = urlSearchParams.get('scope')?.split(' ');
-
-    expect(scope?.[0]).toBe('openid');
-  });
   it('throw an error if no scope and no authorization_details is provided', async () => {
     nock(MOCK_URL).get(/.*/).reply(200, {});
     nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(200, {});
@@ -149,7 +128,7 @@ describe('OpenID4VCIClient should', () => {
         },
       }),
     ).resolves.toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client',
     );
   });
   it('create an authorization request url with authorization_details object property', async () => {
@@ -176,7 +155,7 @@ describe('OpenID4VCIClient should', () => {
         },
       }),
     ).resolves.toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client',
     );
   });
 

package/lib/__tests__/OpenID4VCIClientV1_0_13.spec.ts

@@ -51,27 +51,6 @@ describe('OpenID4VCIClientV1_0_13 should', () => {
       }),
     ).rejects.toThrow(Error('Server metadata does not contain authorization endpoint'));
   });
-  it("injects 'openid' as the first scope if not provided", async () => {
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
-
-    const url = await client.createAuthorizationRequestUrl({
-      pkce: {
-        codeChallengeMethod: CodeChallengeMethod.S256,
-        codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
-      },
-      authorizationRequest: {
-        scope: 'TestCredential',
-        redirectUri: 'http://localhost:8881/cb',
-      },
-    });
-
-    const urlSearchParams = new URLSearchParams(url.split('?')[1]);
-    const scope = urlSearchParams.get('scope')?.split(' ');
-
-    expect(scope?.[0]).toBe('openid');
-  });
   it('throw an error if no scope and no authorization_details is provided', async () => {
     nock(MOCK_URL).get(/.*/).reply(200, {});
     nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(200, {});
@@ -141,7 +120,7 @@ describe('OpenID4VCIClientV1_0_13 should', () => {
         },
       }),
     ).resolves.toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client',
     );
   });
   it('create an authorization request url with authorization_details object property', async () => {
@@ -168,7 +147,7 @@ describe('OpenID4VCIClientV1_0_13 should', () => {
         },
       }),
     ).resolves.toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client',
     );
   });
 

package/lib/__tests__/SphereonE2E.spec.test.ts

@@ -1,12 +1,12 @@
 import * as crypto from 'crypto';
 
+import { uuidv4 } from '@sphereon/oid4vc-common';
 import { Alg, Jwt, ProofOfPossessionCallbacks } from '@sphereon/oid4vci-common';
 import { CredentialMapper } from '@sphereon/ssi-types';
 import * as didts from '@transmute/did-key.js';
 import { fetch } from 'cross-fetch';
 import debug from 'debug';
 import { importJWK, JWK, SignJWT } from 'jose';
-import { v4 } from 'uuid';
 
 import { OpenID4VCIClientV1_0_11 } from '..';
 
@@ -94,7 +94,7 @@ async function getCredentialOffer(format: 'ldp_vc' | 'jwt_vc_json'): Promise<Cre
       credentials: ['GuestCredential'],
       grants: {
         'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
-          'pre-authorized_code': v4().substring(0, 10),
+          'pre-authorized_code': uuidv4().substring(0, 10),
           user_pin_required: false,
         },
       },
@@ -165,7 +165,7 @@ describe('ismapolis bug report #63, https://github.com/Sphereon-Opensource/OID4V
       format: 'jwt_vc_json',
       alg: Alg.ES256K,
       kid: didDocument.verificationMethod[0].id,
-      jti: v4(),
+      jti: uuidv4(),
     });
     console.log(JSON.stringify(credentialResponse.credential));
   });

package/lib/functions/AccessTokenUtil.ts

@@ -1,5 +1,5 @@
+import { uuidv4 } from '@sphereon/oid4vc-common';
 import { AccessTokenRequest, AccessTokenRequestOpts, Jwt, OpenId4VCIVersion } from '@sphereon/oid4vci-common';
-import { v4 } from 'uuid';
 
 import { ProofOfPossessionBuilder } from '../ProofOfPossessionBuilder';
 
@@ -35,7 +35,7 @@ export const createJwtBearerClientAssertion = async (
         iss: clientId,
         sub: clientId,
         aud: credentialIssuer,
-        jti: v4(),
+        jti: uuidv4(),
         exp: Date.now() / 1000 + 60,
         iat: Date.now() / 1000 - 60,
       },

package/lib/functions/dpopUtil.ts

@@ -0,0 +1,35 @@
+import { dpopTokenRequestNonceError } from '@sphereon/oid4vc-common';
+import { OpenIDResponse } from 'oid4vci-common';
+
+export type RetryRequestWithDPoPNonce = { ok: true; dpopNonce: string } | { ok: false };
+
+export function shouldRetryTokenRequestWithDPoPNonce(response: OpenIDResponse<unknown, unknown>): RetryRequestWithDPoPNonce {
+  if (!response.errorBody || response.errorBody.error !== dpopTokenRequestNonceError) {
+    return { ok: false };
+  }
+
+  const dPoPNonce = response.origResponse.headers.get('DPoP-Nonce');
+  if (!dPoPNonce) {
+    throw new Error('Missing required DPoP-Nonce header.');
+  }
+
+  return { ok: true, dpopNonce: dPoPNonce };
+}
+
+export function shouldRetryResourceRequestWithDPoPNonce(response: OpenIDResponse<unknown, unknown>): RetryRequestWithDPoPNonce {
+  if (!response.errorBody || response.origResponse.status !== 401) {
+    return { ok: false };
+  }
+
+  const wwwAuthenticateHeader = response.origResponse.headers.get('WWW-Authenticate');
+  if (!wwwAuthenticateHeader?.includes(dpopTokenRequestNonceError)) {
+    return { ok: false };
+  }
+
+  const dPoPNonce = response.origResponse.headers.get('DPoP-Nonce');
+  if (!dPoPNonce) {
+    throw new Error('Missing required DPoP-Nonce header.');
+  }
+
+  return { ok: true, dpopNonce: dPoPNonce };
+}

package/lib/functions/notifications.ts

@@ -19,12 +19,10 @@ export async function sendNotification(
   const error = response.errorBody?.error !== undefined;
   const result = {
     error,
-    response: error ? await response.errorBody?.json() : undefined,
+    response: error ? response.errorBody : undefined,
   };
   if (error) {
-    LOG.warning(
-      `Notification endpoint returned an error for event '${request.event}' and id ${request.notification_id}: ${await response.errorBody?.json()}`,
-    );
+    LOG.warning(`Notification endpoint returned an error for event '${request.event}' and id ${request.notification_id}: ${response.errorBody}`);
   } else {
     LOG.debug(`Notification endpoint returned success for event '${request.event}' and id ${request.notification_id}`);
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/oid4vci-client",
-  "version": "0.15.1",
+  "version": "0.15.2-next.38+d361b31",
   "description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client",
   "source": "lib/index.ts",
   "main": "dist/index.js",
@@ -15,7 +15,8 @@
     "build": "tsc"
   },
   "dependencies": {
-    "@sphereon/oid4vci-common": "0.15.1",
+    "@sphereon/oid4vc-common": "0.15.2-next.38+d361b31",
+    "@sphereon/oid4vci-common": "0.15.2-next.38+d361b31",
     "@sphereon/ssi-types": "0.28.0",
     "cross-fetch": "^3.1.8",
     "debug": "^4.3.5"
@@ -69,5 +70,5 @@
     "OIDC4VCI",
     "OID4VCI"
   ],
-  "gitHead": "45c46724d4f4e9044156cb8cb755929f69d0aff6"
+  "gitHead": "d361b31ab8f318bd68abe193b4415cb29880ddda"
 }