@sphereon/oid4vci-client 0.15.2-unstable.8 → 0.16.0

package/lib/OpenID4VCIClientV1_0_11.ts

@@ -1,3 +1,4 @@
+import { JWK } from '@sphereon/oid4vc-common';
 import {
   AccessTokenResponse,
   Alg,
@@ -19,7 +20,6 @@ import {
   getSupportedCredentials,
   getTypesFromCredentialSupported,
   getTypesFromObject,
-  JWK,
   KID_JWK_X5C_ERROR,
   OID4VCICredentialFormat,
   OpenId4VCIVersion,

package/lib/OpenID4VCIClientV1_0_13.ts

@@ -1,3 +1,4 @@
+import { JWK } from '@sphereon/oid4vc-common';
 import {
   AccessTokenResponse,
   Alg,
@@ -17,7 +18,6 @@ import {
   getIssuerFromCredentialOfferPayload,
   getSupportedCredentials,
   getTypesFromCredentialSupported,
-  JWK,
   KID_JWK_X5C_ERROR,
   NotificationRequest,
   NotificationResult,

package/lib/ProofOfPossessionBuilder.ts

@@ -1,9 +1,9 @@
+import { JWK } from '@sphereon/oid4vc-common';
 import {
   AccessTokenResponse,
   Alg,
   createProofOfPossession,
   EndpointMetadata,
-  JWK,
   Jwt,
   NO_JWT_PROVIDED,
   OpenId4VCIVersion,

package/lib/__tests__/AccessTokenClient.spec.ts

@@ -1,11 +1,4 @@
-import {
-  AccessTokenRequest,
-  AccessTokenResponse,
-  GrantTypes,
-  OpenIDResponse,
-  PRE_AUTH_CODE_LITERAL,
-  WellKnownEndpoints,
-} from '@sphereon/oid4vci-common';
+import { AccessTokenRequest, AccessTokenResponse, GrantTypes, PRE_AUTH_CODE_LITERAL, WellKnownEndpoints } from '@sphereon/oid4vci-common';
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
 // @ts-ignore
 import nock from 'nock';
@@ -50,7 +43,7 @@ describe('AccessTokenClient should', () => {
       };
       nock(MOCK_URL).post(/.*/).reply(200, JSON.stringify(body));
 
-      const accessTokenResponse: OpenIDResponse<AccessTokenResponse> = await accessTokenClient.acquireAccessTokenUsingRequest({
+      const accessTokenResponse = await accessTokenClient.acquireAccessTokenUsingRequest({
         accessTokenRequest,
         pinMetadata: {
           isPinRequired: true,
@@ -88,7 +81,7 @@ describe('AccessTokenClient should', () => {
       };
       nock(MOCK_URL).post(/.*/).reply(200, JSON.stringify(body));
 
-      const accessTokenResponse: OpenIDResponse<AccessTokenResponse> = await accessTokenClient.acquireAccessTokenUsingRequest({
+      const accessTokenResponse = await accessTokenClient.acquireAccessTokenUsingRequest({
         accessTokenRequest,
         asOpts: { as: MOCK_URL },
       });
@@ -227,7 +220,7 @@ describe('AccessTokenClient should', () => {
       .post(/.*/)
       .reply(200, {});
 
-    const response: OpenIDResponse<AccessTokenResponse> = await accessTokenClient.acquireAccessToken({
+    const response = await accessTokenClient.acquireAccessToken({
       credentialOffer: INITIATION_TEST,
       pin: '1234',
     });

package/lib/__tests__/SphereonE2E.spec.test.ts

@@ -1,12 +1,12 @@
 import * as crypto from 'crypto';
 
+import { uuidv4 } from '@sphereon/oid4vc-common';
 import { Alg, Jwt, ProofOfPossessionCallbacks } from '@sphereon/oid4vci-common';
 import { CredentialMapper } from '@sphereon/ssi-types';
 import * as didts from '@transmute/did-key.js';
 import { fetch } from 'cross-fetch';
 import debug from 'debug';
 import { importJWK, JWK, SignJWT } from 'jose';
-import { v4 } from 'uuid';
 
 import { OpenID4VCIClientV1_0_11 } from '..';
 
@@ -94,7 +94,7 @@ async function getCredentialOffer(format: 'ldp_vc' | 'jwt_vc_json'): Promise<Cre
       credentials: ['GuestCredential'],
       grants: {
         'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
-          'pre-authorized_code': v4().substring(0, 10),
+          'pre-authorized_code': uuidv4().substring(0, 10),
           user_pin_required: false,
         },
       },
@@ -165,7 +165,7 @@ describe('ismapolis bug report #63, https://github.com/Sphereon-Opensource/OID4V
       format: 'jwt_vc_json',
       alg: Alg.ES256K,
       kid: didDocument.verificationMethod[0].id,
-      jti: v4(),
+      jti: uuidv4(),
     });
     console.log(JSON.stringify(credentialResponse.credential));
   });

package/lib/functions/AccessTokenUtil.ts

@@ -1,5 +1,5 @@
+import { uuidv4 } from '@sphereon/oid4vc-common';
 import { AccessTokenRequest, AccessTokenRequestOpts, Jwt, OpenId4VCIVersion } from '@sphereon/oid4vci-common';
-import { v4 } from 'uuid';
 
 import { ProofOfPossessionBuilder } from '../ProofOfPossessionBuilder';
 
@@ -35,7 +35,7 @@ export const createJwtBearerClientAssertion = async (
         iss: clientId,
         sub: clientId,
         aud: credentialIssuer,
-        jti: v4(),
+        jti: uuidv4(),
         exp: Date.now() / 1000 + 60,
         iat: Date.now() / 1000 - 60,
       },

package/lib/functions/dpopUtil.ts

@@ -0,0 +1,35 @@
+import { dpopTokenRequestNonceError } from '@sphereon/oid4vc-common';
+import { OpenIDResponse } from 'oid4vci-common';
+
+export type RetryRequestWithDPoPNonce = { ok: true; dpopNonce: string } | { ok: false };
+
+export function shouldRetryTokenRequestWithDPoPNonce(response: OpenIDResponse<unknown, unknown>): RetryRequestWithDPoPNonce {
+  if (!response.errorBody || response.errorBody.error !== dpopTokenRequestNonceError) {
+    return { ok: false };
+  }
+
+  const dPoPNonce = response.origResponse.headers.get('DPoP-Nonce');
+  if (!dPoPNonce) {
+    throw new Error('Missing required DPoP-Nonce header.');
+  }
+
+  return { ok: true, dpopNonce: dPoPNonce };
+}
+
+export function shouldRetryResourceRequestWithDPoPNonce(response: OpenIDResponse<unknown, unknown>): RetryRequestWithDPoPNonce {
+  if (!response.errorBody || response.origResponse.status !== 401) {
+    return { ok: false };
+  }
+
+  const wwwAuthenticateHeader = response.origResponse.headers.get('WWW-Authenticate');
+  if (!wwwAuthenticateHeader?.includes(dpopTokenRequestNonceError)) {
+    return { ok: false };
+  }
+
+  const dPoPNonce = response.origResponse.headers.get('DPoP-Nonce');
+  if (!dPoPNonce) {
+    throw new Error('Missing required DPoP-Nonce header.');
+  }
+
+  return { ok: true, dpopNonce: dPoPNonce };
+}

package/lib/functions/notifications.ts

@@ -19,12 +19,10 @@ export async function sendNotification(
   const error = response.errorBody?.error !== undefined;
   const result = {
     error,
-    response: error ? await response.errorBody?.json() : undefined,
+    response: error ? response.errorBody : undefined,
   };
   if (error) {
-    LOG.warning(
-      `Notification endpoint returned an error for event '${request.event}' and id ${request.notification_id}: ${await response.errorBody?.json()}`,
-    );
+    LOG.warning(`Notification endpoint returned an error for event '${request.event}' and id ${request.notification_id}: ${response.errorBody}`);
   } else {
     LOG.debug(`Notification endpoint returned success for event '${request.event}' and id ${request.notification_id}`);
   }

package/lib/index.ts

@@ -22,5 +22,4 @@ export * from './MetadataClientV1_0_11';
 export * from './OpenID4VCIClient';
 export * from './OpenID4VCIClientV1_0_13';
 export * from './OpenID4VCIClientV1_0_11';
-export * from './IssuerSessionClient';
 export * from './ProofOfPossessionBuilder';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/oid4vci-client",
-  "version": "0.15.2-unstable.8+bdd7117",
+  "version": "0.16.0",
   "description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client",
   "source": "lib/index.ts",
   "main": "dist/index.js",
@@ -15,7 +15,8 @@
     "build": "tsc"
   },
   "dependencies": {
-    "@sphereon/oid4vci-common": "0.15.2-unstable.8+bdd7117",
+    "@sphereon/oid4vc-common": "0.16.0",
+    "@sphereon/oid4vci-common": "0.16.0",
     "@sphereon/ssi-types": "0.28.0",
     "cross-fetch": "^3.1.8",
     "debug": "^4.3.5"
@@ -69,5 +70,5 @@
     "OIDC4VCI",
     "OID4VCI"
   ],
-  "gitHead": "bdd711734c65ba2a33b14ee5eacd0a9d619d800e"
+  "gitHead": "7d938320eba5818dfe2bf6ae5291bb3c614085e1"
 }

package/dist/IssuerSessionClient.d.ts

@@ -1,3 +0,0 @@
-import { IssuerSessionIdRequestOpts, IssuerSessionResponse } from '@sphereon/oid4vci-common';
-export declare const acquireIssuerSessionId: (opts: IssuerSessionIdRequestOpts) => Promise<IssuerSessionResponse>;
-//# sourceMappingURL=IssuerSessionClient.d.ts.map

package/dist/IssuerSessionClient.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"IssuerSessionClient.d.ts","sourceRoot":"","sources":["../lib/IssuerSessionClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAE,qBAAqB,EAAwB,MAAM,0BAA0B,CAAC;AAInH,eAAO,MAAM,sBAAsB,SAAgB,0BAA0B,KAAG,OAAO,CAAC,qBAAqB,CAY5G,CAAA"}

package/dist/IssuerSessionClient.js

@@ -1,28 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.acquireIssuerSessionId = void 0;
-const oid4vci_common_1 = require("@sphereon/oid4vci-common");
-const index_1 = require("./index");
-const acquireIssuerSessionId = (opts) => __awaiter(void 0, void 0, void 0, function* () {
-    index_1.LOG.debug(`acquiring issuer session endpoint from endpoint ${opts.sessionEndpoint}`);
-    const sessionResponse = yield (0, oid4vci_common_1.post)(opts.sessionEndpoint);
-    if (sessionResponse.errorBody !== undefined) {
-        return Promise.reject(`an error occurred while requesting a issuer session token from endpoint ${opts.sessionEndpoint}:
-     ${sessionResponse.errorBody.error} - ${sessionResponse.errorBody.error_description}`);
-    }
-    if (sessionResponse.successBody === undefined || !Object.keys(sessionResponse.successBody).includes('session_id')) {
-        return Promise.reject(`an error occurred while requesting a issuer session token from endpoint ${opts.sessionEndpoint}, missing session_token response`);
-    }
-    return sessionResponse.successBody;
-});
-exports.acquireIssuerSessionId = acquireIssuerSessionId;
-//# sourceMappingURL=IssuerSessionClient.js.map

package/dist/IssuerSessionClient.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"IssuerSessionClient.js","sourceRoot":"","sources":["../lib/IssuerSessionClient.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAAmH;AAEnH,mCAA8B;AAEvB,MAAM,sBAAsB,GAAG,CAAO,IAAgC,EAAkC,EAAE;IAC/G,WAAG,CAAC,KAAK,CAAC,mDAAmD,IAAI,CAAC,eAAe,EAAE,CAAC,CAAA;IACpF,MAAM,eAAe,GAAG,MAAM,IAAA,qBAAI,EAAC,IAAI,CAAC,eAAe,CAA0C,CAAA;IACjG,IAAI,eAAe,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5C,OAAO,OAAO,CAAC,MAAM,CAAC,2EAA2E,IAAI,CAAC,eAAe;OAClH,eAAe,CAAC,SAAS,CAAC,KAAK,MAAM,eAAe,CAAC,SAAS,CAAC,iBAAiB,EAAE,CAAC,CAAA;IACxF,CAAC;IACD,IAAI,eAAe,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAClH,OAAO,OAAO,CAAC,MAAM,CAAC,2EAA2E,IAAI,CAAC,eAAe,kCAAkC,CAAC,CAAA;IAE1J,CAAC;IACD,OAAO,eAAe,CAAC,WAAW,CAAA;AACpC,CAAC,CAAA,CAAA;AAZY,QAAA,sBAAsB,0BAYlC"}

package/lib/IssuerSessionClient.ts

@@ -1,17 +0,0 @@
-import { IssuerSessionIdRequestOpts, IssuerSessionResponse, OpenIDResponse, post } from '@sphereon/oid4vci-common';
-
-import { LOG } from './index';
-
-export const acquireIssuerSessionId = async (opts: IssuerSessionIdRequestOpts): Promise<IssuerSessionResponse> => {
-  LOG.debug(`acquiring issuer session endpoint from endpoint ${opts.sessionEndpoint}`)
-  const sessionResponse = await post(opts.sessionEndpoint) as OpenIDResponse<IssuerSessionResponse>
-  if (sessionResponse.errorBody !== undefined) {
-    return Promise.reject(`an error occurred while requesting a issuer session token from endpoint ${opts.sessionEndpoint}:
-     ${sessionResponse.errorBody.error} - ${sessionResponse.errorBody.error_description}`)
-  }
-  if (sessionResponse.successBody === undefined || !Object.keys(sessionResponse.successBody).includes('session_id')) {
-    return Promise.reject(`an error occurred while requesting a issuer session token from endpoint ${opts.sessionEndpoint}, missing session_token response`)
-
-  }
-  return sessionResponse.successBody
-}

package/lib/__tests__/IssuerSessionClient.spec.ts

@@ -1,64 +0,0 @@
-import { IssuerSessionIdRequestOpts } from '@sphereon/oid4vci-common';
-// eslint-disable-next-line @typescript-eslint/ban-ts-comment
-// @ts-ignore
-import nock from 'nock'
-import { acquireIssuerSessionId } from '../IssuerSessionClient';
-
-
-describe('IssuerSessionClient', () => {
-  describe('acquireIssuerSessionId', () => {
-    const mockSessionEndpoint = 'https://server.example.com/session_endpoint'
-    const mockSessionId = 'iOiJSUzI1NiIsInR'
-
-    beforeEach(() => {
-      nock.cleanAll()
-    })
-
-    it('should successfully acquire an issuer session ID', async () => {
-      const mockResponse = {
-        session_id: mockSessionId
-      }
-
-      nock('https://server.example.com')
-        .post('/session_endpoint')
-        .reply(200, mockResponse, { 'Content-Type': 'application/json' })
-
-      const opts: IssuerSessionIdRequestOpts = {
-        sessionEndpoint: mockSessionEndpoint
-      }
-
-      const result = await acquireIssuerSessionId(opts)
-
-      expect(result).toEqual(mockResponse)
-    })
-
-    it('should reject with an error if the response contains an error body', async () => {
-      const mockErrorResponse = {
-        error: 'invalid_request',
-        error_description: 'The request is missing a required parameter'
-      }
-
-      nock('https://server.example.com')
-        .post('/session_endpoint')
-        .reply(400, mockErrorResponse, { 'Content-Type': 'application/json' })
-
-      const opts: IssuerSessionIdRequestOpts = {
-        sessionEndpoint: mockSessionEndpoint
-      }
-
-      await expect(acquireIssuerSessionId(opts)).rejects.toMatch(/an error occurred while requesting a issuer session token/)
-    })
-
-    it('should reject with an error if the response is missing the session_token', async () => {
-      nock('https://server.example.com')
-        .post('/session_endpoint')
-        .reply(200, undefined, { 'Content-Type': 'application/json' })
-
-      const opts: IssuerSessionIdRequestOpts = {
-        sessionEndpoint: mockSessionEndpoint
-      }
-
-      await expect(acquireIssuerSessionId(opts)).rejects.toMatch(/an error occurred while requesting a issuer session token.*missing session_token response/)
-    })
-  })
-})