@sphereon/oid4vci-client 0.16.0 → 0.16.1-next.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (30) hide show
  1. package/dist/AccessTokenClient.d.ts.map +1 -1
  2. package/dist/AccessTokenClient.js +1 -1
  3. package/dist/AccessTokenClient.js.map +1 -1
  4. package/dist/AccessTokenClientV1_0_11.d.ts.map +1 -1
  5. package/dist/AccessTokenClientV1_0_11.js +1 -1
  6. package/dist/AccessTokenClientV1_0_11.js.map +1 -1
  7. package/dist/CredentialRequestClient.js +3 -9
  8. package/dist/CredentialRequestClient.js.map +1 -1
  9. package/dist/CredentialRequestClientV1_0_11.js +1 -1
  10. package/dist/CredentialRequestClientV1_0_11.js.map +1 -1
  11. package/dist/OpenID4VCIClient.d.ts +8 -10
  12. package/dist/OpenID4VCIClient.d.ts.map +1 -1
  13. package/dist/OpenID4VCIClient.js +11 -5
  14. package/dist/OpenID4VCIClient.js.map +1 -1
  15. package/dist/OpenID4VCIClientV1_0_11.d.ts +7 -9
  16. package/dist/OpenID4VCIClientV1_0_11.d.ts.map +1 -1
  17. package/dist/OpenID4VCIClientV1_0_11.js +14 -7
  18. package/dist/OpenID4VCIClientV1_0_11.js.map +1 -1
  19. package/dist/OpenID4VCIClientV1_0_13.d.ts +7 -9
  20. package/dist/OpenID4VCIClientV1_0_13.d.ts.map +1 -1
  21. package/dist/OpenID4VCIClientV1_0_13.js +11 -6
  22. package/dist/OpenID4VCIClientV1_0_13.js.map +1 -1
  23. package/lib/AccessTokenClient.ts +2 -1
  24. package/lib/AccessTokenClientV1_0_11.ts +2 -1
  25. package/lib/CredentialRequestClient.ts +3 -3
  26. package/lib/CredentialRequestClientV1_0_11.ts +1 -1
  27. package/lib/OpenID4VCIClient.ts +23 -14
  28. package/lib/OpenID4VCIClientV1_0_11.ts +25 -14
  29. package/lib/OpenID4VCIClientV1_0_13.ts +23 -13
  30. package/package.json +5 -5
package/lib/OpenID4VCIClientV1_0_11.ts CHANGED
@@ -1,5 +1,6 @@
1
- import { JWK } from '@sphereon/oid4vc-common';
1
+ import { CreateDPoPClientOpts, JWK } from '@sphereon/oid4vc-common';
2
2
  import {
3
+ AccessTokenRequestOpts,
3
4
  AccessTokenResponse,
4
5
  Alg,
5
6
  AuthorizationRequestOpts,
@@ -14,6 +15,7 @@ import {
14
15
  CredentialResponse,
15
16
  CredentialsSupportedLegacy,
16
17
  DefaultURISchemes,
18
+ DPoPResponseParams,
17
19
  EndpointMetadataResultV1_0_11,
18
20
  getClientIdFromCredentialOfferPayload,
19
21
  getIssuerFromCredentialOfferPayload,
@@ -36,7 +38,7 @@ import { CredentialOfferClientV1_0_11 } from './CredentialOfferClientV1_0_11';
36
38
  import { CredentialRequestClientBuilderV1_0_11 } from './CredentialRequestClientBuilderV1_0_11';
37
39
  import { MetadataClientV1_0_11 } from './MetadataClientV1_0_11';
38
40
  import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
39
- import { generateMissingPKCEOpts } from './functions/AuthorizationUtil';
41
+ import { generateMissingPKCEOpts } from './functions';
40
42
 
41
43
  const debug = Debug('sphereon:oid4vci');
42
44
 
@@ -49,6 +51,7 @@ export interface OpenID4VCIClientStateV1_0_11 {
49
51
  alg?: Alg | string;
50
52
  endpointMetadata?: EndpointMetadataResultV1_0_11;
51
53
  accessTokenResponse?: AccessTokenResponse;
54
+ dpopResponseParams?: DPoPResponseParams;
52
55
  authorizationRequestOpts?: AuthorizationRequestOpts;
53
56
  authorizationCodeResponse?: AuthorizationResponse;
54
57
  pkce: PKCEOpts;
@@ -253,16 +256,13 @@ export class OpenID4VCIClientV1_0_11 {
253
256
  this._state.pkce = generateMissingPKCEOpts({ ...this._state.pkce, ...pkce });
254
257
  }
255
258
 
256
- public async acquireAccessToken(opts?: {
257
- pin?: string;
258
- clientId?: string;
259
- codeVerifier?: string;
260
- authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
261
- code?: string; // Directly pass in a code from an auth response
262
- redirectUri?: string;
263
- additionalRequestParams?: Record<string, any>;
264
- asOpts?: AuthorizationServerOpts;
265
- }): Promise<AccessTokenResponse> {
259
+ public async acquireAccessToken(
260
+ opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & {
261
+ clientId?: string;
262
+ authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
263
+ additionalRequestParams?: Record<string, any>;
264
+ },
265
+ ): Promise<AccessTokenResponse> {
266
266
  const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
267
267
  let { redirectUri } = opts ?? {};
268
268
  if (opts?.authorizationResponse) {
@@ -320,6 +320,7 @@ export class OpenID4VCIClientV1_0_11 {
320
320
  code,
321
321
  redirectUri,
322
322
  asOpts,
323
+ ...(opts?.createDPoPOpts && { createDPoPOpts: opts.createDPoPOpts }),
323
324
  ...(opts?.additionalRequestParams && { additionalParams: opts.additionalRequestParams }),
324
325
  });
325
326
 
@@ -339,9 +340,11 @@ export class OpenID4VCIClientV1_0_11 {
339
340
  );
340
341
  }
341
342
  this._state.accessTokenResponse = response.successBody;
343
+ this._state.dpopResponseParams = response.params;
344
+ this._state.accessToken = response.successBody.access_token;
342
345
  }
343
346
 
344
- return this.accessTokenResponse;
347
+ return { ...this.accessTokenResponse, ...(this.dpopResponseParams && { params: this.dpopResponseParams }) };
345
348
  }
346
349
 
347
350
  public async acquireCredentials({
@@ -355,6 +358,7 @@ export class OpenID4VCIClientV1_0_11 {
355
358
  jti,
356
359
  deferredCredentialAwait,
357
360
  deferredCredentialIntervalInMS,
361
+ createDPoPOpts,
358
362
  }: {
359
363
  credentialTypes: string | string[];
360
364
  context?: string[];
@@ -366,6 +370,7 @@ export class OpenID4VCIClientV1_0_11 {
366
370
  jti?: string;
367
371
  deferredCredentialAwait?: boolean;
368
372
  deferredCredentialIntervalInMS?: number;
373
+ createDPoPOpts?: CreateDPoPClientOpts;
369
374
  }): Promise<CredentialResponse> {
370
375
  if ([jwk, kid].filter((v) => v !== undefined).length > 1) {
371
376
  throw new Error(KID_JWK_X5C_ERROR + `. jwk: ${jwk !== undefined}, kid: ${kid !== undefined}`);
@@ -445,7 +450,9 @@ export class OpenID4VCIClientV1_0_11 {
445
450
  credentialTypes,
446
451
  context,
447
452
  format,
453
+ createDPoPOpts,
448
454
  });
455
+ this._state.dpopResponseParams = response.params;
449
456
  if (response.errorBody) {
450
457
  debug(`Credential request error:\r\n${JSON.stringify(response.errorBody)}`);
451
458
  throw Error(
@@ -461,7 +468,7 @@ export class OpenID4VCIClientV1_0_11 {
461
468
  } for issuer ${this.getIssuer()} failed as there was no success response body`,
462
469
  );
463
470
  }
464
- return response.successBody;
471
+ return { ...response.successBody, ...(this.dpopResponseParams && { params: this.dpopResponseParams }) };
465
472
  }
466
473
 
467
474
  public async exportState(): Promise<string> {
@@ -576,6 +583,10 @@ export class OpenID4VCIClientV1_0_11 {
576
583
  return this._state.accessTokenResponse!;
577
584
  }
578
585
 
586
+ get dpopResponseParams(): DPoPResponseParams | undefined {
587
+ return this._state.dpopResponseParams;
588
+ }
589
+
579
590
  public getIssuer(): string {
580
591
  this.assertIssuerData();
581
592
  return this._state.credentialIssuer;
package/lib/OpenID4VCIClientV1_0_13.ts CHANGED
@@ -1,5 +1,6 @@
1
- import { JWK } from '@sphereon/oid4vc-common';
1
+ import { CreateDPoPClientOpts, JWK } from '@sphereon/oid4vc-common';
2
2
  import {
3
+ AccessTokenRequestOpts,
3
4
  AccessTokenResponse,
4
5
  Alg,
5
6
  AuthorizationRequestOpts,
@@ -12,6 +13,7 @@ import {
12
13
  CredentialOfferRequestWithBaseUrl,
13
14
  CredentialResponse,
14
15
  DefaultURISchemes,
16
+ DPoPResponseParams,
15
17
  EndpointMetadataResultV1_0_13,
16
18
  ExperimentalSubjectIssuance,
17
19
  getClientIdFromCredentialOfferPayload,
@@ -50,6 +52,7 @@ export interface OpenID4VCIClientStateV1_0_13 {
50
52
  alg?: Alg | string;
51
53
  endpointMetadata?: EndpointMetadataResultV1_0_13;
52
54
  accessTokenResponse?: AccessTokenResponse;
55
+ dpopResponseParams?: DPoPResponseParams;
53
56
  authorizationRequestOpts?: AuthorizationRequestOpts;
54
57
  authorizationCodeResponse?: AuthorizationResponse;
55
58
  pkce: PKCEOpts;
@@ -258,16 +261,13 @@ export class OpenID4VCIClientV1_0_13 {
258
261
  this._state.pkce = generateMissingPKCEOpts({ ...this._state.pkce, ...pkce });
259
262
  }
260
263
 
261
- public async acquireAccessToken(opts?: {
262
- pin?: string;
263
- clientId?: string;
264
- codeVerifier?: string;
265
- authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
266
- code?: string; // Directly pass in a code from an auth response
267
- redirectUri?: string;
268
- additionalRequestParams?: Record<string, any>;
269
- asOpts?: AuthorizationServerOpts;
270
- }): Promise<AccessTokenResponse> {
264
+ public async acquireAccessToken(
265
+ opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & {
266
+ clientId?: string;
267
+ authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
268
+ additionalRequestParams?: Record<string, any>;
269
+ },
270
+ ): Promise<AccessTokenResponse> {
271
271
  const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
272
272
  let { redirectUri } = opts ?? {};
273
273
  if (opts?.authorizationResponse) {
@@ -324,6 +324,7 @@ export class OpenID4VCIClientV1_0_13 {
324
324
  code,
325
325
  redirectUri,
326
326
  asOpts,
327
+ ...(opts?.createDPoPOpts && { createDPoPOpts: opts.createDPoPOpts }),
327
328
  ...(opts?.additionalRequestParams && { additionalParams: opts.additionalRequestParams }),
328
329
  });
329
330
 
@@ -343,10 +344,11 @@ export class OpenID4VCIClientV1_0_13 {
343
344
  );
344
345
  }
345
346
  this._state.accessTokenResponse = response.successBody;
347
+ this._state.dpopResponseParams = response.params;
346
348
  this._state.accessToken = response.successBody.access_token;
347
349
  }
348
350
 
349
- return this.accessTokenResponse;
351
+ return { ...this.accessTokenResponse, ...(this.dpopResponseParams && { params: this.dpopResponseParams }) };
350
352
  }
351
353
 
352
354
  public async acquireCredentials({
@@ -361,6 +363,7 @@ export class OpenID4VCIClientV1_0_13 {
361
363
  jti,
362
364
  deferredCredentialAwait,
363
365
  deferredCredentialIntervalInMS,
366
+ createDPoPOpts,
364
367
  }: {
365
368
  credentialIdentifier?: string;
366
369
  credentialTypes?: string | string[];
@@ -374,6 +377,7 @@ export class OpenID4VCIClientV1_0_13 {
374
377
  deferredCredentialAwait?: boolean;
375
378
  deferredCredentialIntervalInMS?: number;
376
379
  experimentalHolderIssuanceSupported?: boolean;
380
+ createDPoPOpts?: CreateDPoPClientOpts;
377
381
  }): Promise<CredentialResponse & { access_token: string }> {
378
382
  if ([jwk, kid].filter((v) => v !== undefined).length > 1) {
379
383
  throw new Error(KID_JWK_X5C_ERROR + `. jwk: ${jwk !== undefined}, kid: ${kid !== undefined}`);
@@ -471,7 +475,9 @@ export class OpenID4VCIClientV1_0_13 {
471
475
  const response = await credentialRequestClient.acquireCredentialsUsingProof({
472
476
  proofInput: proofBuilder,
473
477
  ...(credentialIdentifier ? { credentialIdentifier, subjectIssuance } : { format, context, credentialTypes, subjectIssuance }),
478
+ createDPoPOpts,
474
479
  });
480
+ this._state.dpopResponseParams = response.params;
475
481
  if (response.errorBody) {
476
482
  debug(`Credential request error:\r\n${JSON.stringify(response.errorBody)}`);
477
483
  throw Error(
@@ -487,7 +493,7 @@ export class OpenID4VCIClientV1_0_13 {
487
493
  } for issuer ${this.getIssuer()} failed as there was no success response body`,
488
494
  );
489
495
  }
490
- return { ...response.successBody, access_token: response.access_token };
496
+ return { ...response.successBody, ...(this.dpopResponseParams && { params: this.dpopResponseParams }), access_token: response.access_token };
491
497
  }
492
498
 
493
499
  public async exportState(): Promise<string> {
@@ -604,6 +610,10 @@ export class OpenID4VCIClientV1_0_13 {
604
610
  return this._state.accessTokenResponse!;
605
611
  }
606
612
 
613
+ get dpopResponseParams(): DPoPResponseParams | undefined {
614
+ return this._state.dpopResponseParams;
615
+ }
616
+
607
617
  public getIssuer(): string {
608
618
  this.assertIssuerData();
609
619
  return this._state.credentialIssuer;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/oid4vci-client",
3
- "version": "0.16.0",
3
+ "version": "0.16.1-next.4+e2cc7f6",
4
4
  "description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client",
5
5
  "source": "lib/index.ts",
6
6
  "main": "dist/index.js",
@@ -15,9 +15,9 @@
15
15
  "build": "tsc"
16
16
  },
17
17
  "dependencies": {
18
- "@sphereon/oid4vc-common": "0.16.0",
19
- "@sphereon/oid4vci-common": "0.16.0",
20
- "@sphereon/ssi-types": "0.28.0",
18
+ "@sphereon/oid4vc-common": "0.16.1-next.4+e2cc7f6",
19
+ "@sphereon/oid4vci-common": "0.16.1-next.4+e2cc7f6",
20
+ "@sphereon/ssi-types": "0.29.0",
21
21
  "cross-fetch": "^3.1.8",
22
22
  "debug": "^4.3.5"
23
23
  },
@@ -70,5 +70,5 @@
70
70
  "OIDC4VCI",
71
71
  "OID4VCI"
72
72
  ],
73
- "gitHead": "7d938320eba5818dfe2bf6ae5291bb3c614085e1"
73
+ "gitHead": "e2cc7f6abf553a705786d9c3fdc9aa28e53cac1c"
74
74
  }