@sphereon/oid4vci-client 0.18.2 → 0.19.1-next.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -201
- package/README.md +1 -1
- package/dist/index.cjs +120 -168
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +117 -119
- package/dist/index.js.map +1 -1
- package/package.json +14 -20
package/dist/index.cjs
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
9
7
|
var __export = (target, all) => {
|
|
@@ -18,14 +16,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
16
|
}
|
|
19
17
|
return to;
|
|
20
18
|
};
|
|
21
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
22
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
23
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
24
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
25
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
26
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
27
|
-
mod
|
|
28
|
-
));
|
|
29
19
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
30
20
|
|
|
31
21
|
// lib/index.ts
|
|
@@ -71,11 +61,11 @@ var import_oid4vci_common26 = require("@sphereon/oid4vci-common");
|
|
|
71
61
|
// lib/AccessTokenClient.ts
|
|
72
62
|
var import_oid4vc_common3 = require("@sphereon/oid4vc-common");
|
|
73
63
|
var import_oid4vci_common9 = require("@sphereon/oid4vci-common");
|
|
74
|
-
var
|
|
64
|
+
var import_ssi_types4 = require("@sphereon/ssi-types");
|
|
75
65
|
|
|
76
66
|
// lib/MetadataClientV1_0_13.ts
|
|
77
67
|
var import_oid4vci_common8 = require("@sphereon/oid4vci-common");
|
|
78
|
-
var
|
|
68
|
+
var import_ssi_types3 = require("@sphereon/ssi-types");
|
|
79
69
|
|
|
80
70
|
// lib/functions/AuthorizationUtil.ts
|
|
81
71
|
var import_oid4vci_common = require("@sphereon/oid4vci-common");
|
|
@@ -137,14 +127,14 @@ __name(sendNotification, "sendNotification");
|
|
|
137
127
|
|
|
138
128
|
// lib/functions/OpenIDUtils.ts
|
|
139
129
|
var import_oid4vci_common4 = require("@sphereon/oid4vci-common");
|
|
140
|
-
var
|
|
141
|
-
var
|
|
130
|
+
var import_ssi_types2 = require("@sphereon/ssi-types");
|
|
131
|
+
var logger = import_ssi_types2.Loggers.DEFAULT.get("sphereon:openid4vci:openid-utils");
|
|
142
132
|
var retrieveWellknown = /* @__PURE__ */ __name(async (host, endpointType, opts) => {
|
|
143
133
|
const result = await (0, import_oid4vci_common4.getJson)(`${host.endsWith("/") ? host.slice(0, -1) : host}${endpointType}`, {
|
|
144
134
|
exceptionOnHttpErrorStatus: opts?.errorOnNotFound
|
|
145
135
|
});
|
|
146
136
|
if (result.origResponse.status >= 400) {
|
|
147
|
-
debug(`host ${host} with endpoint type ${endpointType} status: ${result.origResponse.status}, ${result.origResponse.statusText}`);
|
|
137
|
+
logger.debug(`host ${host} with endpoint type ${endpointType} status: ${result.origResponse.status}, ${result.origResponse.statusText}`);
|
|
148
138
|
}
|
|
149
139
|
return result;
|
|
150
140
|
}, "retrieveWellknown");
|
|
@@ -383,10 +373,10 @@ async function handleCredentialOfferUri(uri) {
|
|
|
383
373
|
const decodedUri = isUriEncoded(credentialOfferUri) ? decodeURIComponent(credentialOfferUri) : credentialOfferUri;
|
|
384
374
|
const response = await (0, import_cross_fetch.fetch)(decodedUri);
|
|
385
375
|
if (!(response && response.status >= 200 && response.status < 400)) {
|
|
386
|
-
return Promise.reject(`the credential offer URI endpoint call was not successful. http code ${response.status} - reason ${response.statusText}`);
|
|
376
|
+
return Promise.reject(Error(`the credential offer URI endpoint call was not successful. http code ${response.status} - reason ${response.statusText}`));
|
|
387
377
|
}
|
|
388
378
|
if (response.headers.get("Content-Type")?.startsWith("application/json") === false) {
|
|
389
|
-
return Promise.reject("the credential offer URI endpoint did not return content type application/json");
|
|
379
|
+
return Promise.reject(Error("the credential offer URI endpoint did not return content type application/json"));
|
|
390
380
|
}
|
|
391
381
|
return {
|
|
392
382
|
credential_offer: (0, import_oid4vci_common7.decodeJsonProperties)(await response.json())
|
|
@@ -417,7 +407,7 @@ function constructBaseResponse(request, scheme, baseUrl) {
|
|
|
417
407
|
__name(constructBaseResponse, "constructBaseResponse");
|
|
418
408
|
|
|
419
409
|
// lib/MetadataClientV1_0_13.ts
|
|
420
|
-
var
|
|
410
|
+
var logger2 = import_ssi_types3.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
421
411
|
var MetadataClientV1_0_13 = class _MetadataClientV1_0_13 {
|
|
422
412
|
static {
|
|
423
413
|
__name(this, "MetadataClientV1_0_13");
|
|
@@ -461,7 +451,7 @@ var MetadataClientV1_0_13 = class _MetadataClientV1_0_13 {
|
|
|
461
451
|
});
|
|
462
452
|
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
463
453
|
if (credentialIssuerMetadata) {
|
|
464
|
-
|
|
454
|
+
logger2.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
465
455
|
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
466
456
|
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
467
457
|
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint;
|
|
@@ -478,7 +468,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
478
468
|
});
|
|
479
469
|
let authMetadata = response.successBody;
|
|
480
470
|
if (authMetadata) {
|
|
481
|
-
|
|
471
|
+
logger2.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
482
472
|
authorizationServerType = "OIDC";
|
|
483
473
|
} else {
|
|
484
474
|
response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common8.WellKnownEndpoints.OAUTH_AS, {
|
|
@@ -494,7 +484,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
494
484
|
if (!authorizationServerType) {
|
|
495
485
|
authorizationServerType = "OAuth 2.0";
|
|
496
486
|
}
|
|
497
|
-
|
|
487
|
+
logger2.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
498
488
|
if (!authMetadata.authorization_endpoint) {
|
|
499
489
|
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
500
490
|
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
@@ -513,24 +503,24 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
513
503
|
token_endpoint = authMetadata.token_endpoint;
|
|
514
504
|
if (authMetadata.credential_endpoint) {
|
|
515
505
|
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
516
|
-
|
|
506
|
+
logger2.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
517
507
|
} else {
|
|
518
508
|
credential_endpoint = authMetadata.credential_endpoint;
|
|
519
509
|
}
|
|
520
510
|
}
|
|
521
511
|
if (authMetadata.deferred_credential_endpoint) {
|
|
522
512
|
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
523
|
-
|
|
513
|
+
logger2.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
524
514
|
} else {
|
|
525
515
|
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
526
516
|
}
|
|
527
517
|
}
|
|
528
518
|
}
|
|
529
519
|
if (!authorization_endpoint) {
|
|
530
|
-
|
|
520
|
+
logger2.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
531
521
|
}
|
|
532
522
|
if (!token_endpoint) {
|
|
533
|
-
|
|
523
|
+
logger2.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
534
524
|
if (opts?.errorOnNotFound) {
|
|
535
525
|
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
536
526
|
} else {
|
|
@@ -538,7 +528,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
538
528
|
}
|
|
539
529
|
}
|
|
540
530
|
if (!credential_endpoint) {
|
|
541
|
-
|
|
531
|
+
logger2.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
542
532
|
if (opts?.errorOnNotFound) {
|
|
543
533
|
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
544
534
|
} else {
|
|
@@ -548,7 +538,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
548
538
|
if (!credentialIssuerMetadata && authMetadata) {
|
|
549
539
|
credentialIssuerMetadata = authMetadata;
|
|
550
540
|
}
|
|
551
|
-
|
|
541
|
+
logger2.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
552
542
|
return {
|
|
553
543
|
issuer,
|
|
554
544
|
token_endpoint,
|
|
@@ -825,7 +815,7 @@ var AccessTokenClient = class _AccessTokenClient {
|
|
|
825
815
|
}
|
|
826
816
|
url = this.creatTokenURLFromURL(issuerOpts.issuer, asOpts?.allowInsecureEndpoints, issuerOpts.tokenEndpoint);
|
|
827
817
|
}
|
|
828
|
-
if (!url || !
|
|
818
|
+
if (!url || !import_ssi_types4.ObjectUtils.isString(url)) {
|
|
829
819
|
throw new Error("No authorization server token URL present. Cannot acquire access token");
|
|
830
820
|
}
|
|
831
821
|
LOG.debug(`Token endpoint determined to be ${url}`);
|
|
@@ -849,9 +839,8 @@ var AccessTokenClient = class _AccessTokenClient {
|
|
|
849
839
|
// lib/AccessTokenClientV1_0_11.ts
|
|
850
840
|
var import_oid4vc_common4 = require("@sphereon/oid4vc-common");
|
|
851
841
|
var import_oid4vci_common10 = require("@sphereon/oid4vci-common");
|
|
852
|
-
var
|
|
853
|
-
var
|
|
854
|
-
var debug3 = (0, import_debug3.default)("sphereon:oid4vci:token");
|
|
842
|
+
var import_ssi_types5 = require("@sphereon/ssi-types");
|
|
843
|
+
var logger3 = import_ssi_types5.Loggers.DEFAULT.get("sphereon:oid4vci:token");
|
|
855
844
|
var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
856
845
|
static {
|
|
857
846
|
__name(this, "AccessTokenClientV1_0_11");
|
|
@@ -982,35 +971,35 @@ var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
|
982
971
|
if (requestPayload.grants?.[import_oid4vci_common10.PRE_AUTH_GRANT_LITERAL]) {
|
|
983
972
|
isPinRequired = requestPayload.grants[import_oid4vci_common10.PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? false;
|
|
984
973
|
}
|
|
985
|
-
|
|
974
|
+
logger3.debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
|
|
986
975
|
return isPinRequired;
|
|
987
976
|
}
|
|
988
977
|
assertNumericPin(isPinRequired, pin) {
|
|
989
978
|
if (isPinRequired) {
|
|
990
979
|
if (!pin || !/^\d{1,8}$/.test(pin)) {
|
|
991
|
-
|
|
980
|
+
logger3.debug(`Pin is not 1 to 8 digits long`);
|
|
992
981
|
throw new Error("A valid pin consisting of maximal 8 numeric characters must be present.");
|
|
993
982
|
}
|
|
994
983
|
} else if (pin) {
|
|
995
|
-
|
|
984
|
+
logger3.debug(`Pin set, whilst not required`);
|
|
996
985
|
throw new Error("Cannot set a pin, when the pin is not required.");
|
|
997
986
|
}
|
|
998
987
|
}
|
|
999
988
|
assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
|
|
1000
989
|
if (!accessTokenRequest[import_oid4vci_common10.PRE_AUTH_CODE_LITERAL]) {
|
|
1001
|
-
|
|
990
|
+
logger3.debug(`No pre-authorized code present, whilst it is required`);
|
|
1002
991
|
throw new Error("Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.");
|
|
1003
992
|
}
|
|
1004
993
|
}
|
|
1005
994
|
assertNonEmptyCodeVerifier(accessTokenRequest) {
|
|
1006
995
|
if (!accessTokenRequest.code_verifier) {
|
|
1007
|
-
|
|
996
|
+
logger3.debug("No code_verifier present, whilst it is required");
|
|
1008
997
|
throw new Error("Authorization flow requires the code_verifier to be present");
|
|
1009
998
|
}
|
|
1010
999
|
}
|
|
1011
1000
|
assertNonEmptyCode(accessTokenRequest) {
|
|
1012
1001
|
if (!accessTokenRequest.code) {
|
|
1013
|
-
|
|
1002
|
+
logger3.debug("No code present, whilst it is required");
|
|
1014
1003
|
throw new Error("Authorization flow requires the code to be present");
|
|
1015
1004
|
}
|
|
1016
1005
|
}
|
|
@@ -1049,10 +1038,10 @@ var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
|
1049
1038
|
}
|
|
1050
1039
|
url = this.creatTokenURLFromURL(issuerOpts.issuer, asOpts?.allowInsecureEndpoints, issuerOpts.tokenEndpoint);
|
|
1051
1040
|
}
|
|
1052
|
-
if (!url || !
|
|
1041
|
+
if (!url || !import_ssi_types5.ObjectUtils.isString(url)) {
|
|
1053
1042
|
throw new Error("No authorization server token URL present. Cannot acquire access token");
|
|
1054
1043
|
}
|
|
1055
|
-
|
|
1044
|
+
logger3.debug(`Token endpoint determined to be ${url}`);
|
|
1056
1045
|
return url;
|
|
1057
1046
|
}
|
|
1058
1047
|
static creatTokenURLFromURL(url, allowInsecureEndpoints, tokenEndpoint) {
|
|
@@ -1065,23 +1054,23 @@ var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
|
1065
1054
|
return `${scheme ? scheme + "://" : "https://"}${hostname}${endpoint}`;
|
|
1066
1055
|
}
|
|
1067
1056
|
throwNotSupportedFlow() {
|
|
1068
|
-
|
|
1057
|
+
logger3.debug(`Only pre-authorized or authorization code flows supported.`);
|
|
1069
1058
|
throw new Error("Only pre-authorized-code or authorization code flows are supported");
|
|
1070
1059
|
}
|
|
1071
1060
|
};
|
|
1072
1061
|
|
|
1073
1062
|
// lib/AuthorizationCodeClient.ts
|
|
1074
1063
|
var import_oid4vci_common13 = require("@sphereon/oid4vci-common");
|
|
1075
|
-
var
|
|
1064
|
+
var import_ssi_types8 = require("@sphereon/ssi-types");
|
|
1076
1065
|
|
|
1077
1066
|
// lib/MetadataClient.ts
|
|
1078
1067
|
var import_oid4vci_common12 = require("@sphereon/oid4vci-common");
|
|
1079
|
-
var
|
|
1068
|
+
var import_ssi_types7 = require("@sphereon/ssi-types");
|
|
1080
1069
|
|
|
1081
1070
|
// lib/MetadataClientV1_0_11.ts
|
|
1082
1071
|
var import_oid4vci_common11 = require("@sphereon/oid4vci-common");
|
|
1083
|
-
var
|
|
1084
|
-
var
|
|
1072
|
+
var import_ssi_types6 = require("@sphereon/ssi-types");
|
|
1073
|
+
var logger4 = import_ssi_types6.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1085
1074
|
var MetadataClientV1_0_11 = class _MetadataClientV1_0_11 {
|
|
1086
1075
|
static {
|
|
1087
1076
|
__name(this, "MetadataClientV1_0_11");
|
|
@@ -1123,7 +1112,7 @@ var MetadataClientV1_0_11 = class _MetadataClientV1_0_11 {
|
|
|
1123
1112
|
});
|
|
1124
1113
|
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1125
1114
|
if (credentialIssuerMetadata) {
|
|
1126
|
-
|
|
1115
|
+
logger4.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1127
1116
|
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1128
1117
|
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1129
1118
|
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint;
|
|
@@ -1143,7 +1132,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1143
1132
|
});
|
|
1144
1133
|
let authMetadata = response.successBody;
|
|
1145
1134
|
if (authMetadata) {
|
|
1146
|
-
|
|
1135
|
+
logger4.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1147
1136
|
authorizationServerType = "OIDC";
|
|
1148
1137
|
} else {
|
|
1149
1138
|
response = await retrieveWellknown(authorization_server, import_oid4vci_common11.WellKnownEndpoints.OAUTH_AS, {
|
|
@@ -1159,7 +1148,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1159
1148
|
if (!authorizationServerType) {
|
|
1160
1149
|
authorizationServerType = "OAuth 2.0";
|
|
1161
1150
|
}
|
|
1162
|
-
|
|
1151
|
+
logger4.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1163
1152
|
if (!authMetadata.authorization_endpoint) {
|
|
1164
1153
|
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1165
1154
|
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
@@ -1178,24 +1167,24 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1178
1167
|
token_endpoint = authMetadata.token_endpoint;
|
|
1179
1168
|
if (authMetadata.credential_endpoint) {
|
|
1180
1169
|
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1181
|
-
|
|
1170
|
+
logger4.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1182
1171
|
} else {
|
|
1183
1172
|
credential_endpoint = authMetadata.credential_endpoint;
|
|
1184
1173
|
}
|
|
1185
1174
|
}
|
|
1186
1175
|
if (authMetadata.deferred_credential_endpoint) {
|
|
1187
1176
|
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1188
|
-
|
|
1177
|
+
logger4.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1189
1178
|
} else {
|
|
1190
1179
|
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1191
1180
|
}
|
|
1192
1181
|
}
|
|
1193
1182
|
}
|
|
1194
1183
|
if (!authorization_endpoint) {
|
|
1195
|
-
|
|
1184
|
+
logger4.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1196
1185
|
}
|
|
1197
1186
|
if (!token_endpoint) {
|
|
1198
|
-
|
|
1187
|
+
logger4.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1199
1188
|
if (opts?.errorOnNotFound) {
|
|
1200
1189
|
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1201
1190
|
} else {
|
|
@@ -1203,7 +1192,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1203
1192
|
}
|
|
1204
1193
|
}
|
|
1205
1194
|
if (!credential_endpoint) {
|
|
1206
|
-
|
|
1195
|
+
logger4.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1207
1196
|
if (opts?.errorOnNotFound) {
|
|
1208
1197
|
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1209
1198
|
} else {
|
|
@@ -1213,7 +1202,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1213
1202
|
if (!credentialIssuerMetadata && authMetadata) {
|
|
1214
1203
|
credentialIssuerMetadata = authMetadata;
|
|
1215
1204
|
}
|
|
1216
|
-
|
|
1205
|
+
logger4.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1217
1206
|
return {
|
|
1218
1207
|
issuer,
|
|
1219
1208
|
token_endpoint,
|
|
@@ -1240,7 +1229,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1240
1229
|
};
|
|
1241
1230
|
|
|
1242
1231
|
// lib/MetadataClient.ts
|
|
1243
|
-
var
|
|
1232
|
+
var logger5 = import_ssi_types7.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1244
1233
|
var MetadataClient = class _MetadataClient {
|
|
1245
1234
|
static {
|
|
1246
1235
|
__name(this, "MetadataClient");
|
|
@@ -1293,7 +1282,7 @@ var MetadataClient = class _MetadataClient {
|
|
|
1293
1282
|
});
|
|
1294
1283
|
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1295
1284
|
if (credentialIssuerMetadata) {
|
|
1296
|
-
|
|
1285
|
+
logger5.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1297
1286
|
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1298
1287
|
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1299
1288
|
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint ? credentialIssuerMetadata.deferred_credential_endpoint : void 0;
|
|
@@ -1315,7 +1304,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1315
1304
|
});
|
|
1316
1305
|
let authMetadata = response.successBody;
|
|
1317
1306
|
if (authMetadata) {
|
|
1318
|
-
|
|
1307
|
+
logger5.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1319
1308
|
authorizationServerType = "OIDC";
|
|
1320
1309
|
} else {
|
|
1321
1310
|
response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OAUTH_AS, {
|
|
@@ -1331,7 +1320,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1331
1320
|
if (!authorizationServerType) {
|
|
1332
1321
|
authorizationServerType = "OAuth 2.0";
|
|
1333
1322
|
}
|
|
1334
|
-
|
|
1323
|
+
logger5.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1335
1324
|
if (!authMetadata.authorization_endpoint) {
|
|
1336
1325
|
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1337
1326
|
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
@@ -1350,24 +1339,24 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1350
1339
|
token_endpoint = authMetadata.token_endpoint;
|
|
1351
1340
|
if (authMetadata.credential_endpoint) {
|
|
1352
1341
|
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1353
|
-
|
|
1342
|
+
logger5.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1354
1343
|
} else {
|
|
1355
1344
|
credential_endpoint = authMetadata.credential_endpoint;
|
|
1356
1345
|
}
|
|
1357
1346
|
}
|
|
1358
1347
|
if (authMetadata.deferred_credential_endpoint) {
|
|
1359
1348
|
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1360
|
-
|
|
1349
|
+
logger5.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1361
1350
|
} else {
|
|
1362
1351
|
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1363
1352
|
}
|
|
1364
1353
|
}
|
|
1365
1354
|
}
|
|
1366
1355
|
if (!authorization_endpoint) {
|
|
1367
|
-
|
|
1356
|
+
logger5.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1368
1357
|
}
|
|
1369
1358
|
if (!token_endpoint) {
|
|
1370
|
-
|
|
1359
|
+
logger5.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1371
1360
|
if (opts?.errorOnNotFound) {
|
|
1372
1361
|
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1373
1362
|
} else {
|
|
@@ -1375,7 +1364,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1375
1364
|
}
|
|
1376
1365
|
}
|
|
1377
1366
|
if (!credential_endpoint) {
|
|
1378
|
-
|
|
1367
|
+
logger5.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1379
1368
|
if (opts?.errorOnNotFound) {
|
|
1380
1369
|
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1381
1370
|
} else {
|
|
@@ -1385,7 +1374,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1385
1374
|
if (!credentialIssuerMetadata && authMetadata) {
|
|
1386
1375
|
credentialIssuerMetadata = authorization_server ? authMetadata : authMetadata;
|
|
1387
1376
|
}
|
|
1388
|
-
|
|
1377
|
+
logger5.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1389
1378
|
return {
|
|
1390
1379
|
issuer,
|
|
1391
1380
|
token_endpoint,
|
|
@@ -1417,7 +1406,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1417
1406
|
};
|
|
1418
1407
|
|
|
1419
1408
|
// lib/AuthorizationCodeClient.ts
|
|
1420
|
-
var
|
|
1409
|
+
var logger6 = import_ssi_types8.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
1421
1410
|
async function createSignedAuthRequestWhenNeeded(requestObject, opts) {
|
|
1422
1411
|
if (opts.requestObjectMode === import_oid4vci_common13.CreateRequestObjectMode.REQUEST_URI) {
|
|
1423
1412
|
throw Error(`Request Object Mode ${opts.requestObjectMode} is not supported yet`);
|
|
@@ -1588,7 +1577,7 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1588
1577
|
if (!parEndpoint && parMode === import_oid4vci_common13.PARMode.REQUIRE) {
|
|
1589
1578
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1590
1579
|
} else if (parEndpoint && parMode !== import_oid4vci_common13.PARMode.NEVER) {
|
|
1591
|
-
|
|
1580
|
+
logger6.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1592
1581
|
const parResponse = await (0, import_oid4vci_common13.formPost)(parEndpoint, (0, import_oid4vci_common13.convertJsonToURI)(queryObj, {
|
|
1593
1582
|
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
1594
1583
|
uriTypeProperties: [
|
|
@@ -1608,9 +1597,9 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1608
1597
|
if (parMode === import_oid4vci_common13.PARMode.REQUIRE) {
|
|
1609
1598
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1610
1599
|
}
|
|
1611
|
-
|
|
1600
|
+
logger6.debug("Falling back to regular request URI, since PAR failed", JSON.stringify(parResponse.errorBody));
|
|
1612
1601
|
} else {
|
|
1613
|
-
|
|
1602
|
+
logger6.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1614
1603
|
queryObj = {
|
|
1615
1604
|
client_id,
|
|
1616
1605
|
request_uri: parResponse.successBody.request_uri
|
|
@@ -1621,7 +1610,7 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1621
1610
|
...requestObjectOpts,
|
|
1622
1611
|
aud: endpointMetadata.authorization_server
|
|
1623
1612
|
});
|
|
1624
|
-
|
|
1613
|
+
logger6.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1625
1614
|
const url = (0, import_oid4vci_common13.convertJsonToURI)(queryObj, {
|
|
1626
1615
|
baseUrl: endpointMetadata.authorization_endpoint,
|
|
1627
1616
|
uriTypeProperties: [
|
|
@@ -1636,7 +1625,7 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1636
1625
|
// arrayTypeProperties: ['authorization_details'],
|
|
1637
1626
|
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1638
1627
|
});
|
|
1639
|
-
|
|
1628
|
+
logger6.debug(`Authorization Request URL: ${url}`);
|
|
1640
1629
|
return url;
|
|
1641
1630
|
}, "createAuthorizationRequestUrl");
|
|
1642
1631
|
var handleAuthorizationDetails = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
@@ -1728,8 +1717,8 @@ var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (authorizat
|
|
|
1728
1717
|
|
|
1729
1718
|
// lib/AuthorizationCodeClientV1_0_11.ts
|
|
1730
1719
|
var import_oid4vci_common14 = require("@sphereon/oid4vci-common");
|
|
1731
|
-
var
|
|
1732
|
-
var
|
|
1720
|
+
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1721
|
+
var logger7 = import_ssi_types9.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
1733
1722
|
var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported }) => {
|
|
1734
1723
|
const { redirectUri, clientId, requestObjectOpts = {
|
|
1735
1724
|
requestObjectMode: import_oid4vci_common14.CreateRequestObjectMode.NONE
|
|
@@ -1788,7 +1777,7 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1788
1777
|
if (!parEndpoint && parMode === import_oid4vci_common14.PARMode.REQUIRE) {
|
|
1789
1778
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1790
1779
|
} else if (parEndpoint && parMode !== import_oid4vci_common14.PARMode.NEVER) {
|
|
1791
|
-
|
|
1780
|
+
logger7.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1792
1781
|
const parResponse = await (0, import_oid4vci_common14.formPost)(parEndpoint, (0, import_oid4vci_common14.convertJsonToURI)(queryObj, {
|
|
1793
1782
|
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
1794
1783
|
uriTypeProperties: [
|
|
@@ -1810,7 +1799,7 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1810
1799
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1811
1800
|
}
|
|
1812
1801
|
} else {
|
|
1813
|
-
|
|
1802
|
+
logger7.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1814
1803
|
queryObj = {
|
|
1815
1804
|
request_uri: parResponse.successBody.request_uri
|
|
1816
1805
|
};
|
|
@@ -1820,7 +1809,7 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1820
1809
|
...requestObjectOpts,
|
|
1821
1810
|
aud: endpointMetadata.authorization_server
|
|
1822
1811
|
});
|
|
1823
|
-
|
|
1812
|
+
logger7.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1824
1813
|
const url = (0, import_oid4vci_common14.convertJsonToURI)(queryObj, {
|
|
1825
1814
|
baseUrl: endpointMetadata.authorization_endpoint,
|
|
1826
1815
|
uriTypeProperties: [
|
|
@@ -1834,7 +1823,7 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1834
1823
|
// arrayTypeProperties: ['authorization_details'],
|
|
1835
1824
|
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1836
1825
|
});
|
|
1837
|
-
|
|
1826
|
+
logger7.debug(`Authorization Request URL: ${url}`);
|
|
1838
1827
|
return url;
|
|
1839
1828
|
}, "createAuthorizationRequestUrlV1_0_11");
|
|
1840
1829
|
var handleAuthorizationDetailsV1_0_11 = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
@@ -1880,8 +1869,8 @@ var handleLocations2 = /* @__PURE__ */ __name((endpointMetadata, authorizationDe
|
|
|
1880
1869
|
// lib/CredentialRequestClient.ts
|
|
1881
1870
|
var import_oid4vc_common5 = require("@sphereon/oid4vc-common");
|
|
1882
1871
|
var import_oid4vci_common15 = require("@sphereon/oid4vci-common");
|
|
1883
|
-
var
|
|
1884
|
-
var
|
|
1872
|
+
var import_ssi_types10 = require("@sphereon/ssi-types");
|
|
1873
|
+
var logger8 = import_ssi_types10.Loggers.DEFAULT.get("sphereon:oid4vci:credential");
|
|
1885
1874
|
async function buildProof(proofInput, opts) {
|
|
1886
1875
|
if ("proof_type" in proofInput) {
|
|
1887
1876
|
if (opts.cNonce) {
|
|
@@ -1962,11 +1951,11 @@ var CredentialRequestClient = class {
|
|
|
1962
1951
|
const request = (0, import_oid4vci_common15.getCredentialRequestForVersion)(uniformRequest, this.version());
|
|
1963
1952
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
1964
1953
|
if (!(0, import_oid4vci_common15.isValidURL)(credentialEndpoint)) {
|
|
1965
|
-
|
|
1954
|
+
logger8.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
1966
1955
|
throw new Error(import_oid4vci_common15.URL_NOT_VALID);
|
|
1967
1956
|
}
|
|
1968
|
-
|
|
1969
|
-
|
|
1957
|
+
logger8.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
1958
|
+
logger8.debug(`request
|
|
1970
1959
|
: ${JSON.stringify(request, null, 2)}`);
|
|
1971
1960
|
const requestToken = this.credentialRequestOpts.token;
|
|
1972
1961
|
let dPoP = createDPoPOpts ? await (0, import_oid4vc_common5.createDPoP)((0, import_oid4vc_common5.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
@@ -2010,7 +1999,7 @@ var CredentialRequestClient = class {
|
|
|
2010
1999
|
throw Error("Subject signing was requested, but issuer did not provide the options in its response");
|
|
2011
2000
|
}
|
|
2012
2001
|
}
|
|
2013
|
-
|
|
2002
|
+
logger8.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2014
2003
|
${JSON.stringify(response, null, 2)}`);
|
|
2015
2004
|
return {
|
|
2016
2005
|
...response,
|
|
@@ -2151,16 +2140,14 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2151
2140
|
|
|
2152
2141
|
// lib/CredentialOfferClient.ts
|
|
2153
2142
|
var import_oid4vci_common16 = require("@sphereon/oid4vci-common");
|
|
2154
|
-
var import_debug9 = __toESM(require("debug"), 1);
|
|
2155
|
-
var debug9 = (0, import_debug9.default)("sphereon:oid4vci:offer");
|
|
2156
2143
|
var CredentialOfferClient = class {
|
|
2157
2144
|
static {
|
|
2158
2145
|
__name(this, "CredentialOfferClient");
|
|
2159
2146
|
}
|
|
2160
2147
|
static async fromURI(uri, opts) {
|
|
2161
|
-
|
|
2148
|
+
LOG.debug(`Credential Offer URI: ${uri}`);
|
|
2162
2149
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2163
|
-
|
|
2150
|
+
LOG.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2164
2151
|
throw Error(`Invalid Credential Offer Request`);
|
|
2165
2152
|
}
|
|
2166
2153
|
const scheme = uri.split("://")[0];
|
|
@@ -2216,7 +2203,7 @@ var CredentialOfferClient = class {
|
|
|
2216
2203
|
};
|
|
2217
2204
|
}
|
|
2218
2205
|
static toURI(requestWithBaseUrl, opts) {
|
|
2219
|
-
|
|
2206
|
+
LOG.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2220
2207
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2221
2208
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2222
2209
|
let param;
|
|
@@ -2258,16 +2245,16 @@ var CredentialOfferClient = class {
|
|
|
2258
2245
|
|
|
2259
2246
|
// lib/CredentialOfferClientV1_0_11.ts
|
|
2260
2247
|
var import_oid4vci_common17 = require("@sphereon/oid4vci-common");
|
|
2261
|
-
var
|
|
2262
|
-
var
|
|
2248
|
+
var import_ssi_types11 = require("@sphereon/ssi-types");
|
|
2249
|
+
var logger9 = import_ssi_types11.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2263
2250
|
var CredentialOfferClientV1_0_11 = class {
|
|
2264
2251
|
static {
|
|
2265
2252
|
__name(this, "CredentialOfferClientV1_0_11");
|
|
2266
2253
|
}
|
|
2267
2254
|
static async fromURI(uri, opts) {
|
|
2268
|
-
|
|
2255
|
+
logger9.debug(`Credential Offer URI: ${uri}`);
|
|
2269
2256
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2270
|
-
|
|
2257
|
+
logger9.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2271
2258
|
throw Error(`Invalid Credential Offer Request`);
|
|
2272
2259
|
}
|
|
2273
2260
|
const scheme = uri.split("://")[0];
|
|
@@ -2328,7 +2315,7 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2328
2315
|
};
|
|
2329
2316
|
}
|
|
2330
2317
|
static toURI(requestWithBaseUrl, opts) {
|
|
2331
|
-
|
|
2318
|
+
logger9.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2332
2319
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2333
2320
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2334
2321
|
let param;
|
|
@@ -2370,16 +2357,16 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2370
2357
|
|
|
2371
2358
|
// lib/CredentialOfferClientV1_0_13.ts
|
|
2372
2359
|
var import_oid4vci_common18 = require("@sphereon/oid4vci-common");
|
|
2373
|
-
var
|
|
2374
|
-
var
|
|
2360
|
+
var import_ssi_types12 = require("@sphereon/ssi-types");
|
|
2361
|
+
var logger10 = import_ssi_types12.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2375
2362
|
var CredentialOfferClientV1_0_13 = class {
|
|
2376
2363
|
static {
|
|
2377
2364
|
__name(this, "CredentialOfferClientV1_0_13");
|
|
2378
2365
|
}
|
|
2379
2366
|
static async fromURI(uri, opts) {
|
|
2380
|
-
|
|
2367
|
+
logger10.debug(`Credential Offer URI: ${uri}`);
|
|
2381
2368
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2382
|
-
|
|
2369
|
+
logger10.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2383
2370
|
throw Error(`Invalid Credential Offer Request`);
|
|
2384
2371
|
}
|
|
2385
2372
|
const scheme = uri.split("://")[0];
|
|
@@ -2418,7 +2405,7 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2418
2405
|
};
|
|
2419
2406
|
}
|
|
2420
2407
|
static toURI(requestWithBaseUrl, opts) {
|
|
2421
|
-
|
|
2408
|
+
logger10.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2422
2409
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2423
2410
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2424
2411
|
let param;
|
|
@@ -2461,8 +2448,8 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2461
2448
|
// lib/CredentialRequestClientV1_0_11.ts
|
|
2462
2449
|
var import_oid4vc_common6 = require("@sphereon/oid4vc-common");
|
|
2463
2450
|
var import_oid4vci_common19 = require("@sphereon/oid4vci-common");
|
|
2464
|
-
var
|
|
2465
|
-
var
|
|
2451
|
+
var import_ssi_types13 = require("@sphereon/ssi-types");
|
|
2452
|
+
var logger11 = import_ssi_types13.Loggers.DEFAULT.get("sphereon:oid4vci:credential");
|
|
2466
2453
|
var CredentialRequestClientV1_0_11 = class {
|
|
2467
2454
|
static {
|
|
2468
2455
|
__name(this, "CredentialRequestClientV1_0_11");
|
|
@@ -2501,11 +2488,11 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2501
2488
|
const request = (0, import_oid4vci_common19.getCredentialRequestForVersion)(uniformRequest, this.version());
|
|
2502
2489
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
2503
2490
|
if (!(0, import_oid4vci_common19.isValidURL)(credentialEndpoint)) {
|
|
2504
|
-
|
|
2491
|
+
logger11.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
2505
2492
|
throw new Error(import_oid4vci_common19.URL_NOT_VALID);
|
|
2506
2493
|
}
|
|
2507
|
-
|
|
2508
|
-
|
|
2494
|
+
logger11.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
2495
|
+
logger11.debug(`request
|
|
2509
2496
|
: ${JSON.stringify(request, null, 2)}`);
|
|
2510
2497
|
const requestToken = this.credentialRequestOpts.token;
|
|
2511
2498
|
let dPoP = createDPoPOpts ? await (0, import_oid4vc_common6.createDPoP)((0, import_oid4vc_common6.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
@@ -2544,7 +2531,7 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2544
2531
|
});
|
|
2545
2532
|
}
|
|
2546
2533
|
response.access_token = requestToken;
|
|
2547
|
-
|
|
2534
|
+
logger11.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2548
2535
|
${JSON.stringify(response, null, 2)}`);
|
|
2549
2536
|
return {
|
|
2550
2537
|
...response,
|
|
@@ -3005,6 +2992,7 @@ var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
|
3005
2992
|
if (this._builder.version === void 0 || this._builder.version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
3006
2993
|
throw new Error("Version of spec should be equal or higher than v1_0_13");
|
|
3007
2994
|
}
|
|
2995
|
+
;
|
|
3008
2996
|
this._builder.withCredentialIdentifier(credentialIdentifier);
|
|
3009
2997
|
return this;
|
|
3010
2998
|
}
|
|
@@ -3043,8 +3031,8 @@ var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
|
3043
3031
|
|
|
3044
3032
|
// lib/OpenID4VCIClient.ts
|
|
3045
3033
|
var import_oid4vci_common23 = require("@sphereon/oid4vci-common");
|
|
3046
|
-
var
|
|
3047
|
-
var
|
|
3034
|
+
var import_ssi_types14 = require("@sphereon/ssi-types");
|
|
3035
|
+
var logger12 = import_ssi_types14.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
3048
3036
|
var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
3049
3037
|
static {
|
|
3050
3038
|
__name(this, "OpenID4VCIClient");
|
|
@@ -3078,7 +3066,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3078
3066
|
if (!this._state.authorizationRequestOpts) {
|
|
3079
3067
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
3080
3068
|
}
|
|
3081
|
-
|
|
3069
|
+
logger12.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
3082
3070
|
}
|
|
3083
3071
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, endpointMetadata }) {
|
|
3084
3072
|
const client = new _OpenID4VCIClient({
|
|
@@ -3126,7 +3114,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3126
3114
|
authorizationRequest,
|
|
3127
3115
|
pkce
|
|
3128
3116
|
});
|
|
3129
|
-
|
|
3117
|
+
logger12.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
3130
3118
|
}
|
|
3131
3119
|
return client;
|
|
3132
3120
|
}
|
|
@@ -3193,12 +3181,12 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3193
3181
|
...opts
|
|
3194
3182
|
});
|
|
3195
3183
|
if (response.errorBody) {
|
|
3196
|
-
|
|
3184
|
+
logger12.debug(`Authorization code error:\r
|
|
3197
3185
|
${JSON.stringify(response.errorBody)}`);
|
|
3198
3186
|
const error = response.errorBody;
|
|
3199
3187
|
return Promise.reject(error);
|
|
3200
3188
|
} else if (!response.successBody) {
|
|
3201
|
-
|
|
3189
|
+
logger12.debug(`Authorization code error. No success body`);
|
|
3202
3190
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3203
3191
|
}
|
|
3204
3192
|
return {
|
|
@@ -3270,11 +3258,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3270
3258
|
}
|
|
3271
3259
|
});
|
|
3272
3260
|
if (response.errorBody) {
|
|
3273
|
-
|
|
3261
|
+
logger12.debug(`Access token error:\r
|
|
3274
3262
|
${JSON.stringify(response.errorBody)}`);
|
|
3275
3263
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3276
3264
|
} else if (!response.successBody) {
|
|
3277
|
-
|
|
3265
|
+
logger12.debug(`Access token error. No success body`);
|
|
3278
3266
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3279
3267
|
}
|
|
3280
3268
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -3384,11 +3372,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3384
3372
|
});
|
|
3385
3373
|
this._state.dpopResponseParams = response.params;
|
|
3386
3374
|
if (response.errorBody) {
|
|
3387
|
-
|
|
3375
|
+
logger12.debug(`Credential request error:\r
|
|
3388
3376
|
${JSON.stringify(response.errorBody)}`);
|
|
3389
3377
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3390
3378
|
} else if (!response.successBody) {
|
|
3391
|
-
|
|
3379
|
+
logger12.debug(`Credential request error. No success body`);
|
|
3392
3380
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3393
3381
|
}
|
|
3394
3382
|
return {
|
|
@@ -3598,8 +3586,8 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3598
3586
|
|
|
3599
3587
|
// lib/OpenID4VCIClientV1_0_13.ts
|
|
3600
3588
|
var import_oid4vci_common24 = require("@sphereon/oid4vci-common");
|
|
3601
|
-
var
|
|
3602
|
-
var
|
|
3589
|
+
var import_ssi_types15 = require("@sphereon/ssi-types");
|
|
3590
|
+
var logger13 = import_ssi_types15.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
3603
3591
|
var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
3604
3592
|
static {
|
|
3605
3593
|
__name(this, "OpenID4VCIClientV1_0_13");
|
|
@@ -3633,7 +3621,7 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
3633
3621
|
if (!this._state.authorizationRequestOpts) {
|
|
3634
3622
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
3635
3623
|
}
|
|
3636
|
-
|
|
3624
|
+
logger13.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
3637
3625
|
}
|
|
3638
3626
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
3639
3627
|
const client = new _OpenID4VCIClientV1_0_13({
|
|
@@ -3679,7 +3667,7 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
3679
3667
|
authorizationRequest,
|
|
3680
3668
|
pkce
|
|
3681
3669
|
});
|
|
3682
|
-
|
|
3670
|
+
logger13.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
3683
3671
|
}
|
|
3684
3672
|
return client;
|
|
3685
3673
|
}
|
|
@@ -3737,12 +3725,12 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
3737
3725
|
...opts
|
|
3738
3726
|
});
|
|
3739
3727
|
if (response.errorBody) {
|
|
3740
|
-
|
|
3728
|
+
logger13.debug(`Authorization code error:\r
|
|
3741
3729
|
${JSON.stringify(response.errorBody)}`);
|
|
3742
3730
|
const error = response.errorBody;
|
|
3743
3731
|
return Promise.reject(error);
|
|
3744
3732
|
} else if (!response.successBody) {
|
|
3745
|
-
|
|
3733
|
+
logger13.debug(`Authorization code error. No success body`);
|
|
3746
3734
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3747
3735
|
}
|
|
3748
3736
|
return {
|
|
@@ -3814,11 +3802,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3814
3802
|
}
|
|
3815
3803
|
});
|
|
3816
3804
|
if (response.errorBody) {
|
|
3817
|
-
|
|
3805
|
+
logger13.debug(`Access token error:\r
|
|
3818
3806
|
${JSON.stringify(response.errorBody)}`);
|
|
3819
3807
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3820
3808
|
} else if (!response.successBody) {
|
|
3821
|
-
|
|
3809
|
+
logger13.debug(`Access token error. No success body`);
|
|
3822
3810
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3823
3811
|
}
|
|
3824
3812
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -3949,11 +3937,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3949
3937
|
const response = await credentialRequestClient.acquireCredentialsUsingRequest(request, createDPoPOpts);
|
|
3950
3938
|
this._state.dpopResponseParams = response.params;
|
|
3951
3939
|
if (response.errorBody) {
|
|
3952
|
-
|
|
3940
|
+
logger13.debug(`Credential request error:\r
|
|
3953
3941
|
${JSON.stringify(response.errorBody)}`);
|
|
3954
3942
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3955
3943
|
} else if (!response.successBody) {
|
|
3956
|
-
|
|
3944
|
+
logger13.debug(`Credential request error. No success body`);
|
|
3957
3945
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3958
3946
|
}
|
|
3959
3947
|
return {
|
|
@@ -4146,8 +4134,8 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4146
4134
|
|
|
4147
4135
|
// lib/OpenID4VCIClientV1_0_11.ts
|
|
4148
4136
|
var import_oid4vci_common25 = require("@sphereon/oid4vci-common");
|
|
4149
|
-
var
|
|
4150
|
-
var
|
|
4137
|
+
var import_ssi_types16 = require("@sphereon/ssi-types");
|
|
4138
|
+
var logger14 = import_ssi_types16.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
4151
4139
|
var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
4152
4140
|
static {
|
|
4153
4141
|
__name(this, "OpenID4VCIClientV1_0_11");
|
|
@@ -4180,7 +4168,7 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
4180
4168
|
if (!this._state.authorizationRequestOpts) {
|
|
4181
4169
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
4182
4170
|
}
|
|
4183
|
-
|
|
4171
|
+
logger14.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
4184
4172
|
}
|
|
4185
4173
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
4186
4174
|
const client = new _OpenID4VCIClientV1_0_11({
|
|
@@ -4226,7 +4214,7 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
4226
4214
|
authorizationRequest,
|
|
4227
4215
|
pkce
|
|
4228
4216
|
});
|
|
4229
|
-
|
|
4217
|
+
logger14.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
4230
4218
|
}
|
|
4231
4219
|
return client;
|
|
4232
4220
|
}
|
|
@@ -4283,12 +4271,12 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
4283
4271
|
...opts
|
|
4284
4272
|
});
|
|
4285
4273
|
if (response.errorBody) {
|
|
4286
|
-
|
|
4274
|
+
logger14.debug(`Authorization code error:\r
|
|
4287
4275
|
${JSON.stringify(response.errorBody)}`);
|
|
4288
4276
|
const error = response.errorBody;
|
|
4289
4277
|
return Promise.reject(error);
|
|
4290
4278
|
} else if (!response.successBody) {
|
|
4291
|
-
|
|
4279
|
+
logger14.debug(`Authorization code error. No success body`);
|
|
4292
4280
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
4293
4281
|
}
|
|
4294
4282
|
return {
|
|
@@ -4360,11 +4348,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4360
4348
|
}
|
|
4361
4349
|
});
|
|
4362
4350
|
if (response.errorBody) {
|
|
4363
|
-
|
|
4351
|
+
logger14.debug(`Access token error:\r
|
|
4364
4352
|
${JSON.stringify(response.errorBody)}`);
|
|
4365
4353
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4366
4354
|
} else if (!response.successBody) {
|
|
4367
|
-
|
|
4355
|
+
logger14.debug(`Access token error. No success body`);
|
|
4368
4356
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4369
4357
|
}
|
|
4370
4358
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -4449,11 +4437,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4449
4437
|
});
|
|
4450
4438
|
this._state.dpopResponseParams = response.params;
|
|
4451
4439
|
if (response.errorBody) {
|
|
4452
|
-
|
|
4440
|
+
logger14.debug(`Credential request error:\r
|
|
4453
4441
|
${JSON.stringify(response.errorBody)}`);
|
|
4454
4442
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4455
4443
|
} else if (!response.successBody) {
|
|
4456
|
-
|
|
4444
|
+
logger14.debug(`Credential request error. No success body`);
|
|
4457
4445
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4458
4446
|
}
|
|
4459
4447
|
return {
|
|
@@ -4640,40 +4628,4 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4640
4628
|
|
|
4641
4629
|
// lib/index.ts
|
|
4642
4630
|
var LOG2 = import_oid4vci_common26.VCI_LOGGERS.get("sphereon:oid4vci:client");
|
|
4643
|
-
// Annotate the CommonJS export names for ESM import in node:
|
|
4644
|
-
0 && (module.exports = {
|
|
4645
|
-
AccessTokenClient,
|
|
4646
|
-
AccessTokenClientV1_0_11,
|
|
4647
|
-
CredentialOfferClient,
|
|
4648
|
-
CredentialOfferClientV1_0_11,
|
|
4649
|
-
CredentialOfferClientV1_0_13,
|
|
4650
|
-
CredentialRequestClient,
|
|
4651
|
-
CredentialRequestClientBuilder,
|
|
4652
|
-
CredentialRequestClientBuilderV1_0_11,
|
|
4653
|
-
CredentialRequestClientBuilderV1_0_13,
|
|
4654
|
-
CredentialRequestClientV1_0_11,
|
|
4655
|
-
LOG,
|
|
4656
|
-
MetadataClient,
|
|
4657
|
-
MetadataClientV1_0_11,
|
|
4658
|
-
MetadataClientV1_0_13,
|
|
4659
|
-
OpenID4VCIClient,
|
|
4660
|
-
OpenID4VCIClientV1_0_11,
|
|
4661
|
-
OpenID4VCIClientV1_0_13,
|
|
4662
|
-
ProofOfPossessionBuilder,
|
|
4663
|
-
acquireAuthorizationChallengeAuthCode,
|
|
4664
|
-
acquireAuthorizationChallengeAuthCodeUsingRequest,
|
|
4665
|
-
buildProof,
|
|
4666
|
-
constructBaseResponse,
|
|
4667
|
-
createAuthorizationChallengeRequest,
|
|
4668
|
-
createAuthorizationRequestUrl,
|
|
4669
|
-
createAuthorizationRequestUrlV1_0_11,
|
|
4670
|
-
createJwtBearerClientAssertion,
|
|
4671
|
-
createSignedAuthRequestWhenNeeded,
|
|
4672
|
-
generateMissingPKCEOpts,
|
|
4673
|
-
handleCredentialOfferUri,
|
|
4674
|
-
isUriEncoded,
|
|
4675
|
-
retrieveWellknown,
|
|
4676
|
-
sendAuthorizationChallengeRequest,
|
|
4677
|
-
sendNotification
|
|
4678
|
-
});
|
|
4679
4631
|
//# sourceMappingURL=index.cjs.map
|