@sphereon/oid4vci-client 0.18.2 → 0.19.1-next.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -201
- package/README.md +1 -1
- package/dist/index.cjs +120 -168
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +117 -119
- package/dist/index.js.map +1 -1
- package/package.json +14 -20
package/dist/index.js
CHANGED
|
@@ -11,7 +11,7 @@ import { ObjectUtils } from "@sphereon/ssi-types";
|
|
|
11
11
|
|
|
12
12
|
// lib/MetadataClientV1_0_13.ts
|
|
13
13
|
import { getIssuerFromCredentialOfferPayload, WellKnownEndpoints } from "@sphereon/oid4vci-common";
|
|
14
|
-
import
|
|
14
|
+
import { Loggers as Loggers2 } from "@sphereon/ssi-types";
|
|
15
15
|
|
|
16
16
|
// lib/functions/AuthorizationUtil.ts
|
|
17
17
|
import { assertValidCodeVerifier, CodeChallengeMethod, createCodeChallenge, generateCodeVerifier } from "@sphereon/oid4vci-common";
|
|
@@ -73,14 +73,14 @@ __name(sendNotification, "sendNotification");
|
|
|
73
73
|
|
|
74
74
|
// lib/functions/OpenIDUtils.ts
|
|
75
75
|
import { getJson } from "@sphereon/oid4vci-common";
|
|
76
|
-
import
|
|
77
|
-
var
|
|
76
|
+
import { Loggers } from "@sphereon/ssi-types";
|
|
77
|
+
var logger = Loggers.DEFAULT.get("sphereon:openid4vci:openid-utils");
|
|
78
78
|
var retrieveWellknown = /* @__PURE__ */ __name(async (host, endpointType, opts) => {
|
|
79
79
|
const result = await getJson(`${host.endsWith("/") ? host.slice(0, -1) : host}${endpointType}`, {
|
|
80
80
|
exceptionOnHttpErrorStatus: opts?.errorOnNotFound
|
|
81
81
|
});
|
|
82
82
|
if (result.origResponse.status >= 400) {
|
|
83
|
-
debug(`host ${host} with endpoint type ${endpointType} status: ${result.origResponse.status}, ${result.origResponse.statusText}`);
|
|
83
|
+
logger.debug(`host ${host} with endpoint type ${endpointType} status: ${result.origResponse.status}, ${result.origResponse.statusText}`);
|
|
84
84
|
}
|
|
85
85
|
return result;
|
|
86
86
|
}, "retrieveWellknown");
|
|
@@ -319,10 +319,10 @@ async function handleCredentialOfferUri(uri) {
|
|
|
319
319
|
const decodedUri = isUriEncoded(credentialOfferUri) ? decodeURIComponent(credentialOfferUri) : credentialOfferUri;
|
|
320
320
|
const response = await fetch(decodedUri);
|
|
321
321
|
if (!(response && response.status >= 200 && response.status < 400)) {
|
|
322
|
-
return Promise.reject(`the credential offer URI endpoint call was not successful. http code ${response.status} - reason ${response.statusText}`);
|
|
322
|
+
return Promise.reject(Error(`the credential offer URI endpoint call was not successful. http code ${response.status} - reason ${response.statusText}`));
|
|
323
323
|
}
|
|
324
324
|
if (response.headers.get("Content-Type")?.startsWith("application/json") === false) {
|
|
325
|
-
return Promise.reject("the credential offer URI endpoint did not return content type application/json");
|
|
325
|
+
return Promise.reject(Error("the credential offer URI endpoint did not return content type application/json"));
|
|
326
326
|
}
|
|
327
327
|
return {
|
|
328
328
|
credential_offer: decodeJsonProperties(await response.json())
|
|
@@ -353,7 +353,7 @@ function constructBaseResponse(request, scheme, baseUrl) {
|
|
|
353
353
|
__name(constructBaseResponse, "constructBaseResponse");
|
|
354
354
|
|
|
355
355
|
// lib/MetadataClientV1_0_13.ts
|
|
356
|
-
var
|
|
356
|
+
var logger2 = Loggers2.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
357
357
|
var MetadataClientV1_0_13 = class _MetadataClientV1_0_13 {
|
|
358
358
|
static {
|
|
359
359
|
__name(this, "MetadataClientV1_0_13");
|
|
@@ -397,7 +397,7 @@ var MetadataClientV1_0_13 = class _MetadataClientV1_0_13 {
|
|
|
397
397
|
});
|
|
398
398
|
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
399
399
|
if (credentialIssuerMetadata) {
|
|
400
|
-
|
|
400
|
+
logger2.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
401
401
|
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
402
402
|
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
403
403
|
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint;
|
|
@@ -414,7 +414,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
414
414
|
});
|
|
415
415
|
let authMetadata = response.successBody;
|
|
416
416
|
if (authMetadata) {
|
|
417
|
-
|
|
417
|
+
logger2.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
418
418
|
authorizationServerType = "OIDC";
|
|
419
419
|
} else {
|
|
420
420
|
response = await retrieveWellknown(authorization_servers[0], WellKnownEndpoints.OAUTH_AS, {
|
|
@@ -430,7 +430,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
430
430
|
if (!authorizationServerType) {
|
|
431
431
|
authorizationServerType = "OAuth 2.0";
|
|
432
432
|
}
|
|
433
|
-
|
|
433
|
+
logger2.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
434
434
|
if (!authMetadata.authorization_endpoint) {
|
|
435
435
|
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
436
436
|
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
@@ -449,24 +449,24 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
449
449
|
token_endpoint = authMetadata.token_endpoint;
|
|
450
450
|
if (authMetadata.credential_endpoint) {
|
|
451
451
|
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
452
|
-
|
|
452
|
+
logger2.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
453
453
|
} else {
|
|
454
454
|
credential_endpoint = authMetadata.credential_endpoint;
|
|
455
455
|
}
|
|
456
456
|
}
|
|
457
457
|
if (authMetadata.deferred_credential_endpoint) {
|
|
458
458
|
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
459
|
-
|
|
459
|
+
logger2.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
460
460
|
} else {
|
|
461
461
|
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
462
462
|
}
|
|
463
463
|
}
|
|
464
464
|
}
|
|
465
465
|
if (!authorization_endpoint) {
|
|
466
|
-
|
|
466
|
+
logger2.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
467
467
|
}
|
|
468
468
|
if (!token_endpoint) {
|
|
469
|
-
|
|
469
|
+
logger2.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
470
470
|
if (opts?.errorOnNotFound) {
|
|
471
471
|
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
472
472
|
} else {
|
|
@@ -474,7 +474,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
474
474
|
}
|
|
475
475
|
}
|
|
476
476
|
if (!credential_endpoint) {
|
|
477
|
-
|
|
477
|
+
logger2.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
478
478
|
if (opts?.errorOnNotFound) {
|
|
479
479
|
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
480
480
|
} else {
|
|
@@ -484,7 +484,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
484
484
|
if (!credentialIssuerMetadata && authMetadata) {
|
|
485
485
|
credentialIssuerMetadata = authMetadata;
|
|
486
486
|
}
|
|
487
|
-
|
|
487
|
+
logger2.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
488
488
|
return {
|
|
489
489
|
issuer,
|
|
490
490
|
token_endpoint,
|
|
@@ -785,9 +785,8 @@ var AccessTokenClient = class _AccessTokenClient {
|
|
|
785
785
|
// lib/AccessTokenClientV1_0_11.ts
|
|
786
786
|
import { createDPoP as createDPoP2, getCreateDPoPOptions as getCreateDPoPOptions2 } from "@sphereon/oid4vc-common";
|
|
787
787
|
import { assertedUniformCredentialOffer as assertedUniformCredentialOffer2, AuthzFlowType as AuthzFlowType2, convertJsonToURI as convertJsonToURI2, formPost as formPost2, getIssuerFromCredentialOfferPayload as getIssuerFromCredentialOfferPayload3, GrantTypes as GrantTypes2, JsonURIMode as JsonURIMode2, OpenId4VCIVersion as OpenId4VCIVersion3, PRE_AUTH_CODE_LITERAL as PRE_AUTH_CODE_LITERAL3, PRE_AUTH_GRANT_LITERAL as PRE_AUTH_GRANT_LITERAL3, TokenErrorResponse as TokenErrorResponse2, toUniformCredentialOfferRequest as toUniformCredentialOfferRequest2 } from "@sphereon/oid4vci-common";
|
|
788
|
-
import { ObjectUtils as ObjectUtils2 } from "@sphereon/ssi-types";
|
|
789
|
-
|
|
790
|
-
var debug3 = Debug3("sphereon:oid4vci:token");
|
|
788
|
+
import { Loggers as Loggers3, ObjectUtils as ObjectUtils2 } from "@sphereon/ssi-types";
|
|
789
|
+
var logger3 = Loggers3.DEFAULT.get("sphereon:oid4vci:token");
|
|
791
790
|
var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
792
791
|
static {
|
|
793
792
|
__name(this, "AccessTokenClientV1_0_11");
|
|
@@ -918,35 +917,35 @@ var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
|
918
917
|
if (requestPayload.grants?.[PRE_AUTH_GRANT_LITERAL3]) {
|
|
919
918
|
isPinRequired = requestPayload.grants[PRE_AUTH_GRANT_LITERAL3]?.user_pin_required ?? false;
|
|
920
919
|
}
|
|
921
|
-
|
|
920
|
+
logger3.debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
|
|
922
921
|
return isPinRequired;
|
|
923
922
|
}
|
|
924
923
|
assertNumericPin(isPinRequired, pin) {
|
|
925
924
|
if (isPinRequired) {
|
|
926
925
|
if (!pin || !/^\d{1,8}$/.test(pin)) {
|
|
927
|
-
|
|
926
|
+
logger3.debug(`Pin is not 1 to 8 digits long`);
|
|
928
927
|
throw new Error("A valid pin consisting of maximal 8 numeric characters must be present.");
|
|
929
928
|
}
|
|
930
929
|
} else if (pin) {
|
|
931
|
-
|
|
930
|
+
logger3.debug(`Pin set, whilst not required`);
|
|
932
931
|
throw new Error("Cannot set a pin, when the pin is not required.");
|
|
933
932
|
}
|
|
934
933
|
}
|
|
935
934
|
assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
|
|
936
935
|
if (!accessTokenRequest[PRE_AUTH_CODE_LITERAL3]) {
|
|
937
|
-
|
|
936
|
+
logger3.debug(`No pre-authorized code present, whilst it is required`);
|
|
938
937
|
throw new Error("Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.");
|
|
939
938
|
}
|
|
940
939
|
}
|
|
941
940
|
assertNonEmptyCodeVerifier(accessTokenRequest) {
|
|
942
941
|
if (!accessTokenRequest.code_verifier) {
|
|
943
|
-
|
|
942
|
+
logger3.debug("No code_verifier present, whilst it is required");
|
|
944
943
|
throw new Error("Authorization flow requires the code_verifier to be present");
|
|
945
944
|
}
|
|
946
945
|
}
|
|
947
946
|
assertNonEmptyCode(accessTokenRequest) {
|
|
948
947
|
if (!accessTokenRequest.code) {
|
|
949
|
-
|
|
948
|
+
logger3.debug("No code present, whilst it is required");
|
|
950
949
|
throw new Error("Authorization flow requires the code to be present");
|
|
951
950
|
}
|
|
952
951
|
}
|
|
@@ -988,7 +987,7 @@ var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
|
988
987
|
if (!url || !ObjectUtils2.isString(url)) {
|
|
989
988
|
throw new Error("No authorization server token URL present. Cannot acquire access token");
|
|
990
989
|
}
|
|
991
|
-
|
|
990
|
+
logger3.debug(`Token endpoint determined to be ${url}`);
|
|
992
991
|
return url;
|
|
993
992
|
}
|
|
994
993
|
static creatTokenURLFromURL(url, allowInsecureEndpoints, tokenEndpoint) {
|
|
@@ -1001,23 +1000,23 @@ var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
|
1001
1000
|
return `${scheme ? scheme + "://" : "https://"}${hostname}${endpoint}`;
|
|
1002
1001
|
}
|
|
1003
1002
|
throwNotSupportedFlow() {
|
|
1004
|
-
|
|
1003
|
+
logger3.debug(`Only pre-authorized or authorization code flows supported.`);
|
|
1005
1004
|
throw new Error("Only pre-authorized-code or authorization code flows are supported");
|
|
1006
1005
|
}
|
|
1007
1006
|
};
|
|
1008
1007
|
|
|
1009
1008
|
// lib/AuthorizationCodeClient.ts
|
|
1010
1009
|
import { CodeChallengeMethod as CodeChallengeMethod2, convertJsonToURI as convertJsonToURI3, CreateRequestObjectMode, determineSpecVersionFromOffer as determineSpecVersionFromOffer2, formPost as formPost3, isW3cCredentialSupported, JsonURIMode as JsonURIMode3, OpenId4VCIVersion as OpenId4VCIVersion5, PARMode, ResponseType } from "@sphereon/oid4vci-common";
|
|
1011
|
-
import
|
|
1010
|
+
import { Loggers as Loggers6 } from "@sphereon/ssi-types";
|
|
1012
1011
|
|
|
1013
1012
|
// lib/MetadataClient.ts
|
|
1014
1013
|
import { determineSpecVersionFromOffer, getIssuerFromCredentialOfferPayload as getIssuerFromCredentialOfferPayload5, OpenId4VCIVersion as OpenId4VCIVersion4, WellKnownEndpoints as WellKnownEndpoints3 } from "@sphereon/oid4vci-common";
|
|
1015
|
-
import
|
|
1014
|
+
import { Loggers as Loggers5 } from "@sphereon/ssi-types";
|
|
1016
1015
|
|
|
1017
1016
|
// lib/MetadataClientV1_0_11.ts
|
|
1018
1017
|
import { getIssuerFromCredentialOfferPayload as getIssuerFromCredentialOfferPayload4, WellKnownEndpoints as WellKnownEndpoints2 } from "@sphereon/oid4vci-common";
|
|
1019
|
-
import
|
|
1020
|
-
var
|
|
1018
|
+
import { Loggers as Loggers4 } from "@sphereon/ssi-types";
|
|
1019
|
+
var logger4 = Loggers4.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1021
1020
|
var MetadataClientV1_0_11 = class _MetadataClientV1_0_11 {
|
|
1022
1021
|
static {
|
|
1023
1022
|
__name(this, "MetadataClientV1_0_11");
|
|
@@ -1059,7 +1058,7 @@ var MetadataClientV1_0_11 = class _MetadataClientV1_0_11 {
|
|
|
1059
1058
|
});
|
|
1060
1059
|
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1061
1060
|
if (credentialIssuerMetadata) {
|
|
1062
|
-
|
|
1061
|
+
logger4.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1063
1062
|
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1064
1063
|
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1065
1064
|
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint;
|
|
@@ -1079,7 +1078,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1079
1078
|
});
|
|
1080
1079
|
let authMetadata = response.successBody;
|
|
1081
1080
|
if (authMetadata) {
|
|
1082
|
-
|
|
1081
|
+
logger4.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1083
1082
|
authorizationServerType = "OIDC";
|
|
1084
1083
|
} else {
|
|
1085
1084
|
response = await retrieveWellknown(authorization_server, WellKnownEndpoints2.OAUTH_AS, {
|
|
@@ -1095,7 +1094,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1095
1094
|
if (!authorizationServerType) {
|
|
1096
1095
|
authorizationServerType = "OAuth 2.0";
|
|
1097
1096
|
}
|
|
1098
|
-
|
|
1097
|
+
logger4.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1099
1098
|
if (!authMetadata.authorization_endpoint) {
|
|
1100
1099
|
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1101
1100
|
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
@@ -1114,24 +1113,24 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1114
1113
|
token_endpoint = authMetadata.token_endpoint;
|
|
1115
1114
|
if (authMetadata.credential_endpoint) {
|
|
1116
1115
|
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1117
|
-
|
|
1116
|
+
logger4.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1118
1117
|
} else {
|
|
1119
1118
|
credential_endpoint = authMetadata.credential_endpoint;
|
|
1120
1119
|
}
|
|
1121
1120
|
}
|
|
1122
1121
|
if (authMetadata.deferred_credential_endpoint) {
|
|
1123
1122
|
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1124
|
-
|
|
1123
|
+
logger4.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1125
1124
|
} else {
|
|
1126
1125
|
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1127
1126
|
}
|
|
1128
1127
|
}
|
|
1129
1128
|
}
|
|
1130
1129
|
if (!authorization_endpoint) {
|
|
1131
|
-
|
|
1130
|
+
logger4.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1132
1131
|
}
|
|
1133
1132
|
if (!token_endpoint) {
|
|
1134
|
-
|
|
1133
|
+
logger4.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1135
1134
|
if (opts?.errorOnNotFound) {
|
|
1136
1135
|
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1137
1136
|
} else {
|
|
@@ -1139,7 +1138,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1139
1138
|
}
|
|
1140
1139
|
}
|
|
1141
1140
|
if (!credential_endpoint) {
|
|
1142
|
-
|
|
1141
|
+
logger4.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1143
1142
|
if (opts?.errorOnNotFound) {
|
|
1144
1143
|
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1145
1144
|
} else {
|
|
@@ -1149,7 +1148,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1149
1148
|
if (!credentialIssuerMetadata && authMetadata) {
|
|
1150
1149
|
credentialIssuerMetadata = authMetadata;
|
|
1151
1150
|
}
|
|
1152
|
-
|
|
1151
|
+
logger4.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1153
1152
|
return {
|
|
1154
1153
|
issuer,
|
|
1155
1154
|
token_endpoint,
|
|
@@ -1176,7 +1175,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1176
1175
|
};
|
|
1177
1176
|
|
|
1178
1177
|
// lib/MetadataClient.ts
|
|
1179
|
-
var
|
|
1178
|
+
var logger5 = Loggers5.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1180
1179
|
var MetadataClient = class _MetadataClient {
|
|
1181
1180
|
static {
|
|
1182
1181
|
__name(this, "MetadataClient");
|
|
@@ -1229,7 +1228,7 @@ var MetadataClient = class _MetadataClient {
|
|
|
1229
1228
|
});
|
|
1230
1229
|
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1231
1230
|
if (credentialIssuerMetadata) {
|
|
1232
|
-
|
|
1231
|
+
logger5.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1233
1232
|
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1234
1233
|
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1235
1234
|
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint ? credentialIssuerMetadata.deferred_credential_endpoint : void 0;
|
|
@@ -1251,7 +1250,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1251
1250
|
});
|
|
1252
1251
|
let authMetadata = response.successBody;
|
|
1253
1252
|
if (authMetadata) {
|
|
1254
|
-
|
|
1253
|
+
logger5.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1255
1254
|
authorizationServerType = "OIDC";
|
|
1256
1255
|
} else {
|
|
1257
1256
|
response = await retrieveWellknown(authorization_servers[0], WellKnownEndpoints3.OAUTH_AS, {
|
|
@@ -1267,7 +1266,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1267
1266
|
if (!authorizationServerType) {
|
|
1268
1267
|
authorizationServerType = "OAuth 2.0";
|
|
1269
1268
|
}
|
|
1270
|
-
|
|
1269
|
+
logger5.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1271
1270
|
if (!authMetadata.authorization_endpoint) {
|
|
1272
1271
|
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1273
1272
|
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
@@ -1286,24 +1285,24 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1286
1285
|
token_endpoint = authMetadata.token_endpoint;
|
|
1287
1286
|
if (authMetadata.credential_endpoint) {
|
|
1288
1287
|
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1289
|
-
|
|
1288
|
+
logger5.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1290
1289
|
} else {
|
|
1291
1290
|
credential_endpoint = authMetadata.credential_endpoint;
|
|
1292
1291
|
}
|
|
1293
1292
|
}
|
|
1294
1293
|
if (authMetadata.deferred_credential_endpoint) {
|
|
1295
1294
|
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1296
|
-
|
|
1295
|
+
logger5.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1297
1296
|
} else {
|
|
1298
1297
|
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1299
1298
|
}
|
|
1300
1299
|
}
|
|
1301
1300
|
}
|
|
1302
1301
|
if (!authorization_endpoint) {
|
|
1303
|
-
|
|
1302
|
+
logger5.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1304
1303
|
}
|
|
1305
1304
|
if (!token_endpoint) {
|
|
1306
|
-
|
|
1305
|
+
logger5.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1307
1306
|
if (opts?.errorOnNotFound) {
|
|
1308
1307
|
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1309
1308
|
} else {
|
|
@@ -1311,7 +1310,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1311
1310
|
}
|
|
1312
1311
|
}
|
|
1313
1312
|
if (!credential_endpoint) {
|
|
1314
|
-
|
|
1313
|
+
logger5.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1315
1314
|
if (opts?.errorOnNotFound) {
|
|
1316
1315
|
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1317
1316
|
} else {
|
|
@@ -1321,7 +1320,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1321
1320
|
if (!credentialIssuerMetadata && authMetadata) {
|
|
1322
1321
|
credentialIssuerMetadata = authorization_server ? authMetadata : authMetadata;
|
|
1323
1322
|
}
|
|
1324
|
-
|
|
1323
|
+
logger5.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1325
1324
|
return {
|
|
1326
1325
|
issuer,
|
|
1327
1326
|
token_endpoint,
|
|
@@ -1353,7 +1352,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1353
1352
|
};
|
|
1354
1353
|
|
|
1355
1354
|
// lib/AuthorizationCodeClient.ts
|
|
1356
|
-
var
|
|
1355
|
+
var logger6 = Loggers6.DEFAULT.get("sphereon:oid4vci");
|
|
1357
1356
|
async function createSignedAuthRequestWhenNeeded(requestObject, opts) {
|
|
1358
1357
|
if (opts.requestObjectMode === CreateRequestObjectMode.REQUEST_URI) {
|
|
1359
1358
|
throw Error(`Request Object Mode ${opts.requestObjectMode} is not supported yet`);
|
|
@@ -1524,7 +1523,7 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1524
1523
|
if (!parEndpoint && parMode === PARMode.REQUIRE) {
|
|
1525
1524
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1526
1525
|
} else if (parEndpoint && parMode !== PARMode.NEVER) {
|
|
1527
|
-
|
|
1526
|
+
logger6.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1528
1527
|
const parResponse = await formPost3(parEndpoint, convertJsonToURI3(queryObj, {
|
|
1529
1528
|
mode: JsonURIMode3.X_FORM_WWW_URLENCODED,
|
|
1530
1529
|
uriTypeProperties: [
|
|
@@ -1544,9 +1543,9 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1544
1543
|
if (parMode === PARMode.REQUIRE) {
|
|
1545
1544
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1546
1545
|
}
|
|
1547
|
-
|
|
1546
|
+
logger6.debug("Falling back to regular request URI, since PAR failed", JSON.stringify(parResponse.errorBody));
|
|
1548
1547
|
} else {
|
|
1549
|
-
|
|
1548
|
+
logger6.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1550
1549
|
queryObj = {
|
|
1551
1550
|
client_id,
|
|
1552
1551
|
request_uri: parResponse.successBody.request_uri
|
|
@@ -1557,7 +1556,7 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1557
1556
|
...requestObjectOpts,
|
|
1558
1557
|
aud: endpointMetadata.authorization_server
|
|
1559
1558
|
});
|
|
1560
|
-
|
|
1559
|
+
logger6.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1561
1560
|
const url = convertJsonToURI3(queryObj, {
|
|
1562
1561
|
baseUrl: endpointMetadata.authorization_endpoint,
|
|
1563
1562
|
uriTypeProperties: [
|
|
@@ -1572,7 +1571,7 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1572
1571
|
// arrayTypeProperties: ['authorization_details'],
|
|
1573
1572
|
mode: JsonURIMode3.X_FORM_WWW_URLENCODED
|
|
1574
1573
|
});
|
|
1575
|
-
|
|
1574
|
+
logger6.debug(`Authorization Request URL: ${url}`);
|
|
1576
1575
|
return url;
|
|
1577
1576
|
}, "createAuthorizationRequestUrl");
|
|
1578
1577
|
var handleAuthorizationDetails = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
@@ -1664,8 +1663,8 @@ var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (authorizat
|
|
|
1664
1663
|
|
|
1665
1664
|
// lib/AuthorizationCodeClientV1_0_11.ts
|
|
1666
1665
|
import { CodeChallengeMethod as CodeChallengeMethod3, convertJsonToURI as convertJsonToURI4, CreateRequestObjectMode as CreateRequestObjectMode2, formPost as formPost4, JsonURIMode as JsonURIMode4, PARMode as PARMode2, ResponseType as ResponseType2 } from "@sphereon/oid4vci-common";
|
|
1667
|
-
import
|
|
1668
|
-
var
|
|
1666
|
+
import { Loggers as Loggers7 } from "@sphereon/ssi-types";
|
|
1667
|
+
var logger7 = Loggers7.DEFAULT.get("sphereon:oid4vci");
|
|
1669
1668
|
var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported }) => {
|
|
1670
1669
|
const { redirectUri, clientId, requestObjectOpts = {
|
|
1671
1670
|
requestObjectMode: CreateRequestObjectMode2.NONE
|
|
@@ -1724,7 +1723,7 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1724
1723
|
if (!parEndpoint && parMode === PARMode2.REQUIRE) {
|
|
1725
1724
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1726
1725
|
} else if (parEndpoint && parMode !== PARMode2.NEVER) {
|
|
1727
|
-
|
|
1726
|
+
logger7.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1728
1727
|
const parResponse = await formPost4(parEndpoint, convertJsonToURI4(queryObj, {
|
|
1729
1728
|
mode: JsonURIMode4.X_FORM_WWW_URLENCODED,
|
|
1730
1729
|
uriTypeProperties: [
|
|
@@ -1746,7 +1745,7 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1746
1745
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1747
1746
|
}
|
|
1748
1747
|
} else {
|
|
1749
|
-
|
|
1748
|
+
logger7.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1750
1749
|
queryObj = {
|
|
1751
1750
|
request_uri: parResponse.successBody.request_uri
|
|
1752
1751
|
};
|
|
@@ -1756,7 +1755,7 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1756
1755
|
...requestObjectOpts,
|
|
1757
1756
|
aud: endpointMetadata.authorization_server
|
|
1758
1757
|
});
|
|
1759
|
-
|
|
1758
|
+
logger7.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1760
1759
|
const url = convertJsonToURI4(queryObj, {
|
|
1761
1760
|
baseUrl: endpointMetadata.authorization_endpoint,
|
|
1762
1761
|
uriTypeProperties: [
|
|
@@ -1770,7 +1769,7 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1770
1769
|
// arrayTypeProperties: ['authorization_details'],
|
|
1771
1770
|
mode: JsonURIMode4.X_FORM_WWW_URLENCODED
|
|
1772
1771
|
});
|
|
1773
|
-
|
|
1772
|
+
logger7.debug(`Authorization Request URL: ${url}`);
|
|
1774
1773
|
return url;
|
|
1775
1774
|
}, "createAuthorizationRequestUrlV1_0_11");
|
|
1776
1775
|
var handleAuthorizationDetailsV1_0_11 = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
@@ -1816,8 +1815,8 @@ var handleLocations2 = /* @__PURE__ */ __name((endpointMetadata, authorizationDe
|
|
|
1816
1815
|
// lib/CredentialRequestClient.ts
|
|
1817
1816
|
import { createDPoP as createDPoP3, getCreateDPoPOptions as getCreateDPoPOptions3 } from "@sphereon/oid4vc-common";
|
|
1818
1817
|
import { acquireDeferredCredential, getCredentialRequestForVersion, getUniformFormat, isDeferredCredentialResponse, isValidURL, OpenId4VCIVersion as OpenId4VCIVersion6, post as post2, URL_NOT_VALID } from "@sphereon/oid4vci-common";
|
|
1819
|
-
import
|
|
1820
|
-
var
|
|
1818
|
+
import { Loggers as Loggers8 } from "@sphereon/ssi-types";
|
|
1819
|
+
var logger8 = Loggers8.DEFAULT.get("sphereon:oid4vci:credential");
|
|
1821
1820
|
async function buildProof(proofInput, opts) {
|
|
1822
1821
|
if ("proof_type" in proofInput) {
|
|
1823
1822
|
if (opts.cNonce) {
|
|
@@ -1898,11 +1897,11 @@ var CredentialRequestClient = class {
|
|
|
1898
1897
|
const request = getCredentialRequestForVersion(uniformRequest, this.version());
|
|
1899
1898
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
1900
1899
|
if (!isValidURL(credentialEndpoint)) {
|
|
1901
|
-
|
|
1900
|
+
logger8.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
1902
1901
|
throw new Error(URL_NOT_VALID);
|
|
1903
1902
|
}
|
|
1904
|
-
|
|
1905
|
-
|
|
1903
|
+
logger8.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
1904
|
+
logger8.debug(`request
|
|
1906
1905
|
: ${JSON.stringify(request, null, 2)}`);
|
|
1907
1906
|
const requestToken = this.credentialRequestOpts.token;
|
|
1908
1907
|
let dPoP = createDPoPOpts ? await createDPoP3(getCreateDPoPOptions3(createDPoPOpts, credentialEndpoint, {
|
|
@@ -1946,7 +1945,7 @@ var CredentialRequestClient = class {
|
|
|
1946
1945
|
throw Error("Subject signing was requested, but issuer did not provide the options in its response");
|
|
1947
1946
|
}
|
|
1948
1947
|
}
|
|
1949
|
-
|
|
1948
|
+
logger8.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
1950
1949
|
${JSON.stringify(response, null, 2)}`);
|
|
1951
1950
|
return {
|
|
1952
1951
|
...response,
|
|
@@ -2087,16 +2086,14 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2087
2086
|
|
|
2088
2087
|
// lib/CredentialOfferClient.ts
|
|
2089
2088
|
import { convertJsonToURI as convertJsonToURI5, convertURIToJsonObject, determineSpecVersionFromURI, OpenId4VCIVersion as OpenId4VCIVersion7, PRE_AUTH_GRANT_LITERAL as PRE_AUTH_GRANT_LITERAL4, toUniformCredentialOfferRequest as toUniformCredentialOfferRequest3 } from "@sphereon/oid4vci-common";
|
|
2090
|
-
import Debug9 from "debug";
|
|
2091
|
-
var debug9 = Debug9("sphereon:oid4vci:offer");
|
|
2092
2089
|
var CredentialOfferClient = class {
|
|
2093
2090
|
static {
|
|
2094
2091
|
__name(this, "CredentialOfferClient");
|
|
2095
2092
|
}
|
|
2096
2093
|
static async fromURI(uri, opts) {
|
|
2097
|
-
|
|
2094
|
+
LOG.debug(`Credential Offer URI: ${uri}`);
|
|
2098
2095
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2099
|
-
|
|
2096
|
+
LOG.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2100
2097
|
throw Error(`Invalid Credential Offer Request`);
|
|
2101
2098
|
}
|
|
2102
2099
|
const scheme = uri.split("://")[0];
|
|
@@ -2152,7 +2149,7 @@ var CredentialOfferClient = class {
|
|
|
2152
2149
|
};
|
|
2153
2150
|
}
|
|
2154
2151
|
static toURI(requestWithBaseUrl, opts) {
|
|
2155
|
-
|
|
2152
|
+
LOG.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2156
2153
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2157
2154
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2158
2155
|
let param;
|
|
@@ -2194,16 +2191,16 @@ var CredentialOfferClient = class {
|
|
|
2194
2191
|
|
|
2195
2192
|
// lib/CredentialOfferClientV1_0_11.ts
|
|
2196
2193
|
import { convertJsonToURI as convertJsonToURI6, convertURIToJsonObject as convertURIToJsonObject2, determineSpecVersionFromURI as determineSpecVersionFromURI2, getClientIdFromCredentialOfferPayload as getClientIdFromCredentialOfferPayload2, OpenId4VCIVersion as OpenId4VCIVersion8, PRE_AUTH_CODE_LITERAL as PRE_AUTH_CODE_LITERAL4, PRE_AUTH_GRANT_LITERAL as PRE_AUTH_GRANT_LITERAL5, toUniformCredentialOfferRequest as toUniformCredentialOfferRequest4 } from "@sphereon/oid4vci-common";
|
|
2197
|
-
import
|
|
2198
|
-
var
|
|
2194
|
+
import { Loggers as Loggers9 } from "@sphereon/ssi-types";
|
|
2195
|
+
var logger9 = Loggers9.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2199
2196
|
var CredentialOfferClientV1_0_11 = class {
|
|
2200
2197
|
static {
|
|
2201
2198
|
__name(this, "CredentialOfferClientV1_0_11");
|
|
2202
2199
|
}
|
|
2203
2200
|
static async fromURI(uri, opts) {
|
|
2204
|
-
|
|
2201
|
+
logger9.debug(`Credential Offer URI: ${uri}`);
|
|
2205
2202
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2206
|
-
|
|
2203
|
+
logger9.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2207
2204
|
throw Error(`Invalid Credential Offer Request`);
|
|
2208
2205
|
}
|
|
2209
2206
|
const scheme = uri.split("://")[0];
|
|
@@ -2264,7 +2261,7 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2264
2261
|
};
|
|
2265
2262
|
}
|
|
2266
2263
|
static toURI(requestWithBaseUrl, opts) {
|
|
2267
|
-
|
|
2264
|
+
logger9.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2268
2265
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2269
2266
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2270
2267
|
let param;
|
|
@@ -2306,16 +2303,16 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2306
2303
|
|
|
2307
2304
|
// lib/CredentialOfferClientV1_0_13.ts
|
|
2308
2305
|
import { convertJsonToURI as convertJsonToURI7, convertURIToJsonObject as convertURIToJsonObject3, determineSpecVersionFromURI as determineSpecVersionFromURI3, OpenId4VCIVersion as OpenId4VCIVersion9, PRE_AUTH_GRANT_LITERAL as PRE_AUTH_GRANT_LITERAL6, toUniformCredentialOfferRequest as toUniformCredentialOfferRequest5 } from "@sphereon/oid4vci-common";
|
|
2309
|
-
import
|
|
2310
|
-
var
|
|
2306
|
+
import { Loggers as Loggers10 } from "@sphereon/ssi-types";
|
|
2307
|
+
var logger10 = Loggers10.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2311
2308
|
var CredentialOfferClientV1_0_13 = class {
|
|
2312
2309
|
static {
|
|
2313
2310
|
__name(this, "CredentialOfferClientV1_0_13");
|
|
2314
2311
|
}
|
|
2315
2312
|
static async fromURI(uri, opts) {
|
|
2316
|
-
|
|
2313
|
+
logger10.debug(`Credential Offer URI: ${uri}`);
|
|
2317
2314
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2318
|
-
|
|
2315
|
+
logger10.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2319
2316
|
throw Error(`Invalid Credential Offer Request`);
|
|
2320
2317
|
}
|
|
2321
2318
|
const scheme = uri.split("://")[0];
|
|
@@ -2354,7 +2351,7 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2354
2351
|
};
|
|
2355
2352
|
}
|
|
2356
2353
|
static toURI(requestWithBaseUrl, opts) {
|
|
2357
|
-
|
|
2354
|
+
logger10.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2358
2355
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2359
2356
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2360
2357
|
let param;
|
|
@@ -2397,8 +2394,8 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2397
2394
|
// lib/CredentialRequestClientV1_0_11.ts
|
|
2398
2395
|
import { createDPoP as createDPoP4, getCreateDPoPOptions as getCreateDPoPOptions4 } from "@sphereon/oid4vc-common";
|
|
2399
2396
|
import { acquireDeferredCredential as acquireDeferredCredential2, getCredentialRequestForVersion as getCredentialRequestForVersion2, getUniformFormat as getUniformFormat2, isDeferredCredentialResponse as isDeferredCredentialResponse2, isValidURL as isValidURL2, OpenId4VCIVersion as OpenId4VCIVersion10, post as post3, URL_NOT_VALID as URL_NOT_VALID2 } from "@sphereon/oid4vci-common";
|
|
2400
|
-
import
|
|
2401
|
-
var
|
|
2397
|
+
import { Loggers as Loggers11 } from "@sphereon/ssi-types";
|
|
2398
|
+
var logger11 = Loggers11.DEFAULT.get("sphereon:oid4vci:credential");
|
|
2402
2399
|
var CredentialRequestClientV1_0_11 = class {
|
|
2403
2400
|
static {
|
|
2404
2401
|
__name(this, "CredentialRequestClientV1_0_11");
|
|
@@ -2437,11 +2434,11 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2437
2434
|
const request = getCredentialRequestForVersion2(uniformRequest, this.version());
|
|
2438
2435
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
2439
2436
|
if (!isValidURL2(credentialEndpoint)) {
|
|
2440
|
-
|
|
2437
|
+
logger11.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
2441
2438
|
throw new Error(URL_NOT_VALID2);
|
|
2442
2439
|
}
|
|
2443
|
-
|
|
2444
|
-
|
|
2440
|
+
logger11.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
2441
|
+
logger11.debug(`request
|
|
2445
2442
|
: ${JSON.stringify(request, null, 2)}`);
|
|
2446
2443
|
const requestToken = this.credentialRequestOpts.token;
|
|
2447
2444
|
let dPoP = createDPoPOpts ? await createDPoP4(getCreateDPoPOptions4(createDPoPOpts, credentialEndpoint, {
|
|
@@ -2480,7 +2477,7 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2480
2477
|
});
|
|
2481
2478
|
}
|
|
2482
2479
|
response.access_token = requestToken;
|
|
2483
|
-
|
|
2480
|
+
logger11.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2484
2481
|
${JSON.stringify(response, null, 2)}`);
|
|
2485
2482
|
return {
|
|
2486
2483
|
...response,
|
|
@@ -2941,6 +2938,7 @@ var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
|
2941
2938
|
if (this._builder.version === void 0 || this._builder.version < OpenId4VCIVersion13.VER_1_0_13) {
|
|
2942
2939
|
throw new Error("Version of spec should be equal or higher than v1_0_13");
|
|
2943
2940
|
}
|
|
2941
|
+
;
|
|
2944
2942
|
this._builder.withCredentialIdentifier(credentialIdentifier);
|
|
2945
2943
|
return this;
|
|
2946
2944
|
}
|
|
@@ -2979,8 +2977,8 @@ var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
|
2979
2977
|
|
|
2980
2978
|
// lib/OpenID4VCIClient.ts
|
|
2981
2979
|
import { AuthzFlowType as AuthzFlowType3, CodeChallengeMethod as CodeChallengeMethod4, DefaultURISchemes, determineVersionsFromIssuerMetadata, getClientIdFromCredentialOfferPayload as getClientIdFromCredentialOfferPayload3, getIssuerFromCredentialOfferPayload as getIssuerFromCredentialOfferPayload8, getSupportedCredentials, getTypesFromCredentialSupported, getTypesFromObject, KID_JWK_X5C_ERROR, OpenId4VCIVersion as OpenId4VCIVersion14, toAuthorizationResponsePayload } from "@sphereon/oid4vci-common";
|
|
2982
|
-
import
|
|
2983
|
-
var
|
|
2980
|
+
import { Loggers as Loggers12 } from "@sphereon/ssi-types";
|
|
2981
|
+
var logger12 = Loggers12.DEFAULT.get("sphereon:oid4vci");
|
|
2984
2982
|
var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
2985
2983
|
static {
|
|
2986
2984
|
__name(this, "OpenID4VCIClient");
|
|
@@ -3014,7 +3012,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3014
3012
|
if (!this._state.authorizationRequestOpts) {
|
|
3015
3013
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
3016
3014
|
}
|
|
3017
|
-
|
|
3015
|
+
logger12.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
3018
3016
|
}
|
|
3019
3017
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, endpointMetadata }) {
|
|
3020
3018
|
const client = new _OpenID4VCIClient({
|
|
@@ -3062,7 +3060,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3062
3060
|
authorizationRequest,
|
|
3063
3061
|
pkce
|
|
3064
3062
|
});
|
|
3065
|
-
|
|
3063
|
+
logger12.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
3066
3064
|
}
|
|
3067
3065
|
return client;
|
|
3068
3066
|
}
|
|
@@ -3129,12 +3127,12 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3129
3127
|
...opts
|
|
3130
3128
|
});
|
|
3131
3129
|
if (response.errorBody) {
|
|
3132
|
-
|
|
3130
|
+
logger12.debug(`Authorization code error:\r
|
|
3133
3131
|
${JSON.stringify(response.errorBody)}`);
|
|
3134
3132
|
const error = response.errorBody;
|
|
3135
3133
|
return Promise.reject(error);
|
|
3136
3134
|
} else if (!response.successBody) {
|
|
3137
|
-
|
|
3135
|
+
logger12.debug(`Authorization code error. No success body`);
|
|
3138
3136
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3139
3137
|
}
|
|
3140
3138
|
return {
|
|
@@ -3206,11 +3204,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3206
3204
|
}
|
|
3207
3205
|
});
|
|
3208
3206
|
if (response.errorBody) {
|
|
3209
|
-
|
|
3207
|
+
logger12.debug(`Access token error:\r
|
|
3210
3208
|
${JSON.stringify(response.errorBody)}`);
|
|
3211
3209
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3212
3210
|
} else if (!response.successBody) {
|
|
3213
|
-
|
|
3211
|
+
logger12.debug(`Access token error. No success body`);
|
|
3214
3212
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3215
3213
|
}
|
|
3216
3214
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -3320,11 +3318,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3320
3318
|
});
|
|
3321
3319
|
this._state.dpopResponseParams = response.params;
|
|
3322
3320
|
if (response.errorBody) {
|
|
3323
|
-
|
|
3321
|
+
logger12.debug(`Credential request error:\r
|
|
3324
3322
|
${JSON.stringify(response.errorBody)}`);
|
|
3325
3323
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3326
3324
|
} else if (!response.successBody) {
|
|
3327
|
-
|
|
3325
|
+
logger12.debug(`Credential request error. No success body`);
|
|
3328
3326
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3329
3327
|
}
|
|
3330
3328
|
return {
|
|
@@ -3534,8 +3532,8 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3534
3532
|
|
|
3535
3533
|
// lib/OpenID4VCIClientV1_0_13.ts
|
|
3536
3534
|
import { AuthzFlowType as AuthzFlowType4, CodeChallengeMethod as CodeChallengeMethod5, DefaultURISchemes as DefaultURISchemes2, getClientIdFromCredentialOfferPayload as getClientIdFromCredentialOfferPayload4, getIssuerFromCredentialOfferPayload as getIssuerFromCredentialOfferPayload9, getSupportedCredentials as getSupportedCredentials2, getTypesFromCredentialSupported as getTypesFromCredentialSupported2, KID_JWK_X5C_ERROR as KID_JWK_X5C_ERROR2, OpenId4VCIVersion as OpenId4VCIVersion15, toAuthorizationResponsePayload as toAuthorizationResponsePayload2 } from "@sphereon/oid4vci-common";
|
|
3537
|
-
import
|
|
3538
|
-
var
|
|
3535
|
+
import { Loggers as Loggers13 } from "@sphereon/ssi-types";
|
|
3536
|
+
var logger13 = Loggers13.DEFAULT.get("sphereon:oid4vci");
|
|
3539
3537
|
var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
3540
3538
|
static {
|
|
3541
3539
|
__name(this, "OpenID4VCIClientV1_0_13");
|
|
@@ -3569,7 +3567,7 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
3569
3567
|
if (!this._state.authorizationRequestOpts) {
|
|
3570
3568
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
3571
3569
|
}
|
|
3572
|
-
|
|
3570
|
+
logger13.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
3573
3571
|
}
|
|
3574
3572
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
3575
3573
|
const client = new _OpenID4VCIClientV1_0_13({
|
|
@@ -3615,7 +3613,7 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
3615
3613
|
authorizationRequest,
|
|
3616
3614
|
pkce
|
|
3617
3615
|
});
|
|
3618
|
-
|
|
3616
|
+
logger13.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
3619
3617
|
}
|
|
3620
3618
|
return client;
|
|
3621
3619
|
}
|
|
@@ -3673,12 +3671,12 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
3673
3671
|
...opts
|
|
3674
3672
|
});
|
|
3675
3673
|
if (response.errorBody) {
|
|
3676
|
-
|
|
3674
|
+
logger13.debug(`Authorization code error:\r
|
|
3677
3675
|
${JSON.stringify(response.errorBody)}`);
|
|
3678
3676
|
const error = response.errorBody;
|
|
3679
3677
|
return Promise.reject(error);
|
|
3680
3678
|
} else if (!response.successBody) {
|
|
3681
|
-
|
|
3679
|
+
logger13.debug(`Authorization code error. No success body`);
|
|
3682
3680
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3683
3681
|
}
|
|
3684
3682
|
return {
|
|
@@ -3750,11 +3748,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3750
3748
|
}
|
|
3751
3749
|
});
|
|
3752
3750
|
if (response.errorBody) {
|
|
3753
|
-
|
|
3751
|
+
logger13.debug(`Access token error:\r
|
|
3754
3752
|
${JSON.stringify(response.errorBody)}`);
|
|
3755
3753
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3756
3754
|
} else if (!response.successBody) {
|
|
3757
|
-
|
|
3755
|
+
logger13.debug(`Access token error. No success body`);
|
|
3758
3756
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3759
3757
|
}
|
|
3760
3758
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -3885,11 +3883,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3885
3883
|
const response = await credentialRequestClient.acquireCredentialsUsingRequest(request, createDPoPOpts);
|
|
3886
3884
|
this._state.dpopResponseParams = response.params;
|
|
3887
3885
|
if (response.errorBody) {
|
|
3888
|
-
|
|
3886
|
+
logger13.debug(`Credential request error:\r
|
|
3889
3887
|
${JSON.stringify(response.errorBody)}`);
|
|
3890
3888
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3891
3889
|
} else if (!response.successBody) {
|
|
3892
|
-
|
|
3890
|
+
logger13.debug(`Credential request error. No success body`);
|
|
3893
3891
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3894
3892
|
}
|
|
3895
3893
|
return {
|
|
@@ -4082,8 +4080,8 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4082
4080
|
|
|
4083
4081
|
// lib/OpenID4VCIClientV1_0_11.ts
|
|
4084
4082
|
import { AuthzFlowType as AuthzFlowType5, CodeChallengeMethod as CodeChallengeMethod6, DefaultURISchemes as DefaultURISchemes3, getClientIdFromCredentialOfferPayload as getClientIdFromCredentialOfferPayload5, getIssuerFromCredentialOfferPayload as getIssuerFromCredentialOfferPayload10, getSupportedCredentials as getSupportedCredentials3, getTypesFromCredentialSupported as getTypesFromCredentialSupported3, getTypesFromObject as getTypesFromObject2, KID_JWK_X5C_ERROR as KID_JWK_X5C_ERROR3, OpenId4VCIVersion as OpenId4VCIVersion16, toAuthorizationResponsePayload as toAuthorizationResponsePayload3 } from "@sphereon/oid4vci-common";
|
|
4085
|
-
import
|
|
4086
|
-
var
|
|
4083
|
+
import { Loggers as Loggers14 } from "@sphereon/ssi-types";
|
|
4084
|
+
var logger14 = Loggers14.DEFAULT.get("sphereon:oid4vci");
|
|
4087
4085
|
var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
4088
4086
|
static {
|
|
4089
4087
|
__name(this, "OpenID4VCIClientV1_0_11");
|
|
@@ -4116,7 +4114,7 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
4116
4114
|
if (!this._state.authorizationRequestOpts) {
|
|
4117
4115
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
4118
4116
|
}
|
|
4119
|
-
|
|
4117
|
+
logger14.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
4120
4118
|
}
|
|
4121
4119
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
4122
4120
|
const client = new _OpenID4VCIClientV1_0_11({
|
|
@@ -4162,7 +4160,7 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
4162
4160
|
authorizationRequest,
|
|
4163
4161
|
pkce
|
|
4164
4162
|
});
|
|
4165
|
-
|
|
4163
|
+
logger14.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
4166
4164
|
}
|
|
4167
4165
|
return client;
|
|
4168
4166
|
}
|
|
@@ -4219,12 +4217,12 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
4219
4217
|
...opts
|
|
4220
4218
|
});
|
|
4221
4219
|
if (response.errorBody) {
|
|
4222
|
-
|
|
4220
|
+
logger14.debug(`Authorization code error:\r
|
|
4223
4221
|
${JSON.stringify(response.errorBody)}`);
|
|
4224
4222
|
const error = response.errorBody;
|
|
4225
4223
|
return Promise.reject(error);
|
|
4226
4224
|
} else if (!response.successBody) {
|
|
4227
|
-
|
|
4225
|
+
logger14.debug(`Authorization code error. No success body`);
|
|
4228
4226
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
4229
4227
|
}
|
|
4230
4228
|
return {
|
|
@@ -4296,11 +4294,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4296
4294
|
}
|
|
4297
4295
|
});
|
|
4298
4296
|
if (response.errorBody) {
|
|
4299
|
-
|
|
4297
|
+
logger14.debug(`Access token error:\r
|
|
4300
4298
|
${JSON.stringify(response.errorBody)}`);
|
|
4301
4299
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4302
4300
|
} else if (!response.successBody) {
|
|
4303
|
-
|
|
4301
|
+
logger14.debug(`Access token error. No success body`);
|
|
4304
4302
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4305
4303
|
}
|
|
4306
4304
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -4385,11 +4383,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4385
4383
|
});
|
|
4386
4384
|
this._state.dpopResponseParams = response.params;
|
|
4387
4385
|
if (response.errorBody) {
|
|
4388
|
-
|
|
4386
|
+
logger14.debug(`Credential request error:\r
|
|
4389
4387
|
${JSON.stringify(response.errorBody)}`);
|
|
4390
4388
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4391
4389
|
} else if (!response.successBody) {
|
|
4392
|
-
|
|
4390
|
+
logger14.debug(`Credential request error. No success body`);
|
|
4393
4391
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4394
4392
|
}
|
|
4395
4393
|
return {
|