@sphereon/oid4vci-client 0.19.1-feat.SSISDK.34.72 → 0.19.1-feature.DIIPv4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +468 -1611
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +27 -243
- package/dist/index.d.ts +27 -243
- package/dist/index.js +402 -1545
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
package/dist/index.cjs
CHANGED
|
@@ -26,22 +26,18 @@ __export(index_exports, {
|
|
|
26
26
|
CredentialOfferClient: () => CredentialOfferClient,
|
|
27
27
|
CredentialOfferClientV1_0_11: () => CredentialOfferClientV1_0_11,
|
|
28
28
|
CredentialOfferClientV1_0_13: () => CredentialOfferClientV1_0_13,
|
|
29
|
-
CredentialOfferClientV1_0_15: () => CredentialOfferClientV1_0_15,
|
|
30
29
|
CredentialRequestClient: () => CredentialRequestClient,
|
|
31
30
|
CredentialRequestClientBuilder: () => CredentialRequestClientBuilder,
|
|
32
31
|
CredentialRequestClientBuilderV1_0_11: () => CredentialRequestClientBuilderV1_0_11,
|
|
33
32
|
CredentialRequestClientBuilderV1_0_13: () => CredentialRequestClientBuilderV1_0_13,
|
|
34
|
-
CredentialRequestClientBuilderV1_0_15: () => CredentialRequestClientBuilderV1_0_15,
|
|
35
33
|
CredentialRequestClientV1_0_11: () => CredentialRequestClientV1_0_11,
|
|
36
34
|
LOG: () => LOG2,
|
|
37
35
|
MetadataClient: () => MetadataClient,
|
|
38
36
|
MetadataClientV1_0_11: () => MetadataClientV1_0_11,
|
|
39
37
|
MetadataClientV1_0_13: () => MetadataClientV1_0_13,
|
|
40
|
-
MetadataClientV1_0_15: () => MetadataClientV1_0_15,
|
|
41
38
|
OpenID4VCIClient: () => OpenID4VCIClient,
|
|
42
39
|
OpenID4VCIClientV1_0_11: () => OpenID4VCIClientV1_0_11,
|
|
43
40
|
OpenID4VCIClientV1_0_13: () => OpenID4VCIClientV1_0_13,
|
|
44
|
-
OpenID4VCIClientV1_0_15: () => OpenID4VCIClientV1_0_15,
|
|
45
41
|
ProofOfPossessionBuilder: () => ProofOfPossessionBuilder,
|
|
46
42
|
acquireAuthorizationChallengeAuthCode: () => acquireAuthorizationChallengeAuthCode,
|
|
47
43
|
acquireAuthorizationChallengeAuthCodeUsingRequest: () => acquireAuthorizationChallengeAuthCodeUsingRequest,
|
|
@@ -60,7 +56,7 @@ __export(index_exports, {
|
|
|
60
56
|
sendNotification: () => sendNotification
|
|
61
57
|
});
|
|
62
58
|
module.exports = __toCommonJS(index_exports);
|
|
63
|
-
var
|
|
59
|
+
var import_oid4vci_common26 = require("@sphereon/oid4vci-common");
|
|
64
60
|
|
|
65
61
|
// lib/AccessTokenClient.ts
|
|
66
62
|
var import_oid4vc_common3 = require("@sphereon/oid4vc-common");
|
|
@@ -1064,13 +1060,13 @@ var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
|
1064
1060
|
};
|
|
1065
1061
|
|
|
1066
1062
|
// lib/AuthorizationCodeClient.ts
|
|
1067
|
-
var import_oid4vci_common14 = require("@sphereon/oid4vci-common");
|
|
1068
|
-
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1069
|
-
|
|
1070
|
-
// lib/MetadataClient.ts
|
|
1071
1063
|
var import_oid4vci_common13 = require("@sphereon/oid4vci-common");
|
|
1072
1064
|
var import_ssi_types8 = require("@sphereon/ssi-types");
|
|
1073
1065
|
|
|
1066
|
+
// lib/MetadataClient.ts
|
|
1067
|
+
var import_oid4vci_common12 = require("@sphereon/oid4vci-common");
|
|
1068
|
+
var import_ssi_types7 = require("@sphereon/ssi-types");
|
|
1069
|
+
|
|
1074
1070
|
// lib/MetadataClientV1_0_11.ts
|
|
1075
1071
|
var import_oid4vci_common11 = require("@sphereon/oid4vci-common");
|
|
1076
1072
|
var import_ssi_types6 = require("@sphereon/ssi-types");
|
|
@@ -1232,183 +1228,8 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1232
1228
|
}
|
|
1233
1229
|
};
|
|
1234
1230
|
|
|
1235
|
-
// lib/MetadataClientV1_0_15.ts
|
|
1236
|
-
var import_oid4vci_common12 = require("@sphereon/oid4vci-common");
|
|
1237
|
-
var import_ssi_types7 = require("@sphereon/ssi-types");
|
|
1238
|
-
var logger5 = import_ssi_types7.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1239
|
-
var MetadataClientV1_0_15 = class _MetadataClientV1_0_15 {
|
|
1240
|
-
static {
|
|
1241
|
-
__name(this, "MetadataClientV1_0_15");
|
|
1242
|
-
}
|
|
1243
|
-
/**
|
|
1244
|
-
* Retrieve metadata using the Initiation obtained from a previous step
|
|
1245
|
-
*
|
|
1246
|
-
* @param credentialOffer
|
|
1247
|
-
*/
|
|
1248
|
-
static async retrieveAllMetadataFromCredentialOffer(credentialOffer) {
|
|
1249
|
-
return _MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOfferRequest(credentialOffer.credential_offer);
|
|
1250
|
-
}
|
|
1251
|
-
/**
|
|
1252
|
-
* Retrieve the metada using the initiation request obtained from a previous step
|
|
1253
|
-
* @param request
|
|
1254
|
-
*/
|
|
1255
|
-
static async retrieveAllMetadataFromCredentialOfferRequest(request) {
|
|
1256
|
-
const issuer = (0, import_oid4vci_common12.getIssuerFromCredentialOfferPayload)(request);
|
|
1257
|
-
if (issuer) {
|
|
1258
|
-
return _MetadataClientV1_0_15.retrieveAllMetadata(issuer);
|
|
1259
|
-
}
|
|
1260
|
-
throw new Error("can't retrieve metadata from CredentialOfferRequest. No issuer field is present");
|
|
1261
|
-
}
|
|
1262
|
-
/**
|
|
1263
|
-
* Retrieve all metadata from an issuer
|
|
1264
|
-
* @param issuer The issuer URL
|
|
1265
|
-
* @param opts
|
|
1266
|
-
*/
|
|
1267
|
-
static async retrieveAllMetadata(issuer, opts) {
|
|
1268
|
-
let token_endpoint;
|
|
1269
|
-
let credential_endpoint;
|
|
1270
|
-
let nonce_endpoint;
|
|
1271
|
-
let deferred_credential_endpoint;
|
|
1272
|
-
let authorization_endpoint;
|
|
1273
|
-
let authorization_challenge_endpoint;
|
|
1274
|
-
let authorizationServerType = "OID4VCI";
|
|
1275
|
-
let authorization_servers = [
|
|
1276
|
-
issuer
|
|
1277
|
-
];
|
|
1278
|
-
const oid4vciResponse = await _MetadataClientV1_0_15.retrieveOpenID4VCIServerMetadata(issuer, {
|
|
1279
|
-
errorOnNotFound: false
|
|
1280
|
-
});
|
|
1281
|
-
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1282
|
-
if (credentialIssuerMetadata) {
|
|
1283
|
-
logger5.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1284
|
-
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1285
|
-
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1286
|
-
nonce_endpoint = credentialIssuerMetadata.nonce_endpoint;
|
|
1287
|
-
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint;
|
|
1288
|
-
if (credentialIssuerMetadata.token_endpoint) {
|
|
1289
|
-
token_endpoint = credentialIssuerMetadata.token_endpoint;
|
|
1290
|
-
}
|
|
1291
|
-
authorization_challenge_endpoint = credentialIssuerMetadata.authorization_challenge_endpoint;
|
|
1292
|
-
if (credentialIssuerMetadata.authorization_servers) {
|
|
1293
|
-
authorization_servers = credentialIssuerMetadata.authorization_servers;
|
|
1294
|
-
}
|
|
1295
|
-
}
|
|
1296
|
-
let response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OPENID_CONFIGURATION, {
|
|
1297
|
-
errorOnNotFound: false
|
|
1298
|
-
});
|
|
1299
|
-
let authMetadata = response.successBody;
|
|
1300
|
-
if (authMetadata) {
|
|
1301
|
-
logger5.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1302
|
-
authorizationServerType = "OIDC";
|
|
1303
|
-
} else {
|
|
1304
|
-
response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OAUTH_AS, {
|
|
1305
|
-
errorOnNotFound: false
|
|
1306
|
-
});
|
|
1307
|
-
authMetadata = response.successBody;
|
|
1308
|
-
}
|
|
1309
|
-
if (!authMetadata) {
|
|
1310
|
-
if (!authorization_servers.includes(issuer)) {
|
|
1311
|
-
throw Error(`Issuer ${issuer} provided a separate authorization server ${authorization_servers}, but that server did not provide metadata`);
|
|
1312
|
-
}
|
|
1313
|
-
} else {
|
|
1314
|
-
if (!authorizationServerType) {
|
|
1315
|
-
authorizationServerType = "OAuth 2.0";
|
|
1316
|
-
}
|
|
1317
|
-
logger5.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1318
|
-
if (!authMetadata.authorization_endpoint) {
|
|
1319
|
-
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1320
|
-
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
1321
|
-
throw Error(`Credential issuer has a different authorization_endpoint (${authorization_endpoint}) from the Authorization Server (${authMetadata.authorization_endpoint})`);
|
|
1322
|
-
}
|
|
1323
|
-
authorization_endpoint = authMetadata.authorization_endpoint;
|
|
1324
|
-
if (authorization_challenge_endpoint && authMetadata.authorization_challenge_endpoint !== authorization_challenge_endpoint) {
|
|
1325
|
-
throw Error(`Credential issuer has a different authorization_challenge_endpoint (${authorization_challenge_endpoint}) from the Authorization Server (${authMetadata.authorization_challenge_endpoint})`);
|
|
1326
|
-
}
|
|
1327
|
-
authorization_challenge_endpoint = authMetadata.authorization_challenge_endpoint;
|
|
1328
|
-
if (!authMetadata.token_endpoint) {
|
|
1329
|
-
throw Error(`Authorization Server ${authorization_servers} did not provide a token_endpoint`);
|
|
1330
|
-
} else if (token_endpoint && authMetadata.token_endpoint !== token_endpoint) {
|
|
1331
|
-
throw Error(`Credential issuer has a different token_endpoint (${token_endpoint}) from the Authorization Server (${authMetadata.token_endpoint})`);
|
|
1332
|
-
}
|
|
1333
|
-
token_endpoint = authMetadata.token_endpoint;
|
|
1334
|
-
if (authMetadata.credential_endpoint) {
|
|
1335
|
-
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1336
|
-
logger5.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1337
|
-
} else {
|
|
1338
|
-
credential_endpoint = authMetadata.credential_endpoint;
|
|
1339
|
-
}
|
|
1340
|
-
}
|
|
1341
|
-
if (authMetadata.deferred_credential_endpoint) {
|
|
1342
|
-
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1343
|
-
logger5.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1344
|
-
} else {
|
|
1345
|
-
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1346
|
-
}
|
|
1347
|
-
}
|
|
1348
|
-
}
|
|
1349
|
-
if (!authorization_endpoint) {
|
|
1350
|
-
logger5.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1351
|
-
}
|
|
1352
|
-
if (!token_endpoint) {
|
|
1353
|
-
logger5.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1354
|
-
if (opts?.errorOnNotFound) {
|
|
1355
|
-
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1356
|
-
} else {
|
|
1357
|
-
token_endpoint = `${issuer}${issuer.endsWith("/") ? "token" : "/token"}`;
|
|
1358
|
-
}
|
|
1359
|
-
}
|
|
1360
|
-
if (!credential_endpoint) {
|
|
1361
|
-
logger5.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1362
|
-
if (opts?.errorOnNotFound) {
|
|
1363
|
-
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1364
|
-
} else {
|
|
1365
|
-
credential_endpoint = `${issuer}${issuer.endsWith("/") ? "credential" : "/credential"}`;
|
|
1366
|
-
}
|
|
1367
|
-
}
|
|
1368
|
-
if (!credentialIssuerMetadata && authMetadata) {
|
|
1369
|
-
credentialIssuerMetadata = authMetadata;
|
|
1370
|
-
}
|
|
1371
|
-
const ci = credentialIssuerMetadata ?? {};
|
|
1372
|
-
const ciAuthorizationServers = Array.isArray(ci.authorization_servers) && ci.authorization_servers.length > 0 ? ci.authorization_servers : authorization_servers;
|
|
1373
|
-
const v15CredentialIssuerMetadata = {
|
|
1374
|
-
credential_issuer: ci.credential_issuer ?? issuer,
|
|
1375
|
-
credential_endpoint,
|
|
1376
|
-
authorization_servers: ciAuthorizationServers,
|
|
1377
|
-
credential_configurations_supported: ci.credential_configurations_supported ?? {},
|
|
1378
|
-
display: ci.display ?? [],
|
|
1379
|
-
...nonce_endpoint && {
|
|
1380
|
-
nonce_endpoint
|
|
1381
|
-
},
|
|
1382
|
-
...deferred_credential_endpoint && {
|
|
1383
|
-
deferred_credential_endpoint
|
|
1384
|
-
}
|
|
1385
|
-
};
|
|
1386
|
-
logger5.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1387
|
-
return {
|
|
1388
|
-
issuer,
|
|
1389
|
-
token_endpoint,
|
|
1390
|
-
credential_endpoint,
|
|
1391
|
-
authorization_challenge_endpoint,
|
|
1392
|
-
authorizationServerType,
|
|
1393
|
-
credentialIssuerMetadata: v15CredentialIssuerMetadata,
|
|
1394
|
-
authorizationServerMetadata: authMetadata
|
|
1395
|
-
};
|
|
1396
|
-
}
|
|
1397
|
-
/**
|
|
1398
|
-
* Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata
|
|
1399
|
-
*
|
|
1400
|
-
* @param issuerHost The issuer hostname
|
|
1401
|
-
* @param opts
|
|
1402
|
-
*/
|
|
1403
|
-
static async retrieveOpenID4VCIServerMetadata(issuerHost, opts) {
|
|
1404
|
-
return retrieveWellknown(issuerHost, import_oid4vci_common12.WellKnownEndpoints.OPENID4VCI_ISSUER, {
|
|
1405
|
-
errorOnNotFound: opts?.errorOnNotFound === void 0 ? true : opts.errorOnNotFound
|
|
1406
|
-
});
|
|
1407
|
-
}
|
|
1408
|
-
};
|
|
1409
|
-
|
|
1410
1231
|
// lib/MetadataClient.ts
|
|
1411
|
-
var
|
|
1232
|
+
var logger5 = import_ssi_types7.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1412
1233
|
var MetadataClient = class _MetadataClient {
|
|
1413
1234
|
static {
|
|
1414
1235
|
__name(this, "MetadataClient");
|
|
@@ -1419,9 +1240,7 @@ var MetadataClient = class _MetadataClient {
|
|
|
1419
1240
|
* @param credentialOffer
|
|
1420
1241
|
*/
|
|
1421
1242
|
static async retrieveAllMetadataFromCredentialOffer(credentialOffer) {
|
|
1422
|
-
if ((0,
|
|
1423
|
-
return await MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
1424
|
-
} else if ((0, import_oid4vci_common13.determineSpecVersionFromOffer)(credentialOffer.credential_offer) >= import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13) {
|
|
1243
|
+
if ((0, import_oid4vci_common12.determineSpecVersionFromOffer)(credentialOffer.credential_offer) >= import_oid4vci_common12.OpenId4VCIVersion.VER_1_0_13) {
|
|
1425
1244
|
return await MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
1426
1245
|
} else {
|
|
1427
1246
|
return await MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
@@ -1432,11 +1251,9 @@ var MetadataClient = class _MetadataClient {
|
|
|
1432
1251
|
* @param request
|
|
1433
1252
|
*/
|
|
1434
1253
|
static async retrieveAllMetadataFromCredentialOfferRequest(request) {
|
|
1435
|
-
const issuer = (0,
|
|
1254
|
+
const issuer = (0, import_oid4vci_common12.getIssuerFromCredentialOfferPayload)(request);
|
|
1436
1255
|
if (issuer) {
|
|
1437
|
-
if ((0,
|
|
1438
|
-
return MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
1439
|
-
} else if ((0, import_oid4vci_common13.determineSpecVersionFromOffer)(request) >= import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13) {
|
|
1256
|
+
if ((0, import_oid4vci_common12.determineSpecVersionFromOffer)(request) >= import_oid4vci_common12.OpenId4VCIVersion.VER_1_0_13) {
|
|
1440
1257
|
return MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
1441
1258
|
} else {
|
|
1442
1259
|
return MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
@@ -1465,7 +1282,7 @@ var MetadataClient = class _MetadataClient {
|
|
|
1465
1282
|
});
|
|
1466
1283
|
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1467
1284
|
if (credentialIssuerMetadata) {
|
|
1468
|
-
|
|
1285
|
+
logger5.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1469
1286
|
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1470
1287
|
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1471
1288
|
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint ? credentialIssuerMetadata.deferred_credential_endpoint : void 0;
|
|
@@ -1482,15 +1299,15 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1482
1299
|
];
|
|
1483
1300
|
}
|
|
1484
1301
|
}
|
|
1485
|
-
let response = await retrieveWellknown(authorization_servers[0],
|
|
1302
|
+
let response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OPENID_CONFIGURATION, {
|
|
1486
1303
|
errorOnNotFound: false
|
|
1487
1304
|
});
|
|
1488
1305
|
let authMetadata = response.successBody;
|
|
1489
1306
|
if (authMetadata) {
|
|
1490
|
-
|
|
1307
|
+
logger5.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1491
1308
|
authorizationServerType = "OIDC";
|
|
1492
1309
|
} else {
|
|
1493
|
-
response = await retrieveWellknown(authorization_servers[0],
|
|
1310
|
+
response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OAUTH_AS, {
|
|
1494
1311
|
errorOnNotFound: false
|
|
1495
1312
|
});
|
|
1496
1313
|
authMetadata = response.successBody;
|
|
@@ -1503,7 +1320,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1503
1320
|
if (!authorizationServerType) {
|
|
1504
1321
|
authorizationServerType = "OAuth 2.0";
|
|
1505
1322
|
}
|
|
1506
|
-
|
|
1323
|
+
logger5.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1507
1324
|
if (!authMetadata.authorization_endpoint) {
|
|
1508
1325
|
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1509
1326
|
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
@@ -1522,24 +1339,24 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1522
1339
|
token_endpoint = authMetadata.token_endpoint;
|
|
1523
1340
|
if (authMetadata.credential_endpoint) {
|
|
1524
1341
|
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1525
|
-
|
|
1342
|
+
logger5.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1526
1343
|
} else {
|
|
1527
1344
|
credential_endpoint = authMetadata.credential_endpoint;
|
|
1528
1345
|
}
|
|
1529
1346
|
}
|
|
1530
1347
|
if (authMetadata.deferred_credential_endpoint) {
|
|
1531
1348
|
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1532
|
-
|
|
1349
|
+
logger5.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1533
1350
|
} else {
|
|
1534
1351
|
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1535
1352
|
}
|
|
1536
1353
|
}
|
|
1537
1354
|
}
|
|
1538
1355
|
if (!authorization_endpoint) {
|
|
1539
|
-
|
|
1356
|
+
logger5.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1540
1357
|
}
|
|
1541
1358
|
if (!token_endpoint) {
|
|
1542
|
-
|
|
1359
|
+
logger5.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1543
1360
|
if (opts?.errorOnNotFound) {
|
|
1544
1361
|
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1545
1362
|
} else {
|
|
@@ -1547,7 +1364,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1547
1364
|
}
|
|
1548
1365
|
}
|
|
1549
1366
|
if (!credential_endpoint) {
|
|
1550
|
-
|
|
1367
|
+
logger5.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1551
1368
|
if (opts?.errorOnNotFound) {
|
|
1552
1369
|
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1553
1370
|
} else {
|
|
@@ -1557,7 +1374,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1557
1374
|
if (!credentialIssuerMetadata && authMetadata) {
|
|
1558
1375
|
credentialIssuerMetadata = authorization_server ? authMetadata : authMetadata;
|
|
1559
1376
|
}
|
|
1560
|
-
|
|
1377
|
+
logger5.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1561
1378
|
return {
|
|
1562
1379
|
issuer,
|
|
1563
1380
|
token_endpoint,
|
|
@@ -1582,18 +1399,18 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1582
1399
|
* @param opts
|
|
1583
1400
|
*/
|
|
1584
1401
|
static async retrieveOpenID4VCIServerMetadata(issuerHost, opts) {
|
|
1585
|
-
return retrieveWellknown(issuerHost,
|
|
1402
|
+
return retrieveWellknown(issuerHost, import_oid4vci_common12.WellKnownEndpoints.OPENID4VCI_ISSUER, {
|
|
1586
1403
|
errorOnNotFound: opts?.errorOnNotFound === void 0 ? true : opts.errorOnNotFound
|
|
1587
1404
|
});
|
|
1588
1405
|
}
|
|
1589
1406
|
};
|
|
1590
1407
|
|
|
1591
1408
|
// lib/AuthorizationCodeClient.ts
|
|
1592
|
-
var
|
|
1409
|
+
var logger6 = import_ssi_types8.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
1593
1410
|
async function createSignedAuthRequestWhenNeeded(requestObject, opts) {
|
|
1594
|
-
if (opts.requestObjectMode ===
|
|
1411
|
+
if (opts.requestObjectMode === import_oid4vci_common13.CreateRequestObjectMode.REQUEST_URI) {
|
|
1595
1412
|
throw Error(`Request Object Mode ${opts.requestObjectMode} is not supported yet`);
|
|
1596
|
-
} else if (opts.requestObjectMode ===
|
|
1413
|
+
} else if (opts.requestObjectMode === import_oid4vci_common13.CreateRequestObjectMode.REQUEST_OBJECT) {
|
|
1597
1414
|
if (typeof opts.signCallbacks?.signCallback !== "function") {
|
|
1598
1415
|
throw Error(`No request object sign callback found, whilst request object mode was set to ${opts.requestObjectMode}`);
|
|
1599
1416
|
} else if (!opts.kid) {
|
|
@@ -1632,7 +1449,7 @@ async function createSignedAuthRequestWhenNeeded(requestObject, opts) {
|
|
|
1632
1449
|
const pop = await ProofOfPossessionBuilder.fromJwt({
|
|
1633
1450
|
jwt,
|
|
1634
1451
|
callbacks: opts.signCallbacks,
|
|
1635
|
-
version:
|
|
1452
|
+
version: import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_11,
|
|
1636
1453
|
mode: "JWT"
|
|
1637
1454
|
}).build();
|
|
1638
1455
|
requestObject["request"] = pop.jwt;
|
|
@@ -1670,12 +1487,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1670
1487
|
}
|
|
1671
1488
|
__name(removeDisplayAndValueTypes, "removeDisplayAndValueTypes");
|
|
1672
1489
|
const { redirectUri, requestObjectOpts = {
|
|
1673
|
-
requestObjectMode:
|
|
1490
|
+
requestObjectMode: import_oid4vci_common13.CreateRequestObjectMode.NONE
|
|
1674
1491
|
} } = authorizationRequest;
|
|
1675
1492
|
const client_id = clientId ?? authorizationRequest.clientId;
|
|
1676
1493
|
const authorizationMetadata = endpointMetadata.authorizationServerMetadata ?? endpointMetadata.credentialIssuerMetadata;
|
|
1677
1494
|
let { authorizationDetails } = authorizationRequest;
|
|
1678
|
-
const parMode = authorizationMetadata?.require_pushed_authorization_requests ?
|
|
1495
|
+
const parMode = authorizationMetadata?.require_pushed_authorization_requests ? import_oid4vci_common13.PARMode.REQUIRE : authorizationRequest.parMode ?? (client_id ? import_oid4vci_common13.PARMode.AUTO : import_oid4vci_common13.PARMode.NEVER);
|
|
1679
1496
|
if (!authorizationRequest.scope && !authorizationDetails) {
|
|
1680
1497
|
if (!credentialOffer) {
|
|
1681
1498
|
throw Error("Please provide a scope or authorization_details if no credential offer is present");
|
|
@@ -1683,8 +1500,8 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1683
1500
|
if ("credentials" in credentialOffer.credential_offer) {
|
|
1684
1501
|
throw new Error("CredentialOffer format is wrong.");
|
|
1685
1502
|
}
|
|
1686
|
-
const ver = version ?? (0,
|
|
1687
|
-
const creds = ver ===
|
|
1503
|
+
const ver = version ?? (0, import_oid4vci_common13.determineSpecVersionFromOffer)(credentialOffer.credential_offer) ?? import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13;
|
|
1504
|
+
const creds = ver === import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13 ? filterSupportedCredentials(credentialOffer.credential_offer, credentialConfigurationSupported) : [];
|
|
1688
1505
|
authorizationDetails = creds.flatMap((cred) => {
|
|
1689
1506
|
const locations = [
|
|
1690
1507
|
credentialOffer?.credential_offer.credential_issuer ?? endpointMetadata.issuer
|
|
@@ -1694,10 +1511,10 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1694
1511
|
if (!credential_configuration_id && !cred.format) {
|
|
1695
1512
|
throw Error("format is required in authorization details");
|
|
1696
1513
|
}
|
|
1697
|
-
const vct = cred.format === "
|
|
1514
|
+
const vct = cred.format === "vc+sd-jwt" ? cred.vct : void 0;
|
|
1698
1515
|
const doctype = cred.format === "mso_mdoc" ? cred.doctype : void 0;
|
|
1699
1516
|
let credential_definition = void 0;
|
|
1700
|
-
if ((0,
|
|
1517
|
+
if ((0, import_oid4vci_common13.isW3cCredentialSupported)(cred)) {
|
|
1701
1518
|
credential_definition = {
|
|
1702
1519
|
...cred.credential_definition,
|
|
1703
1520
|
// type: OPTIONAL. Array as defined in Appendix A.1.1.2. This claim contains the type values the Wallet requests authorization for at the Credential Issuer. It MUST be present if the claim format is present in the root of the authorization details object. It MUST not be present otherwise.
|
|
@@ -1732,15 +1549,14 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1732
1549
|
throw Error(`Could not create authorization details from credential offer. Please pass in explicit details`);
|
|
1733
1550
|
}
|
|
1734
1551
|
}
|
|
1735
|
-
|
|
1736
|
-
if (!authorizationEndpoint) {
|
|
1552
|
+
if (!endpointMetadata?.authorization_endpoint) {
|
|
1737
1553
|
throw Error("Server metadata does not contain authorization endpoint");
|
|
1738
1554
|
}
|
|
1739
1555
|
const parEndpoint = authorizationMetadata?.pushed_authorization_request_endpoint;
|
|
1740
1556
|
let queryObj = {
|
|
1741
|
-
response_type:
|
|
1557
|
+
response_type: import_oid4vci_common13.ResponseType.AUTH_CODE,
|
|
1742
1558
|
...!pkce.disabled && {
|
|
1743
|
-
code_challenge_method: pkce.codeChallengeMethod ??
|
|
1559
|
+
code_challenge_method: pkce.codeChallengeMethod ?? import_oid4vci_common13.CodeChallengeMethod.S256,
|
|
1744
1560
|
code_challenge: pkce.codeChallenge
|
|
1745
1561
|
},
|
|
1746
1562
|
authorization_details: JSON.stringify(handleAuthorizationDetails(endpointMetadata, authorizationDetails)),
|
|
@@ -1758,12 +1574,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1758
1574
|
if (credentialOffer?.issuerState) {
|
|
1759
1575
|
queryObj.state = credentialOffer?.issuerState;
|
|
1760
1576
|
}
|
|
1761
|
-
if (!parEndpoint && parMode ===
|
|
1577
|
+
if (!parEndpoint && parMode === import_oid4vci_common13.PARMode.REQUIRE) {
|
|
1762
1578
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1763
|
-
} else if (parEndpoint && parMode !==
|
|
1764
|
-
|
|
1765
|
-
const parResponse = await (0,
|
|
1766
|
-
mode:
|
|
1579
|
+
} else if (parEndpoint && parMode !== import_oid4vci_common13.PARMode.NEVER) {
|
|
1580
|
+
logger6.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1581
|
+
const parResponse = await (0, import_oid4vci_common13.formPost)(parEndpoint, (0, import_oid4vci_common13.convertJsonToURI)(queryObj, {
|
|
1582
|
+
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
1767
1583
|
uriTypeProperties: [
|
|
1768
1584
|
"client_id",
|
|
1769
1585
|
"request_uri",
|
|
@@ -1778,12 +1594,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1778
1594
|
accept: "application/json"
|
|
1779
1595
|
});
|
|
1780
1596
|
if (parResponse.errorBody || !parResponse.successBody) {
|
|
1781
|
-
if (parMode ===
|
|
1597
|
+
if (parMode === import_oid4vci_common13.PARMode.REQUIRE) {
|
|
1782
1598
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1783
1599
|
}
|
|
1784
|
-
|
|
1600
|
+
logger6.debug("Falling back to regular request URI, since PAR failed", JSON.stringify(parResponse.errorBody));
|
|
1785
1601
|
} else {
|
|
1786
|
-
|
|
1602
|
+
logger6.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1787
1603
|
queryObj = {
|
|
1788
1604
|
client_id,
|
|
1789
1605
|
request_uri: parResponse.successBody.request_uri
|
|
@@ -1792,11 +1608,11 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1792
1608
|
}
|
|
1793
1609
|
await createSignedAuthRequestWhenNeeded(queryObj, {
|
|
1794
1610
|
...requestObjectOpts,
|
|
1795
|
-
aud: endpointMetadata.authorization_server
|
|
1611
|
+
aud: endpointMetadata.authorization_server
|
|
1796
1612
|
});
|
|
1797
|
-
|
|
1798
|
-
const url = (0,
|
|
1799
|
-
baseUrl:
|
|
1613
|
+
logger6.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1614
|
+
const url = (0, import_oid4vci_common13.convertJsonToURI)(queryObj, {
|
|
1615
|
+
baseUrl: endpointMetadata.authorization_endpoint,
|
|
1800
1616
|
uriTypeProperties: [
|
|
1801
1617
|
"client_id",
|
|
1802
1618
|
"request_uri",
|
|
@@ -1807,12 +1623,11 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1807
1623
|
"state"
|
|
1808
1624
|
],
|
|
1809
1625
|
// arrayTypeProperties: ['authorization_details'],
|
|
1810
|
-
mode:
|
|
1626
|
+
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1811
1627
|
});
|
|
1812
|
-
|
|
1628
|
+
logger6.debug(`Authorization Request URL: ${url}`);
|
|
1813
1629
|
return url;
|
|
1814
1630
|
}, "createAuthorizationRequestUrl");
|
|
1815
|
-
var hasCredentialDefinition = /* @__PURE__ */ __name((cred) => "credential_definition" in cred && cred.credential_definition && typeof cred.credential_definition === "object" && cred.credential_definition !== null && "type" in cred.credential_definition && Array.isArray(cred.credential_definition.type), "hasCredentialDefinition");
|
|
1816
1631
|
var handleAuthorizationDetails = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
1817
1632
|
if (authorizationDetails) {
|
|
1818
1633
|
if (typeof authorizationDetails === "string") {
|
|
@@ -1834,10 +1649,7 @@ var handleLocations = /* @__PURE__ */ __name((endpointMetadata, authorizationDet
|
|
|
1834
1649
|
if (typeof authorizationDetails === "string") {
|
|
1835
1650
|
return authorizationDetails;
|
|
1836
1651
|
}
|
|
1837
|
-
|
|
1838
|
-
const hasAuthorizationServers = Array.isArray(ciMeta?.authorization_servers) && ciMeta.authorization_servers.length > 0;
|
|
1839
|
-
const legacyHasAuthzEndpoint = Boolean(endpointMetadata.authorization_endpoint);
|
|
1840
|
-
if (hasAuthorizationServers || legacyHasAuthzEndpoint) {
|
|
1652
|
+
if (authorizationDetails && (endpointMetadata.credentialIssuerMetadata?.authorization_server || endpointMetadata.authorization_endpoint)) {
|
|
1841
1653
|
if (authorizationDetails.locations) {
|
|
1842
1654
|
if (Array.isArray(authorizationDetails.locations)) {
|
|
1843
1655
|
authorizationDetails.locations.push(endpointMetadata.issuer);
|
|
@@ -1896,23 +1708,23 @@ var createAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (opts) =>
|
|
|
1896
1708
|
return request;
|
|
1897
1709
|
}, "createAuthorizationChallengeRequest");
|
|
1898
1710
|
var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (authorizationChallengeCodeUrl, authorizationChallengeRequest, opts) => {
|
|
1899
|
-
return await (0,
|
|
1900
|
-
mode:
|
|
1711
|
+
return await (0, import_oid4vci_common13.formPost)(authorizationChallengeCodeUrl, (0, import_oid4vci_common13.convertJsonToURI)(authorizationChallengeRequest, {
|
|
1712
|
+
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1901
1713
|
}), {
|
|
1902
1714
|
customHeaders: opts?.headers ? opts.headers : void 0
|
|
1903
1715
|
});
|
|
1904
1716
|
}, "sendAuthorizationChallengeRequest");
|
|
1905
1717
|
|
|
1906
1718
|
// lib/AuthorizationCodeClientV1_0_11.ts
|
|
1907
|
-
var
|
|
1908
|
-
var
|
|
1909
|
-
var
|
|
1719
|
+
var import_oid4vci_common14 = require("@sphereon/oid4vci-common");
|
|
1720
|
+
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1721
|
+
var logger7 = import_ssi_types9.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
1910
1722
|
var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported }) => {
|
|
1911
1723
|
const { redirectUri, clientId, requestObjectOpts = {
|
|
1912
|
-
requestObjectMode:
|
|
1724
|
+
requestObjectMode: import_oid4vci_common14.CreateRequestObjectMode.NONE
|
|
1913
1725
|
} } = authorizationRequest;
|
|
1914
1726
|
let { scope, authorizationDetails } = authorizationRequest;
|
|
1915
|
-
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests ?
|
|
1727
|
+
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests ? import_oid4vci_common14.PARMode.REQUIRE : authorizationRequest.parMode ?? import_oid4vci_common14.PARMode.AUTO;
|
|
1916
1728
|
if (!scope && !authorizationDetails) {
|
|
1917
1729
|
if (!credentialOffer) {
|
|
1918
1730
|
throw Error("Please provide a scope or authorization_details if no credential offer is present");
|
|
@@ -1945,9 +1757,9 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1945
1757
|
].filter((s) => !!s).join(" ");
|
|
1946
1758
|
}
|
|
1947
1759
|
let queryObj = {
|
|
1948
|
-
response_type:
|
|
1760
|
+
response_type: import_oid4vci_common14.ResponseType.AUTH_CODE,
|
|
1949
1761
|
...!pkce.disabled && {
|
|
1950
|
-
code_challenge_method: pkce.codeChallengeMethod ??
|
|
1762
|
+
code_challenge_method: pkce.codeChallengeMethod ?? import_oid4vci_common14.CodeChallengeMethod.S256,
|
|
1951
1763
|
code_challenge: pkce.codeChallenge
|
|
1952
1764
|
},
|
|
1953
1765
|
authorization_details: JSON.stringify(handleAuthorizationDetailsV1_0_11(endpointMetadata, authorizationDetails)),
|
|
@@ -1962,12 +1774,12 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1962
1774
|
},
|
|
1963
1775
|
scope
|
|
1964
1776
|
};
|
|
1965
|
-
if (!parEndpoint && parMode ===
|
|
1777
|
+
if (!parEndpoint && parMode === import_oid4vci_common14.PARMode.REQUIRE) {
|
|
1966
1778
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1967
|
-
} else if (parEndpoint && parMode !==
|
|
1968
|
-
|
|
1969
|
-
const parResponse = await (0,
|
|
1970
|
-
mode:
|
|
1779
|
+
} else if (parEndpoint && parMode !== import_oid4vci_common14.PARMode.NEVER) {
|
|
1780
|
+
logger7.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1781
|
+
const parResponse = await (0, import_oid4vci_common14.formPost)(parEndpoint, (0, import_oid4vci_common14.convertJsonToURI)(queryObj, {
|
|
1782
|
+
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
1971
1783
|
uriTypeProperties: [
|
|
1972
1784
|
"client_id",
|
|
1973
1785
|
"request_uri",
|
|
@@ -1983,11 +1795,11 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1983
1795
|
if (parResponse.errorBody || !parResponse.successBody) {
|
|
1984
1796
|
console.log(JSON.stringify(parResponse.errorBody));
|
|
1985
1797
|
console.log("Falling back to regular request URI, since PAR failed");
|
|
1986
|
-
if (parMode ===
|
|
1798
|
+
if (parMode === import_oid4vci_common14.PARMode.REQUIRE) {
|
|
1987
1799
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1988
1800
|
}
|
|
1989
1801
|
} else {
|
|
1990
|
-
|
|
1802
|
+
logger7.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1991
1803
|
queryObj = {
|
|
1992
1804
|
request_uri: parResponse.successBody.request_uri
|
|
1993
1805
|
};
|
|
@@ -1997,8 +1809,8 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1997
1809
|
...requestObjectOpts,
|
|
1998
1810
|
aud: endpointMetadata.authorization_server
|
|
1999
1811
|
});
|
|
2000
|
-
|
|
2001
|
-
const url = (0,
|
|
1812
|
+
logger7.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1813
|
+
const url = (0, import_oid4vci_common14.convertJsonToURI)(queryObj, {
|
|
2002
1814
|
baseUrl: endpointMetadata.authorization_endpoint,
|
|
2003
1815
|
uriTypeProperties: [
|
|
2004
1816
|
"client_id",
|
|
@@ -2009,9 +1821,9 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
2009
1821
|
"issuer_state"
|
|
2010
1822
|
],
|
|
2011
1823
|
// arrayTypeProperties: ['authorization_details'],
|
|
2012
|
-
mode:
|
|
1824
|
+
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
2013
1825
|
});
|
|
2014
|
-
|
|
1826
|
+
logger7.debug(`Authorization Request URL: ${url}`);
|
|
2015
1827
|
return url;
|
|
2016
1828
|
}, "createAuthorizationRequestUrlV1_0_11");
|
|
2017
1829
|
var handleAuthorizationDetailsV1_0_11 = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
@@ -2056,9 +1868,9 @@ var handleLocations2 = /* @__PURE__ */ __name((endpointMetadata, authorizationDe
|
|
|
2056
1868
|
|
|
2057
1869
|
// lib/CredentialRequestClient.ts
|
|
2058
1870
|
var import_oid4vc_common5 = require("@sphereon/oid4vc-common");
|
|
2059
|
-
var
|
|
2060
|
-
var
|
|
2061
|
-
var
|
|
1871
|
+
var import_oid4vci_common15 = require("@sphereon/oid4vci-common");
|
|
1872
|
+
var import_ssi_types10 = require("@sphereon/ssi-types");
|
|
1873
|
+
var logger8 = import_ssi_types10.Loggers.DEFAULT.get("sphereon:oid4vci:credential");
|
|
2062
1874
|
async function buildProof(proofInput, opts) {
|
|
2063
1875
|
if ("proof_type" in proofInput) {
|
|
2064
1876
|
if (opts.cNonce) {
|
|
@@ -2072,27 +1884,6 @@ async function buildProof(proofInput, opts) {
|
|
|
2072
1884
|
return await proofInput.build();
|
|
2073
1885
|
}
|
|
2074
1886
|
__name(buildProof, "buildProof");
|
|
2075
|
-
function isOpenIdCredentialDetail(ad) {
|
|
2076
|
-
return typeof ad === "object" && ad !== null && ad.type === "openid_credential";
|
|
2077
|
-
}
|
|
2078
|
-
__name(isOpenIdCredentialDetail, "isOpenIdCredentialDetail");
|
|
2079
|
-
function findAuthorizationDetail(authorizationDetails, preferredConfigId) {
|
|
2080
|
-
if (!authorizationDetails) {
|
|
2081
|
-
return void 0;
|
|
2082
|
-
}
|
|
2083
|
-
const openIdCredentialDetails = authorizationDetails.filter(isOpenIdCredentialDetail);
|
|
2084
|
-
if (openIdCredentialDetails.length === 0) {
|
|
2085
|
-
return void 0;
|
|
2086
|
-
}
|
|
2087
|
-
if (preferredConfigId) {
|
|
2088
|
-
const match = openIdCredentialDetails.find((detail) => typeof detail === "object" && detail !== null && detail.credential_configuration_id === preferredConfigId);
|
|
2089
|
-
if (match) {
|
|
2090
|
-
return match;
|
|
2091
|
-
}
|
|
2092
|
-
}
|
|
2093
|
-
return openIdCredentialDetails[0];
|
|
2094
|
-
}
|
|
2095
|
-
__name(findAuthorizationDetail, "findAuthorizationDetail");
|
|
2096
1887
|
var CredentialRequestClient = class {
|
|
2097
1888
|
static {
|
|
2098
1889
|
__name(this, "CredentialRequestClient");
|
|
@@ -2132,10 +1923,7 @@ var CredentialRequestClient = class {
|
|
|
2132
1923
|
credentialIdentifier,
|
|
2133
1924
|
subjectIssuance
|
|
2134
1925
|
});
|
|
2135
|
-
|
|
2136
|
-
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
2137
|
-
}
|
|
2138
|
-
return await this.acquireCredentialsUsingRequestWithoutProof(request, format, opts.createDPoPOpts);
|
|
1926
|
+
return await this.acquireCredentialsUsingRequestWithoutProof(request, opts.createDPoPOpts);
|
|
2139
1927
|
}
|
|
2140
1928
|
async acquireCredentialsUsingProof(opts) {
|
|
2141
1929
|
const { credentialIdentifier, credentialTypes, proofInput, format, context, subjectIssuance } = opts;
|
|
@@ -2148,35 +1936,32 @@ var CredentialRequestClient = class {
|
|
|
2148
1936
|
credentialIdentifier,
|
|
2149
1937
|
subjectIssuance
|
|
2150
1938
|
});
|
|
2151
|
-
|
|
2152
|
-
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
2153
|
-
}
|
|
2154
|
-
return await this.acquireCredentialsUsingRequest(request, format, opts.createDPoPOpts);
|
|
1939
|
+
return await this.acquireCredentialsUsingRequest(request, opts.createDPoPOpts);
|
|
2155
1940
|
}
|
|
2156
|
-
async acquireCredentialsUsingRequestWithoutProof(uniformRequest,
|
|
2157
|
-
return await this.acquireCredentialsUsingRequestImpl(uniformRequest,
|
|
1941
|
+
async acquireCredentialsUsingRequestWithoutProof(uniformRequest, createDPoPOpts) {
|
|
1942
|
+
return await this.acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts);
|
|
2158
1943
|
}
|
|
2159
|
-
async acquireCredentialsUsingRequest(uniformRequest,
|
|
2160
|
-
return await this.acquireCredentialsUsingRequestImpl(uniformRequest,
|
|
1944
|
+
async acquireCredentialsUsingRequest(uniformRequest, createDPoPOpts) {
|
|
1945
|
+
return await this.acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts);
|
|
2161
1946
|
}
|
|
2162
|
-
async acquireCredentialsUsingRequestImpl(uniformRequest,
|
|
2163
|
-
if (this.version() <
|
|
1947
|
+
async acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts) {
|
|
1948
|
+
if (this.version() < import_oid4vci_common15.OpenId4VCIVersion.VER_1_0_13) {
|
|
2164
1949
|
throw new Error("Versions below v1.0.13 (draft 13) are not supported by the V13 credential request client.");
|
|
2165
1950
|
}
|
|
2166
|
-
const request = (0,
|
|
1951
|
+
const request = (0, import_oid4vci_common15.getCredentialRequestForVersion)(uniformRequest, this.version());
|
|
2167
1952
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
2168
|
-
if (!(0,
|
|
2169
|
-
|
|
2170
|
-
throw new Error(
|
|
1953
|
+
if (!(0, import_oid4vci_common15.isValidURL)(credentialEndpoint)) {
|
|
1954
|
+
logger8.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
1955
|
+
throw new Error(import_oid4vci_common15.URL_NOT_VALID);
|
|
2171
1956
|
}
|
|
2172
|
-
|
|
2173
|
-
|
|
1957
|
+
logger8.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
1958
|
+
logger8.debug(`request
|
|
2174
1959
|
: ${JSON.stringify(request, null, 2)}`);
|
|
2175
1960
|
const requestToken = this.credentialRequestOpts.token;
|
|
2176
1961
|
let dPoP = createDPoPOpts ? await (0, import_oid4vc_common5.createDPoP)((0, import_oid4vc_common5.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2177
1962
|
accessToken: requestToken
|
|
2178
1963
|
})) : void 0;
|
|
2179
|
-
let response = await (0,
|
|
1964
|
+
let response = await (0, import_oid4vci_common15.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2180
1965
|
bearerToken: requestToken,
|
|
2181
1966
|
...dPoP && {
|
|
2182
1967
|
customHeaders: {
|
|
@@ -2191,7 +1976,7 @@ var CredentialRequestClient = class {
|
|
|
2191
1976
|
dPoP = await (0, import_oid4vc_common5.createDPoP)((0, import_oid4vc_common5.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2192
1977
|
accessToken: requestToken
|
|
2193
1978
|
}));
|
|
2194
|
-
response = await (0,
|
|
1979
|
+
response = await (0, import_oid4vci_common15.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2195
1980
|
bearerToken: requestToken,
|
|
2196
1981
|
...createDPoPOpts && {
|
|
2197
1982
|
customHeaders: {
|
|
@@ -2202,7 +1987,7 @@ var CredentialRequestClient = class {
|
|
|
2202
1987
|
const successDPoPNonce = response.origResponse.headers.get("DPoP-Nonce");
|
|
2203
1988
|
nextDPoPNonce = successDPoPNonce ?? retryWithNonce.dpopNonce;
|
|
2204
1989
|
}
|
|
2205
|
-
this._isDeferred = (0,
|
|
1990
|
+
this._isDeferred = (0, import_oid4vci_common15.isDeferredCredentialResponse)(response);
|
|
2206
1991
|
if (this.isDeferred() && this.credentialRequestOpts.deferredCredentialAwait && response.successBody) {
|
|
2207
1992
|
response = await this.acquireDeferredCredential(response.successBody, {
|
|
2208
1993
|
bearerToken: this.credentialRequestOpts.token
|
|
@@ -2214,7 +1999,7 @@ var CredentialRequestClient = class {
|
|
|
2214
1999
|
throw Error("Subject signing was requested, but issuer did not provide the options in its response");
|
|
2215
2000
|
}
|
|
2216
2001
|
}
|
|
2217
|
-
|
|
2002
|
+
logger8.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2218
2003
|
${JSON.stringify(response, null, 2)}`);
|
|
2219
2004
|
return {
|
|
2220
2005
|
...response,
|
|
@@ -2236,7 +2021,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2236
2021
|
} else if (!bearerToken) {
|
|
2237
2022
|
throw Error(`No bearer token present and refresh for defered endpoint not supported yet`);
|
|
2238
2023
|
}
|
|
2239
|
-
return await (0,
|
|
2024
|
+
return await (0, import_oid4vci_common15.acquireDeferredCredential)({
|
|
2240
2025
|
bearerToken,
|
|
2241
2026
|
transactionId,
|
|
2242
2027
|
deferredCredentialEndpoint,
|
|
@@ -2251,64 +2036,27 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2251
2036
|
return await this.createCredentialRequestImpl(opts);
|
|
2252
2037
|
}
|
|
2253
2038
|
async createCredentialRequestImpl(opts) {
|
|
2254
|
-
const { proofInput, credentialIdentifier
|
|
2039
|
+
const { proofInput, credentialIdentifier: credential_identifier } = opts;
|
|
2255
2040
|
let proof = void 0;
|
|
2256
2041
|
if (proofInput) {
|
|
2257
2042
|
proof = await buildProof(proofInput, opts);
|
|
2258
2043
|
}
|
|
2259
|
-
if (
|
|
2260
|
-
|
|
2261
|
-
|
|
2262
|
-
const commonBody = {
|
|
2263
|
-
...issuer_state2 && {
|
|
2264
|
-
issuer_state: issuer_state2
|
|
2265
|
-
},
|
|
2266
|
-
...proof && {
|
|
2267
|
-
proof
|
|
2268
|
-
},
|
|
2269
|
-
...opts.subjectIssuance
|
|
2270
|
-
};
|
|
2271
|
-
const authDetailObj = authDetail && typeof authDetail === "object" ? authDetail : null;
|
|
2272
|
-
if (authDetailObj?.credential_identifier) {
|
|
2273
|
-
return {
|
|
2274
|
-
credential_identifier: authDetailObj.credential_identifier,
|
|
2275
|
-
...commonBody
|
|
2276
|
-
};
|
|
2044
|
+
if (credential_identifier) {
|
|
2045
|
+
if (opts.format || opts.credentialTypes || opts.context) {
|
|
2046
|
+
throw Error(`You cannot mix credential_identifier with format, credential types and/or context`);
|
|
2277
2047
|
}
|
|
2278
|
-
if (authDetailObj?.credential_identifiers && authDetailObj.credential_identifiers.length > 0) {
|
|
2279
|
-
return {
|
|
2280
|
-
credential_identifier: authDetailObj.credential_identifiers[0],
|
|
2281
|
-
...commonBody
|
|
2282
|
-
};
|
|
2283
|
-
}
|
|
2284
|
-
const configId = credentialConfigurationId ?? authDetailObj?.credential_configuration_id ?? this._credentialRequestOpts.credentialConfigurationId;
|
|
2285
|
-
if (configId) {
|
|
2286
|
-
return {
|
|
2287
|
-
credential_configuration_id: configId,
|
|
2288
|
-
...commonBody
|
|
2289
|
-
};
|
|
2290
|
-
}
|
|
2291
|
-
if (credentialIdentifier) {
|
|
2292
|
-
return {
|
|
2293
|
-
credential_identifier: credentialIdentifier,
|
|
2294
|
-
...commonBody
|
|
2295
|
-
};
|
|
2296
|
-
}
|
|
2297
|
-
return Promise.reject(Error("No credential_identifier or credential_configuration_id available for v1.0-15 request"));
|
|
2298
|
-
}
|
|
2299
|
-
if (credentialIdentifier) {
|
|
2300
|
-
const proof_obj = proof ? {
|
|
2301
|
-
proof
|
|
2302
|
-
} : {};
|
|
2303
2048
|
return {
|
|
2304
|
-
credential_identifier
|
|
2305
|
-
...
|
|
2049
|
+
credential_identifier,
|
|
2050
|
+
...proof && {
|
|
2051
|
+
proof
|
|
2052
|
+
}
|
|
2306
2053
|
};
|
|
2307
2054
|
}
|
|
2308
2055
|
const formatSelection = opts.format ?? this.credentialRequestOpts.format;
|
|
2309
2056
|
if (!formatSelection) {
|
|
2310
2057
|
throw Error(`Format of credential to be issued is missing`);
|
|
2311
2058
|
}
|
|
2059
|
+
const format = (0, import_oid4vci_common15.getUniformFormat)(formatSelection);
|
|
2312
2060
|
const typesSelection = opts?.credentialTypes && (typeof opts.credentialTypes === "string" || opts.credentialTypes.length > 0) ? opts.credentialTypes : this.credentialRequestOpts.credentialTypes;
|
|
2313
2061
|
if (!typesSelection) {
|
|
2314
2062
|
throw Error(`Credential type(s) need to be provided`);
|
|
@@ -2320,33 +2068,78 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2320
2068
|
throw Error(`Credential type(s) need to be provided`);
|
|
2321
2069
|
}
|
|
2322
2070
|
const issuer_state = this.credentialRequestOpts.issuerState;
|
|
2323
|
-
if (
|
|
2071
|
+
if (format === "jwt_vc_json" || format === "jwt_vc") {
|
|
2324
2072
|
return {
|
|
2325
|
-
format: formatSelection,
|
|
2326
2073
|
credential_definition: {
|
|
2327
|
-
type: types
|
|
2328
|
-
|
|
2329
|
-
|
|
2330
|
-
|
|
2074
|
+
type: types
|
|
2075
|
+
},
|
|
2076
|
+
format,
|
|
2077
|
+
...issuer_state && {
|
|
2078
|
+
issuer_state
|
|
2079
|
+
},
|
|
2080
|
+
...proof && {
|
|
2081
|
+
proof
|
|
2082
|
+
},
|
|
2083
|
+
...opts.subjectIssuance
|
|
2084
|
+
};
|
|
2085
|
+
} else if (format === "jwt_vc_json-ld" || format === "ldp_vc") {
|
|
2086
|
+
if (this.version() >= import_oid4vci_common15.OpenId4VCIVersion.VER_1_0_12 && !opts.context) {
|
|
2087
|
+
throw Error("No @context value present, but it is required");
|
|
2088
|
+
}
|
|
2089
|
+
return {
|
|
2090
|
+
format,
|
|
2091
|
+
...issuer_state && {
|
|
2092
|
+
issuer_state
|
|
2093
|
+
},
|
|
2094
|
+
...proof && {
|
|
2095
|
+
proof
|
|
2096
|
+
},
|
|
2097
|
+
...opts.subjectIssuance,
|
|
2098
|
+
credential_definition: {
|
|
2099
|
+
type: types,
|
|
2100
|
+
"@context": opts.context
|
|
2101
|
+
}
|
|
2102
|
+
};
|
|
2103
|
+
} else if (format === "vc+sd-jwt") {
|
|
2104
|
+
if (types.length > 1) {
|
|
2105
|
+
throw Error(`Only a single credential type is supported for ${format}`);
|
|
2106
|
+
}
|
|
2107
|
+
return {
|
|
2108
|
+
format,
|
|
2109
|
+
...issuer_state && {
|
|
2110
|
+
issuer_state
|
|
2111
|
+
},
|
|
2112
|
+
...proof && {
|
|
2113
|
+
proof
|
|
2331
2114
|
},
|
|
2115
|
+
vct: types[0],
|
|
2116
|
+
...opts.subjectIssuance
|
|
2117
|
+
};
|
|
2118
|
+
} else if (format === "mso_mdoc") {
|
|
2119
|
+
if (types.length > 1) {
|
|
2120
|
+
throw Error(`Only a single credential type is supported for ${format}`);
|
|
2121
|
+
}
|
|
2122
|
+
return {
|
|
2123
|
+
format,
|
|
2332
2124
|
...issuer_state && {
|
|
2333
2125
|
issuer_state
|
|
2334
2126
|
},
|
|
2335
2127
|
...proof && {
|
|
2336
2128
|
proof
|
|
2337
2129
|
},
|
|
2130
|
+
doctype: types[0],
|
|
2338
2131
|
...opts.subjectIssuance
|
|
2339
2132
|
};
|
|
2340
2133
|
}
|
|
2341
|
-
|
|
2134
|
+
throw new Error(`Unsupported credential format: ${format}`);
|
|
2342
2135
|
}
|
|
2343
2136
|
version() {
|
|
2344
|
-
return this.credentialRequestOpts?.version ??
|
|
2137
|
+
return this.credentialRequestOpts?.version ?? import_oid4vci_common15.OpenId4VCIVersion.VER_1_0_13;
|
|
2345
2138
|
}
|
|
2346
2139
|
};
|
|
2347
2140
|
|
|
2348
2141
|
// lib/CredentialOfferClient.ts
|
|
2349
|
-
var
|
|
2142
|
+
var import_oid4vci_common16 = require("@sphereon/oid4vci-common");
|
|
2350
2143
|
var CredentialOfferClient = class {
|
|
2351
2144
|
static {
|
|
2352
2145
|
__name(this, "CredentialOfferClient");
|
|
@@ -2359,12 +2152,12 @@ var CredentialOfferClient = class {
|
|
|
2359
2152
|
}
|
|
2360
2153
|
const scheme = uri.split("://")[0];
|
|
2361
2154
|
const baseUrl = uri.split("?")[0];
|
|
2362
|
-
const version = (0,
|
|
2155
|
+
const version = (0, import_oid4vci_common16.determineSpecVersionFromURI)(uri);
|
|
2363
2156
|
LOG.log(`Offer URL determined to be of version ${version}`);
|
|
2364
2157
|
let credentialOffer;
|
|
2365
2158
|
let credentialOfferPayload;
|
|
2366
|
-
if (version <
|
|
2367
|
-
credentialOfferPayload = (0,
|
|
2159
|
+
if (version < import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_11) {
|
|
2160
|
+
credentialOfferPayload = (0, import_oid4vci_common16.convertURIToJsonObject)(uri, {
|
|
2368
2161
|
arrayTypeProperties: [
|
|
2369
2162
|
"credential_type"
|
|
2370
2163
|
],
|
|
@@ -2382,7 +2175,7 @@ var CredentialOfferClient = class {
|
|
|
2382
2175
|
if (uri.includes("credential_offer_uri")) {
|
|
2383
2176
|
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2384
2177
|
} else {
|
|
2385
|
-
credentialOffer = (0,
|
|
2178
|
+
credentialOffer = (0, import_oid4vci_common16.convertURIToJsonObject)(uri, {
|
|
2386
2179
|
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2387
2180
|
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2388
2181
|
"credential_offer_uri="
|
|
@@ -2400,13 +2193,13 @@ var CredentialOfferClient = class {
|
|
|
2400
2193
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2401
2194
|
}
|
|
2402
2195
|
}
|
|
2403
|
-
const request = await (0,
|
|
2196
|
+
const request = await (0, import_oid4vci_common16.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2404
2197
|
...opts,
|
|
2405
2198
|
version
|
|
2406
2199
|
});
|
|
2407
2200
|
return {
|
|
2408
2201
|
...constructBaseResponse(request, scheme, baseUrl),
|
|
2409
|
-
userPinRequired: request.credential_offer?.grants?.[
|
|
2202
|
+
userPinRequired: request.credential_offer?.grants?.[import_oid4vci_common16.PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? !!request.credential_offer?.grants?.[import_oid4vci_common16.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false
|
|
2410
2203
|
};
|
|
2411
2204
|
}
|
|
2412
2205
|
static toURI(requestWithBaseUrl, opts) {
|
|
@@ -2415,7 +2208,7 @@ var CredentialOfferClient = class {
|
|
|
2415
2208
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2416
2209
|
let param;
|
|
2417
2210
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2418
|
-
if (version.valueOf() >=
|
|
2211
|
+
if (version.valueOf() >= import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2419
2212
|
if (!baseUrl.includes("?")) {
|
|
2420
2213
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2421
2214
|
} else {
|
|
@@ -2430,14 +2223,14 @@ var CredentialOfferClient = class {
|
|
|
2430
2223
|
}
|
|
2431
2224
|
}
|
|
2432
2225
|
}
|
|
2433
|
-
return (0,
|
|
2226
|
+
return (0, import_oid4vci_common16.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2434
2227
|
baseUrl,
|
|
2435
2228
|
arrayTypeProperties: isUri ? [] : [
|
|
2436
2229
|
"credential_type"
|
|
2437
2230
|
],
|
|
2438
2231
|
uriTypeProperties: isUri ? [
|
|
2439
2232
|
"credential_offer_uri"
|
|
2440
|
-
] : version >=
|
|
2233
|
+
] : version >= import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_13 ? [
|
|
2441
2234
|
"credential_issuer",
|
|
2442
2235
|
"credential_type"
|
|
2443
2236
|
] : [
|
|
@@ -2451,26 +2244,26 @@ var CredentialOfferClient = class {
|
|
|
2451
2244
|
};
|
|
2452
2245
|
|
|
2453
2246
|
// lib/CredentialOfferClientV1_0_11.ts
|
|
2454
|
-
var
|
|
2455
|
-
var
|
|
2456
|
-
var
|
|
2247
|
+
var import_oid4vci_common17 = require("@sphereon/oid4vci-common");
|
|
2248
|
+
var import_ssi_types11 = require("@sphereon/ssi-types");
|
|
2249
|
+
var logger9 = import_ssi_types11.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2457
2250
|
var CredentialOfferClientV1_0_11 = class {
|
|
2458
2251
|
static {
|
|
2459
2252
|
__name(this, "CredentialOfferClientV1_0_11");
|
|
2460
2253
|
}
|
|
2461
2254
|
static async fromURI(uri, opts) {
|
|
2462
|
-
|
|
2255
|
+
logger9.debug(`Credential Offer URI: ${uri}`);
|
|
2463
2256
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2464
|
-
|
|
2257
|
+
logger9.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2465
2258
|
throw Error(`Invalid Credential Offer Request`);
|
|
2466
2259
|
}
|
|
2467
2260
|
const scheme = uri.split("://")[0];
|
|
2468
2261
|
const baseUrl = uri.split("?")[0];
|
|
2469
|
-
const version = (0,
|
|
2262
|
+
const version = (0, import_oid4vci_common17.determineSpecVersionFromURI)(uri);
|
|
2470
2263
|
let credentialOffer;
|
|
2471
2264
|
let credentialOfferPayload;
|
|
2472
|
-
if (version <
|
|
2473
|
-
credentialOfferPayload = (0,
|
|
2265
|
+
if (version < import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11) {
|
|
2266
|
+
credentialOfferPayload = (0, import_oid4vci_common17.convertURIToJsonObject)(uri, {
|
|
2474
2267
|
arrayTypeProperties: [
|
|
2475
2268
|
"credential_type"
|
|
2476
2269
|
],
|
|
@@ -2485,7 +2278,7 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2485
2278
|
credential_offer: credentialOfferPayload
|
|
2486
2279
|
};
|
|
2487
2280
|
} else {
|
|
2488
|
-
credentialOffer = (0,
|
|
2281
|
+
credentialOffer = (0, import_oid4vci_common17.convertURIToJsonObject)(uri, {
|
|
2489
2282
|
arrayTypeProperties: [
|
|
2490
2283
|
"credentials"
|
|
2491
2284
|
],
|
|
@@ -2499,11 +2292,11 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2499
2292
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2500
2293
|
}
|
|
2501
2294
|
}
|
|
2502
|
-
const request = await (0,
|
|
2295
|
+
const request = await (0, import_oid4vci_common17.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2503
2296
|
...opts,
|
|
2504
2297
|
version
|
|
2505
2298
|
});
|
|
2506
|
-
const clientId = (0,
|
|
2299
|
+
const clientId = (0, import_oid4vci_common17.getClientIdFromCredentialOfferPayload)(request.credential_offer);
|
|
2507
2300
|
const grants = request.credential_offer?.grants;
|
|
2508
2301
|
return {
|
|
2509
2302
|
scheme,
|
|
@@ -2515,19 +2308,19 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2515
2308
|
...grants?.authorization_code?.issuer_state && {
|
|
2516
2309
|
issuerState: grants.authorization_code.issuer_state
|
|
2517
2310
|
},
|
|
2518
|
-
...grants?.[
|
|
2519
|
-
preAuthorizedCode: grants[
|
|
2311
|
+
...grants?.[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL]?.[import_oid4vci_common17.PRE_AUTH_CODE_LITERAL] && {
|
|
2312
|
+
preAuthorizedCode: grants[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL][import_oid4vci_common17.PRE_AUTH_CODE_LITERAL]
|
|
2520
2313
|
},
|
|
2521
|
-
userPinRequired: !!(request.credential_offer?.grants?.[
|
|
2314
|
+
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? false)
|
|
2522
2315
|
};
|
|
2523
2316
|
}
|
|
2524
2317
|
static toURI(requestWithBaseUrl, opts) {
|
|
2525
|
-
|
|
2318
|
+
logger9.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2526
2319
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2527
2320
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2528
2321
|
let param;
|
|
2529
2322
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2530
|
-
if (version.valueOf() >=
|
|
2323
|
+
if (version.valueOf() >= import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2531
2324
|
if (!baseUrl.includes("?")) {
|
|
2532
2325
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2533
2326
|
} else {
|
|
@@ -2542,14 +2335,14 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2542
2335
|
}
|
|
2543
2336
|
}
|
|
2544
2337
|
}
|
|
2545
|
-
return (0,
|
|
2338
|
+
return (0, import_oid4vci_common17.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2546
2339
|
baseUrl,
|
|
2547
2340
|
arrayTypeProperties: isUri ? [] : [
|
|
2548
2341
|
"credential_type"
|
|
2549
2342
|
],
|
|
2550
2343
|
uriTypeProperties: isUri ? [
|
|
2551
2344
|
"credential_offer_uri"
|
|
2552
|
-
] : version >=
|
|
2345
|
+
] : version >= import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11 ? [
|
|
2553
2346
|
"credential_issuer",
|
|
2554
2347
|
"credential_type"
|
|
2555
2348
|
] : [
|
|
@@ -2563,27 +2356,27 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2563
2356
|
};
|
|
2564
2357
|
|
|
2565
2358
|
// lib/CredentialOfferClientV1_0_13.ts
|
|
2566
|
-
var
|
|
2567
|
-
var
|
|
2568
|
-
var
|
|
2359
|
+
var import_oid4vci_common18 = require("@sphereon/oid4vci-common");
|
|
2360
|
+
var import_ssi_types12 = require("@sphereon/ssi-types");
|
|
2361
|
+
var logger10 = import_ssi_types12.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2569
2362
|
var CredentialOfferClientV1_0_13 = class {
|
|
2570
2363
|
static {
|
|
2571
2364
|
__name(this, "CredentialOfferClientV1_0_13");
|
|
2572
2365
|
}
|
|
2573
2366
|
static async fromURI(uri, opts) {
|
|
2574
|
-
|
|
2367
|
+
logger10.debug(`Credential Offer URI: ${uri}`);
|
|
2575
2368
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2576
|
-
|
|
2369
|
+
logger10.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2577
2370
|
throw Error(`Invalid Credential Offer Request`);
|
|
2578
2371
|
}
|
|
2579
2372
|
const scheme = uri.split("://")[0];
|
|
2580
2373
|
const baseUrl = uri.split("?")[0];
|
|
2581
|
-
const version = (0,
|
|
2374
|
+
const version = (0, import_oid4vci_common18.determineSpecVersionFromURI)(uri);
|
|
2582
2375
|
let credentialOffer;
|
|
2583
2376
|
if (uri.includes("credential_offer_uri")) {
|
|
2584
2377
|
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2585
2378
|
} else {
|
|
2586
|
-
credentialOffer = (0,
|
|
2379
|
+
credentialOffer = (0, import_oid4vci_common18.convertURIToJsonObject)(uri, {
|
|
2587
2380
|
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2588
2381
|
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2589
2382
|
"credential_configuration_ids",
|
|
@@ -2602,22 +2395,22 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2602
2395
|
if (credentialOffer?.credential_offer_uri === void 0 && !credentialOffer?.credential_offer) {
|
|
2603
2396
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2604
2397
|
}
|
|
2605
|
-
const request = await (0,
|
|
2398
|
+
const request = await (0, import_oid4vci_common18.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2606
2399
|
...opts,
|
|
2607
2400
|
version
|
|
2608
2401
|
});
|
|
2609
2402
|
return {
|
|
2610
2403
|
...constructBaseResponse(request, scheme, baseUrl),
|
|
2611
|
-
userPinRequired: !!(request.credential_offer?.grants?.[
|
|
2404
|
+
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common18.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false)
|
|
2612
2405
|
};
|
|
2613
2406
|
}
|
|
2614
2407
|
static toURI(requestWithBaseUrl, opts) {
|
|
2615
|
-
|
|
2408
|
+
logger10.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2616
2409
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2617
2410
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2618
2411
|
let param;
|
|
2619
2412
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2620
|
-
if (version.valueOf() >=
|
|
2413
|
+
if (version.valueOf() >= import_oid4vci_common18.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2621
2414
|
if (!baseUrl.includes("?")) {
|
|
2622
2415
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2623
2416
|
} else {
|
|
@@ -2632,14 +2425,14 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2632
2425
|
}
|
|
2633
2426
|
}
|
|
2634
2427
|
}
|
|
2635
|
-
return (0,
|
|
2428
|
+
return (0, import_oid4vci_common18.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2636
2429
|
baseUrl,
|
|
2637
2430
|
arrayTypeProperties: isUri ? [] : [
|
|
2638
2431
|
"credential_type"
|
|
2639
2432
|
],
|
|
2640
2433
|
uriTypeProperties: isUri ? [
|
|
2641
2434
|
"credential_offer_uri"
|
|
2642
|
-
] : version >=
|
|
2435
|
+
] : version >= import_oid4vci_common18.OpenId4VCIVersion.VER_1_0_13 ? [
|
|
2643
2436
|
"credential_issuer",
|
|
2644
2437
|
"credential_type"
|
|
2645
2438
|
] : [
|
|
@@ -2652,101 +2445,11 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2652
2445
|
}
|
|
2653
2446
|
};
|
|
2654
2447
|
|
|
2655
|
-
// lib/CredentialOfferClientV1_0_15.ts
|
|
2656
|
-
var import_oid4vci_common20 = require("@sphereon/oid4vci-common");
|
|
2657
|
-
var import_ssi_types14 = require("@sphereon/ssi-types");
|
|
2658
|
-
var logger12 = import_ssi_types14.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2659
|
-
var CredentialOfferClientV1_0_15 = class {
|
|
2660
|
-
static {
|
|
2661
|
-
__name(this, "CredentialOfferClientV1_0_15");
|
|
2662
|
-
}
|
|
2663
|
-
static async fromURI(uri, opts) {
|
|
2664
|
-
logger12.debug(`Credential Offer URI: ${uri}`);
|
|
2665
|
-
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2666
|
-
logger12.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2667
|
-
return Promise.reject(Error(`Invalid Credential Offer Request`));
|
|
2668
|
-
}
|
|
2669
|
-
const scheme = uri.split("://")[0];
|
|
2670
|
-
const baseUrl = uri.split("?")[0];
|
|
2671
|
-
const version = (0, import_oid4vci_common20.determineSpecVersionFromURI)(uri);
|
|
2672
|
-
let credentialOffer;
|
|
2673
|
-
if (uri.includes("credential_offer_uri")) {
|
|
2674
|
-
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2675
|
-
} else {
|
|
2676
|
-
credentialOffer = (0, import_oid4vci_common20.convertURIToJsonObject)(uri, {
|
|
2677
|
-
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2678
|
-
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2679
|
-
"credential_configuration_ids",
|
|
2680
|
-
"credential_offer_uri="
|
|
2681
|
-
] : [
|
|
2682
|
-
"credential_configuration_ids",
|
|
2683
|
-
"credential_offer="
|
|
2684
|
-
],
|
|
2685
|
-
requiredProperties: uri.includes("credential_offer_uri=") ? [
|
|
2686
|
-
"credential_offer_uri="
|
|
2687
|
-
] : [
|
|
2688
|
-
"credential_offer="
|
|
2689
|
-
]
|
|
2690
|
-
});
|
|
2691
|
-
}
|
|
2692
|
-
if (credentialOffer?.credential_offer_uri === void 0 && !credentialOffer?.credential_offer) {
|
|
2693
|
-
return Promise.reject(Error("Either a credential_offer or credential_offer_uri should be present in " + uri));
|
|
2694
|
-
}
|
|
2695
|
-
const request = await (0, import_oid4vci_common20.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2696
|
-
...opts,
|
|
2697
|
-
version
|
|
2698
|
-
});
|
|
2699
|
-
return {
|
|
2700
|
-
...constructBaseResponse(request, scheme, baseUrl),
|
|
2701
|
-
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common20.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false)
|
|
2702
|
-
};
|
|
2703
|
-
}
|
|
2704
|
-
static toURI(requestWithBaseUrl, opts) {
|
|
2705
|
-
logger12.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2706
|
-
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2707
|
-
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2708
|
-
let param;
|
|
2709
|
-
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2710
|
-
if (version.valueOf() >= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2711
|
-
if (!baseUrl.includes("?")) {
|
|
2712
|
-
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2713
|
-
} else {
|
|
2714
|
-
const split = baseUrl.split("?");
|
|
2715
|
-
if (split.length > 1 && split[1] !== "") {
|
|
2716
|
-
if (baseUrl.endsWith("&")) {
|
|
2717
|
-
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2718
|
-
} else if (!baseUrl.endsWith("=")) {
|
|
2719
|
-
baseUrl += `&`;
|
|
2720
|
-
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2721
|
-
}
|
|
2722
|
-
}
|
|
2723
|
-
}
|
|
2724
|
-
}
|
|
2725
|
-
return (0, import_oid4vci_common20.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2726
|
-
baseUrl,
|
|
2727
|
-
arrayTypeProperties: isUri ? [] : [
|
|
2728
|
-
"credential_configuration_ids"
|
|
2729
|
-
],
|
|
2730
|
-
uriTypeProperties: isUri ? [
|
|
2731
|
-
"credential_offer_uri"
|
|
2732
|
-
] : version >= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_15 ? [
|
|
2733
|
-
"credential_issuer",
|
|
2734
|
-
"credential_configuration_ids"
|
|
2735
|
-
] : [
|
|
2736
|
-
"issuer",
|
|
2737
|
-
"credential_type"
|
|
2738
|
-
],
|
|
2739
|
-
param,
|
|
2740
|
-
version
|
|
2741
|
-
});
|
|
2742
|
-
}
|
|
2743
|
-
};
|
|
2744
|
-
|
|
2745
2448
|
// lib/CredentialRequestClientV1_0_11.ts
|
|
2746
2449
|
var import_oid4vc_common6 = require("@sphereon/oid4vc-common");
|
|
2747
|
-
var
|
|
2748
|
-
var
|
|
2749
|
-
var
|
|
2450
|
+
var import_oid4vci_common19 = require("@sphereon/oid4vci-common");
|
|
2451
|
+
var import_ssi_types13 = require("@sphereon/ssi-types");
|
|
2452
|
+
var logger11 = import_ssi_types13.Loggers.DEFAULT.get("sphereon:oid4vci:credential");
|
|
2750
2453
|
var CredentialRequestClientV1_0_11 = class {
|
|
2751
2454
|
static {
|
|
2752
2455
|
__name(this, "CredentialRequestClientV1_0_11");
|
|
@@ -2782,24 +2485,20 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2782
2485
|
return await this.acquireCredentialsUsingRequest(request, opts.createDPoPOpts);
|
|
2783
2486
|
}
|
|
2784
2487
|
async acquireCredentialsUsingRequest(uniformRequest, createDPoPOpts) {
|
|
2785
|
-
const
|
|
2786
|
-
if (!uniformRequestV11.format) {
|
|
2787
|
-
return Promise.reject(Error("format is missing from the (legacy v11) credential request"));
|
|
2788
|
-
}
|
|
2789
|
-
const request = (0, import_oid4vci_common21.getCredentialRequestForVersion)(uniformRequest, uniformRequestV11.format, this.version());
|
|
2488
|
+
const request = (0, import_oid4vci_common19.getCredentialRequestForVersion)(uniformRequest, this.version());
|
|
2790
2489
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
2791
|
-
if (!(0,
|
|
2792
|
-
|
|
2793
|
-
throw new Error(
|
|
2490
|
+
if (!(0, import_oid4vci_common19.isValidURL)(credentialEndpoint)) {
|
|
2491
|
+
logger11.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
2492
|
+
throw new Error(import_oid4vci_common19.URL_NOT_VALID);
|
|
2794
2493
|
}
|
|
2795
|
-
|
|
2796
|
-
|
|
2494
|
+
logger11.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
2495
|
+
logger11.debug(`request
|
|
2797
2496
|
: ${JSON.stringify(request, null, 2)}`);
|
|
2798
2497
|
const requestToken = this.credentialRequestOpts.token;
|
|
2799
2498
|
let dPoP = createDPoPOpts ? await (0, import_oid4vc_common6.createDPoP)((0, import_oid4vc_common6.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2800
2499
|
accessToken: requestToken
|
|
2801
2500
|
})) : void 0;
|
|
2802
|
-
let response = await (0,
|
|
2501
|
+
let response = await (0, import_oid4vci_common19.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2803
2502
|
bearerToken: requestToken,
|
|
2804
2503
|
customHeaders: {
|
|
2805
2504
|
...createDPoPOpts && {
|
|
@@ -2814,7 +2513,7 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2814
2513
|
dPoP = await (0, import_oid4vc_common6.createDPoP)((0, import_oid4vc_common6.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2815
2514
|
accessToken: requestToken
|
|
2816
2515
|
}));
|
|
2817
|
-
response = await (0,
|
|
2516
|
+
response = await (0, import_oid4vci_common19.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2818
2517
|
bearerToken: requestToken,
|
|
2819
2518
|
customHeaders: {
|
|
2820
2519
|
...createDPoPOpts && {
|
|
@@ -2825,14 +2524,14 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2825
2524
|
const successDPoPNonce = response.origResponse.headers.get("DPoP-Nonce");
|
|
2826
2525
|
nextDPoPNonce = successDPoPNonce ?? retryWithNonce.dpopNonce;
|
|
2827
2526
|
}
|
|
2828
|
-
this._isDeferred = (0,
|
|
2527
|
+
this._isDeferred = (0, import_oid4vci_common19.isDeferredCredentialResponse)(response);
|
|
2829
2528
|
if (this.isDeferred() && this.credentialRequestOpts.deferredCredentialAwait && response.successBody) {
|
|
2830
2529
|
response = await this.acquireDeferredCredential(response.successBody, {
|
|
2831
2530
|
bearerToken: this.credentialRequestOpts.token
|
|
2832
2531
|
});
|
|
2833
2532
|
}
|
|
2834
2533
|
response.access_token = requestToken;
|
|
2835
|
-
|
|
2534
|
+
logger11.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2836
2535
|
${JSON.stringify(response, null, 2)}`);
|
|
2837
2536
|
return {
|
|
2838
2537
|
...response,
|
|
@@ -2854,7 +2553,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2854
2553
|
} else if (!bearerToken) {
|
|
2855
2554
|
throw Error(`No bearer token present and refresh for defered endpoint not supported yet`);
|
|
2856
2555
|
}
|
|
2857
|
-
return await (0,
|
|
2556
|
+
return await (0, import_oid4vci_common19.acquireDeferredCredential)({
|
|
2858
2557
|
bearerToken,
|
|
2859
2558
|
transactionId,
|
|
2860
2559
|
deferredCredentialEndpoint,
|
|
@@ -2868,7 +2567,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2868
2567
|
if (!formatSelection) {
|
|
2869
2568
|
throw Error(`Format of credential to be issued is missing`);
|
|
2870
2569
|
}
|
|
2871
|
-
const format = (0,
|
|
2570
|
+
const format = (0, import_oid4vci_common19.getUniformFormat)(formatSelection);
|
|
2872
2571
|
const typesSelection = opts?.credentialTypes && (typeof opts.credentialTypes === "string" || opts.credentialTypes.length > 0) ? opts.credentialTypes : this.credentialRequestOpts.credentialTypes;
|
|
2873
2572
|
const types = Array.isArray(typesSelection) ? typesSelection : [
|
|
2874
2573
|
typesSelection
|
|
@@ -2886,7 +2585,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2886
2585
|
proof
|
|
2887
2586
|
};
|
|
2888
2587
|
} else if (format === "jwt_vc_json-ld" || format === "ldp_vc") {
|
|
2889
|
-
if (this.version() >=
|
|
2588
|
+
if (this.version() >= import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_12 && !opts.context) {
|
|
2890
2589
|
throw Error("No @context value present, but it is required");
|
|
2891
2590
|
}
|
|
2892
2591
|
return {
|
|
@@ -2924,18 +2623,18 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2924
2623
|
throw new Error(`Unsupported format: ${format}`);
|
|
2925
2624
|
}
|
|
2926
2625
|
version() {
|
|
2927
|
-
return this.credentialRequestOpts?.version ??
|
|
2626
|
+
return this.credentialRequestOpts?.version ?? import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_11;
|
|
2928
2627
|
}
|
|
2929
2628
|
isV11OrHigher() {
|
|
2930
|
-
return this.version() >=
|
|
2629
|
+
return this.version() >= import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_11;
|
|
2931
2630
|
}
|
|
2932
2631
|
};
|
|
2933
2632
|
|
|
2934
2633
|
// lib/CredentialRequestClientBuilder.ts
|
|
2935
|
-
var
|
|
2634
|
+
var import_oid4vci_common22 = require("@sphereon/oid4vci-common");
|
|
2936
2635
|
|
|
2937
2636
|
// lib/CredentialRequestClientBuilderV1_0_11.ts
|
|
2938
|
-
var
|
|
2637
|
+
var import_oid4vci_common20 = require("@sphereon/oid4vci-common");
|
|
2939
2638
|
var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilderV1_0_11 {
|
|
2940
2639
|
static {
|
|
2941
2640
|
__name(this, "CredentialRequestClientBuilderV1_0_11");
|
|
@@ -2953,7 +2652,7 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
2953
2652
|
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialTypes }) {
|
|
2954
2653
|
const issuer = credentialIssuer;
|
|
2955
2654
|
const builder = new _CredentialRequestClientBuilderV1_0_11();
|
|
2956
|
-
builder.withVersion(version ??
|
|
2655
|
+
builder.withVersion(version ?? import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11);
|
|
2957
2656
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
2958
2657
|
if (metadata?.deferred_credential_endpoint) {
|
|
2959
2658
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
@@ -2972,18 +2671,18 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
2972
2671
|
}
|
|
2973
2672
|
static fromCredentialOfferRequest(opts) {
|
|
2974
2673
|
const { request, metadata } = opts;
|
|
2975
|
-
const version = opts.version ?? request.version ?? (0,
|
|
2674
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common20.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
2976
2675
|
const builder = new _CredentialRequestClientBuilderV1_0_11();
|
|
2977
|
-
const issuer = (0,
|
|
2676
|
+
const issuer = (0, import_oid4vci_common20.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
2978
2677
|
builder.withVersion(version);
|
|
2979
2678
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
2980
2679
|
if (metadata?.deferred_credential_endpoint) {
|
|
2981
2680
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
2982
2681
|
}
|
|
2983
|
-
if (version <=
|
|
2682
|
+
if (version <= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_08) {
|
|
2984
2683
|
builder.withCredentialType(request.original_credential_offer.credential_type);
|
|
2985
|
-
} else if (version <=
|
|
2986
|
-
builder.withCredentialType((0,
|
|
2684
|
+
} else if (version <= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11) {
|
|
2685
|
+
builder.withCredentialType((0, import_oid4vci_common20.getTypesFromOfferV1_0_11)(request.credential_offer));
|
|
2987
2686
|
}
|
|
2988
2687
|
return builder;
|
|
2989
2688
|
}
|
|
@@ -3047,14 +2746,14 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
3047
2746
|
}
|
|
3048
2747
|
build() {
|
|
3049
2748
|
if (!this.version) {
|
|
3050
|
-
this.withVersion(
|
|
2749
|
+
this.withVersion(import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11);
|
|
3051
2750
|
}
|
|
3052
2751
|
return new CredentialRequestClientV1_0_11(this);
|
|
3053
2752
|
}
|
|
3054
2753
|
};
|
|
3055
2754
|
|
|
3056
2755
|
// lib/CredentialRequestClientBuilderV1_0_13.ts
|
|
3057
|
-
var
|
|
2756
|
+
var import_oid4vci_common21 = require("@sphereon/oid4vci-common");
|
|
3058
2757
|
var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilderV1_0_13 {
|
|
3059
2758
|
static {
|
|
3060
2759
|
__name(this, "CredentialRequestClientBuilderV1_0_13");
|
|
@@ -3073,7 +2772,7 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
3073
2772
|
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
3074
2773
|
const issuer = credentialIssuer;
|
|
3075
2774
|
const builder = new _CredentialRequestClientBuilderV1_0_13();
|
|
3076
|
-
builder.withVersion(version ??
|
|
2775
|
+
builder.withVersion(version ?? import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_13);
|
|
3077
2776
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3078
2777
|
if (metadata?.deferred_credential_endpoint) {
|
|
3079
2778
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
@@ -3097,12 +2796,12 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
3097
2796
|
}
|
|
3098
2797
|
static fromCredentialOfferRequest(opts) {
|
|
3099
2798
|
const { request, metadata } = opts;
|
|
3100
|
-
const version = opts.version ?? request.version ?? (0,
|
|
3101
|
-
if (version <
|
|
2799
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common21.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
2800
|
+
if (version < import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_13) {
|
|
3102
2801
|
throw new Error("Versions below v1.0.13 (draft 13) are not supported.");
|
|
3103
2802
|
}
|
|
3104
2803
|
const builder = new _CredentialRequestClientBuilderV1_0_13();
|
|
3105
|
-
const issuer = (0,
|
|
2804
|
+
const issuer = (0, import_oid4vci_common21.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
3106
2805
|
builder.withVersion(version);
|
|
3107
2806
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3108
2807
|
if (metadata?.deferred_credential_endpoint) {
|
|
@@ -3179,894 +2878,168 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
3179
2878
|
}
|
|
3180
2879
|
build() {
|
|
3181
2880
|
if (!this.version) {
|
|
3182
|
-
this.withVersion(
|
|
2881
|
+
this.withVersion(import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_11);
|
|
3183
2882
|
}
|
|
3184
2883
|
return new CredentialRequestClient(this);
|
|
3185
2884
|
}
|
|
3186
2885
|
};
|
|
3187
2886
|
|
|
3188
|
-
// lib/
|
|
3189
|
-
|
|
3190
|
-
|
|
2887
|
+
// lib/CredentialRequestClientBuilder.ts
|
|
2888
|
+
function isV1_0_13(builder) {
|
|
2889
|
+
return builder.withCredentialIdentifier !== void 0;
|
|
2890
|
+
}
|
|
2891
|
+
__name(isV1_0_13, "isV1_0_13");
|
|
2892
|
+
var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
3191
2893
|
static {
|
|
3192
|
-
__name(this, "
|
|
2894
|
+
__name(this, "CredentialRequestClientBuilder");
|
|
3193
2895
|
}
|
|
3194
|
-
|
|
3195
|
-
|
|
3196
|
-
|
|
3197
|
-
|
|
3198
|
-
|
|
3199
|
-
|
|
3200
|
-
|
|
3201
|
-
|
|
3202
|
-
|
|
3203
|
-
|
|
3204
|
-
|
|
3205
|
-
|
|
3206
|
-
|
|
3207
|
-
|
|
3208
|
-
|
|
3209
|
-
|
|
3210
|
-
|
|
3211
|
-
|
|
3212
|
-
|
|
3213
|
-
builder.
|
|
3214
|
-
|
|
3215
|
-
|
|
3216
|
-
|
|
3217
|
-
|
|
3218
|
-
|
|
3219
|
-
builder.withCredentialIdentifier(credentialIdentifier);
|
|
3220
|
-
}
|
|
3221
|
-
if (credentialConfigurationId) {
|
|
3222
|
-
builder.withCredentialConfigurationId(credentialConfigurationId);
|
|
3223
|
-
}
|
|
3224
|
-
if (credentialTypes) {
|
|
3225
|
-
builder.withCredentialType(credentialTypes);
|
|
2896
|
+
_builder;
|
|
2897
|
+
constructor(builder) {
|
|
2898
|
+
this._builder = builder;
|
|
2899
|
+
}
|
|
2900
|
+
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
2901
|
+
const specVersion = version ?? import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13;
|
|
2902
|
+
let builder;
|
|
2903
|
+
if (specVersion >= import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2904
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialIssuer({
|
|
2905
|
+
credentialIssuer,
|
|
2906
|
+
metadata,
|
|
2907
|
+
version,
|
|
2908
|
+
credentialIdentifier,
|
|
2909
|
+
credentialTypes
|
|
2910
|
+
});
|
|
2911
|
+
} else {
|
|
2912
|
+
if (!credentialTypes || credentialTypes.length === 0) {
|
|
2913
|
+
throw new Error("CredentialTypes must be provided for v1_0_11");
|
|
2914
|
+
}
|
|
2915
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialIssuer({
|
|
2916
|
+
credentialIssuer,
|
|
2917
|
+
metadata,
|
|
2918
|
+
version,
|
|
2919
|
+
credentialTypes
|
|
2920
|
+
});
|
|
3226
2921
|
}
|
|
3227
|
-
return builder;
|
|
2922
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3228
2923
|
}
|
|
3229
2924
|
static async fromURI({ uri, metadata }) {
|
|
3230
2925
|
const offer = await CredentialOfferClient.fromURI(uri);
|
|
3231
|
-
return
|
|
2926
|
+
return _CredentialRequestClientBuilder.fromCredentialOfferRequest({
|
|
3232
2927
|
request: offer,
|
|
3233
2928
|
...offer,
|
|
3234
|
-
metadata,
|
|
3235
|
-
version: offer.version
|
|
3236
|
-
});
|
|
3237
|
-
}
|
|
3238
|
-
static fromCredentialOfferRequest(opts) {
|
|
3239
|
-
const { request, metadata } = opts;
|
|
3240
|
-
const version = opts.version ?? request.version ?? (0, import_oid4vci_common24.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
3241
|
-
if (version < import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_15) {
|
|
3242
|
-
throw new Error("Versions below v1.0.15 (draft 15) are not supported.");
|
|
3243
|
-
}
|
|
3244
|
-
const builder = new _CredentialRequestClientBuilderV1_0_15();
|
|
3245
|
-
const issuer = (0, import_oid4vci_common24.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
3246
|
-
builder.withVersion(version);
|
|
3247
|
-
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3248
|
-
if (metadata?.deferred_credential_endpoint) {
|
|
3249
|
-
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
3250
|
-
}
|
|
3251
|
-
if (metadata?.credentialIssuerMetadata?.nonce_endpoint) {
|
|
3252
|
-
builder.withNonceEndpoint(metadata.credentialIssuerMetadata.nonce_endpoint);
|
|
3253
|
-
}
|
|
3254
|
-
const ids = request.credential_offer.credential_configuration_ids;
|
|
3255
|
-
if (ids.length && ids.length === 1) {
|
|
3256
|
-
builder.withCredentialConfigurationId(ids[0]);
|
|
3257
|
-
}
|
|
3258
|
-
return builder;
|
|
3259
|
-
}
|
|
3260
|
-
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
3261
|
-
const builder = _CredentialRequestClientBuilderV1_0_15.fromCredentialOfferRequest({
|
|
3262
|
-
request: credentialOffer,
|
|
3263
|
-
metadata,
|
|
3264
|
-
version: credentialOffer.version
|
|
3265
|
-
});
|
|
3266
|
-
return builder;
|
|
3267
|
-
}
|
|
3268
|
-
withCredentialEndpointFromMetadata(metadata) {
|
|
3269
|
-
this.credentialEndpoint = metadata.credential_endpoint;
|
|
3270
|
-
return this;
|
|
3271
|
-
}
|
|
3272
|
-
withCredentialEndpoint(credentialEndpoint) {
|
|
3273
|
-
this.credentialEndpoint = credentialEndpoint;
|
|
3274
|
-
return this;
|
|
3275
|
-
}
|
|
3276
|
-
withIssuerState(issuerState) {
|
|
3277
|
-
this.issuerState = issuerState;
|
|
3278
|
-
return this;
|
|
3279
|
-
}
|
|
3280
|
-
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
3281
|
-
this.deferredCredentialEndpoint = metadata.deferred_credential_endpoint;
|
|
3282
|
-
return this;
|
|
3283
|
-
}
|
|
3284
|
-
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
3285
|
-
this.deferredCredentialEndpoint = deferredCredentialEndpoint;
|
|
3286
|
-
return this;
|
|
3287
|
-
}
|
|
3288
|
-
// New in v15: Support for nonce endpoint
|
|
3289
|
-
withNonceEndpointFromMetadata(metadata) {
|
|
3290
|
-
this.nonceEndpoint = metadata.nonce_endpoint;
|
|
3291
|
-
return this;
|
|
3292
|
-
}
|
|
3293
|
-
withNonceEndpoint(nonceEndpoint) {
|
|
3294
|
-
this.nonceEndpoint = nonceEndpoint;
|
|
3295
|
-
return this;
|
|
3296
|
-
}
|
|
3297
|
-
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
3298
|
-
this.deferredCredentialAwait = deferredCredentialAwait;
|
|
3299
|
-
this.deferredCredentialIntervalInMS = deferredCredentialIntervalInMS ?? 5e3;
|
|
3300
|
-
return this;
|
|
3301
|
-
}
|
|
3302
|
-
// New in v15: Support for credential_identifier (used when authorization_details with credential_identifiers was used)
|
|
3303
|
-
withCredentialIdentifier(credentialIdentifier) {
|
|
3304
|
-
this.credentialIdentifier = credentialIdentifier;
|
|
3305
|
-
return this;
|
|
3306
|
-
}
|
|
3307
|
-
// New in v15: Support for credential_configuration_id (used when scope was used and no credential_identifiers returned)
|
|
3308
|
-
withCredentialConfigurationId(credentialConfigurationId) {
|
|
3309
|
-
this.credentialConfigurationId = credentialConfigurationId;
|
|
3310
|
-
return this;
|
|
3311
|
-
}
|
|
3312
|
-
// Legacy support for credential types (may be used internally to map to configuration IDs)
|
|
3313
|
-
withCredentialType(credentialTypes) {
|
|
3314
|
-
this.credentialTypes = Array.isArray(credentialTypes) ? credentialTypes : [
|
|
3315
|
-
credentialTypes
|
|
3316
|
-
];
|
|
3317
|
-
return this;
|
|
3318
|
-
}
|
|
3319
|
-
// Note: withFormat() method removed in v15 - format is no longer part of credential requests
|
|
3320
|
-
withSubjectIssuance(subjectIssuance) {
|
|
3321
|
-
this.subjectIssuance = subjectIssuance;
|
|
3322
|
-
return this;
|
|
3323
|
-
}
|
|
3324
|
-
withToken(accessToken) {
|
|
3325
|
-
this.token = accessToken;
|
|
3326
|
-
return this;
|
|
3327
|
-
}
|
|
3328
|
-
withTokenFromResponse(response) {
|
|
3329
|
-
this.token = response.access_token;
|
|
3330
|
-
return this;
|
|
3331
|
-
}
|
|
3332
|
-
withVersion(version) {
|
|
3333
|
-
this.version = version;
|
|
3334
|
-
return this;
|
|
3335
|
-
}
|
|
3336
|
-
build() {
|
|
3337
|
-
if (!this.version) {
|
|
3338
|
-
this.withVersion(import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_15);
|
|
3339
|
-
}
|
|
3340
|
-
return new CredentialRequestClient(this);
|
|
3341
|
-
}
|
|
3342
|
-
};
|
|
3343
|
-
|
|
3344
|
-
// lib/CredentialRequestClientBuilder.ts
|
|
3345
|
-
function isV1_0_13(builder) {
|
|
3346
|
-
return builder.withCredentialIdentifier !== void 0;
|
|
3347
|
-
}
|
|
3348
|
-
__name(isV1_0_13, "isV1_0_13");
|
|
3349
|
-
function isV1_0_15(builder) {
|
|
3350
|
-
return builder.withCredentialIdentifier !== void 0;
|
|
3351
|
-
}
|
|
3352
|
-
__name(isV1_0_15, "isV1_0_15");
|
|
3353
|
-
var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
3354
|
-
static {
|
|
3355
|
-
__name(this, "CredentialRequestClientBuilder");
|
|
3356
|
-
}
|
|
3357
|
-
_builder;
|
|
3358
|
-
constructor(builder) {
|
|
3359
|
-
this._builder = builder;
|
|
3360
|
-
}
|
|
3361
|
-
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
3362
|
-
const specVersion = version ?? import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_15;
|
|
3363
|
-
let builder;
|
|
3364
|
-
const metadataV15 = metadata;
|
|
3365
|
-
if (specVersion >= import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_15) {
|
|
3366
|
-
builder = CredentialRequestClientBuilderV1_0_15.fromCredentialIssuer({
|
|
3367
|
-
credentialIssuer,
|
|
3368
|
-
metadata: metadataV15,
|
|
3369
|
-
version,
|
|
3370
|
-
credentialIdentifier,
|
|
3371
|
-
credentialTypes
|
|
3372
|
-
});
|
|
3373
|
-
} else if (specVersion >= import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3374
|
-
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialIssuer({
|
|
3375
|
-
credentialIssuer,
|
|
3376
|
-
metadata,
|
|
3377
|
-
version,
|
|
3378
|
-
credentialIdentifier,
|
|
3379
|
-
credentialTypes
|
|
3380
|
-
});
|
|
3381
|
-
} else {
|
|
3382
|
-
if (!credentialTypes || credentialTypes.length === 0) {
|
|
3383
|
-
throw new Error("CredentialTypes must be provided for v1_0_11");
|
|
3384
|
-
}
|
|
3385
|
-
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialIssuer({
|
|
3386
|
-
credentialIssuer,
|
|
3387
|
-
metadata,
|
|
3388
|
-
version,
|
|
3389
|
-
credentialTypes
|
|
3390
|
-
});
|
|
3391
|
-
}
|
|
3392
|
-
return new _CredentialRequestClientBuilder(builder);
|
|
3393
|
-
}
|
|
3394
|
-
static async fromURI({ uri, metadata }) {
|
|
3395
|
-
const offer = await CredentialOfferClient.fromURI(uri);
|
|
3396
|
-
return _CredentialRequestClientBuilder.fromCredentialOfferRequest({
|
|
3397
|
-
request: offer,
|
|
3398
|
-
...offer,
|
|
3399
|
-
metadata,
|
|
3400
|
-
version: offer.version
|
|
3401
|
-
});
|
|
3402
|
-
}
|
|
3403
|
-
static fromCredentialOfferRequest(opts) {
|
|
3404
|
-
const { request } = opts;
|
|
3405
|
-
const version = opts.version ?? request.version ?? (0, import_oid4vci_common25.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
3406
|
-
let builder;
|
|
3407
|
-
if (version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3408
|
-
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest(opts);
|
|
3409
|
-
} else {
|
|
3410
|
-
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOfferRequest(opts);
|
|
3411
|
-
}
|
|
3412
|
-
return new _CredentialRequestClientBuilder(builder);
|
|
3413
|
-
}
|
|
3414
|
-
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
3415
|
-
const version = (0, import_oid4vci_common25.determineSpecVersionFromOffer)(credentialOffer.credential_offer);
|
|
3416
|
-
let builder;
|
|
3417
|
-
if (version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3418
|
-
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
3419
|
-
credentialOffer,
|
|
3420
|
-
metadata
|
|
3421
|
-
});
|
|
3422
|
-
} else {
|
|
3423
|
-
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
3424
|
-
credentialOffer,
|
|
3425
|
-
metadata
|
|
3426
|
-
});
|
|
3427
|
-
}
|
|
3428
|
-
return new _CredentialRequestClientBuilder(builder);
|
|
3429
|
-
}
|
|
3430
|
-
getVersion() {
|
|
3431
|
-
return this._builder.version;
|
|
3432
|
-
}
|
|
3433
|
-
withCredentialEndpointFromMetadata(metadata) {
|
|
3434
|
-
if (isV1_0_15(this._builder)) {
|
|
3435
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3436
|
-
} else if (isV1_0_13(this._builder)) {
|
|
3437
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3438
|
-
} else {
|
|
3439
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3440
|
-
}
|
|
3441
|
-
return this;
|
|
3442
|
-
}
|
|
3443
|
-
withCredentialEndpoint(credentialEndpoint) {
|
|
3444
|
-
this._builder.withCredentialEndpoint(credentialEndpoint);
|
|
3445
|
-
return this;
|
|
3446
|
-
}
|
|
3447
|
-
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
3448
|
-
if (isV1_0_15(this._builder)) {
|
|
3449
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3450
|
-
} else if (isV1_0_13(this._builder)) {
|
|
3451
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3452
|
-
} else {
|
|
3453
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3454
|
-
}
|
|
3455
|
-
return this;
|
|
3456
|
-
}
|
|
3457
|
-
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
3458
|
-
this._builder.withDeferredCredentialEndpoint(deferredCredentialEndpoint);
|
|
3459
|
-
return this;
|
|
3460
|
-
}
|
|
3461
|
-
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
3462
|
-
this._builder.withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS);
|
|
3463
|
-
return this;
|
|
3464
|
-
}
|
|
3465
|
-
withCredentialIdentifier(credentialIdentifier) {
|
|
3466
|
-
if (this._builder.version === void 0 || this._builder.version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3467
|
-
throw new Error("Version of spec should be equal or higher than v1_0_13");
|
|
3468
|
-
}
|
|
3469
|
-
;
|
|
3470
|
-
this._builder.withCredentialIdentifier(credentialIdentifier);
|
|
3471
|
-
return this;
|
|
3472
|
-
}
|
|
3473
|
-
withIssuerState(issuerState) {
|
|
3474
|
-
this._builder.withIssuerState(issuerState);
|
|
3475
|
-
return this;
|
|
3476
|
-
}
|
|
3477
|
-
withCredentialType(credentialTypes) {
|
|
3478
|
-
this._builder.withCredentialType(credentialTypes);
|
|
3479
|
-
return this;
|
|
3480
|
-
}
|
|
3481
|
-
withFormat(format) {
|
|
3482
|
-
if ("withFormat" in this._builder) {
|
|
3483
|
-
this._builder.withFormat(format);
|
|
3484
|
-
}
|
|
3485
|
-
return this;
|
|
3486
|
-
}
|
|
3487
|
-
withSubjectIssuance(subjectIssuance) {
|
|
3488
|
-
this._builder.withSubjectIssuance(subjectIssuance);
|
|
3489
|
-
return this;
|
|
3490
|
-
}
|
|
3491
|
-
withToken(accessToken) {
|
|
3492
|
-
this._builder.withToken(accessToken);
|
|
3493
|
-
return this;
|
|
3494
|
-
}
|
|
3495
|
-
withTokenFromResponse(response) {
|
|
3496
|
-
this._builder.withTokenFromResponse(response);
|
|
3497
|
-
return this;
|
|
3498
|
-
}
|
|
3499
|
-
withVersion(version) {
|
|
3500
|
-
this._builder.withVersion(version);
|
|
3501
|
-
return this;
|
|
3502
|
-
}
|
|
3503
|
-
build() {
|
|
3504
|
-
return this._builder.build();
|
|
3505
|
-
}
|
|
3506
|
-
};
|
|
3507
|
-
|
|
3508
|
-
// lib/OpenID4VCIClient.ts
|
|
3509
|
-
var import_oid4vci_common28 = require("@sphereon/oid4vci-common");
|
|
3510
|
-
var import_ssi_types17 = require("@sphereon/ssi-types");
|
|
3511
|
-
|
|
3512
|
-
// lib/OpenID4VCIClientV1_0_15.ts
|
|
3513
|
-
var import_oid4vci_common27 = require("@sphereon/oid4vci-common");
|
|
3514
|
-
var import_ssi_types16 = require("@sphereon/ssi-types");
|
|
3515
|
-
|
|
3516
|
-
// lib/NonceClient.ts
|
|
3517
|
-
var import_oid4vci_common26 = require("@sphereon/oid4vci-common");
|
|
3518
|
-
var sendNonceRequest = /* @__PURE__ */ __name(async (nonceEndpointUrl, opts) => {
|
|
3519
|
-
return await (0, import_oid4vci_common26.formPost)(nonceEndpointUrl, new URLSearchParams(), {
|
|
3520
|
-
customHeaders: opts?.headers ? opts.headers : void 0
|
|
3521
|
-
});
|
|
3522
|
-
}, "sendNonceRequest");
|
|
3523
|
-
var acquireNonceFromAuthorizationServer = /* @__PURE__ */ __name(async (opts) => {
|
|
3524
|
-
const metadata = opts?.metadata ? opts.metadata : opts?.issuerOpts?.fetchMetadata ? await MetadataClient.retrieveAllMetadata(opts.issuerOpts.issuer, {
|
|
3525
|
-
errorOnNotFound: false
|
|
3526
|
-
}) : void 0;
|
|
3527
|
-
const nonceEndpointUrl = metadata?.credentialIssuerMetadata?.nonce_endpoint;
|
|
3528
|
-
if (!nonceEndpointUrl) {
|
|
3529
|
-
return Promise.reject(Error("Cannot determine nonce endpoint URL"));
|
|
3530
|
-
}
|
|
3531
|
-
return await sendNonceRequest(nonceEndpointUrl, {
|
|
3532
|
-
headers: opts?.headers
|
|
3533
|
-
});
|
|
3534
|
-
}, "acquireNonceFromAuthorizationServer");
|
|
3535
|
-
|
|
3536
|
-
// lib/OpenID4VCIClientV1_0_15.ts
|
|
3537
|
-
var logger14 = import_ssi_types16.Loggers.DEFAULT.get("sphereon:oid4vci:v15");
|
|
3538
|
-
var OpenID4VCIClientV1_0_15 = class _OpenID4VCIClientV1_0_15 {
|
|
3539
|
-
static {
|
|
3540
|
-
__name(this, "OpenID4VCIClientV1_0_15");
|
|
3541
|
-
}
|
|
3542
|
-
_state;
|
|
3543
|
-
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL, keyAttestation }) {
|
|
3544
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common27.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
3545
|
-
if (!issuer) {
|
|
3546
|
-
throw Error("No credential issuer supplied or deduced from offer");
|
|
3547
|
-
}
|
|
3548
|
-
this._state = {
|
|
3549
|
-
credentialOffer,
|
|
3550
|
-
credentialIssuer: issuer,
|
|
3551
|
-
kid,
|
|
3552
|
-
alg,
|
|
3553
|
-
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common27.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
3554
|
-
pkce: {
|
|
3555
|
-
disabled: false,
|
|
3556
|
-
codeChallengeMethod: import_oid4vci_common27.CodeChallengeMethod.S256,
|
|
3557
|
-
...pkce
|
|
3558
|
-
},
|
|
3559
|
-
authorizationRequestOpts,
|
|
3560
|
-
authorizationCodeResponse,
|
|
3561
|
-
jwk,
|
|
3562
|
-
endpointMetadata,
|
|
3563
|
-
accessTokenResponse,
|
|
3564
|
-
authorizationURL,
|
|
3565
|
-
keyAttestation
|
|
3566
|
-
};
|
|
3567
|
-
if (!this._state.authorizationRequestOpts) {
|
|
3568
|
-
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
3569
|
-
}
|
|
3570
|
-
logger14.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
3571
|
-
}
|
|
3572
|
-
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, keyAttestation }) {
|
|
3573
|
-
const client = new _OpenID4VCIClientV1_0_15({
|
|
3574
|
-
kid,
|
|
3575
|
-
alg,
|
|
3576
|
-
clientId: clientId ?? authorizationRequest?.clientId,
|
|
3577
|
-
credentialIssuer,
|
|
3578
|
-
pkce,
|
|
3579
|
-
authorizationRequest,
|
|
3580
|
-
keyAttestation
|
|
3581
|
-
});
|
|
3582
|
-
if (retrieveServerMetadata !== false) {
|
|
3583
|
-
await client.retrieveServerMetadata();
|
|
3584
|
-
}
|
|
3585
|
-
if (createAuthorizationRequestURL !== false) {
|
|
3586
|
-
await client.createAuthorizationRequestUrl({
|
|
3587
|
-
authorizationRequest,
|
|
3588
|
-
pkce
|
|
3589
|
-
});
|
|
3590
|
-
}
|
|
3591
|
-
return client;
|
|
3592
|
-
}
|
|
3593
|
-
static async fromState({ state }) {
|
|
3594
|
-
const clientState = typeof state === "string" ? JSON.parse(state) : state;
|
|
3595
|
-
return new _OpenID4VCIClientV1_0_15(clientState);
|
|
3596
|
-
}
|
|
3597
|
-
static async fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, keyAttestation }) {
|
|
3598
|
-
const credentialOfferClient = await CredentialOfferClientV1_0_15.fromURI(uri, {
|
|
3599
|
-
resolve: resolveOfferUri
|
|
3600
|
-
});
|
|
3601
|
-
const client = new _OpenID4VCIClientV1_0_15({
|
|
3602
|
-
credentialOffer: credentialOfferClient,
|
|
3603
|
-
kid,
|
|
3604
|
-
alg,
|
|
3605
|
-
clientId: clientId ?? authorizationRequest?.clientId ?? credentialOfferClient.clientId,
|
|
3606
|
-
pkce,
|
|
3607
|
-
authorizationRequest,
|
|
3608
|
-
keyAttestation
|
|
3609
|
-
});
|
|
3610
|
-
if (retrieveServerMetadata !== false) {
|
|
3611
|
-
await client.retrieveServerMetadata();
|
|
3612
|
-
}
|
|
3613
|
-
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && createAuthorizationRequestURL !== false) {
|
|
3614
|
-
await client.createAuthorizationRequestUrl({
|
|
3615
|
-
authorizationRequest,
|
|
3616
|
-
pkce
|
|
3617
|
-
});
|
|
3618
|
-
logger14.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
3619
|
-
}
|
|
3620
|
-
return client;
|
|
3621
|
-
}
|
|
3622
|
-
async createAuthorizationRequestUrl(opts) {
|
|
3623
|
-
if (!this._state.authorizationURL) {
|
|
3624
|
-
this.calculatePKCEOpts(opts?.pkce);
|
|
3625
|
-
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(opts?.authorizationRequest);
|
|
3626
|
-
if (!this._state.authorizationRequestOpts) {
|
|
3627
|
-
throw Error(`No Authorization Request options present or provided in this call`);
|
|
3628
|
-
}
|
|
3629
|
-
if (this._state.endpointMetadata?.credentialIssuerMetadata && "authorization_endpoint" in this._state.endpointMetadata.credentialIssuerMetadata) {
|
|
3630
|
-
this._state.endpointMetadata.authorization_endpoint = this._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint;
|
|
3631
|
-
}
|
|
3632
|
-
this._state.authorizationURL = await createAuthorizationRequestUrl({
|
|
3633
|
-
pkce: this._state.pkce,
|
|
3634
|
-
endpointMetadata: this.endpointMetadata,
|
|
3635
|
-
authorizationRequest: this._state.authorizationRequestOpts,
|
|
3636
|
-
credentialOffer: this.credentialOffer,
|
|
3637
|
-
credentialConfigurationSupported: this.getCredentialsSupported(false)
|
|
3638
|
-
});
|
|
3639
|
-
}
|
|
3640
|
-
return this._state.authorizationURL;
|
|
3641
|
-
}
|
|
3642
|
-
async retrieveServerMetadata() {
|
|
3643
|
-
this.assertIssuerData();
|
|
3644
|
-
if (!this._state.endpointMetadata) {
|
|
3645
|
-
if (this.credentialOffer) {
|
|
3646
|
-
this._state.endpointMetadata = await MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOffer(this.credentialOffer);
|
|
3647
|
-
} else if (this._state.credentialIssuer) {
|
|
3648
|
-
this._state.endpointMetadata = await MetadataClientV1_0_15.retrieveAllMetadata(this._state.credentialIssuer);
|
|
3649
|
-
} else {
|
|
3650
|
-
throw Error(`Cannot retrieve issuer metadata without either a credential offer, or issuer value`);
|
|
3651
|
-
}
|
|
3652
|
-
}
|
|
3653
|
-
return this.endpointMetadata;
|
|
3654
|
-
}
|
|
3655
|
-
async acquireNonce() {
|
|
3656
|
-
const response = await acquireNonceFromAuthorizationServer({
|
|
3657
|
-
metadata: this.endpointMetadata,
|
|
3658
|
-
issuerOpts: {
|
|
3659
|
-
issuer: this.getIssuer(),
|
|
3660
|
-
fetchMetadata: false
|
|
3661
|
-
}
|
|
3662
|
-
});
|
|
3663
|
-
if (response.errorBody) {
|
|
3664
|
-
logger14.debug(`Nonce request error:\r
|
|
3665
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3666
|
-
return Promise.reject(Error(`Retrieving a nonce from ${this._state.endpointMetadata?.credentialIssuerMetadata?.nonce_endpoint} for issuer ${this.getIssuer()} failed with error: ${response.errorBody.error}${response.errorBody.error_description ? ` - ${response.errorBody.error_description}` : ""}`));
|
|
3667
|
-
} else if (!response.successBody) {
|
|
3668
|
-
logger14.debug(`Nonce request error. No success body`);
|
|
3669
|
-
return Promise.reject(Error(`Retrieving a nonce from ${this._state.endpointMetadata?.credentialIssuerMetadata?.nonce_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3670
|
-
}
|
|
3671
|
-
this._state.cachedCNonce = response.successBody.c_nonce;
|
|
3672
|
-
return response.successBody.c_nonce;
|
|
3673
|
-
}
|
|
3674
|
-
calculatePKCEOpts(pkce) {
|
|
3675
|
-
this._state.pkce = generateMissingPKCEOpts({
|
|
3676
|
-
...this._state.pkce,
|
|
3677
|
-
...pkce
|
|
3678
|
-
});
|
|
3679
|
-
}
|
|
3680
|
-
async acquireAuthorizationChallengeCode(opts) {
|
|
3681
|
-
const response = await acquireAuthorizationChallengeAuthCode({
|
|
3682
|
-
metadata: this.endpointMetadata,
|
|
3683
|
-
credentialIssuer: this.getIssuer(),
|
|
3684
|
-
clientId: this._state.clientId ?? this._state.authorizationRequestOpts?.clientId,
|
|
3685
|
-
...opts
|
|
3686
|
-
});
|
|
3687
|
-
if (response.errorBody) {
|
|
3688
|
-
logger14.debug(`Authorization code error:\r
|
|
3689
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3690
|
-
const error = response.errorBody;
|
|
3691
|
-
return Promise.reject(error);
|
|
3692
|
-
} else if (!response.successBody) {
|
|
3693
|
-
logger14.debug(`Authorization code error. No success body`);
|
|
3694
|
-
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3695
|
-
}
|
|
3696
|
-
return {
|
|
3697
|
-
...response.successBody
|
|
3698
|
-
};
|
|
3699
|
-
}
|
|
3700
|
-
async acquireAccessToken(opts) {
|
|
3701
|
-
const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
|
|
3702
|
-
let { redirectUri } = opts ?? {};
|
|
3703
|
-
const code = this.getAuthorizationCode(opts?.authorizationResponse, opts?.code);
|
|
3704
|
-
if (opts?.codeVerifier) {
|
|
3705
|
-
this._state.pkce.codeVerifier = opts.codeVerifier;
|
|
3706
|
-
}
|
|
3707
|
-
this.assertIssuerData();
|
|
3708
|
-
const asOpts = {
|
|
3709
|
-
...opts?.asOpts
|
|
3710
|
-
};
|
|
3711
|
-
const kid = asOpts.clientOpts?.kid ?? this._state.kid ?? this._state.authorizationRequestOpts?.requestObjectOpts?.kid;
|
|
3712
|
-
const clientAssertionType = asOpts.clientOpts?.clientAssertionType ?? (kid && clientId && typeof asOpts.clientOpts?.signCallbacks?.signCallback === "function" ? "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" : void 0);
|
|
3713
|
-
if (this.isEBSI() || clientId && kid) {
|
|
3714
|
-
if (!clientId) {
|
|
3715
|
-
throw Error(`Client id expected for EBSI`);
|
|
3716
|
-
}
|
|
3717
|
-
asOpts.clientOpts = {
|
|
3718
|
-
...asOpts.clientOpts,
|
|
3719
|
-
clientId,
|
|
3720
|
-
...kid && {
|
|
3721
|
-
kid
|
|
3722
|
-
},
|
|
3723
|
-
...clientAssertionType && {
|
|
3724
|
-
clientAssertionType
|
|
3725
|
-
},
|
|
3726
|
-
signCallbacks: asOpts.clientOpts?.signCallbacks ?? this._state.authorizationRequestOpts?.requestObjectOpts?.signCallbacks
|
|
3727
|
-
};
|
|
3728
|
-
}
|
|
3729
|
-
if (clientId) {
|
|
3730
|
-
this._state.clientId = clientId;
|
|
3731
|
-
if (!asOpts.clientOpts) {
|
|
3732
|
-
asOpts.clientOpts = {
|
|
3733
|
-
clientId
|
|
3734
|
-
};
|
|
3735
|
-
}
|
|
3736
|
-
asOpts.clientOpts.clientId = clientId;
|
|
3737
|
-
}
|
|
3738
|
-
if (!this._state.accessTokenResponse) {
|
|
3739
|
-
const accessTokenClient = new AccessTokenClient();
|
|
3740
|
-
if (redirectUri && redirectUri !== this._state.authorizationRequestOpts?.redirectUri) {
|
|
3741
|
-
console.log(`Redirect URI mismatch between access-token (${redirectUri}) and authorization request (${this._state.authorizationRequestOpts?.redirectUri}). According to the specification that is not allowed.`);
|
|
3742
|
-
}
|
|
3743
|
-
if (this._state.authorizationRequestOpts?.redirectUri && !redirectUri) {
|
|
3744
|
-
redirectUri = this._state.authorizationRequestOpts.redirectUri;
|
|
3745
|
-
}
|
|
3746
|
-
const response = await accessTokenClient.acquireAccessToken({
|
|
3747
|
-
credentialOffer: this.credentialOffer,
|
|
3748
|
-
metadata: this.endpointMetadata,
|
|
3749
|
-
credentialIssuer: this.getIssuer(),
|
|
3750
|
-
pin,
|
|
3751
|
-
...!this._state.pkce.disabled && {
|
|
3752
|
-
codeVerifier: this._state.pkce.codeVerifier
|
|
3753
|
-
},
|
|
3754
|
-
code,
|
|
3755
|
-
redirectUri,
|
|
3756
|
-
asOpts,
|
|
3757
|
-
...opts?.createDPoPOpts && {
|
|
3758
|
-
createDPoPOpts: opts.createDPoPOpts
|
|
3759
|
-
},
|
|
3760
|
-
...opts?.additionalRequestParams && {
|
|
3761
|
-
additionalParams: opts.additionalRequestParams
|
|
3762
|
-
}
|
|
3763
|
-
});
|
|
3764
|
-
if (response.errorBody) {
|
|
3765
|
-
logger14.debug(`Access token error:\r
|
|
3766
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3767
|
-
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3768
|
-
} else if (!response.successBody) {
|
|
3769
|
-
logger14.debug(`Access token error. No success body`);
|
|
3770
|
-
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3771
|
-
}
|
|
3772
|
-
this._state.accessTokenResponse = response.successBody;
|
|
3773
|
-
this._state.dpopResponseParams = response.params;
|
|
3774
|
-
this._state.accessToken = response.successBody.access_token;
|
|
3775
|
-
}
|
|
3776
|
-
return {
|
|
3777
|
-
...this.accessTokenResponse,
|
|
3778
|
-
...this.dpopResponseParams && {
|
|
3779
|
-
params: this.dpopResponseParams
|
|
3780
|
-
}
|
|
3781
|
-
};
|
|
3782
|
-
}
|
|
3783
|
-
async acquireCredentials({ credentialIdentifier, credentialConfigurationId, credentialTypes, context, proofCallbacks, format, kid, jwk, alg, jti, deferredCredentialAwait, deferredCredentialIntervalInMS, createDPoPOpts }) {
|
|
3784
|
-
if ([
|
|
3785
|
-
jwk,
|
|
3786
|
-
kid
|
|
3787
|
-
].filter((v) => v !== void 0).length > 1) {
|
|
3788
|
-
throw new Error(import_oid4vci_common27.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
3789
|
-
}
|
|
3790
|
-
if (alg) this._state.alg = alg;
|
|
3791
|
-
if (jwk) this._state.jwk = jwk;
|
|
3792
|
-
if (kid) this._state.kid = kid;
|
|
3793
|
-
const requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_15.fromCredentialOffer({
|
|
3794
|
-
credentialOffer: this.credentialOffer,
|
|
3795
|
-
metadata: this.endpointMetadata
|
|
3796
|
-
}) : CredentialRequestClientBuilderV1_0_15.fromCredentialIssuer({
|
|
3797
|
-
credentialIssuer: this.getIssuer(),
|
|
3798
|
-
credentialTypes,
|
|
3799
|
-
credentialIdentifier,
|
|
3800
|
-
credentialConfigurationId,
|
|
3801
|
-
metadata: this.endpointMetadata,
|
|
3802
|
-
version: this.version()
|
|
3803
|
-
});
|
|
3804
|
-
if (credentialIdentifier) {
|
|
3805
|
-
requestBuilder.withCredentialIdentifier(credentialIdentifier);
|
|
3806
|
-
} else if (credentialConfigurationId) {
|
|
3807
|
-
requestBuilder.withCredentialConfigurationId(credentialConfigurationId);
|
|
3808
|
-
}
|
|
3809
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this._state.cachedCNonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
3810
|
-
requestBuilder.withIssuerState(issuerState);
|
|
3811
|
-
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
3812
|
-
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
3813
|
-
let subjectIssuance;
|
|
3814
|
-
if (this.endpointMetadata?.credentialIssuerMetadata) {
|
|
3815
|
-
const metadata = this.endpointMetadata.credentialIssuerMetadata;
|
|
3816
|
-
if (metadata.credential_configurations_supported) {
|
|
3817
|
-
const configId = credentialConfigurationId ?? credentialIdentifier;
|
|
3818
|
-
if (configId && metadata.credential_configurations_supported[configId]) {
|
|
3819
|
-
const config = metadata.credential_configurations_supported[configId];
|
|
3820
|
-
if (config.credential_subject_issuance) {
|
|
3821
|
-
const subjIssuance = config.credential_subject_issuance;
|
|
3822
|
-
if (subjIssuance.subject_proof_mode && subjIssuance.notification_events_supported) {
|
|
3823
|
-
subjectIssuance = {
|
|
3824
|
-
credential_subject_issuance: {
|
|
3825
|
-
subject_proof_mode: subjIssuance.subject_proof_mode,
|
|
3826
|
-
notification_events_supported: subjIssuance.notification_events_supported
|
|
3827
|
-
}
|
|
3828
|
-
};
|
|
3829
|
-
}
|
|
3830
|
-
}
|
|
3831
|
-
}
|
|
3832
|
-
}
|
|
3833
|
-
}
|
|
3834
|
-
if (subjectIssuance) {
|
|
3835
|
-
requestBuilder.withSubjectIssuance(subjectIssuance);
|
|
3836
|
-
}
|
|
3837
|
-
const credentialRequestClient = requestBuilder.build();
|
|
3838
|
-
if (!this._state.cachedCNonce) {
|
|
3839
|
-
await this.acquireNonce();
|
|
3840
|
-
}
|
|
3841
|
-
const proofBuilder = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
3842
|
-
accessTokenResponse: {
|
|
3843
|
-
...this.accessTokenResponse,
|
|
3844
|
-
c_nonce: this._state.cachedCNonce
|
|
3845
|
-
},
|
|
3846
|
-
callbacks: proofCallbacks,
|
|
3847
|
-
version: this.version()
|
|
3848
|
-
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
3849
|
-
if (this._state.jwk) {
|
|
3850
|
-
proofBuilder.withJWK(this._state.jwk);
|
|
3851
|
-
}
|
|
3852
|
-
if (this._state.kid) {
|
|
3853
|
-
proofBuilder.withKid(this._state.kid);
|
|
3854
|
-
}
|
|
3855
|
-
if (this.clientId) {
|
|
3856
|
-
proofBuilder.withClientId(this.clientId);
|
|
3857
|
-
}
|
|
3858
|
-
if (jti) {
|
|
3859
|
-
proofBuilder.withJti(jti);
|
|
3860
|
-
}
|
|
3861
|
-
if (this._state.cachedCNonce) {
|
|
3862
|
-
proofBuilder.withAccessTokenNonce(this._state.cachedCNonce);
|
|
3863
|
-
}
|
|
3864
|
-
const response = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
3865
|
-
proofInput: proofBuilder,
|
|
3866
|
-
credentialIdentifier,
|
|
3867
|
-
credentialTypes,
|
|
3868
|
-
context,
|
|
3869
|
-
format,
|
|
3870
|
-
subjectIssuance,
|
|
3871
|
-
createDPoPOpts
|
|
3872
|
-
});
|
|
3873
|
-
this._state.dpopResponseParams = response.params;
|
|
3874
|
-
if (response.errorBody) {
|
|
3875
|
-
logger14.debug(`Credential request error:\r
|
|
3876
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3877
|
-
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3878
|
-
} else if (!response.successBody) {
|
|
3879
|
-
logger14.debug(`Credential request error. No success body`);
|
|
3880
|
-
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3881
|
-
}
|
|
3882
|
-
return {
|
|
3883
|
-
...response.successBody,
|
|
3884
|
-
...this.dpopResponseParams && {
|
|
3885
|
-
params: this.dpopResponseParams
|
|
3886
|
-
},
|
|
3887
|
-
access_token: response.access_token
|
|
3888
|
-
};
|
|
3889
|
-
}
|
|
3890
|
-
async exportState() {
|
|
3891
|
-
return JSON.stringify(this._state);
|
|
3892
|
-
}
|
|
3893
|
-
getCredentialsSupported(restrictToInitiationTypes, format) {
|
|
3894
|
-
return (0, import_oid4vci_common27.getSupportedCredentials)({
|
|
3895
|
-
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
3896
|
-
version: this.version(),
|
|
3897
|
-
format,
|
|
3898
|
-
types: restrictToInitiationTypes ? [
|
|
3899
|
-
this.getCredentialOfferConfigurationIds()
|
|
3900
|
-
] : void 0
|
|
3901
|
-
});
|
|
3902
|
-
}
|
|
3903
|
-
async sendNotification(credentialRequestOpts, request, accessToken) {
|
|
3904
|
-
return sendNotification(credentialRequestOpts, request, accessToken ?? this._state.accessToken ?? this._state.accessTokenResponse?.access_token);
|
|
3905
|
-
}
|
|
3906
|
-
getCredentialOfferConfigurationIds() {
|
|
3907
|
-
if (!this.credentialOffer) {
|
|
3908
|
-
return [];
|
|
3909
|
-
}
|
|
3910
|
-
return this.credentialOffer.credential_offer?.credential_configuration_ids ?? [];
|
|
3911
|
-
}
|
|
3912
|
-
issuerSupportedFlowTypes() {
|
|
3913
|
-
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ?? this._state.endpointMetadata?.authorization_server ? [
|
|
3914
|
-
import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
3915
|
-
] : []);
|
|
3916
|
-
}
|
|
3917
|
-
isFlowTypeSupported(flowType) {
|
|
3918
|
-
return this.issuerSupportedFlowTypes().includes(flowType);
|
|
3919
|
-
}
|
|
3920
|
-
get authorizationURL() {
|
|
3921
|
-
return this._state.authorizationURL;
|
|
3922
|
-
}
|
|
3923
|
-
hasAuthorizationURL() {
|
|
3924
|
-
return !!this.authorizationURL;
|
|
3925
|
-
}
|
|
3926
|
-
get credentialOffer() {
|
|
3927
|
-
return this._state.credentialOffer;
|
|
3928
|
-
}
|
|
3929
|
-
version() {
|
|
3930
|
-
return import_oid4vci_common27.OpenId4VCIVersion.VER_1_0_15;
|
|
3931
|
-
}
|
|
3932
|
-
get endpointMetadata() {
|
|
3933
|
-
this.assertServerMetadata();
|
|
3934
|
-
return this._state.endpointMetadata;
|
|
3935
|
-
}
|
|
3936
|
-
get kid() {
|
|
3937
|
-
this.assertIssuerData();
|
|
3938
|
-
if (!this._state.kid) {
|
|
3939
|
-
throw new Error("No value for kid is supplied");
|
|
3940
|
-
}
|
|
3941
|
-
return this._state.kid;
|
|
3942
|
-
}
|
|
3943
|
-
get alg() {
|
|
3944
|
-
this.assertIssuerData();
|
|
3945
|
-
if (!this._state.alg) {
|
|
3946
|
-
throw new Error("No value for alg is supplied");
|
|
3947
|
-
}
|
|
3948
|
-
return this._state.alg;
|
|
3949
|
-
}
|
|
3950
|
-
set clientId(value) {
|
|
3951
|
-
this._state.clientId = value;
|
|
3952
|
-
}
|
|
3953
|
-
get clientId() {
|
|
3954
|
-
return this._state.clientId;
|
|
3955
|
-
}
|
|
3956
|
-
hasAccessTokenResponse() {
|
|
3957
|
-
return !!this._state.accessTokenResponse;
|
|
2929
|
+
metadata,
|
|
2930
|
+
version: offer.version
|
|
2931
|
+
});
|
|
3958
2932
|
}
|
|
3959
|
-
|
|
3960
|
-
|
|
3961
|
-
|
|
2933
|
+
static fromCredentialOfferRequest(opts) {
|
|
2934
|
+
const { request } = opts;
|
|
2935
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common22.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
2936
|
+
let builder;
|
|
2937
|
+
if (version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2938
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest(opts);
|
|
2939
|
+
} else {
|
|
2940
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOfferRequest(opts);
|
|
2941
|
+
}
|
|
2942
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3962
2943
|
}
|
|
3963
|
-
|
|
3964
|
-
|
|
2944
|
+
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
2945
|
+
const version = (0, import_oid4vci_common22.determineSpecVersionFromOffer)(credentialOffer.credential_offer);
|
|
2946
|
+
let builder;
|
|
2947
|
+
if (version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2948
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
2949
|
+
credentialOffer,
|
|
2950
|
+
metadata
|
|
2951
|
+
});
|
|
2952
|
+
} else {
|
|
2953
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
2954
|
+
credentialOffer,
|
|
2955
|
+
metadata
|
|
2956
|
+
});
|
|
2957
|
+
}
|
|
2958
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3965
2959
|
}
|
|
3966
|
-
|
|
3967
|
-
return this.
|
|
2960
|
+
getVersion() {
|
|
2961
|
+
return this._builder.version;
|
|
3968
2962
|
}
|
|
3969
|
-
|
|
3970
|
-
this.
|
|
3971
|
-
|
|
2963
|
+
withCredentialEndpointFromMetadata(metadata) {
|
|
2964
|
+
if (isV1_0_13(this._builder)) {
|
|
2965
|
+
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
2966
|
+
} else {
|
|
2967
|
+
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
2968
|
+
}
|
|
2969
|
+
return this;
|
|
3972
2970
|
}
|
|
3973
|
-
|
|
3974
|
-
this.
|
|
3975
|
-
return this
|
|
3976
|
-
issuerOpts: {
|
|
3977
|
-
issuer: this.getIssuer()
|
|
3978
|
-
}
|
|
3979
|
-
});
|
|
2971
|
+
withCredentialEndpoint(credentialEndpoint) {
|
|
2972
|
+
this._builder.withCredentialEndpoint(credentialEndpoint);
|
|
2973
|
+
return this;
|
|
3980
2974
|
}
|
|
3981
|
-
|
|
3982
|
-
this.
|
|
3983
|
-
|
|
2975
|
+
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
2976
|
+
if (isV1_0_13(this._builder)) {
|
|
2977
|
+
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
2978
|
+
} else {
|
|
2979
|
+
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
2980
|
+
}
|
|
2981
|
+
return this;
|
|
3984
2982
|
}
|
|
3985
|
-
|
|
3986
|
-
|
|
2983
|
+
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
2984
|
+
this._builder.withDeferredCredentialEndpoint(deferredCredentialEndpoint);
|
|
2985
|
+
return this;
|
|
3987
2986
|
}
|
|
3988
|
-
|
|
3989
|
-
|
|
2987
|
+
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
2988
|
+
this._builder.withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS);
|
|
2989
|
+
return this;
|
|
3990
2990
|
}
|
|
3991
|
-
|
|
3992
|
-
this.
|
|
3993
|
-
|
|
2991
|
+
withCredentialIdentifier(credentialIdentifier) {
|
|
2992
|
+
if (this._builder.version === void 0 || this._builder.version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2993
|
+
throw new Error("Version of spec should be equal or higher than v1_0_13");
|
|
2994
|
+
}
|
|
2995
|
+
;
|
|
2996
|
+
this._builder.withCredentialIdentifier(credentialIdentifier);
|
|
2997
|
+
return this;
|
|
3994
2998
|
}
|
|
3995
|
-
|
|
3996
|
-
|
|
2999
|
+
withIssuerState(issuerState) {
|
|
3000
|
+
this._builder.withIssuerState(issuerState);
|
|
3001
|
+
return this;
|
|
3997
3002
|
}
|
|
3998
|
-
|
|
3999
|
-
|
|
3003
|
+
withCredentialType(credentialTypes) {
|
|
3004
|
+
this._builder.withCredentialType(credentialTypes);
|
|
3005
|
+
return this;
|
|
4000
3006
|
}
|
|
4001
|
-
|
|
4002
|
-
this.
|
|
4003
|
-
return this
|
|
3007
|
+
withFormat(format) {
|
|
3008
|
+
this._builder.withFormat(format);
|
|
3009
|
+
return this;
|
|
4004
3010
|
}
|
|
4005
|
-
|
|
4006
|
-
|
|
3011
|
+
withSubjectIssuance(subjectIssuance) {
|
|
3012
|
+
this._builder.withSubjectIssuance(subjectIssuance);
|
|
3013
|
+
return this;
|
|
4007
3014
|
}
|
|
4008
|
-
|
|
4009
|
-
|
|
4010
|
-
|
|
4011
|
-
} else if (!this._state.credentialOffer && this._state.endpointMetadata && this.issuerSupportedFlowTypes().length === 0) {
|
|
4012
|
-
throw Error(`No issuance initiation or credential offer present`);
|
|
4013
|
-
}
|
|
3015
|
+
withToken(accessToken) {
|
|
3016
|
+
this._builder.withToken(accessToken);
|
|
3017
|
+
return this;
|
|
4014
3018
|
}
|
|
4015
|
-
|
|
4016
|
-
|
|
4017
|
-
|
|
4018
|
-
}
|
|
3019
|
+
withTokenFromResponse(response) {
|
|
3020
|
+
this._builder.withTokenFromResponse(response);
|
|
3021
|
+
return this;
|
|
4019
3022
|
}
|
|
4020
|
-
|
|
4021
|
-
|
|
4022
|
-
|
|
4023
|
-
}
|
|
3023
|
+
withVersion(version) {
|
|
3024
|
+
this._builder.withVersion(version);
|
|
3025
|
+
return this;
|
|
4024
3026
|
}
|
|
4025
|
-
|
|
4026
|
-
|
|
4027
|
-
...this._state?.authorizationRequestOpts?.requestObjectOpts,
|
|
4028
|
-
...opts?.requestObjectOpts
|
|
4029
|
-
};
|
|
4030
|
-
let authorizationRequestOpts = {
|
|
4031
|
-
...this._state?.authorizationRequestOpts,
|
|
4032
|
-
...opts,
|
|
4033
|
-
...requestObjectOpts && {
|
|
4034
|
-
requestObjectOpts
|
|
4035
|
-
}
|
|
4036
|
-
};
|
|
4037
|
-
if (!authorizationRequestOpts) {
|
|
4038
|
-
authorizationRequestOpts = {
|
|
4039
|
-
redirectUri: `${import_oid4vci_common27.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
4040
|
-
};
|
|
4041
|
-
}
|
|
4042
|
-
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
4043
|
-
this._state.clientId = clientId;
|
|
4044
|
-
authorizationRequestOpts.clientId = clientId;
|
|
4045
|
-
return authorizationRequestOpts;
|
|
3027
|
+
build() {
|
|
3028
|
+
return this._builder.build();
|
|
4046
3029
|
}
|
|
4047
|
-
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
4048
|
-
if (authorizationResponse) {
|
|
4049
|
-
this._state.authorizationCodeResponse = {
|
|
4050
|
-
...(0, import_oid4vci_common27.toAuthorizationResponsePayload)(authorizationResponse)
|
|
4051
|
-
};
|
|
4052
|
-
} else if (code) {
|
|
4053
|
-
this._state.authorizationCodeResponse = {
|
|
4054
|
-
code
|
|
4055
|
-
};
|
|
4056
|
-
}
|
|
4057
|
-
return this._state.authorizationCodeResponse?.code ?? this._state.authorizationCodeResponse?.authorization_code;
|
|
4058
|
-
}, "getAuthorizationCode");
|
|
4059
3030
|
};
|
|
4060
3031
|
|
|
4061
3032
|
// lib/OpenID4VCIClient.ts
|
|
4062
|
-
var
|
|
3033
|
+
var import_oid4vci_common23 = require("@sphereon/oid4vci-common");
|
|
3034
|
+
var import_ssi_types14 = require("@sphereon/ssi-types");
|
|
3035
|
+
var logger12 = import_ssi_types14.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
4063
3036
|
var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
4064
3037
|
static {
|
|
4065
3038
|
__name(this, "OpenID4VCIClient");
|
|
4066
3039
|
}
|
|
4067
3040
|
_state;
|
|
4068
3041
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, accessToken, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
4069
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
3042
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common23.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
4070
3043
|
if (!issuer) {
|
|
4071
3044
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
4072
3045
|
}
|
|
@@ -4076,10 +3049,10 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4076
3049
|
kid,
|
|
4077
3050
|
alg,
|
|
4078
3051
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
4079
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
3052
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common23.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
4080
3053
|
pkce: {
|
|
4081
3054
|
disabled: false,
|
|
4082
|
-
codeChallengeMethod:
|
|
3055
|
+
codeChallengeMethod: import_oid4vci_common23.CodeChallengeMethod.S256,
|
|
4083
3056
|
...pkce
|
|
4084
3057
|
},
|
|
4085
3058
|
authorizationRequestOpts,
|
|
@@ -4093,7 +3066,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4093
3066
|
if (!this._state.authorizationRequestOpts) {
|
|
4094
3067
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
4095
3068
|
}
|
|
4096
|
-
|
|
3069
|
+
logger12.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
4097
3070
|
}
|
|
4098
3071
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, endpointMetadata }) {
|
|
4099
3072
|
const client = new _OpenID4VCIClient({
|
|
@@ -4136,12 +3109,12 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4136
3109
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
4137
3110
|
await client.retrieveServerMetadata();
|
|
4138
3111
|
}
|
|
4139
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
3112
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common23.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
4140
3113
|
await client.createAuthorizationRequestUrl({
|
|
4141
3114
|
authorizationRequest,
|
|
4142
3115
|
pkce
|
|
4143
3116
|
});
|
|
4144
|
-
|
|
3117
|
+
logger12.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
4145
3118
|
}
|
|
4146
3119
|
return client;
|
|
4147
3120
|
}
|
|
@@ -4161,7 +3134,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4161
3134
|
if (this._state.endpointMetadata?.credentialIssuerMetadata && "authorization_endpoint" in this._state.endpointMetadata.credentialIssuerMetadata) {
|
|
4162
3135
|
this._state.endpointMetadata.authorization_endpoint = this._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint;
|
|
4163
3136
|
}
|
|
4164
|
-
if (this.version() <=
|
|
3137
|
+
if (this.version() <= import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_11) {
|
|
4165
3138
|
this._state.authorizationURL = await createAuthorizationRequestUrlV1_0_11({
|
|
4166
3139
|
pkce: this._state.pkce,
|
|
4167
3140
|
endpointMetadata: this.endpointMetadata,
|
|
@@ -4208,12 +3181,12 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4208
3181
|
...opts
|
|
4209
3182
|
});
|
|
4210
3183
|
if (response.errorBody) {
|
|
4211
|
-
|
|
3184
|
+
logger12.debug(`Authorization code error:\r
|
|
4212
3185
|
${JSON.stringify(response.errorBody)}`);
|
|
4213
3186
|
const error = response.errorBody;
|
|
4214
3187
|
return Promise.reject(error);
|
|
4215
3188
|
} else if (!response.successBody) {
|
|
4216
|
-
|
|
3189
|
+
logger12.debug(`Authorization code error. No success body`);
|
|
4217
3190
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
4218
3191
|
}
|
|
4219
3192
|
return {
|
|
@@ -4259,7 +3232,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4259
3232
|
asOpts.clientOpts.clientId = clientId;
|
|
4260
3233
|
}
|
|
4261
3234
|
if (!this._state.accessTokenResponse) {
|
|
4262
|
-
const accessTokenClient = this.version() <=
|
|
3235
|
+
const accessTokenClient = this.version() <= import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_12 ? new AccessTokenClientV1_0_11() : new AccessTokenClient();
|
|
4263
3236
|
if (redirectUri && redirectUri !== this._state.authorizationRequestOpts?.redirectUri) {
|
|
4264
3237
|
console.log(`Redirect URI mismatch between access-token (${redirectUri}) and authorization request (${this._state.authorizationRequestOpts?.redirectUri}). According to the specification that is not allowed.`);
|
|
4265
3238
|
}
|
|
@@ -4285,11 +3258,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4285
3258
|
}
|
|
4286
3259
|
});
|
|
4287
3260
|
if (response.errorBody) {
|
|
4288
|
-
|
|
3261
|
+
logger12.debug(`Access token error:\r
|
|
4289
3262
|
${JSON.stringify(response.errorBody)}`);
|
|
4290
3263
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4291
3264
|
} else if (!response.successBody) {
|
|
4292
|
-
|
|
3265
|
+
logger12.debug(`Access token error. No success body`);
|
|
4293
3266
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4294
3267
|
}
|
|
4295
3268
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -4308,24 +3281,13 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4308
3281
|
jwk,
|
|
4309
3282
|
kid
|
|
4310
3283
|
].filter((v) => v !== void 0).length > 1) {
|
|
4311
|
-
throw new Error(
|
|
3284
|
+
throw new Error(import_oid4vci_common23.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
4312
3285
|
}
|
|
4313
3286
|
if (alg) this._state.alg = alg;
|
|
4314
3287
|
if (jwk) this._state.jwk = jwk;
|
|
4315
3288
|
if (kid) this._state.kid = kid;
|
|
4316
|
-
try {
|
|
4317
|
-
if (this.version() === import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15 && this.hasNonceEndpoint()) {
|
|
4318
|
-
if (!this._state.cachedCNonce) {
|
|
4319
|
-
await this.acquireNonceViaV15Delegate();
|
|
4320
|
-
}
|
|
4321
|
-
}
|
|
4322
|
-
} catch (e) {
|
|
4323
|
-
if (this.version() === import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15 && this.hasNonceEndpoint()) {
|
|
4324
|
-
return Promise.reject(Error(`failed to acquire nonce: ${String(e)}`));
|
|
4325
|
-
}
|
|
4326
|
-
}
|
|
4327
3289
|
let requestBuilder;
|
|
4328
|
-
if (this.version() <
|
|
3290
|
+
if (this.version() < import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13) {
|
|
4329
3291
|
requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
4330
3292
|
credentialOffer: this.credentialOffer,
|
|
4331
3293
|
metadata: this.endpointMetadata
|
|
@@ -4336,17 +3298,17 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4336
3298
|
version: this.version()
|
|
4337
3299
|
});
|
|
4338
3300
|
} else {
|
|
4339
|
-
requestBuilder = this.credentialOffer ?
|
|
3301
|
+
requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
4340
3302
|
credentialOffer: this.credentialOffer,
|
|
4341
3303
|
metadata: this.endpointMetadata
|
|
4342
|
-
}) :
|
|
3304
|
+
}) : CredentialRequestClientBuilderV1_0_13.fromCredentialIssuer({
|
|
4343
3305
|
credentialIssuer: this.getIssuer(),
|
|
4344
3306
|
credentialTypes,
|
|
4345
3307
|
metadata: this.endpointMetadata,
|
|
4346
3308
|
version: this.version()
|
|
4347
3309
|
});
|
|
4348
3310
|
}
|
|
4349
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(
|
|
3311
|
+
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common23.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this.accessTokenResponse?.c_nonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
4350
3312
|
requestBuilder.withIssuerState(issuerState);
|
|
4351
3313
|
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
4352
3314
|
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
@@ -4359,7 +3321,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4359
3321
|
if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
4360
3322
|
let typeSupported = false;
|
|
4361
3323
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
4362
|
-
const subTypes = (0,
|
|
3324
|
+
const subTypes = (0, import_oid4vci_common23.getTypesFromCredentialSupported)(supportedCredential);
|
|
4363
3325
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
4364
3326
|
typeSupported = true;
|
|
4365
3327
|
if (supportedCredential.credential_subject_issuance) {
|
|
@@ -4383,109 +3345,53 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4383
3345
|
requestBuilder.withSubjectIssuance(subjectIssuance);
|
|
4384
3346
|
}
|
|
4385
3347
|
const credentialRequestClient = requestBuilder.build();
|
|
4386
|
-
|
|
4387
|
-
|
|
4388
|
-
|
|
4389
|
-
|
|
4390
|
-
|
|
4391
|
-
|
|
4392
|
-
|
|
4393
|
-
|
|
4394
|
-
|
|
4395
|
-
|
|
4396
|
-
|
|
4397
|
-
|
|
4398
|
-
|
|
4399
|
-
|
|
4400
|
-
|
|
4401
|
-
|
|
4402
|
-
|
|
4403
|
-
|
|
4404
|
-
|
|
4405
|
-
|
|
4406
|
-
|
|
4407
|
-
|
|
4408
|
-
|
|
4409
|
-
|
|
4410
|
-
|
|
4411
|
-
|
|
4412
|
-
|
|
4413
|
-
|
|
4414
|
-
});
|
|
4415
|
-
this._state.dpopResponseParams = response.params;
|
|
4416
|
-
if (response.errorBody) {
|
|
4417
|
-
logger15.debug(`Credential request error:\r
|
|
3348
|
+
const proofBuilder = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
3349
|
+
accessTokenResponse: this.accessTokenResponse,
|
|
3350
|
+
callbacks: proofCallbacks,
|
|
3351
|
+
version: this.version()
|
|
3352
|
+
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
3353
|
+
if (this._state.jwk) {
|
|
3354
|
+
proofBuilder.withJWK(this._state.jwk);
|
|
3355
|
+
}
|
|
3356
|
+
if (this._state.kid) {
|
|
3357
|
+
proofBuilder.withKid(this._state.kid);
|
|
3358
|
+
}
|
|
3359
|
+
if (this.clientId) {
|
|
3360
|
+
proofBuilder.withClientId(this.clientId);
|
|
3361
|
+
}
|
|
3362
|
+
if (jti) {
|
|
3363
|
+
proofBuilder.withJti(jti);
|
|
3364
|
+
}
|
|
3365
|
+
const response = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
3366
|
+
proofInput: proofBuilder,
|
|
3367
|
+
credentialTypes,
|
|
3368
|
+
context,
|
|
3369
|
+
format,
|
|
3370
|
+
subjectIssuance,
|
|
3371
|
+
createDPoPOpts
|
|
3372
|
+
});
|
|
3373
|
+
this._state.dpopResponseParams = response.params;
|
|
3374
|
+
if (response.errorBody) {
|
|
3375
|
+
logger12.debug(`Credential request error:\r
|
|
4418
3376
|
${JSON.stringify(response.errorBody)}`);
|
|
4419
|
-
|
|
4420
|
-
|
|
4421
|
-
|
|
4422
|
-
|
|
4423
|
-
}
|
|
4424
|
-
return {
|
|
4425
|
-
...response.successBody,
|
|
4426
|
-
...this.dpopResponseParams && {
|
|
4427
|
-
params: this.dpopResponseParams
|
|
4428
|
-
},
|
|
4429
|
-
access_token: response.access_token
|
|
4430
|
-
};
|
|
4431
|
-
} catch (e) {
|
|
4432
|
-
if (!this.shouldRetryWithFreshNonce(e)) {
|
|
4433
|
-
return Promise.reject(e instanceof Error ? e : Error(String(e)));
|
|
4434
|
-
}
|
|
4435
|
-
this._state.cachedCNonce = void 0;
|
|
4436
|
-
try {
|
|
4437
|
-
await this.acquireNonceViaV15Delegate();
|
|
4438
|
-
} catch (e2) {
|
|
4439
|
-
return Promise.reject(Error(`retry nonce fetch failed: ${String(e2)}`));
|
|
4440
|
-
}
|
|
4441
|
-
const proofBuilder2 = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
4442
|
-
accessTokenResponse: this.accessTokenResponse,
|
|
4443
|
-
callbacks: proofCallbacks,
|
|
4444
|
-
version: this.version()
|
|
4445
|
-
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
4446
|
-
if (this._state.jwk) {
|
|
4447
|
-
proofBuilder2.withJWK(this._state.jwk);
|
|
4448
|
-
}
|
|
4449
|
-
if (this._state.kid) {
|
|
4450
|
-
proofBuilder2.withKid(this._state.kid);
|
|
4451
|
-
}
|
|
4452
|
-
if (this.clientId) {
|
|
4453
|
-
proofBuilder2.withClientId(this.clientId);
|
|
4454
|
-
}
|
|
4455
|
-
if (jti) {
|
|
4456
|
-
proofBuilder2.withJti(jti);
|
|
4457
|
-
}
|
|
4458
|
-
const response2 = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
4459
|
-
proofInput: proofBuilder2,
|
|
4460
|
-
credentialTypes,
|
|
4461
|
-
context,
|
|
4462
|
-
format,
|
|
4463
|
-
subjectIssuance,
|
|
4464
|
-
createDPoPOpts
|
|
4465
|
-
});
|
|
4466
|
-
this._state.dpopResponseParams = response2.params;
|
|
4467
|
-
if (response2.errorBody) {
|
|
4468
|
-
logger15.debug(`Credential request error (after retry):\r
|
|
4469
|
-
${JSON.stringify(response2.errorBody)}`);
|
|
4470
|
-
return Promise.reject(Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed after retry with status: ${response2.origResponse.status}`));
|
|
4471
|
-
} else if (!response2.successBody) {
|
|
4472
|
-
logger15.debug(`Credential request error after retry. No success body`);
|
|
4473
|
-
return Promise.reject(Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed after retry as there was no success response body`));
|
|
4474
|
-
}
|
|
4475
|
-
return {
|
|
4476
|
-
...response2.successBody,
|
|
4477
|
-
...this.dpopResponseParams && {
|
|
4478
|
-
params: this.dpopResponseParams
|
|
4479
|
-
},
|
|
4480
|
-
access_token: response2.access_token
|
|
4481
|
-
};
|
|
3377
|
+
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3378
|
+
} else if (!response.successBody) {
|
|
3379
|
+
logger12.debug(`Credential request error. No success body`);
|
|
3380
|
+
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4482
3381
|
}
|
|
3382
|
+
return {
|
|
3383
|
+
...response.successBody,
|
|
3384
|
+
...this.dpopResponseParams && {
|
|
3385
|
+
params: this.dpopResponseParams
|
|
3386
|
+
},
|
|
3387
|
+
access_token: response.access_token
|
|
3388
|
+
};
|
|
4483
3389
|
}
|
|
4484
3390
|
async exportState() {
|
|
4485
3391
|
return JSON.stringify(this._state);
|
|
4486
3392
|
}
|
|
4487
3393
|
getCredentialsSupported(restrictToInitiationTypes, format) {
|
|
4488
|
-
return (0,
|
|
3394
|
+
return (0, import_oid4vci_common23.getSupportedCredentials)({
|
|
4489
3395
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
4490
3396
|
version: this.version(),
|
|
4491
3397
|
format,
|
|
@@ -4498,7 +3404,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4498
3404
|
getCredentialOfferTypes() {
|
|
4499
3405
|
if (!this.credentialOffer) {
|
|
4500
3406
|
return [];
|
|
4501
|
-
} else if (this.version() <
|
|
3407
|
+
} else if (this.version() < import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_11) {
|
|
4502
3408
|
const orig = this.credentialOffer.original_credential_offer;
|
|
4503
3409
|
const types = typeof orig.credential_type === "string" ? [
|
|
4504
3410
|
orig.credential_type
|
|
@@ -4506,14 +3412,14 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4506
3412
|
const result = [];
|
|
4507
3413
|
result[0] = types;
|
|
4508
3414
|
return result;
|
|
4509
|
-
} else if (this.version() <
|
|
4510
|
-
return this.credentialOffer.credential_offer.credentials.map((c) => (0,
|
|
3415
|
+
} else if (this.version() < import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13) {
|
|
3416
|
+
return this.credentialOffer.credential_offer.credentials.map((c) => (0, import_oid4vci_common23.getTypesFromObject)(c) ?? []);
|
|
4511
3417
|
}
|
|
4512
3418
|
return void 0;
|
|
4513
3419
|
}
|
|
4514
3420
|
issuerSupportedFlowTypes() {
|
|
4515
3421
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ?? this._state.endpointMetadata?.authorization_server ? [
|
|
4516
|
-
|
|
3422
|
+
import_oid4vci_common23.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
4517
3423
|
] : []);
|
|
4518
3424
|
}
|
|
4519
3425
|
isFlowTypeSupported(flowType) {
|
|
@@ -4529,17 +3435,17 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4529
3435
|
return this._state.credentialOffer;
|
|
4530
3436
|
}
|
|
4531
3437
|
version() {
|
|
4532
|
-
if (this.credentialOffer?.version && this.credentialOffer.version !==
|
|
3438
|
+
if (this.credentialOffer?.version && this.credentialOffer.version !== import_oid4vci_common23.OpenId4VCIVersion.VER_UNKNOWN) {
|
|
4533
3439
|
return this.credentialOffer.version;
|
|
4534
3440
|
}
|
|
4535
3441
|
const metadata = this._state.endpointMetadata;
|
|
4536
3442
|
if (metadata?.credentialIssuerMetadata) {
|
|
4537
|
-
const versions = (0,
|
|
4538
|
-
if (versions.length > 0 && !versions.includes(
|
|
3443
|
+
const versions = (0, import_oid4vci_common23.determineVersionsFromIssuerMetadata)(metadata.credentialIssuerMetadata);
|
|
3444
|
+
if (versions.length > 0 && !versions.includes(import_oid4vci_common23.OpenId4VCIVersion.VER_UNKNOWN)) {
|
|
4539
3445
|
return versions[0];
|
|
4540
3446
|
}
|
|
4541
3447
|
}
|
|
4542
|
-
return
|
|
3448
|
+
return import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13;
|
|
4543
3449
|
}
|
|
4544
3450
|
get endpointMetadata() {
|
|
4545
3451
|
this.assertServerMetadata();
|
|
@@ -4584,7 +3490,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4584
3490
|
if (this.endpointMetadata) {
|
|
4585
3491
|
return this.endpointMetadata.token_endpoint;
|
|
4586
3492
|
}
|
|
4587
|
-
return this.version() <=
|
|
3493
|
+
return this.version() <= import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_12 ? AccessTokenClientV1_0_11.determineTokenURL({
|
|
4588
3494
|
issuerOpts: {
|
|
4589
3495
|
issuer: this.getIssuer()
|
|
4590
3496
|
}
|
|
@@ -4656,7 +3562,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4656
3562
|
};
|
|
4657
3563
|
if (!authorizationRequestOpts) {
|
|
4658
3564
|
authorizationRequestOpts = {
|
|
4659
|
-
redirectUri: `${
|
|
3565
|
+
redirectUri: `${import_oid4vci_common23.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
4660
3566
|
};
|
|
4661
3567
|
}
|
|
4662
3568
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -4667,7 +3573,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4667
3573
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
4668
3574
|
if (authorizationResponse) {
|
|
4669
3575
|
this._state.authorizationCodeResponse = {
|
|
4670
|
-
...(0,
|
|
3576
|
+
...(0, import_oid4vci_common23.toAuthorizationResponsePayload)(authorizationResponse)
|
|
4671
3577
|
};
|
|
4672
3578
|
} else if (code) {
|
|
4673
3579
|
this._state.authorizationCodeResponse = {
|
|
@@ -4676,65 +3582,19 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4676
3582
|
}
|
|
4677
3583
|
return this._state.authorizationCodeResponse?.code ?? this._state.authorizationCodeResponse?.authorization_code;
|
|
4678
3584
|
}, "getAuthorizationCode");
|
|
4679
|
-
hasNonceEndpoint() {
|
|
4680
|
-
const endpoint = this._state.endpointMetadata?.credentialIssuerMetadata?.nonce_endpoint;
|
|
4681
|
-
return typeof endpoint === "string" && endpoint.length > 0;
|
|
4682
|
-
}
|
|
4683
|
-
async acquireNonceViaV15Delegate() {
|
|
4684
|
-
const state = this._state;
|
|
4685
|
-
let v15Client;
|
|
4686
|
-
try {
|
|
4687
|
-
v15Client = await OpenID4VCIClientV1_0_15.fromState({
|
|
4688
|
-
state
|
|
4689
|
-
});
|
|
4690
|
-
} catch (e) {
|
|
4691
|
-
return Promise.reject(Error(`failed to init v15 delegate for nonce: ${String(e)}`));
|
|
4692
|
-
}
|
|
4693
|
-
try {
|
|
4694
|
-
await v15Client.acquireNonce();
|
|
4695
|
-
} catch (e) {
|
|
4696
|
-
return Promise.reject(Error(`nonce request failed: ${String(e)}`));
|
|
4697
|
-
}
|
|
4698
|
-
state.cachedCNonce = v15Client.state.cachedCNonce;
|
|
4699
|
-
}
|
|
4700
|
-
shouldRetryWithFreshNonce(err) {
|
|
4701
|
-
if (!this.hasNonceEndpoint() && this.version() !== import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15) {
|
|
4702
|
-
return false;
|
|
4703
|
-
}
|
|
4704
|
-
const status = err?.response?.status ?? err?.status;
|
|
4705
|
-
const body = err?.response?.data ?? err?.data ?? void 0;
|
|
4706
|
-
const error = typeof body?.error === "string" ? body.error : void 0;
|
|
4707
|
-
const desc = typeof body?.error_description === "string" ? body.error_description : void 0;
|
|
4708
|
-
const text = [
|
|
4709
|
-
error,
|
|
4710
|
-
desc
|
|
4711
|
-
].filter(Boolean).join(" ").toLowerCase();
|
|
4712
|
-
if (status === 400 || status === 401 || status === 403) {
|
|
4713
|
-
if (text.includes("nonce") || text.includes("c_nonce")) {
|
|
4714
|
-
return true;
|
|
4715
|
-
}
|
|
4716
|
-
if (text.includes("proof") && (text.includes("invalid") || text.includes("expired"))) {
|
|
4717
|
-
return true;
|
|
4718
|
-
}
|
|
4719
|
-
if (error === "invalid_proof" || error === "invalid_request") {
|
|
4720
|
-
return true;
|
|
4721
|
-
}
|
|
4722
|
-
}
|
|
4723
|
-
return false;
|
|
4724
|
-
}
|
|
4725
3585
|
};
|
|
4726
3586
|
|
|
4727
3587
|
// lib/OpenID4VCIClientV1_0_13.ts
|
|
4728
|
-
var
|
|
4729
|
-
var
|
|
4730
|
-
var
|
|
3588
|
+
var import_oid4vci_common24 = require("@sphereon/oid4vci-common");
|
|
3589
|
+
var import_ssi_types15 = require("@sphereon/ssi-types");
|
|
3590
|
+
var logger13 = import_ssi_types15.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
4731
3591
|
var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
4732
3592
|
static {
|
|
4733
3593
|
__name(this, "OpenID4VCIClientV1_0_13");
|
|
4734
3594
|
}
|
|
4735
3595
|
_state;
|
|
4736
3596
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, accessToken, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
4737
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
3597
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common24.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
4738
3598
|
if (!issuer) {
|
|
4739
3599
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
4740
3600
|
}
|
|
@@ -4744,10 +3604,10 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4744
3604
|
kid,
|
|
4745
3605
|
alg,
|
|
4746
3606
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
4747
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
3607
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common24.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
4748
3608
|
pkce: {
|
|
4749
3609
|
disabled: false,
|
|
4750
|
-
codeChallengeMethod:
|
|
3610
|
+
codeChallengeMethod: import_oid4vci_common24.CodeChallengeMethod.S256,
|
|
4751
3611
|
...pkce
|
|
4752
3612
|
},
|
|
4753
3613
|
authorizationRequestOpts,
|
|
@@ -4761,7 +3621,7 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4761
3621
|
if (!this._state.authorizationRequestOpts) {
|
|
4762
3622
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
4763
3623
|
}
|
|
4764
|
-
|
|
3624
|
+
logger13.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
4765
3625
|
}
|
|
4766
3626
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
4767
3627
|
const client = new _OpenID4VCIClientV1_0_13({
|
|
@@ -4802,12 +3662,12 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4802
3662
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
4803
3663
|
await client.retrieveServerMetadata();
|
|
4804
3664
|
}
|
|
4805
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
3665
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common24.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
4806
3666
|
await client.createAuthorizationRequestUrl({
|
|
4807
3667
|
authorizationRequest,
|
|
4808
3668
|
pkce
|
|
4809
3669
|
});
|
|
4810
|
-
|
|
3670
|
+
logger13.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
4811
3671
|
}
|
|
4812
3672
|
return client;
|
|
4813
3673
|
}
|
|
@@ -4865,12 +3725,12 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4865
3725
|
...opts
|
|
4866
3726
|
});
|
|
4867
3727
|
if (response.errorBody) {
|
|
4868
|
-
|
|
3728
|
+
logger13.debug(`Authorization code error:\r
|
|
4869
3729
|
${JSON.stringify(response.errorBody)}`);
|
|
4870
3730
|
const error = response.errorBody;
|
|
4871
3731
|
return Promise.reject(error);
|
|
4872
3732
|
} else if (!response.successBody) {
|
|
4873
|
-
|
|
3733
|
+
logger13.debug(`Authorization code error. No success body`);
|
|
4874
3734
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
4875
3735
|
}
|
|
4876
3736
|
return {
|
|
@@ -4942,11 +3802,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4942
3802
|
}
|
|
4943
3803
|
});
|
|
4944
3804
|
if (response.errorBody) {
|
|
4945
|
-
|
|
3805
|
+
logger13.debug(`Access token error:\r
|
|
4946
3806
|
${JSON.stringify(response.errorBody)}`);
|
|
4947
3807
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4948
3808
|
} else if (!response.successBody) {
|
|
4949
|
-
|
|
3809
|
+
logger13.debug(`Access token error. No success body`);
|
|
4950
3810
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4951
3811
|
}
|
|
4952
3812
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -4971,7 +3831,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4971
3831
|
jwk,
|
|
4972
3832
|
kid
|
|
4973
3833
|
].filter((v) => v !== void 0).length > 1) {
|
|
4974
|
-
throw new Error(
|
|
3834
|
+
throw new Error(import_oid4vci_common24.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
4975
3835
|
}
|
|
4976
3836
|
if (alg) this._state.alg = alg;
|
|
4977
3837
|
if (jwk) this._state.jwk = jwk;
|
|
@@ -4985,7 +3845,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4985
3845
|
metadata: this.endpointMetadata,
|
|
4986
3846
|
version: this.version()
|
|
4987
3847
|
});
|
|
4988
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(
|
|
3848
|
+
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common24.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this.accessTokenResponse?.c_nonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
4989
3849
|
requestBuilder.withIssuerState(issuerState);
|
|
4990
3850
|
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
4991
3851
|
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
@@ -5008,7 +3868,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5008
3868
|
} else if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
5009
3869
|
let typeSupported = false;
|
|
5010
3870
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
5011
|
-
const subTypes = (0,
|
|
3871
|
+
const subTypes = (0, import_oid4vci_common24.getTypesFromCredentialSupported)(supportedCredential);
|
|
5012
3872
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
5013
3873
|
typeSupported = true;
|
|
5014
3874
|
if (supportedCredential.credential_subject_issuance) {
|
|
@@ -5024,7 +3884,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5024
3884
|
} else if (metadata.credential_configurations_supported && typeof metadata.credential_configurations_supported === "object") {
|
|
5025
3885
|
let typeSupported = false;
|
|
5026
3886
|
Object.values(metadata.credential_configurations_supported).forEach((supportedCredential) => {
|
|
5027
|
-
const subTypes = (0,
|
|
3887
|
+
const subTypes = (0, import_oid4vci_common24.getTypesFromCredentialSupported)(supportedCredential);
|
|
5028
3888
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
5029
3889
|
typeSupported = true;
|
|
5030
3890
|
}
|
|
@@ -5074,17 +3934,14 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5074
3934
|
credentialIdentifier,
|
|
5075
3935
|
subjectIssuance
|
|
5076
3936
|
});
|
|
5077
|
-
|
|
5078
|
-
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
5079
|
-
}
|
|
5080
|
-
const response = await credentialRequestClient.acquireCredentialsUsingRequest(request, format, createDPoPOpts);
|
|
3937
|
+
const response = await credentialRequestClient.acquireCredentialsUsingRequest(request, createDPoPOpts);
|
|
5081
3938
|
this._state.dpopResponseParams = response.params;
|
|
5082
3939
|
if (response.errorBody) {
|
|
5083
|
-
|
|
3940
|
+
logger13.debug(`Credential request error:\r
|
|
5084
3941
|
${JSON.stringify(response.errorBody)}`);
|
|
5085
3942
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
5086
3943
|
} else if (!response.successBody) {
|
|
5087
|
-
|
|
3944
|
+
logger13.debug(`Credential request error. No success body`);
|
|
5088
3945
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
5089
3946
|
}
|
|
5090
3947
|
return {
|
|
@@ -5099,7 +3956,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5099
3956
|
return JSON.stringify(this._state);
|
|
5100
3957
|
}
|
|
5101
3958
|
getCredentialsSupported(format) {
|
|
5102
|
-
return (0,
|
|
3959
|
+
return (0, import_oid4vci_common24.getSupportedCredentials)({
|
|
5103
3960
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
5104
3961
|
version: this.version(),
|
|
5105
3962
|
format,
|
|
@@ -5134,7 +3991,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5134
3991
|
}*/
|
|
5135
3992
|
issuerSupportedFlowTypes() {
|
|
5136
3993
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ? [
|
|
5137
|
-
|
|
3994
|
+
import_oid4vci_common24.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
5138
3995
|
] : []);
|
|
5139
3996
|
}
|
|
5140
3997
|
isFlowTypeSupported(flowType) {
|
|
@@ -5150,7 +4007,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5150
4007
|
return this._state.credentialOffer;
|
|
5151
4008
|
}
|
|
5152
4009
|
version() {
|
|
5153
|
-
return this.credentialOffer?.version ??
|
|
4010
|
+
return this.credentialOffer?.version ?? import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_13;
|
|
5154
4011
|
}
|
|
5155
4012
|
get endpointMetadata() {
|
|
5156
4013
|
this.assertServerMetadata();
|
|
@@ -5253,7 +4110,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5253
4110
|
};
|
|
5254
4111
|
if (!authorizationRequestOpts) {
|
|
5255
4112
|
authorizationRequestOpts = {
|
|
5256
|
-
redirectUri: `${
|
|
4113
|
+
redirectUri: `${import_oid4vci_common24.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
5257
4114
|
};
|
|
5258
4115
|
}
|
|
5259
4116
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -5264,7 +4121,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5264
4121
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
5265
4122
|
if (authorizationResponse) {
|
|
5266
4123
|
this._state.authorizationCodeResponse = {
|
|
5267
|
-
...(0,
|
|
4124
|
+
...(0, import_oid4vci_common24.toAuthorizationResponsePayload)(authorizationResponse)
|
|
5268
4125
|
};
|
|
5269
4126
|
} else if (code) {
|
|
5270
4127
|
this._state.authorizationCodeResponse = {
|
|
@@ -5276,16 +4133,16 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5276
4133
|
};
|
|
5277
4134
|
|
|
5278
4135
|
// lib/OpenID4VCIClientV1_0_11.ts
|
|
5279
|
-
var
|
|
5280
|
-
var
|
|
5281
|
-
var
|
|
4136
|
+
var import_oid4vci_common25 = require("@sphereon/oid4vci-common");
|
|
4137
|
+
var import_ssi_types16 = require("@sphereon/ssi-types");
|
|
4138
|
+
var logger14 = import_ssi_types16.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
5282
4139
|
var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
5283
4140
|
static {
|
|
5284
4141
|
__name(this, "OpenID4VCIClientV1_0_11");
|
|
5285
4142
|
}
|
|
5286
4143
|
_state;
|
|
5287
4144
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
5288
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
4145
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common25.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
5289
4146
|
if (!issuer) {
|
|
5290
4147
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
5291
4148
|
}
|
|
@@ -5295,10 +4152,10 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5295
4152
|
kid,
|
|
5296
4153
|
alg,
|
|
5297
4154
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
5298
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
4155
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common25.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
5299
4156
|
pkce: {
|
|
5300
4157
|
disabled: false,
|
|
5301
|
-
codeChallengeMethod:
|
|
4158
|
+
codeChallengeMethod: import_oid4vci_common25.CodeChallengeMethod.S256,
|
|
5302
4159
|
...pkce
|
|
5303
4160
|
},
|
|
5304
4161
|
authorizationRequestOpts,
|
|
@@ -5311,7 +4168,7 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5311
4168
|
if (!this._state.authorizationRequestOpts) {
|
|
5312
4169
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
5313
4170
|
}
|
|
5314
|
-
|
|
4171
|
+
logger14.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
5315
4172
|
}
|
|
5316
4173
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
5317
4174
|
const client = new _OpenID4VCIClientV1_0_11({
|
|
@@ -5352,12 +4209,12 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5352
4209
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
5353
4210
|
await client.retrieveServerMetadata();
|
|
5354
4211
|
}
|
|
5355
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
4212
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common25.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
5356
4213
|
await client.createAuthorizationRequestUrl({
|
|
5357
4214
|
authorizationRequest,
|
|
5358
4215
|
pkce
|
|
5359
4216
|
});
|
|
5360
|
-
|
|
4217
|
+
logger14.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
5361
4218
|
}
|
|
5362
4219
|
return client;
|
|
5363
4220
|
}
|
|
@@ -5414,12 +4271,12 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5414
4271
|
...opts
|
|
5415
4272
|
});
|
|
5416
4273
|
if (response.errorBody) {
|
|
5417
|
-
|
|
4274
|
+
logger14.debug(`Authorization code error:\r
|
|
5418
4275
|
${JSON.stringify(response.errorBody)}`);
|
|
5419
4276
|
const error = response.errorBody;
|
|
5420
4277
|
return Promise.reject(error);
|
|
5421
4278
|
} else if (!response.successBody) {
|
|
5422
|
-
|
|
4279
|
+
logger14.debug(`Authorization code error. No success body`);
|
|
5423
4280
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
5424
4281
|
}
|
|
5425
4282
|
return {
|
|
@@ -5491,11 +4348,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5491
4348
|
}
|
|
5492
4349
|
});
|
|
5493
4350
|
if (response.errorBody) {
|
|
5494
|
-
|
|
4351
|
+
logger14.debug(`Access token error:\r
|
|
5495
4352
|
${JSON.stringify(response.errorBody)}`);
|
|
5496
4353
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
5497
4354
|
} else if (!response.successBody) {
|
|
5498
|
-
|
|
4355
|
+
logger14.debug(`Access token error. No success body`);
|
|
5499
4356
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
5500
4357
|
}
|
|
5501
4358
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -5514,7 +4371,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5514
4371
|
jwk,
|
|
5515
4372
|
kid
|
|
5516
4373
|
].filter((v) => v !== void 0).length > 1) {
|
|
5517
|
-
throw new Error(
|
|
4374
|
+
throw new Error(import_oid4vci_common25.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
5518
4375
|
}
|
|
5519
4376
|
if (alg) this._state.alg = alg;
|
|
5520
4377
|
if (jwk) this._state.jwk = jwk;
|
|
@@ -5538,7 +4395,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5538
4395
|
if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
5539
4396
|
let typeSupported = false;
|
|
5540
4397
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
5541
|
-
const subTypes = (0,
|
|
4398
|
+
const subTypes = (0, import_oid4vci_common25.getTypesFromCredentialSupported)(supportedCredential);
|
|
5542
4399
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
5543
4400
|
typeSupported = true;
|
|
5544
4401
|
}
|
|
@@ -5580,11 +4437,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5580
4437
|
});
|
|
5581
4438
|
this._state.dpopResponseParams = response.params;
|
|
5582
4439
|
if (response.errorBody) {
|
|
5583
|
-
|
|
4440
|
+
logger14.debug(`Credential request error:\r
|
|
5584
4441
|
${JSON.stringify(response.errorBody)}`);
|
|
5585
4442
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
5586
4443
|
} else if (!response.successBody) {
|
|
5587
|
-
|
|
4444
|
+
logger14.debug(`Credential request error. No success body`);
|
|
5588
4445
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
5589
4446
|
}
|
|
5590
4447
|
return {
|
|
@@ -5602,7 +4459,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5602
4459
|
// When < v11 convert into a v12 object. When v12 object retain it.
|
|
5603
4460
|
// Then match the object array on server metadata
|
|
5604
4461
|
getCredentialsSupportedV11(restrictToInitiationTypes, format) {
|
|
5605
|
-
return (0,
|
|
4462
|
+
return (0, import_oid4vci_common25.getSupportedCredentials)({
|
|
5606
4463
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
5607
4464
|
version: this.version(),
|
|
5608
4465
|
format,
|
|
@@ -5610,7 +4467,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5610
4467
|
});
|
|
5611
4468
|
}
|
|
5612
4469
|
getCredentialsSupported(format) {
|
|
5613
|
-
return (0,
|
|
4470
|
+
return (0, import_oid4vci_common25.getSupportedCredentials)({
|
|
5614
4471
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
5615
4472
|
version: this.version(),
|
|
5616
4473
|
format,
|
|
@@ -5620,7 +4477,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5620
4477
|
getCredentialOfferTypes() {
|
|
5621
4478
|
if (!this.credentialOffer) {
|
|
5622
4479
|
return [];
|
|
5623
|
-
} else if (this.credentialOffer.version <
|
|
4480
|
+
} else if (this.credentialOffer.version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_11) {
|
|
5624
4481
|
const orig = this.credentialOffer.original_credential_offer;
|
|
5625
4482
|
const types = typeof orig.credential_type === "string" ? [
|
|
5626
4483
|
orig.credential_type
|
|
@@ -5628,14 +4485,14 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5628
4485
|
const result = [];
|
|
5629
4486
|
result[0] = types;
|
|
5630
4487
|
return result;
|
|
5631
|
-
} else if (this.credentialOffer.version <
|
|
5632
|
-
return this.credentialOffer.credential_offer.credentials.map((c) => (0,
|
|
4488
|
+
} else if (this.credentialOffer.version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
4489
|
+
return this.credentialOffer.credential_offer.credentials.map((c) => (0, import_oid4vci_common25.getTypesFromObject)(c) ?? []);
|
|
5633
4490
|
}
|
|
5634
4491
|
throw Error(`This class only supports version 11 and lower! Version: ${this.version()}`);
|
|
5635
4492
|
}
|
|
5636
4493
|
issuerSupportedFlowTypes() {
|
|
5637
4494
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ? [
|
|
5638
|
-
|
|
4495
|
+
import_oid4vci_common25.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
5639
4496
|
] : []);
|
|
5640
4497
|
}
|
|
5641
4498
|
isFlowTypeSupported(flowType) {
|
|
@@ -5651,7 +4508,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5651
4508
|
return this._state.credentialOffer;
|
|
5652
4509
|
}
|
|
5653
4510
|
version() {
|
|
5654
|
-
return this.credentialOffer?.version ??
|
|
4511
|
+
return this.credentialOffer?.version ?? import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_11;
|
|
5655
4512
|
}
|
|
5656
4513
|
get endpointMetadata() {
|
|
5657
4514
|
this.assertServerMetadata();
|
|
@@ -5747,7 +4604,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5747
4604
|
};
|
|
5748
4605
|
if (!authorizationRequestOpts) {
|
|
5749
4606
|
authorizationRequestOpts = {
|
|
5750
|
-
redirectUri: `${
|
|
4607
|
+
redirectUri: `${import_oid4vci_common25.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
5751
4608
|
};
|
|
5752
4609
|
}
|
|
5753
4610
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -5758,7 +4615,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5758
4615
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
5759
4616
|
if (authorizationResponse) {
|
|
5760
4617
|
this._state.authorizationCodeResponse = {
|
|
5761
|
-
...(0,
|
|
4618
|
+
...(0, import_oid4vci_common25.toAuthorizationResponsePayload)(authorizationResponse)
|
|
5762
4619
|
};
|
|
5763
4620
|
} else if (code) {
|
|
5764
4621
|
this._state.authorizationCodeResponse = {
|
|
@@ -5770,5 +4627,5 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5770
4627
|
};
|
|
5771
4628
|
|
|
5772
4629
|
// lib/index.ts
|
|
5773
|
-
var LOG2 =
|
|
4630
|
+
var LOG2 = import_oid4vci_common26.VCI_LOGGERS.get("sphereon:oid4vci:client");
|
|
5774
4631
|
//# sourceMappingURL=index.cjs.map
|