@sphereon/oid4vci-client 0.19.1-feature.DIIPv4.2 → 0.19.1-feature.DIIPv4.34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +1604 -463
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +243 -27
- package/dist/index.d.ts +243 -27
- package/dist/index.js +1459 -318
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
package/dist/index.cjs
CHANGED
|
@@ -26,18 +26,22 @@ __export(index_exports, {
|
|
|
26
26
|
CredentialOfferClient: () => CredentialOfferClient,
|
|
27
27
|
CredentialOfferClientV1_0_11: () => CredentialOfferClientV1_0_11,
|
|
28
28
|
CredentialOfferClientV1_0_13: () => CredentialOfferClientV1_0_13,
|
|
29
|
+
CredentialOfferClientV1_0_15: () => CredentialOfferClientV1_0_15,
|
|
29
30
|
CredentialRequestClient: () => CredentialRequestClient,
|
|
30
31
|
CredentialRequestClientBuilder: () => CredentialRequestClientBuilder,
|
|
31
32
|
CredentialRequestClientBuilderV1_0_11: () => CredentialRequestClientBuilderV1_0_11,
|
|
32
33
|
CredentialRequestClientBuilderV1_0_13: () => CredentialRequestClientBuilderV1_0_13,
|
|
34
|
+
CredentialRequestClientBuilderV1_0_15: () => CredentialRequestClientBuilderV1_0_15,
|
|
33
35
|
CredentialRequestClientV1_0_11: () => CredentialRequestClientV1_0_11,
|
|
34
36
|
LOG: () => LOG2,
|
|
35
37
|
MetadataClient: () => MetadataClient,
|
|
36
38
|
MetadataClientV1_0_11: () => MetadataClientV1_0_11,
|
|
37
39
|
MetadataClientV1_0_13: () => MetadataClientV1_0_13,
|
|
40
|
+
MetadataClientV1_0_15: () => MetadataClientV1_0_15,
|
|
38
41
|
OpenID4VCIClient: () => OpenID4VCIClient,
|
|
39
42
|
OpenID4VCIClientV1_0_11: () => OpenID4VCIClientV1_0_11,
|
|
40
43
|
OpenID4VCIClientV1_0_13: () => OpenID4VCIClientV1_0_13,
|
|
44
|
+
OpenID4VCIClientV1_0_15: () => OpenID4VCIClientV1_0_15,
|
|
41
45
|
ProofOfPossessionBuilder: () => ProofOfPossessionBuilder,
|
|
42
46
|
acquireAuthorizationChallengeAuthCode: () => acquireAuthorizationChallengeAuthCode,
|
|
43
47
|
acquireAuthorizationChallengeAuthCodeUsingRequest: () => acquireAuthorizationChallengeAuthCodeUsingRequest,
|
|
@@ -56,7 +60,7 @@ __export(index_exports, {
|
|
|
56
60
|
sendNotification: () => sendNotification
|
|
57
61
|
});
|
|
58
62
|
module.exports = __toCommonJS(index_exports);
|
|
59
|
-
var
|
|
63
|
+
var import_oid4vci_common31 = require("@sphereon/oid4vci-common");
|
|
60
64
|
|
|
61
65
|
// lib/AccessTokenClient.ts
|
|
62
66
|
var import_oid4vc_common3 = require("@sphereon/oid4vc-common");
|
|
@@ -1060,12 +1064,12 @@ var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
|
1060
1064
|
};
|
|
1061
1065
|
|
|
1062
1066
|
// lib/AuthorizationCodeClient.ts
|
|
1063
|
-
var
|
|
1064
|
-
var
|
|
1067
|
+
var import_oid4vci_common14 = require("@sphereon/oid4vci-common");
|
|
1068
|
+
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1065
1069
|
|
|
1066
1070
|
// lib/MetadataClient.ts
|
|
1067
|
-
var
|
|
1068
|
-
var
|
|
1071
|
+
var import_oid4vci_common13 = require("@sphereon/oid4vci-common");
|
|
1072
|
+
var import_ssi_types8 = require("@sphereon/ssi-types");
|
|
1069
1073
|
|
|
1070
1074
|
// lib/MetadataClientV1_0_11.ts
|
|
1071
1075
|
var import_oid4vci_common11 = require("@sphereon/oid4vci-common");
|
|
@@ -1228,8 +1232,180 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1228
1232
|
}
|
|
1229
1233
|
};
|
|
1230
1234
|
|
|
1231
|
-
// lib/
|
|
1235
|
+
// lib/MetadataClientV1_0_15.ts
|
|
1236
|
+
var import_oid4vci_common12 = require("@sphereon/oid4vci-common");
|
|
1237
|
+
var import_ssi_types7 = require("@sphereon/ssi-types");
|
|
1232
1238
|
var logger5 = import_ssi_types7.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1239
|
+
var MetadataClientV1_0_15 = class _MetadataClientV1_0_15 {
|
|
1240
|
+
static {
|
|
1241
|
+
__name(this, "MetadataClientV1_0_15");
|
|
1242
|
+
}
|
|
1243
|
+
/**
|
|
1244
|
+
* Retrieve metadata using the Initiation obtained from a previous step
|
|
1245
|
+
*
|
|
1246
|
+
* @param credentialOffer
|
|
1247
|
+
*/
|
|
1248
|
+
static async retrieveAllMetadataFromCredentialOffer(credentialOffer) {
|
|
1249
|
+
return _MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOfferRequest(credentialOffer.credential_offer);
|
|
1250
|
+
}
|
|
1251
|
+
/**
|
|
1252
|
+
* Retrieve the metada using the initiation request obtained from a previous step
|
|
1253
|
+
* @param request
|
|
1254
|
+
*/
|
|
1255
|
+
static async retrieveAllMetadataFromCredentialOfferRequest(request) {
|
|
1256
|
+
const issuer = (0, import_oid4vci_common12.getIssuerFromCredentialOfferPayload)(request);
|
|
1257
|
+
if (issuer) {
|
|
1258
|
+
return _MetadataClientV1_0_15.retrieveAllMetadata(issuer);
|
|
1259
|
+
}
|
|
1260
|
+
throw new Error("can't retrieve metadata from CredentialOfferRequest. No issuer field is present");
|
|
1261
|
+
}
|
|
1262
|
+
/**
|
|
1263
|
+
* Retrieve all metadata from an issuer
|
|
1264
|
+
* @param issuer The issuer URL
|
|
1265
|
+
* @param opts
|
|
1266
|
+
*/
|
|
1267
|
+
static async retrieveAllMetadata(issuer, opts) {
|
|
1268
|
+
let token_endpoint;
|
|
1269
|
+
let credential_endpoint;
|
|
1270
|
+
let nonce_endpoint;
|
|
1271
|
+
let deferred_credential_endpoint;
|
|
1272
|
+
let authorization_endpoint;
|
|
1273
|
+
let authorization_challenge_endpoint;
|
|
1274
|
+
let authorizationServerType = "OID4VCI";
|
|
1275
|
+
let authorization_servers = [
|
|
1276
|
+
issuer
|
|
1277
|
+
];
|
|
1278
|
+
const oid4vciResponse = await _MetadataClientV1_0_15.retrieveOpenID4VCIServerMetadata(issuer, {
|
|
1279
|
+
errorOnNotFound: false
|
|
1280
|
+
});
|
|
1281
|
+
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1282
|
+
if (credentialIssuerMetadata) {
|
|
1283
|
+
logger5.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1284
|
+
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1285
|
+
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1286
|
+
nonce_endpoint = credentialIssuerMetadata.nonce_endpoint;
|
|
1287
|
+
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint;
|
|
1288
|
+
if (credentialIssuerMetadata.token_endpoint) {
|
|
1289
|
+
token_endpoint = credentialIssuerMetadata.token_endpoint;
|
|
1290
|
+
}
|
|
1291
|
+
authorization_challenge_endpoint = credentialIssuerMetadata.authorization_challenge_endpoint;
|
|
1292
|
+
if (credentialIssuerMetadata.authorization_servers) {
|
|
1293
|
+
authorization_servers = credentialIssuerMetadata.authorization_servers;
|
|
1294
|
+
}
|
|
1295
|
+
}
|
|
1296
|
+
let response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OPENID_CONFIGURATION, {
|
|
1297
|
+
errorOnNotFound: false
|
|
1298
|
+
});
|
|
1299
|
+
let authMetadata = response.successBody;
|
|
1300
|
+
if (authMetadata) {
|
|
1301
|
+
logger5.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1302
|
+
authorizationServerType = "OIDC";
|
|
1303
|
+
} else {
|
|
1304
|
+
response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OAUTH_AS, {
|
|
1305
|
+
errorOnNotFound: false
|
|
1306
|
+
});
|
|
1307
|
+
authMetadata = response.successBody;
|
|
1308
|
+
}
|
|
1309
|
+
if (!authMetadata) {
|
|
1310
|
+
if (!authorization_servers.includes(issuer)) {
|
|
1311
|
+
throw Error(`Issuer ${issuer} provided a separate authorization server ${authorization_servers}, but that server did not provide metadata`);
|
|
1312
|
+
}
|
|
1313
|
+
} else {
|
|
1314
|
+
logger5.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1315
|
+
if (!authMetadata.authorization_endpoint) {
|
|
1316
|
+
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1317
|
+
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
1318
|
+
throw Error(`Credential issuer has a different authorization_endpoint (${authorization_endpoint}) from the Authorization Server (${authMetadata.authorization_endpoint})`);
|
|
1319
|
+
}
|
|
1320
|
+
authorization_endpoint = authMetadata.authorization_endpoint;
|
|
1321
|
+
if (authorization_challenge_endpoint && authMetadata.authorization_challenge_endpoint !== authorization_challenge_endpoint) {
|
|
1322
|
+
throw Error(`Credential issuer has a different authorization_challenge_endpoint (${authorization_challenge_endpoint}) from the Authorization Server (${authMetadata.authorization_challenge_endpoint})`);
|
|
1323
|
+
}
|
|
1324
|
+
authorization_challenge_endpoint = authMetadata.authorization_challenge_endpoint;
|
|
1325
|
+
if (!authMetadata.token_endpoint) {
|
|
1326
|
+
throw Error(`Authorization Server ${authorization_servers} did not provide a token_endpoint`);
|
|
1327
|
+
} else if (token_endpoint && authMetadata.token_endpoint !== token_endpoint) {
|
|
1328
|
+
throw Error(`Credential issuer has a different token_endpoint (${token_endpoint}) from the Authorization Server (${authMetadata.token_endpoint})`);
|
|
1329
|
+
}
|
|
1330
|
+
token_endpoint = authMetadata.token_endpoint;
|
|
1331
|
+
if (authMetadata.credential_endpoint) {
|
|
1332
|
+
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1333
|
+
logger5.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1334
|
+
} else {
|
|
1335
|
+
credential_endpoint = authMetadata.credential_endpoint;
|
|
1336
|
+
}
|
|
1337
|
+
}
|
|
1338
|
+
if (authMetadata.deferred_credential_endpoint) {
|
|
1339
|
+
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1340
|
+
logger5.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1341
|
+
} else {
|
|
1342
|
+
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1343
|
+
}
|
|
1344
|
+
}
|
|
1345
|
+
}
|
|
1346
|
+
if (!authorization_endpoint) {
|
|
1347
|
+
logger5.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1348
|
+
}
|
|
1349
|
+
if (!token_endpoint) {
|
|
1350
|
+
logger5.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1351
|
+
if (opts?.errorOnNotFound) {
|
|
1352
|
+
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1353
|
+
} else {
|
|
1354
|
+
token_endpoint = `${issuer}${issuer.endsWith("/") ? "token" : "/token"}`;
|
|
1355
|
+
}
|
|
1356
|
+
}
|
|
1357
|
+
if (!credential_endpoint) {
|
|
1358
|
+
logger5.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1359
|
+
if (opts?.errorOnNotFound) {
|
|
1360
|
+
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1361
|
+
} else {
|
|
1362
|
+
credential_endpoint = `${issuer}${issuer.endsWith("/") ? "credential" : "/credential"}`;
|
|
1363
|
+
}
|
|
1364
|
+
}
|
|
1365
|
+
if (!credentialIssuerMetadata && authMetadata) {
|
|
1366
|
+
credentialIssuerMetadata = authMetadata;
|
|
1367
|
+
}
|
|
1368
|
+
const ci = credentialIssuerMetadata ?? {};
|
|
1369
|
+
const ciAuthorizationServers = Array.isArray(ci.authorization_servers) && ci.authorization_servers.length > 0 ? ci.authorization_servers : authorization_servers;
|
|
1370
|
+
const v15CredentialIssuerMetadata = {
|
|
1371
|
+
credential_issuer: ci.credential_issuer ?? issuer,
|
|
1372
|
+
credential_endpoint,
|
|
1373
|
+
authorization_servers: ciAuthorizationServers,
|
|
1374
|
+
credential_configurations_supported: ci.credential_configurations_supported ?? {},
|
|
1375
|
+
display: ci.display ?? [],
|
|
1376
|
+
...nonce_endpoint && {
|
|
1377
|
+
nonce_endpoint
|
|
1378
|
+
},
|
|
1379
|
+
...deferred_credential_endpoint && {
|
|
1380
|
+
deferred_credential_endpoint
|
|
1381
|
+
}
|
|
1382
|
+
};
|
|
1383
|
+
logger5.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1384
|
+
return {
|
|
1385
|
+
issuer,
|
|
1386
|
+
token_endpoint,
|
|
1387
|
+
credential_endpoint,
|
|
1388
|
+
authorization_challenge_endpoint,
|
|
1389
|
+
authorizationServerType,
|
|
1390
|
+
credentialIssuerMetadata: v15CredentialIssuerMetadata,
|
|
1391
|
+
authorizationServerMetadata: authMetadata
|
|
1392
|
+
};
|
|
1393
|
+
}
|
|
1394
|
+
/**
|
|
1395
|
+
* Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata
|
|
1396
|
+
*
|
|
1397
|
+
* @param issuerHost The issuer hostname
|
|
1398
|
+
* @param opts
|
|
1399
|
+
*/
|
|
1400
|
+
static async retrieveOpenID4VCIServerMetadata(issuerHost, opts) {
|
|
1401
|
+
return retrieveWellknown(issuerHost, import_oid4vci_common12.WellKnownEndpoints.OPENID4VCI_ISSUER, {
|
|
1402
|
+
errorOnNotFound: opts?.errorOnNotFound === void 0 ? true : opts.errorOnNotFound
|
|
1403
|
+
});
|
|
1404
|
+
}
|
|
1405
|
+
};
|
|
1406
|
+
|
|
1407
|
+
// lib/MetadataClient.ts
|
|
1408
|
+
var logger6 = import_ssi_types8.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1233
1409
|
var MetadataClient = class _MetadataClient {
|
|
1234
1410
|
static {
|
|
1235
1411
|
__name(this, "MetadataClient");
|
|
@@ -1240,7 +1416,9 @@ var MetadataClient = class _MetadataClient {
|
|
|
1240
1416
|
* @param credentialOffer
|
|
1241
1417
|
*/
|
|
1242
1418
|
static async retrieveAllMetadataFromCredentialOffer(credentialOffer) {
|
|
1243
|
-
if ((0,
|
|
1419
|
+
if ((0, import_oid4vci_common13.determineSpecVersionFromOffer)(credentialOffer.credential_offer) >= import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_15) {
|
|
1420
|
+
return await MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
1421
|
+
} else if ((0, import_oid4vci_common13.determineSpecVersionFromOffer)(credentialOffer.credential_offer) >= import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13) {
|
|
1244
1422
|
return await MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
1245
1423
|
} else {
|
|
1246
1424
|
return await MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
@@ -1251,9 +1429,11 @@ var MetadataClient = class _MetadataClient {
|
|
|
1251
1429
|
* @param request
|
|
1252
1430
|
*/
|
|
1253
1431
|
static async retrieveAllMetadataFromCredentialOfferRequest(request) {
|
|
1254
|
-
const issuer = (0,
|
|
1432
|
+
const issuer = (0, import_oid4vci_common13.getIssuerFromCredentialOfferPayload)(request);
|
|
1255
1433
|
if (issuer) {
|
|
1256
|
-
if ((0,
|
|
1434
|
+
if ((0, import_oid4vci_common13.determineSpecVersionFromOffer)(request) >= import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_15) {
|
|
1435
|
+
return MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
1436
|
+
} else if ((0, import_oid4vci_common13.determineSpecVersionFromOffer)(request) >= import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13) {
|
|
1257
1437
|
return MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
1258
1438
|
} else {
|
|
1259
1439
|
return MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
@@ -1282,7 +1462,7 @@ var MetadataClient = class _MetadataClient {
|
|
|
1282
1462
|
});
|
|
1283
1463
|
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1284
1464
|
if (credentialIssuerMetadata) {
|
|
1285
|
-
|
|
1465
|
+
logger6.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1286
1466
|
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1287
1467
|
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1288
1468
|
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint ? credentialIssuerMetadata.deferred_credential_endpoint : void 0;
|
|
@@ -1299,15 +1479,15 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1299
1479
|
];
|
|
1300
1480
|
}
|
|
1301
1481
|
}
|
|
1302
|
-
let response = await retrieveWellknown(authorization_servers[0],
|
|
1482
|
+
let response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common13.WellKnownEndpoints.OPENID_CONFIGURATION, {
|
|
1303
1483
|
errorOnNotFound: false
|
|
1304
1484
|
});
|
|
1305
1485
|
let authMetadata = response.successBody;
|
|
1306
1486
|
if (authMetadata) {
|
|
1307
|
-
|
|
1487
|
+
logger6.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1308
1488
|
authorizationServerType = "OIDC";
|
|
1309
1489
|
} else {
|
|
1310
|
-
response = await retrieveWellknown(authorization_servers[0],
|
|
1490
|
+
response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common13.WellKnownEndpoints.OAUTH_AS, {
|
|
1311
1491
|
errorOnNotFound: false
|
|
1312
1492
|
});
|
|
1313
1493
|
authMetadata = response.successBody;
|
|
@@ -1320,7 +1500,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1320
1500
|
if (!authorizationServerType) {
|
|
1321
1501
|
authorizationServerType = "OAuth 2.0";
|
|
1322
1502
|
}
|
|
1323
|
-
|
|
1503
|
+
logger6.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1324
1504
|
if (!authMetadata.authorization_endpoint) {
|
|
1325
1505
|
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1326
1506
|
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
@@ -1339,24 +1519,24 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1339
1519
|
token_endpoint = authMetadata.token_endpoint;
|
|
1340
1520
|
if (authMetadata.credential_endpoint) {
|
|
1341
1521
|
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1342
|
-
|
|
1522
|
+
logger6.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1343
1523
|
} else {
|
|
1344
1524
|
credential_endpoint = authMetadata.credential_endpoint;
|
|
1345
1525
|
}
|
|
1346
1526
|
}
|
|
1347
1527
|
if (authMetadata.deferred_credential_endpoint) {
|
|
1348
1528
|
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1349
|
-
|
|
1529
|
+
logger6.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1350
1530
|
} else {
|
|
1351
1531
|
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1352
1532
|
}
|
|
1353
1533
|
}
|
|
1354
1534
|
}
|
|
1355
1535
|
if (!authorization_endpoint) {
|
|
1356
|
-
|
|
1536
|
+
logger6.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1357
1537
|
}
|
|
1358
1538
|
if (!token_endpoint) {
|
|
1359
|
-
|
|
1539
|
+
logger6.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1360
1540
|
if (opts?.errorOnNotFound) {
|
|
1361
1541
|
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1362
1542
|
} else {
|
|
@@ -1364,7 +1544,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1364
1544
|
}
|
|
1365
1545
|
}
|
|
1366
1546
|
if (!credential_endpoint) {
|
|
1367
|
-
|
|
1547
|
+
logger6.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1368
1548
|
if (opts?.errorOnNotFound) {
|
|
1369
1549
|
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1370
1550
|
} else {
|
|
@@ -1374,7 +1554,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1374
1554
|
if (!credentialIssuerMetadata && authMetadata) {
|
|
1375
1555
|
credentialIssuerMetadata = authorization_server ? authMetadata : authMetadata;
|
|
1376
1556
|
}
|
|
1377
|
-
|
|
1557
|
+
logger6.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1378
1558
|
return {
|
|
1379
1559
|
issuer,
|
|
1380
1560
|
token_endpoint,
|
|
@@ -1399,18 +1579,18 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1399
1579
|
* @param opts
|
|
1400
1580
|
*/
|
|
1401
1581
|
static async retrieveOpenID4VCIServerMetadata(issuerHost, opts) {
|
|
1402
|
-
return retrieveWellknown(issuerHost,
|
|
1582
|
+
return retrieveWellknown(issuerHost, import_oid4vci_common13.WellKnownEndpoints.OPENID4VCI_ISSUER, {
|
|
1403
1583
|
errorOnNotFound: opts?.errorOnNotFound === void 0 ? true : opts.errorOnNotFound
|
|
1404
1584
|
});
|
|
1405
1585
|
}
|
|
1406
1586
|
};
|
|
1407
1587
|
|
|
1408
1588
|
// lib/AuthorizationCodeClient.ts
|
|
1409
|
-
var
|
|
1589
|
+
var logger7 = import_ssi_types9.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
1410
1590
|
async function createSignedAuthRequestWhenNeeded(requestObject, opts) {
|
|
1411
|
-
if (opts.requestObjectMode ===
|
|
1591
|
+
if (opts.requestObjectMode === import_oid4vci_common14.CreateRequestObjectMode.REQUEST_URI) {
|
|
1412
1592
|
throw Error(`Request Object Mode ${opts.requestObjectMode} is not supported yet`);
|
|
1413
|
-
} else if (opts.requestObjectMode ===
|
|
1593
|
+
} else if (opts.requestObjectMode === import_oid4vci_common14.CreateRequestObjectMode.REQUEST_OBJECT) {
|
|
1414
1594
|
if (typeof opts.signCallbacks?.signCallback !== "function") {
|
|
1415
1595
|
throw Error(`No request object sign callback found, whilst request object mode was set to ${opts.requestObjectMode}`);
|
|
1416
1596
|
} else if (!opts.kid) {
|
|
@@ -1449,7 +1629,7 @@ async function createSignedAuthRequestWhenNeeded(requestObject, opts) {
|
|
|
1449
1629
|
const pop = await ProofOfPossessionBuilder.fromJwt({
|
|
1450
1630
|
jwt,
|
|
1451
1631
|
callbacks: opts.signCallbacks,
|
|
1452
|
-
version:
|
|
1632
|
+
version: import_oid4vci_common14.OpenId4VCIVersion.VER_1_0_11,
|
|
1453
1633
|
mode: "JWT"
|
|
1454
1634
|
}).build();
|
|
1455
1635
|
requestObject["request"] = pop.jwt;
|
|
@@ -1487,12 +1667,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1487
1667
|
}
|
|
1488
1668
|
__name(removeDisplayAndValueTypes, "removeDisplayAndValueTypes");
|
|
1489
1669
|
const { redirectUri, requestObjectOpts = {
|
|
1490
|
-
requestObjectMode:
|
|
1670
|
+
requestObjectMode: import_oid4vci_common14.CreateRequestObjectMode.NONE
|
|
1491
1671
|
} } = authorizationRequest;
|
|
1492
1672
|
const client_id = clientId ?? authorizationRequest.clientId;
|
|
1493
1673
|
const authorizationMetadata = endpointMetadata.authorizationServerMetadata ?? endpointMetadata.credentialIssuerMetadata;
|
|
1494
1674
|
let { authorizationDetails } = authorizationRequest;
|
|
1495
|
-
const parMode = authorizationMetadata?.require_pushed_authorization_requests ?
|
|
1675
|
+
const parMode = authorizationMetadata?.require_pushed_authorization_requests ? import_oid4vci_common14.PARMode.REQUIRE : authorizationRequest.parMode ?? (client_id ? import_oid4vci_common14.PARMode.AUTO : import_oid4vci_common14.PARMode.NEVER);
|
|
1496
1676
|
if (!authorizationRequest.scope && !authorizationDetails) {
|
|
1497
1677
|
if (!credentialOffer) {
|
|
1498
1678
|
throw Error("Please provide a scope or authorization_details if no credential offer is present");
|
|
@@ -1500,8 +1680,8 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1500
1680
|
if ("credentials" in credentialOffer.credential_offer) {
|
|
1501
1681
|
throw new Error("CredentialOffer format is wrong.");
|
|
1502
1682
|
}
|
|
1503
|
-
const ver = version ?? (0,
|
|
1504
|
-
const creds = ver ===
|
|
1683
|
+
const ver = version ?? (0, import_oid4vci_common14.determineSpecVersionFromOffer)(credentialOffer.credential_offer) ?? import_oid4vci_common14.OpenId4VCIVersion.VER_1_0_15;
|
|
1684
|
+
const creds = ver === import_oid4vci_common14.OpenId4VCIVersion.VER_1_0_15 ? filterSupportedCredentials(credentialOffer.credential_offer, credentialConfigurationSupported) : [];
|
|
1505
1685
|
authorizationDetails = creds.flatMap((cred) => {
|
|
1506
1686
|
const locations = [
|
|
1507
1687
|
credentialOffer?.credential_offer.credential_issuer ?? endpointMetadata.issuer
|
|
@@ -1511,10 +1691,10 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1511
1691
|
if (!credential_configuration_id && !cred.format) {
|
|
1512
1692
|
throw Error("format is required in authorization details");
|
|
1513
1693
|
}
|
|
1514
|
-
const vct = cred.format === "
|
|
1694
|
+
const vct = cred.format === "dc+sd-jwt" ? cred.vct : void 0;
|
|
1515
1695
|
const doctype = cred.format === "mso_mdoc" ? cred.doctype : void 0;
|
|
1516
1696
|
let credential_definition = void 0;
|
|
1517
|
-
if ((0,
|
|
1697
|
+
if ((0, import_oid4vci_common14.isW3cCredentialSupported)(cred) && hasCredentialDefinition(cred)) {
|
|
1518
1698
|
credential_definition = {
|
|
1519
1699
|
...cred.credential_definition,
|
|
1520
1700
|
// type: OPTIONAL. Array as defined in Appendix A.1.1.2. This claim contains the type values the Wallet requests authorization for at the Credential Issuer. It MUST be present if the claim format is present in the root of the authorization details object. It MUST not be present otherwise.
|
|
@@ -1549,14 +1729,15 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1549
1729
|
throw Error(`Could not create authorization details from credential offer. Please pass in explicit details`);
|
|
1550
1730
|
}
|
|
1551
1731
|
}
|
|
1552
|
-
|
|
1732
|
+
const authorizationEndpoint = endpointMetadata.authorization_endpoint ?? endpointMetadata.authorizationServerMetadata?.authorization_endpoint ?? endpointMetadata.credentialIssuerMetadata?.authorization_endpoint;
|
|
1733
|
+
if (!authorizationEndpoint) {
|
|
1553
1734
|
throw Error("Server metadata does not contain authorization endpoint");
|
|
1554
1735
|
}
|
|
1555
1736
|
const parEndpoint = authorizationMetadata?.pushed_authorization_request_endpoint;
|
|
1556
1737
|
let queryObj = {
|
|
1557
|
-
response_type:
|
|
1738
|
+
response_type: import_oid4vci_common14.ResponseType.AUTH_CODE,
|
|
1558
1739
|
...!pkce.disabled && {
|
|
1559
|
-
code_challenge_method: pkce.codeChallengeMethod ??
|
|
1740
|
+
code_challenge_method: pkce.codeChallengeMethod ?? import_oid4vci_common14.CodeChallengeMethod.S256,
|
|
1560
1741
|
code_challenge: pkce.codeChallenge
|
|
1561
1742
|
},
|
|
1562
1743
|
authorization_details: JSON.stringify(handleAuthorizationDetails(endpointMetadata, authorizationDetails)),
|
|
@@ -1574,12 +1755,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1574
1755
|
if (credentialOffer?.issuerState) {
|
|
1575
1756
|
queryObj.state = credentialOffer?.issuerState;
|
|
1576
1757
|
}
|
|
1577
|
-
if (!parEndpoint && parMode ===
|
|
1758
|
+
if (!parEndpoint && parMode === import_oid4vci_common14.PARMode.REQUIRE) {
|
|
1578
1759
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1579
|
-
} else if (parEndpoint && parMode !==
|
|
1580
|
-
|
|
1581
|
-
const parResponse = await (0,
|
|
1582
|
-
mode:
|
|
1760
|
+
} else if (parEndpoint && parMode !== import_oid4vci_common14.PARMode.NEVER) {
|
|
1761
|
+
logger7.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1762
|
+
const parResponse = await (0, import_oid4vci_common14.formPost)(parEndpoint, (0, import_oid4vci_common14.convertJsonToURI)(queryObj, {
|
|
1763
|
+
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
1583
1764
|
uriTypeProperties: [
|
|
1584
1765
|
"client_id",
|
|
1585
1766
|
"request_uri",
|
|
@@ -1594,12 +1775,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1594
1775
|
accept: "application/json"
|
|
1595
1776
|
});
|
|
1596
1777
|
if (parResponse.errorBody || !parResponse.successBody) {
|
|
1597
|
-
if (parMode ===
|
|
1778
|
+
if (parMode === import_oid4vci_common14.PARMode.REQUIRE) {
|
|
1598
1779
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1599
1780
|
}
|
|
1600
|
-
|
|
1781
|
+
logger7.debug("Falling back to regular request URI, since PAR failed", JSON.stringify(parResponse.errorBody));
|
|
1601
1782
|
} else {
|
|
1602
|
-
|
|
1783
|
+
logger7.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1603
1784
|
queryObj = {
|
|
1604
1785
|
client_id,
|
|
1605
1786
|
request_uri: parResponse.successBody.request_uri
|
|
@@ -1608,11 +1789,11 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1608
1789
|
}
|
|
1609
1790
|
await createSignedAuthRequestWhenNeeded(queryObj, {
|
|
1610
1791
|
...requestObjectOpts,
|
|
1611
|
-
aud: endpointMetadata.authorization_server
|
|
1792
|
+
aud: endpointMetadata.authorization_server ?? endpointMetadata.authorizationServerMetadata?.issuer
|
|
1612
1793
|
});
|
|
1613
|
-
|
|
1614
|
-
const url = (0,
|
|
1615
|
-
baseUrl:
|
|
1794
|
+
logger7.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1795
|
+
const url = (0, import_oid4vci_common14.convertJsonToURI)(queryObj, {
|
|
1796
|
+
baseUrl: authorizationEndpoint,
|
|
1616
1797
|
uriTypeProperties: [
|
|
1617
1798
|
"client_id",
|
|
1618
1799
|
"request_uri",
|
|
@@ -1623,11 +1804,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1623
1804
|
"state"
|
|
1624
1805
|
],
|
|
1625
1806
|
// arrayTypeProperties: ['authorization_details'],
|
|
1626
|
-
mode:
|
|
1807
|
+
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1627
1808
|
});
|
|
1628
|
-
|
|
1809
|
+
logger7.debug(`Authorization Request URL: ${url}`);
|
|
1629
1810
|
return url;
|
|
1630
1811
|
}, "createAuthorizationRequestUrl");
|
|
1812
|
+
var hasCredentialDefinition = /* @__PURE__ */ __name((cred) => "credential_definition" in cred && cred.credential_definition && typeof cred.credential_definition === "object" && cred.credential_definition !== null && "type" in cred.credential_definition && Array.isArray(cred.credential_definition.type), "hasCredentialDefinition");
|
|
1631
1813
|
var handleAuthorizationDetails = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
1632
1814
|
if (authorizationDetails) {
|
|
1633
1815
|
if (typeof authorizationDetails === "string") {
|
|
@@ -1649,7 +1831,10 @@ var handleLocations = /* @__PURE__ */ __name((endpointMetadata, authorizationDet
|
|
|
1649
1831
|
if (typeof authorizationDetails === "string") {
|
|
1650
1832
|
return authorizationDetails;
|
|
1651
1833
|
}
|
|
1652
|
-
|
|
1834
|
+
const ciMeta = endpointMetadata.credentialIssuerMetadata;
|
|
1835
|
+
const hasAuthorizationServers = Array.isArray(ciMeta?.authorization_servers) && ciMeta.authorization_servers.length > 0;
|
|
1836
|
+
const legacyHasAuthzEndpoint = Boolean(endpointMetadata.authorization_endpoint);
|
|
1837
|
+
if (hasAuthorizationServers || legacyHasAuthzEndpoint) {
|
|
1653
1838
|
if (authorizationDetails.locations) {
|
|
1654
1839
|
if (Array.isArray(authorizationDetails.locations)) {
|
|
1655
1840
|
authorizationDetails.locations.push(endpointMetadata.issuer);
|
|
@@ -1708,23 +1893,23 @@ var createAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (opts) =>
|
|
|
1708
1893
|
return request;
|
|
1709
1894
|
}, "createAuthorizationChallengeRequest");
|
|
1710
1895
|
var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (authorizationChallengeCodeUrl, authorizationChallengeRequest, opts) => {
|
|
1711
|
-
return await (0,
|
|
1712
|
-
mode:
|
|
1896
|
+
return await (0, import_oid4vci_common14.formPost)(authorizationChallengeCodeUrl, (0, import_oid4vci_common14.convertJsonToURI)(authorizationChallengeRequest, {
|
|
1897
|
+
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1713
1898
|
}), {
|
|
1714
1899
|
customHeaders: opts?.headers ? opts.headers : void 0
|
|
1715
1900
|
});
|
|
1716
1901
|
}, "sendAuthorizationChallengeRequest");
|
|
1717
1902
|
|
|
1718
1903
|
// lib/AuthorizationCodeClientV1_0_11.ts
|
|
1719
|
-
var
|
|
1720
|
-
var
|
|
1721
|
-
var
|
|
1904
|
+
var import_oid4vci_common15 = require("@sphereon/oid4vci-common");
|
|
1905
|
+
var import_ssi_types10 = require("@sphereon/ssi-types");
|
|
1906
|
+
var logger8 = import_ssi_types10.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
1722
1907
|
var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported }) => {
|
|
1723
1908
|
const { redirectUri, clientId, requestObjectOpts = {
|
|
1724
|
-
requestObjectMode:
|
|
1909
|
+
requestObjectMode: import_oid4vci_common15.CreateRequestObjectMode.NONE
|
|
1725
1910
|
} } = authorizationRequest;
|
|
1726
1911
|
let { scope, authorizationDetails } = authorizationRequest;
|
|
1727
|
-
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests ?
|
|
1912
|
+
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests ? import_oid4vci_common15.PARMode.REQUIRE : authorizationRequest.parMode ?? import_oid4vci_common15.PARMode.AUTO;
|
|
1728
1913
|
if (!scope && !authorizationDetails) {
|
|
1729
1914
|
if (!credentialOffer) {
|
|
1730
1915
|
throw Error("Please provide a scope or authorization_details if no credential offer is present");
|
|
@@ -1757,9 +1942,9 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1757
1942
|
].filter((s) => !!s).join(" ");
|
|
1758
1943
|
}
|
|
1759
1944
|
let queryObj = {
|
|
1760
|
-
response_type:
|
|
1945
|
+
response_type: import_oid4vci_common15.ResponseType.AUTH_CODE,
|
|
1761
1946
|
...!pkce.disabled && {
|
|
1762
|
-
code_challenge_method: pkce.codeChallengeMethod ??
|
|
1947
|
+
code_challenge_method: pkce.codeChallengeMethod ?? import_oid4vci_common15.CodeChallengeMethod.S256,
|
|
1763
1948
|
code_challenge: pkce.codeChallenge
|
|
1764
1949
|
},
|
|
1765
1950
|
authorization_details: JSON.stringify(handleAuthorizationDetailsV1_0_11(endpointMetadata, authorizationDetails)),
|
|
@@ -1774,12 +1959,12 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1774
1959
|
},
|
|
1775
1960
|
scope
|
|
1776
1961
|
};
|
|
1777
|
-
if (!parEndpoint && parMode ===
|
|
1962
|
+
if (!parEndpoint && parMode === import_oid4vci_common15.PARMode.REQUIRE) {
|
|
1778
1963
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1779
|
-
} else if (parEndpoint && parMode !==
|
|
1780
|
-
|
|
1781
|
-
const parResponse = await (0,
|
|
1782
|
-
mode:
|
|
1964
|
+
} else if (parEndpoint && parMode !== import_oid4vci_common15.PARMode.NEVER) {
|
|
1965
|
+
logger8.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1966
|
+
const parResponse = await (0, import_oid4vci_common15.formPost)(parEndpoint, (0, import_oid4vci_common15.convertJsonToURI)(queryObj, {
|
|
1967
|
+
mode: import_oid4vci_common15.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
1783
1968
|
uriTypeProperties: [
|
|
1784
1969
|
"client_id",
|
|
1785
1970
|
"request_uri",
|
|
@@ -1795,11 +1980,11 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1795
1980
|
if (parResponse.errorBody || !parResponse.successBody) {
|
|
1796
1981
|
console.log(JSON.stringify(parResponse.errorBody));
|
|
1797
1982
|
console.log("Falling back to regular request URI, since PAR failed");
|
|
1798
|
-
if (parMode ===
|
|
1983
|
+
if (parMode === import_oid4vci_common15.PARMode.REQUIRE) {
|
|
1799
1984
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1800
1985
|
}
|
|
1801
1986
|
} else {
|
|
1802
|
-
|
|
1987
|
+
logger8.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1803
1988
|
queryObj = {
|
|
1804
1989
|
request_uri: parResponse.successBody.request_uri
|
|
1805
1990
|
};
|
|
@@ -1809,8 +1994,8 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1809
1994
|
...requestObjectOpts,
|
|
1810
1995
|
aud: endpointMetadata.authorization_server
|
|
1811
1996
|
});
|
|
1812
|
-
|
|
1813
|
-
const url = (0,
|
|
1997
|
+
logger8.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1998
|
+
const url = (0, import_oid4vci_common15.convertJsonToURI)(queryObj, {
|
|
1814
1999
|
baseUrl: endpointMetadata.authorization_endpoint,
|
|
1815
2000
|
uriTypeProperties: [
|
|
1816
2001
|
"client_id",
|
|
@@ -1821,9 +2006,9 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1821
2006
|
"issuer_state"
|
|
1822
2007
|
],
|
|
1823
2008
|
// arrayTypeProperties: ['authorization_details'],
|
|
1824
|
-
mode:
|
|
2009
|
+
mode: import_oid4vci_common15.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1825
2010
|
});
|
|
1826
|
-
|
|
2011
|
+
logger8.debug(`Authorization Request URL: ${url}`);
|
|
1827
2012
|
return url;
|
|
1828
2013
|
}, "createAuthorizationRequestUrlV1_0_11");
|
|
1829
2014
|
var handleAuthorizationDetailsV1_0_11 = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
@@ -1868,9 +2053,9 @@ var handleLocations2 = /* @__PURE__ */ __name((endpointMetadata, authorizationDe
|
|
|
1868
2053
|
|
|
1869
2054
|
// lib/CredentialRequestClient.ts
|
|
1870
2055
|
var import_oid4vc_common5 = require("@sphereon/oid4vc-common");
|
|
1871
|
-
var
|
|
1872
|
-
var
|
|
1873
|
-
var
|
|
2056
|
+
var import_oid4vci_common16 = require("@sphereon/oid4vci-common");
|
|
2057
|
+
var import_ssi_types11 = require("@sphereon/ssi-types");
|
|
2058
|
+
var logger9 = import_ssi_types11.Loggers.DEFAULT.get("sphereon:oid4vci:credential");
|
|
1874
2059
|
async function buildProof(proofInput, opts) {
|
|
1875
2060
|
if ("proof_type" in proofInput) {
|
|
1876
2061
|
if (opts.cNonce) {
|
|
@@ -1884,6 +2069,27 @@ async function buildProof(proofInput, opts) {
|
|
|
1884
2069
|
return await proofInput.build();
|
|
1885
2070
|
}
|
|
1886
2071
|
__name(buildProof, "buildProof");
|
|
2072
|
+
function isOpenIdCredentialDetail(ad) {
|
|
2073
|
+
return typeof ad === "object" && ad !== null && ad.type === "openid_credential";
|
|
2074
|
+
}
|
|
2075
|
+
__name(isOpenIdCredentialDetail, "isOpenIdCredentialDetail");
|
|
2076
|
+
function findAuthorizationDetail(authorizationDetails, preferredConfigId) {
|
|
2077
|
+
if (!authorizationDetails) {
|
|
2078
|
+
return void 0;
|
|
2079
|
+
}
|
|
2080
|
+
const openIdCredentialDetails = authorizationDetails.filter(isOpenIdCredentialDetail);
|
|
2081
|
+
if (openIdCredentialDetails.length === 0) {
|
|
2082
|
+
return void 0;
|
|
2083
|
+
}
|
|
2084
|
+
if (preferredConfigId) {
|
|
2085
|
+
const match = openIdCredentialDetails.find((detail) => typeof detail === "object" && detail !== null && detail.credential_configuration_id === preferredConfigId);
|
|
2086
|
+
if (match) {
|
|
2087
|
+
return match;
|
|
2088
|
+
}
|
|
2089
|
+
}
|
|
2090
|
+
return openIdCredentialDetails[0];
|
|
2091
|
+
}
|
|
2092
|
+
__name(findAuthorizationDetail, "findAuthorizationDetail");
|
|
1887
2093
|
var CredentialRequestClient = class {
|
|
1888
2094
|
static {
|
|
1889
2095
|
__name(this, "CredentialRequestClient");
|
|
@@ -1923,7 +2129,10 @@ var CredentialRequestClient = class {
|
|
|
1923
2129
|
credentialIdentifier,
|
|
1924
2130
|
subjectIssuance
|
|
1925
2131
|
});
|
|
1926
|
-
|
|
2132
|
+
if (!import_oid4vci_common16.supportedOID4VCICredentialFormat.includes(format)) {
|
|
2133
|
+
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
2134
|
+
}
|
|
2135
|
+
return await this.acquireCredentialsUsingRequestWithoutProof(request, format, opts.createDPoPOpts);
|
|
1927
2136
|
}
|
|
1928
2137
|
async acquireCredentialsUsingProof(opts) {
|
|
1929
2138
|
const { credentialIdentifier, credentialTypes, proofInput, format, context, subjectIssuance } = opts;
|
|
@@ -1936,32 +2145,35 @@ var CredentialRequestClient = class {
|
|
|
1936
2145
|
credentialIdentifier,
|
|
1937
2146
|
subjectIssuance
|
|
1938
2147
|
});
|
|
1939
|
-
|
|
2148
|
+
if (this.version() <= import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_13 && !import_oid4vci_common16.supportedOID4VCICredentialFormat.includes(format)) {
|
|
2149
|
+
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
2150
|
+
}
|
|
2151
|
+
return await this.acquireCredentialsUsingRequest(request, format, opts.createDPoPOpts);
|
|
1940
2152
|
}
|
|
1941
|
-
async acquireCredentialsUsingRequestWithoutProof(uniformRequest, createDPoPOpts) {
|
|
1942
|
-
return await this.acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts);
|
|
2153
|
+
async acquireCredentialsUsingRequestWithoutProof(uniformRequest, format, createDPoPOpts) {
|
|
2154
|
+
return await this.acquireCredentialsUsingRequestImpl(uniformRequest, format, createDPoPOpts);
|
|
1943
2155
|
}
|
|
1944
|
-
async acquireCredentialsUsingRequest(uniformRequest, createDPoPOpts) {
|
|
1945
|
-
return await this.acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts);
|
|
2156
|
+
async acquireCredentialsUsingRequest(uniformRequest, format, createDPoPOpts) {
|
|
2157
|
+
return await this.acquireCredentialsUsingRequestImpl(uniformRequest, format, createDPoPOpts);
|
|
1946
2158
|
}
|
|
1947
|
-
async acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts) {
|
|
1948
|
-
if (this.version() <
|
|
2159
|
+
async acquireCredentialsUsingRequestImpl(uniformRequest, format, createDPoPOpts) {
|
|
2160
|
+
if (this.version() < import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_13) {
|
|
1949
2161
|
throw new Error("Versions below v1.0.13 (draft 13) are not supported by the V13 credential request client.");
|
|
1950
2162
|
}
|
|
1951
|
-
const request = (0,
|
|
2163
|
+
const request = (0, import_oid4vci_common16.getCredentialRequestForVersion)(uniformRequest, format, this.version());
|
|
1952
2164
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
1953
|
-
if (!(0,
|
|
1954
|
-
|
|
1955
|
-
throw new Error(
|
|
2165
|
+
if (!(0, import_oid4vci_common16.isValidURL)(credentialEndpoint)) {
|
|
2166
|
+
logger9.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
2167
|
+
throw new Error(import_oid4vci_common16.URL_NOT_VALID);
|
|
1956
2168
|
}
|
|
1957
|
-
|
|
1958
|
-
|
|
2169
|
+
logger9.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
2170
|
+
logger9.debug(`request
|
|
1959
2171
|
: ${JSON.stringify(request, null, 2)}`);
|
|
1960
2172
|
const requestToken = this.credentialRequestOpts.token;
|
|
1961
2173
|
let dPoP = createDPoPOpts ? await (0, import_oid4vc_common5.createDPoP)((0, import_oid4vc_common5.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
1962
2174
|
accessToken: requestToken
|
|
1963
2175
|
})) : void 0;
|
|
1964
|
-
let response = await (0,
|
|
2176
|
+
let response = await (0, import_oid4vci_common16.post)(credentialEndpoint, JSON.stringify(request), {
|
|
1965
2177
|
bearerToken: requestToken,
|
|
1966
2178
|
...dPoP && {
|
|
1967
2179
|
customHeaders: {
|
|
@@ -1976,7 +2188,7 @@ var CredentialRequestClient = class {
|
|
|
1976
2188
|
dPoP = await (0, import_oid4vc_common5.createDPoP)((0, import_oid4vc_common5.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
1977
2189
|
accessToken: requestToken
|
|
1978
2190
|
}));
|
|
1979
|
-
response = await (0,
|
|
2191
|
+
response = await (0, import_oid4vci_common16.post)(credentialEndpoint, JSON.stringify(request), {
|
|
1980
2192
|
bearerToken: requestToken,
|
|
1981
2193
|
...createDPoPOpts && {
|
|
1982
2194
|
customHeaders: {
|
|
@@ -1987,7 +2199,7 @@ var CredentialRequestClient = class {
|
|
|
1987
2199
|
const successDPoPNonce = response.origResponse.headers.get("DPoP-Nonce");
|
|
1988
2200
|
nextDPoPNonce = successDPoPNonce ?? retryWithNonce.dpopNonce;
|
|
1989
2201
|
}
|
|
1990
|
-
this._isDeferred = (0,
|
|
2202
|
+
this._isDeferred = (0, import_oid4vci_common16.isDeferredCredentialResponse)(response);
|
|
1991
2203
|
if (this.isDeferred() && this.credentialRequestOpts.deferredCredentialAwait && response.successBody) {
|
|
1992
2204
|
response = await this.acquireDeferredCredential(response.successBody, {
|
|
1993
2205
|
bearerToken: this.credentialRequestOpts.token
|
|
@@ -1999,7 +2211,7 @@ var CredentialRequestClient = class {
|
|
|
1999
2211
|
throw Error("Subject signing was requested, but issuer did not provide the options in its response");
|
|
2000
2212
|
}
|
|
2001
2213
|
}
|
|
2002
|
-
|
|
2214
|
+
logger9.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2003
2215
|
${JSON.stringify(response, null, 2)}`);
|
|
2004
2216
|
return {
|
|
2005
2217
|
...response,
|
|
@@ -2021,7 +2233,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2021
2233
|
} else if (!bearerToken) {
|
|
2022
2234
|
throw Error(`No bearer token present and refresh for defered endpoint not supported yet`);
|
|
2023
2235
|
}
|
|
2024
|
-
return await (0,
|
|
2236
|
+
return await (0, import_oid4vci_common16.acquireDeferredCredential)({
|
|
2025
2237
|
bearerToken,
|
|
2026
2238
|
transactionId,
|
|
2027
2239
|
deferredCredentialEndpoint,
|
|
@@ -2036,27 +2248,64 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2036
2248
|
return await this.createCredentialRequestImpl(opts);
|
|
2037
2249
|
}
|
|
2038
2250
|
async createCredentialRequestImpl(opts) {
|
|
2039
|
-
const { proofInput, credentialIdentifier
|
|
2251
|
+
const { proofInput, credentialIdentifier, credentialConfigurationId } = opts;
|
|
2040
2252
|
let proof = void 0;
|
|
2041
2253
|
if (proofInput) {
|
|
2042
2254
|
proof = await buildProof(proofInput, opts);
|
|
2043
2255
|
}
|
|
2044
|
-
if (
|
|
2045
|
-
|
|
2046
|
-
|
|
2047
|
-
|
|
2048
|
-
|
|
2049
|
-
|
|
2256
|
+
if (this.version() >= import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_15) {
|
|
2257
|
+
const authDetail = findAuthorizationDetail(this.credentialRequestOpts.authorizationDetails, credentialConfigurationId ?? credentialIdentifier);
|
|
2258
|
+
const issuer_state2 = this.credentialRequestOpts.issuerState;
|
|
2259
|
+
const commonBody = {
|
|
2260
|
+
...issuer_state2 && {
|
|
2261
|
+
issuer_state: issuer_state2
|
|
2262
|
+
},
|
|
2050
2263
|
...proof && {
|
|
2051
2264
|
proof
|
|
2052
|
-
}
|
|
2265
|
+
},
|
|
2266
|
+
...opts.subjectIssuance
|
|
2267
|
+
};
|
|
2268
|
+
const authDetailObj = authDetail && typeof authDetail === "object" ? authDetail : null;
|
|
2269
|
+
if (authDetailObj?.credential_identifier) {
|
|
2270
|
+
return {
|
|
2271
|
+
credential_identifier: authDetailObj.credential_identifier,
|
|
2272
|
+
...commonBody
|
|
2273
|
+
};
|
|
2274
|
+
}
|
|
2275
|
+
if (authDetailObj?.credential_identifiers && authDetailObj.credential_identifiers.length > 0) {
|
|
2276
|
+
return {
|
|
2277
|
+
credential_identifier: authDetailObj.credential_identifiers[0],
|
|
2278
|
+
...commonBody
|
|
2279
|
+
};
|
|
2280
|
+
}
|
|
2281
|
+
const configId = credentialConfigurationId ?? authDetailObj?.credential_configuration_id ?? this._credentialRequestOpts.credentialConfigurationId;
|
|
2282
|
+
if (configId) {
|
|
2283
|
+
return {
|
|
2284
|
+
credential_configuration_id: configId,
|
|
2285
|
+
...commonBody
|
|
2286
|
+
};
|
|
2287
|
+
}
|
|
2288
|
+
if (credentialIdentifier) {
|
|
2289
|
+
return {
|
|
2290
|
+
credential_identifier: credentialIdentifier,
|
|
2291
|
+
...commonBody
|
|
2292
|
+
};
|
|
2293
|
+
}
|
|
2294
|
+
return Promise.reject(Error("No credential_identifier or credential_configuration_id available for v1.0-15 request"));
|
|
2295
|
+
}
|
|
2296
|
+
if (credentialIdentifier) {
|
|
2297
|
+
const proof_obj = proof ? {
|
|
2298
|
+
proof
|
|
2299
|
+
} : {};
|
|
2300
|
+
return {
|
|
2301
|
+
credential_identifier: credentialIdentifier,
|
|
2302
|
+
...proof_obj
|
|
2053
2303
|
};
|
|
2054
2304
|
}
|
|
2055
2305
|
const formatSelection = opts.format ?? this.credentialRequestOpts.format;
|
|
2056
2306
|
if (!formatSelection) {
|
|
2057
2307
|
throw Error(`Format of credential to be issued is missing`);
|
|
2058
2308
|
}
|
|
2059
|
-
const format = (0, import_oid4vci_common15.getUniformFormat)(formatSelection);
|
|
2060
2309
|
const typesSelection = opts?.credentialTypes && (typeof opts.credentialTypes === "string" || opts.credentialTypes.length > 0) ? opts.credentialTypes : this.credentialRequestOpts.credentialTypes;
|
|
2061
2310
|
if (!typesSelection) {
|
|
2062
2311
|
throw Error(`Credential type(s) need to be provided`);
|
|
@@ -2068,12 +2317,15 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2068
2317
|
throw Error(`Credential type(s) need to be provided`);
|
|
2069
2318
|
}
|
|
2070
2319
|
const issuer_state = this.credentialRequestOpts.issuerState;
|
|
2071
|
-
if (
|
|
2320
|
+
if (formatSelection === "jwt_vc_json" || formatSelection === "ldp_vc") {
|
|
2072
2321
|
return {
|
|
2322
|
+
format: formatSelection,
|
|
2073
2323
|
credential_definition: {
|
|
2074
|
-
type: types
|
|
2324
|
+
type: types,
|
|
2325
|
+
...opts.context && {
|
|
2326
|
+
"@context": opts.context
|
|
2327
|
+
}
|
|
2075
2328
|
},
|
|
2076
|
-
format,
|
|
2077
2329
|
...issuer_state && {
|
|
2078
2330
|
issuer_state
|
|
2079
2331
|
},
|
|
@@ -2082,64 +2334,16 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2082
2334
|
},
|
|
2083
2335
|
...opts.subjectIssuance
|
|
2084
2336
|
};
|
|
2085
|
-
} else if (format === "jwt_vc_json-ld" || format === "ldp_vc") {
|
|
2086
|
-
if (this.version() >= import_oid4vci_common15.OpenId4VCIVersion.VER_1_0_12 && !opts.context) {
|
|
2087
|
-
throw Error("No @context value present, but it is required");
|
|
2088
|
-
}
|
|
2089
|
-
return {
|
|
2090
|
-
format,
|
|
2091
|
-
...issuer_state && {
|
|
2092
|
-
issuer_state
|
|
2093
|
-
},
|
|
2094
|
-
...proof && {
|
|
2095
|
-
proof
|
|
2096
|
-
},
|
|
2097
|
-
...opts.subjectIssuance,
|
|
2098
|
-
credential_definition: {
|
|
2099
|
-
type: types,
|
|
2100
|
-
"@context": opts.context
|
|
2101
|
-
}
|
|
2102
|
-
};
|
|
2103
|
-
} else if (format === "vc+sd-jwt") {
|
|
2104
|
-
if (types.length > 1) {
|
|
2105
|
-
throw Error(`Only a single credential type is supported for ${format}`);
|
|
2106
|
-
}
|
|
2107
|
-
return {
|
|
2108
|
-
format,
|
|
2109
|
-
...issuer_state && {
|
|
2110
|
-
issuer_state
|
|
2111
|
-
},
|
|
2112
|
-
...proof && {
|
|
2113
|
-
proof
|
|
2114
|
-
},
|
|
2115
|
-
vct: types[0],
|
|
2116
|
-
...opts.subjectIssuance
|
|
2117
|
-
};
|
|
2118
|
-
} else if (format === "mso_mdoc") {
|
|
2119
|
-
if (types.length > 1) {
|
|
2120
|
-
throw Error(`Only a single credential type is supported for ${format}`);
|
|
2121
|
-
}
|
|
2122
|
-
return {
|
|
2123
|
-
format,
|
|
2124
|
-
...issuer_state && {
|
|
2125
|
-
issuer_state
|
|
2126
|
-
},
|
|
2127
|
-
...proof && {
|
|
2128
|
-
proof
|
|
2129
|
-
},
|
|
2130
|
-
doctype: types[0],
|
|
2131
|
-
...opts.subjectIssuance
|
|
2132
|
-
};
|
|
2133
2337
|
}
|
|
2134
|
-
|
|
2338
|
+
return Promise.reject(Error(`Format ${formatSelection} is not supported in this protocol version`));
|
|
2135
2339
|
}
|
|
2136
2340
|
version() {
|
|
2137
|
-
return this.credentialRequestOpts?.version ??
|
|
2341
|
+
return this.credentialRequestOpts?.version ?? import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_13;
|
|
2138
2342
|
}
|
|
2139
2343
|
};
|
|
2140
2344
|
|
|
2141
2345
|
// lib/CredentialOfferClient.ts
|
|
2142
|
-
var
|
|
2346
|
+
var import_oid4vci_common17 = require("@sphereon/oid4vci-common");
|
|
2143
2347
|
var CredentialOfferClient = class {
|
|
2144
2348
|
static {
|
|
2145
2349
|
__name(this, "CredentialOfferClient");
|
|
@@ -2152,12 +2356,12 @@ var CredentialOfferClient = class {
|
|
|
2152
2356
|
}
|
|
2153
2357
|
const scheme = uri.split("://")[0];
|
|
2154
2358
|
const baseUrl = uri.split("?")[0];
|
|
2155
|
-
const version = (0,
|
|
2359
|
+
const version = (0, import_oid4vci_common17.determineSpecVersionFromURI)(uri);
|
|
2156
2360
|
LOG.log(`Offer URL determined to be of version ${version}`);
|
|
2157
2361
|
let credentialOffer;
|
|
2158
2362
|
let credentialOfferPayload;
|
|
2159
|
-
if (version <
|
|
2160
|
-
credentialOfferPayload = (0,
|
|
2363
|
+
if (version < import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11) {
|
|
2364
|
+
credentialOfferPayload = (0, import_oid4vci_common17.convertURIToJsonObject)(uri, {
|
|
2161
2365
|
arrayTypeProperties: [
|
|
2162
2366
|
"credential_type"
|
|
2163
2367
|
],
|
|
@@ -2175,7 +2379,7 @@ var CredentialOfferClient = class {
|
|
|
2175
2379
|
if (uri.includes("credential_offer_uri")) {
|
|
2176
2380
|
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2177
2381
|
} else {
|
|
2178
|
-
credentialOffer = (0,
|
|
2382
|
+
credentialOffer = (0, import_oid4vci_common17.convertURIToJsonObject)(uri, {
|
|
2179
2383
|
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2180
2384
|
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2181
2385
|
"credential_offer_uri="
|
|
@@ -2193,13 +2397,13 @@ var CredentialOfferClient = class {
|
|
|
2193
2397
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2194
2398
|
}
|
|
2195
2399
|
}
|
|
2196
|
-
const request = await (0,
|
|
2400
|
+
const request = await (0, import_oid4vci_common17.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2197
2401
|
...opts,
|
|
2198
2402
|
version
|
|
2199
2403
|
});
|
|
2200
2404
|
return {
|
|
2201
2405
|
...constructBaseResponse(request, scheme, baseUrl),
|
|
2202
|
-
userPinRequired: request.credential_offer?.grants?.[
|
|
2406
|
+
userPinRequired: request.credential_offer?.grants?.[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? !!request.credential_offer?.grants?.[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false
|
|
2203
2407
|
};
|
|
2204
2408
|
}
|
|
2205
2409
|
static toURI(requestWithBaseUrl, opts) {
|
|
@@ -2208,7 +2412,7 @@ var CredentialOfferClient = class {
|
|
|
2208
2412
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2209
2413
|
let param;
|
|
2210
2414
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2211
|
-
if (version.valueOf() >=
|
|
2415
|
+
if (version.valueOf() >= import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2212
2416
|
if (!baseUrl.includes("?")) {
|
|
2213
2417
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2214
2418
|
} else {
|
|
@@ -2223,14 +2427,14 @@ var CredentialOfferClient = class {
|
|
|
2223
2427
|
}
|
|
2224
2428
|
}
|
|
2225
2429
|
}
|
|
2226
|
-
return (0,
|
|
2430
|
+
return (0, import_oid4vci_common17.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2227
2431
|
baseUrl,
|
|
2228
2432
|
arrayTypeProperties: isUri ? [] : [
|
|
2229
2433
|
"credential_type"
|
|
2230
2434
|
],
|
|
2231
2435
|
uriTypeProperties: isUri ? [
|
|
2232
2436
|
"credential_offer_uri"
|
|
2233
|
-
] : version >=
|
|
2437
|
+
] : version >= import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_13 ? [
|
|
2234
2438
|
"credential_issuer",
|
|
2235
2439
|
"credential_type"
|
|
2236
2440
|
] : [
|
|
@@ -2244,26 +2448,26 @@ var CredentialOfferClient = class {
|
|
|
2244
2448
|
};
|
|
2245
2449
|
|
|
2246
2450
|
// lib/CredentialOfferClientV1_0_11.ts
|
|
2247
|
-
var
|
|
2248
|
-
var
|
|
2249
|
-
var
|
|
2451
|
+
var import_oid4vci_common18 = require("@sphereon/oid4vci-common");
|
|
2452
|
+
var import_ssi_types12 = require("@sphereon/ssi-types");
|
|
2453
|
+
var logger10 = import_ssi_types12.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2250
2454
|
var CredentialOfferClientV1_0_11 = class {
|
|
2251
2455
|
static {
|
|
2252
2456
|
__name(this, "CredentialOfferClientV1_0_11");
|
|
2253
2457
|
}
|
|
2254
2458
|
static async fromURI(uri, opts) {
|
|
2255
|
-
|
|
2459
|
+
logger10.debug(`Credential Offer URI: ${uri}`);
|
|
2256
2460
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2257
|
-
|
|
2461
|
+
logger10.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2258
2462
|
throw Error(`Invalid Credential Offer Request`);
|
|
2259
2463
|
}
|
|
2260
2464
|
const scheme = uri.split("://")[0];
|
|
2261
2465
|
const baseUrl = uri.split("?")[0];
|
|
2262
|
-
const version = (0,
|
|
2466
|
+
const version = (0, import_oid4vci_common18.determineSpecVersionFromURI)(uri);
|
|
2263
2467
|
let credentialOffer;
|
|
2264
2468
|
let credentialOfferPayload;
|
|
2265
|
-
if (version <
|
|
2266
|
-
credentialOfferPayload = (0,
|
|
2469
|
+
if (version < import_oid4vci_common18.OpenId4VCIVersion.VER_1_0_11) {
|
|
2470
|
+
credentialOfferPayload = (0, import_oid4vci_common18.convertURIToJsonObject)(uri, {
|
|
2267
2471
|
arrayTypeProperties: [
|
|
2268
2472
|
"credential_type"
|
|
2269
2473
|
],
|
|
@@ -2278,7 +2482,7 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2278
2482
|
credential_offer: credentialOfferPayload
|
|
2279
2483
|
};
|
|
2280
2484
|
} else {
|
|
2281
|
-
credentialOffer = (0,
|
|
2485
|
+
credentialOffer = (0, import_oid4vci_common18.convertURIToJsonObject)(uri, {
|
|
2282
2486
|
arrayTypeProperties: [
|
|
2283
2487
|
"credentials"
|
|
2284
2488
|
],
|
|
@@ -2292,11 +2496,11 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2292
2496
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2293
2497
|
}
|
|
2294
2498
|
}
|
|
2295
|
-
const request = await (0,
|
|
2499
|
+
const request = await (0, import_oid4vci_common18.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2296
2500
|
...opts,
|
|
2297
2501
|
version
|
|
2298
2502
|
});
|
|
2299
|
-
const clientId = (0,
|
|
2503
|
+
const clientId = (0, import_oid4vci_common18.getClientIdFromCredentialOfferPayload)(request.credential_offer);
|
|
2300
2504
|
const grants = request.credential_offer?.grants;
|
|
2301
2505
|
return {
|
|
2302
2506
|
scheme,
|
|
@@ -2308,19 +2512,19 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2308
2512
|
...grants?.authorization_code?.issuer_state && {
|
|
2309
2513
|
issuerState: grants.authorization_code.issuer_state
|
|
2310
2514
|
},
|
|
2311
|
-
...grants?.[
|
|
2312
|
-
preAuthorizedCode: grants[
|
|
2515
|
+
...grants?.[import_oid4vci_common18.PRE_AUTH_GRANT_LITERAL]?.[import_oid4vci_common18.PRE_AUTH_CODE_LITERAL] && {
|
|
2516
|
+
preAuthorizedCode: grants[import_oid4vci_common18.PRE_AUTH_GRANT_LITERAL][import_oid4vci_common18.PRE_AUTH_CODE_LITERAL]
|
|
2313
2517
|
},
|
|
2314
|
-
userPinRequired: !!(request.credential_offer?.grants?.[
|
|
2518
|
+
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common18.PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? false)
|
|
2315
2519
|
};
|
|
2316
2520
|
}
|
|
2317
2521
|
static toURI(requestWithBaseUrl, opts) {
|
|
2318
|
-
|
|
2522
|
+
logger10.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2319
2523
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2320
2524
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2321
2525
|
let param;
|
|
2322
2526
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2323
|
-
if (version.valueOf() >=
|
|
2527
|
+
if (version.valueOf() >= import_oid4vci_common18.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2324
2528
|
if (!baseUrl.includes("?")) {
|
|
2325
2529
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2326
2530
|
} else {
|
|
@@ -2335,14 +2539,14 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2335
2539
|
}
|
|
2336
2540
|
}
|
|
2337
2541
|
}
|
|
2338
|
-
return (0,
|
|
2542
|
+
return (0, import_oid4vci_common18.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2339
2543
|
baseUrl,
|
|
2340
2544
|
arrayTypeProperties: isUri ? [] : [
|
|
2341
2545
|
"credential_type"
|
|
2342
2546
|
],
|
|
2343
2547
|
uriTypeProperties: isUri ? [
|
|
2344
2548
|
"credential_offer_uri"
|
|
2345
|
-
] : version >=
|
|
2549
|
+
] : version >= import_oid4vci_common18.OpenId4VCIVersion.VER_1_0_11 ? [
|
|
2346
2550
|
"credential_issuer",
|
|
2347
2551
|
"credential_type"
|
|
2348
2552
|
] : [
|
|
@@ -2356,27 +2560,27 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2356
2560
|
};
|
|
2357
2561
|
|
|
2358
2562
|
// lib/CredentialOfferClientV1_0_13.ts
|
|
2359
|
-
var
|
|
2360
|
-
var
|
|
2361
|
-
var
|
|
2563
|
+
var import_oid4vci_common19 = require("@sphereon/oid4vci-common");
|
|
2564
|
+
var import_ssi_types13 = require("@sphereon/ssi-types");
|
|
2565
|
+
var logger11 = import_ssi_types13.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2362
2566
|
var CredentialOfferClientV1_0_13 = class {
|
|
2363
2567
|
static {
|
|
2364
2568
|
__name(this, "CredentialOfferClientV1_0_13");
|
|
2365
2569
|
}
|
|
2366
2570
|
static async fromURI(uri, opts) {
|
|
2367
|
-
|
|
2571
|
+
logger11.debug(`Credential Offer URI: ${uri}`);
|
|
2368
2572
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2369
|
-
|
|
2573
|
+
logger11.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2370
2574
|
throw Error(`Invalid Credential Offer Request`);
|
|
2371
2575
|
}
|
|
2372
2576
|
const scheme = uri.split("://")[0];
|
|
2373
2577
|
const baseUrl = uri.split("?")[0];
|
|
2374
|
-
const version = (0,
|
|
2578
|
+
const version = (0, import_oid4vci_common19.determineSpecVersionFromURI)(uri);
|
|
2375
2579
|
let credentialOffer;
|
|
2376
2580
|
if (uri.includes("credential_offer_uri")) {
|
|
2377
2581
|
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2378
2582
|
} else {
|
|
2379
|
-
credentialOffer = (0,
|
|
2583
|
+
credentialOffer = (0, import_oid4vci_common19.convertURIToJsonObject)(uri, {
|
|
2380
2584
|
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2381
2585
|
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2382
2586
|
"credential_configuration_ids",
|
|
@@ -2395,22 +2599,22 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2395
2599
|
if (credentialOffer?.credential_offer_uri === void 0 && !credentialOffer?.credential_offer) {
|
|
2396
2600
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2397
2601
|
}
|
|
2398
|
-
const request = await (0,
|
|
2602
|
+
const request = await (0, import_oid4vci_common19.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2399
2603
|
...opts,
|
|
2400
2604
|
version
|
|
2401
2605
|
});
|
|
2402
2606
|
return {
|
|
2403
2607
|
...constructBaseResponse(request, scheme, baseUrl),
|
|
2404
|
-
userPinRequired: !!(request.credential_offer?.grants?.[
|
|
2608
|
+
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common19.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false)
|
|
2405
2609
|
};
|
|
2406
2610
|
}
|
|
2407
2611
|
static toURI(requestWithBaseUrl, opts) {
|
|
2408
|
-
|
|
2612
|
+
logger11.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2409
2613
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2410
2614
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2411
2615
|
let param;
|
|
2412
2616
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2413
|
-
if (version.valueOf() >=
|
|
2617
|
+
if (version.valueOf() >= import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2414
2618
|
if (!baseUrl.includes("?")) {
|
|
2415
2619
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2416
2620
|
} else {
|
|
@@ -2425,14 +2629,14 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2425
2629
|
}
|
|
2426
2630
|
}
|
|
2427
2631
|
}
|
|
2428
|
-
return (0,
|
|
2632
|
+
return (0, import_oid4vci_common19.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2429
2633
|
baseUrl,
|
|
2430
2634
|
arrayTypeProperties: isUri ? [] : [
|
|
2431
2635
|
"credential_type"
|
|
2432
2636
|
],
|
|
2433
2637
|
uriTypeProperties: isUri ? [
|
|
2434
2638
|
"credential_offer_uri"
|
|
2435
|
-
] : version >=
|
|
2639
|
+
] : version >= import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_13 ? [
|
|
2436
2640
|
"credential_issuer",
|
|
2437
2641
|
"credential_type"
|
|
2438
2642
|
] : [
|
|
@@ -2445,11 +2649,101 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2445
2649
|
}
|
|
2446
2650
|
};
|
|
2447
2651
|
|
|
2652
|
+
// lib/CredentialOfferClientV1_0_15.ts
|
|
2653
|
+
var import_oid4vci_common20 = require("@sphereon/oid4vci-common");
|
|
2654
|
+
var import_ssi_types14 = require("@sphereon/ssi-types");
|
|
2655
|
+
var logger12 = import_ssi_types14.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2656
|
+
var CredentialOfferClientV1_0_15 = class {
|
|
2657
|
+
static {
|
|
2658
|
+
__name(this, "CredentialOfferClientV1_0_15");
|
|
2659
|
+
}
|
|
2660
|
+
static async fromURI(uri, opts) {
|
|
2661
|
+
logger12.debug(`Credential Offer URI: ${uri}`);
|
|
2662
|
+
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2663
|
+
logger12.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2664
|
+
return Promise.reject(Error(`Invalid Credential Offer Request`));
|
|
2665
|
+
}
|
|
2666
|
+
const scheme = uri.split("://")[0];
|
|
2667
|
+
const baseUrl = uri.split("?")[0];
|
|
2668
|
+
const version = (0, import_oid4vci_common20.determineSpecVersionFromURI)(uri);
|
|
2669
|
+
let credentialOffer;
|
|
2670
|
+
if (uri.includes("credential_offer_uri")) {
|
|
2671
|
+
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2672
|
+
} else {
|
|
2673
|
+
credentialOffer = (0, import_oid4vci_common20.convertURIToJsonObject)(uri, {
|
|
2674
|
+
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2675
|
+
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2676
|
+
"credential_configuration_ids",
|
|
2677
|
+
"credential_offer_uri="
|
|
2678
|
+
] : [
|
|
2679
|
+
"credential_configuration_ids",
|
|
2680
|
+
"credential_offer="
|
|
2681
|
+
],
|
|
2682
|
+
requiredProperties: uri.includes("credential_offer_uri=") ? [
|
|
2683
|
+
"credential_offer_uri="
|
|
2684
|
+
] : [
|
|
2685
|
+
"credential_offer="
|
|
2686
|
+
]
|
|
2687
|
+
});
|
|
2688
|
+
}
|
|
2689
|
+
if (credentialOffer?.credential_offer_uri === void 0 && !credentialOffer?.credential_offer) {
|
|
2690
|
+
return Promise.reject(Error("Either a credential_offer or credential_offer_uri should be present in " + uri));
|
|
2691
|
+
}
|
|
2692
|
+
const request = await (0, import_oid4vci_common20.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2693
|
+
...opts,
|
|
2694
|
+
version
|
|
2695
|
+
});
|
|
2696
|
+
return {
|
|
2697
|
+
...constructBaseResponse(request, scheme, baseUrl),
|
|
2698
|
+
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common20.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false)
|
|
2699
|
+
};
|
|
2700
|
+
}
|
|
2701
|
+
static toURI(requestWithBaseUrl, opts) {
|
|
2702
|
+
logger12.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2703
|
+
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2704
|
+
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2705
|
+
let param;
|
|
2706
|
+
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2707
|
+
if (version.valueOf() >= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2708
|
+
if (!baseUrl.includes("?")) {
|
|
2709
|
+
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2710
|
+
} else {
|
|
2711
|
+
const split = baseUrl.split("?");
|
|
2712
|
+
if (split.length > 1 && split[1] !== "") {
|
|
2713
|
+
if (baseUrl.endsWith("&")) {
|
|
2714
|
+
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2715
|
+
} else if (!baseUrl.endsWith("=")) {
|
|
2716
|
+
baseUrl += `&`;
|
|
2717
|
+
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2718
|
+
}
|
|
2719
|
+
}
|
|
2720
|
+
}
|
|
2721
|
+
}
|
|
2722
|
+
return (0, import_oid4vci_common20.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2723
|
+
baseUrl,
|
|
2724
|
+
arrayTypeProperties: isUri ? [] : [
|
|
2725
|
+
"credential_configuration_ids"
|
|
2726
|
+
],
|
|
2727
|
+
uriTypeProperties: isUri ? [
|
|
2728
|
+
"credential_offer_uri"
|
|
2729
|
+
] : version >= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_15 ? [
|
|
2730
|
+
"credential_issuer",
|
|
2731
|
+
"credential_configuration_ids"
|
|
2732
|
+
] : [
|
|
2733
|
+
"issuer",
|
|
2734
|
+
"credential_type"
|
|
2735
|
+
],
|
|
2736
|
+
param,
|
|
2737
|
+
version
|
|
2738
|
+
});
|
|
2739
|
+
}
|
|
2740
|
+
};
|
|
2741
|
+
|
|
2448
2742
|
// lib/CredentialRequestClientV1_0_11.ts
|
|
2449
2743
|
var import_oid4vc_common6 = require("@sphereon/oid4vc-common");
|
|
2450
|
-
var
|
|
2451
|
-
var
|
|
2452
|
-
var
|
|
2744
|
+
var import_oid4vci_common21 = require("@sphereon/oid4vci-common");
|
|
2745
|
+
var import_ssi_types15 = require("@sphereon/ssi-types");
|
|
2746
|
+
var logger13 = import_ssi_types15.Loggers.DEFAULT.get("sphereon:oid4vci:credential");
|
|
2453
2747
|
var CredentialRequestClientV1_0_11 = class {
|
|
2454
2748
|
static {
|
|
2455
2749
|
__name(this, "CredentialRequestClientV1_0_11");
|
|
@@ -2485,20 +2779,24 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2485
2779
|
return await this.acquireCredentialsUsingRequest(request, opts.createDPoPOpts);
|
|
2486
2780
|
}
|
|
2487
2781
|
async acquireCredentialsUsingRequest(uniformRequest, createDPoPOpts) {
|
|
2488
|
-
const
|
|
2782
|
+
const uniformRequestV11 = uniformRequest;
|
|
2783
|
+
if (!uniformRequestV11.format) {
|
|
2784
|
+
return Promise.reject(Error("format is missing from the (legacy v11) credential request"));
|
|
2785
|
+
}
|
|
2786
|
+
const request = (0, import_oid4vci_common21.getCredentialRequestForVersion)(uniformRequest, uniformRequestV11.format, this.version());
|
|
2489
2787
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
2490
|
-
if (!(0,
|
|
2491
|
-
|
|
2492
|
-
throw new Error(
|
|
2788
|
+
if (!(0, import_oid4vci_common21.isValidURL)(credentialEndpoint)) {
|
|
2789
|
+
logger13.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
2790
|
+
throw new Error(import_oid4vci_common21.URL_NOT_VALID);
|
|
2493
2791
|
}
|
|
2494
|
-
|
|
2495
|
-
|
|
2792
|
+
logger13.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
2793
|
+
logger13.debug(`request
|
|
2496
2794
|
: ${JSON.stringify(request, null, 2)}`);
|
|
2497
2795
|
const requestToken = this.credentialRequestOpts.token;
|
|
2498
2796
|
let dPoP = createDPoPOpts ? await (0, import_oid4vc_common6.createDPoP)((0, import_oid4vc_common6.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2499
2797
|
accessToken: requestToken
|
|
2500
2798
|
})) : void 0;
|
|
2501
|
-
let response = await (0,
|
|
2799
|
+
let response = await (0, import_oid4vci_common21.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2502
2800
|
bearerToken: requestToken,
|
|
2503
2801
|
customHeaders: {
|
|
2504
2802
|
...createDPoPOpts && {
|
|
@@ -2513,7 +2811,7 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2513
2811
|
dPoP = await (0, import_oid4vc_common6.createDPoP)((0, import_oid4vc_common6.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2514
2812
|
accessToken: requestToken
|
|
2515
2813
|
}));
|
|
2516
|
-
response = await (0,
|
|
2814
|
+
response = await (0, import_oid4vci_common21.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2517
2815
|
bearerToken: requestToken,
|
|
2518
2816
|
customHeaders: {
|
|
2519
2817
|
...createDPoPOpts && {
|
|
@@ -2524,14 +2822,14 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2524
2822
|
const successDPoPNonce = response.origResponse.headers.get("DPoP-Nonce");
|
|
2525
2823
|
nextDPoPNonce = successDPoPNonce ?? retryWithNonce.dpopNonce;
|
|
2526
2824
|
}
|
|
2527
|
-
this._isDeferred = (0,
|
|
2825
|
+
this._isDeferred = (0, import_oid4vci_common21.isDeferredCredentialResponse)(response);
|
|
2528
2826
|
if (this.isDeferred() && this.credentialRequestOpts.deferredCredentialAwait && response.successBody) {
|
|
2529
2827
|
response = await this.acquireDeferredCredential(response.successBody, {
|
|
2530
2828
|
bearerToken: this.credentialRequestOpts.token
|
|
2531
2829
|
});
|
|
2532
2830
|
}
|
|
2533
2831
|
response.access_token = requestToken;
|
|
2534
|
-
|
|
2832
|
+
logger13.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2535
2833
|
${JSON.stringify(response, null, 2)}`);
|
|
2536
2834
|
return {
|
|
2537
2835
|
...response,
|
|
@@ -2553,7 +2851,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2553
2851
|
} else if (!bearerToken) {
|
|
2554
2852
|
throw Error(`No bearer token present and refresh for defered endpoint not supported yet`);
|
|
2555
2853
|
}
|
|
2556
|
-
return await (0,
|
|
2854
|
+
return await (0, import_oid4vci_common21.acquireDeferredCredential)({
|
|
2557
2855
|
bearerToken,
|
|
2558
2856
|
transactionId,
|
|
2559
2857
|
deferredCredentialEndpoint,
|
|
@@ -2567,7 +2865,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2567
2865
|
if (!formatSelection) {
|
|
2568
2866
|
throw Error(`Format of credential to be issued is missing`);
|
|
2569
2867
|
}
|
|
2570
|
-
const format = (0,
|
|
2868
|
+
const format = (0, import_oid4vci_common21.getUniformFormat)(formatSelection);
|
|
2571
2869
|
const typesSelection = opts?.credentialTypes && (typeof opts.credentialTypes === "string" || opts.credentialTypes.length > 0) ? opts.credentialTypes : this.credentialRequestOpts.credentialTypes;
|
|
2572
2870
|
const types = Array.isArray(typesSelection) ? typesSelection : [
|
|
2573
2871
|
typesSelection
|
|
@@ -2585,7 +2883,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2585
2883
|
proof
|
|
2586
2884
|
};
|
|
2587
2885
|
} else if (format === "jwt_vc_json-ld" || format === "ldp_vc") {
|
|
2588
|
-
if (this.version() >=
|
|
2886
|
+
if (this.version() >= import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_12 && !opts.context) {
|
|
2589
2887
|
throw Error("No @context value present, but it is required");
|
|
2590
2888
|
}
|
|
2591
2889
|
return {
|
|
@@ -2623,18 +2921,18 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2623
2921
|
throw new Error(`Unsupported format: ${format}`);
|
|
2624
2922
|
}
|
|
2625
2923
|
version() {
|
|
2626
|
-
return this.credentialRequestOpts?.version ??
|
|
2924
|
+
return this.credentialRequestOpts?.version ?? import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_11;
|
|
2627
2925
|
}
|
|
2628
2926
|
isV11OrHigher() {
|
|
2629
|
-
return this.version() >=
|
|
2927
|
+
return this.version() >= import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_11;
|
|
2630
2928
|
}
|
|
2631
2929
|
};
|
|
2632
2930
|
|
|
2633
2931
|
// lib/CredentialRequestClientBuilder.ts
|
|
2634
|
-
var
|
|
2932
|
+
var import_oid4vci_common25 = require("@sphereon/oid4vci-common");
|
|
2635
2933
|
|
|
2636
2934
|
// lib/CredentialRequestClientBuilderV1_0_11.ts
|
|
2637
|
-
var
|
|
2935
|
+
var import_oid4vci_common22 = require("@sphereon/oid4vci-common");
|
|
2638
2936
|
var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilderV1_0_11 {
|
|
2639
2937
|
static {
|
|
2640
2938
|
__name(this, "CredentialRequestClientBuilderV1_0_11");
|
|
@@ -2652,7 +2950,7 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
2652
2950
|
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialTypes }) {
|
|
2653
2951
|
const issuer = credentialIssuer;
|
|
2654
2952
|
const builder = new _CredentialRequestClientBuilderV1_0_11();
|
|
2655
|
-
builder.withVersion(version ??
|
|
2953
|
+
builder.withVersion(version ?? import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_11);
|
|
2656
2954
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
2657
2955
|
if (metadata?.deferred_credential_endpoint) {
|
|
2658
2956
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
@@ -2671,18 +2969,18 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
2671
2969
|
}
|
|
2672
2970
|
static fromCredentialOfferRequest(opts) {
|
|
2673
2971
|
const { request, metadata } = opts;
|
|
2674
|
-
const version = opts.version ?? request.version ?? (0,
|
|
2972
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common22.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
2675
2973
|
const builder = new _CredentialRequestClientBuilderV1_0_11();
|
|
2676
|
-
const issuer = (0,
|
|
2974
|
+
const issuer = (0, import_oid4vci_common22.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
2677
2975
|
builder.withVersion(version);
|
|
2678
2976
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
2679
2977
|
if (metadata?.deferred_credential_endpoint) {
|
|
2680
2978
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
2681
2979
|
}
|
|
2682
|
-
if (version <=
|
|
2980
|
+
if (version <= import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_08) {
|
|
2683
2981
|
builder.withCredentialType(request.original_credential_offer.credential_type);
|
|
2684
|
-
} else if (version <=
|
|
2685
|
-
builder.withCredentialType((0,
|
|
2982
|
+
} else if (version <= import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_11) {
|
|
2983
|
+
builder.withCredentialType((0, import_oid4vci_common22.getTypesFromOfferV1_0_11)(request.credential_offer));
|
|
2686
2984
|
}
|
|
2687
2985
|
return builder;
|
|
2688
2986
|
}
|
|
@@ -2746,14 +3044,14 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
2746
3044
|
}
|
|
2747
3045
|
build() {
|
|
2748
3046
|
if (!this.version) {
|
|
2749
|
-
this.withVersion(
|
|
3047
|
+
this.withVersion(import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_11);
|
|
2750
3048
|
}
|
|
2751
3049
|
return new CredentialRequestClientV1_0_11(this);
|
|
2752
3050
|
}
|
|
2753
3051
|
};
|
|
2754
3052
|
|
|
2755
3053
|
// lib/CredentialRequestClientBuilderV1_0_13.ts
|
|
2756
|
-
var
|
|
3054
|
+
var import_oid4vci_common23 = require("@sphereon/oid4vci-common");
|
|
2757
3055
|
var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilderV1_0_13 {
|
|
2758
3056
|
static {
|
|
2759
3057
|
__name(this, "CredentialRequestClientBuilderV1_0_13");
|
|
@@ -2772,7 +3070,7 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
2772
3070
|
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
2773
3071
|
const issuer = credentialIssuer;
|
|
2774
3072
|
const builder = new _CredentialRequestClientBuilderV1_0_13();
|
|
2775
|
-
builder.withVersion(version ??
|
|
3073
|
+
builder.withVersion(version ?? import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13);
|
|
2776
3074
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
2777
3075
|
if (metadata?.deferred_credential_endpoint) {
|
|
2778
3076
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
@@ -2796,12 +3094,12 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
2796
3094
|
}
|
|
2797
3095
|
static fromCredentialOfferRequest(opts) {
|
|
2798
3096
|
const { request, metadata } = opts;
|
|
2799
|
-
const version = opts.version ?? request.version ?? (0,
|
|
2800
|
-
if (version <
|
|
3097
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common23.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
3098
|
+
if (version < import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13) {
|
|
2801
3099
|
throw new Error("Versions below v1.0.13 (draft 13) are not supported.");
|
|
2802
3100
|
}
|
|
2803
3101
|
const builder = new _CredentialRequestClientBuilderV1_0_13();
|
|
2804
|
-
const issuer = (0,
|
|
3102
|
+
const issuer = (0, import_oid4vci_common23.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
2805
3103
|
builder.withVersion(version);
|
|
2806
3104
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
2807
3105
|
if (metadata?.deferred_credential_endpoint) {
|
|
@@ -2878,52 +3176,56 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
2878
3176
|
}
|
|
2879
3177
|
build() {
|
|
2880
3178
|
if (!this.version) {
|
|
2881
|
-
this.withVersion(
|
|
3179
|
+
this.withVersion(import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_11);
|
|
2882
3180
|
}
|
|
2883
3181
|
return new CredentialRequestClient(this);
|
|
2884
3182
|
}
|
|
2885
3183
|
};
|
|
2886
3184
|
|
|
2887
|
-
// lib/
|
|
2888
|
-
|
|
2889
|
-
|
|
2890
|
-
}
|
|
2891
|
-
__name(isV1_0_13, "isV1_0_13");
|
|
2892
|
-
var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
3185
|
+
// lib/CredentialRequestClientBuilderV1_0_15.ts
|
|
3186
|
+
var import_oid4vci_common24 = require("@sphereon/oid4vci-common");
|
|
3187
|
+
var CredentialRequestClientBuilderV1_0_15 = class _CredentialRequestClientBuilderV1_0_15 {
|
|
2893
3188
|
static {
|
|
2894
|
-
__name(this, "
|
|
2895
|
-
}
|
|
2896
|
-
_builder;
|
|
2897
|
-
constructor(builder) {
|
|
2898
|
-
this._builder = builder;
|
|
3189
|
+
__name(this, "CredentialRequestClientBuilderV1_0_15");
|
|
2899
3190
|
}
|
|
2900
|
-
|
|
2901
|
-
|
|
2902
|
-
|
|
2903
|
-
|
|
2904
|
-
|
|
2905
|
-
|
|
2906
|
-
|
|
2907
|
-
|
|
2908
|
-
|
|
2909
|
-
|
|
2910
|
-
|
|
2911
|
-
|
|
2912
|
-
|
|
2913
|
-
|
|
2914
|
-
|
|
2915
|
-
|
|
2916
|
-
|
|
2917
|
-
|
|
2918
|
-
|
|
2919
|
-
|
|
2920
|
-
});
|
|
3191
|
+
credentialEndpoint;
|
|
3192
|
+
deferredCredentialEndpoint;
|
|
3193
|
+
nonceEndpoint;
|
|
3194
|
+
deferredCredentialAwait = false;
|
|
3195
|
+
deferredCredentialIntervalInMS = 5e3;
|
|
3196
|
+
credentialIdentifier;
|
|
3197
|
+
credentialConfigurationId;
|
|
3198
|
+
credentialTypes = [];
|
|
3199
|
+
token;
|
|
3200
|
+
version;
|
|
3201
|
+
subjectIssuance;
|
|
3202
|
+
issuerState;
|
|
3203
|
+
// Note: format removed from v15 - credential requests no longer include format parameter
|
|
3204
|
+
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialConfigurationId, credentialTypes }) {
|
|
3205
|
+
const issuer = credentialIssuer;
|
|
3206
|
+
const builder = new _CredentialRequestClientBuilderV1_0_15();
|
|
3207
|
+
builder.withVersion(version ?? import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_15);
|
|
3208
|
+
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3209
|
+
if (metadata?.deferred_credential_endpoint) {
|
|
3210
|
+
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
2921
3211
|
}
|
|
2922
|
-
|
|
3212
|
+
if (metadata?.credentialIssuerMetadata?.nonce_endpoint) {
|
|
3213
|
+
builder.withNonceEndpoint(metadata.credentialIssuerMetadata?.nonce_endpoint);
|
|
3214
|
+
}
|
|
3215
|
+
if (credentialIdentifier) {
|
|
3216
|
+
builder.withCredentialIdentifier(credentialIdentifier);
|
|
3217
|
+
}
|
|
3218
|
+
if (credentialConfigurationId) {
|
|
3219
|
+
builder.withCredentialConfigurationId(credentialConfigurationId);
|
|
3220
|
+
}
|
|
3221
|
+
if (credentialTypes) {
|
|
3222
|
+
builder.withCredentialType(credentialTypes);
|
|
3223
|
+
}
|
|
3224
|
+
return builder;
|
|
2923
3225
|
}
|
|
2924
3226
|
static async fromURI({ uri, metadata }) {
|
|
2925
3227
|
const offer = await CredentialOfferClient.fromURI(uri);
|
|
2926
|
-
return
|
|
3228
|
+
return _CredentialRequestClientBuilderV1_0_15.fromCredentialOfferRequest({
|
|
2927
3229
|
request: offer,
|
|
2928
3230
|
...offer,
|
|
2929
3231
|
metadata,
|
|
@@ -2931,115 +3233,840 @@ var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
|
2931
3233
|
});
|
|
2932
3234
|
}
|
|
2933
3235
|
static fromCredentialOfferRequest(opts) {
|
|
2934
|
-
const { request } = opts;
|
|
2935
|
-
const version = opts.version ?? request.version ?? (0,
|
|
2936
|
-
|
|
2937
|
-
|
|
2938
|
-
|
|
2939
|
-
|
|
2940
|
-
|
|
3236
|
+
const { request, metadata } = opts;
|
|
3237
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common24.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
3238
|
+
if (version < import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_15) {
|
|
3239
|
+
throw new Error("Versions below v1.0.15 (draft 15) are not supported.");
|
|
3240
|
+
}
|
|
3241
|
+
const builder = new _CredentialRequestClientBuilderV1_0_15();
|
|
3242
|
+
const issuer = (0, import_oid4vci_common24.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? (metadata ? metadata.issuer : void 0);
|
|
3243
|
+
if (!issuer && !metadata?.credential_endpoint) {
|
|
3244
|
+
throw Error(`Issuer could not be determined`);
|
|
3245
|
+
}
|
|
3246
|
+
builder.withVersion(version);
|
|
3247
|
+
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3248
|
+
if (metadata?.deferred_credential_endpoint) {
|
|
3249
|
+
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
3250
|
+
}
|
|
3251
|
+
if (metadata?.credentialIssuerMetadata?.nonce_endpoint) {
|
|
3252
|
+
builder.withNonceEndpoint(metadata.credentialIssuerMetadata.nonce_endpoint);
|
|
3253
|
+
}
|
|
3254
|
+
const ids = request.credential_offer.credential_configuration_ids;
|
|
3255
|
+
if (ids.length && ids.length === 1) {
|
|
3256
|
+
builder.withCredentialConfigurationId(ids[0]);
|
|
3257
|
+
}
|
|
3258
|
+
return builder;
|
|
3259
|
+
}
|
|
3260
|
+
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
3261
|
+
const builder = _CredentialRequestClientBuilderV1_0_15.fromCredentialOfferRequest({
|
|
3262
|
+
request: credentialOffer,
|
|
3263
|
+
metadata,
|
|
3264
|
+
version: credentialOffer.version
|
|
3265
|
+
});
|
|
3266
|
+
return builder;
|
|
3267
|
+
}
|
|
3268
|
+
withCredentialEndpointFromMetadata(metadata) {
|
|
3269
|
+
this.credentialEndpoint = metadata.credential_endpoint;
|
|
3270
|
+
return this;
|
|
3271
|
+
}
|
|
3272
|
+
withCredentialEndpoint(credentialEndpoint) {
|
|
3273
|
+
this.credentialEndpoint = credentialEndpoint;
|
|
3274
|
+
return this;
|
|
3275
|
+
}
|
|
3276
|
+
withIssuerState(issuerState) {
|
|
3277
|
+
this.issuerState = issuerState;
|
|
3278
|
+
return this;
|
|
3279
|
+
}
|
|
3280
|
+
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
3281
|
+
this.deferredCredentialEndpoint = metadata.deferred_credential_endpoint;
|
|
3282
|
+
return this;
|
|
3283
|
+
}
|
|
3284
|
+
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
3285
|
+
this.deferredCredentialEndpoint = deferredCredentialEndpoint;
|
|
3286
|
+
return this;
|
|
3287
|
+
}
|
|
3288
|
+
// New in v15: Support for nonce endpoint
|
|
3289
|
+
withNonceEndpointFromMetadata(metadata) {
|
|
3290
|
+
this.nonceEndpoint = metadata.nonce_endpoint;
|
|
3291
|
+
return this;
|
|
3292
|
+
}
|
|
3293
|
+
withNonceEndpoint(nonceEndpoint) {
|
|
3294
|
+
this.nonceEndpoint = nonceEndpoint;
|
|
3295
|
+
return this;
|
|
3296
|
+
}
|
|
3297
|
+
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
3298
|
+
this.deferredCredentialAwait = deferredCredentialAwait;
|
|
3299
|
+
this.deferredCredentialIntervalInMS = deferredCredentialIntervalInMS ?? 5e3;
|
|
3300
|
+
return this;
|
|
3301
|
+
}
|
|
3302
|
+
// New in v15: Support for credential_identifier (used when authorization_details with credential_identifiers was used)
|
|
3303
|
+
withCredentialIdentifier(credentialIdentifier) {
|
|
3304
|
+
this.credentialIdentifier = credentialIdentifier;
|
|
3305
|
+
return this;
|
|
3306
|
+
}
|
|
3307
|
+
// New in v15: Support for credential_configuration_id (used when scope was used and no credential_identifiers returned)
|
|
3308
|
+
withCredentialConfigurationId(credentialConfigurationId) {
|
|
3309
|
+
this.credentialConfigurationId = credentialConfigurationId;
|
|
3310
|
+
return this;
|
|
3311
|
+
}
|
|
3312
|
+
// Legacy support for credential types (may be used internally to map to configuration IDs)
|
|
3313
|
+
withCredentialType(credentialTypes) {
|
|
3314
|
+
this.credentialTypes = Array.isArray(credentialTypes) ? credentialTypes : [
|
|
3315
|
+
credentialTypes
|
|
3316
|
+
];
|
|
3317
|
+
return this;
|
|
3318
|
+
}
|
|
3319
|
+
// Note: withFormat() method removed in v15 - format is no longer part of credential requests
|
|
3320
|
+
withSubjectIssuance(subjectIssuance) {
|
|
3321
|
+
this.subjectIssuance = subjectIssuance;
|
|
3322
|
+
return this;
|
|
3323
|
+
}
|
|
3324
|
+
withToken(accessToken) {
|
|
3325
|
+
this.token = accessToken;
|
|
3326
|
+
return this;
|
|
3327
|
+
}
|
|
3328
|
+
withTokenFromResponse(response) {
|
|
3329
|
+
this.token = response.access_token;
|
|
3330
|
+
return this;
|
|
3331
|
+
}
|
|
3332
|
+
withVersion(version) {
|
|
3333
|
+
this.version = version;
|
|
3334
|
+
return this;
|
|
3335
|
+
}
|
|
3336
|
+
build() {
|
|
3337
|
+
if (!this.version) {
|
|
3338
|
+
this.withVersion(import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_15);
|
|
3339
|
+
}
|
|
3340
|
+
return new CredentialRequestClient(this);
|
|
3341
|
+
}
|
|
3342
|
+
};
|
|
3343
|
+
|
|
3344
|
+
// lib/CredentialRequestClientBuilder.ts
|
|
3345
|
+
function isV1_0_13(builder) {
|
|
3346
|
+
return builder.withCredentialIdentifier !== void 0;
|
|
3347
|
+
}
|
|
3348
|
+
__name(isV1_0_13, "isV1_0_13");
|
|
3349
|
+
function isV1_0_15(builder) {
|
|
3350
|
+
return builder.withCredentialIdentifier !== void 0;
|
|
3351
|
+
}
|
|
3352
|
+
__name(isV1_0_15, "isV1_0_15");
|
|
3353
|
+
var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
3354
|
+
static {
|
|
3355
|
+
__name(this, "CredentialRequestClientBuilder");
|
|
3356
|
+
}
|
|
3357
|
+
_builder;
|
|
3358
|
+
constructor(builder) {
|
|
3359
|
+
this._builder = builder;
|
|
3360
|
+
}
|
|
3361
|
+
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
3362
|
+
const specVersion = version ?? import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_15;
|
|
3363
|
+
let builder;
|
|
3364
|
+
const metadataV15 = metadata;
|
|
3365
|
+
if (specVersion >= import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_15) {
|
|
3366
|
+
builder = CredentialRequestClientBuilderV1_0_15.fromCredentialIssuer({
|
|
3367
|
+
credentialIssuer,
|
|
3368
|
+
metadata: metadataV15,
|
|
3369
|
+
version,
|
|
3370
|
+
credentialIdentifier,
|
|
3371
|
+
credentialTypes
|
|
3372
|
+
});
|
|
3373
|
+
} else if (specVersion >= import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3374
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialIssuer({
|
|
3375
|
+
credentialIssuer,
|
|
3376
|
+
metadata,
|
|
3377
|
+
version,
|
|
3378
|
+
credentialIdentifier,
|
|
3379
|
+
credentialTypes
|
|
3380
|
+
});
|
|
3381
|
+
} else {
|
|
3382
|
+
if (!credentialTypes || credentialTypes.length === 0) {
|
|
3383
|
+
throw new Error("CredentialTypes must be provided for v1_0_11");
|
|
3384
|
+
}
|
|
3385
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialIssuer({
|
|
3386
|
+
credentialIssuer,
|
|
3387
|
+
metadata,
|
|
3388
|
+
version,
|
|
3389
|
+
credentialTypes
|
|
3390
|
+
});
|
|
3391
|
+
}
|
|
3392
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3393
|
+
}
|
|
3394
|
+
static async fromURI({ uri, metadata }) {
|
|
3395
|
+
const offer = await CredentialOfferClient.fromURI(uri);
|
|
3396
|
+
return _CredentialRequestClientBuilder.fromCredentialOfferRequest({
|
|
3397
|
+
request: offer,
|
|
3398
|
+
...offer,
|
|
3399
|
+
metadata,
|
|
3400
|
+
version: offer.version
|
|
3401
|
+
});
|
|
3402
|
+
}
|
|
3403
|
+
static fromCredentialOfferRequest(opts) {
|
|
3404
|
+
const { request } = opts;
|
|
3405
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common25.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
3406
|
+
let builder;
|
|
3407
|
+
if (version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3408
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest(opts);
|
|
3409
|
+
} else {
|
|
3410
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOfferRequest(opts);
|
|
3411
|
+
}
|
|
3412
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3413
|
+
}
|
|
3414
|
+
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
3415
|
+
const version = (0, import_oid4vci_common25.determineSpecVersionFromOffer)(credentialOffer.credential_offer);
|
|
3416
|
+
let builder;
|
|
3417
|
+
if (version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3418
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
3419
|
+
credentialOffer,
|
|
3420
|
+
metadata
|
|
3421
|
+
});
|
|
3422
|
+
} else {
|
|
3423
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
3424
|
+
credentialOffer,
|
|
3425
|
+
metadata
|
|
3426
|
+
});
|
|
3427
|
+
}
|
|
3428
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3429
|
+
}
|
|
3430
|
+
getVersion() {
|
|
3431
|
+
return this._builder.version;
|
|
3432
|
+
}
|
|
3433
|
+
withCredentialEndpointFromMetadata(metadata) {
|
|
3434
|
+
if (isV1_0_15(this._builder)) {
|
|
3435
|
+
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3436
|
+
} else if (isV1_0_13(this._builder)) {
|
|
3437
|
+
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3438
|
+
} else {
|
|
3439
|
+
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3440
|
+
}
|
|
3441
|
+
return this;
|
|
3442
|
+
}
|
|
3443
|
+
withCredentialEndpoint(credentialEndpoint) {
|
|
3444
|
+
this._builder.withCredentialEndpoint(credentialEndpoint);
|
|
3445
|
+
return this;
|
|
3446
|
+
}
|
|
3447
|
+
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
3448
|
+
if (isV1_0_15(this._builder)) {
|
|
3449
|
+
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3450
|
+
} else if (isV1_0_13(this._builder)) {
|
|
3451
|
+
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3452
|
+
} else {
|
|
3453
|
+
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3454
|
+
}
|
|
3455
|
+
return this;
|
|
3456
|
+
}
|
|
3457
|
+
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
3458
|
+
this._builder.withDeferredCredentialEndpoint(deferredCredentialEndpoint);
|
|
3459
|
+
return this;
|
|
3460
|
+
}
|
|
3461
|
+
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
3462
|
+
this._builder.withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS);
|
|
3463
|
+
return this;
|
|
3464
|
+
}
|
|
3465
|
+
withCredentialIdentifier(credentialIdentifier) {
|
|
3466
|
+
if (this._builder.version === void 0 || this._builder.version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3467
|
+
throw new Error("Version of spec should be equal or higher than v1_0_13");
|
|
3468
|
+
}
|
|
3469
|
+
;
|
|
3470
|
+
this._builder.withCredentialIdentifier(credentialIdentifier);
|
|
3471
|
+
return this;
|
|
3472
|
+
}
|
|
3473
|
+
withIssuerState(issuerState) {
|
|
3474
|
+
this._builder.withIssuerState(issuerState);
|
|
3475
|
+
return this;
|
|
3476
|
+
}
|
|
3477
|
+
withCredentialType(credentialTypes) {
|
|
3478
|
+
this._builder.withCredentialType(credentialTypes);
|
|
3479
|
+
return this;
|
|
3480
|
+
}
|
|
3481
|
+
withFormat(format) {
|
|
3482
|
+
if ("withFormat" in this._builder) {
|
|
3483
|
+
this._builder.withFormat(format);
|
|
3484
|
+
}
|
|
3485
|
+
return this;
|
|
3486
|
+
}
|
|
3487
|
+
withSubjectIssuance(subjectIssuance) {
|
|
3488
|
+
this._builder.withSubjectIssuance(subjectIssuance);
|
|
3489
|
+
return this;
|
|
3490
|
+
}
|
|
3491
|
+
withToken(accessToken) {
|
|
3492
|
+
this._builder.withToken(accessToken);
|
|
3493
|
+
return this;
|
|
3494
|
+
}
|
|
3495
|
+
withTokenFromResponse(response) {
|
|
3496
|
+
this._builder.withTokenFromResponse(response);
|
|
3497
|
+
return this;
|
|
3498
|
+
}
|
|
3499
|
+
withVersion(version) {
|
|
3500
|
+
this._builder.withVersion(version);
|
|
3501
|
+
return this;
|
|
3502
|
+
}
|
|
3503
|
+
build() {
|
|
3504
|
+
return this._builder.build();
|
|
3505
|
+
}
|
|
3506
|
+
};
|
|
3507
|
+
|
|
3508
|
+
// lib/OpenID4VCIClient.ts
|
|
3509
|
+
var import_oid4vci_common28 = require("@sphereon/oid4vci-common");
|
|
3510
|
+
var import_ssi_types17 = require("@sphereon/ssi-types");
|
|
3511
|
+
|
|
3512
|
+
// lib/OpenID4VCIClientV1_0_15.ts
|
|
3513
|
+
var import_oid4vci_common27 = require("@sphereon/oid4vci-common");
|
|
3514
|
+
var import_ssi_types16 = require("@sphereon/ssi-types");
|
|
3515
|
+
|
|
3516
|
+
// lib/NonceClient.ts
|
|
3517
|
+
var import_oid4vci_common26 = require("@sphereon/oid4vci-common");
|
|
3518
|
+
var sendNonceRequest = /* @__PURE__ */ __name(async (nonceEndpointUrl, opts) => {
|
|
3519
|
+
return await (0, import_oid4vci_common26.formPost)(nonceEndpointUrl, new URLSearchParams(), {
|
|
3520
|
+
customHeaders: opts?.headers
|
|
3521
|
+
});
|
|
3522
|
+
}, "sendNonceRequest");
|
|
3523
|
+
var acquireNonceFromAuthorizationServer = /* @__PURE__ */ __name(async (opts) => {
|
|
3524
|
+
const metadata = opts?.metadata ? opts.metadata : opts?.issuerOpts?.fetchMetadata ? await MetadataClient.retrieveAllMetadata(opts.issuerOpts.issuer, {
|
|
3525
|
+
errorOnNotFound: false
|
|
3526
|
+
}) : void 0;
|
|
3527
|
+
const nonceEndpointUrl = metadata?.credentialIssuerMetadata?.nonce_endpoint;
|
|
3528
|
+
if (!nonceEndpointUrl) {
|
|
3529
|
+
return Promise.reject(Error("Cannot determine nonce endpoint URL"));
|
|
3530
|
+
}
|
|
3531
|
+
return await sendNonceRequest(nonceEndpointUrl, {
|
|
3532
|
+
headers: opts?.headers
|
|
3533
|
+
});
|
|
3534
|
+
}, "acquireNonceFromAuthorizationServer");
|
|
3535
|
+
|
|
3536
|
+
// lib/OpenID4VCIClientV1_0_15.ts
|
|
3537
|
+
var logger14 = import_ssi_types16.Loggers.DEFAULT.get("sphereon:oid4vci:v15");
|
|
3538
|
+
var OpenID4VCIClientV1_0_15 = class _OpenID4VCIClientV1_0_15 {
|
|
3539
|
+
static {
|
|
3540
|
+
__name(this, "OpenID4VCIClientV1_0_15");
|
|
3541
|
+
}
|
|
3542
|
+
_state;
|
|
3543
|
+
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL, keyAttestation }) {
|
|
3544
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common27.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
3545
|
+
if (!issuer) {
|
|
3546
|
+
throw Error("No credential issuer supplied or deduced from offer");
|
|
3547
|
+
}
|
|
3548
|
+
this._state = {
|
|
3549
|
+
credentialOffer,
|
|
3550
|
+
credentialIssuer: issuer,
|
|
3551
|
+
kid,
|
|
3552
|
+
alg,
|
|
3553
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common27.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
3554
|
+
pkce: {
|
|
3555
|
+
disabled: false,
|
|
3556
|
+
codeChallengeMethod: import_oid4vci_common27.CodeChallengeMethod.S256,
|
|
3557
|
+
...pkce
|
|
3558
|
+
},
|
|
3559
|
+
authorizationRequestOpts,
|
|
3560
|
+
authorizationCodeResponse,
|
|
3561
|
+
jwk,
|
|
3562
|
+
endpointMetadata,
|
|
3563
|
+
accessTokenResponse,
|
|
3564
|
+
authorizationURL,
|
|
3565
|
+
keyAttestation
|
|
3566
|
+
};
|
|
3567
|
+
if (!this._state.authorizationRequestOpts) {
|
|
3568
|
+
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
3569
|
+
}
|
|
3570
|
+
logger14.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
3571
|
+
}
|
|
3572
|
+
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, keyAttestation }) {
|
|
3573
|
+
const client = new _OpenID4VCIClientV1_0_15({
|
|
3574
|
+
kid,
|
|
3575
|
+
alg,
|
|
3576
|
+
clientId: clientId ?? authorizationRequest?.clientId,
|
|
3577
|
+
credentialIssuer,
|
|
3578
|
+
pkce,
|
|
3579
|
+
authorizationRequest,
|
|
3580
|
+
keyAttestation
|
|
3581
|
+
});
|
|
3582
|
+
if (retrieveServerMetadata !== false) {
|
|
3583
|
+
await client.retrieveServerMetadata();
|
|
3584
|
+
}
|
|
3585
|
+
if (createAuthorizationRequestURL !== false) {
|
|
3586
|
+
await client.createAuthorizationRequestUrl({
|
|
3587
|
+
authorizationRequest,
|
|
3588
|
+
pkce
|
|
3589
|
+
});
|
|
3590
|
+
}
|
|
3591
|
+
return client;
|
|
3592
|
+
}
|
|
3593
|
+
static async fromState({ state }) {
|
|
3594
|
+
const clientState = typeof state === "string" ? JSON.parse(state) : state;
|
|
3595
|
+
return new _OpenID4VCIClientV1_0_15(clientState);
|
|
3596
|
+
}
|
|
3597
|
+
static async fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, keyAttestation }) {
|
|
3598
|
+
const credentialOfferClient = await CredentialOfferClientV1_0_15.fromURI(uri, {
|
|
3599
|
+
resolve: resolveOfferUri
|
|
3600
|
+
});
|
|
3601
|
+
const client = new _OpenID4VCIClientV1_0_15({
|
|
3602
|
+
credentialOffer: credentialOfferClient,
|
|
3603
|
+
kid,
|
|
3604
|
+
alg,
|
|
3605
|
+
clientId: clientId ?? authorizationRequest?.clientId ?? credentialOfferClient.clientId,
|
|
3606
|
+
pkce,
|
|
3607
|
+
authorizationRequest,
|
|
3608
|
+
keyAttestation
|
|
3609
|
+
});
|
|
3610
|
+
if (retrieveServerMetadata !== false) {
|
|
3611
|
+
await client.retrieveServerMetadata();
|
|
3612
|
+
}
|
|
3613
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && createAuthorizationRequestURL !== false) {
|
|
3614
|
+
await client.createAuthorizationRequestUrl({
|
|
3615
|
+
authorizationRequest,
|
|
3616
|
+
pkce
|
|
3617
|
+
});
|
|
3618
|
+
logger14.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
3619
|
+
}
|
|
3620
|
+
return client;
|
|
3621
|
+
}
|
|
3622
|
+
async createAuthorizationRequestUrl(opts) {
|
|
3623
|
+
if (!this._state.authorizationURL) {
|
|
3624
|
+
this.calculatePKCEOpts(opts?.pkce);
|
|
3625
|
+
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(opts?.authorizationRequest);
|
|
3626
|
+
if (!this._state.authorizationRequestOpts) {
|
|
3627
|
+
throw Error(`No Authorization Request options present or provided in this call`);
|
|
3628
|
+
}
|
|
3629
|
+
if (this._state.endpointMetadata?.credentialIssuerMetadata && "authorization_endpoint" in this._state.endpointMetadata.credentialIssuerMetadata) {
|
|
3630
|
+
this._state.endpointMetadata.authorization_endpoint = this._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint;
|
|
3631
|
+
}
|
|
3632
|
+
this._state.authorizationURL = await createAuthorizationRequestUrl({
|
|
3633
|
+
pkce: this._state.pkce,
|
|
3634
|
+
endpointMetadata: this.endpointMetadata,
|
|
3635
|
+
authorizationRequest: this._state.authorizationRequestOpts,
|
|
3636
|
+
credentialOffer: this.credentialOffer,
|
|
3637
|
+
credentialConfigurationSupported: this.getCredentialsSupported(false)
|
|
3638
|
+
});
|
|
3639
|
+
}
|
|
3640
|
+
return this._state.authorizationURL;
|
|
3641
|
+
}
|
|
3642
|
+
async retrieveServerMetadata() {
|
|
3643
|
+
this.assertIssuerData();
|
|
3644
|
+
if (!this._state.endpointMetadata) {
|
|
3645
|
+
if (this.credentialOffer) {
|
|
3646
|
+
this._state.endpointMetadata = await MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOffer(this.credentialOffer);
|
|
3647
|
+
} else if (this._state.credentialIssuer) {
|
|
3648
|
+
this._state.endpointMetadata = await MetadataClientV1_0_15.retrieveAllMetadata(this._state.credentialIssuer);
|
|
3649
|
+
} else {
|
|
3650
|
+
throw Error(`Cannot retrieve issuer metadata without either a credential offer, or issuer value`);
|
|
3651
|
+
}
|
|
3652
|
+
}
|
|
3653
|
+
return this.endpointMetadata;
|
|
3654
|
+
}
|
|
3655
|
+
async acquireNonce() {
|
|
3656
|
+
const response = await acquireNonceFromAuthorizationServer({
|
|
3657
|
+
metadata: this.endpointMetadata,
|
|
3658
|
+
issuerOpts: {
|
|
3659
|
+
issuer: this.getIssuer(),
|
|
3660
|
+
fetchMetadata: false
|
|
3661
|
+
}
|
|
3662
|
+
});
|
|
3663
|
+
if (response.errorBody) {
|
|
3664
|
+
logger14.debug(`Nonce request error:\r
|
|
3665
|
+
${JSON.stringify(response.errorBody)}`);
|
|
3666
|
+
return Promise.reject(Error(`Retrieving a nonce from ${this._state.endpointMetadata?.credentialIssuerMetadata?.nonce_endpoint} for issuer ${this.getIssuer()} failed with error: ${response.errorBody.error}${response.errorBody.error_description ? ` - ${response.errorBody.error_description}` : ""}`));
|
|
3667
|
+
} else if (!response.successBody) {
|
|
3668
|
+
logger14.debug(`Nonce request error. No success body`);
|
|
3669
|
+
return Promise.reject(Error(`Retrieving a nonce from ${this._state.endpointMetadata?.credentialIssuerMetadata?.nonce_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3670
|
+
}
|
|
3671
|
+
this._state.cachedCNonce = response.successBody.c_nonce;
|
|
3672
|
+
return response.successBody.c_nonce;
|
|
3673
|
+
}
|
|
3674
|
+
calculatePKCEOpts(pkce) {
|
|
3675
|
+
this._state.pkce = generateMissingPKCEOpts({
|
|
3676
|
+
...this._state.pkce,
|
|
3677
|
+
...pkce
|
|
3678
|
+
});
|
|
3679
|
+
}
|
|
3680
|
+
async acquireAuthorizationChallengeCode(opts) {
|
|
3681
|
+
const response = await acquireAuthorizationChallengeAuthCode({
|
|
3682
|
+
metadata: this.endpointMetadata,
|
|
3683
|
+
credentialIssuer: this.getIssuer(),
|
|
3684
|
+
clientId: this._state.clientId ?? this._state.authorizationRequestOpts?.clientId,
|
|
3685
|
+
...opts
|
|
3686
|
+
});
|
|
3687
|
+
if (response.errorBody) {
|
|
3688
|
+
logger14.debug(`Authorization code error:\r
|
|
3689
|
+
${JSON.stringify(response.errorBody)}`);
|
|
3690
|
+
const error = response.errorBody;
|
|
3691
|
+
return Promise.reject(error);
|
|
3692
|
+
} else if (!response.successBody) {
|
|
3693
|
+
logger14.debug(`Authorization code error. No success body`);
|
|
3694
|
+
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3695
|
+
}
|
|
3696
|
+
return {
|
|
3697
|
+
...response.successBody
|
|
3698
|
+
};
|
|
3699
|
+
}
|
|
3700
|
+
async acquireAccessToken(opts) {
|
|
3701
|
+
const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
|
|
3702
|
+
let { redirectUri } = opts ?? {};
|
|
3703
|
+
const code = this.getAuthorizationCode(opts?.authorizationResponse, opts?.code);
|
|
3704
|
+
if (opts?.codeVerifier) {
|
|
3705
|
+
this._state.pkce.codeVerifier = opts.codeVerifier;
|
|
3706
|
+
}
|
|
3707
|
+
this.assertIssuerData();
|
|
3708
|
+
const asOpts = {
|
|
3709
|
+
...opts?.asOpts
|
|
3710
|
+
};
|
|
3711
|
+
const kid = asOpts.clientOpts?.kid ?? this._state.kid ?? this._state.authorizationRequestOpts?.requestObjectOpts?.kid;
|
|
3712
|
+
const clientAssertionType = asOpts.clientOpts?.clientAssertionType ?? (kid && clientId && typeof asOpts.clientOpts?.signCallbacks?.signCallback === "function" ? "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" : void 0);
|
|
3713
|
+
if (this.isEBSI() || clientId && kid) {
|
|
3714
|
+
if (!clientId) {
|
|
3715
|
+
throw Error(`Client id expected for EBSI`);
|
|
3716
|
+
}
|
|
3717
|
+
asOpts.clientOpts = {
|
|
3718
|
+
...asOpts.clientOpts,
|
|
3719
|
+
clientId,
|
|
3720
|
+
...kid && {
|
|
3721
|
+
kid
|
|
3722
|
+
},
|
|
3723
|
+
...clientAssertionType && {
|
|
3724
|
+
clientAssertionType
|
|
3725
|
+
},
|
|
3726
|
+
signCallbacks: asOpts.clientOpts?.signCallbacks ?? this._state.authorizationRequestOpts?.requestObjectOpts?.signCallbacks
|
|
3727
|
+
};
|
|
3728
|
+
}
|
|
3729
|
+
if (clientId) {
|
|
3730
|
+
this._state.clientId = clientId;
|
|
3731
|
+
if (!asOpts.clientOpts) {
|
|
3732
|
+
asOpts.clientOpts = {
|
|
3733
|
+
clientId
|
|
3734
|
+
};
|
|
3735
|
+
}
|
|
3736
|
+
asOpts.clientOpts.clientId = clientId;
|
|
3737
|
+
}
|
|
3738
|
+
if (!this._state.accessTokenResponse) {
|
|
3739
|
+
const accessTokenClient = new AccessTokenClient();
|
|
3740
|
+
if (redirectUri && redirectUri !== this._state.authorizationRequestOpts?.redirectUri) {
|
|
3741
|
+
console.log(`Redirect URI mismatch between access-token (${redirectUri}) and authorization request (${this._state.authorizationRequestOpts?.redirectUri}). According to the specification that is not allowed.`);
|
|
3742
|
+
}
|
|
3743
|
+
if (this._state.authorizationRequestOpts?.redirectUri && !redirectUri) {
|
|
3744
|
+
redirectUri = this._state.authorizationRequestOpts.redirectUri;
|
|
3745
|
+
}
|
|
3746
|
+
const response = await accessTokenClient.acquireAccessToken({
|
|
3747
|
+
credentialOffer: this.credentialOffer,
|
|
3748
|
+
metadata: this.endpointMetadata,
|
|
3749
|
+
credentialIssuer: this.getIssuer(),
|
|
3750
|
+
pin,
|
|
3751
|
+
...!this._state.pkce.disabled && {
|
|
3752
|
+
codeVerifier: this._state.pkce.codeVerifier
|
|
3753
|
+
},
|
|
3754
|
+
code,
|
|
3755
|
+
redirectUri,
|
|
3756
|
+
asOpts,
|
|
3757
|
+
...opts?.createDPoPOpts && {
|
|
3758
|
+
createDPoPOpts: opts.createDPoPOpts
|
|
3759
|
+
},
|
|
3760
|
+
...opts?.additionalRequestParams && {
|
|
3761
|
+
additionalParams: opts.additionalRequestParams
|
|
3762
|
+
}
|
|
3763
|
+
});
|
|
3764
|
+
if (response.errorBody) {
|
|
3765
|
+
logger14.debug(`Access token error:\r
|
|
3766
|
+
${JSON.stringify(response.errorBody)}`);
|
|
3767
|
+
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3768
|
+
} else if (!response.successBody) {
|
|
3769
|
+
logger14.debug(`Access token error. No success body`);
|
|
3770
|
+
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3771
|
+
}
|
|
3772
|
+
this._state.accessTokenResponse = response.successBody;
|
|
3773
|
+
this._state.dpopResponseParams = response.params;
|
|
3774
|
+
this._state.accessToken = response.successBody.access_token;
|
|
3775
|
+
}
|
|
3776
|
+
return {
|
|
3777
|
+
...this.accessTokenResponse,
|
|
3778
|
+
...this.dpopResponseParams && {
|
|
3779
|
+
params: this.dpopResponseParams
|
|
3780
|
+
}
|
|
3781
|
+
};
|
|
3782
|
+
}
|
|
3783
|
+
async acquireCredentials({ credentialIdentifier, credentialConfigurationId, credentialTypes, context, proofCallbacks, format, kid, jwk, alg, jti, deferredCredentialAwait, deferredCredentialIntervalInMS, createDPoPOpts }) {
|
|
3784
|
+
if ([
|
|
3785
|
+
jwk,
|
|
3786
|
+
kid
|
|
3787
|
+
].filter((v) => v !== void 0).length > 1) {
|
|
3788
|
+
throw new Error(import_oid4vci_common27.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
3789
|
+
}
|
|
3790
|
+
if (alg) this._state.alg = alg;
|
|
3791
|
+
if (jwk) this._state.jwk = jwk;
|
|
3792
|
+
if (kid) this._state.kid = kid;
|
|
3793
|
+
const requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_15.fromCredentialOffer({
|
|
3794
|
+
credentialOffer: this.credentialOffer,
|
|
3795
|
+
metadata: this.endpointMetadata
|
|
3796
|
+
}) : CredentialRequestClientBuilderV1_0_15.fromCredentialIssuer({
|
|
3797
|
+
credentialIssuer: this.getIssuer(),
|
|
3798
|
+
credentialTypes,
|
|
3799
|
+
credentialIdentifier,
|
|
3800
|
+
credentialConfigurationId,
|
|
3801
|
+
metadata: this.endpointMetadata,
|
|
3802
|
+
version: this.version()
|
|
3803
|
+
});
|
|
3804
|
+
if (credentialIdentifier) {
|
|
3805
|
+
requestBuilder.withCredentialIdentifier(credentialIdentifier);
|
|
3806
|
+
} else if (credentialConfigurationId) {
|
|
3807
|
+
requestBuilder.withCredentialConfigurationId(credentialConfigurationId);
|
|
3808
|
+
}
|
|
3809
|
+
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this._state.cachedCNonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
3810
|
+
requestBuilder.withIssuerState(issuerState);
|
|
3811
|
+
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
3812
|
+
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
3813
|
+
let subjectIssuance;
|
|
3814
|
+
if (this.endpointMetadata?.credentialIssuerMetadata) {
|
|
3815
|
+
const metadata = this.endpointMetadata.credentialIssuerMetadata;
|
|
3816
|
+
if (metadata.credential_configurations_supported) {
|
|
3817
|
+
const configId = credentialConfigurationId ?? credentialIdentifier;
|
|
3818
|
+
if (configId && metadata.credential_configurations_supported[configId]) {
|
|
3819
|
+
const config = metadata.credential_configurations_supported[configId];
|
|
3820
|
+
if (config.credential_subject_issuance) {
|
|
3821
|
+
const subjIssuance = config.credential_subject_issuance;
|
|
3822
|
+
if (subjIssuance.subject_proof_mode && subjIssuance.notification_events_supported) {
|
|
3823
|
+
subjectIssuance = {
|
|
3824
|
+
credential_subject_issuance: {
|
|
3825
|
+
subject_proof_mode: subjIssuance.subject_proof_mode,
|
|
3826
|
+
notification_events_supported: subjIssuance.notification_events_supported
|
|
3827
|
+
}
|
|
3828
|
+
};
|
|
3829
|
+
}
|
|
3830
|
+
}
|
|
3831
|
+
}
|
|
3832
|
+
}
|
|
3833
|
+
}
|
|
3834
|
+
if (subjectIssuance) {
|
|
3835
|
+
requestBuilder.withSubjectIssuance(subjectIssuance);
|
|
3836
|
+
}
|
|
3837
|
+
const credentialRequestClient = requestBuilder.build();
|
|
3838
|
+
if (!this._state.cachedCNonce) {
|
|
3839
|
+
await this.acquireNonce();
|
|
3840
|
+
}
|
|
3841
|
+
const proofBuilder = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
3842
|
+
accessTokenResponse: {
|
|
3843
|
+
...this.accessTokenResponse,
|
|
3844
|
+
c_nonce: this._state.cachedCNonce
|
|
3845
|
+
},
|
|
3846
|
+
callbacks: proofCallbacks,
|
|
3847
|
+
version: this.version()
|
|
3848
|
+
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
3849
|
+
if (this._state.jwk) {
|
|
3850
|
+
proofBuilder.withJWK(this._state.jwk);
|
|
3851
|
+
}
|
|
3852
|
+
if (this._state.kid) {
|
|
3853
|
+
proofBuilder.withKid(this._state.kid);
|
|
3854
|
+
}
|
|
3855
|
+
if (this.clientId && (!this.credentialOffer || this.credentialOffer.supportedFlows.includes(import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && !this.credentialOffer.preAuthorizedCode)) {
|
|
3856
|
+
proofBuilder.withClientId(this.clientId);
|
|
3857
|
+
}
|
|
3858
|
+
if (jti) {
|
|
3859
|
+
proofBuilder.withJti(jti);
|
|
3860
|
+
}
|
|
3861
|
+
if (this._state.cachedCNonce) {
|
|
3862
|
+
proofBuilder.withAccessTokenNonce(this._state.cachedCNonce);
|
|
3863
|
+
}
|
|
3864
|
+
const response = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
3865
|
+
proofInput: proofBuilder,
|
|
3866
|
+
credentialIdentifier,
|
|
3867
|
+
credentialTypes,
|
|
3868
|
+
context,
|
|
3869
|
+
format,
|
|
3870
|
+
subjectIssuance,
|
|
3871
|
+
createDPoPOpts
|
|
3872
|
+
});
|
|
3873
|
+
this._state.dpopResponseParams = response.params;
|
|
3874
|
+
if (response.errorBody) {
|
|
3875
|
+
logger14.debug(`Credential request error:\r
|
|
3876
|
+
${JSON.stringify(response.errorBody)}`);
|
|
3877
|
+
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3878
|
+
} else if (!response.successBody) {
|
|
3879
|
+
logger14.debug(`Credential request error. No success body`);
|
|
3880
|
+
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3881
|
+
}
|
|
3882
|
+
return {
|
|
3883
|
+
...response.successBody,
|
|
3884
|
+
...this.dpopResponseParams && {
|
|
3885
|
+
params: this.dpopResponseParams
|
|
3886
|
+
},
|
|
3887
|
+
access_token: response.access_token
|
|
3888
|
+
};
|
|
3889
|
+
}
|
|
3890
|
+
async exportState() {
|
|
3891
|
+
return JSON.stringify(this._state);
|
|
3892
|
+
}
|
|
3893
|
+
getCredentialsSupported(restrictToInitiationTypes, format) {
|
|
3894
|
+
return (0, import_oid4vci_common27.getSupportedCredentials)({
|
|
3895
|
+
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
3896
|
+
version: this.version(),
|
|
3897
|
+
format,
|
|
3898
|
+
types: restrictToInitiationTypes ? [
|
|
3899
|
+
this.getCredentialOfferConfigurationIds()
|
|
3900
|
+
] : void 0
|
|
3901
|
+
});
|
|
3902
|
+
}
|
|
3903
|
+
async sendNotification(credentialRequestOpts, request, accessToken) {
|
|
3904
|
+
return sendNotification(credentialRequestOpts, request, accessToken ?? this._state.accessToken ?? this._state.accessTokenResponse?.access_token);
|
|
3905
|
+
}
|
|
3906
|
+
getCredentialOfferConfigurationIds() {
|
|
3907
|
+
if (!this.credentialOffer) {
|
|
3908
|
+
return [];
|
|
3909
|
+
}
|
|
3910
|
+
return this.credentialOffer.credential_offer?.credential_configuration_ids ?? [];
|
|
3911
|
+
}
|
|
3912
|
+
issuerSupportedFlowTypes() {
|
|
3913
|
+
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ?? this._state.endpointMetadata?.authorization_server ? [
|
|
3914
|
+
import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
3915
|
+
] : []);
|
|
3916
|
+
}
|
|
3917
|
+
isFlowTypeSupported(flowType) {
|
|
3918
|
+
return this.issuerSupportedFlowTypes().includes(flowType);
|
|
3919
|
+
}
|
|
3920
|
+
get authorizationURL() {
|
|
3921
|
+
return this._state.authorizationURL;
|
|
3922
|
+
}
|
|
3923
|
+
hasAuthorizationURL() {
|
|
3924
|
+
return !!this.authorizationURL;
|
|
3925
|
+
}
|
|
3926
|
+
get credentialOffer() {
|
|
3927
|
+
return this._state.credentialOffer;
|
|
3928
|
+
}
|
|
3929
|
+
version() {
|
|
3930
|
+
return import_oid4vci_common27.OpenId4VCIVersion.VER_1_0_15;
|
|
3931
|
+
}
|
|
3932
|
+
get endpointMetadata() {
|
|
3933
|
+
this.assertServerMetadata();
|
|
3934
|
+
return this._state.endpointMetadata;
|
|
3935
|
+
}
|
|
3936
|
+
get kid() {
|
|
3937
|
+
this.assertIssuerData();
|
|
3938
|
+
if (!this._state.kid) {
|
|
3939
|
+
throw new Error("No value for kid is supplied");
|
|
3940
|
+
}
|
|
3941
|
+
return this._state.kid;
|
|
3942
|
+
}
|
|
3943
|
+
get alg() {
|
|
3944
|
+
this.assertIssuerData();
|
|
3945
|
+
if (!this._state.alg) {
|
|
3946
|
+
throw new Error("No value for alg is supplied");
|
|
2941
3947
|
}
|
|
2942
|
-
return
|
|
3948
|
+
return this._state.alg;
|
|
2943
3949
|
}
|
|
2944
|
-
|
|
2945
|
-
|
|
2946
|
-
let builder;
|
|
2947
|
-
if (version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2948
|
-
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
2949
|
-
credentialOffer,
|
|
2950
|
-
metadata
|
|
2951
|
-
});
|
|
2952
|
-
} else {
|
|
2953
|
-
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
2954
|
-
credentialOffer,
|
|
2955
|
-
metadata
|
|
2956
|
-
});
|
|
2957
|
-
}
|
|
2958
|
-
return new _CredentialRequestClientBuilder(builder);
|
|
3950
|
+
set clientId(value) {
|
|
3951
|
+
this._state.clientId = value;
|
|
2959
3952
|
}
|
|
2960
|
-
|
|
2961
|
-
return this.
|
|
3953
|
+
get clientId() {
|
|
3954
|
+
return this._state.clientId;
|
|
2962
3955
|
}
|
|
2963
|
-
|
|
2964
|
-
|
|
2965
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
2966
|
-
} else {
|
|
2967
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
2968
|
-
}
|
|
2969
|
-
return this;
|
|
3956
|
+
hasAccessTokenResponse() {
|
|
3957
|
+
return !!this._state.accessTokenResponse;
|
|
2970
3958
|
}
|
|
2971
|
-
|
|
2972
|
-
this.
|
|
2973
|
-
return this;
|
|
3959
|
+
get accessTokenResponse() {
|
|
3960
|
+
this.assertAccessToken();
|
|
3961
|
+
return this._state.accessTokenResponse;
|
|
2974
3962
|
}
|
|
2975
|
-
|
|
2976
|
-
|
|
2977
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
2978
|
-
} else {
|
|
2979
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
2980
|
-
}
|
|
2981
|
-
return this;
|
|
3963
|
+
get dpopResponseParams() {
|
|
3964
|
+
return this._state.dpopResponseParams;
|
|
2982
3965
|
}
|
|
2983
|
-
|
|
2984
|
-
this.
|
|
2985
|
-
return this;
|
|
3966
|
+
get state() {
|
|
3967
|
+
return this._state;
|
|
2986
3968
|
}
|
|
2987
|
-
|
|
2988
|
-
this.
|
|
2989
|
-
return this;
|
|
3969
|
+
getIssuer() {
|
|
3970
|
+
this.assertIssuerData();
|
|
3971
|
+
return this._state.credentialIssuer;
|
|
2990
3972
|
}
|
|
2991
|
-
|
|
2992
|
-
|
|
2993
|
-
|
|
2994
|
-
|
|
2995
|
-
|
|
2996
|
-
|
|
2997
|
-
|
|
3973
|
+
getAccessTokenEndpoint() {
|
|
3974
|
+
this.assertIssuerData();
|
|
3975
|
+
return this.endpointMetadata?.token_endpoint ?? AccessTokenClient.determineTokenURL({
|
|
3976
|
+
issuerOpts: {
|
|
3977
|
+
issuer: this.getIssuer()
|
|
3978
|
+
}
|
|
3979
|
+
});
|
|
2998
3980
|
}
|
|
2999
|
-
|
|
3000
|
-
this.
|
|
3001
|
-
return this
|
|
3981
|
+
getCredentialEndpoint() {
|
|
3982
|
+
this.assertIssuerData();
|
|
3983
|
+
return this.endpointMetadata?.credential_endpoint ?? `${this.getIssuer()}/credential`;
|
|
3002
3984
|
}
|
|
3003
|
-
|
|
3004
|
-
this.
|
|
3005
|
-
return this;
|
|
3985
|
+
getNonceEndpoint() {
|
|
3986
|
+
return this.endpointMetadata?.credentialIssuerMetadata?.nonce_endpoint;
|
|
3006
3987
|
}
|
|
3007
|
-
|
|
3008
|
-
this.
|
|
3009
|
-
return this;
|
|
3988
|
+
hasNonceEndpoint() {
|
|
3989
|
+
return !!this.getNonceEndpoint();
|
|
3010
3990
|
}
|
|
3011
|
-
|
|
3012
|
-
this.
|
|
3013
|
-
return this;
|
|
3991
|
+
getAuthorizationChallengeEndpoint() {
|
|
3992
|
+
this.assertIssuerData();
|
|
3993
|
+
return this.endpointMetadata?.authorization_challenge_endpoint;
|
|
3014
3994
|
}
|
|
3015
|
-
|
|
3016
|
-
this.
|
|
3017
|
-
return this;
|
|
3995
|
+
hasAuthorizationChallengeEndpoint() {
|
|
3996
|
+
return !!this.getAuthorizationChallengeEndpoint();
|
|
3018
3997
|
}
|
|
3019
|
-
|
|
3020
|
-
this.
|
|
3021
|
-
return this;
|
|
3998
|
+
hasDeferredCredentialEndpoint() {
|
|
3999
|
+
return !!this.endpointMetadata?.deferred_credential_endpoint;
|
|
3022
4000
|
}
|
|
3023
|
-
|
|
3024
|
-
this.
|
|
3025
|
-
return this;
|
|
4001
|
+
getDeferredCredentialEndpoint() {
|
|
4002
|
+
this.assertIssuerData();
|
|
4003
|
+
return this.endpointMetadata?.deferred_credential_endpoint;
|
|
3026
4004
|
}
|
|
3027
|
-
|
|
3028
|
-
return this.
|
|
4005
|
+
isEBSI() {
|
|
4006
|
+
return this.clientId?.includes("ebsi") || this._state.kid?.includes("did:ebsi:") || this.getIssuer().includes("ebsi") || this.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint?.includes("ebsi.eu") || this.endpointMetadata?.credentialIssuerMetadata?.authorization_server?.includes("ebsi.eu");
|
|
4007
|
+
}
|
|
4008
|
+
assertIssuerData() {
|
|
4009
|
+
if (!this._state.credentialIssuer) {
|
|
4010
|
+
throw Error(`No credential issuer value present`);
|
|
4011
|
+
} else if (!this._state.credentialOffer && this._state.endpointMetadata && this.issuerSupportedFlowTypes().length === 0) {
|
|
4012
|
+
throw Error(`No issuance initiation or credential offer present`);
|
|
4013
|
+
}
|
|
4014
|
+
}
|
|
4015
|
+
assertServerMetadata() {
|
|
4016
|
+
if (!this._state.endpointMetadata) {
|
|
4017
|
+
throw Error("No server metadata");
|
|
4018
|
+
}
|
|
4019
|
+
}
|
|
4020
|
+
assertAccessToken() {
|
|
4021
|
+
if (!this._state.accessTokenResponse) {
|
|
4022
|
+
throw Error(`No access token present`);
|
|
4023
|
+
}
|
|
4024
|
+
}
|
|
4025
|
+
syncAuthorizationRequestOpts(opts) {
|
|
4026
|
+
const requestObjectOpts = {
|
|
4027
|
+
...this._state?.authorizationRequestOpts?.requestObjectOpts,
|
|
4028
|
+
...opts?.requestObjectOpts
|
|
4029
|
+
};
|
|
4030
|
+
let authorizationRequestOpts = {
|
|
4031
|
+
...this._state?.authorizationRequestOpts,
|
|
4032
|
+
...opts,
|
|
4033
|
+
...requestObjectOpts && {
|
|
4034
|
+
requestObjectOpts
|
|
4035
|
+
}
|
|
4036
|
+
};
|
|
4037
|
+
if (!authorizationRequestOpts) {
|
|
4038
|
+
authorizationRequestOpts = {
|
|
4039
|
+
redirectUri: `${import_oid4vci_common27.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
4040
|
+
};
|
|
4041
|
+
}
|
|
4042
|
+
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
4043
|
+
this._state.clientId = clientId;
|
|
4044
|
+
authorizationRequestOpts.clientId = clientId;
|
|
4045
|
+
return authorizationRequestOpts;
|
|
3029
4046
|
}
|
|
4047
|
+
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
4048
|
+
if (authorizationResponse) {
|
|
4049
|
+
this._state.authorizationCodeResponse = {
|
|
4050
|
+
...(0, import_oid4vci_common27.toAuthorizationResponsePayload)(authorizationResponse)
|
|
4051
|
+
};
|
|
4052
|
+
} else if (code) {
|
|
4053
|
+
this._state.authorizationCodeResponse = {
|
|
4054
|
+
code
|
|
4055
|
+
};
|
|
4056
|
+
}
|
|
4057
|
+
return this._state.authorizationCodeResponse?.code ?? this._state.authorizationCodeResponse?.authorization_code;
|
|
4058
|
+
}, "getAuthorizationCode");
|
|
3030
4059
|
};
|
|
3031
4060
|
|
|
3032
4061
|
// lib/OpenID4VCIClient.ts
|
|
3033
|
-
var
|
|
3034
|
-
var import_ssi_types14 = require("@sphereon/ssi-types");
|
|
3035
|
-
var logger12 = import_ssi_types14.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
4062
|
+
var logger15 = import_ssi_types17.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
3036
4063
|
var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
3037
4064
|
static {
|
|
3038
4065
|
__name(this, "OpenID4VCIClient");
|
|
3039
4066
|
}
|
|
3040
4067
|
_state;
|
|
3041
4068
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, accessToken, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
3042
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
4069
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common28.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
3043
4070
|
if (!issuer) {
|
|
3044
4071
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
3045
4072
|
}
|
|
@@ -3049,10 +4076,10 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3049
4076
|
kid,
|
|
3050
4077
|
alg,
|
|
3051
4078
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
3052
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
4079
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common28.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
3053
4080
|
pkce: {
|
|
3054
4081
|
disabled: false,
|
|
3055
|
-
codeChallengeMethod:
|
|
4082
|
+
codeChallengeMethod: import_oid4vci_common28.CodeChallengeMethod.S256,
|
|
3056
4083
|
...pkce
|
|
3057
4084
|
},
|
|
3058
4085
|
authorizationRequestOpts,
|
|
@@ -3066,7 +4093,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3066
4093
|
if (!this._state.authorizationRequestOpts) {
|
|
3067
4094
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
3068
4095
|
}
|
|
3069
|
-
|
|
4096
|
+
logger15.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
3070
4097
|
}
|
|
3071
4098
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, endpointMetadata }) {
|
|
3072
4099
|
const client = new _OpenID4VCIClient({
|
|
@@ -3109,12 +4136,12 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3109
4136
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
3110
4137
|
await client.retrieveServerMetadata();
|
|
3111
4138
|
}
|
|
3112
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
4139
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common28.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
3113
4140
|
await client.createAuthorizationRequestUrl({
|
|
3114
4141
|
authorizationRequest,
|
|
3115
4142
|
pkce
|
|
3116
4143
|
});
|
|
3117
|
-
|
|
4144
|
+
logger15.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
3118
4145
|
}
|
|
3119
4146
|
return client;
|
|
3120
4147
|
}
|
|
@@ -3134,7 +4161,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3134
4161
|
if (this._state.endpointMetadata?.credentialIssuerMetadata && "authorization_endpoint" in this._state.endpointMetadata.credentialIssuerMetadata) {
|
|
3135
4162
|
this._state.endpointMetadata.authorization_endpoint = this._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint;
|
|
3136
4163
|
}
|
|
3137
|
-
if (this.version() <=
|
|
4164
|
+
if (this.version() <= import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_11) {
|
|
3138
4165
|
this._state.authorizationURL = await createAuthorizationRequestUrlV1_0_11({
|
|
3139
4166
|
pkce: this._state.pkce,
|
|
3140
4167
|
endpointMetadata: this.endpointMetadata,
|
|
@@ -3181,12 +4208,12 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
3181
4208
|
...opts
|
|
3182
4209
|
});
|
|
3183
4210
|
if (response.errorBody) {
|
|
3184
|
-
|
|
4211
|
+
logger15.debug(`Authorization code error:\r
|
|
3185
4212
|
${JSON.stringify(response.errorBody)}`);
|
|
3186
4213
|
const error = response.errorBody;
|
|
3187
4214
|
return Promise.reject(error);
|
|
3188
4215
|
} else if (!response.successBody) {
|
|
3189
|
-
|
|
4216
|
+
logger15.debug(`Authorization code error. No success body`);
|
|
3190
4217
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3191
4218
|
}
|
|
3192
4219
|
return {
|
|
@@ -3232,7 +4259,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3232
4259
|
asOpts.clientOpts.clientId = clientId;
|
|
3233
4260
|
}
|
|
3234
4261
|
if (!this._state.accessTokenResponse) {
|
|
3235
|
-
const accessTokenClient = this.version() <=
|
|
4262
|
+
const accessTokenClient = this.version() <= import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_12 ? new AccessTokenClientV1_0_11() : new AccessTokenClient();
|
|
3236
4263
|
if (redirectUri && redirectUri !== this._state.authorizationRequestOpts?.redirectUri) {
|
|
3237
4264
|
console.log(`Redirect URI mismatch between access-token (${redirectUri}) and authorization request (${this._state.authorizationRequestOpts?.redirectUri}). According to the specification that is not allowed.`);
|
|
3238
4265
|
}
|
|
@@ -3258,11 +4285,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3258
4285
|
}
|
|
3259
4286
|
});
|
|
3260
4287
|
if (response.errorBody) {
|
|
3261
|
-
|
|
4288
|
+
logger15.debug(`Access token error:\r
|
|
3262
4289
|
${JSON.stringify(response.errorBody)}`);
|
|
3263
4290
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3264
4291
|
} else if (!response.successBody) {
|
|
3265
|
-
|
|
4292
|
+
logger15.debug(`Access token error. No success body`);
|
|
3266
4293
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3267
4294
|
}
|
|
3268
4295
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -3281,13 +4308,22 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3281
4308
|
jwk,
|
|
3282
4309
|
kid
|
|
3283
4310
|
].filter((v) => v !== void 0).length > 1) {
|
|
3284
|
-
throw new Error(
|
|
4311
|
+
throw new Error(import_oid4vci_common28.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
3285
4312
|
}
|
|
3286
4313
|
if (alg) this._state.alg = alg;
|
|
3287
4314
|
if (jwk) this._state.jwk = jwk;
|
|
3288
4315
|
if (kid) this._state.kid = kid;
|
|
4316
|
+
if (this.version() === import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15 && this.hasNonceEndpoint()) {
|
|
4317
|
+
if (!this._state.cachedCNonce) {
|
|
4318
|
+
try {
|
|
4319
|
+
await this.acquireNonceViaV15Delegate();
|
|
4320
|
+
} catch (e) {
|
|
4321
|
+
return Promise.reject(Error(`failed to acquire nonce: ${String(e)}`));
|
|
4322
|
+
}
|
|
4323
|
+
}
|
|
4324
|
+
}
|
|
3289
4325
|
let requestBuilder;
|
|
3290
|
-
if (this.version() <
|
|
4326
|
+
if (this.version() < import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_13) {
|
|
3291
4327
|
requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
3292
4328
|
credentialOffer: this.credentialOffer,
|
|
3293
4329
|
metadata: this.endpointMetadata
|
|
@@ -3298,17 +4334,17 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3298
4334
|
version: this.version()
|
|
3299
4335
|
});
|
|
3300
4336
|
} else {
|
|
3301
|
-
requestBuilder = this.credentialOffer ?
|
|
4337
|
+
requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_15.fromCredentialOffer({
|
|
3302
4338
|
credentialOffer: this.credentialOffer,
|
|
3303
4339
|
metadata: this.endpointMetadata
|
|
3304
|
-
}) :
|
|
4340
|
+
}) : CredentialRequestClientBuilderV1_0_15.fromCredentialIssuer({
|
|
3305
4341
|
credentialIssuer: this.getIssuer(),
|
|
3306
4342
|
credentialTypes,
|
|
3307
4343
|
metadata: this.endpointMetadata,
|
|
3308
4344
|
version: this.version()
|
|
3309
4345
|
});
|
|
3310
4346
|
}
|
|
3311
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(
|
|
4347
|
+
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common28.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this.accessTokenResponse?.c_nonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
3312
4348
|
requestBuilder.withIssuerState(issuerState);
|
|
3313
4349
|
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
3314
4350
|
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
@@ -3321,7 +4357,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3321
4357
|
if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
3322
4358
|
let typeSupported = false;
|
|
3323
4359
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
3324
|
-
const subTypes = (0,
|
|
4360
|
+
const subTypes = (0, import_oid4vci_common28.getTypesFromCredentialSupported)(supportedCredential);
|
|
3325
4361
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
3326
4362
|
typeSupported = true;
|
|
3327
4363
|
if (supportedCredential.credential_subject_issuance) {
|
|
@@ -3345,53 +4381,109 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3345
4381
|
requestBuilder.withSubjectIssuance(subjectIssuance);
|
|
3346
4382
|
}
|
|
3347
4383
|
const credentialRequestClient = requestBuilder.build();
|
|
3348
|
-
|
|
3349
|
-
|
|
3350
|
-
|
|
3351
|
-
|
|
3352
|
-
|
|
3353
|
-
|
|
3354
|
-
|
|
3355
|
-
|
|
3356
|
-
|
|
3357
|
-
|
|
3358
|
-
|
|
3359
|
-
|
|
3360
|
-
|
|
3361
|
-
|
|
3362
|
-
|
|
3363
|
-
|
|
3364
|
-
|
|
3365
|
-
|
|
3366
|
-
|
|
3367
|
-
|
|
3368
|
-
|
|
3369
|
-
|
|
3370
|
-
|
|
3371
|
-
|
|
3372
|
-
|
|
3373
|
-
|
|
3374
|
-
|
|
3375
|
-
|
|
4384
|
+
try {
|
|
4385
|
+
const proofBuilder = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
4386
|
+
accessTokenResponse: this.accessTokenResponse,
|
|
4387
|
+
callbacks: proofCallbacks,
|
|
4388
|
+
version: this.version()
|
|
4389
|
+
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
4390
|
+
if (this._state.jwk) {
|
|
4391
|
+
proofBuilder.withJWK(this._state.jwk);
|
|
4392
|
+
}
|
|
4393
|
+
if (this._state.kid) {
|
|
4394
|
+
proofBuilder.withKid(this._state.kid);
|
|
4395
|
+
}
|
|
4396
|
+
if (this.clientId && (!this.credentialOffer || this.credentialOffer.supportedFlows.includes(import_oid4vci_common28.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && !this.credentialOffer.preAuthorizedCode)) {
|
|
4397
|
+
proofBuilder.withClientId(this.clientId);
|
|
4398
|
+
}
|
|
4399
|
+
if (jti) {
|
|
4400
|
+
proofBuilder.withJti(jti);
|
|
4401
|
+
}
|
|
4402
|
+
if ("cachedCNonce" in this._state && this._state.cachedCNonce) {
|
|
4403
|
+
proofBuilder.withAccessTokenNonce(this._state.cachedCNonce);
|
|
4404
|
+
}
|
|
4405
|
+
const response = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
4406
|
+
proofInput: proofBuilder,
|
|
4407
|
+
credentialTypes,
|
|
4408
|
+
context,
|
|
4409
|
+
format,
|
|
4410
|
+
subjectIssuance,
|
|
4411
|
+
createDPoPOpts
|
|
4412
|
+
});
|
|
4413
|
+
this._state.dpopResponseParams = response.params;
|
|
4414
|
+
if (response.errorBody) {
|
|
4415
|
+
logger15.debug(`Credential request error:\r
|
|
3376
4416
|
${JSON.stringify(response.errorBody)}`);
|
|
3377
|
-
|
|
3378
|
-
|
|
3379
|
-
|
|
3380
|
-
|
|
4417
|
+
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4418
|
+
} else if (!response.successBody) {
|
|
4419
|
+
logger15.debug(`Credential request error. No success body`);
|
|
4420
|
+
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4421
|
+
}
|
|
4422
|
+
return {
|
|
4423
|
+
...response.successBody,
|
|
4424
|
+
...this.dpopResponseParams && {
|
|
4425
|
+
params: this.dpopResponseParams
|
|
4426
|
+
},
|
|
4427
|
+
access_token: response.access_token
|
|
4428
|
+
};
|
|
4429
|
+
} catch (e) {
|
|
4430
|
+
if (!this.shouldRetryWithFreshNonce(e)) {
|
|
4431
|
+
return Promise.reject(e instanceof Error ? e : Error(String(e)));
|
|
4432
|
+
}
|
|
4433
|
+
this._state.cachedCNonce = void 0;
|
|
4434
|
+
try {
|
|
4435
|
+
await this.acquireNonceViaV15Delegate();
|
|
4436
|
+
} catch (e2) {
|
|
4437
|
+
return Promise.reject(Error(`retry nonce fetch failed: ${String(e2)}`));
|
|
4438
|
+
}
|
|
4439
|
+
const proofBuilder2 = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
4440
|
+
accessTokenResponse: this.accessTokenResponse,
|
|
4441
|
+
callbacks: proofCallbacks,
|
|
4442
|
+
version: this.version()
|
|
4443
|
+
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
4444
|
+
if (this._state.jwk) {
|
|
4445
|
+
proofBuilder2.withJWK(this._state.jwk);
|
|
4446
|
+
}
|
|
4447
|
+
if (this._state.kid) {
|
|
4448
|
+
proofBuilder2.withKid(this._state.kid);
|
|
4449
|
+
}
|
|
4450
|
+
if (this.clientId) {
|
|
4451
|
+
proofBuilder2.withClientId(this.clientId);
|
|
4452
|
+
}
|
|
4453
|
+
if (jti) {
|
|
4454
|
+
proofBuilder2.withJti(jti);
|
|
4455
|
+
}
|
|
4456
|
+
const response2 = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
4457
|
+
proofInput: proofBuilder2,
|
|
4458
|
+
credentialTypes,
|
|
4459
|
+
context,
|
|
4460
|
+
format,
|
|
4461
|
+
subjectIssuance,
|
|
4462
|
+
createDPoPOpts
|
|
4463
|
+
});
|
|
4464
|
+
this._state.dpopResponseParams = response2.params;
|
|
4465
|
+
if (response2.errorBody) {
|
|
4466
|
+
logger15.debug(`Credential request error (after retry):\r
|
|
4467
|
+
${JSON.stringify(response2.errorBody)}`);
|
|
4468
|
+
return Promise.reject(Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed after retry with status: ${response2.origResponse.status}`));
|
|
4469
|
+
} else if (!response2.successBody) {
|
|
4470
|
+
logger15.debug(`Credential request error after retry. No success body`);
|
|
4471
|
+
return Promise.reject(Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed after retry as there was no success response body`));
|
|
4472
|
+
}
|
|
4473
|
+
return {
|
|
4474
|
+
...response2.successBody,
|
|
4475
|
+
...this.dpopResponseParams && {
|
|
4476
|
+
params: this.dpopResponseParams
|
|
4477
|
+
},
|
|
4478
|
+
access_token: response2.access_token
|
|
4479
|
+
};
|
|
3381
4480
|
}
|
|
3382
|
-
return {
|
|
3383
|
-
...response.successBody,
|
|
3384
|
-
...this.dpopResponseParams && {
|
|
3385
|
-
params: this.dpopResponseParams
|
|
3386
|
-
},
|
|
3387
|
-
access_token: response.access_token
|
|
3388
|
-
};
|
|
3389
4481
|
}
|
|
3390
4482
|
async exportState() {
|
|
3391
4483
|
return JSON.stringify(this._state);
|
|
3392
4484
|
}
|
|
3393
4485
|
getCredentialsSupported(restrictToInitiationTypes, format) {
|
|
3394
|
-
return (0,
|
|
4486
|
+
return (0, import_oid4vci_common28.getSupportedCredentials)({
|
|
3395
4487
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
3396
4488
|
version: this.version(),
|
|
3397
4489
|
format,
|
|
@@ -3404,7 +4496,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3404
4496
|
getCredentialOfferTypes() {
|
|
3405
4497
|
if (!this.credentialOffer) {
|
|
3406
4498
|
return [];
|
|
3407
|
-
} else if (this.version() <
|
|
4499
|
+
} else if (this.version() < import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_11) {
|
|
3408
4500
|
const orig = this.credentialOffer.original_credential_offer;
|
|
3409
4501
|
const types = typeof orig.credential_type === "string" ? [
|
|
3410
4502
|
orig.credential_type
|
|
@@ -3412,14 +4504,14 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3412
4504
|
const result = [];
|
|
3413
4505
|
result[0] = types;
|
|
3414
4506
|
return result;
|
|
3415
|
-
} else if (this.version() <
|
|
3416
|
-
return this.credentialOffer.credential_offer.credentials.map((c) => (0,
|
|
4507
|
+
} else if (this.version() < import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_13) {
|
|
4508
|
+
return this.credentialOffer.credential_offer.credentials.map((c) => (0, import_oid4vci_common28.getTypesFromObject)(c) ?? []);
|
|
3417
4509
|
}
|
|
3418
4510
|
return void 0;
|
|
3419
4511
|
}
|
|
3420
4512
|
issuerSupportedFlowTypes() {
|
|
3421
4513
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ?? this._state.endpointMetadata?.authorization_server ? [
|
|
3422
|
-
|
|
4514
|
+
import_oid4vci_common28.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
3423
4515
|
] : []);
|
|
3424
4516
|
}
|
|
3425
4517
|
isFlowTypeSupported(flowType) {
|
|
@@ -3435,17 +4527,17 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3435
4527
|
return this._state.credentialOffer;
|
|
3436
4528
|
}
|
|
3437
4529
|
version() {
|
|
3438
|
-
if (this.credentialOffer?.version && this.credentialOffer.version !==
|
|
4530
|
+
if (this.credentialOffer?.version && this.credentialOffer.version !== import_oid4vci_common28.OpenId4VCIVersion.VER_UNKNOWN) {
|
|
3439
4531
|
return this.credentialOffer.version;
|
|
3440
4532
|
}
|
|
3441
4533
|
const metadata = this._state.endpointMetadata;
|
|
3442
4534
|
if (metadata?.credentialIssuerMetadata) {
|
|
3443
|
-
const versions = (0,
|
|
3444
|
-
if (versions.length > 0 && !versions.includes(
|
|
4535
|
+
const versions = (0, import_oid4vci_common28.determineVersionsFromIssuerMetadata)(metadata.credentialIssuerMetadata);
|
|
4536
|
+
if (versions.length > 0 && !versions.includes(import_oid4vci_common28.OpenId4VCIVersion.VER_UNKNOWN)) {
|
|
3445
4537
|
return versions[0];
|
|
3446
4538
|
}
|
|
3447
4539
|
}
|
|
3448
|
-
return
|
|
4540
|
+
return import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15;
|
|
3449
4541
|
}
|
|
3450
4542
|
get endpointMetadata() {
|
|
3451
4543
|
this.assertServerMetadata();
|
|
@@ -3490,7 +4582,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3490
4582
|
if (this.endpointMetadata) {
|
|
3491
4583
|
return this.endpointMetadata.token_endpoint;
|
|
3492
4584
|
}
|
|
3493
|
-
return this.version() <=
|
|
4585
|
+
return this.version() <= import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_12 ? AccessTokenClientV1_0_11.determineTokenURL({
|
|
3494
4586
|
issuerOpts: {
|
|
3495
4587
|
issuer: this.getIssuer()
|
|
3496
4588
|
}
|
|
@@ -3562,7 +4654,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3562
4654
|
};
|
|
3563
4655
|
if (!authorizationRequestOpts) {
|
|
3564
4656
|
authorizationRequestOpts = {
|
|
3565
|
-
redirectUri: `${
|
|
4657
|
+
redirectUri: `${import_oid4vci_common28.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
3566
4658
|
};
|
|
3567
4659
|
}
|
|
3568
4660
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -3573,7 +4665,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3573
4665
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
3574
4666
|
if (authorizationResponse) {
|
|
3575
4667
|
this._state.authorizationCodeResponse = {
|
|
3576
|
-
...(0,
|
|
4668
|
+
...(0, import_oid4vci_common28.toAuthorizationResponsePayload)(authorizationResponse)
|
|
3577
4669
|
};
|
|
3578
4670
|
} else if (code) {
|
|
3579
4671
|
this._state.authorizationCodeResponse = {
|
|
@@ -3582,19 +4674,65 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3582
4674
|
}
|
|
3583
4675
|
return this._state.authorizationCodeResponse?.code ?? this._state.authorizationCodeResponse?.authorization_code;
|
|
3584
4676
|
}, "getAuthorizationCode");
|
|
4677
|
+
hasNonceEndpoint() {
|
|
4678
|
+
const endpoint = this._state.endpointMetadata?.credentialIssuerMetadata?.nonce_endpoint;
|
|
4679
|
+
return typeof endpoint === "string" && endpoint.length > 0;
|
|
4680
|
+
}
|
|
4681
|
+
async acquireNonceViaV15Delegate() {
|
|
4682
|
+
const state = this._state;
|
|
4683
|
+
let v15Client;
|
|
4684
|
+
try {
|
|
4685
|
+
v15Client = await OpenID4VCIClientV1_0_15.fromState({
|
|
4686
|
+
state
|
|
4687
|
+
});
|
|
4688
|
+
} catch (e) {
|
|
4689
|
+
return Promise.reject(Error(`failed to init v15 delegate for nonce: ${String(e)}`));
|
|
4690
|
+
}
|
|
4691
|
+
try {
|
|
4692
|
+
await v15Client.acquireNonce();
|
|
4693
|
+
} catch (e) {
|
|
4694
|
+
return Promise.reject(Error(`nonce request failed: ${String(e)}`));
|
|
4695
|
+
}
|
|
4696
|
+
state.cachedCNonce = v15Client.state.cachedCNonce;
|
|
4697
|
+
}
|
|
4698
|
+
shouldRetryWithFreshNonce(err) {
|
|
4699
|
+
if (!this.hasNonceEndpoint() && this.version() !== import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15) {
|
|
4700
|
+
return false;
|
|
4701
|
+
}
|
|
4702
|
+
const status = err?.response?.status ?? err?.status;
|
|
4703
|
+
const body = err?.response?.data ?? err?.data ?? void 0;
|
|
4704
|
+
const error = typeof body?.error === "string" ? body.error : void 0;
|
|
4705
|
+
const desc = typeof body?.error_description === "string" ? body.error_description : void 0;
|
|
4706
|
+
const text = [
|
|
4707
|
+
error,
|
|
4708
|
+
desc
|
|
4709
|
+
].filter(Boolean).join(" ").toLowerCase();
|
|
4710
|
+
if (status === 400 || status === 401 || status === 403) {
|
|
4711
|
+
if (text.includes("nonce") || text.includes("c_nonce")) {
|
|
4712
|
+
return true;
|
|
4713
|
+
}
|
|
4714
|
+
if (text.includes("proof") && (text.includes("invalid") || text.includes("expired"))) {
|
|
4715
|
+
return true;
|
|
4716
|
+
}
|
|
4717
|
+
if (error === "invalid_proof" || error === "invalid_request") {
|
|
4718
|
+
return true;
|
|
4719
|
+
}
|
|
4720
|
+
}
|
|
4721
|
+
return false;
|
|
4722
|
+
}
|
|
3585
4723
|
};
|
|
3586
4724
|
|
|
3587
4725
|
// lib/OpenID4VCIClientV1_0_13.ts
|
|
3588
|
-
var
|
|
3589
|
-
var
|
|
3590
|
-
var
|
|
4726
|
+
var import_oid4vci_common29 = require("@sphereon/oid4vci-common");
|
|
4727
|
+
var import_ssi_types18 = require("@sphereon/ssi-types");
|
|
4728
|
+
var logger16 = import_ssi_types18.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
3591
4729
|
var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
3592
4730
|
static {
|
|
3593
4731
|
__name(this, "OpenID4VCIClientV1_0_13");
|
|
3594
4732
|
}
|
|
3595
4733
|
_state;
|
|
3596
4734
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, accessToken, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
3597
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
4735
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common29.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
3598
4736
|
if (!issuer) {
|
|
3599
4737
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
3600
4738
|
}
|
|
@@ -3604,10 +4742,10 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
3604
4742
|
kid,
|
|
3605
4743
|
alg,
|
|
3606
4744
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
3607
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
4745
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common29.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
3608
4746
|
pkce: {
|
|
3609
4747
|
disabled: false,
|
|
3610
|
-
codeChallengeMethod:
|
|
4748
|
+
codeChallengeMethod: import_oid4vci_common29.CodeChallengeMethod.S256,
|
|
3611
4749
|
...pkce
|
|
3612
4750
|
},
|
|
3613
4751
|
authorizationRequestOpts,
|
|
@@ -3621,7 +4759,7 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
3621
4759
|
if (!this._state.authorizationRequestOpts) {
|
|
3622
4760
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
3623
4761
|
}
|
|
3624
|
-
|
|
4762
|
+
logger16.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
3625
4763
|
}
|
|
3626
4764
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
3627
4765
|
const client = new _OpenID4VCIClientV1_0_13({
|
|
@@ -3662,12 +4800,12 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
3662
4800
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
3663
4801
|
await client.retrieveServerMetadata();
|
|
3664
4802
|
}
|
|
3665
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
4803
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common29.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
3666
4804
|
await client.createAuthorizationRequestUrl({
|
|
3667
4805
|
authorizationRequest,
|
|
3668
4806
|
pkce
|
|
3669
4807
|
});
|
|
3670
|
-
|
|
4808
|
+
logger16.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
3671
4809
|
}
|
|
3672
4810
|
return client;
|
|
3673
4811
|
}
|
|
@@ -3725,12 +4863,12 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
3725
4863
|
...opts
|
|
3726
4864
|
});
|
|
3727
4865
|
if (response.errorBody) {
|
|
3728
|
-
|
|
4866
|
+
logger16.debug(`Authorization code error:\r
|
|
3729
4867
|
${JSON.stringify(response.errorBody)}`);
|
|
3730
4868
|
const error = response.errorBody;
|
|
3731
4869
|
return Promise.reject(error);
|
|
3732
4870
|
} else if (!response.successBody) {
|
|
3733
|
-
|
|
4871
|
+
logger16.debug(`Authorization code error. No success body`);
|
|
3734
4872
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3735
4873
|
}
|
|
3736
4874
|
return {
|
|
@@ -3802,11 +4940,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3802
4940
|
}
|
|
3803
4941
|
});
|
|
3804
4942
|
if (response.errorBody) {
|
|
3805
|
-
|
|
4943
|
+
logger16.debug(`Access token error:\r
|
|
3806
4944
|
${JSON.stringify(response.errorBody)}`);
|
|
3807
4945
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3808
4946
|
} else if (!response.successBody) {
|
|
3809
|
-
|
|
4947
|
+
logger16.debug(`Access token error. No success body`);
|
|
3810
4948
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3811
4949
|
}
|
|
3812
4950
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -3831,7 +4969,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3831
4969
|
jwk,
|
|
3832
4970
|
kid
|
|
3833
4971
|
].filter((v) => v !== void 0).length > 1) {
|
|
3834
|
-
throw new Error(
|
|
4972
|
+
throw new Error(import_oid4vci_common29.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
3835
4973
|
}
|
|
3836
4974
|
if (alg) this._state.alg = alg;
|
|
3837
4975
|
if (jwk) this._state.jwk = jwk;
|
|
@@ -3845,7 +4983,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3845
4983
|
metadata: this.endpointMetadata,
|
|
3846
4984
|
version: this.version()
|
|
3847
4985
|
});
|
|
3848
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(
|
|
4986
|
+
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common29.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this.accessTokenResponse?.c_nonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
3849
4987
|
requestBuilder.withIssuerState(issuerState);
|
|
3850
4988
|
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
3851
4989
|
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
@@ -3868,7 +5006,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3868
5006
|
} else if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
3869
5007
|
let typeSupported = false;
|
|
3870
5008
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
3871
|
-
const subTypes = (0,
|
|
5009
|
+
const subTypes = (0, import_oid4vci_common29.getTypesFromCredentialSupported)(supportedCredential);
|
|
3872
5010
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
3873
5011
|
typeSupported = true;
|
|
3874
5012
|
if (supportedCredential.credential_subject_issuance) {
|
|
@@ -3884,7 +5022,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3884
5022
|
} else if (metadata.credential_configurations_supported && typeof metadata.credential_configurations_supported === "object") {
|
|
3885
5023
|
let typeSupported = false;
|
|
3886
5024
|
Object.values(metadata.credential_configurations_supported).forEach((supportedCredential) => {
|
|
3887
|
-
const subTypes = (0,
|
|
5025
|
+
const subTypes = (0, import_oid4vci_common29.getTypesFromCredentialSupported)(supportedCredential);
|
|
3888
5026
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
3889
5027
|
typeSupported = true;
|
|
3890
5028
|
}
|
|
@@ -3934,14 +5072,17 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3934
5072
|
credentialIdentifier,
|
|
3935
5073
|
subjectIssuance
|
|
3936
5074
|
});
|
|
3937
|
-
|
|
5075
|
+
if (!import_oid4vci_common29.supportedOID4VCICredentialFormat.includes(format)) {
|
|
5076
|
+
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
5077
|
+
}
|
|
5078
|
+
const response = await credentialRequestClient.acquireCredentialsUsingRequest(request, format, createDPoPOpts);
|
|
3938
5079
|
this._state.dpopResponseParams = response.params;
|
|
3939
5080
|
if (response.errorBody) {
|
|
3940
|
-
|
|
5081
|
+
logger16.debug(`Credential request error:\r
|
|
3941
5082
|
${JSON.stringify(response.errorBody)}`);
|
|
3942
5083
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3943
5084
|
} else if (!response.successBody) {
|
|
3944
|
-
|
|
5085
|
+
logger16.debug(`Credential request error. No success body`);
|
|
3945
5086
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3946
5087
|
}
|
|
3947
5088
|
return {
|
|
@@ -3956,7 +5097,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3956
5097
|
return JSON.stringify(this._state);
|
|
3957
5098
|
}
|
|
3958
5099
|
getCredentialsSupported(format) {
|
|
3959
|
-
return (0,
|
|
5100
|
+
return (0, import_oid4vci_common29.getSupportedCredentials)({
|
|
3960
5101
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
3961
5102
|
version: this.version(),
|
|
3962
5103
|
format,
|
|
@@ -3991,7 +5132,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
3991
5132
|
}*/
|
|
3992
5133
|
issuerSupportedFlowTypes() {
|
|
3993
5134
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ? [
|
|
3994
|
-
|
|
5135
|
+
import_oid4vci_common29.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
3995
5136
|
] : []);
|
|
3996
5137
|
}
|
|
3997
5138
|
isFlowTypeSupported(flowType) {
|
|
@@ -4007,7 +5148,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4007
5148
|
return this._state.credentialOffer;
|
|
4008
5149
|
}
|
|
4009
5150
|
version() {
|
|
4010
|
-
return this.credentialOffer?.version ??
|
|
5151
|
+
return this.credentialOffer?.version ?? import_oid4vci_common29.OpenId4VCIVersion.VER_1_0_13;
|
|
4011
5152
|
}
|
|
4012
5153
|
get endpointMetadata() {
|
|
4013
5154
|
this.assertServerMetadata();
|
|
@@ -4110,7 +5251,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4110
5251
|
};
|
|
4111
5252
|
if (!authorizationRequestOpts) {
|
|
4112
5253
|
authorizationRequestOpts = {
|
|
4113
|
-
redirectUri: `${
|
|
5254
|
+
redirectUri: `${import_oid4vci_common29.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
4114
5255
|
};
|
|
4115
5256
|
}
|
|
4116
5257
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -4121,7 +5262,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4121
5262
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
4122
5263
|
if (authorizationResponse) {
|
|
4123
5264
|
this._state.authorizationCodeResponse = {
|
|
4124
|
-
...(0,
|
|
5265
|
+
...(0, import_oid4vci_common29.toAuthorizationResponsePayload)(authorizationResponse)
|
|
4125
5266
|
};
|
|
4126
5267
|
} else if (code) {
|
|
4127
5268
|
this._state.authorizationCodeResponse = {
|
|
@@ -4133,16 +5274,16 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4133
5274
|
};
|
|
4134
5275
|
|
|
4135
5276
|
// lib/OpenID4VCIClientV1_0_11.ts
|
|
4136
|
-
var
|
|
4137
|
-
var
|
|
4138
|
-
var
|
|
5277
|
+
var import_oid4vci_common30 = require("@sphereon/oid4vci-common");
|
|
5278
|
+
var import_ssi_types19 = require("@sphereon/ssi-types");
|
|
5279
|
+
var logger17 = import_ssi_types19.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
4139
5280
|
var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
4140
5281
|
static {
|
|
4141
5282
|
__name(this, "OpenID4VCIClientV1_0_11");
|
|
4142
5283
|
}
|
|
4143
5284
|
_state;
|
|
4144
5285
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
4145
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
5286
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common30.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
4146
5287
|
if (!issuer) {
|
|
4147
5288
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
4148
5289
|
}
|
|
@@ -4152,10 +5293,10 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
4152
5293
|
kid,
|
|
4153
5294
|
alg,
|
|
4154
5295
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
4155
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
5296
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common30.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
4156
5297
|
pkce: {
|
|
4157
5298
|
disabled: false,
|
|
4158
|
-
codeChallengeMethod:
|
|
5299
|
+
codeChallengeMethod: import_oid4vci_common30.CodeChallengeMethod.S256,
|
|
4159
5300
|
...pkce
|
|
4160
5301
|
},
|
|
4161
5302
|
authorizationRequestOpts,
|
|
@@ -4168,7 +5309,7 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
4168
5309
|
if (!this._state.authorizationRequestOpts) {
|
|
4169
5310
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
4170
5311
|
}
|
|
4171
|
-
|
|
5312
|
+
logger17.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
4172
5313
|
}
|
|
4173
5314
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
4174
5315
|
const client = new _OpenID4VCIClientV1_0_11({
|
|
@@ -4209,12 +5350,12 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
4209
5350
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
4210
5351
|
await client.retrieveServerMetadata();
|
|
4211
5352
|
}
|
|
4212
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
5353
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common30.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
4213
5354
|
await client.createAuthorizationRequestUrl({
|
|
4214
5355
|
authorizationRequest,
|
|
4215
5356
|
pkce
|
|
4216
5357
|
});
|
|
4217
|
-
|
|
5358
|
+
logger17.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
4218
5359
|
}
|
|
4219
5360
|
return client;
|
|
4220
5361
|
}
|
|
@@ -4271,12 +5412,12 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
4271
5412
|
...opts
|
|
4272
5413
|
});
|
|
4273
5414
|
if (response.errorBody) {
|
|
4274
|
-
|
|
5415
|
+
logger17.debug(`Authorization code error:\r
|
|
4275
5416
|
${JSON.stringify(response.errorBody)}`);
|
|
4276
5417
|
const error = response.errorBody;
|
|
4277
5418
|
return Promise.reject(error);
|
|
4278
5419
|
} else if (!response.successBody) {
|
|
4279
|
-
|
|
5420
|
+
logger17.debug(`Authorization code error. No success body`);
|
|
4280
5421
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
4281
5422
|
}
|
|
4282
5423
|
return {
|
|
@@ -4348,11 +5489,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4348
5489
|
}
|
|
4349
5490
|
});
|
|
4350
5491
|
if (response.errorBody) {
|
|
4351
|
-
|
|
5492
|
+
logger17.debug(`Access token error:\r
|
|
4352
5493
|
${JSON.stringify(response.errorBody)}`);
|
|
4353
5494
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4354
5495
|
} else if (!response.successBody) {
|
|
4355
|
-
|
|
5496
|
+
logger17.debug(`Access token error. No success body`);
|
|
4356
5497
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4357
5498
|
}
|
|
4358
5499
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -4371,7 +5512,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4371
5512
|
jwk,
|
|
4372
5513
|
kid
|
|
4373
5514
|
].filter((v) => v !== void 0).length > 1) {
|
|
4374
|
-
throw new Error(
|
|
5515
|
+
throw new Error(import_oid4vci_common30.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
4375
5516
|
}
|
|
4376
5517
|
if (alg) this._state.alg = alg;
|
|
4377
5518
|
if (jwk) this._state.jwk = jwk;
|
|
@@ -4395,7 +5536,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4395
5536
|
if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
4396
5537
|
let typeSupported = false;
|
|
4397
5538
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
4398
|
-
const subTypes = (0,
|
|
5539
|
+
const subTypes = (0, import_oid4vci_common30.getTypesFromCredentialSupported)(supportedCredential);
|
|
4399
5540
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
4400
5541
|
typeSupported = true;
|
|
4401
5542
|
}
|
|
@@ -4437,11 +5578,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4437
5578
|
});
|
|
4438
5579
|
this._state.dpopResponseParams = response.params;
|
|
4439
5580
|
if (response.errorBody) {
|
|
4440
|
-
|
|
5581
|
+
logger17.debug(`Credential request error:\r
|
|
4441
5582
|
${JSON.stringify(response.errorBody)}`);
|
|
4442
5583
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4443
5584
|
} else if (!response.successBody) {
|
|
4444
|
-
|
|
5585
|
+
logger17.debug(`Credential request error. No success body`);
|
|
4445
5586
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4446
5587
|
}
|
|
4447
5588
|
return {
|
|
@@ -4459,7 +5600,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4459
5600
|
// When < v11 convert into a v12 object. When v12 object retain it.
|
|
4460
5601
|
// Then match the object array on server metadata
|
|
4461
5602
|
getCredentialsSupportedV11(restrictToInitiationTypes, format) {
|
|
4462
|
-
return (0,
|
|
5603
|
+
return (0, import_oid4vci_common30.getSupportedCredentials)({
|
|
4463
5604
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
4464
5605
|
version: this.version(),
|
|
4465
5606
|
format,
|
|
@@ -4467,7 +5608,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4467
5608
|
});
|
|
4468
5609
|
}
|
|
4469
5610
|
getCredentialsSupported(format) {
|
|
4470
|
-
return (0,
|
|
5611
|
+
return (0, import_oid4vci_common30.getSupportedCredentials)({
|
|
4471
5612
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
4472
5613
|
version: this.version(),
|
|
4473
5614
|
format,
|
|
@@ -4477,7 +5618,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4477
5618
|
getCredentialOfferTypes() {
|
|
4478
5619
|
if (!this.credentialOffer) {
|
|
4479
5620
|
return [];
|
|
4480
|
-
} else if (this.credentialOffer.version <
|
|
5621
|
+
} else if (this.credentialOffer.version < import_oid4vci_common30.OpenId4VCIVersion.VER_1_0_11) {
|
|
4481
5622
|
const orig = this.credentialOffer.original_credential_offer;
|
|
4482
5623
|
const types = typeof orig.credential_type === "string" ? [
|
|
4483
5624
|
orig.credential_type
|
|
@@ -4485,14 +5626,14 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4485
5626
|
const result = [];
|
|
4486
5627
|
result[0] = types;
|
|
4487
5628
|
return result;
|
|
4488
|
-
} else if (this.credentialOffer.version <
|
|
4489
|
-
return this.credentialOffer.credential_offer.credentials.map((c) => (0,
|
|
5629
|
+
} else if (this.credentialOffer.version < import_oid4vci_common30.OpenId4VCIVersion.VER_1_0_13) {
|
|
5630
|
+
return this.credentialOffer.credential_offer.credentials.map((c) => (0, import_oid4vci_common30.getTypesFromObject)(c) ?? []);
|
|
4490
5631
|
}
|
|
4491
5632
|
throw Error(`This class only supports version 11 and lower! Version: ${this.version()}`);
|
|
4492
5633
|
}
|
|
4493
5634
|
issuerSupportedFlowTypes() {
|
|
4494
5635
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ? [
|
|
4495
|
-
|
|
5636
|
+
import_oid4vci_common30.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
4496
5637
|
] : []);
|
|
4497
5638
|
}
|
|
4498
5639
|
isFlowTypeSupported(flowType) {
|
|
@@ -4508,7 +5649,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4508
5649
|
return this._state.credentialOffer;
|
|
4509
5650
|
}
|
|
4510
5651
|
version() {
|
|
4511
|
-
return this.credentialOffer?.version ??
|
|
5652
|
+
return this.credentialOffer?.version ?? import_oid4vci_common30.OpenId4VCIVersion.VER_1_0_11;
|
|
4512
5653
|
}
|
|
4513
5654
|
get endpointMetadata() {
|
|
4514
5655
|
this.assertServerMetadata();
|
|
@@ -4604,7 +5745,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4604
5745
|
};
|
|
4605
5746
|
if (!authorizationRequestOpts) {
|
|
4606
5747
|
authorizationRequestOpts = {
|
|
4607
|
-
redirectUri: `${
|
|
5748
|
+
redirectUri: `${import_oid4vci_common30.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
4608
5749
|
};
|
|
4609
5750
|
}
|
|
4610
5751
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -4615,7 +5756,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4615
5756
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
4616
5757
|
if (authorizationResponse) {
|
|
4617
5758
|
this._state.authorizationCodeResponse = {
|
|
4618
|
-
...(0,
|
|
5759
|
+
...(0, import_oid4vci_common30.toAuthorizationResponsePayload)(authorizationResponse)
|
|
4619
5760
|
};
|
|
4620
5761
|
} else if (code) {
|
|
4621
5762
|
this._state.authorizationCodeResponse = {
|
|
@@ -4627,5 +5768,5 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4627
5768
|
};
|
|
4628
5769
|
|
|
4629
5770
|
// lib/index.ts
|
|
4630
|
-
var LOG2 =
|
|
5771
|
+
var LOG2 = import_oid4vci_common31.VCI_LOGGERS.get("sphereon:oid4vci:client");
|
|
4631
5772
|
//# sourceMappingURL=index.cjs.map
|