@sphereon/oid4vci-client 0.19.1-feature.SSISDK.26.27 → 0.19.1-fix.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +469 -1608
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +27 -243
- package/dist/index.d.ts +27 -243
- package/dist/index.js +397 -1536
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
package/dist/index.cjs
CHANGED
|
@@ -26,22 +26,18 @@ __export(index_exports, {
|
|
|
26
26
|
CredentialOfferClient: () => CredentialOfferClient,
|
|
27
27
|
CredentialOfferClientV1_0_11: () => CredentialOfferClientV1_0_11,
|
|
28
28
|
CredentialOfferClientV1_0_13: () => CredentialOfferClientV1_0_13,
|
|
29
|
-
CredentialOfferClientV1_0_15: () => CredentialOfferClientV1_0_15,
|
|
30
29
|
CredentialRequestClient: () => CredentialRequestClient,
|
|
31
30
|
CredentialRequestClientBuilder: () => CredentialRequestClientBuilder,
|
|
32
31
|
CredentialRequestClientBuilderV1_0_11: () => CredentialRequestClientBuilderV1_0_11,
|
|
33
32
|
CredentialRequestClientBuilderV1_0_13: () => CredentialRequestClientBuilderV1_0_13,
|
|
34
|
-
CredentialRequestClientBuilderV1_0_15: () => CredentialRequestClientBuilderV1_0_15,
|
|
35
33
|
CredentialRequestClientV1_0_11: () => CredentialRequestClientV1_0_11,
|
|
36
34
|
LOG: () => LOG2,
|
|
37
35
|
MetadataClient: () => MetadataClient,
|
|
38
36
|
MetadataClientV1_0_11: () => MetadataClientV1_0_11,
|
|
39
37
|
MetadataClientV1_0_13: () => MetadataClientV1_0_13,
|
|
40
|
-
MetadataClientV1_0_15: () => MetadataClientV1_0_15,
|
|
41
38
|
OpenID4VCIClient: () => OpenID4VCIClient,
|
|
42
39
|
OpenID4VCIClientV1_0_11: () => OpenID4VCIClientV1_0_11,
|
|
43
40
|
OpenID4VCIClientV1_0_13: () => OpenID4VCIClientV1_0_13,
|
|
44
|
-
OpenID4VCIClientV1_0_15: () => OpenID4VCIClientV1_0_15,
|
|
45
41
|
ProofOfPossessionBuilder: () => ProofOfPossessionBuilder,
|
|
46
42
|
acquireAuthorizationChallengeAuthCode: () => acquireAuthorizationChallengeAuthCode,
|
|
47
43
|
acquireAuthorizationChallengeAuthCodeUsingRequest: () => acquireAuthorizationChallengeAuthCodeUsingRequest,
|
|
@@ -60,7 +56,7 @@ __export(index_exports, {
|
|
|
60
56
|
sendNotification: () => sendNotification
|
|
61
57
|
});
|
|
62
58
|
module.exports = __toCommonJS(index_exports);
|
|
63
|
-
var
|
|
59
|
+
var import_oid4vci_common26 = require("@sphereon/oid4vci-common");
|
|
64
60
|
|
|
65
61
|
// lib/AccessTokenClient.ts
|
|
66
62
|
var import_oid4vc_common3 = require("@sphereon/oid4vc-common");
|
|
@@ -1064,13 +1060,13 @@ var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
|
1064
1060
|
};
|
|
1065
1061
|
|
|
1066
1062
|
// lib/AuthorizationCodeClient.ts
|
|
1067
|
-
var import_oid4vci_common14 = require("@sphereon/oid4vci-common");
|
|
1068
|
-
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1069
|
-
|
|
1070
|
-
// lib/MetadataClient.ts
|
|
1071
1063
|
var import_oid4vci_common13 = require("@sphereon/oid4vci-common");
|
|
1072
1064
|
var import_ssi_types8 = require("@sphereon/ssi-types");
|
|
1073
1065
|
|
|
1066
|
+
// lib/MetadataClient.ts
|
|
1067
|
+
var import_oid4vci_common12 = require("@sphereon/oid4vci-common");
|
|
1068
|
+
var import_ssi_types7 = require("@sphereon/ssi-types");
|
|
1069
|
+
|
|
1074
1070
|
// lib/MetadataClientV1_0_11.ts
|
|
1075
1071
|
var import_oid4vci_common11 = require("@sphereon/oid4vci-common");
|
|
1076
1072
|
var import_ssi_types6 = require("@sphereon/ssi-types");
|
|
@@ -1232,183 +1228,8 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1232
1228
|
}
|
|
1233
1229
|
};
|
|
1234
1230
|
|
|
1235
|
-
// lib/MetadataClientV1_0_15.ts
|
|
1236
|
-
var import_oid4vci_common12 = require("@sphereon/oid4vci-common");
|
|
1237
|
-
var import_ssi_types7 = require("@sphereon/ssi-types");
|
|
1238
|
-
var logger5 = import_ssi_types7.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1239
|
-
var MetadataClientV1_0_15 = class _MetadataClientV1_0_15 {
|
|
1240
|
-
static {
|
|
1241
|
-
__name(this, "MetadataClientV1_0_15");
|
|
1242
|
-
}
|
|
1243
|
-
/**
|
|
1244
|
-
* Retrieve metadata using the Initiation obtained from a previous step
|
|
1245
|
-
*
|
|
1246
|
-
* @param credentialOffer
|
|
1247
|
-
*/
|
|
1248
|
-
static async retrieveAllMetadataFromCredentialOffer(credentialOffer) {
|
|
1249
|
-
return _MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOfferRequest(credentialOffer.credential_offer);
|
|
1250
|
-
}
|
|
1251
|
-
/**
|
|
1252
|
-
* Retrieve the metada using the initiation request obtained from a previous step
|
|
1253
|
-
* @param request
|
|
1254
|
-
*/
|
|
1255
|
-
static async retrieveAllMetadataFromCredentialOfferRequest(request) {
|
|
1256
|
-
const issuer = (0, import_oid4vci_common12.getIssuerFromCredentialOfferPayload)(request);
|
|
1257
|
-
if (issuer) {
|
|
1258
|
-
return _MetadataClientV1_0_15.retrieveAllMetadata(issuer);
|
|
1259
|
-
}
|
|
1260
|
-
throw new Error("can't retrieve metadata from CredentialOfferRequest. No issuer field is present");
|
|
1261
|
-
}
|
|
1262
|
-
/**
|
|
1263
|
-
* Retrieve all metadata from an issuer
|
|
1264
|
-
* @param issuer The issuer URL
|
|
1265
|
-
* @param opts
|
|
1266
|
-
*/
|
|
1267
|
-
static async retrieveAllMetadata(issuer, opts) {
|
|
1268
|
-
let token_endpoint;
|
|
1269
|
-
let credential_endpoint;
|
|
1270
|
-
let nonce_endpoint;
|
|
1271
|
-
let deferred_credential_endpoint;
|
|
1272
|
-
let authorization_endpoint;
|
|
1273
|
-
let authorization_challenge_endpoint;
|
|
1274
|
-
let authorizationServerType = "OID4VCI";
|
|
1275
|
-
let authorization_servers = [
|
|
1276
|
-
issuer
|
|
1277
|
-
];
|
|
1278
|
-
const oid4vciResponse = await _MetadataClientV1_0_15.retrieveOpenID4VCIServerMetadata(issuer, {
|
|
1279
|
-
errorOnNotFound: false
|
|
1280
|
-
});
|
|
1281
|
-
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1282
|
-
if (credentialIssuerMetadata) {
|
|
1283
|
-
logger5.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1284
|
-
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1285
|
-
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1286
|
-
nonce_endpoint = credentialIssuerMetadata.nonce_endpoint;
|
|
1287
|
-
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint;
|
|
1288
|
-
if (credentialIssuerMetadata.token_endpoint) {
|
|
1289
|
-
token_endpoint = credentialIssuerMetadata.token_endpoint;
|
|
1290
|
-
}
|
|
1291
|
-
authorization_challenge_endpoint = credentialIssuerMetadata.authorization_challenge_endpoint;
|
|
1292
|
-
if (credentialIssuerMetadata.authorization_servers) {
|
|
1293
|
-
authorization_servers = credentialIssuerMetadata.authorization_servers;
|
|
1294
|
-
}
|
|
1295
|
-
}
|
|
1296
|
-
let response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OPENID_CONFIGURATION, {
|
|
1297
|
-
errorOnNotFound: false
|
|
1298
|
-
});
|
|
1299
|
-
let authMetadata = response.successBody;
|
|
1300
|
-
if (authMetadata) {
|
|
1301
|
-
logger5.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1302
|
-
authorizationServerType = "OIDC";
|
|
1303
|
-
} else {
|
|
1304
|
-
response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OAUTH_AS, {
|
|
1305
|
-
errorOnNotFound: false
|
|
1306
|
-
});
|
|
1307
|
-
authMetadata = response.successBody;
|
|
1308
|
-
}
|
|
1309
|
-
if (!authMetadata) {
|
|
1310
|
-
if (!authorization_servers.includes(issuer)) {
|
|
1311
|
-
throw Error(`Issuer ${issuer} provided a separate authorization server ${authorization_servers}, but that server did not provide metadata`);
|
|
1312
|
-
}
|
|
1313
|
-
} else {
|
|
1314
|
-
if (!authorizationServerType) {
|
|
1315
|
-
authorizationServerType = "OAuth 2.0";
|
|
1316
|
-
}
|
|
1317
|
-
logger5.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1318
|
-
if (!authMetadata.authorization_endpoint) {
|
|
1319
|
-
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1320
|
-
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
1321
|
-
throw Error(`Credential issuer has a different authorization_endpoint (${authorization_endpoint}) from the Authorization Server (${authMetadata.authorization_endpoint})`);
|
|
1322
|
-
}
|
|
1323
|
-
authorization_endpoint = authMetadata.authorization_endpoint;
|
|
1324
|
-
if (authorization_challenge_endpoint && authMetadata.authorization_challenge_endpoint !== authorization_challenge_endpoint) {
|
|
1325
|
-
throw Error(`Credential issuer has a different authorization_challenge_endpoint (${authorization_challenge_endpoint}) from the Authorization Server (${authMetadata.authorization_challenge_endpoint})`);
|
|
1326
|
-
}
|
|
1327
|
-
authorization_challenge_endpoint = authMetadata.authorization_challenge_endpoint;
|
|
1328
|
-
if (!authMetadata.token_endpoint) {
|
|
1329
|
-
throw Error(`Authorization Server ${authorization_servers} did not provide a token_endpoint`);
|
|
1330
|
-
} else if (token_endpoint && authMetadata.token_endpoint !== token_endpoint) {
|
|
1331
|
-
throw Error(`Credential issuer has a different token_endpoint (${token_endpoint}) from the Authorization Server (${authMetadata.token_endpoint})`);
|
|
1332
|
-
}
|
|
1333
|
-
token_endpoint = authMetadata.token_endpoint;
|
|
1334
|
-
if (authMetadata.credential_endpoint) {
|
|
1335
|
-
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1336
|
-
logger5.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1337
|
-
} else {
|
|
1338
|
-
credential_endpoint = authMetadata.credential_endpoint;
|
|
1339
|
-
}
|
|
1340
|
-
}
|
|
1341
|
-
if (authMetadata.deferred_credential_endpoint) {
|
|
1342
|
-
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1343
|
-
logger5.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1344
|
-
} else {
|
|
1345
|
-
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1346
|
-
}
|
|
1347
|
-
}
|
|
1348
|
-
}
|
|
1349
|
-
if (!authorization_endpoint) {
|
|
1350
|
-
logger5.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1351
|
-
}
|
|
1352
|
-
if (!token_endpoint) {
|
|
1353
|
-
logger5.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1354
|
-
if (opts?.errorOnNotFound) {
|
|
1355
|
-
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1356
|
-
} else {
|
|
1357
|
-
token_endpoint = `${issuer}${issuer.endsWith("/") ? "token" : "/token"}`;
|
|
1358
|
-
}
|
|
1359
|
-
}
|
|
1360
|
-
if (!credential_endpoint) {
|
|
1361
|
-
logger5.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1362
|
-
if (opts?.errorOnNotFound) {
|
|
1363
|
-
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1364
|
-
} else {
|
|
1365
|
-
credential_endpoint = `${issuer}${issuer.endsWith("/") ? "credential" : "/credential"}`;
|
|
1366
|
-
}
|
|
1367
|
-
}
|
|
1368
|
-
if (!credentialIssuerMetadata && authMetadata) {
|
|
1369
|
-
credentialIssuerMetadata = authMetadata;
|
|
1370
|
-
}
|
|
1371
|
-
const ci = credentialIssuerMetadata ?? {};
|
|
1372
|
-
const ciAuthorizationServers = Array.isArray(ci.authorization_servers) && ci.authorization_servers.length > 0 ? ci.authorization_servers : authorization_servers;
|
|
1373
|
-
const v15CredentialIssuerMetadata = {
|
|
1374
|
-
credential_issuer: ci.credential_issuer ?? issuer,
|
|
1375
|
-
credential_endpoint,
|
|
1376
|
-
authorization_servers: ciAuthorizationServers,
|
|
1377
|
-
credential_configurations_supported: ci.credential_configurations_supported ?? {},
|
|
1378
|
-
display: ci.display ?? [],
|
|
1379
|
-
...nonce_endpoint && {
|
|
1380
|
-
nonce_endpoint
|
|
1381
|
-
},
|
|
1382
|
-
...deferred_credential_endpoint && {
|
|
1383
|
-
deferred_credential_endpoint
|
|
1384
|
-
}
|
|
1385
|
-
};
|
|
1386
|
-
logger5.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1387
|
-
return {
|
|
1388
|
-
issuer,
|
|
1389
|
-
token_endpoint,
|
|
1390
|
-
credential_endpoint,
|
|
1391
|
-
authorization_challenge_endpoint,
|
|
1392
|
-
authorizationServerType,
|
|
1393
|
-
credentialIssuerMetadata: v15CredentialIssuerMetadata,
|
|
1394
|
-
authorizationServerMetadata: authMetadata
|
|
1395
|
-
};
|
|
1396
|
-
}
|
|
1397
|
-
/**
|
|
1398
|
-
* Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata
|
|
1399
|
-
*
|
|
1400
|
-
* @param issuerHost The issuer hostname
|
|
1401
|
-
* @param opts
|
|
1402
|
-
*/
|
|
1403
|
-
static async retrieveOpenID4VCIServerMetadata(issuerHost, opts) {
|
|
1404
|
-
return retrieveWellknown(issuerHost, import_oid4vci_common12.WellKnownEndpoints.OPENID4VCI_ISSUER, {
|
|
1405
|
-
errorOnNotFound: opts?.errorOnNotFound === void 0 ? true : opts.errorOnNotFound
|
|
1406
|
-
});
|
|
1407
|
-
}
|
|
1408
|
-
};
|
|
1409
|
-
|
|
1410
1231
|
// lib/MetadataClient.ts
|
|
1411
|
-
var
|
|
1232
|
+
var logger5 = import_ssi_types7.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1412
1233
|
var MetadataClient = class _MetadataClient {
|
|
1413
1234
|
static {
|
|
1414
1235
|
__name(this, "MetadataClient");
|
|
@@ -1419,9 +1240,7 @@ var MetadataClient = class _MetadataClient {
|
|
|
1419
1240
|
* @param credentialOffer
|
|
1420
1241
|
*/
|
|
1421
1242
|
static async retrieveAllMetadataFromCredentialOffer(credentialOffer) {
|
|
1422
|
-
if ((0,
|
|
1423
|
-
return await MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
1424
|
-
} else if ((0, import_oid4vci_common13.determineSpecVersionFromOffer)(credentialOffer.credential_offer) >= import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13) {
|
|
1243
|
+
if ((0, import_oid4vci_common12.determineSpecVersionFromOffer)(credentialOffer.credential_offer) >= import_oid4vci_common12.OpenId4VCIVersion.VER_1_0_13) {
|
|
1425
1244
|
return await MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
1426
1245
|
} else {
|
|
1427
1246
|
return await MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
@@ -1432,11 +1251,9 @@ var MetadataClient = class _MetadataClient {
|
|
|
1432
1251
|
* @param request
|
|
1433
1252
|
*/
|
|
1434
1253
|
static async retrieveAllMetadataFromCredentialOfferRequest(request) {
|
|
1435
|
-
const issuer = (0,
|
|
1254
|
+
const issuer = (0, import_oid4vci_common12.getIssuerFromCredentialOfferPayload)(request);
|
|
1436
1255
|
if (issuer) {
|
|
1437
|
-
if ((0,
|
|
1438
|
-
return MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
1439
|
-
} else if ((0, import_oid4vci_common13.determineSpecVersionFromOffer)(request) >= import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13) {
|
|
1256
|
+
if ((0, import_oid4vci_common12.determineSpecVersionFromOffer)(request) >= import_oid4vci_common12.OpenId4VCIVersion.VER_1_0_13) {
|
|
1440
1257
|
return MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
1441
1258
|
} else {
|
|
1442
1259
|
return MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
@@ -1465,7 +1282,7 @@ var MetadataClient = class _MetadataClient {
|
|
|
1465
1282
|
});
|
|
1466
1283
|
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1467
1284
|
if (credentialIssuerMetadata) {
|
|
1468
|
-
|
|
1285
|
+
logger5.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1469
1286
|
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1470
1287
|
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1471
1288
|
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint ? credentialIssuerMetadata.deferred_credential_endpoint : void 0;
|
|
@@ -1482,15 +1299,15 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1482
1299
|
];
|
|
1483
1300
|
}
|
|
1484
1301
|
}
|
|
1485
|
-
let response = await retrieveWellknown(authorization_servers[0],
|
|
1302
|
+
let response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OPENID_CONFIGURATION, {
|
|
1486
1303
|
errorOnNotFound: false
|
|
1487
1304
|
});
|
|
1488
1305
|
let authMetadata = response.successBody;
|
|
1489
1306
|
if (authMetadata) {
|
|
1490
|
-
|
|
1307
|
+
logger5.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1491
1308
|
authorizationServerType = "OIDC";
|
|
1492
1309
|
} else {
|
|
1493
|
-
response = await retrieveWellknown(authorization_servers[0],
|
|
1310
|
+
response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OAUTH_AS, {
|
|
1494
1311
|
errorOnNotFound: false
|
|
1495
1312
|
});
|
|
1496
1313
|
authMetadata = response.successBody;
|
|
@@ -1503,7 +1320,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1503
1320
|
if (!authorizationServerType) {
|
|
1504
1321
|
authorizationServerType = "OAuth 2.0";
|
|
1505
1322
|
}
|
|
1506
|
-
|
|
1323
|
+
logger5.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1507
1324
|
if (!authMetadata.authorization_endpoint) {
|
|
1508
1325
|
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1509
1326
|
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
@@ -1522,24 +1339,24 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1522
1339
|
token_endpoint = authMetadata.token_endpoint;
|
|
1523
1340
|
if (authMetadata.credential_endpoint) {
|
|
1524
1341
|
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1525
|
-
|
|
1342
|
+
logger5.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1526
1343
|
} else {
|
|
1527
1344
|
credential_endpoint = authMetadata.credential_endpoint;
|
|
1528
1345
|
}
|
|
1529
1346
|
}
|
|
1530
1347
|
if (authMetadata.deferred_credential_endpoint) {
|
|
1531
1348
|
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1532
|
-
|
|
1349
|
+
logger5.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1533
1350
|
} else {
|
|
1534
1351
|
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1535
1352
|
}
|
|
1536
1353
|
}
|
|
1537
1354
|
}
|
|
1538
1355
|
if (!authorization_endpoint) {
|
|
1539
|
-
|
|
1356
|
+
logger5.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1540
1357
|
}
|
|
1541
1358
|
if (!token_endpoint) {
|
|
1542
|
-
|
|
1359
|
+
logger5.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1543
1360
|
if (opts?.errorOnNotFound) {
|
|
1544
1361
|
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1545
1362
|
} else {
|
|
@@ -1547,7 +1364,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1547
1364
|
}
|
|
1548
1365
|
}
|
|
1549
1366
|
if (!credential_endpoint) {
|
|
1550
|
-
|
|
1367
|
+
logger5.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1551
1368
|
if (opts?.errorOnNotFound) {
|
|
1552
1369
|
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1553
1370
|
} else {
|
|
@@ -1557,7 +1374,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1557
1374
|
if (!credentialIssuerMetadata && authMetadata) {
|
|
1558
1375
|
credentialIssuerMetadata = authorization_server ? authMetadata : authMetadata;
|
|
1559
1376
|
}
|
|
1560
|
-
|
|
1377
|
+
logger5.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1561
1378
|
return {
|
|
1562
1379
|
issuer,
|
|
1563
1380
|
token_endpoint,
|
|
@@ -1582,18 +1399,18 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1582
1399
|
* @param opts
|
|
1583
1400
|
*/
|
|
1584
1401
|
static async retrieveOpenID4VCIServerMetadata(issuerHost, opts) {
|
|
1585
|
-
return retrieveWellknown(issuerHost,
|
|
1402
|
+
return retrieveWellknown(issuerHost, import_oid4vci_common12.WellKnownEndpoints.OPENID4VCI_ISSUER, {
|
|
1586
1403
|
errorOnNotFound: opts?.errorOnNotFound === void 0 ? true : opts.errorOnNotFound
|
|
1587
1404
|
});
|
|
1588
1405
|
}
|
|
1589
1406
|
};
|
|
1590
1407
|
|
|
1591
1408
|
// lib/AuthorizationCodeClient.ts
|
|
1592
|
-
var
|
|
1409
|
+
var logger6 = import_ssi_types8.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
1593
1410
|
async function createSignedAuthRequestWhenNeeded(requestObject, opts) {
|
|
1594
|
-
if (opts.requestObjectMode ===
|
|
1411
|
+
if (opts.requestObjectMode === import_oid4vci_common13.CreateRequestObjectMode.REQUEST_URI) {
|
|
1595
1412
|
throw Error(`Request Object Mode ${opts.requestObjectMode} is not supported yet`);
|
|
1596
|
-
} else if (opts.requestObjectMode ===
|
|
1413
|
+
} else if (opts.requestObjectMode === import_oid4vci_common13.CreateRequestObjectMode.REQUEST_OBJECT) {
|
|
1597
1414
|
if (typeof opts.signCallbacks?.signCallback !== "function") {
|
|
1598
1415
|
throw Error(`No request object sign callback found, whilst request object mode was set to ${opts.requestObjectMode}`);
|
|
1599
1416
|
} else if (!opts.kid) {
|
|
@@ -1632,7 +1449,7 @@ async function createSignedAuthRequestWhenNeeded(requestObject, opts) {
|
|
|
1632
1449
|
const pop = await ProofOfPossessionBuilder.fromJwt({
|
|
1633
1450
|
jwt,
|
|
1634
1451
|
callbacks: opts.signCallbacks,
|
|
1635
|
-
version:
|
|
1452
|
+
version: import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_11,
|
|
1636
1453
|
mode: "JWT"
|
|
1637
1454
|
}).build();
|
|
1638
1455
|
requestObject["request"] = pop.jwt;
|
|
@@ -1670,12 +1487,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1670
1487
|
}
|
|
1671
1488
|
__name(removeDisplayAndValueTypes, "removeDisplayAndValueTypes");
|
|
1672
1489
|
const { redirectUri, requestObjectOpts = {
|
|
1673
|
-
requestObjectMode:
|
|
1490
|
+
requestObjectMode: import_oid4vci_common13.CreateRequestObjectMode.NONE
|
|
1674
1491
|
} } = authorizationRequest;
|
|
1675
1492
|
const client_id = clientId ?? authorizationRequest.clientId;
|
|
1676
1493
|
const authorizationMetadata = endpointMetadata.authorizationServerMetadata ?? endpointMetadata.credentialIssuerMetadata;
|
|
1677
1494
|
let { authorizationDetails } = authorizationRequest;
|
|
1678
|
-
const parMode = authorizationMetadata?.require_pushed_authorization_requests ?
|
|
1495
|
+
const parMode = authorizationMetadata?.require_pushed_authorization_requests ? import_oid4vci_common13.PARMode.REQUIRE : authorizationRequest.parMode ?? (client_id ? import_oid4vci_common13.PARMode.AUTO : import_oid4vci_common13.PARMode.NEVER);
|
|
1679
1496
|
if (!authorizationRequest.scope && !authorizationDetails) {
|
|
1680
1497
|
if (!credentialOffer) {
|
|
1681
1498
|
throw Error("Please provide a scope or authorization_details if no credential offer is present");
|
|
@@ -1683,8 +1500,8 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1683
1500
|
if ("credentials" in credentialOffer.credential_offer) {
|
|
1684
1501
|
throw new Error("CredentialOffer format is wrong.");
|
|
1685
1502
|
}
|
|
1686
|
-
const ver = version ?? (0,
|
|
1687
|
-
const creds = ver ===
|
|
1503
|
+
const ver = version ?? (0, import_oid4vci_common13.determineSpecVersionFromOffer)(credentialOffer.credential_offer) ?? import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13;
|
|
1504
|
+
const creds = ver === import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13 ? filterSupportedCredentials(credentialOffer.credential_offer, credentialConfigurationSupported) : [];
|
|
1688
1505
|
authorizationDetails = creds.flatMap((cred) => {
|
|
1689
1506
|
const locations = [
|
|
1690
1507
|
credentialOffer?.credential_offer.credential_issuer ?? endpointMetadata.issuer
|
|
@@ -1694,10 +1511,10 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1694
1511
|
if (!credential_configuration_id && !cred.format) {
|
|
1695
1512
|
throw Error("format is required in authorization details");
|
|
1696
1513
|
}
|
|
1697
|
-
const vct = cred.format === "
|
|
1514
|
+
const vct = cred.format === "vc+sd-jwt" ? cred.vct : void 0;
|
|
1698
1515
|
const doctype = cred.format === "mso_mdoc" ? cred.doctype : void 0;
|
|
1699
1516
|
let credential_definition = void 0;
|
|
1700
|
-
if ((0,
|
|
1517
|
+
if ((0, import_oid4vci_common13.isW3cCredentialSupported)(cred)) {
|
|
1701
1518
|
credential_definition = {
|
|
1702
1519
|
...cred.credential_definition,
|
|
1703
1520
|
// type: OPTIONAL. Array as defined in Appendix A.1.1.2. This claim contains the type values the Wallet requests authorization for at the Credential Issuer. It MUST be present if the claim format is present in the root of the authorization details object. It MUST not be present otherwise.
|
|
@@ -1732,15 +1549,14 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1732
1549
|
throw Error(`Could not create authorization details from credential offer. Please pass in explicit details`);
|
|
1733
1550
|
}
|
|
1734
1551
|
}
|
|
1735
|
-
|
|
1736
|
-
if (!authorizationEndpoint) {
|
|
1552
|
+
if (!endpointMetadata?.authorization_endpoint) {
|
|
1737
1553
|
throw Error("Server metadata does not contain authorization endpoint");
|
|
1738
1554
|
}
|
|
1739
1555
|
const parEndpoint = authorizationMetadata?.pushed_authorization_request_endpoint;
|
|
1740
1556
|
let queryObj = {
|
|
1741
|
-
response_type:
|
|
1557
|
+
response_type: import_oid4vci_common13.ResponseType.AUTH_CODE,
|
|
1742
1558
|
...!pkce.disabled && {
|
|
1743
|
-
code_challenge_method: pkce.codeChallengeMethod ??
|
|
1559
|
+
code_challenge_method: pkce.codeChallengeMethod ?? import_oid4vci_common13.CodeChallengeMethod.S256,
|
|
1744
1560
|
code_challenge: pkce.codeChallenge
|
|
1745
1561
|
},
|
|
1746
1562
|
authorization_details: JSON.stringify(handleAuthorizationDetails(endpointMetadata, authorizationDetails)),
|
|
@@ -1758,12 +1574,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1758
1574
|
if (credentialOffer?.issuerState) {
|
|
1759
1575
|
queryObj.state = credentialOffer?.issuerState;
|
|
1760
1576
|
}
|
|
1761
|
-
if (!parEndpoint && parMode ===
|
|
1577
|
+
if (!parEndpoint && parMode === import_oid4vci_common13.PARMode.REQUIRE) {
|
|
1762
1578
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1763
|
-
} else if (parEndpoint && parMode !==
|
|
1764
|
-
|
|
1765
|
-
const parResponse = await (0,
|
|
1766
|
-
mode:
|
|
1579
|
+
} else if (parEndpoint && parMode !== import_oid4vci_common13.PARMode.NEVER) {
|
|
1580
|
+
logger6.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1581
|
+
const parResponse = await (0, import_oid4vci_common13.formPost)(parEndpoint, (0, import_oid4vci_common13.convertJsonToURI)(queryObj, {
|
|
1582
|
+
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
1767
1583
|
uriTypeProperties: [
|
|
1768
1584
|
"client_id",
|
|
1769
1585
|
"request_uri",
|
|
@@ -1778,12 +1594,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1778
1594
|
accept: "application/json"
|
|
1779
1595
|
});
|
|
1780
1596
|
if (parResponse.errorBody || !parResponse.successBody) {
|
|
1781
|
-
if (parMode ===
|
|
1597
|
+
if (parMode === import_oid4vci_common13.PARMode.REQUIRE) {
|
|
1782
1598
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1783
1599
|
}
|
|
1784
|
-
|
|
1600
|
+
logger6.debug("Falling back to regular request URI, since PAR failed", JSON.stringify(parResponse.errorBody));
|
|
1785
1601
|
} else {
|
|
1786
|
-
|
|
1602
|
+
logger6.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1787
1603
|
queryObj = {
|
|
1788
1604
|
client_id,
|
|
1789
1605
|
request_uri: parResponse.successBody.request_uri
|
|
@@ -1792,11 +1608,11 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1792
1608
|
}
|
|
1793
1609
|
await createSignedAuthRequestWhenNeeded(queryObj, {
|
|
1794
1610
|
...requestObjectOpts,
|
|
1795
|
-
aud: endpointMetadata.authorization_server
|
|
1611
|
+
aud: endpointMetadata.authorization_server
|
|
1796
1612
|
});
|
|
1797
|
-
|
|
1798
|
-
const url = (0,
|
|
1799
|
-
baseUrl:
|
|
1613
|
+
logger6.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1614
|
+
const url = (0, import_oid4vci_common13.convertJsonToURI)(queryObj, {
|
|
1615
|
+
baseUrl: endpointMetadata.authorization_endpoint,
|
|
1800
1616
|
uriTypeProperties: [
|
|
1801
1617
|
"client_id",
|
|
1802
1618
|
"request_uri",
|
|
@@ -1807,12 +1623,11 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1807
1623
|
"state"
|
|
1808
1624
|
],
|
|
1809
1625
|
// arrayTypeProperties: ['authorization_details'],
|
|
1810
|
-
mode:
|
|
1626
|
+
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1811
1627
|
});
|
|
1812
|
-
|
|
1628
|
+
logger6.debug(`Authorization Request URL: ${url}`);
|
|
1813
1629
|
return url;
|
|
1814
1630
|
}, "createAuthorizationRequestUrl");
|
|
1815
|
-
var hasCredentialDefinition = /* @__PURE__ */ __name((cred) => "credential_definition" in cred && cred.credential_definition && typeof cred.credential_definition === "object" && cred.credential_definition !== null && "type" in cred.credential_definition && Array.isArray(cred.credential_definition.type), "hasCredentialDefinition");
|
|
1816
1631
|
var handleAuthorizationDetails = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
1817
1632
|
if (authorizationDetails) {
|
|
1818
1633
|
if (typeof authorizationDetails === "string") {
|
|
@@ -1834,10 +1649,7 @@ var handleLocations = /* @__PURE__ */ __name((endpointMetadata, authorizationDet
|
|
|
1834
1649
|
if (typeof authorizationDetails === "string") {
|
|
1835
1650
|
return authorizationDetails;
|
|
1836
1651
|
}
|
|
1837
|
-
|
|
1838
|
-
const hasAuthorizationServers = Array.isArray(ciMeta?.authorization_servers) && ciMeta.authorization_servers.length > 0;
|
|
1839
|
-
const legacyHasAuthzEndpoint = Boolean(endpointMetadata.authorization_endpoint);
|
|
1840
|
-
if (hasAuthorizationServers || legacyHasAuthzEndpoint) {
|
|
1652
|
+
if (authorizationDetails && (endpointMetadata.credentialIssuerMetadata?.authorization_server || endpointMetadata.authorization_endpoint)) {
|
|
1841
1653
|
if (authorizationDetails.locations) {
|
|
1842
1654
|
if (Array.isArray(authorizationDetails.locations)) {
|
|
1843
1655
|
authorizationDetails.locations.push(endpointMetadata.issuer);
|
|
@@ -1896,23 +1708,23 @@ var createAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (opts) =>
|
|
|
1896
1708
|
return request;
|
|
1897
1709
|
}, "createAuthorizationChallengeRequest");
|
|
1898
1710
|
var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (authorizationChallengeCodeUrl, authorizationChallengeRequest, opts) => {
|
|
1899
|
-
return await (0,
|
|
1900
|
-
mode:
|
|
1711
|
+
return await (0, import_oid4vci_common13.formPost)(authorizationChallengeCodeUrl, (0, import_oid4vci_common13.convertJsonToURI)(authorizationChallengeRequest, {
|
|
1712
|
+
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1901
1713
|
}), {
|
|
1902
1714
|
customHeaders: opts?.headers ? opts.headers : void 0
|
|
1903
1715
|
});
|
|
1904
1716
|
}, "sendAuthorizationChallengeRequest");
|
|
1905
1717
|
|
|
1906
1718
|
// lib/AuthorizationCodeClientV1_0_11.ts
|
|
1907
|
-
var
|
|
1908
|
-
var
|
|
1909
|
-
var
|
|
1719
|
+
var import_oid4vci_common14 = require("@sphereon/oid4vci-common");
|
|
1720
|
+
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1721
|
+
var logger7 = import_ssi_types9.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
1910
1722
|
var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported }) => {
|
|
1911
1723
|
const { redirectUri, clientId, requestObjectOpts = {
|
|
1912
|
-
requestObjectMode:
|
|
1724
|
+
requestObjectMode: import_oid4vci_common14.CreateRequestObjectMode.NONE
|
|
1913
1725
|
} } = authorizationRequest;
|
|
1914
1726
|
let { scope, authorizationDetails } = authorizationRequest;
|
|
1915
|
-
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests ?
|
|
1727
|
+
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests ? import_oid4vci_common14.PARMode.REQUIRE : authorizationRequest.parMode ?? import_oid4vci_common14.PARMode.AUTO;
|
|
1916
1728
|
if (!scope && !authorizationDetails) {
|
|
1917
1729
|
if (!credentialOffer) {
|
|
1918
1730
|
throw Error("Please provide a scope or authorization_details if no credential offer is present");
|
|
@@ -1945,9 +1757,9 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1945
1757
|
].filter((s) => !!s).join(" ");
|
|
1946
1758
|
}
|
|
1947
1759
|
let queryObj = {
|
|
1948
|
-
response_type:
|
|
1760
|
+
response_type: import_oid4vci_common14.ResponseType.AUTH_CODE,
|
|
1949
1761
|
...!pkce.disabled && {
|
|
1950
|
-
code_challenge_method: pkce.codeChallengeMethod ??
|
|
1762
|
+
code_challenge_method: pkce.codeChallengeMethod ?? import_oid4vci_common14.CodeChallengeMethod.S256,
|
|
1951
1763
|
code_challenge: pkce.codeChallenge
|
|
1952
1764
|
},
|
|
1953
1765
|
authorization_details: JSON.stringify(handleAuthorizationDetailsV1_0_11(endpointMetadata, authorizationDetails)),
|
|
@@ -1962,12 +1774,12 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1962
1774
|
},
|
|
1963
1775
|
scope
|
|
1964
1776
|
};
|
|
1965
|
-
if (!parEndpoint && parMode ===
|
|
1777
|
+
if (!parEndpoint && parMode === import_oid4vci_common14.PARMode.REQUIRE) {
|
|
1966
1778
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1967
|
-
} else if (parEndpoint && parMode !==
|
|
1968
|
-
|
|
1969
|
-
const parResponse = await (0,
|
|
1970
|
-
mode:
|
|
1779
|
+
} else if (parEndpoint && parMode !== import_oid4vci_common14.PARMode.NEVER) {
|
|
1780
|
+
logger7.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1781
|
+
const parResponse = await (0, import_oid4vci_common14.formPost)(parEndpoint, (0, import_oid4vci_common14.convertJsonToURI)(queryObj, {
|
|
1782
|
+
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
1971
1783
|
uriTypeProperties: [
|
|
1972
1784
|
"client_id",
|
|
1973
1785
|
"request_uri",
|
|
@@ -1983,11 +1795,11 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1983
1795
|
if (parResponse.errorBody || !parResponse.successBody) {
|
|
1984
1796
|
console.log(JSON.stringify(parResponse.errorBody));
|
|
1985
1797
|
console.log("Falling back to regular request URI, since PAR failed");
|
|
1986
|
-
if (parMode ===
|
|
1798
|
+
if (parMode === import_oid4vci_common14.PARMode.REQUIRE) {
|
|
1987
1799
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1988
1800
|
}
|
|
1989
1801
|
} else {
|
|
1990
|
-
|
|
1802
|
+
logger7.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1991
1803
|
queryObj = {
|
|
1992
1804
|
request_uri: parResponse.successBody.request_uri
|
|
1993
1805
|
};
|
|
@@ -1997,8 +1809,8 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1997
1809
|
...requestObjectOpts,
|
|
1998
1810
|
aud: endpointMetadata.authorization_server
|
|
1999
1811
|
});
|
|
2000
|
-
|
|
2001
|
-
const url = (0,
|
|
1812
|
+
logger7.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1813
|
+
const url = (0, import_oid4vci_common14.convertJsonToURI)(queryObj, {
|
|
2002
1814
|
baseUrl: endpointMetadata.authorization_endpoint,
|
|
2003
1815
|
uriTypeProperties: [
|
|
2004
1816
|
"client_id",
|
|
@@ -2009,9 +1821,9 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
2009
1821
|
"issuer_state"
|
|
2010
1822
|
],
|
|
2011
1823
|
// arrayTypeProperties: ['authorization_details'],
|
|
2012
|
-
mode:
|
|
1824
|
+
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
2013
1825
|
});
|
|
2014
|
-
|
|
1826
|
+
logger7.debug(`Authorization Request URL: ${url}`);
|
|
2015
1827
|
return url;
|
|
2016
1828
|
}, "createAuthorizationRequestUrlV1_0_11");
|
|
2017
1829
|
var handleAuthorizationDetailsV1_0_11 = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
@@ -2056,9 +1868,9 @@ var handleLocations2 = /* @__PURE__ */ __name((endpointMetadata, authorizationDe
|
|
|
2056
1868
|
|
|
2057
1869
|
// lib/CredentialRequestClient.ts
|
|
2058
1870
|
var import_oid4vc_common5 = require("@sphereon/oid4vc-common");
|
|
2059
|
-
var
|
|
2060
|
-
var
|
|
2061
|
-
var
|
|
1871
|
+
var import_oid4vci_common15 = require("@sphereon/oid4vci-common");
|
|
1872
|
+
var import_ssi_types10 = require("@sphereon/ssi-types");
|
|
1873
|
+
var logger8 = import_ssi_types10.Loggers.DEFAULT.get("sphereon:oid4vci:credential");
|
|
2062
1874
|
async function buildProof(proofInput, opts) {
|
|
2063
1875
|
if ("proof_type" in proofInput) {
|
|
2064
1876
|
if (opts.cNonce) {
|
|
@@ -2072,27 +1884,6 @@ async function buildProof(proofInput, opts) {
|
|
|
2072
1884
|
return await proofInput.build();
|
|
2073
1885
|
}
|
|
2074
1886
|
__name(buildProof, "buildProof");
|
|
2075
|
-
function isOpenIdCredentialDetail(ad) {
|
|
2076
|
-
return typeof ad === "object" && ad !== null && ad.type === "openid_credential";
|
|
2077
|
-
}
|
|
2078
|
-
__name(isOpenIdCredentialDetail, "isOpenIdCredentialDetail");
|
|
2079
|
-
function findAuthorizationDetail(authorizationDetails, preferredConfigId) {
|
|
2080
|
-
if (!authorizationDetails) {
|
|
2081
|
-
return void 0;
|
|
2082
|
-
}
|
|
2083
|
-
const openIdCredentialDetails = authorizationDetails.filter(isOpenIdCredentialDetail);
|
|
2084
|
-
if (openIdCredentialDetails.length === 0) {
|
|
2085
|
-
return void 0;
|
|
2086
|
-
}
|
|
2087
|
-
if (preferredConfigId) {
|
|
2088
|
-
const match = openIdCredentialDetails.find((detail) => typeof detail === "object" && detail !== null && detail.credential_configuration_id === preferredConfigId);
|
|
2089
|
-
if (match) {
|
|
2090
|
-
return match;
|
|
2091
|
-
}
|
|
2092
|
-
}
|
|
2093
|
-
return openIdCredentialDetails[0];
|
|
2094
|
-
}
|
|
2095
|
-
__name(findAuthorizationDetail, "findAuthorizationDetail");
|
|
2096
1887
|
var CredentialRequestClient = class {
|
|
2097
1888
|
static {
|
|
2098
1889
|
__name(this, "CredentialRequestClient");
|
|
@@ -2132,10 +1923,7 @@ var CredentialRequestClient = class {
|
|
|
2132
1923
|
credentialIdentifier,
|
|
2133
1924
|
subjectIssuance
|
|
2134
1925
|
});
|
|
2135
|
-
|
|
2136
|
-
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
2137
|
-
}
|
|
2138
|
-
return await this.acquireCredentialsUsingRequestWithoutProof(request, format, opts.createDPoPOpts);
|
|
1926
|
+
return await this.acquireCredentialsUsingRequestWithoutProof(request, opts.createDPoPOpts);
|
|
2139
1927
|
}
|
|
2140
1928
|
async acquireCredentialsUsingProof(opts) {
|
|
2141
1929
|
const { credentialIdentifier, credentialTypes, proofInput, format, context, subjectIssuance } = opts;
|
|
@@ -2148,35 +1936,32 @@ var CredentialRequestClient = class {
|
|
|
2148
1936
|
credentialIdentifier,
|
|
2149
1937
|
subjectIssuance
|
|
2150
1938
|
});
|
|
2151
|
-
|
|
2152
|
-
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
2153
|
-
}
|
|
2154
|
-
return await this.acquireCredentialsUsingRequest(request, format, opts.createDPoPOpts);
|
|
1939
|
+
return await this.acquireCredentialsUsingRequest(request, opts.createDPoPOpts);
|
|
2155
1940
|
}
|
|
2156
|
-
async acquireCredentialsUsingRequestWithoutProof(uniformRequest,
|
|
2157
|
-
return await this.acquireCredentialsUsingRequestImpl(uniformRequest,
|
|
1941
|
+
async acquireCredentialsUsingRequestWithoutProof(uniformRequest, createDPoPOpts) {
|
|
1942
|
+
return await this.acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts);
|
|
2158
1943
|
}
|
|
2159
|
-
async acquireCredentialsUsingRequest(uniformRequest,
|
|
2160
|
-
return await this.acquireCredentialsUsingRequestImpl(uniformRequest,
|
|
1944
|
+
async acquireCredentialsUsingRequest(uniformRequest, createDPoPOpts) {
|
|
1945
|
+
return await this.acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts);
|
|
2161
1946
|
}
|
|
2162
|
-
async acquireCredentialsUsingRequestImpl(uniformRequest,
|
|
2163
|
-
if (this.version() <
|
|
1947
|
+
async acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts) {
|
|
1948
|
+
if (this.version() < import_oid4vci_common15.OpenId4VCIVersion.VER_1_0_13) {
|
|
2164
1949
|
throw new Error("Versions below v1.0.13 (draft 13) are not supported by the V13 credential request client.");
|
|
2165
1950
|
}
|
|
2166
|
-
const request = (0,
|
|
1951
|
+
const request = (0, import_oid4vci_common15.getCredentialRequestForVersion)(uniformRequest, this.version());
|
|
2167
1952
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
2168
|
-
if (!(0,
|
|
2169
|
-
|
|
2170
|
-
throw new Error(
|
|
1953
|
+
if (!(0, import_oid4vci_common15.isValidURL)(credentialEndpoint)) {
|
|
1954
|
+
logger8.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
1955
|
+
throw new Error(import_oid4vci_common15.URL_NOT_VALID);
|
|
2171
1956
|
}
|
|
2172
|
-
|
|
2173
|
-
|
|
1957
|
+
logger8.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
1958
|
+
logger8.debug(`request
|
|
2174
1959
|
: ${JSON.stringify(request, null, 2)}`);
|
|
2175
1960
|
const requestToken = this.credentialRequestOpts.token;
|
|
2176
1961
|
let dPoP = createDPoPOpts ? await (0, import_oid4vc_common5.createDPoP)((0, import_oid4vc_common5.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2177
1962
|
accessToken: requestToken
|
|
2178
1963
|
})) : void 0;
|
|
2179
|
-
let response = await (0,
|
|
1964
|
+
let response = await (0, import_oid4vci_common15.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2180
1965
|
bearerToken: requestToken,
|
|
2181
1966
|
...dPoP && {
|
|
2182
1967
|
customHeaders: {
|
|
@@ -2191,7 +1976,7 @@ var CredentialRequestClient = class {
|
|
|
2191
1976
|
dPoP = await (0, import_oid4vc_common5.createDPoP)((0, import_oid4vc_common5.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2192
1977
|
accessToken: requestToken
|
|
2193
1978
|
}));
|
|
2194
|
-
response = await (0,
|
|
1979
|
+
response = await (0, import_oid4vci_common15.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2195
1980
|
bearerToken: requestToken,
|
|
2196
1981
|
...createDPoPOpts && {
|
|
2197
1982
|
customHeaders: {
|
|
@@ -2202,7 +1987,7 @@ var CredentialRequestClient = class {
|
|
|
2202
1987
|
const successDPoPNonce = response.origResponse.headers.get("DPoP-Nonce");
|
|
2203
1988
|
nextDPoPNonce = successDPoPNonce ?? retryWithNonce.dpopNonce;
|
|
2204
1989
|
}
|
|
2205
|
-
this._isDeferred = (0,
|
|
1990
|
+
this._isDeferred = (0, import_oid4vci_common15.isDeferredCredentialResponse)(response);
|
|
2206
1991
|
if (this.isDeferred() && this.credentialRequestOpts.deferredCredentialAwait && response.successBody) {
|
|
2207
1992
|
response = await this.acquireDeferredCredential(response.successBody, {
|
|
2208
1993
|
bearerToken: this.credentialRequestOpts.token
|
|
@@ -2214,7 +1999,7 @@ var CredentialRequestClient = class {
|
|
|
2214
1999
|
throw Error("Subject signing was requested, but issuer did not provide the options in its response");
|
|
2215
2000
|
}
|
|
2216
2001
|
}
|
|
2217
|
-
|
|
2002
|
+
logger8.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2218
2003
|
${JSON.stringify(response, null, 2)}`);
|
|
2219
2004
|
return {
|
|
2220
2005
|
...response,
|
|
@@ -2236,7 +2021,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2236
2021
|
} else if (!bearerToken) {
|
|
2237
2022
|
throw Error(`No bearer token present and refresh for defered endpoint not supported yet`);
|
|
2238
2023
|
}
|
|
2239
|
-
return await (0,
|
|
2024
|
+
return await (0, import_oid4vci_common15.acquireDeferredCredential)({
|
|
2240
2025
|
bearerToken,
|
|
2241
2026
|
transactionId,
|
|
2242
2027
|
deferredCredentialEndpoint,
|
|
@@ -2251,64 +2036,27 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2251
2036
|
return await this.createCredentialRequestImpl(opts);
|
|
2252
2037
|
}
|
|
2253
2038
|
async createCredentialRequestImpl(opts) {
|
|
2254
|
-
const { proofInput, credentialIdentifier
|
|
2039
|
+
const { proofInput, credentialIdentifier: credential_identifier } = opts;
|
|
2255
2040
|
let proof = void 0;
|
|
2256
2041
|
if (proofInput) {
|
|
2257
2042
|
proof = await buildProof(proofInput, opts);
|
|
2258
2043
|
}
|
|
2259
|
-
if (
|
|
2260
|
-
|
|
2261
|
-
|
|
2262
|
-
const commonBody = {
|
|
2263
|
-
...issuer_state2 && {
|
|
2264
|
-
issuer_state: issuer_state2
|
|
2265
|
-
},
|
|
2266
|
-
...proof && {
|
|
2267
|
-
proof
|
|
2268
|
-
},
|
|
2269
|
-
...opts.subjectIssuance
|
|
2270
|
-
};
|
|
2271
|
-
const authDetailObj = authDetail && typeof authDetail === "object" ? authDetail : null;
|
|
2272
|
-
if (authDetailObj?.credential_identifier) {
|
|
2273
|
-
return {
|
|
2274
|
-
credential_identifier: authDetailObj.credential_identifier,
|
|
2275
|
-
...commonBody
|
|
2276
|
-
};
|
|
2044
|
+
if (credential_identifier) {
|
|
2045
|
+
if (opts.format || opts.credentialTypes || opts.context) {
|
|
2046
|
+
throw Error(`You cannot mix credential_identifier with format, credential types and/or context`);
|
|
2277
2047
|
}
|
|
2278
|
-
if (authDetailObj?.credential_identifiers && authDetailObj.credential_identifiers.length > 0) {
|
|
2279
|
-
return {
|
|
2280
|
-
credential_identifier: authDetailObj.credential_identifiers[0],
|
|
2281
|
-
...commonBody
|
|
2282
|
-
};
|
|
2283
|
-
}
|
|
2284
|
-
const configId = credentialConfigurationId ?? authDetailObj?.credential_configuration_id ?? this._credentialRequestOpts.credentialConfigurationId;
|
|
2285
|
-
if (configId) {
|
|
2286
|
-
return {
|
|
2287
|
-
credential_configuration_id: configId,
|
|
2288
|
-
...commonBody
|
|
2289
|
-
};
|
|
2290
|
-
}
|
|
2291
|
-
if (credentialIdentifier) {
|
|
2292
|
-
return {
|
|
2293
|
-
credential_identifier: credentialIdentifier,
|
|
2294
|
-
...commonBody
|
|
2295
|
-
};
|
|
2296
|
-
}
|
|
2297
|
-
return Promise.reject(Error("No credential_identifier or credential_configuration_id available for v1.0-15 request"));
|
|
2298
|
-
}
|
|
2299
|
-
if (credentialIdentifier) {
|
|
2300
|
-
const proof_obj = proof ? {
|
|
2301
|
-
proof
|
|
2302
|
-
} : {};
|
|
2303
2048
|
return {
|
|
2304
|
-
credential_identifier
|
|
2305
|
-
...
|
|
2049
|
+
credential_identifier,
|
|
2050
|
+
...proof && {
|
|
2051
|
+
proof
|
|
2052
|
+
}
|
|
2306
2053
|
};
|
|
2307
2054
|
}
|
|
2308
2055
|
const formatSelection = opts.format ?? this.credentialRequestOpts.format;
|
|
2309
2056
|
if (!formatSelection) {
|
|
2310
2057
|
throw Error(`Format of credential to be issued is missing`);
|
|
2311
2058
|
}
|
|
2059
|
+
const format = (0, import_oid4vci_common15.getUniformFormat)(formatSelection);
|
|
2312
2060
|
const typesSelection = opts?.credentialTypes && (typeof opts.credentialTypes === "string" || opts.credentialTypes.length > 0) ? opts.credentialTypes : this.credentialRequestOpts.credentialTypes;
|
|
2313
2061
|
if (!typesSelection) {
|
|
2314
2062
|
throw Error(`Credential type(s) need to be provided`);
|
|
@@ -2320,33 +2068,78 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2320
2068
|
throw Error(`Credential type(s) need to be provided`);
|
|
2321
2069
|
}
|
|
2322
2070
|
const issuer_state = this.credentialRequestOpts.issuerState;
|
|
2323
|
-
if (
|
|
2071
|
+
if (format === "jwt_vc_json" || format === "jwt_vc") {
|
|
2324
2072
|
return {
|
|
2325
|
-
format: formatSelection,
|
|
2326
2073
|
credential_definition: {
|
|
2327
|
-
type: types
|
|
2328
|
-
|
|
2329
|
-
|
|
2330
|
-
|
|
2074
|
+
type: types
|
|
2075
|
+
},
|
|
2076
|
+
format,
|
|
2077
|
+
...issuer_state && {
|
|
2078
|
+
issuer_state
|
|
2079
|
+
},
|
|
2080
|
+
...proof && {
|
|
2081
|
+
proof
|
|
2082
|
+
},
|
|
2083
|
+
...opts.subjectIssuance
|
|
2084
|
+
};
|
|
2085
|
+
} else if (format === "jwt_vc_json-ld" || format === "ldp_vc") {
|
|
2086
|
+
if (this.version() >= import_oid4vci_common15.OpenId4VCIVersion.VER_1_0_12 && !opts.context) {
|
|
2087
|
+
throw Error("No @context value present, but it is required");
|
|
2088
|
+
}
|
|
2089
|
+
return {
|
|
2090
|
+
format,
|
|
2091
|
+
...issuer_state && {
|
|
2092
|
+
issuer_state
|
|
2093
|
+
},
|
|
2094
|
+
...proof && {
|
|
2095
|
+
proof
|
|
2096
|
+
},
|
|
2097
|
+
...opts.subjectIssuance,
|
|
2098
|
+
credential_definition: {
|
|
2099
|
+
type: types,
|
|
2100
|
+
"@context": opts.context
|
|
2101
|
+
}
|
|
2102
|
+
};
|
|
2103
|
+
} else if (format === "vc+sd-jwt") {
|
|
2104
|
+
if (types.length > 1) {
|
|
2105
|
+
throw Error(`Only a single credential type is supported for ${format}`);
|
|
2106
|
+
}
|
|
2107
|
+
return {
|
|
2108
|
+
format,
|
|
2109
|
+
...issuer_state && {
|
|
2110
|
+
issuer_state
|
|
2111
|
+
},
|
|
2112
|
+
...proof && {
|
|
2113
|
+
proof
|
|
2331
2114
|
},
|
|
2115
|
+
vct: types[0],
|
|
2116
|
+
...opts.subjectIssuance
|
|
2117
|
+
};
|
|
2118
|
+
} else if (format === "mso_mdoc") {
|
|
2119
|
+
if (types.length > 1) {
|
|
2120
|
+
throw Error(`Only a single credential type is supported for ${format}`);
|
|
2121
|
+
}
|
|
2122
|
+
return {
|
|
2123
|
+
format,
|
|
2332
2124
|
...issuer_state && {
|
|
2333
2125
|
issuer_state
|
|
2334
2126
|
},
|
|
2335
2127
|
...proof && {
|
|
2336
2128
|
proof
|
|
2337
2129
|
},
|
|
2130
|
+
doctype: types[0],
|
|
2338
2131
|
...opts.subjectIssuance
|
|
2339
2132
|
};
|
|
2340
2133
|
}
|
|
2341
|
-
|
|
2134
|
+
throw new Error(`Unsupported credential format: ${format}`);
|
|
2342
2135
|
}
|
|
2343
2136
|
version() {
|
|
2344
|
-
return this.credentialRequestOpts?.version ??
|
|
2137
|
+
return this.credentialRequestOpts?.version ?? import_oid4vci_common15.OpenId4VCIVersion.VER_1_0_13;
|
|
2345
2138
|
}
|
|
2346
2139
|
};
|
|
2347
2140
|
|
|
2348
2141
|
// lib/CredentialOfferClient.ts
|
|
2349
|
-
var
|
|
2142
|
+
var import_oid4vci_common16 = require("@sphereon/oid4vci-common");
|
|
2350
2143
|
var CredentialOfferClient = class {
|
|
2351
2144
|
static {
|
|
2352
2145
|
__name(this, "CredentialOfferClient");
|
|
@@ -2359,12 +2152,12 @@ var CredentialOfferClient = class {
|
|
|
2359
2152
|
}
|
|
2360
2153
|
const scheme = uri.split("://")[0];
|
|
2361
2154
|
const baseUrl = uri.split("?")[0];
|
|
2362
|
-
const version = (0,
|
|
2155
|
+
const version = (0, import_oid4vci_common16.determineSpecVersionFromURI)(uri);
|
|
2363
2156
|
LOG.log(`Offer URL determined to be of version ${version}`);
|
|
2364
2157
|
let credentialOffer;
|
|
2365
2158
|
let credentialOfferPayload;
|
|
2366
|
-
if (version <
|
|
2367
|
-
credentialOfferPayload = (0,
|
|
2159
|
+
if (version < import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_11) {
|
|
2160
|
+
credentialOfferPayload = (0, import_oid4vci_common16.convertURIToJsonObject)(uri, {
|
|
2368
2161
|
arrayTypeProperties: [
|
|
2369
2162
|
"credential_type"
|
|
2370
2163
|
],
|
|
@@ -2382,7 +2175,7 @@ var CredentialOfferClient = class {
|
|
|
2382
2175
|
if (uri.includes("credential_offer_uri")) {
|
|
2383
2176
|
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2384
2177
|
} else {
|
|
2385
|
-
credentialOffer = (0,
|
|
2178
|
+
credentialOffer = (0, import_oid4vci_common16.convertURIToJsonObject)(uri, {
|
|
2386
2179
|
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2387
2180
|
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2388
2181
|
"credential_offer_uri="
|
|
@@ -2400,13 +2193,13 @@ var CredentialOfferClient = class {
|
|
|
2400
2193
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2401
2194
|
}
|
|
2402
2195
|
}
|
|
2403
|
-
const request = await (0,
|
|
2196
|
+
const request = await (0, import_oid4vci_common16.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2404
2197
|
...opts,
|
|
2405
2198
|
version
|
|
2406
2199
|
});
|
|
2407
2200
|
return {
|
|
2408
2201
|
...constructBaseResponse(request, scheme, baseUrl),
|
|
2409
|
-
userPinRequired: request.credential_offer?.grants?.[
|
|
2202
|
+
userPinRequired: request.credential_offer?.grants?.[import_oid4vci_common16.PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? !!request.credential_offer?.grants?.[import_oid4vci_common16.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false
|
|
2410
2203
|
};
|
|
2411
2204
|
}
|
|
2412
2205
|
static toURI(requestWithBaseUrl, opts) {
|
|
@@ -2415,7 +2208,7 @@ var CredentialOfferClient = class {
|
|
|
2415
2208
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2416
2209
|
let param;
|
|
2417
2210
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2418
|
-
if (version.valueOf() >=
|
|
2211
|
+
if (version.valueOf() >= import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2419
2212
|
if (!baseUrl.includes("?")) {
|
|
2420
2213
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2421
2214
|
} else {
|
|
@@ -2430,14 +2223,14 @@ var CredentialOfferClient = class {
|
|
|
2430
2223
|
}
|
|
2431
2224
|
}
|
|
2432
2225
|
}
|
|
2433
|
-
return (0,
|
|
2226
|
+
return (0, import_oid4vci_common16.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2434
2227
|
baseUrl,
|
|
2435
2228
|
arrayTypeProperties: isUri ? [] : [
|
|
2436
2229
|
"credential_type"
|
|
2437
2230
|
],
|
|
2438
2231
|
uriTypeProperties: isUri ? [
|
|
2439
2232
|
"credential_offer_uri"
|
|
2440
|
-
] : version >=
|
|
2233
|
+
] : version >= import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_13 ? [
|
|
2441
2234
|
"credential_issuer",
|
|
2442
2235
|
"credential_type"
|
|
2443
2236
|
] : [
|
|
@@ -2451,26 +2244,26 @@ var CredentialOfferClient = class {
|
|
|
2451
2244
|
};
|
|
2452
2245
|
|
|
2453
2246
|
// lib/CredentialOfferClientV1_0_11.ts
|
|
2454
|
-
var
|
|
2455
|
-
var
|
|
2456
|
-
var
|
|
2247
|
+
var import_oid4vci_common17 = require("@sphereon/oid4vci-common");
|
|
2248
|
+
var import_ssi_types11 = require("@sphereon/ssi-types");
|
|
2249
|
+
var logger9 = import_ssi_types11.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2457
2250
|
var CredentialOfferClientV1_0_11 = class {
|
|
2458
2251
|
static {
|
|
2459
2252
|
__name(this, "CredentialOfferClientV1_0_11");
|
|
2460
2253
|
}
|
|
2461
2254
|
static async fromURI(uri, opts) {
|
|
2462
|
-
|
|
2255
|
+
logger9.debug(`Credential Offer URI: ${uri}`);
|
|
2463
2256
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2464
|
-
|
|
2257
|
+
logger9.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2465
2258
|
throw Error(`Invalid Credential Offer Request`);
|
|
2466
2259
|
}
|
|
2467
2260
|
const scheme = uri.split("://")[0];
|
|
2468
2261
|
const baseUrl = uri.split("?")[0];
|
|
2469
|
-
const version = (0,
|
|
2262
|
+
const version = (0, import_oid4vci_common17.determineSpecVersionFromURI)(uri);
|
|
2470
2263
|
let credentialOffer;
|
|
2471
2264
|
let credentialOfferPayload;
|
|
2472
|
-
if (version <
|
|
2473
|
-
credentialOfferPayload = (0,
|
|
2265
|
+
if (version < import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11) {
|
|
2266
|
+
credentialOfferPayload = (0, import_oid4vci_common17.convertURIToJsonObject)(uri, {
|
|
2474
2267
|
arrayTypeProperties: [
|
|
2475
2268
|
"credential_type"
|
|
2476
2269
|
],
|
|
@@ -2485,7 +2278,7 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2485
2278
|
credential_offer: credentialOfferPayload
|
|
2486
2279
|
};
|
|
2487
2280
|
} else {
|
|
2488
|
-
credentialOffer = (0,
|
|
2281
|
+
credentialOffer = (0, import_oid4vci_common17.convertURIToJsonObject)(uri, {
|
|
2489
2282
|
arrayTypeProperties: [
|
|
2490
2283
|
"credentials"
|
|
2491
2284
|
],
|
|
@@ -2499,11 +2292,11 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2499
2292
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2500
2293
|
}
|
|
2501
2294
|
}
|
|
2502
|
-
const request = await (0,
|
|
2295
|
+
const request = await (0, import_oid4vci_common17.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2503
2296
|
...opts,
|
|
2504
2297
|
version
|
|
2505
2298
|
});
|
|
2506
|
-
const clientId = (0,
|
|
2299
|
+
const clientId = (0, import_oid4vci_common17.getClientIdFromCredentialOfferPayload)(request.credential_offer);
|
|
2507
2300
|
const grants = request.credential_offer?.grants;
|
|
2508
2301
|
return {
|
|
2509
2302
|
scheme,
|
|
@@ -2515,19 +2308,19 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2515
2308
|
...grants?.authorization_code?.issuer_state && {
|
|
2516
2309
|
issuerState: grants.authorization_code.issuer_state
|
|
2517
2310
|
},
|
|
2518
|
-
...grants?.[
|
|
2519
|
-
preAuthorizedCode: grants[
|
|
2311
|
+
...grants?.[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL]?.[import_oid4vci_common17.PRE_AUTH_CODE_LITERAL] && {
|
|
2312
|
+
preAuthorizedCode: grants[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL][import_oid4vci_common17.PRE_AUTH_CODE_LITERAL]
|
|
2520
2313
|
},
|
|
2521
|
-
userPinRequired: !!(request.credential_offer?.grants?.[
|
|
2314
|
+
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? false)
|
|
2522
2315
|
};
|
|
2523
2316
|
}
|
|
2524
2317
|
static toURI(requestWithBaseUrl, opts) {
|
|
2525
|
-
|
|
2318
|
+
logger9.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2526
2319
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2527
2320
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2528
2321
|
let param;
|
|
2529
2322
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2530
|
-
if (version.valueOf() >=
|
|
2323
|
+
if (version.valueOf() >= import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2531
2324
|
if (!baseUrl.includes("?")) {
|
|
2532
2325
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2533
2326
|
} else {
|
|
@@ -2542,14 +2335,14 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2542
2335
|
}
|
|
2543
2336
|
}
|
|
2544
2337
|
}
|
|
2545
|
-
return (0,
|
|
2338
|
+
return (0, import_oid4vci_common17.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2546
2339
|
baseUrl,
|
|
2547
2340
|
arrayTypeProperties: isUri ? [] : [
|
|
2548
2341
|
"credential_type"
|
|
2549
2342
|
],
|
|
2550
2343
|
uriTypeProperties: isUri ? [
|
|
2551
2344
|
"credential_offer_uri"
|
|
2552
|
-
] : version >=
|
|
2345
|
+
] : version >= import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11 ? [
|
|
2553
2346
|
"credential_issuer",
|
|
2554
2347
|
"credential_type"
|
|
2555
2348
|
] : [
|
|
@@ -2563,27 +2356,27 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2563
2356
|
};
|
|
2564
2357
|
|
|
2565
2358
|
// lib/CredentialOfferClientV1_0_13.ts
|
|
2566
|
-
var
|
|
2567
|
-
var
|
|
2568
|
-
var
|
|
2359
|
+
var import_oid4vci_common18 = require("@sphereon/oid4vci-common");
|
|
2360
|
+
var import_ssi_types12 = require("@sphereon/ssi-types");
|
|
2361
|
+
var logger10 = import_ssi_types12.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2569
2362
|
var CredentialOfferClientV1_0_13 = class {
|
|
2570
2363
|
static {
|
|
2571
2364
|
__name(this, "CredentialOfferClientV1_0_13");
|
|
2572
2365
|
}
|
|
2573
2366
|
static async fromURI(uri, opts) {
|
|
2574
|
-
|
|
2367
|
+
logger10.debug(`Credential Offer URI: ${uri}`);
|
|
2575
2368
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2576
|
-
|
|
2369
|
+
logger10.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2577
2370
|
throw Error(`Invalid Credential Offer Request`);
|
|
2578
2371
|
}
|
|
2579
2372
|
const scheme = uri.split("://")[0];
|
|
2580
2373
|
const baseUrl = uri.split("?")[0];
|
|
2581
|
-
const version = (0,
|
|
2374
|
+
const version = (0, import_oid4vci_common18.determineSpecVersionFromURI)(uri);
|
|
2582
2375
|
let credentialOffer;
|
|
2583
2376
|
if (uri.includes("credential_offer_uri")) {
|
|
2584
2377
|
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2585
2378
|
} else {
|
|
2586
|
-
credentialOffer = (0,
|
|
2379
|
+
credentialOffer = (0, import_oid4vci_common18.convertURIToJsonObject)(uri, {
|
|
2587
2380
|
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2588
2381
|
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2589
2382
|
"credential_configuration_ids",
|
|
@@ -2602,22 +2395,22 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2602
2395
|
if (credentialOffer?.credential_offer_uri === void 0 && !credentialOffer?.credential_offer) {
|
|
2603
2396
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2604
2397
|
}
|
|
2605
|
-
const request = await (0,
|
|
2398
|
+
const request = await (0, import_oid4vci_common18.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2606
2399
|
...opts,
|
|
2607
2400
|
version
|
|
2608
2401
|
});
|
|
2609
2402
|
return {
|
|
2610
2403
|
...constructBaseResponse(request, scheme, baseUrl),
|
|
2611
|
-
userPinRequired: !!(request.credential_offer?.grants?.[
|
|
2404
|
+
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common18.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false)
|
|
2612
2405
|
};
|
|
2613
2406
|
}
|
|
2614
2407
|
static toURI(requestWithBaseUrl, opts) {
|
|
2615
|
-
|
|
2408
|
+
logger10.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2616
2409
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2617
2410
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2618
2411
|
let param;
|
|
2619
2412
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2620
|
-
if (version.valueOf() >=
|
|
2413
|
+
if (version.valueOf() >= import_oid4vci_common18.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2621
2414
|
if (!baseUrl.includes("?")) {
|
|
2622
2415
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2623
2416
|
} else {
|
|
@@ -2632,14 +2425,14 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2632
2425
|
}
|
|
2633
2426
|
}
|
|
2634
2427
|
}
|
|
2635
|
-
return (0,
|
|
2428
|
+
return (0, import_oid4vci_common18.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2636
2429
|
baseUrl,
|
|
2637
2430
|
arrayTypeProperties: isUri ? [] : [
|
|
2638
2431
|
"credential_type"
|
|
2639
2432
|
],
|
|
2640
2433
|
uriTypeProperties: isUri ? [
|
|
2641
2434
|
"credential_offer_uri"
|
|
2642
|
-
] : version >=
|
|
2435
|
+
] : version >= import_oid4vci_common18.OpenId4VCIVersion.VER_1_0_13 ? [
|
|
2643
2436
|
"credential_issuer",
|
|
2644
2437
|
"credential_type"
|
|
2645
2438
|
] : [
|
|
@@ -2652,101 +2445,11 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2652
2445
|
}
|
|
2653
2446
|
};
|
|
2654
2447
|
|
|
2655
|
-
// lib/CredentialOfferClientV1_0_15.ts
|
|
2656
|
-
var import_oid4vci_common20 = require("@sphereon/oid4vci-common");
|
|
2657
|
-
var import_ssi_types14 = require("@sphereon/ssi-types");
|
|
2658
|
-
var logger12 = import_ssi_types14.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2659
|
-
var CredentialOfferClientV1_0_15 = class {
|
|
2660
|
-
static {
|
|
2661
|
-
__name(this, "CredentialOfferClientV1_0_15");
|
|
2662
|
-
}
|
|
2663
|
-
static async fromURI(uri, opts) {
|
|
2664
|
-
logger12.debug(`Credential Offer URI: ${uri}`);
|
|
2665
|
-
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2666
|
-
logger12.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2667
|
-
return Promise.reject(Error(`Invalid Credential Offer Request`));
|
|
2668
|
-
}
|
|
2669
|
-
const scheme = uri.split("://")[0];
|
|
2670
|
-
const baseUrl = uri.split("?")[0];
|
|
2671
|
-
const version = (0, import_oid4vci_common20.determineSpecVersionFromURI)(uri);
|
|
2672
|
-
let credentialOffer;
|
|
2673
|
-
if (uri.includes("credential_offer_uri")) {
|
|
2674
|
-
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2675
|
-
} else {
|
|
2676
|
-
credentialOffer = (0, import_oid4vci_common20.convertURIToJsonObject)(uri, {
|
|
2677
|
-
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2678
|
-
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2679
|
-
"credential_configuration_ids",
|
|
2680
|
-
"credential_offer_uri="
|
|
2681
|
-
] : [
|
|
2682
|
-
"credential_configuration_ids",
|
|
2683
|
-
"credential_offer="
|
|
2684
|
-
],
|
|
2685
|
-
requiredProperties: uri.includes("credential_offer_uri=") ? [
|
|
2686
|
-
"credential_offer_uri="
|
|
2687
|
-
] : [
|
|
2688
|
-
"credential_offer="
|
|
2689
|
-
]
|
|
2690
|
-
});
|
|
2691
|
-
}
|
|
2692
|
-
if (credentialOffer?.credential_offer_uri === void 0 && !credentialOffer?.credential_offer) {
|
|
2693
|
-
return Promise.reject(Error("Either a credential_offer or credential_offer_uri should be present in " + uri));
|
|
2694
|
-
}
|
|
2695
|
-
const request = await (0, import_oid4vci_common20.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2696
|
-
...opts,
|
|
2697
|
-
version
|
|
2698
|
-
});
|
|
2699
|
-
return {
|
|
2700
|
-
...constructBaseResponse(request, scheme, baseUrl),
|
|
2701
|
-
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common20.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false)
|
|
2702
|
-
};
|
|
2703
|
-
}
|
|
2704
|
-
static toURI(requestWithBaseUrl, opts) {
|
|
2705
|
-
logger12.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2706
|
-
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2707
|
-
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2708
|
-
let param;
|
|
2709
|
-
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2710
|
-
if (version.valueOf() >= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2711
|
-
if (!baseUrl.includes("?")) {
|
|
2712
|
-
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2713
|
-
} else {
|
|
2714
|
-
const split = baseUrl.split("?");
|
|
2715
|
-
if (split.length > 1 && split[1] !== "") {
|
|
2716
|
-
if (baseUrl.endsWith("&")) {
|
|
2717
|
-
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2718
|
-
} else if (!baseUrl.endsWith("=")) {
|
|
2719
|
-
baseUrl += `&`;
|
|
2720
|
-
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2721
|
-
}
|
|
2722
|
-
}
|
|
2723
|
-
}
|
|
2724
|
-
}
|
|
2725
|
-
return (0, import_oid4vci_common20.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2726
|
-
baseUrl,
|
|
2727
|
-
arrayTypeProperties: isUri ? [] : [
|
|
2728
|
-
"credential_configuration_ids"
|
|
2729
|
-
],
|
|
2730
|
-
uriTypeProperties: isUri ? [
|
|
2731
|
-
"credential_offer_uri"
|
|
2732
|
-
] : version >= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_15 ? [
|
|
2733
|
-
"credential_issuer",
|
|
2734
|
-
"credential_configuration_ids"
|
|
2735
|
-
] : [
|
|
2736
|
-
"issuer",
|
|
2737
|
-
"credential_type"
|
|
2738
|
-
],
|
|
2739
|
-
param,
|
|
2740
|
-
version
|
|
2741
|
-
});
|
|
2742
|
-
}
|
|
2743
|
-
};
|
|
2744
|
-
|
|
2745
2448
|
// lib/CredentialRequestClientV1_0_11.ts
|
|
2746
2449
|
var import_oid4vc_common6 = require("@sphereon/oid4vc-common");
|
|
2747
|
-
var
|
|
2748
|
-
var
|
|
2749
|
-
var
|
|
2450
|
+
var import_oid4vci_common19 = require("@sphereon/oid4vci-common");
|
|
2451
|
+
var import_ssi_types13 = require("@sphereon/ssi-types");
|
|
2452
|
+
var logger11 = import_ssi_types13.Loggers.DEFAULT.get("sphereon:oid4vci:credential");
|
|
2750
2453
|
var CredentialRequestClientV1_0_11 = class {
|
|
2751
2454
|
static {
|
|
2752
2455
|
__name(this, "CredentialRequestClientV1_0_11");
|
|
@@ -2782,24 +2485,20 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2782
2485
|
return await this.acquireCredentialsUsingRequest(request, opts.createDPoPOpts);
|
|
2783
2486
|
}
|
|
2784
2487
|
async acquireCredentialsUsingRequest(uniformRequest, createDPoPOpts) {
|
|
2785
|
-
const
|
|
2786
|
-
if (!uniformRequestV11.format) {
|
|
2787
|
-
return Promise.reject(Error("format is missing from the (legacy v11) credential request"));
|
|
2788
|
-
}
|
|
2789
|
-
const request = (0, import_oid4vci_common21.getCredentialRequestForVersion)(uniformRequest, uniformRequestV11.format, this.version());
|
|
2488
|
+
const request = (0, import_oid4vci_common19.getCredentialRequestForVersion)(uniformRequest, this.version());
|
|
2790
2489
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
2791
|
-
if (!(0,
|
|
2792
|
-
|
|
2793
|
-
throw new Error(
|
|
2490
|
+
if (!(0, import_oid4vci_common19.isValidURL)(credentialEndpoint)) {
|
|
2491
|
+
logger11.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
2492
|
+
throw new Error(import_oid4vci_common19.URL_NOT_VALID);
|
|
2794
2493
|
}
|
|
2795
|
-
|
|
2796
|
-
|
|
2494
|
+
logger11.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
2495
|
+
logger11.debug(`request
|
|
2797
2496
|
: ${JSON.stringify(request, null, 2)}`);
|
|
2798
2497
|
const requestToken = this.credentialRequestOpts.token;
|
|
2799
2498
|
let dPoP = createDPoPOpts ? await (0, import_oid4vc_common6.createDPoP)((0, import_oid4vc_common6.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2800
2499
|
accessToken: requestToken
|
|
2801
2500
|
})) : void 0;
|
|
2802
|
-
let response = await (0,
|
|
2501
|
+
let response = await (0, import_oid4vci_common19.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2803
2502
|
bearerToken: requestToken,
|
|
2804
2503
|
customHeaders: {
|
|
2805
2504
|
...createDPoPOpts && {
|
|
@@ -2814,7 +2513,7 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2814
2513
|
dPoP = await (0, import_oid4vc_common6.createDPoP)((0, import_oid4vc_common6.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2815
2514
|
accessToken: requestToken
|
|
2816
2515
|
}));
|
|
2817
|
-
response = await (0,
|
|
2516
|
+
response = await (0, import_oid4vci_common19.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2818
2517
|
bearerToken: requestToken,
|
|
2819
2518
|
customHeaders: {
|
|
2820
2519
|
...createDPoPOpts && {
|
|
@@ -2825,14 +2524,14 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2825
2524
|
const successDPoPNonce = response.origResponse.headers.get("DPoP-Nonce");
|
|
2826
2525
|
nextDPoPNonce = successDPoPNonce ?? retryWithNonce.dpopNonce;
|
|
2827
2526
|
}
|
|
2828
|
-
this._isDeferred = (0,
|
|
2527
|
+
this._isDeferred = (0, import_oid4vci_common19.isDeferredCredentialResponse)(response);
|
|
2829
2528
|
if (this.isDeferred() && this.credentialRequestOpts.deferredCredentialAwait && response.successBody) {
|
|
2830
2529
|
response = await this.acquireDeferredCredential(response.successBody, {
|
|
2831
2530
|
bearerToken: this.credentialRequestOpts.token
|
|
2832
2531
|
});
|
|
2833
2532
|
}
|
|
2834
2533
|
response.access_token = requestToken;
|
|
2835
|
-
|
|
2534
|
+
logger11.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2836
2535
|
${JSON.stringify(response, null, 2)}`);
|
|
2837
2536
|
return {
|
|
2838
2537
|
...response,
|
|
@@ -2854,7 +2553,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2854
2553
|
} else if (!bearerToken) {
|
|
2855
2554
|
throw Error(`No bearer token present and refresh for defered endpoint not supported yet`);
|
|
2856
2555
|
}
|
|
2857
|
-
return await (0,
|
|
2556
|
+
return await (0, import_oid4vci_common19.acquireDeferredCredential)({
|
|
2858
2557
|
bearerToken,
|
|
2859
2558
|
transactionId,
|
|
2860
2559
|
deferredCredentialEndpoint,
|
|
@@ -2868,7 +2567,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2868
2567
|
if (!formatSelection) {
|
|
2869
2568
|
throw Error(`Format of credential to be issued is missing`);
|
|
2870
2569
|
}
|
|
2871
|
-
const format = (0,
|
|
2570
|
+
const format = (0, import_oid4vci_common19.getUniformFormat)(formatSelection);
|
|
2872
2571
|
const typesSelection = opts?.credentialTypes && (typeof opts.credentialTypes === "string" || opts.credentialTypes.length > 0) ? opts.credentialTypes : this.credentialRequestOpts.credentialTypes;
|
|
2873
2572
|
const types = Array.isArray(typesSelection) ? typesSelection : [
|
|
2874
2573
|
typesSelection
|
|
@@ -2886,7 +2585,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2886
2585
|
proof
|
|
2887
2586
|
};
|
|
2888
2587
|
} else if (format === "jwt_vc_json-ld" || format === "ldp_vc") {
|
|
2889
|
-
if (this.version() >=
|
|
2588
|
+
if (this.version() >= import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_12 && !opts.context) {
|
|
2890
2589
|
throw Error("No @context value present, but it is required");
|
|
2891
2590
|
}
|
|
2892
2591
|
return {
|
|
@@ -2924,18 +2623,18 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2924
2623
|
throw new Error(`Unsupported format: ${format}`);
|
|
2925
2624
|
}
|
|
2926
2625
|
version() {
|
|
2927
|
-
return this.credentialRequestOpts?.version ??
|
|
2626
|
+
return this.credentialRequestOpts?.version ?? import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_11;
|
|
2928
2627
|
}
|
|
2929
2628
|
isV11OrHigher() {
|
|
2930
|
-
return this.version() >=
|
|
2629
|
+
return this.version() >= import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_11;
|
|
2931
2630
|
}
|
|
2932
2631
|
};
|
|
2933
2632
|
|
|
2934
2633
|
// lib/CredentialRequestClientBuilder.ts
|
|
2935
|
-
var
|
|
2634
|
+
var import_oid4vci_common22 = require("@sphereon/oid4vci-common");
|
|
2936
2635
|
|
|
2937
2636
|
// lib/CredentialRequestClientBuilderV1_0_11.ts
|
|
2938
|
-
var
|
|
2637
|
+
var import_oid4vci_common20 = require("@sphereon/oid4vci-common");
|
|
2939
2638
|
var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilderV1_0_11 {
|
|
2940
2639
|
static {
|
|
2941
2640
|
__name(this, "CredentialRequestClientBuilderV1_0_11");
|
|
@@ -2953,7 +2652,7 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
2953
2652
|
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialTypes }) {
|
|
2954
2653
|
const issuer = credentialIssuer;
|
|
2955
2654
|
const builder = new _CredentialRequestClientBuilderV1_0_11();
|
|
2956
|
-
builder.withVersion(version ??
|
|
2655
|
+
builder.withVersion(version ?? import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11);
|
|
2957
2656
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
2958
2657
|
if (metadata?.deferred_credential_endpoint) {
|
|
2959
2658
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
@@ -2972,18 +2671,18 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
2972
2671
|
}
|
|
2973
2672
|
static fromCredentialOfferRequest(opts) {
|
|
2974
2673
|
const { request, metadata } = opts;
|
|
2975
|
-
const version = opts.version ?? request.version ?? (0,
|
|
2674
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common20.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
2976
2675
|
const builder = new _CredentialRequestClientBuilderV1_0_11();
|
|
2977
|
-
const issuer = (0,
|
|
2676
|
+
const issuer = (0, import_oid4vci_common20.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
2978
2677
|
builder.withVersion(version);
|
|
2979
2678
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
2980
2679
|
if (metadata?.deferred_credential_endpoint) {
|
|
2981
2680
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
2982
2681
|
}
|
|
2983
|
-
if (version <=
|
|
2682
|
+
if (version <= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_08) {
|
|
2984
2683
|
builder.withCredentialType(request.original_credential_offer.credential_type);
|
|
2985
|
-
} else if (version <=
|
|
2986
|
-
builder.withCredentialType((0,
|
|
2684
|
+
} else if (version <= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11) {
|
|
2685
|
+
builder.withCredentialType((0, import_oid4vci_common20.getTypesFromOfferV1_0_11)(request.credential_offer));
|
|
2987
2686
|
}
|
|
2988
2687
|
return builder;
|
|
2989
2688
|
}
|
|
@@ -3047,14 +2746,14 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
3047
2746
|
}
|
|
3048
2747
|
build() {
|
|
3049
2748
|
if (!this.version) {
|
|
3050
|
-
this.withVersion(
|
|
2749
|
+
this.withVersion(import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11);
|
|
3051
2750
|
}
|
|
3052
2751
|
return new CredentialRequestClientV1_0_11(this);
|
|
3053
2752
|
}
|
|
3054
2753
|
};
|
|
3055
2754
|
|
|
3056
2755
|
// lib/CredentialRequestClientBuilderV1_0_13.ts
|
|
3057
|
-
var
|
|
2756
|
+
var import_oid4vci_common21 = require("@sphereon/oid4vci-common");
|
|
3058
2757
|
var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilderV1_0_13 {
|
|
3059
2758
|
static {
|
|
3060
2759
|
__name(this, "CredentialRequestClientBuilderV1_0_13");
|
|
@@ -3073,7 +2772,7 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
3073
2772
|
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
3074
2773
|
const issuer = credentialIssuer;
|
|
3075
2774
|
const builder = new _CredentialRequestClientBuilderV1_0_13();
|
|
3076
|
-
builder.withVersion(version ??
|
|
2775
|
+
builder.withVersion(version ?? import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_13);
|
|
3077
2776
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3078
2777
|
if (metadata?.deferred_credential_endpoint) {
|
|
3079
2778
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
@@ -3097,12 +2796,12 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
3097
2796
|
}
|
|
3098
2797
|
static fromCredentialOfferRequest(opts) {
|
|
3099
2798
|
const { request, metadata } = opts;
|
|
3100
|
-
const version = opts.version ?? request.version ?? (0,
|
|
3101
|
-
if (version <
|
|
2799
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common21.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
2800
|
+
if (version < import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_13) {
|
|
3102
2801
|
throw new Error("Versions below v1.0.13 (draft 13) are not supported.");
|
|
3103
2802
|
}
|
|
3104
2803
|
const builder = new _CredentialRequestClientBuilderV1_0_13();
|
|
3105
|
-
const issuer = (0,
|
|
2804
|
+
const issuer = (0, import_oid4vci_common21.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
3106
2805
|
builder.withVersion(version);
|
|
3107
2806
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3108
2807
|
if (metadata?.deferred_credential_endpoint) {
|
|
@@ -3179,890 +2878,168 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
3179
2878
|
}
|
|
3180
2879
|
build() {
|
|
3181
2880
|
if (!this.version) {
|
|
3182
|
-
this.withVersion(
|
|
2881
|
+
this.withVersion(import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_11);
|
|
3183
2882
|
}
|
|
3184
2883
|
return new CredentialRequestClient(this);
|
|
3185
2884
|
}
|
|
3186
2885
|
};
|
|
3187
2886
|
|
|
3188
|
-
// lib/
|
|
3189
|
-
|
|
3190
|
-
|
|
2887
|
+
// lib/CredentialRequestClientBuilder.ts
|
|
2888
|
+
function isV1_0_13(builder) {
|
|
2889
|
+
return builder.withCredentialIdentifier !== void 0;
|
|
2890
|
+
}
|
|
2891
|
+
__name(isV1_0_13, "isV1_0_13");
|
|
2892
|
+
var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
3191
2893
|
static {
|
|
3192
|
-
__name(this, "
|
|
2894
|
+
__name(this, "CredentialRequestClientBuilder");
|
|
3193
2895
|
}
|
|
3194
|
-
|
|
3195
|
-
|
|
3196
|
-
|
|
3197
|
-
|
|
3198
|
-
|
|
3199
|
-
|
|
3200
|
-
|
|
3201
|
-
|
|
3202
|
-
|
|
3203
|
-
|
|
3204
|
-
|
|
3205
|
-
|
|
3206
|
-
|
|
3207
|
-
|
|
3208
|
-
|
|
3209
|
-
|
|
3210
|
-
|
|
3211
|
-
|
|
3212
|
-
|
|
3213
|
-
builder.
|
|
3214
|
-
|
|
3215
|
-
|
|
3216
|
-
|
|
3217
|
-
|
|
3218
|
-
|
|
3219
|
-
builder.withCredentialIdentifier(credentialIdentifier);
|
|
3220
|
-
}
|
|
3221
|
-
if (credentialConfigurationId) {
|
|
3222
|
-
builder.withCredentialConfigurationId(credentialConfigurationId);
|
|
3223
|
-
}
|
|
3224
|
-
if (credentialTypes) {
|
|
3225
|
-
builder.withCredentialType(credentialTypes);
|
|
2896
|
+
_builder;
|
|
2897
|
+
constructor(builder) {
|
|
2898
|
+
this._builder = builder;
|
|
2899
|
+
}
|
|
2900
|
+
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
2901
|
+
const specVersion = version ?? import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13;
|
|
2902
|
+
let builder;
|
|
2903
|
+
if (specVersion >= import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2904
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialIssuer({
|
|
2905
|
+
credentialIssuer,
|
|
2906
|
+
metadata,
|
|
2907
|
+
version,
|
|
2908
|
+
credentialIdentifier,
|
|
2909
|
+
credentialTypes
|
|
2910
|
+
});
|
|
2911
|
+
} else {
|
|
2912
|
+
if (!credentialTypes || credentialTypes.length === 0) {
|
|
2913
|
+
throw new Error("CredentialTypes must be provided for v1_0_11");
|
|
2914
|
+
}
|
|
2915
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialIssuer({
|
|
2916
|
+
credentialIssuer,
|
|
2917
|
+
metadata,
|
|
2918
|
+
version,
|
|
2919
|
+
credentialTypes
|
|
2920
|
+
});
|
|
3226
2921
|
}
|
|
3227
|
-
return builder;
|
|
2922
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3228
2923
|
}
|
|
3229
2924
|
static async fromURI({ uri, metadata }) {
|
|
3230
2925
|
const offer = await CredentialOfferClient.fromURI(uri);
|
|
3231
|
-
return
|
|
2926
|
+
return _CredentialRequestClientBuilder.fromCredentialOfferRequest({
|
|
3232
2927
|
request: offer,
|
|
3233
|
-
...offer,
|
|
3234
|
-
metadata,
|
|
3235
|
-
version: offer.version
|
|
3236
|
-
});
|
|
3237
|
-
}
|
|
3238
|
-
static fromCredentialOfferRequest(opts) {
|
|
3239
|
-
const { request, metadata } = opts;
|
|
3240
|
-
const version = opts.version ?? request.version ?? (0, import_oid4vci_common24.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
3241
|
-
if (version < import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_15) {
|
|
3242
|
-
throw new Error("Versions below v1.0.15 (draft 15) are not supported.");
|
|
3243
|
-
}
|
|
3244
|
-
const builder = new _CredentialRequestClientBuilderV1_0_15();
|
|
3245
|
-
const issuer = (0, import_oid4vci_common24.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
3246
|
-
builder.withVersion(version);
|
|
3247
|
-
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3248
|
-
if (metadata?.deferred_credential_endpoint) {
|
|
3249
|
-
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
3250
|
-
}
|
|
3251
|
-
if (metadata?.nonce_endpoint) {
|
|
3252
|
-
builder.withNonceEndpoint(metadata.nonce_endpoint);
|
|
3253
|
-
}
|
|
3254
|
-
const ids = request.credential_offer.credential_configuration_ids;
|
|
3255
|
-
if (ids.length && ids.length === 1) {
|
|
3256
|
-
builder.withCredentialConfigurationId(ids[0]);
|
|
3257
|
-
}
|
|
3258
|
-
return builder;
|
|
3259
|
-
}
|
|
3260
|
-
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
3261
|
-
const builder = _CredentialRequestClientBuilderV1_0_15.fromCredentialOfferRequest({
|
|
3262
|
-
request: credentialOffer,
|
|
3263
|
-
metadata,
|
|
3264
|
-
version: credentialOffer.version
|
|
3265
|
-
});
|
|
3266
|
-
return builder;
|
|
3267
|
-
}
|
|
3268
|
-
withCredentialEndpointFromMetadata(metadata) {
|
|
3269
|
-
this.credentialEndpoint = metadata.credential_endpoint;
|
|
3270
|
-
return this;
|
|
3271
|
-
}
|
|
3272
|
-
withCredentialEndpoint(credentialEndpoint) {
|
|
3273
|
-
this.credentialEndpoint = credentialEndpoint;
|
|
3274
|
-
return this;
|
|
3275
|
-
}
|
|
3276
|
-
withIssuerState(issuerState) {
|
|
3277
|
-
this.issuerState = issuerState;
|
|
3278
|
-
return this;
|
|
3279
|
-
}
|
|
3280
|
-
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
3281
|
-
this.deferredCredentialEndpoint = metadata.deferred_credential_endpoint;
|
|
3282
|
-
return this;
|
|
3283
|
-
}
|
|
3284
|
-
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
3285
|
-
this.deferredCredentialEndpoint = deferredCredentialEndpoint;
|
|
3286
|
-
return this;
|
|
3287
|
-
}
|
|
3288
|
-
// New in v15: Support for nonce endpoint
|
|
3289
|
-
withNonceEndpointFromMetadata(metadata) {
|
|
3290
|
-
this.nonceEndpoint = metadata.nonce_endpoint;
|
|
3291
|
-
return this;
|
|
3292
|
-
}
|
|
3293
|
-
withNonceEndpoint(nonceEndpoint) {
|
|
3294
|
-
this.nonceEndpoint = nonceEndpoint;
|
|
3295
|
-
return this;
|
|
3296
|
-
}
|
|
3297
|
-
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
3298
|
-
this.deferredCredentialAwait = deferredCredentialAwait;
|
|
3299
|
-
this.deferredCredentialIntervalInMS = deferredCredentialIntervalInMS ?? 5e3;
|
|
3300
|
-
return this;
|
|
3301
|
-
}
|
|
3302
|
-
// New in v15: Support for credential_identifier (used when authorization_details with credential_identifiers was used)
|
|
3303
|
-
withCredentialIdentifier(credentialIdentifier) {
|
|
3304
|
-
this.credentialIdentifier = credentialIdentifier;
|
|
3305
|
-
return this;
|
|
3306
|
-
}
|
|
3307
|
-
// New in v15: Support for credential_configuration_id (used when scope was used and no credential_identifiers returned)
|
|
3308
|
-
withCredentialConfigurationId(credentialConfigurationId) {
|
|
3309
|
-
this.credentialConfigurationId = credentialConfigurationId;
|
|
3310
|
-
return this;
|
|
3311
|
-
}
|
|
3312
|
-
// Legacy support for credential types (may be used internally to map to configuration IDs)
|
|
3313
|
-
withCredentialType(credentialTypes) {
|
|
3314
|
-
this.credentialTypes = Array.isArray(credentialTypes) ? credentialTypes : [
|
|
3315
|
-
credentialTypes
|
|
3316
|
-
];
|
|
3317
|
-
return this;
|
|
3318
|
-
}
|
|
3319
|
-
// Note: withFormat() method removed in v15 - format is no longer part of credential requests
|
|
3320
|
-
withSubjectIssuance(subjectIssuance) {
|
|
3321
|
-
this.subjectIssuance = subjectIssuance;
|
|
3322
|
-
return this;
|
|
3323
|
-
}
|
|
3324
|
-
withToken(accessToken) {
|
|
3325
|
-
this.token = accessToken;
|
|
3326
|
-
return this;
|
|
3327
|
-
}
|
|
3328
|
-
withTokenFromResponse(response) {
|
|
3329
|
-
this.token = response.access_token;
|
|
3330
|
-
return this;
|
|
3331
|
-
}
|
|
3332
|
-
withVersion(version) {
|
|
3333
|
-
this.version = version;
|
|
3334
|
-
return this;
|
|
3335
|
-
}
|
|
3336
|
-
build() {
|
|
3337
|
-
if (!this.version) {
|
|
3338
|
-
this.withVersion(import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_15);
|
|
3339
|
-
}
|
|
3340
|
-
return new CredentialRequestClient(this);
|
|
3341
|
-
}
|
|
3342
|
-
};
|
|
3343
|
-
|
|
3344
|
-
// lib/CredentialRequestClientBuilder.ts
|
|
3345
|
-
function isV1_0_13(builder) {
|
|
3346
|
-
return builder.withCredentialIdentifier !== void 0;
|
|
3347
|
-
}
|
|
3348
|
-
__name(isV1_0_13, "isV1_0_13");
|
|
3349
|
-
function isV1_0_15(builder) {
|
|
3350
|
-
return builder.withCredentialIdentifier !== void 0;
|
|
3351
|
-
}
|
|
3352
|
-
__name(isV1_0_15, "isV1_0_15");
|
|
3353
|
-
var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
3354
|
-
static {
|
|
3355
|
-
__name(this, "CredentialRequestClientBuilder");
|
|
3356
|
-
}
|
|
3357
|
-
_builder;
|
|
3358
|
-
constructor(builder) {
|
|
3359
|
-
this._builder = builder;
|
|
3360
|
-
}
|
|
3361
|
-
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
3362
|
-
const specVersion = version ?? import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_15;
|
|
3363
|
-
let builder;
|
|
3364
|
-
if (specVersion >= import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_15) {
|
|
3365
|
-
builder = CredentialRequestClientBuilderV1_0_15.fromCredentialIssuer({
|
|
3366
|
-
credentialIssuer,
|
|
3367
|
-
metadata,
|
|
3368
|
-
version,
|
|
3369
|
-
credentialIdentifier,
|
|
3370
|
-
credentialTypes
|
|
3371
|
-
});
|
|
3372
|
-
} else if (specVersion >= import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3373
|
-
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialIssuer({
|
|
3374
|
-
credentialIssuer,
|
|
3375
|
-
metadata,
|
|
3376
|
-
version,
|
|
3377
|
-
credentialIdentifier,
|
|
3378
|
-
credentialTypes
|
|
3379
|
-
});
|
|
3380
|
-
} else {
|
|
3381
|
-
if (!credentialTypes || credentialTypes.length === 0) {
|
|
3382
|
-
throw new Error("CredentialTypes must be provided for v1_0_11");
|
|
3383
|
-
}
|
|
3384
|
-
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialIssuer({
|
|
3385
|
-
credentialIssuer,
|
|
3386
|
-
metadata,
|
|
3387
|
-
version,
|
|
3388
|
-
credentialTypes
|
|
3389
|
-
});
|
|
3390
|
-
}
|
|
3391
|
-
return new _CredentialRequestClientBuilder(builder);
|
|
3392
|
-
}
|
|
3393
|
-
static async fromURI({ uri, metadata }) {
|
|
3394
|
-
const offer = await CredentialOfferClient.fromURI(uri);
|
|
3395
|
-
return _CredentialRequestClientBuilder.fromCredentialOfferRequest({
|
|
3396
|
-
request: offer,
|
|
3397
|
-
...offer,
|
|
3398
|
-
metadata,
|
|
3399
|
-
version: offer.version
|
|
3400
|
-
});
|
|
3401
|
-
}
|
|
3402
|
-
static fromCredentialOfferRequest(opts) {
|
|
3403
|
-
const { request } = opts;
|
|
3404
|
-
const version = opts.version ?? request.version ?? (0, import_oid4vci_common25.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
3405
|
-
let builder;
|
|
3406
|
-
if (version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3407
|
-
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest(opts);
|
|
3408
|
-
} else {
|
|
3409
|
-
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOfferRequest(opts);
|
|
3410
|
-
}
|
|
3411
|
-
return new _CredentialRequestClientBuilder(builder);
|
|
3412
|
-
}
|
|
3413
|
-
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
3414
|
-
const version = (0, import_oid4vci_common25.determineSpecVersionFromOffer)(credentialOffer.credential_offer);
|
|
3415
|
-
let builder;
|
|
3416
|
-
if (version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3417
|
-
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
3418
|
-
credentialOffer,
|
|
3419
|
-
metadata
|
|
3420
|
-
});
|
|
3421
|
-
} else {
|
|
3422
|
-
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
3423
|
-
credentialOffer,
|
|
3424
|
-
metadata
|
|
3425
|
-
});
|
|
3426
|
-
}
|
|
3427
|
-
return new _CredentialRequestClientBuilder(builder);
|
|
3428
|
-
}
|
|
3429
|
-
getVersion() {
|
|
3430
|
-
return this._builder.version;
|
|
3431
|
-
}
|
|
3432
|
-
withCredentialEndpointFromMetadata(metadata) {
|
|
3433
|
-
if (isV1_0_15(this._builder)) {
|
|
3434
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3435
|
-
} else if (isV1_0_13(this._builder)) {
|
|
3436
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3437
|
-
} else {
|
|
3438
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3439
|
-
}
|
|
3440
|
-
return this;
|
|
3441
|
-
}
|
|
3442
|
-
withCredentialEndpoint(credentialEndpoint) {
|
|
3443
|
-
this._builder.withCredentialEndpoint(credentialEndpoint);
|
|
3444
|
-
return this;
|
|
3445
|
-
}
|
|
3446
|
-
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
3447
|
-
if (isV1_0_15(this._builder)) {
|
|
3448
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3449
|
-
} else if (isV1_0_13(this._builder)) {
|
|
3450
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3451
|
-
} else {
|
|
3452
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3453
|
-
}
|
|
3454
|
-
return this;
|
|
3455
|
-
}
|
|
3456
|
-
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
3457
|
-
this._builder.withDeferredCredentialEndpoint(deferredCredentialEndpoint);
|
|
3458
|
-
return this;
|
|
3459
|
-
}
|
|
3460
|
-
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
3461
|
-
this._builder.withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS);
|
|
3462
|
-
return this;
|
|
3463
|
-
}
|
|
3464
|
-
withCredentialIdentifier(credentialIdentifier) {
|
|
3465
|
-
if (this._builder.version === void 0 || this._builder.version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3466
|
-
throw new Error("Version of spec should be equal or higher than v1_0_13");
|
|
3467
|
-
}
|
|
3468
|
-
;
|
|
3469
|
-
this._builder.withCredentialIdentifier(credentialIdentifier);
|
|
3470
|
-
return this;
|
|
3471
|
-
}
|
|
3472
|
-
withIssuerState(issuerState) {
|
|
3473
|
-
this._builder.withIssuerState(issuerState);
|
|
3474
|
-
return this;
|
|
3475
|
-
}
|
|
3476
|
-
withCredentialType(credentialTypes) {
|
|
3477
|
-
this._builder.withCredentialType(credentialTypes);
|
|
3478
|
-
return this;
|
|
3479
|
-
}
|
|
3480
|
-
withFormat(format) {
|
|
3481
|
-
if ("withFormat" in this._builder) {
|
|
3482
|
-
this._builder.withFormat(format);
|
|
3483
|
-
}
|
|
3484
|
-
return this;
|
|
3485
|
-
}
|
|
3486
|
-
withSubjectIssuance(subjectIssuance) {
|
|
3487
|
-
this._builder.withSubjectIssuance(subjectIssuance);
|
|
3488
|
-
return this;
|
|
3489
|
-
}
|
|
3490
|
-
withToken(accessToken) {
|
|
3491
|
-
this._builder.withToken(accessToken);
|
|
3492
|
-
return this;
|
|
3493
|
-
}
|
|
3494
|
-
withTokenFromResponse(response) {
|
|
3495
|
-
this._builder.withTokenFromResponse(response);
|
|
3496
|
-
return this;
|
|
3497
|
-
}
|
|
3498
|
-
withVersion(version) {
|
|
3499
|
-
this._builder.withVersion(version);
|
|
3500
|
-
return this;
|
|
3501
|
-
}
|
|
3502
|
-
build() {
|
|
3503
|
-
return this._builder.build();
|
|
3504
|
-
}
|
|
3505
|
-
};
|
|
3506
|
-
|
|
3507
|
-
// lib/OpenID4VCIClient.ts
|
|
3508
|
-
var import_oid4vci_common28 = require("@sphereon/oid4vci-common");
|
|
3509
|
-
var import_ssi_types17 = require("@sphereon/ssi-types");
|
|
3510
|
-
|
|
3511
|
-
// lib/OpenID4VCIClientV1_0_15.ts
|
|
3512
|
-
var import_oid4vci_common27 = require("@sphereon/oid4vci-common");
|
|
3513
|
-
var import_ssi_types16 = require("@sphereon/ssi-types");
|
|
3514
|
-
|
|
3515
|
-
// lib/NonceClient.ts
|
|
3516
|
-
var import_oid4vci_common26 = require("@sphereon/oid4vci-common");
|
|
3517
|
-
var sendNonceRequest = /* @__PURE__ */ __name(async (nonceEndpointUrl, opts) => {
|
|
3518
|
-
return await (0, import_oid4vci_common26.formPost)(nonceEndpointUrl, new URLSearchParams(), {
|
|
3519
|
-
customHeaders: opts?.headers ? opts.headers : void 0
|
|
3520
|
-
});
|
|
3521
|
-
}, "sendNonceRequest");
|
|
3522
|
-
var acquireNonceFromAuthorizationServer = /* @__PURE__ */ __name(async (opts) => {
|
|
3523
|
-
const metadata = opts?.metadata ? opts.metadata : opts?.issuerOpts?.fetchMetadata ? await MetadataClient.retrieveAllMetadata(opts.issuerOpts.issuer, {
|
|
3524
|
-
errorOnNotFound: false
|
|
3525
|
-
}) : void 0;
|
|
3526
|
-
const nonceEndpointUrl = metadata?.nonce_endpoint;
|
|
3527
|
-
if (!nonceEndpointUrl) {
|
|
3528
|
-
return Promise.reject(Error("Cannot determine nonce endpoint URL"));
|
|
3529
|
-
}
|
|
3530
|
-
return await sendNonceRequest(nonceEndpointUrl, {
|
|
3531
|
-
headers: opts?.headers
|
|
3532
|
-
});
|
|
3533
|
-
}, "acquireNonceFromAuthorizationServer");
|
|
3534
|
-
|
|
3535
|
-
// lib/OpenID4VCIClientV1_0_15.ts
|
|
3536
|
-
var logger14 = import_ssi_types16.Loggers.DEFAULT.get("sphereon:oid4vci:v15");
|
|
3537
|
-
var OpenID4VCIClientV1_0_15 = class _OpenID4VCIClientV1_0_15 {
|
|
3538
|
-
static {
|
|
3539
|
-
__name(this, "OpenID4VCIClientV1_0_15");
|
|
3540
|
-
}
|
|
3541
|
-
_state;
|
|
3542
|
-
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL, keyAttestation }) {
|
|
3543
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common27.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
3544
|
-
if (!issuer) {
|
|
3545
|
-
throw Error("No credential issuer supplied or deduced from offer");
|
|
3546
|
-
}
|
|
3547
|
-
this._state = {
|
|
3548
|
-
credentialOffer,
|
|
3549
|
-
credentialIssuer: issuer,
|
|
3550
|
-
kid,
|
|
3551
|
-
alg,
|
|
3552
|
-
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common27.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
3553
|
-
pkce: {
|
|
3554
|
-
disabled: false,
|
|
3555
|
-
codeChallengeMethod: import_oid4vci_common27.CodeChallengeMethod.S256,
|
|
3556
|
-
...pkce
|
|
3557
|
-
},
|
|
3558
|
-
authorizationRequestOpts,
|
|
3559
|
-
authorizationCodeResponse,
|
|
3560
|
-
jwk,
|
|
3561
|
-
endpointMetadata,
|
|
3562
|
-
accessTokenResponse,
|
|
3563
|
-
authorizationURL,
|
|
3564
|
-
keyAttestation
|
|
3565
|
-
};
|
|
3566
|
-
if (!this._state.authorizationRequestOpts) {
|
|
3567
|
-
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
3568
|
-
}
|
|
3569
|
-
logger14.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
3570
|
-
}
|
|
3571
|
-
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, keyAttestation }) {
|
|
3572
|
-
const client = new _OpenID4VCIClientV1_0_15({
|
|
3573
|
-
kid,
|
|
3574
|
-
alg,
|
|
3575
|
-
clientId: clientId ?? authorizationRequest?.clientId,
|
|
3576
|
-
credentialIssuer,
|
|
3577
|
-
pkce,
|
|
3578
|
-
authorizationRequest,
|
|
3579
|
-
keyAttestation
|
|
3580
|
-
});
|
|
3581
|
-
if (retrieveServerMetadata !== false) {
|
|
3582
|
-
await client.retrieveServerMetadata();
|
|
3583
|
-
}
|
|
3584
|
-
if (createAuthorizationRequestURL !== false) {
|
|
3585
|
-
await client.createAuthorizationRequestUrl({
|
|
3586
|
-
authorizationRequest,
|
|
3587
|
-
pkce
|
|
3588
|
-
});
|
|
3589
|
-
}
|
|
3590
|
-
return client;
|
|
3591
|
-
}
|
|
3592
|
-
static async fromState({ state }) {
|
|
3593
|
-
const clientState = typeof state === "string" ? JSON.parse(state) : state;
|
|
3594
|
-
return new _OpenID4VCIClientV1_0_15(clientState);
|
|
3595
|
-
}
|
|
3596
|
-
static async fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, keyAttestation }) {
|
|
3597
|
-
const credentialOfferClient = await CredentialOfferClientV1_0_15.fromURI(uri, {
|
|
3598
|
-
resolve: resolveOfferUri
|
|
3599
|
-
});
|
|
3600
|
-
const client = new _OpenID4VCIClientV1_0_15({
|
|
3601
|
-
credentialOffer: credentialOfferClient,
|
|
3602
|
-
kid,
|
|
3603
|
-
alg,
|
|
3604
|
-
clientId: clientId ?? authorizationRequest?.clientId ?? credentialOfferClient.clientId,
|
|
3605
|
-
pkce,
|
|
3606
|
-
authorizationRequest,
|
|
3607
|
-
keyAttestation
|
|
3608
|
-
});
|
|
3609
|
-
if (retrieveServerMetadata !== false) {
|
|
3610
|
-
await client.retrieveServerMetadata();
|
|
3611
|
-
}
|
|
3612
|
-
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && createAuthorizationRequestURL !== false) {
|
|
3613
|
-
await client.createAuthorizationRequestUrl({
|
|
3614
|
-
authorizationRequest,
|
|
3615
|
-
pkce
|
|
3616
|
-
});
|
|
3617
|
-
logger14.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
3618
|
-
}
|
|
3619
|
-
return client;
|
|
3620
|
-
}
|
|
3621
|
-
async createAuthorizationRequestUrl(opts) {
|
|
3622
|
-
if (!this._state.authorizationURL) {
|
|
3623
|
-
this.calculatePKCEOpts(opts?.pkce);
|
|
3624
|
-
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(opts?.authorizationRequest);
|
|
3625
|
-
if (!this._state.authorizationRequestOpts) {
|
|
3626
|
-
throw Error(`No Authorization Request options present or provided in this call`);
|
|
3627
|
-
}
|
|
3628
|
-
if (this._state.endpointMetadata?.credentialIssuerMetadata && "authorization_endpoint" in this._state.endpointMetadata.credentialIssuerMetadata) {
|
|
3629
|
-
this._state.endpointMetadata.authorization_endpoint = this._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint;
|
|
3630
|
-
}
|
|
3631
|
-
this._state.authorizationURL = await createAuthorizationRequestUrl({
|
|
3632
|
-
pkce: this._state.pkce,
|
|
3633
|
-
endpointMetadata: this.endpointMetadata,
|
|
3634
|
-
authorizationRequest: this._state.authorizationRequestOpts,
|
|
3635
|
-
credentialOffer: this.credentialOffer,
|
|
3636
|
-
credentialConfigurationSupported: this.getCredentialsSupported(false)
|
|
3637
|
-
});
|
|
3638
|
-
}
|
|
3639
|
-
return this._state.authorizationURL;
|
|
3640
|
-
}
|
|
3641
|
-
async retrieveServerMetadata() {
|
|
3642
|
-
this.assertIssuerData();
|
|
3643
|
-
if (!this._state.endpointMetadata) {
|
|
3644
|
-
if (this.credentialOffer) {
|
|
3645
|
-
this._state.endpointMetadata = await MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOffer(this.credentialOffer);
|
|
3646
|
-
} else if (this._state.credentialIssuer) {
|
|
3647
|
-
this._state.endpointMetadata = await MetadataClientV1_0_15.retrieveAllMetadata(this._state.credentialIssuer);
|
|
3648
|
-
} else {
|
|
3649
|
-
throw Error(`Cannot retrieve issuer metadata without either a credential offer, or issuer value`);
|
|
3650
|
-
}
|
|
3651
|
-
}
|
|
3652
|
-
return this.endpointMetadata;
|
|
3653
|
-
}
|
|
3654
|
-
async acquireNonce() {
|
|
3655
|
-
const response = await acquireNonceFromAuthorizationServer({
|
|
3656
|
-
metadata: this.endpointMetadata,
|
|
3657
|
-
issuerOpts: {
|
|
3658
|
-
issuer: this.getIssuer(),
|
|
3659
|
-
fetchMetadata: false
|
|
3660
|
-
}
|
|
3661
|
-
});
|
|
3662
|
-
if (response.errorBody) {
|
|
3663
|
-
logger14.debug(`Nonce request error:\r
|
|
3664
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3665
|
-
return Promise.reject(Error(`Retrieving a nonce from ${this._state.endpointMetadata?.nonce_endpoint} for issuer ${this.getIssuer()} failed with error: ${response.errorBody.error}${response.errorBody.error_description ? ` - ${response.errorBody.error_description}` : ""}`));
|
|
3666
|
-
} else if (!response.successBody) {
|
|
3667
|
-
logger14.debug(`Nonce request error. No success body`);
|
|
3668
|
-
return Promise.reject(Error(`Retrieving a nonce from ${this._state.endpointMetadata?.nonce_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3669
|
-
}
|
|
3670
|
-
this._state.cachedCNonce = response.successBody.c_nonce;
|
|
3671
|
-
return response.successBody.c_nonce;
|
|
3672
|
-
}
|
|
3673
|
-
calculatePKCEOpts(pkce) {
|
|
3674
|
-
this._state.pkce = generateMissingPKCEOpts({
|
|
3675
|
-
...this._state.pkce,
|
|
3676
|
-
...pkce
|
|
3677
|
-
});
|
|
3678
|
-
}
|
|
3679
|
-
async acquireAuthorizationChallengeCode(opts) {
|
|
3680
|
-
const response = await acquireAuthorizationChallengeAuthCode({
|
|
3681
|
-
metadata: this.endpointMetadata,
|
|
3682
|
-
credentialIssuer: this.getIssuer(),
|
|
3683
|
-
clientId: this._state.clientId ?? this._state.authorizationRequestOpts?.clientId,
|
|
3684
|
-
...opts
|
|
3685
|
-
});
|
|
3686
|
-
if (response.errorBody) {
|
|
3687
|
-
logger14.debug(`Authorization code error:\r
|
|
3688
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3689
|
-
const error = response.errorBody;
|
|
3690
|
-
return Promise.reject(error);
|
|
3691
|
-
} else if (!response.successBody) {
|
|
3692
|
-
logger14.debug(`Authorization code error. No success body`);
|
|
3693
|
-
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3694
|
-
}
|
|
3695
|
-
return {
|
|
3696
|
-
...response.successBody
|
|
3697
|
-
};
|
|
3698
|
-
}
|
|
3699
|
-
async acquireAccessToken(opts) {
|
|
3700
|
-
const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
|
|
3701
|
-
let { redirectUri } = opts ?? {};
|
|
3702
|
-
const code = this.getAuthorizationCode(opts?.authorizationResponse, opts?.code);
|
|
3703
|
-
if (opts?.codeVerifier) {
|
|
3704
|
-
this._state.pkce.codeVerifier = opts.codeVerifier;
|
|
3705
|
-
}
|
|
3706
|
-
this.assertIssuerData();
|
|
3707
|
-
const asOpts = {
|
|
3708
|
-
...opts?.asOpts
|
|
3709
|
-
};
|
|
3710
|
-
const kid = asOpts.clientOpts?.kid ?? this._state.kid ?? this._state.authorizationRequestOpts?.requestObjectOpts?.kid;
|
|
3711
|
-
const clientAssertionType = asOpts.clientOpts?.clientAssertionType ?? (kid && clientId && typeof asOpts.clientOpts?.signCallbacks?.signCallback === "function" ? "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" : void 0);
|
|
3712
|
-
if (this.isEBSI() || clientId && kid) {
|
|
3713
|
-
if (!clientId) {
|
|
3714
|
-
throw Error(`Client id expected for EBSI`);
|
|
3715
|
-
}
|
|
3716
|
-
asOpts.clientOpts = {
|
|
3717
|
-
...asOpts.clientOpts,
|
|
3718
|
-
clientId,
|
|
3719
|
-
...kid && {
|
|
3720
|
-
kid
|
|
3721
|
-
},
|
|
3722
|
-
...clientAssertionType && {
|
|
3723
|
-
clientAssertionType
|
|
3724
|
-
},
|
|
3725
|
-
signCallbacks: asOpts.clientOpts?.signCallbacks ?? this._state.authorizationRequestOpts?.requestObjectOpts?.signCallbacks
|
|
3726
|
-
};
|
|
3727
|
-
}
|
|
3728
|
-
if (clientId) {
|
|
3729
|
-
this._state.clientId = clientId;
|
|
3730
|
-
if (!asOpts.clientOpts) {
|
|
3731
|
-
asOpts.clientOpts = {
|
|
3732
|
-
clientId
|
|
3733
|
-
};
|
|
3734
|
-
}
|
|
3735
|
-
asOpts.clientOpts.clientId = clientId;
|
|
3736
|
-
}
|
|
3737
|
-
if (!this._state.accessTokenResponse) {
|
|
3738
|
-
const accessTokenClient = new AccessTokenClient();
|
|
3739
|
-
if (redirectUri && redirectUri !== this._state.authorizationRequestOpts?.redirectUri) {
|
|
3740
|
-
console.log(`Redirect URI mismatch between access-token (${redirectUri}) and authorization request (${this._state.authorizationRequestOpts?.redirectUri}). According to the specification that is not allowed.`);
|
|
3741
|
-
}
|
|
3742
|
-
if (this._state.authorizationRequestOpts?.redirectUri && !redirectUri) {
|
|
3743
|
-
redirectUri = this._state.authorizationRequestOpts.redirectUri;
|
|
3744
|
-
}
|
|
3745
|
-
const response = await accessTokenClient.acquireAccessToken({
|
|
3746
|
-
credentialOffer: this.credentialOffer,
|
|
3747
|
-
metadata: this.endpointMetadata,
|
|
3748
|
-
credentialIssuer: this.getIssuer(),
|
|
3749
|
-
pin,
|
|
3750
|
-
...!this._state.pkce.disabled && {
|
|
3751
|
-
codeVerifier: this._state.pkce.codeVerifier
|
|
3752
|
-
},
|
|
3753
|
-
code,
|
|
3754
|
-
redirectUri,
|
|
3755
|
-
asOpts,
|
|
3756
|
-
...opts?.createDPoPOpts && {
|
|
3757
|
-
createDPoPOpts: opts.createDPoPOpts
|
|
3758
|
-
},
|
|
3759
|
-
...opts?.additionalRequestParams && {
|
|
3760
|
-
additionalParams: opts.additionalRequestParams
|
|
3761
|
-
}
|
|
3762
|
-
});
|
|
3763
|
-
if (response.errorBody) {
|
|
3764
|
-
logger14.debug(`Access token error:\r
|
|
3765
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3766
|
-
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3767
|
-
} else if (!response.successBody) {
|
|
3768
|
-
logger14.debug(`Access token error. No success body`);
|
|
3769
|
-
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3770
|
-
}
|
|
3771
|
-
this._state.accessTokenResponse = response.successBody;
|
|
3772
|
-
this._state.dpopResponseParams = response.params;
|
|
3773
|
-
this._state.accessToken = response.successBody.access_token;
|
|
3774
|
-
}
|
|
3775
|
-
return {
|
|
3776
|
-
...this.accessTokenResponse,
|
|
3777
|
-
...this.dpopResponseParams && {
|
|
3778
|
-
params: this.dpopResponseParams
|
|
3779
|
-
}
|
|
3780
|
-
};
|
|
3781
|
-
}
|
|
3782
|
-
async acquireCredentials({ credentialIdentifier, credentialConfigurationId, credentialTypes, context, proofCallbacks, format, kid, jwk, alg, jti, deferredCredentialAwait, deferredCredentialIntervalInMS, createDPoPOpts }) {
|
|
3783
|
-
if ([
|
|
3784
|
-
jwk,
|
|
3785
|
-
kid
|
|
3786
|
-
].filter((v) => v !== void 0).length > 1) {
|
|
3787
|
-
throw new Error(import_oid4vci_common27.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
3788
|
-
}
|
|
3789
|
-
if (alg) this._state.alg = alg;
|
|
3790
|
-
if (jwk) this._state.jwk = jwk;
|
|
3791
|
-
if (kid) this._state.kid = kid;
|
|
3792
|
-
const requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_15.fromCredentialOffer({
|
|
3793
|
-
credentialOffer: this.credentialOffer,
|
|
3794
|
-
metadata: this.endpointMetadata
|
|
3795
|
-
}) : CredentialRequestClientBuilderV1_0_15.fromCredentialIssuer({
|
|
3796
|
-
credentialIssuer: this.getIssuer(),
|
|
3797
|
-
credentialTypes,
|
|
3798
|
-
credentialIdentifier,
|
|
3799
|
-
credentialConfigurationId,
|
|
3800
|
-
metadata: this.endpointMetadata,
|
|
3801
|
-
version: this.version()
|
|
3802
|
-
});
|
|
3803
|
-
if (credentialIdentifier) {
|
|
3804
|
-
requestBuilder.withCredentialIdentifier(credentialIdentifier);
|
|
3805
|
-
} else if (credentialConfigurationId) {
|
|
3806
|
-
requestBuilder.withCredentialConfigurationId(credentialConfigurationId);
|
|
3807
|
-
}
|
|
3808
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this._state.cachedCNonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
3809
|
-
requestBuilder.withIssuerState(issuerState);
|
|
3810
|
-
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
3811
|
-
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
3812
|
-
let subjectIssuance;
|
|
3813
|
-
if (this.endpointMetadata?.credentialIssuerMetadata) {
|
|
3814
|
-
const metadata = this.endpointMetadata.credentialIssuerMetadata;
|
|
3815
|
-
if (metadata.credential_configurations_supported) {
|
|
3816
|
-
const configId = credentialConfigurationId ?? credentialIdentifier;
|
|
3817
|
-
if (configId && metadata.credential_configurations_supported[configId]) {
|
|
3818
|
-
const config = metadata.credential_configurations_supported[configId];
|
|
3819
|
-
if (config.credential_subject_issuance) {
|
|
3820
|
-
const subjIssuance = config.credential_subject_issuance;
|
|
3821
|
-
if (subjIssuance.subject_proof_mode && subjIssuance.notification_events_supported) {
|
|
3822
|
-
subjectIssuance = {
|
|
3823
|
-
credential_subject_issuance: {
|
|
3824
|
-
subject_proof_mode: subjIssuance.subject_proof_mode,
|
|
3825
|
-
notification_events_supported: subjIssuance.notification_events_supported
|
|
3826
|
-
}
|
|
3827
|
-
};
|
|
3828
|
-
}
|
|
3829
|
-
}
|
|
3830
|
-
}
|
|
3831
|
-
}
|
|
3832
|
-
}
|
|
3833
|
-
if (subjectIssuance) {
|
|
3834
|
-
requestBuilder.withSubjectIssuance(subjectIssuance);
|
|
3835
|
-
}
|
|
3836
|
-
const credentialRequestClient = requestBuilder.build();
|
|
3837
|
-
if (!this._state.cachedCNonce) {
|
|
3838
|
-
await this.acquireNonce();
|
|
3839
|
-
}
|
|
3840
|
-
const proofBuilder = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
3841
|
-
accessTokenResponse: {
|
|
3842
|
-
...this.accessTokenResponse,
|
|
3843
|
-
c_nonce: this._state.cachedCNonce
|
|
3844
|
-
},
|
|
3845
|
-
callbacks: proofCallbacks,
|
|
3846
|
-
version: this.version()
|
|
3847
|
-
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
3848
|
-
if (this._state.jwk) {
|
|
3849
|
-
proofBuilder.withJWK(this._state.jwk);
|
|
3850
|
-
}
|
|
3851
|
-
if (this._state.kid) {
|
|
3852
|
-
proofBuilder.withKid(this._state.kid);
|
|
3853
|
-
}
|
|
3854
|
-
if (this.clientId) {
|
|
3855
|
-
proofBuilder.withClientId(this.clientId);
|
|
3856
|
-
}
|
|
3857
|
-
if (jti) {
|
|
3858
|
-
proofBuilder.withJti(jti);
|
|
3859
|
-
}
|
|
3860
|
-
const response = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
3861
|
-
proofInput: proofBuilder,
|
|
3862
|
-
credentialIdentifier,
|
|
3863
|
-
credentialTypes,
|
|
3864
|
-
context,
|
|
3865
|
-
format,
|
|
3866
|
-
subjectIssuance,
|
|
3867
|
-
createDPoPOpts
|
|
3868
|
-
});
|
|
3869
|
-
this._state.dpopResponseParams = response.params;
|
|
3870
|
-
if (response.errorBody) {
|
|
3871
|
-
logger14.debug(`Credential request error:\r
|
|
3872
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3873
|
-
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3874
|
-
} else if (!response.successBody) {
|
|
3875
|
-
logger14.debug(`Credential request error. No success body`);
|
|
3876
|
-
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3877
|
-
}
|
|
3878
|
-
return {
|
|
3879
|
-
...response.successBody,
|
|
3880
|
-
...this.dpopResponseParams && {
|
|
3881
|
-
params: this.dpopResponseParams
|
|
3882
|
-
},
|
|
3883
|
-
access_token: response.access_token
|
|
3884
|
-
};
|
|
3885
|
-
}
|
|
3886
|
-
async exportState() {
|
|
3887
|
-
return JSON.stringify(this._state);
|
|
3888
|
-
}
|
|
3889
|
-
getCredentialsSupported(restrictToInitiationTypes, format) {
|
|
3890
|
-
return (0, import_oid4vci_common27.getSupportedCredentials)({
|
|
3891
|
-
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
3892
|
-
version: this.version(),
|
|
3893
|
-
format,
|
|
3894
|
-
types: restrictToInitiationTypes ? [
|
|
3895
|
-
this.getCredentialOfferConfigurationIds()
|
|
3896
|
-
] : void 0
|
|
3897
|
-
});
|
|
3898
|
-
}
|
|
3899
|
-
async sendNotification(credentialRequestOpts, request, accessToken) {
|
|
3900
|
-
return sendNotification(credentialRequestOpts, request, accessToken ?? this._state.accessToken ?? this._state.accessTokenResponse?.access_token);
|
|
3901
|
-
}
|
|
3902
|
-
getCredentialOfferConfigurationIds() {
|
|
3903
|
-
if (!this.credentialOffer) {
|
|
3904
|
-
return [];
|
|
3905
|
-
}
|
|
3906
|
-
return this.credentialOffer.credential_offer?.credential_configuration_ids ?? [];
|
|
3907
|
-
}
|
|
3908
|
-
issuerSupportedFlowTypes() {
|
|
3909
|
-
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ?? this._state.endpointMetadata?.authorization_server ? [
|
|
3910
|
-
import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
3911
|
-
] : []);
|
|
3912
|
-
}
|
|
3913
|
-
isFlowTypeSupported(flowType) {
|
|
3914
|
-
return this.issuerSupportedFlowTypes().includes(flowType);
|
|
3915
|
-
}
|
|
3916
|
-
get authorizationURL() {
|
|
3917
|
-
return this._state.authorizationURL;
|
|
3918
|
-
}
|
|
3919
|
-
hasAuthorizationURL() {
|
|
3920
|
-
return !!this.authorizationURL;
|
|
3921
|
-
}
|
|
3922
|
-
get credentialOffer() {
|
|
3923
|
-
return this._state.credentialOffer;
|
|
3924
|
-
}
|
|
3925
|
-
version() {
|
|
3926
|
-
return import_oid4vci_common27.OpenId4VCIVersion.VER_1_0_15;
|
|
3927
|
-
}
|
|
3928
|
-
get endpointMetadata() {
|
|
3929
|
-
this.assertServerMetadata();
|
|
3930
|
-
return this._state.endpointMetadata;
|
|
3931
|
-
}
|
|
3932
|
-
get kid() {
|
|
3933
|
-
this.assertIssuerData();
|
|
3934
|
-
if (!this._state.kid) {
|
|
3935
|
-
throw new Error("No value for kid is supplied");
|
|
3936
|
-
}
|
|
3937
|
-
return this._state.kid;
|
|
3938
|
-
}
|
|
3939
|
-
get alg() {
|
|
3940
|
-
this.assertIssuerData();
|
|
3941
|
-
if (!this._state.alg) {
|
|
3942
|
-
throw new Error("No value for alg is supplied");
|
|
3943
|
-
}
|
|
3944
|
-
return this._state.alg;
|
|
3945
|
-
}
|
|
3946
|
-
set clientId(value) {
|
|
3947
|
-
this._state.clientId = value;
|
|
3948
|
-
}
|
|
3949
|
-
get clientId() {
|
|
3950
|
-
return this._state.clientId;
|
|
3951
|
-
}
|
|
3952
|
-
hasAccessTokenResponse() {
|
|
3953
|
-
return !!this._state.accessTokenResponse;
|
|
2928
|
+
...offer,
|
|
2929
|
+
metadata,
|
|
2930
|
+
version: offer.version
|
|
2931
|
+
});
|
|
3954
2932
|
}
|
|
3955
|
-
|
|
3956
|
-
|
|
3957
|
-
|
|
2933
|
+
static fromCredentialOfferRequest(opts) {
|
|
2934
|
+
const { request } = opts;
|
|
2935
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common22.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
2936
|
+
let builder;
|
|
2937
|
+
if (version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2938
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest(opts);
|
|
2939
|
+
} else {
|
|
2940
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOfferRequest(opts);
|
|
2941
|
+
}
|
|
2942
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3958
2943
|
}
|
|
3959
|
-
|
|
3960
|
-
|
|
2944
|
+
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
2945
|
+
const version = (0, import_oid4vci_common22.determineSpecVersionFromOffer)(credentialOffer.credential_offer);
|
|
2946
|
+
let builder;
|
|
2947
|
+
if (version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2948
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
2949
|
+
credentialOffer,
|
|
2950
|
+
metadata
|
|
2951
|
+
});
|
|
2952
|
+
} else {
|
|
2953
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
2954
|
+
credentialOffer,
|
|
2955
|
+
metadata
|
|
2956
|
+
});
|
|
2957
|
+
}
|
|
2958
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3961
2959
|
}
|
|
3962
|
-
|
|
3963
|
-
return this.
|
|
2960
|
+
getVersion() {
|
|
2961
|
+
return this._builder.version;
|
|
3964
2962
|
}
|
|
3965
|
-
|
|
3966
|
-
this.
|
|
3967
|
-
|
|
2963
|
+
withCredentialEndpointFromMetadata(metadata) {
|
|
2964
|
+
if (isV1_0_13(this._builder)) {
|
|
2965
|
+
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
2966
|
+
} else {
|
|
2967
|
+
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
2968
|
+
}
|
|
2969
|
+
return this;
|
|
3968
2970
|
}
|
|
3969
|
-
|
|
3970
|
-
this.
|
|
3971
|
-
return this
|
|
3972
|
-
issuerOpts: {
|
|
3973
|
-
issuer: this.getIssuer()
|
|
3974
|
-
}
|
|
3975
|
-
});
|
|
2971
|
+
withCredentialEndpoint(credentialEndpoint) {
|
|
2972
|
+
this._builder.withCredentialEndpoint(credentialEndpoint);
|
|
2973
|
+
return this;
|
|
3976
2974
|
}
|
|
3977
|
-
|
|
3978
|
-
this.
|
|
3979
|
-
|
|
2975
|
+
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
2976
|
+
if (isV1_0_13(this._builder)) {
|
|
2977
|
+
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
2978
|
+
} else {
|
|
2979
|
+
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
2980
|
+
}
|
|
2981
|
+
return this;
|
|
3980
2982
|
}
|
|
3981
|
-
|
|
3982
|
-
|
|
2983
|
+
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
2984
|
+
this._builder.withDeferredCredentialEndpoint(deferredCredentialEndpoint);
|
|
2985
|
+
return this;
|
|
3983
2986
|
}
|
|
3984
|
-
|
|
3985
|
-
|
|
2987
|
+
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
2988
|
+
this._builder.withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS);
|
|
2989
|
+
return this;
|
|
3986
2990
|
}
|
|
3987
|
-
|
|
3988
|
-
this.
|
|
3989
|
-
|
|
2991
|
+
withCredentialIdentifier(credentialIdentifier) {
|
|
2992
|
+
if (this._builder.version === void 0 || this._builder.version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2993
|
+
throw new Error("Version of spec should be equal or higher than v1_0_13");
|
|
2994
|
+
}
|
|
2995
|
+
;
|
|
2996
|
+
this._builder.withCredentialIdentifier(credentialIdentifier);
|
|
2997
|
+
return this;
|
|
3990
2998
|
}
|
|
3991
|
-
|
|
3992
|
-
|
|
2999
|
+
withIssuerState(issuerState) {
|
|
3000
|
+
this._builder.withIssuerState(issuerState);
|
|
3001
|
+
return this;
|
|
3993
3002
|
}
|
|
3994
|
-
|
|
3995
|
-
|
|
3003
|
+
withCredentialType(credentialTypes) {
|
|
3004
|
+
this._builder.withCredentialType(credentialTypes);
|
|
3005
|
+
return this;
|
|
3996
3006
|
}
|
|
3997
|
-
|
|
3998
|
-
this.
|
|
3999
|
-
return this
|
|
3007
|
+
withFormat(format) {
|
|
3008
|
+
this._builder.withFormat(format);
|
|
3009
|
+
return this;
|
|
4000
3010
|
}
|
|
4001
|
-
|
|
4002
|
-
|
|
3011
|
+
withSubjectIssuance(subjectIssuance) {
|
|
3012
|
+
this._builder.withSubjectIssuance(subjectIssuance);
|
|
3013
|
+
return this;
|
|
4003
3014
|
}
|
|
4004
|
-
|
|
4005
|
-
|
|
4006
|
-
|
|
4007
|
-
} else if (!this._state.credentialOffer && this._state.endpointMetadata && this.issuerSupportedFlowTypes().length === 0) {
|
|
4008
|
-
throw Error(`No issuance initiation or credential offer present`);
|
|
4009
|
-
}
|
|
3015
|
+
withToken(accessToken) {
|
|
3016
|
+
this._builder.withToken(accessToken);
|
|
3017
|
+
return this;
|
|
4010
3018
|
}
|
|
4011
|
-
|
|
4012
|
-
|
|
4013
|
-
|
|
4014
|
-
}
|
|
3019
|
+
withTokenFromResponse(response) {
|
|
3020
|
+
this._builder.withTokenFromResponse(response);
|
|
3021
|
+
return this;
|
|
4015
3022
|
}
|
|
4016
|
-
|
|
4017
|
-
|
|
4018
|
-
|
|
4019
|
-
}
|
|
3023
|
+
withVersion(version) {
|
|
3024
|
+
this._builder.withVersion(version);
|
|
3025
|
+
return this;
|
|
4020
3026
|
}
|
|
4021
|
-
|
|
4022
|
-
|
|
4023
|
-
...this._state?.authorizationRequestOpts?.requestObjectOpts,
|
|
4024
|
-
...opts?.requestObjectOpts
|
|
4025
|
-
};
|
|
4026
|
-
let authorizationRequestOpts = {
|
|
4027
|
-
...this._state?.authorizationRequestOpts,
|
|
4028
|
-
...opts,
|
|
4029
|
-
...requestObjectOpts && {
|
|
4030
|
-
requestObjectOpts
|
|
4031
|
-
}
|
|
4032
|
-
};
|
|
4033
|
-
if (!authorizationRequestOpts) {
|
|
4034
|
-
authorizationRequestOpts = {
|
|
4035
|
-
redirectUri: `${import_oid4vci_common27.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
4036
|
-
};
|
|
4037
|
-
}
|
|
4038
|
-
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
4039
|
-
this._state.clientId = clientId;
|
|
4040
|
-
authorizationRequestOpts.clientId = clientId;
|
|
4041
|
-
return authorizationRequestOpts;
|
|
3027
|
+
build() {
|
|
3028
|
+
return this._builder.build();
|
|
4042
3029
|
}
|
|
4043
|
-
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
4044
|
-
if (authorizationResponse) {
|
|
4045
|
-
this._state.authorizationCodeResponse = {
|
|
4046
|
-
...(0, import_oid4vci_common27.toAuthorizationResponsePayload)(authorizationResponse)
|
|
4047
|
-
};
|
|
4048
|
-
} else if (code) {
|
|
4049
|
-
this._state.authorizationCodeResponse = {
|
|
4050
|
-
code
|
|
4051
|
-
};
|
|
4052
|
-
}
|
|
4053
|
-
return this._state.authorizationCodeResponse?.code ?? this._state.authorizationCodeResponse?.authorization_code;
|
|
4054
|
-
}, "getAuthorizationCode");
|
|
4055
3030
|
};
|
|
4056
3031
|
|
|
4057
3032
|
// lib/OpenID4VCIClient.ts
|
|
4058
|
-
var
|
|
3033
|
+
var import_oid4vci_common23 = require("@sphereon/oid4vci-common");
|
|
3034
|
+
var import_ssi_types14 = require("@sphereon/ssi-types");
|
|
3035
|
+
var logger12 = import_ssi_types14.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
4059
3036
|
var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
4060
3037
|
static {
|
|
4061
3038
|
__name(this, "OpenID4VCIClient");
|
|
4062
3039
|
}
|
|
4063
3040
|
_state;
|
|
4064
3041
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, accessToken, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
4065
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
3042
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common23.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
4066
3043
|
if (!issuer) {
|
|
4067
3044
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
4068
3045
|
}
|
|
@@ -4072,10 +3049,10 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4072
3049
|
kid,
|
|
4073
3050
|
alg,
|
|
4074
3051
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
4075
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
3052
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common23.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
4076
3053
|
pkce: {
|
|
4077
3054
|
disabled: false,
|
|
4078
|
-
codeChallengeMethod:
|
|
3055
|
+
codeChallengeMethod: import_oid4vci_common23.CodeChallengeMethod.S256,
|
|
4079
3056
|
...pkce
|
|
4080
3057
|
},
|
|
4081
3058
|
authorizationRequestOpts,
|
|
@@ -4089,7 +3066,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4089
3066
|
if (!this._state.authorizationRequestOpts) {
|
|
4090
3067
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
4091
3068
|
}
|
|
4092
|
-
|
|
3069
|
+
logger12.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
4093
3070
|
}
|
|
4094
3071
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, endpointMetadata }) {
|
|
4095
3072
|
const client = new _OpenID4VCIClient({
|
|
@@ -4132,12 +3109,12 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4132
3109
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
4133
3110
|
await client.retrieveServerMetadata();
|
|
4134
3111
|
}
|
|
4135
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
3112
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common23.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
4136
3113
|
await client.createAuthorizationRequestUrl({
|
|
4137
3114
|
authorizationRequest,
|
|
4138
3115
|
pkce
|
|
4139
3116
|
});
|
|
4140
|
-
|
|
3117
|
+
logger12.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
4141
3118
|
}
|
|
4142
3119
|
return client;
|
|
4143
3120
|
}
|
|
@@ -4157,7 +3134,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4157
3134
|
if (this._state.endpointMetadata?.credentialIssuerMetadata && "authorization_endpoint" in this._state.endpointMetadata.credentialIssuerMetadata) {
|
|
4158
3135
|
this._state.endpointMetadata.authorization_endpoint = this._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint;
|
|
4159
3136
|
}
|
|
4160
|
-
if (this.version() <=
|
|
3137
|
+
if (this.version() <= import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_11) {
|
|
4161
3138
|
this._state.authorizationURL = await createAuthorizationRequestUrlV1_0_11({
|
|
4162
3139
|
pkce: this._state.pkce,
|
|
4163
3140
|
endpointMetadata: this.endpointMetadata,
|
|
@@ -4204,12 +3181,12 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4204
3181
|
...opts
|
|
4205
3182
|
});
|
|
4206
3183
|
if (response.errorBody) {
|
|
4207
|
-
|
|
3184
|
+
logger12.debug(`Authorization code error:\r
|
|
4208
3185
|
${JSON.stringify(response.errorBody)}`);
|
|
4209
3186
|
const error = response.errorBody;
|
|
4210
3187
|
return Promise.reject(error);
|
|
4211
3188
|
} else if (!response.successBody) {
|
|
4212
|
-
|
|
3189
|
+
logger12.debug(`Authorization code error. No success body`);
|
|
4213
3190
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
4214
3191
|
}
|
|
4215
3192
|
return {
|
|
@@ -4255,7 +3232,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4255
3232
|
asOpts.clientOpts.clientId = clientId;
|
|
4256
3233
|
}
|
|
4257
3234
|
if (!this._state.accessTokenResponse) {
|
|
4258
|
-
const accessTokenClient = this.version() <=
|
|
3235
|
+
const accessTokenClient = this.version() <= import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_12 ? new AccessTokenClientV1_0_11() : new AccessTokenClient();
|
|
4259
3236
|
if (redirectUri && redirectUri !== this._state.authorizationRequestOpts?.redirectUri) {
|
|
4260
3237
|
console.log(`Redirect URI mismatch between access-token (${redirectUri}) and authorization request (${this._state.authorizationRequestOpts?.redirectUri}). According to the specification that is not allowed.`);
|
|
4261
3238
|
}
|
|
@@ -4281,11 +3258,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4281
3258
|
}
|
|
4282
3259
|
});
|
|
4283
3260
|
if (response.errorBody) {
|
|
4284
|
-
|
|
3261
|
+
logger12.debug(`Access token error:\r
|
|
4285
3262
|
${JSON.stringify(response.errorBody)}`);
|
|
4286
3263
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4287
3264
|
} else if (!response.successBody) {
|
|
4288
|
-
|
|
3265
|
+
logger12.debug(`Access token error. No success body`);
|
|
4289
3266
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4290
3267
|
}
|
|
4291
3268
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -4304,24 +3281,13 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4304
3281
|
jwk,
|
|
4305
3282
|
kid
|
|
4306
3283
|
].filter((v) => v !== void 0).length > 1) {
|
|
4307
|
-
throw new Error(
|
|
3284
|
+
throw new Error(import_oid4vci_common23.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
4308
3285
|
}
|
|
4309
3286
|
if (alg) this._state.alg = alg;
|
|
4310
3287
|
if (jwk) this._state.jwk = jwk;
|
|
4311
3288
|
if (kid) this._state.kid = kid;
|
|
4312
|
-
try {
|
|
4313
|
-
if (this.version() === import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15 || this.hasNonceEndpoint()) {
|
|
4314
|
-
if (!this._state.cachedCNonce) {
|
|
4315
|
-
await this.acquireNonceViaV15Delegate();
|
|
4316
|
-
}
|
|
4317
|
-
}
|
|
4318
|
-
} catch (e) {
|
|
4319
|
-
if (this.version() === import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15 || this.hasNonceEndpoint()) {
|
|
4320
|
-
return Promise.reject(Error(`failed to acquire nonce: ${String(e)}`));
|
|
4321
|
-
}
|
|
4322
|
-
}
|
|
4323
3289
|
let requestBuilder;
|
|
4324
|
-
if (this.version() <
|
|
3290
|
+
if (this.version() < import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13) {
|
|
4325
3291
|
requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
4326
3292
|
credentialOffer: this.credentialOffer,
|
|
4327
3293
|
metadata: this.endpointMetadata
|
|
@@ -4332,17 +3298,17 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4332
3298
|
version: this.version()
|
|
4333
3299
|
});
|
|
4334
3300
|
} else {
|
|
4335
|
-
requestBuilder = this.credentialOffer ?
|
|
3301
|
+
requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
4336
3302
|
credentialOffer: this.credentialOffer,
|
|
4337
3303
|
metadata: this.endpointMetadata
|
|
4338
|
-
}) :
|
|
3304
|
+
}) : CredentialRequestClientBuilderV1_0_13.fromCredentialIssuer({
|
|
4339
3305
|
credentialIssuer: this.getIssuer(),
|
|
4340
3306
|
credentialTypes,
|
|
4341
3307
|
metadata: this.endpointMetadata,
|
|
4342
3308
|
version: this.version()
|
|
4343
3309
|
});
|
|
4344
3310
|
}
|
|
4345
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(
|
|
3311
|
+
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common23.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this.accessTokenResponse?.c_nonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
4346
3312
|
requestBuilder.withIssuerState(issuerState);
|
|
4347
3313
|
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
4348
3314
|
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
@@ -4355,7 +3321,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4355
3321
|
if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
4356
3322
|
let typeSupported = false;
|
|
4357
3323
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
4358
|
-
const subTypes = (0,
|
|
3324
|
+
const subTypes = (0, import_oid4vci_common23.getTypesFromCredentialSupported)(supportedCredential);
|
|
4359
3325
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
4360
3326
|
typeSupported = true;
|
|
4361
3327
|
if (supportedCredential.credential_subject_issuance) {
|
|
@@ -4379,106 +3345,53 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4379
3345
|
requestBuilder.withSubjectIssuance(subjectIssuance);
|
|
4380
3346
|
}
|
|
4381
3347
|
const credentialRequestClient = requestBuilder.build();
|
|
4382
|
-
|
|
4383
|
-
|
|
4384
|
-
|
|
4385
|
-
|
|
4386
|
-
|
|
4387
|
-
|
|
4388
|
-
|
|
4389
|
-
|
|
4390
|
-
|
|
4391
|
-
|
|
4392
|
-
|
|
4393
|
-
|
|
4394
|
-
|
|
4395
|
-
|
|
4396
|
-
|
|
4397
|
-
|
|
4398
|
-
|
|
4399
|
-
|
|
4400
|
-
|
|
4401
|
-
|
|
4402
|
-
|
|
4403
|
-
|
|
4404
|
-
|
|
4405
|
-
|
|
4406
|
-
|
|
4407
|
-
|
|
4408
|
-
|
|
4409
|
-
|
|
4410
|
-
logger15.debug(`Credential request error:\r
|
|
3348
|
+
const proofBuilder = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
3349
|
+
accessTokenResponse: this.accessTokenResponse,
|
|
3350
|
+
callbacks: proofCallbacks,
|
|
3351
|
+
version: this.version()
|
|
3352
|
+
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
3353
|
+
if (this._state.jwk) {
|
|
3354
|
+
proofBuilder.withJWK(this._state.jwk);
|
|
3355
|
+
}
|
|
3356
|
+
if (this._state.kid) {
|
|
3357
|
+
proofBuilder.withKid(this._state.kid);
|
|
3358
|
+
}
|
|
3359
|
+
if (this.clientId) {
|
|
3360
|
+
proofBuilder.withClientId(this.clientId);
|
|
3361
|
+
}
|
|
3362
|
+
if (jti) {
|
|
3363
|
+
proofBuilder.withJti(jti);
|
|
3364
|
+
}
|
|
3365
|
+
const response = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
3366
|
+
proofInput: proofBuilder,
|
|
3367
|
+
credentialTypes,
|
|
3368
|
+
context,
|
|
3369
|
+
format,
|
|
3370
|
+
subjectIssuance,
|
|
3371
|
+
createDPoPOpts
|
|
3372
|
+
});
|
|
3373
|
+
this._state.dpopResponseParams = response.params;
|
|
3374
|
+
if (response.errorBody) {
|
|
3375
|
+
logger12.debug(`Credential request error:\r
|
|
4411
3376
|
${JSON.stringify(response.errorBody)}`);
|
|
4412
|
-
|
|
4413
|
-
|
|
4414
|
-
|
|
4415
|
-
|
|
4416
|
-
}
|
|
4417
|
-
return {
|
|
4418
|
-
...response.successBody,
|
|
4419
|
-
...this.dpopResponseParams && {
|
|
4420
|
-
params: this.dpopResponseParams
|
|
4421
|
-
},
|
|
4422
|
-
access_token: response.access_token
|
|
4423
|
-
};
|
|
4424
|
-
} catch (e) {
|
|
4425
|
-
if (!this.shouldRetryWithFreshNonce(e)) {
|
|
4426
|
-
return Promise.reject(e instanceof Error ? e : Error(String(e)));
|
|
4427
|
-
}
|
|
4428
|
-
this._state.cachedCNonce = void 0;
|
|
4429
|
-
try {
|
|
4430
|
-
await this.acquireNonceViaV15Delegate();
|
|
4431
|
-
} catch (e2) {
|
|
4432
|
-
return Promise.reject(Error(`retry nonce fetch failed: ${String(e2)}`));
|
|
4433
|
-
}
|
|
4434
|
-
const proofBuilder2 = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
4435
|
-
accessTokenResponse: this.accessTokenResponse,
|
|
4436
|
-
callbacks: proofCallbacks,
|
|
4437
|
-
version: this.version()
|
|
4438
|
-
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
4439
|
-
if (this._state.jwk) {
|
|
4440
|
-
proofBuilder2.withJWK(this._state.jwk);
|
|
4441
|
-
}
|
|
4442
|
-
if (this._state.kid) {
|
|
4443
|
-
proofBuilder2.withKid(this._state.kid);
|
|
4444
|
-
}
|
|
4445
|
-
if (this.clientId) {
|
|
4446
|
-
proofBuilder2.withClientId(this.clientId);
|
|
4447
|
-
}
|
|
4448
|
-
if (jti) {
|
|
4449
|
-
proofBuilder2.withJti(jti);
|
|
4450
|
-
}
|
|
4451
|
-
const response2 = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
4452
|
-
proofInput: proofBuilder2,
|
|
4453
|
-
credentialTypes,
|
|
4454
|
-
context,
|
|
4455
|
-
format,
|
|
4456
|
-
subjectIssuance,
|
|
4457
|
-
createDPoPOpts
|
|
4458
|
-
});
|
|
4459
|
-
this._state.dpopResponseParams = response2.params;
|
|
4460
|
-
if (response2.errorBody) {
|
|
4461
|
-
logger15.debug(`Credential request error (after retry):\r
|
|
4462
|
-
${JSON.stringify(response2.errorBody)}`);
|
|
4463
|
-
return Promise.reject(Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed after retry with status: ${response2.origResponse.status}`));
|
|
4464
|
-
} else if (!response2.successBody) {
|
|
4465
|
-
logger15.debug(`Credential request error after retry. No success body`);
|
|
4466
|
-
return Promise.reject(Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed after retry as there was no success response body`));
|
|
4467
|
-
}
|
|
4468
|
-
return {
|
|
4469
|
-
...response2.successBody,
|
|
4470
|
-
...this.dpopResponseParams && {
|
|
4471
|
-
params: this.dpopResponseParams
|
|
4472
|
-
},
|
|
4473
|
-
access_token: response2.access_token
|
|
4474
|
-
};
|
|
3377
|
+
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3378
|
+
} else if (!response.successBody) {
|
|
3379
|
+
logger12.debug(`Credential request error. No success body`);
|
|
3380
|
+
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4475
3381
|
}
|
|
3382
|
+
return {
|
|
3383
|
+
...response.successBody,
|
|
3384
|
+
...this.dpopResponseParams && {
|
|
3385
|
+
params: this.dpopResponseParams
|
|
3386
|
+
},
|
|
3387
|
+
access_token: response.access_token
|
|
3388
|
+
};
|
|
4476
3389
|
}
|
|
4477
3390
|
async exportState() {
|
|
4478
3391
|
return JSON.stringify(this._state);
|
|
4479
3392
|
}
|
|
4480
3393
|
getCredentialsSupported(restrictToInitiationTypes, format) {
|
|
4481
|
-
return (0,
|
|
3394
|
+
return (0, import_oid4vci_common23.getSupportedCredentials)({
|
|
4482
3395
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
4483
3396
|
version: this.version(),
|
|
4484
3397
|
format,
|
|
@@ -4491,7 +3404,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4491
3404
|
getCredentialOfferTypes() {
|
|
4492
3405
|
if (!this.credentialOffer) {
|
|
4493
3406
|
return [];
|
|
4494
|
-
} else if (this.version() <
|
|
3407
|
+
} else if (this.version() < import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_11) {
|
|
4495
3408
|
const orig = this.credentialOffer.original_credential_offer;
|
|
4496
3409
|
const types = typeof orig.credential_type === "string" ? [
|
|
4497
3410
|
orig.credential_type
|
|
@@ -4499,14 +3412,14 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4499
3412
|
const result = [];
|
|
4500
3413
|
result[0] = types;
|
|
4501
3414
|
return result;
|
|
4502
|
-
} else if (this.version() <
|
|
4503
|
-
return this.credentialOffer.credential_offer.credentials.map((c) => (0,
|
|
3415
|
+
} else if (this.version() < import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13) {
|
|
3416
|
+
return this.credentialOffer.credential_offer.credentials.map((c) => (0, import_oid4vci_common23.getTypesFromObject)(c) ?? []);
|
|
4504
3417
|
}
|
|
4505
3418
|
return void 0;
|
|
4506
3419
|
}
|
|
4507
3420
|
issuerSupportedFlowTypes() {
|
|
4508
3421
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ?? this._state.endpointMetadata?.authorization_server ? [
|
|
4509
|
-
|
|
3422
|
+
import_oid4vci_common23.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
4510
3423
|
] : []);
|
|
4511
3424
|
}
|
|
4512
3425
|
isFlowTypeSupported(flowType) {
|
|
@@ -4522,17 +3435,17 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4522
3435
|
return this._state.credentialOffer;
|
|
4523
3436
|
}
|
|
4524
3437
|
version() {
|
|
4525
|
-
if (this.credentialOffer?.version && this.credentialOffer.version !==
|
|
3438
|
+
if (this.credentialOffer?.version && this.credentialOffer.version !== import_oid4vci_common23.OpenId4VCIVersion.VER_UNKNOWN) {
|
|
4526
3439
|
return this.credentialOffer.version;
|
|
4527
3440
|
}
|
|
4528
3441
|
const metadata = this._state.endpointMetadata;
|
|
4529
3442
|
if (metadata?.credentialIssuerMetadata) {
|
|
4530
|
-
const versions = (0,
|
|
4531
|
-
if (versions.length > 0 && !versions.includes(
|
|
3443
|
+
const versions = (0, import_oid4vci_common23.determineVersionsFromIssuerMetadata)(metadata.credentialIssuerMetadata);
|
|
3444
|
+
if (versions.length > 0 && !versions.includes(import_oid4vci_common23.OpenId4VCIVersion.VER_UNKNOWN)) {
|
|
4532
3445
|
return versions[0];
|
|
4533
3446
|
}
|
|
4534
3447
|
}
|
|
4535
|
-
return
|
|
3448
|
+
return import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13;
|
|
4536
3449
|
}
|
|
4537
3450
|
get endpointMetadata() {
|
|
4538
3451
|
this.assertServerMetadata();
|
|
@@ -4577,7 +3490,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4577
3490
|
if (this.endpointMetadata) {
|
|
4578
3491
|
return this.endpointMetadata.token_endpoint;
|
|
4579
3492
|
}
|
|
4580
|
-
return this.version() <=
|
|
3493
|
+
return this.version() <= import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_12 ? AccessTokenClientV1_0_11.determineTokenURL({
|
|
4581
3494
|
issuerOpts: {
|
|
4582
3495
|
issuer: this.getIssuer()
|
|
4583
3496
|
}
|
|
@@ -4649,7 +3562,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4649
3562
|
};
|
|
4650
3563
|
if (!authorizationRequestOpts) {
|
|
4651
3564
|
authorizationRequestOpts = {
|
|
4652
|
-
redirectUri: `${
|
|
3565
|
+
redirectUri: `${import_oid4vci_common23.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
4653
3566
|
};
|
|
4654
3567
|
}
|
|
4655
3568
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -4660,7 +3573,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4660
3573
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
4661
3574
|
if (authorizationResponse) {
|
|
4662
3575
|
this._state.authorizationCodeResponse = {
|
|
4663
|
-
...(0,
|
|
3576
|
+
...(0, import_oid4vci_common23.toAuthorizationResponsePayload)(authorizationResponse)
|
|
4664
3577
|
};
|
|
4665
3578
|
} else if (code) {
|
|
4666
3579
|
this._state.authorizationCodeResponse = {
|
|
@@ -4669,68 +3582,19 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4669
3582
|
}
|
|
4670
3583
|
return this._state.authorizationCodeResponse?.code ?? this._state.authorizationCodeResponse?.authorization_code;
|
|
4671
3584
|
}, "getAuthorizationCode");
|
|
4672
|
-
hasNonceEndpoint() {
|
|
4673
|
-
const as = this._state.endpointMetadata?.authorizationServerMetadata;
|
|
4674
|
-
if (!as) {
|
|
4675
|
-
return false;
|
|
4676
|
-
}
|
|
4677
|
-
const endpoint = as.nonce_endpoint;
|
|
4678
|
-
return typeof endpoint === "string" && endpoint.length > 0;
|
|
4679
|
-
}
|
|
4680
|
-
async acquireNonceViaV15Delegate() {
|
|
4681
|
-
let v15;
|
|
4682
|
-
try {
|
|
4683
|
-
v15 = await OpenID4VCIClientV1_0_15.fromState({
|
|
4684
|
-
state: JSON.stringify(this._state)
|
|
4685
|
-
});
|
|
4686
|
-
} catch (e) {
|
|
4687
|
-
return Promise.reject(Error(`failed to init v15 delegate for nonce: ${String(e)}`));
|
|
4688
|
-
}
|
|
4689
|
-
try {
|
|
4690
|
-
await v15.acquireNonce();
|
|
4691
|
-
} catch (e) {
|
|
4692
|
-
return Promise.reject(Error(`nonce request failed: ${String(e)}`));
|
|
4693
|
-
}
|
|
4694
|
-
this._state.cachedCNonce = v15.state.cachedCNonce;
|
|
4695
|
-
}
|
|
4696
|
-
shouldRetryWithFreshNonce(err) {
|
|
4697
|
-
if (!this.hasNonceEndpoint() && this.version() !== import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15) {
|
|
4698
|
-
return false;
|
|
4699
|
-
}
|
|
4700
|
-
const status = err?.response?.status ?? err?.status;
|
|
4701
|
-
const body = err?.response?.data ?? err?.data ?? void 0;
|
|
4702
|
-
const error = typeof body?.error === "string" ? body.error : void 0;
|
|
4703
|
-
const desc = typeof body?.error_description === "string" ? body.error_description : void 0;
|
|
4704
|
-
const text = [
|
|
4705
|
-
error,
|
|
4706
|
-
desc
|
|
4707
|
-
].filter(Boolean).join(" ").toLowerCase();
|
|
4708
|
-
if (status === 400 || status === 401 || status === 403) {
|
|
4709
|
-
if (text.includes("nonce") || text.includes("c_nonce")) {
|
|
4710
|
-
return true;
|
|
4711
|
-
}
|
|
4712
|
-
if (text.includes("proof") && (text.includes("invalid") || text.includes("expired"))) {
|
|
4713
|
-
return true;
|
|
4714
|
-
}
|
|
4715
|
-
if (error === "invalid_proof" || error === "invalid_request") {
|
|
4716
|
-
return true;
|
|
4717
|
-
}
|
|
4718
|
-
}
|
|
4719
|
-
return false;
|
|
4720
|
-
}
|
|
4721
3585
|
};
|
|
4722
3586
|
|
|
4723
3587
|
// lib/OpenID4VCIClientV1_0_13.ts
|
|
4724
|
-
var
|
|
4725
|
-
var
|
|
4726
|
-
var
|
|
3588
|
+
var import_oid4vci_common24 = require("@sphereon/oid4vci-common");
|
|
3589
|
+
var import_ssi_types15 = require("@sphereon/ssi-types");
|
|
3590
|
+
var logger13 = import_ssi_types15.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
4727
3591
|
var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
4728
3592
|
static {
|
|
4729
3593
|
__name(this, "OpenID4VCIClientV1_0_13");
|
|
4730
3594
|
}
|
|
4731
3595
|
_state;
|
|
4732
3596
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, accessToken, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
4733
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
3597
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common24.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
4734
3598
|
if (!issuer) {
|
|
4735
3599
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
4736
3600
|
}
|
|
@@ -4740,10 +3604,10 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4740
3604
|
kid,
|
|
4741
3605
|
alg,
|
|
4742
3606
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
4743
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
3607
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common24.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
4744
3608
|
pkce: {
|
|
4745
3609
|
disabled: false,
|
|
4746
|
-
codeChallengeMethod:
|
|
3610
|
+
codeChallengeMethod: import_oid4vci_common24.CodeChallengeMethod.S256,
|
|
4747
3611
|
...pkce
|
|
4748
3612
|
},
|
|
4749
3613
|
authorizationRequestOpts,
|
|
@@ -4757,7 +3621,7 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4757
3621
|
if (!this._state.authorizationRequestOpts) {
|
|
4758
3622
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
4759
3623
|
}
|
|
4760
|
-
|
|
3624
|
+
logger13.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
4761
3625
|
}
|
|
4762
3626
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
4763
3627
|
const client = new _OpenID4VCIClientV1_0_13({
|
|
@@ -4798,12 +3662,12 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4798
3662
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
4799
3663
|
await client.retrieveServerMetadata();
|
|
4800
3664
|
}
|
|
4801
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
3665
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common24.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
4802
3666
|
await client.createAuthorizationRequestUrl({
|
|
4803
3667
|
authorizationRequest,
|
|
4804
3668
|
pkce
|
|
4805
3669
|
});
|
|
4806
|
-
|
|
3670
|
+
logger13.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
4807
3671
|
}
|
|
4808
3672
|
return client;
|
|
4809
3673
|
}
|
|
@@ -4861,12 +3725,12 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4861
3725
|
...opts
|
|
4862
3726
|
});
|
|
4863
3727
|
if (response.errorBody) {
|
|
4864
|
-
|
|
3728
|
+
logger13.debug(`Authorization code error:\r
|
|
4865
3729
|
${JSON.stringify(response.errorBody)}`);
|
|
4866
3730
|
const error = response.errorBody;
|
|
4867
3731
|
return Promise.reject(error);
|
|
4868
3732
|
} else if (!response.successBody) {
|
|
4869
|
-
|
|
3733
|
+
logger13.debug(`Authorization code error. No success body`);
|
|
4870
3734
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
4871
3735
|
}
|
|
4872
3736
|
return {
|
|
@@ -4938,11 +3802,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4938
3802
|
}
|
|
4939
3803
|
});
|
|
4940
3804
|
if (response.errorBody) {
|
|
4941
|
-
|
|
3805
|
+
logger13.debug(`Access token error:\r
|
|
4942
3806
|
${JSON.stringify(response.errorBody)}`);
|
|
4943
3807
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4944
3808
|
} else if (!response.successBody) {
|
|
4945
|
-
|
|
3809
|
+
logger13.debug(`Access token error. No success body`);
|
|
4946
3810
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4947
3811
|
}
|
|
4948
3812
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -4967,7 +3831,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4967
3831
|
jwk,
|
|
4968
3832
|
kid
|
|
4969
3833
|
].filter((v) => v !== void 0).length > 1) {
|
|
4970
|
-
throw new Error(
|
|
3834
|
+
throw new Error(import_oid4vci_common24.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
4971
3835
|
}
|
|
4972
3836
|
if (alg) this._state.alg = alg;
|
|
4973
3837
|
if (jwk) this._state.jwk = jwk;
|
|
@@ -4981,7 +3845,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4981
3845
|
metadata: this.endpointMetadata,
|
|
4982
3846
|
version: this.version()
|
|
4983
3847
|
});
|
|
4984
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(
|
|
3848
|
+
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common24.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this.accessTokenResponse?.c_nonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
4985
3849
|
requestBuilder.withIssuerState(issuerState);
|
|
4986
3850
|
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
4987
3851
|
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
@@ -5004,7 +3868,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5004
3868
|
} else if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
5005
3869
|
let typeSupported = false;
|
|
5006
3870
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
5007
|
-
const subTypes = (0,
|
|
3871
|
+
const subTypes = (0, import_oid4vci_common24.getTypesFromCredentialSupported)(supportedCredential);
|
|
5008
3872
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
5009
3873
|
typeSupported = true;
|
|
5010
3874
|
if (supportedCredential.credential_subject_issuance) {
|
|
@@ -5020,7 +3884,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5020
3884
|
} else if (metadata.credential_configurations_supported && typeof metadata.credential_configurations_supported === "object") {
|
|
5021
3885
|
let typeSupported = false;
|
|
5022
3886
|
Object.values(metadata.credential_configurations_supported).forEach((supportedCredential) => {
|
|
5023
|
-
const subTypes = (0,
|
|
3887
|
+
const subTypes = (0, import_oid4vci_common24.getTypesFromCredentialSupported)(supportedCredential);
|
|
5024
3888
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
5025
3889
|
typeSupported = true;
|
|
5026
3890
|
}
|
|
@@ -5070,17 +3934,14 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5070
3934
|
credentialIdentifier,
|
|
5071
3935
|
subjectIssuance
|
|
5072
3936
|
});
|
|
5073
|
-
|
|
5074
|
-
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
5075
|
-
}
|
|
5076
|
-
const response = await credentialRequestClient.acquireCredentialsUsingRequest(request, format, createDPoPOpts);
|
|
3937
|
+
const response = await credentialRequestClient.acquireCredentialsUsingRequest(request, createDPoPOpts);
|
|
5077
3938
|
this._state.dpopResponseParams = response.params;
|
|
5078
3939
|
if (response.errorBody) {
|
|
5079
|
-
|
|
3940
|
+
logger13.debug(`Credential request error:\r
|
|
5080
3941
|
${JSON.stringify(response.errorBody)}`);
|
|
5081
3942
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
5082
3943
|
} else if (!response.successBody) {
|
|
5083
|
-
|
|
3944
|
+
logger13.debug(`Credential request error. No success body`);
|
|
5084
3945
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
5085
3946
|
}
|
|
5086
3947
|
return {
|
|
@@ -5095,7 +3956,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5095
3956
|
return JSON.stringify(this._state);
|
|
5096
3957
|
}
|
|
5097
3958
|
getCredentialsSupported(format) {
|
|
5098
|
-
return (0,
|
|
3959
|
+
return (0, import_oid4vci_common24.getSupportedCredentials)({
|
|
5099
3960
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
5100
3961
|
version: this.version(),
|
|
5101
3962
|
format,
|
|
@@ -5130,7 +3991,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5130
3991
|
}*/
|
|
5131
3992
|
issuerSupportedFlowTypes() {
|
|
5132
3993
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ? [
|
|
5133
|
-
|
|
3994
|
+
import_oid4vci_common24.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
5134
3995
|
] : []);
|
|
5135
3996
|
}
|
|
5136
3997
|
isFlowTypeSupported(flowType) {
|
|
@@ -5146,7 +4007,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5146
4007
|
return this._state.credentialOffer;
|
|
5147
4008
|
}
|
|
5148
4009
|
version() {
|
|
5149
|
-
return this.credentialOffer?.version ??
|
|
4010
|
+
return this.credentialOffer?.version ?? import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_13;
|
|
5150
4011
|
}
|
|
5151
4012
|
get endpointMetadata() {
|
|
5152
4013
|
this.assertServerMetadata();
|
|
@@ -5249,7 +4110,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5249
4110
|
};
|
|
5250
4111
|
if (!authorizationRequestOpts) {
|
|
5251
4112
|
authorizationRequestOpts = {
|
|
5252
|
-
redirectUri: `${
|
|
4113
|
+
redirectUri: `${import_oid4vci_common24.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
5253
4114
|
};
|
|
5254
4115
|
}
|
|
5255
4116
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -5260,7 +4121,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5260
4121
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
5261
4122
|
if (authorizationResponse) {
|
|
5262
4123
|
this._state.authorizationCodeResponse = {
|
|
5263
|
-
...(0,
|
|
4124
|
+
...(0, import_oid4vci_common24.toAuthorizationResponsePayload)(authorizationResponse)
|
|
5264
4125
|
};
|
|
5265
4126
|
} else if (code) {
|
|
5266
4127
|
this._state.authorizationCodeResponse = {
|
|
@@ -5272,16 +4133,16 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5272
4133
|
};
|
|
5273
4134
|
|
|
5274
4135
|
// lib/OpenID4VCIClientV1_0_11.ts
|
|
5275
|
-
var
|
|
5276
|
-
var
|
|
5277
|
-
var
|
|
4136
|
+
var import_oid4vci_common25 = require("@sphereon/oid4vci-common");
|
|
4137
|
+
var import_ssi_types16 = require("@sphereon/ssi-types");
|
|
4138
|
+
var logger14 = import_ssi_types16.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
5278
4139
|
var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
5279
4140
|
static {
|
|
5280
4141
|
__name(this, "OpenID4VCIClientV1_0_11");
|
|
5281
4142
|
}
|
|
5282
4143
|
_state;
|
|
5283
4144
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
5284
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
4145
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common25.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
5285
4146
|
if (!issuer) {
|
|
5286
4147
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
5287
4148
|
}
|
|
@@ -5291,10 +4152,10 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5291
4152
|
kid,
|
|
5292
4153
|
alg,
|
|
5293
4154
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
5294
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
4155
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common25.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
5295
4156
|
pkce: {
|
|
5296
4157
|
disabled: false,
|
|
5297
|
-
codeChallengeMethod:
|
|
4158
|
+
codeChallengeMethod: import_oid4vci_common25.CodeChallengeMethod.S256,
|
|
5298
4159
|
...pkce
|
|
5299
4160
|
},
|
|
5300
4161
|
authorizationRequestOpts,
|
|
@@ -5307,7 +4168,7 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5307
4168
|
if (!this._state.authorizationRequestOpts) {
|
|
5308
4169
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
5309
4170
|
}
|
|
5310
|
-
|
|
4171
|
+
logger14.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
5311
4172
|
}
|
|
5312
4173
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
5313
4174
|
const client = new _OpenID4VCIClientV1_0_11({
|
|
@@ -5348,12 +4209,12 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5348
4209
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
5349
4210
|
await client.retrieveServerMetadata();
|
|
5350
4211
|
}
|
|
5351
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
4212
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common25.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
5352
4213
|
await client.createAuthorizationRequestUrl({
|
|
5353
4214
|
authorizationRequest,
|
|
5354
4215
|
pkce
|
|
5355
4216
|
});
|
|
5356
|
-
|
|
4217
|
+
logger14.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
5357
4218
|
}
|
|
5358
4219
|
return client;
|
|
5359
4220
|
}
|
|
@@ -5410,12 +4271,12 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5410
4271
|
...opts
|
|
5411
4272
|
});
|
|
5412
4273
|
if (response.errorBody) {
|
|
5413
|
-
|
|
4274
|
+
logger14.debug(`Authorization code error:\r
|
|
5414
4275
|
${JSON.stringify(response.errorBody)}`);
|
|
5415
4276
|
const error = response.errorBody;
|
|
5416
4277
|
return Promise.reject(error);
|
|
5417
4278
|
} else if (!response.successBody) {
|
|
5418
|
-
|
|
4279
|
+
logger14.debug(`Authorization code error. No success body`);
|
|
5419
4280
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
5420
4281
|
}
|
|
5421
4282
|
return {
|
|
@@ -5487,11 +4348,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5487
4348
|
}
|
|
5488
4349
|
});
|
|
5489
4350
|
if (response.errorBody) {
|
|
5490
|
-
|
|
4351
|
+
logger14.debug(`Access token error:\r
|
|
5491
4352
|
${JSON.stringify(response.errorBody)}`);
|
|
5492
4353
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
5493
4354
|
} else if (!response.successBody) {
|
|
5494
|
-
|
|
4355
|
+
logger14.debug(`Access token error. No success body`);
|
|
5495
4356
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
5496
4357
|
}
|
|
5497
4358
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -5510,7 +4371,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5510
4371
|
jwk,
|
|
5511
4372
|
kid
|
|
5512
4373
|
].filter((v) => v !== void 0).length > 1) {
|
|
5513
|
-
throw new Error(
|
|
4374
|
+
throw new Error(import_oid4vci_common25.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
5514
4375
|
}
|
|
5515
4376
|
if (alg) this._state.alg = alg;
|
|
5516
4377
|
if (jwk) this._state.jwk = jwk;
|
|
@@ -5534,7 +4395,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5534
4395
|
if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
5535
4396
|
let typeSupported = false;
|
|
5536
4397
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
5537
|
-
const subTypes = (0,
|
|
4398
|
+
const subTypes = (0, import_oid4vci_common25.getTypesFromCredentialSupported)(supportedCredential);
|
|
5538
4399
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
5539
4400
|
typeSupported = true;
|
|
5540
4401
|
}
|
|
@@ -5576,11 +4437,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5576
4437
|
});
|
|
5577
4438
|
this._state.dpopResponseParams = response.params;
|
|
5578
4439
|
if (response.errorBody) {
|
|
5579
|
-
|
|
4440
|
+
logger14.debug(`Credential request error:\r
|
|
5580
4441
|
${JSON.stringify(response.errorBody)}`);
|
|
5581
4442
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
5582
4443
|
} else if (!response.successBody) {
|
|
5583
|
-
|
|
4444
|
+
logger14.debug(`Credential request error. No success body`);
|
|
5584
4445
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
5585
4446
|
}
|
|
5586
4447
|
return {
|
|
@@ -5598,7 +4459,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5598
4459
|
// When < v11 convert into a v12 object. When v12 object retain it.
|
|
5599
4460
|
// Then match the object array on server metadata
|
|
5600
4461
|
getCredentialsSupportedV11(restrictToInitiationTypes, format) {
|
|
5601
|
-
return (0,
|
|
4462
|
+
return (0, import_oid4vci_common25.getSupportedCredentials)({
|
|
5602
4463
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
5603
4464
|
version: this.version(),
|
|
5604
4465
|
format,
|
|
@@ -5606,7 +4467,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5606
4467
|
});
|
|
5607
4468
|
}
|
|
5608
4469
|
getCredentialsSupported(format) {
|
|
5609
|
-
return (0,
|
|
4470
|
+
return (0, import_oid4vci_common25.getSupportedCredentials)({
|
|
5610
4471
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
5611
4472
|
version: this.version(),
|
|
5612
4473
|
format,
|
|
@@ -5616,7 +4477,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5616
4477
|
getCredentialOfferTypes() {
|
|
5617
4478
|
if (!this.credentialOffer) {
|
|
5618
4479
|
return [];
|
|
5619
|
-
} else if (this.credentialOffer.version <
|
|
4480
|
+
} else if (this.credentialOffer.version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_11) {
|
|
5620
4481
|
const orig = this.credentialOffer.original_credential_offer;
|
|
5621
4482
|
const types = typeof orig.credential_type === "string" ? [
|
|
5622
4483
|
orig.credential_type
|
|
@@ -5624,14 +4485,14 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5624
4485
|
const result = [];
|
|
5625
4486
|
result[0] = types;
|
|
5626
4487
|
return result;
|
|
5627
|
-
} else if (this.credentialOffer.version <
|
|
5628
|
-
return this.credentialOffer.credential_offer.credentials.map((c) => (0,
|
|
4488
|
+
} else if (this.credentialOffer.version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
4489
|
+
return this.credentialOffer.credential_offer.credentials.map((c) => (0, import_oid4vci_common25.getTypesFromObject)(c) ?? []);
|
|
5629
4490
|
}
|
|
5630
4491
|
throw Error(`This class only supports version 11 and lower! Version: ${this.version()}`);
|
|
5631
4492
|
}
|
|
5632
4493
|
issuerSupportedFlowTypes() {
|
|
5633
4494
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ? [
|
|
5634
|
-
|
|
4495
|
+
import_oid4vci_common25.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
5635
4496
|
] : []);
|
|
5636
4497
|
}
|
|
5637
4498
|
isFlowTypeSupported(flowType) {
|
|
@@ -5647,7 +4508,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5647
4508
|
return this._state.credentialOffer;
|
|
5648
4509
|
}
|
|
5649
4510
|
version() {
|
|
5650
|
-
return this.credentialOffer?.version ??
|
|
4511
|
+
return this.credentialOffer?.version ?? import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_11;
|
|
5651
4512
|
}
|
|
5652
4513
|
get endpointMetadata() {
|
|
5653
4514
|
this.assertServerMetadata();
|
|
@@ -5743,7 +4604,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5743
4604
|
};
|
|
5744
4605
|
if (!authorizationRequestOpts) {
|
|
5745
4606
|
authorizationRequestOpts = {
|
|
5746
|
-
redirectUri: `${
|
|
4607
|
+
redirectUri: `${import_oid4vci_common25.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
5747
4608
|
};
|
|
5748
4609
|
}
|
|
5749
4610
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -5754,7 +4615,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5754
4615
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
5755
4616
|
if (authorizationResponse) {
|
|
5756
4617
|
this._state.authorizationCodeResponse = {
|
|
5757
|
-
...(0,
|
|
4618
|
+
...(0, import_oid4vci_common25.toAuthorizationResponsePayload)(authorizationResponse)
|
|
5758
4619
|
};
|
|
5759
4620
|
} else if (code) {
|
|
5760
4621
|
this._state.authorizationCodeResponse = {
|
|
@@ -5766,5 +4627,5 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5766
4627
|
};
|
|
5767
4628
|
|
|
5768
4629
|
// lib/index.ts
|
|
5769
|
-
var LOG2 =
|
|
4630
|
+
var LOG2 = import_oid4vci_common26.VCI_LOGGERS.get("sphereon:oid4vci:client");
|
|
5770
4631
|
//# sourceMappingURL=index.cjs.map
|