@sphereon/oid4vci-client 0.19.1-feature.SSISDK.26.28 → 0.19.1-fix.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +469 -1609
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +27 -243
- package/dist/index.d.ts +27 -243
- package/dist/index.js +397 -1537
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
package/dist/index.cjs
CHANGED
|
@@ -26,22 +26,18 @@ __export(index_exports, {
|
|
|
26
26
|
CredentialOfferClient: () => CredentialOfferClient,
|
|
27
27
|
CredentialOfferClientV1_0_11: () => CredentialOfferClientV1_0_11,
|
|
28
28
|
CredentialOfferClientV1_0_13: () => CredentialOfferClientV1_0_13,
|
|
29
|
-
CredentialOfferClientV1_0_15: () => CredentialOfferClientV1_0_15,
|
|
30
29
|
CredentialRequestClient: () => CredentialRequestClient,
|
|
31
30
|
CredentialRequestClientBuilder: () => CredentialRequestClientBuilder,
|
|
32
31
|
CredentialRequestClientBuilderV1_0_11: () => CredentialRequestClientBuilderV1_0_11,
|
|
33
32
|
CredentialRequestClientBuilderV1_0_13: () => CredentialRequestClientBuilderV1_0_13,
|
|
34
|
-
CredentialRequestClientBuilderV1_0_15: () => CredentialRequestClientBuilderV1_0_15,
|
|
35
33
|
CredentialRequestClientV1_0_11: () => CredentialRequestClientV1_0_11,
|
|
36
34
|
LOG: () => LOG2,
|
|
37
35
|
MetadataClient: () => MetadataClient,
|
|
38
36
|
MetadataClientV1_0_11: () => MetadataClientV1_0_11,
|
|
39
37
|
MetadataClientV1_0_13: () => MetadataClientV1_0_13,
|
|
40
|
-
MetadataClientV1_0_15: () => MetadataClientV1_0_15,
|
|
41
38
|
OpenID4VCIClient: () => OpenID4VCIClient,
|
|
42
39
|
OpenID4VCIClientV1_0_11: () => OpenID4VCIClientV1_0_11,
|
|
43
40
|
OpenID4VCIClientV1_0_13: () => OpenID4VCIClientV1_0_13,
|
|
44
|
-
OpenID4VCIClientV1_0_15: () => OpenID4VCIClientV1_0_15,
|
|
45
41
|
ProofOfPossessionBuilder: () => ProofOfPossessionBuilder,
|
|
46
42
|
acquireAuthorizationChallengeAuthCode: () => acquireAuthorizationChallengeAuthCode,
|
|
47
43
|
acquireAuthorizationChallengeAuthCodeUsingRequest: () => acquireAuthorizationChallengeAuthCodeUsingRequest,
|
|
@@ -60,7 +56,7 @@ __export(index_exports, {
|
|
|
60
56
|
sendNotification: () => sendNotification
|
|
61
57
|
});
|
|
62
58
|
module.exports = __toCommonJS(index_exports);
|
|
63
|
-
var
|
|
59
|
+
var import_oid4vci_common26 = require("@sphereon/oid4vci-common");
|
|
64
60
|
|
|
65
61
|
// lib/AccessTokenClient.ts
|
|
66
62
|
var import_oid4vc_common3 = require("@sphereon/oid4vc-common");
|
|
@@ -1064,13 +1060,13 @@ var AccessTokenClientV1_0_11 = class _AccessTokenClientV1_0_11 {
|
|
|
1064
1060
|
};
|
|
1065
1061
|
|
|
1066
1062
|
// lib/AuthorizationCodeClient.ts
|
|
1067
|
-
var import_oid4vci_common14 = require("@sphereon/oid4vci-common");
|
|
1068
|
-
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1069
|
-
|
|
1070
|
-
// lib/MetadataClient.ts
|
|
1071
1063
|
var import_oid4vci_common13 = require("@sphereon/oid4vci-common");
|
|
1072
1064
|
var import_ssi_types8 = require("@sphereon/ssi-types");
|
|
1073
1065
|
|
|
1066
|
+
// lib/MetadataClient.ts
|
|
1067
|
+
var import_oid4vci_common12 = require("@sphereon/oid4vci-common");
|
|
1068
|
+
var import_ssi_types7 = require("@sphereon/ssi-types");
|
|
1069
|
+
|
|
1074
1070
|
// lib/MetadataClientV1_0_11.ts
|
|
1075
1071
|
var import_oid4vci_common11 = require("@sphereon/oid4vci-common");
|
|
1076
1072
|
var import_ssi_types6 = require("@sphereon/ssi-types");
|
|
@@ -1232,183 +1228,8 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1232
1228
|
}
|
|
1233
1229
|
};
|
|
1234
1230
|
|
|
1235
|
-
// lib/MetadataClientV1_0_15.ts
|
|
1236
|
-
var import_oid4vci_common12 = require("@sphereon/oid4vci-common");
|
|
1237
|
-
var import_ssi_types7 = require("@sphereon/ssi-types");
|
|
1238
|
-
var logger5 = import_ssi_types7.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1239
|
-
var MetadataClientV1_0_15 = class _MetadataClientV1_0_15 {
|
|
1240
|
-
static {
|
|
1241
|
-
__name(this, "MetadataClientV1_0_15");
|
|
1242
|
-
}
|
|
1243
|
-
/**
|
|
1244
|
-
* Retrieve metadata using the Initiation obtained from a previous step
|
|
1245
|
-
*
|
|
1246
|
-
* @param credentialOffer
|
|
1247
|
-
*/
|
|
1248
|
-
static async retrieveAllMetadataFromCredentialOffer(credentialOffer) {
|
|
1249
|
-
return _MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOfferRequest(credentialOffer.credential_offer);
|
|
1250
|
-
}
|
|
1251
|
-
/**
|
|
1252
|
-
* Retrieve the metada using the initiation request obtained from a previous step
|
|
1253
|
-
* @param request
|
|
1254
|
-
*/
|
|
1255
|
-
static async retrieveAllMetadataFromCredentialOfferRequest(request) {
|
|
1256
|
-
const issuer = (0, import_oid4vci_common12.getIssuerFromCredentialOfferPayload)(request);
|
|
1257
|
-
if (issuer) {
|
|
1258
|
-
return _MetadataClientV1_0_15.retrieveAllMetadata(issuer);
|
|
1259
|
-
}
|
|
1260
|
-
throw new Error("can't retrieve metadata from CredentialOfferRequest. No issuer field is present");
|
|
1261
|
-
}
|
|
1262
|
-
/**
|
|
1263
|
-
* Retrieve all metadata from an issuer
|
|
1264
|
-
* @param issuer The issuer URL
|
|
1265
|
-
* @param opts
|
|
1266
|
-
*/
|
|
1267
|
-
static async retrieveAllMetadata(issuer, opts) {
|
|
1268
|
-
let token_endpoint;
|
|
1269
|
-
let credential_endpoint;
|
|
1270
|
-
let nonce_endpoint;
|
|
1271
|
-
let deferred_credential_endpoint;
|
|
1272
|
-
let authorization_endpoint;
|
|
1273
|
-
let authorization_challenge_endpoint;
|
|
1274
|
-
let authorizationServerType = "OID4VCI";
|
|
1275
|
-
let authorization_servers = [
|
|
1276
|
-
issuer
|
|
1277
|
-
];
|
|
1278
|
-
const oid4vciResponse = await _MetadataClientV1_0_15.retrieveOpenID4VCIServerMetadata(issuer, {
|
|
1279
|
-
errorOnNotFound: false
|
|
1280
|
-
});
|
|
1281
|
-
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1282
|
-
if (credentialIssuerMetadata) {
|
|
1283
|
-
logger5.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1284
|
-
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1285
|
-
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1286
|
-
nonce_endpoint = credentialIssuerMetadata.nonce_endpoint;
|
|
1287
|
-
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint;
|
|
1288
|
-
if (credentialIssuerMetadata.token_endpoint) {
|
|
1289
|
-
token_endpoint = credentialIssuerMetadata.token_endpoint;
|
|
1290
|
-
}
|
|
1291
|
-
authorization_challenge_endpoint = credentialIssuerMetadata.authorization_challenge_endpoint;
|
|
1292
|
-
if (credentialIssuerMetadata.authorization_servers) {
|
|
1293
|
-
authorization_servers = credentialIssuerMetadata.authorization_servers;
|
|
1294
|
-
}
|
|
1295
|
-
}
|
|
1296
|
-
let response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OPENID_CONFIGURATION, {
|
|
1297
|
-
errorOnNotFound: false
|
|
1298
|
-
});
|
|
1299
|
-
let authMetadata = response.successBody;
|
|
1300
|
-
if (authMetadata) {
|
|
1301
|
-
logger5.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1302
|
-
authorizationServerType = "OIDC";
|
|
1303
|
-
} else {
|
|
1304
|
-
response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OAUTH_AS, {
|
|
1305
|
-
errorOnNotFound: false
|
|
1306
|
-
});
|
|
1307
|
-
authMetadata = response.successBody;
|
|
1308
|
-
}
|
|
1309
|
-
if (!authMetadata) {
|
|
1310
|
-
if (!authorization_servers.includes(issuer)) {
|
|
1311
|
-
throw Error(`Issuer ${issuer} provided a separate authorization server ${authorization_servers}, but that server did not provide metadata`);
|
|
1312
|
-
}
|
|
1313
|
-
} else {
|
|
1314
|
-
if (!authorizationServerType) {
|
|
1315
|
-
authorizationServerType = "OAuth 2.0";
|
|
1316
|
-
}
|
|
1317
|
-
logger5.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1318
|
-
if (!authMetadata.authorization_endpoint) {
|
|
1319
|
-
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1320
|
-
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
1321
|
-
throw Error(`Credential issuer has a different authorization_endpoint (${authorization_endpoint}) from the Authorization Server (${authMetadata.authorization_endpoint})`);
|
|
1322
|
-
}
|
|
1323
|
-
authorization_endpoint = authMetadata.authorization_endpoint;
|
|
1324
|
-
if (authorization_challenge_endpoint && authMetadata.authorization_challenge_endpoint !== authorization_challenge_endpoint) {
|
|
1325
|
-
throw Error(`Credential issuer has a different authorization_challenge_endpoint (${authorization_challenge_endpoint}) from the Authorization Server (${authMetadata.authorization_challenge_endpoint})`);
|
|
1326
|
-
}
|
|
1327
|
-
authorization_challenge_endpoint = authMetadata.authorization_challenge_endpoint;
|
|
1328
|
-
if (!authMetadata.token_endpoint) {
|
|
1329
|
-
throw Error(`Authorization Server ${authorization_servers} did not provide a token_endpoint`);
|
|
1330
|
-
} else if (token_endpoint && authMetadata.token_endpoint !== token_endpoint) {
|
|
1331
|
-
throw Error(`Credential issuer has a different token_endpoint (${token_endpoint}) from the Authorization Server (${authMetadata.token_endpoint})`);
|
|
1332
|
-
}
|
|
1333
|
-
token_endpoint = authMetadata.token_endpoint;
|
|
1334
|
-
if (authMetadata.credential_endpoint) {
|
|
1335
|
-
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1336
|
-
logger5.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1337
|
-
} else {
|
|
1338
|
-
credential_endpoint = authMetadata.credential_endpoint;
|
|
1339
|
-
}
|
|
1340
|
-
}
|
|
1341
|
-
if (authMetadata.deferred_credential_endpoint) {
|
|
1342
|
-
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1343
|
-
logger5.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1344
|
-
} else {
|
|
1345
|
-
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1346
|
-
}
|
|
1347
|
-
}
|
|
1348
|
-
}
|
|
1349
|
-
if (!authorization_endpoint) {
|
|
1350
|
-
logger5.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1351
|
-
}
|
|
1352
|
-
if (!token_endpoint) {
|
|
1353
|
-
logger5.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1354
|
-
if (opts?.errorOnNotFound) {
|
|
1355
|
-
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1356
|
-
} else {
|
|
1357
|
-
token_endpoint = `${issuer}${issuer.endsWith("/") ? "token" : "/token"}`;
|
|
1358
|
-
}
|
|
1359
|
-
}
|
|
1360
|
-
if (!credential_endpoint) {
|
|
1361
|
-
logger5.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1362
|
-
if (opts?.errorOnNotFound) {
|
|
1363
|
-
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1364
|
-
} else {
|
|
1365
|
-
credential_endpoint = `${issuer}${issuer.endsWith("/") ? "credential" : "/credential"}`;
|
|
1366
|
-
}
|
|
1367
|
-
}
|
|
1368
|
-
if (!credentialIssuerMetadata && authMetadata) {
|
|
1369
|
-
credentialIssuerMetadata = authMetadata;
|
|
1370
|
-
}
|
|
1371
|
-
const ci = credentialIssuerMetadata ?? {};
|
|
1372
|
-
const ciAuthorizationServers = Array.isArray(ci.authorization_servers) && ci.authorization_servers.length > 0 ? ci.authorization_servers : authorization_servers;
|
|
1373
|
-
const v15CredentialIssuerMetadata = {
|
|
1374
|
-
credential_issuer: ci.credential_issuer ?? issuer,
|
|
1375
|
-
credential_endpoint,
|
|
1376
|
-
authorization_servers: ciAuthorizationServers,
|
|
1377
|
-
credential_configurations_supported: ci.credential_configurations_supported ?? {},
|
|
1378
|
-
display: ci.display ?? [],
|
|
1379
|
-
...nonce_endpoint && {
|
|
1380
|
-
nonce_endpoint
|
|
1381
|
-
},
|
|
1382
|
-
...deferred_credential_endpoint && {
|
|
1383
|
-
deferred_credential_endpoint
|
|
1384
|
-
}
|
|
1385
|
-
};
|
|
1386
|
-
logger5.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1387
|
-
return {
|
|
1388
|
-
issuer,
|
|
1389
|
-
token_endpoint,
|
|
1390
|
-
credential_endpoint,
|
|
1391
|
-
authorization_challenge_endpoint,
|
|
1392
|
-
authorizationServerType,
|
|
1393
|
-
credentialIssuerMetadata: v15CredentialIssuerMetadata,
|
|
1394
|
-
authorizationServerMetadata: authMetadata
|
|
1395
|
-
};
|
|
1396
|
-
}
|
|
1397
|
-
/**
|
|
1398
|
-
* Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata
|
|
1399
|
-
*
|
|
1400
|
-
* @param issuerHost The issuer hostname
|
|
1401
|
-
* @param opts
|
|
1402
|
-
*/
|
|
1403
|
-
static async retrieveOpenID4VCIServerMetadata(issuerHost, opts) {
|
|
1404
|
-
return retrieveWellknown(issuerHost, import_oid4vci_common12.WellKnownEndpoints.OPENID4VCI_ISSUER, {
|
|
1405
|
-
errorOnNotFound: opts?.errorOnNotFound === void 0 ? true : opts.errorOnNotFound
|
|
1406
|
-
});
|
|
1407
|
-
}
|
|
1408
|
-
};
|
|
1409
|
-
|
|
1410
1231
|
// lib/MetadataClient.ts
|
|
1411
|
-
var
|
|
1232
|
+
var logger5 = import_ssi_types7.Loggers.DEFAULT.get("sphereon:oid4vci:metadata");
|
|
1412
1233
|
var MetadataClient = class _MetadataClient {
|
|
1413
1234
|
static {
|
|
1414
1235
|
__name(this, "MetadataClient");
|
|
@@ -1419,9 +1240,7 @@ var MetadataClient = class _MetadataClient {
|
|
|
1419
1240
|
* @param credentialOffer
|
|
1420
1241
|
*/
|
|
1421
1242
|
static async retrieveAllMetadataFromCredentialOffer(credentialOffer) {
|
|
1422
|
-
if ((0,
|
|
1423
|
-
return await MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
1424
|
-
} else if ((0, import_oid4vci_common13.determineSpecVersionFromOffer)(credentialOffer.credential_offer) >= import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13) {
|
|
1243
|
+
if ((0, import_oid4vci_common12.determineSpecVersionFromOffer)(credentialOffer.credential_offer) >= import_oid4vci_common12.OpenId4VCIVersion.VER_1_0_13) {
|
|
1425
1244
|
return await MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
1426
1245
|
} else {
|
|
1427
1246
|
return await MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOffer(credentialOffer);
|
|
@@ -1432,11 +1251,9 @@ var MetadataClient = class _MetadataClient {
|
|
|
1432
1251
|
* @param request
|
|
1433
1252
|
*/
|
|
1434
1253
|
static async retrieveAllMetadataFromCredentialOfferRequest(request) {
|
|
1435
|
-
const issuer = (0,
|
|
1254
|
+
const issuer = (0, import_oid4vci_common12.getIssuerFromCredentialOfferPayload)(request);
|
|
1436
1255
|
if (issuer) {
|
|
1437
|
-
if ((0,
|
|
1438
|
-
return MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
1439
|
-
} else if ((0, import_oid4vci_common13.determineSpecVersionFromOffer)(request) >= import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13) {
|
|
1256
|
+
if ((0, import_oid4vci_common12.determineSpecVersionFromOffer)(request) >= import_oid4vci_common12.OpenId4VCIVersion.VER_1_0_13) {
|
|
1440
1257
|
return MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
1441
1258
|
} else {
|
|
1442
1259
|
return MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOfferRequest(request);
|
|
@@ -1465,7 +1282,7 @@ var MetadataClient = class _MetadataClient {
|
|
|
1465
1282
|
});
|
|
1466
1283
|
let credentialIssuerMetadata = oid4vciResponse?.successBody;
|
|
1467
1284
|
if (credentialIssuerMetadata) {
|
|
1468
|
-
|
|
1285
|
+
logger5.debug(`Issuer ${issuer} OID4VCI well-known server metadata\r
|
|
1469
1286
|
${JSON.stringify(credentialIssuerMetadata)}`);
|
|
1470
1287
|
credential_endpoint = credentialIssuerMetadata.credential_endpoint;
|
|
1471
1288
|
deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint ? credentialIssuerMetadata.deferred_credential_endpoint : void 0;
|
|
@@ -1482,15 +1299,15 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1482
1299
|
];
|
|
1483
1300
|
}
|
|
1484
1301
|
}
|
|
1485
|
-
let response = await retrieveWellknown(authorization_servers[0],
|
|
1302
|
+
let response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OPENID_CONFIGURATION, {
|
|
1486
1303
|
errorOnNotFound: false
|
|
1487
1304
|
});
|
|
1488
1305
|
let authMetadata = response.successBody;
|
|
1489
1306
|
if (authMetadata) {
|
|
1490
|
-
|
|
1307
|
+
logger5.debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
|
|
1491
1308
|
authorizationServerType = "OIDC";
|
|
1492
1309
|
} else {
|
|
1493
|
-
response = await retrieveWellknown(authorization_servers[0],
|
|
1310
|
+
response = await retrieveWellknown(authorization_servers[0], import_oid4vci_common12.WellKnownEndpoints.OAUTH_AS, {
|
|
1494
1311
|
errorOnNotFound: false
|
|
1495
1312
|
});
|
|
1496
1313
|
authMetadata = response.successBody;
|
|
@@ -1503,7 +1320,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1503
1320
|
if (!authorizationServerType) {
|
|
1504
1321
|
authorizationServerType = "OAuth 2.0";
|
|
1505
1322
|
}
|
|
1506
|
-
|
|
1323
|
+
logger5.debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
|
|
1507
1324
|
if (!authMetadata.authorization_endpoint) {
|
|
1508
1325
|
console.warn(`Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`);
|
|
1509
1326
|
} else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
|
|
@@ -1522,24 +1339,24 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1522
1339
|
token_endpoint = authMetadata.token_endpoint;
|
|
1523
1340
|
if (authMetadata.credential_endpoint) {
|
|
1524
1341
|
if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
|
|
1525
|
-
|
|
1342
|
+
logger5.debug(`Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`);
|
|
1526
1343
|
} else {
|
|
1527
1344
|
credential_endpoint = authMetadata.credential_endpoint;
|
|
1528
1345
|
}
|
|
1529
1346
|
}
|
|
1530
1347
|
if (authMetadata.deferred_credential_endpoint) {
|
|
1531
1348
|
if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
|
|
1532
|
-
|
|
1349
|
+
logger5.debug(`Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`);
|
|
1533
1350
|
} else {
|
|
1534
1351
|
deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
|
|
1535
1352
|
}
|
|
1536
1353
|
}
|
|
1537
1354
|
}
|
|
1538
1355
|
if (!authorization_endpoint) {
|
|
1539
|
-
|
|
1356
|
+
logger5.debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
|
|
1540
1357
|
}
|
|
1541
1358
|
if (!token_endpoint) {
|
|
1542
|
-
|
|
1359
|
+
logger5.debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
|
|
1543
1360
|
if (opts?.errorOnNotFound) {
|
|
1544
1361
|
throw Error(`Could not deduce the token_endpoint for ${issuer}`);
|
|
1545
1362
|
} else {
|
|
@@ -1547,7 +1364,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1547
1364
|
}
|
|
1548
1365
|
}
|
|
1549
1366
|
if (!credential_endpoint) {
|
|
1550
|
-
|
|
1367
|
+
logger5.debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
|
|
1551
1368
|
if (opts?.errorOnNotFound) {
|
|
1552
1369
|
throw Error(`Could not deduce the credential endpoint for ${issuer}`);
|
|
1553
1370
|
} else {
|
|
@@ -1557,7 +1374,7 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1557
1374
|
if (!credentialIssuerMetadata && authMetadata) {
|
|
1558
1375
|
credentialIssuerMetadata = authorization_server ? authMetadata : authMetadata;
|
|
1559
1376
|
}
|
|
1560
|
-
|
|
1377
|
+
logger5.debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
|
|
1561
1378
|
return {
|
|
1562
1379
|
issuer,
|
|
1563
1380
|
token_endpoint,
|
|
@@ -1582,18 +1399,18 @@ ${JSON.stringify(credentialIssuerMetadata)}`);
|
|
|
1582
1399
|
* @param opts
|
|
1583
1400
|
*/
|
|
1584
1401
|
static async retrieveOpenID4VCIServerMetadata(issuerHost, opts) {
|
|
1585
|
-
return retrieveWellknown(issuerHost,
|
|
1402
|
+
return retrieveWellknown(issuerHost, import_oid4vci_common12.WellKnownEndpoints.OPENID4VCI_ISSUER, {
|
|
1586
1403
|
errorOnNotFound: opts?.errorOnNotFound === void 0 ? true : opts.errorOnNotFound
|
|
1587
1404
|
});
|
|
1588
1405
|
}
|
|
1589
1406
|
};
|
|
1590
1407
|
|
|
1591
1408
|
// lib/AuthorizationCodeClient.ts
|
|
1592
|
-
var
|
|
1409
|
+
var logger6 = import_ssi_types8.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
1593
1410
|
async function createSignedAuthRequestWhenNeeded(requestObject, opts) {
|
|
1594
|
-
if (opts.requestObjectMode ===
|
|
1411
|
+
if (opts.requestObjectMode === import_oid4vci_common13.CreateRequestObjectMode.REQUEST_URI) {
|
|
1595
1412
|
throw Error(`Request Object Mode ${opts.requestObjectMode} is not supported yet`);
|
|
1596
|
-
} else if (opts.requestObjectMode ===
|
|
1413
|
+
} else if (opts.requestObjectMode === import_oid4vci_common13.CreateRequestObjectMode.REQUEST_OBJECT) {
|
|
1597
1414
|
if (typeof opts.signCallbacks?.signCallback !== "function") {
|
|
1598
1415
|
throw Error(`No request object sign callback found, whilst request object mode was set to ${opts.requestObjectMode}`);
|
|
1599
1416
|
} else if (!opts.kid) {
|
|
@@ -1632,7 +1449,7 @@ async function createSignedAuthRequestWhenNeeded(requestObject, opts) {
|
|
|
1632
1449
|
const pop = await ProofOfPossessionBuilder.fromJwt({
|
|
1633
1450
|
jwt,
|
|
1634
1451
|
callbacks: opts.signCallbacks,
|
|
1635
|
-
version:
|
|
1452
|
+
version: import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_11,
|
|
1636
1453
|
mode: "JWT"
|
|
1637
1454
|
}).build();
|
|
1638
1455
|
requestObject["request"] = pop.jwt;
|
|
@@ -1670,12 +1487,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1670
1487
|
}
|
|
1671
1488
|
__name(removeDisplayAndValueTypes, "removeDisplayAndValueTypes");
|
|
1672
1489
|
const { redirectUri, requestObjectOpts = {
|
|
1673
|
-
requestObjectMode:
|
|
1490
|
+
requestObjectMode: import_oid4vci_common13.CreateRequestObjectMode.NONE
|
|
1674
1491
|
} } = authorizationRequest;
|
|
1675
1492
|
const client_id = clientId ?? authorizationRequest.clientId;
|
|
1676
1493
|
const authorizationMetadata = endpointMetadata.authorizationServerMetadata ?? endpointMetadata.credentialIssuerMetadata;
|
|
1677
1494
|
let { authorizationDetails } = authorizationRequest;
|
|
1678
|
-
const parMode = authorizationMetadata?.require_pushed_authorization_requests ?
|
|
1495
|
+
const parMode = authorizationMetadata?.require_pushed_authorization_requests ? import_oid4vci_common13.PARMode.REQUIRE : authorizationRequest.parMode ?? (client_id ? import_oid4vci_common13.PARMode.AUTO : import_oid4vci_common13.PARMode.NEVER);
|
|
1679
1496
|
if (!authorizationRequest.scope && !authorizationDetails) {
|
|
1680
1497
|
if (!credentialOffer) {
|
|
1681
1498
|
throw Error("Please provide a scope or authorization_details if no credential offer is present");
|
|
@@ -1683,8 +1500,8 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1683
1500
|
if ("credentials" in credentialOffer.credential_offer) {
|
|
1684
1501
|
throw new Error("CredentialOffer format is wrong.");
|
|
1685
1502
|
}
|
|
1686
|
-
const ver = version ?? (0,
|
|
1687
|
-
const creds = ver ===
|
|
1503
|
+
const ver = version ?? (0, import_oid4vci_common13.determineSpecVersionFromOffer)(credentialOffer.credential_offer) ?? import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13;
|
|
1504
|
+
const creds = ver === import_oid4vci_common13.OpenId4VCIVersion.VER_1_0_13 ? filterSupportedCredentials(credentialOffer.credential_offer, credentialConfigurationSupported) : [];
|
|
1688
1505
|
authorizationDetails = creds.flatMap((cred) => {
|
|
1689
1506
|
const locations = [
|
|
1690
1507
|
credentialOffer?.credential_offer.credential_issuer ?? endpointMetadata.issuer
|
|
@@ -1694,10 +1511,10 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1694
1511
|
if (!credential_configuration_id && !cred.format) {
|
|
1695
1512
|
throw Error("format is required in authorization details");
|
|
1696
1513
|
}
|
|
1697
|
-
const vct = cred.format === "
|
|
1514
|
+
const vct = cred.format === "vc+sd-jwt" ? cred.vct : void 0;
|
|
1698
1515
|
const doctype = cred.format === "mso_mdoc" ? cred.doctype : void 0;
|
|
1699
1516
|
let credential_definition = void 0;
|
|
1700
|
-
if ((0,
|
|
1517
|
+
if ((0, import_oid4vci_common13.isW3cCredentialSupported)(cred)) {
|
|
1701
1518
|
credential_definition = {
|
|
1702
1519
|
...cred.credential_definition,
|
|
1703
1520
|
// type: OPTIONAL. Array as defined in Appendix A.1.1.2. This claim contains the type values the Wallet requests authorization for at the Credential Issuer. It MUST be present if the claim format is present in the root of the authorization details object. It MUST not be present otherwise.
|
|
@@ -1732,15 +1549,14 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1732
1549
|
throw Error(`Could not create authorization details from credential offer. Please pass in explicit details`);
|
|
1733
1550
|
}
|
|
1734
1551
|
}
|
|
1735
|
-
|
|
1736
|
-
if (!authorizationEndpoint) {
|
|
1552
|
+
if (!endpointMetadata?.authorization_endpoint) {
|
|
1737
1553
|
throw Error("Server metadata does not contain authorization endpoint");
|
|
1738
1554
|
}
|
|
1739
1555
|
const parEndpoint = authorizationMetadata?.pushed_authorization_request_endpoint;
|
|
1740
1556
|
let queryObj = {
|
|
1741
|
-
response_type:
|
|
1557
|
+
response_type: import_oid4vci_common13.ResponseType.AUTH_CODE,
|
|
1742
1558
|
...!pkce.disabled && {
|
|
1743
|
-
code_challenge_method: pkce.codeChallengeMethod ??
|
|
1559
|
+
code_challenge_method: pkce.codeChallengeMethod ?? import_oid4vci_common13.CodeChallengeMethod.S256,
|
|
1744
1560
|
code_challenge: pkce.codeChallenge
|
|
1745
1561
|
},
|
|
1746
1562
|
authorization_details: JSON.stringify(handleAuthorizationDetails(endpointMetadata, authorizationDetails)),
|
|
@@ -1758,12 +1574,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1758
1574
|
if (credentialOffer?.issuerState) {
|
|
1759
1575
|
queryObj.state = credentialOffer?.issuerState;
|
|
1760
1576
|
}
|
|
1761
|
-
if (!parEndpoint && parMode ===
|
|
1577
|
+
if (!parEndpoint && parMode === import_oid4vci_common13.PARMode.REQUIRE) {
|
|
1762
1578
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1763
|
-
} else if (parEndpoint && parMode !==
|
|
1764
|
-
|
|
1765
|
-
const parResponse = await (0,
|
|
1766
|
-
mode:
|
|
1579
|
+
} else if (parEndpoint && parMode !== import_oid4vci_common13.PARMode.NEVER) {
|
|
1580
|
+
logger6.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1581
|
+
const parResponse = await (0, import_oid4vci_common13.formPost)(parEndpoint, (0, import_oid4vci_common13.convertJsonToURI)(queryObj, {
|
|
1582
|
+
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
1767
1583
|
uriTypeProperties: [
|
|
1768
1584
|
"client_id",
|
|
1769
1585
|
"request_uri",
|
|
@@ -1778,12 +1594,12 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1778
1594
|
accept: "application/json"
|
|
1779
1595
|
});
|
|
1780
1596
|
if (parResponse.errorBody || !parResponse.successBody) {
|
|
1781
|
-
if (parMode ===
|
|
1597
|
+
if (parMode === import_oid4vci_common13.PARMode.REQUIRE) {
|
|
1782
1598
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1783
1599
|
}
|
|
1784
|
-
|
|
1600
|
+
logger6.debug("Falling back to regular request URI, since PAR failed", JSON.stringify(parResponse.errorBody));
|
|
1785
1601
|
} else {
|
|
1786
|
-
|
|
1602
|
+
logger6.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1787
1603
|
queryObj = {
|
|
1788
1604
|
client_id,
|
|
1789
1605
|
request_uri: parResponse.successBody.request_uri
|
|
@@ -1792,11 +1608,11 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1792
1608
|
}
|
|
1793
1609
|
await createSignedAuthRequestWhenNeeded(queryObj, {
|
|
1794
1610
|
...requestObjectOpts,
|
|
1795
|
-
aud: endpointMetadata.authorization_server
|
|
1611
|
+
aud: endpointMetadata.authorization_server
|
|
1796
1612
|
});
|
|
1797
|
-
|
|
1798
|
-
const url = (0,
|
|
1799
|
-
baseUrl:
|
|
1613
|
+
logger6.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1614
|
+
const url = (0, import_oid4vci_common13.convertJsonToURI)(queryObj, {
|
|
1615
|
+
baseUrl: endpointMetadata.authorization_endpoint,
|
|
1800
1616
|
uriTypeProperties: [
|
|
1801
1617
|
"client_id",
|
|
1802
1618
|
"request_uri",
|
|
@@ -1807,12 +1623,11 @@ var createAuthorizationRequestUrl = /* @__PURE__ */ __name(async ({ pkce, endpoi
|
|
|
1807
1623
|
"state"
|
|
1808
1624
|
],
|
|
1809
1625
|
// arrayTypeProperties: ['authorization_details'],
|
|
1810
|
-
mode:
|
|
1626
|
+
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1811
1627
|
});
|
|
1812
|
-
|
|
1628
|
+
logger6.debug(`Authorization Request URL: ${url}`);
|
|
1813
1629
|
return url;
|
|
1814
1630
|
}, "createAuthorizationRequestUrl");
|
|
1815
|
-
var hasCredentialDefinition = /* @__PURE__ */ __name((cred) => "credential_definition" in cred && cred.credential_definition && typeof cred.credential_definition === "object" && cred.credential_definition !== null && "type" in cred.credential_definition && Array.isArray(cred.credential_definition.type), "hasCredentialDefinition");
|
|
1816
1631
|
var handleAuthorizationDetails = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
1817
1632
|
if (authorizationDetails) {
|
|
1818
1633
|
if (typeof authorizationDetails === "string") {
|
|
@@ -1834,10 +1649,7 @@ var handleLocations = /* @__PURE__ */ __name((endpointMetadata, authorizationDet
|
|
|
1834
1649
|
if (typeof authorizationDetails === "string") {
|
|
1835
1650
|
return authorizationDetails;
|
|
1836
1651
|
}
|
|
1837
|
-
|
|
1838
|
-
const hasAuthorizationServers = Array.isArray(ciMeta?.authorization_servers) && ciMeta.authorization_servers.length > 0;
|
|
1839
|
-
const legacyHasAuthzEndpoint = Boolean(endpointMetadata.authorization_endpoint);
|
|
1840
|
-
if (hasAuthorizationServers || legacyHasAuthzEndpoint) {
|
|
1652
|
+
if (authorizationDetails && (endpointMetadata.credentialIssuerMetadata?.authorization_server || endpointMetadata.authorization_endpoint)) {
|
|
1841
1653
|
if (authorizationDetails.locations) {
|
|
1842
1654
|
if (Array.isArray(authorizationDetails.locations)) {
|
|
1843
1655
|
authorizationDetails.locations.push(endpointMetadata.issuer);
|
|
@@ -1896,23 +1708,23 @@ var createAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (opts) =>
|
|
|
1896
1708
|
return request;
|
|
1897
1709
|
}, "createAuthorizationChallengeRequest");
|
|
1898
1710
|
var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (authorizationChallengeCodeUrl, authorizationChallengeRequest, opts) => {
|
|
1899
|
-
return await (0,
|
|
1900
|
-
mode:
|
|
1711
|
+
return await (0, import_oid4vci_common13.formPost)(authorizationChallengeCodeUrl, (0, import_oid4vci_common13.convertJsonToURI)(authorizationChallengeRequest, {
|
|
1712
|
+
mode: import_oid4vci_common13.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
1901
1713
|
}), {
|
|
1902
1714
|
customHeaders: opts?.headers ? opts.headers : void 0
|
|
1903
1715
|
});
|
|
1904
1716
|
}, "sendAuthorizationChallengeRequest");
|
|
1905
1717
|
|
|
1906
1718
|
// lib/AuthorizationCodeClientV1_0_11.ts
|
|
1907
|
-
var
|
|
1908
|
-
var
|
|
1909
|
-
var
|
|
1719
|
+
var import_oid4vci_common14 = require("@sphereon/oid4vci-common");
|
|
1720
|
+
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1721
|
+
var logger7 = import_ssi_types9.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
1910
1722
|
var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported }) => {
|
|
1911
1723
|
const { redirectUri, clientId, requestObjectOpts = {
|
|
1912
|
-
requestObjectMode:
|
|
1724
|
+
requestObjectMode: import_oid4vci_common14.CreateRequestObjectMode.NONE
|
|
1913
1725
|
} } = authorizationRequest;
|
|
1914
1726
|
let { scope, authorizationDetails } = authorizationRequest;
|
|
1915
|
-
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests ?
|
|
1727
|
+
const parMode = endpointMetadata?.credentialIssuerMetadata?.require_pushed_authorization_requests ? import_oid4vci_common14.PARMode.REQUIRE : authorizationRequest.parMode ?? import_oid4vci_common14.PARMode.AUTO;
|
|
1916
1728
|
if (!scope && !authorizationDetails) {
|
|
1917
1729
|
if (!credentialOffer) {
|
|
1918
1730
|
throw Error("Please provide a scope or authorization_details if no credential offer is present");
|
|
@@ -1945,9 +1757,9 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1945
1757
|
].filter((s) => !!s).join(" ");
|
|
1946
1758
|
}
|
|
1947
1759
|
let queryObj = {
|
|
1948
|
-
response_type:
|
|
1760
|
+
response_type: import_oid4vci_common14.ResponseType.AUTH_CODE,
|
|
1949
1761
|
...!pkce.disabled && {
|
|
1950
|
-
code_challenge_method: pkce.codeChallengeMethod ??
|
|
1762
|
+
code_challenge_method: pkce.codeChallengeMethod ?? import_oid4vci_common14.CodeChallengeMethod.S256,
|
|
1951
1763
|
code_challenge: pkce.codeChallenge
|
|
1952
1764
|
},
|
|
1953
1765
|
authorization_details: JSON.stringify(handleAuthorizationDetailsV1_0_11(endpointMetadata, authorizationDetails)),
|
|
@@ -1962,12 +1774,12 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1962
1774
|
},
|
|
1963
1775
|
scope
|
|
1964
1776
|
};
|
|
1965
|
-
if (!parEndpoint && parMode ===
|
|
1777
|
+
if (!parEndpoint && parMode === import_oid4vci_common14.PARMode.REQUIRE) {
|
|
1966
1778
|
throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
|
|
1967
|
-
} else if (parEndpoint && parMode !==
|
|
1968
|
-
|
|
1969
|
-
const parResponse = await (0,
|
|
1970
|
-
mode:
|
|
1779
|
+
} else if (parEndpoint && parMode !== import_oid4vci_common14.PARMode.NEVER) {
|
|
1780
|
+
logger7.debug(`USING PAR with endpoint ${parEndpoint}`);
|
|
1781
|
+
const parResponse = await (0, import_oid4vci_common14.formPost)(parEndpoint, (0, import_oid4vci_common14.convertJsonToURI)(queryObj, {
|
|
1782
|
+
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
1971
1783
|
uriTypeProperties: [
|
|
1972
1784
|
"client_id",
|
|
1973
1785
|
"request_uri",
|
|
@@ -1983,11 +1795,11 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1983
1795
|
if (parResponse.errorBody || !parResponse.successBody) {
|
|
1984
1796
|
console.log(JSON.stringify(parResponse.errorBody));
|
|
1985
1797
|
console.log("Falling back to regular request URI, since PAR failed");
|
|
1986
|
-
if (parMode ===
|
|
1798
|
+
if (parMode === import_oid4vci_common14.PARMode.REQUIRE) {
|
|
1987
1799
|
throw Error(`PAR error: ${parResponse.origResponse.statusText}`);
|
|
1988
1800
|
}
|
|
1989
1801
|
} else {
|
|
1990
|
-
|
|
1802
|
+
logger7.debug(`PAR response: ${JSON.stringify(parResponse.successBody, null, 2)}`);
|
|
1991
1803
|
queryObj = {
|
|
1992
1804
|
request_uri: parResponse.successBody.request_uri
|
|
1993
1805
|
};
|
|
@@ -1997,8 +1809,8 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
1997
1809
|
...requestObjectOpts,
|
|
1998
1810
|
aud: endpointMetadata.authorization_server
|
|
1999
1811
|
});
|
|
2000
|
-
|
|
2001
|
-
const url = (0,
|
|
1812
|
+
logger7.debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));
|
|
1813
|
+
const url = (0, import_oid4vci_common14.convertJsonToURI)(queryObj, {
|
|
2002
1814
|
baseUrl: endpointMetadata.authorization_endpoint,
|
|
2003
1815
|
uriTypeProperties: [
|
|
2004
1816
|
"client_id",
|
|
@@ -2009,9 +1821,9 @@ var createAuthorizationRequestUrlV1_0_11 = /* @__PURE__ */ __name(async ({ pkce,
|
|
|
2009
1821
|
"issuer_state"
|
|
2010
1822
|
],
|
|
2011
1823
|
// arrayTypeProperties: ['authorization_details'],
|
|
2012
|
-
mode:
|
|
1824
|
+
mode: import_oid4vci_common14.JsonURIMode.X_FORM_WWW_URLENCODED
|
|
2013
1825
|
});
|
|
2014
|
-
|
|
1826
|
+
logger7.debug(`Authorization Request URL: ${url}`);
|
|
2015
1827
|
return url;
|
|
2016
1828
|
}, "createAuthorizationRequestUrlV1_0_11");
|
|
2017
1829
|
var handleAuthorizationDetailsV1_0_11 = /* @__PURE__ */ __name((endpointMetadata, authorizationDetails) => {
|
|
@@ -2056,9 +1868,9 @@ var handleLocations2 = /* @__PURE__ */ __name((endpointMetadata, authorizationDe
|
|
|
2056
1868
|
|
|
2057
1869
|
// lib/CredentialRequestClient.ts
|
|
2058
1870
|
var import_oid4vc_common5 = require("@sphereon/oid4vc-common");
|
|
2059
|
-
var
|
|
2060
|
-
var
|
|
2061
|
-
var
|
|
1871
|
+
var import_oid4vci_common15 = require("@sphereon/oid4vci-common");
|
|
1872
|
+
var import_ssi_types10 = require("@sphereon/ssi-types");
|
|
1873
|
+
var logger8 = import_ssi_types10.Loggers.DEFAULT.get("sphereon:oid4vci:credential");
|
|
2062
1874
|
async function buildProof(proofInput, opts) {
|
|
2063
1875
|
if ("proof_type" in proofInput) {
|
|
2064
1876
|
if (opts.cNonce) {
|
|
@@ -2072,27 +1884,6 @@ async function buildProof(proofInput, opts) {
|
|
|
2072
1884
|
return await proofInput.build();
|
|
2073
1885
|
}
|
|
2074
1886
|
__name(buildProof, "buildProof");
|
|
2075
|
-
function isOpenIdCredentialDetail(ad) {
|
|
2076
|
-
return typeof ad === "object" && ad !== null && ad.type === "openid_credential";
|
|
2077
|
-
}
|
|
2078
|
-
__name(isOpenIdCredentialDetail, "isOpenIdCredentialDetail");
|
|
2079
|
-
function findAuthorizationDetail(authorizationDetails, preferredConfigId) {
|
|
2080
|
-
if (!authorizationDetails) {
|
|
2081
|
-
return void 0;
|
|
2082
|
-
}
|
|
2083
|
-
const openIdCredentialDetails = authorizationDetails.filter(isOpenIdCredentialDetail);
|
|
2084
|
-
if (openIdCredentialDetails.length === 0) {
|
|
2085
|
-
return void 0;
|
|
2086
|
-
}
|
|
2087
|
-
if (preferredConfigId) {
|
|
2088
|
-
const match = openIdCredentialDetails.find((detail) => typeof detail === "object" && detail !== null && detail.credential_configuration_id === preferredConfigId);
|
|
2089
|
-
if (match) {
|
|
2090
|
-
return match;
|
|
2091
|
-
}
|
|
2092
|
-
}
|
|
2093
|
-
return openIdCredentialDetails[0];
|
|
2094
|
-
}
|
|
2095
|
-
__name(findAuthorizationDetail, "findAuthorizationDetail");
|
|
2096
1887
|
var CredentialRequestClient = class {
|
|
2097
1888
|
static {
|
|
2098
1889
|
__name(this, "CredentialRequestClient");
|
|
@@ -2132,10 +1923,7 @@ var CredentialRequestClient = class {
|
|
|
2132
1923
|
credentialIdentifier,
|
|
2133
1924
|
subjectIssuance
|
|
2134
1925
|
});
|
|
2135
|
-
|
|
2136
|
-
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
2137
|
-
}
|
|
2138
|
-
return await this.acquireCredentialsUsingRequestWithoutProof(request, format, opts.createDPoPOpts);
|
|
1926
|
+
return await this.acquireCredentialsUsingRequestWithoutProof(request, opts.createDPoPOpts);
|
|
2139
1927
|
}
|
|
2140
1928
|
async acquireCredentialsUsingProof(opts) {
|
|
2141
1929
|
const { credentialIdentifier, credentialTypes, proofInput, format, context, subjectIssuance } = opts;
|
|
@@ -2148,35 +1936,32 @@ var CredentialRequestClient = class {
|
|
|
2148
1936
|
credentialIdentifier,
|
|
2149
1937
|
subjectIssuance
|
|
2150
1938
|
});
|
|
2151
|
-
|
|
2152
|
-
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
2153
|
-
}
|
|
2154
|
-
return await this.acquireCredentialsUsingRequest(request, format, opts.createDPoPOpts);
|
|
1939
|
+
return await this.acquireCredentialsUsingRequest(request, opts.createDPoPOpts);
|
|
2155
1940
|
}
|
|
2156
|
-
async acquireCredentialsUsingRequestWithoutProof(uniformRequest,
|
|
2157
|
-
return await this.acquireCredentialsUsingRequestImpl(uniformRequest,
|
|
1941
|
+
async acquireCredentialsUsingRequestWithoutProof(uniformRequest, createDPoPOpts) {
|
|
1942
|
+
return await this.acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts);
|
|
2158
1943
|
}
|
|
2159
|
-
async acquireCredentialsUsingRequest(uniformRequest,
|
|
2160
|
-
return await this.acquireCredentialsUsingRequestImpl(uniformRequest,
|
|
1944
|
+
async acquireCredentialsUsingRequest(uniformRequest, createDPoPOpts) {
|
|
1945
|
+
return await this.acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts);
|
|
2161
1946
|
}
|
|
2162
|
-
async acquireCredentialsUsingRequestImpl(uniformRequest,
|
|
2163
|
-
if (this.version() <
|
|
1947
|
+
async acquireCredentialsUsingRequestImpl(uniformRequest, createDPoPOpts) {
|
|
1948
|
+
if (this.version() < import_oid4vci_common15.OpenId4VCIVersion.VER_1_0_13) {
|
|
2164
1949
|
throw new Error("Versions below v1.0.13 (draft 13) are not supported by the V13 credential request client.");
|
|
2165
1950
|
}
|
|
2166
|
-
const request = (0,
|
|
1951
|
+
const request = (0, import_oid4vci_common15.getCredentialRequestForVersion)(uniformRequest, this.version());
|
|
2167
1952
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
2168
|
-
if (!(0,
|
|
2169
|
-
|
|
2170
|
-
throw new Error(
|
|
1953
|
+
if (!(0, import_oid4vci_common15.isValidURL)(credentialEndpoint)) {
|
|
1954
|
+
logger8.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
1955
|
+
throw new Error(import_oid4vci_common15.URL_NOT_VALID);
|
|
2171
1956
|
}
|
|
2172
|
-
|
|
2173
|
-
|
|
1957
|
+
logger8.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
1958
|
+
logger8.debug(`request
|
|
2174
1959
|
: ${JSON.stringify(request, null, 2)}`);
|
|
2175
1960
|
const requestToken = this.credentialRequestOpts.token;
|
|
2176
1961
|
let dPoP = createDPoPOpts ? await (0, import_oid4vc_common5.createDPoP)((0, import_oid4vc_common5.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2177
1962
|
accessToken: requestToken
|
|
2178
1963
|
})) : void 0;
|
|
2179
|
-
let response = await (0,
|
|
1964
|
+
let response = await (0, import_oid4vci_common15.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2180
1965
|
bearerToken: requestToken,
|
|
2181
1966
|
...dPoP && {
|
|
2182
1967
|
customHeaders: {
|
|
@@ -2191,7 +1976,7 @@ var CredentialRequestClient = class {
|
|
|
2191
1976
|
dPoP = await (0, import_oid4vc_common5.createDPoP)((0, import_oid4vc_common5.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2192
1977
|
accessToken: requestToken
|
|
2193
1978
|
}));
|
|
2194
|
-
response = await (0,
|
|
1979
|
+
response = await (0, import_oid4vci_common15.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2195
1980
|
bearerToken: requestToken,
|
|
2196
1981
|
...createDPoPOpts && {
|
|
2197
1982
|
customHeaders: {
|
|
@@ -2202,7 +1987,7 @@ var CredentialRequestClient = class {
|
|
|
2202
1987
|
const successDPoPNonce = response.origResponse.headers.get("DPoP-Nonce");
|
|
2203
1988
|
nextDPoPNonce = successDPoPNonce ?? retryWithNonce.dpopNonce;
|
|
2204
1989
|
}
|
|
2205
|
-
this._isDeferred = (0,
|
|
1990
|
+
this._isDeferred = (0, import_oid4vci_common15.isDeferredCredentialResponse)(response);
|
|
2206
1991
|
if (this.isDeferred() && this.credentialRequestOpts.deferredCredentialAwait && response.successBody) {
|
|
2207
1992
|
response = await this.acquireDeferredCredential(response.successBody, {
|
|
2208
1993
|
bearerToken: this.credentialRequestOpts.token
|
|
@@ -2214,7 +1999,7 @@ var CredentialRequestClient = class {
|
|
|
2214
1999
|
throw Error("Subject signing was requested, but issuer did not provide the options in its response");
|
|
2215
2000
|
}
|
|
2216
2001
|
}
|
|
2217
|
-
|
|
2002
|
+
logger8.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2218
2003
|
${JSON.stringify(response, null, 2)}`);
|
|
2219
2004
|
return {
|
|
2220
2005
|
...response,
|
|
@@ -2236,7 +2021,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2236
2021
|
} else if (!bearerToken) {
|
|
2237
2022
|
throw Error(`No bearer token present and refresh for defered endpoint not supported yet`);
|
|
2238
2023
|
}
|
|
2239
|
-
return await (0,
|
|
2024
|
+
return await (0, import_oid4vci_common15.acquireDeferredCredential)({
|
|
2240
2025
|
bearerToken,
|
|
2241
2026
|
transactionId,
|
|
2242
2027
|
deferredCredentialEndpoint,
|
|
@@ -2251,64 +2036,27 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2251
2036
|
return await this.createCredentialRequestImpl(opts);
|
|
2252
2037
|
}
|
|
2253
2038
|
async createCredentialRequestImpl(opts) {
|
|
2254
|
-
const { proofInput, credentialIdentifier
|
|
2039
|
+
const { proofInput, credentialIdentifier: credential_identifier } = opts;
|
|
2255
2040
|
let proof = void 0;
|
|
2256
2041
|
if (proofInput) {
|
|
2257
2042
|
proof = await buildProof(proofInput, opts);
|
|
2258
2043
|
}
|
|
2259
|
-
if (
|
|
2260
|
-
|
|
2261
|
-
|
|
2262
|
-
const commonBody = {
|
|
2263
|
-
...issuer_state2 && {
|
|
2264
|
-
issuer_state: issuer_state2
|
|
2265
|
-
},
|
|
2266
|
-
...proof && {
|
|
2267
|
-
proof
|
|
2268
|
-
},
|
|
2269
|
-
...opts.subjectIssuance
|
|
2270
|
-
};
|
|
2271
|
-
const authDetailObj = authDetail && typeof authDetail === "object" ? authDetail : null;
|
|
2272
|
-
if (authDetailObj?.credential_identifier) {
|
|
2273
|
-
return {
|
|
2274
|
-
credential_identifier: authDetailObj.credential_identifier,
|
|
2275
|
-
...commonBody
|
|
2276
|
-
};
|
|
2044
|
+
if (credential_identifier) {
|
|
2045
|
+
if (opts.format || opts.credentialTypes || opts.context) {
|
|
2046
|
+
throw Error(`You cannot mix credential_identifier with format, credential types and/or context`);
|
|
2277
2047
|
}
|
|
2278
|
-
if (authDetailObj?.credential_identifiers && authDetailObj.credential_identifiers.length > 0) {
|
|
2279
|
-
return {
|
|
2280
|
-
credential_identifier: authDetailObj.credential_identifiers[0],
|
|
2281
|
-
...commonBody
|
|
2282
|
-
};
|
|
2283
|
-
}
|
|
2284
|
-
const configId = credentialConfigurationId ?? authDetailObj?.credential_configuration_id ?? this._credentialRequestOpts.credentialConfigurationId;
|
|
2285
|
-
if (configId) {
|
|
2286
|
-
return {
|
|
2287
|
-
credential_configuration_id: configId,
|
|
2288
|
-
...commonBody
|
|
2289
|
-
};
|
|
2290
|
-
}
|
|
2291
|
-
if (credentialIdentifier) {
|
|
2292
|
-
return {
|
|
2293
|
-
credential_identifier: credentialIdentifier,
|
|
2294
|
-
...commonBody
|
|
2295
|
-
};
|
|
2296
|
-
}
|
|
2297
|
-
return Promise.reject(Error("No credential_identifier or credential_configuration_id available for v1.0-15 request"));
|
|
2298
|
-
}
|
|
2299
|
-
if (credentialIdentifier) {
|
|
2300
|
-
const proof_obj = proof ? {
|
|
2301
|
-
proof
|
|
2302
|
-
} : {};
|
|
2303
2048
|
return {
|
|
2304
|
-
credential_identifier
|
|
2305
|
-
...
|
|
2049
|
+
credential_identifier,
|
|
2050
|
+
...proof && {
|
|
2051
|
+
proof
|
|
2052
|
+
}
|
|
2306
2053
|
};
|
|
2307
2054
|
}
|
|
2308
2055
|
const formatSelection = opts.format ?? this.credentialRequestOpts.format;
|
|
2309
2056
|
if (!formatSelection) {
|
|
2310
2057
|
throw Error(`Format of credential to be issued is missing`);
|
|
2311
2058
|
}
|
|
2059
|
+
const format = (0, import_oid4vci_common15.getUniformFormat)(formatSelection);
|
|
2312
2060
|
const typesSelection = opts?.credentialTypes && (typeof opts.credentialTypes === "string" || opts.credentialTypes.length > 0) ? opts.credentialTypes : this.credentialRequestOpts.credentialTypes;
|
|
2313
2061
|
if (!typesSelection) {
|
|
2314
2062
|
throw Error(`Credential type(s) need to be provided`);
|
|
@@ -2320,33 +2068,78 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2320
2068
|
throw Error(`Credential type(s) need to be provided`);
|
|
2321
2069
|
}
|
|
2322
2070
|
const issuer_state = this.credentialRequestOpts.issuerState;
|
|
2323
|
-
if (
|
|
2071
|
+
if (format === "jwt_vc_json" || format === "jwt_vc") {
|
|
2324
2072
|
return {
|
|
2325
|
-
format: formatSelection,
|
|
2326
2073
|
credential_definition: {
|
|
2327
|
-
type: types
|
|
2328
|
-
|
|
2329
|
-
|
|
2330
|
-
|
|
2074
|
+
type: types
|
|
2075
|
+
},
|
|
2076
|
+
format,
|
|
2077
|
+
...issuer_state && {
|
|
2078
|
+
issuer_state
|
|
2079
|
+
},
|
|
2080
|
+
...proof && {
|
|
2081
|
+
proof
|
|
2082
|
+
},
|
|
2083
|
+
...opts.subjectIssuance
|
|
2084
|
+
};
|
|
2085
|
+
} else if (format === "jwt_vc_json-ld" || format === "ldp_vc") {
|
|
2086
|
+
if (this.version() >= import_oid4vci_common15.OpenId4VCIVersion.VER_1_0_12 && !opts.context) {
|
|
2087
|
+
throw Error("No @context value present, but it is required");
|
|
2088
|
+
}
|
|
2089
|
+
return {
|
|
2090
|
+
format,
|
|
2091
|
+
...issuer_state && {
|
|
2092
|
+
issuer_state
|
|
2093
|
+
},
|
|
2094
|
+
...proof && {
|
|
2095
|
+
proof
|
|
2096
|
+
},
|
|
2097
|
+
...opts.subjectIssuance,
|
|
2098
|
+
credential_definition: {
|
|
2099
|
+
type: types,
|
|
2100
|
+
"@context": opts.context
|
|
2101
|
+
}
|
|
2102
|
+
};
|
|
2103
|
+
} else if (format === "vc+sd-jwt") {
|
|
2104
|
+
if (types.length > 1) {
|
|
2105
|
+
throw Error(`Only a single credential type is supported for ${format}`);
|
|
2106
|
+
}
|
|
2107
|
+
return {
|
|
2108
|
+
format,
|
|
2109
|
+
...issuer_state && {
|
|
2110
|
+
issuer_state
|
|
2111
|
+
},
|
|
2112
|
+
...proof && {
|
|
2113
|
+
proof
|
|
2331
2114
|
},
|
|
2115
|
+
vct: types[0],
|
|
2116
|
+
...opts.subjectIssuance
|
|
2117
|
+
};
|
|
2118
|
+
} else if (format === "mso_mdoc") {
|
|
2119
|
+
if (types.length > 1) {
|
|
2120
|
+
throw Error(`Only a single credential type is supported for ${format}`);
|
|
2121
|
+
}
|
|
2122
|
+
return {
|
|
2123
|
+
format,
|
|
2332
2124
|
...issuer_state && {
|
|
2333
2125
|
issuer_state
|
|
2334
2126
|
},
|
|
2335
2127
|
...proof && {
|
|
2336
2128
|
proof
|
|
2337
2129
|
},
|
|
2130
|
+
doctype: types[0],
|
|
2338
2131
|
...opts.subjectIssuance
|
|
2339
2132
|
};
|
|
2340
2133
|
}
|
|
2341
|
-
|
|
2134
|
+
throw new Error(`Unsupported credential format: ${format}`);
|
|
2342
2135
|
}
|
|
2343
2136
|
version() {
|
|
2344
|
-
return this.credentialRequestOpts?.version ??
|
|
2137
|
+
return this.credentialRequestOpts?.version ?? import_oid4vci_common15.OpenId4VCIVersion.VER_1_0_13;
|
|
2345
2138
|
}
|
|
2346
2139
|
};
|
|
2347
2140
|
|
|
2348
2141
|
// lib/CredentialOfferClient.ts
|
|
2349
|
-
var
|
|
2142
|
+
var import_oid4vci_common16 = require("@sphereon/oid4vci-common");
|
|
2350
2143
|
var CredentialOfferClient = class {
|
|
2351
2144
|
static {
|
|
2352
2145
|
__name(this, "CredentialOfferClient");
|
|
@@ -2359,12 +2152,12 @@ var CredentialOfferClient = class {
|
|
|
2359
2152
|
}
|
|
2360
2153
|
const scheme = uri.split("://")[0];
|
|
2361
2154
|
const baseUrl = uri.split("?")[0];
|
|
2362
|
-
const version = (0,
|
|
2155
|
+
const version = (0, import_oid4vci_common16.determineSpecVersionFromURI)(uri);
|
|
2363
2156
|
LOG.log(`Offer URL determined to be of version ${version}`);
|
|
2364
2157
|
let credentialOffer;
|
|
2365
2158
|
let credentialOfferPayload;
|
|
2366
|
-
if (version <
|
|
2367
|
-
credentialOfferPayload = (0,
|
|
2159
|
+
if (version < import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_11) {
|
|
2160
|
+
credentialOfferPayload = (0, import_oid4vci_common16.convertURIToJsonObject)(uri, {
|
|
2368
2161
|
arrayTypeProperties: [
|
|
2369
2162
|
"credential_type"
|
|
2370
2163
|
],
|
|
@@ -2382,7 +2175,7 @@ var CredentialOfferClient = class {
|
|
|
2382
2175
|
if (uri.includes("credential_offer_uri")) {
|
|
2383
2176
|
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2384
2177
|
} else {
|
|
2385
|
-
credentialOffer = (0,
|
|
2178
|
+
credentialOffer = (0, import_oid4vci_common16.convertURIToJsonObject)(uri, {
|
|
2386
2179
|
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2387
2180
|
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2388
2181
|
"credential_offer_uri="
|
|
@@ -2400,13 +2193,13 @@ var CredentialOfferClient = class {
|
|
|
2400
2193
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2401
2194
|
}
|
|
2402
2195
|
}
|
|
2403
|
-
const request = await (0,
|
|
2196
|
+
const request = await (0, import_oid4vci_common16.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2404
2197
|
...opts,
|
|
2405
2198
|
version
|
|
2406
2199
|
});
|
|
2407
2200
|
return {
|
|
2408
2201
|
...constructBaseResponse(request, scheme, baseUrl),
|
|
2409
|
-
userPinRequired: request.credential_offer?.grants?.[
|
|
2202
|
+
userPinRequired: request.credential_offer?.grants?.[import_oid4vci_common16.PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? !!request.credential_offer?.grants?.[import_oid4vci_common16.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false
|
|
2410
2203
|
};
|
|
2411
2204
|
}
|
|
2412
2205
|
static toURI(requestWithBaseUrl, opts) {
|
|
@@ -2415,7 +2208,7 @@ var CredentialOfferClient = class {
|
|
|
2415
2208
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2416
2209
|
let param;
|
|
2417
2210
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2418
|
-
if (version.valueOf() >=
|
|
2211
|
+
if (version.valueOf() >= import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2419
2212
|
if (!baseUrl.includes("?")) {
|
|
2420
2213
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2421
2214
|
} else {
|
|
@@ -2430,14 +2223,14 @@ var CredentialOfferClient = class {
|
|
|
2430
2223
|
}
|
|
2431
2224
|
}
|
|
2432
2225
|
}
|
|
2433
|
-
return (0,
|
|
2226
|
+
return (0, import_oid4vci_common16.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2434
2227
|
baseUrl,
|
|
2435
2228
|
arrayTypeProperties: isUri ? [] : [
|
|
2436
2229
|
"credential_type"
|
|
2437
2230
|
],
|
|
2438
2231
|
uriTypeProperties: isUri ? [
|
|
2439
2232
|
"credential_offer_uri"
|
|
2440
|
-
] : version >=
|
|
2233
|
+
] : version >= import_oid4vci_common16.OpenId4VCIVersion.VER_1_0_13 ? [
|
|
2441
2234
|
"credential_issuer",
|
|
2442
2235
|
"credential_type"
|
|
2443
2236
|
] : [
|
|
@@ -2451,26 +2244,26 @@ var CredentialOfferClient = class {
|
|
|
2451
2244
|
};
|
|
2452
2245
|
|
|
2453
2246
|
// lib/CredentialOfferClientV1_0_11.ts
|
|
2454
|
-
var
|
|
2455
|
-
var
|
|
2456
|
-
var
|
|
2247
|
+
var import_oid4vci_common17 = require("@sphereon/oid4vci-common");
|
|
2248
|
+
var import_ssi_types11 = require("@sphereon/ssi-types");
|
|
2249
|
+
var logger9 = import_ssi_types11.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2457
2250
|
var CredentialOfferClientV1_0_11 = class {
|
|
2458
2251
|
static {
|
|
2459
2252
|
__name(this, "CredentialOfferClientV1_0_11");
|
|
2460
2253
|
}
|
|
2461
2254
|
static async fromURI(uri, opts) {
|
|
2462
|
-
|
|
2255
|
+
logger9.debug(`Credential Offer URI: ${uri}`);
|
|
2463
2256
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2464
|
-
|
|
2257
|
+
logger9.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2465
2258
|
throw Error(`Invalid Credential Offer Request`);
|
|
2466
2259
|
}
|
|
2467
2260
|
const scheme = uri.split("://")[0];
|
|
2468
2261
|
const baseUrl = uri.split("?")[0];
|
|
2469
|
-
const version = (0,
|
|
2262
|
+
const version = (0, import_oid4vci_common17.determineSpecVersionFromURI)(uri);
|
|
2470
2263
|
let credentialOffer;
|
|
2471
2264
|
let credentialOfferPayload;
|
|
2472
|
-
if (version <
|
|
2473
|
-
credentialOfferPayload = (0,
|
|
2265
|
+
if (version < import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11) {
|
|
2266
|
+
credentialOfferPayload = (0, import_oid4vci_common17.convertURIToJsonObject)(uri, {
|
|
2474
2267
|
arrayTypeProperties: [
|
|
2475
2268
|
"credential_type"
|
|
2476
2269
|
],
|
|
@@ -2485,7 +2278,7 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2485
2278
|
credential_offer: credentialOfferPayload
|
|
2486
2279
|
};
|
|
2487
2280
|
} else {
|
|
2488
|
-
credentialOffer = (0,
|
|
2281
|
+
credentialOffer = (0, import_oid4vci_common17.convertURIToJsonObject)(uri, {
|
|
2489
2282
|
arrayTypeProperties: [
|
|
2490
2283
|
"credentials"
|
|
2491
2284
|
],
|
|
@@ -2499,11 +2292,11 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2499
2292
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2500
2293
|
}
|
|
2501
2294
|
}
|
|
2502
|
-
const request = await (0,
|
|
2295
|
+
const request = await (0, import_oid4vci_common17.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2503
2296
|
...opts,
|
|
2504
2297
|
version
|
|
2505
2298
|
});
|
|
2506
|
-
const clientId = (0,
|
|
2299
|
+
const clientId = (0, import_oid4vci_common17.getClientIdFromCredentialOfferPayload)(request.credential_offer);
|
|
2507
2300
|
const grants = request.credential_offer?.grants;
|
|
2508
2301
|
return {
|
|
2509
2302
|
scheme,
|
|
@@ -2515,19 +2308,19 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2515
2308
|
...grants?.authorization_code?.issuer_state && {
|
|
2516
2309
|
issuerState: grants.authorization_code.issuer_state
|
|
2517
2310
|
},
|
|
2518
|
-
...grants?.[
|
|
2519
|
-
preAuthorizedCode: grants[
|
|
2311
|
+
...grants?.[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL]?.[import_oid4vci_common17.PRE_AUTH_CODE_LITERAL] && {
|
|
2312
|
+
preAuthorizedCode: grants[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL][import_oid4vci_common17.PRE_AUTH_CODE_LITERAL]
|
|
2520
2313
|
},
|
|
2521
|
-
userPinRequired: !!(request.credential_offer?.grants?.[
|
|
2314
|
+
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common17.PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? false)
|
|
2522
2315
|
};
|
|
2523
2316
|
}
|
|
2524
2317
|
static toURI(requestWithBaseUrl, opts) {
|
|
2525
|
-
|
|
2318
|
+
logger9.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2526
2319
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2527
2320
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2528
2321
|
let param;
|
|
2529
2322
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2530
|
-
if (version.valueOf() >=
|
|
2323
|
+
if (version.valueOf() >= import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2531
2324
|
if (!baseUrl.includes("?")) {
|
|
2532
2325
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2533
2326
|
} else {
|
|
@@ -2542,14 +2335,14 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2542
2335
|
}
|
|
2543
2336
|
}
|
|
2544
2337
|
}
|
|
2545
|
-
return (0,
|
|
2338
|
+
return (0, import_oid4vci_common17.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2546
2339
|
baseUrl,
|
|
2547
2340
|
arrayTypeProperties: isUri ? [] : [
|
|
2548
2341
|
"credential_type"
|
|
2549
2342
|
],
|
|
2550
2343
|
uriTypeProperties: isUri ? [
|
|
2551
2344
|
"credential_offer_uri"
|
|
2552
|
-
] : version >=
|
|
2345
|
+
] : version >= import_oid4vci_common17.OpenId4VCIVersion.VER_1_0_11 ? [
|
|
2553
2346
|
"credential_issuer",
|
|
2554
2347
|
"credential_type"
|
|
2555
2348
|
] : [
|
|
@@ -2563,27 +2356,27 @@ var CredentialOfferClientV1_0_11 = class {
|
|
|
2563
2356
|
};
|
|
2564
2357
|
|
|
2565
2358
|
// lib/CredentialOfferClientV1_0_13.ts
|
|
2566
|
-
var
|
|
2567
|
-
var
|
|
2568
|
-
var
|
|
2359
|
+
var import_oid4vci_common18 = require("@sphereon/oid4vci-common");
|
|
2360
|
+
var import_ssi_types12 = require("@sphereon/ssi-types");
|
|
2361
|
+
var logger10 = import_ssi_types12.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2569
2362
|
var CredentialOfferClientV1_0_13 = class {
|
|
2570
2363
|
static {
|
|
2571
2364
|
__name(this, "CredentialOfferClientV1_0_13");
|
|
2572
2365
|
}
|
|
2573
2366
|
static async fromURI(uri, opts) {
|
|
2574
|
-
|
|
2367
|
+
logger10.debug(`Credential Offer URI: ${uri}`);
|
|
2575
2368
|
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2576
|
-
|
|
2369
|
+
logger10.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2577
2370
|
throw Error(`Invalid Credential Offer Request`);
|
|
2578
2371
|
}
|
|
2579
2372
|
const scheme = uri.split("://")[0];
|
|
2580
2373
|
const baseUrl = uri.split("?")[0];
|
|
2581
|
-
const version = (0,
|
|
2374
|
+
const version = (0, import_oid4vci_common18.determineSpecVersionFromURI)(uri);
|
|
2582
2375
|
let credentialOffer;
|
|
2583
2376
|
if (uri.includes("credential_offer_uri")) {
|
|
2584
2377
|
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2585
2378
|
} else {
|
|
2586
|
-
credentialOffer = (0,
|
|
2379
|
+
credentialOffer = (0, import_oid4vci_common18.convertURIToJsonObject)(uri, {
|
|
2587
2380
|
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2588
2381
|
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2589
2382
|
"credential_configuration_ids",
|
|
@@ -2602,22 +2395,22 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2602
2395
|
if (credentialOffer?.credential_offer_uri === void 0 && !credentialOffer?.credential_offer) {
|
|
2603
2396
|
throw Error("Either a credential_offer or credential_offer_uri should be present in " + uri);
|
|
2604
2397
|
}
|
|
2605
|
-
const request = await (0,
|
|
2398
|
+
const request = await (0, import_oid4vci_common18.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2606
2399
|
...opts,
|
|
2607
2400
|
version
|
|
2608
2401
|
});
|
|
2609
2402
|
return {
|
|
2610
2403
|
...constructBaseResponse(request, scheme, baseUrl),
|
|
2611
|
-
userPinRequired: !!(request.credential_offer?.grants?.[
|
|
2404
|
+
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common18.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false)
|
|
2612
2405
|
};
|
|
2613
2406
|
}
|
|
2614
2407
|
static toURI(requestWithBaseUrl, opts) {
|
|
2615
|
-
|
|
2408
|
+
logger10.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2616
2409
|
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2617
2410
|
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2618
2411
|
let param;
|
|
2619
2412
|
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2620
|
-
if (version.valueOf() >=
|
|
2413
|
+
if (version.valueOf() >= import_oid4vci_common18.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2621
2414
|
if (!baseUrl.includes("?")) {
|
|
2622
2415
|
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2623
2416
|
} else {
|
|
@@ -2632,14 +2425,14 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2632
2425
|
}
|
|
2633
2426
|
}
|
|
2634
2427
|
}
|
|
2635
|
-
return (0,
|
|
2428
|
+
return (0, import_oid4vci_common18.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2636
2429
|
baseUrl,
|
|
2637
2430
|
arrayTypeProperties: isUri ? [] : [
|
|
2638
2431
|
"credential_type"
|
|
2639
2432
|
],
|
|
2640
2433
|
uriTypeProperties: isUri ? [
|
|
2641
2434
|
"credential_offer_uri"
|
|
2642
|
-
] : version >=
|
|
2435
|
+
] : version >= import_oid4vci_common18.OpenId4VCIVersion.VER_1_0_13 ? [
|
|
2643
2436
|
"credential_issuer",
|
|
2644
2437
|
"credential_type"
|
|
2645
2438
|
] : [
|
|
@@ -2652,101 +2445,11 @@ var CredentialOfferClientV1_0_13 = class {
|
|
|
2652
2445
|
}
|
|
2653
2446
|
};
|
|
2654
2447
|
|
|
2655
|
-
// lib/CredentialOfferClientV1_0_15.ts
|
|
2656
|
-
var import_oid4vci_common20 = require("@sphereon/oid4vci-common");
|
|
2657
|
-
var import_ssi_types14 = require("@sphereon/ssi-types");
|
|
2658
|
-
var logger12 = import_ssi_types14.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
|
|
2659
|
-
var CredentialOfferClientV1_0_15 = class {
|
|
2660
|
-
static {
|
|
2661
|
-
__name(this, "CredentialOfferClientV1_0_15");
|
|
2662
|
-
}
|
|
2663
|
-
static async fromURI(uri, opts) {
|
|
2664
|
-
logger12.debug(`Credential Offer URI: ${uri}`);
|
|
2665
|
-
if (!uri.includes("?") || !uri.includes("://")) {
|
|
2666
|
-
logger12.debug(`Invalid Credential Offer URI: ${uri}`);
|
|
2667
|
-
return Promise.reject(Error(`Invalid Credential Offer Request`));
|
|
2668
|
-
}
|
|
2669
|
-
const scheme = uri.split("://")[0];
|
|
2670
|
-
const baseUrl = uri.split("?")[0];
|
|
2671
|
-
const version = (0, import_oid4vci_common20.determineSpecVersionFromURI)(uri);
|
|
2672
|
-
let credentialOffer;
|
|
2673
|
-
if (uri.includes("credential_offer_uri")) {
|
|
2674
|
-
credentialOffer = await handleCredentialOfferUri(uri);
|
|
2675
|
-
} else {
|
|
2676
|
-
credentialOffer = (0, import_oid4vci_common20.convertURIToJsonObject)(uri, {
|
|
2677
|
-
// It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
|
|
2678
|
-
arrayTypeProperties: uri.includes("credential_offer_uri=") ? [
|
|
2679
|
-
"credential_configuration_ids",
|
|
2680
|
-
"credential_offer_uri="
|
|
2681
|
-
] : [
|
|
2682
|
-
"credential_configuration_ids",
|
|
2683
|
-
"credential_offer="
|
|
2684
|
-
],
|
|
2685
|
-
requiredProperties: uri.includes("credential_offer_uri=") ? [
|
|
2686
|
-
"credential_offer_uri="
|
|
2687
|
-
] : [
|
|
2688
|
-
"credential_offer="
|
|
2689
|
-
]
|
|
2690
|
-
});
|
|
2691
|
-
}
|
|
2692
|
-
if (credentialOffer?.credential_offer_uri === void 0 && !credentialOffer?.credential_offer) {
|
|
2693
|
-
return Promise.reject(Error("Either a credential_offer or credential_offer_uri should be present in " + uri));
|
|
2694
|
-
}
|
|
2695
|
-
const request = await (0, import_oid4vci_common20.toUniformCredentialOfferRequest)(credentialOffer, {
|
|
2696
|
-
...opts,
|
|
2697
|
-
version
|
|
2698
|
-
});
|
|
2699
|
-
return {
|
|
2700
|
-
...constructBaseResponse(request, scheme, baseUrl),
|
|
2701
|
-
userPinRequired: !!(request.credential_offer?.grants?.[import_oid4vci_common20.PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false)
|
|
2702
|
-
};
|
|
2703
|
-
}
|
|
2704
|
-
static toURI(requestWithBaseUrl, opts) {
|
|
2705
|
-
logger12.debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
|
|
2706
|
-
const version = opts?.version ?? requestWithBaseUrl.version;
|
|
2707
|
-
let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme) ? requestWithBaseUrl.baseUrl : `${requestWithBaseUrl.scheme.replace("://", "")}://${requestWithBaseUrl.baseUrl}`;
|
|
2708
|
-
let param;
|
|
2709
|
-
const isUri = requestWithBaseUrl.credential_offer_uri !== void 0;
|
|
2710
|
-
if (version.valueOf() >= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
|
|
2711
|
-
if (!baseUrl.includes("?")) {
|
|
2712
|
-
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2713
|
-
} else {
|
|
2714
|
-
const split = baseUrl.split("?");
|
|
2715
|
-
if (split.length > 1 && split[1] !== "") {
|
|
2716
|
-
if (baseUrl.endsWith("&")) {
|
|
2717
|
-
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2718
|
-
} else if (!baseUrl.endsWith("=")) {
|
|
2719
|
-
baseUrl += `&`;
|
|
2720
|
-
param = isUri ? "credential_offer_uri" : "credential_offer";
|
|
2721
|
-
}
|
|
2722
|
-
}
|
|
2723
|
-
}
|
|
2724
|
-
}
|
|
2725
|
-
return (0, import_oid4vci_common20.convertJsonToURI)(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
|
|
2726
|
-
baseUrl,
|
|
2727
|
-
arrayTypeProperties: isUri ? [] : [
|
|
2728
|
-
"credential_configuration_ids"
|
|
2729
|
-
],
|
|
2730
|
-
uriTypeProperties: isUri ? [
|
|
2731
|
-
"credential_offer_uri"
|
|
2732
|
-
] : version >= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_15 ? [
|
|
2733
|
-
"credential_issuer",
|
|
2734
|
-
"credential_configuration_ids"
|
|
2735
|
-
] : [
|
|
2736
|
-
"issuer",
|
|
2737
|
-
"credential_type"
|
|
2738
|
-
],
|
|
2739
|
-
param,
|
|
2740
|
-
version
|
|
2741
|
-
});
|
|
2742
|
-
}
|
|
2743
|
-
};
|
|
2744
|
-
|
|
2745
2448
|
// lib/CredentialRequestClientV1_0_11.ts
|
|
2746
2449
|
var import_oid4vc_common6 = require("@sphereon/oid4vc-common");
|
|
2747
|
-
var
|
|
2748
|
-
var
|
|
2749
|
-
var
|
|
2450
|
+
var import_oid4vci_common19 = require("@sphereon/oid4vci-common");
|
|
2451
|
+
var import_ssi_types13 = require("@sphereon/ssi-types");
|
|
2452
|
+
var logger11 = import_ssi_types13.Loggers.DEFAULT.get("sphereon:oid4vci:credential");
|
|
2750
2453
|
var CredentialRequestClientV1_0_11 = class {
|
|
2751
2454
|
static {
|
|
2752
2455
|
__name(this, "CredentialRequestClientV1_0_11");
|
|
@@ -2782,24 +2485,20 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2782
2485
|
return await this.acquireCredentialsUsingRequest(request, opts.createDPoPOpts);
|
|
2783
2486
|
}
|
|
2784
2487
|
async acquireCredentialsUsingRequest(uniformRequest, createDPoPOpts) {
|
|
2785
|
-
const
|
|
2786
|
-
if (!uniformRequestV11.format) {
|
|
2787
|
-
return Promise.reject(Error("format is missing from the (legacy v11) credential request"));
|
|
2788
|
-
}
|
|
2789
|
-
const request = (0, import_oid4vci_common21.getCredentialRequestForVersion)(uniformRequest, uniformRequestV11.format, this.version());
|
|
2488
|
+
const request = (0, import_oid4vci_common19.getCredentialRequestForVersion)(uniformRequest, this.version());
|
|
2790
2489
|
const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
|
|
2791
|
-
if (!(0,
|
|
2792
|
-
|
|
2793
|
-
throw new Error(
|
|
2490
|
+
if (!(0, import_oid4vci_common19.isValidURL)(credentialEndpoint)) {
|
|
2491
|
+
logger11.debug(`Invalid credential endpoint: ${credentialEndpoint}`);
|
|
2492
|
+
throw new Error(import_oid4vci_common19.URL_NOT_VALID);
|
|
2794
2493
|
}
|
|
2795
|
-
|
|
2796
|
-
|
|
2494
|
+
logger11.debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
|
|
2495
|
+
logger11.debug(`request
|
|
2797
2496
|
: ${JSON.stringify(request, null, 2)}`);
|
|
2798
2497
|
const requestToken = this.credentialRequestOpts.token;
|
|
2799
2498
|
let dPoP = createDPoPOpts ? await (0, import_oid4vc_common6.createDPoP)((0, import_oid4vc_common6.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2800
2499
|
accessToken: requestToken
|
|
2801
2500
|
})) : void 0;
|
|
2802
|
-
let response = await (0,
|
|
2501
|
+
let response = await (0, import_oid4vci_common19.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2803
2502
|
bearerToken: requestToken,
|
|
2804
2503
|
customHeaders: {
|
|
2805
2504
|
...createDPoPOpts && {
|
|
@@ -2814,7 +2513,7 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2814
2513
|
dPoP = await (0, import_oid4vc_common6.createDPoP)((0, import_oid4vc_common6.getCreateDPoPOptions)(createDPoPOpts, credentialEndpoint, {
|
|
2815
2514
|
accessToken: requestToken
|
|
2816
2515
|
}));
|
|
2817
|
-
response = await (0,
|
|
2516
|
+
response = await (0, import_oid4vci_common19.post)(credentialEndpoint, JSON.stringify(request), {
|
|
2818
2517
|
bearerToken: requestToken,
|
|
2819
2518
|
customHeaders: {
|
|
2820
2519
|
...createDPoPOpts && {
|
|
@@ -2825,14 +2524,14 @@ var CredentialRequestClientV1_0_11 = class {
|
|
|
2825
2524
|
const successDPoPNonce = response.origResponse.headers.get("DPoP-Nonce");
|
|
2826
2525
|
nextDPoPNonce = successDPoPNonce ?? retryWithNonce.dpopNonce;
|
|
2827
2526
|
}
|
|
2828
|
-
this._isDeferred = (0,
|
|
2527
|
+
this._isDeferred = (0, import_oid4vci_common19.isDeferredCredentialResponse)(response);
|
|
2829
2528
|
if (this.isDeferred() && this.credentialRequestOpts.deferredCredentialAwait && response.successBody) {
|
|
2830
2529
|
response = await this.acquireDeferredCredential(response.successBody, {
|
|
2831
2530
|
bearerToken: this.credentialRequestOpts.token
|
|
2832
2531
|
});
|
|
2833
2532
|
}
|
|
2834
2533
|
response.access_token = requestToken;
|
|
2835
|
-
|
|
2534
|
+
logger11.debug(`Credential endpoint ${credentialEndpoint} response:\r
|
|
2836
2535
|
${JSON.stringify(response, null, 2)}`);
|
|
2837
2536
|
return {
|
|
2838
2537
|
...response,
|
|
@@ -2854,7 +2553,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2854
2553
|
} else if (!bearerToken) {
|
|
2855
2554
|
throw Error(`No bearer token present and refresh for defered endpoint not supported yet`);
|
|
2856
2555
|
}
|
|
2857
|
-
return await (0,
|
|
2556
|
+
return await (0, import_oid4vci_common19.acquireDeferredCredential)({
|
|
2858
2557
|
bearerToken,
|
|
2859
2558
|
transactionId,
|
|
2860
2559
|
deferredCredentialEndpoint,
|
|
@@ -2868,7 +2567,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2868
2567
|
if (!formatSelection) {
|
|
2869
2568
|
throw Error(`Format of credential to be issued is missing`);
|
|
2870
2569
|
}
|
|
2871
|
-
const format = (0,
|
|
2570
|
+
const format = (0, import_oid4vci_common19.getUniformFormat)(formatSelection);
|
|
2872
2571
|
const typesSelection = opts?.credentialTypes && (typeof opts.credentialTypes === "string" || opts.credentialTypes.length > 0) ? opts.credentialTypes : this.credentialRequestOpts.credentialTypes;
|
|
2873
2572
|
const types = Array.isArray(typesSelection) ? typesSelection : [
|
|
2874
2573
|
typesSelection
|
|
@@ -2886,7 +2585,7 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2886
2585
|
proof
|
|
2887
2586
|
};
|
|
2888
2587
|
} else if (format === "jwt_vc_json-ld" || format === "ldp_vc") {
|
|
2889
|
-
if (this.version() >=
|
|
2588
|
+
if (this.version() >= import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_12 && !opts.context) {
|
|
2890
2589
|
throw Error("No @context value present, but it is required");
|
|
2891
2590
|
}
|
|
2892
2591
|
return {
|
|
@@ -2924,18 +2623,18 @@ ${JSON.stringify(response, null, 2)}`);
|
|
|
2924
2623
|
throw new Error(`Unsupported format: ${format}`);
|
|
2925
2624
|
}
|
|
2926
2625
|
version() {
|
|
2927
|
-
return this.credentialRequestOpts?.version ??
|
|
2626
|
+
return this.credentialRequestOpts?.version ?? import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_11;
|
|
2928
2627
|
}
|
|
2929
2628
|
isV11OrHigher() {
|
|
2930
|
-
return this.version() >=
|
|
2629
|
+
return this.version() >= import_oid4vci_common19.OpenId4VCIVersion.VER_1_0_11;
|
|
2931
2630
|
}
|
|
2932
2631
|
};
|
|
2933
2632
|
|
|
2934
2633
|
// lib/CredentialRequestClientBuilder.ts
|
|
2935
|
-
var
|
|
2634
|
+
var import_oid4vci_common22 = require("@sphereon/oid4vci-common");
|
|
2936
2635
|
|
|
2937
2636
|
// lib/CredentialRequestClientBuilderV1_0_11.ts
|
|
2938
|
-
var
|
|
2637
|
+
var import_oid4vci_common20 = require("@sphereon/oid4vci-common");
|
|
2939
2638
|
var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilderV1_0_11 {
|
|
2940
2639
|
static {
|
|
2941
2640
|
__name(this, "CredentialRequestClientBuilderV1_0_11");
|
|
@@ -2953,7 +2652,7 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
2953
2652
|
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialTypes }) {
|
|
2954
2653
|
const issuer = credentialIssuer;
|
|
2955
2654
|
const builder = new _CredentialRequestClientBuilderV1_0_11();
|
|
2956
|
-
builder.withVersion(version ??
|
|
2655
|
+
builder.withVersion(version ?? import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11);
|
|
2957
2656
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
2958
2657
|
if (metadata?.deferred_credential_endpoint) {
|
|
2959
2658
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
@@ -2972,18 +2671,18 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
2972
2671
|
}
|
|
2973
2672
|
static fromCredentialOfferRequest(opts) {
|
|
2974
2673
|
const { request, metadata } = opts;
|
|
2975
|
-
const version = opts.version ?? request.version ?? (0,
|
|
2674
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common20.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
2976
2675
|
const builder = new _CredentialRequestClientBuilderV1_0_11();
|
|
2977
|
-
const issuer = (0,
|
|
2676
|
+
const issuer = (0, import_oid4vci_common20.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
2978
2677
|
builder.withVersion(version);
|
|
2979
2678
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
2980
2679
|
if (metadata?.deferred_credential_endpoint) {
|
|
2981
2680
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
2982
2681
|
}
|
|
2983
|
-
if (version <=
|
|
2682
|
+
if (version <= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_08) {
|
|
2984
2683
|
builder.withCredentialType(request.original_credential_offer.credential_type);
|
|
2985
|
-
} else if (version <=
|
|
2986
|
-
builder.withCredentialType((0,
|
|
2684
|
+
} else if (version <= import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11) {
|
|
2685
|
+
builder.withCredentialType((0, import_oid4vci_common20.getTypesFromOfferV1_0_11)(request.credential_offer));
|
|
2987
2686
|
}
|
|
2988
2687
|
return builder;
|
|
2989
2688
|
}
|
|
@@ -3047,14 +2746,14 @@ var CredentialRequestClientBuilderV1_0_11 = class _CredentialRequestClientBuilde
|
|
|
3047
2746
|
}
|
|
3048
2747
|
build() {
|
|
3049
2748
|
if (!this.version) {
|
|
3050
|
-
this.withVersion(
|
|
2749
|
+
this.withVersion(import_oid4vci_common20.OpenId4VCIVersion.VER_1_0_11);
|
|
3051
2750
|
}
|
|
3052
2751
|
return new CredentialRequestClientV1_0_11(this);
|
|
3053
2752
|
}
|
|
3054
2753
|
};
|
|
3055
2754
|
|
|
3056
2755
|
// lib/CredentialRequestClientBuilderV1_0_13.ts
|
|
3057
|
-
var
|
|
2756
|
+
var import_oid4vci_common21 = require("@sphereon/oid4vci-common");
|
|
3058
2757
|
var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilderV1_0_13 {
|
|
3059
2758
|
static {
|
|
3060
2759
|
__name(this, "CredentialRequestClientBuilderV1_0_13");
|
|
@@ -3073,7 +2772,7 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
3073
2772
|
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
3074
2773
|
const issuer = credentialIssuer;
|
|
3075
2774
|
const builder = new _CredentialRequestClientBuilderV1_0_13();
|
|
3076
|
-
builder.withVersion(version ??
|
|
2775
|
+
builder.withVersion(version ?? import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_13);
|
|
3077
2776
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3078
2777
|
if (metadata?.deferred_credential_endpoint) {
|
|
3079
2778
|
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
@@ -3097,12 +2796,12 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
3097
2796
|
}
|
|
3098
2797
|
static fromCredentialOfferRequest(opts) {
|
|
3099
2798
|
const { request, metadata } = opts;
|
|
3100
|
-
const version = opts.version ?? request.version ?? (0,
|
|
3101
|
-
if (version <
|
|
2799
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common21.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
2800
|
+
if (version < import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_13) {
|
|
3102
2801
|
throw new Error("Versions below v1.0.13 (draft 13) are not supported.");
|
|
3103
2802
|
}
|
|
3104
2803
|
const builder = new _CredentialRequestClientBuilderV1_0_13();
|
|
3105
|
-
const issuer = (0,
|
|
2804
|
+
const issuer = (0, import_oid4vci_common21.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
3106
2805
|
builder.withVersion(version);
|
|
3107
2806
|
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3108
2807
|
if (metadata?.deferred_credential_endpoint) {
|
|
@@ -3179,891 +2878,168 @@ var CredentialRequestClientBuilderV1_0_13 = class _CredentialRequestClientBuilde
|
|
|
3179
2878
|
}
|
|
3180
2879
|
build() {
|
|
3181
2880
|
if (!this.version) {
|
|
3182
|
-
this.withVersion(
|
|
2881
|
+
this.withVersion(import_oid4vci_common21.OpenId4VCIVersion.VER_1_0_11);
|
|
3183
2882
|
}
|
|
3184
2883
|
return new CredentialRequestClient(this);
|
|
3185
2884
|
}
|
|
3186
2885
|
};
|
|
3187
2886
|
|
|
3188
|
-
// lib/
|
|
3189
|
-
|
|
3190
|
-
|
|
2887
|
+
// lib/CredentialRequestClientBuilder.ts
|
|
2888
|
+
function isV1_0_13(builder) {
|
|
2889
|
+
return builder.withCredentialIdentifier !== void 0;
|
|
2890
|
+
}
|
|
2891
|
+
__name(isV1_0_13, "isV1_0_13");
|
|
2892
|
+
var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
3191
2893
|
static {
|
|
3192
|
-
__name(this, "
|
|
2894
|
+
__name(this, "CredentialRequestClientBuilder");
|
|
3193
2895
|
}
|
|
3194
|
-
|
|
3195
|
-
|
|
3196
|
-
|
|
3197
|
-
|
|
3198
|
-
|
|
3199
|
-
|
|
3200
|
-
|
|
3201
|
-
|
|
3202
|
-
|
|
3203
|
-
|
|
3204
|
-
|
|
3205
|
-
|
|
3206
|
-
|
|
3207
|
-
|
|
3208
|
-
|
|
3209
|
-
|
|
3210
|
-
|
|
3211
|
-
|
|
3212
|
-
|
|
3213
|
-
builder.
|
|
3214
|
-
|
|
3215
|
-
|
|
3216
|
-
|
|
3217
|
-
|
|
3218
|
-
|
|
3219
|
-
builder.withCredentialIdentifier(credentialIdentifier);
|
|
3220
|
-
}
|
|
3221
|
-
if (credentialConfigurationId) {
|
|
3222
|
-
builder.withCredentialConfigurationId(credentialConfigurationId);
|
|
3223
|
-
}
|
|
3224
|
-
if (credentialTypes) {
|
|
3225
|
-
builder.withCredentialType(credentialTypes);
|
|
2896
|
+
_builder;
|
|
2897
|
+
constructor(builder) {
|
|
2898
|
+
this._builder = builder;
|
|
2899
|
+
}
|
|
2900
|
+
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
2901
|
+
const specVersion = version ?? import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13;
|
|
2902
|
+
let builder;
|
|
2903
|
+
if (specVersion >= import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2904
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialIssuer({
|
|
2905
|
+
credentialIssuer,
|
|
2906
|
+
metadata,
|
|
2907
|
+
version,
|
|
2908
|
+
credentialIdentifier,
|
|
2909
|
+
credentialTypes
|
|
2910
|
+
});
|
|
2911
|
+
} else {
|
|
2912
|
+
if (!credentialTypes || credentialTypes.length === 0) {
|
|
2913
|
+
throw new Error("CredentialTypes must be provided for v1_0_11");
|
|
2914
|
+
}
|
|
2915
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialIssuer({
|
|
2916
|
+
credentialIssuer,
|
|
2917
|
+
metadata,
|
|
2918
|
+
version,
|
|
2919
|
+
credentialTypes
|
|
2920
|
+
});
|
|
3226
2921
|
}
|
|
3227
|
-
return builder;
|
|
2922
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3228
2923
|
}
|
|
3229
2924
|
static async fromURI({ uri, metadata }) {
|
|
3230
2925
|
const offer = await CredentialOfferClient.fromURI(uri);
|
|
3231
|
-
return
|
|
2926
|
+
return _CredentialRequestClientBuilder.fromCredentialOfferRequest({
|
|
3232
2927
|
request: offer,
|
|
3233
|
-
...offer,
|
|
3234
|
-
metadata,
|
|
3235
|
-
version: offer.version
|
|
3236
|
-
});
|
|
3237
|
-
}
|
|
3238
|
-
static fromCredentialOfferRequest(opts) {
|
|
3239
|
-
const { request, metadata } = opts;
|
|
3240
|
-
const version = opts.version ?? request.version ?? (0, import_oid4vci_common24.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
3241
|
-
if (version < import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_15) {
|
|
3242
|
-
throw new Error("Versions below v1.0.15 (draft 15) are not supported.");
|
|
3243
|
-
}
|
|
3244
|
-
const builder = new _CredentialRequestClientBuilderV1_0_15();
|
|
3245
|
-
const issuer = (0, import_oid4vci_common24.getIssuerFromCredentialOfferPayload)(request.credential_offer) ?? metadata?.issuer;
|
|
3246
|
-
builder.withVersion(version);
|
|
3247
|
-
builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith("/") ? `${issuer}credential` : `${issuer}/credential`));
|
|
3248
|
-
if (metadata?.deferred_credential_endpoint) {
|
|
3249
|
-
builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
|
|
3250
|
-
}
|
|
3251
|
-
if (metadata?.credentialIssuerMetadata?.nonce_endpoint) {
|
|
3252
|
-
builder.withNonceEndpoint(metadata.credentialIssuerMetadata.nonce_endpoint);
|
|
3253
|
-
}
|
|
3254
|
-
const ids = request.credential_offer.credential_configuration_ids;
|
|
3255
|
-
if (ids.length && ids.length === 1) {
|
|
3256
|
-
builder.withCredentialConfigurationId(ids[0]);
|
|
3257
|
-
}
|
|
3258
|
-
return builder;
|
|
3259
|
-
}
|
|
3260
|
-
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
3261
|
-
const builder = _CredentialRequestClientBuilderV1_0_15.fromCredentialOfferRequest({
|
|
3262
|
-
request: credentialOffer,
|
|
3263
|
-
metadata,
|
|
3264
|
-
version: credentialOffer.version
|
|
3265
|
-
});
|
|
3266
|
-
return builder;
|
|
3267
|
-
}
|
|
3268
|
-
withCredentialEndpointFromMetadata(metadata) {
|
|
3269
|
-
this.credentialEndpoint = metadata.credential_endpoint;
|
|
3270
|
-
return this;
|
|
3271
|
-
}
|
|
3272
|
-
withCredentialEndpoint(credentialEndpoint) {
|
|
3273
|
-
this.credentialEndpoint = credentialEndpoint;
|
|
3274
|
-
return this;
|
|
3275
|
-
}
|
|
3276
|
-
withIssuerState(issuerState) {
|
|
3277
|
-
this.issuerState = issuerState;
|
|
3278
|
-
return this;
|
|
3279
|
-
}
|
|
3280
|
-
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
3281
|
-
this.deferredCredentialEndpoint = metadata.deferred_credential_endpoint;
|
|
3282
|
-
return this;
|
|
3283
|
-
}
|
|
3284
|
-
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
3285
|
-
this.deferredCredentialEndpoint = deferredCredentialEndpoint;
|
|
3286
|
-
return this;
|
|
3287
|
-
}
|
|
3288
|
-
// New in v15: Support for nonce endpoint
|
|
3289
|
-
withNonceEndpointFromMetadata(metadata) {
|
|
3290
|
-
this.nonceEndpoint = metadata.nonce_endpoint;
|
|
3291
|
-
return this;
|
|
3292
|
-
}
|
|
3293
|
-
withNonceEndpoint(nonceEndpoint) {
|
|
3294
|
-
this.nonceEndpoint = nonceEndpoint;
|
|
3295
|
-
return this;
|
|
3296
|
-
}
|
|
3297
|
-
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
3298
|
-
this.deferredCredentialAwait = deferredCredentialAwait;
|
|
3299
|
-
this.deferredCredentialIntervalInMS = deferredCredentialIntervalInMS ?? 5e3;
|
|
3300
|
-
return this;
|
|
3301
|
-
}
|
|
3302
|
-
// New in v15: Support for credential_identifier (used when authorization_details with credential_identifiers was used)
|
|
3303
|
-
withCredentialIdentifier(credentialIdentifier) {
|
|
3304
|
-
this.credentialIdentifier = credentialIdentifier;
|
|
3305
|
-
return this;
|
|
3306
|
-
}
|
|
3307
|
-
// New in v15: Support for credential_configuration_id (used when scope was used and no credential_identifiers returned)
|
|
3308
|
-
withCredentialConfigurationId(credentialConfigurationId) {
|
|
3309
|
-
this.credentialConfigurationId = credentialConfigurationId;
|
|
3310
|
-
return this;
|
|
3311
|
-
}
|
|
3312
|
-
// Legacy support for credential types (may be used internally to map to configuration IDs)
|
|
3313
|
-
withCredentialType(credentialTypes) {
|
|
3314
|
-
this.credentialTypes = Array.isArray(credentialTypes) ? credentialTypes : [
|
|
3315
|
-
credentialTypes
|
|
3316
|
-
];
|
|
3317
|
-
return this;
|
|
3318
|
-
}
|
|
3319
|
-
// Note: withFormat() method removed in v15 - format is no longer part of credential requests
|
|
3320
|
-
withSubjectIssuance(subjectIssuance) {
|
|
3321
|
-
this.subjectIssuance = subjectIssuance;
|
|
3322
|
-
return this;
|
|
3323
|
-
}
|
|
3324
|
-
withToken(accessToken) {
|
|
3325
|
-
this.token = accessToken;
|
|
3326
|
-
return this;
|
|
3327
|
-
}
|
|
3328
|
-
withTokenFromResponse(response) {
|
|
3329
|
-
this.token = response.access_token;
|
|
3330
|
-
return this;
|
|
3331
|
-
}
|
|
3332
|
-
withVersion(version) {
|
|
3333
|
-
this.version = version;
|
|
3334
|
-
return this;
|
|
3335
|
-
}
|
|
3336
|
-
build() {
|
|
3337
|
-
if (!this.version) {
|
|
3338
|
-
this.withVersion(import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_15);
|
|
3339
|
-
}
|
|
3340
|
-
return new CredentialRequestClient(this);
|
|
3341
|
-
}
|
|
3342
|
-
};
|
|
3343
|
-
|
|
3344
|
-
// lib/CredentialRequestClientBuilder.ts
|
|
3345
|
-
function isV1_0_13(builder) {
|
|
3346
|
-
return builder.withCredentialIdentifier !== void 0;
|
|
3347
|
-
}
|
|
3348
|
-
__name(isV1_0_13, "isV1_0_13");
|
|
3349
|
-
function isV1_0_15(builder) {
|
|
3350
|
-
return builder.withCredentialIdentifier !== void 0;
|
|
3351
|
-
}
|
|
3352
|
-
__name(isV1_0_15, "isV1_0_15");
|
|
3353
|
-
var CredentialRequestClientBuilder = class _CredentialRequestClientBuilder {
|
|
3354
|
-
static {
|
|
3355
|
-
__name(this, "CredentialRequestClientBuilder");
|
|
3356
|
-
}
|
|
3357
|
-
_builder;
|
|
3358
|
-
constructor(builder) {
|
|
3359
|
-
this._builder = builder;
|
|
3360
|
-
}
|
|
3361
|
-
static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes }) {
|
|
3362
|
-
const specVersion = version ?? import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_15;
|
|
3363
|
-
let builder;
|
|
3364
|
-
const metadataV15 = metadata;
|
|
3365
|
-
if (specVersion >= import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_15) {
|
|
3366
|
-
builder = CredentialRequestClientBuilderV1_0_15.fromCredentialIssuer({
|
|
3367
|
-
credentialIssuer,
|
|
3368
|
-
metadata: metadataV15,
|
|
3369
|
-
version,
|
|
3370
|
-
credentialIdentifier,
|
|
3371
|
-
credentialTypes
|
|
3372
|
-
});
|
|
3373
|
-
} else if (specVersion >= import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3374
|
-
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialIssuer({
|
|
3375
|
-
credentialIssuer,
|
|
3376
|
-
metadata,
|
|
3377
|
-
version,
|
|
3378
|
-
credentialIdentifier,
|
|
3379
|
-
credentialTypes
|
|
3380
|
-
});
|
|
3381
|
-
} else {
|
|
3382
|
-
if (!credentialTypes || credentialTypes.length === 0) {
|
|
3383
|
-
throw new Error("CredentialTypes must be provided for v1_0_11");
|
|
3384
|
-
}
|
|
3385
|
-
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialIssuer({
|
|
3386
|
-
credentialIssuer,
|
|
3387
|
-
metadata,
|
|
3388
|
-
version,
|
|
3389
|
-
credentialTypes
|
|
3390
|
-
});
|
|
3391
|
-
}
|
|
3392
|
-
return new _CredentialRequestClientBuilder(builder);
|
|
3393
|
-
}
|
|
3394
|
-
static async fromURI({ uri, metadata }) {
|
|
3395
|
-
const offer = await CredentialOfferClient.fromURI(uri);
|
|
3396
|
-
return _CredentialRequestClientBuilder.fromCredentialOfferRequest({
|
|
3397
|
-
request: offer,
|
|
3398
|
-
...offer,
|
|
3399
|
-
metadata,
|
|
3400
|
-
version: offer.version
|
|
3401
|
-
});
|
|
3402
|
-
}
|
|
3403
|
-
static fromCredentialOfferRequest(opts) {
|
|
3404
|
-
const { request } = opts;
|
|
3405
|
-
const version = opts.version ?? request.version ?? (0, import_oid4vci_common25.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
3406
|
-
let builder;
|
|
3407
|
-
if (version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3408
|
-
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest(opts);
|
|
3409
|
-
} else {
|
|
3410
|
-
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOfferRequest(opts);
|
|
3411
|
-
}
|
|
3412
|
-
return new _CredentialRequestClientBuilder(builder);
|
|
3413
|
-
}
|
|
3414
|
-
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
3415
|
-
const version = (0, import_oid4vci_common25.determineSpecVersionFromOffer)(credentialOffer.credential_offer);
|
|
3416
|
-
let builder;
|
|
3417
|
-
if (version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3418
|
-
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
3419
|
-
credentialOffer,
|
|
3420
|
-
metadata
|
|
3421
|
-
});
|
|
3422
|
-
} else {
|
|
3423
|
-
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
3424
|
-
credentialOffer,
|
|
3425
|
-
metadata
|
|
3426
|
-
});
|
|
3427
|
-
}
|
|
3428
|
-
return new _CredentialRequestClientBuilder(builder);
|
|
3429
|
-
}
|
|
3430
|
-
getVersion() {
|
|
3431
|
-
return this._builder.version;
|
|
3432
|
-
}
|
|
3433
|
-
withCredentialEndpointFromMetadata(metadata) {
|
|
3434
|
-
if (isV1_0_15(this._builder)) {
|
|
3435
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3436
|
-
} else if (isV1_0_13(this._builder)) {
|
|
3437
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3438
|
-
} else {
|
|
3439
|
-
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
3440
|
-
}
|
|
3441
|
-
return this;
|
|
3442
|
-
}
|
|
3443
|
-
withCredentialEndpoint(credentialEndpoint) {
|
|
3444
|
-
this._builder.withCredentialEndpoint(credentialEndpoint);
|
|
3445
|
-
return this;
|
|
3446
|
-
}
|
|
3447
|
-
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
3448
|
-
if (isV1_0_15(this._builder)) {
|
|
3449
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3450
|
-
} else if (isV1_0_13(this._builder)) {
|
|
3451
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3452
|
-
} else {
|
|
3453
|
-
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
3454
|
-
}
|
|
3455
|
-
return this;
|
|
3456
|
-
}
|
|
3457
|
-
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
3458
|
-
this._builder.withDeferredCredentialEndpoint(deferredCredentialEndpoint);
|
|
3459
|
-
return this;
|
|
3460
|
-
}
|
|
3461
|
-
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
3462
|
-
this._builder.withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS);
|
|
3463
|
-
return this;
|
|
3464
|
-
}
|
|
3465
|
-
withCredentialIdentifier(credentialIdentifier) {
|
|
3466
|
-
if (this._builder.version === void 0 || this._builder.version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
3467
|
-
throw new Error("Version of spec should be equal or higher than v1_0_13");
|
|
3468
|
-
}
|
|
3469
|
-
;
|
|
3470
|
-
this._builder.withCredentialIdentifier(credentialIdentifier);
|
|
3471
|
-
return this;
|
|
3472
|
-
}
|
|
3473
|
-
withIssuerState(issuerState) {
|
|
3474
|
-
this._builder.withIssuerState(issuerState);
|
|
3475
|
-
return this;
|
|
3476
|
-
}
|
|
3477
|
-
withCredentialType(credentialTypes) {
|
|
3478
|
-
this._builder.withCredentialType(credentialTypes);
|
|
3479
|
-
return this;
|
|
3480
|
-
}
|
|
3481
|
-
withFormat(format) {
|
|
3482
|
-
if ("withFormat" in this._builder) {
|
|
3483
|
-
this._builder.withFormat(format);
|
|
3484
|
-
}
|
|
3485
|
-
return this;
|
|
3486
|
-
}
|
|
3487
|
-
withSubjectIssuance(subjectIssuance) {
|
|
3488
|
-
this._builder.withSubjectIssuance(subjectIssuance);
|
|
3489
|
-
return this;
|
|
3490
|
-
}
|
|
3491
|
-
withToken(accessToken) {
|
|
3492
|
-
this._builder.withToken(accessToken);
|
|
3493
|
-
return this;
|
|
3494
|
-
}
|
|
3495
|
-
withTokenFromResponse(response) {
|
|
3496
|
-
this._builder.withTokenFromResponse(response);
|
|
3497
|
-
return this;
|
|
3498
|
-
}
|
|
3499
|
-
withVersion(version) {
|
|
3500
|
-
this._builder.withVersion(version);
|
|
3501
|
-
return this;
|
|
3502
|
-
}
|
|
3503
|
-
build() {
|
|
3504
|
-
return this._builder.build();
|
|
3505
|
-
}
|
|
3506
|
-
};
|
|
3507
|
-
|
|
3508
|
-
// lib/OpenID4VCIClient.ts
|
|
3509
|
-
var import_oid4vci_common28 = require("@sphereon/oid4vci-common");
|
|
3510
|
-
var import_ssi_types17 = require("@sphereon/ssi-types");
|
|
3511
|
-
|
|
3512
|
-
// lib/OpenID4VCIClientV1_0_15.ts
|
|
3513
|
-
var import_oid4vci_common27 = require("@sphereon/oid4vci-common");
|
|
3514
|
-
var import_ssi_types16 = require("@sphereon/ssi-types");
|
|
3515
|
-
|
|
3516
|
-
// lib/NonceClient.ts
|
|
3517
|
-
var import_oid4vci_common26 = require("@sphereon/oid4vci-common");
|
|
3518
|
-
var sendNonceRequest = /* @__PURE__ */ __name(async (nonceEndpointUrl, opts) => {
|
|
3519
|
-
return await (0, import_oid4vci_common26.formPost)(nonceEndpointUrl, new URLSearchParams(), {
|
|
3520
|
-
customHeaders: opts?.headers ? opts.headers : void 0
|
|
3521
|
-
});
|
|
3522
|
-
}, "sendNonceRequest");
|
|
3523
|
-
var acquireNonceFromAuthorizationServer = /* @__PURE__ */ __name(async (opts) => {
|
|
3524
|
-
const metadata = opts?.metadata ? opts.metadata : opts?.issuerOpts?.fetchMetadata ? await MetadataClient.retrieveAllMetadata(opts.issuerOpts.issuer, {
|
|
3525
|
-
errorOnNotFound: false
|
|
3526
|
-
}) : void 0;
|
|
3527
|
-
const nonceEndpointUrl = metadata?.nonce_endpoint;
|
|
3528
|
-
if (!nonceEndpointUrl) {
|
|
3529
|
-
return Promise.reject(Error("Cannot determine nonce endpoint URL"));
|
|
3530
|
-
}
|
|
3531
|
-
return await sendNonceRequest(nonceEndpointUrl, {
|
|
3532
|
-
headers: opts?.headers
|
|
3533
|
-
});
|
|
3534
|
-
}, "acquireNonceFromAuthorizationServer");
|
|
3535
|
-
|
|
3536
|
-
// lib/OpenID4VCIClientV1_0_15.ts
|
|
3537
|
-
var logger14 = import_ssi_types16.Loggers.DEFAULT.get("sphereon:oid4vci:v15");
|
|
3538
|
-
var OpenID4VCIClientV1_0_15 = class _OpenID4VCIClientV1_0_15 {
|
|
3539
|
-
static {
|
|
3540
|
-
__name(this, "OpenID4VCIClientV1_0_15");
|
|
3541
|
-
}
|
|
3542
|
-
_state;
|
|
3543
|
-
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL, keyAttestation }) {
|
|
3544
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common27.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
3545
|
-
if (!issuer) {
|
|
3546
|
-
throw Error("No credential issuer supplied or deduced from offer");
|
|
3547
|
-
}
|
|
3548
|
-
this._state = {
|
|
3549
|
-
credentialOffer,
|
|
3550
|
-
credentialIssuer: issuer,
|
|
3551
|
-
kid,
|
|
3552
|
-
alg,
|
|
3553
|
-
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common27.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
3554
|
-
pkce: {
|
|
3555
|
-
disabled: false,
|
|
3556
|
-
codeChallengeMethod: import_oid4vci_common27.CodeChallengeMethod.S256,
|
|
3557
|
-
...pkce
|
|
3558
|
-
},
|
|
3559
|
-
authorizationRequestOpts,
|
|
3560
|
-
authorizationCodeResponse,
|
|
3561
|
-
jwk,
|
|
3562
|
-
endpointMetadata,
|
|
3563
|
-
accessTokenResponse,
|
|
3564
|
-
authorizationURL,
|
|
3565
|
-
keyAttestation
|
|
3566
|
-
};
|
|
3567
|
-
if (!this._state.authorizationRequestOpts) {
|
|
3568
|
-
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
3569
|
-
}
|
|
3570
|
-
logger14.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
3571
|
-
}
|
|
3572
|
-
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, keyAttestation }) {
|
|
3573
|
-
const client = new _OpenID4VCIClientV1_0_15({
|
|
3574
|
-
kid,
|
|
3575
|
-
alg,
|
|
3576
|
-
clientId: clientId ?? authorizationRequest?.clientId,
|
|
3577
|
-
credentialIssuer,
|
|
3578
|
-
pkce,
|
|
3579
|
-
authorizationRequest,
|
|
3580
|
-
keyAttestation
|
|
3581
|
-
});
|
|
3582
|
-
if (retrieveServerMetadata !== false) {
|
|
3583
|
-
await client.retrieveServerMetadata();
|
|
3584
|
-
}
|
|
3585
|
-
if (createAuthorizationRequestURL !== false) {
|
|
3586
|
-
await client.createAuthorizationRequestUrl({
|
|
3587
|
-
authorizationRequest,
|
|
3588
|
-
pkce
|
|
3589
|
-
});
|
|
3590
|
-
}
|
|
3591
|
-
return client;
|
|
3592
|
-
}
|
|
3593
|
-
static async fromState({ state }) {
|
|
3594
|
-
const clientState = typeof state === "string" ? JSON.parse(state) : state;
|
|
3595
|
-
return new _OpenID4VCIClientV1_0_15(clientState);
|
|
3596
|
-
}
|
|
3597
|
-
static async fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, keyAttestation }) {
|
|
3598
|
-
const credentialOfferClient = await CredentialOfferClientV1_0_15.fromURI(uri, {
|
|
3599
|
-
resolve: resolveOfferUri
|
|
3600
|
-
});
|
|
3601
|
-
const client = new _OpenID4VCIClientV1_0_15({
|
|
3602
|
-
credentialOffer: credentialOfferClient,
|
|
3603
|
-
kid,
|
|
3604
|
-
alg,
|
|
3605
|
-
clientId: clientId ?? authorizationRequest?.clientId ?? credentialOfferClient.clientId,
|
|
3606
|
-
pkce,
|
|
3607
|
-
authorizationRequest,
|
|
3608
|
-
keyAttestation
|
|
3609
|
-
});
|
|
3610
|
-
if (retrieveServerMetadata !== false) {
|
|
3611
|
-
await client.retrieveServerMetadata();
|
|
3612
|
-
}
|
|
3613
|
-
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && createAuthorizationRequestURL !== false) {
|
|
3614
|
-
await client.createAuthorizationRequestUrl({
|
|
3615
|
-
authorizationRequest,
|
|
3616
|
-
pkce
|
|
3617
|
-
});
|
|
3618
|
-
logger14.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
3619
|
-
}
|
|
3620
|
-
return client;
|
|
3621
|
-
}
|
|
3622
|
-
async createAuthorizationRequestUrl(opts) {
|
|
3623
|
-
if (!this._state.authorizationURL) {
|
|
3624
|
-
this.calculatePKCEOpts(opts?.pkce);
|
|
3625
|
-
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(opts?.authorizationRequest);
|
|
3626
|
-
if (!this._state.authorizationRequestOpts) {
|
|
3627
|
-
throw Error(`No Authorization Request options present or provided in this call`);
|
|
3628
|
-
}
|
|
3629
|
-
if (this._state.endpointMetadata?.credentialIssuerMetadata && "authorization_endpoint" in this._state.endpointMetadata.credentialIssuerMetadata) {
|
|
3630
|
-
this._state.endpointMetadata.authorization_endpoint = this._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint;
|
|
3631
|
-
}
|
|
3632
|
-
this._state.authorizationURL = await createAuthorizationRequestUrl({
|
|
3633
|
-
pkce: this._state.pkce,
|
|
3634
|
-
endpointMetadata: this.endpointMetadata,
|
|
3635
|
-
authorizationRequest: this._state.authorizationRequestOpts,
|
|
3636
|
-
credentialOffer: this.credentialOffer,
|
|
3637
|
-
credentialConfigurationSupported: this.getCredentialsSupported(false)
|
|
3638
|
-
});
|
|
3639
|
-
}
|
|
3640
|
-
return this._state.authorizationURL;
|
|
3641
|
-
}
|
|
3642
|
-
async retrieveServerMetadata() {
|
|
3643
|
-
this.assertIssuerData();
|
|
3644
|
-
if (!this._state.endpointMetadata) {
|
|
3645
|
-
if (this.credentialOffer) {
|
|
3646
|
-
this._state.endpointMetadata = await MetadataClientV1_0_15.retrieveAllMetadataFromCredentialOffer(this.credentialOffer);
|
|
3647
|
-
} else if (this._state.credentialIssuer) {
|
|
3648
|
-
this._state.endpointMetadata = await MetadataClientV1_0_15.retrieveAllMetadata(this._state.credentialIssuer);
|
|
3649
|
-
} else {
|
|
3650
|
-
throw Error(`Cannot retrieve issuer metadata without either a credential offer, or issuer value`);
|
|
3651
|
-
}
|
|
3652
|
-
}
|
|
3653
|
-
return this.endpointMetadata;
|
|
3654
|
-
}
|
|
3655
|
-
async acquireNonce() {
|
|
3656
|
-
const response = await acquireNonceFromAuthorizationServer({
|
|
3657
|
-
metadata: this.endpointMetadata,
|
|
3658
|
-
issuerOpts: {
|
|
3659
|
-
issuer: this.getIssuer(),
|
|
3660
|
-
fetchMetadata: false
|
|
3661
|
-
}
|
|
3662
|
-
});
|
|
3663
|
-
if (response.errorBody) {
|
|
3664
|
-
logger14.debug(`Nonce request error:\r
|
|
3665
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3666
|
-
return Promise.reject(Error(`Retrieving a nonce from ${this._state.endpointMetadata?.credentialIssuerMetadata?.nonce_endpoint} for issuer ${this.getIssuer()} failed with error: ${response.errorBody.error}${response.errorBody.error_description ? ` - ${response.errorBody.error_description}` : ""}`));
|
|
3667
|
-
} else if (!response.successBody) {
|
|
3668
|
-
logger14.debug(`Nonce request error. No success body`);
|
|
3669
|
-
return Promise.reject(Error(`Retrieving a nonce from ${this._state.endpointMetadata?.credentialIssuerMetadata?.nonce_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3670
|
-
}
|
|
3671
|
-
this._state.cachedCNonce = response.successBody.c_nonce;
|
|
3672
|
-
return response.successBody.c_nonce;
|
|
3673
|
-
}
|
|
3674
|
-
calculatePKCEOpts(pkce) {
|
|
3675
|
-
this._state.pkce = generateMissingPKCEOpts({
|
|
3676
|
-
...this._state.pkce,
|
|
3677
|
-
...pkce
|
|
3678
|
-
});
|
|
3679
|
-
}
|
|
3680
|
-
async acquireAuthorizationChallengeCode(opts) {
|
|
3681
|
-
const response = await acquireAuthorizationChallengeAuthCode({
|
|
3682
|
-
metadata: this.endpointMetadata,
|
|
3683
|
-
credentialIssuer: this.getIssuer(),
|
|
3684
|
-
clientId: this._state.clientId ?? this._state.authorizationRequestOpts?.clientId,
|
|
3685
|
-
...opts
|
|
3686
|
-
});
|
|
3687
|
-
if (response.errorBody) {
|
|
3688
|
-
logger14.debug(`Authorization code error:\r
|
|
3689
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3690
|
-
const error = response.errorBody;
|
|
3691
|
-
return Promise.reject(error);
|
|
3692
|
-
} else if (!response.successBody) {
|
|
3693
|
-
logger14.debug(`Authorization code error. No success body`);
|
|
3694
|
-
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
3695
|
-
}
|
|
3696
|
-
return {
|
|
3697
|
-
...response.successBody
|
|
3698
|
-
};
|
|
3699
|
-
}
|
|
3700
|
-
async acquireAccessToken(opts) {
|
|
3701
|
-
const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
|
|
3702
|
-
let { redirectUri } = opts ?? {};
|
|
3703
|
-
const code = this.getAuthorizationCode(opts?.authorizationResponse, opts?.code);
|
|
3704
|
-
if (opts?.codeVerifier) {
|
|
3705
|
-
this._state.pkce.codeVerifier = opts.codeVerifier;
|
|
3706
|
-
}
|
|
3707
|
-
this.assertIssuerData();
|
|
3708
|
-
const asOpts = {
|
|
3709
|
-
...opts?.asOpts
|
|
3710
|
-
};
|
|
3711
|
-
const kid = asOpts.clientOpts?.kid ?? this._state.kid ?? this._state.authorizationRequestOpts?.requestObjectOpts?.kid;
|
|
3712
|
-
const clientAssertionType = asOpts.clientOpts?.clientAssertionType ?? (kid && clientId && typeof asOpts.clientOpts?.signCallbacks?.signCallback === "function" ? "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" : void 0);
|
|
3713
|
-
if (this.isEBSI() || clientId && kid) {
|
|
3714
|
-
if (!clientId) {
|
|
3715
|
-
throw Error(`Client id expected for EBSI`);
|
|
3716
|
-
}
|
|
3717
|
-
asOpts.clientOpts = {
|
|
3718
|
-
...asOpts.clientOpts,
|
|
3719
|
-
clientId,
|
|
3720
|
-
...kid && {
|
|
3721
|
-
kid
|
|
3722
|
-
},
|
|
3723
|
-
...clientAssertionType && {
|
|
3724
|
-
clientAssertionType
|
|
3725
|
-
},
|
|
3726
|
-
signCallbacks: asOpts.clientOpts?.signCallbacks ?? this._state.authorizationRequestOpts?.requestObjectOpts?.signCallbacks
|
|
3727
|
-
};
|
|
3728
|
-
}
|
|
3729
|
-
if (clientId) {
|
|
3730
|
-
this._state.clientId = clientId;
|
|
3731
|
-
if (!asOpts.clientOpts) {
|
|
3732
|
-
asOpts.clientOpts = {
|
|
3733
|
-
clientId
|
|
3734
|
-
};
|
|
3735
|
-
}
|
|
3736
|
-
asOpts.clientOpts.clientId = clientId;
|
|
3737
|
-
}
|
|
3738
|
-
if (!this._state.accessTokenResponse) {
|
|
3739
|
-
const accessTokenClient = new AccessTokenClient();
|
|
3740
|
-
if (redirectUri && redirectUri !== this._state.authorizationRequestOpts?.redirectUri) {
|
|
3741
|
-
console.log(`Redirect URI mismatch between access-token (${redirectUri}) and authorization request (${this._state.authorizationRequestOpts?.redirectUri}). According to the specification that is not allowed.`);
|
|
3742
|
-
}
|
|
3743
|
-
if (this._state.authorizationRequestOpts?.redirectUri && !redirectUri) {
|
|
3744
|
-
redirectUri = this._state.authorizationRequestOpts.redirectUri;
|
|
3745
|
-
}
|
|
3746
|
-
const response = await accessTokenClient.acquireAccessToken({
|
|
3747
|
-
credentialOffer: this.credentialOffer,
|
|
3748
|
-
metadata: this.endpointMetadata,
|
|
3749
|
-
credentialIssuer: this.getIssuer(),
|
|
3750
|
-
pin,
|
|
3751
|
-
...!this._state.pkce.disabled && {
|
|
3752
|
-
codeVerifier: this._state.pkce.codeVerifier
|
|
3753
|
-
},
|
|
3754
|
-
code,
|
|
3755
|
-
redirectUri,
|
|
3756
|
-
asOpts,
|
|
3757
|
-
...opts?.createDPoPOpts && {
|
|
3758
|
-
createDPoPOpts: opts.createDPoPOpts
|
|
3759
|
-
},
|
|
3760
|
-
...opts?.additionalRequestParams && {
|
|
3761
|
-
additionalParams: opts.additionalRequestParams
|
|
3762
|
-
}
|
|
3763
|
-
});
|
|
3764
|
-
if (response.errorBody) {
|
|
3765
|
-
logger14.debug(`Access token error:\r
|
|
3766
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3767
|
-
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3768
|
-
} else if (!response.successBody) {
|
|
3769
|
-
logger14.debug(`Access token error. No success body`);
|
|
3770
|
-
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3771
|
-
}
|
|
3772
|
-
this._state.accessTokenResponse = response.successBody;
|
|
3773
|
-
this._state.dpopResponseParams = response.params;
|
|
3774
|
-
this._state.accessToken = response.successBody.access_token;
|
|
3775
|
-
}
|
|
3776
|
-
return {
|
|
3777
|
-
...this.accessTokenResponse,
|
|
3778
|
-
...this.dpopResponseParams && {
|
|
3779
|
-
params: this.dpopResponseParams
|
|
3780
|
-
}
|
|
3781
|
-
};
|
|
3782
|
-
}
|
|
3783
|
-
async acquireCredentials({ credentialIdentifier, credentialConfigurationId, credentialTypes, context, proofCallbacks, format, kid, jwk, alg, jti, deferredCredentialAwait, deferredCredentialIntervalInMS, createDPoPOpts }) {
|
|
3784
|
-
if ([
|
|
3785
|
-
jwk,
|
|
3786
|
-
kid
|
|
3787
|
-
].filter((v) => v !== void 0).length > 1) {
|
|
3788
|
-
throw new Error(import_oid4vci_common27.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
3789
|
-
}
|
|
3790
|
-
if (alg) this._state.alg = alg;
|
|
3791
|
-
if (jwk) this._state.jwk = jwk;
|
|
3792
|
-
if (kid) this._state.kid = kid;
|
|
3793
|
-
const requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_15.fromCredentialOffer({
|
|
3794
|
-
credentialOffer: this.credentialOffer,
|
|
3795
|
-
metadata: this.endpointMetadata
|
|
3796
|
-
}) : CredentialRequestClientBuilderV1_0_15.fromCredentialIssuer({
|
|
3797
|
-
credentialIssuer: this.getIssuer(),
|
|
3798
|
-
credentialTypes,
|
|
3799
|
-
credentialIdentifier,
|
|
3800
|
-
credentialConfigurationId,
|
|
3801
|
-
metadata: this.endpointMetadata,
|
|
3802
|
-
version: this.version()
|
|
3803
|
-
});
|
|
3804
|
-
if (credentialIdentifier) {
|
|
3805
|
-
requestBuilder.withCredentialIdentifier(credentialIdentifier);
|
|
3806
|
-
} else if (credentialConfigurationId) {
|
|
3807
|
-
requestBuilder.withCredentialConfigurationId(credentialConfigurationId);
|
|
3808
|
-
}
|
|
3809
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this._state.cachedCNonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
3810
|
-
requestBuilder.withIssuerState(issuerState);
|
|
3811
|
-
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
3812
|
-
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
3813
|
-
let subjectIssuance;
|
|
3814
|
-
if (this.endpointMetadata?.credentialIssuerMetadata) {
|
|
3815
|
-
const metadata = this.endpointMetadata.credentialIssuerMetadata;
|
|
3816
|
-
if (metadata.credential_configurations_supported) {
|
|
3817
|
-
const configId = credentialConfigurationId ?? credentialIdentifier;
|
|
3818
|
-
if (configId && metadata.credential_configurations_supported[configId]) {
|
|
3819
|
-
const config = metadata.credential_configurations_supported[configId];
|
|
3820
|
-
if (config.credential_subject_issuance) {
|
|
3821
|
-
const subjIssuance = config.credential_subject_issuance;
|
|
3822
|
-
if (subjIssuance.subject_proof_mode && subjIssuance.notification_events_supported) {
|
|
3823
|
-
subjectIssuance = {
|
|
3824
|
-
credential_subject_issuance: {
|
|
3825
|
-
subject_proof_mode: subjIssuance.subject_proof_mode,
|
|
3826
|
-
notification_events_supported: subjIssuance.notification_events_supported
|
|
3827
|
-
}
|
|
3828
|
-
};
|
|
3829
|
-
}
|
|
3830
|
-
}
|
|
3831
|
-
}
|
|
3832
|
-
}
|
|
3833
|
-
}
|
|
3834
|
-
if (subjectIssuance) {
|
|
3835
|
-
requestBuilder.withSubjectIssuance(subjectIssuance);
|
|
3836
|
-
}
|
|
3837
|
-
const credentialRequestClient = requestBuilder.build();
|
|
3838
|
-
if (!this._state.cachedCNonce) {
|
|
3839
|
-
await this.acquireNonce();
|
|
3840
|
-
}
|
|
3841
|
-
const proofBuilder = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
3842
|
-
accessTokenResponse: {
|
|
3843
|
-
...this.accessTokenResponse,
|
|
3844
|
-
c_nonce: this._state.cachedCNonce
|
|
3845
|
-
},
|
|
3846
|
-
callbacks: proofCallbacks,
|
|
3847
|
-
version: this.version()
|
|
3848
|
-
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
3849
|
-
if (this._state.jwk) {
|
|
3850
|
-
proofBuilder.withJWK(this._state.jwk);
|
|
3851
|
-
}
|
|
3852
|
-
if (this._state.kid) {
|
|
3853
|
-
proofBuilder.withKid(this._state.kid);
|
|
3854
|
-
}
|
|
3855
|
-
if (this.clientId) {
|
|
3856
|
-
proofBuilder.withClientId(this.clientId);
|
|
3857
|
-
}
|
|
3858
|
-
if (jti) {
|
|
3859
|
-
proofBuilder.withJti(jti);
|
|
3860
|
-
}
|
|
3861
|
-
const response = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
3862
|
-
proofInput: proofBuilder,
|
|
3863
|
-
credentialIdentifier,
|
|
3864
|
-
credentialTypes,
|
|
3865
|
-
context,
|
|
3866
|
-
format,
|
|
3867
|
-
subjectIssuance,
|
|
3868
|
-
createDPoPOpts
|
|
3869
|
-
});
|
|
3870
|
-
this._state.dpopResponseParams = response.params;
|
|
3871
|
-
if (response.errorBody) {
|
|
3872
|
-
logger14.debug(`Credential request error:\r
|
|
3873
|
-
${JSON.stringify(response.errorBody)}`);
|
|
3874
|
-
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3875
|
-
} else if (!response.successBody) {
|
|
3876
|
-
logger14.debug(`Credential request error. No success body`);
|
|
3877
|
-
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
3878
|
-
}
|
|
3879
|
-
return {
|
|
3880
|
-
...response.successBody,
|
|
3881
|
-
...this.dpopResponseParams && {
|
|
3882
|
-
params: this.dpopResponseParams
|
|
3883
|
-
},
|
|
3884
|
-
access_token: response.access_token
|
|
3885
|
-
};
|
|
3886
|
-
}
|
|
3887
|
-
async exportState() {
|
|
3888
|
-
return JSON.stringify(this._state);
|
|
3889
|
-
}
|
|
3890
|
-
getCredentialsSupported(restrictToInitiationTypes, format) {
|
|
3891
|
-
return (0, import_oid4vci_common27.getSupportedCredentials)({
|
|
3892
|
-
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
3893
|
-
version: this.version(),
|
|
3894
|
-
format,
|
|
3895
|
-
types: restrictToInitiationTypes ? [
|
|
3896
|
-
this.getCredentialOfferConfigurationIds()
|
|
3897
|
-
] : void 0
|
|
3898
|
-
});
|
|
3899
|
-
}
|
|
3900
|
-
async sendNotification(credentialRequestOpts, request, accessToken) {
|
|
3901
|
-
return sendNotification(credentialRequestOpts, request, accessToken ?? this._state.accessToken ?? this._state.accessTokenResponse?.access_token);
|
|
3902
|
-
}
|
|
3903
|
-
getCredentialOfferConfigurationIds() {
|
|
3904
|
-
if (!this.credentialOffer) {
|
|
3905
|
-
return [];
|
|
3906
|
-
}
|
|
3907
|
-
return this.credentialOffer.credential_offer?.credential_configuration_ids ?? [];
|
|
3908
|
-
}
|
|
3909
|
-
issuerSupportedFlowTypes() {
|
|
3910
|
-
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ?? this._state.endpointMetadata?.authorization_server ? [
|
|
3911
|
-
import_oid4vci_common27.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
3912
|
-
] : []);
|
|
3913
|
-
}
|
|
3914
|
-
isFlowTypeSupported(flowType) {
|
|
3915
|
-
return this.issuerSupportedFlowTypes().includes(flowType);
|
|
3916
|
-
}
|
|
3917
|
-
get authorizationURL() {
|
|
3918
|
-
return this._state.authorizationURL;
|
|
3919
|
-
}
|
|
3920
|
-
hasAuthorizationURL() {
|
|
3921
|
-
return !!this.authorizationURL;
|
|
3922
|
-
}
|
|
3923
|
-
get credentialOffer() {
|
|
3924
|
-
return this._state.credentialOffer;
|
|
3925
|
-
}
|
|
3926
|
-
version() {
|
|
3927
|
-
return import_oid4vci_common27.OpenId4VCIVersion.VER_1_0_15;
|
|
3928
|
-
}
|
|
3929
|
-
get endpointMetadata() {
|
|
3930
|
-
this.assertServerMetadata();
|
|
3931
|
-
return this._state.endpointMetadata;
|
|
3932
|
-
}
|
|
3933
|
-
get kid() {
|
|
3934
|
-
this.assertIssuerData();
|
|
3935
|
-
if (!this._state.kid) {
|
|
3936
|
-
throw new Error("No value for kid is supplied");
|
|
3937
|
-
}
|
|
3938
|
-
return this._state.kid;
|
|
3939
|
-
}
|
|
3940
|
-
get alg() {
|
|
3941
|
-
this.assertIssuerData();
|
|
3942
|
-
if (!this._state.alg) {
|
|
3943
|
-
throw new Error("No value for alg is supplied");
|
|
3944
|
-
}
|
|
3945
|
-
return this._state.alg;
|
|
3946
|
-
}
|
|
3947
|
-
set clientId(value) {
|
|
3948
|
-
this._state.clientId = value;
|
|
3949
|
-
}
|
|
3950
|
-
get clientId() {
|
|
3951
|
-
return this._state.clientId;
|
|
3952
|
-
}
|
|
3953
|
-
hasAccessTokenResponse() {
|
|
3954
|
-
return !!this._state.accessTokenResponse;
|
|
2928
|
+
...offer,
|
|
2929
|
+
metadata,
|
|
2930
|
+
version: offer.version
|
|
2931
|
+
});
|
|
3955
2932
|
}
|
|
3956
|
-
|
|
3957
|
-
|
|
3958
|
-
|
|
2933
|
+
static fromCredentialOfferRequest(opts) {
|
|
2934
|
+
const { request } = opts;
|
|
2935
|
+
const version = opts.version ?? request.version ?? (0, import_oid4vci_common22.determineSpecVersionFromOffer)(request.original_credential_offer);
|
|
2936
|
+
let builder;
|
|
2937
|
+
if (version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2938
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest(opts);
|
|
2939
|
+
} else {
|
|
2940
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOfferRequest(opts);
|
|
2941
|
+
}
|
|
2942
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3959
2943
|
}
|
|
3960
|
-
|
|
3961
|
-
|
|
2944
|
+
static fromCredentialOffer({ credentialOffer, metadata }) {
|
|
2945
|
+
const version = (0, import_oid4vci_common22.determineSpecVersionFromOffer)(credentialOffer.credential_offer);
|
|
2946
|
+
let builder;
|
|
2947
|
+
if (version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2948
|
+
builder = CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
2949
|
+
credentialOffer,
|
|
2950
|
+
metadata
|
|
2951
|
+
});
|
|
2952
|
+
} else {
|
|
2953
|
+
builder = CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
2954
|
+
credentialOffer,
|
|
2955
|
+
metadata
|
|
2956
|
+
});
|
|
2957
|
+
}
|
|
2958
|
+
return new _CredentialRequestClientBuilder(builder);
|
|
3962
2959
|
}
|
|
3963
|
-
|
|
3964
|
-
return this.
|
|
2960
|
+
getVersion() {
|
|
2961
|
+
return this._builder.version;
|
|
3965
2962
|
}
|
|
3966
|
-
|
|
3967
|
-
this.
|
|
3968
|
-
|
|
2963
|
+
withCredentialEndpointFromMetadata(metadata) {
|
|
2964
|
+
if (isV1_0_13(this._builder)) {
|
|
2965
|
+
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
2966
|
+
} else {
|
|
2967
|
+
this._builder.withCredentialEndpointFromMetadata(metadata);
|
|
2968
|
+
}
|
|
2969
|
+
return this;
|
|
3969
2970
|
}
|
|
3970
|
-
|
|
3971
|
-
this.
|
|
3972
|
-
return this
|
|
3973
|
-
issuerOpts: {
|
|
3974
|
-
issuer: this.getIssuer()
|
|
3975
|
-
}
|
|
3976
|
-
});
|
|
2971
|
+
withCredentialEndpoint(credentialEndpoint) {
|
|
2972
|
+
this._builder.withCredentialEndpoint(credentialEndpoint);
|
|
2973
|
+
return this;
|
|
3977
2974
|
}
|
|
3978
|
-
|
|
3979
|
-
this.
|
|
3980
|
-
|
|
2975
|
+
withDeferredCredentialEndpointFromMetadata(metadata) {
|
|
2976
|
+
if (isV1_0_13(this._builder)) {
|
|
2977
|
+
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
2978
|
+
} else {
|
|
2979
|
+
this._builder.withDeferredCredentialEndpointFromMetadata(metadata);
|
|
2980
|
+
}
|
|
2981
|
+
return this;
|
|
3981
2982
|
}
|
|
3982
|
-
|
|
3983
|
-
|
|
2983
|
+
withDeferredCredentialEndpoint(deferredCredentialEndpoint) {
|
|
2984
|
+
this._builder.withDeferredCredentialEndpoint(deferredCredentialEndpoint);
|
|
2985
|
+
return this;
|
|
3984
2986
|
}
|
|
3985
|
-
|
|
3986
|
-
|
|
2987
|
+
withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS) {
|
|
2988
|
+
this._builder.withDeferredCredentialAwait(deferredCredentialAwait, deferredCredentialIntervalInMS);
|
|
2989
|
+
return this;
|
|
3987
2990
|
}
|
|
3988
|
-
|
|
3989
|
-
this.
|
|
3990
|
-
|
|
2991
|
+
withCredentialIdentifier(credentialIdentifier) {
|
|
2992
|
+
if (this._builder.version === void 0 || this._builder.version < import_oid4vci_common22.OpenId4VCIVersion.VER_1_0_13) {
|
|
2993
|
+
throw new Error("Version of spec should be equal or higher than v1_0_13");
|
|
2994
|
+
}
|
|
2995
|
+
;
|
|
2996
|
+
this._builder.withCredentialIdentifier(credentialIdentifier);
|
|
2997
|
+
return this;
|
|
3991
2998
|
}
|
|
3992
|
-
|
|
3993
|
-
|
|
2999
|
+
withIssuerState(issuerState) {
|
|
3000
|
+
this._builder.withIssuerState(issuerState);
|
|
3001
|
+
return this;
|
|
3994
3002
|
}
|
|
3995
|
-
|
|
3996
|
-
|
|
3003
|
+
withCredentialType(credentialTypes) {
|
|
3004
|
+
this._builder.withCredentialType(credentialTypes);
|
|
3005
|
+
return this;
|
|
3997
3006
|
}
|
|
3998
|
-
|
|
3999
|
-
this.
|
|
4000
|
-
return this
|
|
3007
|
+
withFormat(format) {
|
|
3008
|
+
this._builder.withFormat(format);
|
|
3009
|
+
return this;
|
|
4001
3010
|
}
|
|
4002
|
-
|
|
4003
|
-
|
|
3011
|
+
withSubjectIssuance(subjectIssuance) {
|
|
3012
|
+
this._builder.withSubjectIssuance(subjectIssuance);
|
|
3013
|
+
return this;
|
|
4004
3014
|
}
|
|
4005
|
-
|
|
4006
|
-
|
|
4007
|
-
|
|
4008
|
-
} else if (!this._state.credentialOffer && this._state.endpointMetadata && this.issuerSupportedFlowTypes().length === 0) {
|
|
4009
|
-
throw Error(`No issuance initiation or credential offer present`);
|
|
4010
|
-
}
|
|
3015
|
+
withToken(accessToken) {
|
|
3016
|
+
this._builder.withToken(accessToken);
|
|
3017
|
+
return this;
|
|
4011
3018
|
}
|
|
4012
|
-
|
|
4013
|
-
|
|
4014
|
-
|
|
4015
|
-
}
|
|
3019
|
+
withTokenFromResponse(response) {
|
|
3020
|
+
this._builder.withTokenFromResponse(response);
|
|
3021
|
+
return this;
|
|
4016
3022
|
}
|
|
4017
|
-
|
|
4018
|
-
|
|
4019
|
-
|
|
4020
|
-
}
|
|
3023
|
+
withVersion(version) {
|
|
3024
|
+
this._builder.withVersion(version);
|
|
3025
|
+
return this;
|
|
4021
3026
|
}
|
|
4022
|
-
|
|
4023
|
-
|
|
4024
|
-
...this._state?.authorizationRequestOpts?.requestObjectOpts,
|
|
4025
|
-
...opts?.requestObjectOpts
|
|
4026
|
-
};
|
|
4027
|
-
let authorizationRequestOpts = {
|
|
4028
|
-
...this._state?.authorizationRequestOpts,
|
|
4029
|
-
...opts,
|
|
4030
|
-
...requestObjectOpts && {
|
|
4031
|
-
requestObjectOpts
|
|
4032
|
-
}
|
|
4033
|
-
};
|
|
4034
|
-
if (!authorizationRequestOpts) {
|
|
4035
|
-
authorizationRequestOpts = {
|
|
4036
|
-
redirectUri: `${import_oid4vci_common27.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
4037
|
-
};
|
|
4038
|
-
}
|
|
4039
|
-
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
4040
|
-
this._state.clientId = clientId;
|
|
4041
|
-
authorizationRequestOpts.clientId = clientId;
|
|
4042
|
-
return authorizationRequestOpts;
|
|
3027
|
+
build() {
|
|
3028
|
+
return this._builder.build();
|
|
4043
3029
|
}
|
|
4044
|
-
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
4045
|
-
if (authorizationResponse) {
|
|
4046
|
-
this._state.authorizationCodeResponse = {
|
|
4047
|
-
...(0, import_oid4vci_common27.toAuthorizationResponsePayload)(authorizationResponse)
|
|
4048
|
-
};
|
|
4049
|
-
} else if (code) {
|
|
4050
|
-
this._state.authorizationCodeResponse = {
|
|
4051
|
-
code
|
|
4052
|
-
};
|
|
4053
|
-
}
|
|
4054
|
-
return this._state.authorizationCodeResponse?.code ?? this._state.authorizationCodeResponse?.authorization_code;
|
|
4055
|
-
}, "getAuthorizationCode");
|
|
4056
3030
|
};
|
|
4057
3031
|
|
|
4058
3032
|
// lib/OpenID4VCIClient.ts
|
|
4059
|
-
var
|
|
3033
|
+
var import_oid4vci_common23 = require("@sphereon/oid4vci-common");
|
|
3034
|
+
var import_ssi_types14 = require("@sphereon/ssi-types");
|
|
3035
|
+
var logger12 = import_ssi_types14.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
4060
3036
|
var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
4061
3037
|
static {
|
|
4062
3038
|
__name(this, "OpenID4VCIClient");
|
|
4063
3039
|
}
|
|
4064
3040
|
_state;
|
|
4065
3041
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, accessToken, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
4066
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
3042
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common23.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
4067
3043
|
if (!issuer) {
|
|
4068
3044
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
4069
3045
|
}
|
|
@@ -4073,10 +3049,10 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4073
3049
|
kid,
|
|
4074
3050
|
alg,
|
|
4075
3051
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
4076
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
3052
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common23.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
4077
3053
|
pkce: {
|
|
4078
3054
|
disabled: false,
|
|
4079
|
-
codeChallengeMethod:
|
|
3055
|
+
codeChallengeMethod: import_oid4vci_common23.CodeChallengeMethod.S256,
|
|
4080
3056
|
...pkce
|
|
4081
3057
|
},
|
|
4082
3058
|
authorizationRequestOpts,
|
|
@@ -4090,7 +3066,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4090
3066
|
if (!this._state.authorizationRequestOpts) {
|
|
4091
3067
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
4092
3068
|
}
|
|
4093
|
-
|
|
3069
|
+
logger12.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
4094
3070
|
}
|
|
4095
3071
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, endpointMetadata }) {
|
|
4096
3072
|
const client = new _OpenID4VCIClient({
|
|
@@ -4133,12 +3109,12 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4133
3109
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
4134
3110
|
await client.retrieveServerMetadata();
|
|
4135
3111
|
}
|
|
4136
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
3112
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common23.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
4137
3113
|
await client.createAuthorizationRequestUrl({
|
|
4138
3114
|
authorizationRequest,
|
|
4139
3115
|
pkce
|
|
4140
3116
|
});
|
|
4141
|
-
|
|
3117
|
+
logger12.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
4142
3118
|
}
|
|
4143
3119
|
return client;
|
|
4144
3120
|
}
|
|
@@ -4158,7 +3134,7 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4158
3134
|
if (this._state.endpointMetadata?.credentialIssuerMetadata && "authorization_endpoint" in this._state.endpointMetadata.credentialIssuerMetadata) {
|
|
4159
3135
|
this._state.endpointMetadata.authorization_endpoint = this._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint;
|
|
4160
3136
|
}
|
|
4161
|
-
if (this.version() <=
|
|
3137
|
+
if (this.version() <= import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_11) {
|
|
4162
3138
|
this._state.authorizationURL = await createAuthorizationRequestUrlV1_0_11({
|
|
4163
3139
|
pkce: this._state.pkce,
|
|
4164
3140
|
endpointMetadata: this.endpointMetadata,
|
|
@@ -4205,12 +3181,12 @@ var OpenID4VCIClient = class _OpenID4VCIClient {
|
|
|
4205
3181
|
...opts
|
|
4206
3182
|
});
|
|
4207
3183
|
if (response.errorBody) {
|
|
4208
|
-
|
|
3184
|
+
logger12.debug(`Authorization code error:\r
|
|
4209
3185
|
${JSON.stringify(response.errorBody)}`);
|
|
4210
3186
|
const error = response.errorBody;
|
|
4211
3187
|
return Promise.reject(error);
|
|
4212
3188
|
} else if (!response.successBody) {
|
|
4213
|
-
|
|
3189
|
+
logger12.debug(`Authorization code error. No success body`);
|
|
4214
3190
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
4215
3191
|
}
|
|
4216
3192
|
return {
|
|
@@ -4256,7 +3232,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4256
3232
|
asOpts.clientOpts.clientId = clientId;
|
|
4257
3233
|
}
|
|
4258
3234
|
if (!this._state.accessTokenResponse) {
|
|
4259
|
-
const accessTokenClient = this.version() <=
|
|
3235
|
+
const accessTokenClient = this.version() <= import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_12 ? new AccessTokenClientV1_0_11() : new AccessTokenClient();
|
|
4260
3236
|
if (redirectUri && redirectUri !== this._state.authorizationRequestOpts?.redirectUri) {
|
|
4261
3237
|
console.log(`Redirect URI mismatch between access-token (${redirectUri}) and authorization request (${this._state.authorizationRequestOpts?.redirectUri}). According to the specification that is not allowed.`);
|
|
4262
3238
|
}
|
|
@@ -4282,11 +3258,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4282
3258
|
}
|
|
4283
3259
|
});
|
|
4284
3260
|
if (response.errorBody) {
|
|
4285
|
-
|
|
3261
|
+
logger12.debug(`Access token error:\r
|
|
4286
3262
|
${JSON.stringify(response.errorBody)}`);
|
|
4287
3263
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4288
3264
|
} else if (!response.successBody) {
|
|
4289
|
-
|
|
3265
|
+
logger12.debug(`Access token error. No success body`);
|
|
4290
3266
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4291
3267
|
}
|
|
4292
3268
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -4305,24 +3281,13 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4305
3281
|
jwk,
|
|
4306
3282
|
kid
|
|
4307
3283
|
].filter((v) => v !== void 0).length > 1) {
|
|
4308
|
-
throw new Error(
|
|
3284
|
+
throw new Error(import_oid4vci_common23.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
4309
3285
|
}
|
|
4310
3286
|
if (alg) this._state.alg = alg;
|
|
4311
3287
|
if (jwk) this._state.jwk = jwk;
|
|
4312
3288
|
if (kid) this._state.kid = kid;
|
|
4313
|
-
try {
|
|
4314
|
-
if (this.version() === import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15 || this.hasNonceEndpoint()) {
|
|
4315
|
-
if (!this._state.cachedCNonce) {
|
|
4316
|
-
await this.acquireNonceViaV15Delegate();
|
|
4317
|
-
}
|
|
4318
|
-
}
|
|
4319
|
-
} catch (e) {
|
|
4320
|
-
if (this.version() === import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15 || this.hasNonceEndpoint()) {
|
|
4321
|
-
return Promise.reject(Error(`failed to acquire nonce: ${String(e)}`));
|
|
4322
|
-
}
|
|
4323
|
-
}
|
|
4324
3289
|
let requestBuilder;
|
|
4325
|
-
if (this.version() <
|
|
3290
|
+
if (this.version() < import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13) {
|
|
4326
3291
|
requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
|
|
4327
3292
|
credentialOffer: this.credentialOffer,
|
|
4328
3293
|
metadata: this.endpointMetadata
|
|
@@ -4333,17 +3298,17 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4333
3298
|
version: this.version()
|
|
4334
3299
|
});
|
|
4335
3300
|
} else {
|
|
4336
|
-
requestBuilder = this.credentialOffer ?
|
|
3301
|
+
requestBuilder = this.credentialOffer ? CredentialRequestClientBuilderV1_0_13.fromCredentialOffer({
|
|
4337
3302
|
credentialOffer: this.credentialOffer,
|
|
4338
3303
|
metadata: this.endpointMetadata
|
|
4339
|
-
}) :
|
|
3304
|
+
}) : CredentialRequestClientBuilderV1_0_13.fromCredentialIssuer({
|
|
4340
3305
|
credentialIssuer: this.getIssuer(),
|
|
4341
3306
|
credentialTypes,
|
|
4342
3307
|
metadata: this.endpointMetadata,
|
|
4343
3308
|
version: this.version()
|
|
4344
3309
|
});
|
|
4345
3310
|
}
|
|
4346
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(
|
|
3311
|
+
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common23.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this.accessTokenResponse?.c_nonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
4347
3312
|
requestBuilder.withIssuerState(issuerState);
|
|
4348
3313
|
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
4349
3314
|
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
@@ -4356,7 +3321,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4356
3321
|
if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
4357
3322
|
let typeSupported = false;
|
|
4358
3323
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
4359
|
-
const subTypes = (0,
|
|
3324
|
+
const subTypes = (0, import_oid4vci_common23.getTypesFromCredentialSupported)(supportedCredential);
|
|
4360
3325
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
4361
3326
|
typeSupported = true;
|
|
4362
3327
|
if (supportedCredential.credential_subject_issuance) {
|
|
@@ -4380,106 +3345,53 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4380
3345
|
requestBuilder.withSubjectIssuance(subjectIssuance);
|
|
4381
3346
|
}
|
|
4382
3347
|
const credentialRequestClient = requestBuilder.build();
|
|
4383
|
-
|
|
4384
|
-
|
|
4385
|
-
|
|
4386
|
-
|
|
4387
|
-
|
|
4388
|
-
|
|
4389
|
-
|
|
4390
|
-
|
|
4391
|
-
|
|
4392
|
-
|
|
4393
|
-
|
|
4394
|
-
|
|
4395
|
-
|
|
4396
|
-
|
|
4397
|
-
|
|
4398
|
-
|
|
4399
|
-
|
|
4400
|
-
|
|
4401
|
-
|
|
4402
|
-
|
|
4403
|
-
|
|
4404
|
-
|
|
4405
|
-
|
|
4406
|
-
|
|
4407
|
-
|
|
4408
|
-
|
|
4409
|
-
|
|
4410
|
-
|
|
4411
|
-
logger15.debug(`Credential request error:\r
|
|
3348
|
+
const proofBuilder = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
3349
|
+
accessTokenResponse: this.accessTokenResponse,
|
|
3350
|
+
callbacks: proofCallbacks,
|
|
3351
|
+
version: this.version()
|
|
3352
|
+
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
3353
|
+
if (this._state.jwk) {
|
|
3354
|
+
proofBuilder.withJWK(this._state.jwk);
|
|
3355
|
+
}
|
|
3356
|
+
if (this._state.kid) {
|
|
3357
|
+
proofBuilder.withKid(this._state.kid);
|
|
3358
|
+
}
|
|
3359
|
+
if (this.clientId) {
|
|
3360
|
+
proofBuilder.withClientId(this.clientId);
|
|
3361
|
+
}
|
|
3362
|
+
if (jti) {
|
|
3363
|
+
proofBuilder.withJti(jti);
|
|
3364
|
+
}
|
|
3365
|
+
const response = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
3366
|
+
proofInput: proofBuilder,
|
|
3367
|
+
credentialTypes,
|
|
3368
|
+
context,
|
|
3369
|
+
format,
|
|
3370
|
+
subjectIssuance,
|
|
3371
|
+
createDPoPOpts
|
|
3372
|
+
});
|
|
3373
|
+
this._state.dpopResponseParams = response.params;
|
|
3374
|
+
if (response.errorBody) {
|
|
3375
|
+
logger12.debug(`Credential request error:\r
|
|
4412
3376
|
${JSON.stringify(response.errorBody)}`);
|
|
4413
|
-
|
|
4414
|
-
|
|
4415
|
-
|
|
4416
|
-
|
|
4417
|
-
}
|
|
4418
|
-
return {
|
|
4419
|
-
...response.successBody,
|
|
4420
|
-
...this.dpopResponseParams && {
|
|
4421
|
-
params: this.dpopResponseParams
|
|
4422
|
-
},
|
|
4423
|
-
access_token: response.access_token
|
|
4424
|
-
};
|
|
4425
|
-
} catch (e) {
|
|
4426
|
-
if (!this.shouldRetryWithFreshNonce(e)) {
|
|
4427
|
-
return Promise.reject(e instanceof Error ? e : Error(String(e)));
|
|
4428
|
-
}
|
|
4429
|
-
this._state.cachedCNonce = void 0;
|
|
4430
|
-
try {
|
|
4431
|
-
await this.acquireNonceViaV15Delegate();
|
|
4432
|
-
} catch (e2) {
|
|
4433
|
-
return Promise.reject(Error(`retry nonce fetch failed: ${String(e2)}`));
|
|
4434
|
-
}
|
|
4435
|
-
const proofBuilder2 = ProofOfPossessionBuilder.fromAccessTokenResponse({
|
|
4436
|
-
accessTokenResponse: this.accessTokenResponse,
|
|
4437
|
-
callbacks: proofCallbacks,
|
|
4438
|
-
version: this.version()
|
|
4439
|
-
}).withIssuer(this.getIssuer()).withAlg(this.alg);
|
|
4440
|
-
if (this._state.jwk) {
|
|
4441
|
-
proofBuilder2.withJWK(this._state.jwk);
|
|
4442
|
-
}
|
|
4443
|
-
if (this._state.kid) {
|
|
4444
|
-
proofBuilder2.withKid(this._state.kid);
|
|
4445
|
-
}
|
|
4446
|
-
if (this.clientId) {
|
|
4447
|
-
proofBuilder2.withClientId(this.clientId);
|
|
4448
|
-
}
|
|
4449
|
-
if (jti) {
|
|
4450
|
-
proofBuilder2.withJti(jti);
|
|
4451
|
-
}
|
|
4452
|
-
const response2 = await credentialRequestClient.acquireCredentialsUsingProof({
|
|
4453
|
-
proofInput: proofBuilder2,
|
|
4454
|
-
credentialTypes,
|
|
4455
|
-
context,
|
|
4456
|
-
format,
|
|
4457
|
-
subjectIssuance,
|
|
4458
|
-
createDPoPOpts
|
|
4459
|
-
});
|
|
4460
|
-
this._state.dpopResponseParams = response2.params;
|
|
4461
|
-
if (response2.errorBody) {
|
|
4462
|
-
logger15.debug(`Credential request error (after retry):\r
|
|
4463
|
-
${JSON.stringify(response2.errorBody)}`);
|
|
4464
|
-
return Promise.reject(Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed after retry with status: ${response2.origResponse.status}`));
|
|
4465
|
-
} else if (!response2.successBody) {
|
|
4466
|
-
logger15.debug(`Credential request error after retry. No success body`);
|
|
4467
|
-
return Promise.reject(Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed after retry as there was no success response body`));
|
|
4468
|
-
}
|
|
4469
|
-
return {
|
|
4470
|
-
...response2.successBody,
|
|
4471
|
-
...this.dpopResponseParams && {
|
|
4472
|
-
params: this.dpopResponseParams
|
|
4473
|
-
},
|
|
4474
|
-
access_token: response2.access_token
|
|
4475
|
-
};
|
|
3377
|
+
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
3378
|
+
} else if (!response.successBody) {
|
|
3379
|
+
logger12.debug(`Credential request error. No success body`);
|
|
3380
|
+
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4476
3381
|
}
|
|
3382
|
+
return {
|
|
3383
|
+
...response.successBody,
|
|
3384
|
+
...this.dpopResponseParams && {
|
|
3385
|
+
params: this.dpopResponseParams
|
|
3386
|
+
},
|
|
3387
|
+
access_token: response.access_token
|
|
3388
|
+
};
|
|
4477
3389
|
}
|
|
4478
3390
|
async exportState() {
|
|
4479
3391
|
return JSON.stringify(this._state);
|
|
4480
3392
|
}
|
|
4481
3393
|
getCredentialsSupported(restrictToInitiationTypes, format) {
|
|
4482
|
-
return (0,
|
|
3394
|
+
return (0, import_oid4vci_common23.getSupportedCredentials)({
|
|
4483
3395
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
4484
3396
|
version: this.version(),
|
|
4485
3397
|
format,
|
|
@@ -4492,7 +3404,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4492
3404
|
getCredentialOfferTypes() {
|
|
4493
3405
|
if (!this.credentialOffer) {
|
|
4494
3406
|
return [];
|
|
4495
|
-
} else if (this.version() <
|
|
3407
|
+
} else if (this.version() < import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_11) {
|
|
4496
3408
|
const orig = this.credentialOffer.original_credential_offer;
|
|
4497
3409
|
const types = typeof orig.credential_type === "string" ? [
|
|
4498
3410
|
orig.credential_type
|
|
@@ -4500,14 +3412,14 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4500
3412
|
const result = [];
|
|
4501
3413
|
result[0] = types;
|
|
4502
3414
|
return result;
|
|
4503
|
-
} else if (this.version() <
|
|
4504
|
-
return this.credentialOffer.credential_offer.credentials.map((c) => (0,
|
|
3415
|
+
} else if (this.version() < import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13) {
|
|
3416
|
+
return this.credentialOffer.credential_offer.credentials.map((c) => (0, import_oid4vci_common23.getTypesFromObject)(c) ?? []);
|
|
4505
3417
|
}
|
|
4506
3418
|
return void 0;
|
|
4507
3419
|
}
|
|
4508
3420
|
issuerSupportedFlowTypes() {
|
|
4509
3421
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ?? this._state.endpointMetadata?.authorization_server ? [
|
|
4510
|
-
|
|
3422
|
+
import_oid4vci_common23.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
4511
3423
|
] : []);
|
|
4512
3424
|
}
|
|
4513
3425
|
isFlowTypeSupported(flowType) {
|
|
@@ -4523,17 +3435,17 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4523
3435
|
return this._state.credentialOffer;
|
|
4524
3436
|
}
|
|
4525
3437
|
version() {
|
|
4526
|
-
if (this.credentialOffer?.version && this.credentialOffer.version !==
|
|
3438
|
+
if (this.credentialOffer?.version && this.credentialOffer.version !== import_oid4vci_common23.OpenId4VCIVersion.VER_UNKNOWN) {
|
|
4527
3439
|
return this.credentialOffer.version;
|
|
4528
3440
|
}
|
|
4529
3441
|
const metadata = this._state.endpointMetadata;
|
|
4530
3442
|
if (metadata?.credentialIssuerMetadata) {
|
|
4531
|
-
const versions = (0,
|
|
4532
|
-
if (versions.length > 0 && !versions.includes(
|
|
3443
|
+
const versions = (0, import_oid4vci_common23.determineVersionsFromIssuerMetadata)(metadata.credentialIssuerMetadata);
|
|
3444
|
+
if (versions.length > 0 && !versions.includes(import_oid4vci_common23.OpenId4VCIVersion.VER_UNKNOWN)) {
|
|
4533
3445
|
return versions[0];
|
|
4534
3446
|
}
|
|
4535
3447
|
}
|
|
4536
|
-
return
|
|
3448
|
+
return import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_13;
|
|
4537
3449
|
}
|
|
4538
3450
|
get endpointMetadata() {
|
|
4539
3451
|
this.assertServerMetadata();
|
|
@@ -4578,7 +3490,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4578
3490
|
if (this.endpointMetadata) {
|
|
4579
3491
|
return this.endpointMetadata.token_endpoint;
|
|
4580
3492
|
}
|
|
4581
|
-
return this.version() <=
|
|
3493
|
+
return this.version() <= import_oid4vci_common23.OpenId4VCIVersion.VER_1_0_12 ? AccessTokenClientV1_0_11.determineTokenURL({
|
|
4582
3494
|
issuerOpts: {
|
|
4583
3495
|
issuer: this.getIssuer()
|
|
4584
3496
|
}
|
|
@@ -4650,7 +3562,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4650
3562
|
};
|
|
4651
3563
|
if (!authorizationRequestOpts) {
|
|
4652
3564
|
authorizationRequestOpts = {
|
|
4653
|
-
redirectUri: `${
|
|
3565
|
+
redirectUri: `${import_oid4vci_common23.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
4654
3566
|
};
|
|
4655
3567
|
}
|
|
4656
3568
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -4661,7 +3573,7 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4661
3573
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
4662
3574
|
if (authorizationResponse) {
|
|
4663
3575
|
this._state.authorizationCodeResponse = {
|
|
4664
|
-
...(0,
|
|
3576
|
+
...(0, import_oid4vci_common23.toAuthorizationResponsePayload)(authorizationResponse)
|
|
4665
3577
|
};
|
|
4666
3578
|
} else if (code) {
|
|
4667
3579
|
this._state.authorizationCodeResponse = {
|
|
@@ -4670,68 +3582,19 @@ ${JSON.stringify(response2.errorBody)}`);
|
|
|
4670
3582
|
}
|
|
4671
3583
|
return this._state.authorizationCodeResponse?.code ?? this._state.authorizationCodeResponse?.authorization_code;
|
|
4672
3584
|
}, "getAuthorizationCode");
|
|
4673
|
-
hasNonceEndpoint() {
|
|
4674
|
-
const as = this._state.endpointMetadata?.authorizationServerMetadata;
|
|
4675
|
-
if (!as) {
|
|
4676
|
-
return false;
|
|
4677
|
-
}
|
|
4678
|
-
const endpoint = as.nonce_endpoint;
|
|
4679
|
-
return typeof endpoint === "string" && endpoint.length > 0;
|
|
4680
|
-
}
|
|
4681
|
-
async acquireNonceViaV15Delegate() {
|
|
4682
|
-
let v15;
|
|
4683
|
-
try {
|
|
4684
|
-
v15 = await OpenID4VCIClientV1_0_15.fromState({
|
|
4685
|
-
state: JSON.stringify(this._state)
|
|
4686
|
-
});
|
|
4687
|
-
} catch (e) {
|
|
4688
|
-
return Promise.reject(Error(`failed to init v15 delegate for nonce: ${String(e)}`));
|
|
4689
|
-
}
|
|
4690
|
-
try {
|
|
4691
|
-
await v15.acquireNonce();
|
|
4692
|
-
} catch (e) {
|
|
4693
|
-
return Promise.reject(Error(`nonce request failed: ${String(e)}`));
|
|
4694
|
-
}
|
|
4695
|
-
this._state.cachedCNonce = v15.state.cachedCNonce;
|
|
4696
|
-
}
|
|
4697
|
-
shouldRetryWithFreshNonce(err) {
|
|
4698
|
-
if (!this.hasNonceEndpoint() && this.version() !== import_oid4vci_common28.OpenId4VCIVersion.VER_1_0_15) {
|
|
4699
|
-
return false;
|
|
4700
|
-
}
|
|
4701
|
-
const status = err?.response?.status ?? err?.status;
|
|
4702
|
-
const body = err?.response?.data ?? err?.data ?? void 0;
|
|
4703
|
-
const error = typeof body?.error === "string" ? body.error : void 0;
|
|
4704
|
-
const desc = typeof body?.error_description === "string" ? body.error_description : void 0;
|
|
4705
|
-
const text = [
|
|
4706
|
-
error,
|
|
4707
|
-
desc
|
|
4708
|
-
].filter(Boolean).join(" ").toLowerCase();
|
|
4709
|
-
if (status === 400 || status === 401 || status === 403) {
|
|
4710
|
-
if (text.includes("nonce") || text.includes("c_nonce")) {
|
|
4711
|
-
return true;
|
|
4712
|
-
}
|
|
4713
|
-
if (text.includes("proof") && (text.includes("invalid") || text.includes("expired"))) {
|
|
4714
|
-
return true;
|
|
4715
|
-
}
|
|
4716
|
-
if (error === "invalid_proof" || error === "invalid_request") {
|
|
4717
|
-
return true;
|
|
4718
|
-
}
|
|
4719
|
-
}
|
|
4720
|
-
return false;
|
|
4721
|
-
}
|
|
4722
3585
|
};
|
|
4723
3586
|
|
|
4724
3587
|
// lib/OpenID4VCIClientV1_0_13.ts
|
|
4725
|
-
var
|
|
4726
|
-
var
|
|
4727
|
-
var
|
|
3588
|
+
var import_oid4vci_common24 = require("@sphereon/oid4vci-common");
|
|
3589
|
+
var import_ssi_types15 = require("@sphereon/ssi-types");
|
|
3590
|
+
var logger13 = import_ssi_types15.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
4728
3591
|
var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
4729
3592
|
static {
|
|
4730
3593
|
__name(this, "OpenID4VCIClientV1_0_13");
|
|
4731
3594
|
}
|
|
4732
3595
|
_state;
|
|
4733
3596
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, accessToken, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
4734
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
3597
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common24.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
4735
3598
|
if (!issuer) {
|
|
4736
3599
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
4737
3600
|
}
|
|
@@ -4741,10 +3604,10 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4741
3604
|
kid,
|
|
4742
3605
|
alg,
|
|
4743
3606
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
4744
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
3607
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common24.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
4745
3608
|
pkce: {
|
|
4746
3609
|
disabled: false,
|
|
4747
|
-
codeChallengeMethod:
|
|
3610
|
+
codeChallengeMethod: import_oid4vci_common24.CodeChallengeMethod.S256,
|
|
4748
3611
|
...pkce
|
|
4749
3612
|
},
|
|
4750
3613
|
authorizationRequestOpts,
|
|
@@ -4758,7 +3621,7 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4758
3621
|
if (!this._state.authorizationRequestOpts) {
|
|
4759
3622
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
4760
3623
|
}
|
|
4761
|
-
|
|
3624
|
+
logger13.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
4762
3625
|
}
|
|
4763
3626
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
4764
3627
|
const client = new _OpenID4VCIClientV1_0_13({
|
|
@@ -4799,12 +3662,12 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4799
3662
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
4800
3663
|
await client.retrieveServerMetadata();
|
|
4801
3664
|
}
|
|
4802
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
3665
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common24.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
4803
3666
|
await client.createAuthorizationRequestUrl({
|
|
4804
3667
|
authorizationRequest,
|
|
4805
3668
|
pkce
|
|
4806
3669
|
});
|
|
4807
|
-
|
|
3670
|
+
logger13.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
4808
3671
|
}
|
|
4809
3672
|
return client;
|
|
4810
3673
|
}
|
|
@@ -4862,12 +3725,12 @@ var OpenID4VCIClientV1_0_13 = class _OpenID4VCIClientV1_0_13 {
|
|
|
4862
3725
|
...opts
|
|
4863
3726
|
});
|
|
4864
3727
|
if (response.errorBody) {
|
|
4865
|
-
|
|
3728
|
+
logger13.debug(`Authorization code error:\r
|
|
4866
3729
|
${JSON.stringify(response.errorBody)}`);
|
|
4867
3730
|
const error = response.errorBody;
|
|
4868
3731
|
return Promise.reject(error);
|
|
4869
3732
|
} else if (!response.successBody) {
|
|
4870
|
-
|
|
3733
|
+
logger13.debug(`Authorization code error. No success body`);
|
|
4871
3734
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
4872
3735
|
}
|
|
4873
3736
|
return {
|
|
@@ -4939,11 +3802,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4939
3802
|
}
|
|
4940
3803
|
});
|
|
4941
3804
|
if (response.errorBody) {
|
|
4942
|
-
|
|
3805
|
+
logger13.debug(`Access token error:\r
|
|
4943
3806
|
${JSON.stringify(response.errorBody)}`);
|
|
4944
3807
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
4945
3808
|
} else if (!response.successBody) {
|
|
4946
|
-
|
|
3809
|
+
logger13.debug(`Access token error. No success body`);
|
|
4947
3810
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
4948
3811
|
}
|
|
4949
3812
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -4968,7 +3831,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4968
3831
|
jwk,
|
|
4969
3832
|
kid
|
|
4970
3833
|
].filter((v) => v !== void 0).length > 1) {
|
|
4971
|
-
throw new Error(
|
|
3834
|
+
throw new Error(import_oid4vci_common24.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
4972
3835
|
}
|
|
4973
3836
|
if (alg) this._state.alg = alg;
|
|
4974
3837
|
if (jwk) this._state.jwk = jwk;
|
|
@@ -4982,7 +3845,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
4982
3845
|
metadata: this.endpointMetadata,
|
|
4983
3846
|
version: this.version()
|
|
4984
3847
|
});
|
|
4985
|
-
const issuerState = this.issuerSupportedFlowTypes().includes(
|
|
3848
|
+
const issuerState = this.issuerSupportedFlowTypes().includes(import_oid4vci_common24.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && this._state.authorizationCodeResponse && !this.accessTokenResponse?.c_nonce && this._state.credentialOffer?.issuerState ? this._state.credentialOffer.issuerState : void 0;
|
|
4986
3849
|
requestBuilder.withIssuerState(issuerState);
|
|
4987
3850
|
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
4988
3851
|
requestBuilder.withDeferredCredentialAwait(deferredCredentialAwait ?? false, deferredCredentialIntervalInMS);
|
|
@@ -5005,7 +3868,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5005
3868
|
} else if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
5006
3869
|
let typeSupported = false;
|
|
5007
3870
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
5008
|
-
const subTypes = (0,
|
|
3871
|
+
const subTypes = (0, import_oid4vci_common24.getTypesFromCredentialSupported)(supportedCredential);
|
|
5009
3872
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
5010
3873
|
typeSupported = true;
|
|
5011
3874
|
if (supportedCredential.credential_subject_issuance) {
|
|
@@ -5021,7 +3884,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5021
3884
|
} else if (metadata.credential_configurations_supported && typeof metadata.credential_configurations_supported === "object") {
|
|
5022
3885
|
let typeSupported = false;
|
|
5023
3886
|
Object.values(metadata.credential_configurations_supported).forEach((supportedCredential) => {
|
|
5024
|
-
const subTypes = (0,
|
|
3887
|
+
const subTypes = (0, import_oid4vci_common24.getTypesFromCredentialSupported)(supportedCredential);
|
|
5025
3888
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
5026
3889
|
typeSupported = true;
|
|
5027
3890
|
}
|
|
@@ -5071,17 +3934,14 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5071
3934
|
credentialIdentifier,
|
|
5072
3935
|
subjectIssuance
|
|
5073
3936
|
});
|
|
5074
|
-
|
|
5075
|
-
return Promise.reject(Error(`Unsupported credential format: ${format}`));
|
|
5076
|
-
}
|
|
5077
|
-
const response = await credentialRequestClient.acquireCredentialsUsingRequest(request, format, createDPoPOpts);
|
|
3937
|
+
const response = await credentialRequestClient.acquireCredentialsUsingRequest(request, createDPoPOpts);
|
|
5078
3938
|
this._state.dpopResponseParams = response.params;
|
|
5079
3939
|
if (response.errorBody) {
|
|
5080
|
-
|
|
3940
|
+
logger13.debug(`Credential request error:\r
|
|
5081
3941
|
${JSON.stringify(response.errorBody)}`);
|
|
5082
3942
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
5083
3943
|
} else if (!response.successBody) {
|
|
5084
|
-
|
|
3944
|
+
logger13.debug(`Credential request error. No success body`);
|
|
5085
3945
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
5086
3946
|
}
|
|
5087
3947
|
return {
|
|
@@ -5096,7 +3956,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5096
3956
|
return JSON.stringify(this._state);
|
|
5097
3957
|
}
|
|
5098
3958
|
getCredentialsSupported(format) {
|
|
5099
|
-
return (0,
|
|
3959
|
+
return (0, import_oid4vci_common24.getSupportedCredentials)({
|
|
5100
3960
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
5101
3961
|
version: this.version(),
|
|
5102
3962
|
format,
|
|
@@ -5131,7 +3991,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5131
3991
|
}*/
|
|
5132
3992
|
issuerSupportedFlowTypes() {
|
|
5133
3993
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ? [
|
|
5134
|
-
|
|
3994
|
+
import_oid4vci_common24.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
5135
3995
|
] : []);
|
|
5136
3996
|
}
|
|
5137
3997
|
isFlowTypeSupported(flowType) {
|
|
@@ -5147,7 +4007,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5147
4007
|
return this._state.credentialOffer;
|
|
5148
4008
|
}
|
|
5149
4009
|
version() {
|
|
5150
|
-
return this.credentialOffer?.version ??
|
|
4010
|
+
return this.credentialOffer?.version ?? import_oid4vci_common24.OpenId4VCIVersion.VER_1_0_13;
|
|
5151
4011
|
}
|
|
5152
4012
|
get endpointMetadata() {
|
|
5153
4013
|
this.assertServerMetadata();
|
|
@@ -5250,7 +4110,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5250
4110
|
};
|
|
5251
4111
|
if (!authorizationRequestOpts) {
|
|
5252
4112
|
authorizationRequestOpts = {
|
|
5253
|
-
redirectUri: `${
|
|
4113
|
+
redirectUri: `${import_oid4vci_common24.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
5254
4114
|
};
|
|
5255
4115
|
}
|
|
5256
4116
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -5261,7 +4121,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5261
4121
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
5262
4122
|
if (authorizationResponse) {
|
|
5263
4123
|
this._state.authorizationCodeResponse = {
|
|
5264
|
-
...(0,
|
|
4124
|
+
...(0, import_oid4vci_common24.toAuthorizationResponsePayload)(authorizationResponse)
|
|
5265
4125
|
};
|
|
5266
4126
|
} else if (code) {
|
|
5267
4127
|
this._state.authorizationCodeResponse = {
|
|
@@ -5273,16 +4133,16 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5273
4133
|
};
|
|
5274
4134
|
|
|
5275
4135
|
// lib/OpenID4VCIClientV1_0_11.ts
|
|
5276
|
-
var
|
|
5277
|
-
var
|
|
5278
|
-
var
|
|
4136
|
+
var import_oid4vci_common25 = require("@sphereon/oid4vci-common");
|
|
4137
|
+
var import_ssi_types16 = require("@sphereon/ssi-types");
|
|
4138
|
+
var logger14 = import_ssi_types16.Loggers.DEFAULT.get("sphereon:oid4vci");
|
|
5279
4139
|
var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
5280
4140
|
static {
|
|
5281
4141
|
__name(this, "OpenID4VCIClientV1_0_11");
|
|
5282
4142
|
}
|
|
5283
4143
|
_state;
|
|
5284
4144
|
constructor({ credentialOffer, clientId, kid, alg, credentialIssuer, pkce, authorizationRequest, jwk, endpointMetadata, accessTokenResponse, authorizationRequestOpts, authorizationCodeResponse, authorizationURL }) {
|
|
5285
|
-
const issuer = credentialIssuer ?? (credentialOffer ? (0,
|
|
4145
|
+
const issuer = credentialIssuer ?? (credentialOffer ? (0, import_oid4vci_common25.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : void 0);
|
|
5286
4146
|
if (!issuer) {
|
|
5287
4147
|
throw Error("No credential issuer supplied or deduced from offer");
|
|
5288
4148
|
}
|
|
@@ -5292,10 +4152,10 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5292
4152
|
kid,
|
|
5293
4153
|
alg,
|
|
5294
4154
|
// TODO: We need to refactor this and always explicitly call createAuthorizationRequestUrl, so we can have a credential selection first and use the kid as a default for the client id
|
|
5295
|
-
clientId: clientId ?? (credentialOffer && (0,
|
|
4155
|
+
clientId: clientId ?? (credentialOffer && (0, import_oid4vci_common25.getClientIdFromCredentialOfferPayload)(credentialOffer.credential_offer)) ?? kid?.split("#")[0],
|
|
5296
4156
|
pkce: {
|
|
5297
4157
|
disabled: false,
|
|
5298
|
-
codeChallengeMethod:
|
|
4158
|
+
codeChallengeMethod: import_oid4vci_common25.CodeChallengeMethod.S256,
|
|
5299
4159
|
...pkce
|
|
5300
4160
|
},
|
|
5301
4161
|
authorizationRequestOpts,
|
|
@@ -5308,7 +4168,7 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5308
4168
|
if (!this._state.authorizationRequestOpts) {
|
|
5309
4169
|
this._state.authorizationRequestOpts = this.syncAuthorizationRequestOpts(authorizationRequest);
|
|
5310
4170
|
}
|
|
5311
|
-
|
|
4171
|
+
logger14.debug(`Authorization req options: ${JSON.stringify(this._state.authorizationRequestOpts, null, 2)}`);
|
|
5312
4172
|
}
|
|
5313
4173
|
static async fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL }) {
|
|
5314
4174
|
const client = new _OpenID4VCIClientV1_0_11({
|
|
@@ -5349,12 +4209,12 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5349
4209
|
if (retrieveServerMetadata === void 0 || retrieveServerMetadata) {
|
|
5350
4210
|
await client.retrieveServerMetadata();
|
|
5351
4211
|
}
|
|
5352
|
-
if (credentialOfferClient.supportedFlows.includes(
|
|
4212
|
+
if (credentialOfferClient.supportedFlows.includes(import_oid4vci_common25.AuthzFlowType.AUTHORIZATION_CODE_FLOW) && (createAuthorizationRequestURL === void 0 || createAuthorizationRequestURL)) {
|
|
5353
4213
|
await client.createAuthorizationRequestUrl({
|
|
5354
4214
|
authorizationRequest,
|
|
5355
4215
|
pkce
|
|
5356
4216
|
});
|
|
5357
|
-
|
|
4217
|
+
logger14.debug(`Authorization Request URL: ${client._state.authorizationURL}`);
|
|
5358
4218
|
}
|
|
5359
4219
|
return client;
|
|
5360
4220
|
}
|
|
@@ -5411,12 +4271,12 @@ var OpenID4VCIClientV1_0_11 = class _OpenID4VCIClientV1_0_11 {
|
|
|
5411
4271
|
...opts
|
|
5412
4272
|
});
|
|
5413
4273
|
if (response.errorBody) {
|
|
5414
|
-
|
|
4274
|
+
logger14.debug(`Authorization code error:\r
|
|
5415
4275
|
${JSON.stringify(response.errorBody)}`);
|
|
5416
4276
|
const error = response.errorBody;
|
|
5417
4277
|
return Promise.reject(error);
|
|
5418
4278
|
} else if (!response.successBody) {
|
|
5419
|
-
|
|
4279
|
+
logger14.debug(`Authorization code error. No success body`);
|
|
5420
4280
|
return Promise.reject(Error(`Retrieving an authorization code token from ${this._state.endpointMetadata?.authorization_challenge_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`));
|
|
5421
4281
|
}
|
|
5422
4282
|
return {
|
|
@@ -5488,11 +4348,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5488
4348
|
}
|
|
5489
4349
|
});
|
|
5490
4350
|
if (response.errorBody) {
|
|
5491
|
-
|
|
4351
|
+
logger14.debug(`Access token error:\r
|
|
5492
4352
|
${JSON.stringify(response.errorBody)}`);
|
|
5493
4353
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
5494
4354
|
} else if (!response.successBody) {
|
|
5495
|
-
|
|
4355
|
+
logger14.debug(`Access token error. No success body`);
|
|
5496
4356
|
throw Error(`Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
5497
4357
|
}
|
|
5498
4358
|
this._state.accessTokenResponse = response.successBody;
|
|
@@ -5511,7 +4371,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5511
4371
|
jwk,
|
|
5512
4372
|
kid
|
|
5513
4373
|
].filter((v) => v !== void 0).length > 1) {
|
|
5514
|
-
throw new Error(
|
|
4374
|
+
throw new Error(import_oid4vci_common25.KID_JWK_X5C_ERROR + `. jwk: ${jwk !== void 0}, kid: ${kid !== void 0}`);
|
|
5515
4375
|
}
|
|
5516
4376
|
if (alg) this._state.alg = alg;
|
|
5517
4377
|
if (jwk) this._state.jwk = jwk;
|
|
@@ -5535,7 +4395,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5535
4395
|
if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
5536
4396
|
let typeSupported = false;
|
|
5537
4397
|
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
5538
|
-
const subTypes = (0,
|
|
4398
|
+
const subTypes = (0, import_oid4vci_common25.getTypesFromCredentialSupported)(supportedCredential);
|
|
5539
4399
|
if (subTypes.every((t, i) => types[i] === t) || types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0]))) {
|
|
5540
4400
|
typeSupported = true;
|
|
5541
4401
|
}
|
|
@@ -5577,11 +4437,11 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5577
4437
|
});
|
|
5578
4438
|
this._state.dpopResponseParams = response.params;
|
|
5579
4439
|
if (response.errorBody) {
|
|
5580
|
-
|
|
4440
|
+
logger14.debug(`Credential request error:\r
|
|
5581
4441
|
${JSON.stringify(response.errorBody)}`);
|
|
5582
4442
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed with status: ${response.origResponse.status}`);
|
|
5583
4443
|
} else if (!response.successBody) {
|
|
5584
|
-
|
|
4444
|
+
logger14.debug(`Credential request error. No success body`);
|
|
5585
4445
|
throw Error(`Retrieving a credential from ${this._state.endpointMetadata?.credential_endpoint} for issuer ${this.getIssuer()} failed as there was no success response body`);
|
|
5586
4446
|
}
|
|
5587
4447
|
return {
|
|
@@ -5599,7 +4459,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5599
4459
|
// When < v11 convert into a v12 object. When v12 object retain it.
|
|
5600
4460
|
// Then match the object array on server metadata
|
|
5601
4461
|
getCredentialsSupportedV11(restrictToInitiationTypes, format) {
|
|
5602
|
-
return (0,
|
|
4462
|
+
return (0, import_oid4vci_common25.getSupportedCredentials)({
|
|
5603
4463
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
5604
4464
|
version: this.version(),
|
|
5605
4465
|
format,
|
|
@@ -5607,7 +4467,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5607
4467
|
});
|
|
5608
4468
|
}
|
|
5609
4469
|
getCredentialsSupported(format) {
|
|
5610
|
-
return (0,
|
|
4470
|
+
return (0, import_oid4vci_common25.getSupportedCredentials)({
|
|
5611
4471
|
issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
|
|
5612
4472
|
version: this.version(),
|
|
5613
4473
|
format,
|
|
@@ -5617,7 +4477,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5617
4477
|
getCredentialOfferTypes() {
|
|
5618
4478
|
if (!this.credentialOffer) {
|
|
5619
4479
|
return [];
|
|
5620
|
-
} else if (this.credentialOffer.version <
|
|
4480
|
+
} else if (this.credentialOffer.version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_11) {
|
|
5621
4481
|
const orig = this.credentialOffer.original_credential_offer;
|
|
5622
4482
|
const types = typeof orig.credential_type === "string" ? [
|
|
5623
4483
|
orig.credential_type
|
|
@@ -5625,14 +4485,14 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5625
4485
|
const result = [];
|
|
5626
4486
|
result[0] = types;
|
|
5627
4487
|
return result;
|
|
5628
|
-
} else if (this.credentialOffer.version <
|
|
5629
|
-
return this.credentialOffer.credential_offer.credentials.map((c) => (0,
|
|
4488
|
+
} else if (this.credentialOffer.version < import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_13) {
|
|
4489
|
+
return this.credentialOffer.credential_offer.credentials.map((c) => (0, import_oid4vci_common25.getTypesFromObject)(c) ?? []);
|
|
5630
4490
|
}
|
|
5631
4491
|
throw Error(`This class only supports version 11 and lower! Version: ${this.version()}`);
|
|
5632
4492
|
}
|
|
5633
4493
|
issuerSupportedFlowTypes() {
|
|
5634
4494
|
return this.credentialOffer?.supportedFlows ?? (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ? [
|
|
5635
|
-
|
|
4495
|
+
import_oid4vci_common25.AuthzFlowType.AUTHORIZATION_CODE_FLOW
|
|
5636
4496
|
] : []);
|
|
5637
4497
|
}
|
|
5638
4498
|
isFlowTypeSupported(flowType) {
|
|
@@ -5648,7 +4508,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5648
4508
|
return this._state.credentialOffer;
|
|
5649
4509
|
}
|
|
5650
4510
|
version() {
|
|
5651
|
-
return this.credentialOffer?.version ??
|
|
4511
|
+
return this.credentialOffer?.version ?? import_oid4vci_common25.OpenId4VCIVersion.VER_1_0_11;
|
|
5652
4512
|
}
|
|
5653
4513
|
get endpointMetadata() {
|
|
5654
4514
|
this.assertServerMetadata();
|
|
@@ -5744,7 +4604,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5744
4604
|
};
|
|
5745
4605
|
if (!authorizationRequestOpts) {
|
|
5746
4606
|
authorizationRequestOpts = {
|
|
5747
|
-
redirectUri: `${
|
|
4607
|
+
redirectUri: `${import_oid4vci_common25.DefaultURISchemes.CREDENTIAL_OFFER}://`
|
|
5748
4608
|
};
|
|
5749
4609
|
}
|
|
5750
4610
|
const clientId = authorizationRequestOpts.clientId ?? this._state.clientId;
|
|
@@ -5755,7 +4615,7 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5755
4615
|
getAuthorizationCode = /* @__PURE__ */ __name((authorizationResponse, code) => {
|
|
5756
4616
|
if (authorizationResponse) {
|
|
5757
4617
|
this._state.authorizationCodeResponse = {
|
|
5758
|
-
...(0,
|
|
4618
|
+
...(0, import_oid4vci_common25.toAuthorizationResponsePayload)(authorizationResponse)
|
|
5759
4619
|
};
|
|
5760
4620
|
} else if (code) {
|
|
5761
4621
|
this._state.authorizationCodeResponse = {
|
|
@@ -5767,5 +4627,5 @@ ${JSON.stringify(response.errorBody)}`);
|
|
|
5767
4627
|
};
|
|
5768
4628
|
|
|
5769
4629
|
// lib/index.ts
|
|
5770
|
-
var LOG2 =
|
|
4630
|
+
var LOG2 = import_oid4vci_common26.VCI_LOGGERS.get("sphereon:oid4vci:client");
|
|
5771
4631
|
//# sourceMappingURL=index.cjs.map
|