@sphereon/oid4vci-client 0.6.1-next.8 → 0.7.1-next.10

package/lib/__tests__/MetadataClient.spec.ts

@@ -30,16 +30,18 @@ describe('MetadataClient with IdentiProof Issuer should', () => {
     nock(IDENTIPROOF_ISSUER_URL).get(WellKnownEndpoints.OPENID4VCI_ISSUER).reply(200, JSON.stringify(IDENTIPROOF_OID4VCI_METADATA));
 
     nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OAUTH_AS).reply(200, JSON.stringify(IDENTIPROOF_AS_METADATA));
+    nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404);
 
     const metadata = await MetadataClient.retrieveAllMetadata(IDENTIPROOF_ISSUER_URL);
     expect(metadata.credential_endpoint).toEqual('https://issuer.research.identiproof.io/credential');
     expect(metadata.token_endpoint).toEqual('https://auth.research.identiproof.io/oauth2/token');
-    expect(metadata.issuerMetadata).toEqual(IDENTIPROOF_OID4VCI_METADATA);
+    expect(metadata.credentialIssuerMetadata).toMatchObject(IDENTIPROOF_OID4VCI_METADATA);
   });
 
   it('succeed with OID4VCI and separate AS metadata from Initiation', async () => {
     nock(IDENTIPROOF_ISSUER_URL).get(WellKnownEndpoints.OPENID4VCI_ISSUER).reply(200, JSON.stringify(IDENTIPROOF_OID4VCI_METADATA));
     nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OAUTH_AS).reply(200, JSON.stringify(IDENTIPROOF_AS_METADATA));
+    nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404);
 
     const INITIATE_URI =
       'openid-initiate-issuance://?issuer=https%3A%2F%2Fissuer.research.identiproof.io&credential_type=OpenBadgeCredential&pre-authorized_code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhOTUyZjUxNi1jYWVmLTQ4YjMtODIxYy00OTRkYzgyNjljZjAiLCJwcmUtYXV0aG9yaXplZCI6dHJ1ZX0.YE5DlalcLC2ChGEg47CQDaN1gTxbaQqSclIVqsSAUHE&user_pin_required=false';
@@ -47,7 +49,7 @@ describe('MetadataClient with IdentiProof Issuer should', () => {
     const metadata = await MetadataClient.retrieveAllMetadata(getIssuerFromCredentialOfferPayload(initiation.credential_offer) as string);
     expect(metadata.credential_endpoint).toEqual('https://issuer.research.identiproof.io/credential');
     expect(metadata.token_endpoint).toEqual('https://auth.research.identiproof.io/oauth2/token');
-    expect(metadata.issuerMetadata).toEqual(IDENTIPROOF_OID4VCI_METADATA);
+    expect(metadata.credentialIssuerMetadata).toEqual(IDENTIPROOF_OID4VCI_METADATA);
   });
 
   it('Fail without OID4VCI and only AS metadata (no credential endpoint)', async () => {
@@ -64,18 +66,20 @@ describe('MetadataClient with IdentiProof Issuer should', () => {
       .reply(404, JSON.stringify({ error: 'does not exist' }));
 
     await expect(() => MetadataClient.retrieveAllMetadata(IDENTIPROOF_ISSUER_URL, { errorOnNotFound: true })).rejects.toThrowError(
-      'Could not deduce the token endpoint for https://issuer.research.identiproof.io',
+      'Could not deduce the token_endpoint for https://issuer.research.identiproof.io',
     );
   });
 
   it('Fail with OID4VCI and no AS metadata', async () => {
     nock(IDENTIPROOF_ISSUER_URL).get(WellKnownEndpoints.OPENID4VCI_ISSUER).reply(200, JSON.stringify(IDENTIPROOF_OID4VCI_METADATA));
-    nock(IDENTIPROOF_ISSUER_URL)
+    nock(IDENTIPROOF_AS_URL)
       .get(WellKnownEndpoints.OPENID_CONFIGURATION)
       .reply(404, JSON.stringify({ error: 'does not exist' }));
 
     nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OAUTH_AS).reply(404, JSON.stringify({}));
-    await expect(() => MetadataClient.retrieveAllMetadata(IDENTIPROOF_ISSUER_URL)).rejects.toThrowError('{"error": "not found"}');
+    await expect(() => MetadataClient.retrieveAllMetadata(IDENTIPROOF_ISSUER_URL)).rejects.toThrowError(
+      'Issuer https://issuer.research.identiproof.io provided a separate authorization server https://auth.research.identiproof.io, but that server did not provide metadata',
+    );
   });
 
   it('Fail if there is no token endpoint with errors enabled', async () => {
@@ -83,9 +87,10 @@ describe('MetadataClient with IdentiProof Issuer should', () => {
     const meta = JSON.parse(JSON.stringify(IDENTIPROOF_AS_METADATA));
     delete meta.token_endpoint;
     nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OAUTH_AS).reply(200, JSON.stringify(meta));
+    nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404);
 
     await expect(() => MetadataClient.retrieveAllMetadata(IDENTIPROOF_ISSUER_URL, { errorOnNotFound: true })).rejects.toThrowError(
-      'Could not deduce the token endpoint for https://issuer.research.identiproof.io',
+      'Authorization Sever https://auth.research.identiproof.io did not provide a token_endpoint',
     );
   });
 
@@ -94,6 +99,7 @@ describe('MetadataClient with IdentiProof Issuer should', () => {
     delete meta.credential_endpoint;
     nock(IDENTIPROOF_ISSUER_URL).get(WellKnownEndpoints.OPENID4VCI_ISSUER).reply(200, JSON.stringify(meta));
     nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OAUTH_AS).reply(200, JSON.stringify(IDENTIPROOF_AS_METADATA));
+    nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404);
 
     await expect(() => MetadataClient.retrieveAllMetadata(IDENTIPROOF_ISSUER_URL, { errorOnNotFound: true })).rejects.toThrowError(
       'Could not deduce the credential endpoint for https://issuer.research.identiproof.io',
@@ -103,6 +109,7 @@ describe('MetadataClient with IdentiProof Issuer should', () => {
   it('Succeed with default value if there is no credential endpoint with errors disabled', async () => {
     nock(IDENTIPROOF_ISSUER_URL).get(WellKnownEndpoints.OPENID4VCI_ISSUER).reply(200, JSON.stringify(IDENTIPROOF_OID4VCI_METADATA));
     nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OAUTH_AS).reply(200, JSON.stringify(IDENTIPROOF_AS_METADATA));
+    nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404);
 
     const metadata = await MetadataClient.retrieveAllMetadata(IDENTIPROOF_ISSUER_URL);
     expect(metadata.credential_endpoint).toEqual('https://issuer.research.identiproof.io/credential');
@@ -130,11 +137,13 @@ describe('MetadataClient with IdentiProof Issuer should', () => {
 describe('Metadataclient with Spruce Issuer should', () => {
   it('succeed with OID4VCI and separate AS metadata', async () => {
     nock(SPRUCE_ISSUER_URL).get(WellKnownEndpoints.OPENID4VCI_ISSUER).reply(200, JSON.stringify(SPRUCE_OID4VCI_METADATA));
+    nock(SPRUCE_ISSUER_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404);
+    nock(SPRUCE_ISSUER_URL).get(WellKnownEndpoints.OAUTH_AS).reply(404);
 
     const metadata = await MetadataClient.retrieveAllMetadata(SPRUCE_ISSUER_URL);
     expect(metadata.credential_endpoint).toEqual('https://ngi-oidc4vci-test.spruceid.xyz/credential');
     expect(metadata.token_endpoint).toEqual('https://ngi-oidc4vci-test.spruceid.xyz/token');
-    expect(metadata.issuerMetadata).toEqual(SPRUCE_OID4VCI_METADATA);
+    expect(metadata.credentialIssuerMetadata).toEqual(SPRUCE_OID4VCI_METADATA);
   });
 
   it('Fail without OID4VCI', async () => {
@@ -144,7 +153,7 @@ describe('Metadataclient with Spruce Issuer should', () => {
       .reply(404, JSON.stringify({ error: 'does not exist' }));
 
     await expect(() => MetadataClient.retrieveAllMetadata(SPRUCE_ISSUER_URL, { errorOnNotFound: true })).rejects.toThrowError(
-      'Could not deduce the token endpoint for https://ngi-oidc4vci-test.spruceid.xyz',
+      'Could not deduce the token_endpoint for https://ngi-oidc4vci-test.spruceid.xyz',
     );
   });
 });
@@ -160,7 +169,7 @@ describe('Metadataclient with Danubetech should', () => {
     const metadata = await MetadataClient.retrieveAllMetadata(DANUBE_ISSUER_URL);
     expect(metadata.credential_endpoint).toEqual('https://oidc4vc.uniissuer.io/credential');
     expect(metadata.token_endpoint).toEqual('https://oidc4vc.uniissuer.io/token');
-    expect(metadata.issuerMetadata).toEqual(DANUBE_OIDC_METADATA);
+    expect(metadata.credentialIssuerMetadata).toEqual(DANUBE_OIDC_METADATA);
   });
 
   it('Fail without OID4VCI', async () => {
@@ -170,7 +179,7 @@ describe('Metadataclient with Danubetech should', () => {
       .reply(404, JSON.stringify({ error: 'does not exist' }));
 
     await expect(() => MetadataClient.retrieveAllMetadata(SPRUCE_ISSUER_URL, { errorOnNotFound: true })).rejects.toThrowError(
-      'Could not deduce the token endpoint for https://ngi-oidc4vci-test.spruceid.xyz',
+      'Could not deduce the token_endpoint for https://ngi-oidc4vci-test.spruceid.xyz',
     );
   });
 });
@@ -187,7 +196,7 @@ describe('Metadataclient with Walt-id should', () => {
     const metadata = await MetadataClient.retrieveAllMetadata(WALT_ISSUER_URL);
     expect(metadata.credential_endpoint).toEqual('https://jff.walt.id/issuer-api/oidc/credential');
     expect(metadata.token_endpoint).toEqual('https://jff.walt.id/issuer-api/oidc/token');
-    expect(metadata.issuerMetadata).toEqual(WALT_OID4VCI_METADATA);
+    expect(metadata.credentialIssuerMetadata).toEqual(WALT_OID4VCI_METADATA);
   });
 
   it('Fail without OID4VCI', async () => {
@@ -197,7 +206,7 @@ describe('Metadataclient with Walt-id should', () => {
       .reply(404, JSON.stringify({ error: 'does not exist' }));
 
     await expect(() => MetadataClient.retrieveAllMetadata(WALT_ISSUER_URL, { errorOnNotFound: true })).rejects.toThrowError(
-      'Could not deduce the token endpoint for https://jff.walt.id/issuer-api/oidc',
+      'Could not deduce the token_endpoint for https://jff.walt.id/issuer-api/oidc',
     );
   });
 });

package/lib/__tests__/OpenID4VCIClient.spec.ts

@@ -1,4 +1,4 @@
-import { AuthzFlowType, CodeChallengeMethod } from '@sphereon/oid4vci-common';
+import { AuthzFlowType, CodeChallengeMethod, WellKnownEndpoints } from '@sphereon/oid4vci-common';
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
 // @ts-ignore
 import nock from 'nock';
@@ -12,6 +12,8 @@ describe('OpenID4VCIClient should', () => {
 
   beforeEach(async () => {
     nock(MOCK_URL).get(/.*/).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(404, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
     client = await OpenID4VCIClient.fromURI({
       uri: 'openid-initiate-issuance://?issuer=https://server.example.com&credential_type=TestCredential',
       flowType: AuthzFlowType.AUTHORIZATION_CODE_FLOW,
@@ -25,7 +27,7 @@ describe('OpenID4VCIClient should', () => {
   it('should create successfully construct an authorization request url', async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata?.issuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
     const url = client.createAuthorizationRequestUrl({
       clientId: 'test-client',
       codeChallengeMethod: CodeChallengeMethod.SHA256,
@@ -53,7 +55,7 @@ describe('OpenID4VCIClient should', () => {
   it("injects 'openid' as the first scope if not provided", async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata?.issuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
 
     const url = client.createAuthorizationRequestUrl({
       clientId: 'test-client',
@@ -71,7 +73,7 @@ describe('OpenID4VCIClient should', () => {
   it('throw an error if no scope and no authorization_details is provided', async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata?.issuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
 
     expect(() => {
       client.createAuthorizationRequestUrl({
@@ -85,7 +87,7 @@ describe('OpenID4VCIClient should', () => {
   it('create an authorization request url with authorization_details array property', async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata.issuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
 
     expect(
       client.createAuthorizationRequestUrl({
@@ -116,7 +118,7 @@ describe('OpenID4VCIClient should', () => {
   it('create an authorization request url with authorization_details object property', async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata.issuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
 
     expect(
       client.createAuthorizationRequestUrl({
@@ -140,7 +142,7 @@ describe('OpenID4VCIClient should', () => {
   it('create an authorization request url with authorization_details and scope', async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata.issuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._endpointMetadata.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
 
     expect(
       client.createAuthorizationRequestUrl({

package/lib/__tests__/OpenID4VCIClientPAR.spec.ts

@@ -1,4 +1,4 @@
-import { AuthzFlowType, CodeChallengeMethod, Oauth2ASWithOID4VCIMetadata } from '@sphereon/oid4vci-common';
+import { AuthzFlowType, CodeChallengeMethod, WellKnownEndpoints } from '@sphereon/oid4vci-common';
 import nock from 'nock';
 
 import { OpenID4VCIClient } from '../OpenID4VCIClient';
@@ -9,6 +9,8 @@ describe('OpenID4VCIClient', () => {
 
   beforeEach(async () => {
     nock(MOCK_URL).get(/.*/).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(404, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
     nock(`${MOCK_URL}`).post('/v1/auth/par').reply(201, { request_uri: 'test_uri', expires_in: 90 });
     client = await OpenID4VCIClient.fromURI({
       uri: 'openid-initiate-issuance://?issuer=https://server.example.com&credential_type=TestCredential',
@@ -21,7 +23,7 @@ describe('OpenID4VCIClient', () => {
   });
 
   it('should successfully retrieve the authorization code using PAR', async () => {
-    (client.endpointMetadata.issuerMetadata! as Oauth2ASWithOID4VCIMetadata).pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
+    client.endpointMetadata.credentialIssuerMetadata!.pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
     const actual = await client.acquirePushedAuthorizationRequestURI({
       clientId: 'test-client',
       codeChallengeMethod: CodeChallengeMethod.SHA256,
@@ -56,7 +58,7 @@ describe('OpenID4VCIClient', () => {
   });
 
   it('should not fail when only authorization_details is present', async () => {
-    (client.endpointMetadata.issuerMetadata! as Oauth2ASWithOID4VCIMetadata).pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
+    client.endpointMetadata.credentialIssuerMetadata!.pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
     const actual = await client.acquirePushedAuthorizationRequestURI({
       clientId: 'test-client',
       codeChallengeMethod: CodeChallengeMethod.SHA256,
@@ -77,7 +79,7 @@ describe('OpenID4VCIClient', () => {
   });
 
   it('should not fail when only scope is present', async () => {
-    (client.endpointMetadata.issuerMetadata! as Oauth2ASWithOID4VCIMetadata).pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
+    client.endpointMetadata.credentialIssuerMetadata!.pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
     const actual = await client.acquirePushedAuthorizationRequestURI({
       clientId: 'test-client',
       codeChallengeMethod: CodeChallengeMethod.SHA256,
@@ -89,7 +91,7 @@ describe('OpenID4VCIClient', () => {
   });
 
   it('should not fail when both authorization_details and scope are present', async () => {
-    (client.endpointMetadata.issuerMetadata! as Oauth2ASWithOID4VCIMetadata).pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
+    client.endpointMetadata.credentialIssuerMetadata!.pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
     const actual = await client.acquirePushedAuthorizationRequestURI({
       clientId: 'test-client',
       codeChallengeMethod: CodeChallengeMethod.SHA256,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/oid4vci-client",
-  "version": "0.6.1-next.8+02c84d3",
+  "version": "0.7.1-next.10+ab47468",
   "description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client",
   "source": "lib/index.ts",
   "main": "dist/index.js",
@@ -15,15 +15,14 @@
     "build": "tsc"
   },
   "dependencies": {
-    "@sphereon/oid4vci-common": "0.6.1-next.8+02c84d3",
+    "@sphereon/oid4vci-common": "0.7.1-next.10+ab47468",
     "@sphereon/ssi-types": "^0.15.1",
     "cross-fetch": "^3.1.8",
-    "debug": "^4.3.4",
-    "uint8arrays": "^4.0.6"
+    "debug": "^4.3.4"
   },
   "devDependencies": {
     "@types/jest": "^29.5.3",
-    "@types/node": "^18.17.3",
+    "@types/node": "^18.17.4",
     "@typescript-eslint/eslint-plugin": "^5.62.0",
     "@typescript-eslint/parser": "^5.62.0",
     "codecov": "^3.8.3",
@@ -40,7 +39,8 @@
     "open-cli": "^7.2.0",
     "ts-jest": "^29.1.1",
     "ts-node": "^10.9.1",
-    "typescript": "4.9.5"
+    "typescript": "4.9.5",
+    "uint8arrays": "3.1.1"
   },
   "engines": {
     "node": ">=16"
@@ -64,5 +64,5 @@
     "OIDC4VCI",
     "OID4VCI"
   ],
-  "gitHead": "02c84d30ec5fd81b1ecbec0d676e9a8c9b731823"
+  "gitHead": "ab474685112423e8eabee445baae6403e45fd087"
 }