@sphereon/oid4vci-client 0.7.4-unstable.3 → 0.7.4-unstable.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -1
- package/dist/AccessTokenClient.d.ts.map +1 -1
- package/dist/AccessTokenClient.js +11 -18
- package/dist/AccessTokenClient.js.map +1 -1
- package/dist/OpenID4VCIClient.d.ts +4 -8
- package/dist/OpenID4VCIClient.d.ts.map +1 -1
- package/dist/OpenID4VCIClient.js +43 -37
- package/dist/OpenID4VCIClient.js.map +1 -1
- package/lib/AccessTokenClient.ts +18 -18
- package/lib/OpenID4VCIClient.ts +62 -59
- package/lib/__tests__/AccessTokenClient.spec.ts +1 -26
- package/lib/__tests__/IT.spec.ts +0 -4
- package/lib/__tests__/MattrE2E.spec.test.ts +1 -3
- package/lib/__tests__/OpenID4VCIClient.spec.ts +5 -12
- package/lib/__tests__/OpenID4VCIClientPAR.spec.ts +10 -12
- package/package.json +3 -3
package/README.md
CHANGED
|
@@ -57,7 +57,6 @@ import { OpenID4VCIClient } from '@sphereon/oid4vci-client';
|
|
|
57
57
|
// The client is initiated from a URI. This URI is provided by the Issuer, typically as a URL or QR code.
|
|
58
58
|
const client = await OpenID4VCIClient.fromURI({
|
|
59
59
|
uri: 'openid-initiate-issuance://?issuer=https%3A%2F%2Fissuer.research.identiproof.io&credential_type=OpenBadgeCredentialUrl&pre-authorized_code=4jLs9xZHEfqcoow0kHE7d1a8hUk6Sy-5bVSV2MqBUGUgiFFQi-ImL62T-FmLIo8hKA1UdMPH0lM1xAgcFkJfxIw9L-lI3mVs0hRT8YVwsEM1ma6N3wzuCdwtMU4bcwKp&user_pin_required=true',
|
|
60
|
-
flowType: AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW, // The flow to use
|
|
61
60
|
kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21#key-1', // Our DID. You can defer this also to when the acquireCredential method is called
|
|
62
61
|
alg: Alg.ES256, // The signing Algorithm we will use. You can defer this also to when the acquireCredential method is called
|
|
63
62
|
clientId: 'test-clientId', // The clientId if the Authrozation Service requires it. If a clientId is needed you can defer this also to when the acquireAccessToken method is called
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,
|
|
1
|
+
{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAEvB,gBAAgB,EAGhB,UAAU,EACV,cAAc,EAKf,MAAM,0BAA0B,CAAC;AASlC,qBAAa,iBAAiB;IACf,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IA6B9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAoChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,yBAAyB;IAOjC,OAAO,CAAC,QAAQ;YAeF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAUnC,OAAO,CAAC,qBAAqB;CAI9B"}
|
|
@@ -65,7 +65,7 @@ class AccessTokenClient {
|
|
|
65
65
|
});
|
|
66
66
|
}
|
|
67
67
|
createAccessTokenRequest(opts) {
|
|
68
|
-
var _a, _b
|
|
68
|
+
var _a, _b;
|
|
69
69
|
return __awaiter(this, void 0, void 0, function* () {
|
|
70
70
|
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
71
71
|
const credentialOfferRequest = yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer);
|
|
@@ -73,32 +73,25 @@ class AccessTokenClient {
|
|
|
73
73
|
if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
|
|
74
74
|
request.client_id = asOpts.clientId;
|
|
75
75
|
}
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
if (isPreAuth) {
|
|
80
|
-
if (codeVerifier) {
|
|
81
|
-
throw new Error('Cannot pass a code_verifier when flow type is pre-authorized');
|
|
82
|
-
}
|
|
76
|
+
if (credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
|
|
77
|
+
this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
|
|
78
|
+
request.user_pin = pin;
|
|
83
79
|
request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
|
|
84
80
|
// we actually know it is there because of the isPreAuthCode call
|
|
85
81
|
request[oid4vci_common_1.PRE_AUTH_CODE_LITERAL] =
|
|
86
82
|
(_b = (_a = credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.credential_offer.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b[oid4vci_common_1.PRE_AUTH_CODE_LITERAL];
|
|
83
|
+
return request;
|
|
87
84
|
}
|
|
88
|
-
if (
|
|
89
|
-
this.throwNotSupportedFlow(); // not supported yet
|
|
85
|
+
if (credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
|
|
90
86
|
request.grant_type = oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE;
|
|
91
|
-
}
|
|
92
|
-
if (codeVerifier) {
|
|
93
|
-
request.code_verifier = codeVerifier;
|
|
94
87
|
request.code = code;
|
|
95
88
|
request.redirect_uri = redirectUri;
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
89
|
+
if (codeVerifier) {
|
|
90
|
+
request.code_verifier = codeVerifier;
|
|
91
|
+
}
|
|
92
|
+
return request;
|
|
100
93
|
}
|
|
101
|
-
|
|
94
|
+
throw new Error('Credential offer request does not follow neither pre-authorized code nor authorization code flow requirements.');
|
|
102
95
|
});
|
|
103
96
|
}
|
|
104
97
|
assertPreAuthorizedGrantType(grantType) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAgBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAClD,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,iBAAiB;IACf,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACnF,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YAChF,MAAM,MAAM,GAAG,MAAA,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,mCAAK,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC;YACrH,IAAI,CAAC,MAAM,EAAE;gBACX,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;aAC9C;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;iBACJ,CAAC;gBACF,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAgBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAClD,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,iBAAiB;IACf,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACnF,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YAChF,MAAM,MAAM,GAAG,MAAA,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,mCAAK,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC;YACrH,IAAI,CAAC,MAAM,EAAE;gBACX,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;aAC9C;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;iBACJ,CAAC;gBACF,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YAEjD,MAAM,eAAe,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;gBAC1D,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBAC3B,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aACd,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAAG,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAC3F,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE;gBACpB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;aACrC;YAED,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE;gBAC1F,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC7F,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;aACtC;YAED,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE;gBACzF,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE;oBAChB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;iBACtC;gBAED,OAAO,OAA6B,CAAC;aACtC;YAED,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;;KACnI;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE;YAChD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;SAC9F;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE;YAC/C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;SAC5D;IACH,CAAC;IAEO,kBAAkB,CAAC,cAA6C;;QACtE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;SACrD;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QACnE,IAAI,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,EAAE;YACnF,aAAa,GAAG,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,sDAAsD,CAAC,0CAAE,iBAAiB,mCAAI,KAAK,CAAC;SAC3H;QACD,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO,aAAa,CAAC;IACvB,CAAC;IAEO,gBAAgB,CAAC,aAAuB,EAAE,GAAY;QAC5D,IAAI,aAAa,EAAE;YACjB,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;gBAClC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;aAC5F;SACF;aAAM,IAAI,GAAG,EAAE;YACd,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;SACpE;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE;YAC9C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;SAClH;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE;YACrC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;SAChF;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE;YAC5B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;SACvE;IACH,CAAC;IAEO,yBAAyB,CAAC,kBAAsC;QACtE,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE;YACpC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;SAC/E;IACH,CAAC;IAEO,QAAQ,CAAC,kBAAsC,EAAE,aAAuB;QAC9E,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE;YACpE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;SACnE;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE;YAC1E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;YAC5C,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,CAAC;SACpD;aAAM;YACL,IAAI,CAAC,qBAAqB,CAAC;SAC5B;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,oBAAQ,EAAC,eAAe,EAAE,IAAA,4BAAgB,EAAC,kBAAkB,CAAC,CAAC,CAAC;QAC/E,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE;YACvD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;SACrH;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE;YACvB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;SAClG;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE;YACnC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;SAC/B;aAAM;YACL,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE;gBACvB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;aACnH;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;SAC9G;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;SAC3F;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;YAC9D,MAAM,KAAK,CAAC,+CAA+C,GAAG,sEAAsE,CAAC,CAAC;SACvI;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;CACF;AA/ND,8CA+NC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AccessTokenResponse, Alg, AuthzFlowType, CodeChallengeMethod, CredentialOfferRequestWithBaseUrl, CredentialResponse, CredentialSupported, EndpointMetadataResult, OID4VCICredentialFormat, OpenId4VCIVersion,
|
|
1
|
+
import { AccessTokenResponse, Alg, AuthzFlowType, CodeChallengeMethod, CredentialOfferRequestWithBaseUrl, CredentialResponse, CredentialSupported, EndpointMetadataResult, OID4VCICredentialFormat, OpenId4VCIVersion, ProofOfPossessionCallbacks } from '@sphereon/oid4vci-common';
|
|
2
2
|
import { CredentialFormat } from '@sphereon/ssi-types';
|
|
3
3
|
interface AuthDetails {
|
|
4
4
|
type: 'openid_credential' | string;
|
|
@@ -7,7 +7,6 @@ interface AuthDetails {
|
|
|
7
7
|
[s: string]: unknown;
|
|
8
8
|
}
|
|
9
9
|
interface AuthRequestOpts {
|
|
10
|
-
clientId: string;
|
|
11
10
|
codeChallenge: string;
|
|
12
11
|
codeChallengeMethod: CodeChallengeMethod;
|
|
13
12
|
authorizationDetails?: AuthDetails | AuthDetails[];
|
|
@@ -15,7 +14,6 @@ interface AuthRequestOpts {
|
|
|
15
14
|
scope?: string;
|
|
16
15
|
}
|
|
17
16
|
export declare class OpenID4VCIClient {
|
|
18
|
-
private readonly _flowType;
|
|
19
17
|
private readonly _credentialOffer;
|
|
20
18
|
private _clientId?;
|
|
21
19
|
private _kid;
|
|
@@ -23,9 +21,8 @@ export declare class OpenID4VCIClient {
|
|
|
23
21
|
private _endpointMetadata;
|
|
24
22
|
private _accessTokenResponse;
|
|
25
23
|
private constructor();
|
|
26
|
-
static fromURI({ uri,
|
|
24
|
+
static fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, resolveOfferUri, }: {
|
|
27
25
|
uri: string;
|
|
28
|
-
flowType: AuthzFlowType;
|
|
29
26
|
kid?: string;
|
|
30
27
|
alg?: Alg | string;
|
|
31
28
|
retrieveServerMetadata?: boolean;
|
|
@@ -33,8 +30,8 @@ export declare class OpenID4VCIClient {
|
|
|
33
30
|
clientId?: string;
|
|
34
31
|
}): Promise<OpenID4VCIClient>;
|
|
35
32
|
retrieveServerMetadata(): Promise<EndpointMetadataResult>;
|
|
36
|
-
createAuthorizationRequestUrl({
|
|
37
|
-
acquirePushedAuthorizationRequestURI({
|
|
33
|
+
createAuthorizationRequestUrl({ codeChallengeMethod, codeChallenge, authorizationDetails, redirectUri, scope }: AuthRequestOpts): string;
|
|
34
|
+
acquirePushedAuthorizationRequestURI({ codeChallengeMethod, codeChallenge, authorizationDetails, redirectUri, scope, }: AuthRequestOpts): Promise<string>;
|
|
38
35
|
handleAuthorizationDetails(authorizationDetails?: AuthDetails | AuthDetails[]): AuthDetails | AuthDetails[] | undefined;
|
|
39
36
|
private handleLocations;
|
|
40
37
|
acquireAccessToken(opts?: {
|
|
@@ -54,7 +51,6 @@ export declare class OpenID4VCIClient {
|
|
|
54
51
|
}): Promise<CredentialResponse>;
|
|
55
52
|
getCredentialsSupported(restrictToInitiationTypes: boolean, format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[]): CredentialSupported[];
|
|
56
53
|
getCredentialOfferTypes(): string[][];
|
|
57
|
-
get flowType(): AuthzFlowType;
|
|
58
54
|
issuerSupportedFlowTypes(): AuthzFlowType[];
|
|
59
55
|
get credentialOffer(): CredentialOfferRequestWithBaseUrl;
|
|
60
56
|
version(): OpenId4VCIVersion;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OpenID4VCIClient.d.ts","sourceRoot":"","sources":["../lib/OpenID4VCIClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,GAAG,
|
|
1
|
+
{"version":3,"file":"OpenID4VCIClient.d.ts","sourceRoot":"","sources":["../lib/OpenID4VCIClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,GAAG,EACH,aAAa,EACb,mBAAmB,EAEnB,iCAAiC,EACjC,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EAEtB,uBAAuB,EACvB,iBAAiB,EACjB,0BAA0B,EAG3B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAYvD,UAAU,WAAW;IACnB,IAAI,EAAE,mBAAmB,GAAG,MAAM,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,GAAG,gBAAgB,EAAE,CAAC;IAE9C,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB;AAED,UAAU,eAAe;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,oBAAoB,CAAC,EAAE,WAAW,GAAG,WAAW,EAAE,CAAC;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAoC;IACrE,OAAO,CAAC,SAAS,CAAC,CAAS;IAC3B,OAAO,CAAC,IAAI,CAAqB;IACjC,OAAO,CAAC,IAAI,CAA2B;IACvC,OAAO,CAAC,iBAAiB,CAAqC;IAC9D,OAAO,CAAC,oBAAoB,CAAkC;IAE9D,OAAO;WAOa,OAAO,CAAC,EAC1B,GAAG,EACH,GAAG,EACH,GAAG,EACH,sBAAsB,EACtB,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC;QACnB,sBAAsB,CAAC,EAAE,OAAO,CAAC;QACjC,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAShB,sBAAsB,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAQ/D,6BAA6B,CAAC,EAAE,mBAAmB,EAAE,aAAa,EAAE,oBAAoB,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,eAAe,GAAG,MAAM;IAiDlI,oCAAoC,CAAC,EAChD,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,WAAW,EACX,KAAK,GACN,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC;IAsD7B,0BAA0B,CAAC,oBAAoB,CAAC,EAAE,WAAW,GAAG,WAAW,EAAE,GAAG,WAAW,GAAG,WAAW,EAAE,GAAG,SAAS;IAW9H,OAAO,CAAC,eAAe;IAkBV,kBAAkB,CAAC,IAAI,CAAC,EAAE;QACrC,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAyCnB,kBAAkB,CAAC,EAC9B,eAAe,EACf,cAAc,EACd,MAAM,EACN,GAAG,EACH,GAAG,EACH,GAAG,GACJ,EAAE;QACD,eAAe,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QACnC,cAAc,EAAE,0BAA0B,CAAC,GAAG,CAAC,CAAC;QAChD,MAAM,CAAC,EAAE,gBAAgB,GAAG,uBAAuB,CAAC;QACpD,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC;QACnB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAsF/B,uBAAuB,CACrB,yBAAyB,EAAE,OAAO,EAClC,MAAM,CAAC,EAAE,CAAC,uBAAuB,GAAG,MAAM,CAAC,GAAG,CAAC,uBAAuB,GAAG,MAAM,CAAC,EAAE,GACjF,mBAAmB,EAAE;IASxB,uBAAuB,IAAI,MAAM,EAAE,EAAE;IAcrC,wBAAwB,IAAI,aAAa,EAAE;IAI3C,IAAI,eAAe,IAAI,iCAAiC,CAEvD;IAEM,OAAO,IAAI,iBAAiB;IAInC,IAAW,gBAAgB,IAAI,sBAAsB,CAIpD;IAED,IAAI,GAAG,IAAI,MAAM,CAMhB;IAED,IAAI,GAAG,IAAI,MAAM,CAMhB;IAED,IAAI,QAAQ,IAAI,MAAM,GAAG,SAAS,CAKjC;IAED,IAAI,mBAAmB,IAAI,mBAAmB,CAI7C;IAEM,SAAS,IAAI,MAAM;IAKnB,sBAAsB,IAAI,MAAM;IAOhC,qBAAqB,IAAI,MAAM;IAKtC,OAAO,CAAC,gBAAgB;IAMxB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,iBAAiB;CAK1B"}
|
package/dist/OpenID4VCIClient.js
CHANGED
|
@@ -24,19 +24,15 @@ const ProofOfPossessionBuilder_1 = require("./ProofOfPossessionBuilder");
|
|
|
24
24
|
const functions_1 = require("./functions");
|
|
25
25
|
const debug = (0, debug_1.default)('sphereon:oid4vci');
|
|
26
26
|
class OpenID4VCIClient {
|
|
27
|
-
constructor(credentialOffer,
|
|
28
|
-
if (!credentialOffer.supportedFlows.includes(flowType)) {
|
|
29
|
-
throw Error(`Flows ${flowType} is not supported by issuer ${credentialOffer.credential_offer_uri}`);
|
|
30
|
-
}
|
|
31
|
-
this._flowType = flowType;
|
|
27
|
+
constructor(credentialOffer, kid, alg, clientId) {
|
|
32
28
|
this._credentialOffer = credentialOffer;
|
|
33
29
|
this._kid = kid;
|
|
34
30
|
this._alg = alg;
|
|
35
31
|
this._clientId = clientId;
|
|
36
32
|
}
|
|
37
|
-
static fromURI({ uri,
|
|
33
|
+
static fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, resolveOfferUri, }) {
|
|
38
34
|
return __awaiter(this, void 0, void 0, function* () {
|
|
39
|
-
const client = new OpenID4VCIClient(yield CredentialOfferClient_1.CredentialOfferClient.fromURI(uri, { resolve: resolveOfferUri }),
|
|
35
|
+
const client = new OpenID4VCIClient(yield CredentialOfferClient_1.CredentialOfferClient.fromURI(uri, { resolve: resolveOfferUri }), kid, alg, clientId);
|
|
40
36
|
if (retrieveServerMetadata === undefined || retrieveServerMetadata) {
|
|
41
37
|
yield client.retrieveServerMetadata();
|
|
42
38
|
}
|
|
@@ -52,7 +48,7 @@ class OpenID4VCIClient {
|
|
|
52
48
|
return this.endpointMetadata;
|
|
53
49
|
});
|
|
54
50
|
}
|
|
55
|
-
createAuthorizationRequestUrl({
|
|
51
|
+
createAuthorizationRequestUrl({ codeChallengeMethod, codeChallenge, authorizationDetails, redirectUri, scope }) {
|
|
56
52
|
var _a;
|
|
57
53
|
// Scope and authorization_details can be used in the same authorization request
|
|
58
54
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-23#name-relationship-to-scope-param
|
|
@@ -70,27 +66,32 @@ class OpenID4VCIClient {
|
|
|
70
66
|
throw Error('Server metadata does not contain authorization endpoint');
|
|
71
67
|
}
|
|
72
68
|
// add 'openid' scope if not present
|
|
73
|
-
if (scope
|
|
74
|
-
scope =
|
|
69
|
+
if (!(scope === null || scope === void 0 ? void 0 : scope.includes('openid'))) {
|
|
70
|
+
scope = ['openid', scope].filter((s) => !!s).join(' ');
|
|
75
71
|
}
|
|
76
|
-
//fixme: handle this for v11
|
|
77
72
|
const queryObj = {
|
|
78
73
|
response_type: oid4vci_common_1.ResponseType.AUTH_CODE,
|
|
79
|
-
client_id: clientId,
|
|
80
74
|
code_challenge_method: codeChallengeMethod,
|
|
81
75
|
code_challenge: codeChallenge,
|
|
82
76
|
authorization_details: JSON.stringify(this.handleAuthorizationDetails(authorizationDetails)),
|
|
83
77
|
redirect_uri: redirectUri,
|
|
84
78
|
scope: scope,
|
|
85
79
|
};
|
|
80
|
+
if (this.clientId) {
|
|
81
|
+
queryObj['client_id'] = this.clientId;
|
|
82
|
+
}
|
|
83
|
+
if (this.credentialOffer.issuerState) {
|
|
84
|
+
queryObj['issuer_state'] = this.credentialOffer.issuerState;
|
|
85
|
+
}
|
|
86
86
|
return (0, functions_1.convertJsonToURI)(queryObj, {
|
|
87
87
|
baseUrl: this._endpointMetadata.authorization_endpoint,
|
|
88
|
-
uriTypeProperties: ['redirect_uri', 'scope', 'authorization_details'],
|
|
89
|
-
|
|
88
|
+
uriTypeProperties: ['redirect_uri', 'scope', 'authorization_details', 'issuer_state'],
|
|
89
|
+
mode: oid4vci_common_1.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
90
|
+
// We do not add the version here, as this always needs to be form encoded
|
|
90
91
|
});
|
|
91
92
|
}
|
|
92
|
-
acquirePushedAuthorizationRequestURI({
|
|
93
|
-
var _a;
|
|
93
|
+
acquirePushedAuthorizationRequestURI({ codeChallengeMethod, codeChallenge, authorizationDetails, redirectUri, scope, }) {
|
|
94
|
+
var _a, _b;
|
|
94
95
|
return __awaiter(this, void 0, void 0, function* () {
|
|
95
96
|
// Scope and authorization_details can be used in the same authorization request
|
|
96
97
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-23#name-relationship-to-scope-param
|
|
@@ -108,20 +109,29 @@ class OpenID4VCIClient {
|
|
|
108
109
|
}
|
|
109
110
|
const parEndpoint = this._endpointMetadata.credentialIssuerMetadata.pushed_authorization_request_endpoint;
|
|
110
111
|
// add 'openid' scope if not present
|
|
111
|
-
if (scope
|
|
112
|
-
scope =
|
|
112
|
+
if (!(scope === null || scope === void 0 ? void 0 : scope.includes('openid'))) {
|
|
113
|
+
scope = ['openid', scope].filter((s) => !!s).join(' ');
|
|
113
114
|
}
|
|
114
|
-
//fixme: handle this for v11
|
|
115
115
|
const queryObj = {
|
|
116
116
|
response_type: oid4vci_common_1.ResponseType.AUTH_CODE,
|
|
117
|
-
client_id: clientId,
|
|
118
117
|
code_challenge_method: codeChallengeMethod,
|
|
119
118
|
code_challenge: codeChallenge,
|
|
120
119
|
authorization_details: JSON.stringify(this.handleAuthorizationDetails(authorizationDetails)),
|
|
121
120
|
redirect_uri: redirectUri,
|
|
122
121
|
scope: scope,
|
|
123
122
|
};
|
|
124
|
-
|
|
123
|
+
if (this.clientId) {
|
|
124
|
+
queryObj['client_id'] = this.clientId;
|
|
125
|
+
}
|
|
126
|
+
if (this.credentialOffer.issuerState) {
|
|
127
|
+
queryObj['issuer_state'] = this.credentialOffer.issuerState;
|
|
128
|
+
}
|
|
129
|
+
const response = yield (0, functions_1.formPost)(parEndpoint, new URLSearchParams(queryObj));
|
|
130
|
+
return (0, functions_1.convertJsonToURI)({ request_uri: (_b = response.successBody) === null || _b === void 0 ? void 0 : _b.request_uri }, {
|
|
131
|
+
baseUrl: this._endpointMetadata.credentialIssuerMetadata.authorization_endpoint,
|
|
132
|
+
uriTypeProperties: ['request_uri'],
|
|
133
|
+
mode: oid4vci_common_1.JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
134
|
+
});
|
|
125
135
|
});
|
|
126
136
|
}
|
|
127
137
|
handleAuthorizationDetails(authorizationDetails) {
|
|
@@ -201,21 +211,20 @@ class OpenID4VCIClient {
|
|
|
201
211
|
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
202
212
|
if ((_a = this.endpointMetadata) === null || _a === void 0 ? void 0 : _a.credentialIssuerMetadata) {
|
|
203
213
|
const metadata = this.endpointMetadata.credentialIssuerMetadata;
|
|
204
|
-
const types = Array.isArray(credentialTypes) ? credentialTypes : [credentialTypes];
|
|
214
|
+
const types = Array.isArray(credentialTypes) ? credentialTypes.sort() : [credentialTypes];
|
|
205
215
|
if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
throw Error('types is required in the credentials supported');
|
|
211
|
-
}
|
|
212
|
-
if (credentialSupported.types.indexOf(type) != -1) {
|
|
213
|
-
typeSupported = true;
|
|
214
|
-
}
|
|
216
|
+
let typeSupported = false;
|
|
217
|
+
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
218
|
+
if (!supportedCredential.types || supportedCredential.types.length === 0) {
|
|
219
|
+
throw Error('types is required in the credentials supported');
|
|
215
220
|
}
|
|
216
|
-
if (
|
|
217
|
-
|
|
221
|
+
if (supportedCredential.types.sort().every((t, i) => types[i] === t) ||
|
|
222
|
+
(types.length === 1 && (types[0] === supportedCredential.id || supportedCredential.types.includes(types[0])))) {
|
|
223
|
+
typeSupported = true;
|
|
218
224
|
}
|
|
225
|
+
});
|
|
226
|
+
if (!typeSupported) {
|
|
227
|
+
throw Error(`Not all credential types ${JSON.stringify(credentialTypes)} are supported by issuer ${this.getIssuer()}`);
|
|
219
228
|
}
|
|
220
229
|
}
|
|
221
230
|
else if (metadata.credentials_supported && !Array.isArray(metadata.credentials_supported)) {
|
|
@@ -278,14 +287,11 @@ class OpenID4VCIClient {
|
|
|
278
287
|
return result;
|
|
279
288
|
}
|
|
280
289
|
else {
|
|
281
|
-
return this.credentialOffer.credential_offer.credentials.map((c
|
|
290
|
+
return this.credentialOffer.credential_offer.credentials.map((c) => {
|
|
282
291
|
return typeof c === 'string' ? [c] : c.types;
|
|
283
292
|
});
|
|
284
293
|
}
|
|
285
294
|
}
|
|
286
|
-
get flowType() {
|
|
287
|
-
return this._flowType;
|
|
288
|
-
}
|
|
289
295
|
issuerSupportedFlowTypes() {
|
|
290
296
|
return this.credentialOffer.supportedFlows;
|
|
291
297
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OpenID4VCIClient.js","sourceRoot":"","sources":["../lib/OpenID4VCIClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAiBkC;AAClC,qGAAsG;AAGtG,kDAA0B;AAE1B,2DAAwD;AACxD,mEAAgE;AAChE,qFAAkF;AAClF,qDAAkD;AAClD,yEAAsE;AACtE,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,kBAAkB,CAAC,CAAC;AAmBxC,MAAa,gBAAgB;IAS3B,YACE,eAAkD,EAClD,QAAuB,EACvB,GAAY,EACZ,GAAkB,EAClB,QAAiB;QAEjB,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;YACtD,MAAM,KAAK,CAAC,SAAS,QAAQ,+BAA+B,eAAe,CAAC,oBAAoB,EAAE,CAAC,CAAC;SACrG;QACD,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAC;QACxC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAEM,MAAM,CAAO,OAAO,CAAC,EAC1B,GAAG,EACH,QAAQ,EACR,GAAG,EACH,GAAG,EACH,sBAAsB,EACtB,QAAQ,EACR,eAAe,GAShB;;YACC,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,MAAM,6CAAqB,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;YAE1I,IAAI,sBAAsB,KAAK,SAAS,IAAI,sBAAsB,EAAE;gBAClE,MAAM,MAAM,CAAC,sBAAsB,EAAE,CAAC;aACvC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;IAEY,sBAAsB;;YACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;gBAC3B,IAAI,CAAC,iBAAiB,GAAG,MAAM,+BAAc,CAAC,sCAAsC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;aAC5G;YACD,OAAO,IAAI,CAAC,gBAAgB,CAAC;QAC/B,CAAC;KAAA;IAEM,6BAA6B,CAAC,EACnC,QAAQ,EACR,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,WAAW,EACX,KAAK,GACW;;QAChB,gFAAgF;QAChF,iGAAiG;QACjG,IAAI,CAAC,KAAK,IAAI,CAAC,oBAAoB,EAAE;YACnC,MAAM,KAAK,CAAC,iDAAiD,CAAC,CAAC;SAChE;QACD,uHAAuH;QACvH,oDAAoD;QACpD,IACE,IAAI,CAAC,iBAAiB;YACtB,IAAI,CAAC,iBAAiB,CAAC,wBAAwB;YAC/C,wBAAwB,IAAI,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,EAC3E;YACA,IAAI,CAAC,iBAAiB,CAAC,sBAAsB,GAAG,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,CAAC,sBAAgC,CAAC;SAClI;QACD,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,iBAAiB,0CAAE,sBAAsB,CAAA,EAAE;YACnD,MAAM,KAAK,CAAC,yDAAyD,CAAC,CAAC;SACxE;QAED,oCAAoC;QACpC,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;YACtC,KAAK,GAAG,UAAU,KAAK,EAAE,CAAC;SAC3B;QAED,4BAA4B;QAC5B,MAAM,QAAQ,GAAG;YACf,aAAa,EAAE,6BAAY,CAAC,SAAS;YACrC,SAAS,EAAE,QAAQ;YACnB,qBAAqB,EAAE,mBAAmB;YAC1C,cAAc,EAAE,aAAa;YAC7B,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,CAAC;YAC5F,YAAY,EAAE,WAAW;YACzB,KAAK,EAAE,KAAK;SACkB,CAAC;QAEjC,OAAO,IAAA,4BAAgB,EAAC,QAAQ,EAAE;YAChC,OAAO,EAAE,IAAI,CAAC,iBAAiB,CAAC,sBAAsB;YACtD,iBAAiB,EAAE,CAAC,cAAc,EAAE,OAAO,EAAE,uBAAuB,CAAC;YACrE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;IACL,CAAC;IAEY,oCAAoC,CAAC,EAChD,QAAQ,EACR,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,WAAW,EACX,KAAK,GACW;;;YAChB,gFAAgF;YAChF,iGAAiG;YACjG,IAAI,CAAC,KAAK,IAAI,CAAC,oBAAoB,EAAE;gBACnC,MAAM,KAAK,CAAC,iDAAiD,CAAC,CAAC;aAChE;YAED,6JAA6J;YAC7J,wIAAwI;YACxI,iCAAiC;YACjC,0BAA0B;YAC1B,IACE,CAAC,CAAA,MAAA,IAAI,CAAC,iBAAiB,0CAAE,wBAAwB,CAAA;gBACjD,CAAC,CAAC,uCAAuC,IAAI,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,CAAC;gBAC7F,OAAO,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,CAAC,qCAAqC,KAAK,QAAQ,EACzG;gBACA,MAAM,KAAK,CAAC,wEAAwE,CAAC,CAAC;aACvF;YACD,MAAM,WAAW,GAAW,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,CAAC,qCAAqC,CAAC;YAElH,oCAAoC;YACpC,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBACtC,KAAK,GAAG,UAAU,KAAK,EAAE,CAAC;aAC3B;YAED,4BAA4B;YAC5B,MAAM,QAAQ,GAAgC;gBAC5C,aAAa,EAAE,6BAAY,CAAC,SAAS;gBACrC,SAAS,EAAE,QAAQ;gBACnB,qBAAqB,EAAE,mBAAmB;gBAC1C,cAAc,EAAE,aAAa;gBAC7B,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,CAAC;gBAC5F,YAAY,EAAE,WAAW;gBACzB,KAAK,EAAE,KAAK;aACb,CAAC;YACF,OAAO,MAAM,IAAA,oBAAQ,EAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;;KAC9D;IAEM,0BAA0B,CAAC,oBAAkD;QAClF,IAAI,oBAAoB,EAAE;YACxB,IAAI,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;gBACvC,OAAO,oBAAoB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,mBAAM,KAAK,EAAG,CAAC,CAAC;aAChF;iBAAM;gBACL,OAAO,IAAI,CAAC,eAAe,mBAAM,oBAAoB,EAAG,CAAC;aAC1D;SACF;QACD,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAEO,eAAe,CAAC,oBAAiC;;QACvD,IACE,oBAAoB;YACpB,CAAC,CAAA,MAAA,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,0CAAE,oBAAoB,KAAI,IAAI,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,EACtH;YACA,IAAI,oBAAoB,CAAC,SAAS,EAAE;gBAClC,IAAI,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAE;oBAChD,oBAAoB,CAAC,SAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;iBACjF;qBAAM;oBACL,oBAAoB,CAAC,SAAS,GAAG,CAAC,oBAAoB,CAAC,SAAmB,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;iBAC3G;aACF;iBAAM;gBACL,oBAAoB,CAAC,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;aAC/D;SACF;QACD,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAEY,kBAAkB,CAAC,IAM/B;;;YACC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,EAAE,CAAC;YACtE,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,IAAI,QAAQ,EAAE;gBACZ,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;aAC3B;YACD,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAC9B,MAAM,iBAAiB,GAAG,IAAI,qCAAiB,EAAE,CAAC;gBAElD,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,kBAAkB,CAAC;oBAC1D,eAAe,EAAE,IAAI,CAAC,eAAe;oBACrC,QAAQ,EAAE,IAAI,CAAC,gBAAgB;oBAC/B,GAAG;oBACH,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,MAAM,EAAE,EAAE,QAAQ,EAAE;iBACrB,CAAC,CAAC;gBAEH,IAAI,QAAQ,CAAC,SAAS,EAAE;oBACtB,KAAK,CAAC,0BAA0B,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;oBACtD,MAAM,KAAK,CACT,mCAAmC,MAAA,IAAI,CAAC,iBAAiB,0CAAE,cAAc,eAAe,IAAI,CAAC,SAAS,EAAE,wBACtG,QAAQ,CAAC,YAAY,CAAC,MACxB,EAAE,CACH,CAAC;iBACH;qBAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE;oBAChC,KAAK,CAAC,qCAAqC,CAAC,CAAC;oBAC7C,MAAM,KAAK,CACT,mCAAmC,MAAA,IAAI,CAAC,iBAAiB,0CACrD,cAAc,eAAe,IAAI,CAAC,SAAS,EAAE,+CAA+C,CACjG,CAAC;iBACH;gBACD,IAAI,CAAC,oBAAoB,GAAG,QAAQ,CAAC,WAAW,CAAC;aAClD;YAED,OAAO,IAAI,CAAC,mBAAmB,CAAC;;KACjC;IAEY,kBAAkB,CAAC,EAC9B,eAAe,EACf,cAAc,EACd,MAAM,EACN,GAAG,EACH,GAAG,EACH,GAAG,GAQJ;;;YACC,IAAI,GAAG,EAAE;gBACP,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;aACjB;YACD,IAAI,GAAG,EAAE;gBACP,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;aACjB;YAED,MAAM,cAAc,GAAG,+DAA8B,CAAC,mBAAmB,CAAC;gBACxE,eAAe,EAAE,IAAI,CAAC,eAAe;gBACrC,QAAQ,EAAE,IAAI,CAAC,gBAAgB;aAChC,CAAC,CAAC;YACH,cAAc,CAAC,qBAAqB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,MAAA,IAAI,CAAC,gBAAgB,0CAAE,wBAAwB,EAAE;gBACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,CAAC;gBAChE,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;gBACnF,IAAI,QAAQ,CAAC,qBAAqB,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE;oBACnF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;wBACxB,IAAI,aAAa,GAAG,KAAK,CAAC;wBAC1B,KAAK,MAAM,mBAAmB,IAAI,QAAQ,CAAC,qBAAqB,EAAE;4BAChE,IAAI,CAAC,mBAAmB,CAAC,KAAK,IAAI,mBAAmB,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;gCACxE,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;6BAC/D;4BACD,IAAI,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE;gCACjD,aAAa,GAAG,IAAI,CAAC;6BACtB;yBACF;wBACD,IAAI,CAAC,aAAa,EAAE;4BAClB,MAAM,KAAK,CAAC,4BAA4B,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,4BAA4B,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;yBACxH;qBACF;iBACF;qBAAM,IAAI,QAAQ,CAAC,qBAAqB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE;oBAC3F,MAAM,oBAAoB,GAAG,QAAQ,CAAC,qBAAuD,CAAC;oBAC9F,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,qBAAqB,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,EAAE;wBACxF,MAAM,KAAK,CAAC,4BAA4B,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,4BAA4B,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;qBACxH;iBACF;gBACD,4GAA4G;aAC7G;YACD,MAAM,uBAAuB,GAAG,cAAc,CAAC,KAAK,EAAE,CAAC;YACvD,MAAM,YAAY,GAAG,mDAAwB,CAAC,uBAAuB,CAAC;gBACpE,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;gBAC7C,SAAS,EAAE,cAAc;gBACzB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;aACxB,CAAC;iBACC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;iBAC5B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;iBACjB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAErB,IAAI,IAAI,CAAC,QAAQ,EAAE;gBACjB,YAAY,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;aAC1C;YACD,IAAI,GAAG,EAAE;gBACP,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;aAC3B;YACD,MAAM,QAAQ,GAAG,MAAM,uBAAuB,CAAC,4BAA4B,CAAC;gBAC1E,UAAU,EAAE,YAAY;gBACxB,eAAe,EAAE,eAAe;gBAChC,MAAM;aACP,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,SAAS,EAAE;gBACtB,KAAK,CAAC,gCAAgC,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;gBAC5D,MAAM,KAAK,CACT,gCAAgC,MAAA,IAAI,CAAC,iBAAiB,0CAAE,mBAAmB,eAAe,IAAI,CAAC,SAAS,EAAE,wBACxG,QAAQ,CAAC,YAAY,CAAC,MACxB,EAAE,CACH,CAAC;aACH;iBAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE;gBAChC,KAAK,CAAC,2CAA2C,CAAC,CAAC;gBACnD,MAAM,KAAK,CACT,gCAAgC,MAAA,IAAI,CAAC,iBAAiB,0CAClD,mBAAmB,eAAe,IAAI,CAAC,SAAS,EAAE,+CAA+C,CACtG,CAAC;aACH;YACD,OAAO,QAAQ,CAAC,WAAW,CAAC;;KAC7B;IAED,oHAAoH;IACpH,6DAA6D;IAC7D,mEAAmE;IACnE,iDAAiD;IACjD,uBAAuB,CACrB,yBAAkC,EAClC,MAAkF;QAElF,OAAO,IAAA,6CAAuB,EAAC;YAC7B,cAAc,EAAE,IAAI,CAAC,gBAAgB,CAAC,wBAAwB;YAC9D,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;YACvB,MAAM,EAAE,MAAM;YACd,KAAK,EAAE,yBAAyB,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC,CAAC,CAAC,SAAS;SAC9E,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;QACrB,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,GAAG,kCAAiB,CAAC,UAAU,EAAE;YAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,CAAC,yBAA0D,CAAC;YAC7F,MAAM,KAAK,GAAa,OAAO,IAAI,CAAC,eAAe,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC;YACjH,MAAM,MAAM,GAAe,EAAE,CAAC;YAC9B,MAAM,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YAClB,OAAO,MAAM,CAAC;SACf;aAAM;YACL,OAAO,IAAI,CAAC,eAAe,CAAC,gBAAgB,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE;gBACxE,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAC/C,CAAC,CAAC,CAAC;SACJ;IACH,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,wBAAwB;QACtB,OAAO,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC;IAC7C,CAAC;IAED,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAEM,OAAO;QACZ,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;IACtC,CAAC;IAED,IAAW,gBAAgB;QACzB,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,oEAAoE;QACpE,OAAO,IAAI,CAAC,iBAAkB,CAAC;IACjC,CAAC;IAED,IAAI,GAAG;QACL,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;SACjD;QACD,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,IAAI,GAAG;QACL,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;SACjD;QACD,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,IAAI,QAAQ;QACV;;WAEG;QACH,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAI,mBAAmB;QACrB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,oEAAoE;QACpE,OAAO,IAAI,CAAC,oBAAqB,CAAC;IACpC,CAAC;IAEM,SAAS;QACd,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;IAClF,CAAC;IAEM,sBAAsB;QAC3B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,gBAAgB;YAC1B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,cAAc;YACtC,CAAC,CAAC,qCAAiB,CAAC,iBAAiB,CAAC,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC;IACxF,CAAC;IAEM,qBAAqB;QAC1B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC;IAC9G,CAAC;IAEO,gBAAgB;QACtB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE;YAC1B,MAAM,KAAK,CAAC,oDAAoD,CAAC,CAAC;SACnE;IACH,CAAC;IAEO,oBAAoB;QAC1B,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,MAAM,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACnC;IACH,CAAC;IAEO,iBAAiB;QACvB,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE;YAC9B,MAAM,KAAK,CAAC,yBAAyB,CAAC,CAAC;SACxC;IACH,CAAC;CACF;AAjbD,4CAibC"}
|
|
1
|
+
{"version":3,"file":"OpenID4VCIClient.js","sourceRoot":"","sources":["../lib/OpenID4VCIClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAgBkC;AAClC,qGAAsG;AAGtG,kDAA0B;AAE1B,2DAAwD;AACxD,mEAAgE;AAChE,qFAAkF;AAClF,qDAAkD;AAClD,yEAAsE;AACtE,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,kBAAkB,CAAC,CAAC;AAkBxC,MAAa,gBAAgB;IAQ3B,YAAoB,eAAkD,EAAE,GAAY,EAAE,GAAkB,EAAE,QAAiB;QACzH,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAC;QACxC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAEM,MAAM,CAAO,OAAO,CAAC,EAC1B,GAAG,EACH,GAAG,EACH,GAAG,EACH,sBAAsB,EACtB,QAAQ,EACR,eAAe,GAQhB;;YACC,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,MAAM,6CAAqB,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;YAEhI,IAAI,sBAAsB,KAAK,SAAS,IAAI,sBAAsB,EAAE;gBAClE,MAAM,MAAM,CAAC,sBAAsB,EAAE,CAAC;aACvC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;IAEY,sBAAsB;;YACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;gBAC3B,IAAI,CAAC,iBAAiB,GAAG,MAAM,+BAAc,CAAC,sCAAsC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;aAC5G;YACD,OAAO,IAAI,CAAC,gBAAgB,CAAC;QAC/B,CAAC;KAAA;IAEM,6BAA6B,CAAC,EAAE,mBAAmB,EAAE,aAAa,EAAE,oBAAoB,EAAE,WAAW,EAAE,KAAK,EAAmB;;QACpI,gFAAgF;QAChF,iGAAiG;QACjG,IAAI,CAAC,KAAK,IAAI,CAAC,oBAAoB,EAAE;YACnC,MAAM,KAAK,CAAC,iDAAiD,CAAC,CAAC;SAChE;QACD,uHAAuH;QACvH,oDAAoD;QACpD,IACE,IAAI,CAAC,iBAAiB;YACtB,IAAI,CAAC,iBAAiB,CAAC,wBAAwB;YAC/C,wBAAwB,IAAI,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,EAC3E;YACA,IAAI,CAAC,iBAAiB,CAAC,sBAAsB,GAAG,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,CAAC,sBAAgC,CAAC;SAClI;QACD,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,iBAAiB,0CAAE,sBAAsB,CAAA,EAAE;YACnD,MAAM,KAAK,CAAC,yDAAyD,CAAC,CAAC;SACxE;QAED,oCAAoC;QACpC,IAAI,CAAC,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,QAAQ,CAAC,CAAA,EAAE;YAC9B,KAAK,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;SACxD;QAED,MAAM,QAAQ,GAA8B;YAC1C,aAAa,EAAE,6BAAY,CAAC,SAAS;YACrC,qBAAqB,EAAE,mBAAmB;YAC1C,cAAc,EAAE,aAAa;YAC7B,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,CAAC;YAC5F,YAAY,EAAE,WAAW;YACzB,KAAK,EAAE,KAAK;SACb,CAAC;QAEF,IAAI,IAAI,CAAC,QAAQ,EAAE;YACjB,QAAQ,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;SACvC;QAED,IAAI,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE;YACpC,QAAQ,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC;SAC7D;QAED,OAAO,IAAA,4BAAgB,EAAC,QAAQ,EAAE;YAChC,OAAO,EAAE,IAAI,CAAC,iBAAiB,CAAC,sBAAsB;YACtD,iBAAiB,EAAE,CAAC,cAAc,EAAE,OAAO,EAAE,uBAAuB,EAAE,cAAc,CAAC;YACrF,IAAI,EAAE,4BAAW,CAAC,qBAAqB;YACvC,0EAA0E;SAC3E,CAAC,CAAC;IACL,CAAC;IAEY,oCAAoC,CAAC,EAChD,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,WAAW,EACX,KAAK,GACW;;;YAChB,gFAAgF;YAChF,iGAAiG;YACjG,IAAI,CAAC,KAAK,IAAI,CAAC,oBAAoB,EAAE;gBACnC,MAAM,KAAK,CAAC,iDAAiD,CAAC,CAAC;aAChE;YAED,6JAA6J;YAC7J,wIAAwI;YACxI,iCAAiC;YACjC,0BAA0B;YAC1B,IACE,CAAC,CAAA,MAAA,IAAI,CAAC,iBAAiB,0CAAE,wBAAwB,CAAA;gBACjD,CAAC,CAAC,uCAAuC,IAAI,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,CAAC;gBAC7F,OAAO,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,CAAC,qCAAqC,KAAK,QAAQ,EACzG;gBACA,MAAM,KAAK,CAAC,wEAAwE,CAAC,CAAC;aACvF;YACD,MAAM,WAAW,GAAW,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,CAAC,qCAAqC,CAAC;YAElH,oCAAoC;YACpC,IAAI,CAAC,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,QAAQ,CAAC,CAAA,EAAE;gBAC9B,KAAK,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aACxD;YAED,MAAM,QAAQ,GAA8B;gBAC1C,aAAa,EAAE,6BAAY,CAAC,SAAS;gBACrC,qBAAqB,EAAE,mBAAmB;gBAC1C,cAAc,EAAE,aAAa;gBAC7B,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,CAAC;gBAC5F,YAAY,EAAE,WAAW;gBACzB,KAAK,EAAE,KAAK;aACb,CAAC;YAEF,IAAI,IAAI,CAAC,QAAQ,EAAE;gBACjB,QAAQ,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;aACvC;YAED,IAAI,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE;gBACpC,QAAQ,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC;aAC7D;YAED,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAQ,EAA8B,WAAW,EAAE,IAAI,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;YAEzG,OAAO,IAAA,4BAAgB,EACrB,EAAE,WAAW,EAAE,MAAA,QAAQ,CAAC,WAAW,0CAAE,WAAW,EAAE,EAClD;gBACE,OAAO,EAAE,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,CAAC,sBAAsB;gBAC/E,iBAAiB,EAAE,CAAC,aAAa,CAAC;gBAClC,IAAI,EAAE,4BAAW,CAAC,qBAAqB;aACxC,CACF,CAAC;;KACH;IAEM,0BAA0B,CAAC,oBAAkD;QAClF,IAAI,oBAAoB,EAAE;YACxB,IAAI,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;gBACvC,OAAO,oBAAoB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,mBAAM,KAAK,EAAG,CAAC,CAAC;aAChF;iBAAM;gBACL,OAAO,IAAI,CAAC,eAAe,mBAAM,oBAAoB,EAAG,CAAC;aAC1D;SACF;QACD,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAEO,eAAe,CAAC,oBAAiC;;QACvD,IACE,oBAAoB;YACpB,CAAC,CAAA,MAAA,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,0CAAE,oBAAoB,KAAI,IAAI,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,EACtH;YACA,IAAI,oBAAoB,CAAC,SAAS,EAAE;gBAClC,IAAI,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAE;oBAChD,oBAAoB,CAAC,SAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;iBACjF;qBAAM;oBACL,oBAAoB,CAAC,SAAS,GAAG,CAAC,oBAAoB,CAAC,SAAmB,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;iBAC3G;aACF;iBAAM;gBACL,oBAAoB,CAAC,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;aAC/D;SACF;QACD,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAEY,kBAAkB,CAAC,IAM/B;;;YACC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,EAAE,CAAC;YAEtE,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAExB,IAAI,QAAQ,EAAE;gBACZ,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;aAC3B;YACD,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAC9B,MAAM,iBAAiB,GAAG,IAAI,qCAAiB,EAAE,CAAC;gBAElD,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,kBAAkB,CAAC;oBAC1D,eAAe,EAAE,IAAI,CAAC,eAAe;oBACrC,QAAQ,EAAE,IAAI,CAAC,gBAAgB;oBAC/B,GAAG;oBACH,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,MAAM,EAAE,EAAE,QAAQ,EAAE;iBACrB,CAAC,CAAC;gBAEH,IAAI,QAAQ,CAAC,SAAS,EAAE;oBACtB,KAAK,CAAC,0BAA0B,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;oBACtD,MAAM,KAAK,CACT,mCAAmC,MAAA,IAAI,CAAC,iBAAiB,0CAAE,cAAc,eAAe,IAAI,CAAC,SAAS,EAAE,wBACtG,QAAQ,CAAC,YAAY,CAAC,MACxB,EAAE,CACH,CAAC;iBACH;qBAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE;oBAChC,KAAK,CAAC,qCAAqC,CAAC,CAAC;oBAC7C,MAAM,KAAK,CACT,mCAAmC,MAAA,IAAI,CAAC,iBAAiB,0CACrD,cAAc,eAAe,IAAI,CAAC,SAAS,EAAE,+CAA+C,CACjG,CAAC;iBACH;gBACD,IAAI,CAAC,oBAAoB,GAAG,QAAQ,CAAC,WAAW,CAAC;aAClD;YAED,OAAO,IAAI,CAAC,mBAAmB,CAAC;;KACjC;IAEY,kBAAkB,CAAC,EAC9B,eAAe,EACf,cAAc,EACd,MAAM,EACN,GAAG,EACH,GAAG,EACH,GAAG,GAQJ;;;YACC,IAAI,GAAG,EAAE;gBACP,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;aACjB;YACD,IAAI,GAAG,EAAE;gBACP,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;aACjB;YAED,MAAM,cAAc,GAAG,+DAA8B,CAAC,mBAAmB,CAAC;gBACxE,eAAe,EAAE,IAAI,CAAC,eAAe;gBACrC,QAAQ,EAAE,IAAI,CAAC,gBAAgB;aAChC,CAAC,CAAC;YAEH,cAAc,CAAC,qBAAqB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,MAAA,IAAI,CAAC,gBAAgB,0CAAE,wBAAwB,EAAE;gBACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,CAAC;gBAChE,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;gBAE1F,IAAI,QAAQ,CAAC,qBAAqB,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE;oBACnF,IAAI,aAAa,GAAG,KAAK,CAAC;oBAE1B,QAAQ,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,mBAAmB,EAAE,EAAE;wBAC7D,IAAI,CAAC,mBAAmB,CAAC,KAAK,IAAI,mBAAmB,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;4BACxE,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;yBAC/D;wBACD,IACE,mBAAmB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;4BAChE,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,mBAAmB,CAAC,EAAE,IAAI,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAC7G;4BACA,aAAa,GAAG,IAAI,CAAC;yBACtB;oBACH,CAAC,CAAC,CAAC;oBAEH,IAAI,CAAC,aAAa,EAAE;wBAClB,MAAM,KAAK,CAAC,4BAA4B,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,4BAA4B,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;qBACxH;iBACF;qBAAM,IAAI,QAAQ,CAAC,qBAAqB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE;oBAC3F,MAAM,oBAAoB,GAAG,QAAQ,CAAC,qBAAuD,CAAC;oBAC9F,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,qBAAqB,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,EAAE;wBACxF,MAAM,KAAK,CAAC,4BAA4B,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,4BAA4B,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;qBACxH;iBACF;gBACD,4GAA4G;aAC7G;YACD,MAAM,uBAAuB,GAAG,cAAc,CAAC,KAAK,EAAE,CAAC;YACvD,MAAM,YAAY,GAAG,mDAAwB,CAAC,uBAAuB,CAAC;gBACpE,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;gBAC7C,SAAS,EAAE,cAAc;gBACzB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;aACxB,CAAC;iBACC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;iBAC5B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;iBACjB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAErB,IAAI,IAAI,CAAC,QAAQ,EAAE;gBACjB,YAAY,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;aAC1C;YACD,IAAI,GAAG,EAAE;gBACP,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;aAC3B;YACD,MAAM,QAAQ,GAAG,MAAM,uBAAuB,CAAC,4BAA4B,CAAC;gBAC1E,UAAU,EAAE,YAAY;gBACxB,eAAe,EAAE,eAAe;gBAChC,MAAM;aACP,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,SAAS,EAAE;gBACtB,KAAK,CAAC,gCAAgC,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;gBAC5D,MAAM,KAAK,CACT,gCAAgC,MAAA,IAAI,CAAC,iBAAiB,0CAAE,mBAAmB,eAAe,IAAI,CAAC,SAAS,EAAE,wBACxG,QAAQ,CAAC,YAAY,CAAC,MACxB,EAAE,CACH,CAAC;aACH;iBAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE;gBAChC,KAAK,CAAC,2CAA2C,CAAC,CAAC;gBACnD,MAAM,KAAK,CACT,gCAAgC,MAAA,IAAI,CAAC,iBAAiB,0CAClD,mBAAmB,eAAe,IAAI,CAAC,SAAS,EAAE,+CAA+C,CACtG,CAAC;aACH;YACD,OAAO,QAAQ,CAAC,WAAW,CAAC;;KAC7B;IAED,oHAAoH;IACpH,6DAA6D;IAC7D,mEAAmE;IACnE,iDAAiD;IACjD,uBAAuB,CACrB,yBAAkC,EAClC,MAAkF;QAElF,OAAO,IAAA,6CAAuB,EAAC;YAC7B,cAAc,EAAE,IAAI,CAAC,gBAAgB,CAAC,wBAAwB;YAC9D,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;YACvB,MAAM,EAAE,MAAM;YACd,KAAK,EAAE,yBAAyB,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC,CAAC,CAAC,SAAS;SAC9E,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;QACrB,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,GAAG,kCAAiB,CAAC,UAAU,EAAE;YAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,CAAC,yBAA0D,CAAC;YAC7F,MAAM,KAAK,GAAa,OAAO,IAAI,CAAC,eAAe,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC;YACjH,MAAM,MAAM,GAAe,EAAE,CAAC;YAC9B,MAAM,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YAClB,OAAO,MAAM,CAAC;SACf;aAAM;YACL,OAAO,IAAI,CAAC,eAAe,CAAC,gBAAgB,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACjE,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAC/C,CAAC,CAAC,CAAC;SACJ;IACH,CAAC;IAED,wBAAwB;QACtB,OAAO,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC;IAC7C,CAAC;IAED,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAEM,OAAO;QACZ,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;IACtC,CAAC;IAED,IAAW,gBAAgB;QACzB,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,oEAAoE;QACpE,OAAO,IAAI,CAAC,iBAAkB,CAAC;IACjC,CAAC;IAED,IAAI,GAAG;QACL,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;SACjD;QACD,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,IAAI,GAAG;QACL,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;SACjD;QACD,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,IAAI,QAAQ;QACV;;WAEG;QACH,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAI,mBAAmB;QACrB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,oEAAoE;QACpE,OAAO,IAAI,CAAC,oBAAqB,CAAC;IACpC,CAAC;IAEM,SAAS;QACd,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;IAClF,CAAC;IAEM,sBAAsB;QAC3B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,gBAAgB;YAC1B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,cAAc;YACtC,CAAC,CAAC,qCAAiB,CAAC,iBAAiB,CAAC,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC;IACxF,CAAC;IAEM,qBAAqB;QAC1B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC;IAC9G,CAAC;IAEO,gBAAgB;QACtB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE;YAC1B,MAAM,KAAK,CAAC,oDAAoD,CAAC,CAAC;SACnE;IACH,CAAC;IAEO,oBAAoB;QAC1B,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,MAAM,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACnC;IACH,CAAC;IAEO,iBAAiB;QACvB,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE;YAC9B,MAAM,KAAK,CAAC,yBAAyB,CAAC,CAAC;SACxC;IACH,CAAC;CACF;AAtbD,4CAsbC"}
|
package/lib/AccessTokenClient.ts
CHANGED
|
@@ -4,10 +4,10 @@ import {
|
|
|
4
4
|
AccessTokenResponse,
|
|
5
5
|
assertedUniformCredentialOffer,
|
|
6
6
|
AuthorizationServerOpts,
|
|
7
|
+
AuthzFlowType,
|
|
7
8
|
EndpointMetadata,
|
|
8
9
|
getIssuerFromCredentialOfferPayload,
|
|
9
10
|
GrantTypes,
|
|
10
|
-
isPreAuthCode,
|
|
11
11
|
IssuerOpts,
|
|
12
12
|
OpenIDResponse,
|
|
13
13
|
PRE_AUTH_CODE_LITERAL,
|
|
@@ -67,6 +67,7 @@ export class AccessTokenClient {
|
|
|
67
67
|
issuerOpts?: IssuerOpts;
|
|
68
68
|
}): Promise<OpenIDResponse<AccessTokenResponse>> {
|
|
69
69
|
this.validate(accessTokenRequest, isPinRequired);
|
|
70
|
+
|
|
70
71
|
const requestTokenURL = AccessTokenClient.determineTokenURL({
|
|
71
72
|
asOpts,
|
|
72
73
|
issuerOpts,
|
|
@@ -76,6 +77,7 @@ export class AccessTokenClient {
|
|
|
76
77
|
? await MetadataClient.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
|
|
77
78
|
: undefined,
|
|
78
79
|
});
|
|
80
|
+
|
|
79
81
|
return this.sendAuthCode(requestTokenURL, accessTokenRequest);
|
|
80
82
|
}
|
|
81
83
|
|
|
@@ -83,38 +85,36 @@ export class AccessTokenClient {
|
|
|
83
85
|
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
|
|
84
86
|
const credentialOfferRequest = await toUniformCredentialOfferRequest(opts.credentialOffer);
|
|
85
87
|
const request: Partial<AccessTokenRequest> = {};
|
|
88
|
+
|
|
86
89
|
if (asOpts?.clientId) {
|
|
87
90
|
request.client_id = asOpts.clientId;
|
|
88
91
|
}
|
|
89
92
|
|
|
90
|
-
|
|
91
|
-
|
|
93
|
+
if (credentialOfferRequest.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
|
|
94
|
+
this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
|
|
95
|
+
request.user_pin = pin;
|
|
92
96
|
|
|
93
|
-
const isPreAuth = isPreAuthCode(credentialOfferRequest);
|
|
94
|
-
if (isPreAuth) {
|
|
95
|
-
if (codeVerifier) {
|
|
96
|
-
throw new Error('Cannot pass a code_verifier when flow type is pre-authorized');
|
|
97
|
-
}
|
|
98
97
|
request.grant_type = GrantTypes.PRE_AUTHORIZED_CODE;
|
|
99
98
|
// we actually know it is there because of the isPreAuthCode call
|
|
100
99
|
request[PRE_AUTH_CODE_LITERAL] =
|
|
101
100
|
credentialOfferRequest?.credential_offer.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.[PRE_AUTH_CODE_LITERAL];
|
|
101
|
+
|
|
102
|
+
return request as AccessTokenRequest;
|
|
102
103
|
}
|
|
103
|
-
|
|
104
|
-
|
|
104
|
+
|
|
105
|
+
if (credentialOfferRequest.supportedFlows.includes(AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
|
|
105
106
|
request.grant_type = GrantTypes.AUTHORIZATION_CODE;
|
|
106
|
-
}
|
|
107
|
-
if (codeVerifier) {
|
|
108
|
-
request.code_verifier = codeVerifier;
|
|
109
107
|
request.code = code;
|
|
110
108
|
request.redirect_uri = redirectUri;
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
109
|
+
|
|
110
|
+
if (codeVerifier) {
|
|
111
|
+
request.code_verifier = codeVerifier;
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
return request as AccessTokenRequest;
|
|
115
115
|
}
|
|
116
116
|
|
|
117
|
-
|
|
117
|
+
throw new Error('Credential offer request does not follow neither pre-authorized code nor authorization code flow requirements.');
|
|
118
118
|
}
|
|
119
119
|
|
|
120
120
|
private assertPreAuthorizedGrantType(grantType: GrantTypes): void {
|
package/lib/OpenID4VCIClient.ts
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
import {
|
|
2
2
|
AccessTokenResponse,
|
|
3
3
|
Alg,
|
|
4
|
-
AuthorizationRequestV1_0_09,
|
|
5
4
|
AuthzFlowType,
|
|
6
5
|
CodeChallengeMethod,
|
|
7
6
|
CredentialOfferPayloadV1_0_08,
|
|
@@ -9,9 +8,9 @@ import {
|
|
|
9
8
|
CredentialResponse,
|
|
10
9
|
CredentialSupported,
|
|
11
10
|
EndpointMetadataResult,
|
|
11
|
+
JsonURIMode,
|
|
12
12
|
OID4VCICredentialFormat,
|
|
13
13
|
OpenId4VCIVersion,
|
|
14
|
-
OpenIDResponse,
|
|
15
14
|
ProofOfPossessionCallbacks,
|
|
16
15
|
PushedAuthorizationResponse,
|
|
17
16
|
ResponseType,
|
|
@@ -39,7 +38,6 @@ interface AuthDetails {
|
|
|
39
38
|
}
|
|
40
39
|
|
|
41
40
|
interface AuthRequestOpts {
|
|
42
|
-
clientId: string;
|
|
43
41
|
codeChallenge: string;
|
|
44
42
|
codeChallengeMethod: CodeChallengeMethod;
|
|
45
43
|
authorizationDetails?: AuthDetails | AuthDetails[];
|
|
@@ -48,7 +46,6 @@ interface AuthRequestOpts {
|
|
|
48
46
|
}
|
|
49
47
|
|
|
50
48
|
export class OpenID4VCIClient {
|
|
51
|
-
private readonly _flowType: AuthzFlowType;
|
|
52
49
|
private readonly _credentialOffer: CredentialOfferRequestWithBaseUrl;
|
|
53
50
|
private _clientId?: string;
|
|
54
51
|
private _kid: string | undefined;
|
|
@@ -56,17 +53,7 @@ export class OpenID4VCIClient {
|
|
|
56
53
|
private _endpointMetadata: EndpointMetadataResult | undefined;
|
|
57
54
|
private _accessTokenResponse: AccessTokenResponse | undefined;
|
|
58
55
|
|
|
59
|
-
private constructor(
|
|
60
|
-
credentialOffer: CredentialOfferRequestWithBaseUrl,
|
|
61
|
-
flowType: AuthzFlowType,
|
|
62
|
-
kid?: string,
|
|
63
|
-
alg?: Alg | string,
|
|
64
|
-
clientId?: string,
|
|
65
|
-
) {
|
|
66
|
-
if (!credentialOffer.supportedFlows.includes(flowType)) {
|
|
67
|
-
throw Error(`Flows ${flowType} is not supported by issuer ${credentialOffer.credential_offer_uri}`);
|
|
68
|
-
}
|
|
69
|
-
this._flowType = flowType;
|
|
56
|
+
private constructor(credentialOffer: CredentialOfferRequestWithBaseUrl, kid?: string, alg?: Alg | string, clientId?: string) {
|
|
70
57
|
this._credentialOffer = credentialOffer;
|
|
71
58
|
this._kid = kid;
|
|
72
59
|
this._alg = alg;
|
|
@@ -75,7 +62,6 @@ export class OpenID4VCIClient {
|
|
|
75
62
|
|
|
76
63
|
public static async fromURI({
|
|
77
64
|
uri,
|
|
78
|
-
flowType,
|
|
79
65
|
kid,
|
|
80
66
|
alg,
|
|
81
67
|
retrieveServerMetadata,
|
|
@@ -83,14 +69,13 @@ export class OpenID4VCIClient {
|
|
|
83
69
|
resolveOfferUri,
|
|
84
70
|
}: {
|
|
85
71
|
uri: string;
|
|
86
|
-
flowType: AuthzFlowType;
|
|
87
72
|
kid?: string;
|
|
88
73
|
alg?: Alg | string;
|
|
89
74
|
retrieveServerMetadata?: boolean;
|
|
90
75
|
resolveOfferUri?: boolean;
|
|
91
76
|
clientId?: string;
|
|
92
77
|
}): Promise<OpenID4VCIClient> {
|
|
93
|
-
const client = new OpenID4VCIClient(await CredentialOfferClient.fromURI(uri, { resolve: resolveOfferUri }),
|
|
78
|
+
const client = new OpenID4VCIClient(await CredentialOfferClient.fromURI(uri, { resolve: resolveOfferUri }), kid, alg, clientId);
|
|
94
79
|
|
|
95
80
|
if (retrieveServerMetadata === undefined || retrieveServerMetadata) {
|
|
96
81
|
await client.retrieveServerMetadata();
|
|
@@ -106,14 +91,7 @@ export class OpenID4VCIClient {
|
|
|
106
91
|
return this.endpointMetadata;
|
|
107
92
|
}
|
|
108
93
|
|
|
109
|
-
public createAuthorizationRequestUrl({
|
|
110
|
-
clientId,
|
|
111
|
-
codeChallengeMethod,
|
|
112
|
-
codeChallenge,
|
|
113
|
-
authorizationDetails,
|
|
114
|
-
redirectUri,
|
|
115
|
-
scope,
|
|
116
|
-
}: AuthRequestOpts): string {
|
|
94
|
+
public createAuthorizationRequestUrl({ codeChallengeMethod, codeChallenge, authorizationDetails, redirectUri, scope }: AuthRequestOpts): string {
|
|
117
95
|
// Scope and authorization_details can be used in the same authorization request
|
|
118
96
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-23#name-relationship-to-scope-param
|
|
119
97
|
if (!scope && !authorizationDetails) {
|
|
@@ -133,36 +111,42 @@ export class OpenID4VCIClient {
|
|
|
133
111
|
}
|
|
134
112
|
|
|
135
113
|
// add 'openid' scope if not present
|
|
136
|
-
if (
|
|
137
|
-
scope =
|
|
114
|
+
if (!scope?.includes('openid')) {
|
|
115
|
+
scope = ['openid', scope].filter((s) => !!s).join(' ');
|
|
138
116
|
}
|
|
139
117
|
|
|
140
|
-
|
|
141
|
-
const queryObj = {
|
|
118
|
+
const queryObj: { [key: string]: string } = {
|
|
142
119
|
response_type: ResponseType.AUTH_CODE,
|
|
143
|
-
client_id: clientId,
|
|
144
120
|
code_challenge_method: codeChallengeMethod,
|
|
145
121
|
code_challenge: codeChallenge,
|
|
146
122
|
authorization_details: JSON.stringify(this.handleAuthorizationDetails(authorizationDetails)),
|
|
147
123
|
redirect_uri: redirectUri,
|
|
148
124
|
scope: scope,
|
|
149
|
-
}
|
|
125
|
+
};
|
|
126
|
+
|
|
127
|
+
if (this.clientId) {
|
|
128
|
+
queryObj['client_id'] = this.clientId;
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
if (this.credentialOffer.issuerState) {
|
|
132
|
+
queryObj['issuer_state'] = this.credentialOffer.issuerState;
|
|
133
|
+
}
|
|
150
134
|
|
|
151
135
|
return convertJsonToURI(queryObj, {
|
|
152
136
|
baseUrl: this._endpointMetadata.authorization_endpoint,
|
|
153
|
-
uriTypeProperties: ['redirect_uri', 'scope', 'authorization_details'],
|
|
154
|
-
|
|
137
|
+
uriTypeProperties: ['redirect_uri', 'scope', 'authorization_details', 'issuer_state'],
|
|
138
|
+
mode: JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
139
|
+
// We do not add the version here, as this always needs to be form encoded
|
|
155
140
|
});
|
|
156
141
|
}
|
|
157
142
|
|
|
158
143
|
public async acquirePushedAuthorizationRequestURI({
|
|
159
|
-
clientId,
|
|
160
144
|
codeChallengeMethod,
|
|
161
145
|
codeChallenge,
|
|
162
146
|
authorizationDetails,
|
|
163
147
|
redirectUri,
|
|
164
148
|
scope,
|
|
165
|
-
}: AuthRequestOpts): Promise<
|
|
149
|
+
}: AuthRequestOpts): Promise<string> {
|
|
166
150
|
// Scope and authorization_details can be used in the same authorization request
|
|
167
151
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-23#name-relationship-to-scope-param
|
|
168
152
|
if (!scope && !authorizationDetails) {
|
|
@@ -183,21 +167,37 @@ export class OpenID4VCIClient {
|
|
|
183
167
|
const parEndpoint: string = this._endpointMetadata.credentialIssuerMetadata.pushed_authorization_request_endpoint;
|
|
184
168
|
|
|
185
169
|
// add 'openid' scope if not present
|
|
186
|
-
if (
|
|
187
|
-
scope =
|
|
170
|
+
if (!scope?.includes('openid')) {
|
|
171
|
+
scope = ['openid', scope].filter((s) => !!s).join(' ');
|
|
188
172
|
}
|
|
189
173
|
|
|
190
|
-
|
|
191
|
-
const queryObj: AuthorizationRequestV1_0_09 = {
|
|
174
|
+
const queryObj: { [key: string]: string } = {
|
|
192
175
|
response_type: ResponseType.AUTH_CODE,
|
|
193
|
-
client_id: clientId,
|
|
194
176
|
code_challenge_method: codeChallengeMethod,
|
|
195
177
|
code_challenge: codeChallenge,
|
|
196
178
|
authorization_details: JSON.stringify(this.handleAuthorizationDetails(authorizationDetails)),
|
|
197
179
|
redirect_uri: redirectUri,
|
|
198
180
|
scope: scope,
|
|
199
181
|
};
|
|
200
|
-
|
|
182
|
+
|
|
183
|
+
if (this.clientId) {
|
|
184
|
+
queryObj['client_id'] = this.clientId;
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
if (this.credentialOffer.issuerState) {
|
|
188
|
+
queryObj['issuer_state'] = this.credentialOffer.issuerState;
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
const response = await formPost<PushedAuthorizationResponse>(parEndpoint, new URLSearchParams(queryObj));
|
|
192
|
+
|
|
193
|
+
return convertJsonToURI(
|
|
194
|
+
{ request_uri: response.successBody?.request_uri },
|
|
195
|
+
{
|
|
196
|
+
baseUrl: this._endpointMetadata.credentialIssuerMetadata.authorization_endpoint,
|
|
197
|
+
uriTypeProperties: ['request_uri'],
|
|
198
|
+
mode: JsonURIMode.X_FORM_WWW_URLENCODED,
|
|
199
|
+
},
|
|
200
|
+
);
|
|
201
201
|
}
|
|
202
202
|
|
|
203
203
|
public handleAuthorizationDetails(authorizationDetails?: AuthDetails | AuthDetails[]): AuthDetails | AuthDetails[] | undefined {
|
|
@@ -237,7 +237,9 @@ export class OpenID4VCIClient {
|
|
|
237
237
|
redirectUri?: string;
|
|
238
238
|
}): Promise<AccessTokenResponse> {
|
|
239
239
|
const { pin, clientId, codeVerifier, code, redirectUri } = opts ?? {};
|
|
240
|
+
|
|
240
241
|
this.assertIssuerData();
|
|
242
|
+
|
|
241
243
|
if (clientId) {
|
|
242
244
|
this._clientId = clientId;
|
|
243
245
|
}
|
|
@@ -300,24 +302,29 @@ export class OpenID4VCIClient {
|
|
|
300
302
|
credentialOffer: this.credentialOffer,
|
|
301
303
|
metadata: this.endpointMetadata,
|
|
302
304
|
});
|
|
305
|
+
|
|
303
306
|
requestBuilder.withTokenFromResponse(this.accessTokenResponse);
|
|
304
307
|
if (this.endpointMetadata?.credentialIssuerMetadata) {
|
|
305
308
|
const metadata = this.endpointMetadata.credentialIssuerMetadata;
|
|
306
|
-
const types = Array.isArray(credentialTypes) ? credentialTypes : [credentialTypes];
|
|
309
|
+
const types = Array.isArray(credentialTypes) ? credentialTypes.sort() : [credentialTypes];
|
|
310
|
+
|
|
307
311
|
if (metadata.credentials_supported && Array.isArray(metadata.credentials_supported)) {
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
}
|
|
314
|
-
if (credentialSupported.types.indexOf(type) != -1) {
|
|
315
|
-
typeSupported = true;
|
|
316
|
-
}
|
|
312
|
+
let typeSupported = false;
|
|
313
|
+
|
|
314
|
+
metadata.credentials_supported.forEach((supportedCredential) => {
|
|
315
|
+
if (!supportedCredential.types || supportedCredential.types.length === 0) {
|
|
316
|
+
throw Error('types is required in the credentials supported');
|
|
317
317
|
}
|
|
318
|
-
if (
|
|
319
|
-
|
|
318
|
+
if (
|
|
319
|
+
supportedCredential.types.sort().every((t, i) => types[i] === t) ||
|
|
320
|
+
(types.length === 1 && (types[0] === supportedCredential.id || supportedCredential.types.includes(types[0])))
|
|
321
|
+
) {
|
|
322
|
+
typeSupported = true;
|
|
320
323
|
}
|
|
324
|
+
});
|
|
325
|
+
|
|
326
|
+
if (!typeSupported) {
|
|
327
|
+
throw Error(`Not all credential types ${JSON.stringify(credentialTypes)} are supported by issuer ${this.getIssuer()}`);
|
|
321
328
|
}
|
|
322
329
|
} else if (metadata.credentials_supported && !Array.isArray(metadata.credentials_supported)) {
|
|
323
330
|
const credentialsSupported = metadata.credentials_supported as CredentialSupportedTypeV1_0_08;
|
|
@@ -389,16 +396,12 @@ export class OpenID4VCIClient {
|
|
|
389
396
|
result[0] = types;
|
|
390
397
|
return result;
|
|
391
398
|
} else {
|
|
392
|
-
return this.credentialOffer.credential_offer.credentials.map((c
|
|
399
|
+
return this.credentialOffer.credential_offer.credentials.map((c) => {
|
|
393
400
|
return typeof c === 'string' ? [c] : c.types;
|
|
394
401
|
});
|
|
395
402
|
}
|
|
396
403
|
}
|
|
397
404
|
|
|
398
|
-
get flowType(): AuthzFlowType {
|
|
399
|
-
return this._flowType;
|
|
400
|
-
}
|
|
401
|
-
|
|
402
405
|
issuerSupportedFlowTypes(): AuthzFlowType[] {
|
|
403
406
|
return this.credentialOffer.supportedFlows;
|
|
404
407
|
}
|
|
@@ -1,11 +1,4 @@
|
|
|
1
|
-
import {
|
|
2
|
-
AccessTokenRequest,
|
|
3
|
-
AccessTokenRequestOpts,
|
|
4
|
-
AccessTokenResponse,
|
|
5
|
-
GrantTypes,
|
|
6
|
-
OpenIDResponse,
|
|
7
|
-
WellKnownEndpoints,
|
|
8
|
-
} from '@sphereon/oid4vci-common';
|
|
1
|
+
import { AccessTokenRequest, AccessTokenResponse, GrantTypes, OpenIDResponse, WellKnownEndpoints } from '@sphereon/oid4vci-common';
|
|
9
2
|
import nock from 'nock';
|
|
10
3
|
|
|
11
4
|
import { AccessTokenClient } from '../AccessTokenClient';
|
|
@@ -204,24 +197,6 @@ describe('AccessTokenClient should', () => {
|
|
|
204
197
|
).rejects.toThrow(Error('Cannot set a pin, when the pin is not required.'));
|
|
205
198
|
});
|
|
206
199
|
|
|
207
|
-
it('get error if code_verifier is present when flow type is pre-authorized', async () => {
|
|
208
|
-
const accessTokenClient: AccessTokenClient = new AccessTokenClient();
|
|
209
|
-
|
|
210
|
-
nock(MOCK_URL).post(/.*/).reply(200, {});
|
|
211
|
-
|
|
212
|
-
const requestOpts: AccessTokenRequestOpts = {
|
|
213
|
-
credentialOffer: INITIATION_TEST,
|
|
214
|
-
pin: undefined,
|
|
215
|
-
codeVerifier: 'RylyWGQ-dzpObnEcoMBDIH9cTAwZXk1wYzktKxsOFgA',
|
|
216
|
-
code: 'LWCt225yj7gzT2cWeMP4hXj4B4oIYkEiGs4T6pfez91',
|
|
217
|
-
redirectUri: 'http://example.com/cb',
|
|
218
|
-
};
|
|
219
|
-
|
|
220
|
-
await expect(() => accessTokenClient.acquireAccessToken(requestOpts)).rejects.toThrow(
|
|
221
|
-
Error('Cannot pass a code_verifier when flow type is pre-authorized'),
|
|
222
|
-
);
|
|
223
|
-
});
|
|
224
|
-
|
|
225
200
|
it('get error if no as, issuer and metadata values are present', async () => {
|
|
226
201
|
await expect(() =>
|
|
227
202
|
AccessTokenClient.determineTokenURL({
|
package/lib/__tests__/IT.spec.ts
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
import {
|
|
2
2
|
AccessTokenResponse,
|
|
3
3
|
Alg,
|
|
4
|
-
AuthzFlowType,
|
|
5
4
|
CredentialOfferRequestWithBaseUrl,
|
|
6
5
|
Jwt,
|
|
7
6
|
OpenId4VCIVersion,
|
|
@@ -72,7 +71,6 @@ describe('OID4VCI-Client should', () => {
|
|
|
72
71
|
succeedWithAFullFlowWithClientSetup();
|
|
73
72
|
const client = await OpenID4VCIClient.fromURI({
|
|
74
73
|
uri: INITIATE_QR,
|
|
75
|
-
flowType: AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW,
|
|
76
74
|
kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1',
|
|
77
75
|
alg: Alg.ES256,
|
|
78
76
|
clientId: 'test-clientId',
|
|
@@ -84,7 +82,6 @@ describe('OID4VCI-Client should', () => {
|
|
|
84
82
|
succeedWithAFullFlowWithClientSetup();
|
|
85
83
|
const client = await OpenID4VCIClient.fromURI({
|
|
86
84
|
uri: OFFER_QR,
|
|
87
|
-
flowType: AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW,
|
|
88
85
|
kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1',
|
|
89
86
|
alg: Alg.ES256,
|
|
90
87
|
clientId: 'test-clientId',
|
|
@@ -93,7 +90,6 @@ describe('OID4VCI-Client should', () => {
|
|
|
93
90
|
});
|
|
94
91
|
|
|
95
92
|
async function assertionOfsucceedWithAFullFlowWithClient(client: OpenID4VCIClient) {
|
|
96
|
-
expect(client.flowType).toEqual(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW);
|
|
97
93
|
expect(client.credentialOffer).toBeDefined();
|
|
98
94
|
expect(client.endpointMetadata).toBeDefined();
|
|
99
95
|
expect(client.getIssuer()).toEqual('https://issuer.research.identiproof.io');
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { Alg,
|
|
1
|
+
import { Alg, Jwt } from '@sphereon/oid4vci-common';
|
|
2
2
|
import { CredentialMapper } from '@sphereon/ssi-types';
|
|
3
3
|
import { fetch } from 'cross-fetch';
|
|
4
4
|
import { importJWK, JWK, SignJWT } from 'jose';
|
|
@@ -25,11 +25,9 @@ describe('OID4VCI-Client using Mattr issuer should', () => {
|
|
|
25
25
|
const offer = await getCredentialOffer(format);
|
|
26
26
|
const client = await OpenID4VCIClient.fromURI({
|
|
27
27
|
uri: offer.offerUrl,
|
|
28
|
-
flowType: AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW,
|
|
29
28
|
kid,
|
|
30
29
|
alg: Alg.EdDSA,
|
|
31
30
|
});
|
|
32
|
-
expect(client.flowType).toEqual(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW);
|
|
33
31
|
expect(client.credentialOffer).toBeDefined();
|
|
34
32
|
expect(client.endpointMetadata).toBeDefined();
|
|
35
33
|
expect(client.getCredentialEndpoint()).toEqual(`${ISSUER_URL}/oidc/v1/auth/credential`);
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { CodeChallengeMethod, WellKnownEndpoints } from '@sphereon/oid4vci-common';
|
|
2
2
|
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
3
3
|
// @ts-ignore
|
|
4
4
|
import nock from 'nock';
|
|
@@ -15,8 +15,8 @@ describe('OpenID4VCIClient should', () => {
|
|
|
15
15
|
nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(404, {});
|
|
16
16
|
nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
|
|
17
17
|
client = await OpenID4VCIClient.fromURI({
|
|
18
|
+
clientId: 'test-client',
|
|
18
19
|
uri: 'openid-initiate-issuance://?issuer=https://server.example.com&credential_type=TestCredential',
|
|
19
|
-
flowType: AuthzFlowType.AUTHORIZATION_CODE_FLOW,
|
|
20
20
|
});
|
|
21
21
|
});
|
|
22
22
|
|
|
@@ -29,7 +29,6 @@ describe('OpenID4VCIClient should', () => {
|
|
|
29
29
|
// @ts-ignore
|
|
30
30
|
client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
|
|
31
31
|
const url = client.createAuthorizationRequestUrl({
|
|
32
|
-
clientId: 'test-client',
|
|
33
32
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
34
33
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
35
34
|
scope: 'openid TestCredential',
|
|
@@ -44,7 +43,6 @@ describe('OpenID4VCIClient should', () => {
|
|
|
44
43
|
it('throw an error if authorization endpoint is not set in server metadata', async () => {
|
|
45
44
|
expect(() => {
|
|
46
45
|
client.createAuthorizationRequestUrl({
|
|
47
|
-
clientId: 'test-client',
|
|
48
46
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
49
47
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
50
48
|
scope: 'openid TestCredential',
|
|
@@ -58,7 +56,6 @@ describe('OpenID4VCIClient should', () => {
|
|
|
58
56
|
client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
|
|
59
57
|
|
|
60
58
|
const url = client.createAuthorizationRequestUrl({
|
|
61
|
-
clientId: 'test-client',
|
|
62
59
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
63
60
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
64
61
|
scope: 'TestCredential',
|
|
@@ -77,7 +74,6 @@ describe('OpenID4VCIClient should', () => {
|
|
|
77
74
|
|
|
78
75
|
expect(() => {
|
|
79
76
|
client.createAuthorizationRequestUrl({
|
|
80
|
-
clientId: 'test-client',
|
|
81
77
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
82
78
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
83
79
|
redirectUri: 'http://localhost:8881/cb',
|
|
@@ -91,7 +87,6 @@ describe('OpenID4VCIClient should', () => {
|
|
|
91
87
|
|
|
92
88
|
expect(
|
|
93
89
|
client.createAuthorizationRequestUrl({
|
|
94
|
-
clientId: 'test-client',
|
|
95
90
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
96
91
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
97
92
|
authorizationDetails: [
|
|
@@ -112,7 +107,7 @@ describe('OpenID4VCIClient should', () => {
|
|
|
112
107
|
redirectUri: 'http://localhost:8881/cb',
|
|
113
108
|
}),
|
|
114
109
|
).toEqual(
|
|
115
|
-
'https://server.example.com/v1/auth/authorize?response_type=code&
|
|
110
|
+
'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&scope=openid&client_id=test-client',
|
|
116
111
|
);
|
|
117
112
|
});
|
|
118
113
|
it('create an authorization request url with authorization_details object property', async () => {
|
|
@@ -122,7 +117,6 @@ describe('OpenID4VCIClient should', () => {
|
|
|
122
117
|
|
|
123
118
|
expect(
|
|
124
119
|
client.createAuthorizationRequestUrl({
|
|
125
|
-
clientId: 'test-client',
|
|
126
120
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
127
121
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
128
122
|
authorizationDetails: {
|
|
@@ -136,7 +130,7 @@ describe('OpenID4VCIClient should', () => {
|
|
|
136
130
|
redirectUri: 'http://localhost:8881/cb',
|
|
137
131
|
}),
|
|
138
132
|
).toEqual(
|
|
139
|
-
'https://server.example.com/v1/auth/authorize?response_type=code&
|
|
133
|
+
'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&scope=openid&client_id=test-client',
|
|
140
134
|
);
|
|
141
135
|
});
|
|
142
136
|
it('create an authorization request url with authorization_details and scope', async () => {
|
|
@@ -146,7 +140,6 @@ describe('OpenID4VCIClient should', () => {
|
|
|
146
140
|
|
|
147
141
|
expect(
|
|
148
142
|
client.createAuthorizationRequestUrl({
|
|
149
|
-
clientId: 'test-client',
|
|
150
143
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
151
144
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
152
145
|
authorizationDetails: {
|
|
@@ -162,7 +155,7 @@ describe('OpenID4VCIClient should', () => {
|
|
|
162
155
|
redirectUri: 'http://localhost:8881/cb',
|
|
163
156
|
}),
|
|
164
157
|
).toEqual(
|
|
165
|
-
'https://server.example.com/v1/auth/authorize?response_type=code&
|
|
158
|
+
'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22locations%22%3A%5B%22https%3A%2F%2Ftest%2Ecom%22%2C%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&scope=openid&client_id=test-client',
|
|
166
159
|
);
|
|
167
160
|
});
|
|
168
161
|
});
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { CodeChallengeMethod, WellKnownEndpoints } from '@sphereon/oid4vci-common';
|
|
2
2
|
import nock from 'nock';
|
|
3
3
|
|
|
4
4
|
import { OpenID4VCIClient } from '../OpenID4VCIClient';
|
|
@@ -13,8 +13,8 @@ describe('OpenID4VCIClient', () => {
|
|
|
13
13
|
nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
|
|
14
14
|
nock(`${MOCK_URL}`).post('/v1/auth/par').reply(201, { request_uri: 'test_uri', expires_in: 90 });
|
|
15
15
|
client = await OpenID4VCIClient.fromURI({
|
|
16
|
+
clientId: 'test-client',
|
|
16
17
|
uri: 'openid-initiate-issuance://?issuer=https://server.example.com&credential_type=TestCredential',
|
|
17
|
-
flowType: AuthzFlowType.AUTHORIZATION_CODE_FLOW,
|
|
18
18
|
});
|
|
19
19
|
});
|
|
20
20
|
|
|
@@ -24,20 +24,19 @@ describe('OpenID4VCIClient', () => {
|
|
|
24
24
|
|
|
25
25
|
it('should successfully retrieve the authorization code using PAR', async () => {
|
|
26
26
|
client.endpointMetadata.credentialIssuerMetadata!.pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
|
|
27
|
+
client.endpointMetadata.credentialIssuerMetadata!.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
|
|
27
28
|
const actual = await client.acquirePushedAuthorizationRequestURI({
|
|
28
|
-
clientId: 'test-client',
|
|
29
29
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
30
30
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
31
31
|
scope: 'openid TestCredential',
|
|
32
32
|
redirectUri: 'http://localhost:8881/cb',
|
|
33
33
|
});
|
|
34
|
-
expect(actual
|
|
34
|
+
expect(actual).toEqual('https://server.example.com/v1/auth/authorize?request_uri=test_uri');
|
|
35
35
|
});
|
|
36
36
|
|
|
37
37
|
it('should fail when pushed_authorization_request_endpoint is not present', async () => {
|
|
38
38
|
await expect(() =>
|
|
39
39
|
client.acquirePushedAuthorizationRequestURI({
|
|
40
|
-
clientId: 'test-client',
|
|
41
40
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
42
41
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
43
42
|
scope: 'openid TestCredential',
|
|
@@ -49,7 +48,6 @@ describe('OpenID4VCIClient', () => {
|
|
|
49
48
|
it('should fail when authorization_details and scope are not present', async () => {
|
|
50
49
|
await expect(() =>
|
|
51
50
|
client.acquirePushedAuthorizationRequestURI({
|
|
52
|
-
clientId: 'test-client',
|
|
53
51
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
54
52
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
55
53
|
redirectUri: 'http://localhost:8881/cb',
|
|
@@ -59,8 +57,8 @@ describe('OpenID4VCIClient', () => {
|
|
|
59
57
|
|
|
60
58
|
it('should not fail when only authorization_details is present', async () => {
|
|
61
59
|
client.endpointMetadata.credentialIssuerMetadata!.pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
|
|
60
|
+
client.endpointMetadata.credentialIssuerMetadata!.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
|
|
62
61
|
const actual = await client.acquirePushedAuthorizationRequestURI({
|
|
63
|
-
clientId: 'test-client',
|
|
64
62
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
65
63
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
66
64
|
authorizationDetails: [
|
|
@@ -75,25 +73,25 @@ describe('OpenID4VCIClient', () => {
|
|
|
75
73
|
],
|
|
76
74
|
redirectUri: 'http://localhost:8881/cb',
|
|
77
75
|
});
|
|
78
|
-
expect(actual
|
|
76
|
+
expect(actual).toEqual('https://server.example.com/v1/auth/authorize?request_uri=test_uri');
|
|
79
77
|
});
|
|
80
78
|
|
|
81
79
|
it('should not fail when only scope is present', async () => {
|
|
82
80
|
client.endpointMetadata.credentialIssuerMetadata!.pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
|
|
81
|
+
client.endpointMetadata.credentialIssuerMetadata!.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
|
|
83
82
|
const actual = await client.acquirePushedAuthorizationRequestURI({
|
|
84
|
-
clientId: 'test-client',
|
|
85
83
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
86
84
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
87
85
|
scope: 'openid TestCredential',
|
|
88
86
|
redirectUri: 'http://localhost:8881/cb',
|
|
89
87
|
});
|
|
90
|
-
expect(actual
|
|
88
|
+
expect(actual).toEqual('https://server.example.com/v1/auth/authorize?request_uri=test_uri');
|
|
91
89
|
});
|
|
92
90
|
|
|
93
91
|
it('should not fail when both authorization_details and scope are present', async () => {
|
|
94
92
|
client.endpointMetadata.credentialIssuerMetadata!.pushed_authorization_request_endpoint = `${MOCK_URL}v1/auth/par`;
|
|
93
|
+
client.endpointMetadata.credentialIssuerMetadata!.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
|
|
95
94
|
const actual = await client.acquirePushedAuthorizationRequestURI({
|
|
96
|
-
clientId: 'test-client',
|
|
97
95
|
codeChallengeMethod: CodeChallengeMethod.SHA256,
|
|
98
96
|
codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
|
|
99
97
|
authorizationDetails: [
|
|
@@ -109,6 +107,6 @@ describe('OpenID4VCIClient', () => {
|
|
|
109
107
|
scope: 'openid TestCredential',
|
|
110
108
|
redirectUri: 'http://localhost:8881/cb',
|
|
111
109
|
});
|
|
112
|
-
expect(actual
|
|
110
|
+
expect(actual).toEqual('https://server.example.com/v1/auth/authorize?request_uri=test_uri');
|
|
113
111
|
});
|
|
114
112
|
});
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/oid4vci-client",
|
|
3
|
-
"version": "0.7.4-unstable.
|
|
3
|
+
"version": "0.7.4-unstable.8+1114e83",
|
|
4
4
|
"description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client",
|
|
5
5
|
"source": "lib/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
"build": "tsc"
|
|
16
16
|
},
|
|
17
17
|
"dependencies": {
|
|
18
|
-
"@sphereon/oid4vci-common": "0.7.4-unstable.
|
|
18
|
+
"@sphereon/oid4vci-common": "0.7.4-unstable.8+1114e83",
|
|
19
19
|
"@sphereon/ssi-types": "0.17.2",
|
|
20
20
|
"cross-fetch": "^3.1.8",
|
|
21
21
|
"debug": "^4.3.4"
|
|
@@ -64,5 +64,5 @@
|
|
|
64
64
|
"OIDC4VCI",
|
|
65
65
|
"OID4VCI"
|
|
66
66
|
],
|
|
67
|
-
"gitHead": "
|
|
67
|
+
"gitHead": "1114e8308ee421aeb08fda65d1bc311182a2f95a"
|
|
68
68
|
}
|