npm - @sphereon/oid4vci-common - Versions diffs - 0.20.2-next.2 → 0.20.2-next.21 - Mend

@sphereon/oid4vci-common 0.20.2-next.2 → 0.20.2-next.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -150,7 +150,9 @@ __export(index_exports, {
   convertJsonToURI: () => convertJsonToURI,
   convertURIToJsonObject: () => convertURIToJsonObject,
   createCodeChallenge: () => createCodeChallenge,
+  createCwtProofOfPossession: () => createCwtProofOfPossession,
   createProofOfPossession: () => createProofOfPossession,
+  credentialIssuerMetadataFieldNamesV1_0: () => credentialIssuerMetadataFieldNamesV1_0,
   credentialIssuerMetadataFieldNamesV1_0_15: () => credentialIssuerMetadataFieldNamesV1_0_15,
   decodeJsonProperties: () => decodeJsonProperties,
   determineFlowType: () => determineFlowType,
@@ -193,6 +195,7 @@ __export(index_exports, {
   isW3cCredentialSupported: () => isW3cCredentialSupported,
   normalizeOfferInput: () => normalizeOfferInput,
   post: () => post,
+  processSignedMetadata: () => processSignedMetadata,
   resolveCredentialOfferURI: () => resolveCredentialOfferURI,
   supportedOID4VCICredentialFormat: () => supportedOID4VCICredentialFormat,
   toAuthorizationResponsePayload: () => toAuthorizationResponsePayload,
@@ -342,6 +345,27 @@ var credentialIssuerMetadataFieldNamesV1_0_15 = [
   "authorization_challenge_endpoint"
 ];
+// lib/types/v1_0.types.ts
+init_cjs_shims();
+var credentialIssuerMetadataFieldNamesV1_0 = [
+  "credential_issuer",
+  "credential_configurations_supported",
+  "credential_endpoint",
+  "nonce_endpoint",
+  "deferred_credential_endpoint",
+  "notification_endpoint",
+  "credential_response_encryption",
+  "batch_credential_issuance_supported",
+  "credential_issuer_public_key",
+  "authorization_servers",
+  "token_endpoint",
+  "display",
+  "credential_supplier_config",
+  "credential_identifiers_supported",
+  "signed_metadata",
+  "authorization_challenge_endpoint"
+];
 // lib/types/ServerMetadata.ts
 init_cjs_shims();
 var authorizationServerMetadataFieldNames = [
@@ -420,6 +444,7 @@ var WRONG_METADATA_FORMAT = "Wrong metadata format";
 init_cjs_shims();
 var OpenId4VCIVersion = /* @__PURE__ */ (function(OpenId4VCIVersion2) {
   OpenId4VCIVersion2[OpenId4VCIVersion2["VER_1_0_15"] = 1015] = "VER_1_0_15";
+  OpenId4VCIVersion2[OpenId4VCIVersion2["VER_1_0"] = 1100] = "VER_1_0";
   OpenId4VCIVersion2[OpenId4VCIVersion2["VER_UNKNOWN"] = Number.MAX_VALUE] = "VER_UNKNOWN";
   return OpenId4VCIVersion2;
 })({});
@@ -604,7 +629,8 @@ var adjustUrl = /* @__PURE__ */ __name((urlOrPath, opts) => {
 // lib/functions/CredentialResponseUtil.ts
 function isDeferredCredentialResponse(credentialResponse) {
   const orig = credentialResponse.successBody;
-  return credentialResponse.origResponse.status % 200 <= 2 && !!orig && !orig.credentials && (!!orig.acceptance_token || !!orig.transaction_id);
+  const hasNoCredential = !orig?.credentials && !orig?.credential;
+  return credentialResponse.origResponse.status % 200 <= 2 && !!orig && hasNoCredential && (!!orig.acceptance_token || !!orig.transaction_id);
 }
 __name(isDeferredCredentialResponse, "isDeferredCredentialResponse");
 function assertNonFatalError(credentialResponse) {
@@ -642,7 +668,7 @@ async function acquireDeferredCredential({ bearerToken, transactionId, deferredC
     deferredCredentialEndpoint
   });
   const DEFAULT_SLEEP_IN_MS = 5e3;
-  while (!credentialResponse.successBody?.credentials && deferredCredentialAwait) {
+  while (!credentialResponse.successBody?.credentials && !credentialResponse.successBody?.credential && deferredCredentialAwait) {
     assertNonFatalError(credentialResponse);
     const pending = isDeferredCredentialIssuancePending(credentialResponse);
     console.log(`Issuance still pending?: ${pending}`);
@@ -683,7 +709,7 @@ var logger2 = import_ssi_types2.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
 function determineSpecVersionFromURI(uri) {
   let version = determineSpecVersionFromScheme(uri, OpenId4VCIVersion.VER_UNKNOWN) ?? OpenId4VCIVersion.VER_UNKNOWN;
   if (version === OpenId4VCIVersion.VER_UNKNOWN) {
-    version = OpenId4VCIVersion.VER_1_0_15;
+    version = OpenId4VCIVersion.VER_1_0;
   }
   return version;
 }
@@ -815,7 +841,7 @@ var getStateFromCredentialOfferPayload = /* @__PURE__ */ __name((credentialOffer
 }, "getStateFromCredentialOfferPayload");
 function determineSpecVersionFromOffer(offer) {
   if (isCredentialOfferV1_0_15(offer)) {
-    return OpenId4VCIVersion.VER_1_0_15;
+    return OpenId4VCIVersion.VER_1_0;
   }
   return OpenId4VCIVersion.VER_UNKNOWN;
 }
@@ -1197,19 +1223,22 @@ function getTypesFromAuthorizationDetails(authDetails, opts) {
 __name(getTypesFromAuthorizationDetails, "getTypesFromAuthorizationDetails");
 function getTypesFromCredentialSupported(credentialSupported, opts) {
   let types = [];
-  if (credentialSupported.format === "jwt_vc_json" || credentialSupported.format === "jwt_vc" || credentialSupported.format === "jwt_vc_json-ld" || credentialSupported.format === "ldp_vc") {
+  const format = credentialSupported.format;
+  if (format === "jwt_vc_json" || format === "jwt_vc" || format === "jwt_vc_json-ld" || format === "ldp_vc") {
     types = getTypesFromObject(credentialSupported) ?? [];
-  } else if (credentialSupported.format === "dc+sd-jwt" || credentialSupported.format === "vc+sd-jwt") {
+  } else if (format === "dc+sd-jwt" || format === "vc+sd-jwt") {
     types = [
       credentialSupported.vct
     ];
-  } else if (credentialSupported.format === "mso_mdoc") {
+  } else if (format === "mso_mdoc") {
     types = [
       credentialSupported.doctype
     ];
+  } else {
+    throw Error(`Unsupported credential format '${format}'`);
   }
   if (!types || types.length === 0) {
-    throw Error("Could not deduce types from credential supported");
+    throw Error(`Could not deduce types from credential supported (format '${format}')`);
   }
   if (opts?.filterVerifiableCredential) {
     return types.filter((type) => type !== "VerifiableCredential");
@@ -1243,7 +1272,37 @@ __name(getSupportedCredentials, "getSupportedCredentials");
 function determineVersionsFromIssuerMetadata(issuerMetadata) {
   const versions = /* @__PURE__ */ new Set();
   if ("credential_configurations_supported" in issuerMetadata) {
-    versions.add(OpenId4VCIVersion.VER_1_0_15);
+    let is1_0Final = false;
+    if ("batch_credential_issuance_supported" in issuerMetadata && typeof issuerMetadata.batch_credential_issuance_supported === "boolean") {
+      is1_0Final = true;
+    }
+    if ("credential_issuer_public_key" in issuerMetadata) {
+      is1_0Final = true;
+    }
+    if (!is1_0Final) {
+      const configs = issuerMetadata.credential_configurations_supported;
+      if (configs) {
+        for (const config of Object.values(configs)) {
+          if ("cryptographic_suites_supported" in config) {
+            is1_0Final = true;
+            break;
+          }
+          if (config.proof_types_supported && "di_vp" in config.proof_types_supported) {
+            is1_0Final = true;
+            break;
+          }
+        }
+      }
+    }
+    if (is1_0Final) {
+      versions.add(OpenId4VCIVersion.VER_1_0);
+    } else {
+      if ("batch_credential_issuance" in issuerMetadata && typeof issuerMetadata.batch_credential_issuance === "object") {
+        versions.add(OpenId4VCIVersion.VER_1_0_15);
+      } else {
+        versions.add(OpenId4VCIVersion.VER_1_0);
+      }
+    }
   }
   if (versions.size === 0) {
     versions.add(OpenId4VCIVersion.VER_UNKNOWN);
@@ -1402,6 +1461,16 @@ var createProofOfPossession = /* @__PURE__ */ __name(async (popMode, callbacks,
 ${jwt}`);
   return proof;
 }, "createProofOfPossession");
+var createCwtProofOfPossession = /* @__PURE__ */ __name(async (callbacks, opts) => {
+  if (!callbacks.cwtSignCallback) {
+    throw new Error("No CWT signer callback supplied");
+  }
+  const cwt = await callbacks.cwtSignCallback(opts);
+  return {
+    proof_type: "cwt",
+    cwt
+  };
+}, "createCwtProofOfPossession");
 var partiallyValidateJWS = /* @__PURE__ */ __name((jws) => {
   if (jws.split(".").length !== 3 || !jws.startsWith("ey")) {
     throw new Error(JWS_NOT_VALID);
@@ -1570,6 +1639,33 @@ var assertValidCodeVerifier = /* @__PURE__ */ __name((codeVerifier) => {
   }
 }, "assertValidCodeVerifier");
+// lib/functions/SignedMetadataUtils.ts
+init_cjs_shims();
+async function processSignedMetadata(opts) {
+  const { metadata, issuer, signedMetadataVerifyCallback } = opts;
+  if (!metadata.signed_metadata) {
+    return metadata;
+  }
+  if (!signedMetadataVerifyCallback) {
+    VCI_LOG_COMMON.warning(`Issuer ${issuer} provides signed_metadata but no signedMetadataVerifyCallback was provided. Signed metadata will not be verified or applied.`);
+    return metadata;
+  }
+  const result = await signedMetadataVerifyCallback({
+    signedMetadata: metadata.signed_metadata,
+    issuer
+  });
+  if (!result.verified) {
+    throw Error(`Signed metadata verification failed for issuer ${issuer}`);
+  }
+  VCI_LOG_COMMON.info(`Signed metadata verified for issuer ${issuer}, applying signed claims`);
+  const { iss: _iss, iat: _iat, exp: _exp, nbf: _nbf, jti: _jti, aud: _aud, sub: _sub, ...metadataClaims } = result.metadata;
+  return {
+    ...metadata,
+    ...metadataClaims
+  };
+}
+__name(processSignedMetadata, "processSignedMetadata");
 // lib/experimental/holder-vci.ts
 init_cjs_shims();
 var EXPERIMENTAL_SUBJECT_PROOF_MODE_ENABLED = process.env.EXPERIMENTAL_SUBJECT_PROOF_MODE?.trim().toLowerCase() === "true";