npm - @sphereon/ssi-sdk-ext.identifier-resolution - Versions diffs - 0.24.1-next.97 → 0.24.1-unstable.111 - Mend

@sphereon/ssi-sdk-ext.identifier-resolution 0.24.1-next.97 → 0.24.1-unstable.111

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/dist/agent/IdentifierResolution.d.ts +3 -0
package/dist/agent/IdentifierResolution.d.ts.map +1 -1
package/dist/agent/IdentifierResolution.js +19 -1
package/dist/agent/IdentifierResolution.js.map +1 -1
package/dist/functions/LegacySupport.d.ts +12 -0
package/dist/functions/LegacySupport.d.ts.map +1 -0
package/dist/functions/LegacySupport.js +40 -0
package/dist/functions/LegacySupport.js.map +1 -0
package/dist/functions/externalIdentifierFunctions.d.ts +17 -1
package/dist/functions/externalIdentifierFunctions.d.ts.map +1 -1
package/dist/functions/externalIdentifierFunctions.js +82 -2
package/dist/functions/externalIdentifierFunctions.js.map +1 -1
package/dist/functions/index.d.ts +1 -11
package/dist/functions/index.d.ts.map +1 -1
package/dist/functions/index.js +1 -36
package/dist/functions/index.js.map +1 -1
package/dist/functions/managedIdentifierFunctions.d.ts +16 -5
package/dist/functions/managedIdentifierFunctions.d.ts.map +1 -1
package/dist/functions/managedIdentifierFunctions.js +66 -6
package/dist/functions/managedIdentifierFunctions.js.map +1 -1
package/dist/types/IIdentifierResolution.d.ts +10 -3
package/dist/types/IIdentifierResolution.d.ts.map +1 -1
package/dist/types/IIdentifierResolution.js +3 -0
package/dist/types/IIdentifierResolution.js.map +1 -1
package/dist/types/common.d.ts +2 -1
package/dist/types/common.d.ts.map +1 -1
package/dist/types/common.js +5 -1
package/dist/types/common.js.map +1 -1
package/dist/types/externalIdentifierTypes.d.ts +23 -6
package/dist/types/externalIdentifierTypes.d.ts.map +1 -1
package/dist/types/externalIdentifierTypes.js +6 -1
package/dist/types/externalIdentifierTypes.js.map +1 -1
package/dist/types/managedIdentifierTypes.d.ts +29 -7
package/dist/types/managedIdentifierTypes.d.ts.map +1 -1
package/dist/types/managedIdentifierTypes.js +10 -1
package/dist/types/managedIdentifierTypes.js.map +1 -1
package/package.json +12 -12
package/plugin.schema.json +2126 -222
package/src/agent/IdentifierResolution.ts +56 -10
package/src/functions/LegacySupport.ts +54 -0
package/src/functions/externalIdentifierFunctions.ts +94 -4
package/src/functions/index.ts +1 -51
package/src/functions/managedIdentifierFunctions.ts +79 -10
package/src/types/IIdentifierResolution.ts +24 -2
package/src/types/common.ts +5 -1
package/src/types/externalIdentifierTypes.ts +54 -13
package/src/types/managedIdentifierTypes.ts +47 -8

package/src/agent/IdentifierResolution.ts CHANGED Viewed

@@ -1,6 +1,16 @@
 import { IAgentContext, IAgentPlugin, IDIDManager, IKeyManager } from '@veramo/core'
-import { ManagedIdentifierKeyOpts, ManagedIdentifierKeyResult, schema } from '..'
-import { getManagedIdentifier, resolveExternalIdentifier } from '../functions'
+import {
+  ensureManagedIdentifierResult,
+  ExternalIdentifierCoseKeyOpts,
+  ExternalIdentifierCoseKeyResult,
+  ExternalIdentifierJwkOpts,
+  ExternalIdentifierJwkResult,
+  ManagedIdentifierKeyOpts,
+  ManagedIdentifierKeyResult,
+  ManagedIdentifierOptsOrResult,
+  schema,
+} from '..'
+import { resolveExternalIdentifier } from '../functions'
 import {
   ExternalIdentifierDidOpts,
   ExternalIdentifierDidResult,
@@ -9,13 +19,14 @@ import {
   ExternalIdentifierX5cOpts,
   ExternalIdentifierX5cResult,
   IIdentifierResolution,
+  ManagedIdentifierCoseKeyOpts,
+  ManagedIdentifierCoseKeyResult,
   ManagedIdentifierDidOpts,
   ManagedIdentifierDidResult,
   ManagedIdentifierJwkOpts,
   ManagedIdentifierJwkResult,
   ManagedIdentifierKidOpts,
   ManagedIdentifierKidResult,
-  ManagedIdentifierOpts,
   ManagedIdentifierResult,
   ManagedIdentifierX5cOpts,
   ManagedIdentifierX5cResult,
@@ -35,10 +46,13 @@ export class IdentifierResolution implements IAgentPlugin {
     identifierManagedGetByJwk: this.identifierGetManagedByJwk.bind(this),
     identifierManagedGetByX5c: this.identifierGetManagedByX5c.bind(this),
     identifierManagedGetByKey: this.identifierGetManagedByKey.bind(this),
+    identifierManagedGetByCoseKey: this.identifierGetManagedByCoseKey.bind(this),
     identifierExternalResolve: this.identifierResolveExternal.bind(this),
     identifierExternalResolveByDid: this.identifierExternalResolveByDid.bind(this),
     identifierExternalResolveByX5c: this.identifierExternalResolveByX5c.bind(this),
+    identifierExternalResolveByJwk: this.identifierExternalResolveByJwk.bind(this),
+    identifierExternalResolveByCoseKey: this.identifierExternalResolveByCoseKey.bind(this),
     // todo: JWKSet, oidc-discovery, oid4vci-issuer etc. Anything we already can resolve and need keys of
   }
@@ -57,30 +71,52 @@ export class IdentifierResolution implements IAgentPlugin {
    * @param context
    * @private
    */
-  private async identifierGetManaged(args: ManagedIdentifierOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierResult> {
-    return await getManagedIdentifier({ ...args, crypto: this._crypto }, context)
+  private async identifierGetManaged(
+    args: ManagedIdentifierOptsOrResult,
+    context: IAgentContext<IKeyManager & IIdentifierResolution>
+  ): Promise<ManagedIdentifierResult> {
+    return await ensureManagedIdentifierResult({ ...args, crypto: this._crypto }, context)
   }
   private async identifierGetManagedByDid(
     args: ManagedIdentifierDidOpts,
-    context: IAgentContext<IKeyManager & IDIDManager>
+    context: IAgentContext<IKeyManager & IDIDManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierDidResult> {
     return (await this.identifierGetManaged({ ...args, method: 'did' }, context)) as ManagedIdentifierDidResult
   }
-  private async identifierGetManagedByKid(args: ManagedIdentifierKidOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierKidResult> {
+  private async identifierGetManagedByKid(
+    args: ManagedIdentifierKidOpts,
+    context: IAgentContext<IKeyManager & IIdentifierResolution>
+  ): Promise<ManagedIdentifierKidResult> {
     return (await this.identifierGetManaged({ ...args, method: 'kid' }, context)) as ManagedIdentifierKidResult
   }
-  private async identifierGetManagedByKey(args: ManagedIdentifierKeyOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierKeyResult> {
+  private async identifierGetManagedByKey(
+    args: ManagedIdentifierKeyOpts,
+    context: IAgentContext<IKeyManager & IIdentifierResolution>
+  ): Promise<ManagedIdentifierKeyResult> {
     return (await this.identifierGetManaged({ ...args, method: 'key' }, context)) as ManagedIdentifierKeyResult
   }
-  private async identifierGetManagedByJwk(args: ManagedIdentifierJwkOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierJwkResult> {
+  private async identifierGetManagedByCoseKey(
+    args: ManagedIdentifierCoseKeyOpts,
+    context: IAgentContext<IKeyManager & IIdentifierResolution>
+  ): Promise<ManagedIdentifierCoseKeyResult> {
+    return (await this.identifierGetManaged({ ...args, method: 'cose_key' }, context)) as ManagedIdentifierCoseKeyResult
+  }
+  private async identifierGetManagedByJwk(
+    args: ManagedIdentifierJwkOpts,
+    context: IAgentContext<IKeyManager & IIdentifierResolution>
+  ): Promise<ManagedIdentifierJwkResult> {
     return (await this.identifierGetManaged({ ...args, method: 'jwk' }, context)) as ManagedIdentifierJwkResult
   }
-  private async identifierGetManagedByX5c(args: ManagedIdentifierX5cOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierX5cResult> {
+  private async identifierGetManagedByX5c(
+    args: ManagedIdentifierX5cOpts,
+    context: IAgentContext<IKeyManager & IIdentifierResolution>
+  ): Promise<ManagedIdentifierX5cResult> {
     return (await this.identifierGetManaged({ ...args, method: 'x5c' }, context)) as ManagedIdentifierX5cResult
   }
@@ -95,4 +131,14 @@ export class IdentifierResolution implements IAgentPlugin {
   private async identifierExternalResolveByX5c(args: ExternalIdentifierX5cOpts, context: IAgentContext<any>): Promise<ExternalIdentifierX5cResult> {
     return (await this.identifierResolveExternal({ ...args, method: 'x5c' }, context)) as ExternalIdentifierX5cResult
   }
+  private async identifierExternalResolveByCoseKey(
+    args: ExternalIdentifierCoseKeyOpts,
+    context: IAgentContext<any>
+  ): Promise<ExternalIdentifierCoseKeyResult> {
+    return (await this.identifierResolveExternal({ ...args, method: 'cose_key' }, context)) as ExternalIdentifierCoseKeyResult
+  }
+  private async identifierExternalResolveByJwk(args: ExternalIdentifierJwkOpts, context: IAgentContext<any>): Promise<ExternalIdentifierJwkResult> {
+    return (await this.identifierResolveExternal({ ...args, method: 'jwk' }, context)) as ExternalIdentifierJwkResult
+  }
 }

package/src/functions/LegacySupport.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import { IIdentifier } from '@veramo/core'
+import { ManagedIdentifierDidOpts, ManagedIdentifierOptsOrResult } from '../types'
+/**
+ * Converts legacy id opts key refs to the new ManagedIdentifierOpts
+ * @param opts
+ */
+export function legacyKeyRefsToIdentifierOpts(opts: {
+  idOpts?: ManagedIdentifierOptsOrResult
+  iss?: string
+  keyRef?: string
+  didOpts?: any
+}): ManagedIdentifierOptsOrResult {
+  if (!opts.idOpts) {
+    console.warn(
+      `Legacy idOpts being used. Support will be dropped in the future. Consider switching to the idOpts, to have support for DIDs, JWKS, x5c etc. See https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/tree/feature/multi_identifier_support/packages/identifier-resolution`
+    )
+    // legacy way
+    let kmsKeyRef =
+      opts.keyRef ??
+      opts.didOpts?.idOpts?.kmsKeyRef ??
+      opts.didOpts?.kid ??
+      opts.didOpts.idOpts?.kid ??
+      (typeof opts.didOpts?.idOpts.identifier === 'object' ? (opts.didOpts?.idOpts.identifier as IIdentifier).keys[0].kid : undefined)
+    if (!kmsKeyRef) {
+      throw Error('Key ref is needed for access token signer')
+    }
+    let identifier = (opts.didOpts?.identifier ?? opts.didOpts?.idOpts?.identifier) as IIdentifier | undefined
+    return {
+      kmsKeyRef: opts.keyRef ?? kmsKeyRef,
+      identifier: identifier ?? kmsKeyRef,
+      issuer: opts.iss,
+    } satisfies ManagedIdentifierDidOpts
+  } else {
+    const idOpts = opts.idOpts
+    if (opts.keyRef && !idOpts.kmsKeyRef) {
+      // legacy way
+      console.warn(
+        `Legacy keyRef being used. Support will be dropped in the future. Consider switching to the idOpts, to have support for DIDs, JWKS, x5c etc. See https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/tree/feature/multi_identifier_support/packages/identifier-resolution`
+      )
+      idOpts.kmsKeyRef = opts.keyRef
+    }
+    if (opts.iss && !idOpts.issuer) {
+      // legacy way
+      console.warn(
+        `Legacy iss being used. Support will be dropped in the future. Consider switching to the idOpts, to have support for DIDs, JWKS, x5c etc. See https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/tree/feature/multi_identifier_support/packages/identifier-resolution`
+      )
+      idOpts.issuer = opts.iss
+    }
+    return idOpts
+  }
+}

package/src/functions/externalIdentifierFunctions.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { didDocumentToJwks, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
-import { calculateJwkThumbprint, JWK } from '@sphereon/ssi-sdk-ext.key-utils'
+import { didDocumentToJwks, getAgentResolver, jwkTtoPublicKeyHex } from '@sphereon/ssi-sdk-ext.did-utils'
+import { calculateJwkThumbprint, coseKeyToJwk } from '@sphereon/ssi-sdk-ext.key-utils'
 import {
   getSubjectDN,
   pemOrDerToX509Certificate,
@@ -8,20 +8,26 @@ import {
   X509ValidationResult,
 } from '@sphereon/ssi-sdk-ext.x509-utils'
 import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
-import { IParsedDID, parseDid } from '@sphereon/ssi-types'
+import { IParsedDID, JWK, parseDid } from '@sphereon/ssi-types'
 import { IAgentContext, IDIDManager, IResolver } from '@veramo/core'
 import { isDefined } from '@veramo/utils'
 import { CryptoEngine, setEngine } from 'pkijs'
 import {
+  ExternalIdentifierCoseKeyOpts,
+  ExternalIdentifierCoseKeyResult,
   ExternalIdentifierDidOpts,
   ExternalIdentifierDidResult,
+  ExternalIdentifierJwkOpts,
+  ExternalIdentifierJwkResult,
   ExternalIdentifierMethod,
   ExternalIdentifierOpts,
   ExternalIdentifierResult,
   ExternalIdentifierX5cOpts,
   ExternalIdentifierX5cResult,
   ExternalJwkInfo,
+  isExternalIdentifierCoseKeyOpts,
   isExternalIdentifierDidOpts,
+  isExternalIdentifierJwkOpts,
   isExternalIdentifierJwksUrlOpts,
   isExternalIdentifierKidOpts,
   isExternalIdentifierOidcDiscoveryOpts,
@@ -39,6 +45,10 @@ export async function resolveExternalIdentifier(
     return resolveExternalDidIdentifier(opts, context)
   } else if (isExternalIdentifierX5cOpts(opts)) {
     return resolveExternalX5cIdentifier(opts, context)
+  } else if (isExternalIdentifierJwkOpts(opts)) {
+    return resolveExternalJwkIdentifier(opts, context)
+  } else if (isExternalIdentifierCoseKeyOpts(opts)) {
+    return resolveExternalCoseKeyIdentifier(opts, context)
   } else if (isExternalIdentifierKidOpts(opts)) {
     method = 'kid'
   } else if (isExternalIdentifierJwksUrlOpts(opts)) {
@@ -82,6 +92,7 @@ export async function resolveExternalX5cIdentifier(
         chain: opts.identifier,
         trustAnchors: opts.trustAnchors ?? [],
         verificationTime: opts.verificationTime,
+        opts,
       })
     }
     if (verificationResult.certificateChain) {
@@ -90,6 +101,7 @@ export async function resolveExternalX5cIdentifier(
           jwk: cert.publicKeyJWK,
           kid: cert.subject.dn.DN,
           jwkThumbprint: calculateJwkThumbprint({ jwk: cert.publicKeyJWK }),
+          publicKeyHex: jwkTtoPublicKeyHex(cert.publicKeyJWK),
         } satisfies ExternalJwkInfo
       })
     }
@@ -108,6 +120,7 @@ export async function resolveExternalX5cIdentifier(
           jwk,
           kid: getSubjectDN(cert).DN,
           jwkThumbprint: calculateJwkThumbprint({ jwk }),
+          publicKeyHex: jwkTtoPublicKeyHex(jwk),
         } satisfies ExternalJwkInfo
       })
     )
@@ -129,6 +142,78 @@ export async function resolveExternalX5cIdentifier(
   }
 }
+/**
+ * Resolves a JWK. Normally this is just returning the JWK, but in case the JWK contains a x5c the chain is validated
+ * @param opts
+ * @param context
+ */
+export async function resolveExternalJwkIdentifier(
+  opts: ExternalIdentifierJwkOpts & {
+    x5c?: ExternalIdentifierX5cOpts
+  },
+  context: IAgentContext<any>
+): Promise<ExternalIdentifierJwkResult> {
+  if (!isExternalIdentifierJwkOpts(opts)) {
+    return Promise.reject('External JWK Identifier args need to be provided')
+  }
+  const jwk = opts.identifier
+  let x5c: ExternalIdentifierX5cResult | undefined = undefined
+  if (jwk.x5c) {
+    x5c = await resolveExternalX5cIdentifier({ ...opts.x5c, identifier: jwk.x5c }, context)
+  }
+  const jwkThumbprint = calculateJwkThumbprint({ jwk })
+  return {
+    method: 'jwk',
+    jwk,
+    jwks: [
+      {
+        jwk,
+        jwkThumbprint,
+        kid: jwk.kid,
+        publicKeyHex: jwkTtoPublicKeyHex(jwk),
+      },
+    ],
+    x5c,
+  } satisfies ExternalIdentifierJwkResult
+}
+/**
+ * Resolves a JWK. Normally this is just returning the JWK, but in case the JWK contains a x5c the chain is validated
+ * @param opts
+ * @param context
+ */
+export async function resolveExternalCoseKeyIdentifier(
+  opts: ExternalIdentifierCoseKeyOpts & {
+    x5c?: ExternalIdentifierX5cOpts
+  },
+  context: IAgentContext<any>
+): Promise<ExternalIdentifierCoseKeyResult> {
+  if (!isExternalIdentifierCoseKeyOpts(opts)) {
+    return Promise.reject('External Cose Key args need to be provided')
+  }
+  // TODO: We need to do cbor conversion here as well.
+  const coseKey = opts.identifier
+  let x5c: ExternalIdentifierX5cResult | undefined = undefined
+  if (coseKey.x5chain) {
+    x5c = await resolveExternalX5cIdentifier({ ...opts.x5c, identifier: coseKey.x5chain }, context)
+  }
+  const jwk = coseKeyToJwk(coseKey)
+  const jwkThumbprint = calculateJwkThumbprint({ jwk })
+  return {
+    method: 'cose_key',
+    coseKey,
+    jwks: [
+      {
+        jwk,
+        jwkThumbprint,
+        kid: coseKey.kid,
+        publicKeyHex: jwkTtoPublicKeyHex(jwk),
+      },
+    ],
+    x5c,
+  } satisfies ExternalIdentifierCoseKeyResult
+}
 export async function resolveExternalDidIdentifier(
   opts: ExternalIdentifierDidOpts,
   context: IAgentContext<IResolver & IDIDManager>
@@ -163,7 +248,12 @@ export async function resolveExternalDidIdentifier(
             .flatMap((jwks) => jwks)
         )
       ).map((jwk) => {
-        return { jwk, jwkThumbprint: calculateJwkThumbprint({ jwk }), kid: jwk.kid }
+        return {
+          jwk,
+          jwkThumbprint: calculateJwkThumbprint({ jwk }),
+          kid: jwk.kid,
+          publicKeyHex: jwkTtoPublicKeyHex(jwk),
+        }
       })
     : []

package/src/functions/index.ts CHANGED Viewed

@@ -1,53 +1,3 @@
-import { IIdentifier } from '@veramo/core'
-import { ManagedIdentifierDidOpts, ManagedIdentifierOpts } from '../types'
 export * from './managedIdentifierFunctions'
 export * from './externalIdentifierFunctions'
-/**
- * Converts legacy id opts key refs to the new ManagedIdentifierOpts
- * @param opts
- */
-export function legacyKeyRefsToIdentifierOpts(opts: {
-  idOpts?: ManagedIdentifierOpts
-  iss?: string
-  keyRef?: string
-  didOpts?: any
-}): ManagedIdentifierOpts {
-  if (!opts.idOpts) {
-    console.warn(
-      `Legacy idOpts being used. Support will be dropped in the future. Consider switching to the idOpts, to have support for DIDs, JWKS, x5c etc. See https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/tree/feature/multi_identifier_support/packages/identifier-resolution`
-    )
-    // legacy way
-    let kmsKeyRef =
-      opts.keyRef ??
-      opts.didOpts?.idOpts?.kmsKeyRef ??
-      (typeof opts.didOpts?.idOpts.identifier === 'object' ? (opts.didOpts?.idOpts.identifier as IIdentifier).keys[0].kid : undefined)
-    if (!kmsKeyRef) {
-      throw Error('Key ref is needed for access token signer')
-    }
-    return {
-      kmsKeyRef: opts.keyRef ?? kmsKeyRef,
-      identifier: kmsKeyRef,
-      issuer: opts.iss,
-    } satisfies ManagedIdentifierDidOpts
-  } else {
-    const idOpts = opts.idOpts
-    if (opts.keyRef && !idOpts.kmsKeyRef) {
-      // legacy way
-      console.warn(
-        `Legacy keyRef being used. Support will be dropped in the future. Consider switching to the idOpts, to have support for DIDs, JWKS, x5c etc. See https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/tree/feature/multi_identifier_support/packages/identifier-resolution`
-      )
-      idOpts.kmsKeyRef = opts.keyRef
-    }
-    if (opts.iss && !idOpts.issuer) {
-      // legacy way
-      console.warn(
-        `Legacy iss being used. Support will be dropped in the future. Consider switching to the idOpts, to have support for DIDs, JWKS, x5c etc. See https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/tree/feature/multi_identifier_support/packages/identifier-resolution`
-      )
-      idOpts.issuer = opts.iss
-    }
-    return idOpts
-  }
-}
+export * from './LegacySupport'

package/src/functions/managedIdentifierFunctions.ts CHANGED Viewed

@@ -1,11 +1,13 @@
 import { getFirstKeyWithRelation } from '@sphereon/ssi-sdk-ext.did-utils'
-import { calculateJwkThumbprint, JWK, toJwk } from '@sphereon/ssi-sdk-ext.key-utils'
+import { calculateJwkThumbprint, coseKeyToJwk, toJwk } from '@sphereon/ssi-sdk-ext.key-utils'
 import { pemOrDerToX509Certificate } from '@sphereon/ssi-sdk-ext.x509-utils'
 import { contextHasDidManager, contextHasKeyManager } from '@sphereon/ssi-sdk.agent-config'
+import { ICoseKeyJson, JWK } from '@sphereon/ssi-types'
 import { IAgentContext, IIdentifier, IKey, IKeyManager } from '@veramo/core'
 import { CryptoEngine, setEngine } from 'pkijs'
 import {
   IIdentifierResolution,
+  isManagedIdentifierCoseKeyOpts,
   isManagedIdentifierDidOpts,
   isManagedIdentifierDidResult,
   isManagedIdentifierJwkOpts,
@@ -14,6 +16,8 @@ import {
   isManagedIdentifierKeyResult,
   isManagedIdentifierKidOpts,
   isManagedIdentifierX5cOpts,
+  ManagedIdentifierCoseKeyOpts,
+  ManagedIdentifierCoseKeyResult,
   ManagedIdentifierDidOpts,
   ManagedIdentifierDidResult,
   ManagedIdentifierJwkOpts,
@@ -22,7 +26,6 @@ import {
   ManagedIdentifierKeyResult,
   ManagedIdentifierKidOpts,
   ManagedIdentifierKidResult,
-  ManagedIdentifierOpts,
   ManagedIdentifierOptsOrResult,
   ManagedIdentifierResult,
   ManagedIdentifierX5cOpts,
@@ -36,6 +39,8 @@ export async function getManagedKidIdentifier(
   const method = 'kid'
   if (!contextHasKeyManager(context)) {
     return Promise.reject(Error(`Cannot get Key/JWK identifier if KeyManager plugin is not enabled!`))
+  } else if (opts.identifier.startsWith('did:')) {
+    return Promise.reject(Error(`managed kid resolution called but a did url was passed in. Please call the did resolution method`))
   }
   const key = await context.agent.keyManagerGet({ kid: opts.kmsKeyRef ?? opts.identifier })
   const jwk = toJwk(key.publicKeyHex, key.type, { key })
@@ -45,27 +50,39 @@ export async function getManagedKidIdentifier(
   return {
     method,
     key,
+    identifier: opts.identifier,
     jwk,
     jwkThumbprint,
     kid,
+    clientId: opts.clientId,
+    clientIdScheme: opts.clientIdScheme,
     issuer,
     kmsKeyRef: key.kid,
     opts,
   } satisfies ManagedIdentifierKidResult
 }
+export function isManagedIdentifierResult(
+  identifier: ManagedIdentifierOptsOrResult & {
+    crypto?: Crypto
+  }
+): identifier is ManagedIdentifierResult {
+  return 'key' in identifier && 'kmsKeyRef' in identifier && 'method' in identifier && 'opts' in identifier && 'jwkThumbprint' in identifier
+}
 /**
  * Allows to get a managed identifier result in case identifier options are passed in, but returns the identifier directly in case results are passed in. This means resolution can have happened before, or happens in this method
  * @param identifier
  * @param context
  */
 export async function ensureManagedIdentifierResult(
-  identifier: ManagedIdentifierOptsOrResult,
-  context: IAgentContext<IIdentifierResolution>
+  identifier: ManagedIdentifierOptsOrResult & {
+    crypto?: Crypto
+  },
+  context: IAgentContext<IKeyManager>
 ): Promise<ManagedIdentifierResult> {
-  return 'key' in identifier && 'kmsKeyRef' in identifier && 'method' in identifier && 'opts' in identifier
-    ? identifier
-    : await context.agent.identifierManagedGet(identifier)
+  const { lazyDisabled = false } = identifier
+  return !lazyDisabled && isManagedIdentifierResult(identifier) ? identifier : await getManagedIdentifier(identifier, context)
 }
 /**
@@ -86,15 +103,52 @@ export async function getManagedKeyIdentifier(opts: ManagedIdentifierKeyOpts, _c
   return {
     method,
     key,
+    identifier: key,
     jwk,
     jwkThumbprint,
     kid,
     issuer,
     kmsKeyRef: key.kid,
+    clientId: opts.clientId,
+    clientIdScheme: opts.clientIdScheme,
     opts,
   } satisfies ManagedIdentifierKeyResult
 }
+/**
+ * This function is just a convenience function to get a common result. The user already apparently had a key, so could have called the kid version as well
+ * @param opts
+ * @param context
+ */
+export async function getManagedCoseKeyIdentifier(
+  opts: ManagedIdentifierCoseKeyOpts,
+  context: IAgentContext<any>
+): Promise<ManagedIdentifierCoseKeyResult> {
+  const method = 'cose_key'
+  const coseKey: ICoseKeyJson = opts.identifier
+  if (!contextHasKeyManager(context)) {
+    return Promise.reject(Error(`Cannot get Cose Key identifier if KeyManager plugin is not enabled!`))
+  }
+  const jwk = coseKeyToJwk(coseKey)
+  const jwkThumbprint = calculateJwkThumbprint({ jwk })
+  const key = await context.agent.keyManagerGet({ kid: opts.kmsKeyRef ?? jwkThumbprint })
+  const kid = opts.kid ?? coseKey.kid ?? jwkThumbprint
+  const issuer = opts.issuer
+  return {
+    method,
+    key,
+    identifier: opts.identifier,
+    jwk,
+    jwkThumbprint,
+    kid,
+    issuer,
+    kmsKeyRef: key.kid,
+    clientId: opts.clientId,
+    clientIdScheme: opts.clientIdScheme,
+    opts,
+  } satisfies ManagedIdentifierCoseKeyResult
+}
 export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, context: IAgentContext<any>): Promise<ManagedIdentifierDidResult> {
   const method = 'did'
   if (!contextHasDidManager(context)) {
@@ -141,6 +195,8 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
     keys,
     issuer,
     identifier,
+    clientId: opts.clientId,
+    clientIdScheme: opts.clientIdScheme,
     opts,
   }
 }
@@ -162,10 +218,13 @@ export async function getManagedJwkIdentifier(
     method,
     key,
     kmsKeyRef: key.kid,
+    identifier: jwk,
     jwk,
     jwkThumbprint,
     kid,
     issuer,
+    clientId: opts.clientId,
+    clientIdScheme: opts.clientIdScheme,
     opts,
   } satisfies ManagedIdentifierJwkResult
 }
@@ -197,6 +256,7 @@ export async function getManagedX5cIdentifier(
   return {
     method,
     x5c,
+    identifier: x5c,
     certificate,
     jwk,
     jwkThumbprint,
@@ -204,17 +264,22 @@ export async function getManagedX5cIdentifier(
     kmsKeyRef: key.kid,
     kid,
     issuer,
+    clientId: opts.clientId,
+    clientIdScheme: opts.clientIdScheme,
     opts,
   } satisfies ManagedIdentifierX5cResult
 }
 export async function getManagedIdentifier(
-  opts: ManagedIdentifierOpts & {
+  opts: ManagedIdentifierOptsOrResult & {
     crypto?: Crypto
   },
   context: IAgentContext<IKeyManager>
 ): Promise<ManagedIdentifierResult> {
   let resolutionResult: ManagedIdentifierResult
+  if (isManagedIdentifierResult(opts)) {
+    opts
+  }
   if (isManagedIdentifierKidOpts(opts)) {
     resolutionResult = await getManagedKidIdentifier(opts, context)
   } else if (isManagedIdentifierDidOpts(opts)) {
@@ -225,6 +290,8 @@ export async function getManagedIdentifier(
     resolutionResult = await getManagedX5cIdentifier(opts, context)
   } else if (isManagedIdentifierKeyOpts(opts)) {
     resolutionResult = await getManagedKeyIdentifier(opts, context)
+  } else if (isManagedIdentifierCoseKeyOpts(opts)) {
+    resolutionResult = await getManagedCoseKeyIdentifier(opts, context)
   } else {
     return Promise.reject(Error(`Could not determine identifier method. Please provide explicitly`))
   }
@@ -238,7 +305,7 @@ export async function getManagedIdentifier(
 export async function managedIdentifierToKeyResult(
   identifier: ManagedIdentifierOptsOrResult,
-  context: IAgentContext<IIdentifierResolution>
+  context: IAgentContext<IIdentifierResolution & IKeyManager>
 ): Promise<ManagedIdentifierKeyResult> {
   const resolved = await ensureManagedIdentifierResult(identifier, context)
   if (isManagedIdentifierKeyResult(resolved)) {
@@ -247,12 +314,13 @@ export async function managedIdentifierToKeyResult(
   return {
     ...resolved,
     method: 'key',
+    identifier: resolved.key,
   } satisfies ManagedIdentifierKeyResult
 }
 export async function managedIdentifierToJwk(
   identifier: ManagedIdentifierOptsOrResult,
-  context: IAgentContext<IIdentifierResolution>
+  context: IAgentContext<IIdentifierResolution & IKeyManager>
 ): Promise<ManagedIdentifierJwkResult> {
   const resolved = await ensureManagedIdentifierResult(identifier, context)
   if (isManagedIdentifierJwkResult(resolved)) {
@@ -261,5 +329,6 @@ export async function managedIdentifierToJwk(
   return {
     ...resolved,
     method: 'jwk',
+    identifier: resolved.jwk,
   } satisfies ManagedIdentifierJwkResult
 }