@sphereon/ssi-sdk.ebsi-support 0.26.1-unstable.101

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. package/LICENSE +201 -0
  2. package/README.md +13 -0
  3. package/dist/agent/EbsiSupport.d.ts +12 -0
  4. package/dist/agent/EbsiSupport.d.ts.map +1 -0
  5. package/dist/agent/EbsiSupport.js +202 -0
  6. package/dist/agent/EbsiSupport.js.map +1 -0
  7. package/dist/did/EbsiDidProvider.d.ts +47 -0
  8. package/dist/did/EbsiDidProvider.d.ts.map +1 -0
  9. package/dist/did/EbsiDidProvider.js +172 -0
  10. package/dist/did/EbsiDidProvider.js.map +1 -0
  11. package/dist/did/EbsiDidResolver.d.ts +5 -0
  12. package/dist/did/EbsiDidResolver.d.ts.map +1 -0
  13. package/dist/did/EbsiDidResolver.js +10 -0
  14. package/dist/did/EbsiDidResolver.js.map +1 -0
  15. package/dist/did/functions.d.ts +66 -0
  16. package/dist/did/functions.d.ts.map +1 -0
  17. package/dist/did/functions.js +416 -0
  18. package/dist/did/functions.js.map +1 -0
  19. package/dist/did/index.d.ts +6 -0
  20. package/dist/did/index.d.ts.map +1 -0
  21. package/dist/did/index.js +6 -0
  22. package/dist/did/index.js.map +1 -0
  23. package/dist/did/services/EbsiRPCService.d.ts +13 -0
  24. package/dist/did/services/EbsiRPCService.d.ts.map +1 -0
  25. package/dist/did/services/EbsiRPCService.js +64 -0
  26. package/dist/did/services/EbsiRPCService.js.map +1 -0
  27. package/dist/did/services/EbsiRestService.d.ts +37 -0
  28. package/dist/did/services/EbsiRestService.d.ts.map +1 -0
  29. package/dist/did/services/EbsiRestService.js +90 -0
  30. package/dist/did/services/EbsiRestService.js.map +1 -0
  31. package/dist/did/types.d.ts +386 -0
  32. package/dist/did/types.d.ts.map +1 -0
  33. package/dist/did/types.js +47 -0
  34. package/dist/did/types.js.map +1 -0
  35. package/dist/functions/Attestation.d.ts +32 -0
  36. package/dist/functions/Attestation.d.ts.map +1 -0
  37. package/dist/functions/Attestation.js +182 -0
  38. package/dist/functions/Attestation.js.map +1 -0
  39. package/dist/functions/AttestationHeadlessCallbacks.d.ts +17 -0
  40. package/dist/functions/AttestationHeadlessCallbacks.d.ts.map +1 -0
  41. package/dist/functions/AttestationHeadlessCallbacks.js +194 -0
  42. package/dist/functions/AttestationHeadlessCallbacks.js.map +1 -0
  43. package/dist/functions/index.d.ts +7 -0
  44. package/dist/functions/index.d.ts.map +1 -0
  45. package/dist/functions/index.js +8 -0
  46. package/dist/functions/index.js.map +1 -0
  47. package/dist/index.d.ts +7 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +8 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/types/IEbsiSupport.d.ts +211 -0
  52. package/dist/types/IEbsiSupport.d.ts.map +1 -0
  53. package/dist/types/IEbsiSupport.js +5 -0
  54. package/dist/types/IEbsiSupport.js.map +1 -0
  55. package/package.json +86 -0
  56. package/src/agent/EbsiSupport.ts +250 -0
  57. package/src/did/EbsiDidProvider.ts +269 -0
  58. package/src/did/EbsiDidResolver.ts +16 -0
  59. package/src/did/functions.ts +528 -0
  60. package/src/did/index.ts +5 -0
  61. package/src/did/services/EbsiRPCService.ts +68 -0
  62. package/src/did/services/EbsiRestService.ts +117 -0
  63. package/src/did/types.ts +449 -0
  64. package/src/functions/Attestation.ts +262 -0
  65. package/src/functions/AttestationHeadlessCallbacks.ts +242 -0
  66. package/src/functions/index.ts +15 -0
  67. package/src/index.ts +8 -0
  68. package/src/types/IEbsiSupport.ts +241 -0
@@ -0,0 +1,241 @@
1
+ import { DiscoveryMetadataPayload, JWK } from '@sphereon/did-auth-siop'
2
+ import { OID4VCICredentialFormat, RequestObjectOpts } from '@sphereon/oid4vci-common'
3
+ import { Format, PresentationDefinitionV2 } from '@sphereon/pex-models'
4
+ import { IIdentifierOpts } from '@sphereon/ssi-sdk-ext.did-utils'
5
+ import { IBasicCredentialLocaleBranding, Party } from '@sphereon/ssi-sdk.data-store'
6
+ import { ErrorDetails, IOID4VCIHolder, MappedCredentialToAccept } from '@sphereon/ssi-sdk.oid4vci-holder'
7
+ import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
8
+ import { IDidAuthSiopOpAuthenticator } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'
9
+ import { PresentationSubmission, W3CVerifiableCredential } from '@sphereon/ssi-types'
10
+ import { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'
11
+ import { AttestationAuthRequestUrlResult } from '../functions'
12
+
13
+ /**
14
+ * The OpenID scope
15
+ * @readonly
16
+ * @enum {string}
17
+ */
18
+ export type EBSIScope =
19
+ | 'didr_write'
20
+ | 'didr_invite'
21
+ | 'tir_write'
22
+ | 'tir_invite'
23
+ | 'timestamp_write'
24
+ | 'tnt_authorise'
25
+ | 'tnt_create'
26
+ | 'tnt_write'
27
+ | 'did_authn'
28
+
29
+ export enum TokenType {
30
+ BEARER = 'Bearer',
31
+ }
32
+
33
+ export type EbsiEnvironment = 'pilot' | 'conformance' | 'conformance-test'
34
+ export type EbsiApiVersion = 'v3' | 'v4' | 'v5'
35
+ export type WellknownType = 'openid-credential-issuer' | 'openid-configuration'
36
+ export type EbsiMock = 'issuer-mock' | 'auth-mock'
37
+ export type EbsiSystem = 'authorisation' | 'conformance' | 'did-registry'
38
+
39
+ export type ApiOpts = { environment?: EbsiEnvironment; version: EbsiApiVersion }
40
+ export type WellknownOpts = ApiOpts & { type: WellknownType; system?: EbsiSystem | EbsiEnvironment; mock?: EbsiMock }
41
+
42
+ export interface IEbsiSupport extends IPluginMethodMap {
43
+ ebsiWellknownMetadata(args?: ApiOpts): Promise<GetOIDProviderMetadataResponse>
44
+
45
+ ebsiAuthorizationServerJwks(args?: ApiOpts): Promise<GetOIDProviderJwksResponse>
46
+
47
+ ebsiPresentationDefinitionGet(args: GetPresentationDefinitionArgs): Promise<GetPresentationDefinitionResponse>
48
+
49
+ ebsiAccessTokenGet(args: EBSIAuthAccessTokenGetArgs, context: IRequiredContext): Promise<GetAccessTokenResult>
50
+
51
+ ebsiCreateAttestationAuthRequestURL(args: CreateAttestationAuthRequestURLArgs, context: IRequiredContext): Promise<AttestationAuthRequestUrlResult>
52
+
53
+ ebsiGetAttestation(args: GetAttestationArgs, context: IRequiredContext): Promise<AttestationResult>
54
+ }
55
+
56
+ // export type ApiOpts = { environment?: EbsiEnvironment; version?: string }
57
+
58
+ /**
59
+ * @typedef EbsiOpenIDMetadata
60
+ * @type {object}
61
+ * @property {(URL | string)} issuer URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier. MUST be identical to the iss Claim value in ID Tokens issued from this Issuer.
62
+ * @property {(URL | string)} authorization_endpoint URL of the OP's OAuth 2.0 Authorization Endpoint.
63
+ * @property {(URL | string)} token_endpoint URL of the OP's OAuth 2.0 Token Endpoint.
64
+ * @property {(URL | string)} [presentation_definition_endpoint] URL of the OP's presentation definitions endpoint. Non-standard, used in EBSI
65
+ * @property {(URL | string)} jwks_uri URL of the authorization server's JWK Set [JWK] document
66
+ * @property {string[]} scopes_supported JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. (SIOP v2)
67
+ * @property {string[]} response_types_supported JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports (SIOP v2)
68
+ * @property {string[]} [response_mode_supported] JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports
69
+ * @property {string[]} [grant_types_supported] JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports.
70
+ * @property {string[]} subject_types_supported JSON array containing a list of the Subject Identifier types that this OP supports.
71
+ * @property {string[]} id_token_signing_alg_values_supported JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT
72
+ * @property {string[]} [request_object_signing_alg_values_supported] JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects
73
+ * @property {string[]} [request_parameter_supported] Boolean value specifying whether the OP supports use of the request parameter, with true indicating support
74
+ * @property {string[]} [token_endpoint_auth_methods_supported] JSON array containing a list of client authentication methods supported by this token endpoint
75
+ * @property {{ authorization_endpoint: string[] }} [request_authentication_methods_supported] A JSON Object defining the client authentications supported for each endpoint
76
+ * @property {string[]} [vp_formats_supported] An object containing a list of key value pairs, where the key is a string identifying a credential format supported by the AS
77
+ * @property {(URL[] | string[])} [subject_syntax_types_supported] A JSON array of strings representing URI scheme identifiers and optionally method names of supported Subject Syntax Types
78
+ * @property {string[]} [subject_trust_frameworks_supported] A JSON array of supported trust frameworks.
79
+ * @property {string[]} [id_token_types_supported] A JSON array of strings containing the list of ID Token types supported by the OP
80
+ */
81
+ export type EbsiOpenIDMetadata = DiscoveryMetadataPayload & {
82
+ presentation_definition_endpoint?: URL | string
83
+ }
84
+
85
+ /**
86
+ * JSON Web Key Set
87
+ * @typedef GetOIDProviderJwksSuccessResponse
88
+ * @property {JWK[]} keys
89
+ */
90
+ export interface GetOIDProviderJwksSuccessResponse {
91
+ keys: JWK[]
92
+ }
93
+
94
+ /**
95
+ * @typedef GetPresentationDefinitionArgs
96
+ * @type {object}
97
+ * @property {EBSIScope} scope
98
+ * @property {ApiOpts} [apiOpts] The environment and version of the API
99
+ */
100
+ export interface GetPresentationDefinitionArgs {
101
+ scope: EBSIScope
102
+ apiOpts?: WellknownOpts
103
+ openIDMetadata?: EbsiOpenIDMetadata
104
+ }
105
+
106
+ export type CreateAttestationAuthRequestURLArgs = {
107
+ credentialIssuer: string
108
+ credentialType: string
109
+ idOpts: IIdentifierOpts
110
+ requestObjectOpts: RequestObjectOpts
111
+ clientId?: string
112
+ redirectUri?: string
113
+ formats?: Array<Extract<OID4VCICredentialFormat, 'jwt_vc' | 'jwt_vc_json'>>
114
+ }
115
+
116
+ export type GetAttestationArgs = {
117
+ clientId: string
118
+ authReqResult: AttestationAuthRequestUrlResult
119
+ opts?: {
120
+ timeout: number
121
+ }
122
+ }
123
+
124
+ /**
125
+ * Presentation Definition V2
126
+ * @typedef GetPresentationDefinitionSuccessResponse
127
+ * @type {object}
128
+ * @property {string} id A UUID or some other unique ID to identify this Presentation Definition
129
+ * @property {string} [name] A name property is a human-friendly string intended to constitute a distinctive designation of the Presentation Definition.
130
+ * @property {string} [purpose] It describes the purpose for which the Presentation Definition's inputs are being requested.
131
+ * @property {Format} [format] What claim variants Verifiers and Holders support.
132
+ * @property {SubmissionRequirement[]} [submission_requirements] List of requirements for described inputs in input descriptors.
133
+ * @property {InputDescriptor[]} input_descriptors List of descriptions of the required inputs.
134
+ * @property {object} [frame] a JSON LD Framing Document object.
135
+ */
136
+ export type GetPresentationDefinitionSuccessResponse = PresentationDefinitionV2 & {
137
+ format?: Pick<Format, 'jwt_vc' | 'jwt_vc_json' | 'jwt_vp' | 'jwt_vp_json'>
138
+ }
139
+
140
+ /**
141
+ * @typedef GetAccessTokenArgs
142
+ * @type {object}
143
+ * @property {string} grant_type MUST be set to "vp_token"
144
+ * @property {string} vp_token Signed Verifiable Presentation. See also the VP Token schema definition.
145
+ * @property {PresentationSubmission} presentation_submission Descriptor for the vp_token, linked by presentation_definition. See also the Presentation Definition schema.
146
+ * @property {EBSIScope} scope Possible values: [openid didr_write, openid didr_invite, openid tir_write, openid tir_invite, openid timestamp_write, openid tnt_authorise, openid tnt_create, openid tnt_write] OIDC scope
147
+ * @property {ApiOpts} [apiOpts] The environment and the version of the API
148
+ */
149
+ export interface GetAccessTokenArgs {
150
+ grant_type?: string
151
+ vp_token: string
152
+ presentation_submission: PresentationSubmission
153
+ scope: EBSIScope
154
+ openIDMetadata?: EbsiOpenIDMetadata
155
+ apiOpts: ApiOpts
156
+ }
157
+
158
+ export type GetAccessTokenResult = {
159
+ identifier: IIdentifier
160
+ scope: EBSIScope
161
+ // vp: VerifiablePresentationWithDefinition
162
+ // definition: PresentationDefinitionWithLocation
163
+ accessTokenResponse: GetAccessTokenSuccessResponse
164
+ }
165
+ /**
166
+ * @typedef EBSIAuthAccessTokenGetArgs
167
+ * @type {object}
168
+ * @property {string} attestationCredential Verifiable Credential (Verifiable Authorisation to Onboard) JWT format
169
+ // * @property {ScopeByDefinition} definitionId The presentation definition id
170
+ * @property {string} [domain] The domain of the issuer
171
+ * @property {string} did The did of the VP issuer
172
+ * @property {string} kid kid in the format: did#kid
173
+ * @property {EBSIScope} scope Needed to retrieve the authentication request
174
+ * @property {ApiOpts} [apiOpts] The environment and the version of the API
175
+ */
176
+ export interface EBSIAuthAccessTokenGetArgs {
177
+ clientId: string
178
+ credentialIssuer?: string
179
+ attestationCredential?: W3CVerifiableCredential
180
+ allVerifiableCredentials?: W3CVerifiableCredential[]
181
+ redirectUri?: string
182
+ jwksUri: string
183
+ // definitionId: ScopeByDefinition
184
+ idOpts: IIdentifierOpts
185
+ scope: EBSIScope
186
+ environment: EbsiEnvironment
187
+ skipDidResolution?: boolean
188
+ }
189
+
190
+ /**
191
+ * @typedef GetAccessTokenSuccessResponse
192
+ * @type {object}
193
+ * @property {string} access_token ^(([A-Za-z0-9\-_])+\.)([A-Za-z0-9\-_]+)(\.([A-Za-z0-9\-_]+)?$ The access token issued by the authorization server in JWS format. See also the "Access Token" schema definition
194
+ * @property {TokenType} token_type Possible values: [Bearer]/MUST be Bearer
195
+ * @property {number} [expires_in] Possible values: >= 1. The lifetime in seconds of the access token
196
+ * @property {EBSIScope} scope Possible values: [openid didr_write, openid didr_invite, openid tir_invite, openid tir_write, openid timestamp_write, openid tnt_authorise, openid tnt_create, openid tnt_write] The scope of the access token
197
+ * @property {string} id_token ^(([A-Za-z0-9\-_])+\.)([A-Za-z0-9\-_]+)(\.([A-Za-z0-9\-_]+)?$ ID Token value associated with the authenticated session. Presents client's identity. ID Token is issued in a JWS format. See also the "ID Token" schema definition.
198
+ * @property {ApiOpts} apiOpts The environment and the version of the API
199
+ */
200
+ export interface GetAccessTokenSuccessResponse {
201
+ access_token: string
202
+ token_type: TokenType
203
+ expires_in?: number
204
+ scope: EBSIScope
205
+ id_token: string
206
+ apiOpts: ApiOpts
207
+ }
208
+
209
+ /**
210
+ * @typedef ExceptionResponse
211
+ * @type {object}
212
+ * @property {(URL | string)} [type] An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.
213
+ * @property {string} [title] A short summary of the problem type.
214
+ * @property {number} [status] Possible values: >= 400 and <= 600. The HTTP status code generated by the origin server for this occurrence of the problem.
215
+ * @property {string} [detail] A human readable explanation specific to this occurrence of the problem.
216
+ * @property {(URL | string)} [instance] An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.
217
+ */
218
+ export interface ExceptionResponse {
219
+ type?: URL | string
220
+ title?: string
221
+ status?: number
222
+ detail?: string
223
+ instance?: URL | string
224
+ }
225
+
226
+ export type AttestationResult = {
227
+ contactAlias: string
228
+ contact: Party
229
+ credentialBranding?: Record<string, Array<IBasicCredentialLocaleBranding>> | undefined
230
+ identifier: IIdentifier
231
+ error: ErrorDetails | undefined
232
+ credentials: Array<MappedCredentialToAccept>
233
+ }
234
+
235
+ export type GetOIDProviderMetadataResponse = EbsiOpenIDMetadata
236
+ export type GetOIDProviderJwksResponse = GetOIDProviderJwksSuccessResponse | ExceptionResponse
237
+ export type GetPresentationDefinitionResponse = GetPresentationDefinitionSuccessResponse
238
+ export type GetAccessTokenResponse = GetAccessTokenSuccessResponse | ExceptionResponse
239
+ export type IRequiredContext = IAgentContext<
240
+ IKeyManager & IDIDManager & IResolver & IDidAuthSiopOpAuthenticator & IPresentationExchange & IOID4VCIHolder & IEbsiSupport
241
+ >