@sphereon/ssi-sdk.ms-request-api 0.33.1-feature.jose.vcdm.61 → 0.33.1-feature.jose.vcdm.63

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +10 -51
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +10 -51
  4. package/dist/index.js.map +1 -1
  5. package/package.json +5 -5
  6. package/plugin.schema.json +11 -52
package/dist/index.cjs CHANGED
@@ -41,11 +41,7 @@ var require_plugin_schema = __commonJS({
41
41
  $ref: "#/components/schemas/CredentialSubject"
42
42
  }
43
43
  },
44
- required: [
45
- "authenticationInfo",
46
- "clientIssuanceConfig",
47
- "claims"
48
- ],
44
+ required: ["authenticationInfo", "clientIssuanceConfig", "claims"],
49
45
  additionalProperties: false
50
46
  },
51
47
  IMsAuthenticationClientCredentialArgs: {
@@ -85,23 +81,13 @@ var require_plugin_schema = __commonJS({
85
81
  $ref: "#/components/schemas/LogLevel"
86
82
  }
87
83
  },
88
- required: [
89
- "azClientId",
90
- "azTenantId",
91
- "azClientSecret"
92
- ],
84
+ required: ["azClientId", "azTenantId", "azClientSecret"],
93
85
  additionalProperties: false,
94
86
  description: "azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose"
95
87
  },
96
88
  LogLevel: {
97
89
  type: "number",
98
- enum: [
99
- 0,
100
- 1,
101
- 2,
102
- 3,
103
- 4
104
- ],
90
+ enum: [0, 1, 2, 3, 4],
105
91
  description: "Log message level."
106
92
  },
107
93
  IClientIssuanceConfig: {
@@ -123,13 +109,7 @@ var require_plugin_schema = __commonJS({
123
109
  $ref: "#/components/schemas/IClientIssuance"
124
110
  }
125
111
  },
126
- required: [
127
- "authority",
128
- "includeQRCode",
129
- "registration",
130
- "callback",
131
- "issuance"
132
- ],
112
+ required: ["authority", "includeQRCode", "registration", "callback", "issuance"],
133
113
  additionalProperties: false
134
114
  },
135
115
  Registration: {
@@ -139,9 +119,7 @@ var require_plugin_schema = __commonJS({
139
119
  type: "string"
140
120
  }
141
121
  },
142
- required: [
143
- "clientName"
144
- ],
122
+ required: ["clientName"],
145
123
  additionalProperties: false
146
124
  },
147
125
  Callback: {
@@ -157,11 +135,7 @@ var require_plugin_schema = __commonJS({
157
135
  $ref: "#/components/schemas/Headers"
158
136
  }
159
137
  },
160
- required: [
161
- "url",
162
- "state",
163
- "headers"
164
- ],
138
+ required: ["url", "state", "headers"],
165
139
  additionalProperties: false
166
140
  },
167
141
  Headers: {
@@ -171,9 +145,7 @@ var require_plugin_schema = __commonJS({
171
145
  type: "string"
172
146
  }
173
147
  },
174
- required: [
175
- "apiKey"
176
- ],
148
+ required: ["apiKey"],
177
149
  additionalProperties: false
178
150
  },
179
151
  IClientIssuance: {
@@ -189,11 +161,7 @@ var require_plugin_schema = __commonJS({
189
161
  $ref: "#/components/schemas/Pin"
190
162
  }
191
163
  },
192
- required: [
193
- "type",
194
- "manifest",
195
- "pin"
196
- ],
164
+ required: ["type", "manifest", "pin"],
197
165
  additionalProperties: false
198
166
  },
199
167
  Pin: {
@@ -206,10 +174,7 @@ var require_plugin_schema = __commonJS({
206
174
  type: "number"
207
175
  }
208
176
  },
209
- required: [
210
- "value",
211
- "length"
212
- ],
177
+ required: ["value", "length"],
213
178
  additionalProperties: false
214
179
  },
215
180
  CredentialSubject: {
@@ -235,13 +200,7 @@ var require_plugin_schema = __commonJS({
235
200
  type: "string"
236
201
  }
237
202
  },
238
- required: [
239
- "id",
240
- "requestId",
241
- "url",
242
- "expiry",
243
- "pin"
244
- ],
203
+ required: ["id", "requestId", "url", "expiry", "pin"],
245
204
  additionalProperties: false
246
205
  }
247
206
  },
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/MsRequestApi.ts","../src/IssuerUtil.ts"],"sourcesContent":["{\n \"IMsRequestApi\": {\n \"components\": {\n \"schemas\": {\n \"IClientIssueRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"authenticationInfo\": {\n \"$ref\": \"#/components/schemas/IMsAuthenticationClientCredentialArgs\"\n },\n \"clientIssuanceConfig\": {\n \"$ref\": \"#/components/schemas/IClientIssuanceConfig\"\n },\n \"claims\": {\n \"$ref\": \"#/components/schemas/CredentialSubject\"\n }\n },\n \"required\": [\n \"authenticationInfo\",\n \"clientIssuanceConfig\",\n \"claims\"\n ],\n \"additionalProperties\": false\n },\n \"IMsAuthenticationClientCredentialArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"azClientId\": {\n \"type\": \"string\"\n },\n \"azTenantId\": {\n \"type\": \"string\"\n },\n \"azClientSecret\": {\n \"type\": \"string\"\n },\n \"credentialManifestUrl\": {\n \"type\": \"string\"\n },\n \"authority\": {\n \"type\": \"string\"\n },\n \"region\": {\n \"type\": \"string\"\n },\n \"scopes\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"skipCache\": {\n \"type\": \"boolean\"\n },\n \"piiLoggingEnabled\": {\n \"type\": \"boolean\"\n },\n \"logLevel\": {\n \"$ref\": \"#/components/schemas/LogLevel\"\n }\n },\n \"required\": [\n \"azClientId\",\n \"azTenantId\",\n \"azClientSecret\"\n ],\n \"additionalProperties\": false,\n \"description\": \"azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose\"\n },\n \"LogLevel\": {\n \"type\": \"number\",\n \"enum\": [\n 0,\n 1,\n 2,\n 3,\n 4\n ],\n \"description\": \"Log message level.\"\n },\n \"IClientIssuanceConfig\": {\n \"type\": \"object\",\n \"properties\": {\n \"authority\": {\n \"type\": \"string\"\n },\n \"includeQRCode\": {\n \"type\": \"boolean\"\n },\n \"registration\": {\n \"$ref\": \"#/components/schemas/Registration\"\n },\n \"callback\": {\n \"$ref\": \"#/components/schemas/Callback\"\n },\n \"issuance\": {\n \"$ref\": \"#/components/schemas/IClientIssuance\"\n }\n },\n \"required\": [\n \"authority\",\n \"includeQRCode\",\n \"registration\",\n \"callback\",\n \"issuance\"\n ],\n \"additionalProperties\": false\n },\n \"Registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"clientName\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"clientName\"\n ],\n \"additionalProperties\": false\n },\n \"Callback\": {\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"type\": \"string\"\n },\n \"state\": {\n \"type\": \"string\"\n },\n \"headers\": {\n \"$ref\": \"#/components/schemas/Headers\"\n }\n },\n \"required\": [\n \"url\",\n \"state\",\n \"headers\"\n ],\n \"additionalProperties\": false\n },\n \"Headers\": {\n \"type\": \"object\",\n \"properties\": {\n \"apiKey\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"apiKey\"\n ],\n \"additionalProperties\": false\n },\n \"IClientIssuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"manifest\": {\n \"type\": \"string\"\n },\n \"pin\": {\n \"$ref\": \"#/components/schemas/Pin\"\n }\n },\n \"required\": [\n \"type\",\n \"manifest\",\n \"pin\"\n ],\n \"additionalProperties\": false\n },\n \"Pin\": {\n \"type\": \"object\",\n \"properties\": {\n \"value\": {\n \"type\": \"string\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"value\",\n \"length\"\n ],\n \"additionalProperties\": false\n },\n \"CredentialSubject\": {\n \"type\": \"object\"\n },\n \"IIssueRequestResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"requestId\": {\n \"type\": \"string\"\n },\n \"url\": {\n \"type\": \"string\"\n },\n \"expiry\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"pin\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"id\",\n \"requestId\",\n \"url\",\n \"expiry\",\n \"pin\"\n ],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"issuanceRequestMsVc\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IClientIssueRequest\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IIssueRequestResponse\"\n }\n }\n }\n }\n }\n}","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { MsRequestApi } from './agent/MsRequestApi'\nexport * from './types/IMsRequestApi'\nexport * from './IssuerUtil'\n","import {\n assertEntraCredentialManifestUrlInCorrectRegion,\n IMSClientCredentialAuthInfo,\n determineMSAuthId,\n getMSClientCredentialAccessToken,\n newMSClientCredentialAuthenticator,\n} from '@sphereon/ssi-sdk.ms-authenticator'\nimport { IAgentPlugin } from '@veramo/core'\nimport { fetchIssuanceRequestMs, generatePin } from '../IssuerUtil'\nimport {\n IClientIssueRequest,\n IIssueRequest,\n IIssueRequestResponse,\n IMsRequestApi,\n IRequiredContext,\n Issuance,\n IssuanceConfig,\n} from '../types/IMsRequestApi'\n\n/**\n * {@inheritDoc IMsRequestApi}\n */\nexport class MsRequestApi implements IAgentPlugin {\n private clients: Map<string, IMSClientCredentialAuthInfo> = new Map<string, IMSClientCredentialAuthInfo>()\n\n readonly methods: IMsRequestApi = {\n issuanceRequestMsVc: this.issuanceRequestMsVc.bind(this),\n }\n\n /** {@inheritDoc IMsRequestApi.issuanceRequestMsVc} */\n private async issuanceRequestMsVc(clientIssueRequest: IClientIssueRequest, context: IRequiredContext): Promise<IIssueRequestResponse> {\n const id = determineMSAuthId(clientIssueRequest.authenticationInfo)\n if (!this.clients.has(id)) {\n this.clients.set(id, await newMSClientCredentialAuthenticator(clientIssueRequest.authenticationInfo))\n }\n const clientInfo = this.clients.get(id)\n if (!clientInfo) {\n throw Error(`Could not get client from arguments for id: ${id}`)\n }\n const authResult = await getMSClientCredentialAccessToken(clientIssueRequest.authenticationInfo, {\n confidentialClient: clientInfo.confidentialClient,\n })\n const accessToken = authResult.accessToken\n\n const msIdentityHostName = await assertEntraCredentialManifestUrlInCorrectRegion(clientIssueRequest.authenticationInfo)\n\n // Config Request and App Config File should be a parameter to this function\n if (!clientIssueRequest.authenticationInfo.azTenantId) {\n throw new Error('azTenantId is missing.')\n }\n\n // check if pin is required, if found make sure we set a new random pin\n // pincode is only used when the payload contains claim value pairs which results in an IDTokenhint\n if (clientIssueRequest.clientIssuanceConfig.issuance.pin) {\n clientIssueRequest.clientIssuanceConfig.issuance.pin.value = generatePin(clientIssueRequest.clientIssuanceConfig.issuance.pin.length)\n }\n\n const issuance: Issuance = {\n type: clientIssueRequest.clientIssuanceConfig.issuance.type,\n manifest: clientIssueRequest.clientIssuanceConfig.issuance.manifest,\n pin: clientIssueRequest.clientIssuanceConfig.issuance.pin,\n claims: clientIssueRequest.claims,\n }\n\n const issuanceConfig: IssuanceConfig = {\n authority: clientIssueRequest.clientIssuanceConfig.authority,\n includeQRCode: clientIssueRequest.clientIssuanceConfig.includeQRCode,\n registration: clientIssueRequest.clientIssuanceConfig.registration,\n callback: clientIssueRequest.clientIssuanceConfig.callback,\n issuance: issuance,\n }\n const issueRequest: IIssueRequest = {\n authenticationInfo: clientIssueRequest.authenticationInfo,\n issuanceConfig: issuanceConfig,\n }\n\n const resp = await fetchIssuanceRequestMs(issueRequest, accessToken, msIdentityHostName)\n\n // the response from the VC Request API call is returned to the caller (the UI). It contains the URI to the request which Authenticator can download after\n // it has scanned the QR code. If the payload requested the VC Request service to create the QR code that is returned as well\n // the javascript in the UI will use that QR code to display it on the screen to the user.\n resp.id = issueRequest.issuanceConfig.callback.state // add session id so browser can pull status\n if (issueRequest.issuanceConfig.issuance.pin) {\n resp.pin = issueRequest.issuanceConfig.issuance.pin.value // add pin code so browser can display it\n }\n return resp\n }\n}\n","import { IIssueRequest, IIssueRequestResponse } from './types/IMsRequestApi'\n\nimport { fetch } from 'cross-fetch'\nexport async function fetchIssuanceRequestMs(\n issuanceInfo: IIssueRequest,\n accessToken: string,\n msIdentityHostName: string,\n): Promise<IIssueRequestResponse> {\n const requestEndpoint = `${msIdentityHostName}${issuanceInfo.authenticationInfo.azTenantId}/verifiablecredentials/request`\n\n const payload = JSON.stringify(issuanceInfo.issuanceConfig)\n const fetchOptions = {\n method: 'POST',\n body: payload,\n headers: {\n 'Content-Type': 'application/json',\n 'Content-Length': payload.length.toString(),\n Authorization: `Bearer ${accessToken}`,\n },\n }\n const response = await fetch(requestEndpoint, fetchOptions)\n return await response.json()\n}\n\nexport function generatePin(digits: number) {\n const add = 1\n let max = 12 - add\n max = Math.pow(10, digits + add)\n const min = max / 10 // Math.pow(10, n) basically\n const number = Math.floor(Math.random() * (max - min + 1)) + min\n return ('' + number).substring(add)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,eAAiB;AAAA,QACf,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,oBAAsB;AAAA,kBACpB,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,kBACtB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,uCAAyC;AAAA,cACvC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,gBACV;AAAA,gBACA,uBAAyB;AAAA,kBACvB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,YACV;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,QAAU;AAAA,gBACZ;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC1OA;;;;;;;;;;ACAA,qBAMO;;;ACJP,yBAAsB;AACtB,eAAsBC,uBACpBC,cACAC,aACAC,oBAA0B;AAE1B,QAAMC,kBAAkB,GAAGD,kBAAAA,GAAqBF,aAAaI,mBAAmBC,UAAU;AAE1F,QAAMC,UAAUC,KAAKC,UAAUR,aAAaS,cAAc;AAC1D,QAAMC,eAAe;IACnBC,QAAQ;IACRC,MAAMN;IACNO,SAAS;MACP,gBAAgB;MAChB,kBAAkBP,QAAQQ,OAAOC,SAAQ;MACzCC,eAAe,UAAUf,WAAAA;IAC3B;EACF;AACA,QAAMgB,WAAW,UAAMC,0BAAMf,iBAAiBO,YAAAA;AAC9C,SAAO,MAAMO,SAASE,KAAI;AAC5B;AAnBsBpB;AAqBf,SAASqB,YAAYC,QAAc;AACxC,QAAMC,MAAM;AACZ,MAAIC,MAAM,KAAKD;AACfC,QAAMC,KAAKC,IAAI,IAAIJ,SAASC,GAAAA;AAC5B,QAAMI,MAAMH,MAAM;AAClB,QAAMI,SAASH,KAAKI,MAAMJ,KAAKK,OAAM,KAAMN,MAAMG,MAAM,EAAA,IAAMA;AAC7D,UAAQ,KAAKC,QAAQG,UAAUR,GAAAA;AACjC;AAPgBF;;;ADFT,IAAMW,eAAN,MAAMA;EAtBb,OAsBaA;;;EACHC,UAAoD,oBAAIC,IAAAA;EAEvDC,UAAyB;IAChCC,qBAAqB,KAAKA,oBAAoBC,KAAK,IAAI;EACzD;;EAGA,MAAcD,oBAAoBE,oBAAyCC,SAA2D;AACpI,UAAMC,SAAKC,kCAAkBH,mBAAmBI,kBAAkB;AAClE,QAAI,CAAC,KAAKT,QAAQU,IAAIH,EAAAA,GAAK;AACzB,WAAKP,QAAQW,IAAIJ,IAAI,UAAMK,mDAAmCP,mBAAmBI,kBAAkB,CAAA;IACrG;AACA,UAAMI,aAAa,KAAKb,QAAQc,IAAIP,EAAAA;AACpC,QAAI,CAACM,YAAY;AACf,YAAME,MAAM,+CAA+CR,EAAAA,EAAI;IACjE;AACA,UAAMS,aAAa,UAAMC,iDAAiCZ,mBAAmBI,oBAAoB;MAC/FS,oBAAoBL,WAAWK;IACjC,CAAA;AACA,UAAMC,cAAcH,WAAWG;AAE/B,UAAMC,qBAAqB,UAAMC,gEAAgDhB,mBAAmBI,kBAAkB;AAGtH,QAAI,CAACJ,mBAAmBI,mBAAmBa,YAAY;AACrD,YAAM,IAAIP,MAAM,wBAAA;IAClB;AAIA,QAAIV,mBAAmBkB,qBAAqBC,SAASC,KAAK;AACxDpB,yBAAmBkB,qBAAqBC,SAASC,IAAIC,QAAQC,YAAYtB,mBAAmBkB,qBAAqBC,SAASC,IAAIG,MAAM;IACtI;AAEA,UAAMJ,WAAqB;MACzBK,MAAMxB,mBAAmBkB,qBAAqBC,SAASK;MACvDC,UAAUzB,mBAAmBkB,qBAAqBC,SAASM;MAC3DL,KAAKpB,mBAAmBkB,qBAAqBC,SAASC;MACtDM,QAAQ1B,mBAAmB0B;IAC7B;AAEA,UAAMC,iBAAiC;MACrCC,WAAW5B,mBAAmBkB,qBAAqBU;MACnDC,eAAe7B,mBAAmBkB,qBAAqBW;MACvDC,cAAc9B,mBAAmBkB,qBAAqBY;MACtDC,UAAU/B,mBAAmBkB,qBAAqBa;MAClDZ;IACF;AACA,UAAMa,eAA8B;MAClC5B,oBAAoBJ,mBAAmBI;MACvCuB;IACF;AAEA,UAAMM,OAAO,MAAMC,uBAAuBF,cAAclB,aAAaC,kBAAAA;AAKrEkB,SAAK/B,KAAK8B,aAAaL,eAAeI,SAASI;AAC/C,QAAIH,aAAaL,eAAeR,SAASC,KAAK;AAC5Ca,WAAKb,MAAMY,aAAaL,eAAeR,SAASC,IAAIC;IACtD;AACA,WAAOY;EACT;AACF;;;ADpFA,IAAMG,SAASC;","names":["module","fetchIssuanceRequestMs","issuanceInfo","accessToken","msIdentityHostName","requestEndpoint","authenticationInfo","azTenantId","payload","JSON","stringify","issuanceConfig","fetchOptions","method","body","headers","length","toString","Authorization","response","fetch","json","generatePin","digits","add","max","Math","pow","min","number","floor","random","substring","MsRequestApi","clients","Map","methods","issuanceRequestMsVc","bind","clientIssueRequest","context","id","determineMSAuthId","authenticationInfo","has","set","newMSClientCredentialAuthenticator","clientInfo","get","Error","authResult","getMSClientCredentialAccessToken","confidentialClient","accessToken","msIdentityHostName","assertEntraCredentialManifestUrlInCorrectRegion","azTenantId","clientIssuanceConfig","issuance","pin","value","generatePin","length","type","manifest","claims","issuanceConfig","authority","includeQRCode","registration","callback","issueRequest","resp","fetchIssuanceRequestMs","state","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/MsRequestApi.ts","../src/IssuerUtil.ts"],"sourcesContent":["{\n \"IMsRequestApi\": {\n \"components\": {\n \"schemas\": {\n \"IClientIssueRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"authenticationInfo\": {\n \"$ref\": \"#/components/schemas/IMsAuthenticationClientCredentialArgs\"\n },\n \"clientIssuanceConfig\": {\n \"$ref\": \"#/components/schemas/IClientIssuanceConfig\"\n },\n \"claims\": {\n \"$ref\": \"#/components/schemas/CredentialSubject\"\n }\n },\n \"required\": [\"authenticationInfo\", \"clientIssuanceConfig\", \"claims\"],\n \"additionalProperties\": false\n },\n \"IMsAuthenticationClientCredentialArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"azClientId\": {\n \"type\": \"string\"\n },\n \"azTenantId\": {\n \"type\": \"string\"\n },\n \"azClientSecret\": {\n \"type\": \"string\"\n },\n \"credentialManifestUrl\": {\n \"type\": \"string\"\n },\n \"authority\": {\n \"type\": \"string\"\n },\n \"region\": {\n \"type\": \"string\"\n },\n \"scopes\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"skipCache\": {\n \"type\": \"boolean\"\n },\n \"piiLoggingEnabled\": {\n \"type\": \"boolean\"\n },\n \"logLevel\": {\n \"$ref\": \"#/components/schemas/LogLevel\"\n }\n },\n \"required\": [\"azClientId\", \"azTenantId\", \"azClientSecret\"],\n \"additionalProperties\": false,\n \"description\": \"azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose\"\n },\n \"LogLevel\": {\n \"type\": \"number\",\n \"enum\": [0, 1, 2, 3, 4],\n \"description\": \"Log message level.\"\n },\n \"IClientIssuanceConfig\": {\n \"type\": \"object\",\n \"properties\": {\n \"authority\": {\n \"type\": \"string\"\n },\n \"includeQRCode\": {\n \"type\": \"boolean\"\n },\n \"registration\": {\n \"$ref\": \"#/components/schemas/Registration\"\n },\n \"callback\": {\n \"$ref\": \"#/components/schemas/Callback\"\n },\n \"issuance\": {\n \"$ref\": \"#/components/schemas/IClientIssuance\"\n }\n },\n \"required\": [\"authority\", \"includeQRCode\", \"registration\", \"callback\", \"issuance\"],\n \"additionalProperties\": false\n },\n \"Registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"clientName\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"clientName\"],\n \"additionalProperties\": false\n },\n \"Callback\": {\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"type\": \"string\"\n },\n \"state\": {\n \"type\": \"string\"\n },\n \"headers\": {\n \"$ref\": \"#/components/schemas/Headers\"\n }\n },\n \"required\": [\"url\", \"state\", \"headers\"],\n \"additionalProperties\": false\n },\n \"Headers\": {\n \"type\": \"object\",\n \"properties\": {\n \"apiKey\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"apiKey\"],\n \"additionalProperties\": false\n },\n \"IClientIssuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"manifest\": {\n \"type\": \"string\"\n },\n \"pin\": {\n \"$ref\": \"#/components/schemas/Pin\"\n }\n },\n \"required\": [\"type\", \"manifest\", \"pin\"],\n \"additionalProperties\": false\n },\n \"Pin\": {\n \"type\": \"object\",\n \"properties\": {\n \"value\": {\n \"type\": \"string\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"value\", \"length\"],\n \"additionalProperties\": false\n },\n \"CredentialSubject\": {\n \"type\": \"object\"\n },\n \"IIssueRequestResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"requestId\": {\n \"type\": \"string\"\n },\n \"url\": {\n \"type\": \"string\"\n },\n \"expiry\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"pin\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"id\", \"requestId\", \"url\", \"expiry\", \"pin\"],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"issuanceRequestMsVc\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IClientIssueRequest\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IIssueRequestResponse\"\n }\n }\n }\n }\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { MsRequestApi } from './agent/MsRequestApi'\nexport * from './types/IMsRequestApi'\nexport * from './IssuerUtil'\n","import {\n assertEntraCredentialManifestUrlInCorrectRegion,\n IMSClientCredentialAuthInfo,\n determineMSAuthId,\n getMSClientCredentialAccessToken,\n newMSClientCredentialAuthenticator,\n} from '@sphereon/ssi-sdk.ms-authenticator'\nimport { IAgentPlugin } from '@veramo/core'\nimport { fetchIssuanceRequestMs, generatePin } from '../IssuerUtil'\nimport {\n IClientIssueRequest,\n IIssueRequest,\n IIssueRequestResponse,\n IMsRequestApi,\n IRequiredContext,\n Issuance,\n IssuanceConfig,\n} from '../types/IMsRequestApi'\n\n/**\n * {@inheritDoc IMsRequestApi}\n */\nexport class MsRequestApi implements IAgentPlugin {\n private clients: Map<string, IMSClientCredentialAuthInfo> = new Map<string, IMSClientCredentialAuthInfo>()\n\n readonly methods: IMsRequestApi = {\n issuanceRequestMsVc: this.issuanceRequestMsVc.bind(this),\n }\n\n /** {@inheritDoc IMsRequestApi.issuanceRequestMsVc} */\n private async issuanceRequestMsVc(clientIssueRequest: IClientIssueRequest, context: IRequiredContext): Promise<IIssueRequestResponse> {\n const id = determineMSAuthId(clientIssueRequest.authenticationInfo)\n if (!this.clients.has(id)) {\n this.clients.set(id, await newMSClientCredentialAuthenticator(clientIssueRequest.authenticationInfo))\n }\n const clientInfo = this.clients.get(id)\n if (!clientInfo) {\n throw Error(`Could not get client from arguments for id: ${id}`)\n }\n const authResult = await getMSClientCredentialAccessToken(clientIssueRequest.authenticationInfo, {\n confidentialClient: clientInfo.confidentialClient,\n })\n const accessToken = authResult.accessToken\n\n const msIdentityHostName = await assertEntraCredentialManifestUrlInCorrectRegion(clientIssueRequest.authenticationInfo)\n\n // Config Request and App Config File should be a parameter to this function\n if (!clientIssueRequest.authenticationInfo.azTenantId) {\n throw new Error('azTenantId is missing.')\n }\n\n // check if pin is required, if found make sure we set a new random pin\n // pincode is only used when the payload contains claim value pairs which results in an IDTokenhint\n if (clientIssueRequest.clientIssuanceConfig.issuance.pin) {\n clientIssueRequest.clientIssuanceConfig.issuance.pin.value = generatePin(clientIssueRequest.clientIssuanceConfig.issuance.pin.length)\n }\n\n const issuance: Issuance = {\n type: clientIssueRequest.clientIssuanceConfig.issuance.type,\n manifest: clientIssueRequest.clientIssuanceConfig.issuance.manifest,\n pin: clientIssueRequest.clientIssuanceConfig.issuance.pin,\n claims: clientIssueRequest.claims,\n }\n\n const issuanceConfig: IssuanceConfig = {\n authority: clientIssueRequest.clientIssuanceConfig.authority,\n includeQRCode: clientIssueRequest.clientIssuanceConfig.includeQRCode,\n registration: clientIssueRequest.clientIssuanceConfig.registration,\n callback: clientIssueRequest.clientIssuanceConfig.callback,\n issuance: issuance,\n }\n const issueRequest: IIssueRequest = {\n authenticationInfo: clientIssueRequest.authenticationInfo,\n issuanceConfig: issuanceConfig,\n }\n\n const resp = await fetchIssuanceRequestMs(issueRequest, accessToken, msIdentityHostName)\n\n // the response from the VC Request API call is returned to the caller (the UI). It contains the URI to the request which Authenticator can download after\n // it has scanned the QR code. If the payload requested the VC Request service to create the QR code that is returned as well\n // the javascript in the UI will use that QR code to display it on the screen to the user.\n resp.id = issueRequest.issuanceConfig.callback.state // add session id so browser can pull status\n if (issueRequest.issuanceConfig.issuance.pin) {\n resp.pin = issueRequest.issuanceConfig.issuance.pin.value // add pin code so browser can display it\n }\n return resp\n }\n}\n","import { IIssueRequest, IIssueRequestResponse } from './types/IMsRequestApi'\n\nimport { fetch } from 'cross-fetch'\nexport async function fetchIssuanceRequestMs(\n issuanceInfo: IIssueRequest,\n accessToken: string,\n msIdentityHostName: string,\n): Promise<IIssueRequestResponse> {\n const requestEndpoint = `${msIdentityHostName}${issuanceInfo.authenticationInfo.azTenantId}/verifiablecredentials/request`\n\n const payload = JSON.stringify(issuanceInfo.issuanceConfig)\n const fetchOptions = {\n method: 'POST',\n body: payload,\n headers: {\n 'Content-Type': 'application/json',\n 'Content-Length': payload.length.toString(),\n Authorization: `Bearer ${accessToken}`,\n },\n }\n const response = await fetch(requestEndpoint, fetchOptions)\n return await response.json()\n}\n\nexport function generatePin(digits: number) {\n const add = 1\n let max = 12 - add\n max = Math.pow(10, digits + add)\n const min = max / 10 // Math.pow(10, n) basically\n const number = Math.floor(Math.random() * (max - min + 1)) + min\n return ('' + number).substring(add)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,eAAiB;AAAA,QACf,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,oBAAsB;AAAA,kBACpB,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,kBACtB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,sBAAsB,wBAAwB,QAAQ;AAAA,cACnE,sBAAwB;AAAA,YAC1B;AAAA,YACA,uCAAyC;AAAA,cACvC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,gBACV;AAAA,gBACA,uBAAyB;AAAA,kBACvB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,cAAc,cAAc,gBAAgB;AAAA,cACzD,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;AAAA,cACtB,aAAe;AAAA,YACjB;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,aAAa,iBAAiB,gBAAgB,YAAY,UAAU;AAAA,cACjF,sBAAwB;AAAA,YAC1B;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,sBAAwB;AAAA,YAC1B;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,SAAS,SAAS;AAAA,cACtC,sBAAwB;AAAA,YAC1B;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,sBAAwB;AAAA,YAC1B;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,YAAY,KAAK;AAAA,cACtC,sBAAwB;AAAA,YAC1B;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,SAAS,QAAQ;AAAA,cAC9B,sBAAwB;AAAA,YAC1B;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,YACV;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,QAAU;AAAA,gBACZ;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,aAAa,OAAO,UAAU,KAAK;AAAA,cACtD,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACjMA;;;;;;;;;;ACAA,qBAMO;;;ACJP,yBAAsB;AACtB,eAAsBC,uBACpBC,cACAC,aACAC,oBAA0B;AAE1B,QAAMC,kBAAkB,GAAGD,kBAAAA,GAAqBF,aAAaI,mBAAmBC,UAAU;AAE1F,QAAMC,UAAUC,KAAKC,UAAUR,aAAaS,cAAc;AAC1D,QAAMC,eAAe;IACnBC,QAAQ;IACRC,MAAMN;IACNO,SAAS;MACP,gBAAgB;MAChB,kBAAkBP,QAAQQ,OAAOC,SAAQ;MACzCC,eAAe,UAAUf,WAAAA;IAC3B;EACF;AACA,QAAMgB,WAAW,UAAMC,0BAAMf,iBAAiBO,YAAAA;AAC9C,SAAO,MAAMO,SAASE,KAAI;AAC5B;AAnBsBpB;AAqBf,SAASqB,YAAYC,QAAc;AACxC,QAAMC,MAAM;AACZ,MAAIC,MAAM,KAAKD;AACfC,QAAMC,KAAKC,IAAI,IAAIJ,SAASC,GAAAA;AAC5B,QAAMI,MAAMH,MAAM;AAClB,QAAMI,SAASH,KAAKI,MAAMJ,KAAKK,OAAM,KAAMN,MAAMG,MAAM,EAAA,IAAMA;AAC7D,UAAQ,KAAKC,QAAQG,UAAUR,GAAAA;AACjC;AAPgBF;;;ADFT,IAAMW,eAAN,MAAMA;EAtBb,OAsBaA;;;EACHC,UAAoD,oBAAIC,IAAAA;EAEvDC,UAAyB;IAChCC,qBAAqB,KAAKA,oBAAoBC,KAAK,IAAI;EACzD;;EAGA,MAAcD,oBAAoBE,oBAAyCC,SAA2D;AACpI,UAAMC,SAAKC,kCAAkBH,mBAAmBI,kBAAkB;AAClE,QAAI,CAAC,KAAKT,QAAQU,IAAIH,EAAAA,GAAK;AACzB,WAAKP,QAAQW,IAAIJ,IAAI,UAAMK,mDAAmCP,mBAAmBI,kBAAkB,CAAA;IACrG;AACA,UAAMI,aAAa,KAAKb,QAAQc,IAAIP,EAAAA;AACpC,QAAI,CAACM,YAAY;AACf,YAAME,MAAM,+CAA+CR,EAAAA,EAAI;IACjE;AACA,UAAMS,aAAa,UAAMC,iDAAiCZ,mBAAmBI,oBAAoB;MAC/FS,oBAAoBL,WAAWK;IACjC,CAAA;AACA,UAAMC,cAAcH,WAAWG;AAE/B,UAAMC,qBAAqB,UAAMC,gEAAgDhB,mBAAmBI,kBAAkB;AAGtH,QAAI,CAACJ,mBAAmBI,mBAAmBa,YAAY;AACrD,YAAM,IAAIP,MAAM,wBAAA;IAClB;AAIA,QAAIV,mBAAmBkB,qBAAqBC,SAASC,KAAK;AACxDpB,yBAAmBkB,qBAAqBC,SAASC,IAAIC,QAAQC,YAAYtB,mBAAmBkB,qBAAqBC,SAASC,IAAIG,MAAM;IACtI;AAEA,UAAMJ,WAAqB;MACzBK,MAAMxB,mBAAmBkB,qBAAqBC,SAASK;MACvDC,UAAUzB,mBAAmBkB,qBAAqBC,SAASM;MAC3DL,KAAKpB,mBAAmBkB,qBAAqBC,SAASC;MACtDM,QAAQ1B,mBAAmB0B;IAC7B;AAEA,UAAMC,iBAAiC;MACrCC,WAAW5B,mBAAmBkB,qBAAqBU;MACnDC,eAAe7B,mBAAmBkB,qBAAqBW;MACvDC,cAAc9B,mBAAmBkB,qBAAqBY;MACtDC,UAAU/B,mBAAmBkB,qBAAqBa;MAClDZ;IACF;AACA,UAAMa,eAA8B;MAClC5B,oBAAoBJ,mBAAmBI;MACvCuB;IACF;AAEA,UAAMM,OAAO,MAAMC,uBAAuBF,cAAclB,aAAaC,kBAAAA;AAKrEkB,SAAK/B,KAAK8B,aAAaL,eAAeI,SAASI;AAC/C,QAAIH,aAAaL,eAAeR,SAASC,KAAK;AAC5Ca,WAAKb,MAAMY,aAAaL,eAAeR,SAASC,IAAIC;IACtD;AACA,WAAOY;EACT;AACF;;;ADpFA,IAAMG,SAASC;","names":["module","fetchIssuanceRequestMs","issuanceInfo","accessToken","msIdentityHostName","requestEndpoint","authenticationInfo","azTenantId","payload","JSON","stringify","issuanceConfig","fetchOptions","method","body","headers","length","toString","Authorization","response","fetch","json","generatePin","digits","add","max","Math","pow","min","number","floor","random","substring","MsRequestApi","clients","Map","methods","issuanceRequestMsVc","bind","clientIssueRequest","context","id","determineMSAuthId","authenticationInfo","has","set","newMSClientCredentialAuthenticator","clientInfo","get","Error","authResult","getMSClientCredentialAccessToken","confidentialClient","accessToken","msIdentityHostName","assertEntraCredentialManifestUrlInCorrectRegion","azTenantId","clientIssuanceConfig","issuance","pin","value","generatePin","length","type","manifest","claims","issuanceConfig","authority","includeQRCode","registration","callback","issueRequest","resp","fetchIssuanceRequestMs","state","schema","require"]}
package/dist/index.js CHANGED
@@ -25,11 +25,7 @@ var require_plugin_schema = __commonJS({
25
25
  $ref: "#/components/schemas/CredentialSubject"
26
26
  }
27
27
  },
28
- required: [
29
- "authenticationInfo",
30
- "clientIssuanceConfig",
31
- "claims"
32
- ],
28
+ required: ["authenticationInfo", "clientIssuanceConfig", "claims"],
33
29
  additionalProperties: false
34
30
  },
35
31
  IMsAuthenticationClientCredentialArgs: {
@@ -69,23 +65,13 @@ var require_plugin_schema = __commonJS({
69
65
  $ref: "#/components/schemas/LogLevel"
70
66
  }
71
67
  },
72
- required: [
73
- "azClientId",
74
- "azTenantId",
75
- "azClientSecret"
76
- ],
68
+ required: ["azClientId", "azTenantId", "azClientSecret"],
77
69
  additionalProperties: false,
78
70
  description: "azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose"
79
71
  },
80
72
  LogLevel: {
81
73
  type: "number",
82
- enum: [
83
- 0,
84
- 1,
85
- 2,
86
- 3,
87
- 4
88
- ],
74
+ enum: [0, 1, 2, 3, 4],
89
75
  description: "Log message level."
90
76
  },
91
77
  IClientIssuanceConfig: {
@@ -107,13 +93,7 @@ var require_plugin_schema = __commonJS({
107
93
  $ref: "#/components/schemas/IClientIssuance"
108
94
  }
109
95
  },
110
- required: [
111
- "authority",
112
- "includeQRCode",
113
- "registration",
114
- "callback",
115
- "issuance"
116
- ],
96
+ required: ["authority", "includeQRCode", "registration", "callback", "issuance"],
117
97
  additionalProperties: false
118
98
  },
119
99
  Registration: {
@@ -123,9 +103,7 @@ var require_plugin_schema = __commonJS({
123
103
  type: "string"
124
104
  }
125
105
  },
126
- required: [
127
- "clientName"
128
- ],
106
+ required: ["clientName"],
129
107
  additionalProperties: false
130
108
  },
131
109
  Callback: {
@@ -141,11 +119,7 @@ var require_plugin_schema = __commonJS({
141
119
  $ref: "#/components/schemas/Headers"
142
120
  }
143
121
  },
144
- required: [
145
- "url",
146
- "state",
147
- "headers"
148
- ],
122
+ required: ["url", "state", "headers"],
149
123
  additionalProperties: false
150
124
  },
151
125
  Headers: {
@@ -155,9 +129,7 @@ var require_plugin_schema = __commonJS({
155
129
  type: "string"
156
130
  }
157
131
  },
158
- required: [
159
- "apiKey"
160
- ],
132
+ required: ["apiKey"],
161
133
  additionalProperties: false
162
134
  },
163
135
  IClientIssuance: {
@@ -173,11 +145,7 @@ var require_plugin_schema = __commonJS({
173
145
  $ref: "#/components/schemas/Pin"
174
146
  }
175
147
  },
176
- required: [
177
- "type",
178
- "manifest",
179
- "pin"
180
- ],
148
+ required: ["type", "manifest", "pin"],
181
149
  additionalProperties: false
182
150
  },
183
151
  Pin: {
@@ -190,10 +158,7 @@ var require_plugin_schema = __commonJS({
190
158
  type: "number"
191
159
  }
192
160
  },
193
- required: [
194
- "value",
195
- "length"
196
- ],
161
+ required: ["value", "length"],
197
162
  additionalProperties: false
198
163
  },
199
164
  CredentialSubject: {
@@ -219,13 +184,7 @@ var require_plugin_schema = __commonJS({
219
184
  type: "string"
220
185
  }
221
186
  },
222
- required: [
223
- "id",
224
- "requestId",
225
- "url",
226
- "expiry",
227
- "pin"
228
- ],
187
+ required: ["id", "requestId", "url", "expiry", "pin"],
229
188
  additionalProperties: false
230
189
  }
231
190
  },
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/agent/MsRequestApi.ts","../src/IssuerUtil.ts","../src/index.ts"],"sourcesContent":["{\n \"IMsRequestApi\": {\n \"components\": {\n \"schemas\": {\n \"IClientIssueRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"authenticationInfo\": {\n \"$ref\": \"#/components/schemas/IMsAuthenticationClientCredentialArgs\"\n },\n \"clientIssuanceConfig\": {\n \"$ref\": \"#/components/schemas/IClientIssuanceConfig\"\n },\n \"claims\": {\n \"$ref\": \"#/components/schemas/CredentialSubject\"\n }\n },\n \"required\": [\n \"authenticationInfo\",\n \"clientIssuanceConfig\",\n \"claims\"\n ],\n \"additionalProperties\": false\n },\n \"IMsAuthenticationClientCredentialArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"azClientId\": {\n \"type\": \"string\"\n },\n \"azTenantId\": {\n \"type\": \"string\"\n },\n \"azClientSecret\": {\n \"type\": \"string\"\n },\n \"credentialManifestUrl\": {\n \"type\": \"string\"\n },\n \"authority\": {\n \"type\": \"string\"\n },\n \"region\": {\n \"type\": \"string\"\n },\n \"scopes\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"skipCache\": {\n \"type\": \"boolean\"\n },\n \"piiLoggingEnabled\": {\n \"type\": \"boolean\"\n },\n \"logLevel\": {\n \"$ref\": \"#/components/schemas/LogLevel\"\n }\n },\n \"required\": [\n \"azClientId\",\n \"azTenantId\",\n \"azClientSecret\"\n ],\n \"additionalProperties\": false,\n \"description\": \"azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose\"\n },\n \"LogLevel\": {\n \"type\": \"number\",\n \"enum\": [\n 0,\n 1,\n 2,\n 3,\n 4\n ],\n \"description\": \"Log message level.\"\n },\n \"IClientIssuanceConfig\": {\n \"type\": \"object\",\n \"properties\": {\n \"authority\": {\n \"type\": \"string\"\n },\n \"includeQRCode\": {\n \"type\": \"boolean\"\n },\n \"registration\": {\n \"$ref\": \"#/components/schemas/Registration\"\n },\n \"callback\": {\n \"$ref\": \"#/components/schemas/Callback\"\n },\n \"issuance\": {\n \"$ref\": \"#/components/schemas/IClientIssuance\"\n }\n },\n \"required\": [\n \"authority\",\n \"includeQRCode\",\n \"registration\",\n \"callback\",\n \"issuance\"\n ],\n \"additionalProperties\": false\n },\n \"Registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"clientName\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"clientName\"\n ],\n \"additionalProperties\": false\n },\n \"Callback\": {\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"type\": \"string\"\n },\n \"state\": {\n \"type\": \"string\"\n },\n \"headers\": {\n \"$ref\": \"#/components/schemas/Headers\"\n }\n },\n \"required\": [\n \"url\",\n \"state\",\n \"headers\"\n ],\n \"additionalProperties\": false\n },\n \"Headers\": {\n \"type\": \"object\",\n \"properties\": {\n \"apiKey\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"apiKey\"\n ],\n \"additionalProperties\": false\n },\n \"IClientIssuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"manifest\": {\n \"type\": \"string\"\n },\n \"pin\": {\n \"$ref\": \"#/components/schemas/Pin\"\n }\n },\n \"required\": [\n \"type\",\n \"manifest\",\n \"pin\"\n ],\n \"additionalProperties\": false\n },\n \"Pin\": {\n \"type\": \"object\",\n \"properties\": {\n \"value\": {\n \"type\": \"string\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"value\",\n \"length\"\n ],\n \"additionalProperties\": false\n },\n \"CredentialSubject\": {\n \"type\": \"object\"\n },\n \"IIssueRequestResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"requestId\": {\n \"type\": \"string\"\n },\n \"url\": {\n \"type\": \"string\"\n },\n \"expiry\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"pin\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"id\",\n \"requestId\",\n \"url\",\n \"expiry\",\n \"pin\"\n ],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"issuanceRequestMsVc\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IClientIssueRequest\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IIssueRequestResponse\"\n }\n }\n }\n }\n }\n}","import {\n assertEntraCredentialManifestUrlInCorrectRegion,\n IMSClientCredentialAuthInfo,\n determineMSAuthId,\n getMSClientCredentialAccessToken,\n newMSClientCredentialAuthenticator,\n} from '@sphereon/ssi-sdk.ms-authenticator'\nimport { IAgentPlugin } from '@veramo/core'\nimport { fetchIssuanceRequestMs, generatePin } from '../IssuerUtil'\nimport {\n IClientIssueRequest,\n IIssueRequest,\n IIssueRequestResponse,\n IMsRequestApi,\n IRequiredContext,\n Issuance,\n IssuanceConfig,\n} from '../types/IMsRequestApi'\n\n/**\n * {@inheritDoc IMsRequestApi}\n */\nexport class MsRequestApi implements IAgentPlugin {\n private clients: Map<string, IMSClientCredentialAuthInfo> = new Map<string, IMSClientCredentialAuthInfo>()\n\n readonly methods: IMsRequestApi = {\n issuanceRequestMsVc: this.issuanceRequestMsVc.bind(this),\n }\n\n /** {@inheritDoc IMsRequestApi.issuanceRequestMsVc} */\n private async issuanceRequestMsVc(clientIssueRequest: IClientIssueRequest, context: IRequiredContext): Promise<IIssueRequestResponse> {\n const id = determineMSAuthId(clientIssueRequest.authenticationInfo)\n if (!this.clients.has(id)) {\n this.clients.set(id, await newMSClientCredentialAuthenticator(clientIssueRequest.authenticationInfo))\n }\n const clientInfo = this.clients.get(id)\n if (!clientInfo) {\n throw Error(`Could not get client from arguments for id: ${id}`)\n }\n const authResult = await getMSClientCredentialAccessToken(clientIssueRequest.authenticationInfo, {\n confidentialClient: clientInfo.confidentialClient,\n })\n const accessToken = authResult.accessToken\n\n const msIdentityHostName = await assertEntraCredentialManifestUrlInCorrectRegion(clientIssueRequest.authenticationInfo)\n\n // Config Request and App Config File should be a parameter to this function\n if (!clientIssueRequest.authenticationInfo.azTenantId) {\n throw new Error('azTenantId is missing.')\n }\n\n // check if pin is required, if found make sure we set a new random pin\n // pincode is only used when the payload contains claim value pairs which results in an IDTokenhint\n if (clientIssueRequest.clientIssuanceConfig.issuance.pin) {\n clientIssueRequest.clientIssuanceConfig.issuance.pin.value = generatePin(clientIssueRequest.clientIssuanceConfig.issuance.pin.length)\n }\n\n const issuance: Issuance = {\n type: clientIssueRequest.clientIssuanceConfig.issuance.type,\n manifest: clientIssueRequest.clientIssuanceConfig.issuance.manifest,\n pin: clientIssueRequest.clientIssuanceConfig.issuance.pin,\n claims: clientIssueRequest.claims,\n }\n\n const issuanceConfig: IssuanceConfig = {\n authority: clientIssueRequest.clientIssuanceConfig.authority,\n includeQRCode: clientIssueRequest.clientIssuanceConfig.includeQRCode,\n registration: clientIssueRequest.clientIssuanceConfig.registration,\n callback: clientIssueRequest.clientIssuanceConfig.callback,\n issuance: issuance,\n }\n const issueRequest: IIssueRequest = {\n authenticationInfo: clientIssueRequest.authenticationInfo,\n issuanceConfig: issuanceConfig,\n }\n\n const resp = await fetchIssuanceRequestMs(issueRequest, accessToken, msIdentityHostName)\n\n // the response from the VC Request API call is returned to the caller (the UI). It contains the URI to the request which Authenticator can download after\n // it has scanned the QR code. If the payload requested the VC Request service to create the QR code that is returned as well\n // the javascript in the UI will use that QR code to display it on the screen to the user.\n resp.id = issueRequest.issuanceConfig.callback.state // add session id so browser can pull status\n if (issueRequest.issuanceConfig.issuance.pin) {\n resp.pin = issueRequest.issuanceConfig.issuance.pin.value // add pin code so browser can display it\n }\n return resp\n }\n}\n","import { IIssueRequest, IIssueRequestResponse } from './types/IMsRequestApi'\n\nimport { fetch } from 'cross-fetch'\nexport async function fetchIssuanceRequestMs(\n issuanceInfo: IIssueRequest,\n accessToken: string,\n msIdentityHostName: string,\n): Promise<IIssueRequestResponse> {\n const requestEndpoint = `${msIdentityHostName}${issuanceInfo.authenticationInfo.azTenantId}/verifiablecredentials/request`\n\n const payload = JSON.stringify(issuanceInfo.issuanceConfig)\n const fetchOptions = {\n method: 'POST',\n body: payload,\n headers: {\n 'Content-Type': 'application/json',\n 'Content-Length': payload.length.toString(),\n Authorization: `Bearer ${accessToken}`,\n },\n }\n const response = await fetch(requestEndpoint, fetchOptions)\n return await response.json()\n}\n\nexport function generatePin(digits: number) {\n const add = 1\n let max = 12 - add\n max = Math.pow(10, digits + add)\n const min = max / 10 // Math.pow(10, n) basically\n const number = Math.floor(Math.random() * (max - min + 1)) + min\n return ('' + number).substring(add)\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { MsRequestApi } from './agent/MsRequestApi'\nexport * from './types/IMsRequestApi'\nexport * from './IssuerUtil'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,eAAiB;AAAA,QACf,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,oBAAsB;AAAA,kBACpB,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,kBACtB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,uCAAyC;AAAA,cACvC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,gBACV;AAAA,gBACA,uBAAyB;AAAA,kBACvB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,YACV;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,QAAU;AAAA,gBACZ;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC1OA,SACEA,iDAEAC,mBACAC,kCACAC,0CACK;;;ACJP,SAASC,aAAa;AACtB,eAAsBC,uBACpBC,cACAC,aACAC,oBAA0B;AAE1B,QAAMC,kBAAkB,GAAGD,kBAAAA,GAAqBF,aAAaI,mBAAmBC,UAAU;AAE1F,QAAMC,UAAUC,KAAKC,UAAUR,aAAaS,cAAc;AAC1D,QAAMC,eAAe;IACnBC,QAAQ;IACRC,MAAMN;IACNO,SAAS;MACP,gBAAgB;MAChB,kBAAkBP,QAAQQ,OAAOC,SAAQ;MACzCC,eAAe,UAAUf,WAAAA;IAC3B;EACF;AACA,QAAMgB,WAAW,MAAMC,MAAMf,iBAAiBO,YAAAA;AAC9C,SAAO,MAAMO,SAASE,KAAI;AAC5B;AAnBsBpB;AAqBf,SAASqB,YAAYC,QAAc;AACxC,QAAMC,MAAM;AACZ,MAAIC,MAAM,KAAKD;AACfC,QAAMC,KAAKC,IAAI,IAAIJ,SAASC,GAAAA;AAC5B,QAAMI,MAAMH,MAAM;AAClB,QAAMI,SAASH,KAAKI,MAAMJ,KAAKK,OAAM,KAAMN,MAAMG,MAAM,EAAA,IAAMA;AAC7D,UAAQ,KAAKC,QAAQG,UAAUR,GAAAA;AACjC;AAPgBF;;;ADFT,IAAMW,eAAN,MAAMA;EAtBb,OAsBaA;;;EACHC,UAAoD,oBAAIC,IAAAA;EAEvDC,UAAyB;IAChCC,qBAAqB,KAAKA,oBAAoBC,KAAK,IAAI;EACzD;;EAGA,MAAcD,oBAAoBE,oBAAyCC,SAA2D;AACpI,UAAMC,KAAKC,kBAAkBH,mBAAmBI,kBAAkB;AAClE,QAAI,CAAC,KAAKT,QAAQU,IAAIH,EAAAA,GAAK;AACzB,WAAKP,QAAQW,IAAIJ,IAAI,MAAMK,mCAAmCP,mBAAmBI,kBAAkB,CAAA;IACrG;AACA,UAAMI,aAAa,KAAKb,QAAQc,IAAIP,EAAAA;AACpC,QAAI,CAACM,YAAY;AACf,YAAME,MAAM,+CAA+CR,EAAAA,EAAI;IACjE;AACA,UAAMS,aAAa,MAAMC,iCAAiCZ,mBAAmBI,oBAAoB;MAC/FS,oBAAoBL,WAAWK;IACjC,CAAA;AACA,UAAMC,cAAcH,WAAWG;AAE/B,UAAMC,qBAAqB,MAAMC,gDAAgDhB,mBAAmBI,kBAAkB;AAGtH,QAAI,CAACJ,mBAAmBI,mBAAmBa,YAAY;AACrD,YAAM,IAAIP,MAAM,wBAAA;IAClB;AAIA,QAAIV,mBAAmBkB,qBAAqBC,SAASC,KAAK;AACxDpB,yBAAmBkB,qBAAqBC,SAASC,IAAIC,QAAQC,YAAYtB,mBAAmBkB,qBAAqBC,SAASC,IAAIG,MAAM;IACtI;AAEA,UAAMJ,WAAqB;MACzBK,MAAMxB,mBAAmBkB,qBAAqBC,SAASK;MACvDC,UAAUzB,mBAAmBkB,qBAAqBC,SAASM;MAC3DL,KAAKpB,mBAAmBkB,qBAAqBC,SAASC;MACtDM,QAAQ1B,mBAAmB0B;IAC7B;AAEA,UAAMC,iBAAiC;MACrCC,WAAW5B,mBAAmBkB,qBAAqBU;MACnDC,eAAe7B,mBAAmBkB,qBAAqBW;MACvDC,cAAc9B,mBAAmBkB,qBAAqBY;MACtDC,UAAU/B,mBAAmBkB,qBAAqBa;MAClDZ;IACF;AACA,UAAMa,eAA8B;MAClC5B,oBAAoBJ,mBAAmBI;MACvCuB;IACF;AAEA,UAAMM,OAAO,MAAMC,uBAAuBF,cAAclB,aAAaC,kBAAAA;AAKrEkB,SAAK/B,KAAK8B,aAAaL,eAAeI,SAASI;AAC/C,QAAIH,aAAaL,eAAeR,SAASC,KAAK;AAC5Ca,WAAKb,MAAMY,aAAaL,eAAeR,SAASC,IAAIC;IACtD;AACA,WAAOY;EACT;AACF;;;AEpFA,IAAMG,SAASC;","names":["assertEntraCredentialManifestUrlInCorrectRegion","determineMSAuthId","getMSClientCredentialAccessToken","newMSClientCredentialAuthenticator","fetch","fetchIssuanceRequestMs","issuanceInfo","accessToken","msIdentityHostName","requestEndpoint","authenticationInfo","azTenantId","payload","JSON","stringify","issuanceConfig","fetchOptions","method","body","headers","length","toString","Authorization","response","fetch","json","generatePin","digits","add","max","Math","pow","min","number","floor","random","substring","MsRequestApi","clients","Map","methods","issuanceRequestMsVc","bind","clientIssueRequest","context","id","determineMSAuthId","authenticationInfo","has","set","newMSClientCredentialAuthenticator","clientInfo","get","Error","authResult","getMSClientCredentialAccessToken","confidentialClient","accessToken","msIdentityHostName","assertEntraCredentialManifestUrlInCorrectRegion","azTenantId","clientIssuanceConfig","issuance","pin","value","generatePin","length","type","manifest","claims","issuanceConfig","authority","includeQRCode","registration","callback","issueRequest","resp","fetchIssuanceRequestMs","state","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/agent/MsRequestApi.ts","../src/IssuerUtil.ts","../src/index.ts"],"sourcesContent":["{\n \"IMsRequestApi\": {\n \"components\": {\n \"schemas\": {\n \"IClientIssueRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"authenticationInfo\": {\n \"$ref\": \"#/components/schemas/IMsAuthenticationClientCredentialArgs\"\n },\n \"clientIssuanceConfig\": {\n \"$ref\": \"#/components/schemas/IClientIssuanceConfig\"\n },\n \"claims\": {\n \"$ref\": \"#/components/schemas/CredentialSubject\"\n }\n },\n \"required\": [\"authenticationInfo\", \"clientIssuanceConfig\", \"claims\"],\n \"additionalProperties\": false\n },\n \"IMsAuthenticationClientCredentialArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"azClientId\": {\n \"type\": \"string\"\n },\n \"azTenantId\": {\n \"type\": \"string\"\n },\n \"azClientSecret\": {\n \"type\": \"string\"\n },\n \"credentialManifestUrl\": {\n \"type\": \"string\"\n },\n \"authority\": {\n \"type\": \"string\"\n },\n \"region\": {\n \"type\": \"string\"\n },\n \"scopes\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"skipCache\": {\n \"type\": \"boolean\"\n },\n \"piiLoggingEnabled\": {\n \"type\": \"boolean\"\n },\n \"logLevel\": {\n \"$ref\": \"#/components/schemas/LogLevel\"\n }\n },\n \"required\": [\"azClientId\", \"azTenantId\", \"azClientSecret\"],\n \"additionalProperties\": false,\n \"description\": \"azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose\"\n },\n \"LogLevel\": {\n \"type\": \"number\",\n \"enum\": [0, 1, 2, 3, 4],\n \"description\": \"Log message level.\"\n },\n \"IClientIssuanceConfig\": {\n \"type\": \"object\",\n \"properties\": {\n \"authority\": {\n \"type\": \"string\"\n },\n \"includeQRCode\": {\n \"type\": \"boolean\"\n },\n \"registration\": {\n \"$ref\": \"#/components/schemas/Registration\"\n },\n \"callback\": {\n \"$ref\": \"#/components/schemas/Callback\"\n },\n \"issuance\": {\n \"$ref\": \"#/components/schemas/IClientIssuance\"\n }\n },\n \"required\": [\"authority\", \"includeQRCode\", \"registration\", \"callback\", \"issuance\"],\n \"additionalProperties\": false\n },\n \"Registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"clientName\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"clientName\"],\n \"additionalProperties\": false\n },\n \"Callback\": {\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"type\": \"string\"\n },\n \"state\": {\n \"type\": \"string\"\n },\n \"headers\": {\n \"$ref\": \"#/components/schemas/Headers\"\n }\n },\n \"required\": [\"url\", \"state\", \"headers\"],\n \"additionalProperties\": false\n },\n \"Headers\": {\n \"type\": \"object\",\n \"properties\": {\n \"apiKey\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"apiKey\"],\n \"additionalProperties\": false\n },\n \"IClientIssuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"manifest\": {\n \"type\": \"string\"\n },\n \"pin\": {\n \"$ref\": \"#/components/schemas/Pin\"\n }\n },\n \"required\": [\"type\", \"manifest\", \"pin\"],\n \"additionalProperties\": false\n },\n \"Pin\": {\n \"type\": \"object\",\n \"properties\": {\n \"value\": {\n \"type\": \"string\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"value\", \"length\"],\n \"additionalProperties\": false\n },\n \"CredentialSubject\": {\n \"type\": \"object\"\n },\n \"IIssueRequestResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"requestId\": {\n \"type\": \"string\"\n },\n \"url\": {\n \"type\": \"string\"\n },\n \"expiry\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"pin\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"id\", \"requestId\", \"url\", \"expiry\", \"pin\"],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"issuanceRequestMsVc\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IClientIssueRequest\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IIssueRequestResponse\"\n }\n }\n }\n }\n }\n}\n","import {\n assertEntraCredentialManifestUrlInCorrectRegion,\n IMSClientCredentialAuthInfo,\n determineMSAuthId,\n getMSClientCredentialAccessToken,\n newMSClientCredentialAuthenticator,\n} from '@sphereon/ssi-sdk.ms-authenticator'\nimport { IAgentPlugin } from '@veramo/core'\nimport { fetchIssuanceRequestMs, generatePin } from '../IssuerUtil'\nimport {\n IClientIssueRequest,\n IIssueRequest,\n IIssueRequestResponse,\n IMsRequestApi,\n IRequiredContext,\n Issuance,\n IssuanceConfig,\n} from '../types/IMsRequestApi'\n\n/**\n * {@inheritDoc IMsRequestApi}\n */\nexport class MsRequestApi implements IAgentPlugin {\n private clients: Map<string, IMSClientCredentialAuthInfo> = new Map<string, IMSClientCredentialAuthInfo>()\n\n readonly methods: IMsRequestApi = {\n issuanceRequestMsVc: this.issuanceRequestMsVc.bind(this),\n }\n\n /** {@inheritDoc IMsRequestApi.issuanceRequestMsVc} */\n private async issuanceRequestMsVc(clientIssueRequest: IClientIssueRequest, context: IRequiredContext): Promise<IIssueRequestResponse> {\n const id = determineMSAuthId(clientIssueRequest.authenticationInfo)\n if (!this.clients.has(id)) {\n this.clients.set(id, await newMSClientCredentialAuthenticator(clientIssueRequest.authenticationInfo))\n }\n const clientInfo = this.clients.get(id)\n if (!clientInfo) {\n throw Error(`Could not get client from arguments for id: ${id}`)\n }\n const authResult = await getMSClientCredentialAccessToken(clientIssueRequest.authenticationInfo, {\n confidentialClient: clientInfo.confidentialClient,\n })\n const accessToken = authResult.accessToken\n\n const msIdentityHostName = await assertEntraCredentialManifestUrlInCorrectRegion(clientIssueRequest.authenticationInfo)\n\n // Config Request and App Config File should be a parameter to this function\n if (!clientIssueRequest.authenticationInfo.azTenantId) {\n throw new Error('azTenantId is missing.')\n }\n\n // check if pin is required, if found make sure we set a new random pin\n // pincode is only used when the payload contains claim value pairs which results in an IDTokenhint\n if (clientIssueRequest.clientIssuanceConfig.issuance.pin) {\n clientIssueRequest.clientIssuanceConfig.issuance.pin.value = generatePin(clientIssueRequest.clientIssuanceConfig.issuance.pin.length)\n }\n\n const issuance: Issuance = {\n type: clientIssueRequest.clientIssuanceConfig.issuance.type,\n manifest: clientIssueRequest.clientIssuanceConfig.issuance.manifest,\n pin: clientIssueRequest.clientIssuanceConfig.issuance.pin,\n claims: clientIssueRequest.claims,\n }\n\n const issuanceConfig: IssuanceConfig = {\n authority: clientIssueRequest.clientIssuanceConfig.authority,\n includeQRCode: clientIssueRequest.clientIssuanceConfig.includeQRCode,\n registration: clientIssueRequest.clientIssuanceConfig.registration,\n callback: clientIssueRequest.clientIssuanceConfig.callback,\n issuance: issuance,\n }\n const issueRequest: IIssueRequest = {\n authenticationInfo: clientIssueRequest.authenticationInfo,\n issuanceConfig: issuanceConfig,\n }\n\n const resp = await fetchIssuanceRequestMs(issueRequest, accessToken, msIdentityHostName)\n\n // the response from the VC Request API call is returned to the caller (the UI). It contains the URI to the request which Authenticator can download after\n // it has scanned the QR code. If the payload requested the VC Request service to create the QR code that is returned as well\n // the javascript in the UI will use that QR code to display it on the screen to the user.\n resp.id = issueRequest.issuanceConfig.callback.state // add session id so browser can pull status\n if (issueRequest.issuanceConfig.issuance.pin) {\n resp.pin = issueRequest.issuanceConfig.issuance.pin.value // add pin code so browser can display it\n }\n return resp\n }\n}\n","import { IIssueRequest, IIssueRequestResponse } from './types/IMsRequestApi'\n\nimport { fetch } from 'cross-fetch'\nexport async function fetchIssuanceRequestMs(\n issuanceInfo: IIssueRequest,\n accessToken: string,\n msIdentityHostName: string,\n): Promise<IIssueRequestResponse> {\n const requestEndpoint = `${msIdentityHostName}${issuanceInfo.authenticationInfo.azTenantId}/verifiablecredentials/request`\n\n const payload = JSON.stringify(issuanceInfo.issuanceConfig)\n const fetchOptions = {\n method: 'POST',\n body: payload,\n headers: {\n 'Content-Type': 'application/json',\n 'Content-Length': payload.length.toString(),\n Authorization: `Bearer ${accessToken}`,\n },\n }\n const response = await fetch(requestEndpoint, fetchOptions)\n return await response.json()\n}\n\nexport function generatePin(digits: number) {\n const add = 1\n let max = 12 - add\n max = Math.pow(10, digits + add)\n const min = max / 10 // Math.pow(10, n) basically\n const number = Math.floor(Math.random() * (max - min + 1)) + min\n return ('' + number).substring(add)\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { MsRequestApi } from './agent/MsRequestApi'\nexport * from './types/IMsRequestApi'\nexport * from './IssuerUtil'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,eAAiB;AAAA,QACf,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,oBAAsB;AAAA,kBACpB,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,kBACtB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,sBAAsB,wBAAwB,QAAQ;AAAA,cACnE,sBAAwB;AAAA,YAC1B;AAAA,YACA,uCAAyC;AAAA,cACvC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,gBACV;AAAA,gBACA,uBAAyB;AAAA,kBACvB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,cAAc,cAAc,gBAAgB;AAAA,cACzD,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;AAAA,cACtB,aAAe;AAAA,YACjB;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,aAAa,iBAAiB,gBAAgB,YAAY,UAAU;AAAA,cACjF,sBAAwB;AAAA,YAC1B;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,sBAAwB;AAAA,YAC1B;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,SAAS,SAAS;AAAA,cACtC,sBAAwB;AAAA,YAC1B;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,sBAAwB;AAAA,YAC1B;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,YAAY,KAAK;AAAA,cACtC,sBAAwB;AAAA,YAC1B;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,SAAS,QAAQ;AAAA,cAC9B,sBAAwB;AAAA,YAC1B;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,YACV;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,QAAU;AAAA,gBACZ;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,aAAa,OAAO,UAAU,KAAK;AAAA,cACtD,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACjMA,SACEA,iDAEAC,mBACAC,kCACAC,0CACK;;;ACJP,SAASC,aAAa;AACtB,eAAsBC,uBACpBC,cACAC,aACAC,oBAA0B;AAE1B,QAAMC,kBAAkB,GAAGD,kBAAAA,GAAqBF,aAAaI,mBAAmBC,UAAU;AAE1F,QAAMC,UAAUC,KAAKC,UAAUR,aAAaS,cAAc;AAC1D,QAAMC,eAAe;IACnBC,QAAQ;IACRC,MAAMN;IACNO,SAAS;MACP,gBAAgB;MAChB,kBAAkBP,QAAQQ,OAAOC,SAAQ;MACzCC,eAAe,UAAUf,WAAAA;IAC3B;EACF;AACA,QAAMgB,WAAW,MAAMC,MAAMf,iBAAiBO,YAAAA;AAC9C,SAAO,MAAMO,SAASE,KAAI;AAC5B;AAnBsBpB;AAqBf,SAASqB,YAAYC,QAAc;AACxC,QAAMC,MAAM;AACZ,MAAIC,MAAM,KAAKD;AACfC,QAAMC,KAAKC,IAAI,IAAIJ,SAASC,GAAAA;AAC5B,QAAMI,MAAMH,MAAM;AAClB,QAAMI,SAASH,KAAKI,MAAMJ,KAAKK,OAAM,KAAMN,MAAMG,MAAM,EAAA,IAAMA;AAC7D,UAAQ,KAAKC,QAAQG,UAAUR,GAAAA;AACjC;AAPgBF;;;ADFT,IAAMW,eAAN,MAAMA;EAtBb,OAsBaA;;;EACHC,UAAoD,oBAAIC,IAAAA;EAEvDC,UAAyB;IAChCC,qBAAqB,KAAKA,oBAAoBC,KAAK,IAAI;EACzD;;EAGA,MAAcD,oBAAoBE,oBAAyCC,SAA2D;AACpI,UAAMC,KAAKC,kBAAkBH,mBAAmBI,kBAAkB;AAClE,QAAI,CAAC,KAAKT,QAAQU,IAAIH,EAAAA,GAAK;AACzB,WAAKP,QAAQW,IAAIJ,IAAI,MAAMK,mCAAmCP,mBAAmBI,kBAAkB,CAAA;IACrG;AACA,UAAMI,aAAa,KAAKb,QAAQc,IAAIP,EAAAA;AACpC,QAAI,CAACM,YAAY;AACf,YAAME,MAAM,+CAA+CR,EAAAA,EAAI;IACjE;AACA,UAAMS,aAAa,MAAMC,iCAAiCZ,mBAAmBI,oBAAoB;MAC/FS,oBAAoBL,WAAWK;IACjC,CAAA;AACA,UAAMC,cAAcH,WAAWG;AAE/B,UAAMC,qBAAqB,MAAMC,gDAAgDhB,mBAAmBI,kBAAkB;AAGtH,QAAI,CAACJ,mBAAmBI,mBAAmBa,YAAY;AACrD,YAAM,IAAIP,MAAM,wBAAA;IAClB;AAIA,QAAIV,mBAAmBkB,qBAAqBC,SAASC,KAAK;AACxDpB,yBAAmBkB,qBAAqBC,SAASC,IAAIC,QAAQC,YAAYtB,mBAAmBkB,qBAAqBC,SAASC,IAAIG,MAAM;IACtI;AAEA,UAAMJ,WAAqB;MACzBK,MAAMxB,mBAAmBkB,qBAAqBC,SAASK;MACvDC,UAAUzB,mBAAmBkB,qBAAqBC,SAASM;MAC3DL,KAAKpB,mBAAmBkB,qBAAqBC,SAASC;MACtDM,QAAQ1B,mBAAmB0B;IAC7B;AAEA,UAAMC,iBAAiC;MACrCC,WAAW5B,mBAAmBkB,qBAAqBU;MACnDC,eAAe7B,mBAAmBkB,qBAAqBW;MACvDC,cAAc9B,mBAAmBkB,qBAAqBY;MACtDC,UAAU/B,mBAAmBkB,qBAAqBa;MAClDZ;IACF;AACA,UAAMa,eAA8B;MAClC5B,oBAAoBJ,mBAAmBI;MACvCuB;IACF;AAEA,UAAMM,OAAO,MAAMC,uBAAuBF,cAAclB,aAAaC,kBAAAA;AAKrEkB,SAAK/B,KAAK8B,aAAaL,eAAeI,SAASI;AAC/C,QAAIH,aAAaL,eAAeR,SAASC,KAAK;AAC5Ca,WAAKb,MAAMY,aAAaL,eAAeR,SAASC,IAAIC;IACtD;AACA,WAAOY;EACT;AACF;;;AEpFA,IAAMG,SAASC;","names":["assertEntraCredentialManifestUrlInCorrectRegion","determineMSAuthId","getMSClientCredentialAccessToken","newMSClientCredentialAuthenticator","fetch","fetchIssuanceRequestMs","issuanceInfo","accessToken","msIdentityHostName","requestEndpoint","authenticationInfo","azTenantId","payload","JSON","stringify","issuanceConfig","fetchOptions","method","body","headers","length","toString","Authorization","response","fetch","json","generatePin","digits","add","max","Math","pow","min","number","floor","random","substring","MsRequestApi","clients","Map","methods","issuanceRequestMsVc","bind","clientIssueRequest","context","id","determineMSAuthId","authenticationInfo","has","set","newMSClientCredentialAuthenticator","clientInfo","get","Error","authResult","getMSClientCredentialAccessToken","confidentialClient","accessToken","msIdentityHostName","assertEntraCredentialManifestUrlInCorrectRegion","azTenantId","clientIssuanceConfig","issuance","pin","value","generatePin","length","type","manifest","claims","issuanceConfig","authority","includeQRCode","registration","callback","issueRequest","resp","fetchIssuanceRequestMs","state","schema","require"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.ms-request-api",
3
- "version": "0.33.1-feature.jose.vcdm.61+a359941a",
3
+ "version": "0.33.1-feature.jose.vcdm.63+022136f8",
4
4
  "source": "src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -27,13 +27,13 @@
27
27
  "generate-plugin-schema": "ts-node ../../packages/dev/bin/sphereon.js dev generate-plugin-schema"
28
28
  },
29
29
  "dependencies": {
30
- "@sphereon/ssi-sdk.ms-authenticator": "0.33.1-feature.jose.vcdm.61+a359941a",
30
+ "@sphereon/ssi-sdk.ms-authenticator": "0.33.1-feature.jose.vcdm.63+022136f8",
31
31
  "@veramo/core": "4.2.0",
32
32
  "cross-fetch": "^3.1.8"
33
33
  },
34
34
  "devDependencies": {
35
- "@sphereon/ssi-sdk.agent-config": "0.33.1-feature.jose.vcdm.61+a359941a",
36
- "@sphereon/ssi-sdk.credential-store": "0.33.1-feature.jose.vcdm.61+a359941a",
35
+ "@sphereon/ssi-sdk.agent-config": "0.33.1-feature.jose.vcdm.63+022136f8",
36
+ "@sphereon/ssi-sdk.credential-store": "0.33.1-feature.jose.vcdm.63+022136f8",
37
37
  "@types/express": "^4.17.21",
38
38
  "@types/express-session": "^1.18.0",
39
39
  "@types/node": "^20.17.1",
@@ -74,5 +74,5 @@
74
74
  "API",
75
75
  "Issuer"
76
76
  ],
77
- "gitHead": "a359941a2b84a7b86ff515b0f78080ff075e97b6"
77
+ "gitHead": "022136f82e8b5b0b83cc4b475b4b83eb5dc63e14"
78
78
  }
package/plugin.schema.json CHANGED
@@ -15,11 +15,7 @@
15
15
  "$ref": "#/components/schemas/CredentialSubject"
16
16
  }
17
17
  },
18
- "required": [
19
- "authenticationInfo",
20
- "clientIssuanceConfig",
21
- "claims"
22
- ],
18
+ "required": ["authenticationInfo", "clientIssuanceConfig", "claims"],
23
19
  "additionalProperties": false
24
20
  },
25
21
  "IMsAuthenticationClientCredentialArgs": {
@@ -59,23 +55,13 @@
59
55
  "$ref": "#/components/schemas/LogLevel"
60
56
  }
61
57
  },
62
- "required": [
63
- "azClientId",
64
- "azTenantId",
65
- "azClientSecret"
66
- ],
58
+ "required": ["azClientId", "azTenantId", "azClientSecret"],
67
59
  "additionalProperties": false,
68
60
  "description": "azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose"
69
61
  },
70
62
  "LogLevel": {
71
63
  "type": "number",
72
- "enum": [
73
- 0,
74
- 1,
75
- 2,
76
- 3,
77
- 4
78
- ],
64
+ "enum": [0, 1, 2, 3, 4],
79
65
  "description": "Log message level."
80
66
  },
81
67
  "IClientIssuanceConfig": {
@@ -97,13 +83,7 @@
97
83
  "$ref": "#/components/schemas/IClientIssuance"
98
84
  }
99
85
  },
100
- "required": [
101
- "authority",
102
- "includeQRCode",
103
- "registration",
104
- "callback",
105
- "issuance"
106
- ],
86
+ "required": ["authority", "includeQRCode", "registration", "callback", "issuance"],
107
87
  "additionalProperties": false
108
88
  },
109
89
  "Registration": {
@@ -113,9 +93,7 @@
113
93
  "type": "string"
114
94
  }
115
95
  },
116
- "required": [
117
- "clientName"
118
- ],
96
+ "required": ["clientName"],
119
97
  "additionalProperties": false
120
98
  },
121
99
  "Callback": {
@@ -131,11 +109,7 @@
131
109
  "$ref": "#/components/schemas/Headers"
132
110
  }
133
111
  },
134
- "required": [
135
- "url",
136
- "state",
137
- "headers"
138
- ],
112
+ "required": ["url", "state", "headers"],
139
113
  "additionalProperties": false
140
114
  },
141
115
  "Headers": {
@@ -145,9 +119,7 @@
145
119
  "type": "string"
146
120
  }
147
121
  },
148
- "required": [
149
- "apiKey"
150
- ],
122
+ "required": ["apiKey"],
151
123
  "additionalProperties": false
152
124
  },
153
125
  "IClientIssuance": {
@@ -163,11 +135,7 @@
163
135
  "$ref": "#/components/schemas/Pin"
164
136
  }
165
137
  },
166
- "required": [
167
- "type",
168
- "manifest",
169
- "pin"
170
- ],
138
+ "required": ["type", "manifest", "pin"],
171
139
  "additionalProperties": false
172
140
  },
173
141
  "Pin": {
@@ -180,10 +148,7 @@
180
148
  "type": "number"
181
149
  }
182
150
  },
183
- "required": [
184
- "value",
185
- "length"
186
- ],
151
+ "required": ["value", "length"],
187
152
  "additionalProperties": false
188
153
  },
189
154
  "CredentialSubject": {
@@ -209,13 +174,7 @@
209
174
  "type": "string"
210
175
  }
211
176
  },
212
- "required": [
213
- "id",
214
- "requestId",
215
- "url",
216
- "expiry",
217
- "pin"
218
- ],
177
+ "required": ["id", "requestId", "url", "expiry", "pin"],
219
178
  "additionalProperties": false
220
179
  }
221
180
  },
@@ -232,4 +191,4 @@
232
191
  }
233
192
  }
234
193
  }
235
- }
194
+ }