@sphereon/ssi-sdk.ms-request-api 0.33.1-feature.vcdm2.tsup.32 → 0.33.1-feature.vcdm2.tsup.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +10 -51
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +10 -51
  4. package/dist/index.js.map +1 -1
  5. package/package.json +5 -5
  6. package/plugin.schema.json +11 -52
package/dist/index.cjs CHANGED
@@ -41,11 +41,7 @@ var require_plugin_schema = __commonJS({
41
41
  $ref: "#/components/schemas/CredentialSubject"
42
42
  }
43
43
  },
44
- required: [
45
- "authenticationInfo",
46
- "clientIssuanceConfig",
47
- "claims"
48
- ]
44
+ required: ["authenticationInfo", "clientIssuanceConfig", "claims"]
49
45
  },
50
46
  IMsAuthenticationClientCredentialArgs: {
51
47
  type: "object",
@@ -84,22 +80,12 @@ var require_plugin_schema = __commonJS({
84
80
  $ref: "#/components/schemas/LogLevel"
85
81
  }
86
82
  },
87
- required: [
88
- "azClientId",
89
- "azTenantId",
90
- "azClientSecret"
91
- ],
83
+ required: ["azClientId", "azTenantId", "azClientSecret"],
92
84
  description: "azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose"
93
85
  },
94
86
  LogLevel: {
95
87
  type: "number",
96
- enum: [
97
- 0,
98
- 1,
99
- 2,
100
- 3,
101
- 4
102
- ],
88
+ enum: [0, 1, 2, 3, 4],
103
89
  description: "Log message level."
104
90
  },
105
91
  IClientIssuanceConfig: {
@@ -121,13 +107,7 @@ var require_plugin_schema = __commonJS({
121
107
  $ref: "#/components/schemas/IClientIssuance"
122
108
  }
123
109
  },
124
- required: [
125
- "authority",
126
- "includeQRCode",
127
- "registration",
128
- "callback",
129
- "issuance"
130
- ]
110
+ required: ["authority", "includeQRCode", "registration", "callback", "issuance"]
131
111
  },
132
112
  Registration: {
133
113
  type: "object",
@@ -136,9 +116,7 @@ var require_plugin_schema = __commonJS({
136
116
  type: "string"
137
117
  }
138
118
  },
139
- required: [
140
- "clientName"
141
- ]
119
+ required: ["clientName"]
142
120
  },
143
121
  Callback: {
144
122
  type: "object",
@@ -153,11 +131,7 @@ var require_plugin_schema = __commonJS({
153
131
  $ref: "#/components/schemas/Headers"
154
132
  }
155
133
  },
156
- required: [
157
- "url",
158
- "state",
159
- "headers"
160
- ]
134
+ required: ["url", "state", "headers"]
161
135
  },
162
136
  Headers: {
163
137
  type: "object",
@@ -166,9 +140,7 @@ var require_plugin_schema = __commonJS({
166
140
  type: "string"
167
141
  }
168
142
  },
169
- required: [
170
- "apiKey"
171
- ]
143
+ required: ["apiKey"]
172
144
  },
173
145
  IClientIssuance: {
174
146
  type: "object",
@@ -183,11 +155,7 @@ var require_plugin_schema = __commonJS({
183
155
  $ref: "#/components/schemas/Pin"
184
156
  }
185
157
  },
186
- required: [
187
- "type",
188
- "manifest",
189
- "pin"
190
- ]
158
+ required: ["type", "manifest", "pin"]
191
159
  },
192
160
  Pin: {
193
161
  type: "object",
@@ -199,10 +167,7 @@ var require_plugin_schema = __commonJS({
199
167
  type: "number"
200
168
  }
201
169
  },
202
- required: [
203
- "value",
204
- "length"
205
- ]
170
+ required: ["value", "length"]
206
171
  },
207
172
  CredentialSubject: {
208
173
  type: "object"
@@ -227,13 +192,7 @@ var require_plugin_schema = __commonJS({
227
192
  type: "string"
228
193
  }
229
194
  },
230
- required: [
231
- "id",
232
- "requestId",
233
- "url",
234
- "expiry",
235
- "pin"
236
- ]
195
+ required: ["id", "requestId", "url", "expiry", "pin"]
237
196
  }
238
197
  },
239
198
  methods: {
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/MsRequestApi.ts","../src/IssuerUtil.ts"],"sourcesContent":["{\n \"IMsRequestApi\": {\n \"components\": {\n \"schemas\": {\n \"IClientIssueRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"authenticationInfo\": {\n \"$ref\": \"#/components/schemas/IMsAuthenticationClientCredentialArgs\"\n },\n \"clientIssuanceConfig\": {\n \"$ref\": \"#/components/schemas/IClientIssuanceConfig\"\n },\n \"claims\": {\n \"$ref\": \"#/components/schemas/CredentialSubject\"\n }\n },\n \"required\": [\n \"authenticationInfo\",\n \"clientIssuanceConfig\",\n \"claims\"\n ]\n },\n \"IMsAuthenticationClientCredentialArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"azClientId\": {\n \"type\": \"string\"\n },\n \"azTenantId\": {\n \"type\": \"string\"\n },\n \"azClientSecret\": {\n \"type\": \"string\"\n },\n \"credentialManifestUrl\": {\n \"type\": \"string\"\n },\n \"authority\": {\n \"type\": \"string\"\n },\n \"region\": {\n \"type\": \"string\"\n },\n \"scopes\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"skipCache\": {\n \"type\": \"boolean\"\n },\n \"piiLoggingEnabled\": {\n \"type\": \"boolean\"\n },\n \"logLevel\": {\n \"$ref\": \"#/components/schemas/LogLevel\"\n }\n },\n \"required\": [\n \"azClientId\",\n \"azTenantId\",\n \"azClientSecret\"\n ],\n \"description\": \"azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose\"\n },\n \"LogLevel\": {\n \"type\": \"number\",\n \"enum\": [\n 0,\n 1,\n 2,\n 3,\n 4\n ],\n \"description\": \"Log message level.\"\n },\n \"IClientIssuanceConfig\": {\n \"type\": \"object\",\n \"properties\": {\n \"authority\": {\n \"type\": \"string\"\n },\n \"includeQRCode\": {\n \"type\": \"boolean\"\n },\n \"registration\": {\n \"$ref\": \"#/components/schemas/Registration\"\n },\n \"callback\": {\n \"$ref\": \"#/components/schemas/Callback\"\n },\n \"issuance\": {\n \"$ref\": \"#/components/schemas/IClientIssuance\"\n }\n },\n \"required\": [\n \"authority\",\n \"includeQRCode\",\n \"registration\",\n \"callback\",\n \"issuance\"\n ]\n },\n \"Registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"clientName\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"clientName\"\n ]\n },\n \"Callback\": {\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"type\": \"string\"\n },\n \"state\": {\n \"type\": \"string\"\n },\n \"headers\": {\n \"$ref\": \"#/components/schemas/Headers\"\n }\n },\n \"required\": [\n \"url\",\n \"state\",\n \"headers\"\n ]\n },\n \"Headers\": {\n \"type\": \"object\",\n \"properties\": {\n \"apiKey\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"apiKey\"\n ]\n },\n \"IClientIssuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"manifest\": {\n \"type\": \"string\"\n },\n \"pin\": {\n \"$ref\": \"#/components/schemas/Pin\"\n }\n },\n \"required\": [\n \"type\",\n \"manifest\",\n \"pin\"\n ]\n },\n \"Pin\": {\n \"type\": \"object\",\n \"properties\": {\n \"value\": {\n \"type\": \"string\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"value\",\n \"length\"\n ]\n },\n \"CredentialSubject\": {\n \"type\": \"object\"\n },\n \"IIssueRequestResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"requestId\": {\n \"type\": \"string\"\n },\n \"url\": {\n \"type\": \"string\"\n },\n \"expiry\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"pin\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"id\",\n \"requestId\",\n \"url\",\n \"expiry\",\n \"pin\"\n ]\n }\n },\n \"methods\": {\n \"issuanceRequestMsVc\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IClientIssueRequest\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IIssueRequestResponse\"\n }\n }\n }\n }\n }\n}","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { MsRequestApi } from './agent/MsRequestApi'\nexport * from './types/IMsRequestApi'\nexport * from './IssuerUtil'\n","import {\n assertEntraCredentialManifestUrlInCorrectRegion,\n IMSClientCredentialAuthInfo,\n determineMSAuthId,\n getMSClientCredentialAccessToken,\n newMSClientCredentialAuthenticator,\n} from '@sphereon/ssi-sdk.ms-authenticator'\nimport { IAgentPlugin } from '@veramo/core'\nimport { fetchIssuanceRequestMs, generatePin } from '../IssuerUtil'\nimport {\n IClientIssueRequest,\n IIssueRequest,\n IIssueRequestResponse,\n IMsRequestApi,\n IRequiredContext,\n Issuance,\n IssuanceConfig,\n} from '../types/IMsRequestApi'\n\n/**\n * {@inheritDoc IMsRequestApi}\n */\nexport class MsRequestApi implements IAgentPlugin {\n private clients: Map<string, IMSClientCredentialAuthInfo> = new Map<string, IMSClientCredentialAuthInfo>()\n\n readonly methods: IMsRequestApi = {\n issuanceRequestMsVc: this.issuanceRequestMsVc.bind(this),\n }\n\n /** {@inheritDoc IMsRequestApi.issuanceRequestMsVc} */\n private async issuanceRequestMsVc(clientIssueRequest: IClientIssueRequest, context: IRequiredContext): Promise<IIssueRequestResponse> {\n const id = determineMSAuthId(clientIssueRequest.authenticationInfo)\n if (!this.clients.has(id)) {\n this.clients.set(id, await newMSClientCredentialAuthenticator(clientIssueRequest.authenticationInfo))\n }\n const clientInfo = this.clients.get(id)\n if (!clientInfo) {\n throw Error(`Could not get client from arguments for id: ${id}`)\n }\n const authResult = await getMSClientCredentialAccessToken(clientIssueRequest.authenticationInfo, {\n confidentialClient: clientInfo.confidentialClient,\n })\n const accessToken = authResult.accessToken\n\n const msIdentityHostName = await assertEntraCredentialManifestUrlInCorrectRegion(clientIssueRequest.authenticationInfo)\n\n // Config Request and App Config File should be a parameter to this function\n if (!clientIssueRequest.authenticationInfo.azTenantId) {\n throw new Error('azTenantId is missing.')\n }\n\n // check if pin is required, if found make sure we set a new random pin\n // pincode is only used when the payload contains claim value pairs which results in an IDTokenhint\n if (clientIssueRequest.clientIssuanceConfig.issuance.pin) {\n clientIssueRequest.clientIssuanceConfig.issuance.pin.value = generatePin(clientIssueRequest.clientIssuanceConfig.issuance.pin.length)\n }\n\n const issuance: Issuance = {\n type: clientIssueRequest.clientIssuanceConfig.issuance.type,\n manifest: clientIssueRequest.clientIssuanceConfig.issuance.manifest,\n pin: clientIssueRequest.clientIssuanceConfig.issuance.pin,\n claims: clientIssueRequest.claims,\n }\n\n const issuanceConfig: IssuanceConfig = {\n authority: clientIssueRequest.clientIssuanceConfig.authority,\n includeQRCode: clientIssueRequest.clientIssuanceConfig.includeQRCode,\n registration: clientIssueRequest.clientIssuanceConfig.registration,\n callback: clientIssueRequest.clientIssuanceConfig.callback,\n issuance: issuance,\n }\n const issueRequest: IIssueRequest = {\n authenticationInfo: clientIssueRequest.authenticationInfo,\n issuanceConfig: issuanceConfig,\n }\n\n const resp = await fetchIssuanceRequestMs(issueRequest, accessToken, msIdentityHostName)\n\n // the response from the VC Request API call is returned to the caller (the UI). It contains the URI to the request which Authenticator can download after\n // it has scanned the QR code. If the payload requested the VC Request service to create the QR code that is returned as well\n // the javascript in the UI will use that QR code to display it on the screen to the user.\n resp.id = issueRequest.issuanceConfig.callback.state // add session id so browser can pull status\n if (issueRequest.issuanceConfig.issuance.pin) {\n resp.pin = issueRequest.issuanceConfig.issuance.pin.value // add pin code so browser can display it\n }\n return resp\n }\n}\n","import { IIssueRequest, IIssueRequestResponse } from './types/IMsRequestApi'\n\nimport { fetch } from 'cross-fetch'\nexport async function fetchIssuanceRequestMs(\n issuanceInfo: IIssueRequest,\n accessToken: string,\n msIdentityHostName: string,\n): Promise<IIssueRequestResponse> {\n const requestEndpoint = `${msIdentityHostName}${issuanceInfo.authenticationInfo.azTenantId}/verifiablecredentials/request`\n\n const payload = JSON.stringify(issuanceInfo.issuanceConfig)\n const fetchOptions = {\n method: 'POST',\n body: payload,\n headers: {\n 'Content-Type': 'application/json',\n 'Content-Length': payload.length.toString(),\n Authorization: `Bearer ${accessToken}`,\n },\n }\n const response = await fetch(requestEndpoint, fetchOptions)\n return await response.json()\n}\n\nexport function generatePin(digits: number) {\n const add = 1\n let max = 12 - add\n max = Math.pow(10, digits + add)\n const min = max / 10 // Math.pow(10, n) basically\n const number = Math.floor(Math.random() * (max - min + 1)) + min\n return ('' + number).substring(add)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,eAAiB;AAAA,QACf,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,oBAAsB;AAAA,kBACpB,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,kBACtB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,uCAAyC;AAAA,cACvC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,gBACV;AAAA,gBACA,uBAAyB;AAAA,kBACvB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,YACV;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,QAAU;AAAA,gBACZ;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACjOA;;;;;;;;;;ACAA,qBAMO;;;ACJP,yBAAsB;AACtB,eAAsBC,uBACpBC,cACAC,aACAC,oBAA0B;AAE1B,QAAMC,kBAAkB,GAAGD,kBAAAA,GAAqBF,aAAaI,mBAAmBC,UAAU;AAE1F,QAAMC,UAAUC,KAAKC,UAAUR,aAAaS,cAAc;AAC1D,QAAMC,eAAe;IACnBC,QAAQ;IACRC,MAAMN;IACNO,SAAS;MACP,gBAAgB;MAChB,kBAAkBP,QAAQQ,OAAOC,SAAQ;MACzCC,eAAe,UAAUf,WAAAA;IAC3B;EACF;AACA,QAAMgB,WAAW,UAAMC,0BAAMf,iBAAiBO,YAAAA;AAC9C,SAAO,MAAMO,SAASE,KAAI;AAC5B;AAnBsBpB;AAqBf,SAASqB,YAAYC,QAAc;AACxC,QAAMC,MAAM;AACZ,MAAIC,MAAM,KAAKD;AACfC,QAAMC,KAAKC,IAAI,IAAIJ,SAASC,GAAAA;AAC5B,QAAMI,MAAMH,MAAM;AAClB,QAAMI,SAASH,KAAKI,MAAMJ,KAAKK,OAAM,KAAMN,MAAMG,MAAM,EAAA,IAAMA;AAC7D,UAAQ,KAAKC,QAAQG,UAAUR,GAAAA;AACjC;AAPgBF;;;ADFT,IAAMW,eAAN,MAAMA;EAtBb,OAsBaA;;;EACHC,UAAoD,oBAAIC,IAAAA;EAEvDC,UAAyB;IAChCC,qBAAqB,KAAKA,oBAAoBC,KAAK,IAAI;EACzD;;EAGA,MAAcD,oBAAoBE,oBAAyCC,SAA2D;AACpI,UAAMC,SAAKC,kCAAkBH,mBAAmBI,kBAAkB;AAClE,QAAI,CAAC,KAAKT,QAAQU,IAAIH,EAAAA,GAAK;AACzB,WAAKP,QAAQW,IAAIJ,IAAI,UAAMK,mDAAmCP,mBAAmBI,kBAAkB,CAAA;IACrG;AACA,UAAMI,aAAa,KAAKb,QAAQc,IAAIP,EAAAA;AACpC,QAAI,CAACM,YAAY;AACf,YAAME,MAAM,+CAA+CR,EAAAA,EAAI;IACjE;AACA,UAAMS,aAAa,UAAMC,iDAAiCZ,mBAAmBI,oBAAoB;MAC/FS,oBAAoBL,WAAWK;IACjC,CAAA;AACA,UAAMC,cAAcH,WAAWG;AAE/B,UAAMC,qBAAqB,UAAMC,gEAAgDhB,mBAAmBI,kBAAkB;AAGtH,QAAI,CAACJ,mBAAmBI,mBAAmBa,YAAY;AACrD,YAAM,IAAIP,MAAM,wBAAA;IAClB;AAIA,QAAIV,mBAAmBkB,qBAAqBC,SAASC,KAAK;AACxDpB,yBAAmBkB,qBAAqBC,SAASC,IAAIC,QAAQC,YAAYtB,mBAAmBkB,qBAAqBC,SAASC,IAAIG,MAAM;IACtI;AAEA,UAAMJ,WAAqB;MACzBK,MAAMxB,mBAAmBkB,qBAAqBC,SAASK;MACvDC,UAAUzB,mBAAmBkB,qBAAqBC,SAASM;MAC3DL,KAAKpB,mBAAmBkB,qBAAqBC,SAASC;MACtDM,QAAQ1B,mBAAmB0B;IAC7B;AAEA,UAAMC,iBAAiC;MACrCC,WAAW5B,mBAAmBkB,qBAAqBU;MACnDC,eAAe7B,mBAAmBkB,qBAAqBW;MACvDC,cAAc9B,mBAAmBkB,qBAAqBY;MACtDC,UAAU/B,mBAAmBkB,qBAAqBa;MAClDZ;IACF;AACA,UAAMa,eAA8B;MAClC5B,oBAAoBJ,mBAAmBI;MACvCuB;IACF;AAEA,UAAMM,OAAO,MAAMC,uBAAuBF,cAAclB,aAAaC,kBAAAA;AAKrEkB,SAAK/B,KAAK8B,aAAaL,eAAeI,SAASI;AAC/C,QAAIH,aAAaL,eAAeR,SAASC,KAAK;AAC5Ca,WAAKb,MAAMY,aAAaL,eAAeR,SAASC,IAAIC;IACtD;AACA,WAAOY;EACT;AACF;;;ADpFA,IAAMG,SAASC;","names":["module","fetchIssuanceRequestMs","issuanceInfo","accessToken","msIdentityHostName","requestEndpoint","authenticationInfo","azTenantId","payload","JSON","stringify","issuanceConfig","fetchOptions","method","body","headers","length","toString","Authorization","response","fetch","json","generatePin","digits","add","max","Math","pow","min","number","floor","random","substring","MsRequestApi","clients","Map","methods","issuanceRequestMsVc","bind","clientIssueRequest","context","id","determineMSAuthId","authenticationInfo","has","set","newMSClientCredentialAuthenticator","clientInfo","get","Error","authResult","getMSClientCredentialAccessToken","confidentialClient","accessToken","msIdentityHostName","assertEntraCredentialManifestUrlInCorrectRegion","azTenantId","clientIssuanceConfig","issuance","pin","value","generatePin","length","type","manifest","claims","issuanceConfig","authority","includeQRCode","registration","callback","issueRequest","resp","fetchIssuanceRequestMs","state","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/MsRequestApi.ts","../src/IssuerUtil.ts"],"sourcesContent":["{\n \"IMsRequestApi\": {\n \"components\": {\n \"schemas\": {\n \"IClientIssueRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"authenticationInfo\": {\n \"$ref\": \"#/components/schemas/IMsAuthenticationClientCredentialArgs\"\n },\n \"clientIssuanceConfig\": {\n \"$ref\": \"#/components/schemas/IClientIssuanceConfig\"\n },\n \"claims\": {\n \"$ref\": \"#/components/schemas/CredentialSubject\"\n }\n },\n \"required\": [\"authenticationInfo\", \"clientIssuanceConfig\", \"claims\"]\n },\n \"IMsAuthenticationClientCredentialArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"azClientId\": {\n \"type\": \"string\"\n },\n \"azTenantId\": {\n \"type\": \"string\"\n },\n \"azClientSecret\": {\n \"type\": \"string\"\n },\n \"credentialManifestUrl\": {\n \"type\": \"string\"\n },\n \"authority\": {\n \"type\": \"string\"\n },\n \"region\": {\n \"type\": \"string\"\n },\n \"scopes\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"skipCache\": {\n \"type\": \"boolean\"\n },\n \"piiLoggingEnabled\": {\n \"type\": \"boolean\"\n },\n \"logLevel\": {\n \"$ref\": \"#/components/schemas/LogLevel\"\n }\n },\n \"required\": [\"azClientId\", \"azTenantId\", \"azClientSecret\"],\n \"description\": \"azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose\"\n },\n \"LogLevel\": {\n \"type\": \"number\",\n \"enum\": [0, 1, 2, 3, 4],\n \"description\": \"Log message level.\"\n },\n \"IClientIssuanceConfig\": {\n \"type\": \"object\",\n \"properties\": {\n \"authority\": {\n \"type\": \"string\"\n },\n \"includeQRCode\": {\n \"type\": \"boolean\"\n },\n \"registration\": {\n \"$ref\": \"#/components/schemas/Registration\"\n },\n \"callback\": {\n \"$ref\": \"#/components/schemas/Callback\"\n },\n \"issuance\": {\n \"$ref\": \"#/components/schemas/IClientIssuance\"\n }\n },\n \"required\": [\"authority\", \"includeQRCode\", \"registration\", \"callback\", \"issuance\"]\n },\n \"Registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"clientName\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"clientName\"]\n },\n \"Callback\": {\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"type\": \"string\"\n },\n \"state\": {\n \"type\": \"string\"\n },\n \"headers\": {\n \"$ref\": \"#/components/schemas/Headers\"\n }\n },\n \"required\": [\"url\", \"state\", \"headers\"]\n },\n \"Headers\": {\n \"type\": \"object\",\n \"properties\": {\n \"apiKey\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"apiKey\"]\n },\n \"IClientIssuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"manifest\": {\n \"type\": \"string\"\n },\n \"pin\": {\n \"$ref\": \"#/components/schemas/Pin\"\n }\n },\n \"required\": [\"type\", \"manifest\", \"pin\"]\n },\n \"Pin\": {\n \"type\": \"object\",\n \"properties\": {\n \"value\": {\n \"type\": \"string\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"value\", \"length\"]\n },\n \"CredentialSubject\": {\n \"type\": \"object\"\n },\n \"IIssueRequestResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"requestId\": {\n \"type\": \"string\"\n },\n \"url\": {\n \"type\": \"string\"\n },\n \"expiry\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"pin\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"id\", \"requestId\", \"url\", \"expiry\", \"pin\"]\n }\n },\n \"methods\": {\n \"issuanceRequestMsVc\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IClientIssueRequest\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IIssueRequestResponse\"\n }\n }\n }\n }\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { MsRequestApi } from './agent/MsRequestApi'\nexport * from './types/IMsRequestApi'\nexport * from './IssuerUtil'\n","import {\n assertEntraCredentialManifestUrlInCorrectRegion,\n IMSClientCredentialAuthInfo,\n determineMSAuthId,\n getMSClientCredentialAccessToken,\n newMSClientCredentialAuthenticator,\n} from '@sphereon/ssi-sdk.ms-authenticator'\nimport { IAgentPlugin } from '@veramo/core'\nimport { fetchIssuanceRequestMs, generatePin } from '../IssuerUtil'\nimport {\n IClientIssueRequest,\n IIssueRequest,\n IIssueRequestResponse,\n IMsRequestApi,\n IRequiredContext,\n Issuance,\n IssuanceConfig,\n} from '../types/IMsRequestApi'\n\n/**\n * {@inheritDoc IMsRequestApi}\n */\nexport class MsRequestApi implements IAgentPlugin {\n private clients: Map<string, IMSClientCredentialAuthInfo> = new Map<string, IMSClientCredentialAuthInfo>()\n\n readonly methods: IMsRequestApi = {\n issuanceRequestMsVc: this.issuanceRequestMsVc.bind(this),\n }\n\n /** {@inheritDoc IMsRequestApi.issuanceRequestMsVc} */\n private async issuanceRequestMsVc(clientIssueRequest: IClientIssueRequest, context: IRequiredContext): Promise<IIssueRequestResponse> {\n const id = determineMSAuthId(clientIssueRequest.authenticationInfo)\n if (!this.clients.has(id)) {\n this.clients.set(id, await newMSClientCredentialAuthenticator(clientIssueRequest.authenticationInfo))\n }\n const clientInfo = this.clients.get(id)\n if (!clientInfo) {\n throw Error(`Could not get client from arguments for id: ${id}`)\n }\n const authResult = await getMSClientCredentialAccessToken(clientIssueRequest.authenticationInfo, {\n confidentialClient: clientInfo.confidentialClient,\n })\n const accessToken = authResult.accessToken\n\n const msIdentityHostName = await assertEntraCredentialManifestUrlInCorrectRegion(clientIssueRequest.authenticationInfo)\n\n // Config Request and App Config File should be a parameter to this function\n if (!clientIssueRequest.authenticationInfo.azTenantId) {\n throw new Error('azTenantId is missing.')\n }\n\n // check if pin is required, if found make sure we set a new random pin\n // pincode is only used when the payload contains claim value pairs which results in an IDTokenhint\n if (clientIssueRequest.clientIssuanceConfig.issuance.pin) {\n clientIssueRequest.clientIssuanceConfig.issuance.pin.value = generatePin(clientIssueRequest.clientIssuanceConfig.issuance.pin.length)\n }\n\n const issuance: Issuance = {\n type: clientIssueRequest.clientIssuanceConfig.issuance.type,\n manifest: clientIssueRequest.clientIssuanceConfig.issuance.manifest,\n pin: clientIssueRequest.clientIssuanceConfig.issuance.pin,\n claims: clientIssueRequest.claims,\n }\n\n const issuanceConfig: IssuanceConfig = {\n authority: clientIssueRequest.clientIssuanceConfig.authority,\n includeQRCode: clientIssueRequest.clientIssuanceConfig.includeQRCode,\n registration: clientIssueRequest.clientIssuanceConfig.registration,\n callback: clientIssueRequest.clientIssuanceConfig.callback,\n issuance: issuance,\n }\n const issueRequest: IIssueRequest = {\n authenticationInfo: clientIssueRequest.authenticationInfo,\n issuanceConfig: issuanceConfig,\n }\n\n const resp = await fetchIssuanceRequestMs(issueRequest, accessToken, msIdentityHostName)\n\n // the response from the VC Request API call is returned to the caller (the UI). It contains the URI to the request which Authenticator can download after\n // it has scanned the QR code. If the payload requested the VC Request service to create the QR code that is returned as well\n // the javascript in the UI will use that QR code to display it on the screen to the user.\n resp.id = issueRequest.issuanceConfig.callback.state // add session id so browser can pull status\n if (issueRequest.issuanceConfig.issuance.pin) {\n resp.pin = issueRequest.issuanceConfig.issuance.pin.value // add pin code so browser can display it\n }\n return resp\n }\n}\n","import { IIssueRequest, IIssueRequestResponse } from './types/IMsRequestApi'\n\nimport { fetch } from 'cross-fetch'\nexport async function fetchIssuanceRequestMs(\n issuanceInfo: IIssueRequest,\n accessToken: string,\n msIdentityHostName: string,\n): Promise<IIssueRequestResponse> {\n const requestEndpoint = `${msIdentityHostName}${issuanceInfo.authenticationInfo.azTenantId}/verifiablecredentials/request`\n\n const payload = JSON.stringify(issuanceInfo.issuanceConfig)\n const fetchOptions = {\n method: 'POST',\n body: payload,\n headers: {\n 'Content-Type': 'application/json',\n 'Content-Length': payload.length.toString(),\n Authorization: `Bearer ${accessToken}`,\n },\n }\n const response = await fetch(requestEndpoint, fetchOptions)\n return await response.json()\n}\n\nexport function generatePin(digits: number) {\n const add = 1\n let max = 12 - add\n max = Math.pow(10, digits + add)\n const min = max / 10 // Math.pow(10, n) basically\n const number = Math.floor(Math.random() * (max - min + 1)) + min\n return ('' + number).substring(add)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,eAAiB;AAAA,QACf,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,oBAAsB;AAAA,kBACpB,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,kBACtB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,sBAAsB,wBAAwB,QAAQ;AAAA,YACrE;AAAA,YACA,uCAAyC;AAAA,cACvC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,gBACV;AAAA,gBACA,uBAAyB;AAAA,kBACvB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,cAAc,cAAc,gBAAgB;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;AAAA,cACtB,aAAe;AAAA,YACjB;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,aAAa,iBAAiB,gBAAgB,YAAY,UAAU;AAAA,YACnF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,YAC3B;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,SAAS,SAAS;AAAA,YACxC;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,YACvB;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,YAAY,KAAK;AAAA,YACxC;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,SAAS,QAAQ;AAAA,YAChC;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,YACV;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,QAAU;AAAA,gBACZ;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,aAAa,OAAO,UAAU,KAAK;AAAA,YACxD;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxLA;;;;;;;;;;ACAA,qBAMO;;;ACJP,yBAAsB;AACtB,eAAsBC,uBACpBC,cACAC,aACAC,oBAA0B;AAE1B,QAAMC,kBAAkB,GAAGD,kBAAAA,GAAqBF,aAAaI,mBAAmBC,UAAU;AAE1F,QAAMC,UAAUC,KAAKC,UAAUR,aAAaS,cAAc;AAC1D,QAAMC,eAAe;IACnBC,QAAQ;IACRC,MAAMN;IACNO,SAAS;MACP,gBAAgB;MAChB,kBAAkBP,QAAQQ,OAAOC,SAAQ;MACzCC,eAAe,UAAUf,WAAAA;IAC3B;EACF;AACA,QAAMgB,WAAW,UAAMC,0BAAMf,iBAAiBO,YAAAA;AAC9C,SAAO,MAAMO,SAASE,KAAI;AAC5B;AAnBsBpB;AAqBf,SAASqB,YAAYC,QAAc;AACxC,QAAMC,MAAM;AACZ,MAAIC,MAAM,KAAKD;AACfC,QAAMC,KAAKC,IAAI,IAAIJ,SAASC,GAAAA;AAC5B,QAAMI,MAAMH,MAAM;AAClB,QAAMI,SAASH,KAAKI,MAAMJ,KAAKK,OAAM,KAAMN,MAAMG,MAAM,EAAA,IAAMA;AAC7D,UAAQ,KAAKC,QAAQG,UAAUR,GAAAA;AACjC;AAPgBF;;;ADFT,IAAMW,eAAN,MAAMA;EAtBb,OAsBaA;;;EACHC,UAAoD,oBAAIC,IAAAA;EAEvDC,UAAyB;IAChCC,qBAAqB,KAAKA,oBAAoBC,KAAK,IAAI;EACzD;;EAGA,MAAcD,oBAAoBE,oBAAyCC,SAA2D;AACpI,UAAMC,SAAKC,kCAAkBH,mBAAmBI,kBAAkB;AAClE,QAAI,CAAC,KAAKT,QAAQU,IAAIH,EAAAA,GAAK;AACzB,WAAKP,QAAQW,IAAIJ,IAAI,UAAMK,mDAAmCP,mBAAmBI,kBAAkB,CAAA;IACrG;AACA,UAAMI,aAAa,KAAKb,QAAQc,IAAIP,EAAAA;AACpC,QAAI,CAACM,YAAY;AACf,YAAME,MAAM,+CAA+CR,EAAAA,EAAI;IACjE;AACA,UAAMS,aAAa,UAAMC,iDAAiCZ,mBAAmBI,oBAAoB;MAC/FS,oBAAoBL,WAAWK;IACjC,CAAA;AACA,UAAMC,cAAcH,WAAWG;AAE/B,UAAMC,qBAAqB,UAAMC,gEAAgDhB,mBAAmBI,kBAAkB;AAGtH,QAAI,CAACJ,mBAAmBI,mBAAmBa,YAAY;AACrD,YAAM,IAAIP,MAAM,wBAAA;IAClB;AAIA,QAAIV,mBAAmBkB,qBAAqBC,SAASC,KAAK;AACxDpB,yBAAmBkB,qBAAqBC,SAASC,IAAIC,QAAQC,YAAYtB,mBAAmBkB,qBAAqBC,SAASC,IAAIG,MAAM;IACtI;AAEA,UAAMJ,WAAqB;MACzBK,MAAMxB,mBAAmBkB,qBAAqBC,SAASK;MACvDC,UAAUzB,mBAAmBkB,qBAAqBC,SAASM;MAC3DL,KAAKpB,mBAAmBkB,qBAAqBC,SAASC;MACtDM,QAAQ1B,mBAAmB0B;IAC7B;AAEA,UAAMC,iBAAiC;MACrCC,WAAW5B,mBAAmBkB,qBAAqBU;MACnDC,eAAe7B,mBAAmBkB,qBAAqBW;MACvDC,cAAc9B,mBAAmBkB,qBAAqBY;MACtDC,UAAU/B,mBAAmBkB,qBAAqBa;MAClDZ;IACF;AACA,UAAMa,eAA8B;MAClC5B,oBAAoBJ,mBAAmBI;MACvCuB;IACF;AAEA,UAAMM,OAAO,MAAMC,uBAAuBF,cAAclB,aAAaC,kBAAAA;AAKrEkB,SAAK/B,KAAK8B,aAAaL,eAAeI,SAASI;AAC/C,QAAIH,aAAaL,eAAeR,SAASC,KAAK;AAC5Ca,WAAKb,MAAMY,aAAaL,eAAeR,SAASC,IAAIC;IACtD;AACA,WAAOY;EACT;AACF;;;ADpFA,IAAMG,SAASC;","names":["module","fetchIssuanceRequestMs","issuanceInfo","accessToken","msIdentityHostName","requestEndpoint","authenticationInfo","azTenantId","payload","JSON","stringify","issuanceConfig","fetchOptions","method","body","headers","length","toString","Authorization","response","fetch","json","generatePin","digits","add","max","Math","pow","min","number","floor","random","substring","MsRequestApi","clients","Map","methods","issuanceRequestMsVc","bind","clientIssueRequest","context","id","determineMSAuthId","authenticationInfo","has","set","newMSClientCredentialAuthenticator","clientInfo","get","Error","authResult","getMSClientCredentialAccessToken","confidentialClient","accessToken","msIdentityHostName","assertEntraCredentialManifestUrlInCorrectRegion","azTenantId","clientIssuanceConfig","issuance","pin","value","generatePin","length","type","manifest","claims","issuanceConfig","authority","includeQRCode","registration","callback","issueRequest","resp","fetchIssuanceRequestMs","state","schema","require"]}
package/dist/index.js CHANGED
@@ -25,11 +25,7 @@ var require_plugin_schema = __commonJS({
25
25
  $ref: "#/components/schemas/CredentialSubject"
26
26
  }
27
27
  },
28
- required: [
29
- "authenticationInfo",
30
- "clientIssuanceConfig",
31
- "claims"
32
- ]
28
+ required: ["authenticationInfo", "clientIssuanceConfig", "claims"]
33
29
  },
34
30
  IMsAuthenticationClientCredentialArgs: {
35
31
  type: "object",
@@ -68,22 +64,12 @@ var require_plugin_schema = __commonJS({
68
64
  $ref: "#/components/schemas/LogLevel"
69
65
  }
70
66
  },
71
- required: [
72
- "azClientId",
73
- "azTenantId",
74
- "azClientSecret"
75
- ],
67
+ required: ["azClientId", "azTenantId", "azClientSecret"],
76
68
  description: "azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose"
77
69
  },
78
70
  LogLevel: {
79
71
  type: "number",
80
- enum: [
81
- 0,
82
- 1,
83
- 2,
84
- 3,
85
- 4
86
- ],
72
+ enum: [0, 1, 2, 3, 4],
87
73
  description: "Log message level."
88
74
  },
89
75
  IClientIssuanceConfig: {
@@ -105,13 +91,7 @@ var require_plugin_schema = __commonJS({
105
91
  $ref: "#/components/schemas/IClientIssuance"
106
92
  }
107
93
  },
108
- required: [
109
- "authority",
110
- "includeQRCode",
111
- "registration",
112
- "callback",
113
- "issuance"
114
- ]
94
+ required: ["authority", "includeQRCode", "registration", "callback", "issuance"]
115
95
  },
116
96
  Registration: {
117
97
  type: "object",
@@ -120,9 +100,7 @@ var require_plugin_schema = __commonJS({
120
100
  type: "string"
121
101
  }
122
102
  },
123
- required: [
124
- "clientName"
125
- ]
103
+ required: ["clientName"]
126
104
  },
127
105
  Callback: {
128
106
  type: "object",
@@ -137,11 +115,7 @@ var require_plugin_schema = __commonJS({
137
115
  $ref: "#/components/schemas/Headers"
138
116
  }
139
117
  },
140
- required: [
141
- "url",
142
- "state",
143
- "headers"
144
- ]
118
+ required: ["url", "state", "headers"]
145
119
  },
146
120
  Headers: {
147
121
  type: "object",
@@ -150,9 +124,7 @@ var require_plugin_schema = __commonJS({
150
124
  type: "string"
151
125
  }
152
126
  },
153
- required: [
154
- "apiKey"
155
- ]
127
+ required: ["apiKey"]
156
128
  },
157
129
  IClientIssuance: {
158
130
  type: "object",
@@ -167,11 +139,7 @@ var require_plugin_schema = __commonJS({
167
139
  $ref: "#/components/schemas/Pin"
168
140
  }
169
141
  },
170
- required: [
171
- "type",
172
- "manifest",
173
- "pin"
174
- ]
142
+ required: ["type", "manifest", "pin"]
175
143
  },
176
144
  Pin: {
177
145
  type: "object",
@@ -183,10 +151,7 @@ var require_plugin_schema = __commonJS({
183
151
  type: "number"
184
152
  }
185
153
  },
186
- required: [
187
- "value",
188
- "length"
189
- ]
154
+ required: ["value", "length"]
190
155
  },
191
156
  CredentialSubject: {
192
157
  type: "object"
@@ -211,13 +176,7 @@ var require_plugin_schema = __commonJS({
211
176
  type: "string"
212
177
  }
213
178
  },
214
- required: [
215
- "id",
216
- "requestId",
217
- "url",
218
- "expiry",
219
- "pin"
220
- ]
179
+ required: ["id", "requestId", "url", "expiry", "pin"]
221
180
  }
222
181
  },
223
182
  methods: {
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/agent/MsRequestApi.ts","../src/IssuerUtil.ts","../src/index.ts"],"sourcesContent":["{\n \"IMsRequestApi\": {\n \"components\": {\n \"schemas\": {\n \"IClientIssueRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"authenticationInfo\": {\n \"$ref\": \"#/components/schemas/IMsAuthenticationClientCredentialArgs\"\n },\n \"clientIssuanceConfig\": {\n \"$ref\": \"#/components/schemas/IClientIssuanceConfig\"\n },\n \"claims\": {\n \"$ref\": \"#/components/schemas/CredentialSubject\"\n }\n },\n \"required\": [\n \"authenticationInfo\",\n \"clientIssuanceConfig\",\n \"claims\"\n ]\n },\n \"IMsAuthenticationClientCredentialArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"azClientId\": {\n \"type\": \"string\"\n },\n \"azTenantId\": {\n \"type\": \"string\"\n },\n \"azClientSecret\": {\n \"type\": \"string\"\n },\n \"credentialManifestUrl\": {\n \"type\": \"string\"\n },\n \"authority\": {\n \"type\": \"string\"\n },\n \"region\": {\n \"type\": \"string\"\n },\n \"scopes\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"skipCache\": {\n \"type\": \"boolean\"\n },\n \"piiLoggingEnabled\": {\n \"type\": \"boolean\"\n },\n \"logLevel\": {\n \"$ref\": \"#/components/schemas/LogLevel\"\n }\n },\n \"required\": [\n \"azClientId\",\n \"azTenantId\",\n \"azClientSecret\"\n ],\n \"description\": \"azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose\"\n },\n \"LogLevel\": {\n \"type\": \"number\",\n \"enum\": [\n 0,\n 1,\n 2,\n 3,\n 4\n ],\n \"description\": \"Log message level.\"\n },\n \"IClientIssuanceConfig\": {\n \"type\": \"object\",\n \"properties\": {\n \"authority\": {\n \"type\": \"string\"\n },\n \"includeQRCode\": {\n \"type\": \"boolean\"\n },\n \"registration\": {\n \"$ref\": \"#/components/schemas/Registration\"\n },\n \"callback\": {\n \"$ref\": \"#/components/schemas/Callback\"\n },\n \"issuance\": {\n \"$ref\": \"#/components/schemas/IClientIssuance\"\n }\n },\n \"required\": [\n \"authority\",\n \"includeQRCode\",\n \"registration\",\n \"callback\",\n \"issuance\"\n ]\n },\n \"Registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"clientName\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"clientName\"\n ]\n },\n \"Callback\": {\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"type\": \"string\"\n },\n \"state\": {\n \"type\": \"string\"\n },\n \"headers\": {\n \"$ref\": \"#/components/schemas/Headers\"\n }\n },\n \"required\": [\n \"url\",\n \"state\",\n \"headers\"\n ]\n },\n \"Headers\": {\n \"type\": \"object\",\n \"properties\": {\n \"apiKey\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"apiKey\"\n ]\n },\n \"IClientIssuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"manifest\": {\n \"type\": \"string\"\n },\n \"pin\": {\n \"$ref\": \"#/components/schemas/Pin\"\n }\n },\n \"required\": [\n \"type\",\n \"manifest\",\n \"pin\"\n ]\n },\n \"Pin\": {\n \"type\": \"object\",\n \"properties\": {\n \"value\": {\n \"type\": \"string\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"value\",\n \"length\"\n ]\n },\n \"CredentialSubject\": {\n \"type\": \"object\"\n },\n \"IIssueRequestResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"requestId\": {\n \"type\": \"string\"\n },\n \"url\": {\n \"type\": \"string\"\n },\n \"expiry\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"pin\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"id\",\n \"requestId\",\n \"url\",\n \"expiry\",\n \"pin\"\n ]\n }\n },\n \"methods\": {\n \"issuanceRequestMsVc\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IClientIssueRequest\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IIssueRequestResponse\"\n }\n }\n }\n }\n }\n}","import {\n assertEntraCredentialManifestUrlInCorrectRegion,\n IMSClientCredentialAuthInfo,\n determineMSAuthId,\n getMSClientCredentialAccessToken,\n newMSClientCredentialAuthenticator,\n} from '@sphereon/ssi-sdk.ms-authenticator'\nimport { IAgentPlugin } from '@veramo/core'\nimport { fetchIssuanceRequestMs, generatePin } from '../IssuerUtil'\nimport {\n IClientIssueRequest,\n IIssueRequest,\n IIssueRequestResponse,\n IMsRequestApi,\n IRequiredContext,\n Issuance,\n IssuanceConfig,\n} from '../types/IMsRequestApi'\n\n/**\n * {@inheritDoc IMsRequestApi}\n */\nexport class MsRequestApi implements IAgentPlugin {\n private clients: Map<string, IMSClientCredentialAuthInfo> = new Map<string, IMSClientCredentialAuthInfo>()\n\n readonly methods: IMsRequestApi = {\n issuanceRequestMsVc: this.issuanceRequestMsVc.bind(this),\n }\n\n /** {@inheritDoc IMsRequestApi.issuanceRequestMsVc} */\n private async issuanceRequestMsVc(clientIssueRequest: IClientIssueRequest, context: IRequiredContext): Promise<IIssueRequestResponse> {\n const id = determineMSAuthId(clientIssueRequest.authenticationInfo)\n if (!this.clients.has(id)) {\n this.clients.set(id, await newMSClientCredentialAuthenticator(clientIssueRequest.authenticationInfo))\n }\n const clientInfo = this.clients.get(id)\n if (!clientInfo) {\n throw Error(`Could not get client from arguments for id: ${id}`)\n }\n const authResult = await getMSClientCredentialAccessToken(clientIssueRequest.authenticationInfo, {\n confidentialClient: clientInfo.confidentialClient,\n })\n const accessToken = authResult.accessToken\n\n const msIdentityHostName = await assertEntraCredentialManifestUrlInCorrectRegion(clientIssueRequest.authenticationInfo)\n\n // Config Request and App Config File should be a parameter to this function\n if (!clientIssueRequest.authenticationInfo.azTenantId) {\n throw new Error('azTenantId is missing.')\n }\n\n // check if pin is required, if found make sure we set a new random pin\n // pincode is only used when the payload contains claim value pairs which results in an IDTokenhint\n if (clientIssueRequest.clientIssuanceConfig.issuance.pin) {\n clientIssueRequest.clientIssuanceConfig.issuance.pin.value = generatePin(clientIssueRequest.clientIssuanceConfig.issuance.pin.length)\n }\n\n const issuance: Issuance = {\n type: clientIssueRequest.clientIssuanceConfig.issuance.type,\n manifest: clientIssueRequest.clientIssuanceConfig.issuance.manifest,\n pin: clientIssueRequest.clientIssuanceConfig.issuance.pin,\n claims: clientIssueRequest.claims,\n }\n\n const issuanceConfig: IssuanceConfig = {\n authority: clientIssueRequest.clientIssuanceConfig.authority,\n includeQRCode: clientIssueRequest.clientIssuanceConfig.includeQRCode,\n registration: clientIssueRequest.clientIssuanceConfig.registration,\n callback: clientIssueRequest.clientIssuanceConfig.callback,\n issuance: issuance,\n }\n const issueRequest: IIssueRequest = {\n authenticationInfo: clientIssueRequest.authenticationInfo,\n issuanceConfig: issuanceConfig,\n }\n\n const resp = await fetchIssuanceRequestMs(issueRequest, accessToken, msIdentityHostName)\n\n // the response from the VC Request API call is returned to the caller (the UI). It contains the URI to the request which Authenticator can download after\n // it has scanned the QR code. If the payload requested the VC Request service to create the QR code that is returned as well\n // the javascript in the UI will use that QR code to display it on the screen to the user.\n resp.id = issueRequest.issuanceConfig.callback.state // add session id so browser can pull status\n if (issueRequest.issuanceConfig.issuance.pin) {\n resp.pin = issueRequest.issuanceConfig.issuance.pin.value // add pin code so browser can display it\n }\n return resp\n }\n}\n","import { IIssueRequest, IIssueRequestResponse } from './types/IMsRequestApi'\n\nimport { fetch } from 'cross-fetch'\nexport async function fetchIssuanceRequestMs(\n issuanceInfo: IIssueRequest,\n accessToken: string,\n msIdentityHostName: string,\n): Promise<IIssueRequestResponse> {\n const requestEndpoint = `${msIdentityHostName}${issuanceInfo.authenticationInfo.azTenantId}/verifiablecredentials/request`\n\n const payload = JSON.stringify(issuanceInfo.issuanceConfig)\n const fetchOptions = {\n method: 'POST',\n body: payload,\n headers: {\n 'Content-Type': 'application/json',\n 'Content-Length': payload.length.toString(),\n Authorization: `Bearer ${accessToken}`,\n },\n }\n const response = await fetch(requestEndpoint, fetchOptions)\n return await response.json()\n}\n\nexport function generatePin(digits: number) {\n const add = 1\n let max = 12 - add\n max = Math.pow(10, digits + add)\n const min = max / 10 // Math.pow(10, n) basically\n const number = Math.floor(Math.random() * (max - min + 1)) + min\n return ('' + number).substring(add)\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { MsRequestApi } from './agent/MsRequestApi'\nexport * from './types/IMsRequestApi'\nexport * from './IssuerUtil'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,eAAiB;AAAA,QACf,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,oBAAsB;AAAA,kBACpB,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,kBACtB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,uCAAyC;AAAA,cACvC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,gBACV;AAAA,gBACA,uBAAyB;AAAA,kBACvB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,YACV;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,QAAU;AAAA,gBACZ;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACjOA,SACEA,iDAEAC,mBACAC,kCACAC,0CACK;;;ACJP,SAASC,aAAa;AACtB,eAAsBC,uBACpBC,cACAC,aACAC,oBAA0B;AAE1B,QAAMC,kBAAkB,GAAGD,kBAAAA,GAAqBF,aAAaI,mBAAmBC,UAAU;AAE1F,QAAMC,UAAUC,KAAKC,UAAUR,aAAaS,cAAc;AAC1D,QAAMC,eAAe;IACnBC,QAAQ;IACRC,MAAMN;IACNO,SAAS;MACP,gBAAgB;MAChB,kBAAkBP,QAAQQ,OAAOC,SAAQ;MACzCC,eAAe,UAAUf,WAAAA;IAC3B;EACF;AACA,QAAMgB,WAAW,MAAMC,MAAMf,iBAAiBO,YAAAA;AAC9C,SAAO,MAAMO,SAASE,KAAI;AAC5B;AAnBsBpB;AAqBf,SAASqB,YAAYC,QAAc;AACxC,QAAMC,MAAM;AACZ,MAAIC,MAAM,KAAKD;AACfC,QAAMC,KAAKC,IAAI,IAAIJ,SAASC,GAAAA;AAC5B,QAAMI,MAAMH,MAAM;AAClB,QAAMI,SAASH,KAAKI,MAAMJ,KAAKK,OAAM,KAAMN,MAAMG,MAAM,EAAA,IAAMA;AAC7D,UAAQ,KAAKC,QAAQG,UAAUR,GAAAA;AACjC;AAPgBF;;;ADFT,IAAMW,eAAN,MAAMA;EAtBb,OAsBaA;;;EACHC,UAAoD,oBAAIC,IAAAA;EAEvDC,UAAyB;IAChCC,qBAAqB,KAAKA,oBAAoBC,KAAK,IAAI;EACzD;;EAGA,MAAcD,oBAAoBE,oBAAyCC,SAA2D;AACpI,UAAMC,KAAKC,kBAAkBH,mBAAmBI,kBAAkB;AAClE,QAAI,CAAC,KAAKT,QAAQU,IAAIH,EAAAA,GAAK;AACzB,WAAKP,QAAQW,IAAIJ,IAAI,MAAMK,mCAAmCP,mBAAmBI,kBAAkB,CAAA;IACrG;AACA,UAAMI,aAAa,KAAKb,QAAQc,IAAIP,EAAAA;AACpC,QAAI,CAACM,YAAY;AACf,YAAME,MAAM,+CAA+CR,EAAAA,EAAI;IACjE;AACA,UAAMS,aAAa,MAAMC,iCAAiCZ,mBAAmBI,oBAAoB;MAC/FS,oBAAoBL,WAAWK;IACjC,CAAA;AACA,UAAMC,cAAcH,WAAWG;AAE/B,UAAMC,qBAAqB,MAAMC,gDAAgDhB,mBAAmBI,kBAAkB;AAGtH,QAAI,CAACJ,mBAAmBI,mBAAmBa,YAAY;AACrD,YAAM,IAAIP,MAAM,wBAAA;IAClB;AAIA,QAAIV,mBAAmBkB,qBAAqBC,SAASC,KAAK;AACxDpB,yBAAmBkB,qBAAqBC,SAASC,IAAIC,QAAQC,YAAYtB,mBAAmBkB,qBAAqBC,SAASC,IAAIG,MAAM;IACtI;AAEA,UAAMJ,WAAqB;MACzBK,MAAMxB,mBAAmBkB,qBAAqBC,SAASK;MACvDC,UAAUzB,mBAAmBkB,qBAAqBC,SAASM;MAC3DL,KAAKpB,mBAAmBkB,qBAAqBC,SAASC;MACtDM,QAAQ1B,mBAAmB0B;IAC7B;AAEA,UAAMC,iBAAiC;MACrCC,WAAW5B,mBAAmBkB,qBAAqBU;MACnDC,eAAe7B,mBAAmBkB,qBAAqBW;MACvDC,cAAc9B,mBAAmBkB,qBAAqBY;MACtDC,UAAU/B,mBAAmBkB,qBAAqBa;MAClDZ;IACF;AACA,UAAMa,eAA8B;MAClC5B,oBAAoBJ,mBAAmBI;MACvCuB;IACF;AAEA,UAAMM,OAAO,MAAMC,uBAAuBF,cAAclB,aAAaC,kBAAAA;AAKrEkB,SAAK/B,KAAK8B,aAAaL,eAAeI,SAASI;AAC/C,QAAIH,aAAaL,eAAeR,SAASC,KAAK;AAC5Ca,WAAKb,MAAMY,aAAaL,eAAeR,SAASC,IAAIC;IACtD;AACA,WAAOY;EACT;AACF;;;AEpFA,IAAMG,SAASC;","names":["assertEntraCredentialManifestUrlInCorrectRegion","determineMSAuthId","getMSClientCredentialAccessToken","newMSClientCredentialAuthenticator","fetch","fetchIssuanceRequestMs","issuanceInfo","accessToken","msIdentityHostName","requestEndpoint","authenticationInfo","azTenantId","payload","JSON","stringify","issuanceConfig","fetchOptions","method","body","headers","length","toString","Authorization","response","fetch","json","generatePin","digits","add","max","Math","pow","min","number","floor","random","substring","MsRequestApi","clients","Map","methods","issuanceRequestMsVc","bind","clientIssueRequest","context","id","determineMSAuthId","authenticationInfo","has","set","newMSClientCredentialAuthenticator","clientInfo","get","Error","authResult","getMSClientCredentialAccessToken","confidentialClient","accessToken","msIdentityHostName","assertEntraCredentialManifestUrlInCorrectRegion","azTenantId","clientIssuanceConfig","issuance","pin","value","generatePin","length","type","manifest","claims","issuanceConfig","authority","includeQRCode","registration","callback","issueRequest","resp","fetchIssuanceRequestMs","state","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/agent/MsRequestApi.ts","../src/IssuerUtil.ts","../src/index.ts"],"sourcesContent":["{\n \"IMsRequestApi\": {\n \"components\": {\n \"schemas\": {\n \"IClientIssueRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"authenticationInfo\": {\n \"$ref\": \"#/components/schemas/IMsAuthenticationClientCredentialArgs\"\n },\n \"clientIssuanceConfig\": {\n \"$ref\": \"#/components/schemas/IClientIssuanceConfig\"\n },\n \"claims\": {\n \"$ref\": \"#/components/schemas/CredentialSubject\"\n }\n },\n \"required\": [\"authenticationInfo\", \"clientIssuanceConfig\", \"claims\"]\n },\n \"IMsAuthenticationClientCredentialArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"azClientId\": {\n \"type\": \"string\"\n },\n \"azTenantId\": {\n \"type\": \"string\"\n },\n \"azClientSecret\": {\n \"type\": \"string\"\n },\n \"credentialManifestUrl\": {\n \"type\": \"string\"\n },\n \"authority\": {\n \"type\": \"string\"\n },\n \"region\": {\n \"type\": \"string\"\n },\n \"scopes\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"skipCache\": {\n \"type\": \"boolean\"\n },\n \"piiLoggingEnabled\": {\n \"type\": \"boolean\"\n },\n \"logLevel\": {\n \"$ref\": \"#/components/schemas/LogLevel\"\n }\n },\n \"required\": [\"azClientId\", \"azTenantId\", \"azClientSecret\"],\n \"description\": \"azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose\"\n },\n \"LogLevel\": {\n \"type\": \"number\",\n \"enum\": [0, 1, 2, 3, 4],\n \"description\": \"Log message level.\"\n },\n \"IClientIssuanceConfig\": {\n \"type\": \"object\",\n \"properties\": {\n \"authority\": {\n \"type\": \"string\"\n },\n \"includeQRCode\": {\n \"type\": \"boolean\"\n },\n \"registration\": {\n \"$ref\": \"#/components/schemas/Registration\"\n },\n \"callback\": {\n \"$ref\": \"#/components/schemas/Callback\"\n },\n \"issuance\": {\n \"$ref\": \"#/components/schemas/IClientIssuance\"\n }\n },\n \"required\": [\"authority\", \"includeQRCode\", \"registration\", \"callback\", \"issuance\"]\n },\n \"Registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"clientName\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"clientName\"]\n },\n \"Callback\": {\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"type\": \"string\"\n },\n \"state\": {\n \"type\": \"string\"\n },\n \"headers\": {\n \"$ref\": \"#/components/schemas/Headers\"\n }\n },\n \"required\": [\"url\", \"state\", \"headers\"]\n },\n \"Headers\": {\n \"type\": \"object\",\n \"properties\": {\n \"apiKey\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"apiKey\"]\n },\n \"IClientIssuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"manifest\": {\n \"type\": \"string\"\n },\n \"pin\": {\n \"$ref\": \"#/components/schemas/Pin\"\n }\n },\n \"required\": [\"type\", \"manifest\", \"pin\"]\n },\n \"Pin\": {\n \"type\": \"object\",\n \"properties\": {\n \"value\": {\n \"type\": \"string\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"value\", \"length\"]\n },\n \"CredentialSubject\": {\n \"type\": \"object\"\n },\n \"IIssueRequestResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"requestId\": {\n \"type\": \"string\"\n },\n \"url\": {\n \"type\": \"string\"\n },\n \"expiry\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"pin\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"id\", \"requestId\", \"url\", \"expiry\", \"pin\"]\n }\n },\n \"methods\": {\n \"issuanceRequestMsVc\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IClientIssueRequest\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IIssueRequestResponse\"\n }\n }\n }\n }\n }\n}\n","import {\n assertEntraCredentialManifestUrlInCorrectRegion,\n IMSClientCredentialAuthInfo,\n determineMSAuthId,\n getMSClientCredentialAccessToken,\n newMSClientCredentialAuthenticator,\n} from '@sphereon/ssi-sdk.ms-authenticator'\nimport { IAgentPlugin } from '@veramo/core'\nimport { fetchIssuanceRequestMs, generatePin } from '../IssuerUtil'\nimport {\n IClientIssueRequest,\n IIssueRequest,\n IIssueRequestResponse,\n IMsRequestApi,\n IRequiredContext,\n Issuance,\n IssuanceConfig,\n} from '../types/IMsRequestApi'\n\n/**\n * {@inheritDoc IMsRequestApi}\n */\nexport class MsRequestApi implements IAgentPlugin {\n private clients: Map<string, IMSClientCredentialAuthInfo> = new Map<string, IMSClientCredentialAuthInfo>()\n\n readonly methods: IMsRequestApi = {\n issuanceRequestMsVc: this.issuanceRequestMsVc.bind(this),\n }\n\n /** {@inheritDoc IMsRequestApi.issuanceRequestMsVc} */\n private async issuanceRequestMsVc(clientIssueRequest: IClientIssueRequest, context: IRequiredContext): Promise<IIssueRequestResponse> {\n const id = determineMSAuthId(clientIssueRequest.authenticationInfo)\n if (!this.clients.has(id)) {\n this.clients.set(id, await newMSClientCredentialAuthenticator(clientIssueRequest.authenticationInfo))\n }\n const clientInfo = this.clients.get(id)\n if (!clientInfo) {\n throw Error(`Could not get client from arguments for id: ${id}`)\n }\n const authResult = await getMSClientCredentialAccessToken(clientIssueRequest.authenticationInfo, {\n confidentialClient: clientInfo.confidentialClient,\n })\n const accessToken = authResult.accessToken\n\n const msIdentityHostName = await assertEntraCredentialManifestUrlInCorrectRegion(clientIssueRequest.authenticationInfo)\n\n // Config Request and App Config File should be a parameter to this function\n if (!clientIssueRequest.authenticationInfo.azTenantId) {\n throw new Error('azTenantId is missing.')\n }\n\n // check if pin is required, if found make sure we set a new random pin\n // pincode is only used when the payload contains claim value pairs which results in an IDTokenhint\n if (clientIssueRequest.clientIssuanceConfig.issuance.pin) {\n clientIssueRequest.clientIssuanceConfig.issuance.pin.value = generatePin(clientIssueRequest.clientIssuanceConfig.issuance.pin.length)\n }\n\n const issuance: Issuance = {\n type: clientIssueRequest.clientIssuanceConfig.issuance.type,\n manifest: clientIssueRequest.clientIssuanceConfig.issuance.manifest,\n pin: clientIssueRequest.clientIssuanceConfig.issuance.pin,\n claims: clientIssueRequest.claims,\n }\n\n const issuanceConfig: IssuanceConfig = {\n authority: clientIssueRequest.clientIssuanceConfig.authority,\n includeQRCode: clientIssueRequest.clientIssuanceConfig.includeQRCode,\n registration: clientIssueRequest.clientIssuanceConfig.registration,\n callback: clientIssueRequest.clientIssuanceConfig.callback,\n issuance: issuance,\n }\n const issueRequest: IIssueRequest = {\n authenticationInfo: clientIssueRequest.authenticationInfo,\n issuanceConfig: issuanceConfig,\n }\n\n const resp = await fetchIssuanceRequestMs(issueRequest, accessToken, msIdentityHostName)\n\n // the response from the VC Request API call is returned to the caller (the UI). It contains the URI to the request which Authenticator can download after\n // it has scanned the QR code. If the payload requested the VC Request service to create the QR code that is returned as well\n // the javascript in the UI will use that QR code to display it on the screen to the user.\n resp.id = issueRequest.issuanceConfig.callback.state // add session id so browser can pull status\n if (issueRequest.issuanceConfig.issuance.pin) {\n resp.pin = issueRequest.issuanceConfig.issuance.pin.value // add pin code so browser can display it\n }\n return resp\n }\n}\n","import { IIssueRequest, IIssueRequestResponse } from './types/IMsRequestApi'\n\nimport { fetch } from 'cross-fetch'\nexport async function fetchIssuanceRequestMs(\n issuanceInfo: IIssueRequest,\n accessToken: string,\n msIdentityHostName: string,\n): Promise<IIssueRequestResponse> {\n const requestEndpoint = `${msIdentityHostName}${issuanceInfo.authenticationInfo.azTenantId}/verifiablecredentials/request`\n\n const payload = JSON.stringify(issuanceInfo.issuanceConfig)\n const fetchOptions = {\n method: 'POST',\n body: payload,\n headers: {\n 'Content-Type': 'application/json',\n 'Content-Length': payload.length.toString(),\n Authorization: `Bearer ${accessToken}`,\n },\n }\n const response = await fetch(requestEndpoint, fetchOptions)\n return await response.json()\n}\n\nexport function generatePin(digits: number) {\n const add = 1\n let max = 12 - add\n max = Math.pow(10, digits + add)\n const min = max / 10 // Math.pow(10, n) basically\n const number = Math.floor(Math.random() * (max - min + 1)) + min\n return ('' + number).substring(add)\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { MsRequestApi } from './agent/MsRequestApi'\nexport * from './types/IMsRequestApi'\nexport * from './IssuerUtil'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,eAAiB;AAAA,QACf,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,oBAAsB;AAAA,kBACpB,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,kBACtB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,sBAAsB,wBAAwB,QAAQ;AAAA,YACrE;AAAA,YACA,uCAAyC;AAAA,cACvC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,gBACV;AAAA,gBACA,uBAAyB;AAAA,kBACvB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,cAAc,cAAc,gBAAgB;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;AAAA,cACtB,aAAe;AAAA,YACjB;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,aAAa,iBAAiB,gBAAgB,YAAY,UAAU;AAAA,YACnF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,YAC3B;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,SAAS,SAAS;AAAA,YACxC;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,YACvB;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,YAAY,KAAK;AAAA,YACxC;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,SAAS,QAAQ;AAAA,YAChC;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,YACV;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,QAAU;AAAA,gBACZ;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,aAAa,OAAO,UAAU,KAAK;AAAA,YACxD;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxLA,SACEA,iDAEAC,mBACAC,kCACAC,0CACK;;;ACJP,SAASC,aAAa;AACtB,eAAsBC,uBACpBC,cACAC,aACAC,oBAA0B;AAE1B,QAAMC,kBAAkB,GAAGD,kBAAAA,GAAqBF,aAAaI,mBAAmBC,UAAU;AAE1F,QAAMC,UAAUC,KAAKC,UAAUR,aAAaS,cAAc;AAC1D,QAAMC,eAAe;IACnBC,QAAQ;IACRC,MAAMN;IACNO,SAAS;MACP,gBAAgB;MAChB,kBAAkBP,QAAQQ,OAAOC,SAAQ;MACzCC,eAAe,UAAUf,WAAAA;IAC3B;EACF;AACA,QAAMgB,WAAW,MAAMC,MAAMf,iBAAiBO,YAAAA;AAC9C,SAAO,MAAMO,SAASE,KAAI;AAC5B;AAnBsBpB;AAqBf,SAASqB,YAAYC,QAAc;AACxC,QAAMC,MAAM;AACZ,MAAIC,MAAM,KAAKD;AACfC,QAAMC,KAAKC,IAAI,IAAIJ,SAASC,GAAAA;AAC5B,QAAMI,MAAMH,MAAM;AAClB,QAAMI,SAASH,KAAKI,MAAMJ,KAAKK,OAAM,KAAMN,MAAMG,MAAM,EAAA,IAAMA;AAC7D,UAAQ,KAAKC,QAAQG,UAAUR,GAAAA;AACjC;AAPgBF;;;ADFT,IAAMW,eAAN,MAAMA;EAtBb,OAsBaA;;;EACHC,UAAoD,oBAAIC,IAAAA;EAEvDC,UAAyB;IAChCC,qBAAqB,KAAKA,oBAAoBC,KAAK,IAAI;EACzD;;EAGA,MAAcD,oBAAoBE,oBAAyCC,SAA2D;AACpI,UAAMC,KAAKC,kBAAkBH,mBAAmBI,kBAAkB;AAClE,QAAI,CAAC,KAAKT,QAAQU,IAAIH,EAAAA,GAAK;AACzB,WAAKP,QAAQW,IAAIJ,IAAI,MAAMK,mCAAmCP,mBAAmBI,kBAAkB,CAAA;IACrG;AACA,UAAMI,aAAa,KAAKb,QAAQc,IAAIP,EAAAA;AACpC,QAAI,CAACM,YAAY;AACf,YAAME,MAAM,+CAA+CR,EAAAA,EAAI;IACjE;AACA,UAAMS,aAAa,MAAMC,iCAAiCZ,mBAAmBI,oBAAoB;MAC/FS,oBAAoBL,WAAWK;IACjC,CAAA;AACA,UAAMC,cAAcH,WAAWG;AAE/B,UAAMC,qBAAqB,MAAMC,gDAAgDhB,mBAAmBI,kBAAkB;AAGtH,QAAI,CAACJ,mBAAmBI,mBAAmBa,YAAY;AACrD,YAAM,IAAIP,MAAM,wBAAA;IAClB;AAIA,QAAIV,mBAAmBkB,qBAAqBC,SAASC,KAAK;AACxDpB,yBAAmBkB,qBAAqBC,SAASC,IAAIC,QAAQC,YAAYtB,mBAAmBkB,qBAAqBC,SAASC,IAAIG,MAAM;IACtI;AAEA,UAAMJ,WAAqB;MACzBK,MAAMxB,mBAAmBkB,qBAAqBC,SAASK;MACvDC,UAAUzB,mBAAmBkB,qBAAqBC,SAASM;MAC3DL,KAAKpB,mBAAmBkB,qBAAqBC,SAASC;MACtDM,QAAQ1B,mBAAmB0B;IAC7B;AAEA,UAAMC,iBAAiC;MACrCC,WAAW5B,mBAAmBkB,qBAAqBU;MACnDC,eAAe7B,mBAAmBkB,qBAAqBW;MACvDC,cAAc9B,mBAAmBkB,qBAAqBY;MACtDC,UAAU/B,mBAAmBkB,qBAAqBa;MAClDZ;IACF;AACA,UAAMa,eAA8B;MAClC5B,oBAAoBJ,mBAAmBI;MACvCuB;IACF;AAEA,UAAMM,OAAO,MAAMC,uBAAuBF,cAAclB,aAAaC,kBAAAA;AAKrEkB,SAAK/B,KAAK8B,aAAaL,eAAeI,SAASI;AAC/C,QAAIH,aAAaL,eAAeR,SAASC,KAAK;AAC5Ca,WAAKb,MAAMY,aAAaL,eAAeR,SAASC,IAAIC;IACtD;AACA,WAAOY;EACT;AACF;;;AEpFA,IAAMG,SAASC;","names":["assertEntraCredentialManifestUrlInCorrectRegion","determineMSAuthId","getMSClientCredentialAccessToken","newMSClientCredentialAuthenticator","fetch","fetchIssuanceRequestMs","issuanceInfo","accessToken","msIdentityHostName","requestEndpoint","authenticationInfo","azTenantId","payload","JSON","stringify","issuanceConfig","fetchOptions","method","body","headers","length","toString","Authorization","response","fetch","json","generatePin","digits","add","max","Math","pow","min","number","floor","random","substring","MsRequestApi","clients","Map","methods","issuanceRequestMsVc","bind","clientIssueRequest","context","id","determineMSAuthId","authenticationInfo","has","set","newMSClientCredentialAuthenticator","clientInfo","get","Error","authResult","getMSClientCredentialAccessToken","confidentialClient","accessToken","msIdentityHostName","assertEntraCredentialManifestUrlInCorrectRegion","azTenantId","clientIssuanceConfig","issuance","pin","value","generatePin","length","type","manifest","claims","issuanceConfig","authority","includeQRCode","registration","callback","issueRequest","resp","fetchIssuanceRequestMs","state","schema","require"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.ms-request-api",
3
- "version": "0.33.1-feature.vcdm2.tsup.32+203a9d60",
3
+ "version": "0.33.1-feature.vcdm2.tsup.33+7765edb3",
4
4
  "source": "src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -27,13 +27,13 @@
27
27
  "generate-plugin-schema": "ts-node ../../packages/dev/bin/sphereon.js dev generate-plugin-schema"
28
28
  },
29
29
  "dependencies": {
30
- "@sphereon/ssi-sdk.ms-authenticator": "^0.33.1-feature.vcdm2.tsup.32+203a9d60",
30
+ "@sphereon/ssi-sdk.ms-authenticator": "^0.33.1-feature.vcdm2.tsup.33+7765edb3",
31
31
  "@veramo/core": "4.2.0",
32
32
  "cross-fetch": "^3.1.8"
33
33
  },
34
34
  "devDependencies": {
35
- "@sphereon/ssi-sdk.agent-config": "^0.33.1-feature.vcdm2.tsup.32+203a9d60",
36
- "@sphereon/ssi-sdk.credential-store": "^0.33.1-feature.vcdm2.tsup.32+203a9d60",
35
+ "@sphereon/ssi-sdk.agent-config": "^0.33.1-feature.vcdm2.tsup.33+7765edb3",
36
+ "@sphereon/ssi-sdk.credential-store": "^0.33.1-feature.vcdm2.tsup.33+7765edb3",
37
37
  "@types/express": "^4.17.21",
38
38
  "@types/express-session": "^1.18.0",
39
39
  "@types/node": "^20.17.1",
@@ -74,5 +74,5 @@
74
74
  "API",
75
75
  "Issuer"
76
76
  ],
77
- "gitHead": "203a9d6076275e58d7959b7d212b8b938ad6a49e"
77
+ "gitHead": "7765edb3fd7f69b4fbd36f02a725821cb38e4e30"
78
78
  }
package/plugin.schema.json CHANGED
@@ -15,11 +15,7 @@
15
15
  "$ref": "#/components/schemas/CredentialSubject"
16
16
  }
17
17
  },
18
- "required": [
19
- "authenticationInfo",
20
- "clientIssuanceConfig",
21
- "claims"
22
- ]
18
+ "required": ["authenticationInfo", "clientIssuanceConfig", "claims"]
23
19
  },
24
20
  "IMsAuthenticationClientCredentialArgs": {
25
21
  "type": "object",
@@ -58,22 +54,12 @@
58
54
  "$ref": "#/components/schemas/LogLevel"
59
55
  }
60
56
  },
61
- "required": [
62
- "azClientId",
63
- "azTenantId",
64
- "azClientSecret"
65
- ],
57
+ "required": ["azClientId", "azTenantId", "azClientSecret"],
66
58
  "description": "azClientId: clientId of the application you're trying to login azClientSecret: secret of the application you're trying to login azTenantId: your MS Azure tenantId credentialManifestUrl: url of your credential manifest. usually in following format: https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. - Work and school accounts: https://login.microsoftonline.com/organizations/. region?: if present will use the provided, if not will make a request to determine the region scopes?: scopes that you want to access via this authentication skipCache?: whether to skip cache piiLoggingEnabled?: if not provided defaults to false logLevel?: can be one of these values: Error = 0, Warning = 1, Info = 2, Verbose = 3, Trace = 4 if not provided defaults to LogLevel.Verbose"
67
59
  },
68
60
  "LogLevel": {
69
61
  "type": "number",
70
- "enum": [
71
- 0,
72
- 1,
73
- 2,
74
- 3,
75
- 4
76
- ],
62
+ "enum": [0, 1, 2, 3, 4],
77
63
  "description": "Log message level."
78
64
  },
79
65
  "IClientIssuanceConfig": {
@@ -95,13 +81,7 @@
95
81
  "$ref": "#/components/schemas/IClientIssuance"
96
82
  }
97
83
  },
98
- "required": [
99
- "authority",
100
- "includeQRCode",
101
- "registration",
102
- "callback",
103
- "issuance"
104
- ]
84
+ "required": ["authority", "includeQRCode", "registration", "callback", "issuance"]
105
85
  },
106
86
  "Registration": {
107
87
  "type": "object",
@@ -110,9 +90,7 @@
110
90
  "type": "string"
111
91
  }
112
92
  },
113
- "required": [
114
- "clientName"
115
- ]
93
+ "required": ["clientName"]
116
94
  },
117
95
  "Callback": {
118
96
  "type": "object",
@@ -127,11 +105,7 @@
127
105
  "$ref": "#/components/schemas/Headers"
128
106
  }
129
107
  },
130
- "required": [
131
- "url",
132
- "state",
133
- "headers"
134
- ]
108
+ "required": ["url", "state", "headers"]
135
109
  },
136
110
  "Headers": {
137
111
  "type": "object",
@@ -140,9 +114,7 @@
140
114
  "type": "string"
141
115
  }
142
116
  },
143
- "required": [
144
- "apiKey"
145
- ]
117
+ "required": ["apiKey"]
146
118
  },
147
119
  "IClientIssuance": {
148
120
  "type": "object",
@@ -157,11 +129,7 @@
157
129
  "$ref": "#/components/schemas/Pin"
158
130
  }
159
131
  },
160
- "required": [
161
- "type",
162
- "manifest",
163
- "pin"
164
- ]
132
+ "required": ["type", "manifest", "pin"]
165
133
  },
166
134
  "Pin": {
167
135
  "type": "object",
@@ -173,10 +141,7 @@
173
141
  "type": "number"
174
142
  }
175
143
  },
176
- "required": [
177
- "value",
178
- "length"
179
- ]
144
+ "required": ["value", "length"]
180
145
  },
181
146
  "CredentialSubject": {
182
147
  "type": "object"
@@ -201,13 +166,7 @@
201
166
  "type": "string"
202
167
  }
203
168
  },
204
- "required": [
205
- "id",
206
- "requestId",
207
- "url",
208
- "expiry",
209
- "pin"
210
- ]
169
+ "required": ["id", "requestId", "url", "expiry", "pin"]
211
170
  }
212
171
  },
213
172
  "methods": {
@@ -223,4 +182,4 @@
223
182
  }
224
183
  }
225
184
  }
226
- }
185
+ }