@sphereon/ssi-sdk.oid4vci-holder 0.34.1-feat.SSISDK.35.64 → 0.34.1-feature.DIIPv4.41
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +28 -51
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +3 -6
- package/dist/index.d.ts +3 -6
- package/dist/index.js +7 -30
- package/dist/index.js.map +1 -1
- package/package.json +24 -25
- package/src/agent/OID4VCIHolder.ts +21 -35
- package/src/services/OID4VCIHolderService.ts +5 -27
- package/src/types/FirstPartyMachine.ts +0 -2
- package/src/types/IOID4VCIHolder.ts +1 -3
package/dist/index.d.cts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance,
|
|
1
|
+
import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance, CredentialResponse, AuthorizationResponse, CredentialsSupportedDisplay, IssuerCredentialSubject, MetadataDisplay, NotificationRequest, Jwt } from '@sphereon/oid4vci-common';
|
|
2
2
|
import { IIdentifierResolution, ManagedIdentifierMethod, ManagedIdentifierOptsOrResult, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution';
|
|
3
3
|
import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
|
|
4
4
|
import { IIdentifier, IPluginMethodMap, IAgentContext, ICredentialVerifier, ICredentialIssuer, IDIDManager, IResolver, IKeyManager, TKeyType, VerificationPolicies, TAgent, IAgentPlugin } from '@veramo/core';
|
|
@@ -16,7 +16,6 @@ import { IDidAuthSiopOpAuthenticator, CreateConfigResult } from '@sphereon/ssi-s
|
|
|
16
16
|
import { IVerifiableCredential, W3CVerifiableCredential, WrappedVerifiableCredential, WrappedVerifiablePresentation, JoseSignatureAlgorithm, JoseSignatureAlgorithmString, HasherSync, SdJwtTypeDisplayMetadata, SdJwtClaimMetadata, OriginalVerifiableCredential } from '@sphereon/ssi-types';
|
|
17
17
|
import { Interpreter, State, StatesConfig, StateMachine, BaseActionObject, ServiceMap, ResolveTypegenMeta, TypegenDisabled } from 'xstate';
|
|
18
18
|
import { RPRegistrationMetadataPayload, PresentationDefinitionWithLocation } from '@sphereon/did-auth-siop';
|
|
19
|
-
import { DcqlQuery } from 'dcql';
|
|
20
19
|
import { LinkHandlerAdapter, DefaultLinkPriorities } from '@sphereon/ssi-sdk.core';
|
|
21
20
|
import { IMachineStatePersistence, SerializableState } from '@sphereon/ssi-sdk.xstate-machine-persistence';
|
|
22
21
|
|
|
@@ -115,7 +114,6 @@ type SiopV2AuthorizationRequestData = {
|
|
|
115
114
|
clientId?: string;
|
|
116
115
|
entityId?: string;
|
|
117
116
|
presentationDefinitions?: PresentationDefinitionWithLocation[];
|
|
118
|
-
dcqlQuery: DcqlQuery;
|
|
119
117
|
};
|
|
120
118
|
type FirstPartyMachineNavigationArgs = {
|
|
121
119
|
firstPartyMachine: FirstPartyMachineInterpreter;
|
|
@@ -358,7 +356,6 @@ declare enum OID4VCIMachineGuards {
|
|
|
358
356
|
requirePinGuard = "oid4vciRequirePinGuard",
|
|
359
357
|
requireAuthorizationGuard = "oid4vciRequireAuthorizationGuard",
|
|
360
358
|
noAuthorizationGuard = "oid4vciNoAuthorizationGuard",
|
|
361
|
-
hasNonceEndpointGuard = "oid4vciHasNonceEndpointGuard ",
|
|
362
359
|
hasAuthorizationResponse = "oid4vciHasAuthorizationResponse",
|
|
363
360
|
hasNoContactIdentityGuard = "oid4vciHasNoContactIdentityGuard",
|
|
364
361
|
verificationCodeGuard = "oid4vciVerificationCodeGuard",
|
|
@@ -485,7 +482,7 @@ type CredentialToAccept = {
|
|
|
485
482
|
id?: string;
|
|
486
483
|
types: string[];
|
|
487
484
|
issuanceOpt: IssuanceOpts;
|
|
488
|
-
credentialResponse:
|
|
485
|
+
credentialResponse: CredentialResponse;
|
|
489
486
|
};
|
|
490
487
|
type GetCredentialConfigsSupportedArgs = {
|
|
491
488
|
client: OpenID4VCIClient;
|
|
@@ -670,7 +667,7 @@ type RequiredContext = IAgentContext<IIssuanceBranding & IContactManager & ICred
|
|
|
670
667
|
* {@inheritDoc IOID4VCIHolder}
|
|
671
668
|
*/
|
|
672
669
|
declare const oid4vciHolderContextMethods: Array<string>;
|
|
673
|
-
declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string
|
|
670
|
+
declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string) => Promise<string>;
|
|
674
671
|
declare class OID4VCIHolder implements IAgentPlugin {
|
|
675
672
|
private readonly hasher?;
|
|
676
673
|
readonly eventTypes: Array<OID4VCIHolderEvent>;
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance,
|
|
1
|
+
import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance, CredentialResponse, AuthorizationResponse, CredentialsSupportedDisplay, IssuerCredentialSubject, MetadataDisplay, NotificationRequest, Jwt } from '@sphereon/oid4vci-common';
|
|
2
2
|
import { IIdentifierResolution, ManagedIdentifierMethod, ManagedIdentifierOptsOrResult, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution';
|
|
3
3
|
import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
|
|
4
4
|
import { IIdentifier, IPluginMethodMap, IAgentContext, ICredentialVerifier, ICredentialIssuer, IDIDManager, IResolver, IKeyManager, TKeyType, VerificationPolicies, TAgent, IAgentPlugin } from '@veramo/core';
|
|
@@ -16,7 +16,6 @@ import { IDidAuthSiopOpAuthenticator, CreateConfigResult } from '@sphereon/ssi-s
|
|
|
16
16
|
import { IVerifiableCredential, W3CVerifiableCredential, WrappedVerifiableCredential, WrappedVerifiablePresentation, JoseSignatureAlgorithm, JoseSignatureAlgorithmString, HasherSync, SdJwtTypeDisplayMetadata, SdJwtClaimMetadata, OriginalVerifiableCredential } from '@sphereon/ssi-types';
|
|
17
17
|
import { Interpreter, State, StatesConfig, StateMachine, BaseActionObject, ServiceMap, ResolveTypegenMeta, TypegenDisabled } from 'xstate';
|
|
18
18
|
import { RPRegistrationMetadataPayload, PresentationDefinitionWithLocation } from '@sphereon/did-auth-siop';
|
|
19
|
-
import { DcqlQuery } from 'dcql';
|
|
20
19
|
import { LinkHandlerAdapter, DefaultLinkPriorities } from '@sphereon/ssi-sdk.core';
|
|
21
20
|
import { IMachineStatePersistence, SerializableState } from '@sphereon/ssi-sdk.xstate-machine-persistence';
|
|
22
21
|
|
|
@@ -115,7 +114,6 @@ type SiopV2AuthorizationRequestData = {
|
|
|
115
114
|
clientId?: string;
|
|
116
115
|
entityId?: string;
|
|
117
116
|
presentationDefinitions?: PresentationDefinitionWithLocation[];
|
|
118
|
-
dcqlQuery: DcqlQuery;
|
|
119
117
|
};
|
|
120
118
|
type FirstPartyMachineNavigationArgs = {
|
|
121
119
|
firstPartyMachine: FirstPartyMachineInterpreter;
|
|
@@ -358,7 +356,6 @@ declare enum OID4VCIMachineGuards {
|
|
|
358
356
|
requirePinGuard = "oid4vciRequirePinGuard",
|
|
359
357
|
requireAuthorizationGuard = "oid4vciRequireAuthorizationGuard",
|
|
360
358
|
noAuthorizationGuard = "oid4vciNoAuthorizationGuard",
|
|
361
|
-
hasNonceEndpointGuard = "oid4vciHasNonceEndpointGuard ",
|
|
362
359
|
hasAuthorizationResponse = "oid4vciHasAuthorizationResponse",
|
|
363
360
|
hasNoContactIdentityGuard = "oid4vciHasNoContactIdentityGuard",
|
|
364
361
|
verificationCodeGuard = "oid4vciVerificationCodeGuard",
|
|
@@ -485,7 +482,7 @@ type CredentialToAccept = {
|
|
|
485
482
|
id?: string;
|
|
486
483
|
types: string[];
|
|
487
484
|
issuanceOpt: IssuanceOpts;
|
|
488
|
-
credentialResponse:
|
|
485
|
+
credentialResponse: CredentialResponse;
|
|
489
486
|
};
|
|
490
487
|
type GetCredentialConfigsSupportedArgs = {
|
|
491
488
|
client: OpenID4VCIClient;
|
|
@@ -670,7 +667,7 @@ type RequiredContext = IAgentContext<IIssuanceBranding & IContactManager & ICred
|
|
|
670
667
|
* {@inheritDoc IOID4VCIHolder}
|
|
671
668
|
*/
|
|
672
669
|
declare const oid4vciHolderContextMethods: Array<string>;
|
|
673
|
-
declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string
|
|
670
|
+
declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string) => Promise<string>;
|
|
674
671
|
declare class OID4VCIHolder implements IAgentPlugin {
|
|
675
672
|
private readonly hasher?;
|
|
676
673
|
readonly eventTypes: Array<OID4VCIHolderEvent>;
|
package/dist/index.js
CHANGED
|
@@ -60,7 +60,6 @@ import { DefaultURISchemes, getTypesFromAuthorizationDetails, getTypesFromCreden
|
|
|
60
60
|
import { SupportedDidMethodEnum as SupportedDidMethodEnum2 } from "@sphereon/ssi-sdk-ext.did-utils";
|
|
61
61
|
import { isManagedIdentifierDidOpts, isManagedIdentifierDidResult as isManagedIdentifierDidResult2, isManagedIdentifierJwkResult, isManagedIdentifierKidResult, isManagedIdentifierResult as isManagedIdentifierResult2, isManagedIdentifierX5cOpts, isManagedIdentifierX5cResult } from "@sphereon/ssi-sdk-ext.identifier-resolution";
|
|
62
62
|
import { signatureAlgorithmFromKey } from "@sphereon/ssi-sdk-ext.key-utils";
|
|
63
|
-
import { defaultHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
|
|
64
63
|
import { ConnectionType, CorrelationIdentifierType, CredentialCorrelationType, CredentialRole, ensureRawDocument, IdentityOrigin } from "@sphereon/ssi-sdk.data-store";
|
|
65
64
|
import { CredentialMapper as CredentialMapper2, JoseSignatureAlgorithm as JoseSignatureAlgorithm2, Loggers, parseDid } from "@sphereon/ssi-types";
|
|
66
65
|
import { asArray as asArray2, computeEntryHash } from "@veramo/utils";
|
|
@@ -150,7 +149,6 @@ var OID4VCIMachineGuards = /* @__PURE__ */ (function(OID4VCIMachineGuards2) {
|
|
|
150
149
|
OID4VCIMachineGuards2["requirePinGuard"] = "oid4vciRequirePinGuard";
|
|
151
150
|
OID4VCIMachineGuards2["requireAuthorizationGuard"] = "oid4vciRequireAuthorizationGuard";
|
|
152
151
|
OID4VCIMachineGuards2["noAuthorizationGuard"] = "oid4vciNoAuthorizationGuard";
|
|
153
|
-
OID4VCIMachineGuards2["hasNonceEndpointGuard"] = "oid4vciHasNonceEndpointGuard ";
|
|
154
152
|
OID4VCIMachineGuards2["hasAuthorizationResponse"] = "oid4vciHasAuthorizationResponse";
|
|
155
153
|
OID4VCIMachineGuards2["hasNoContactIdentityGuard"] = "oid4vciHasNoContactIdentityGuard";
|
|
156
154
|
OID4VCIMachineGuards2["verificationCodeGuard"] = "oid4vciVerificationCodeGuard";
|
|
@@ -1540,7 +1538,7 @@ var getCredentialBranding = /* @__PURE__ */ __name(async (args) => {
|
|
|
1540
1538
|
const credentialBranding = {};
|
|
1541
1539
|
await Promise.all(Object.entries(credentialsSupported).map(async ([configId, credentialsConfigSupported]) => {
|
|
1542
1540
|
let sdJwtTypeMetadata;
|
|
1543
|
-
if (credentialsConfigSupported.format === "
|
|
1541
|
+
if (credentialsConfigSupported.format === "vc+sd-jwt") {
|
|
1544
1542
|
const vct = credentialsConfigSupported.vct;
|
|
1545
1543
|
if (vct.startsWith("http")) {
|
|
1546
1544
|
try {
|
|
@@ -1606,13 +1604,7 @@ var selectCredentialLocaleBranding = /* @__PURE__ */ __name(async (args) => {
|
|
|
1606
1604
|
}, "selectCredentialLocaleBranding");
|
|
1607
1605
|
var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
|
|
1608
1606
|
const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args;
|
|
1609
|
-
const
|
|
1610
|
-
let credential;
|
|
1611
|
-
if ("credential" in credentialResponse) {
|
|
1612
|
-
credential = credentialResponse.credential;
|
|
1613
|
-
} else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
|
|
1614
|
-
credential = credentialResponse.credentials[0].credential;
|
|
1615
|
-
}
|
|
1607
|
+
const credential = mappedCredential.credentialToAccept.credentialResponse.credential;
|
|
1616
1608
|
if (!credential) {
|
|
1617
1609
|
return Promise.reject(Error("No credential found in credential response"));
|
|
1618
1610
|
}
|
|
@@ -1668,12 +1660,7 @@ var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
|
|
|
1668
1660
|
var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
|
|
1669
1661
|
const { credentialToAccept, hasher } = args;
|
|
1670
1662
|
const credentialResponse = credentialToAccept.credentialResponse;
|
|
1671
|
-
|
|
1672
|
-
if ("credential" in credentialResponse) {
|
|
1673
|
-
verifiableCredential = credentialResponse.credential;
|
|
1674
|
-
} else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
|
|
1675
|
-
verifiableCredential = credentialResponse.credentials[0].credential;
|
|
1676
|
-
}
|
|
1663
|
+
const verifiableCredential = credentialResponse.credential;
|
|
1677
1664
|
if (!verifiableCredential) {
|
|
1678
1665
|
return Promise.reject(Error("No credential found in credential response"));
|
|
1679
1666
|
}
|
|
@@ -2008,7 +1995,6 @@ var getIssuanceCryptoSuite = /* @__PURE__ */ __name(async (opts) => {
|
|
|
2008
1995
|
case "jwt_vc_json":
|
|
2009
1996
|
case "jwt_vc":
|
|
2010
1997
|
case "vc+sd-jwt":
|
|
2011
|
-
case "dc+sd-jwt":
|
|
2012
1998
|
case "mso_mdoc": {
|
|
2013
1999
|
const supportedPreferences = jwtCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
|
|
2014
2000
|
if (supportedPreferences.length > 0) {
|
|
@@ -2077,6 +2063,7 @@ var startFirstPartApplicationMachine = /* @__PURE__ */ __name(async (args, conte
|
|
|
2077
2063
|
|
|
2078
2064
|
// src/agent/OID4VCIHolder.ts
|
|
2079
2065
|
import "cross-fetch/polyfill";
|
|
2066
|
+
import { defaultHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
|
|
2080
2067
|
var oid4vciHolderContextMethods = [
|
|
2081
2068
|
"cmGetContacts",
|
|
2082
2069
|
"cmGetContact",
|
|
@@ -2092,7 +2079,7 @@ var oid4vciHolderContextMethods = [
|
|
|
2092
2079
|
];
|
|
2093
2080
|
var logger = Loggers.DEFAULT.get("sphereon:oid4vci:holder");
|
|
2094
2081
|
function signCallback(identifier, context, nonce) {
|
|
2095
|
-
return async (jwt, kid
|
|
2082
|
+
return async (jwt, kid) => {
|
|
2096
2083
|
let resolution = await context.agent.identifierManagedGet(identifier);
|
|
2097
2084
|
const jwk = jwt.header.jwk ?? (resolution.method === "jwk" ? resolution.jwk : void 0);
|
|
2098
2085
|
if (!resolution.issuer && !jwt.payload.iss) {
|
|
@@ -2110,7 +2097,7 @@ function signCallback(identifier, context, nonce) {
|
|
|
2110
2097
|
return (await context.agent.jwtCreateJwsCompactSignature({
|
|
2111
2098
|
issuer: {
|
|
2112
2099
|
...resolution,
|
|
2113
|
-
noIssPayloadUpdate:
|
|
2100
|
+
noIssPayloadUpdate: false
|
|
2114
2101
|
},
|
|
2115
2102
|
protectedHeader: header,
|
|
2116
2103
|
payload
|
|
@@ -2145,7 +2132,6 @@ var OID4VCIHolder = class _OID4VCIHolder {
|
|
|
2145
2132
|
oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this)
|
|
2146
2133
|
};
|
|
2147
2134
|
vcFormatPreferences = [
|
|
2148
|
-
"dc+sd-jwt",
|
|
2149
2135
|
"vc+sd-jwt",
|
|
2150
2136
|
"mso_mdoc",
|
|
2151
2137
|
"jwt_vc_json",
|
|
@@ -2732,16 +2718,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
|
|
|
2732
2718
|
if (Array.isArray(subjectIssuance?.notification_events_supported)) {
|
|
2733
2719
|
event = subjectIssuance.notification_events_supported.includes("credential_accepted_holder_signed") ? "credential_accepted_holder_signed" : "credential_deleted_holder_signed";
|
|
2734
2720
|
logger.log(`Subject issuance/signing will be used, with event`, event);
|
|
2735
|
-
const
|
|
2736
|
-
let issuerVC;
|
|
2737
|
-
if ("credential" in credentialResponse) {
|
|
2738
|
-
issuerVC = credentialResponse.credential;
|
|
2739
|
-
} else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
|
|
2740
|
-
issuerVC = credentialResponse.credentials[0].credential;
|
|
2741
|
-
}
|
|
2742
|
-
if (!issuerVC) {
|
|
2743
|
-
return Promise.reject(Error("No credential found in credential response"));
|
|
2744
|
-
}
|
|
2721
|
+
const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential;
|
|
2745
2722
|
const wrappedIssuerVC = CredentialMapper2.toWrappedVerifiableCredential(issuerVC, {
|
|
2746
2723
|
hasher: this.hasher ?? defaultHasher2
|
|
2747
2724
|
});
|