@sphereon/ssi-sdk.oid4vci-holder 0.34.1-feature.DIIPv4.77 → 0.34.1-feature.IDK.11.48
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +435 -440
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +6 -9
- package/dist/index.d.ts +6 -9
- package/dist/index.js +530 -535
- package/dist/index.js.map +1 -1
- package/package.json +24 -25
- package/src/agent/OID4VCIHolder.ts +22 -23
- package/src/services/OID4VCIHolderService.ts +44 -45
- package/src/types/FirstPartyMachine.ts +5 -6
- package/src/types/IOID4VCIHolder.ts +1 -3
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk.oid4vci-holder",
|
|
3
|
-
"version": "0.34.1-feature.
|
|
3
|
+
"version": "0.34.1-feature.IDK.11.48+640da718",
|
|
4
4
|
"source": "src/index.ts",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|
|
@@ -26,41 +26,40 @@
|
|
|
26
26
|
"build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
|
|
27
27
|
},
|
|
28
28
|
"dependencies": {
|
|
29
|
-
"@sphereon/did-auth-siop": "0.19.1-
|
|
29
|
+
"@sphereon/did-auth-siop": "0.19.1-next.2",
|
|
30
30
|
"@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
|
|
31
|
-
"@sphereon/oid4vci-client": "0.19.1-
|
|
32
|
-
"@sphereon/oid4vci-common": "0.19.1-
|
|
33
|
-
"@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.
|
|
34
|
-
"@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.
|
|
35
|
-
"@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.
|
|
36
|
-
"@sphereon/ssi-sdk-ext.key-utils": "0.34.1-feature.
|
|
37
|
-
"@sphereon/ssi-sdk.contact-manager": "0.34.1-feature.
|
|
38
|
-
"@sphereon/ssi-sdk.core": "0.34.1-feature.
|
|
39
|
-
"@sphereon/ssi-sdk.credential-store": "0.34.1-feature.
|
|
40
|
-
"@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.
|
|
41
|
-
"@sphereon/ssi-sdk.data-store": "0.34.1-feature.
|
|
42
|
-
"@sphereon/ssi-sdk.issuance-branding": "0.34.1-feature.
|
|
43
|
-
"@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-feature.
|
|
44
|
-
"@sphereon/ssi-sdk.oidf-client": "0.34.1-feature.
|
|
45
|
-
"@sphereon/ssi-sdk.sd-jwt": "0.34.1-feature.
|
|
46
|
-
"@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.
|
|
47
|
-
"@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "0.34.1-feature.
|
|
48
|
-
"@sphereon/ssi-sdk.xstate-machine-persistence": "0.34.1-feature.
|
|
49
|
-
"@sphereon/ssi-types": "0.34.1-feature.
|
|
31
|
+
"@sphereon/oid4vci-client": "0.19.1-next.2",
|
|
32
|
+
"@sphereon/oid4vci-common": "0.19.1-next.2",
|
|
33
|
+
"@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.IDK.11.48+640da718",
|
|
34
|
+
"@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.IDK.11.48+640da718",
|
|
35
|
+
"@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.IDK.11.48+640da718",
|
|
36
|
+
"@sphereon/ssi-sdk-ext.key-utils": "0.34.1-feature.IDK.11.48+640da718",
|
|
37
|
+
"@sphereon/ssi-sdk.contact-manager": "0.34.1-feature.IDK.11.48+640da718",
|
|
38
|
+
"@sphereon/ssi-sdk.core": "0.34.1-feature.IDK.11.48+640da718",
|
|
39
|
+
"@sphereon/ssi-sdk.credential-store": "0.34.1-feature.IDK.11.48+640da718",
|
|
40
|
+
"@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.IDK.11.48+640da718",
|
|
41
|
+
"@sphereon/ssi-sdk.data-store": "0.34.1-feature.IDK.11.48+640da718",
|
|
42
|
+
"@sphereon/ssi-sdk.issuance-branding": "0.34.1-feature.IDK.11.48+640da718",
|
|
43
|
+
"@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-feature.IDK.11.48+640da718",
|
|
44
|
+
"@sphereon/ssi-sdk.oidf-client": "0.34.1-feature.IDK.11.48+640da718",
|
|
45
|
+
"@sphereon/ssi-sdk.sd-jwt": "0.34.1-feature.IDK.11.48+640da718",
|
|
46
|
+
"@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.IDK.11.48+640da718",
|
|
47
|
+
"@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "0.34.1-feature.IDK.11.48+640da718",
|
|
48
|
+
"@sphereon/ssi-sdk.xstate-machine-persistence": "0.34.1-feature.IDK.11.48+640da718",
|
|
49
|
+
"@sphereon/ssi-types": "0.34.1-feature.IDK.11.48+640da718",
|
|
50
50
|
"@veramo/core": "4.2.0",
|
|
51
51
|
"@veramo/data-store": "4.2.0",
|
|
52
52
|
"@veramo/utils": "4.2.0",
|
|
53
53
|
"ajv": "^8.17.1",
|
|
54
54
|
"ajv-formats": "^3.0.1",
|
|
55
|
-
"dcql": "1.0.1",
|
|
56
55
|
"i18n-js": "^3.9.2",
|
|
57
56
|
"lodash.memoize": "^4.1.2",
|
|
58
57
|
"uuid": "^9.0.1",
|
|
59
58
|
"xstate": "^4.38.3"
|
|
60
59
|
},
|
|
61
60
|
"devDependencies": {
|
|
62
|
-
"@sphereon/oid4vc-common": "0.19.1-
|
|
63
|
-
"@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.34.1-feature.
|
|
61
|
+
"@sphereon/oid4vc-common": "0.19.1-next.2",
|
|
62
|
+
"@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.34.1-feature.IDK.11.48+640da718",
|
|
64
63
|
"@sphereon/ssi-sdk.siopv2-oid4vp-common": "workspace:*",
|
|
65
64
|
"@types/i18n-js": "^3.8.9",
|
|
66
65
|
"@types/lodash.memoize": "^4.1.9",
|
|
@@ -90,5 +89,5 @@
|
|
|
90
89
|
"OID4VCI",
|
|
91
90
|
"State Machine"
|
|
92
91
|
],
|
|
93
|
-
"gitHead": "
|
|
92
|
+
"gitHead": "640da718d6ce394653ae6ef0276b584b2b7456df"
|
|
94
93
|
}
|
|
@@ -4,8 +4,8 @@ import {
|
|
|
4
4
|
AuthorizationRequestOpts,
|
|
5
5
|
AuthorizationServerClientOpts,
|
|
6
6
|
AuthorizationServerOpts,
|
|
7
|
-
|
|
8
|
-
|
|
7
|
+
CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_13,
|
|
8
|
+
CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13,
|
|
9
9
|
CredentialOfferRequestWithBaseUrl,
|
|
10
10
|
DefaultURISchemes,
|
|
11
11
|
EndpointMetadataResult,
|
|
@@ -30,7 +30,6 @@ import {
|
|
|
30
30
|
} from '@sphereon/ssi-sdk-ext.identifier-resolution'
|
|
31
31
|
import { IJwtService, JwsHeader } from '@sphereon/ssi-sdk-ext.jwt-service'
|
|
32
32
|
import { signatureAlgorithmFromKey } from '@sphereon/ssi-sdk-ext.key-utils'
|
|
33
|
-
import { defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
34
33
|
import {
|
|
35
34
|
ConnectionType,
|
|
36
35
|
CorrelationIdentifierType,
|
|
@@ -55,6 +54,7 @@ import {
|
|
|
55
54
|
JoseSignatureAlgorithmString,
|
|
56
55
|
JwtDecodedVerifiableCredential,
|
|
57
56
|
Loggers,
|
|
57
|
+
OriginalVerifiableCredential,
|
|
58
58
|
parseDid,
|
|
59
59
|
SdJwtDecodedVerifiableCredentialPayload,
|
|
60
60
|
WrappedW3CVerifiableCredential,
|
|
@@ -73,19 +73,6 @@ import { asArray, computeEntryHash } from '@veramo/utils'
|
|
|
73
73
|
import { decodeJWT } from 'did-jwt'
|
|
74
74
|
import { v4 as uuidv4 } from 'uuid'
|
|
75
75
|
import { OID4VCIMachine } from '../machines/oid4vciMachine'
|
|
76
|
-
import {
|
|
77
|
-
extractCredentialFromResponse,
|
|
78
|
-
getBasicIssuerLocaleBranding,
|
|
79
|
-
getCredentialBranding,
|
|
80
|
-
getCredentialConfigsSupportedMerged,
|
|
81
|
-
getIdentifierOpts,
|
|
82
|
-
getIssuanceOpts,
|
|
83
|
-
mapCredentialToAccept,
|
|
84
|
-
selectCredentialLocaleBranding,
|
|
85
|
-
startFirstPartApplicationMachine,
|
|
86
|
-
verifyCredentialToAccept,
|
|
87
|
-
} from '../services/OID4VCIHolderService'
|
|
88
|
-
import 'cross-fetch/polyfill'
|
|
89
76
|
import {
|
|
90
77
|
AddContactIdentityArgs,
|
|
91
78
|
AssertValidCredentialsArgs,
|
|
@@ -124,6 +111,19 @@ import {
|
|
|
124
111
|
VerifyEBSICredentialIssuerArgs,
|
|
125
112
|
VerifyEBSICredentialIssuerResult,
|
|
126
113
|
} from '../types/IOID4VCIHolder'
|
|
114
|
+
import {
|
|
115
|
+
getBasicIssuerLocaleBranding,
|
|
116
|
+
getCredentialBranding,
|
|
117
|
+
getCredentialConfigsSupportedMerged,
|
|
118
|
+
getIdentifierOpts,
|
|
119
|
+
getIssuanceOpts,
|
|
120
|
+
mapCredentialToAccept,
|
|
121
|
+
selectCredentialLocaleBranding,
|
|
122
|
+
startFirstPartApplicationMachine,
|
|
123
|
+
verifyCredentialToAccept,
|
|
124
|
+
} from '../services/OID4VCIHolderService'
|
|
125
|
+
import 'cross-fetch/polyfill'
|
|
126
|
+
import { defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
127
127
|
|
|
128
128
|
/**
|
|
129
129
|
* {@inheritDoc IOID4VCIHolder}
|
|
@@ -151,7 +151,7 @@ export function signCallback(
|
|
|
151
151
|
context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>,
|
|
152
152
|
nonce?: string,
|
|
153
153
|
) {
|
|
154
|
-
return async (jwt: Jwt, kid?: string
|
|
154
|
+
return async (jwt: Jwt, kid?: string) => {
|
|
155
155
|
let resolution = await context.agent.identifierManagedGet(identifier)
|
|
156
156
|
const jwk = jwt.header.jwk ?? (resolution.method === 'jwk' ? resolution.jwk : undefined)
|
|
157
157
|
if (!resolution.issuer && !jwt.payload.iss) {
|
|
@@ -170,7 +170,7 @@ export function signCallback(
|
|
|
170
170
|
}
|
|
171
171
|
return (
|
|
172
172
|
await context.agent.jwtCreateJwsCompactSignature({
|
|
173
|
-
issuer: { ...resolution, noIssPayloadUpdate:
|
|
173
|
+
issuer: { ...resolution, noIssPayloadUpdate: false },
|
|
174
174
|
protectedHeader: header,
|
|
175
175
|
payload,
|
|
176
176
|
})
|
|
@@ -229,7 +229,7 @@ export class OID4VCIHolder implements IAgentPlugin {
|
|
|
229
229
|
oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this),
|
|
230
230
|
}
|
|
231
231
|
|
|
232
|
-
private readonly vcFormatPreferences: Array<string> = ['
|
|
232
|
+
private readonly vcFormatPreferences: Array<string> = ['vc+sd-jwt', 'mso_mdoc', 'jwt_vc_json', 'jwt_vc', 'ldp_vc']
|
|
233
233
|
private readonly jsonldCryptographicSuitePreferences: Array<string> = [
|
|
234
234
|
'Ed25519Signature2018',
|
|
235
235
|
'EcdsaSecp256k1Signature2019',
|
|
@@ -939,8 +939,7 @@ export class OID4VCIHolder implements IAgentPlugin {
|
|
|
939
939
|
? 'credential_accepted_holder_signed'
|
|
940
940
|
: 'credential_deleted_holder_signed'
|
|
941
941
|
logger.log(`Subject issuance/signing will be used, with event`, event)
|
|
942
|
-
|
|
943
|
-
const issuerVC = extractCredentialFromResponse(mappedCredentialToAccept.credentialToAccept.credentialResponse)
|
|
942
|
+
const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential as OriginalVerifiableCredential
|
|
944
943
|
const wrappedIssuerVC = CredentialMapper.toWrappedVerifiableCredential(issuerVC, { hasher: this.hasher ?? defaultHasher })
|
|
945
944
|
console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`)
|
|
946
945
|
// We will use the subject of the VCI Issuer (the holder, as the issuer of the new credential, so the below is not a mistake!)
|
|
@@ -1170,9 +1169,9 @@ export class OID4VCIHolder implements IAgentPlugin {
|
|
|
1170
1169
|
return undefined
|
|
1171
1170
|
}
|
|
1172
1171
|
|
|
1173
|
-
private getCredentialDefinition(issuanceOpt: IssuanceOpts):
|
|
1172
|
+
private getCredentialDefinition(issuanceOpt: IssuanceOpts): CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13 | undefined {
|
|
1174
1173
|
if (issuanceOpt.format == 'ldp_vc' || issuanceOpt.format == 'jwt_vc_json-ld') {
|
|
1175
|
-
return (issuanceOpt as
|
|
1174
|
+
return (issuanceOpt as CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_13).credential_definition
|
|
1176
1175
|
}
|
|
1177
1176
|
return undefined
|
|
1178
1177
|
}
|
|
@@ -1,15 +1,16 @@
|
|
|
1
1
|
import { LOG } from '@sphereon/oid4vci-client'
|
|
2
2
|
import {
|
|
3
|
-
AuthorizationChallengeCodeResponse,
|
|
4
3
|
CredentialConfigurationSupported,
|
|
5
|
-
CredentialConfigurationSupportedSdJwtVcV1_0_15,
|
|
6
|
-
CredentialResponse,
|
|
7
|
-
CredentialResponseV1_0_15,
|
|
8
4
|
CredentialSupportedSdJwtVc,
|
|
5
|
+
CredentialConfigurationSupportedSdJwtVcV1_0_13,
|
|
6
|
+
CredentialOfferFormatV1_0_11,
|
|
7
|
+
CredentialResponse,
|
|
9
8
|
getSupportedCredentials,
|
|
10
9
|
getTypesFromCredentialSupported,
|
|
11
10
|
getTypesFromObject,
|
|
12
11
|
MetadataDisplay,
|
|
12
|
+
OpenId4VCIVersion,
|
|
13
|
+
AuthorizationChallengeCodeResponse,
|
|
13
14
|
} from '@sphereon/oid4vci-common'
|
|
14
15
|
import { KeyUse } from '@sphereon/ssi-sdk-ext.did-resolver-jwk'
|
|
15
16
|
import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'
|
|
@@ -22,7 +23,6 @@ import {
|
|
|
22
23
|
managedIdentifierToJwk,
|
|
23
24
|
} from '@sphereon/ssi-sdk-ext.identifier-resolution'
|
|
24
25
|
import { keyTypeFromCryptographicSuite } from '@sphereon/ssi-sdk-ext.key-utils'
|
|
25
|
-
import { defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
26
26
|
import { IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store'
|
|
27
27
|
import {
|
|
28
28
|
CredentialMapper,
|
|
@@ -40,12 +40,8 @@ import {
|
|
|
40
40
|
} from '@sphereon/ssi-types'
|
|
41
41
|
import { asArray } from '@veramo/utils'
|
|
42
42
|
import { translate } from '../localization/Localization'
|
|
43
|
-
import { FirstPartyMachine } from '../machines/firstPartyMachine'
|
|
44
|
-
import { issuerLocaleBrandingFrom, oid4vciGetCredentialBrandingFrom, sdJwtGetCredentialBrandingFrom } from '../mappers/OIDC4VCIBrandingMapper'
|
|
45
|
-
import { FirstPartyMachineState, FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'
|
|
46
43
|
import {
|
|
47
44
|
DidAgents,
|
|
48
|
-
GetBasicIssuerLocaleBrandingArgs,
|
|
49
45
|
GetCredentialBrandingArgs,
|
|
50
46
|
GetCredentialConfigsSupportedArgs,
|
|
51
47
|
GetCredentialConfigsSupportedBySingleTypeOrIdArgs,
|
|
@@ -53,17 +49,22 @@ import {
|
|
|
53
49
|
GetIssuanceCryptoSuiteArgs,
|
|
54
50
|
GetIssuanceDidMethodArgs,
|
|
55
51
|
GetIssuanceOptsArgs,
|
|
52
|
+
GetBasicIssuerLocaleBrandingArgs,
|
|
56
53
|
GetPreferredCredentialFormatsArgs,
|
|
57
54
|
IssuanceOpts,
|
|
58
55
|
MapCredentialToAcceptArgs,
|
|
59
56
|
MappedCredentialToAccept,
|
|
60
57
|
OID4VCIHolderEvent,
|
|
61
|
-
RequiredContext,
|
|
62
58
|
SelectAppLocaleBrandingArgs,
|
|
63
|
-
StartFirstPartApplicationMachine,
|
|
64
59
|
VerificationResult,
|
|
65
60
|
VerifyCredentialToAcceptArgs,
|
|
61
|
+
StartFirstPartApplicationMachine,
|
|
62
|
+
RequiredContext,
|
|
66
63
|
} from '../types/IOID4VCIHolder'
|
|
64
|
+
import { oid4vciGetCredentialBrandingFrom, sdJwtGetCredentialBrandingFrom, issuerLocaleBrandingFrom } from '../mappers/OIDC4VCIBrandingMapper'
|
|
65
|
+
import { FirstPartyMachine } from '../machines/firstPartyMachine'
|
|
66
|
+
import { FirstPartyMachineState, FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'
|
|
67
|
+
import { defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
67
68
|
|
|
68
69
|
export const getCredentialBranding = async (args: GetCredentialBrandingArgs): Promise<Record<string, Array<IBasicCredentialLocaleBranding>>> => {
|
|
69
70
|
const { credentialsSupported, context } = args
|
|
@@ -71,8 +72,8 @@ export const getCredentialBranding = async (args: GetCredentialBrandingArgs): Pr
|
|
|
71
72
|
await Promise.all(
|
|
72
73
|
Object.entries(credentialsSupported).map(async ([configId, credentialsConfigSupported]): Promise<void> => {
|
|
73
74
|
let sdJwtTypeMetadata: SdJwtTypeMetadata | undefined
|
|
74
|
-
if (credentialsConfigSupported.format === '
|
|
75
|
-
const vct = (<CredentialSupportedSdJwtVc |
|
|
75
|
+
if (credentialsConfigSupported.format === 'vc+sd-jwt') {
|
|
76
|
+
const vct = (<CredentialSupportedSdJwtVc | CredentialConfigurationSupportedSdJwtVcV1_0_13>credentialsConfigSupported).vct
|
|
76
77
|
if (vct.startsWith('http')) {
|
|
77
78
|
try {
|
|
78
79
|
sdJwtTypeMetadata = await context.agent.fetchSdJwtTypeMetadataFromVctUrl({ vct })
|
|
@@ -152,7 +153,10 @@ export const selectCredentialLocaleBranding = async (
|
|
|
152
153
|
export const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArgs): Promise<VerificationResult> => {
|
|
153
154
|
const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args
|
|
154
155
|
|
|
155
|
-
const credential =
|
|
156
|
+
const credential = mappedCredential.credentialToAccept.credentialResponse.credential as OriginalVerifiableCredential
|
|
157
|
+
if (!credential) {
|
|
158
|
+
return Promise.reject(Error('No credential found in credential response'))
|
|
159
|
+
}
|
|
156
160
|
|
|
157
161
|
const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credential, { hasher: hasher ?? defaultHasher })
|
|
158
162
|
if (
|
|
@@ -201,7 +205,11 @@ export const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArg
|
|
|
201
205
|
export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Promise<MappedCredentialToAccept> => {
|
|
202
206
|
const { credentialToAccept, hasher } = args
|
|
203
207
|
|
|
204
|
-
const
|
|
208
|
+
const credentialResponse: CredentialResponse = credentialToAccept.credentialResponse
|
|
209
|
+
const verifiableCredential: W3CVerifiableCredential | undefined = credentialResponse.credential
|
|
210
|
+
if (!verifiableCredential) {
|
|
211
|
+
return Promise.reject(Error('No credential found in credential response'))
|
|
212
|
+
}
|
|
205
213
|
|
|
206
214
|
const wrappedVerifiableCredential: WrappedVerifiableCredential = CredentialMapper.toWrappedVerifiableCredential(
|
|
207
215
|
verifiableCredential as OriginalVerifiableCredential,
|
|
@@ -232,7 +240,6 @@ export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Pr
|
|
|
232
240
|
? uniformVerifiableCredential.decodedPayload.iss
|
|
233
241
|
: uniformVerifiableCredential.issuer.id
|
|
234
242
|
|
|
235
|
-
const credentialResponse = credentialToAccept.credentialResponse as CredentialResponseV1_0_15
|
|
236
243
|
return {
|
|
237
244
|
correlationId,
|
|
238
245
|
credentialToAccept,
|
|
@@ -243,27 +250,6 @@ export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Pr
|
|
|
243
250
|
}
|
|
244
251
|
}
|
|
245
252
|
|
|
246
|
-
export const extractCredentialFromResponse = (credentialResponse: CredentialResponse): OriginalVerifiableCredential => {
|
|
247
|
-
let credential: OriginalVerifiableCredential | undefined
|
|
248
|
-
|
|
249
|
-
if ('credential' in credentialResponse) {
|
|
250
|
-
credential = credentialResponse.credential as OriginalVerifiableCredential
|
|
251
|
-
} else if (
|
|
252
|
-
'credentials' in credentialResponse &&
|
|
253
|
-
credentialResponse.credentials &&
|
|
254
|
-
Array.isArray(credentialResponse.credentials) &&
|
|
255
|
-
credentialResponse.credentials.length > 0
|
|
256
|
-
) {
|
|
257
|
-
credential = credentialResponse.credentials[0].credential as OriginalVerifiableCredential // FIXME SSISDK-13 (no multi-credential support yet)
|
|
258
|
-
}
|
|
259
|
-
|
|
260
|
-
if (!credential) {
|
|
261
|
-
throw new Error('No credential found in credential response')
|
|
262
|
-
}
|
|
263
|
-
|
|
264
|
-
return credential
|
|
265
|
-
}
|
|
266
|
-
|
|
267
253
|
export const getIdentifierOpts = async (args: GetIdentifierArgs): Promise<ManagedIdentifierResult> => {
|
|
268
254
|
const { issuanceOpt, context } = args
|
|
269
255
|
const { identifier: identifierArg } = issuanceOpt
|
|
@@ -384,7 +370,7 @@ export const getCredentialConfigsSupportedBySingleTypeOrId = async (
|
|
|
384
370
|
}
|
|
385
371
|
|
|
386
372
|
if (configurationId) {
|
|
387
|
-
const allSupported = client.getCredentialsSupported(
|
|
373
|
+
const allSupported = client.getCredentialsSupported(false)
|
|
388
374
|
return Object.fromEntries(
|
|
389
375
|
Object.entries(allSupported).filter(
|
|
390
376
|
([id, supported]) => id === configurationId || supported.id === configurationId || createIdFromTypes(supported) === configurationId,
|
|
@@ -392,15 +378,29 @@ export const getCredentialConfigsSupportedBySingleTypeOrId = async (
|
|
|
392
378
|
)
|
|
393
379
|
}
|
|
394
380
|
|
|
395
|
-
if (!client.credentialOffer) {
|
|
396
|
-
return Promise.reject(Error('openID4VCIClient has no credentialOffer'))
|
|
381
|
+
if (!types && !client.credentialOffer) {
|
|
382
|
+
return Promise.reject(Error('openID4VCIClient has no credentialOffer and no types where provided'))
|
|
383
|
+
/*} else if (!format && !client.credentialOffer) {
|
|
384
|
+
return Promise.reject(Error('openID4VCIClient has no credentialOffer and no formats where provided'))*/
|
|
397
385
|
}
|
|
398
|
-
|
|
399
|
-
|
|
386
|
+
// We should always have a credential offer at this point given the above
|
|
387
|
+
if (!Array.isArray(format) && client.credentialOffer) {
|
|
388
|
+
if (
|
|
389
|
+
client.version() > OpenId4VCIVersion.VER_1_0_09 &&
|
|
390
|
+
typeof client.credentialOffer.credential_offer === 'object' &&
|
|
391
|
+
'credentials' in client.credentialOffer.credential_offer
|
|
392
|
+
) {
|
|
393
|
+
format = client.credentialOffer.credential_offer.credentials
|
|
394
|
+
.filter((cred: CredentialOfferFormatV1_0_11 | string) => typeof cred !== 'string')
|
|
395
|
+
.map((cred: CredentialOfferFormatV1_0_11 | string) => (cred as CredentialOfferFormatV1_0_11).format)
|
|
396
|
+
if (format?.length === 0) {
|
|
397
|
+
format = undefined // Otherwise we would match nothing
|
|
398
|
+
}
|
|
399
|
+
}
|
|
400
400
|
}
|
|
401
401
|
|
|
402
402
|
const offerSupported = getSupportedCredentials({
|
|
403
|
-
types: [types],
|
|
403
|
+
types: types ? [types] : client.getCredentialOfferTypes(),
|
|
404
404
|
format,
|
|
405
405
|
version: client.version(),
|
|
406
406
|
issuerMetadata: client.endpointMetadata.credentialIssuerMetadata,
|
|
@@ -580,8 +580,7 @@ export const getIssuanceCryptoSuite = async (opts: GetIssuanceCryptoSuiteArgs):
|
|
|
580
580
|
case 'jwt':
|
|
581
581
|
case 'jwt_vc_json':
|
|
582
582
|
case 'jwt_vc':
|
|
583
|
-
|
|
584
|
-
case 'dc+sd-jwt':
|
|
583
|
+
case 'vc+sd-jwt':
|
|
585
584
|
case 'mso_mdoc': {
|
|
586
585
|
const supportedPreferences: Array<JoseSignatureAlgorithm | JoseSignatureAlgorithmString> = jwtCryptographicSuitePreferences.filter(
|
|
587
586
|
(suite: JoseSignatureAlgorithm | JoseSignatureAlgorithmString) => signing_algs_supported.includes(suite),
|
|
@@ -1,11 +1,10 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { BaseActionObject, Interpreter, ResolveTypegenMeta, ServiceMap, State, StateMachine, StatesConfig, TypegenDisabled } from 'xstate'
|
|
2
2
|
import { OpenID4VCIClientState } from '@sphereon/oid4vci-client'
|
|
3
|
-
import { AuthorizationChallengeCodeResponse } from '@sphereon/oid4vci-common'
|
|
4
|
-
import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'
|
|
5
3
|
import { DidAuthConfig, Party } from '@sphereon/ssi-sdk.data-store'
|
|
4
|
+
import { PresentationDefinitionWithLocation, RPRegistrationMetadataPayload } from '@sphereon/did-auth-siop'
|
|
5
|
+
import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'
|
|
6
|
+
import { AuthorizationChallengeCodeResponse } from '@sphereon/oid4vci-common'
|
|
6
7
|
import { IIdentifier } from '@veramo/core'
|
|
7
|
-
import { DcqlQuery } from 'dcql'
|
|
8
|
-
import { BaseActionObject, Interpreter, ResolveTypegenMeta, ServiceMap, State, StateMachine, StatesConfig, TypegenDisabled } from 'xstate'
|
|
9
8
|
import { ErrorDetails, RequiredContext } from './IOID4VCIHolder'
|
|
10
9
|
|
|
11
10
|
export enum FirstPartyMachineStateTypes {
|
|
@@ -150,7 +149,7 @@ export type SiopV2AuthorizationRequestData = {
|
|
|
150
149
|
clientIdScheme?: string
|
|
151
150
|
clientId?: string
|
|
152
151
|
entityId?: string
|
|
153
|
-
|
|
152
|
+
presentationDefinitions?: PresentationDefinitionWithLocation[]
|
|
154
153
|
}
|
|
155
154
|
|
|
156
155
|
export type FirstPartyMachineNavigationArgs = {
|
|
@@ -7,7 +7,6 @@ import {
|
|
|
7
7
|
CredentialConfigurationSupported,
|
|
8
8
|
CredentialOfferRequestWithBaseUrl,
|
|
9
9
|
CredentialResponse,
|
|
10
|
-
CredentialResponseV1_0_15,
|
|
11
10
|
CredentialsSupportedDisplay,
|
|
12
11
|
EndpointMetadataResult,
|
|
13
12
|
ExperimentalSubjectIssuance,
|
|
@@ -378,7 +377,6 @@ export enum OID4VCIMachineGuards {
|
|
|
378
377
|
requirePinGuard = 'oid4vciRequirePinGuard',
|
|
379
378
|
requireAuthorizationGuard = 'oid4vciRequireAuthorizationGuard',
|
|
380
379
|
noAuthorizationGuard = 'oid4vciNoAuthorizationGuard',
|
|
381
|
-
hasNonceEndpointGuard = 'oid4vciHasNonceEndpointGuard ',
|
|
382
380
|
hasAuthorizationResponse = 'oid4vciHasAuthorizationResponse',
|
|
383
381
|
hasNoContactIdentityGuard = 'oid4vciHasNoContactIdentityGuard',
|
|
384
382
|
verificationCodeGuard = 'oid4vciVerificationCodeGuard',
|
|
@@ -503,7 +501,7 @@ export type CredentialToAccept = {
|
|
|
503
501
|
id?: string
|
|
504
502
|
types: string[]
|
|
505
503
|
issuanceOpt: IssuanceOpts
|
|
506
|
-
credentialResponse:
|
|
504
|
+
credentialResponse: CredentialResponse
|
|
507
505
|
}
|
|
508
506
|
|
|
509
507
|
export type GetCredentialConfigsSupportedArgs = {
|