@sphereon/ssi-sdk.oid4vci-holder 0.34.1-feature.SSISDK.26.48 → 0.34.1-feature.SSISDK.26.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/index.cjs +50 -27
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +4 -3
  4. package/dist/index.d.ts +4 -3
  5. package/dist/index.js +29 -6
  6. package/dist/index.js.map +1 -1
  7. package/package.json +24 -24
  8. package/src/agent/OID4VCIHolder.ts +31 -17
  9. package/src/services/OID4VCIHolderService.ts +24 -2
  10. package/src/types/IOID4VCIHolder.ts +3 -1
package/dist/index.d.cts CHANGED
@@ -1,4 +1,4 @@
1
- import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance, CredentialResponse, AuthorizationResponse, CredentialsSupportedDisplay, IssuerCredentialSubject, MetadataDisplay, NotificationRequest, Jwt } from '@sphereon/oid4vci-common';
1
+ import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance, CredentialResponseV1_0_15, CredentialResponse, AuthorizationResponse, CredentialsSupportedDisplay, IssuerCredentialSubject, MetadataDisplay, NotificationRequest, Jwt } from '@sphereon/oid4vci-common';
2
2
  import { IIdentifierResolution, ManagedIdentifierMethod, ManagedIdentifierOptsOrResult, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution';
3
3
  import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
4
4
  import { IIdentifier, IPluginMethodMap, IAgentContext, ICredentialVerifier, ICredentialIssuer, IDIDManager, IResolver, IKeyManager, TKeyType, VerificationPolicies, TAgent, IAgentPlugin } from '@veramo/core';
@@ -356,6 +356,7 @@ declare enum OID4VCIMachineGuards {
356
356
  requirePinGuard = "oid4vciRequirePinGuard",
357
357
  requireAuthorizationGuard = "oid4vciRequireAuthorizationGuard",
358
358
  noAuthorizationGuard = "oid4vciNoAuthorizationGuard",
359
+ hasNonceEndpointGuard = "oid4vciHasNonceEndpointGuard ",
359
360
  hasAuthorizationResponse = "oid4vciHasAuthorizationResponse",
360
361
  hasNoContactIdentityGuard = "oid4vciHasNoContactIdentityGuard",
361
362
  verificationCodeGuard = "oid4vciVerificationCodeGuard",
@@ -482,7 +483,7 @@ type CredentialToAccept = {
482
483
  id?: string;
483
484
  types: string[];
484
485
  issuanceOpt: IssuanceOpts;
485
- credentialResponse: CredentialResponse;
486
+ credentialResponse: CredentialResponseV1_0_15 | CredentialResponse;
486
487
  };
487
488
  type GetCredentialConfigsSupportedArgs = {
488
489
  client: OpenID4VCIClient;
@@ -667,7 +668,7 @@ type RequiredContext = IAgentContext<IIssuanceBranding & IContactManager & ICred
667
668
  * {@inheritDoc IOID4VCIHolder}
668
669
  */
669
670
  declare const oid4vciHolderContextMethods: Array<string>;
670
- declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string) => Promise<string>;
671
+ declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string, noIssPayloadUpdate?: boolean) => Promise<string>;
671
672
  declare class OID4VCIHolder implements IAgentPlugin {
672
673
  private readonly hasher?;
673
674
  readonly eventTypes: Array<OID4VCIHolderEvent>;
package/dist/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance, CredentialResponse, AuthorizationResponse, CredentialsSupportedDisplay, IssuerCredentialSubject, MetadataDisplay, NotificationRequest, Jwt } from '@sphereon/oid4vci-common';
1
+ import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance, CredentialResponseV1_0_15, CredentialResponse, AuthorizationResponse, CredentialsSupportedDisplay, IssuerCredentialSubject, MetadataDisplay, NotificationRequest, Jwt } from '@sphereon/oid4vci-common';
2
2
  import { IIdentifierResolution, ManagedIdentifierMethod, ManagedIdentifierOptsOrResult, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution';
3
3
  import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
4
4
  import { IIdentifier, IPluginMethodMap, IAgentContext, ICredentialVerifier, ICredentialIssuer, IDIDManager, IResolver, IKeyManager, TKeyType, VerificationPolicies, TAgent, IAgentPlugin } from '@veramo/core';
@@ -356,6 +356,7 @@ declare enum OID4VCIMachineGuards {
356
356
  requirePinGuard = "oid4vciRequirePinGuard",
357
357
  requireAuthorizationGuard = "oid4vciRequireAuthorizationGuard",
358
358
  noAuthorizationGuard = "oid4vciNoAuthorizationGuard",
359
+ hasNonceEndpointGuard = "oid4vciHasNonceEndpointGuard ",
359
360
  hasAuthorizationResponse = "oid4vciHasAuthorizationResponse",
360
361
  hasNoContactIdentityGuard = "oid4vciHasNoContactIdentityGuard",
361
362
  verificationCodeGuard = "oid4vciVerificationCodeGuard",
@@ -482,7 +483,7 @@ type CredentialToAccept = {
482
483
  id?: string;
483
484
  types: string[];
484
485
  issuanceOpt: IssuanceOpts;
485
- credentialResponse: CredentialResponse;
486
+ credentialResponse: CredentialResponseV1_0_15 | CredentialResponse;
486
487
  };
487
488
  type GetCredentialConfigsSupportedArgs = {
488
489
  client: OpenID4VCIClient;
@@ -667,7 +668,7 @@ type RequiredContext = IAgentContext<IIssuanceBranding & IContactManager & ICred
667
668
  * {@inheritDoc IOID4VCIHolder}
668
669
  */
669
670
  declare const oid4vciHolderContextMethods: Array<string>;
670
- declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string) => Promise<string>;
671
+ declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string, noIssPayloadUpdate?: boolean) => Promise<string>;
671
672
  declare class OID4VCIHolder implements IAgentPlugin {
672
673
  private readonly hasher?;
673
674
  readonly eventTypes: Array<OID4VCIHolderEvent>;
package/dist/index.js CHANGED
@@ -60,6 +60,7 @@ import { DefaultURISchemes, getTypesFromAuthorizationDetails, getTypesFromCreden
60
60
  import { SupportedDidMethodEnum as SupportedDidMethodEnum2 } from "@sphereon/ssi-sdk-ext.did-utils";
61
61
  import { isManagedIdentifierDidOpts, isManagedIdentifierDidResult as isManagedIdentifierDidResult2, isManagedIdentifierJwkResult, isManagedIdentifierKidResult, isManagedIdentifierResult as isManagedIdentifierResult2, isManagedIdentifierX5cOpts, isManagedIdentifierX5cResult } from "@sphereon/ssi-sdk-ext.identifier-resolution";
62
62
  import { signatureAlgorithmFromKey } from "@sphereon/ssi-sdk-ext.key-utils";
63
+ import { defaultHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
63
64
  import { ConnectionType, CorrelationIdentifierType, CredentialCorrelationType, CredentialRole, ensureRawDocument, IdentityOrigin } from "@sphereon/ssi-sdk.data-store";
64
65
  import { CredentialMapper as CredentialMapper2, JoseSignatureAlgorithm as JoseSignatureAlgorithm2, Loggers, parseDid } from "@sphereon/ssi-types";
65
66
  import { asArray as asArray2, computeEntryHash } from "@veramo/utils";
@@ -149,6 +150,7 @@ var OID4VCIMachineGuards = /* @__PURE__ */ function(OID4VCIMachineGuards2) {
149
150
  OID4VCIMachineGuards2["requirePinGuard"] = "oid4vciRequirePinGuard";
150
151
  OID4VCIMachineGuards2["requireAuthorizationGuard"] = "oid4vciRequireAuthorizationGuard";
151
152
  OID4VCIMachineGuards2["noAuthorizationGuard"] = "oid4vciNoAuthorizationGuard";
153
+ OID4VCIMachineGuards2["hasNonceEndpointGuard"] = "oid4vciHasNonceEndpointGuard ";
152
154
  OID4VCIMachineGuards2["hasAuthorizationResponse"] = "oid4vciHasAuthorizationResponse";
153
155
  OID4VCIMachineGuards2["hasNoContactIdentityGuard"] = "oid4vciHasNoContactIdentityGuard";
154
156
  OID4VCIMachineGuards2["verificationCodeGuard"] = "oid4vciVerificationCodeGuard";
@@ -1604,7 +1606,13 @@ var selectCredentialLocaleBranding = /* @__PURE__ */ __name(async (args) => {
1604
1606
  }, "selectCredentialLocaleBranding");
1605
1607
  var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
1606
1608
  const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args;
1607
- const credential = mappedCredential.credentialToAccept.credentialResponse.credential;
1609
+ const credentialResponse = mappedCredential.credentialToAccept.credentialResponse;
1610
+ let credential;
1611
+ if ("credential" in credentialResponse) {
1612
+ credential = credentialResponse.credential;
1613
+ } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
1614
+ credential = credentialResponse.credentials[0].credential;
1615
+ }
1608
1616
  if (!credential) {
1609
1617
  return Promise.reject(Error("No credential found in credential response"));
1610
1618
  }
@@ -1660,7 +1668,12 @@ var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
1660
1668
  var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
1661
1669
  const { credentialToAccept, hasher } = args;
1662
1670
  const credentialResponse = credentialToAccept.credentialResponse;
1663
- const verifiableCredential = credentialResponse.credential;
1671
+ let verifiableCredential;
1672
+ if ("credential" in credentialResponse) {
1673
+ verifiableCredential = credentialResponse.credential;
1674
+ } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
1675
+ verifiableCredential = credentialResponse.credentials[0].credential;
1676
+ }
1664
1677
  if (!verifiableCredential) {
1665
1678
  return Promise.reject(Error("No credential found in credential response"));
1666
1679
  }
@@ -1994,6 +2007,7 @@ var getIssuanceCryptoSuite = /* @__PURE__ */ __name(async (opts) => {
1994
2007
  case "jwt":
1995
2008
  case "jwt_vc_json":
1996
2009
  case "jwt_vc":
2010
+ case "vc+sd-jwt":
1997
2011
  case "dc+sd-jwt":
1998
2012
  case "mso_mdoc": {
1999
2013
  const supportedPreferences = jwtCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
@@ -2063,7 +2077,6 @@ var startFirstPartApplicationMachine = /* @__PURE__ */ __name(async (args, conte
2063
2077
 
2064
2078
  // src/agent/OID4VCIHolder.ts
2065
2079
  import "cross-fetch/polyfill";
2066
- import { defaultHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
2067
2080
  var oid4vciHolderContextMethods = [
2068
2081
  "cmGetContacts",
2069
2082
  "cmGetContact",
@@ -2079,7 +2092,7 @@ var oid4vciHolderContextMethods = [
2079
2092
  ];
2080
2093
  var logger = Loggers.DEFAULT.get("sphereon:oid4vci:holder");
2081
2094
  function signCallback(identifier, context, nonce) {
2082
- return async (jwt, kid) => {
2095
+ return async (jwt, kid, noIssPayloadUpdate) => {
2083
2096
  let resolution = await context.agent.identifierManagedGet(identifier);
2084
2097
  const jwk = jwt.header.jwk ?? (resolution.method === "jwk" ? resolution.jwk : void 0);
2085
2098
  if (!resolution.issuer && !jwt.payload.iss) {
@@ -2097,7 +2110,7 @@ function signCallback(identifier, context, nonce) {
2097
2110
  return (await context.agent.jwtCreateJwsCompactSignature({
2098
2111
  issuer: {
2099
2112
  ...resolution,
2100
- noIssPayloadUpdate: false
2113
+ noIssPayloadUpdate: noIssPayloadUpdate ?? false
2101
2114
  },
2102
2115
  protectedHeader: header,
2103
2116
  payload
@@ -2133,6 +2146,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
2133
2146
  };
2134
2147
  vcFormatPreferences = [
2135
2148
  "dc+sd-jwt",
2149
+ "vc+sd-jwt",
2136
2150
  "mso_mdoc",
2137
2151
  "jwt_vc_json",
2138
2152
  "jwt_vc",
@@ -2718,7 +2732,16 @@ var OID4VCIHolder = class _OID4VCIHolder {
2718
2732
  if (Array.isArray(subjectIssuance?.notification_events_supported)) {
2719
2733
  event = subjectIssuance.notification_events_supported.includes("credential_accepted_holder_signed") ? "credential_accepted_holder_signed" : "credential_deleted_holder_signed";
2720
2734
  logger.log(`Subject issuance/signing will be used, with event`, event);
2721
- const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential;
2735
+ const credentialResponse = mappedCredentialToAccept.credentialToAccept.credentialResponse;
2736
+ let issuerVC;
2737
+ if ("credential" in credentialResponse) {
2738
+ issuerVC = credentialResponse.credential;
2739
+ } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
2740
+ issuerVC = credentialResponse.credentials[0].credential;
2741
+ }
2742
+ if (!issuerVC) {
2743
+ return Promise.reject(Error("No credential found in credential response"));
2744
+ }
2722
2745
  const wrappedIssuerVC = CredentialMapper2.toWrappedVerifiableCredential(issuerVC, {
2723
2746
  hasher: this.hasher ?? defaultHasher2
2724
2747
  });