@sphereon/ssi-sdk.oid4vci-holder 0.36.1-feat.SSISDK.83.6 → 0.36.1-feature.SSISDK.82.and.SSISDK.70.37

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.oid4vci-holder",
-  "version": "0.36.1-feat.SSISDK.83.6+3072bb3e",
+  "version": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -26,27 +26,27 @@
     "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.20.1-feat.SSISDK.83.1",
+    "@sphereon/did-auth-siop": "0.20.1-fix.1",
     "@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
-    "@sphereon/oid4vci-client": "0.20.1-feat.SSISDK.83.1",
-    "@sphereon/oid4vci-common": "0.20.1-feat.SSISDK.83.1",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk-ext.jwt-service": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.contact-manager": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.core": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.credential-store": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.credential-validation": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.data-store-types": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.issuance-branding": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.mdl-mdoc": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.oidf-client": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.sd-jwt": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.36.1-feat.SSISDK.83.6+3072bb3e",
-    "@sphereon/ssi-types": "0.36.1-feat.SSISDK.83.6+3072bb3e",
+    "@sphereon/oid4vci-client": "0.20.1-fix.1",
+    "@sphereon/oid4vci-common": "0.20.1-fix.1",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk-ext.jwt-service": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.contact-manager": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.core": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.credential-store": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.credential-validation": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.data-store-types": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.issuance-branding": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.mdl-mdoc": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.oidf-client": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.sd-jwt": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
+    "@sphereon/ssi-types": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
     "@veramo/core": "4.2.0",
     "@veramo/data-store": "4.2.0",
     "@veramo/utils": "4.2.0",
@@ -59,8 +59,8 @@
     "xstate": "^4.38.3"
   },
   "devDependencies": {
-    "@sphereon/oid4vc-common": "0.20.1-feat.SSISDK.83.1",
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.36.1-feat.SSISDK.83.6+3072bb3e",
+    "@sphereon/oid4vc-common": "0.20.1-fix.1",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.36.1-feature.SSISDK.82.and.SSISDK.70.37+4f1096f2",
     "@sphereon/ssi-sdk.siopv2-oid4vp-common": "workspace:*",
     "@types/i18n-js": "^3.8.9",
     "@types/lodash.memoize": "^4.1.9",
@@ -90,5 +90,5 @@
     "OID4VCI",
     "State Machine"
   ],
-  "gitHead": "3072bb3eaa3ef795b9b0fb6b3029e9d69903b5d2"
+  "gitHead": "4f1096f2d7ce22bdc20319a780386979393bc2ef"
 }

package/src/agent/OID4VCIHolder.ts

@@ -123,6 +123,7 @@ import {
   VerificationResult,
   VerifyEBSICredentialIssuerArgs,
   VerifyEBSICredentialIssuerResult,
+  WalletType,
 } from '../types/IOID4VCIHolder'
 
 /**
@@ -493,7 +494,7 @@ export class OID4VCIHolder implements IAgentPlugin {
     if (!clientId) {
       return Promise.reject(Error(`Missing client id in contact's connectionConfig`))
     }
-    const client = await OpenID4VCIClient.fromState({ state: openID4VCIClientState })
+    const client = await OpenID4VCIClientV1_0_15.fromState({ state: openID4VCIClientState })
     const authorizationCodeURL = await client.createAuthorizationRequestUrl({
       authorizationRequest: {
         clientId: clientId,
@@ -505,7 +506,7 @@ export class OID4VCIHolder implements IAgentPlugin {
     return {
       authorizationCodeURL,
       // Needed, because the above createAuthorizationRequestUrl manipulates the state, adding pkce opts to the state
-      oid4vciClientState: JSON.parse(await client.exportState())
+      oid4vciClientState: JSON.parse(await client.exportState()),
     }
   }
 
@@ -617,7 +618,7 @@ export class OID4VCIHolder implements IAgentPlugin {
   }
 
   private async oid4vciHolderGetCredentials(args: GetCredentialsArgs, context: RequiredContext): Promise<Array<MappedCredentialToAccept>> {
-    const { verificationCode, openID4VCIClientState, didMethodPreferences = this.didMethodPreferences, issuanceOpt, accessTokenOpts } = args
+    const { verificationCode, openID4VCIClientState, didMethodPreferences, issuanceOpt, accessTokenOpts, walletType } = args
     logger.debug(`Getting credentials`, issuanceOpt, accessTokenOpts)
 
     if (!openID4VCIClientState) {
@@ -636,7 +637,7 @@ export class OID4VCIHolder implements IAgentPlugin {
       credentialsSupported,
       serverMetadata,
       context,
-      didMethodPreferences: Array.isArray(didMethodPreferences) && didMethodPreferences.length > 0 ? didMethodPreferences : this.didMethodPreferences,
+      didMethodPreferences: this.selectDidMethodPreferences(didMethodPreferences, walletType),
       jwtCryptographicSuitePreferences: this.jwtCryptographicSuitePreferences,
       jsonldCryptographicSuitePreferences: this.jsonldCryptographicSuitePreferences,
       ...(issuanceOpt && { forceIssuanceOpt: issuanceOpt }),
@@ -661,6 +662,15 @@ export class OID4VCIHolder implements IAgentPlugin {
     return allCredentials
   }
 
+  private selectDidMethodPreferences(didMethodPreferences: Array<SupportedDidMethodEnum> | undefined, walletType: WalletType) {
+    const supportedDidMethodEnums =
+      Array.isArray(didMethodPreferences) && didMethodPreferences.length > 0 ? didMethodPreferences : this.didMethodPreferences
+    if (walletType === 'ORGANIZATIONAL') {
+      return [SupportedDidMethodEnum.DID_WEB, ...supportedDidMethodEnums]
+    }
+    return supportedDidMethodEnums
+  }
+
   private async oid4vciHolderGetCredential(args: GetCredentialArgs, context: RequiredContext): Promise<MappedCredentialToAccept> {
     const { issuanceOpt, pin, client, accessTokenOpts } = args
     logger.info(`Getting credential`, issuanceOpt)
@@ -731,6 +741,7 @@ export class OID4VCIHolder implements IAgentPlugin {
         format: issuanceOpt.format,
         // TODO: We need to update the machine and add notifications support for actual deferred credentials instead of just waiting/retrying
         deferredCredentialAwait: true,
+        ...(issuanceOpt.id && typeof issuanceOpt.id === 'string' ? { credentialConfigurationId: issuanceOpt.id } : undefined),
         ...(!jwk && { kid }), // vci client either wants a jwk or kid. If we have used the jwk method do not provide the kid
         jwk,
         alg,

package/src/link-handler/index.ts

@@ -3,7 +3,7 @@ import { AuthorizationRequestOpts, AuthorizationServerClientOpts, AuthzFlowType,
 import { DefaultLinkPriorities, LinkHandlerAdapter } from '@sphereon/ssi-sdk.core'
 import { IMachineStatePersistence, interpreterStartOrResume, SerializableState } from '@sphereon/ssi-sdk.xstate-machine-persistence'
 import { IAgentContext } from '@veramo/core'
-import { GetMachineArgs, IOID4VCIHolder, OID4VCIMachineEvents, OID4VCIMachineStateNavigationListener } from '../types/IOID4VCIHolder'
+import { GetMachineArgs, IOID4VCIHolder, OID4VCIMachineEvents, OID4VCIMachineStateNavigationListener, WalletType } from '../types/IOID4VCIHolder'
 import { FirstPartyMachineStateNavigationListener } from '../types/FirstPartyMachine'
 
 /**
@@ -14,6 +14,7 @@ export class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {
   private readonly stateNavigationListener?: OID4VCIMachineStateNavigationListener
   private readonly firstPartyStateNavigationListener?: FirstPartyMachineStateNavigationListener
   private readonly noStateMachinePersistence: boolean
+  private readonly walletType: WalletType
   private readonly authorizationRequestOpts?: AuthorizationRequestOpts
   private readonly clientOpts?: AuthorizationServerClientOpts
   private readonly trustAnchors?: Array<string>
@@ -21,7 +22,7 @@ export class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {
   constructor(
     args: Pick<
       GetMachineArgs,
-      'stateNavigationListener' | 'authorizationRequestOpts' | 'clientOpts' | 'trustAnchors' | 'firstPartyStateNavigationListener'
+      'stateNavigationListener' | 'authorizationRequestOpts' | 'clientOpts' | 'trustAnchors' | 'firstPartyStateNavigationListener' | 'walletType'
     > & {
       priority?: number | DefaultLinkPriorities
       protocols?: Array<string | RegExp>
@@ -33,6 +34,7 @@ export class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {
     this.authorizationRequestOpts = args.authorizationRequestOpts
     this.clientOpts = args.clientOpts
     this.context = args.context
+    this.walletType = args.walletType ?? 'NATURAL_PERSON'
     this.noStateMachinePersistence = args.noStateMachinePersistence === true
     this.stateNavigationListener = args.stateNavigationListener
     this.firstPartyStateNavigationListener = args.firstPartyStateNavigationListener
@@ -68,6 +70,7 @@ export class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {
       ...((clientOpts.clientId || clientOpts.clientAssertionType) && { clientOpts: clientOpts as AuthorizationServerClientOpts }),
       stateNavigationListener: this.stateNavigationListener,
       firstPartyStateNavigationListener: this.firstPartyStateNavigationListener,
+      walletType: this.walletType,
     })
 
     const interpreter = oid4vciMachine.interpreter

package/src/machines/oid4vciMachine.ts

@@ -126,6 +126,7 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
     // TODO WAL-671 we need to store the data from OpenIdProvider here in the context and make sure we can restart the machine with it and init the OpenIdProvider
     accessTokenOpts: opts?.accessTokenOpts,
     requestData: opts?.requestData,
+    walletType: opts?.walletType ?? 'NATURAL_PERSON',
     trustAnchors: opts?.trustAnchors ?? [],
     issuanceOpt: opts?.issuanceOpt,
     didMethodPreferences: opts?.didMethodPreferences,
@@ -347,7 +348,7 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
             cond: OID4VCIMachineGuards.isFirstPartyApplication,
           },
           {
-            target: OID4VCIMachineStates.initiateAuthorizationRequest,
+            target: OID4VCIMachineStates.prepareAuthorizationRequest,
             cond: OID4VCIMachineGuards.requireAuthorizationGuard,
           },
           {
@@ -444,10 +445,6 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
             target: OID4VCIMachineStates.prepareAuthorizationRequest,
             cond: OID4VCIMachineGuards.requireAuthorizationGuard,
           },
-          {
-            target: OID4VCIMachineStates.initiateAuthorizationRequest,
-            cond: OID4VCIMachineGuards.requireAuthorizationGuard,
-          },
           {
             target: OID4VCIMachineStates.verifyPin,
             cond: OID4VCIMachineGuards.requirePinGuard,
@@ -524,10 +521,6 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
             target: OID4VCIMachineStates.verifyPin,
             cond: OID4VCIMachineGuards.requirePinGuard,
           },
-          {
-            target: OID4VCIMachineStates.prepareAuthorizationRequest,
-            cond: OID4VCIMachineGuards.requireAuthorizationGuard,
-          },
           {
             target: OID4VCIMachineStates.getCredentials,
           },

package/src/services/OID4VCIHolderService.ts

@@ -214,7 +214,7 @@ export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Pr
     if (!hasher) {
       return Promise.reject('a hasher is required for encoded SD-JWT credentials')
     }
-    const asyncHasher: Hasher = (data: string | ArrayBuffer, algorithm: string) => Promise.resolve(hasher(data, algorithm))
+    const asyncHasher: Hasher = (data: string | ArrayBuffer | SharedArrayBuffer, algorithm: string) => Promise.resolve(hasher(data, algorithm))
     const decodedSdJwt = await CredentialMapper.decodeSdJwtVcAsync(wrappedVerifiableCredential.credential, asyncHasher)
     uniformVerifiableCredential = sdJwtDecodedCredentialToUniformCredential(<SdJwtDecodedVerifiableCredential>decodedSdJwt)
   } else if (CredentialMapper.isMsoMdocDecodedCredential(wrappedVerifiableCredential.credential)) {

package/src/types/IOID4VCIHolder.ts

@@ -136,6 +136,7 @@ export type OnIdentifierCreatedArgs = {
 
 export type GetMachineArgs = {
   requestData: RequestData
+  walletType: WalletType
   trustAnchors?: Array<string>
   authorizationRequestOpts?: AuthorizationRequestOpts
   clientOpts?: AuthorizationServerClientOpts
@@ -157,7 +158,7 @@ export type CreateCredentialsToSelectFromArgs = Pick<
 export type GetContactArgs = Pick<OID4VCIMachineContext, 'serverMetadata'>
 export type GetCredentialsArgs = Pick<
   OID4VCIMachineContext,
-  'verificationCode' | 'openID4VCIClientState' | 'selectedCredentials' | 'didMethodPreferences' | 'issuanceOpt' | 'accessTokenOpts'
+  'verificationCode' | 'openID4VCIClientState' | 'selectedCredentials' | 'didMethodPreferences' | 'issuanceOpt' | 'accessTokenOpts' | 'walletType'
 >
 export type AddContactIdentityArgs = Pick<OID4VCIMachineContext, 'credentialsToAccept' | 'contact'>
 export type GetIssuerBrandingArgs = Pick<OID4VCIMachineContext, 'serverMetadata' | 'contact'>
@@ -233,6 +234,7 @@ export type OID4VCIMachineContext = {
   openID4VCIClientState?: OpenID4VCIClientState
   credentialToSelectFrom: Array<CredentialToSelectFromResult>
   contactAlias: string
+  walletType: WalletType
   contact?: Party
   selectedCredentials: Array<string>
   credentialsToAccept: Array<MappedCredentialToAccept>
@@ -316,6 +318,7 @@ export type OID4VCIStateMachine = StateMachine<
 
 export type CreateOID4VCIMachineOpts = {
   requestData: RequestData
+  walletType: WalletType
   machineName?: string
   locale?: string
   trustAnchors?: Array<string>
@@ -729,6 +732,8 @@ export type DynamicRegistrationClientMetadataDisplay = Pick<
   'client_name' | 'client_uri' | 'contacts' | 'tos_uri' | 'policy_uri' | 'logo_uri'
 >
 
+export type WalletType = 'NATURAL_PERSON' | 'ORGANIZATIONAL'
+
 export type DidAgents = TAgent<IResolver & IDIDManager>
 
 export type RequiredContext = IAgentContext<