npm - @sphereon/ssi-sdk.oid4vci-issuer - Versions diffs - 0.36.1-feature.SSISDK.82.and.SSISDK.70.37 → 0.36.1-feature.integration.fides.101 - Mend

@sphereon/ssi-sdk.oid4vci-issuer 0.36.1-feature.SSISDK.82.and.SSISDK.70.37 → 0.36.1-feature.integration.fides.101

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/index.cjs +55 -9
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +9 -4
package/dist/index.d.ts +9 -4
package/dist/index.js +55 -9
package/dist/index.js.map +1 -1
package/package.json +20 -20
package/src/IssuerInstance.ts +8 -0
package/src/agent/OID4VCIIssuer.ts +44 -23
package/src/functions.ts +35 -8
package/src/index.ts +1 -1
package/src/types/IOID4VCIIssuer.ts +5 -1

package/src/agent/OID4VCIIssuer.ts CHANGED Viewed

@@ -1,31 +1,39 @@
+import {retrieveWellknown} from '@sphereon/oid4vci-client'
 import {
-  AccessTokenResponse,
-  AuthorizationServerMetadata,
-  CredentialResponse,
-  IssuerMetadata,
-  OpenIDResponse,
-  WellKnownEndpoints,
+    AccessTokenResponse,
+    AuthorizationServerMetadata,
+    CredentialResponse,
+    IssuerMetadata,
+    OpenIDResponse,
+    WellKnownEndpoints,
 } from '@sphereon/oid4vci-common'
-import { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'
-import { retrieveWellknown } from '@sphereon/oid4vci-client'
-import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
-import { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'
-import { IAgentPlugin } from '@veramo/core'
-import { getAccessTokenSignerCallback } from '../functions'
+import {assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer} from '@sphereon/oid4vci-issuer'
+import {getAgentResolver} from '@sphereon/ssi-sdk-ext.did-utils'
+import {IMetadataOptions} from '@sphereon/ssi-sdk.oid4vci-issuer-store'
+import {IAgentPlugin} from '@veramo/core'
+import {getAccessTokenSignerCallback} from '../functions'
 import {
-  IAssertValidAccessTokenArgs,
-  ICreateCredentialOfferURIResult,
-  ICreateOfferArgs,
-  IIssueCredentialArgs,
-  IIssuerInstanceArgs,
-  IIssuerOptions,
-  IOID4VCIIssuerOpts,
-  IRequiredContext,
-  schema,
+    IAssertValidAccessTokenArgs,
+    ICreateCredentialOfferURIResult,
+    ICreateOfferArgs,
+    IIssueCredentialArgs,
+    IIssuerInstanceArgs,
+    IIssuerOptions,
+    IOID4VCIIssuerOpts,
+    IRefreshInstanceMetadata,
+    IRequiredContext,
+    schema,
 } from '../index'
-import { IssuerInstance } from '../IssuerInstance'
+import {IssuerInstance} from '../IssuerInstance'
+import {IOID4VCIIssuer} from '../types/IOID4VCIIssuer'
-import { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'
+export const oid4vciIssuerMethods: Array<string> = [
+  'oid4vciCreateOfferURI',
+  'oid4vciIssueCredential',
+  'oid4vciCreateAccessTokenResponse',
+  'oid4vciGetInstance',
+  'oid4vciRefreshInstanceMetadata',
+]
 export class OID4VCIIssuer implements IAgentPlugin {
   private static readonly _DEFAULT_OPTS_KEY = '_default'
@@ -37,6 +45,7 @@ export class OID4VCIIssuer implements IAgentPlugin {
     oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),
     oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),
     oid4vciGetInstance: this.oid4vciGetInstance.bind(this),
+    oid4vciRefreshInstanceMetadata: this.oid4vciRefreshInstanceMetadata.bind(this),
   }
   private _opts: IOID4VCIIssuerOpts
@@ -132,6 +141,7 @@ export class OID4VCIIssuer implements IAgentPlugin {
     if (!issuerOpts.resolveOpts?.resolver) {
       issuerOpts.resolveOpts.resolver = getAgentResolver(context)
     }
     this.instances.set(
       credentialIssuer,
       new IssuerInstance({
@@ -141,9 +151,20 @@ export class OID4VCIIssuer implements IAgentPlugin {
         authorizationServerMetadata,
       }),
     )
     return this.oid4vciGetInstance(args, context)
   }
+  // TODO SSISDK-87 create proper solution to update issuer metadata
+  public async oid4vciRefreshInstanceMetadata(args: IRefreshInstanceMetadata, context: IRequiredContext): Promise<boolean> {
+    const instance = this.instances.get(args.credentialIssuer)
+    if (instance) {
+      instance.issuerMetadata = await this.getIssuerMetadata({ ...args }, context)
+      return true
+    }
+    return false
+  }
   public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {
     const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY
     //todo: prob doesn't make sense as credentialIssuer is mandatory anyway

package/src/functions.ts CHANGED Viewed

@@ -12,7 +12,7 @@ import {
 } from '@sphereon/oid4vci-common'
 import { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'
 import { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'
-import { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'
+import { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'
 import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
 import { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'
 import { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'
@@ -141,14 +141,20 @@ export async function getAccessTokenSignerCallback(
   },
   context: IRequiredContext,
 ) {
+  const resolution = legacyKeyRefsToIdentifierOpts(opts)
+  const identifier = await context.agent.identifierManagedGet({
+    identifier: resolution.identifier as string,
+    vmRelationship: 'authentication',
+  })
+  const keyRef = identifier.kmsKeyRef
+  if (!keyRef) {
+    throw Error('Cannot sign access tokens without a key ref')
+  }
   const signer = async (data: string | Uint8Array) => {
     let dataString, encoding: 'base64' | undefined
-    const resolution = await legacyKeyRefsToIdentifierOpts(opts)
-    const keyRef = resolution.kmsKeyRef
-    if (!keyRef) {
-      throw Error('Cannot sign access tokens without a key ref')
-    }
     if (typeof data === 'string') {
       dataString = data
       encoding = undefined
@@ -168,6 +174,9 @@ export async function getAccessTokenSignerCallback(
     }
     let kidHeader: string | undefined = jwt?.header?.kid ?? kid
+    if (!kidHeader && identifier.kid) {
+      kidHeader = identifier.kid
+    }
     if (!kidHeader) {
       if (
         opts.idOpts?.method === 'did' ||
@@ -178,7 +187,17 @@ export async function getAccessTokenSignerCallback(
         kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid
       }
     }
-    return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })
+    const alg = identifier.jwk?.alg
+    if (!alg) {
+      return Promise.reject(Error('No algorithm found in identifier JWK'))
+    }
+    return await createJWT(
+      jwt.payload,
+      { signer, issuer },
+      { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT', alg },
+    )
   }
   return accessTokenSignerCallback
@@ -201,7 +220,15 @@ export async function getCredentialSignerCallback(
     const credential = args.credential as ICredential // TODO: SDJWT
     let proofFormat: ProofFormat
-    const resolution = await context.agent.identifierManagedGet(idOpts)
+    let resolution: ManagedIdentifierResult
+    if (typeof idOpts.identifier !== 'string') {
+      resolution = idOpts as ManagedIdentifierResult
+    } else {
+      resolution = await context.agent.identifierManagedGet({
+        identifier: idOpts.identifier,
+        vmRelationship: 'assertionMethod',
+      })
+    }
     proofFormat = format?.includes('ld') ? 'lds' : 'jwt'
     const issuer = resolution.issuer ?? resolution.kmsKeyRef

package/src/index.ts CHANGED Viewed

@@ -3,7 +3,7 @@
  */
 const schema = require('../plugin.schema.json')
 export { schema }
-export { OID4VCIIssuer } from './agent/OID4VCIIssuer'
+export { OID4VCIIssuer, oid4vciIssuerMethods } from './agent/OID4VCIIssuer'
 export * from './functions'
 export * from './IssuerInstance'
 export * from './types/IOID4VCIIssuer'

package/src/types/IOID4VCIIssuer.ts CHANGED Viewed

@@ -30,6 +30,7 @@ export interface IOID4VCIIssuer extends IPluginMethodMap {
   oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse>
   oid4vciCreateAccessTokenResponse(accessTokenArgs: IAssertValidAccessTokenArgs, context: IRequiredContext): Promise<AccessTokenResponse>
   oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance>
+  oid4vciRefreshInstanceMetadata(args: IRefreshInstanceMetadata, context: IRequiredContext): Promise<boolean>
 }
 export interface IOID4VCIIssuerOpts {
@@ -45,7 +46,6 @@ export interface ICreateOfferArgs extends IIssuerInstanceArgs {
   credentialDefinition?: IssuerCredentialDefinition
   credentialOfferUri?: string
   credentialDataSupplierInput?: CredentialDataSupplierInput // Optional storage that can help the credential Data Supplier. For instance to store credential input data during offer creation, if no additional data can be supplied later on
   redirectUri?: string
   // auth_session?: string; Would be a nice extension to support, to allow external systems to determine what the auth_session value should be
   // @Deprecated use tx_code in the grant object
@@ -83,6 +83,10 @@ export interface IIssuerInstanceArgs {
   namespace?: string
 }
+export interface IRefreshInstanceMetadata {
+  credentialIssuer: string
+}
 export interface IIssuerInstanceOptions extends IMetadataOptions {
   issuerOpts?: IIssuerOptions
   metadataOpts?: CredentialIssuerMetadataOpts