@sphereon/ssi-sdk.oid4vci-issuer 0.36.1-next.11 → 0.36.1-next.113
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +49 -9
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +9 -4
- package/dist/index.d.ts +9 -4
- package/dist/index.js +49 -9
- package/dist/index.js.map +1 -1
- package/package.json +20 -20
- package/src/agent/OID4VCIIssuer.ts +42 -23
- package/src/functions.ts +35 -9
- package/src/index.ts +1 -1
- package/src/types/IOID4VCIIssuer.ts +5 -1
package/src/functions.ts
CHANGED
|
@@ -12,7 +12,7 @@ import {
|
|
|
12
12
|
} from '@sphereon/oid4vci-common'
|
|
13
13
|
import { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'
|
|
14
14
|
import { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'
|
|
15
|
-
import { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'
|
|
15
|
+
import { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'
|
|
16
16
|
import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
|
|
17
17
|
import { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'
|
|
18
18
|
import { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'
|
|
@@ -141,14 +141,20 @@ export async function getAccessTokenSignerCallback(
|
|
|
141
141
|
},
|
|
142
142
|
context: IRequiredContext,
|
|
143
143
|
) {
|
|
144
|
+
const resolution = legacyKeyRefsToIdentifierOpts(opts)
|
|
145
|
+
const identifier = await context.agent.identifierManagedGet({
|
|
146
|
+
identifier: resolution.identifier as string,
|
|
147
|
+
vmRelationship: 'authentication',
|
|
148
|
+
})
|
|
149
|
+
|
|
150
|
+
const keyRef = identifier.kmsKeyRef
|
|
151
|
+
if (!keyRef) {
|
|
152
|
+
throw Error('Cannot sign access tokens without a key ref')
|
|
153
|
+
}
|
|
154
|
+
|
|
144
155
|
const signer = async (data: string | Uint8Array) => {
|
|
145
156
|
let dataString, encoding: 'base64' | undefined
|
|
146
157
|
|
|
147
|
-
const resolution = await legacyKeyRefsToIdentifierOpts(opts)
|
|
148
|
-
const keyRef = resolution.kmsKeyRef
|
|
149
|
-
if (!keyRef) {
|
|
150
|
-
throw Error('Cannot sign access tokens without a key ref')
|
|
151
|
-
}
|
|
152
158
|
if (typeof data === 'string') {
|
|
153
159
|
dataString = data
|
|
154
160
|
encoding = undefined
|
|
@@ -168,6 +174,9 @@ export async function getAccessTokenSignerCallback(
|
|
|
168
174
|
}
|
|
169
175
|
|
|
170
176
|
let kidHeader: string | undefined = jwt?.header?.kid ?? kid
|
|
177
|
+
if (!kidHeader && identifier.kid) {
|
|
178
|
+
kidHeader = identifier.kid
|
|
179
|
+
}
|
|
171
180
|
if (!kidHeader) {
|
|
172
181
|
if (
|
|
173
182
|
opts.idOpts?.method === 'did' ||
|
|
@@ -178,7 +187,17 @@ export async function getAccessTokenSignerCallback(
|
|
|
178
187
|
kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid
|
|
179
188
|
}
|
|
180
189
|
}
|
|
181
|
-
|
|
190
|
+
|
|
191
|
+
const alg = identifier.jwk?.alg
|
|
192
|
+
if (!alg) {
|
|
193
|
+
return Promise.reject(Error('No algorithm found in identifier JWK'))
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
return await createJWT(
|
|
197
|
+
jwt.payload,
|
|
198
|
+
{ signer, issuer },
|
|
199
|
+
{ ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT', alg },
|
|
200
|
+
)
|
|
182
201
|
}
|
|
183
202
|
|
|
184
203
|
return accessTokenSignerCallback
|
|
@@ -201,7 +220,15 @@ export async function getCredentialSignerCallback(
|
|
|
201
220
|
const credential = args.credential as ICredential // TODO: SDJWT
|
|
202
221
|
let proofFormat: ProofFormat
|
|
203
222
|
|
|
204
|
-
|
|
223
|
+
let resolution: ManagedIdentifierResult
|
|
224
|
+
if (typeof idOpts.identifier !== 'string') {
|
|
225
|
+
resolution = idOpts as ManagedIdentifierResult
|
|
226
|
+
} else {
|
|
227
|
+
resolution = await context.agent.identifierManagedGet({
|
|
228
|
+
identifier: idOpts.identifier,
|
|
229
|
+
vmRelationship: 'assertionMethod',
|
|
230
|
+
})
|
|
231
|
+
}
|
|
205
232
|
proofFormat = format?.includes('ld') ? 'lds' : 'jwt'
|
|
206
233
|
const issuer = resolution.issuer ?? resolution.kmsKeyRef
|
|
207
234
|
|
|
@@ -227,7 +254,6 @@ export async function getCredentialSignerCallback(
|
|
|
227
254
|
const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })
|
|
228
255
|
if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {
|
|
229
256
|
credential.credentialStatus = credentialStatusVC.credentialStatus
|
|
230
|
-
// TODO update statusLists somehow?
|
|
231
257
|
}
|
|
232
258
|
}
|
|
233
259
|
|
package/src/index.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
*/
|
|
4
4
|
const schema = require('../plugin.schema.json')
|
|
5
5
|
export { schema }
|
|
6
|
-
export { OID4VCIIssuer } from './agent/OID4VCIIssuer'
|
|
6
|
+
export { OID4VCIIssuer, oid4vciIssuerMethods } from './agent/OID4VCIIssuer'
|
|
7
7
|
export * from './functions'
|
|
8
8
|
export * from './IssuerInstance'
|
|
9
9
|
export * from './types/IOID4VCIIssuer'
|
|
@@ -30,6 +30,7 @@ export interface IOID4VCIIssuer extends IPluginMethodMap {
|
|
|
30
30
|
oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse>
|
|
31
31
|
oid4vciCreateAccessTokenResponse(accessTokenArgs: IAssertValidAccessTokenArgs, context: IRequiredContext): Promise<AccessTokenResponse>
|
|
32
32
|
oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance>
|
|
33
|
+
oid4vciRefreshInstanceMetadata(args: IRefreshInstanceMetadata, context: IRequiredContext): Promise<boolean>
|
|
33
34
|
}
|
|
34
35
|
|
|
35
36
|
export interface IOID4VCIIssuerOpts {
|
|
@@ -45,7 +46,6 @@ export interface ICreateOfferArgs extends IIssuerInstanceArgs {
|
|
|
45
46
|
credentialDefinition?: IssuerCredentialDefinition
|
|
46
47
|
credentialOfferUri?: string
|
|
47
48
|
credentialDataSupplierInput?: CredentialDataSupplierInput // Optional storage that can help the credential Data Supplier. For instance to store credential input data during offer creation, if no additional data can be supplied later on
|
|
48
|
-
|
|
49
49
|
redirectUri?: string
|
|
50
50
|
// auth_session?: string; Would be a nice extension to support, to allow external systems to determine what the auth_session value should be
|
|
51
51
|
// @Deprecated use tx_code in the grant object
|
|
@@ -83,6 +83,10 @@ export interface IIssuerInstanceArgs {
|
|
|
83
83
|
namespace?: string
|
|
84
84
|
}
|
|
85
85
|
|
|
86
|
+
export interface IRefreshInstanceMetadata {
|
|
87
|
+
credentialIssuer: string
|
|
88
|
+
}
|
|
89
|
+
|
|
86
90
|
export interface IIssuerInstanceOptions extends IMetadataOptions {
|
|
87
91
|
issuerOpts?: IIssuerOptions
|
|
88
92
|
metadataOpts?: CredentialIssuerMetadataOpts
|