npm - @sphereon/ssi-sdk.siopv2-oid4vp-op-auth - Versions diffs - 0.32.1-feature.SPRIND.89.53 → 0.32.1-feature.SSISDK.5.credential.offer.uri.200 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.32.1-feature.SPRIND.89.53 → 0.32.1-feature.SSISDK.5.credential.offer.uri.200

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/dist/agent/DidAuthSiopOpAuthenticator.d.ts +6 -1
package/dist/agent/DidAuthSiopOpAuthenticator.d.ts.map +1 -1
package/dist/agent/DidAuthSiopOpAuthenticator.js +91 -22
package/dist/agent/DidAuthSiopOpAuthenticator.js.map +1 -1
package/dist/services/Siopv2MachineService.d.ts +2 -0
package/dist/services/Siopv2MachineService.d.ts.map +1 -1
package/dist/services/Siopv2MachineService.js +97 -7
package/dist/services/Siopv2MachineService.js.map +1 -1
package/dist/session/OpSession.d.ts.map +1 -1
package/dist/session/OpSession.js +2 -2
package/dist/session/OpSession.js.map +1 -1
package/dist/types/IDidAuthSiopOpAuthenticator.d.ts +5 -1
package/dist/types/IDidAuthSiopOpAuthenticator.d.ts.map +1 -1
package/dist/types/IDidAuthSiopOpAuthenticator.js.map +1 -1
package/dist/types/siop-service/index.d.ts +2 -0
package/dist/types/siop-service/index.d.ts.map +1 -1
package/dist/types/siop-service/index.js.map +1 -1
package/dist/utils/CredentialUtils.d.ts +23 -0
package/dist/utils/CredentialUtils.d.ts.map +1 -0
package/dist/utils/CredentialUtils.js +65 -0
package/dist/utils/CredentialUtils.js.map +1 -0
package/dist/utils/dcql.d.ts +5 -0
package/dist/utils/dcql.d.ts.map +1 -0
package/dist/utils/dcql.js +37 -0
package/dist/utils/dcql.js.map +1 -0
package/package.json +22 -19
package/src/agent/DidAuthSiopOpAuthenticator.ts +113 -38
package/src/services/Siopv2MachineService.ts +115 -12
package/src/session/OpSession.ts +3 -2
package/src/types/IDidAuthSiopOpAuthenticator.ts +13 -0
package/src/types/siop-service/index.ts +2 -0
package/src/utils/CredentialUtils.ts +71 -0
package/src/utils/dcql.ts +36 -0

package/dist/types/siop-service/index.d.ts CHANGED Viewed

@@ -7,6 +7,7 @@ import { IIssuanceBranding } from '@sphereon/ssi-sdk.issuance-branding';
 import { IAgentContext, IDIDManager, IIdentifier, IResolver } from '@veramo/core';
 import { IDidAuthSiopOpAuthenticator } from '../IDidAuthSiopOpAuthenticator';
 import { Siopv2MachineContext, Siopv2MachineInterpreter, Siopv2MachineState } from '../machine';
+import { DcqlQuery } from 'dcql';
 import { Hasher } from '@sphereon/ssi-types';
 export type DidAuthSiopOpAuthenticatorOptions = {
     presentationSignCallback?: PresentationSignCallback;
@@ -59,6 +60,7 @@ export type Siopv2AuthorizationRequestData = {
     uri?: URL;
     clientId?: string;
     presentationDefinitions?: PresentationDefinitionWithLocation[];
+    dcqlQuery?: DcqlQuery;
 };
 export type SelectableCredentialsMap = Map<string, Array<SelectableCredential>>;
 export type SelectableCredential = {

package/dist/types/siop-service/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/siop-service/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kCAAkC,EAClC,wBAAwB,EACxB,6BAA6B,EAAE,4BAA4B,EAC5D,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,MAAM,6CAA6C,CAAA;AAClH,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAA;AAC9F,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,8BAA8B,CAAA;AACxG,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAA;AACvE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAA;AAC5E,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAC/F,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAE5C,MAAM,MAAM,iCAAiC,GAAG;IAC9C,wBAAwB,CAAC,EAAE,wBAAwB,CAAA;IACnD,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,4BAA4B,EAAE,4BAA4B,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAA;IAClI,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE,4BAA4B,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChF,mBAAmB,CAAC,EAAE,CAAC,IAAI,EAAE,uBAAuB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACtE,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;IACjB,MAAM,CAAC,EAAE,6BAA6B,CAAA;IACtC,uBAAuB,CAAC,EAAE,CAAC,aAAa,EAAE,wBAAwB,EAAE,KAAK,EAAE,kBAAkB,EAAE,UAAU,CAAC,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAClI,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAC9C,MAAM,MAAM,kBAAkB,GAAG,IAAI,CAAC,aAAa,EAAE,SAAS,GAAG,QAAQ,CAAC,CAAA;AAC1E,MAAM,MAAM,kBAAkB,GAAG;IAAE,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAEnG,MAAM,MAAM,mBAAmB,GAAG,IAAI,CAAC,oBAAoB,EAAE,KAAK,GAAG,0BAA0B,CAAC,CAAA;AAEhG,MAAM,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,EAAE,SAAS,GAAG,0BAA0B,CAAC,CAAA;AAChG,MAAM,MAAM,gBAAgB,GAAG;IAC7B,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAClD,wBAAwB,CAAC,EAAE,8BAA8B,CAAC;IAC1D,mBAAmB,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAA;IACnD,MAAM,CAAC,EAAE,6BAA6B,CAAA;IACtC,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG,IAAI,CAAC,oBAAoB,EAAE,0BAA0B,CAAC,CAAA;AAEjG,oBAAY,iBAAiB;IAC3B,wBAAwB,6BAA6B;IACrD,kBAAkB,uBAAuB;CAC1C;AAED,oBAAY,iBAAiB;IAC3B,OAAO,OAAO;IACd,KAAK,OAAO;CACb;AAED,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACnC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,8BAA8B,GAAG;IAC3C,aAAa,EAAE,MAAM,CAAA;IACrB,2BAA2B,EAAE,6BAA6B,CAAA;IAC1D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,GAAG,CAAC,EAAE,GAAG,CAAA;IACT,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,uBAAuB,CAAC,EAAE,kCAAkC,EAAE,CAAA;~~CAC/D~~,CAAA;AAED,MAAM,MAAM,wBAAwB,GAAG,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAA;AAE/E,MAAM,MAAM,oBAAoB,GAAG;IACjC,UAAU,EAAE,uBAAuB,CAAA;IACnC,kBAAkB,EAAE,KAAK,CAAC,yBAAyB,CAAC,CAAA;IACpD,WAAW,CAAC,EAAE,KAAK,CAAA;IACnB,YAAY,CAAC,EAAE,KAAK,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG;IACzC,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,QAAQ,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,UAAU,EAAE,WAAW,CAAA;CACxB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,aAAa,CACzC,eAAe,GAAG,2BAA2B,GAAG,WAAW,GAAG,SAAS,GAAG,qBAAqB,GAAG,gBAAgB,GAAG,iBAAiB,CACvI,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/siop-service/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kCAAkC,EAClC,wBAAwB,EACxB,6BAA6B,EAAE,4BAA4B,EAC5D,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,MAAM,6CAA6C,CAAA;AAClH,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAA;AAC9F,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,8BAA8B,CAAA;AACxG,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAA;AACvE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAA;AAC5E,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAC/F,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAChC,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAE5C,MAAM,MAAM,iCAAiC,GAAG;IAC9C,wBAAwB,CAAC,EAAE,wBAAwB,CAAA;IACnD,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,4BAA4B,EAAE,4BAA4B,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAA;IAClI,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE,4BAA4B,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChF,mBAAmB,CAAC,EAAE,CAAC,IAAI,EAAE,uBAAuB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACtE,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;IACjB,MAAM,CAAC,EAAE,6BAA6B,CAAA;IACtC,uBAAuB,CAAC,EAAE,CAAC,aAAa,EAAE,wBAAwB,EAAE,KAAK,EAAE,kBAAkB,EAAE,UAAU,CAAC,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAClI,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAC9C,MAAM,MAAM,kBAAkB,GAAG,IAAI,CAAC,aAAa,EAAE,SAAS,GAAG,QAAQ,CAAC,CAAA;AAC1E,MAAM,MAAM,kBAAkB,GAAG;IAAE,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAEnG,MAAM,MAAM,mBAAmB,GAAG,IAAI,CAAC,oBAAoB,EAAE,KAAK,GAAG,0BAA0B,CAAC,CAAA;AAEhG,MAAM,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,EAAE,SAAS,GAAG,0BAA0B,CAAC,CAAA;AAChG,MAAM,MAAM,gBAAgB,GAAG;IAC7B,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAClD,wBAAwB,CAAC,EAAE,8BAA8B,CAAC;IAC1D,mBAAmB,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAA;IACnD,MAAM,CAAC,EAAE,6BAA6B,CAAA;IACtC,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG,IAAI,CAAC,oBAAoB,EAAE,0BAA0B,CAAC,CAAA;AAEjG,oBAAY,iBAAiB;IAC3B,wBAAwB,6BAA6B;IACrD,kBAAkB,uBAAuB;CAC1C;AAED,oBAAY,iBAAiB;IAC3B,OAAO,OAAO;IACd,KAAK,OAAO;CACb;AAED,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACnC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,8BAA8B,GAAG;IAC3C,aAAa,EAAE,MAAM,CAAA;IACrB,2BAA2B,EAAE,6BAA6B,CAAA;IAC1D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,GAAG,CAAC,EAAE,GAAG,CAAA;IACT,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,uBAAuB,CAAC,EAAE,kCAAkC,EAAE,CAAA;IAC9D,SAAS,CAAC,EAAE,SAAS,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,wBAAwB,GAAG,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAA;AAE/E,MAAM,MAAM,oBAAoB,GAAG;IACjC,UAAU,EAAE,uBAAuB,CAAA;IACnC,kBAAkB,EAAE,KAAK,CAAC,yBAAyB,CAAC,CAAA;IACpD,WAAW,CAAC,EAAE,KAAK,CAAA;IACnB,YAAY,CAAC,EAAE,KAAK,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG;IACzC,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,QAAQ,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,UAAU,EAAE,WAAW,CAAA;CACxB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,aAAa,CACzC,eAAe,GAAG,2BAA2B,GAAG,WAAW,GAAG,SAAS,GAAG,qBAAqB,GAAG,gBAAgB,GAAG,iBAAiB,CACvI,CAAA"}

package/dist/types/siop-service/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/siop-service/index.ts"],"names":[],"mappings":";;;~~AA8CA~~,IAAY,iBAGX;AAHD,WAAY,iBAAiB;IAC3B,0EAAqD,CAAA;IACrD,8DAAyC,CAAA;AAC3C,CAAC,EAHW,iBAAiB,iCAAjB,iBAAiB,QAG5B;AAED,IAAY,iBAGX;AAHD,WAAY,iBAAiB;IAC3B,mCAAc,CAAA;IACd,iCAAY,CAAA;AACd,CAAC,EAHW,iBAAiB,iCAAjB,iBAAiB,QAG5B"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/siop-service/index.ts"],"names":[],"mappings":";;;AA+CA,IAAY,iBAGX;AAHD,WAAY,iBAAiB;IAC3B,0EAAqD,CAAA;IACrD,8DAAyC,CAAA;AAC3C,CAAC,EAHW,iBAAiB,iCAAjB,iBAAiB,QAG5B;AAED,IAAY,iBAGX;AAHD,WAAY,iBAAiB;IAC3B,mCAAc,CAAA;IACd,iCAAY,CAAA;AACd,CAAC,EAHW,iBAAiB,iCAAjB,iBAAiB,QAG5B"}

package/dist/utils/CredentialUtils.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { ICredential, OriginalVerifiableCredential } from '@sphereon/ssi-types';
+import { VerifiableCredential } from '@veramo/core';
+import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store';
+/**
+ * Return the type(s) of a VC minus the VerifiableCredential type which should always be present
+ * @param credential The input credential
+ */
+export declare const getCredentialTypeAsString: (credential: ICredential | VerifiableCredential) => string;
+/**
+ * Returns a Unique Verifiable Credential (with hash) as stored in Veramo, based upon matching the id of the input VC or the proof value of the input VC
+ * @param uniqueVCs The Unique VCs to search in
+ * @param searchVC The VC to search for in the unique VCs array
+ */
+export declare const getMatchingUniqueDigitalCredential: (uniqueVCs: UniqueDigitalCredential[], searchVC: OriginalVerifiableCredential) => UniqueDigitalCredential | undefined;
+type InputCredential = UniqueDigitalCredential | VerifiableCredential | ICredential | OriginalVerifiableCredential;
+/**
+ * Get an original verifiable credential. Maps to wrapped Verifiable Credential first, to get an original JWT as Veramo stores these with a special proof value
+ * @param credential The input VC
+ */
+export declare const getOriginalVerifiableCredential: (credential: InputCredential) => OriginalVerifiableCredential;
+export declare const isUniqueDigitalCredential: (credential: InputCredential) => credential is UniqueDigitalCredential;
+export {};
+//# sourceMappingURL=CredentialUtils.d.ts.map

package/dist/utils/CredentialUtils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"CredentialUtils.d.ts","sourceRoot":"","sources":["../../src/utils/CredentialUtils.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4B,WAAW,EAAyB,4BAA4B,EAAE,MAAM,qBAAqB,CAAA;AAChI,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAA;AACnD,OAAO,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAA;AAE5E;;;GAGG;AACH,eAAO,MAAM,yBAAyB,eAAgB,WAAW,GAAG,oBAAoB,KAAG,MAO1F,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,kCAAkC,cAClC,uBAAuB,EAAE,YAC1B,4BAA4B,KACrC,uBAAuB,GAAG,SAe5B,CAAA;AAED,KAAK,eAAe,GAAG,uBAAuB,GAAG,oBAAoB,GAAG,WAAW,GAAG,4BAA4B,CAAA;AAElH;;;GAGG;AAEH,eAAO,MAAM,+BAA+B,eAAgB,eAAe,KAAG,4BAS7E,CAAA;AAUD,eAAO,MAAM,yBAAyB,eAAgB,eAAe,KAAG,UAAU,IAAI,uBAErF,CAAA"}

package/dist/utils/CredentialUtils.js ADDED Viewed

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isUniqueDigitalCredential = exports.getOriginalVerifiableCredential = exports.getMatchingUniqueDigitalCredential = exports.getCredentialTypeAsString = void 0;
+const ssi_types_1 = require("@sphereon/ssi-types");
+/**
+ * Return the type(s) of a VC minus the VerifiableCredential type which should always be present
+ * @param credential The input credential
+ */
+const getCredentialTypeAsString = (credential) => {
+    if (!credential.type) {
+        return 'Verifiable Credential';
+    }
+    else if (typeof credential.type === 'string') {
+        return credential.type;
+    }
+    return credential.type.filter((type) => type !== 'VerifiableCredential').join(', ');
+};
+exports.getCredentialTypeAsString = getCredentialTypeAsString;
+/**
+ * Returns a Unique Verifiable Credential (with hash) as stored in Veramo, based upon matching the id of the input VC or the proof value of the input VC
+ * @param uniqueVCs The Unique VCs to search in
+ * @param searchVC The VC to search for in the unique VCs array
+ */
+const getMatchingUniqueDigitalCredential = (uniqueVCs, searchVC) => {
+    // Since an ID is optional in a VC according to VCDM, and we really need the matches, we have a fallback match on something which is guaranteed to be unique for any VC (the proof(s))
+    return uniqueVCs.find((uniqueVC) => {
+        var _a, _b, _c, _d, _e, _f, _g, _h;
+        return (typeof searchVC !== 'string' &&
+            (uniqueVC.id === searchVC.id ||
+                uniqueVC.originalVerifiableCredential.proof === searchVC.proof)) ||
+            (typeof searchVC === 'string' && ((_b = (_a = uniqueVC.uniformVerifiableCredential) === null || _a === void 0 ? void 0 : _a.proof) === null || _b === void 0 ? void 0 : _b.jwt) === searchVC) ||
+            // We are ignoring the signature of the sd-jwt as PEX signs the vc again and it will not match anymore with the jwt in the proof of the stored jsonld vc
+            (typeof searchVC === 'string' &&
+                ssi_types_1.CredentialMapper.isSdJwtEncoded(searchVC) &&
+                ((_c = uniqueVC.uniformVerifiableCredential) === null || _c === void 0 ? void 0 : _c.proof) &&
+                'jwt' in uniqueVC.uniformVerifiableCredential.proof &&
+                ((_f = (_e = (_d = uniqueVC.uniformVerifiableCredential.proof.jwt) === null || _d === void 0 ? void 0 : _d.split('.')) === null || _e === void 0 ? void 0 : _e.slice(0, 2)) === null || _f === void 0 ? void 0 : _f.join('.')) === ((_h = (_g = searchVC.split('.')) === null || _g === void 0 ? void 0 : _g.slice(0, 2)) === null || _h === void 0 ? void 0 : _h.join('.')));
+    });
+};
+exports.getMatchingUniqueDigitalCredential = getMatchingUniqueDigitalCredential;
+/**
+ * Get an original verifiable credential. Maps to wrapped Verifiable Credential first, to get an original JWT as Veramo stores these with a special proof value
+ * @param credential The input VC
+ */
+const getOriginalVerifiableCredential = (credential) => {
+    if ((0, exports.isUniqueDigitalCredential)(credential)) {
+        if (!credential.originalVerifiableCredential) {
+            throw new Error('originalVerifiableCredential is not defined in UniqueDigitalCredential');
+        }
+        return getCredentialFromProofOrWrapped(credential.originalVerifiableCredential);
+    }
+    return getCredentialFromProofOrWrapped(credential);
+};
+exports.getOriginalVerifiableCredential = getOriginalVerifiableCredential;
+const getCredentialFromProofOrWrapped = (cred, hasher) => {
+    if (typeof cred === 'object' && 'proof' in cred && 'jwt' in cred.proof && ssi_types_1.CredentialMapper.isSdJwtEncoded(cred.proof.jwt)) {
+        return cred.proof.jwt;
+    }
+    return ssi_types_1.CredentialMapper.toWrappedVerifiableCredential(cred, { hasher }).original;
+};
+const isUniqueDigitalCredential = (credential) => {
+    return credential.digitalCredential !== undefined;
+};
+exports.isUniqueDigitalCredential = isUniqueDigitalCredential;
+//# sourceMappingURL=CredentialUtils.js.map

package/dist/utils/CredentialUtils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"CredentialUtils.js","sourceRoot":"","sources":["../../src/utils/CredentialUtils.ts"],"names":[],"mappings":";;;AAAA,mDAAgI;AAIhI;;;GAGG;AACI,MAAM,yBAAyB,GAAG,CAAC,UAA8C,EAAU,EAAE;IAClG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrB,OAAO,uBAAuB,CAAA;IAChC,CAAC;SAAM,IAAI,OAAO,UAAU,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/C,OAAO,UAAU,CAAC,IAAI,CAAA;IACxB,CAAC;IACD,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAY,EAAW,EAAE,CAAC,IAAI,KAAK,sBAAsB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACtG,CAAC,CAAA;AAPY,QAAA,yBAAyB,6BAOrC;AAED;;;;GAIG;AACI,MAAM,kCAAkC,GAAG,CAChD,SAAoC,EACpC,QAAsC,EACD,EAAE;IACvC,sLAAsL;IACtL,OAAO,SAAS,CAAC,IAAI,CACnB,CAAC,QAAiC,EAAE,EAAE;;QACpC,OAAA,CAAC,OAAO,QAAQ,KAAK,QAAQ;YAC3B,CAAC,QAAQ,CAAC,EAAE,KAA6B,QAAS,CAAC,EAAE;gBAClD,QAAQ,CAAC,4BAAqD,CAAC,KAAK,KAA6B,QAAS,CAAC,KAAK,CAAC,CAAC;YACvH,CAAC,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAA,MAAA,MAAC,QAAQ,CAAC,2BAAoD,0CAAE,KAAK,0CAAE,GAAG,MAAK,QAAQ,CAAC;YACzH,wJAAwJ;YACxJ,CAAC,OAAO,QAAQ,KAAK,QAAQ;gBAC3B,4BAAgB,CAAC,cAAc,CAAC,QAAQ,CAAC;iBACzC,MAAA,QAAQ,CAAC,2BAA2B,0CAAE,KAAK,CAAA;gBAC3C,KAAK,IAAI,QAAQ,CAAC,2BAA2B,CAAC,KAAK;gBACnD,CAAA,MAAA,MAAA,MAAA,QAAQ,CAAC,2BAA2B,CAAC,KAAK,CAAC,GAAG,0CAAE,KAAK,CAAC,GAAG,CAAC,0CAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,0CAAE,IAAI,CAAC,GAAG,CAAC,OAAK,MAAA,MAAA,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,0CAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,0CAAE,IAAI,CAAC,GAAG,CAAC,CAAA,CAAC,CAAA;KAAA,CACxI,CAAA;AACH,CAAC,CAAA;AAlBY,QAAA,kCAAkC,sCAkB9C;AAID;;;GAGG;AAEI,MAAM,+BAA+B,GAAG,CAAC,UAA2B,EAAgC,EAAE;IAC3G,IAAI,IAAA,iCAAyB,EAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,UAAU,CAAC,4BAA4B,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAA;QAC3F,CAAC;QACD,OAAO,+BAA+B,CAAC,UAAU,CAAC,4BAA4B,CAAC,CAAA;IACjF,CAAC;IAED,OAAO,+BAA+B,CAAC,UAAU,CAAC,CAAA;AACpD,CAAC,CAAA;AATY,QAAA,+BAA+B,mCAS3C;AAED,MAAM,+BAA+B,GAAG,CAAC,IAAS,EAAE,MAAe,EAAgC,EAAE;IACnG,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,4BAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1H,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAA;IACvB,CAAC;IAED,OAAO,4BAAgB,CAAC,6BAA6B,CAAC,IAAoC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAA;AAClH,CAAC,CAAA;AAEM,MAAM,yBAAyB,GAAG,CAAC,UAA2B,EAAyC,EAAE;IAC9G,OAAQ,UAAsC,CAAC,iBAAiB,KAAK,SAAS,CAAA;AAChF,CAAC,CAAA;AAFY,QAAA,yBAAyB,6BAErC"}

package/dist/utils/dcql.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store';
+import { DcqlCredential } from 'dcql';
+import { Hasher, OriginalVerifiableCredential } from '@sphereon/ssi-types';
+export declare function convertToDcqlCredentials(credential: UniqueDigitalCredential | OriginalVerifiableCredential, hasher?: Hasher): DcqlCredential;
+//# sourceMappingURL=dcql.d.ts.map

package/dist/utils/dcql.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"dcql.d.ts","sourceRoot":"","sources":["../../src/utils/dcql.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAA;AAC5E,OAAO,EAAE,cAAc,EAA8C,MAAM,MAAM,CAAA;AACjF,OAAO,EAAoB,MAAM,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAA;AAG5F,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,uBAAuB,GAAG,4BAA4B,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,cAAc,CA8B5I"}

package/dist/utils/dcql.js ADDED Viewed

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.convertToDcqlCredentials = convertToDcqlCredentials;
+const ssi_types_1 = require("@sphereon/ssi-types");
+const CredentialUtils_1 = require("./CredentialUtils");
+function convertToDcqlCredentials(credential, hasher) {
+    let payload;
+    if ((0, CredentialUtils_1.isUniqueDigitalCredential)(credential)) {
+        if (!credential.originalVerifiableCredential) {
+            throw new Error('originalVerifiableCredential is not defined in UniqueDigitalCredential');
+        }
+        payload = ssi_types_1.CredentialMapper.decodeVerifiableCredential(credential.originalVerifiableCredential, hasher);
+    }
+    else {
+        payload = ssi_types_1.CredentialMapper.decodeVerifiableCredential(credential, hasher);
+    }
+    if (!payload) {
+        throw new Error('No payload found');
+    }
+    if ('decodedPayload' in payload && payload.decodedPayload) {
+        payload = payload.decodedPayload;
+    }
+    if ('vct' in payload) {
+        return { vct: payload.vct, claims: payload, credential_format: 'vc+sd-jwt' }; // TODO dc+sd-jwt support?
+    }
+    else if ('docType' in payload && 'namespaces' in payload) {
+        // mdoc
+        return { docType: payload.docType, namespaces: payload.namespaces, claims: payload };
+    }
+    else {
+        return {
+            claims: payload,
+            credential_format: 'jwt_vc_json', // TODO jwt_vc_json-ld support
+        };
+    }
+}
+//# sourceMappingURL=dcql.js.map

package/dist/utils/dcql.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dcql.js","sourceRoot":"","sources":["../../src/utils/dcql.ts"],"names":[],"mappings":";;AAKA,4DA8BC;AAjCD,mDAA4F;AAC5F,uDAA6D;AAE7D,SAAgB,wBAAwB,CAAC,UAAkE,EAAE,MAAe;IAC1H,IAAI,OAAO,CAAA;IACX,IAAI,IAAA,2CAAyB,EAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,UAAU,CAAC,4BAA4B,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAA;QAC3F,CAAC;QACD,OAAO,GAAG,4BAAgB,CAAC,0BAA0B,CAAC,UAAU,CAAC,4BAA4B,EAAE,MAAM,CAAC,CAAA;IACxG,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,4BAAgB,CAAC,0BAA0B,CAAC,UAA0C,EAAE,MAAM,CAAC,CAAA;IAC3G,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;IACrC,CAAC;IAED,IAAI,gBAAgB,IAAI,OAAO,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC1D,OAAO,GAAG,OAAO,CAAC,cAAc,CAAA;IAClC,CAAC;IAED,IAAI,KAAK,IAAI,OAAQ,EAAE,CAAC;QACtB,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAkC,CAAA,CAAC,0BAA0B;IACzI,CAAC;SAAM,IAAI,SAAS,IAAI,OAAQ,IAAI,YAAY,IAAI,OAAO,EAAE,CAAC;QAC5D,OAAO;QACP,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;IACtF,CAAC;SAAM,CAAC;QACN,OAAO;YACL,MAAM,EAAE,OAAO;YACf,iBAAiB,EAAE,aAAa,EAAE,8BAA8B;SAC1C,CAAA;IAC1B,CAAC;AACH,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth",
-  "version": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
+  "version": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
   "source": "src/index.ts",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -14,30 +14,31 @@
     "build:clean": "tsc --build --clean && tsc --build"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.16.1-next.339",
-    "@sphereon/did-auth-siop-adapter": "0.16.1-next.339",
-    "@sphereon/oid4vc-common": "0.16.1-next.339",
+    "@sphereon/did-auth-siop": "0.16.1-feature.SSISDK.5.credential.offer.uri.366",
+    "@sphereon/did-auth-siop-adapter": "0.16.1-feature.SSISDK.5.credential.offer.uri.366",
+    "@sphereon/oid4vc-common": "0.16.1-feature.SSISDK.5.credential.offer.uri.366",
     "@sphereon/pex": "5.0.0-unstable.28",
     "@sphereon/pex-models": "^2.3.2",
     "@sphereon/ssi-sdk-ext.did-utils": "0.27.0",
     "@sphereon/ssi-sdk-ext.identifier-resolution": "0.27.0",
     "@sphereon/ssi-sdk-ext.jwt-service": "0.27.0",
-    "@sphereon/ssi-sdk.contact-manager": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-sdk.core": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-sdk.credential-store": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-sdk.credential-validation": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-sdk.data-store": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-sdk.issuance-branding": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-sdk.pd-manager": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-sdk.presentation-exchange": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-sdk.sd-jwt": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
-    "@sphereon/ssi-types": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
+    "@sphereon/ssi-sdk.contact-manager": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-sdk.core": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-sdk.credential-store": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-sdk.credential-validation": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-sdk.data-store": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-sdk.issuance-branding": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-sdk.pd-manager": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-sdk.presentation-exchange": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-sdk.sd-jwt": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
+    "@sphereon/ssi-types": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
     "@sphereon/wellknown-dids-client": "^0.1.3",
     "@veramo/core": "4.2.0",
     "@veramo/credential-w3c": "4.2.0",
     "cross-fetch": "^3.1.8",
+    "dcql": "0.2.19",
     "did-jwt-vc": "3.1.3",
     "i18n-js": "^3.9.2",
     "lodash.memoize": "^4.1.2",
@@ -47,18 +48,20 @@
   "devDependencies": {
     "@sphereon/did-uni-client": "^0.6.3",
     "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.27.0",
-    "@sphereon/ssi-sdk.agent-config": "0.32.1-feature.SPRIND.89.53+4b0cd7ed",
+    "@sphereon/ssi-sdk.agent-config": "0.32.1-feature.SSISDK.5.credential.offer.uri.200+a7768196",
     "@types/i18n-js": "^3.8.9",
     "@types/lodash.memoize": "^4.1.9",
     "@types/sha.js": "^2.4.4",
     "@types/uuid": "^9.0.8",
+    "@veramo/data-store": "4.2.0",
     "@veramo/did-provider-key": "4.2.0",
     "@veramo/did-resolver": "4.2.0",
     "@veramo/remote-client": "4.2.0",
     "@veramo/remote-server": "4.2.0",
     "@veramo/utils": "4.2.0",
     "did-resolver": "^4.1.0",
-    "nock": "^13.5.4"
+    "nock": "^13.5.4",
+    "typeorm": "^0.3.20"
   },
   "files": [
     "dist/**/*",
@@ -88,5 +91,5 @@
     "Authenticator"
   ],
   "nx": {},
-  "gitHead": "4b0cd7ed5f57103a902698e310591181d3b998ce"
+  "gitHead": "a776819617cf3373a6d11c41b711e4222a09bde0"
 }

package/src/agent/DidAuthSiopOpAuthenticator.ts CHANGED Viewed

@@ -2,19 +2,22 @@ import { decodeUriAsJson, PresentationSignCallback, SupportedVersion, VerifiedAu
 import {
   ConnectionType,
   CorrelationIdentifierType,
+  CredentialDocumentFormat,
   CredentialRole,
+  DocumentType,
   Identity,
   IdentityOrigin,
   NonPersistedIdentity,
   Party,
 } from '@sphereon/ssi-sdk.data-store'
-import { Hasher, Loggers } from '@sphereon/ssi-types'
+import { Hasher, Loggers, SdJwtDecodedVerifiableCredential } from '@sphereon/ssi-types'
 import { IAgentPlugin } from '@veramo/core'
 import { v4 as uuidv4 } from 'uuid'
 import {
   DidAuthSiopOpAuthenticatorOptions,
   GetSelectableCredentialsArgs,
   IOpSessionArgs,
+  Json,
   LOGGER_NAMESPACE,
   RequiredContext,
   schema,
@@ -47,8 +50,9 @@ import {
   Siopv2AuthorizationRequestData,
   Siopv2HolderEvent,
   Siopv2Machine as Siopv2MachineId,
-  Siopv2MachineInstanceOpts
+  Siopv2MachineInstanceOpts,
 } from '../types'
+import { DcqlCredential, DcqlPresentation, DcqlQuery, DcqlSdJwtVcCredential } from 'dcql'
 const logger = Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE)
@@ -84,22 +88,16 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
     siopGetSelectableCredentials: this.siopGetSelectableCredentials.bind(this),
   }
-  private readonly hasher?: Hasher
   private readonly sessions: Map<string, OpSession>
   private readonly customApprovals: Record<string, (verifiedAuthorizationRequest: VerifiedAuthorizationRequest, sessionId: string) => Promise<void>>
   private readonly presentationSignCallback?: PresentationSignCallback
   private readonly onContactIdentityCreated?: (args: OnContactIdentityCreatedArgs) => Promise<void>
   private readonly onIdentifierCreated?: (args: OnIdentifierCreatedArgs) => Promise<void>
   private readonly eventEmitter?: EventEmitter
+  private readonly hasher?: Hasher
   constructor(options?: DidAuthSiopOpAuthenticatorOptions) {
-    const {
-      onContactIdentityCreated,
-      onIdentifierCreated,
-      hasher,
-      customApprovals = {},
-      presentationSignCallback
-    } = { ...options }
+    const { onContactIdentityCreated, onIdentifierCreated, hasher, customApprovals = {}, presentationSignCallback } = { ...options }
     this.hasher = hasher
     this.onContactIdentityCreated = onContactIdentityCreated
@@ -214,9 +212,14 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
     }
     const { sessionId, redirectUrl } = didAuthConfig
-    const session: OpSession = await agent
-      .siopGetOPSession({ sessionId })
-      .catch(async () => await agent.siopRegisterOPSession({ requestJwtOrUri: redirectUrl, sessionId, op: { eventEmitter: this.eventEmitter, hasher: this.hasher } }))
+    const session: OpSession = await agent.siopGetOPSession({ sessionId }).catch(
+      async () =>
+        await agent.siopRegisterOPSession({
+          requestJwtOrUri: redirectUrl,
+          sessionId,
+          op: { eventEmitter: this.eventEmitter, hasher: this.hasher },
+        }),
+    )
     logger.debug(`session: ${JSON.stringify(session.id, null, 2)}`)
     const verifiedAuthorizationRequest = await session.getAuthorizationRequest()
@@ -245,6 +248,7 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
           verifiedAuthorizationRequest.presentationDefinitions.length > 0)
           ? verifiedAuthorizationRequest.presentationDefinitions
           : undefined,
+      dcqlQuery: verifiedAuthorizationRequest.dcqlQuery,
     }
   }
@@ -345,32 +349,73 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
     const pex = new PEX({ hasher: this.hasher })
     const verifiableCredentialsWithDefinition: Array<VerifiableCredentialsWithDefinition> = []
-    authorizationRequestData.presentationDefinitions?.forEach((presentationDefinition) => {
-      const { areRequiredCredentialsPresent, verifiableCredential: verifiableCredentials } = pex.selectFrom(
-        presentationDefinition.definition,
-        selectedCredentials.map((udc) => udc.originalVerifiableCredential!),
-      )
-      if (areRequiredCredentialsPresent !== Status.ERROR && verifiableCredentials) {
-        const uniqueDigitalCredentials: UniqueDigitalCredential[] = verifiableCredentials.map((vc) => {
-          // @ts-ignore FIXME Funke
-          const hash = computeEntryHash(vc)
-          const udc = selectedCredentials.find((udc) => udc.hash == hash)
-          if (!udc) {
-            throw Error('UniqueDigitalCredential could not be found')
+    const dcqlCredentialsWithCredentials: Map<DcqlCredential, UniqueDigitalCredential> = new Map()
+    if (Array.isArray(authorizationRequestData.presentationDefinitions) && authorizationRequestData?.presentationDefinitions.length > 0) {
+      try {
+        authorizationRequestData.presentationDefinitions?.forEach((presentationDefinition) => {
+          const { areRequiredCredentialsPresent, verifiableCredential: verifiableCredentials } = pex.selectFrom(
+            presentationDefinition.definition,
+            selectedCredentials.map((udc) => udc.originalVerifiableCredential!),
+          )
+          if (areRequiredCredentialsPresent !== Status.ERROR && verifiableCredentials) {
+            let uniqueDigitalCredentials: UniqueDigitalCredential[] = []
+            uniqueDigitalCredentials = verifiableCredentials.map((vc) => {
+              // @ts-ignore FIXME Funke
+              const hash = computeEntryHash(vc)
+              const udc = selectedCredentials.find((udc) => udc.hash == hash)
+              if (!udc) {
+                throw Error('UniqueDigitalCredential could not be found')
+              }
+              return udc
+            })
+            verifiableCredentialsWithDefinition.push({
+              definition: presentationDefinition,
+              credentials: uniqueDigitalCredentials,
+            })
           }
-          return udc
-        })
-        verifiableCredentialsWithDefinition.push({
-          definition: presentationDefinition,
-          credentials: uniqueDigitalCredentials,
         })
+      } catch (e) {
+        return Promise.reject(e)
       }
-    })
-    if (verifiableCredentialsWithDefinition.length === 0) {
-      return Promise.reject(Error('None of the selected credentials match any of the presentation definitions.'))
+      if (verifiableCredentialsWithDefinition.length === 0) {
+        return Promise.reject(Error('None of the selected credentials match any of the presentation definitions.'))
+      }
+    } else if (authorizationRequestData.dcqlQuery) {
+      //TODO Only SD-JWT and MSO MDOC are supported at the moment
+      if (this.hasMDocCredentials(selectedCredentials) || this.hasSdJwtCredentials(selectedCredentials)) {
+        try {
+          selectedCredentials.forEach((vc) => {
+            if (this.isSdJwtCredential(vc)) {
+              const payload = (vc.originalVerifiableCredential as SdJwtDecodedVerifiableCredential).decodedPayload
+              const result: DcqlSdJwtVcCredential = {
+                claims: payload as { [x: string]: Json },
+                vct: payload.vct,
+                credential_format: 'vc+sd-jwt',
+              }
+              dcqlCredentialsWithCredentials.set(result, vc)
+              //FIXME MDoc namespaces are incompatible: array of strings vs complex object - https://sphereon.atlassian.net/browse/SPRIND-143
+            } else {
+              throw Error(`Invalid credential format: ${vc.digitalCredential.documentFormat}`)
+            }
+          })
+        } catch (e) {
+          return Promise.reject(e)
+        }
+        const dcqlPresentationRecord: DcqlPresentation.Output = {}
+        const queryResult = DcqlQuery.query(authorizationRequestData.dcqlQuery, Array.from(dcqlCredentialsWithCredentials.keys()))
+        for (const [key, value] of Object.entries(queryResult.credential_matches)) {
+          if (value.success) {
+            dcqlPresentationRecord[key] = this.retrieveEncodedCredential(dcqlCredentialsWithCredentials.get(value.output)!) as
+              | string
+              | { [x: string]: Json }
+          }
+        }
+      }
     }
     const response = await siopSendAuthorizationResponse(
@@ -380,7 +425,7 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
         ...(args.idOpts && { idOpts: args.idOpts }),
         ...(authorizationRequestData.presentationDefinitions !== undefined && { verifiableCredentialsWithDefinition }),
         isFirstParty,
-        hasher: this.hasher
+        hasher: this.hasher,
       },
       context,
     )
@@ -395,11 +440,41 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
     return {
       body: responseBody,
-      url: response.url,
-      queryParams: decodeUriAsJson(response.url),
+      url: response?.url,
+      queryParams: decodeUriAsJson(response?.url),
     }
   }
+  private hasMDocCredentials = (credentials: UniqueDigitalCredential[]): boolean => {
+    return credentials.some(this.isMDocCredential)
+  }
+  private isMDocCredential = (credential: UniqueDigitalCredential) => {
+    return (
+      credential.digitalCredential.documentFormat === CredentialDocumentFormat.MSO_MDOC &&
+      credential.digitalCredential.documentType === DocumentType.VC
+    )
+  }
+  private hasSdJwtCredentials = (credentials: UniqueDigitalCredential[]): boolean => {
+    return credentials.some(this.isSdJwtCredential)
+  }
+  private isSdJwtCredential = (credential: UniqueDigitalCredential) => {
+    return (
+      credential.digitalCredential.documentFormat === CredentialDocumentFormat.SD_JWT && credential.digitalCredential.documentType === DocumentType.VC
+    )
+  }
+  private retrieveEncodedCredential = (credential: UniqueDigitalCredential) => {
+    return credential.originalVerifiableCredential !== undefined &&
+      credential.originalVerifiableCredential !== null &&
+      (credential?.originalVerifiableCredential as SdJwtDecodedVerifiableCredential)?.compactSdJwtVc !== undefined &&
+      (credential?.originalVerifiableCredential as SdJwtDecodedVerifiableCredential)?.compactSdJwtVc !== null
+      ? (credential.originalVerifiableCredential as SdJwtDecodedVerifiableCredential).compactSdJwtVc
+      : credential.originalVerifiableCredential
+  }
   private async siopGetSelectableCredentials(args: GetSelectableCredentialsArgs, context: RequiredContext): Promise<SelectableCredentialsMap> {
     const { authorizationRequestData } = args