@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.34.1-feat.SSISDK.35.64 → 0.34.1-feat.SSISDK.55.243
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +70 -30
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +54 -14
- package/dist/index.js.map +1 -1
- package/package.json +23 -22
- package/src/agent/DidAuthSiopOpAuthenticator.ts +5 -22
- package/src/machine/Siopv2Machine.ts +1 -1
- package/src/services/Siopv2MachineService.ts +128 -98
- package/src/session/OID4VP.ts +183 -184
- package/src/session/functions.ts +1 -8
- package/src/types/IDidAuthSiopOpAuthenticator.ts +1 -1
- package/src/types/machine/index.ts +1 -1
- package/src/types/siop-service/index.ts +11 -7
- package/src/utils/CredentialUtils.ts +1 -1
- package/src/utils/dcql.ts +1 -0
package/dist/index.d.cts
CHANGED
|
@@ -5,7 +5,7 @@ import { DIDDocument } from '@sphereon/did-uni-client';
|
|
|
5
5
|
import { ManagedIdentifierOptsOrResult, IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution';
|
|
6
6
|
import { JwsPayload, IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
|
|
7
7
|
import { UniqueDigitalCredential, ICredentialStore } from '@sphereon/ssi-sdk.credential-store';
|
|
8
|
-
import { ICredentialLocaleBranding, Party, DidAuthConfig, Identity } from '@sphereon/ssi-sdk.data-store';
|
|
8
|
+
import { ICredentialLocaleBranding, Party, DidAuthConfig, Identity } from '@sphereon/ssi-sdk.data-store-types';
|
|
9
9
|
import { IPDManager } from '@sphereon/ssi-sdk.pd-manager';
|
|
10
10
|
import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
|
|
11
11
|
import { HasherSync, PresentationSubmission, W3CVerifiablePresentation, OriginalVerifiableCredential } from '@sphereon/ssi-types';
|
|
@@ -533,7 +533,7 @@ type OnContactIdentityCreatedArgs = {
|
|
|
533
533
|
type OnIdentifierCreatedArgs = {
|
|
534
534
|
identifier: IIdentifier;
|
|
535
535
|
};
|
|
536
|
-
type RequiredContext = IAgentContext<IContactManager & IDidAuthSiopOpAuthenticator & IDIDManager & IResolver & IIdentifierResolution & ICredentialStore & IIssuanceBranding>;
|
|
536
|
+
type RequiredContext = IAgentContext<IContactManager & IDidAuthSiopOpAuthenticator & IDIDManager & IResolver & IIdentifierResolution & ICredentialStore & IIssuanceBranding & ISDJwtPlugin>;
|
|
537
537
|
|
|
538
538
|
type Siopv2MachineContext = {
|
|
539
539
|
url: string;
|
package/dist/index.d.ts
CHANGED
|
@@ -5,7 +5,7 @@ import { DIDDocument } from '@sphereon/did-uni-client';
|
|
|
5
5
|
import { ManagedIdentifierOptsOrResult, IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution';
|
|
6
6
|
import { JwsPayload, IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
|
|
7
7
|
import { UniqueDigitalCredential, ICredentialStore } from '@sphereon/ssi-sdk.credential-store';
|
|
8
|
-
import { ICredentialLocaleBranding, Party, DidAuthConfig, Identity } from '@sphereon/ssi-sdk.data-store';
|
|
8
|
+
import { ICredentialLocaleBranding, Party, DidAuthConfig, Identity } from '@sphereon/ssi-sdk.data-store-types';
|
|
9
9
|
import { IPDManager } from '@sphereon/ssi-sdk.pd-manager';
|
|
10
10
|
import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
|
|
11
11
|
import { HasherSync, PresentationSubmission, W3CVerifiablePresentation, OriginalVerifiableCredential } from '@sphereon/ssi-types';
|
|
@@ -533,7 +533,7 @@ type OnContactIdentityCreatedArgs = {
|
|
|
533
533
|
type OnIdentifierCreatedArgs = {
|
|
534
534
|
identifier: IIdentifier;
|
|
535
535
|
};
|
|
536
|
-
type RequiredContext = IAgentContext<IContactManager & IDidAuthSiopOpAuthenticator & IDIDManager & IResolver & IIdentifierResolution & ICredentialStore & IIssuanceBranding>;
|
|
536
|
+
type RequiredContext = IAgentContext<IContactManager & IDidAuthSiopOpAuthenticator & IDIDManager & IResolver & IIdentifierResolution & ICredentialStore & IIssuanceBranding & ISDJwtPlugin>;
|
|
537
537
|
|
|
538
538
|
type Siopv2MachineContext = {
|
|
539
539
|
url: string;
|
package/dist/index.js
CHANGED
|
@@ -367,8 +367,8 @@ var plugin_schema_default = {
|
|
|
367
367
|
|
|
368
368
|
// src/agent/DidAuthSiopOpAuthenticator.ts
|
|
369
369
|
import { decodeUriAsJson } from "@sphereon/did-auth-siop";
|
|
370
|
-
import { ConnectionType as ConnectionType2, CorrelationIdentifierType,
|
|
371
|
-
import { Loggers as Loggers4 } from "@sphereon/ssi-types";
|
|
370
|
+
import { ConnectionType as ConnectionType2, CorrelationIdentifierType, IdentityOrigin } from "@sphereon/ssi-sdk.data-store-types";
|
|
371
|
+
import { Loggers as Loggers4, CredentialRole as CredentialRole2 } from "@sphereon/ssi-types";
|
|
372
372
|
import { v4 as uuidv4 } from "uuid";
|
|
373
373
|
|
|
374
374
|
// src/session/functions.ts
|
|
@@ -394,10 +394,8 @@ __name(createOID4VPPresentationSignCallback, "createOID4VPPresentationSignCallba
|
|
|
394
394
|
async function createOPBuilder({ opOptions, idOpts: idOpts1, context }) {
|
|
395
395
|
const eventEmitter = opOptions.eventEmitter ?? new EventEmitter();
|
|
396
396
|
const builder = OP.builder().withResponseMode(opOptions.responseMode ?? ResponseMode.DIRECT_POST).withSupportedVersions(opOptions.supportedVersions ?? [
|
|
397
|
-
SupportedVersion.
|
|
398
|
-
SupportedVersion.
|
|
399
|
-
SupportedVersion.SIOPv2_D11,
|
|
400
|
-
SupportedVersion.SIOPv2_D12_OID4VP_D18
|
|
397
|
+
SupportedVersion.OID4VP_v1,
|
|
398
|
+
SupportedVersion.SIOPv2_OID4VP_D28
|
|
401
399
|
]).withExpiresIn(opOptions.expiresIn ?? 300).withEventEmitter(eventEmitter).withRegistration({
|
|
402
400
|
passBy: PassBy.VALUE
|
|
403
401
|
});
|
|
@@ -1289,12 +1287,14 @@ var Siopv2Machine = class {
|
|
|
1289
1287
|
};
|
|
1290
1288
|
|
|
1291
1289
|
// src/services/Siopv2MachineService.ts
|
|
1292
|
-
import {
|
|
1290
|
+
import { calculateSdHash } from "@sphereon/pex/dist/main/lib/utils/index.js";
|
|
1291
|
+
import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from "@sphereon/ssi-sdk-ext.did-utils";
|
|
1293
1292
|
import { isOID4VCIssuerIdentifier } from "@sphereon/ssi-sdk-ext.identifier-resolution";
|
|
1294
|
-
import { verifiableCredentialForRoleFilter } from "@sphereon/ssi-sdk.credential-store";
|
|
1295
|
-
import { ConnectionType, CredentialRole } from "@sphereon/ssi-sdk.data-store";
|
|
1296
|
-
import { CredentialMapper as CredentialMapper3, Loggers as Loggers3 } from "@sphereon/ssi-types";
|
|
1297
1293
|
import { encodeJoseBlob } from "@sphereon/ssi-sdk.core";
|
|
1294
|
+
import { verifiableCredentialForRoleFilter } from "@sphereon/ssi-sdk.credential-store";
|
|
1295
|
+
import { ConnectionType } from "@sphereon/ssi-sdk.data-store-types";
|
|
1296
|
+
import { defaultGenerateDigest } from "@sphereon/ssi-sdk.sd-jwt";
|
|
1297
|
+
import { CredentialMapper as CredentialMapper3, CredentialRole, Loggers as Loggers3 } from "@sphereon/ssi-types";
|
|
1298
1298
|
import { DcqlPresentation, DcqlQuery } from "dcql";
|
|
1299
1299
|
|
|
1300
1300
|
// src/utils/dcql.ts
|
|
@@ -1335,7 +1335,7 @@ function convertToDcqlCredentials(credential, hasher) {
|
|
|
1335
1335
|
__name(convertToDcqlCredentials, "convertToDcqlCredentials");
|
|
1336
1336
|
|
|
1337
1337
|
// src/services/Siopv2MachineService.ts
|
|
1338
|
-
|
|
1338
|
+
var CLOCK_SKEW = 120;
|
|
1339
1339
|
var logger3 = Loggers3.DEFAULT.get(LOGGER_NAMESPACE);
|
|
1340
1340
|
var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType, args, context) => {
|
|
1341
1341
|
const { agent } = context;
|
|
@@ -1350,7 +1350,7 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1350
1350
|
const aud = request.authorizationRequest.getMergedProperty("aud");
|
|
1351
1351
|
logger3.debug(`AUD: ${aud}`);
|
|
1352
1352
|
logger3.debug(JSON.stringify(request.authorizationRequest));
|
|
1353
|
-
const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ??
|
|
1353
|
+
const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ?? "https://self-issued.me/v2";
|
|
1354
1354
|
logger3.debug(`NONCE: ${session.nonce}, domain: ${domain}`);
|
|
1355
1355
|
const firstUniqueDC = credentials[0];
|
|
1356
1356
|
if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
|
|
@@ -1416,8 +1416,23 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1416
1416
|
if (!originalVc) {
|
|
1417
1417
|
continue;
|
|
1418
1418
|
}
|
|
1419
|
+
const decodedSdJwt = await CredentialMapper3.decodeSdJwtVcAsync(originalVc, defaultGenerateDigest);
|
|
1420
|
+
const updatedSdJwt = updateSdJwtCredential(decodedSdJwt, request.requestObject?.getPayload()?.nonce, domain);
|
|
1421
|
+
const presentationResult = await context.agent.createSdJwtPresentation({
|
|
1422
|
+
presentation: updatedSdJwt.compactSdJwtVc,
|
|
1423
|
+
kb: {
|
|
1424
|
+
payload: {
|
|
1425
|
+
...updatedSdJwt.kbJwt?.payload,
|
|
1426
|
+
// FIXME SSISDK-44
|
|
1427
|
+
nonce: updatedSdJwt.kbJwt?.payload.nonce ?? request.requestObject.getPayload().nonce,
|
|
1428
|
+
// FIXME SSISDK-44
|
|
1429
|
+
aud: updatedSdJwt.kbJwt?.payload.aud ?? domain,
|
|
1430
|
+
iat: updatedSdJwt.kbJwt?.payload?.iat ?? Math.floor(Date.now() / 1e3 - CLOCK_SKEW)
|
|
1431
|
+
}
|
|
1432
|
+
}
|
|
1433
|
+
});
|
|
1419
1434
|
if (originalVc) {
|
|
1420
|
-
presentation[key] =
|
|
1435
|
+
presentation[key] = presentationResult.presentation;
|
|
1421
1436
|
}
|
|
1422
1437
|
}
|
|
1423
1438
|
}
|
|
@@ -1510,6 +1525,31 @@ var translateCorrelationIdToName = /* @__PURE__ */ __name(async (correlationId,
|
|
|
1510
1525
|
}
|
|
1511
1526
|
return contacts[0].contact.displayName;
|
|
1512
1527
|
}, "translateCorrelationIdToName");
|
|
1528
|
+
var updateSdJwtCredential = /* @__PURE__ */ __name((credential, nonce, aud) => {
|
|
1529
|
+
const sdJwtCredential = credential;
|
|
1530
|
+
const hashAlg = sdJwtCredential.signedPayload._sd_alg ?? "sha-256";
|
|
1531
|
+
const sdHash = calculateSdHash(sdJwtCredential.compactSdJwtVc, hashAlg, defaultGenerateDigest);
|
|
1532
|
+
const kbJwt = {
|
|
1533
|
+
// alg MUST be set by the signer
|
|
1534
|
+
header: {
|
|
1535
|
+
typ: "kb+jwt"
|
|
1536
|
+
},
|
|
1537
|
+
payload: {
|
|
1538
|
+
iat: Math.floor((/* @__PURE__ */ new Date()).getTime() / 1e3),
|
|
1539
|
+
sd_hash: sdHash,
|
|
1540
|
+
...nonce && {
|
|
1541
|
+
nonce
|
|
1542
|
+
},
|
|
1543
|
+
...aud && {
|
|
1544
|
+
aud
|
|
1545
|
+
}
|
|
1546
|
+
}
|
|
1547
|
+
};
|
|
1548
|
+
return {
|
|
1549
|
+
...sdJwtCredential,
|
|
1550
|
+
kbJwt
|
|
1551
|
+
};
|
|
1552
|
+
}, "updateSdJwtCredential");
|
|
1513
1553
|
|
|
1514
1554
|
// src/agent/DidAuthSiopOpAuthenticator.ts
|
|
1515
1555
|
var logger4 = Loggers4.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
|
|
@@ -1670,7 +1710,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1670
1710
|
const verifiedAuthorizationRequest = await session.getAuthorizationRequest();
|
|
1671
1711
|
const clientName = verifiedAuthorizationRequest.registrationMetadataPayload?.client_name;
|
|
1672
1712
|
const url = verifiedAuthorizationRequest.responseURI ?? (args.url.includes("request_uri") ? decodeURIComponent(args.url.split("?request_uri=")[1].trim()) : verifiedAuthorizationRequest.issuer ?? verifiedAuthorizationRequest.registrationMetadataPayload?.client_id);
|
|
1673
|
-
const uri = url
|
|
1713
|
+
const uri = url?.includes("://") ? new URL(url) : void 0;
|
|
1674
1714
|
const correlationId = uri?.hostname ?? await this.determineCorrelationId(uri, verifiedAuthorizationRequest, clientName, context);
|
|
1675
1715
|
const clientId = verifiedAuthorizationRequest.authorizationRequest.getMergedProperty("client_id");
|
|
1676
1716
|
return {
|