@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.34.1-next.29 → 0.34.1-next.299

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/dist/index.cjs +629 -1112
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +710 -112
  4. package/dist/index.d.ts +710 -112
  5. package/dist/index.js +563 -1046
  6. package/dist/index.js.map +1 -1
  7. package/package.json +24 -24
  8. package/src/agent/DidAuthSiopOpAuthenticator.ts +10 -145
  9. package/src/index.ts +2 -1
  10. package/src/machine/Siopv2Machine.ts +5 -5
  11. package/src/services/Siopv2MachineService.ts +189 -265
  12. package/src/session/OID4VP.ts +310 -300
  13. package/src/session/OpSession.ts +22 -114
  14. package/src/session/functions.ts +1 -8
  15. package/src/types/IDidAuthSiopOpAuthenticator.ts +6 -59
  16. package/src/types/identifier/index.ts +0 -4
  17. package/src/types/machine/index.ts +1 -1
  18. package/src/types/siop-service/index.ts +12 -10
  19. package/src/utils/CredentialUtils.ts +2 -40
  20. package/src/utils/dcql.ts +22 -19
package/dist/index.js CHANGED
@@ -35,344 +35,340 @@ var require_nl = __commonJS({
35
35
  });
36
36
 
37
37
  // plugin.schema.json
38
- var require_plugin_schema = __commonJS({
39
- "plugin.schema.json"(exports, module) {
40
- module.exports = {
41
- IDidAuthSiopOpAuthenticator: {
42
- components: {
43
- schemas: {
44
- IGetSiopSessionArgs: {
45
- type: "object",
46
- properties: {
47
- sessionId: {
48
- type: "string"
49
- },
50
- additionalProperties: false
51
- },
52
- required: ["sessionId"],
53
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
38
+ var plugin_schema_default = {
39
+ IDidAuthSiopOpAuthenticator: {
40
+ components: {
41
+ schemas: {
42
+ IGetSiopSessionArgs: {
43
+ type: "object",
44
+ properties: {
45
+ sessionId: {
46
+ type: "string"
54
47
  },
55
- IRegisterSiopSessionArgs: {
48
+ additionalProperties: false
49
+ },
50
+ required: ["sessionId"],
51
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
52
+ },
53
+ IRegisterSiopSessionArgs: {
54
+ type: "object",
55
+ properties: {
56
+ identifier: {
56
57
  type: "object",
57
58
  properties: {
58
- identifier: {
59
- type: "object",
60
- properties: {
61
- did: {
62
- type: "string"
63
- },
64
- alias: {
65
- type: "string"
66
- },
67
- provider: {
68
- type: "string"
69
- },
70
- controllerKeyId: {
71
- type: "string"
72
- },
73
- keys: {
74
- type: "array",
75
- items: {
76
- type: "object",
77
- properties: {
78
- additionalProperties: true
79
- }
80
- }
81
- },
82
- services: {
83
- type: "array",
84
- items: {
85
- type: "object",
86
- properties: {
87
- additionalProperties: true
88
- }
89
- }
90
- }
91
- },
92
- additionalProperties: false,
93
- required: ["did", "provider", "keys", "services"]
94
- },
95
- sessionId: {
59
+ did: {
96
60
  type: "string"
97
61
  },
98
- expiresIn: {
99
- type: "number"
100
- },
101
- additionalProperties: false
102
- },
103
- required: ["identifier"],
104
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
105
- },
106
- IRemoveSiopSessionArgs: {
107
- type: "object",
108
- properties: {
109
- sessionId: {
62
+ alias: {
110
63
  type: "string"
111
64
  },
112
- additionalProperties: false
113
- },
114
- required: ["sessionId"],
115
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
116
- },
117
- IAuthenticateWithSiopArgs: {
118
- type: "object",
119
- properties: {
120
- sessionId: {
65
+ provider: {
121
66
  type: "string"
122
67
  },
123
- stateId: {
68
+ controllerKeyId: {
124
69
  type: "string"
125
70
  },
126
- redirectUrl: {
127
- type: "string"
71
+ keys: {
72
+ type: "array",
73
+ items: {
74
+ type: "object",
75
+ properties: {
76
+ additionalProperties: true
77
+ }
78
+ }
128
79
  },
129
- additionalProperties: false
80
+ services: {
81
+ type: "array",
82
+ items: {
83
+ type: "object",
84
+ properties: {
85
+ additionalProperties: true
86
+ }
87
+ }
88
+ }
130
89
  },
131
- required: ["sessionId", "stateId", "redirectUrl"],
132
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
90
+ additionalProperties: false,
91
+ required: ["did", "provider", "keys", "services"]
133
92
  },
134
- IResponse: {
93
+ sessionId: {
94
+ type: "string"
95
+ },
96
+ expiresIn: {
97
+ type: "number"
98
+ },
99
+ additionalProperties: false
100
+ },
101
+ required: ["identifier"],
102
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
103
+ },
104
+ IRemoveSiopSessionArgs: {
105
+ type: "object",
106
+ properties: {
107
+ sessionId: {
108
+ type: "string"
109
+ },
110
+ additionalProperties: false
111
+ },
112
+ required: ["sessionId"],
113
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
114
+ },
115
+ IAuthenticateWithSiopArgs: {
116
+ type: "object",
117
+ properties: {
118
+ sessionId: {
119
+ type: "string"
120
+ },
121
+ stateId: {
122
+ type: "string"
123
+ },
124
+ redirectUrl: {
125
+ type: "string"
126
+ },
127
+ additionalProperties: false
128
+ },
129
+ required: ["sessionId", "stateId", "redirectUrl"],
130
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
131
+ },
132
+ IResponse: {
133
+ type: "object",
134
+ properties: {
135
+ status: {
136
+ type: "number"
137
+ },
138
+ additionalProperties: true
139
+ },
140
+ required: ["status"],
141
+ description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
142
+ },
143
+ IGetSiopAuthenticationRequestFromRpArgs: {
144
+ type: "object",
145
+ properties: {
146
+ sessionId: {
147
+ type: "string"
148
+ },
149
+ stateId: {
150
+ type: "string"
151
+ },
152
+ redirectUrl: {
153
+ type: "string"
154
+ },
155
+ additionalProperties: false
156
+ },
157
+ required: ["sessionId", "stateId", "redirectUrl"],
158
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
159
+ },
160
+ ParsedAuthenticationRequestURI: {
161
+ type: "object",
162
+ properties: {
163
+ jwt: {
164
+ type: "string"
165
+ },
166
+ requestPayload: {
135
167
  type: "object",
136
168
  properties: {
137
- status: {
138
- type: "number"
139
- },
140
169
  additionalProperties: true
141
- },
142
- required: ["status"],
143
- description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
170
+ }
144
171
  },
145
- IGetSiopAuthenticationRequestFromRpArgs: {
172
+ registration: {
146
173
  type: "object",
147
174
  properties: {
148
- sessionId: {
149
- type: "string"
150
- },
151
- stateId: {
152
- type: "string"
153
- },
154
- redirectUrl: {
155
- type: "string"
156
- },
157
- additionalProperties: false
158
- },
159
- required: ["sessionId", "stateId", "redirectUrl"],
160
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
175
+ additionalProperties: true
176
+ }
161
177
  },
162
- ParsedAuthenticationRequestURI: {
178
+ additionalProperties: false
179
+ },
180
+ required: ["jwt", "requestPayload", "registration"],
181
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
182
+ },
183
+ IGetSiopAuthenticationRequestDetailsArgs: {
184
+ type: "object",
185
+ properties: {
186
+ sessionId: {
187
+ type: "string"
188
+ },
189
+ verifiedAuthenticationRequest: {
163
190
  type: "object",
164
191
  properties: {
165
- jwt: {
166
- type: "string"
167
- },
168
- requestPayload: {
169
- type: "object",
170
- properties: {
171
- additionalProperties: true
172
- }
173
- },
174
- registration: {
175
- type: "object",
176
- properties: {
177
- additionalProperties: true
178
- }
179
- },
180
- additionalProperties: false
181
- },
182
- required: ["jwt", "requestPayload", "registration"],
183
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
192
+ additionalProperties: true
193
+ }
184
194
  },
185
- IGetSiopAuthenticationRequestDetailsArgs: {
195
+ credentialFilter: {
186
196
  type: "object",
187
197
  properties: {
188
- sessionId: {
189
- type: "string"
190
- },
191
- verifiedAuthenticationRequest: {
192
- type: "object",
193
- properties: {
194
- additionalProperties: true
195
- }
196
- },
197
- credentialFilter: {
198
- type: "object",
199
- properties: {
200
- additionalProperties: true
201
- }
202
- },
203
- additionalProperties: false
204
- },
205
- required: ["sessionId", "verifiedAuthenticationRequest"],
206
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
198
+ additionalProperties: true
199
+ }
200
+ },
201
+ additionalProperties: false
202
+ },
203
+ required: ["sessionId", "verifiedAuthenticationRequest"],
204
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
205
+ },
206
+ IAuthRequestDetails: {
207
+ type: "object",
208
+ properties: {
209
+ id: {
210
+ type: "string"
211
+ },
212
+ alsoKnownAs: {
213
+ type: "array",
214
+ items: {
215
+ type: "string"
216
+ }
207
217
  },
208
- IAuthRequestDetails: {
218
+ vpResponseOpts: {
209
219
  type: "object",
210
220
  properties: {
211
- id: {
212
- type: "string"
213
- },
214
- alsoKnownAs: {
215
- type: "array",
216
- items: {
217
- type: "string"
218
- }
219
- },
220
- vpResponseOpts: {
221
- type: "object",
222
- properties: {
223
- additionalProperties: true
224
- }
225
- },
226
- additionalProperties: false
227
- },
228
- required: ["id", "vpResponseOpts"],
229
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
221
+ additionalProperties: true
222
+ }
230
223
  },
231
- IVerifySiopAuthenticationRequestUriArgs: {
224
+ additionalProperties: false
225
+ },
226
+ required: ["id", "vpResponseOpts"],
227
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
228
+ },
229
+ IVerifySiopAuthenticationRequestUriArgs: {
230
+ type: "object",
231
+ properties: {
232
+ sessionId: {
233
+ type: "string"
234
+ },
235
+ ParsedAuthenticationRequestURI: {
232
236
  type: "object",
233
237
  properties: {
234
- sessionId: {
235
- type: "string"
236
- },
237
- ParsedAuthenticationRequestURI: {
238
- type: "object",
239
- properties: {
240
- additionalProperties: true
241
- }
242
- },
243
- additionalProperties: false
244
- },
245
- required: ["sessionId", "ParsedAuthenticationRequestURI"],
246
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
238
+ additionalProperties: true
239
+ }
247
240
  },
248
- VerifiedAuthorizationRequest: {
241
+ additionalProperties: false
242
+ },
243
+ required: ["sessionId", "ParsedAuthenticationRequestURI"],
244
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
245
+ },
246
+ VerifiedAuthorizationRequest: {
247
+ type: "object",
248
+ properties: {
249
+ payload: {
249
250
  type: "object",
250
251
  properties: {
251
- payload: {
252
- type: "object",
253
- properties: {
254
- additionalProperties: true
255
- }
256
- },
257
- presentationDefinitions: {
258
- type: "object",
259
- properties: {
260
- additionalProperties: true
261
- }
262
- },
263
- verifyOpts: {
264
- type: "object",
265
- properties: {
266
- additionalProperties: true
267
- }
268
- },
269
- additionalProperties: false
270
- },
271
- required: ["payload", "verifyOpts"],
272
- description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
252
+ additionalProperties: true
253
+ }
273
254
  },
274
- ISendSiopAuthenticationResponseArgs: {
255
+ presentationDefinitions: {
275
256
  type: "object",
276
257
  properties: {
277
- sessionId: {
278
- type: "string"
279
- },
280
- verifiedAuthenticationRequest: {
281
- type: "object",
282
- properties: {
283
- additionalProperties: true
284
- }
285
- },
286
- verifiablePresentationResponse: {
287
- type: "object",
288
- properties: {
289
- additionalProperties: true
290
- }
291
- },
292
- additionalProperties: false
293
- },
294
- required: ["sessionId", "verifiedAuthenticationRequest"],
295
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
296
- }
297
- },
298
- methods: {
299
- getSessionForSiop: {
300
- description: "Get SIOP session",
301
- arguments: {
302
- $ref: "#/components/schemas/IGetSiopSessionArgs"
303
- },
304
- returnType: "object"
305
- },
306
- registerSessionForSiop: {
307
- description: "Register SIOP session",
308
- arguments: {
309
- $ref: "#/components/schemas/IRegisterSiopSessionArgs"
310
- },
311
- returnType: "object"
312
- },
313
- removeSessionForSiop: {
314
- description: "Remove SIOP session",
315
- arguments: {
316
- $ref: "#/components/schemas/IRemoveSiopSessionArgs"
317
- },
318
- returnType: "boolean"
319
- },
320
- authenticateWithSiop: {
321
- description: "Authenticate using DID Auth SIOP",
322
- arguments: {
323
- $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
324
- },
325
- returnType: {
326
- $ref: "#/components/schemas/Response"
258
+ additionalProperties: true
327
259
  }
328
260
  },
329
- getSiopAuthenticationRequestFromRP: {
330
- description: "Get authentication request from RP",
331
- arguments: {
332
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
333
- },
334
- returnType: {
335
- $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
261
+ verifyOpts: {
262
+ type: "object",
263
+ properties: {
264
+ additionalProperties: true
336
265
  }
337
266
  },
338
- getSiopAuthenticationRequestDetails: {
339
- description: "Get authentication request details",
340
- arguments: {
341
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
342
- },
343
- returnType: {
344
- $ref: "#/components/schemas/IAuthRequestDetails"
345
- }
267
+ additionalProperties: false
268
+ },
269
+ required: ["payload", "verifyOpts"],
270
+ description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
271
+ },
272
+ ISendSiopAuthenticationResponseArgs: {
273
+ type: "object",
274
+ properties: {
275
+ sessionId: {
276
+ type: "string"
346
277
  },
347
- verifySiopAuthenticationRequestURI: {
348
- description: "Verify authentication request URI",
349
- arguments: {
350
- $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
351
- },
352
- returnType: {
353
- $ref: "#/components/schemas/VerifiedAuthorizationRequest"
278
+ verifiedAuthenticationRequest: {
279
+ type: "object",
280
+ properties: {
281
+ additionalProperties: true
354
282
  }
355
283
  },
356
- sendSiopAuthenticationResponse: {
357
- description: "Send authentication response",
358
- arguments: {
359
- $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
360
- },
361
- returnType: {
362
- $ref: "#/components/schemas/IRequiredContext"
284
+ verifiablePresentationResponse: {
285
+ type: "object",
286
+ properties: {
287
+ additionalProperties: true
363
288
  }
364
- }
289
+ },
290
+ additionalProperties: false
291
+ },
292
+ required: ["sessionId", "verifiedAuthenticationRequest"],
293
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
294
+ }
295
+ },
296
+ methods: {
297
+ getSessionForSiop: {
298
+ description: "Get SIOP session",
299
+ arguments: {
300
+ $ref: "#/components/schemas/IGetSiopSessionArgs"
301
+ },
302
+ returnType: "object"
303
+ },
304
+ registerSessionForSiop: {
305
+ description: "Register SIOP session",
306
+ arguments: {
307
+ $ref: "#/components/schemas/IRegisterSiopSessionArgs"
308
+ },
309
+ returnType: "object"
310
+ },
311
+ removeSessionForSiop: {
312
+ description: "Remove SIOP session",
313
+ arguments: {
314
+ $ref: "#/components/schemas/IRemoveSiopSessionArgs"
315
+ },
316
+ returnType: "boolean"
317
+ },
318
+ authenticateWithSiop: {
319
+ description: "Authenticate using DID Auth SIOP",
320
+ arguments: {
321
+ $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
322
+ },
323
+ returnType: {
324
+ $ref: "#/components/schemas/Response"
325
+ }
326
+ },
327
+ getSiopAuthenticationRequestFromRP: {
328
+ description: "Get authentication request from RP",
329
+ arguments: {
330
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
331
+ },
332
+ returnType: {
333
+ $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
334
+ }
335
+ },
336
+ getSiopAuthenticationRequestDetails: {
337
+ description: "Get authentication request details",
338
+ arguments: {
339
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
340
+ },
341
+ returnType: {
342
+ $ref: "#/components/schemas/IAuthRequestDetails"
343
+ }
344
+ },
345
+ verifySiopAuthenticationRequestURI: {
346
+ description: "Verify authentication request URI",
347
+ arguments: {
348
+ $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
349
+ },
350
+ returnType: {
351
+ $ref: "#/components/schemas/VerifiedAuthorizationRequest"
352
+ }
353
+ },
354
+ sendSiopAuthenticationResponse: {
355
+ description: "Send authentication response",
356
+ arguments: {
357
+ $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
358
+ },
359
+ returnType: {
360
+ $ref: "#/components/schemas/IRequiredContext"
365
361
  }
366
362
  }
367
363
  }
368
- };
364
+ }
369
365
  }
370
- });
366
+ };
371
367
 
372
368
  // src/agent/DidAuthSiopOpAuthenticator.ts
373
- import { decodeUriAsJson, SupportedVersion as SupportedVersion3 } from "@sphereon/did-auth-siop";
374
- import { ConnectionType as ConnectionType2, CorrelationIdentifierType, CredentialDocumentFormat, CredentialRole as CredentialRole2, DocumentType, IdentityOrigin } from "@sphereon/ssi-sdk.data-store";
375
- import { Loggers as Loggers4 } from "@sphereon/ssi-types";
369
+ import { decodeUriAsJson } from "@sphereon/did-auth-siop";
370
+ import { ConnectionType as ConnectionType2, CorrelationIdentifierType, IdentityOrigin } from "@sphereon/ssi-sdk.data-store-types";
371
+ import { Loggers as Loggers4, CredentialRole as CredentialRole2 } from "@sphereon/ssi-types";
376
372
  import { v4 as uuidv4 } from "uuid";
377
373
 
378
374
  // src/session/functions.ts
@@ -398,10 +394,8 @@ __name(createOID4VPPresentationSignCallback, "createOID4VPPresentationSignCallba
398
394
  async function createOPBuilder({ opOptions, idOpts: idOpts1, context }) {
399
395
  const eventEmitter = opOptions.eventEmitter ?? new EventEmitter();
400
396
  const builder = OP.builder().withResponseMode(opOptions.responseMode ?? ResponseMode.DIRECT_POST).withSupportedVersions(opOptions.supportedVersions ?? [
401
- SupportedVersion.SIOPv2_ID1,
402
- SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
403
- SupportedVersion.SIOPv2_D11,
404
- SupportedVersion.SIOPv2_D12_OID4VP_D18
397
+ SupportedVersion.OID4VP_v1,
398
+ SupportedVersion.SIOPv2_OID4VP_D28
405
399
  ]).withExpiresIn(opOptions.expiresIn ?? 300).withEventEmitter(eventEmitter).withRegistration({
406
400
  passBy: PassBy.VALUE
407
401
  });
@@ -528,104 +522,15 @@ function getSigningAlgo(type) {
528
522
  }
529
523
  __name(getSigningAlgo, "getSigningAlgo");
530
524
 
531
- // src/session/OID4VP.ts
532
- import { PresentationExchange } from "@sphereon/did-auth-siop";
533
- import { Status } from "@sphereon/pex";
534
- import { isManagedIdentifierDidResult, isOID4VCIssuerIdentifier } from "@sphereon/ssi-sdk-ext.identifier-resolution";
535
- import { defaultHasher } from "@sphereon/ssi-sdk.core";
536
- import { verifiableCredentialForRoleFilter } from "@sphereon/ssi-sdk.credential-store";
537
-
538
- // src/types/IDidAuthSiopOpAuthenticator.ts
539
- var LOGGER_NAMESPACE = "sphereon:siopv2-oid4vp:op-auth";
540
- var events = /* @__PURE__ */ function(events2) {
541
- events2["DID_SIOP_AUTHENTICATED"] = "didSiopAuthenticated";
542
- return events2;
543
- }({});
544
- var DEFAULT_JWT_PROOF_TYPE = "JwtProof2020";
545
-
546
- // src/types/siop-service/index.ts
547
- var Siopv2HolderEvent = /* @__PURE__ */ function(Siopv2HolderEvent2) {
548
- Siopv2HolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
549
- Siopv2HolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
550
- return Siopv2HolderEvent2;
551
- }({});
552
- var SupportedLanguage = /* @__PURE__ */ function(SupportedLanguage2) {
553
- SupportedLanguage2["ENGLISH"] = "en";
554
- SupportedLanguage2["DUTCH"] = "nl";
555
- return SupportedLanguage2;
556
- }({});
557
-
558
- // src/types/machine/index.ts
559
- var Siopv2MachineStates = /* @__PURE__ */ function(Siopv2MachineStates2) {
560
- Siopv2MachineStates2["createConfig"] = "createConfig";
561
- Siopv2MachineStates2["getSiopRequest"] = "getSiopRequest";
562
- Siopv2MachineStates2["getSelectableCredentials"] = "getSelectableCredentials";
563
- Siopv2MachineStates2["retrieveContact"] = "retrieveContact";
564
- Siopv2MachineStates2["transitionFromSetup"] = "transitionFromSetup";
565
- Siopv2MachineStates2["addContact"] = "addContact";
566
- Siopv2MachineStates2["addContactIdentity"] = "addContactIdentity";
567
- Siopv2MachineStates2["selectCredentials"] = "selectCredentials";
568
- Siopv2MachineStates2["sendResponse"] = "sendResponse";
569
- Siopv2MachineStates2["handleError"] = "handleError";
570
- Siopv2MachineStates2["aborted"] = "aborted";
571
- Siopv2MachineStates2["declined"] = "declined";
572
- Siopv2MachineStates2["error"] = "error";
573
- Siopv2MachineStates2["done"] = "done";
574
- return Siopv2MachineStates2;
575
- }({});
576
- var Siopv2MachineAddContactStates = /* @__PURE__ */ function(Siopv2MachineAddContactStates2) {
577
- Siopv2MachineAddContactStates2["idle"] = "idle";
578
- Siopv2MachineAddContactStates2["executing"] = "executing";
579
- Siopv2MachineAddContactStates2["next"] = "next";
580
- return Siopv2MachineAddContactStates2;
581
- }({});
582
- var Siopv2MachineEvents = /* @__PURE__ */ function(Siopv2MachineEvents2) {
583
- Siopv2MachineEvents2["NEXT"] = "NEXT";
584
- Siopv2MachineEvents2["PREVIOUS"] = "PREVIOUS";
585
- Siopv2MachineEvents2["DECLINE"] = "DECLINE";
586
- Siopv2MachineEvents2["SET_CONTACT_ALIAS"] = "SET_CONTACT_ALIAS";
587
- Siopv2MachineEvents2["SET_CONTACT_CONSENT"] = "SET_CONTACT_CONSENT";
588
- Siopv2MachineEvents2["CREATE_CONTACT"] = "CREATE_CONTACT";
589
- Siopv2MachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
590
- return Siopv2MachineEvents2;
591
- }({});
592
- var Siopv2MachineGuards = /* @__PURE__ */ function(Siopv2MachineGuards2) {
593
- Siopv2MachineGuards2["hasNoContactGuard"] = "Siopv2HasNoContactGuard";
594
- Siopv2MachineGuards2["createContactGuard"] = "Siopv2CreateContactGuard";
595
- Siopv2MachineGuards2["hasContactGuard"] = "Siopv2HasContactGuard";
596
- Siopv2MachineGuards2["hasAuthorizationRequestGuard"] = "Siopv2HasAuthorizationRequestGuard";
597
- Siopv2MachineGuards2["hasSelectableCredentialsAndContactGuard"] = "Siopv2HasSelectableCredentialsAndContactGuard";
598
- Siopv2MachineGuards2["hasSelectedRequiredCredentialsGuard"] = "Siopv2HasSelectedRequiredCredentialsGuard";
599
- Siopv2MachineGuards2["siopOnlyGuard"] = "Siopv2IsSiopOnlyGuard";
600
- Siopv2MachineGuards2["siopWithOID4VPGuard"] = "Siopv2IsSiopWithOID4VPGuard";
601
- return Siopv2MachineGuards2;
602
- }({});
603
- var Siopv2MachineServices = /* @__PURE__ */ function(Siopv2MachineServices2) {
604
- Siopv2MachineServices2["getSiopRequest"] = "getSiopRequest";
605
- Siopv2MachineServices2["getSelectableCredentials"] = "getSelectableCredentials";
606
- Siopv2MachineServices2["retrieveContact"] = "retrieveContact";
607
- Siopv2MachineServices2["addContactIdentity"] = "addContactIdentity";
608
- Siopv2MachineServices2["sendResponse"] = "sendResponse";
609
- Siopv2MachineServices2["createConfig"] = "createConfig";
610
- return Siopv2MachineServices2;
611
- }({});
612
-
613
- // src/types/identifier/index.ts
614
- var DID_PREFIX = "did";
615
-
616
525
  // src/session/OID4VP.ts
617
526
  var OID4VP = class _OID4VP {
618
527
  static {
619
528
  __name(this, "OID4VP");
620
529
  }
621
- session;
622
- allIdentifiers;
623
- hasher;
530
+ //private readonly session: OpSession
531
+ // private readonly allIdentifiers: string[]
532
+ // private readonly hasher?: HasherSync
624
533
  constructor(args) {
625
- const { session, allIdentifiers, hasher = defaultHasher } = args;
626
- this.session = session;
627
- this.allIdentifiers = allIdentifiers ?? [];
628
- this.hasher = hasher;
629
534
  }
630
535
  static async init(session, allIdentifiers, hasher) {
631
536
  return new _OID4VP({
@@ -634,184 +539,14 @@ var OID4VP = class _OID4VP {
634
539
  hasher
635
540
  });
636
541
  }
637
- async getPresentationDefinitions() {
638
- const definitions = await this.session.getPresentationDefinitions();
639
- if (definitions) {
640
- PresentationExchange.assertValidPresentationDefinitionWithLocations(definitions);
641
- }
642
- return definitions;
643
- }
644
- getPresentationExchange(args) {
645
- const { verifiableCredentials, allIdentifiers, hasher } = args;
646
- return new PresentationExchange({
647
- allDIDs: allIdentifiers ?? this.allIdentifiers,
648
- allVerifiableCredentials: verifiableCredentials,
649
- hasher: hasher ?? this.hasher
650
- });
651
- }
652
- async createVerifiablePresentations(credentialRole, credentialsWithDefinitions, opts) {
653
- return await Promise.all(credentialsWithDefinitions.map((cred) => this.createVerifiablePresentation(credentialRole, cred, opts)));
654
- }
655
- async createVerifiablePresentation(credentialRole, selectedVerifiableCredentials, opts) {
656
- const { subjectIsHolder, holder, forceNoCredentialsInVP = false } = {
657
- ...opts
658
- };
659
- if (subjectIsHolder && holder) {
660
- throw Error("Cannot both have subject is holder and a holderDID value at the same time (programming error)");
661
- }
662
- if (forceNoCredentialsInVP) {
663
- selectedVerifiableCredentials.credentials = [];
664
- } else if (!selectedVerifiableCredentials?.credentials || selectedVerifiableCredentials.credentials.length === 0) {
665
- throw Error("No verifiable verifiableCredentials provided for presentation definition");
666
- }
667
- const proofOptions = {
668
- ...opts?.proofOpts,
669
- challenge: opts?.proofOpts?.nonce ?? opts?.proofOpts?.challenge ?? this.session.nonce,
670
- domain: opts?.proofOpts?.domain ?? await this.session.getRedirectUri()
671
- };
672
- let idOpts2 = opts?.idOpts;
673
- if (!idOpts2) {
674
- if (opts?.subjectIsHolder) {
675
- if (forceNoCredentialsInVP) {
676
- return Promise.reject(Error(`Cannot have subject is holder, when force no credentials is being used, as we could never determine the holder then. Please provide holderDID`));
677
- }
678
- const firstUniqueDC = selectedVerifiableCredentials.credentials[0];
679
- if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
680
- return Promise.reject(Error("If no opts provided, credentials should be of type UniqueDigitalCredential"));
681
- }
682
- idOpts2 = isOID4VCIssuerIdentifier(firstUniqueDC.digitalCredential.kmsKeyRef) ? await this.session.context.agent.identifierManagedGetByIssuer({
683
- identifier: firstUniqueDC.digitalCredential.kmsKeyRef
684
- }) : await this.session.context.agent.identifierManagedGetByKid({
685
- identifier: firstUniqueDC.digitalCredential.kmsKeyRef,
686
- kmsKeyRef: firstUniqueDC.digitalCredential.kmsKeyRef
687
- });
688
- } else if (opts?.holder) {
689
- idOpts2 = {
690
- identifier: opts.holder
691
- };
692
- }
693
- }
694
- const vcs = forceNoCredentialsInVP ? selectedVerifiableCredentials : opts?.applyFilter ? await this.filterCredentials(credentialRole, selectedVerifiableCredentials.definition, {
695
- restrictToFormats: opts?.restrictToFormats,
696
- restrictToDIDMethods: opts?.restrictToDIDMethods,
697
- filterOpts: {
698
- verifiableCredentials: selectedVerifiableCredentials.credentials
699
- }
700
- }) : {
701
- definition: selectedVerifiableCredentials.definition,
702
- credentials: selectedVerifiableCredentials.credentials
703
- };
704
- if (!idOpts2) {
705
- return Promise.reject(Error(`No identifier options present at this point`));
706
- }
707
- const signCallback = await createOID4VPPresentationSignCallback({
708
- presentationSignCallback: this.session.options.presentationSignCallback,
709
- idOpts: idOpts2,
710
- context: this.session.context,
711
- domain: proofOptions.domain,
712
- challenge: proofOptions.challenge,
713
- format: opts?.restrictToFormats ?? selectedVerifiableCredentials.definition.definition.format,
714
- skipDidResolution: opts?.skipDidResolution ?? false
715
- });
716
- const identifier = await this.session.context.agent.identifierManagedGet(idOpts2);
717
- const verifiableCredentials = vcs.credentials.map((credential) => typeof credential === "object" && "digitalCredential" in credential ? credential.originalVerifiableCredential : credential);
718
- const presentationResult = await this.getPresentationExchange({
719
- verifiableCredentials,
720
- allIdentifiers: this.allIdentifiers,
721
- hasher: opts?.hasher
722
- }).createVerifiablePresentation(vcs.definition.definition, verifiableCredentials, signCallback, {
723
- proofOptions,
724
- // fixme: Update to newer siop-vp to not require dids here. But when Veramo is creating the VP it's still looking at this field to pass into didManagerGet
725
- ...identifier && isManagedIdentifierDidResult(identifier) && {
726
- holderDID: identifier.did
727
- }
728
- });
729
- const verifiablePresentations = presentationResult.verifiablePresentations.map((verifiablePresentation) => typeof verifiablePresentation !== "string" && "proof" in verifiablePresentation && "jwt" in verifiablePresentation.proof && verifiablePresentation.proof.jwt ? verifiablePresentation.proof.jwt : verifiablePresentation);
730
- return {
731
- ...presentationResult,
732
- verifiablePresentations,
733
- verifiableCredentials,
734
- definition: selectedVerifiableCredentials.definition,
735
- idOpts: idOpts2
736
- };
737
- }
738
- async filterCredentialsAgainstAllDefinitions(credentialRole, opts) {
739
- const defs = await this.getPresentationDefinitions();
740
- const result = [];
741
- if (defs) {
742
- for (const definition of defs) {
743
- result.push(await this.filterCredentials(credentialRole, definition, opts));
744
- }
745
- }
746
- return result;
747
- }
748
- async filterCredentials(credentialRole, presentationDefinition, opts) {
749
- const udcMap = /* @__PURE__ */ new Map();
750
- opts?.filterOpts?.verifiableCredentials?.forEach((credential) => {
751
- if (typeof credential === "object" && "digitalCredential" in credential) {
752
- udcMap.set(credential.originalVerifiableCredential, credential);
753
- } else {
754
- udcMap.set(credential, credential);
755
- }
756
- });
757
- const credentials = (await this.filterCredentialsWithSelectionStatus(credentialRole, presentationDefinition, {
758
- ...opts,
759
- filterOpts: {
760
- verifiableCredentials: opts?.filterOpts?.verifiableCredentials?.map((credential) => {
761
- if (typeof credential === "object" && "digitalCredential" in credential) {
762
- return credential.originalVerifiableCredential;
763
- } else {
764
- return credential;
765
- }
766
- })
767
- }
768
- })).verifiableCredential;
769
- return {
770
- definition: presentationDefinition,
771
- credentials: credentials?.map((vc) => udcMap.get(vc)) ?? []
772
- };
773
- }
774
- async filterCredentialsWithSelectionStatus(credentialRole, presentationDefinition, opts) {
775
- const selectionResults = await this.getPresentationExchange({
776
- verifiableCredentials: await this.getCredentials(credentialRole, opts?.filterOpts)
777
- }).selectVerifiableCredentialsForSubmission(presentationDefinition.definition, opts);
778
- if (selectionResults.errors && selectionResults.errors.length > 0) {
779
- throw Error(JSON.stringify(selectionResults.errors));
780
- } else if (selectionResults.areRequiredCredentialsPresent === Status.ERROR) {
781
- throw Error(`Not all required credentials are available to satisfy the relying party's request`);
782
- }
783
- const matches = selectionResults.matches;
784
- if (!matches || matches.length === 0 || !selectionResults.verifiableCredential || selectionResults.verifiableCredential.length === 0) {
785
- throw Error(JSON.stringify(selectionResults.errors));
786
- }
787
- return selectionResults;
788
- }
789
- async getCredentials(credentialRole, filterOpts) {
790
- if (filterOpts?.verifiableCredentials && filterOpts.verifiableCredentials.length > 0) {
791
- return filterOpts.verifiableCredentials;
792
- }
793
- const filter = verifiableCredentialForRoleFilter(credentialRole, filterOpts?.filter);
794
- const uniqueCredentials = await this.session.context.agent.crsGetUniqueCredentials({
795
- filter
796
- });
797
- return uniqueCredentials.map((uniqueVC) => {
798
- const vc = uniqueVC.uniformVerifiableCredential;
799
- const proof = Array.isArray(vc.proof) ? vc.proof : [
800
- vc.proof
801
- ];
802
- const jwtProof = proof.find((p) => p?.type === DEFAULT_JWT_PROOF_TYPE);
803
- return jwtProof ? jwtProof.jwt : vc;
804
- });
805
- }
806
542
  };
807
543
 
808
544
  // src/session/OpSession.ts
809
545
  import { OP as OP2, URI } from "@sphereon/did-auth-siop";
810
546
  import { getAgentDIDMethods, getAgentResolver } from "@sphereon/ssi-sdk-ext.did-utils";
811
547
  import { encodeBase64url } from "@sphereon/ssi-sdk.core";
812
- import { CredentialMapper, parseDid } from "@sphereon/ssi-types";
548
+ import { parseDid } from "@sphereon/ssi-types";
813
549
  import { v4 } from "uuid";
814
- import { PEX } from "@sphereon/pex";
815
550
  import { Loggers } from "@sphereon/ssi-types";
816
551
  var logger = Loggers.DEFAULT.get("sphereon:oid4vp:OpSession");
817
552
  var OpSession = class _OpSession {
@@ -826,13 +561,11 @@ var OpSession = class _OpSession {
826
561
  verifiedAuthorizationRequest;
827
562
  _nonce;
828
563
  _state;
829
- _providedPresentationDefinitions;
830
564
  constructor(options) {
831
565
  this.id = options.sessionId;
832
566
  this.options = options.op;
833
567
  this.context = options.context;
834
568
  this.requestJwtOrUri = options.requestJwtOrUri;
835
- this._providedPresentationDefinitions = options.providedPresentationDefinitions;
836
569
  }
837
570
  static async init(options) {
838
571
  return new _OpSession(options);
@@ -930,7 +663,7 @@ var OpSession = class _OpSession {
930
663
  subjectSyntaxTypesSupported
931
664
  ]).map((method) => convertDidMethod(method, opts.didPrefix));
932
665
  }
933
- const isEBSI = rpMethods.length === 0 && (authReq.issuer?.includes(".ebsi.eu") || (await authReq.authorizationRequest.getMergedProperty("client_id"))?.includes(".ebsi.eu"));
666
+ const isEBSI = rpMethods.length === 0 && (authReq.issuer?.includes(".ebsi.eu") || authReq.authorizationRequest.getMergedProperty("client_id")?.includes(".ebsi.eu"));
934
667
  let codecName = void 0;
935
668
  if (isEBSI && (!aud || !aud.startsWith("http"))) {
936
669
  logger.debug(`EBSI detected, adding did:key to supported DID methods for RP`);
@@ -985,51 +718,9 @@ var OpSession = class _OpSession {
985
718
  async getRedirectUri() {
986
719
  return Promise.resolve(this.verifiedAuthorizationRequest.responseURI);
987
720
  }
988
- async hasPresentationDefinitions() {
989
- const defs = this._providedPresentationDefinitions ?? (await this.getAuthorizationRequest()).presentationDefinitions;
990
- return defs !== void 0 && defs.length > 0;
991
- }
992
- async getPresentationDefinitions() {
993
- if (!await this.hasPresentationDefinitions()) {
994
- throw Error(`No presentation definitions found`);
995
- }
996
- return this._providedPresentationDefinitions ?? (await this.getAuthorizationRequest()).presentationDefinitions;
997
- }
998
721
  async getOID4VP(args) {
999
722
  return await OID4VP.init(this, args.allIdentifiers ?? [], args.hasher);
1000
723
  }
1001
- createPresentationVerificationCallback(context) {
1002
- async function presentationVerificationCallback(args, presentationSubmission) {
1003
- let result;
1004
- if (CredentialMapper.isSdJwtEncoded(args)) {
1005
- try {
1006
- const sdJwtResult = await context.agent.verifySdJwtPresentation({
1007
- presentation: args
1008
- });
1009
- result = {
1010
- verified: "header" in sdJwtResult,
1011
- error: "header" in sdJwtResult ? void 0 : {
1012
- message: "could not verify SD JWT presentation"
1013
- }
1014
- };
1015
- } catch (error) {
1016
- result = {
1017
- verified: false,
1018
- error: {
1019
- message: error.message
1020
- }
1021
- };
1022
- }
1023
- } else {
1024
- result = await context.agent.verifyPresentation({
1025
- presentation: args
1026
- });
1027
- }
1028
- return result;
1029
- }
1030
- __name(presentationVerificationCallback, "presentationVerificationCallback");
1031
- return presentationVerificationCallback;
1032
- }
1033
724
  async createJarmResponseCallback({ responseOpts }) {
1034
725
  const agent = this.context.agent;
1035
726
  return /* @__PURE__ */ __name(async function jarmResponse(opts) {
@@ -1056,6 +747,7 @@ var OpSession = class _OpSession {
1056
747
  }, "jarmResponse");
1057
748
  }
1058
749
  async sendAuthorizationResponse(args) {
750
+ const { responseSignerOpts, dcqlResponse, isFirstParty } = args;
1059
751
  const resolveOpts = this.options.resolveOpts ?? {
1060
752
  resolver: getAgentResolver(this.context, {
1061
753
  uniresolverResolution: true,
@@ -1066,23 +758,7 @@ var OpSession = class _OpSession {
1066
758
  if (!resolveOpts.subjectSyntaxTypesSupported || resolveOpts.subjectSyntaxTypesSupported.length === 0) {
1067
759
  resolveOpts.subjectSyntaxTypesSupported = await this.getSupportedDIDMethods(true);
1068
760
  }
1069
- const verification = {
1070
- presentationVerificationCallback: this.createPresentationVerificationCallback(this.context)
1071
- };
1072
761
  const request = await this.getAuthorizationRequest();
1073
- const hasDefinitions = await this.hasPresentationDefinitions();
1074
- if (hasDefinitions) {
1075
- const totalInputDescriptors = request.presentationDefinitions?.reduce((sum, pd) => {
1076
- return sum + pd.definition.input_descriptors.length;
1077
- }, 0);
1078
- const totalVCs = args.verifiablePresentations ? this.countVCsInAllVPs(args.verifiablePresentations, args.hasher) : 0;
1079
- if (!request.presentationDefinitions || !args.verifiablePresentations || totalVCs !== totalInputDescriptors) {
1080
- throw Error(`Amount of presentations ${args.verifiablePresentations?.length}, doesn't match expected ${request.presentationDefinitions?.length}`);
1081
- } else if (!args.presentationSubmission) {
1082
- throw Error(`Presentation submission is required when verifiable presentations are required`);
1083
- }
1084
- }
1085
- const verifiablePresentations = args.verifiablePresentations ? args.verifiablePresentations.map((vp) => CredentialMapper.storedPresentationToOriginalFormat(vp)) : [];
1086
762
  const op = await createOP({
1087
763
  opOptions: {
1088
764
  ...this.options,
@@ -1094,23 +770,16 @@ var OpSession = class _OpSession {
1094
770
  wellknownDIDVerifyCallback: this.options.wellknownDIDVerifyCallback,
1095
771
  supportedVersions: request.versions
1096
772
  },
1097
- idOpts: args.responseSignerOpts,
773
+ idOpts: responseSignerOpts,
1098
774
  context: this.context
1099
775
  });
1100
- let issuer = args.responseSignerOpts.issuer;
776
+ let issuer = responseSignerOpts.issuer;
1101
777
  const responseOpts = {
1102
- verification,
1103
778
  issuer,
1104
- ...args.isFirstParty && {
1105
- isFirstParty: args.isFirstParty
779
+ ...isFirstParty && {
780
+ isFirstParty
1106
781
  },
1107
- ...args.verifiablePresentations && {
1108
- presentationExchange: {
1109
- verifiablePresentations,
1110
- presentationSubmission: args.presentationSubmission
1111
- }
1112
- },
1113
- dcqlQuery: args.dcqlResponse
782
+ dcqlResponse
1114
783
  };
1115
784
  const authResponse = await op.createAuthorizationResponse(request, responseOpts);
1116
785
  const response = await op.submitAuthorizationResponse(authResponse, await this.createJarmResponseCallback({
@@ -1122,24 +791,6 @@ var OpSession = class _OpSession {
1122
791
  return response;
1123
792
  }
1124
793
  }
1125
- countVCsInAllVPs(verifiablePresentations, hasher) {
1126
- return verifiablePresentations.reduce((sum, vp) => {
1127
- if (CredentialMapper.isMsoMdocDecodedPresentation(vp) || CredentialMapper.isMsoMdocOid4VPEncoded(vp)) {
1128
- return sum + 1;
1129
- }
1130
- const uvp = CredentialMapper.toUniformPresentation(vp, {
1131
- hasher: hasher ?? this.options.hasher
1132
- });
1133
- if (uvp.verifiableCredential?.length) {
1134
- return sum + uvp.verifiableCredential?.length;
1135
- }
1136
- const isSdJWT = CredentialMapper.isSdJwtDecodedCredential(uvp);
1137
- if (isSdJWT || uvp.verifiableCredential && !PEX.allowMultipleVCsPerPresentation(uvp.verifiableCredential)) {
1138
- return sum + 1;
1139
- }
1140
- return sum;
1141
- }, 0);
1142
- }
1143
794
  };
1144
795
  function convertDidMethod(didMethod, didPrefix) {
1145
796
  if (didPrefix === false) {
@@ -1149,10 +800,79 @@ function convertDidMethod(didMethod, didPrefix) {
1149
800
  }
1150
801
  __name(convertDidMethod, "convertDidMethod");
1151
802
 
1152
- // src/agent/DidAuthSiopOpAuthenticator.ts
1153
- import { PEX as PEX3, Status as Status2 } from "@sphereon/pex";
1154
- import { computeEntryHash } from "@veramo/utils";
1155
- import { DcqlQuery as DcqlQuery2 } from "dcql";
803
+ // src/types/IDidAuthSiopOpAuthenticator.ts
804
+ var LOGGER_NAMESPACE = "sphereon:siopv2-oid4vp:op-auth";
805
+ var DEFAULT_JWT_PROOF_TYPE = "JwtProof2020";
806
+
807
+ // src/types/siop-service/index.ts
808
+ var Siopv2HolderEvent = /* @__PURE__ */ (function(Siopv2HolderEvent2) {
809
+ Siopv2HolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
810
+ Siopv2HolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
811
+ return Siopv2HolderEvent2;
812
+ })({});
813
+ var SupportedLanguage = /* @__PURE__ */ (function(SupportedLanguage2) {
814
+ SupportedLanguage2["ENGLISH"] = "en";
815
+ SupportedLanguage2["DUTCH"] = "nl";
816
+ return SupportedLanguage2;
817
+ })({});
818
+
819
+ // src/types/machine/index.ts
820
+ var Siopv2MachineStates = /* @__PURE__ */ (function(Siopv2MachineStates2) {
821
+ Siopv2MachineStates2["createConfig"] = "createConfig";
822
+ Siopv2MachineStates2["getSiopRequest"] = "getSiopRequest";
823
+ Siopv2MachineStates2["getSelectableCredentials"] = "getSelectableCredentials";
824
+ Siopv2MachineStates2["retrieveContact"] = "retrieveContact";
825
+ Siopv2MachineStates2["transitionFromSetup"] = "transitionFromSetup";
826
+ Siopv2MachineStates2["addContact"] = "addContact";
827
+ Siopv2MachineStates2["addContactIdentity"] = "addContactIdentity";
828
+ Siopv2MachineStates2["selectCredentials"] = "selectCredentials";
829
+ Siopv2MachineStates2["sendResponse"] = "sendResponse";
830
+ Siopv2MachineStates2["handleError"] = "handleError";
831
+ Siopv2MachineStates2["aborted"] = "aborted";
832
+ Siopv2MachineStates2["declined"] = "declined";
833
+ Siopv2MachineStates2["error"] = "error";
834
+ Siopv2MachineStates2["done"] = "done";
835
+ return Siopv2MachineStates2;
836
+ })({});
837
+ var Siopv2MachineAddContactStates = /* @__PURE__ */ (function(Siopv2MachineAddContactStates2) {
838
+ Siopv2MachineAddContactStates2["idle"] = "idle";
839
+ Siopv2MachineAddContactStates2["executing"] = "executing";
840
+ Siopv2MachineAddContactStates2["next"] = "next";
841
+ return Siopv2MachineAddContactStates2;
842
+ })({});
843
+ var Siopv2MachineEvents = /* @__PURE__ */ (function(Siopv2MachineEvents2) {
844
+ Siopv2MachineEvents2["NEXT"] = "NEXT";
845
+ Siopv2MachineEvents2["PREVIOUS"] = "PREVIOUS";
846
+ Siopv2MachineEvents2["DECLINE"] = "DECLINE";
847
+ Siopv2MachineEvents2["SET_CONTACT_ALIAS"] = "SET_CONTACT_ALIAS";
848
+ Siopv2MachineEvents2["SET_CONTACT_CONSENT"] = "SET_CONTACT_CONSENT";
849
+ Siopv2MachineEvents2["CREATE_CONTACT"] = "CREATE_CONTACT";
850
+ Siopv2MachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
851
+ return Siopv2MachineEvents2;
852
+ })({});
853
+ var Siopv2MachineGuards = /* @__PURE__ */ (function(Siopv2MachineGuards2) {
854
+ Siopv2MachineGuards2["hasNoContactGuard"] = "Siopv2HasNoContactGuard";
855
+ Siopv2MachineGuards2["createContactGuard"] = "Siopv2CreateContactGuard";
856
+ Siopv2MachineGuards2["hasContactGuard"] = "Siopv2HasContactGuard";
857
+ Siopv2MachineGuards2["hasAuthorizationRequestGuard"] = "Siopv2HasAuthorizationRequestGuard";
858
+ Siopv2MachineGuards2["hasSelectableCredentialsAndContactGuard"] = "Siopv2HasSelectableCredentialsAndContactGuard";
859
+ Siopv2MachineGuards2["hasSelectedRequiredCredentialsGuard"] = "Siopv2HasSelectedRequiredCredentialsGuard";
860
+ Siopv2MachineGuards2["siopOnlyGuard"] = "Siopv2IsSiopOnlyGuard";
861
+ Siopv2MachineGuards2["siopWithOID4VPGuard"] = "Siopv2IsSiopWithOID4VPGuard";
862
+ return Siopv2MachineGuards2;
863
+ })({});
864
+ var Siopv2MachineServices = /* @__PURE__ */ (function(Siopv2MachineServices2) {
865
+ Siopv2MachineServices2["getSiopRequest"] = "getSiopRequest";
866
+ Siopv2MachineServices2["getSelectableCredentials"] = "getSelectableCredentials";
867
+ Siopv2MachineServices2["retrieveContact"] = "retrieveContact";
868
+ Siopv2MachineServices2["addContactIdentity"] = "addContactIdentity";
869
+ Siopv2MachineServices2["sendResponse"] = "sendResponse";
870
+ Siopv2MachineServices2["createConfig"] = "createConfig";
871
+ return Siopv2MachineServices2;
872
+ })({});
873
+
874
+ // src/types/identifier/index.ts
875
+ var DID_PREFIX = "did";
1156
876
 
1157
877
  // src/machine/Siopv2Machine.ts
1158
878
  import { assign, createMachine, interpret } from "xstate";
@@ -1221,7 +941,7 @@ var Siopv2HasSelectableCredentialsAndContactGuard = /* @__PURE__ */ __name((_ctx
1221
941
  if (!contact) {
1222
942
  throw new Error("Missing contact request data in context");
1223
943
  }
1224
- return authorizationRequestData.presentationDefinitions !== void 0;
944
+ return authorizationRequestData.dcqlQuery !== void 0;
1225
945
  }, "Siopv2HasSelectableCredentialsAndContactGuard");
1226
946
  var Siopv2CreateContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
1227
947
  const { contactAlias, hasContactConsent } = _ctx;
@@ -1232,7 +952,7 @@ var Siopv2HasSelectedRequiredCredentialsGuard = /* @__PURE__ */ __name((_ctx, _e
1232
952
  if (authorizationRequestData === void 0) {
1233
953
  throw new Error("Missing authorization request data in context");
1234
954
  }
1235
- if (authorizationRequestData.presentationDefinitions === void 0 || authorizationRequestData.presentationDefinitions.length === 0) {
955
+ if (authorizationRequestData.dcqlQuery === void 0) {
1236
956
  throw Error("No presentation definitions present");
1237
957
  }
1238
958
  return _ctx.selectedCredentials.length > 0;
@@ -1242,7 +962,7 @@ var Siopv2IsSiopOnlyGuard = /* @__PURE__ */ __name((_ctx, _event) => {
1242
962
  if (authorizationRequestData === void 0) {
1243
963
  throw new Error("Missing authorization request data in context");
1244
964
  }
1245
- return authorizationRequestData.presentationDefinitions === void 0;
965
+ return authorizationRequestData.dcqlQuery === void 0;
1246
966
  }, "Siopv2IsSiopOnlyGuard");
1247
967
  var Siopv2IsSiopWithOID4VPGuard = /* @__PURE__ */ __name((_ctx, _event) => {
1248
968
  const { authorizationRequestData, selectableCredentialsMap } = _ctx;
@@ -1252,7 +972,7 @@ var Siopv2IsSiopWithOID4VPGuard = /* @__PURE__ */ __name((_ctx, _event) => {
1252
972
  if (!selectableCredentialsMap) {
1253
973
  throw new Error("Missing selectableCredentialsMap in context");
1254
974
  }
1255
- return authorizationRequestData.presentationDefinitions !== void 0;
975
+ return authorizationRequestData.dcqlQuery !== void 0;
1256
976
  }, "Siopv2IsSiopWithOID4VPGuard");
1257
977
  var createSiopv2Machine = /* @__PURE__ */ __name((opts) => {
1258
978
  const { url, idOpts: idOpts2 } = opts;
@@ -1567,115 +1287,59 @@ var Siopv2Machine = class {
1567
1287
  };
1568
1288
 
1569
1289
  // src/services/Siopv2MachineService.ts
1570
- import { SupportedVersion as SupportedVersion2 } from "@sphereon/did-auth-siop";
1571
- import { PEX as PEX2 } from "@sphereon/pex";
1572
- import { isOID4VCIssuerIdentifier as isOID4VCIssuerIdentifier2 } from "@sphereon/ssi-sdk-ext.identifier-resolution";
1573
- import { verifiableCredentialForRoleFilter as verifiableCredentialForRoleFilter2 } from "@sphereon/ssi-sdk.credential-store";
1574
- import { ConnectionType, CredentialRole } from "@sphereon/ssi-sdk.data-store";
1575
- import { CredentialMapper as CredentialMapper4, Loggers as Loggers3 } from "@sphereon/ssi-types";
1290
+ import { calculateSdHash } from "@sphereon/pex/dist/main/lib/utils/index.js";
1576
1291
  import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from "@sphereon/ssi-sdk-ext.did-utils";
1577
- import { defaultHasher as defaultHasher2, encodeJoseBlob } from "@sphereon/ssi-sdk.core";
1292
+ import { isOID4VCIssuerIdentifier } from "@sphereon/ssi-sdk-ext.identifier-resolution";
1293
+ import { encodeJoseBlob } from "@sphereon/ssi-sdk.core";
1294
+ import { verifiableCredentialForRoleFilter } from "@sphereon/ssi-sdk.credential-store";
1295
+ import { ConnectionType } from "@sphereon/ssi-sdk.data-store-types";
1296
+ import { defaultGenerateDigest } from "@sphereon/ssi-sdk.sd-jwt";
1297
+ import { CredentialMapper as CredentialMapper3, CredentialRole, Loggers as Loggers3 } from "@sphereon/ssi-types";
1578
1298
  import { DcqlPresentation, DcqlQuery } from "dcql";
1579
1299
 
1580
1300
  // src/utils/dcql.ts
1581
- import { CredentialMapper as CredentialMapper3 } from "@sphereon/ssi-types";
1301
+ import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
1302
+ import { Dcql } from "@sphereon/did-auth-siop";
1582
1303
 
1583
1304
  // src/utils/CredentialUtils.ts
1584
- import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
1585
- var getOriginalVerifiableCredential = /* @__PURE__ */ __name((credential) => {
1586
- if (isUniqueDigitalCredential(credential)) {
1587
- if (!credential.originalVerifiableCredential) {
1588
- throw new Error("originalVerifiableCredential is not defined in UniqueDigitalCredential");
1589
- }
1590
- return getCredentialFromProofOrWrapped(credential.originalVerifiableCredential);
1591
- }
1592
- return getCredentialFromProofOrWrapped(credential);
1593
- }, "getOriginalVerifiableCredential");
1594
- var getCredentialFromProofOrWrapped = /* @__PURE__ */ __name((cred, hasher) => {
1595
- if (typeof cred === "object" && "proof" in cred && "jwt" in cred.proof && CredentialMapper2.isSdJwtEncoded(cred.proof.jwt)) {
1596
- return cred.proof.jwt;
1597
- }
1598
- return CredentialMapper2.toWrappedVerifiableCredential(cred, {
1599
- hasher
1600
- }).original;
1601
- }, "getCredentialFromProofOrWrapped");
1305
+ import { CredentialMapper } from "@sphereon/ssi-types";
1602
1306
  var isUniqueDigitalCredential = /* @__PURE__ */ __name((credential) => {
1603
1307
  return credential.digitalCredential !== void 0;
1604
1308
  }, "isUniqueDigitalCredential");
1605
1309
 
1606
1310
  // src/utils/dcql.ts
1607
1311
  function convertToDcqlCredentials(credential, hasher) {
1608
- let payload;
1312
+ let originalVerifiableCredential;
1609
1313
  if (isUniqueDigitalCredential(credential)) {
1610
1314
  if (!credential.originalVerifiableCredential) {
1611
1315
  throw new Error("originalVerifiableCredential is not defined in UniqueDigitalCredential");
1612
1316
  }
1613
- payload = CredentialMapper3.decodeVerifiableCredential(credential.originalVerifiableCredential, hasher);
1317
+ originalVerifiableCredential = CredentialMapper2.decodeVerifiableCredential(credential.originalVerifiableCredential, hasher);
1614
1318
  } else {
1615
- payload = CredentialMapper3.decodeVerifiableCredential(credential, hasher);
1319
+ originalVerifiableCredential = CredentialMapper2.decodeVerifiableCredential(credential, hasher);
1616
1320
  }
1617
- if (!payload) {
1321
+ if (!originalVerifiableCredential) {
1618
1322
  throw new Error("No payload found");
1619
1323
  }
1620
- if ("decodedPayload" in payload && payload.decodedPayload) {
1621
- payload = payload.decodedPayload;
1622
- }
1623
- if ("vct" in payload) {
1624
- return {
1625
- vct: payload.vct,
1626
- claims: payload,
1627
- credential_format: "vc+sd-jwt"
1628
- };
1629
- } else if ("docType" in payload && "namespaces" in payload) {
1630
- return {
1631
- docType: payload.docType,
1632
- namespaces: payload.namespaces,
1633
- claims: payload
1634
- };
1635
- } else {
1636
- return {
1637
- claims: payload,
1638
- credential_format: "jwt_vc_json"
1639
- };
1324
+ if (CredentialMapper2.isJwtDecodedCredential(originalVerifiableCredential)) {
1325
+ return Dcql.toDcqlJwtCredential(CredentialMapper2.toWrappedVerifiableCredential(originalVerifiableCredential));
1326
+ } else if (CredentialMapper2.isSdJwtDecodedCredential(originalVerifiableCredential)) {
1327
+ return Dcql.toDcqlSdJwtCredential(CredentialMapper2.toWrappedVerifiableCredential(originalVerifiableCredential));
1328
+ } else if (CredentialMapper2.isMsoMdocDecodedCredential(originalVerifiableCredential)) {
1329
+ return Dcql.toDcqlMdocCredential(CredentialMapper2.toWrappedVerifiableCredential(originalVerifiableCredential));
1330
+ } else if (CredentialMapper2.isW3cCredential(originalVerifiableCredential)) {
1331
+ return Dcql.toDcqlJsonLdCredential(CredentialMapper2.toWrappedVerifiableCredential(originalVerifiableCredential));
1640
1332
  }
1333
+ throw Error(`Unable to map credential to DCQL credential. Credential: ${JSON.stringify(originalVerifiableCredential)}`);
1641
1334
  }
1642
1335
  __name(convertToDcqlCredentials, "convertToDcqlCredentials");
1643
1336
 
1644
1337
  // src/services/Siopv2MachineService.ts
1338
+ var CLOCK_SKEW = 120;
1645
1339
  var logger3 = Loggers3.DEFAULT.get(LOGGER_NAMESPACE);
1646
- var createEbsiIdentifier = /* @__PURE__ */ __name(async (agentContext) => {
1647
- logger3.log(`No EBSI key present yet. Creating a new one...`);
1648
- const { result: newIdentifier, created } = await getOrCreatePrimaryIdentifier(agentContext, {
1649
- method: SupportedDidMethodEnum.DID_KEY,
1650
- createOpts: {
1651
- options: {
1652
- codecName: "jwk_jcs-pub",
1653
- type: "Secp256r1"
1654
- }
1655
- }
1656
- });
1657
- logger3.log(`EBSI key created: ${newIdentifier.did}`);
1658
- if (created) {
1659
- await agentContext.agent.emit(Siopv2HolderEvent.IDENTIFIER_CREATED, {
1660
- result: newIdentifier
1661
- });
1662
- }
1663
- return await agentContext.agent.identifierManagedGetByDid({
1664
- identifier: newIdentifier.did
1665
- });
1666
- }, "createEbsiIdentifier");
1667
- var hasEbsiClient = /* @__PURE__ */ __name(async (authorizationRequest) => {
1668
- const clientId = await authorizationRequest.getMergedProperty("client_id");
1669
- const redirectUri = await authorizationRequest.getMergedProperty("redirect_uri");
1670
- return clientId?.toLowerCase().includes(".ebsi.eu") || redirectUri?.toLowerCase().includes(".ebsi.eu");
1671
- }, "hasEbsiClient");
1672
1340
  var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType, args, context) => {
1673
1341
  const { agent } = context;
1674
- const agentContext = {
1675
- ...context,
1676
- agent: context.agent
1677
- };
1678
- let { idOpts: idOpts2, isFirstParty, hasher = defaultHasher2 } = args;
1342
+ const { credentials } = args;
1679
1343
  if (connectionType !== ConnectionType.SIOPv2_OpenID4VP) {
1680
1344
  return Promise.reject(Error(`No supported authentication provider for type: ${connectionType}`));
1681
1345
  }
@@ -1683,252 +1347,163 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
1683
1347
  sessionId: args.sessionId
1684
1348
  });
1685
1349
  const request = await session.getAuthorizationRequest();
1686
- const aud = await request.authorizationRequest.getMergedProperty("aud");
1350
+ const aud = request.authorizationRequest.getMergedProperty("aud");
1687
1351
  logger3.debug(`AUD: ${aud}`);
1688
1352
  logger3.debug(JSON.stringify(request.authorizationRequest));
1689
- let presentationsAndDefs;
1690
- let presentationSubmission;
1691
- if (await session.hasPresentationDefinitions()) {
1692
- const oid4vp = await session.getOID4VP({
1693
- hasher
1694
- });
1695
- const credentialsAndDefinitions = args.verifiableCredentialsWithDefinition ? args.verifiableCredentialsWithDefinition : await oid4vp.filterCredentialsAgainstAllDefinitions(CredentialRole.HOLDER);
1696
- const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ?? (request.versions.includes(SupportedVersion2.JWT_VC_PRESENTATION_PROFILE_v1) ? "https://self-issued.me/v2/openid-vc" : "https://self-issued.me/v2");
1697
- logger3.log(`NONCE: ${session.nonce}, domain: ${domain}`);
1698
- const firstUniqueDC = credentialsAndDefinitions[0].credentials[0];
1699
- if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
1700
- return Promise.reject(Error("SiopMachine only supports UniqueDigitalCredentials for now"));
1701
- }
1702
- let identifier;
1703
- const digitalCredential = firstUniqueDC.digitalCredential;
1704
- const firstVC = firstUniqueDC.uniformVerifiableCredential;
1705
- const holder = CredentialMapper4.isSdJwtDecodedCredential(firstVC) ? firstVC.decodedPayload.cnf?.jwk ? (
1706
- //doesn't apply to did:jwk only, as you can represent any DID key as a JWK. So whenever you encounter a JWK it doesn't mean it had to come from a did:jwk in the system. It just can always be represented as a did:jwk
1707
- `did:jwk:${encodeJoseBlob(firstVC.decodedPayload.cnf?.jwk)}#0`
1708
- ) : firstVC.decodedPayload.sub : Array.isArray(firstVC.credentialSubject) ? firstVC.credentialSubject[0].id : firstVC.credentialSubject.id;
1709
- if (!digitalCredential.kmsKeyRef) {
1710
- if (!holder) {
1711
- return Promise.reject(`No holder found and no kmsKeyRef in DB. Cannot determine identifier to use`);
1712
- }
1713
- try {
1714
- identifier = await session.context.agent.identifierManagedGet({
1715
- identifier: holder
1716
- });
1717
- } catch (e) {
1718
- logger3.debug(`Holder DID not found: ${holder}`);
1719
- throw e;
1720
- }
1721
- } else if (isOID4VCIssuerIdentifier2(digitalCredential.kmsKeyRef)) {
1722
- identifier = await session.context.agent.identifierManagedGetByOID4VCIssuer({
1723
- identifier: firstUniqueDC.digitalCredential.kmsKeyRef
1353
+ const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ?? "https://self-issued.me/v2";
1354
+ logger3.debug(`NONCE: ${session.nonce}, domain: ${domain}`);
1355
+ const firstUniqueDC = credentials[0];
1356
+ if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
1357
+ return Promise.reject(Error("SiopMachine only supports UniqueDigitalCredentials for now"));
1358
+ }
1359
+ let identifier;
1360
+ const digitalCredential = firstUniqueDC.digitalCredential;
1361
+ const firstVC = firstUniqueDC.uniformVerifiableCredential;
1362
+ const holder = CredentialMapper3.isSdJwtDecodedCredential(firstVC) ? firstVC.decodedPayload.cnf?.jwk ? (
1363
+ //doesn't apply to did:jwk only, as you can represent any DID key as a JWK. So whenever you encounter a JWK it doesn't mean it had to come from a did:jwk in the system. It just can always be represented as a did:jwk
1364
+ `did:jwk:${encodeJoseBlob(firstVC.decodedPayload.cnf?.jwk)}#0`
1365
+ ) : firstVC.decodedPayload.sub : Array.isArray(firstVC.credentialSubject) ? firstVC.credentialSubject[0].id : firstVC.credentialSubject.id;
1366
+ if (!digitalCredential.kmsKeyRef) {
1367
+ if (!holder) {
1368
+ return Promise.reject(`No holder found and no kmsKeyRef in DB. Cannot determine identifier to use`);
1369
+ }
1370
+ try {
1371
+ identifier = await session.context.agent.identifierManagedGet({
1372
+ identifier: holder
1724
1373
  });
1725
- } else {
1726
- switch (digitalCredential.subjectCorrelationType) {
1727
- case "DID":
1728
- identifier = await session.context.agent.identifierManagedGetByDid({
1729
- identifier: digitalCredential.subjectCorrelationId ?? holder,
1730
- kmsKeyRef: digitalCredential.kmsKeyRef
1731
- });
1732
- break;
1733
- // TODO other implementations?
1734
- default:
1735
- if (digitalCredential.subjectCorrelationId?.startsWith("did:") || holder?.startsWith("did:")) {
1736
- identifier = await session.context.agent.identifierManagedGetByDid({
1737
- identifier: digitalCredential.subjectCorrelationId ?? holder,
1738
- kmsKeyRef: digitalCredential.kmsKeyRef
1739
- });
1740
- } else {
1741
- identifier = await session.context.agent.identifierManagedGetByKid({
1742
- identifier: digitalCredential.subjectCorrelationId ?? holder ?? digitalCredential.kmsKeyRef,
1743
- kmsKeyRef: digitalCredential.kmsKeyRef
1744
- });
1745
- }
1746
- }
1747
- }
1748
- if (identifier === void 0 && idOpts2 !== void 0 && await hasEbsiClient(request.authorizationRequest)) {
1749
- identifier = await createEbsiIdentifier(agentContext);
1750
- }
1751
- logger3.debug(`Identifier`, identifier);
1752
- presentationsAndDefs = await oid4vp.createVerifiablePresentations(CredentialRole.HOLDER, credentialsAndDefinitions, {
1753
- idOpts: identifier,
1754
- proofOpts: {
1755
- nonce: session.nonce,
1756
- domain
1757
- }
1758
- });
1759
- if (!presentationsAndDefs || presentationsAndDefs.length === 0) {
1760
- throw Error("No verifiable presentations could be created");
1761
- } else if (presentationsAndDefs.length > 1) {
1762
- throw Error(`Only one verifiable presentation supported for now. Got ${presentationsAndDefs.length}`);
1374
+ } catch (e) {
1375
+ logger3.debug(`Holder DID not found: ${holder}`);
1376
+ throw e;
1763
1377
  }
1764
- idOpts2 = presentationsAndDefs[0].idOpts;
1765
- presentationSubmission = presentationsAndDefs[0].presentationSubmission;
1766
- logger3.log(`Definitions and locations:`, JSON.stringify(presentationsAndDefs?.[0]?.verifiablePresentations, null, 2));
1767
- logger3.log(`Presentation Submission:`, JSON.stringify(presentationSubmission, null, 2));
1768
- const mergedVerifiablePresentations = presentationsAndDefs?.flatMap((pd) => pd.verifiablePresentations) || [];
1769
- return await session.sendAuthorizationResponse({
1770
- ...presentationsAndDefs && {
1771
- verifiablePresentations: mergedVerifiablePresentations
1772
- },
1773
- ...presentationSubmission && {
1774
- presentationSubmission
1775
- },
1776
- // todo: Change issuer value in case we do not use identifier. Use key.meta.jwkThumbprint then
1777
- responseSignerOpts: idOpts2,
1778
- isFirstParty
1378
+ } else if (isOID4VCIssuerIdentifier(digitalCredential.kmsKeyRef)) {
1379
+ identifier = await session.context.agent.identifierManagedGetByOID4VCIssuer({
1380
+ identifier: firstUniqueDC.digitalCredential.kmsKeyRef
1779
1381
  });
1780
- } else if (request.dcqlQuery) {
1781
- if (args.verifiableCredentialsWithDefinition !== void 0 && args.verifiableCredentialsWithDefinition !== null) {
1782
- const vcs = args.verifiableCredentialsWithDefinition.flatMap((vcd) => vcd.credentials);
1783
- const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ?? (request.versions.includes(SupportedVersion2.JWT_VC_PRESENTATION_PROFILE_v1) ? "https://self-issued.me/v2/openid-vc" : "https://self-issued.me/v2");
1784
- logger3.debug(`NONCE: ${session.nonce}, domain: ${domain}`);
1785
- const firstUniqueDC = vcs[0];
1786
- if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
1787
- return Promise.reject(Error("SiopMachine only supports UniqueDigitalCredentials for now"));
1788
- }
1789
- let identifier;
1790
- const digitalCredential = firstUniqueDC.digitalCredential;
1791
- const firstVC = firstUniqueDC.uniformVerifiableCredential;
1792
- const holder = CredentialMapper4.isSdJwtDecodedCredential(firstVC) ? firstVC.decodedPayload.cnf?.jwk ? (
1793
- //doesn't apply to did:jwk only, as you can represent any DID key as a JWK. So whenever you encounter a JWK it doesn't mean it had to come from a did:jwk in the system. It just can always be represented as a did:jwk
1794
- `did:jwk:${encodeJoseBlob(firstVC.decodedPayload.cnf?.jwk)}#0`
1795
- ) : firstVC.decodedPayload.sub : Array.isArray(firstVC.credentialSubject) ? firstVC.credentialSubject[0].id : firstVC.credentialSubject.id;
1796
- if (!digitalCredential.kmsKeyRef) {
1797
- if (!holder) {
1798
- return Promise.reject(`No holder found and no kmsKeyRef in DB. Cannot determine identifier to use`);
1799
- }
1800
- try {
1801
- identifier = await session.context.agent.identifierManagedGet({
1802
- identifier: holder
1803
- });
1804
- } catch (e) {
1805
- logger3.debug(`Holder DID not found: ${holder}`);
1806
- throw e;
1807
- }
1808
- } else if (isOID4VCIssuerIdentifier2(digitalCredential.kmsKeyRef)) {
1809
- identifier = await session.context.agent.identifierManagedGetByOID4VCIssuer({
1810
- identifier: firstUniqueDC.digitalCredential.kmsKeyRef
1382
+ } else {
1383
+ switch (digitalCredential.subjectCorrelationType) {
1384
+ case "DID":
1385
+ identifier = await session.context.agent.identifierManagedGetByDid({
1386
+ identifier: digitalCredential.subjectCorrelationId ?? holder,
1387
+ kmsKeyRef: digitalCredential.kmsKeyRef
1811
1388
  });
1812
- } else {
1813
- switch (digitalCredential.subjectCorrelationType) {
1814
- case "DID":
1815
- identifier = await session.context.agent.identifierManagedGetByDid({
1816
- identifier: digitalCredential.subjectCorrelationId ?? holder,
1817
- kmsKeyRef: digitalCredential.kmsKeyRef
1818
- });
1819
- break;
1820
- // TODO other implementations?
1821
- default:
1822
- identifier = await session.context.agent.identifierManagedGetByKid({
1823
- identifier: digitalCredential.subjectCorrelationId ?? holder ?? digitalCredential.kmsKeyRef,
1824
- kmsKeyRef: digitalCredential.kmsKeyRef
1825
- });
1826
- }
1827
- }
1828
- console.log(`Identifier`, identifier);
1829
- const dcqlRepresentations = [];
1830
- vcs.forEach((vc) => {
1831
- const rep = convertToDcqlCredentials(vc, args.hasher);
1832
- if (rep) {
1833
- dcqlRepresentations.push(rep);
1834
- }
1835
- });
1836
- const queryResult = DcqlQuery.query(request.dcqlQuery, dcqlRepresentations);
1837
- const presentation = {};
1838
- for (const [key, value] of Object.entries(queryResult.credential_matches)) {
1839
- const allMatches = Array.isArray(value) ? value : [
1840
- value
1841
- ];
1842
- allMatches.forEach((match) => {
1843
- if (match.success) {
1844
- const originalCredential = getOriginalVerifiableCredential(vcs[match.input_credential_index]);
1845
- if (!originalCredential) {
1846
- throw new Error(`Index ${match.input_credential_index} out of range in credentials array`);
1847
- }
1848
- presentation[key] = originalCredential["compactSdJwtVc"] !== void 0 ? originalCredential.compactSdJwtVc : originalCredential;
1849
- }
1389
+ break;
1390
+ // TODO other implementations?
1391
+ default:
1392
+ identifier = await session.context.agent.identifierManagedGetByKid({
1393
+ identifier: digitalCredential.subjectCorrelationId ?? holder ?? digitalCredential.kmsKeyRef,
1394
+ kmsKeyRef: digitalCredential.kmsKeyRef
1850
1395
  });
1396
+ }
1397
+ }
1398
+ const dcqlCredentialsWithCredentials = new Map(credentials.map((vc) => [
1399
+ convertToDcqlCredentials(vc),
1400
+ vc
1401
+ ]));
1402
+ const queryResult = DcqlQuery.query(request.dcqlQuery, Array.from(dcqlCredentialsWithCredentials.keys()));
1403
+ if (!queryResult.can_be_satisfied) {
1404
+ return Promise.reject(Error("Credentials do not match required query request"));
1405
+ }
1406
+ const presentation = {};
1407
+ const uniqueCredentials = Array.from(dcqlCredentialsWithCredentials.values());
1408
+ for (const [key, value] of Object.entries(queryResult.credential_matches)) {
1409
+ if (value.success) {
1410
+ const matchedCredentials = value.valid_credentials.map((cred) => uniqueCredentials[cred.input_credential_index]);
1411
+ const vc = matchedCredentials[0];
1412
+ if (!vc) {
1413
+ continue;
1414
+ }
1415
+ const originalVc = retrieveEncodedCredential(vc);
1416
+ if (!originalVc) {
1417
+ continue;
1851
1418
  }
1852
- const response = session.sendAuthorizationResponse({
1853
- responseSignerOpts: identifier,
1854
- ...{
1855
- dcqlQuery: {
1856
- dcqlPresentation: DcqlPresentation.parse(presentation)
1419
+ const decodedSdJwt = await CredentialMapper3.decodeSdJwtVcAsync(originalVc, defaultGenerateDigest);
1420
+ const updatedSdJwt = updateSdJwtCredential(decodedSdJwt, request.requestObject?.getPayload()?.nonce, domain);
1421
+ const presentationResult = await context.agent.createSdJwtPresentation({
1422
+ presentation: updatedSdJwt.compactSdJwtVc,
1423
+ kb: {
1424
+ payload: {
1425
+ ...updatedSdJwt.kbJwt?.payload,
1426
+ // FIXME SSISDK-44
1427
+ nonce: updatedSdJwt.kbJwt?.payload.nonce ?? request.requestObject.getPayload().nonce,
1428
+ // FIXME SSISDK-44
1429
+ aud: updatedSdJwt.kbJwt?.payload.aud ?? domain,
1430
+ iat: updatedSdJwt.kbJwt?.payload?.iat ?? Math.floor(Date.now() / 1e3 - CLOCK_SKEW)
1857
1431
  }
1858
1432
  }
1859
1433
  });
1860
- logger3.debug(`Response: `, response);
1861
- return response;
1434
+ if (originalVc) {
1435
+ presentation[key] = presentationResult.presentation;
1436
+ }
1862
1437
  }
1863
1438
  }
1864
- throw Error("Presentation Definition or DCQL is required");
1439
+ const dcqlPresentation = DcqlPresentation.parse(presentation);
1440
+ const response = session.sendAuthorizationResponse({
1441
+ responseSignerOpts: identifier,
1442
+ dcqlResponse: {
1443
+ dcqlPresentation
1444
+ }
1445
+ });
1446
+ logger3.debug(`Response: `, response);
1447
+ return response;
1865
1448
  }, "siopSendAuthorizationResponse");
1866
- function buildPartialPD(inputDescriptor, presentationDefinition) {
1867
- return {
1868
- ...presentationDefinition,
1869
- input_descriptors: [
1870
- inputDescriptor
1871
- ]
1872
- };
1873
- }
1874
- __name(buildPartialPD, "buildPartialPD");
1875
- var getSelectableCredentials = /* @__PURE__ */ __name(async (presentationDefinition, context) => {
1449
+ var retrieveEncodedCredential = /* @__PURE__ */ __name((credential) => {
1450
+ return credential.originalVerifiableCredential !== void 0 && credential.originalVerifiableCredential !== null && credential?.originalVerifiableCredential?.compactSdJwtVc !== void 0 && credential?.originalVerifiableCredential?.compactSdJwtVc !== null ? credential.originalVerifiableCredential.compactSdJwtVc : credential.originalVerifiableCredential;
1451
+ }, "retrieveEncodedCredential");
1452
+ var getSelectableCredentials = /* @__PURE__ */ __name(async (dcqlQuery, context) => {
1876
1453
  const agentContext = {
1877
1454
  ...context,
1878
1455
  agent: context.agent
1879
1456
  };
1880
1457
  const { agent } = agentContext;
1881
- const pex = new PEX2();
1882
1458
  const uniqueVerifiableCredentials = await agent.crsGetUniqueCredentials({
1883
- filter: verifiableCredentialForRoleFilter2(CredentialRole.HOLDER)
1459
+ filter: verifiableCredentialForRoleFilter(CredentialRole.HOLDER)
1884
1460
  });
1885
- const credentialBranding = await agent.ibGetCredentialBranding();
1461
+ const branding = await agent.ibGetCredentialBranding();
1462
+ const dcqlCredentialsWithCredentials = new Map(uniqueVerifiableCredentials.map((vc) => [
1463
+ convertToDcqlCredentials(vc),
1464
+ vc
1465
+ ]));
1466
+ const queryResult = DcqlQuery.query(dcqlQuery, Array.from(dcqlCredentialsWithCredentials.keys()));
1467
+ const uniqueCredentials = Array.from(dcqlCredentialsWithCredentials.values());
1886
1468
  const selectableCredentialsMap = /* @__PURE__ */ new Map();
1887
- for (const inputDescriptor of presentationDefinition.input_descriptors) {
1888
- const partialPD = buildPartialPD(inputDescriptor, presentationDefinition);
1889
- const originalCredentials = uniqueVerifiableCredentials.map((uniqueVC) => {
1890
- return CredentialMapper4.storedCredentialToOriginalFormat(uniqueVC.originalVerifiableCredential);
1891
- });
1892
- const selectionResults = pex.selectFrom(partialPD, originalCredentials);
1893
- const selectableCredentials = [];
1894
- for (const selectedCredential of selectionResults.verifiableCredential || []) {
1895
- const filteredUniqueVC = uniqueVerifiableCredentials.find((uniqueVC) => {
1896
- const proof = uniqueVC.uniformVerifiableCredential.proof;
1897
- return Array.isArray(proof) ? proof.some((proofItem) => proofItem.jwt === selectedCredential) : proof.jwt === selectedCredential;
1898
- });
1899
- if (filteredUniqueVC) {
1900
- const filteredCredentialBrandings = credentialBranding.filter((cb) => cb.vcHash === filteredUniqueVC.hash);
1901
- const issuerPartyIdentity = await agent.cmGetContacts({
1902
- filter: [
1903
- {
1904
- identities: {
1905
- identifier: {
1906
- correlationId: filteredUniqueVC.uniformVerifiableCredential.issuerDid
1907
- }
1469
+ for (const [key, value] of Object.entries(queryResult.credential_matches)) {
1470
+ if (!value.valid_credentials) {
1471
+ continue;
1472
+ }
1473
+ const mapSelectableCredentialPromises = value.valid_credentials.map(async (cred) => {
1474
+ const matchedCredential = uniqueCredentials[cred.input_credential_index];
1475
+ const credentialBranding = branding.filter((cb) => cb.vcHash === matchedCredential.hash);
1476
+ const issuerPartyIdentity = await agent.cmGetContacts({
1477
+ filter: [
1478
+ {
1479
+ identities: {
1480
+ identifier: {
1481
+ correlationId: matchedCredential.uniformVerifiableCredential.issuerDid
1908
1482
  }
1909
1483
  }
1910
- ]
1911
- });
1912
- const subjectPartyIdentity = await agent.cmGetContacts({
1913
- filter: [
1914
- {
1915
- identities: {
1916
- identifier: {
1917
- correlationId: filteredUniqueVC.uniformVerifiableCredential.subjectDid
1918
- }
1484
+ }
1485
+ ]
1486
+ });
1487
+ const subjectPartyIdentity = await agent.cmGetContacts({
1488
+ filter: [
1489
+ {
1490
+ identities: {
1491
+ identifier: {
1492
+ correlationId: matchedCredential.uniformVerifiableCredential.subjectDid
1919
1493
  }
1920
1494
  }
1921
- ]
1922
- });
1923
- selectableCredentials.push({
1924
- credential: filteredUniqueVC,
1925
- credentialBranding: filteredCredentialBrandings[0]?.localeBranding,
1926
- issuerParty: issuerPartyIdentity?.[0],
1927
- subjectParty: subjectPartyIdentity?.[0]
1928
- });
1929
- }
1930
- }
1931
- selectableCredentialsMap.set(inputDescriptor.id, selectableCredentials);
1495
+ }
1496
+ ]
1497
+ });
1498
+ return {
1499
+ credential: matchedCredential,
1500
+ credentialBranding: credentialBranding[0]?.localeBranding,
1501
+ issuerParty: issuerPartyIdentity?.[0],
1502
+ subjectParty: subjectPartyIdentity?.[0]
1503
+ };
1504
+ });
1505
+ const selectableCredentials = await Promise.all(mapSelectableCredentialPromises);
1506
+ selectableCredentialsMap.set(key, selectableCredentials);
1932
1507
  }
1933
1508
  return selectableCredentialsMap;
1934
1509
  }, "getSelectableCredentials");
@@ -1950,6 +1525,31 @@ var translateCorrelationIdToName = /* @__PURE__ */ __name(async (correlationId,
1950
1525
  }
1951
1526
  return contacts[0].contact.displayName;
1952
1527
  }, "translateCorrelationIdToName");
1528
+ var updateSdJwtCredential = /* @__PURE__ */ __name((credential, nonce, aud) => {
1529
+ const sdJwtCredential = credential;
1530
+ const hashAlg = sdJwtCredential.signedPayload._sd_alg ?? "sha-256";
1531
+ const sdHash = calculateSdHash(sdJwtCredential.compactSdJwtVc, hashAlg, defaultGenerateDigest);
1532
+ const kbJwt = {
1533
+ // alg MUST be set by the signer
1534
+ header: {
1535
+ typ: "kb+jwt"
1536
+ },
1537
+ payload: {
1538
+ iat: Math.floor((/* @__PURE__ */ new Date()).getTime() / 1e3),
1539
+ sd_hash: sdHash,
1540
+ ...nonce && {
1541
+ nonce
1542
+ },
1543
+ ...aud && {
1544
+ aud
1545
+ }
1546
+ }
1547
+ };
1548
+ return {
1549
+ ...sdJwtCredential,
1550
+ kbJwt
1551
+ };
1552
+ }, "updateSdJwtCredential");
1953
1553
 
1954
1554
  // src/agent/DidAuthSiopOpAuthenticator.ts
1955
1555
  var logger4 = Loggers4.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
@@ -1969,7 +1569,7 @@ var DidAuthSiopOpAuthenticator = class {
1969
1569
  static {
1970
1570
  __name(this, "DidAuthSiopOpAuthenticator");
1971
1571
  }
1972
- schema = schema.IDidAuthSiopOpAuthenticator;
1572
+ schema = plugin_schema_default.IDidAuthSiopOpAuthenticator;
1973
1573
  methods = {
1974
1574
  siopGetOPSession: this.siopGetOPSession.bind(this),
1975
1575
  siopRegisterOPSession: this.siopRegisterOPSession.bind(this),
@@ -2110,9 +1710,9 @@ var DidAuthSiopOpAuthenticator = class {
2110
1710
  const verifiedAuthorizationRequest = await session.getAuthorizationRequest();
2111
1711
  const clientName = verifiedAuthorizationRequest.registrationMetadataPayload?.client_name;
2112
1712
  const url = verifiedAuthorizationRequest.responseURI ?? (args.url.includes("request_uri") ? decodeURIComponent(args.url.split("?request_uri=")[1].trim()) : verifiedAuthorizationRequest.issuer ?? verifiedAuthorizationRequest.registrationMetadataPayload?.client_id);
2113
- const uri = url.includes("://") ? new URL(url) : void 0;
1713
+ const uri = url?.includes("://") ? new URL(url) : void 0;
2114
1714
  const correlationId = uri?.hostname ?? await this.determineCorrelationId(uri, verifiedAuthorizationRequest, clientName, context);
2115
- const clientId = await verifiedAuthorizationRequest.authorizationRequest.getMergedProperty("client_id");
1715
+ const clientId = verifiedAuthorizationRequest.authorizationRequest.getMergedProperty("client_id");
2116
1716
  return {
2117
1717
  issuer: verifiedAuthorizationRequest.issuer,
2118
1718
  correlationId,
@@ -2120,7 +1720,6 @@ var DidAuthSiopOpAuthenticator = class {
2120
1720
  uri,
2121
1721
  name: clientName,
2122
1722
  clientId,
2123
- presentationDefinitions: await verifiedAuthorizationRequest.authorizationRequest.containsResponseType("vp_token") || verifiedAuthorizationRequest.versions.every((version) => version <= SupportedVersion3.JWT_VC_PRESENTATION_PROFILE_v1) && verifiedAuthorizationRequest.presentationDefinitions && verifiedAuthorizationRequest.presentationDefinitions.length > 0 ? verifiedAuthorizationRequest.presentationDefinitions : void 0,
2124
1723
  dcqlQuery: verifiedAuthorizationRequest.dcqlQuery
2125
1724
  };
2126
1725
  }
@@ -2197,75 +1796,14 @@ var DidAuthSiopOpAuthenticator = class {
2197
1796
  if (authorizationRequestData === void 0) {
2198
1797
  return Promise.reject(Error("Missing authorization request data in context"));
2199
1798
  }
2200
- const pex = new PEX3({
2201
- hasher: this.hasher
2202
- });
2203
- const verifiableCredentialsWithDefinition = [];
2204
- const dcqlCredentialsWithCredentials = /* @__PURE__ */ new Map();
2205
- if (Array.isArray(authorizationRequestData.presentationDefinitions) && authorizationRequestData?.presentationDefinitions.length > 0) {
2206
- try {
2207
- authorizationRequestData.presentationDefinitions?.forEach((presentationDefinition) => {
2208
- const { areRequiredCredentialsPresent, verifiableCredential: verifiableCredentials } = pex.selectFrom(presentationDefinition.definition, selectedCredentials.map((udc) => udc.originalVerifiableCredential));
2209
- if (areRequiredCredentialsPresent !== Status2.ERROR && verifiableCredentials) {
2210
- let uniqueDigitalCredentials = [];
2211
- uniqueDigitalCredentials = verifiableCredentials.map((vc) => {
2212
- const hash = typeof vc === "string" ? computeEntryHash(vc.split("~"[0])) : computeEntryHash(vc);
2213
- const udc = selectedCredentials.find((udc2) => udc2.hash == hash || udc2.originalVerifiableCredential == vc);
2214
- if (!udc) {
2215
- throw Error(`UniqueDigitalCredential could not be found in store. Either the credential is not present in the store or the hash is not correct.`);
2216
- }
2217
- return udc;
2218
- });
2219
- verifiableCredentialsWithDefinition.push({
2220
- definition: presentationDefinition,
2221
- credentials: uniqueDigitalCredentials
2222
- });
2223
- }
2224
- });
2225
- } catch (e) {
2226
- return Promise.reject(e);
2227
- }
2228
- if (verifiableCredentialsWithDefinition.length === 0) {
2229
- return Promise.reject(Error("None of the selected credentials match any of the presentation definitions."));
2230
- }
2231
- } else if (authorizationRequestData.dcqlQuery) {
2232
- if (this.hasMDocCredentials(selectedCredentials) || this.hasSdJwtCredentials(selectedCredentials)) {
2233
- try {
2234
- selectedCredentials.forEach((vc) => {
2235
- if (this.isSdJwtCredential(vc)) {
2236
- const payload = vc.originalVerifiableCredential.decodedPayload;
2237
- const result = {
2238
- claims: payload,
2239
- vct: payload.vct,
2240
- credential_format: "vc+sd-jwt"
2241
- };
2242
- dcqlCredentialsWithCredentials.set(result, vc);
2243
- } else {
2244
- throw Error(`Invalid credential format: ${vc.digitalCredential.documentFormat}`);
2245
- }
2246
- });
2247
- } catch (e) {
2248
- return Promise.reject(e);
2249
- }
2250
- const dcqlPresentationRecord = {};
2251
- const queryResult = DcqlQuery2.query(authorizationRequestData.dcqlQuery, Array.from(dcqlCredentialsWithCredentials.keys()));
2252
- for (const [key, value] of Object.entries(queryResult.credential_matches)) {
2253
- if (value.success) {
2254
- dcqlPresentationRecord[key] = this.retrieveEncodedCredential(dcqlCredentialsWithCredentials.get(value.output));
2255
- }
2256
- }
2257
- }
2258
- }
2259
1799
  const response = await siopSendAuthorizationResponse(ConnectionType2.SIOPv2_OpenID4VP, {
2260
1800
  sessionId: didAuthConfig.sessionId,
2261
1801
  ...args.idOpts && {
2262
1802
  idOpts: args.idOpts
2263
1803
  },
2264
- ...authorizationRequestData.presentationDefinitions !== void 0 && {
2265
- verifiableCredentialsWithDefinition
2266
- },
2267
1804
  isFirstParty,
2268
- hasher: this.hasher
1805
+ hasher: this.hasher,
1806
+ credentials: selectedCredentials
2269
1807
  }, context);
2270
1808
  const contentType = response.headers.get("content-type") || "";
2271
1809
  let responseBody = null;
@@ -2279,30 +1817,12 @@ var DidAuthSiopOpAuthenticator = class {
2279
1817
  queryParams: decodeUriAsJson(response?.url)
2280
1818
  };
2281
1819
  }
2282
- hasMDocCredentials = /* @__PURE__ */ __name((credentials) => {
2283
- return credentials.some(this.isMDocCredential);
2284
- }, "hasMDocCredentials");
2285
- isMDocCredential = /* @__PURE__ */ __name((credential) => {
2286
- return credential.digitalCredential.documentFormat === CredentialDocumentFormat.MSO_MDOC && credential.digitalCredential.documentType === DocumentType.VC;
2287
- }, "isMDocCredential");
2288
- hasSdJwtCredentials = /* @__PURE__ */ __name((credentials) => {
2289
- return credentials.some(this.isSdJwtCredential);
2290
- }, "hasSdJwtCredentials");
2291
- isSdJwtCredential = /* @__PURE__ */ __name((credential) => {
2292
- return credential.digitalCredential.documentFormat === CredentialDocumentFormat.SD_JWT && credential.digitalCredential.documentType === DocumentType.VC;
2293
- }, "isSdJwtCredential");
2294
- retrieveEncodedCredential = /* @__PURE__ */ __name((credential) => {
2295
- return credential.originalVerifiableCredential !== void 0 && credential.originalVerifiableCredential !== null && credential?.originalVerifiableCredential?.compactSdJwtVc !== void 0 && credential?.originalVerifiableCredential?.compactSdJwtVc !== null ? credential.originalVerifiableCredential.compactSdJwtVc : credential.originalVerifiableCredential;
2296
- }, "retrieveEncodedCredential");
2297
1820
  async siopGetSelectableCredentials(args, context) {
2298
1821
  const { authorizationRequestData } = args;
2299
- if (!authorizationRequestData || !authorizationRequestData.presentationDefinitions || authorizationRequestData.presentationDefinitions.length === 0) {
2300
- return Promise.reject(Error("Missing required fields in arguments or context"));
2301
- }
2302
- if (authorizationRequestData.presentationDefinitions.length > 1) {
2303
- return Promise.reject(Error("Multiple presentation definitions present"));
1822
+ if (!authorizationRequestData?.dcqlQuery) {
1823
+ return Promise.reject(Error("Missing required dcql query in context"));
2304
1824
  }
2305
- return getSelectableCredentials(authorizationRequestData.presentationDefinitions[0].definition, context);
1825
+ return getSelectableCredentials(authorizationRequestData?.dcqlQuery, context);
2306
1826
  }
2307
1827
  };
2308
1828
 
@@ -2388,9 +1908,6 @@ var Siopv2OID4VPLinkHandler = class extends LinkHandlerAdapter {
2388
1908
  }
2389
1909
  }
2390
1910
  };
2391
-
2392
- // src/index.ts
2393
- var schema = require_plugin_schema();
2394
1911
  export {
2395
1912
  DEFAULT_JWT_PROOF_TYPE,
2396
1913
  DID_PREFIX,
@@ -2408,14 +1925,14 @@ export {
2408
1925
  Siopv2MachineStates,
2409
1926
  Siopv2OID4VPLinkHandler,
2410
1927
  SupportedLanguage,
1928
+ convertToDcqlCredentials,
2411
1929
  createJwtCallbackWithIdOpts,
2412
1930
  createJwtCallbackWithOpOpts,
2413
1931
  createOID4VPPresentationSignCallback,
2414
1932
  createOP,
2415
1933
  createOPBuilder,
2416
1934
  didAuthSiopOpAuthenticatorMethods,
2417
- events,
2418
1935
  getSigningAlgo,
2419
- schema
1936
+ plugin_schema_default as schema
2420
1937
  };
2421
1938
  //# sourceMappingURL=index.js.map