@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.34.1-next.299 → 0.34.1-next.322
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +261 -201
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +15 -8
- package/dist/index.d.ts +15 -8
- package/dist/index.js +263 -203
- package/dist/index.js.map +1 -1
- package/package.json +22 -22
- package/src/services/Siopv2MachineService.ts +33 -84
- package/src/session/OID4VP.ts +164 -315
- package/src/session/OpSession.ts +4 -20
- package/src/utils/dcql.ts +7 -3
package/dist/index.cjs
CHANGED
|
@@ -67,7 +67,6 @@ __export(index_exports, {
|
|
|
67
67
|
DID_PREFIX: () => DID_PREFIX,
|
|
68
68
|
DidAuthSiopOpAuthenticator: () => DidAuthSiopOpAuthenticator,
|
|
69
69
|
LOGGER_NAMESPACE: () => LOGGER_NAMESPACE,
|
|
70
|
-
OID4VP: () => OID4VP,
|
|
71
70
|
OID4VPCallbackStateListener: () => OID4VPCallbackStateListener,
|
|
72
71
|
OpSession: () => OpSession,
|
|
73
72
|
Siopv2HolderEvent: () => Siopv2HolderEvent,
|
|
@@ -85,6 +84,7 @@ __export(index_exports, {
|
|
|
85
84
|
createOID4VPPresentationSignCallback: () => createOID4VPPresentationSignCallback,
|
|
86
85
|
createOP: () => createOP,
|
|
87
86
|
createOPBuilder: () => createOPBuilder,
|
|
87
|
+
createVerifiablePresentationForFormat: () => createVerifiablePresentationForFormat,
|
|
88
88
|
didAuthSiopOpAuthenticatorMethods: () => didAuthSiopOpAuthenticatorMethods,
|
|
89
89
|
getSigningAlgo: () => getSigningAlgo,
|
|
90
90
|
schema: () => plugin_schema_default
|
|
@@ -580,32 +580,205 @@ function getSigningAlgo(type) {
|
|
|
580
580
|
__name(getSigningAlgo, "getSigningAlgo");
|
|
581
581
|
|
|
582
582
|
// src/session/OID4VP.ts
|
|
583
|
-
var
|
|
584
|
-
|
|
585
|
-
|
|
583
|
+
var import_utils = require("@sphereon/pex/dist/main/lib/utils/index.js");
|
|
584
|
+
var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
|
|
585
|
+
var import_ssi_sdk2 = require("@sphereon/ssi-sdk.sd-jwt");
|
|
586
|
+
var import_ssi_types = require("@sphereon/ssi-types");
|
|
587
|
+
|
|
588
|
+
// src/types/IDidAuthSiopOpAuthenticator.ts
|
|
589
|
+
var LOGGER_NAMESPACE = "sphereon:siopv2-oid4vp:op-auth";
|
|
590
|
+
var DEFAULT_JWT_PROOF_TYPE = "JwtProof2020";
|
|
591
|
+
|
|
592
|
+
// src/types/siop-service/index.ts
|
|
593
|
+
var Siopv2HolderEvent = /* @__PURE__ */ (function(Siopv2HolderEvent2) {
|
|
594
|
+
Siopv2HolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
|
|
595
|
+
Siopv2HolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
|
|
596
|
+
return Siopv2HolderEvent2;
|
|
597
|
+
})({});
|
|
598
|
+
var SupportedLanguage = /* @__PURE__ */ (function(SupportedLanguage2) {
|
|
599
|
+
SupportedLanguage2["ENGLISH"] = "en";
|
|
600
|
+
SupportedLanguage2["DUTCH"] = "nl";
|
|
601
|
+
return SupportedLanguage2;
|
|
602
|
+
})({});
|
|
603
|
+
|
|
604
|
+
// src/types/machine/index.ts
|
|
605
|
+
var Siopv2MachineStates = /* @__PURE__ */ (function(Siopv2MachineStates2) {
|
|
606
|
+
Siopv2MachineStates2["createConfig"] = "createConfig";
|
|
607
|
+
Siopv2MachineStates2["getSiopRequest"] = "getSiopRequest";
|
|
608
|
+
Siopv2MachineStates2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
609
|
+
Siopv2MachineStates2["retrieveContact"] = "retrieveContact";
|
|
610
|
+
Siopv2MachineStates2["transitionFromSetup"] = "transitionFromSetup";
|
|
611
|
+
Siopv2MachineStates2["addContact"] = "addContact";
|
|
612
|
+
Siopv2MachineStates2["addContactIdentity"] = "addContactIdentity";
|
|
613
|
+
Siopv2MachineStates2["selectCredentials"] = "selectCredentials";
|
|
614
|
+
Siopv2MachineStates2["sendResponse"] = "sendResponse";
|
|
615
|
+
Siopv2MachineStates2["handleError"] = "handleError";
|
|
616
|
+
Siopv2MachineStates2["aborted"] = "aborted";
|
|
617
|
+
Siopv2MachineStates2["declined"] = "declined";
|
|
618
|
+
Siopv2MachineStates2["error"] = "error";
|
|
619
|
+
Siopv2MachineStates2["done"] = "done";
|
|
620
|
+
return Siopv2MachineStates2;
|
|
621
|
+
})({});
|
|
622
|
+
var Siopv2MachineAddContactStates = /* @__PURE__ */ (function(Siopv2MachineAddContactStates2) {
|
|
623
|
+
Siopv2MachineAddContactStates2["idle"] = "idle";
|
|
624
|
+
Siopv2MachineAddContactStates2["executing"] = "executing";
|
|
625
|
+
Siopv2MachineAddContactStates2["next"] = "next";
|
|
626
|
+
return Siopv2MachineAddContactStates2;
|
|
627
|
+
})({});
|
|
628
|
+
var Siopv2MachineEvents = /* @__PURE__ */ (function(Siopv2MachineEvents2) {
|
|
629
|
+
Siopv2MachineEvents2["NEXT"] = "NEXT";
|
|
630
|
+
Siopv2MachineEvents2["PREVIOUS"] = "PREVIOUS";
|
|
631
|
+
Siopv2MachineEvents2["DECLINE"] = "DECLINE";
|
|
632
|
+
Siopv2MachineEvents2["SET_CONTACT_ALIAS"] = "SET_CONTACT_ALIAS";
|
|
633
|
+
Siopv2MachineEvents2["SET_CONTACT_CONSENT"] = "SET_CONTACT_CONSENT";
|
|
634
|
+
Siopv2MachineEvents2["CREATE_CONTACT"] = "CREATE_CONTACT";
|
|
635
|
+
Siopv2MachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
|
|
636
|
+
return Siopv2MachineEvents2;
|
|
637
|
+
})({});
|
|
638
|
+
var Siopv2MachineGuards = /* @__PURE__ */ (function(Siopv2MachineGuards2) {
|
|
639
|
+
Siopv2MachineGuards2["hasNoContactGuard"] = "Siopv2HasNoContactGuard";
|
|
640
|
+
Siopv2MachineGuards2["createContactGuard"] = "Siopv2CreateContactGuard";
|
|
641
|
+
Siopv2MachineGuards2["hasContactGuard"] = "Siopv2HasContactGuard";
|
|
642
|
+
Siopv2MachineGuards2["hasAuthorizationRequestGuard"] = "Siopv2HasAuthorizationRequestGuard";
|
|
643
|
+
Siopv2MachineGuards2["hasSelectableCredentialsAndContactGuard"] = "Siopv2HasSelectableCredentialsAndContactGuard";
|
|
644
|
+
Siopv2MachineGuards2["hasSelectedRequiredCredentialsGuard"] = "Siopv2HasSelectedRequiredCredentialsGuard";
|
|
645
|
+
Siopv2MachineGuards2["siopOnlyGuard"] = "Siopv2IsSiopOnlyGuard";
|
|
646
|
+
Siopv2MachineGuards2["siopWithOID4VPGuard"] = "Siopv2IsSiopWithOID4VPGuard";
|
|
647
|
+
return Siopv2MachineGuards2;
|
|
648
|
+
})({});
|
|
649
|
+
var Siopv2MachineServices = /* @__PURE__ */ (function(Siopv2MachineServices2) {
|
|
650
|
+
Siopv2MachineServices2["getSiopRequest"] = "getSiopRequest";
|
|
651
|
+
Siopv2MachineServices2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
652
|
+
Siopv2MachineServices2["retrieveContact"] = "retrieveContact";
|
|
653
|
+
Siopv2MachineServices2["addContactIdentity"] = "addContactIdentity";
|
|
654
|
+
Siopv2MachineServices2["sendResponse"] = "sendResponse";
|
|
655
|
+
Siopv2MachineServices2["createConfig"] = "createConfig";
|
|
656
|
+
return Siopv2MachineServices2;
|
|
657
|
+
})({});
|
|
658
|
+
|
|
659
|
+
// src/types/identifier/index.ts
|
|
660
|
+
var DID_PREFIX = "did";
|
|
661
|
+
|
|
662
|
+
// src/session/OID4VP.ts
|
|
663
|
+
var CLOCK_SKEW = 120;
|
|
664
|
+
var logger = import_ssi_types.Loggers.DEFAULT.get(LOGGER_NAMESPACE);
|
|
665
|
+
function extractOriginalCredential(credential) {
|
|
666
|
+
if (typeof credential === "string") {
|
|
667
|
+
return credential;
|
|
668
|
+
}
|
|
669
|
+
if ("digitalCredential" in credential) {
|
|
670
|
+
const udc = credential;
|
|
671
|
+
if (udc.originalVerifiableCredential) {
|
|
672
|
+
return udc.originalVerifiableCredential;
|
|
673
|
+
}
|
|
674
|
+
return udc.uniformVerifiableCredential;
|
|
586
675
|
}
|
|
587
|
-
|
|
588
|
-
|
|
589
|
-
// private readonly hasher?: HasherSync
|
|
590
|
-
constructor(args) {
|
|
676
|
+
if ("original" in credential) {
|
|
677
|
+
return credential.original;
|
|
591
678
|
}
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
679
|
+
return credential;
|
|
680
|
+
}
|
|
681
|
+
__name(extractOriginalCredential, "extractOriginalCredential");
|
|
682
|
+
function getIdentifierString(identifier) {
|
|
683
|
+
if ("opts" in identifier && "method" in identifier) {
|
|
684
|
+
if ((0, import_ssi_sdk_ext2.isManagedIdentifierDidResult)(identifier)) {
|
|
685
|
+
return identifier.did;
|
|
686
|
+
}
|
|
598
687
|
}
|
|
599
|
-
|
|
688
|
+
return identifier.issuer ?? identifier.kid ?? "";
|
|
689
|
+
}
|
|
690
|
+
__name(getIdentifierString, "getIdentifierString");
|
|
691
|
+
async function createVerifiablePresentationForFormat(credential, identifier, context) {
|
|
692
|
+
const { nonce, audience, agent, clockSkew = CLOCK_SKEW } = context;
|
|
693
|
+
const originalCredential = extractOriginalCredential(credential);
|
|
694
|
+
const documentFormat = import_ssi_types.CredentialMapper.detectDocumentType(originalCredential);
|
|
695
|
+
logger.debug(`Creating VP for format: ${documentFormat}`);
|
|
696
|
+
switch (documentFormat) {
|
|
697
|
+
case import_ssi_types.DocumentFormat.SD_JWT_VC: {
|
|
698
|
+
const decodedSdJwt = await import_ssi_types.CredentialMapper.decodeSdJwtVcAsync(typeof originalCredential === "string" ? originalCredential : originalCredential.compactSdJwtVc, import_ssi_sdk2.defaultGenerateDigest);
|
|
699
|
+
const hashAlg = decodedSdJwt.signedPayload._sd_alg ?? "sha-256";
|
|
700
|
+
const sdHash = (0, import_utils.calculateSdHash)(decodedSdJwt.compactSdJwtVc, hashAlg, import_ssi_sdk2.defaultGenerateDigest);
|
|
701
|
+
const kbJwtPayload = {
|
|
702
|
+
iat: Math.floor(Date.now() / 1e3 - clockSkew),
|
|
703
|
+
sd_hash: sdHash,
|
|
704
|
+
nonce,
|
|
705
|
+
aud: audience
|
|
706
|
+
};
|
|
707
|
+
const presentationResult = await agent.createSdJwtPresentation({
|
|
708
|
+
presentation: decodedSdJwt.compactSdJwtVc,
|
|
709
|
+
kb: {
|
|
710
|
+
payload: kbJwtPayload
|
|
711
|
+
}
|
|
712
|
+
});
|
|
713
|
+
return presentationResult.presentation;
|
|
714
|
+
}
|
|
715
|
+
case import_ssi_types.DocumentFormat.JSONLD: {
|
|
716
|
+
const vcObject = typeof originalCredential === "string" ? JSON.parse(originalCredential) : originalCredential;
|
|
717
|
+
const vpObject = {
|
|
718
|
+
"@context": [
|
|
719
|
+
"https://www.w3.org/2018/credentials/v1"
|
|
720
|
+
],
|
|
721
|
+
type: [
|
|
722
|
+
"VerifiablePresentation"
|
|
723
|
+
],
|
|
724
|
+
verifiableCredential: [
|
|
725
|
+
vcObject
|
|
726
|
+
]
|
|
727
|
+
};
|
|
728
|
+
return await agent.createVerifiablePresentation({
|
|
729
|
+
presentation: vpObject,
|
|
730
|
+
proofFormat: "lds",
|
|
731
|
+
challenge: nonce,
|
|
732
|
+
domain: audience,
|
|
733
|
+
keyRef: identifier.kmsKeyRef || identifier.kid
|
|
734
|
+
});
|
|
735
|
+
}
|
|
736
|
+
case import_ssi_types.DocumentFormat.MSO_MDOC: {
|
|
737
|
+
logger.warning("mso_mdoc format has basic support - production use requires proper mdoc VP token implementation");
|
|
738
|
+
return originalCredential;
|
|
739
|
+
}
|
|
740
|
+
default: {
|
|
741
|
+
const vcJwt = typeof originalCredential === "string" ? originalCredential : JSON.stringify(originalCredential);
|
|
742
|
+
const identifierString = getIdentifierString(identifier);
|
|
743
|
+
const vpPayload = {
|
|
744
|
+
iss: identifierString,
|
|
745
|
+
aud: audience,
|
|
746
|
+
nonce,
|
|
747
|
+
vp: {
|
|
748
|
+
"@context": [
|
|
749
|
+
"https://www.w3.org/2018/credentials/v1"
|
|
750
|
+
],
|
|
751
|
+
type: [
|
|
752
|
+
"VerifiablePresentation"
|
|
753
|
+
],
|
|
754
|
+
holder: identifierString,
|
|
755
|
+
verifiableCredential: [
|
|
756
|
+
vcJwt
|
|
757
|
+
]
|
|
758
|
+
},
|
|
759
|
+
iat: Math.floor(Date.now() / 1e3 - clockSkew),
|
|
760
|
+
exp: Math.floor(Date.now() / 1e3 + 600 + clockSkew)
|
|
761
|
+
};
|
|
762
|
+
const vpJwt = await agent.createVerifiablePresentation({
|
|
763
|
+
presentation: vpPayload.vp,
|
|
764
|
+
proofFormat: "jwt",
|
|
765
|
+
domain: audience,
|
|
766
|
+
challenge: nonce,
|
|
767
|
+
keyRef: identifier.kmsKeyRef || identifier.kid
|
|
768
|
+
});
|
|
769
|
+
return vpJwt.proof?.jwt || vpJwt;
|
|
770
|
+
}
|
|
771
|
+
}
|
|
772
|
+
}
|
|
773
|
+
__name(createVerifiablePresentationForFormat, "createVerifiablePresentationForFormat");
|
|
600
774
|
|
|
601
775
|
// src/session/OpSession.ts
|
|
602
776
|
var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
|
|
603
|
-
var
|
|
604
|
-
var
|
|
605
|
-
var import_ssi_types = require("@sphereon/ssi-types");
|
|
606
|
-
var import_uuid = require("uuid");
|
|
777
|
+
var import_ssi_sdk_ext3 = require("@sphereon/ssi-sdk-ext.did-utils");
|
|
778
|
+
var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
|
|
607
779
|
var import_ssi_types2 = require("@sphereon/ssi-types");
|
|
608
|
-
var
|
|
780
|
+
var import_uuid = require("uuid");
|
|
781
|
+
var logger2 = import_ssi_types2.Loggers.DEFAULT.get("sphereon:oid4vp:OpSession");
|
|
609
782
|
var OpSession = class _OpSession {
|
|
610
783
|
static {
|
|
611
784
|
__name(this, "OpSession");
|
|
@@ -669,14 +842,14 @@ var OpSession = class _OpSession {
|
|
|
669
842
|
didPrefix,
|
|
670
843
|
agentMethods
|
|
671
844
|
});
|
|
672
|
-
|
|
845
|
+
logger2.debug(`RP supports subject syntax types: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
|
|
673
846
|
if (rpMethods.dids.length === 0) {
|
|
674
|
-
|
|
847
|
+
logger2.debug(`RP does not support DIDs. Supported: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
|
|
675
848
|
return [];
|
|
676
849
|
}
|
|
677
850
|
let intersection;
|
|
678
851
|
if (rpMethods.dids.includes("did")) {
|
|
679
|
-
intersection = agentMethods && agentMethods.length > 0 ? agentMethods : (await (0,
|
|
852
|
+
intersection = agentMethods && agentMethods.length > 0 ? agentMethods : (await (0, import_ssi_sdk_ext3.getAgentDIDMethods)(this.context)).map((method) => convertDidMethod(method, didPrefix));
|
|
680
853
|
} else if (!agentMethods || agentMethods.length === 0) {
|
|
681
854
|
intersection = rpMethods.dids?.map((method) => convertDidMethod(method, didPrefix));
|
|
682
855
|
} else {
|
|
@@ -689,7 +862,7 @@ var OpSession = class _OpSession {
|
|
|
689
862
|
}
|
|
690
863
|
getAgentDIDMethodsSupported(opts) {
|
|
691
864
|
const agentMethods = this.options.supportedDIDMethods?.map((method) => convertDidMethod(method, opts.didPrefix));
|
|
692
|
-
|
|
865
|
+
logger2.debug(`agent methods: ${JSON.stringify(agentMethods)}`);
|
|
693
866
|
return agentMethods;
|
|
694
867
|
}
|
|
695
868
|
async getSubjectSyntaxTypesSupported() {
|
|
@@ -700,15 +873,15 @@ var OpSession = class _OpSession {
|
|
|
700
873
|
async getRPDIDMethodsSupported(opts) {
|
|
701
874
|
let keyType;
|
|
702
875
|
const agentMethods = (opts.agentMethods ?? this.getAgentDIDMethodsSupported(opts))?.map((method) => convertDidMethod(method, opts.didPrefix)) ?? [];
|
|
703
|
-
|
|
876
|
+
logger2.debug(`agent methods supported: ${JSON.stringify(agentMethods)}`);
|
|
704
877
|
const authReq = await this.getAuthorizationRequest();
|
|
705
878
|
const subjectSyntaxTypesSupported = authReq.registrationMetadataPayload?.subject_syntax_types_supported?.map((method) => convertDidMethod(method, opts.didPrefix)).filter((val) => !val.startsWith("did"));
|
|
706
|
-
|
|
879
|
+
logger2.debug(`subject syntax types supported in rp method supported: ${JSON.stringify(subjectSyntaxTypesSupported)}`);
|
|
707
880
|
const aud = await authReq.authorizationRequest.getMergedProperty("aud");
|
|
708
881
|
let rpMethods = [];
|
|
709
882
|
if (aud && aud.startsWith("did:")) {
|
|
710
|
-
const didMethod = convertDidMethod((0,
|
|
711
|
-
|
|
883
|
+
const didMethod = convertDidMethod((0, import_ssi_types2.parseDid)(aud).method, opts.didPrefix);
|
|
884
|
+
logger2.debug(`aud did method: ${didMethod}`);
|
|
712
885
|
if (subjectSyntaxTypesSupported && subjectSyntaxTypesSupported.length > 0 && !subjectSyntaxTypesSupported.includes("did") && !subjectSyntaxTypesSupported.includes(didMethod)) {
|
|
713
886
|
throw Error(`The aud DID method ${didMethod} is not in the supported types ${subjectSyntaxTypesSupported}`);
|
|
714
887
|
}
|
|
@@ -723,7 +896,7 @@ var OpSession = class _OpSession {
|
|
|
723
896
|
const isEBSI = rpMethods.length === 0 && (authReq.issuer?.includes(".ebsi.eu") || authReq.authorizationRequest.getMergedProperty("client_id")?.includes(".ebsi.eu"));
|
|
724
897
|
let codecName = void 0;
|
|
725
898
|
if (isEBSI && (!aud || !aud.startsWith("http"))) {
|
|
726
|
-
|
|
899
|
+
logger2.debug(`EBSI detected, adding did:key to supported DID methods for RP`);
|
|
727
900
|
const didKeyMethod = convertDidMethod("did:key", opts.didPrefix);
|
|
728
901
|
if (!agentMethods?.includes(didKeyMethod)) {
|
|
729
902
|
throw Error(`EBSI detected, but agent did not support did:key. Please reconfigure agent`);
|
|
@@ -742,13 +915,13 @@ var OpSession = class _OpSession {
|
|
|
742
915
|
}
|
|
743
916
|
async getSupportedIdentifiers(opts) {
|
|
744
917
|
const methods = await this.getSupportedDIDMethods(true);
|
|
745
|
-
|
|
918
|
+
logger2.debug(`supported DID methods (did: prefix = true): ${JSON.stringify(methods)}`);
|
|
746
919
|
if (methods.length === 0) {
|
|
747
920
|
throw Error(`No DID methods are supported`);
|
|
748
921
|
}
|
|
749
922
|
const identifiers = await this.context.agent.didManagerFind().then((ids) => ids.filter((id) => methods.includes(id.provider)));
|
|
750
923
|
if (identifiers.length === 0) {
|
|
751
|
-
|
|
924
|
+
logger2.debug(`No identifiers available in agent supporting methods ${JSON.stringify(methods)}`);
|
|
752
925
|
if (opts?.createInCaseNoDIDFound !== false) {
|
|
753
926
|
const { codecName, keyType } = await this.getRPDIDMethodsSupported({
|
|
754
927
|
didPrefix: true,
|
|
@@ -762,11 +935,11 @@ var OpSession = class _OpSession {
|
|
|
762
935
|
type: keyType
|
|
763
936
|
}
|
|
764
937
|
});
|
|
765
|
-
|
|
938
|
+
logger2.debug(`Created a new identifier for the SIOP interaction: ${identifier.did}`);
|
|
766
939
|
identifiers.push(identifier);
|
|
767
940
|
}
|
|
768
941
|
}
|
|
769
|
-
|
|
942
|
+
logger2.debug(`supported identifiers: ${JSON.stringify(identifiers.map((id) => id.did))}`);
|
|
770
943
|
return identifiers;
|
|
771
944
|
}
|
|
772
945
|
async getSupportedDIDs() {
|
|
@@ -775,9 +948,6 @@ var OpSession = class _OpSession {
|
|
|
775
948
|
async getRedirectUri() {
|
|
776
949
|
return Promise.resolve(this.verifiedAuthorizationRequest.responseURI);
|
|
777
950
|
}
|
|
778
|
-
async getOID4VP(args) {
|
|
779
|
-
return await OID4VP.init(this, args.allIdentifiers ?? [], args.hasher);
|
|
780
|
-
}
|
|
781
951
|
async createJarmResponseCallback({ responseOpts }) {
|
|
782
952
|
const agent = this.context.agent;
|
|
783
953
|
return /* @__PURE__ */ __name(async function jarmResponse(opts) {
|
|
@@ -791,8 +961,8 @@ var OpSession = class _OpSession {
|
|
|
791
961
|
protectedHeader: {},
|
|
792
962
|
alg: requestObjectPayload.client_metadata.authorization_encrypted_response_alg ?? "ECDH-ES",
|
|
793
963
|
enc: requestObjectPayload.client_metadata.authorization_encrypted_response_enc ?? "A256GCM",
|
|
794
|
-
apv: (0,
|
|
795
|
-
apu: (0,
|
|
964
|
+
apv: (0, import_ssi_sdk3.encodeBase64url)(opts.requestObjectPayload.nonce),
|
|
965
|
+
apu: (0, import_ssi_sdk3.encodeBase64url)((0, import_uuid.v4)()),
|
|
796
966
|
payload: authResponse,
|
|
797
967
|
issuer: responseOpts.issuer,
|
|
798
968
|
audience: responseOpts.audience
|
|
@@ -806,7 +976,7 @@ var OpSession = class _OpSession {
|
|
|
806
976
|
async sendAuthorizationResponse(args) {
|
|
807
977
|
const { responseSignerOpts, dcqlResponse, isFirstParty } = args;
|
|
808
978
|
const resolveOpts = this.options.resolveOpts ?? {
|
|
809
|
-
resolver: (0,
|
|
979
|
+
resolver: (0, import_ssi_sdk_ext3.getAgentResolver)(this.context, {
|
|
810
980
|
uniresolverResolution: true,
|
|
811
981
|
localResolution: true,
|
|
812
982
|
resolverResolution: true
|
|
@@ -857,80 +1027,6 @@ function convertDidMethod(didMethod, didPrefix) {
|
|
|
857
1027
|
}
|
|
858
1028
|
__name(convertDidMethod, "convertDidMethod");
|
|
859
1029
|
|
|
860
|
-
// src/types/IDidAuthSiopOpAuthenticator.ts
|
|
861
|
-
var LOGGER_NAMESPACE = "sphereon:siopv2-oid4vp:op-auth";
|
|
862
|
-
var DEFAULT_JWT_PROOF_TYPE = "JwtProof2020";
|
|
863
|
-
|
|
864
|
-
// src/types/siop-service/index.ts
|
|
865
|
-
var Siopv2HolderEvent = /* @__PURE__ */ (function(Siopv2HolderEvent2) {
|
|
866
|
-
Siopv2HolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
|
|
867
|
-
Siopv2HolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
|
|
868
|
-
return Siopv2HolderEvent2;
|
|
869
|
-
})({});
|
|
870
|
-
var SupportedLanguage = /* @__PURE__ */ (function(SupportedLanguage2) {
|
|
871
|
-
SupportedLanguage2["ENGLISH"] = "en";
|
|
872
|
-
SupportedLanguage2["DUTCH"] = "nl";
|
|
873
|
-
return SupportedLanguage2;
|
|
874
|
-
})({});
|
|
875
|
-
|
|
876
|
-
// src/types/machine/index.ts
|
|
877
|
-
var Siopv2MachineStates = /* @__PURE__ */ (function(Siopv2MachineStates2) {
|
|
878
|
-
Siopv2MachineStates2["createConfig"] = "createConfig";
|
|
879
|
-
Siopv2MachineStates2["getSiopRequest"] = "getSiopRequest";
|
|
880
|
-
Siopv2MachineStates2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
881
|
-
Siopv2MachineStates2["retrieveContact"] = "retrieveContact";
|
|
882
|
-
Siopv2MachineStates2["transitionFromSetup"] = "transitionFromSetup";
|
|
883
|
-
Siopv2MachineStates2["addContact"] = "addContact";
|
|
884
|
-
Siopv2MachineStates2["addContactIdentity"] = "addContactIdentity";
|
|
885
|
-
Siopv2MachineStates2["selectCredentials"] = "selectCredentials";
|
|
886
|
-
Siopv2MachineStates2["sendResponse"] = "sendResponse";
|
|
887
|
-
Siopv2MachineStates2["handleError"] = "handleError";
|
|
888
|
-
Siopv2MachineStates2["aborted"] = "aborted";
|
|
889
|
-
Siopv2MachineStates2["declined"] = "declined";
|
|
890
|
-
Siopv2MachineStates2["error"] = "error";
|
|
891
|
-
Siopv2MachineStates2["done"] = "done";
|
|
892
|
-
return Siopv2MachineStates2;
|
|
893
|
-
})({});
|
|
894
|
-
var Siopv2MachineAddContactStates = /* @__PURE__ */ (function(Siopv2MachineAddContactStates2) {
|
|
895
|
-
Siopv2MachineAddContactStates2["idle"] = "idle";
|
|
896
|
-
Siopv2MachineAddContactStates2["executing"] = "executing";
|
|
897
|
-
Siopv2MachineAddContactStates2["next"] = "next";
|
|
898
|
-
return Siopv2MachineAddContactStates2;
|
|
899
|
-
})({});
|
|
900
|
-
var Siopv2MachineEvents = /* @__PURE__ */ (function(Siopv2MachineEvents2) {
|
|
901
|
-
Siopv2MachineEvents2["NEXT"] = "NEXT";
|
|
902
|
-
Siopv2MachineEvents2["PREVIOUS"] = "PREVIOUS";
|
|
903
|
-
Siopv2MachineEvents2["DECLINE"] = "DECLINE";
|
|
904
|
-
Siopv2MachineEvents2["SET_CONTACT_ALIAS"] = "SET_CONTACT_ALIAS";
|
|
905
|
-
Siopv2MachineEvents2["SET_CONTACT_CONSENT"] = "SET_CONTACT_CONSENT";
|
|
906
|
-
Siopv2MachineEvents2["CREATE_CONTACT"] = "CREATE_CONTACT";
|
|
907
|
-
Siopv2MachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
|
|
908
|
-
return Siopv2MachineEvents2;
|
|
909
|
-
})({});
|
|
910
|
-
var Siopv2MachineGuards = /* @__PURE__ */ (function(Siopv2MachineGuards2) {
|
|
911
|
-
Siopv2MachineGuards2["hasNoContactGuard"] = "Siopv2HasNoContactGuard";
|
|
912
|
-
Siopv2MachineGuards2["createContactGuard"] = "Siopv2CreateContactGuard";
|
|
913
|
-
Siopv2MachineGuards2["hasContactGuard"] = "Siopv2HasContactGuard";
|
|
914
|
-
Siopv2MachineGuards2["hasAuthorizationRequestGuard"] = "Siopv2HasAuthorizationRequestGuard";
|
|
915
|
-
Siopv2MachineGuards2["hasSelectableCredentialsAndContactGuard"] = "Siopv2HasSelectableCredentialsAndContactGuard";
|
|
916
|
-
Siopv2MachineGuards2["hasSelectedRequiredCredentialsGuard"] = "Siopv2HasSelectedRequiredCredentialsGuard";
|
|
917
|
-
Siopv2MachineGuards2["siopOnlyGuard"] = "Siopv2IsSiopOnlyGuard";
|
|
918
|
-
Siopv2MachineGuards2["siopWithOID4VPGuard"] = "Siopv2IsSiopWithOID4VPGuard";
|
|
919
|
-
return Siopv2MachineGuards2;
|
|
920
|
-
})({});
|
|
921
|
-
var Siopv2MachineServices = /* @__PURE__ */ (function(Siopv2MachineServices2) {
|
|
922
|
-
Siopv2MachineServices2["getSiopRequest"] = "getSiopRequest";
|
|
923
|
-
Siopv2MachineServices2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
924
|
-
Siopv2MachineServices2["retrieveContact"] = "retrieveContact";
|
|
925
|
-
Siopv2MachineServices2["addContactIdentity"] = "addContactIdentity";
|
|
926
|
-
Siopv2MachineServices2["sendResponse"] = "sendResponse";
|
|
927
|
-
Siopv2MachineServices2["createConfig"] = "createConfig";
|
|
928
|
-
return Siopv2MachineServices2;
|
|
929
|
-
})({});
|
|
930
|
-
|
|
931
|
-
// src/types/identifier/index.ts
|
|
932
|
-
var DID_PREFIX = "did";
|
|
933
|
-
|
|
934
1030
|
// src/machine/Siopv2Machine.ts
|
|
935
1031
|
var import_xstate = require("xstate");
|
|
936
1032
|
|
|
@@ -977,7 +1073,7 @@ var translate = Localization.translate;
|
|
|
977
1073
|
|
|
978
1074
|
// src/machine/Siopv2Machine.ts
|
|
979
1075
|
var import_ssi_types3 = require("@sphereon/ssi-types");
|
|
980
|
-
var
|
|
1076
|
+
var logger3 = import_ssi_types3.Loggers.DEFAULT.get(LOGGER_NAMESPACE);
|
|
981
1077
|
var Siopv2HasNoContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
|
|
982
1078
|
const { contact } = _ctx;
|
|
983
1079
|
return contact === void 0;
|
|
@@ -1307,7 +1403,7 @@ var Siopv2Machine = class {
|
|
|
1307
1403
|
__name(this, "Siopv2Machine");
|
|
1308
1404
|
}
|
|
1309
1405
|
static newInstance(opts) {
|
|
1310
|
-
|
|
1406
|
+
logger3.info("New Siopv2Machine instance");
|
|
1311
1407
|
const interpreter = (0, import_xstate.interpret)(createSiopv2Machine(opts).withConfig({
|
|
1312
1408
|
services: {
|
|
1313
1409
|
...opts?.services
|
|
@@ -1335,7 +1431,7 @@ var Siopv2Machine = class {
|
|
|
1335
1431
|
});
|
|
1336
1432
|
}
|
|
1337
1433
|
interpreter.onTransition((snapshot) => {
|
|
1338
|
-
|
|
1434
|
+
logger3.info("onTransition to new state", snapshot.value);
|
|
1339
1435
|
});
|
|
1340
1436
|
return {
|
|
1341
1437
|
interpreter
|
|
@@ -1344,13 +1440,11 @@ var Siopv2Machine = class {
|
|
|
1344
1440
|
};
|
|
1345
1441
|
|
|
1346
1442
|
// src/services/Siopv2MachineService.ts
|
|
1347
|
-
var
|
|
1348
|
-
var
|
|
1349
|
-
var
|
|
1350
|
-
var
|
|
1351
|
-
var
|
|
1352
|
-
var import_ssi_sdk5 = require("@sphereon/ssi-sdk.data-store-types");
|
|
1353
|
-
var import_ssi_sdk6 = require("@sphereon/ssi-sdk.sd-jwt");
|
|
1443
|
+
var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
|
|
1444
|
+
var import_ssi_sdk_ext5 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
|
|
1445
|
+
var import_ssi_sdk4 = require("@sphereon/ssi-sdk.core");
|
|
1446
|
+
var import_ssi_sdk5 = require("@sphereon/ssi-sdk.credential-store");
|
|
1447
|
+
var import_ssi_sdk6 = require("@sphereon/ssi-sdk.data-store-types");
|
|
1354
1448
|
var import_ssi_types6 = require("@sphereon/ssi-types");
|
|
1355
1449
|
var import_dcql = require("dcql");
|
|
1356
1450
|
|
|
@@ -1392,12 +1486,12 @@ function convertToDcqlCredentials(credential, hasher) {
|
|
|
1392
1486
|
__name(convertToDcqlCredentials, "convertToDcqlCredentials");
|
|
1393
1487
|
|
|
1394
1488
|
// src/services/Siopv2MachineService.ts
|
|
1395
|
-
var
|
|
1396
|
-
var
|
|
1489
|
+
var CLOCK_SKEW2 = 120;
|
|
1490
|
+
var logger4 = import_ssi_types6.Loggers.DEFAULT.get(LOGGER_NAMESPACE);
|
|
1397
1491
|
var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType, args, context) => {
|
|
1398
1492
|
const { agent } = context;
|
|
1399
1493
|
const { credentials } = args;
|
|
1400
|
-
if (connectionType !==
|
|
1494
|
+
if (connectionType !== import_ssi_sdk6.ConnectionType.SIOPv2_OpenID4VP) {
|
|
1401
1495
|
return Promise.reject(Error(`No supported authentication provider for type: ${connectionType}`));
|
|
1402
1496
|
}
|
|
1403
1497
|
const session = await agent.siopGetOPSession({
|
|
@@ -1405,10 +1499,10 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1405
1499
|
});
|
|
1406
1500
|
const request = await session.getAuthorizationRequest();
|
|
1407
1501
|
const aud = request.authorizationRequest.getMergedProperty("aud");
|
|
1408
|
-
|
|
1409
|
-
|
|
1502
|
+
logger4.debug(`AUD: ${aud}`);
|
|
1503
|
+
logger4.debug(JSON.stringify(request.authorizationRequest));
|
|
1410
1504
|
const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ?? "https://self-issued.me/v2";
|
|
1411
|
-
|
|
1505
|
+
logger4.debug(`NONCE: ${session.nonce}, domain: ${domain}`);
|
|
1412
1506
|
const firstUniqueDC = credentials[0];
|
|
1413
1507
|
if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
|
|
1414
1508
|
return Promise.reject(Error("SiopMachine only supports UniqueDigitalCredentials for now"));
|
|
@@ -1416,10 +1510,12 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1416
1510
|
let identifier;
|
|
1417
1511
|
const digitalCredential = firstUniqueDC.digitalCredential;
|
|
1418
1512
|
const firstVC = firstUniqueDC.uniformVerifiableCredential;
|
|
1419
|
-
|
|
1420
|
-
|
|
1421
|
-
`did:jwk:${(0,
|
|
1422
|
-
|
|
1513
|
+
let holder;
|
|
1514
|
+
if (import_ssi_types6.CredentialMapper.isSdJwtDecodedCredential(firstVC)) {
|
|
1515
|
+
holder = firstVC.decodedPayload.cnf?.jwk ? `did:jwk:${(0, import_ssi_sdk4.encodeJoseBlob)(firstVC.decodedPayload.cnf?.jwk)}#0` : firstVC.decodedPayload.sub;
|
|
1516
|
+
} else {
|
|
1517
|
+
holder = Array.isArray(firstVC.credentialSubject) ? firstVC.credentialSubject[0].id : firstVC.credentialSubject.id;
|
|
1518
|
+
}
|
|
1423
1519
|
if (!digitalCredential.kmsKeyRef) {
|
|
1424
1520
|
if (!holder) {
|
|
1425
1521
|
return Promise.reject(`No holder found and no kmsKeyRef in DB. Cannot determine identifier to use`);
|
|
@@ -1429,10 +1525,10 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1429
1525
|
identifier: holder
|
|
1430
1526
|
});
|
|
1431
1527
|
} catch (e) {
|
|
1432
|
-
|
|
1528
|
+
logger4.debug(`Holder DID not found: ${holder}`);
|
|
1433
1529
|
throw e;
|
|
1434
1530
|
}
|
|
1435
|
-
} else if ((0,
|
|
1531
|
+
} else if ((0, import_ssi_sdk_ext5.isOID4VCIssuerIdentifier)(digitalCredential.kmsKeyRef)) {
|
|
1436
1532
|
identifier = await session.context.agent.identifierManagedGetByOID4VCIssuer({
|
|
1437
1533
|
identifier: firstUniqueDC.digitalCredential.kmsKeyRef
|
|
1438
1534
|
});
|
|
@@ -1460,6 +1556,13 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1460
1556
|
if (!queryResult.can_be_satisfied) {
|
|
1461
1557
|
return Promise.reject(Error("Credentials do not match required query request"));
|
|
1462
1558
|
}
|
|
1559
|
+
const presentationContext = {
|
|
1560
|
+
nonce: request.requestObject?.getPayload()?.nonce ?? session.nonce,
|
|
1561
|
+
audience: domain,
|
|
1562
|
+
agent: context.agent,
|
|
1563
|
+
clockSkew: CLOCK_SKEW2,
|
|
1564
|
+
hasher: args.hasher
|
|
1565
|
+
};
|
|
1463
1566
|
const presentation = {};
|
|
1464
1567
|
const uniqueCredentials = Array.from(dcqlCredentialsWithCredentials.values());
|
|
1465
1568
|
for (const [key, value] of Object.entries(queryResult.credential_matches)) {
|
|
@@ -1469,27 +1572,12 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1469
1572
|
if (!vc) {
|
|
1470
1573
|
continue;
|
|
1471
1574
|
}
|
|
1472
|
-
|
|
1473
|
-
|
|
1474
|
-
|
|
1475
|
-
}
|
|
1476
|
-
|
|
1477
|
-
|
|
1478
|
-
const presentationResult = await context.agent.createSdJwtPresentation({
|
|
1479
|
-
presentation: updatedSdJwt.compactSdJwtVc,
|
|
1480
|
-
kb: {
|
|
1481
|
-
payload: {
|
|
1482
|
-
...updatedSdJwt.kbJwt?.payload,
|
|
1483
|
-
// FIXME SSISDK-44
|
|
1484
|
-
nonce: updatedSdJwt.kbJwt?.payload.nonce ?? request.requestObject.getPayload().nonce,
|
|
1485
|
-
// FIXME SSISDK-44
|
|
1486
|
-
aud: updatedSdJwt.kbJwt?.payload.aud ?? domain,
|
|
1487
|
-
iat: updatedSdJwt.kbJwt?.payload?.iat ?? Math.floor(Date.now() / 1e3 - CLOCK_SKEW)
|
|
1488
|
-
}
|
|
1489
|
-
}
|
|
1490
|
-
});
|
|
1491
|
-
if (originalVc) {
|
|
1492
|
-
presentation[key] = presentationResult.presentation;
|
|
1575
|
+
try {
|
|
1576
|
+
const vp = await createVerifiablePresentationForFormat(vc, identifier, presentationContext);
|
|
1577
|
+
presentation[key] = vp;
|
|
1578
|
+
} catch (error) {
|
|
1579
|
+
logger4.error(`Failed to create VP for credential ${key}:`, error);
|
|
1580
|
+
throw error;
|
|
1493
1581
|
}
|
|
1494
1582
|
}
|
|
1495
1583
|
}
|
|
@@ -1500,12 +1588,9 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1500
1588
|
dcqlPresentation
|
|
1501
1589
|
}
|
|
1502
1590
|
});
|
|
1503
|
-
|
|
1591
|
+
logger4.debug(`Response: `, response);
|
|
1504
1592
|
return response;
|
|
1505
1593
|
}, "siopSendAuthorizationResponse");
|
|
1506
|
-
var retrieveEncodedCredential = /* @__PURE__ */ __name((credential) => {
|
|
1507
|
-
return credential.originalVerifiableCredential !== void 0 && credential.originalVerifiableCredential !== null && credential?.originalVerifiableCredential?.compactSdJwtVc !== void 0 && credential?.originalVerifiableCredential?.compactSdJwtVc !== null ? credential.originalVerifiableCredential.compactSdJwtVc : credential.originalVerifiableCredential;
|
|
1508
|
-
}, "retrieveEncodedCredential");
|
|
1509
1594
|
var getSelectableCredentials = /* @__PURE__ */ __name(async (dcqlQuery, context) => {
|
|
1510
1595
|
const agentContext = {
|
|
1511
1596
|
...context,
|
|
@@ -1513,7 +1598,7 @@ var getSelectableCredentials = /* @__PURE__ */ __name(async (dcqlQuery, context)
|
|
|
1513
1598
|
};
|
|
1514
1599
|
const { agent } = agentContext;
|
|
1515
1600
|
const uniqueVerifiableCredentials = await agent.crsGetUniqueCredentials({
|
|
1516
|
-
filter: (0,
|
|
1601
|
+
filter: (0, import_ssi_sdk5.verifiableCredentialForRoleFilter)(import_ssi_types6.CredentialRole.HOLDER)
|
|
1517
1602
|
});
|
|
1518
1603
|
const branding = await agent.ibGetCredentialBranding();
|
|
1519
1604
|
const dcqlCredentialsWithCredentials = new Map(uniqueVerifiableCredentials.map((vc) => [
|
|
@@ -1582,34 +1667,9 @@ var translateCorrelationIdToName = /* @__PURE__ */ __name(async (correlationId,
|
|
|
1582
1667
|
}
|
|
1583
1668
|
return contacts[0].contact.displayName;
|
|
1584
1669
|
}, "translateCorrelationIdToName");
|
|
1585
|
-
var updateSdJwtCredential = /* @__PURE__ */ __name((credential, nonce, aud) => {
|
|
1586
|
-
const sdJwtCredential = credential;
|
|
1587
|
-
const hashAlg = sdJwtCredential.signedPayload._sd_alg ?? "sha-256";
|
|
1588
|
-
const sdHash = (0, import_utils.calculateSdHash)(sdJwtCredential.compactSdJwtVc, hashAlg, import_ssi_sdk6.defaultGenerateDigest);
|
|
1589
|
-
const kbJwt = {
|
|
1590
|
-
// alg MUST be set by the signer
|
|
1591
|
-
header: {
|
|
1592
|
-
typ: "kb+jwt"
|
|
1593
|
-
},
|
|
1594
|
-
payload: {
|
|
1595
|
-
iat: Math.floor((/* @__PURE__ */ new Date()).getTime() / 1e3),
|
|
1596
|
-
sd_hash: sdHash,
|
|
1597
|
-
...nonce && {
|
|
1598
|
-
nonce
|
|
1599
|
-
},
|
|
1600
|
-
...aud && {
|
|
1601
|
-
aud
|
|
1602
|
-
}
|
|
1603
|
-
}
|
|
1604
|
-
};
|
|
1605
|
-
return {
|
|
1606
|
-
...sdJwtCredential,
|
|
1607
|
-
kbJwt
|
|
1608
|
-
};
|
|
1609
|
-
}, "updateSdJwtCredential");
|
|
1610
1670
|
|
|
1611
1671
|
// src/agent/DidAuthSiopOpAuthenticator.ts
|
|
1612
|
-
var
|
|
1672
|
+
var logger5 = import_ssi_types7.Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
|
|
1613
1673
|
var didAuthSiopOpAuthenticatorMethods = [
|
|
1614
1674
|
"cmGetContacts",
|
|
1615
1675
|
"cmGetContact",
|
|
@@ -1763,7 +1823,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1763
1823
|
hasher: this.hasher
|
|
1764
1824
|
}
|
|
1765
1825
|
}));
|
|
1766
|
-
|
|
1826
|
+
logger5.debug(`session: ${JSON.stringify(session.id, null, 2)}`);
|
|
1767
1827
|
const verifiedAuthorizationRequest = await session.getAuthorizationRequest();
|
|
1768
1828
|
const clientName = verifiedAuthorizationRequest.registrationMetadataPayload?.client_name;
|
|
1769
1829
|
const url = verifiedAuthorizationRequest.responseURI ?? (args.url.includes("request_uri") ? decodeURIComponent(args.url.split("?request_uri=")[1].trim()) : verifiedAuthorizationRequest.issuer ?? verifiedAuthorizationRequest.registrationMetadataPayload?.client_id);
|
|
@@ -1842,7 +1902,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1842
1902
|
contactId: contact.id,
|
|
1843
1903
|
identity: addedIdentity
|
|
1844
1904
|
});
|
|
1845
|
-
|
|
1905
|
+
logger5.info(`Contact identity created: ${JSON.stringify(addedIdentity)}`);
|
|
1846
1906
|
}
|
|
1847
1907
|
}
|
|
1848
1908
|
async siopSendResponse(args, context) {
|
|
@@ -1885,7 +1945,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1885
1945
|
|
|
1886
1946
|
// src/machine/CallbackStateListener.ts
|
|
1887
1947
|
var import_ssi_types8 = require("@sphereon/ssi-types");
|
|
1888
|
-
var
|
|
1948
|
+
var logger6 = import_ssi_types8.Loggers.DEFAULT.options("sphereon:siopv2-oid4vp:op-auth", {
|
|
1889
1949
|
defaultLogLevel: import_ssi_types8.LogLevel.DEBUG,
|
|
1890
1950
|
methods: [
|
|
1891
1951
|
import_ssi_types8.LogMethod.CONSOLE
|
|
@@ -1894,21 +1954,21 @@ var logger5 = import_ssi_types8.Loggers.DEFAULT.options("sphereon:siopv2-oid4vp:
|
|
|
1894
1954
|
var OID4VPCallbackStateListener = /* @__PURE__ */ __name((callbacks) => {
|
|
1895
1955
|
return async (oid4vciMachine, state) => {
|
|
1896
1956
|
if (state._event.type === "internal") {
|
|
1897
|
-
|
|
1957
|
+
logger6.debug("oid4vpCallbackStateListener: internal event");
|
|
1898
1958
|
return;
|
|
1899
1959
|
}
|
|
1900
|
-
|
|
1960
|
+
logger6.info(`VP state listener state: ${JSON.stringify(state.value)}`);
|
|
1901
1961
|
if (!callbacks || callbacks.size === 0) {
|
|
1902
|
-
|
|
1962
|
+
logger6.info(`VP no callbacks registered for state: ${JSON.stringify(state.value)}`);
|
|
1903
1963
|
return;
|
|
1904
1964
|
}
|
|
1905
1965
|
for (const [stateKey, callback] of callbacks) {
|
|
1906
1966
|
if (state.matches(stateKey)) {
|
|
1907
|
-
|
|
1908
|
-
await callback(oid4vciMachine, state).then(() =>
|
|
1909
|
-
|
|
1967
|
+
logger6.log(`VP state callback for state: ${JSON.stringify(state.value)}, will execute...`);
|
|
1968
|
+
await callback(oid4vciMachine, state).then(() => logger6.log(`VP state callback executed for state: ${JSON.stringify(state.value)}`)).catch((error) => {
|
|
1969
|
+
logger6.error(`VP state callback failed for state: ${JSON.stringify(state.value)}, error: ${JSON.stringify(error?.message)}, ${JSON.stringify(state.event)}`);
|
|
1910
1970
|
if (error.stack) {
|
|
1911
|
-
|
|
1971
|
+
logger6.error(error.stack);
|
|
1912
1972
|
}
|
|
1913
1973
|
});
|
|
1914
1974
|
break;
|
|
@@ -1922,7 +1982,7 @@ var import_ssi_sdk8 = require("@sphereon/ssi-sdk.agent-config");
|
|
|
1922
1982
|
var import_ssi_sdk9 = require("@sphereon/ssi-sdk.core");
|
|
1923
1983
|
var import_ssi_sdk10 = require("@sphereon/ssi-sdk.xstate-machine-persistence");
|
|
1924
1984
|
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1925
|
-
var
|
|
1985
|
+
var logger7 = import_ssi_types9.Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
|
|
1926
1986
|
var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk9.LinkHandlerAdapter {
|
|
1927
1987
|
static {
|
|
1928
1988
|
__name(this, "Siopv2OID4VPLinkHandler");
|
|
@@ -1942,7 +2002,7 @@ var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk9.LinkHandlerAdapter {
|
|
|
1942
2002
|
this.idOpts = args.idOpts;
|
|
1943
2003
|
}
|
|
1944
2004
|
async handle(url, opts) {
|
|
1945
|
-
|
|
2005
|
+
logger7.debug(`handling SIOP link: ${url}`);
|
|
1946
2006
|
const siopv2Machine = await this.context.agent.siopGetMachineInterpreter({
|
|
1947
2007
|
url,
|
|
1948
2008
|
idOpts: opts?.idOpts ?? this.idOpts,
|
|
@@ -1958,10 +2018,10 @@ var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk9.LinkHandlerAdapter {
|
|
|
1958
2018
|
singletonCheck: true,
|
|
1959
2019
|
noRegistration: this.noStateMachinePersistence
|
|
1960
2020
|
});
|
|
1961
|
-
|
|
2021
|
+
logger7.debug(`SIOP machine started for link: ${url}`, init);
|
|
1962
2022
|
} else {
|
|
1963
2023
|
interpreter.start(opts?.machineState);
|
|
1964
|
-
|
|
2024
|
+
logger7.debug(`SIOP machine started for link: ${url}`);
|
|
1965
2025
|
}
|
|
1966
2026
|
}
|
|
1967
2027
|
};
|