@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.34.1-next.88 → 0.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +278 -178
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +17 -10
- package/dist/index.d.ts +17 -10
- package/dist/index.js +271 -171
- package/dist/index.js.map +1 -1
- package/package.json +23 -22
- package/src/agent/DidAuthSiopOpAuthenticator.ts +5 -22
- package/src/machine/Siopv2Machine.ts +1 -1
- package/src/services/Siopv2MachineService.ts +98 -119
- package/src/session/OID4VP.ts +163 -315
- package/src/session/OpSession.ts +4 -20
- package/src/session/functions.ts +1 -8
- package/src/types/IDidAuthSiopOpAuthenticator.ts +1 -1
- package/src/types/machine/index.ts +1 -1
- package/src/types/siop-service/index.ts +11 -7
- package/src/utils/CredentialUtils.ts +1 -1
- package/src/utils/dcql.ts +8 -3
package/dist/index.cjs
CHANGED
|
@@ -67,7 +67,6 @@ __export(index_exports, {
|
|
|
67
67
|
DID_PREFIX: () => DID_PREFIX,
|
|
68
68
|
DidAuthSiopOpAuthenticator: () => DidAuthSiopOpAuthenticator,
|
|
69
69
|
LOGGER_NAMESPACE: () => LOGGER_NAMESPACE,
|
|
70
|
-
OID4VP: () => OID4VP,
|
|
71
70
|
OID4VPCallbackStateListener: () => OID4VPCallbackStateListener,
|
|
72
71
|
OpSession: () => OpSession,
|
|
73
72
|
Siopv2HolderEvent: () => Siopv2HolderEvent,
|
|
@@ -85,6 +84,7 @@ __export(index_exports, {
|
|
|
85
84
|
createOID4VPPresentationSignCallback: () => createOID4VPPresentationSignCallback,
|
|
86
85
|
createOP: () => createOP,
|
|
87
86
|
createOPBuilder: () => createOPBuilder,
|
|
87
|
+
createVerifiablePresentationForFormat: () => createVerifiablePresentationForFormat,
|
|
88
88
|
didAuthSiopOpAuthenticatorMethods: () => didAuthSiopOpAuthenticatorMethods,
|
|
89
89
|
getSigningAlgo: () => getSigningAlgo,
|
|
90
90
|
schema: () => plugin_schema_default
|
|
@@ -423,8 +423,8 @@ var plugin_schema_default = {
|
|
|
423
423
|
};
|
|
424
424
|
|
|
425
425
|
// src/agent/DidAuthSiopOpAuthenticator.ts
|
|
426
|
-
var
|
|
427
|
-
var
|
|
426
|
+
var import_did_auth_siop4 = require("@sphereon/did-auth-siop");
|
|
427
|
+
var import_ssi_sdk7 = require("@sphereon/ssi-sdk.data-store-types");
|
|
428
428
|
var import_ssi_types7 = require("@sphereon/ssi-types");
|
|
429
429
|
var import_uuid2 = require("uuid");
|
|
430
430
|
|
|
@@ -451,10 +451,8 @@ __name(createOID4VPPresentationSignCallback, "createOID4VPPresentationSignCallba
|
|
|
451
451
|
async function createOPBuilder({ opOptions, idOpts: idOpts1, context }) {
|
|
452
452
|
const eventEmitter = opOptions.eventEmitter ?? new import_events.EventEmitter();
|
|
453
453
|
const builder = import_did_auth_siop.OP.builder().withResponseMode(opOptions.responseMode ?? import_did_auth_siop.ResponseMode.DIRECT_POST).withSupportedVersions(opOptions.supportedVersions ?? [
|
|
454
|
-
import_did_auth_siop.SupportedVersion.
|
|
455
|
-
import_did_auth_siop.SupportedVersion.
|
|
456
|
-
import_did_auth_siop.SupportedVersion.SIOPv2_D11,
|
|
457
|
-
import_did_auth_siop.SupportedVersion.SIOPv2_D12_OID4VP_D18
|
|
454
|
+
import_did_auth_siop.SupportedVersion.OID4VP_v1,
|
|
455
|
+
import_did_auth_siop.SupportedVersion.SIOPv2_OID4VP_D28
|
|
458
456
|
]).withExpiresIn(opOptions.expiresIn ?? 300).withEventEmitter(eventEmitter).withRegistration({
|
|
459
457
|
passBy: import_did_auth_siop.PassBy.VALUE
|
|
460
458
|
});
|
|
@@ -582,32 +580,205 @@ function getSigningAlgo(type) {
|
|
|
582
580
|
__name(getSigningAlgo, "getSigningAlgo");
|
|
583
581
|
|
|
584
582
|
// src/session/OID4VP.ts
|
|
585
|
-
var
|
|
586
|
-
|
|
587
|
-
|
|
583
|
+
var import_utils = require("@sphereon/pex/dist/main/lib/utils/index.js");
|
|
584
|
+
var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
|
|
585
|
+
var import_ssi_sdk2 = require("@sphereon/ssi-sdk.sd-jwt");
|
|
586
|
+
var import_ssi_types = require("@sphereon/ssi-types");
|
|
587
|
+
|
|
588
|
+
// src/types/IDidAuthSiopOpAuthenticator.ts
|
|
589
|
+
var LOGGER_NAMESPACE = "sphereon:siopv2-oid4vp:op-auth";
|
|
590
|
+
var DEFAULT_JWT_PROOF_TYPE = "JwtProof2020";
|
|
591
|
+
|
|
592
|
+
// src/types/siop-service/index.ts
|
|
593
|
+
var Siopv2HolderEvent = /* @__PURE__ */ (function(Siopv2HolderEvent2) {
|
|
594
|
+
Siopv2HolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
|
|
595
|
+
Siopv2HolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
|
|
596
|
+
return Siopv2HolderEvent2;
|
|
597
|
+
})({});
|
|
598
|
+
var SupportedLanguage = /* @__PURE__ */ (function(SupportedLanguage2) {
|
|
599
|
+
SupportedLanguage2["ENGLISH"] = "en";
|
|
600
|
+
SupportedLanguage2["DUTCH"] = "nl";
|
|
601
|
+
return SupportedLanguage2;
|
|
602
|
+
})({});
|
|
603
|
+
|
|
604
|
+
// src/types/machine/index.ts
|
|
605
|
+
var Siopv2MachineStates = /* @__PURE__ */ (function(Siopv2MachineStates2) {
|
|
606
|
+
Siopv2MachineStates2["createConfig"] = "createConfig";
|
|
607
|
+
Siopv2MachineStates2["getSiopRequest"] = "getSiopRequest";
|
|
608
|
+
Siopv2MachineStates2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
609
|
+
Siopv2MachineStates2["retrieveContact"] = "retrieveContact";
|
|
610
|
+
Siopv2MachineStates2["transitionFromSetup"] = "transitionFromSetup";
|
|
611
|
+
Siopv2MachineStates2["addContact"] = "addContact";
|
|
612
|
+
Siopv2MachineStates2["addContactIdentity"] = "addContactIdentity";
|
|
613
|
+
Siopv2MachineStates2["selectCredentials"] = "selectCredentials";
|
|
614
|
+
Siopv2MachineStates2["sendResponse"] = "sendResponse";
|
|
615
|
+
Siopv2MachineStates2["handleError"] = "handleError";
|
|
616
|
+
Siopv2MachineStates2["aborted"] = "aborted";
|
|
617
|
+
Siopv2MachineStates2["declined"] = "declined";
|
|
618
|
+
Siopv2MachineStates2["error"] = "error";
|
|
619
|
+
Siopv2MachineStates2["done"] = "done";
|
|
620
|
+
return Siopv2MachineStates2;
|
|
621
|
+
})({});
|
|
622
|
+
var Siopv2MachineAddContactStates = /* @__PURE__ */ (function(Siopv2MachineAddContactStates2) {
|
|
623
|
+
Siopv2MachineAddContactStates2["idle"] = "idle";
|
|
624
|
+
Siopv2MachineAddContactStates2["executing"] = "executing";
|
|
625
|
+
Siopv2MachineAddContactStates2["next"] = "next";
|
|
626
|
+
return Siopv2MachineAddContactStates2;
|
|
627
|
+
})({});
|
|
628
|
+
var Siopv2MachineEvents = /* @__PURE__ */ (function(Siopv2MachineEvents2) {
|
|
629
|
+
Siopv2MachineEvents2["NEXT"] = "NEXT";
|
|
630
|
+
Siopv2MachineEvents2["PREVIOUS"] = "PREVIOUS";
|
|
631
|
+
Siopv2MachineEvents2["DECLINE"] = "DECLINE";
|
|
632
|
+
Siopv2MachineEvents2["SET_CONTACT_ALIAS"] = "SET_CONTACT_ALIAS";
|
|
633
|
+
Siopv2MachineEvents2["SET_CONTACT_CONSENT"] = "SET_CONTACT_CONSENT";
|
|
634
|
+
Siopv2MachineEvents2["CREATE_CONTACT"] = "CREATE_CONTACT";
|
|
635
|
+
Siopv2MachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
|
|
636
|
+
return Siopv2MachineEvents2;
|
|
637
|
+
})({});
|
|
638
|
+
var Siopv2MachineGuards = /* @__PURE__ */ (function(Siopv2MachineGuards2) {
|
|
639
|
+
Siopv2MachineGuards2["hasNoContactGuard"] = "Siopv2HasNoContactGuard";
|
|
640
|
+
Siopv2MachineGuards2["createContactGuard"] = "Siopv2CreateContactGuard";
|
|
641
|
+
Siopv2MachineGuards2["hasContactGuard"] = "Siopv2HasContactGuard";
|
|
642
|
+
Siopv2MachineGuards2["hasAuthorizationRequestGuard"] = "Siopv2HasAuthorizationRequestGuard";
|
|
643
|
+
Siopv2MachineGuards2["hasSelectableCredentialsAndContactGuard"] = "Siopv2HasSelectableCredentialsAndContactGuard";
|
|
644
|
+
Siopv2MachineGuards2["hasSelectedRequiredCredentialsGuard"] = "Siopv2HasSelectedRequiredCredentialsGuard";
|
|
645
|
+
Siopv2MachineGuards2["siopOnlyGuard"] = "Siopv2IsSiopOnlyGuard";
|
|
646
|
+
Siopv2MachineGuards2["siopWithOID4VPGuard"] = "Siopv2IsSiopWithOID4VPGuard";
|
|
647
|
+
return Siopv2MachineGuards2;
|
|
648
|
+
})({});
|
|
649
|
+
var Siopv2MachineServices = /* @__PURE__ */ (function(Siopv2MachineServices2) {
|
|
650
|
+
Siopv2MachineServices2["getSiopRequest"] = "getSiopRequest";
|
|
651
|
+
Siopv2MachineServices2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
652
|
+
Siopv2MachineServices2["retrieveContact"] = "retrieveContact";
|
|
653
|
+
Siopv2MachineServices2["addContactIdentity"] = "addContactIdentity";
|
|
654
|
+
Siopv2MachineServices2["sendResponse"] = "sendResponse";
|
|
655
|
+
Siopv2MachineServices2["createConfig"] = "createConfig";
|
|
656
|
+
return Siopv2MachineServices2;
|
|
657
|
+
})({});
|
|
658
|
+
|
|
659
|
+
// src/types/identifier/index.ts
|
|
660
|
+
var DID_PREFIX = "did";
|
|
661
|
+
|
|
662
|
+
// src/session/OID4VP.ts
|
|
663
|
+
var CLOCK_SKEW = 120;
|
|
664
|
+
var logger = import_ssi_types.Loggers.DEFAULT.get(LOGGER_NAMESPACE);
|
|
665
|
+
function extractOriginalCredential(credential) {
|
|
666
|
+
if (typeof credential === "string") {
|
|
667
|
+
return credential;
|
|
668
|
+
}
|
|
669
|
+
if ("digitalCredential" in credential) {
|
|
670
|
+
const udc = credential;
|
|
671
|
+
if (udc.originalVerifiableCredential) {
|
|
672
|
+
return udc.originalVerifiableCredential;
|
|
673
|
+
}
|
|
674
|
+
return udc.uniformVerifiableCredential;
|
|
588
675
|
}
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
// private readonly hasher?: HasherSync
|
|
592
|
-
constructor(args) {
|
|
676
|
+
if ("original" in credential) {
|
|
677
|
+
return credential.original;
|
|
593
678
|
}
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
599
|
-
|
|
679
|
+
return credential;
|
|
680
|
+
}
|
|
681
|
+
__name(extractOriginalCredential, "extractOriginalCredential");
|
|
682
|
+
function getIdentifierString(identifier) {
|
|
683
|
+
if ("opts" in identifier && "method" in identifier) {
|
|
684
|
+
if ((0, import_ssi_sdk_ext2.isManagedIdentifierDidResult)(identifier)) {
|
|
685
|
+
return identifier.did;
|
|
686
|
+
}
|
|
600
687
|
}
|
|
601
|
-
|
|
688
|
+
return identifier.issuer ?? identifier.kid ?? "";
|
|
689
|
+
}
|
|
690
|
+
__name(getIdentifierString, "getIdentifierString");
|
|
691
|
+
async function createVerifiablePresentationForFormat(credential, identifier, context) {
|
|
692
|
+
const { nonce, audience, agent, clockSkew = CLOCK_SKEW } = context;
|
|
693
|
+
const originalCredential = extractOriginalCredential(credential);
|
|
694
|
+
const documentFormat = import_ssi_types.CredentialMapper.detectDocumentType(originalCredential);
|
|
695
|
+
logger.debug(`Creating VP for format: ${documentFormat}`);
|
|
696
|
+
switch (documentFormat) {
|
|
697
|
+
case import_ssi_types.DocumentFormat.SD_JWT_VC: {
|
|
698
|
+
const decodedSdJwt = await import_ssi_types.CredentialMapper.decodeSdJwtVcAsync(typeof originalCredential === "string" ? originalCredential : originalCredential.compactSdJwtVc, import_ssi_sdk2.defaultGenerateDigest);
|
|
699
|
+
const hashAlg = decodedSdJwt.signedPayload._sd_alg ?? "sha-256";
|
|
700
|
+
const sdHash = (0, import_utils.calculateSdHash)(decodedSdJwt.compactSdJwtVc, hashAlg, import_ssi_sdk2.defaultGenerateDigest);
|
|
701
|
+
const kbJwtPayload = {
|
|
702
|
+
iat: Math.floor(Date.now() / 1e3 - clockSkew),
|
|
703
|
+
sd_hash: sdHash,
|
|
704
|
+
nonce,
|
|
705
|
+
aud: audience
|
|
706
|
+
};
|
|
707
|
+
const presentationResult = await agent.createSdJwtPresentation({
|
|
708
|
+
presentation: decodedSdJwt.compactSdJwtVc,
|
|
709
|
+
kb: {
|
|
710
|
+
payload: kbJwtPayload
|
|
711
|
+
}
|
|
712
|
+
});
|
|
713
|
+
return presentationResult.presentation;
|
|
714
|
+
}
|
|
715
|
+
case import_ssi_types.DocumentFormat.JSONLD: {
|
|
716
|
+
const vcObject = typeof originalCredential === "string" ? JSON.parse(originalCredential) : originalCredential;
|
|
717
|
+
const vpObject = {
|
|
718
|
+
"@context": [
|
|
719
|
+
"https://www.w3.org/2018/credentials/v1"
|
|
720
|
+
],
|
|
721
|
+
type: [
|
|
722
|
+
"VerifiablePresentation"
|
|
723
|
+
],
|
|
724
|
+
verifiableCredential: [
|
|
725
|
+
vcObject
|
|
726
|
+
]
|
|
727
|
+
};
|
|
728
|
+
return await agent.createVerifiablePresentation({
|
|
729
|
+
presentation: vpObject,
|
|
730
|
+
proofFormat: "lds",
|
|
731
|
+
challenge: nonce,
|
|
732
|
+
domain: audience,
|
|
733
|
+
keyRef: identifier.kmsKeyRef || identifier.kid
|
|
734
|
+
});
|
|
735
|
+
}
|
|
736
|
+
case import_ssi_types.DocumentFormat.MSO_MDOC: {
|
|
737
|
+
logger.warning("mso_mdoc format has basic support - production use requires proper mdoc VP token implementation");
|
|
738
|
+
return originalCredential;
|
|
739
|
+
}
|
|
740
|
+
default: {
|
|
741
|
+
const vcJwt = typeof originalCredential === "string" ? originalCredential : JSON.stringify(originalCredential);
|
|
742
|
+
const identifierString = getIdentifierString(identifier);
|
|
743
|
+
const vpPayload = {
|
|
744
|
+
iss: identifierString,
|
|
745
|
+
aud: audience,
|
|
746
|
+
nonce,
|
|
747
|
+
vp: {
|
|
748
|
+
"@context": [
|
|
749
|
+
"https://www.w3.org/2018/credentials/v1"
|
|
750
|
+
],
|
|
751
|
+
type: [
|
|
752
|
+
"VerifiablePresentation"
|
|
753
|
+
],
|
|
754
|
+
holder: identifierString,
|
|
755
|
+
verifiableCredential: [
|
|
756
|
+
vcJwt
|
|
757
|
+
]
|
|
758
|
+
},
|
|
759
|
+
iat: Math.floor(Date.now() / 1e3 - clockSkew),
|
|
760
|
+
exp: Math.floor(Date.now() / 1e3 + 600 + clockSkew)
|
|
761
|
+
};
|
|
762
|
+
const vpJwt = await agent.createVerifiablePresentation({
|
|
763
|
+
presentation: vpPayload.vp,
|
|
764
|
+
proofFormat: "jwt",
|
|
765
|
+
domain: audience,
|
|
766
|
+
challenge: nonce,
|
|
767
|
+
keyRef: identifier.kmsKeyRef || identifier.kid
|
|
768
|
+
});
|
|
769
|
+
return vpJwt.proof?.jwt || vpJwt;
|
|
770
|
+
}
|
|
771
|
+
}
|
|
772
|
+
}
|
|
773
|
+
__name(createVerifiablePresentationForFormat, "createVerifiablePresentationForFormat");
|
|
602
774
|
|
|
603
775
|
// src/session/OpSession.ts
|
|
604
776
|
var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
|
|
605
|
-
var
|
|
606
|
-
var
|
|
607
|
-
var import_ssi_types = require("@sphereon/ssi-types");
|
|
608
|
-
var import_uuid = require("uuid");
|
|
777
|
+
var import_ssi_sdk_ext3 = require("@sphereon/ssi-sdk-ext.did-utils");
|
|
778
|
+
var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
|
|
609
779
|
var import_ssi_types2 = require("@sphereon/ssi-types");
|
|
610
|
-
var
|
|
780
|
+
var import_uuid = require("uuid");
|
|
781
|
+
var logger2 = import_ssi_types2.Loggers.DEFAULT.get("sphereon:oid4vp:OpSession");
|
|
611
782
|
var OpSession = class _OpSession {
|
|
612
783
|
static {
|
|
613
784
|
__name(this, "OpSession");
|
|
@@ -671,14 +842,14 @@ var OpSession = class _OpSession {
|
|
|
671
842
|
didPrefix,
|
|
672
843
|
agentMethods
|
|
673
844
|
});
|
|
674
|
-
|
|
845
|
+
logger2.debug(`RP supports subject syntax types: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
|
|
675
846
|
if (rpMethods.dids.length === 0) {
|
|
676
|
-
|
|
847
|
+
logger2.debug(`RP does not support DIDs. Supported: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
|
|
677
848
|
return [];
|
|
678
849
|
}
|
|
679
850
|
let intersection;
|
|
680
851
|
if (rpMethods.dids.includes("did")) {
|
|
681
|
-
intersection = agentMethods && agentMethods.length > 0 ? agentMethods : (await (0,
|
|
852
|
+
intersection = agentMethods && agentMethods.length > 0 ? agentMethods : (await (0, import_ssi_sdk_ext3.getAgentDIDMethods)(this.context)).map((method) => convertDidMethod(method, didPrefix));
|
|
682
853
|
} else if (!agentMethods || agentMethods.length === 0) {
|
|
683
854
|
intersection = rpMethods.dids?.map((method) => convertDidMethod(method, didPrefix));
|
|
684
855
|
} else {
|
|
@@ -691,7 +862,7 @@ var OpSession = class _OpSession {
|
|
|
691
862
|
}
|
|
692
863
|
getAgentDIDMethodsSupported(opts) {
|
|
693
864
|
const agentMethods = this.options.supportedDIDMethods?.map((method) => convertDidMethod(method, opts.didPrefix));
|
|
694
|
-
|
|
865
|
+
logger2.debug(`agent methods: ${JSON.stringify(agentMethods)}`);
|
|
695
866
|
return agentMethods;
|
|
696
867
|
}
|
|
697
868
|
async getSubjectSyntaxTypesSupported() {
|
|
@@ -702,15 +873,15 @@ var OpSession = class _OpSession {
|
|
|
702
873
|
async getRPDIDMethodsSupported(opts) {
|
|
703
874
|
let keyType;
|
|
704
875
|
const agentMethods = (opts.agentMethods ?? this.getAgentDIDMethodsSupported(opts))?.map((method) => convertDidMethod(method, opts.didPrefix)) ?? [];
|
|
705
|
-
|
|
876
|
+
logger2.debug(`agent methods supported: ${JSON.stringify(agentMethods)}`);
|
|
706
877
|
const authReq = await this.getAuthorizationRequest();
|
|
707
878
|
const subjectSyntaxTypesSupported = authReq.registrationMetadataPayload?.subject_syntax_types_supported?.map((method) => convertDidMethod(method, opts.didPrefix)).filter((val) => !val.startsWith("did"));
|
|
708
|
-
|
|
879
|
+
logger2.debug(`subject syntax types supported in rp method supported: ${JSON.stringify(subjectSyntaxTypesSupported)}`);
|
|
709
880
|
const aud = await authReq.authorizationRequest.getMergedProperty("aud");
|
|
710
881
|
let rpMethods = [];
|
|
711
882
|
if (aud && aud.startsWith("did:")) {
|
|
712
|
-
const didMethod = convertDidMethod((0,
|
|
713
|
-
|
|
883
|
+
const didMethod = convertDidMethod((0, import_ssi_types2.parseDid)(aud).method, opts.didPrefix);
|
|
884
|
+
logger2.debug(`aud did method: ${didMethod}`);
|
|
714
885
|
if (subjectSyntaxTypesSupported && subjectSyntaxTypesSupported.length > 0 && !subjectSyntaxTypesSupported.includes("did") && !subjectSyntaxTypesSupported.includes(didMethod)) {
|
|
715
886
|
throw Error(`The aud DID method ${didMethod} is not in the supported types ${subjectSyntaxTypesSupported}`);
|
|
716
887
|
}
|
|
@@ -725,7 +896,7 @@ var OpSession = class _OpSession {
|
|
|
725
896
|
const isEBSI = rpMethods.length === 0 && (authReq.issuer?.includes(".ebsi.eu") || authReq.authorizationRequest.getMergedProperty("client_id")?.includes(".ebsi.eu"));
|
|
726
897
|
let codecName = void 0;
|
|
727
898
|
if (isEBSI && (!aud || !aud.startsWith("http"))) {
|
|
728
|
-
|
|
899
|
+
logger2.debug(`EBSI detected, adding did:key to supported DID methods for RP`);
|
|
729
900
|
const didKeyMethod = convertDidMethod("did:key", opts.didPrefix);
|
|
730
901
|
if (!agentMethods?.includes(didKeyMethod)) {
|
|
731
902
|
throw Error(`EBSI detected, but agent did not support did:key. Please reconfigure agent`);
|
|
@@ -744,13 +915,13 @@ var OpSession = class _OpSession {
|
|
|
744
915
|
}
|
|
745
916
|
async getSupportedIdentifiers(opts) {
|
|
746
917
|
const methods = await this.getSupportedDIDMethods(true);
|
|
747
|
-
|
|
918
|
+
logger2.debug(`supported DID methods (did: prefix = true): ${JSON.stringify(methods)}`);
|
|
748
919
|
if (methods.length === 0) {
|
|
749
920
|
throw Error(`No DID methods are supported`);
|
|
750
921
|
}
|
|
751
922
|
const identifiers = await this.context.agent.didManagerFind().then((ids) => ids.filter((id) => methods.includes(id.provider)));
|
|
752
923
|
if (identifiers.length === 0) {
|
|
753
|
-
|
|
924
|
+
logger2.debug(`No identifiers available in agent supporting methods ${JSON.stringify(methods)}`);
|
|
754
925
|
if (opts?.createInCaseNoDIDFound !== false) {
|
|
755
926
|
const { codecName, keyType } = await this.getRPDIDMethodsSupported({
|
|
756
927
|
didPrefix: true,
|
|
@@ -764,11 +935,11 @@ var OpSession = class _OpSession {
|
|
|
764
935
|
type: keyType
|
|
765
936
|
}
|
|
766
937
|
});
|
|
767
|
-
|
|
938
|
+
logger2.debug(`Created a new identifier for the SIOP interaction: ${identifier.did}`);
|
|
768
939
|
identifiers.push(identifier);
|
|
769
940
|
}
|
|
770
941
|
}
|
|
771
|
-
|
|
942
|
+
logger2.debug(`supported identifiers: ${JSON.stringify(identifiers.map((id) => id.did))}`);
|
|
772
943
|
return identifiers;
|
|
773
944
|
}
|
|
774
945
|
async getSupportedDIDs() {
|
|
@@ -777,9 +948,6 @@ var OpSession = class _OpSession {
|
|
|
777
948
|
async getRedirectUri() {
|
|
778
949
|
return Promise.resolve(this.verifiedAuthorizationRequest.responseURI);
|
|
779
950
|
}
|
|
780
|
-
async getOID4VP(args) {
|
|
781
|
-
return await OID4VP.init(this, args.allIdentifiers ?? [], args.hasher);
|
|
782
|
-
}
|
|
783
951
|
async createJarmResponseCallback({ responseOpts }) {
|
|
784
952
|
const agent = this.context.agent;
|
|
785
953
|
return /* @__PURE__ */ __name(async function jarmResponse(opts) {
|
|
@@ -793,8 +961,8 @@ var OpSession = class _OpSession {
|
|
|
793
961
|
protectedHeader: {},
|
|
794
962
|
alg: requestObjectPayload.client_metadata.authorization_encrypted_response_alg ?? "ECDH-ES",
|
|
795
963
|
enc: requestObjectPayload.client_metadata.authorization_encrypted_response_enc ?? "A256GCM",
|
|
796
|
-
apv: (0,
|
|
797
|
-
apu: (0,
|
|
964
|
+
apv: (0, import_ssi_sdk3.encodeBase64url)(opts.requestObjectPayload.nonce),
|
|
965
|
+
apu: (0, import_ssi_sdk3.encodeBase64url)((0, import_uuid.v4)()),
|
|
798
966
|
payload: authResponse,
|
|
799
967
|
issuer: responseOpts.issuer,
|
|
800
968
|
audience: responseOpts.audience
|
|
@@ -808,7 +976,7 @@ var OpSession = class _OpSession {
|
|
|
808
976
|
async sendAuthorizationResponse(args) {
|
|
809
977
|
const { responseSignerOpts, dcqlResponse, isFirstParty } = args;
|
|
810
978
|
const resolveOpts = this.options.resolveOpts ?? {
|
|
811
|
-
resolver: (0,
|
|
979
|
+
resolver: (0, import_ssi_sdk_ext3.getAgentResolver)(this.context, {
|
|
812
980
|
uniresolverResolution: true,
|
|
813
981
|
localResolution: true,
|
|
814
982
|
resolverResolution: true
|
|
@@ -859,80 +1027,6 @@ function convertDidMethod(didMethod, didPrefix) {
|
|
|
859
1027
|
}
|
|
860
1028
|
__name(convertDidMethod, "convertDidMethod");
|
|
861
1029
|
|
|
862
|
-
// src/types/IDidAuthSiopOpAuthenticator.ts
|
|
863
|
-
var LOGGER_NAMESPACE = "sphereon:siopv2-oid4vp:op-auth";
|
|
864
|
-
var DEFAULT_JWT_PROOF_TYPE = "JwtProof2020";
|
|
865
|
-
|
|
866
|
-
// src/types/siop-service/index.ts
|
|
867
|
-
var Siopv2HolderEvent = /* @__PURE__ */ (function(Siopv2HolderEvent2) {
|
|
868
|
-
Siopv2HolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
|
|
869
|
-
Siopv2HolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
|
|
870
|
-
return Siopv2HolderEvent2;
|
|
871
|
-
})({});
|
|
872
|
-
var SupportedLanguage = /* @__PURE__ */ (function(SupportedLanguage2) {
|
|
873
|
-
SupportedLanguage2["ENGLISH"] = "en";
|
|
874
|
-
SupportedLanguage2["DUTCH"] = "nl";
|
|
875
|
-
return SupportedLanguage2;
|
|
876
|
-
})({});
|
|
877
|
-
|
|
878
|
-
// src/types/machine/index.ts
|
|
879
|
-
var Siopv2MachineStates = /* @__PURE__ */ (function(Siopv2MachineStates2) {
|
|
880
|
-
Siopv2MachineStates2["createConfig"] = "createConfig";
|
|
881
|
-
Siopv2MachineStates2["getSiopRequest"] = "getSiopRequest";
|
|
882
|
-
Siopv2MachineStates2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
883
|
-
Siopv2MachineStates2["retrieveContact"] = "retrieveContact";
|
|
884
|
-
Siopv2MachineStates2["transitionFromSetup"] = "transitionFromSetup";
|
|
885
|
-
Siopv2MachineStates2["addContact"] = "addContact";
|
|
886
|
-
Siopv2MachineStates2["addContactIdentity"] = "addContactIdentity";
|
|
887
|
-
Siopv2MachineStates2["selectCredentials"] = "selectCredentials";
|
|
888
|
-
Siopv2MachineStates2["sendResponse"] = "sendResponse";
|
|
889
|
-
Siopv2MachineStates2["handleError"] = "handleError";
|
|
890
|
-
Siopv2MachineStates2["aborted"] = "aborted";
|
|
891
|
-
Siopv2MachineStates2["declined"] = "declined";
|
|
892
|
-
Siopv2MachineStates2["error"] = "error";
|
|
893
|
-
Siopv2MachineStates2["done"] = "done";
|
|
894
|
-
return Siopv2MachineStates2;
|
|
895
|
-
})({});
|
|
896
|
-
var Siopv2MachineAddContactStates = /* @__PURE__ */ (function(Siopv2MachineAddContactStates2) {
|
|
897
|
-
Siopv2MachineAddContactStates2["idle"] = "idle";
|
|
898
|
-
Siopv2MachineAddContactStates2["executing"] = "executing";
|
|
899
|
-
Siopv2MachineAddContactStates2["next"] = "next";
|
|
900
|
-
return Siopv2MachineAddContactStates2;
|
|
901
|
-
})({});
|
|
902
|
-
var Siopv2MachineEvents = /* @__PURE__ */ (function(Siopv2MachineEvents2) {
|
|
903
|
-
Siopv2MachineEvents2["NEXT"] = "NEXT";
|
|
904
|
-
Siopv2MachineEvents2["PREVIOUS"] = "PREVIOUS";
|
|
905
|
-
Siopv2MachineEvents2["DECLINE"] = "DECLINE";
|
|
906
|
-
Siopv2MachineEvents2["SET_CONTACT_ALIAS"] = "SET_CONTACT_ALIAS";
|
|
907
|
-
Siopv2MachineEvents2["SET_CONTACT_CONSENT"] = "SET_CONTACT_CONSENT";
|
|
908
|
-
Siopv2MachineEvents2["CREATE_CONTACT"] = "CREATE_CONTACT";
|
|
909
|
-
Siopv2MachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
|
|
910
|
-
return Siopv2MachineEvents2;
|
|
911
|
-
})({});
|
|
912
|
-
var Siopv2MachineGuards = /* @__PURE__ */ (function(Siopv2MachineGuards2) {
|
|
913
|
-
Siopv2MachineGuards2["hasNoContactGuard"] = "Siopv2HasNoContactGuard";
|
|
914
|
-
Siopv2MachineGuards2["createContactGuard"] = "Siopv2CreateContactGuard";
|
|
915
|
-
Siopv2MachineGuards2["hasContactGuard"] = "Siopv2HasContactGuard";
|
|
916
|
-
Siopv2MachineGuards2["hasAuthorizationRequestGuard"] = "Siopv2HasAuthorizationRequestGuard";
|
|
917
|
-
Siopv2MachineGuards2["hasSelectableCredentialsAndContactGuard"] = "Siopv2HasSelectableCredentialsAndContactGuard";
|
|
918
|
-
Siopv2MachineGuards2["hasSelectedRequiredCredentialsGuard"] = "Siopv2HasSelectedRequiredCredentialsGuard";
|
|
919
|
-
Siopv2MachineGuards2["siopOnlyGuard"] = "Siopv2IsSiopOnlyGuard";
|
|
920
|
-
Siopv2MachineGuards2["siopWithOID4VPGuard"] = "Siopv2IsSiopWithOID4VPGuard";
|
|
921
|
-
return Siopv2MachineGuards2;
|
|
922
|
-
})({});
|
|
923
|
-
var Siopv2MachineServices = /* @__PURE__ */ (function(Siopv2MachineServices2) {
|
|
924
|
-
Siopv2MachineServices2["getSiopRequest"] = "getSiopRequest";
|
|
925
|
-
Siopv2MachineServices2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
926
|
-
Siopv2MachineServices2["retrieveContact"] = "retrieveContact";
|
|
927
|
-
Siopv2MachineServices2["addContactIdentity"] = "addContactIdentity";
|
|
928
|
-
Siopv2MachineServices2["sendResponse"] = "sendResponse";
|
|
929
|
-
Siopv2MachineServices2["createConfig"] = "createConfig";
|
|
930
|
-
return Siopv2MachineServices2;
|
|
931
|
-
})({});
|
|
932
|
-
|
|
933
|
-
// src/types/identifier/index.ts
|
|
934
|
-
var DID_PREFIX = "did";
|
|
935
|
-
|
|
936
1030
|
// src/machine/Siopv2Machine.ts
|
|
937
1031
|
var import_xstate = require("xstate");
|
|
938
1032
|
|
|
@@ -979,7 +1073,7 @@ var translate = Localization.translate;
|
|
|
979
1073
|
|
|
980
1074
|
// src/machine/Siopv2Machine.ts
|
|
981
1075
|
var import_ssi_types3 = require("@sphereon/ssi-types");
|
|
982
|
-
var
|
|
1076
|
+
var logger3 = import_ssi_types3.Loggers.DEFAULT.get(LOGGER_NAMESPACE);
|
|
983
1077
|
var Siopv2HasNoContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
|
|
984
1078
|
const { contact } = _ctx;
|
|
985
1079
|
return contact === void 0;
|
|
@@ -1309,7 +1403,7 @@ var Siopv2Machine = class {
|
|
|
1309
1403
|
__name(this, "Siopv2Machine");
|
|
1310
1404
|
}
|
|
1311
1405
|
static newInstance(opts) {
|
|
1312
|
-
|
|
1406
|
+
logger3.info("New Siopv2Machine instance");
|
|
1313
1407
|
const interpreter = (0, import_xstate.interpret)(createSiopv2Machine(opts).withConfig({
|
|
1314
1408
|
services: {
|
|
1315
1409
|
...opts?.services
|
|
@@ -1337,7 +1431,7 @@ var Siopv2Machine = class {
|
|
|
1337
1431
|
});
|
|
1338
1432
|
}
|
|
1339
1433
|
interpreter.onTransition((snapshot) => {
|
|
1340
|
-
|
|
1434
|
+
logger3.info("onTransition to new state", snapshot.value);
|
|
1341
1435
|
});
|
|
1342
1436
|
return {
|
|
1343
1437
|
interpreter
|
|
@@ -1346,12 +1440,12 @@ var Siopv2Machine = class {
|
|
|
1346
1440
|
};
|
|
1347
1441
|
|
|
1348
1442
|
// src/services/Siopv2MachineService.ts
|
|
1349
|
-
var
|
|
1350
|
-
var
|
|
1351
|
-
var
|
|
1352
|
-
var
|
|
1443
|
+
var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
|
|
1444
|
+
var import_ssi_sdk_ext5 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
|
|
1445
|
+
var import_ssi_sdk4 = require("@sphereon/ssi-sdk.core");
|
|
1446
|
+
var import_ssi_sdk5 = require("@sphereon/ssi-sdk.credential-store");
|
|
1447
|
+
var import_ssi_sdk6 = require("@sphereon/ssi-sdk.data-store-types");
|
|
1353
1448
|
var import_ssi_types6 = require("@sphereon/ssi-types");
|
|
1354
|
-
var import_ssi_sdk5 = require("@sphereon/ssi-sdk.core");
|
|
1355
1449
|
var import_dcql = require("dcql");
|
|
1356
1450
|
|
|
1357
1451
|
// src/utils/dcql.ts
|
|
@@ -1392,12 +1486,12 @@ function convertToDcqlCredentials(credential, hasher) {
|
|
|
1392
1486
|
__name(convertToDcqlCredentials, "convertToDcqlCredentials");
|
|
1393
1487
|
|
|
1394
1488
|
// src/services/Siopv2MachineService.ts
|
|
1395
|
-
var
|
|
1396
|
-
var
|
|
1489
|
+
var CLOCK_SKEW2 = 120;
|
|
1490
|
+
var logger4 = import_ssi_types6.Loggers.DEFAULT.get(LOGGER_NAMESPACE);
|
|
1397
1491
|
var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType, args, context) => {
|
|
1398
1492
|
const { agent } = context;
|
|
1399
1493
|
const { credentials } = args;
|
|
1400
|
-
if (connectionType !==
|
|
1494
|
+
if (connectionType !== import_ssi_sdk6.ConnectionType.SIOPv2_OpenID4VP) {
|
|
1401
1495
|
return Promise.reject(Error(`No supported authentication provider for type: ${connectionType}`));
|
|
1402
1496
|
}
|
|
1403
1497
|
const session = await agent.siopGetOPSession({
|
|
@@ -1405,10 +1499,10 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1405
1499
|
});
|
|
1406
1500
|
const request = await session.getAuthorizationRequest();
|
|
1407
1501
|
const aud = request.authorizationRequest.getMergedProperty("aud");
|
|
1408
|
-
|
|
1409
|
-
|
|
1410
|
-
const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ??
|
|
1411
|
-
|
|
1502
|
+
logger4.debug(`AUD: ${aud}`);
|
|
1503
|
+
logger4.debug(JSON.stringify(request.authorizationRequest));
|
|
1504
|
+
const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ?? "https://self-issued.me/v2";
|
|
1505
|
+
logger4.debug(`NONCE: ${session.nonce}, domain: ${domain}`);
|
|
1412
1506
|
const firstUniqueDC = credentials[0];
|
|
1413
1507
|
if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
|
|
1414
1508
|
return Promise.reject(Error("SiopMachine only supports UniqueDigitalCredentials for now"));
|
|
@@ -1416,10 +1510,12 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1416
1510
|
let identifier;
|
|
1417
1511
|
const digitalCredential = firstUniqueDC.digitalCredential;
|
|
1418
1512
|
const firstVC = firstUniqueDC.uniformVerifiableCredential;
|
|
1419
|
-
|
|
1420
|
-
|
|
1421
|
-
`did:jwk:${(0,
|
|
1422
|
-
|
|
1513
|
+
let holder;
|
|
1514
|
+
if (import_ssi_types6.CredentialMapper.isSdJwtDecodedCredential(firstVC)) {
|
|
1515
|
+
holder = firstVC.decodedPayload.cnf?.jwk ? `did:jwk:${(0, import_ssi_sdk4.encodeJoseBlob)(firstVC.decodedPayload.cnf?.jwk)}#0` : firstVC.decodedPayload.sub;
|
|
1516
|
+
} else {
|
|
1517
|
+
holder = Array.isArray(firstVC.credentialSubject) ? firstVC.credentialSubject[0].id : firstVC.credentialSubject.id;
|
|
1518
|
+
}
|
|
1423
1519
|
if (!digitalCredential.kmsKeyRef) {
|
|
1424
1520
|
if (!holder) {
|
|
1425
1521
|
return Promise.reject(`No holder found and no kmsKeyRef in DB. Cannot determine identifier to use`);
|
|
@@ -1429,10 +1525,10 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1429
1525
|
identifier: holder
|
|
1430
1526
|
});
|
|
1431
1527
|
} catch (e) {
|
|
1432
|
-
|
|
1528
|
+
logger4.debug(`Holder DID not found: ${holder}`);
|
|
1433
1529
|
throw e;
|
|
1434
1530
|
}
|
|
1435
|
-
} else if ((0,
|
|
1531
|
+
} else if ((0, import_ssi_sdk_ext5.isOID4VCIssuerIdentifier)(digitalCredential.kmsKeyRef)) {
|
|
1436
1532
|
identifier = await session.context.agent.identifierManagedGetByOID4VCIssuer({
|
|
1437
1533
|
identifier: firstUniqueDC.digitalCredential.kmsKeyRef
|
|
1438
1534
|
});
|
|
@@ -1460,6 +1556,13 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1460
1556
|
if (!queryResult.can_be_satisfied) {
|
|
1461
1557
|
return Promise.reject(Error("Credentials do not match required query request"));
|
|
1462
1558
|
}
|
|
1559
|
+
const presentationContext = {
|
|
1560
|
+
nonce: request.requestObject?.getPayload()?.nonce ?? session.nonce,
|
|
1561
|
+
audience: domain,
|
|
1562
|
+
agent: context.agent,
|
|
1563
|
+
clockSkew: CLOCK_SKEW2,
|
|
1564
|
+
hasher: args.hasher
|
|
1565
|
+
};
|
|
1463
1566
|
const presentation = {};
|
|
1464
1567
|
const uniqueCredentials = Array.from(dcqlCredentialsWithCredentials.values());
|
|
1465
1568
|
for (const [key, value] of Object.entries(queryResult.credential_matches)) {
|
|
@@ -1469,12 +1572,12 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1469
1572
|
if (!vc) {
|
|
1470
1573
|
continue;
|
|
1471
1574
|
}
|
|
1472
|
-
|
|
1473
|
-
|
|
1474
|
-
|
|
1475
|
-
}
|
|
1476
|
-
|
|
1477
|
-
|
|
1575
|
+
try {
|
|
1576
|
+
const vp = await createVerifiablePresentationForFormat(vc, identifier, presentationContext);
|
|
1577
|
+
presentation[key] = vp;
|
|
1578
|
+
} catch (error) {
|
|
1579
|
+
logger4.error(`Failed to create VP for credential ${key}:`, error);
|
|
1580
|
+
throw error;
|
|
1478
1581
|
}
|
|
1479
1582
|
}
|
|
1480
1583
|
}
|
|
@@ -1485,12 +1588,9 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1485
1588
|
dcqlPresentation
|
|
1486
1589
|
}
|
|
1487
1590
|
});
|
|
1488
|
-
|
|
1591
|
+
logger4.debug(`Response: `, response);
|
|
1489
1592
|
return response;
|
|
1490
1593
|
}, "siopSendAuthorizationResponse");
|
|
1491
|
-
var retrieveEncodedCredential = /* @__PURE__ */ __name((credential) => {
|
|
1492
|
-
return credential.originalVerifiableCredential !== void 0 && credential.originalVerifiableCredential !== null && credential?.originalVerifiableCredential?.compactSdJwtVc !== void 0 && credential?.originalVerifiableCredential?.compactSdJwtVc !== null ? credential.originalVerifiableCredential.compactSdJwtVc : credential.originalVerifiableCredential;
|
|
1493
|
-
}, "retrieveEncodedCredential");
|
|
1494
1594
|
var getSelectableCredentials = /* @__PURE__ */ __name(async (dcqlQuery, context) => {
|
|
1495
1595
|
const agentContext = {
|
|
1496
1596
|
...context,
|
|
@@ -1498,7 +1598,7 @@ var getSelectableCredentials = /* @__PURE__ */ __name(async (dcqlQuery, context)
|
|
|
1498
1598
|
};
|
|
1499
1599
|
const { agent } = agentContext;
|
|
1500
1600
|
const uniqueVerifiableCredentials = await agent.crsGetUniqueCredentials({
|
|
1501
|
-
filter: (0,
|
|
1601
|
+
filter: (0, import_ssi_sdk5.verifiableCredentialForRoleFilter)(import_ssi_types6.CredentialRole.HOLDER)
|
|
1502
1602
|
});
|
|
1503
1603
|
const branding = await agent.ibGetCredentialBranding();
|
|
1504
1604
|
const dcqlCredentialsWithCredentials = new Map(uniqueVerifiableCredentials.map((vc) => [
|
|
@@ -1569,7 +1669,7 @@ var translateCorrelationIdToName = /* @__PURE__ */ __name(async (correlationId,
|
|
|
1569
1669
|
}, "translateCorrelationIdToName");
|
|
1570
1670
|
|
|
1571
1671
|
// src/agent/DidAuthSiopOpAuthenticator.ts
|
|
1572
|
-
var
|
|
1672
|
+
var logger5 = import_ssi_types7.Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
|
|
1573
1673
|
var didAuthSiopOpAuthenticatorMethods = [
|
|
1574
1674
|
"cmGetContacts",
|
|
1575
1675
|
"cmGetContact",
|
|
@@ -1723,11 +1823,11 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1723
1823
|
hasher: this.hasher
|
|
1724
1824
|
}
|
|
1725
1825
|
}));
|
|
1726
|
-
|
|
1826
|
+
logger5.debug(`session: ${JSON.stringify(session.id, null, 2)}`);
|
|
1727
1827
|
const verifiedAuthorizationRequest = await session.getAuthorizationRequest();
|
|
1728
1828
|
const clientName = verifiedAuthorizationRequest.registrationMetadataPayload?.client_name;
|
|
1729
1829
|
const url = verifiedAuthorizationRequest.responseURI ?? (args.url.includes("request_uri") ? decodeURIComponent(args.url.split("?request_uri=")[1].trim()) : verifiedAuthorizationRequest.issuer ?? verifiedAuthorizationRequest.registrationMetadataPayload?.client_id);
|
|
1730
|
-
const uri = url
|
|
1830
|
+
const uri = url?.includes("://") ? new URL(url) : void 0;
|
|
1731
1831
|
const correlationId = uri?.hostname ?? await this.determineCorrelationId(uri, verifiedAuthorizationRequest, clientName, context);
|
|
1732
1832
|
const clientId = verifiedAuthorizationRequest.authorizationRequest.getMergedProperty("client_id");
|
|
1733
1833
|
return {
|
|
@@ -1785,12 +1885,12 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1785
1885
|
if (correlationId) {
|
|
1786
1886
|
const identity = {
|
|
1787
1887
|
alias: correlationId,
|
|
1788
|
-
origin:
|
|
1888
|
+
origin: import_ssi_sdk7.IdentityOrigin.EXTERNAL,
|
|
1789
1889
|
roles: [
|
|
1790
|
-
|
|
1890
|
+
import_ssi_types7.CredentialRole.ISSUER
|
|
1791
1891
|
],
|
|
1792
1892
|
identifier: {
|
|
1793
|
-
type: correlationId.startsWith("did:") ?
|
|
1893
|
+
type: correlationId.startsWith("did:") ? import_ssi_sdk7.CorrelationIdentifierType.DID : import_ssi_sdk7.CorrelationIdentifierType.URL,
|
|
1794
1894
|
correlationId
|
|
1795
1895
|
}
|
|
1796
1896
|
};
|
|
@@ -1802,7 +1902,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1802
1902
|
contactId: contact.id,
|
|
1803
1903
|
identity: addedIdentity
|
|
1804
1904
|
});
|
|
1805
|
-
|
|
1905
|
+
logger5.info(`Contact identity created: ${JSON.stringify(addedIdentity)}`);
|
|
1806
1906
|
}
|
|
1807
1907
|
}
|
|
1808
1908
|
async siopSendResponse(args, context) {
|
|
@@ -1813,7 +1913,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1813
1913
|
if (authorizationRequestData === void 0) {
|
|
1814
1914
|
return Promise.reject(Error("Missing authorization request data in context"));
|
|
1815
1915
|
}
|
|
1816
|
-
const response = await siopSendAuthorizationResponse(
|
|
1916
|
+
const response = await siopSendAuthorizationResponse(import_ssi_sdk7.ConnectionType.SIOPv2_OpenID4VP, {
|
|
1817
1917
|
sessionId: didAuthConfig.sessionId,
|
|
1818
1918
|
...args.idOpts && {
|
|
1819
1919
|
idOpts: args.idOpts
|
|
@@ -1831,7 +1931,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1831
1931
|
return {
|
|
1832
1932
|
body: responseBody,
|
|
1833
1933
|
url: response?.url,
|
|
1834
|
-
queryParams: (0,
|
|
1934
|
+
queryParams: (0, import_did_auth_siop4.decodeUriAsJson)(response?.url)
|
|
1835
1935
|
};
|
|
1836
1936
|
}
|
|
1837
1937
|
async siopGetSelectableCredentials(args, context) {
|
|
@@ -1845,7 +1945,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1845
1945
|
|
|
1846
1946
|
// src/machine/CallbackStateListener.ts
|
|
1847
1947
|
var import_ssi_types8 = require("@sphereon/ssi-types");
|
|
1848
|
-
var
|
|
1948
|
+
var logger6 = import_ssi_types8.Loggers.DEFAULT.options("sphereon:siopv2-oid4vp:op-auth", {
|
|
1849
1949
|
defaultLogLevel: import_ssi_types8.LogLevel.DEBUG,
|
|
1850
1950
|
methods: [
|
|
1851
1951
|
import_ssi_types8.LogMethod.CONSOLE
|
|
@@ -1854,21 +1954,21 @@ var logger5 = import_ssi_types8.Loggers.DEFAULT.options("sphereon:siopv2-oid4vp:
|
|
|
1854
1954
|
var OID4VPCallbackStateListener = /* @__PURE__ */ __name((callbacks) => {
|
|
1855
1955
|
return async (oid4vciMachine, state) => {
|
|
1856
1956
|
if (state._event.type === "internal") {
|
|
1857
|
-
|
|
1957
|
+
logger6.debug("oid4vpCallbackStateListener: internal event");
|
|
1858
1958
|
return;
|
|
1859
1959
|
}
|
|
1860
|
-
|
|
1960
|
+
logger6.info(`VP state listener state: ${JSON.stringify(state.value)}`);
|
|
1861
1961
|
if (!callbacks || callbacks.size === 0) {
|
|
1862
|
-
|
|
1962
|
+
logger6.info(`VP no callbacks registered for state: ${JSON.stringify(state.value)}`);
|
|
1863
1963
|
return;
|
|
1864
1964
|
}
|
|
1865
1965
|
for (const [stateKey, callback] of callbacks) {
|
|
1866
1966
|
if (state.matches(stateKey)) {
|
|
1867
|
-
|
|
1868
|
-
await callback(oid4vciMachine, state).then(() =>
|
|
1869
|
-
|
|
1967
|
+
logger6.log(`VP state callback for state: ${JSON.stringify(state.value)}, will execute...`);
|
|
1968
|
+
await callback(oid4vciMachine, state).then(() => logger6.log(`VP state callback executed for state: ${JSON.stringify(state.value)}`)).catch((error) => {
|
|
1969
|
+
logger6.error(`VP state callback failed for state: ${JSON.stringify(state.value)}, error: ${JSON.stringify(error?.message)}, ${JSON.stringify(state.event)}`);
|
|
1870
1970
|
if (error.stack) {
|
|
1871
|
-
|
|
1971
|
+
logger6.error(error.stack);
|
|
1872
1972
|
}
|
|
1873
1973
|
});
|
|
1874
1974
|
break;
|
|
@@ -1878,12 +1978,12 @@ var OID4VPCallbackStateListener = /* @__PURE__ */ __name((callbacks) => {
|
|
|
1878
1978
|
}, "OID4VPCallbackStateListener");
|
|
1879
1979
|
|
|
1880
1980
|
// src/link-handler/index.ts
|
|
1881
|
-
var
|
|
1882
|
-
var
|
|
1883
|
-
var
|
|
1981
|
+
var import_ssi_sdk8 = require("@sphereon/ssi-sdk.agent-config");
|
|
1982
|
+
var import_ssi_sdk9 = require("@sphereon/ssi-sdk.core");
|
|
1983
|
+
var import_ssi_sdk10 = require("@sphereon/ssi-sdk.xstate-machine-persistence");
|
|
1884
1984
|
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1885
|
-
var
|
|
1886
|
-
var Siopv2OID4VPLinkHandler = class extends
|
|
1985
|
+
var logger7 = import_ssi_types9.Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
|
|
1986
|
+
var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk9.LinkHandlerAdapter {
|
|
1887
1987
|
static {
|
|
1888
1988
|
__name(this, "Siopv2OID4VPLinkHandler");
|
|
1889
1989
|
}
|
|
@@ -1902,15 +2002,15 @@ var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk8.LinkHandlerAdapter {
|
|
|
1902
2002
|
this.idOpts = args.idOpts;
|
|
1903
2003
|
}
|
|
1904
2004
|
async handle(url, opts) {
|
|
1905
|
-
|
|
2005
|
+
logger7.debug(`handling SIOP link: ${url}`);
|
|
1906
2006
|
const siopv2Machine = await this.context.agent.siopGetMachineInterpreter({
|
|
1907
2007
|
url,
|
|
1908
2008
|
idOpts: opts?.idOpts ?? this.idOpts,
|
|
1909
2009
|
stateNavigationListener: this.stateNavigationListener
|
|
1910
2010
|
});
|
|
1911
2011
|
const interpreter = siopv2Machine.interpreter;
|
|
1912
|
-
if (!this.noStateMachinePersistence && !opts?.machineState && (0,
|
|
1913
|
-
const init = await (0,
|
|
2012
|
+
if (!this.noStateMachinePersistence && !opts?.machineState && (0, import_ssi_sdk8.contextHasPlugin)(this.context, "machineStatesFindActive")) {
|
|
2013
|
+
const init = await (0, import_ssi_sdk10.interpreterStartOrResume)({
|
|
1914
2014
|
interpreter,
|
|
1915
2015
|
context: this.context,
|
|
1916
2016
|
cleanupAllOtherInstances: true,
|
|
@@ -1918,10 +2018,10 @@ var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk8.LinkHandlerAdapter {
|
|
|
1918
2018
|
singletonCheck: true,
|
|
1919
2019
|
noRegistration: this.noStateMachinePersistence
|
|
1920
2020
|
});
|
|
1921
|
-
|
|
2021
|
+
logger7.debug(`SIOP machine started for link: ${url}`, init);
|
|
1922
2022
|
} else {
|
|
1923
2023
|
interpreter.start(opts?.machineState);
|
|
1924
|
-
|
|
2024
|
+
logger7.debug(`SIOP machine started for link: ${url}`);
|
|
1925
2025
|
}
|
|
1926
2026
|
}
|
|
1927
2027
|
};
|