@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.36.1-feature.vdx24.einvoice.inbox.127 → 0.36.1-feature.vdx24.einvoice.inbox.141

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +13 -2
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +13 -2
  4. package/dist/index.js.map +1 -1
  5. package/package.json +19 -19
  6. package/src/services/Siopv2MachineService.ts +15 -3
  7. package/src/session/OID4VP.ts +6 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth",
3
- "version": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
3
+ "version": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
4
4
  "source": "src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -30,21 +30,21 @@
30
30
  "@sphereon/did-auth-siop-adapter": "0.20.1-next.13",
31
31
  "@sphereon/oid4vc-common": "0.20.1-next.13",
32
32
  "@sphereon/pex-models": "^2.3.2",
33
- "@sphereon/ssi-sdk-ext.did-utils": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
34
- "@sphereon/ssi-sdk-ext.identifier-resolution": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
35
- "@sphereon/ssi-sdk-ext.jwt-service": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
36
- "@sphereon/ssi-sdk.contact-manager": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
37
- "@sphereon/ssi-sdk.core": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
38
- "@sphereon/ssi-sdk.credential-store": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
39
- "@sphereon/ssi-sdk.credential-validation": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
40
- "@sphereon/ssi-sdk.data-store-types": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
41
- "@sphereon/ssi-sdk.issuance-branding": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
42
- "@sphereon/ssi-sdk.pd-manager": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
43
- "@sphereon/ssi-sdk.presentation-exchange": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
44
- "@sphereon/ssi-sdk.sd-jwt": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
45
- "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
46
- "@sphereon/ssi-sdk.xstate-machine-persistence": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
47
- "@sphereon/ssi-types": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
33
+ "@sphereon/ssi-sdk-ext.did-utils": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
34
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
35
+ "@sphereon/ssi-sdk-ext.jwt-service": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
36
+ "@sphereon/ssi-sdk.contact-manager": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
37
+ "@sphereon/ssi-sdk.core": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
38
+ "@sphereon/ssi-sdk.credential-store": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
39
+ "@sphereon/ssi-sdk.credential-validation": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
40
+ "@sphereon/ssi-sdk.data-store-types": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
41
+ "@sphereon/ssi-sdk.issuance-branding": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
42
+ "@sphereon/ssi-sdk.pd-manager": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
43
+ "@sphereon/ssi-sdk.presentation-exchange": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
44
+ "@sphereon/ssi-sdk.sd-jwt": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
45
+ "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
46
+ "@sphereon/ssi-sdk.xstate-machine-persistence": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
47
+ "@sphereon/ssi-types": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
48
48
  "@sphereon/wellknown-dids-client": "^0.1.3",
49
49
  "@veramo/core": "4.2.0",
50
50
  "@veramo/credential-w3c": "4.2.0",
@@ -58,8 +58,8 @@
58
58
  },
59
59
  "devDependencies": {
60
60
  "@sphereon/did-uni-client": "^0.6.3",
61
- "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
62
- "@sphereon/ssi-sdk.agent-config": "0.36.1-feature.vdx24.einvoice.inbox.127+3fa475f6",
61
+ "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
62
+ "@sphereon/ssi-sdk.agent-config": "0.36.1-feature.vdx24.einvoice.inbox.141+59be75ed",
63
63
  "@types/i18n-js": "^3.8.9",
64
64
  "@types/lodash.memoize": "^4.1.9",
65
65
  "@types/sha.js": "^2.4.4",
@@ -101,5 +101,5 @@
101
101
  "OpenID Connect",
102
102
  "Authenticator"
103
103
  ],
104
- "gitHead": "3fa475f6938149c7104b7ca746e6883aa44c3d24"
104
+ "gitHead": "59be75ed177899b72dca9876174a65b8fb7037a0"
105
105
  }
package/src/services/Siopv2MachineService.ts CHANGED
@@ -73,11 +73,23 @@ export const siopSendAuthorizationResponse = async (
73
73
  const firstVC = firstUniqueDC.uniformVerifiableCredential
74
74
 
75
75
  // Determine holder DID for identifier resolution
76
+ // For SD-JWT, check cnf claim first (key binding), then fall back to sub
76
77
  let holder: string | undefined
77
78
  if (CredentialMapper.isSdJwtDecodedCredential(firstVC)) {
78
- // TODO SDK-19: convert the JWK to hex and search for the appropriate key and associated DID
79
- // doesn't apply to did:jwk only, as you can represent any DID key as a
80
- holder = firstVC.decodedPayload.cnf?.jwk ? `did:jwk:${encodeJoseBlob(firstVC.decodedPayload.cnf?.jwk)}#0` : firstVC.decodedPayload.sub
79
+ const cnf = firstVC.decodedPayload.cnf
80
+ if (cnf?.jwk) {
81
+ // cnf.jwk contains the raw JWK - compute did:jwk from it
82
+ // TODO SDK-19: convert the JWK to hex and search for the appropriate key and associated DID
83
+ holder = `did:jwk:${encodeJoseBlob(cnf.jwk)}#0`
84
+ } else if (cnf?.kid) {
85
+ // cnf.kid is a verification method reference (e.g., "did:web:example.com#key-1")
86
+ // Extract the DID part (everything before the fragment)
87
+ const kid = cnf.kid as string
88
+ holder = kid.includes('#') ? kid.split('#')[0] : kid
89
+ } else {
90
+ // Fall back to sub claim (credential subject)
91
+ holder = firstVC.decodedPayload.sub
92
+ }
81
93
  } else {
82
94
  holder = Array.isArray(firstVC.credentialSubject) ? firstVC.credentialSubject[0].id : firstVC.credentialSubject.id
83
95
  }
package/src/session/OID4VP.ts CHANGED
@@ -101,11 +101,17 @@ export async function createVerifiablePresentationForFormat(
101
101
  aud: audience, // Always use the Client Identifier or Origin
102
102
  }
103
103
 
104
+ // Get the holder DID from the identifier to pass to createSdJwtPresentation
105
+ // This is needed because the credential's cnf.jwk thumbprint may not be registered as a key ID
106
+ const holder = getIdentifierString(identifier)
107
+ logger.debug(`Creating SD-JWT presentation with holder: ${holder}`)
108
+
104
109
  const presentationResult = await agent.createSdJwtPresentation({
105
110
  presentation: decodedSdJwt.compactSdJwtVc,
106
111
  kb: {
107
112
  payload: kbJwtPayload as any, // FIXME
108
113
  },
114
+ holder: holder, // Pass the holder DID explicitly to avoid JWK thumbprint lookup issues
109
115
  })
110
116
 
111
117
  return presentationResult.presentation