@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.FIDES.1.274 → 0.34.1-feature.IDK.11.48

package/src/agent/SIOPv2RP.ts

@@ -3,15 +3,10 @@ import {
   AuthorizationResponsePayload,
   AuthorizationResponseState,
   AuthorizationResponseStateStatus,
-  AuthorizationResponseStateWithVerifiedData,
   decodeUriAsJson,
-  EncodedDcqlPresentationVpToken,
   VerifiedAuthorizationResponse,
 } from '@sphereon/did-auth-siop'
 import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
-import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
-import { validate as isValidUUID } from 'uuid'
-import type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'
 import {
   AdditionalClaims,
   CredentialMapper,
@@ -27,8 +22,8 @@ import {
   SdJwtDecodedVerifiableCredential,
 } from '@sphereon/ssi-types'
 import { IAgentPlugin } from '@veramo/core'
-import { DcqlQuery } from 'dcql'
 import {
+  AuthorizationResponseStateWithVerifiedData,
   IAuthorizationRequestPayloads,
   ICreateAuthRequestArgs,
   IGetAuthRequestStateArgs,
@@ -44,9 +39,13 @@ import {
   IUpdateRequestStateArgs,
   IVerifyAuthResponseStateArgs,
   schema,
+  VerifiedDataMode,
 } from '../index'
 import { RPInstance } from '../RPInstance'
+
 import { ISIOPv2RP } from '../types/ISIOPv2RP'
+import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
+import { DcqlQuery } from 'dcql'
 
 export class SIOPv2RP implements IAgentPlugin {
   private readonly opts: ISiopv2RPOpts
@@ -86,14 +85,7 @@ export class SIOPv2RP implements IAgentPlugin {
   }
 
   private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {
-    return await this.getRPInstance(
-      {
-        createWhenNotPresent: true,
-        responseRedirectURI: createArgs.responseRedirectURI,
-        ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId }),
-      },
-      context,
-    )
+    return await this.getRPInstance({ definitionId: createArgs.definitionId, responseRedirectURI: createArgs.responseRedirectURI }, context)
       .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))
       .then((URI) => URI.encodedUri)
   }
@@ -102,20 +94,20 @@ export class SIOPv2RP implements IAgentPlugin {
     createArgs: ICreateAuthRequestArgs,
     context: IRequiredContext,
   ): Promise<IAuthorizationRequestPayloads> {
-    return await this.getRPInstance({ createWhenNotPresent: true, queryId: createArgs.queryId }, context)
+    return await this.getRPInstance({ definitionId: createArgs.definitionId }, context)
       .then((rp) => rp.createAuthorizationRequest(createArgs, context))
       .then(async (request) => {
         const authRequest: IAuthorizationRequestPayloads = {
           authorizationRequest: request.payload,
           requestObject: await request.requestObjectJwt(),
-          requestObjectDecoded: request.requestObject?.getPayload(),
+          requestObjectDecoded: await request.requestObject?.getPayload(),
         }
         return authRequest
       })
   }
 
   private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {
-    return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>
+    return await this.getRPInstance({ definitionId: args.definitionId }, context).then((rp) =>
       rp.get(context).then((rp) => rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)),
     )
   }
@@ -124,7 +116,7 @@ export class SIOPv2RP implements IAgentPlugin {
     args: IGetAuthResponseStateArgs,
     context: IRequiredContext,
   ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {
-    const rpInstance: RPInstance = await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)
+    const rpInstance: RPInstance = await this.getRPInstance({ definitionId: args.definitionId }, context)
     const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance
       .get(context)
       .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))
@@ -133,7 +125,11 @@ export class SIOPv2RP implements IAgentPlugin {
     }
 
     const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData
-    if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {
+    if (
+      responseState.status === AuthorizationResponseStateStatus.VERIFIED &&
+      args.includeVerifiedData &&
+      args.includeVerifiedData !== VerifiedDataMode.NONE
+    ) {
       let hasher: HasherSync | undefined
       if (
         CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&
@@ -141,36 +137,19 @@ export class SIOPv2RP implements IAgentPlugin {
       ) {
         hasher = defaultHasher
       }
-
-      // FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token
-      const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
-      const claims = []
-      for (const [credentialQueryId, presentationValue] of Object.entries(vpToken)) {
-        let singleVP: OriginalVerifiablePresentation
-        if (Array.isArray(presentationValue)) {
-          if (presentationValue.length === 0) {
-            throw Error(`DCQL query '${credentialQueryId}' has empty array of presentations`)
-          }
-          if (presentationValue.length > 1) {
-            throw Error(`DCQL query '${credentialQueryId}' has multiple presentations (${presentationValue.length}), but only one is supported atm`)
-          }
-          singleVP = presentationValue[0] as OriginalVerifiablePresentation
-        } else {
-          singleVP = presentationValue as OriginalVerifiablePresentation
-        }
-
-        // todo this should also include mdl-mdoc
-        const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
-          singleVP as OriginalVerifiablePresentation,
-          //todo: later we want to conditionally pass in options for mdl-mdoc here
-          hasher,
-        )
-        console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
-
-        const allClaims: AdditionalClaims = {}
-        const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)
-        if ('verifiableCredential' in presentationOrClaims) {
-          for (const credential of presentationOrClaims.verifiableCredential) {
+      // todo this should also include mdl-mdoc
+      const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
+        responseState.response.payload.vp_token as OriginalVerifiablePresentation,
+        //todo: later we want to conditionally pass in options for mdl-mdoc here
+        hasher,
+      )
+      switch (args.includeVerifiedData) {
+        case VerifiedDataMode.VERIFIED_PRESENTATION:
+          responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)
+          break
+        case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT
+          const allClaims: AdditionalClaims = {}
+          for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
             const vc = credential as IVerifiableCredential
             const schemaValidationResult = await context.agent.cvVerifySchema({
               credential,
@@ -193,35 +172,11 @@ export class SIOPv2RP implements IAgentPlugin {
                 allClaims[key] = value
               }
             })
-
-            claims.push({
-              id: credentialQueryId,
-              type: vc.type[0],
-              claims: allClaims,
-            })
           }
-        } else {
-          claims.push({
-            id: credentialQueryId,
-            type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,
-            claims: presentationOrClaims,
-          })
-        }
-      }
-
-      responseState.verifiedData = {
-        ...(responseState.response.payload.vp_token && {
-          authorization_response: {
-            vp_token:
-              typeof responseState.response.payload.vp_token === 'string'
-                ? JSON.parse(responseState.response.payload.vp_token)
-                : responseState.response.payload.vp_token,
-          },
-        }),
-        ...(claims.length > 0 && { credential_claims: claims }),
+          responseState.verifiedData = allClaims
+          break
       }
     }
-
     return responseState
   }
 
@@ -232,17 +187,16 @@ export class SIOPv2RP implements IAgentPlugin {
       | SdJwtDecodedVerifiableCredential
       | MdocOid4vpMdocVpToken
       | MdocDeviceResponse,
-  ): AdditionalClaims | IPresentation => {
-    return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
+  ): AdditionalClaims | IPresentation =>
+    CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
       ? presentationDecoded.decodedPayload
       : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)
-  }
 
   private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {
-    if (args.state !== 'authorization_request_created') {
-      throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)
+    if (args.state !== 'sent') {
+      throw Error(`Only 'sent' status is supported for this method at this point`)
     }
-    return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)
+    return await this.getRPInstance({ definitionId: args.definitionId }, context)
       // todo: In the SIOP library we need to update the signal method to be more like this method
       .then((rp) =>
         rp.get(context).then(async (rp) => {
@@ -256,7 +210,7 @@ export class SIOPv2RP implements IAgentPlugin {
   }
 
   private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {
-    return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)
+    return await this.getRPInstance({ definitionId: args.definitionId }, context)
       .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))
       .then(() => true)
   }
@@ -269,11 +223,12 @@ export class SIOPv2RP implements IAgentPlugin {
       typeof args.authorizationResponse === 'string'
         ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)
         : args.authorizationResponse
-    return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>
+    return await this.getRPInstance({ definitionId: args.definitionId }, context).then((rp) =>
       rp.get(context).then((rp) =>
         rp.verifyAuthorizationResponse(authResponse, {
           correlationId: args.correlationId,
-          ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),
+          ...(args.presentationDefinitions && !args.dcqlQuery ? { presentationDefinitions: args.presentationDefinitions } : {}),
+          ...(args.dcqlQuery ? { dcqlQuery: args.dcqlQuery as DcqlQuery } : {}), // TODO BEFORE PR, check compatibility and whether we can remove local type
           audience: args.audience,
         }),
       ),
@@ -281,18 +236,19 @@ export class SIOPv2RP implements IAgentPlugin {
   }
 
   private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {
-    const { importItems, tenantId, version, versionControlMode } = args
+    const { definitions, tenantId, version, versionControlMode } = args
     await Promise.all(
-      importItems.map(async (importItem: ImportDcqlQueryItem) => {
-        DcqlQuery.validate(importItem.query)
-        console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)
+      definitions.map(async (definitionPair) => {
+        const definitionPayload = definitionPair.definitionPayload
+        await context.agent.pexValidateDefinition({ definition: definitionPayload })
 
+        console.log(`persisting definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)
         return context.agent.pdmPersistDefinition({
           definitionItem: {
-            queryId: importItem.queryId!,
             tenantId: tenantId,
             version: version,
-            query: importItem.query,
+            definitionPayload,
+            dcqlPayload: definitionPair.dcqlPayload,
           },
           opts: { versionControlMode: versionControlMode },
         })
@@ -301,12 +257,12 @@ export class SIOPv2RP implements IAgentPlugin {
   }
 
   private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {
-    const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY
+    const instanceId = args.definitionId ?? SIOPv2RP._DEFAULT_OPTS_KEY
     if (this.instances.has(instanceId)) {
       const rpInstance = this.instances.get(instanceId)
       if (rpInstance !== undefined) {
         const rp = await rpInstance.get(context)
-        return await rp.getResponseRedirectUri({
+        return rp.getResponseRedirectUri({
           correlation_id: args.correlationId,
           correlationId: args.correlationId,
           ...(args.state && { state: args.state }),
@@ -316,64 +272,37 @@ export class SIOPv2RP implements IAgentPlugin {
     return undefined
   }
 
-  async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {
-    let rpInstanceId: string = SIOPv2RP._DEFAULT_OPTS_KEY
-    let rpInstance: RPInstance | undefined
-    if (queryId) {
-      if (this.instances.has(queryId)) {
-        rpInstanceId = queryId
-        rpInstance = this.instances.get(rpInstanceId)!
-      } else if (isValidUUID(queryId)) {
-        try {
-          // Check whether queryId is actually the PD item id
-          const pd = await context.agent.pdmGetDefinition({ itemId: queryId })
-          if (this.instances.has(pd.queryId)) {
-            rpInstanceId = pd.queryId
-            rpInstance = this.instances.get(rpInstanceId)!
-          }
-        } catch (ignore) {}
-      }
-      if (createWhenNotPresent) {
-        rpInstanceId = queryId
-      } else {
-        rpInstance = this.instances.get(rpInstanceId)
-      }
-    } else {
-      rpInstance = this.instances.get(rpInstanceId)
-    }
-
-    if (!rpInstance) {
-      if (!createWhenNotPresent) {
-        return Promise.reject(`No RP instance found for key ${rpInstanceId}`)
-      }
-      const instanceOpts = this.getInstanceOpts(queryId)
-      const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })
+  async getRPInstance({ definitionId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {
+    const instanceId = definitionId ?? SIOPv2RP._DEFAULT_OPTS_KEY
+    if (!this.instances.has(instanceId)) {
+      const instanceOpts = this.getInstanceOpts(definitionId)
+      const rpOpts = await this.getRPOptions(context, { definitionId, responseRedirectURI: responseRedirectURI })
       if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {
         if (!rpOpts.identifierOpts?.resolveOpts) {
           rpOpts.identifierOpts = { ...rpOpts.identifierOpts }
           rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }
         }
-        console.log('Using agent DID resolver for RP instance with definition id ' + queryId)
+        console.log('Using agent DID resolver for RP instance with definition id ' + definitionId)
         rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {
           uniresolverResolution: true,
           localResolution: true,
           resolverResolution: true,
         })
       }
-      rpInstance = new RPInstance({ rpOpts, pexOpts: instanceOpts })
-      this.instances.set(rpInstanceId, rpInstance)
+      this.instances.set(instanceId, new RPInstance({ rpOpts, pexOpts: instanceOpts }))
     }
+    const rpInstance = this.instances.get(instanceId)!
     if (responseRedirectURI) {
       rpInstance.rpOptions.responseRedirectUri = responseRedirectURI
     }
     return rpInstance
   }
 
-  async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {
-    const { queryId, responseRedirectURI: responseRedirectURI } = opts
-    const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts
+  async getRPOptions(context: IRequiredContext, opts: { definitionId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {
+    const { definitionId, responseRedirectURI: responseRedirectURI } = opts
+    const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts
     if (!options) {
-      throw Error(`Could not get specific nor default options for definition ${queryId}`)
+      throw Error(`Could not get specific nor default options for definition ${definitionId}`)
     }
     if (this.opts.defaultOpts) {
       if (!options.identifierOpts) {
@@ -404,22 +333,22 @@ export class SIOPv2RP implements IAgentPlugin {
     return options
   }
 
-  getInstanceOpts(queryId?: string): IPEXInstanceOptions | undefined {
+  getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {
     if (!this.opts.instanceOpts) return undefined
 
-    const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : undefined
+    const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : undefined
 
-    return instanceOpt ?? this.getDefaultOptions(queryId)
+    return instanceOpt ?? this.getDefaultOptions(definitionId)
   }
 
-  private getDefaultOptions(queryId: string | undefined) {
+  private getDefaultOptions(definitionId: string | undefined) {
     if (!this.opts.instanceOpts) return undefined
 
-    const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')
+    const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === 'default')
     if (defaultOptions) {
       const clonedOptions = { ...defaultOptions }
-      if (queryId !== undefined) {
-        clonedOptions.queryId = queryId
+      if (definitionId !== undefined) {
+        clonedOptions.definitionId = definitionId
       }
       return clonedOptions
     }

package/src/functions.ts

@@ -1,7 +1,6 @@
 import {
-  ClientIdentifierPrefix,
+  ClientIdScheme,
   ClientMetadataOpts,
-  DcqlQueryLookupCallback,
   InMemoryRPSessionManager,
   PassBy,
   PresentationVerificationCallback,
@@ -29,14 +28,14 @@ import {
 } from '@sphereon/ssi-sdk-ext.identifier-resolution'
 import { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'
 import { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'
-import { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'
+import { CredentialMapper, Hasher, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'
 import { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'
+// import { KeyAlgo, SuppliedSigner } from '@sphereon/ssi-sdk.core'
 import { TKeyType } from '@veramo/core'
 import { JWTVerifyOptions } from 'did-jwt'
 import { Resolvable } from 'did-resolver'
 import { EventEmitter } from 'events'
-import { validate as isValidUUID } from 'uuid'
-import { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'
+import { IPEXOptions, IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'
 import { DcqlQuery } from 'dcql'
 import { defaultHasher } from '@sphereon/ssi-sdk.core'
 
@@ -44,7 +43,7 @@ export function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {
   if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
     return rpOptions.supportedVersions[0]
   }
-  return SupportedVersion.OID4VP_v1
+  return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1
 }
 
 function getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {
@@ -59,29 +58,6 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOption
       }
 }
 
-export function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQueryLookupCallback {
-  async function dcqlQueryLookup(queryId: string, version?: string, tenantId?: string): Promise<DcqlQuery> {
-    // TODO Add caching?
-    const result = await context.agent.pdmGetDefinitions({
-      filter: [
-        {
-          queryId,
-          ...(tenantId && { tenantId }),
-          ...(version && { version }),
-        },
-        ...(isValidUUID(queryId) ? [{ id: queryId }] : []),
-      ],
-    })
-    if (result && result.length > 0) {
-      return result[0].query
-    }
-
-    return Promise.reject(Error(`No dcql query found for queryId ${queryId}`))
-  }
-
-  return dcqlQueryLookup
-}
-
 export function getPresentationVerificationCallback(
   idOpts: ManagedIdentifierOptsOrResult,
   context: IRequiredContext,
@@ -93,6 +69,7 @@ export function getPresentationVerificationCallback(
     if (CredentialMapper.isSdJwtEncoded(args)) {
       const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({
         presentation: args,
+        kb: true,
       })
       // fixme: investigate the correct way to handle this
       return { verified: !!result.payload }
@@ -126,11 +103,35 @@ export function getPresentationVerificationCallback(
 
 export async function createRPBuilder(args: {
   rpOpts: IRPOptions
+  pexOpts?: IPEXOptions | undefined
   definition?: IPresentationDefinition
+  dcql?: DcqlQuery
   context: IRequiredContext
 }): Promise<RPBuilder> {
-  const { rpOpts, context } = args
+  const { rpOpts, pexOpts, context } = args
   const { identifierOpts } = rpOpts
+  let definition: IPresentationDefinition | undefined = args.definition
+  let dcqlQuery: DcqlQuery | undefined = args.dcql
+
+  if (!definition && pexOpts && pexOpts.definitionId) {
+    const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
+      filter: [
+        {
+          definitionId: pexOpts.definitionId,
+          version: pexOpts.version,
+          tenantId: pexOpts.tenantId,
+        },
+      ],
+    })
+
+    if (presentationDefinitionItems.length > 0) {
+      const presentationDefinitionItem = presentationDefinitionItems[0]
+      definition = presentationDefinitionItem.definitionPayload
+      if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
+        dcqlQuery = presentationDefinitionItem.dcqlPayload as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery
+      }
+    }
+  }
 
   const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))
   const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()
@@ -160,7 +161,7 @@ export async function createRPBuilder(args: {
       uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,
     })
   //todo: probably wise to first look and see if we actually need the hasher to begin with
-  let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher
+  let hasher: Hasher | undefined = rpOpts.credentialOpts?.hasher
   if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {
     hasher = defaultHasher
   }
@@ -170,7 +171,9 @@ export async function createRPBuilder(args: {
     .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)
     .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)
     // todo: move to options fill/correct method
-    .withSupportedVersions(rpOpts.supportedVersions ?? [SupportedVersion.OID4VP_v1, SupportedVersion.SIOPv2_OID4VP_D28])
+    .withSupportedVersions(
+      rpOpts.supportedVersions ?? [SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1, SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11],
+    )
 
     .withEventEmitter(eventEmitter)
     .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))
@@ -189,21 +192,23 @@ export async function createRPBuilder(args: {
             context,
           ),
     )
-    .withDcqlQueryLookup(getDcqlQueryLookupCallback(context))
     .withRevocationVerification(RevocationVerification.NEVER)
     .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))
 
   const oidfOpts = identifierOpts.oidfOpts
   if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
-    builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)
+    builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT).withClientIdScheme('entity_id', PropertyTarget.REQUEST_OBJECT)
   } else {
     const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)
-    const clientId: string =
-      rpOpts.clientMetadataOpts?.client_id ??
-      resolution.issuer ??
-      (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)
-    const clientIdPrefixed = prefixClientId(clientId)
-    builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)
+    builder
+      .withClientId(
+        resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint),
+        PropertyTarget.REQUEST_OBJECT,
+      )
+      .withClientIdScheme(
+        (resolution.clientIdScheme as ClientIdScheme) ?? (identifierOpts.idOpts.clientIdScheme as ClientIdScheme),
+        PropertyTarget.REQUEST_OBJECT,
+      )
   }
 
   if (hasher) {
@@ -217,6 +222,13 @@ export async function createRPBuilder(args: {
   //fixme: this has been removed in the new version of did-auth-siop
   // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))
 
+  if (definition) {
+    builder.withPresentationDefinition({ definition }, PropertyTarget.REQUEST_OBJECT)
+  }
+  if (dcqlQuery) {
+    builder.withDcqlQuery(dcqlQuery)
+  }
+
   if (rpOpts.responseRedirectUri) {
     builder.withResponseRedirectUri(rpOpts.responseRedirectUri)
   }
@@ -297,12 +309,3 @@ export function getSigningAlgo(type: TKeyType): SigningAlgo {
       throw Error('Key type not yet supported')
   }
 }
-
-export function prefixClientId(clientId: string): string {
-  // FIXME SSISDK-60
-  if (clientId.startsWith('did:')) {
-    return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`
-  }
-
-  return clientId
-}

package/src/index.ts

@@ -1,7 +1,7 @@
 /**
  * @public
  */
-import schema from '../plugin.schema.json'
+const schema = require('../plugin.schema.json')
 export { schema }
 export { SIOPv2RP } from './agent/SIOPv2RP'
 export * from './types/ISIOPv2RP'