@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.26.RP.58 → 0.34.1-feature.SSISDK.45.189

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/index.cjs +344 -353
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +732 -52
  4. package/dist/index.d.ts +732 -52
  5. package/dist/index.js +337 -347
  6. package/dist/index.js.map +1 -1
  7. package/package.json +18 -18
  8. package/src/RPInstance.ts +6 -4
  9. package/src/agent/SIOPv2RP.ts +42 -39
  10. package/src/functions.ts +22 -23
  11. package/src/index.ts +1 -1
  12. package/src/types/ISIOPv2RP.ts +29 -50
package/dist/index.js CHANGED
@@ -1,352 +1,346 @@
1
1
  var __defProp = Object.defineProperty;
2
- var __getOwnPropNames = Object.getOwnPropertyNames;
3
2
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
4
- var __commonJS = (cb, mod) => function __require() {
5
- return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
6
- };
7
3
 
8
4
  // plugin.schema.json
9
- var require_plugin_schema = __commonJS({
10
- "plugin.schema.json"(exports, module) {
11
- module.exports = {
12
- IDidAuthSiopOpAuthenticator: {
13
- components: {
14
- schemas: {
15
- IGetSiopSessionArgs: {
16
- type: "object",
17
- properties: {
18
- sessionId: {
19
- type: "string"
20
- },
21
- additionalProperties: false
22
- },
23
- required: ["sessionId"],
24
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
5
+ var plugin_schema_default = {
6
+ IDidAuthSiopOpAuthenticator: {
7
+ components: {
8
+ schemas: {
9
+ IGetSiopSessionArgs: {
10
+ type: "object",
11
+ properties: {
12
+ sessionId: {
13
+ type: "string"
25
14
  },
26
- IRegisterSiopSessionArgs: {
15
+ additionalProperties: false
16
+ },
17
+ required: ["sessionId"],
18
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
19
+ },
20
+ IRegisterSiopSessionArgs: {
21
+ type: "object",
22
+ properties: {
23
+ identifier: {
27
24
  type: "object",
28
25
  properties: {
29
- identifier: {
30
- type: "object",
31
- properties: {
32
- did: {
33
- type: "string"
34
- },
35
- alias: {
36
- type: "string"
37
- },
38
- provider: {
39
- type: "string"
40
- },
41
- controllerKeyId: {
42
- type: "string"
43
- },
44
- keys: {
45
- type: "array",
46
- items: {
47
- type: "object",
48
- properties: {
49
- additionalProperties: true
50
- }
51
- }
52
- },
53
- services: {
54
- type: "array",
55
- items: {
56
- type: "object",
57
- properties: {
58
- additionalProperties: true
59
- }
60
- }
61
- }
62
- },
63
- additionalProperties: false,
64
- required: ["did", "provider", "keys", "services"]
65
- },
66
- sessionId: {
26
+ did: {
67
27
  type: "string"
68
28
  },
69
- expiresIn: {
70
- type: "number"
71
- },
72
- additionalProperties: false
73
- },
74
- required: ["identifier"],
75
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
76
- },
77
- IRemoveSiopSessionArgs: {
78
- type: "object",
79
- properties: {
80
- sessionId: {
29
+ alias: {
81
30
  type: "string"
82
31
  },
83
- additionalProperties: false
84
- },
85
- required: ["sessionId"],
86
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
87
- },
88
- IAuthenticateWithSiopArgs: {
89
- type: "object",
90
- properties: {
91
- sessionId: {
32
+ provider: {
92
33
  type: "string"
93
34
  },
94
- stateId: {
35
+ controllerKeyId: {
95
36
  type: "string"
96
37
  },
97
- redirectUrl: {
98
- type: "string"
38
+ keys: {
39
+ type: "array",
40
+ items: {
41
+ type: "object",
42
+ properties: {
43
+ additionalProperties: true
44
+ }
45
+ }
99
46
  },
100
- additionalProperties: false
47
+ services: {
48
+ type: "array",
49
+ items: {
50
+ type: "object",
51
+ properties: {
52
+ additionalProperties: true
53
+ }
54
+ }
55
+ }
101
56
  },
102
- required: ["sessionId", "stateId", "redirectUrl"],
103
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
57
+ additionalProperties: false,
58
+ required: ["did", "provider", "keys", "services"]
59
+ },
60
+ sessionId: {
61
+ type: "string"
62
+ },
63
+ expiresIn: {
64
+ type: "number"
65
+ },
66
+ additionalProperties: false
67
+ },
68
+ required: ["identifier"],
69
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
70
+ },
71
+ IRemoveSiopSessionArgs: {
72
+ type: "object",
73
+ properties: {
74
+ sessionId: {
75
+ type: "string"
76
+ },
77
+ additionalProperties: false
78
+ },
79
+ required: ["sessionId"],
80
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
81
+ },
82
+ IAuthenticateWithSiopArgs: {
83
+ type: "object",
84
+ properties: {
85
+ sessionId: {
86
+ type: "string"
87
+ },
88
+ stateId: {
89
+ type: "string"
90
+ },
91
+ redirectUrl: {
92
+ type: "string"
93
+ },
94
+ additionalProperties: false
95
+ },
96
+ required: ["sessionId", "stateId", "redirectUrl"],
97
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
98
+ },
99
+ IResponse: {
100
+ type: "object",
101
+ properties: {
102
+ status: {
103
+ type: "number"
104
+ },
105
+ additionalProperties: true
106
+ },
107
+ required: ["status"],
108
+ description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
109
+ },
110
+ IGetSiopAuthenticationRequestFromRpArgs: {
111
+ type: "object",
112
+ properties: {
113
+ sessionId: {
114
+ type: "string"
115
+ },
116
+ stateId: {
117
+ type: "string"
118
+ },
119
+ redirectUrl: {
120
+ type: "string"
121
+ },
122
+ additionalProperties: false
123
+ },
124
+ required: ["sessionId", "stateId", "redirectUrl"],
125
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
126
+ },
127
+ ParsedAuthenticationRequestURI: {
128
+ type: "object",
129
+ properties: {
130
+ jwt: {
131
+ type: "string"
104
132
  },
105
- IResponse: {
133
+ requestPayload: {
106
134
  type: "object",
107
135
  properties: {
108
- status: {
109
- type: "number"
110
- },
111
136
  additionalProperties: true
112
- },
113
- required: ["status"],
114
- description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
137
+ }
115
138
  },
116
- IGetSiopAuthenticationRequestFromRpArgs: {
139
+ registration: {
117
140
  type: "object",
118
141
  properties: {
119
- sessionId: {
120
- type: "string"
121
- },
122
- stateId: {
123
- type: "string"
124
- },
125
- redirectUrl: {
126
- type: "string"
127
- },
128
- additionalProperties: false
129
- },
130
- required: ["sessionId", "stateId", "redirectUrl"],
131
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
142
+ additionalProperties: true
143
+ }
132
144
  },
133
- ParsedAuthenticationRequestURI: {
145
+ additionalProperties: false
146
+ },
147
+ required: ["jwt", "requestPayload", "registration"],
148
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
149
+ },
150
+ IGetSiopAuthenticationRequestDetailsArgs: {
151
+ type: "object",
152
+ properties: {
153
+ sessionId: {
154
+ type: "string"
155
+ },
156
+ verifiedAuthenticationRequest: {
134
157
  type: "object",
135
158
  properties: {
136
- jwt: {
137
- type: "string"
138
- },
139
- requestPayload: {
140
- type: "object",
141
- properties: {
142
- additionalProperties: true
143
- }
144
- },
145
- registration: {
146
- type: "object",
147
- properties: {
148
- additionalProperties: true
149
- }
150
- },
151
- additionalProperties: false
152
- },
153
- required: ["jwt", "requestPayload", "registration"],
154
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
159
+ additionalProperties: true
160
+ }
155
161
  },
156
- IGetSiopAuthenticationRequestDetailsArgs: {
162
+ credentialFilter: {
157
163
  type: "object",
158
164
  properties: {
159
- sessionId: {
160
- type: "string"
161
- },
162
- verifiedAuthenticationRequest: {
163
- type: "object",
164
- properties: {
165
- additionalProperties: true
166
- }
167
- },
168
- credentialFilter: {
169
- type: "object",
170
- properties: {
171
- additionalProperties: true
172
- }
173
- },
174
- additionalProperties: false
175
- },
176
- required: ["sessionId", "verifiedAuthenticationRequest"],
177
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
165
+ additionalProperties: true
166
+ }
167
+ },
168
+ additionalProperties: false
169
+ },
170
+ required: ["sessionId", "verifiedAuthenticationRequest"],
171
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
172
+ },
173
+ IAuthRequestDetails: {
174
+ type: "object",
175
+ properties: {
176
+ id: {
177
+ type: "string"
178
+ },
179
+ alsoKnownAs: {
180
+ type: "array",
181
+ items: {
182
+ type: "string"
183
+ }
178
184
  },
179
- IAuthRequestDetails: {
185
+ vpResponseOpts: {
180
186
  type: "object",
181
187
  properties: {
182
- id: {
183
- type: "string"
184
- },
185
- alsoKnownAs: {
186
- type: "array",
187
- items: {
188
- type: "string"
189
- }
190
- },
191
- vpResponseOpts: {
192
- type: "object",
193
- properties: {
194
- additionalProperties: true
195
- }
196
- },
197
- additionalProperties: false
198
- },
199
- required: ["id", "vpResponseOpts"],
200
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
188
+ additionalProperties: true
189
+ }
190
+ },
191
+ additionalProperties: false
192
+ },
193
+ required: ["id", "vpResponseOpts"],
194
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
195
+ },
196
+ IVerifySiopAuthenticationRequestUriArgs: {
197
+ type: "object",
198
+ properties: {
199
+ sessionId: {
200
+ type: "string"
201
201
  },
202
- IVerifySiopAuthenticationRequestUriArgs: {
202
+ ParsedAuthenticationRequestURI: {
203
203
  type: "object",
204
204
  properties: {
205
- sessionId: {
206
- type: "string"
207
- },
208
- ParsedAuthenticationRequestURI: {
209
- type: "object",
210
- properties: {
211
- additionalProperties: true
212
- }
213
- },
214
- additionalProperties: false
215
- },
216
- required: ["sessionId", "ParsedAuthenticationRequestURI"],
217
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
205
+ additionalProperties: true
206
+ }
218
207
  },
219
- VerifiedAuthorizationRequest: {
208
+ additionalProperties: false
209
+ },
210
+ required: ["sessionId", "ParsedAuthenticationRequestURI"],
211
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
212
+ },
213
+ VerifiedAuthorizationRequest: {
214
+ type: "object",
215
+ properties: {
216
+ payload: {
220
217
  type: "object",
221
218
  properties: {
222
- payload: {
223
- type: "object",
224
- properties: {
225
- additionalProperties: true
226
- }
227
- },
228
- presentationDefinitions: {
229
- type: "object",
230
- properties: {
231
- additionalProperties: true
232
- }
233
- },
234
- verifyOpts: {
235
- type: "object",
236
- properties: {
237
- additionalProperties: true
238
- }
239
- },
240
- additionalProperties: false
241
- },
242
- required: ["payload", "verifyOpts"],
243
- description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
219
+ additionalProperties: true
220
+ }
244
221
  },
245
- ISendSiopAuthenticationResponseArgs: {
222
+ presentationDefinitions: {
246
223
  type: "object",
247
224
  properties: {
248
- sessionId: {
249
- type: "string"
250
- },
251
- verifiedAuthenticationRequest: {
252
- type: "object",
253
- properties: {
254
- additionalProperties: true
255
- }
256
- },
257
- verifiablePresentationResponse: {
258
- type: "object",
259
- properties: {
260
- additionalProperties: true
261
- }
262
- },
263
- additionalProperties: false
264
- },
265
- required: ["sessionId", "verifiedAuthenticationRequest"],
266
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
267
- }
268
- },
269
- methods: {
270
- getSessionForSiop: {
271
- description: "Get SIOP session",
272
- arguments: {
273
- $ref: "#/components/schemas/IGetSiopSessionArgs"
274
- },
275
- returnType: "object"
276
- },
277
- registerSessionForSiop: {
278
- description: "Register SIOP session",
279
- arguments: {
280
- $ref: "#/components/schemas/IRegisterSiopSessionArgs"
281
- },
282
- returnType: "object"
283
- },
284
- removeSessionForSiop: {
285
- description: "Remove SIOP session",
286
- arguments: {
287
- $ref: "#/components/schemas/IRemoveSiopSessionArgs"
288
- },
289
- returnType: "boolean"
290
- },
291
- authenticateWithSiop: {
292
- description: "Authenticate using DID Auth SIOP",
293
- arguments: {
294
- $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
295
- },
296
- returnType: {
297
- $ref: "#/components/schemas/Response"
225
+ additionalProperties: true
298
226
  }
299
227
  },
300
- getSiopAuthenticationRequestFromRP: {
301
- description: "Get authentication request from RP",
302
- arguments: {
303
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
304
- },
305
- returnType: {
306
- $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
228
+ verifyOpts: {
229
+ type: "object",
230
+ properties: {
231
+ additionalProperties: true
307
232
  }
308
233
  },
309
- getSiopAuthenticationRequestDetails: {
310
- description: "Get authentication request details",
311
- arguments: {
312
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
313
- },
314
- returnType: {
315
- $ref: "#/components/schemas/IAuthRequestDetails"
316
- }
234
+ additionalProperties: false
235
+ },
236
+ required: ["payload", "verifyOpts"],
237
+ description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
238
+ },
239
+ ISendSiopAuthenticationResponseArgs: {
240
+ type: "object",
241
+ properties: {
242
+ sessionId: {
243
+ type: "string"
317
244
  },
318
- verifySiopAuthenticationRequestURI: {
319
- description: "Verify authentication request URI",
320
- arguments: {
321
- $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
322
- },
323
- returnType: {
324
- $ref: "#/components/schemas/VerifiedAuthorizationRequest"
245
+ verifiedAuthenticationRequest: {
246
+ type: "object",
247
+ properties: {
248
+ additionalProperties: true
325
249
  }
326
250
  },
327
- sendSiopAuthenticationResponse: {
328
- description: "Send authentication response",
329
- arguments: {
330
- $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
331
- },
332
- returnType: {
333
- $ref: "#/components/schemas/IRequiredContext"
251
+ verifiablePresentationResponse: {
252
+ type: "object",
253
+ properties: {
254
+ additionalProperties: true
334
255
  }
335
- }
256
+ },
257
+ additionalProperties: false
258
+ },
259
+ required: ["sessionId", "verifiedAuthenticationRequest"],
260
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
261
+ }
262
+ },
263
+ methods: {
264
+ getSessionForSiop: {
265
+ description: "Get SIOP session",
266
+ arguments: {
267
+ $ref: "#/components/schemas/IGetSiopSessionArgs"
268
+ },
269
+ returnType: "object"
270
+ },
271
+ registerSessionForSiop: {
272
+ description: "Register SIOP session",
273
+ arguments: {
274
+ $ref: "#/components/schemas/IRegisterSiopSessionArgs"
275
+ },
276
+ returnType: "object"
277
+ },
278
+ removeSessionForSiop: {
279
+ description: "Remove SIOP session",
280
+ arguments: {
281
+ $ref: "#/components/schemas/IRemoveSiopSessionArgs"
282
+ },
283
+ returnType: "boolean"
284
+ },
285
+ authenticateWithSiop: {
286
+ description: "Authenticate using DID Auth SIOP",
287
+ arguments: {
288
+ $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
289
+ },
290
+ returnType: {
291
+ $ref: "#/components/schemas/Response"
292
+ }
293
+ },
294
+ getSiopAuthenticationRequestFromRP: {
295
+ description: "Get authentication request from RP",
296
+ arguments: {
297
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
298
+ },
299
+ returnType: {
300
+ $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
301
+ }
302
+ },
303
+ getSiopAuthenticationRequestDetails: {
304
+ description: "Get authentication request details",
305
+ arguments: {
306
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
307
+ },
308
+ returnType: {
309
+ $ref: "#/components/schemas/IAuthRequestDetails"
310
+ }
311
+ },
312
+ verifySiopAuthenticationRequestURI: {
313
+ description: "Verify authentication request URI",
314
+ arguments: {
315
+ $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
316
+ },
317
+ returnType: {
318
+ $ref: "#/components/schemas/VerifiedAuthorizationRequest"
319
+ }
320
+ },
321
+ sendSiopAuthenticationResponse: {
322
+ description: "Send authentication response",
323
+ arguments: {
324
+ $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
325
+ },
326
+ returnType: {
327
+ $ref: "#/components/schemas/IRequiredContext"
336
328
  }
337
329
  }
338
330
  }
339
- };
331
+ }
340
332
  }
341
- });
333
+ };
342
334
 
343
335
  // src/agent/SIOPv2RP.ts
344
336
  import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did-auth-siop";
345
337
  import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
338
+ import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
346
339
  import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
340
+ import { DcqlQuery } from "dcql";
347
341
 
348
342
  // src/functions.ts
349
- import { InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
343
+ import { ClientIdentifierPrefix, InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
350
344
  import { SigningAlgo } from "@sphereon/oid4vc-common";
351
345
  import { getAgentDIDMethods, getAgentResolver } from "@sphereon/ssi-sdk-ext.did-utils";
352
346
  import { isExternalIdentifierOIDFEntityIdOpts, isManagedIdentifierDidOpts, isManagedIdentifierDidResult, isManagedIdentifierX5cOpts } from "@sphereon/ssi-sdk-ext.identifier-resolution";
@@ -376,8 +370,7 @@ function getPresentationVerificationCallback(idOpts, context) {
376
370
  async function presentationVerificationCallback(args, presentationSubmission) {
377
371
  if (CredentialMapper.isSdJwtEncoded(args)) {
378
372
  const result2 = await context.agent.verifySdJwtPresentation({
379
- presentation: args,
380
- kb: true
373
+ presentation: args
381
374
  });
382
375
  return {
383
376
  verified: !!result2.payload
@@ -416,11 +409,11 @@ async function createRPBuilder(args) {
416
409
  const { identifierOpts } = rpOpts;
417
410
  let definition = args.definition;
418
411
  let dcqlQuery = args.dcql;
419
- if (!definition && pexOpts && pexOpts.definitionId) {
412
+ if (!definition && pexOpts && pexOpts.queryId) {
420
413
  const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
421
414
  filter: [
422
415
  {
423
- definitionId: pexOpts.definitionId,
416
+ queryId: pexOpts.queryId,
424
417
  version: pexOpts.version,
425
418
  tenantId: pexOpts.tenantId
426
419
  }
@@ -428,9 +421,8 @@ async function createRPBuilder(args) {
428
421
  });
429
422
  if (presentationDefinitionItems.length > 0) {
430
423
  const presentationDefinitionItem = presentationDefinitionItems[0];
431
- definition = presentationDefinitionItem.definitionPayload;
432
424
  if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
433
- dcqlQuery = presentationDefinitionItem.dcqlPayload;
425
+ dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
434
426
  }
435
427
  }
436
428
  }
@@ -500,19 +492,16 @@ async function createRPBuilder(args) {
500
492
  }, context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
501
493
  const oidfOpts = identifierOpts.oidfOpts;
502
494
  if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
503
- builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT).withClientIdScheme("entity_id", PropertyTarget.REQUEST_OBJECT);
495
+ builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT);
504
496
  } else {
505
497
  const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts);
506
- builder.withClientId(resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint), PropertyTarget.REQUEST_OBJECT).withClientIdScheme(resolution.clientIdScheme ?? identifierOpts.idOpts.clientIdScheme, PropertyTarget.REQUEST_OBJECT);
498
+ const clientId = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint);
499
+ const clientIdPrefixed = prefixClientId(clientId);
500
+ builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT);
507
501
  }
508
502
  if (hasher) {
509
503
  builder.withHasher(hasher);
510
504
  }
511
- if (definition) {
512
- builder.withPresentationDefinition({
513
- definition
514
- }, PropertyTarget.REQUEST_OBJECT);
515
- }
516
505
  if (dcqlQuery) {
517
506
  builder.withDcqlQuery(dcqlQuery);
518
507
  }
@@ -572,6 +561,13 @@ function getSigningAlgo(type) {
572
561
  }
573
562
  }
574
563
  __name(getSigningAlgo, "getSigningAlgo");
564
+ function prefixClientId(clientId) {
565
+ if (clientId.startsWith("did:")) {
566
+ return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;
567
+ }
568
+ return clientId;
569
+ }
570
+ __name(prefixClientId, "prefixClientId");
575
571
 
576
572
  // src/RPInstance.ts
577
573
  import { v4 as uuidv4 } from "uuid";
@@ -608,7 +604,7 @@ var RPInstance = class {
608
604
  return this.definitionId !== void 0;
609
605
  }
610
606
  get definitionId() {
611
- return this.pexOptions?.definitionId;
607
+ return this.pexOptions?.queryId;
612
608
  }
613
609
  async getPresentationDefinition(context) {
614
610
  return this.definitionId ? await context.agent.pexStoreGetDefinition({
@@ -617,7 +613,7 @@ var RPInstance = class {
617
613
  }) : void 0;
618
614
  }
619
615
  async createAuthorizationRequestURI(createArgs, context) {
620
- const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
616
+ const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
621
617
  const nonce = createArgs.nonce ?? uuidv4();
622
618
  const state = createArgs.state ?? correlationId;
623
619
  let jwtIssuer;
@@ -645,13 +641,15 @@ var RPInstance = class {
645
641
  return await this.get(context).then((rp) => rp.createAuthorizationRequestURI({
646
642
  version: getRequestVersion(this.rpOptions),
647
643
  correlationId,
644
+ queryId,
648
645
  nonce,
649
646
  state,
650
647
  claims,
651
648
  requestByReferenceURI,
652
649
  responseURI,
653
650
  responseURIType,
654
- jwtIssuer
651
+ jwtIssuer,
652
+ callback
655
653
  }));
656
654
  }
657
655
  async createAuthorizationRequest(createArgs, context) {
@@ -692,7 +690,6 @@ var RPInstance = class {
692
690
  };
693
691
 
694
692
  // src/agent/SIOPv2RP.ts
695
- import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
696
693
  var SIOPv2RP = class _SIOPv2RP {
697
694
  static {
698
695
  __name(this, "SIOPv2RP");
@@ -700,7 +697,7 @@ var SIOPv2RP = class _SIOPv2RP {
700
697
  opts;
701
698
  static _DEFAULT_OPTS_KEY = "_default";
702
699
  instances = /* @__PURE__ */ new Map();
703
- schema = schema.IDidAuthSiopOpAuthenticator;
700
+ schema = plugin_schema_default.IDidAuthSiopOpAuthenticator;
704
701
  methods = {
705
702
  siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),
706
703
  siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),
@@ -730,30 +727,32 @@ var SIOPv2RP = class _SIOPv2RP {
730
727
  }
731
728
  async createAuthorizationRequestURI(createArgs, context) {
732
729
  return await this.getRPInstance({
733
- definitionId: createArgs.definitionId,
734
- responseRedirectURI: createArgs.responseRedirectURI
730
+ responseRedirectURI: createArgs.responseRedirectURI,
731
+ ...createArgs.useQueryIdInstance === true && {
732
+ queryId: createArgs.queryId
733
+ }
735
734
  }, context).then((rp) => rp.createAuthorizationRequestURI(createArgs, context)).then((URI) => URI.encodedUri);
736
735
  }
737
736
  async createAuthorizationRequestPayloads(createArgs, context) {
738
737
  return await this.getRPInstance({
739
- definitionId: createArgs.definitionId
738
+ queryId: createArgs.queryId
740
739
  }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
741
740
  const authRequest = {
742
741
  authorizationRequest: request.payload,
743
742
  requestObject: await request.requestObjectJwt(),
744
- requestObjectDecoded: await request.requestObject?.getPayload()
743
+ requestObjectDecoded: request.requestObject?.getPayload()
745
744
  };
746
745
  return authRequest;
747
746
  });
748
747
  }
749
748
  async siopGetRequestState(args, context) {
750
749
  return await this.getRPInstance({
751
- definitionId: args.definitionId
750
+ queryId: args.queryId
752
751
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
753
752
  }
754
753
  async siopGetResponseState(args, context) {
755
754
  const rpInstance = await this.getRPInstance({
756
- definitionId: args.definitionId
755
+ queryId: args.queryId
757
756
  }, context);
758
757
  const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
759
758
  if (authorizationResponseState === void 0) {
@@ -806,11 +805,11 @@ var SIOPv2RP = class _SIOPv2RP {
806
805
  }
807
806
  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => CredentialMapper2.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : CredentialMapper2.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
808
807
  async siopUpdateRequestState(args, context) {
809
- if (args.state !== "sent") {
810
- throw Error(`Only 'sent' status is supported for this method at this point`);
808
+ if (args.state !== "authorization_request_created") {
809
+ throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
811
810
  }
812
811
  return await this.getRPInstance({
813
- definitionId: args.definitionId
812
+ queryId: args.queryId
814
813
  }, context).then((rp) => rp.get(context).then(async (rp2) => {
815
814
  await rp2.signalAuthRequestRetrieved({
816
815
  correlationId: args.correlationId,
@@ -821,7 +820,7 @@ var SIOPv2RP = class _SIOPv2RP {
821
820
  }
822
821
  async siopDeleteState(args, context) {
823
822
  return await this.getRPInstance({
824
- definitionId: args.definitionId
823
+ queryId: args.queryId
825
824
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
826
825
  }
827
826
  async siopVerifyAuthResponse(args, context) {
@@ -830,12 +829,9 @@ var SIOPv2RP = class _SIOPv2RP {
830
829
  }
831
830
  const authResponse = typeof args.authorizationResponse === "string" ? decodeUriAsJson(args.authorizationResponse) : args.authorizationResponse;
832
831
  return await this.getRPInstance({
833
- definitionId: args.definitionId
832
+ queryId: args.queryId
834
833
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
835
834
  correlationId: args.correlationId,
836
- ...args.presentationDefinitions && !args.dcqlQuery ? {
837
- presentationDefinitions: args.presentationDefinitions
838
- } : {},
839
835
  ...args.dcqlQuery ? {
840
836
  dcqlQuery: args.dcqlQuery
841
837
  } : {},
@@ -843,19 +839,16 @@ var SIOPv2RP = class _SIOPv2RP {
843
839
  })));
844
840
  }
845
841
  async siopImportDefinitions(args, context) {
846
- const { definitions, tenantId, version, versionControlMode } = args;
847
- await Promise.all(definitions.map(async (definitionPair) => {
848
- const definitionPayload = definitionPair.definitionPayload;
849
- await context.agent.pexValidateDefinition({
850
- definition: definitionPayload
851
- });
852
- console.log(`persisting definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
842
+ const { importItems, tenantId, version, versionControlMode } = args;
843
+ await Promise.all(importItems.map(async (importItem) => {
844
+ DcqlQuery.validate(importItem.query);
845
+ console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
853
846
  return context.agent.pdmPersistDefinition({
854
847
  definitionItem: {
848
+ queryId: importItem.queryId,
855
849
  tenantId,
856
850
  version,
857
- definitionPayload,
858
- dcqlPayload: definitionPair.dcqlPayload
851
+ query: importItem.query
859
852
  },
860
853
  opts: {
861
854
  versionControlMode
@@ -864,7 +857,7 @@ var SIOPv2RP = class _SIOPv2RP {
864
857
  }));
865
858
  }
866
859
  async siopGetRedirectURI(args, context) {
867
- const instanceId = args.definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
860
+ const instanceId = args.queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
868
861
  if (this.instances.has(instanceId)) {
869
862
  const rpInstance = this.instances.get(instanceId);
870
863
  if (rpInstance !== void 0) {
@@ -880,12 +873,12 @@ var SIOPv2RP = class _SIOPv2RP {
880
873
  }
881
874
  return void 0;
882
875
  }
883
- async getRPInstance({ definitionId, responseRedirectURI }, context) {
884
- const instanceId = definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
876
+ async getRPInstance({ queryId, responseRedirectURI }, context) {
877
+ const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
885
878
  if (!this.instances.has(instanceId)) {
886
- const instanceOpts = this.getInstanceOpts(definitionId);
879
+ const instanceOpts = this.getInstanceOpts(queryId);
887
880
  const rpOpts = await this.getRPOptions(context, {
888
- definitionId,
881
+ queryId,
889
882
  responseRedirectURI
890
883
  });
891
884
  if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== "function") {
@@ -897,7 +890,7 @@ var SIOPv2RP = class _SIOPv2RP {
897
890
  ...rpOpts.identifierOpts.resolveOpts
898
891
  };
899
892
  }
900
- console.log("Using agent DID resolver for RP instance with definition id " + definitionId);
893
+ console.log("Using agent DID resolver for RP instance with definition id " + queryId);
901
894
  rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver2(context, {
902
895
  uniresolverResolution: true,
903
896
  localResolution: true,
@@ -916,10 +909,10 @@ var SIOPv2RP = class _SIOPv2RP {
916
909
  return rpInstance;
917
910
  }
918
911
  async getRPOptions(context, opts) {
919
- const { definitionId, responseRedirectURI } = opts;
920
- const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts;
912
+ const { queryId, responseRedirectURI } = opts;
913
+ const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts;
921
914
  if (!options) {
922
- throw Error(`Could not get specific nor default options for definition ${definitionId}`);
915
+ throw Error(`Could not get specific nor default options for definition ${queryId}`);
923
916
  }
924
917
  if (this.opts.defaultOpts) {
925
918
  if (!options.identifierOpts) {
@@ -953,18 +946,18 @@ var SIOPv2RP = class _SIOPv2RP {
953
946
  }
954
947
  getInstanceOpts(definitionId) {
955
948
  if (!this.opts.instanceOpts) return void 0;
956
- const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : void 0;
949
+ const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : void 0;
957
950
  return instanceOpt ?? this.getDefaultOptions(definitionId);
958
951
  }
959
952
  getDefaultOptions(definitionId) {
960
953
  if (!this.opts.instanceOpts) return void 0;
961
- const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === "default");
954
+ const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
962
955
  if (defaultOptions) {
963
956
  const clonedOptions = {
964
957
  ...defaultOptions
965
958
  };
966
959
  if (definitionId !== void 0) {
967
- clonedOptions.definitionId = definitionId;
960
+ clonedOptions.queryId = definitionId;
968
961
  }
969
962
  return clonedOptions;
970
963
  }
@@ -973,18 +966,15 @@ var SIOPv2RP = class _SIOPv2RP {
973
966
  };
974
967
 
975
968
  // src/types/ISIOPv2RP.ts
976
- var VerifiedDataMode = /* @__PURE__ */ function(VerifiedDataMode2) {
969
+ var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
977
970
  VerifiedDataMode2["NONE"] = "none";
978
971
  VerifiedDataMode2["VERIFIED_PRESENTATION"] = "vp";
979
972
  VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
980
973
  return VerifiedDataMode2;
981
- }({});
982
-
983
- // src/index.ts
984
- var schema = require_plugin_schema();
974
+ })({});
985
975
  export {
986
976
  SIOPv2RP,
987
977
  VerifiedDataMode,
988
- schema
978
+ plugin_schema_default as schema
989
979
  };
990
980
  //# sourceMappingURL=index.js.map