@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.26.RP.58 → 0.34.1-feature.SSISDK.45.189
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +344 -353
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +732 -52
- package/dist/index.d.ts +732 -52
- package/dist/index.js +337 -347
- package/dist/index.js.map +1 -1
- package/package.json +18 -18
- package/src/RPInstance.ts +6 -4
- package/src/agent/SIOPv2RP.ts +42 -39
- package/src/functions.ts +22 -23
- package/src/index.ts +1 -1
- package/src/types/ISIOPv2RP.ts +29 -50
package/src/agent/SIOPv2RP.ts
CHANGED
|
@@ -3,10 +3,13 @@ import {
|
|
|
3
3
|
AuthorizationResponsePayload,
|
|
4
4
|
AuthorizationResponseState,
|
|
5
5
|
AuthorizationResponseStateStatus,
|
|
6
|
+
AuthorizationResponseStateWithVerifiedData,
|
|
6
7
|
decodeUriAsJson,
|
|
7
|
-
VerifiedAuthorizationResponse
|
|
8
|
+
VerifiedAuthorizationResponse
|
|
8
9
|
} from '@sphereon/did-auth-siop'
|
|
9
10
|
import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
|
|
11
|
+
import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
12
|
+
import type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'
|
|
10
13
|
import {
|
|
11
14
|
AdditionalClaims,
|
|
12
15
|
CredentialMapper,
|
|
@@ -22,8 +25,8 @@ import {
|
|
|
22
25
|
SdJwtDecodedVerifiableCredential,
|
|
23
26
|
} from '@sphereon/ssi-types'
|
|
24
27
|
import { IAgentPlugin } from '@veramo/core'
|
|
28
|
+
import { DcqlQuery } from 'dcql'
|
|
25
29
|
import {
|
|
26
|
-
AuthorizationResponseStateWithVerifiedData,
|
|
27
30
|
IAuthorizationRequestPayloads,
|
|
28
31
|
ICreateAuthRequestArgs,
|
|
29
32
|
IGetAuthRequestStateArgs,
|
|
@@ -42,10 +45,7 @@ import {
|
|
|
42
45
|
VerifiedDataMode,
|
|
43
46
|
} from '../index'
|
|
44
47
|
import { RPInstance } from '../RPInstance'
|
|
45
|
-
|
|
46
48
|
import { ISIOPv2RP } from '../types/ISIOPv2RP'
|
|
47
|
-
import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
48
|
-
import { DcqlQuery } from 'dcql'
|
|
49
49
|
|
|
50
50
|
export class SIOPv2RP implements IAgentPlugin {
|
|
51
51
|
private readonly opts: ISiopv2RPOpts
|
|
@@ -85,7 +85,10 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
85
85
|
}
|
|
86
86
|
|
|
87
87
|
private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {
|
|
88
|
-
return await this.getRPInstance(
|
|
88
|
+
return await this.getRPInstance(
|
|
89
|
+
{ responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ) },
|
|
90
|
+
context,
|
|
91
|
+
)
|
|
89
92
|
.then((rp) => rp.createAuthorizationRequestURI(createArgs, context))
|
|
90
93
|
.then((URI) => URI.encodedUri)
|
|
91
94
|
}
|
|
@@ -94,21 +97,23 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
94
97
|
createArgs: ICreateAuthRequestArgs,
|
|
95
98
|
context: IRequiredContext,
|
|
96
99
|
): Promise<IAuthorizationRequestPayloads> {
|
|
97
|
-
return await this.getRPInstance({
|
|
100
|
+
return await this.getRPInstance({ queryId: createArgs.queryId }, context)
|
|
98
101
|
.then((rp) => rp.createAuthorizationRequest(createArgs, context))
|
|
99
102
|
.then(async (request) => {
|
|
100
103
|
const authRequest: IAuthorizationRequestPayloads = {
|
|
101
104
|
authorizationRequest: request.payload,
|
|
102
105
|
requestObject: await request.requestObjectJwt(),
|
|
103
|
-
requestObjectDecoded:
|
|
106
|
+
requestObjectDecoded: request.requestObject?.getPayload(),
|
|
104
107
|
}
|
|
105
108
|
return authRequest
|
|
106
109
|
})
|
|
107
110
|
}
|
|
108
111
|
|
|
109
112
|
private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {
|
|
110
|
-
return await this.getRPInstance({
|
|
111
|
-
rp.get(context).then((rp) =>
|
|
113
|
+
return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>
|
|
114
|
+
rp.get(context).then((rp) =>
|
|
115
|
+
rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)
|
|
116
|
+
),
|
|
112
117
|
)
|
|
113
118
|
}
|
|
114
119
|
|
|
@@ -116,7 +121,7 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
116
121
|
args: IGetAuthResponseStateArgs,
|
|
117
122
|
context: IRequiredContext,
|
|
118
123
|
): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {
|
|
119
|
-
const rpInstance: RPInstance = await this.getRPInstance({
|
|
124
|
+
const rpInstance: RPInstance = await this.getRPInstance({ queryId: args.queryId }, context)
|
|
120
125
|
const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance
|
|
121
126
|
.get(context)
|
|
122
127
|
.then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))
|
|
@@ -193,10 +198,10 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
193
198
|
: CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)
|
|
194
199
|
|
|
195
200
|
private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {
|
|
196
|
-
if (args.state !== '
|
|
197
|
-
throw Error(`Only '
|
|
201
|
+
if (args.state !== 'authorization_request_created') {
|
|
202
|
+
throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)
|
|
198
203
|
}
|
|
199
|
-
return await this.getRPInstance({
|
|
204
|
+
return await this.getRPInstance({ queryId: args.queryId }, context)
|
|
200
205
|
// todo: In the SIOP library we need to update the signal method to be more like this method
|
|
201
206
|
.then((rp) =>
|
|
202
207
|
rp.get(context).then(async (rp) => {
|
|
@@ -210,7 +215,7 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
210
215
|
}
|
|
211
216
|
|
|
212
217
|
private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {
|
|
213
|
-
return await this.getRPInstance({
|
|
218
|
+
return await this.getRPInstance({ queryId: args.queryId }, context)
|
|
214
219
|
.then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))
|
|
215
220
|
.then(() => true)
|
|
216
221
|
}
|
|
@@ -223,32 +228,30 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
223
228
|
typeof args.authorizationResponse === 'string'
|
|
224
229
|
? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)
|
|
225
230
|
: args.authorizationResponse
|
|
226
|
-
return await this.getRPInstance({
|
|
231
|
+
return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>
|
|
227
232
|
rp.get(context).then((rp) =>
|
|
228
233
|
rp.verifyAuthorizationResponse(authResponse, {
|
|
229
234
|
correlationId: args.correlationId,
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
audience: args.audience,
|
|
235
|
+
...(args.dcqlQuery ? { dcqlQuery: args.dcqlQuery } : {}),
|
|
236
|
+
audience: args.audience,
|
|
233
237
|
}),
|
|
234
238
|
),
|
|
235
239
|
)
|
|
236
240
|
}
|
|
237
241
|
|
|
238
242
|
private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {
|
|
239
|
-
const {
|
|
243
|
+
const { importItems, tenantId, version, versionControlMode } = args
|
|
240
244
|
await Promise.all(
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
245
|
+
importItems.map(async (importItem: ImportDcqlQueryItem) => {
|
|
246
|
+
DcqlQuery.validate(importItem.query)
|
|
247
|
+
console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)
|
|
244
248
|
|
|
245
|
-
console.log(`persisting definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)
|
|
246
249
|
return context.agent.pdmPersistDefinition({
|
|
247
250
|
definitionItem: {
|
|
251
|
+
queryId: importItem.queryId!,
|
|
248
252
|
tenantId: tenantId,
|
|
249
253
|
version: version,
|
|
250
|
-
|
|
251
|
-
dcqlPayload: definitionPair.dcqlPayload,
|
|
254
|
+
query: importItem.query,
|
|
252
255
|
},
|
|
253
256
|
opts: { versionControlMode: versionControlMode },
|
|
254
257
|
})
|
|
@@ -257,7 +260,7 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
257
260
|
}
|
|
258
261
|
|
|
259
262
|
private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {
|
|
260
|
-
const instanceId = args.
|
|
263
|
+
const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY
|
|
261
264
|
if (this.instances.has(instanceId)) {
|
|
262
265
|
const rpInstance = this.instances.get(instanceId)
|
|
263
266
|
if (rpInstance !== undefined) {
|
|
@@ -272,17 +275,17 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
272
275
|
return undefined
|
|
273
276
|
}
|
|
274
277
|
|
|
275
|
-
async getRPInstance({
|
|
276
|
-
const instanceId =
|
|
278
|
+
async getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {
|
|
279
|
+
const instanceId = queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY
|
|
277
280
|
if (!this.instances.has(instanceId)) {
|
|
278
|
-
const instanceOpts = this.getInstanceOpts(
|
|
279
|
-
const rpOpts = await this.getRPOptions(context, {
|
|
281
|
+
const instanceOpts = this.getInstanceOpts(queryId)
|
|
282
|
+
const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })
|
|
280
283
|
if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {
|
|
281
284
|
if (!rpOpts.identifierOpts?.resolveOpts) {
|
|
282
285
|
rpOpts.identifierOpts = { ...rpOpts.identifierOpts }
|
|
283
286
|
rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }
|
|
284
287
|
}
|
|
285
|
-
console.log('Using agent DID resolver for RP instance with definition id ' +
|
|
288
|
+
console.log('Using agent DID resolver for RP instance with definition id ' + queryId)
|
|
286
289
|
rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {
|
|
287
290
|
uniresolverResolution: true,
|
|
288
291
|
localResolution: true,
|
|
@@ -298,11 +301,11 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
298
301
|
return rpInstance
|
|
299
302
|
}
|
|
300
303
|
|
|
301
|
-
async getRPOptions(context: IRequiredContext, opts: {
|
|
302
|
-
const {
|
|
303
|
-
const options = this.getInstanceOpts(
|
|
304
|
+
async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {
|
|
305
|
+
const { queryId, responseRedirectURI: responseRedirectURI } = opts
|
|
306
|
+
const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts
|
|
304
307
|
if (!options) {
|
|
305
|
-
throw Error(`Could not get specific nor default options for definition ${
|
|
308
|
+
throw Error(`Could not get specific nor default options for definition ${queryId}`)
|
|
306
309
|
}
|
|
307
310
|
if (this.opts.defaultOpts) {
|
|
308
311
|
if (!options.identifierOpts) {
|
|
@@ -336,7 +339,7 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
336
339
|
getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {
|
|
337
340
|
if (!this.opts.instanceOpts) return undefined
|
|
338
341
|
|
|
339
|
-
const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.
|
|
342
|
+
const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : undefined
|
|
340
343
|
|
|
341
344
|
return instanceOpt ?? this.getDefaultOptions(definitionId)
|
|
342
345
|
}
|
|
@@ -344,11 +347,11 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
344
347
|
private getDefaultOptions(definitionId: string | undefined) {
|
|
345
348
|
if (!this.opts.instanceOpts) return undefined
|
|
346
349
|
|
|
347
|
-
const defaultOptions = this.opts.instanceOpts.find((i) => i.
|
|
350
|
+
const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')
|
|
348
351
|
if (defaultOptions) {
|
|
349
352
|
const clonedOptions = { ...defaultOptions }
|
|
350
353
|
if (definitionId !== undefined) {
|
|
351
|
-
clonedOptions.
|
|
354
|
+
clonedOptions.queryId = definitionId
|
|
352
355
|
}
|
|
353
356
|
return clonedOptions
|
|
354
357
|
}
|
package/src/functions.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import {
|
|
2
|
-
|
|
2
|
+
ClientIdentifierPrefix,
|
|
3
3
|
ClientMetadataOpts,
|
|
4
4
|
InMemoryRPSessionManager,
|
|
5
5
|
PassBy,
|
|
@@ -14,7 +14,7 @@ import {
|
|
|
14
14
|
Scope,
|
|
15
15
|
SubjectType,
|
|
16
16
|
SupportedVersion,
|
|
17
|
-
VerifyJwtCallback
|
|
17
|
+
VerifyJwtCallback
|
|
18
18
|
} from '@sphereon/did-auth-siop'
|
|
19
19
|
import { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'
|
|
20
20
|
import { IPresentationDefinition } from '@sphereon/pex'
|
|
@@ -28,9 +28,8 @@ import {
|
|
|
28
28
|
} from '@sphereon/ssi-sdk-ext.identifier-resolution'
|
|
29
29
|
import { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'
|
|
30
30
|
import { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'
|
|
31
|
-
import { CredentialMapper,
|
|
31
|
+
import { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'
|
|
32
32
|
import { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'
|
|
33
|
-
// import { KeyAlgo, SuppliedSigner } from '@sphereon/ssi-sdk.core'
|
|
34
33
|
import { TKeyType } from '@veramo/core'
|
|
35
34
|
import { JWTVerifyOptions } from 'did-jwt'
|
|
36
35
|
import { Resolvable } from 'did-resolver'
|
|
@@ -69,7 +68,6 @@ export function getPresentationVerificationCallback(
|
|
|
69
68
|
if (CredentialMapper.isSdJwtEncoded(args)) {
|
|
70
69
|
const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({
|
|
71
70
|
presentation: args,
|
|
72
|
-
kb: true,
|
|
73
71
|
})
|
|
74
72
|
// fixme: investigate the correct way to handle this
|
|
75
73
|
return { verified: !!result.payload }
|
|
@@ -113,11 +111,11 @@ export async function createRPBuilder(args: {
|
|
|
113
111
|
let definition: IPresentationDefinition | undefined = args.definition
|
|
114
112
|
let dcqlQuery: DcqlQuery | undefined = args.dcql
|
|
115
113
|
|
|
116
|
-
if (!definition && pexOpts && pexOpts.
|
|
114
|
+
if (!definition && pexOpts && pexOpts.queryId) {
|
|
117
115
|
const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
|
|
118
116
|
filter: [
|
|
119
117
|
{
|
|
120
|
-
|
|
118
|
+
queryId: pexOpts.queryId,
|
|
121
119
|
version: pexOpts.version,
|
|
122
120
|
tenantId: pexOpts.tenantId,
|
|
123
121
|
},
|
|
@@ -126,9 +124,8 @@ export async function createRPBuilder(args: {
|
|
|
126
124
|
|
|
127
125
|
if (presentationDefinitionItems.length > 0) {
|
|
128
126
|
const presentationDefinitionItem = presentationDefinitionItems[0]
|
|
129
|
-
definition = presentationDefinitionItem.definitionPayload
|
|
130
127
|
if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
|
|
131
|
-
dcqlQuery = presentationDefinitionItem.dcqlPayload as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery
|
|
128
|
+
dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery
|
|
132
129
|
}
|
|
133
130
|
}
|
|
134
131
|
}
|
|
@@ -161,7 +158,7 @@ export async function createRPBuilder(args: {
|
|
|
161
158
|
uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,
|
|
162
159
|
})
|
|
163
160
|
//todo: probably wise to first look and see if we actually need the hasher to begin with
|
|
164
|
-
let hasher:
|
|
161
|
+
let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher
|
|
165
162
|
if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {
|
|
166
163
|
hasher = defaultHasher
|
|
167
164
|
}
|
|
@@ -197,18 +194,14 @@ export async function createRPBuilder(args: {
|
|
|
197
194
|
|
|
198
195
|
const oidfOpts = identifierOpts.oidfOpts
|
|
199
196
|
if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
|
|
200
|
-
builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)
|
|
197
|
+
builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)
|
|
201
198
|
} else {
|
|
202
199
|
const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)
|
|
203
|
-
|
|
204
|
-
.
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
.withClientIdScheme(
|
|
209
|
-
(resolution.clientIdScheme as ClientIdScheme) ?? (identifierOpts.idOpts.clientIdScheme as ClientIdScheme),
|
|
210
|
-
PropertyTarget.REQUEST_OBJECT,
|
|
211
|
-
)
|
|
200
|
+
const clientId: string = rpOpts.clientMetadataOpts?.client_id ??
|
|
201
|
+
resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)
|
|
202
|
+
const clientIdPrefixed = prefixClientId(clientId)
|
|
203
|
+
builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT
|
|
204
|
+
)
|
|
212
205
|
}
|
|
213
206
|
|
|
214
207
|
if (hasher) {
|
|
@@ -222,9 +215,6 @@ export async function createRPBuilder(args: {
|
|
|
222
215
|
//fixme: this has been removed in the new version of did-auth-siop
|
|
223
216
|
// builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))
|
|
224
217
|
|
|
225
|
-
if (definition) {
|
|
226
|
-
builder.withPresentationDefinition({ definition }, PropertyTarget.REQUEST_OBJECT)
|
|
227
|
-
}
|
|
228
218
|
if (dcqlQuery) {
|
|
229
219
|
builder.withDcqlQuery(dcqlQuery)
|
|
230
220
|
}
|
|
@@ -309,3 +299,12 @@ export function getSigningAlgo(type: TKeyType): SigningAlgo {
|
|
|
309
299
|
throw Error('Key type not yet supported')
|
|
310
300
|
}
|
|
311
301
|
}
|
|
302
|
+
|
|
303
|
+
export function prefixClientId(clientId: string): string {
|
|
304
|
+
// FIXME SSISDK-60
|
|
305
|
+
if (clientId.startsWith('did:')) {
|
|
306
|
+
return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;
|
|
307
|
+
}
|
|
308
|
+
|
|
309
|
+
return clientId;
|
|
310
|
+
}
|
package/src/index.ts
CHANGED
package/src/types/ISIOPv2RP.ts
CHANGED
|
@@ -2,40 +2,38 @@ import {
|
|
|
2
2
|
AuthorizationRequestPayload,
|
|
3
3
|
AuthorizationRequestState,
|
|
4
4
|
AuthorizationResponsePayload,
|
|
5
|
-
|
|
5
|
+
AuthorizationResponseStateWithVerifiedData,
|
|
6
|
+
CallbackOpts,
|
|
6
7
|
ClaimPayloadCommonOpts,
|
|
7
8
|
ClientMetadataOpts,
|
|
8
9
|
IRPSessionManager,
|
|
9
|
-
PresentationDefinitionWithLocation,
|
|
10
10
|
PresentationVerificationCallback,
|
|
11
11
|
RequestObjectPayload,
|
|
12
12
|
ResponseMode,
|
|
13
13
|
ResponseURIType,
|
|
14
14
|
SupportedVersion,
|
|
15
|
-
VerifiablePresentationTypeFormat,
|
|
16
15
|
VerifiedAuthorizationResponse,
|
|
17
16
|
VerifyJwtCallback,
|
|
18
|
-
VPTokenLocation,
|
|
19
17
|
} from '@sphereon/did-auth-siop'
|
|
20
|
-
import {
|
|
21
|
-
import { IAgentContext, ICredentialIssuer, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'
|
|
22
|
-
import { AdditionalClaims, DcqlQueryREST, HasherSync, W3CVerifiablePresentation } from '@sphereon/ssi-types'
|
|
23
|
-
|
|
24
|
-
import { Resolvable } from 'did-resolver'
|
|
18
|
+
import { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'
|
|
25
19
|
import { DIDDocument } from '@sphereon/did-uni-client'
|
|
26
|
-
import {
|
|
20
|
+
import { JwtIssuer } from '@sphereon/oid4vc-common'
|
|
27
21
|
import { IPresentationDefinition } from '@sphereon/pex'
|
|
28
22
|
import { IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'
|
|
29
|
-
import {
|
|
30
|
-
import { VerifyCallback } from '@sphereon/wellknown-dids-client'
|
|
31
|
-
import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
|
|
32
|
-
import { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'
|
|
33
|
-
import { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'
|
|
34
|
-
import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'
|
|
23
|
+
import { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'
|
|
35
24
|
import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'
|
|
36
|
-
import { JwtIssuer } from '@sphereon/oid4vc-common'
|
|
37
|
-
import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'
|
|
38
25
|
import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'
|
|
26
|
+
import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'
|
|
27
|
+
import { ImportDcqlQueryItem, IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'
|
|
28
|
+
import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
|
|
29
|
+
import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'
|
|
30
|
+
import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
|
|
31
|
+
import { HasherSync } from '@sphereon/ssi-types'
|
|
32
|
+
import { VerifyCallback } from '@sphereon/wellknown-dids-client'
|
|
33
|
+
import { IAgentContext, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'
|
|
34
|
+
import { DcqlQuery } from 'dcql'
|
|
35
|
+
import { Resolvable } from 'did-resolver'
|
|
36
|
+
import { EventEmitter } from 'events'
|
|
39
37
|
|
|
40
38
|
export enum VerifiedDataMode {
|
|
41
39
|
NONE = 'none',
|
|
@@ -55,7 +53,6 @@ export interface ISIOPv2RP extends IPluginMethodMap {
|
|
|
55
53
|
siopDeleteAuthState(args: IDeleteAuthStateArgs, context: IRequiredContext): Promise<boolean>
|
|
56
54
|
siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse>
|
|
57
55
|
siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void>
|
|
58
|
-
|
|
59
56
|
siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined>
|
|
60
57
|
}
|
|
61
58
|
|
|
@@ -67,8 +64,9 @@ export interface ISiopv2RPOpts {
|
|
|
67
64
|
export interface IRPDefaultOpts extends IRPOptions {}
|
|
68
65
|
|
|
69
66
|
export interface ICreateAuthRequestArgs {
|
|
70
|
-
|
|
67
|
+
queryId: string
|
|
71
68
|
correlationId: string
|
|
69
|
+
useQueryIdInstance?: boolean
|
|
72
70
|
responseURIType: ResponseURIType
|
|
73
71
|
responseURI: string
|
|
74
72
|
responseRedirectURI?: string
|
|
@@ -77,24 +75,25 @@ export interface ICreateAuthRequestArgs {
|
|
|
77
75
|
nonce?: string
|
|
78
76
|
state?: string
|
|
79
77
|
claims?: ClaimPayloadCommonOpts
|
|
78
|
+
callback?: CallbackOpts
|
|
80
79
|
}
|
|
81
80
|
|
|
82
81
|
export interface IGetAuthRequestStateArgs {
|
|
83
82
|
correlationId: string
|
|
84
|
-
|
|
83
|
+
queryId?: string
|
|
85
84
|
errorOnNotFound?: boolean
|
|
86
85
|
}
|
|
87
86
|
|
|
88
87
|
export interface IGetAuthResponseStateArgs {
|
|
89
88
|
correlationId: string
|
|
90
|
-
|
|
89
|
+
queryId?: string
|
|
91
90
|
errorOnNotFound?: boolean
|
|
92
91
|
progressRequestStateTo?: AuthorizationRequestStateStatus
|
|
93
92
|
includeVerifiedData?: VerifiedDataMode
|
|
94
93
|
}
|
|
95
94
|
|
|
96
95
|
export interface IUpdateRequestStateArgs {
|
|
97
|
-
|
|
96
|
+
queryId: string
|
|
98
97
|
correlationId: string
|
|
99
98
|
state: AuthorizationRequestStateStatus
|
|
100
99
|
error?: string
|
|
@@ -102,25 +101,18 @@ export interface IUpdateRequestStateArgs {
|
|
|
102
101
|
|
|
103
102
|
export interface IDeleteAuthStateArgs {
|
|
104
103
|
correlationId: string
|
|
105
|
-
|
|
104
|
+
queryId?: string
|
|
106
105
|
}
|
|
107
106
|
|
|
108
107
|
export interface IVerifyAuthResponseStateArgs {
|
|
109
108
|
authorizationResponse: string | AuthorizationResponsePayload
|
|
110
|
-
|
|
109
|
+
queryId?: string
|
|
111
110
|
correlationId: string
|
|
112
111
|
audience?: string
|
|
113
|
-
|
|
114
|
-
dcqlQuery?: DcqlQueryREST
|
|
112
|
+
dcqlQuery?: DcqlQuery
|
|
115
113
|
}
|
|
116
|
-
|
|
117
|
-
export interface IDefinitionPair {
|
|
118
|
-
definitionPayload: IPresentationDefinition
|
|
119
|
-
dcqlPayload?: DcqlQueryREST
|
|
120
|
-
}
|
|
121
|
-
|
|
122
114
|
export interface ImportDefinitionsArgs {
|
|
123
|
-
|
|
115
|
+
importItems: Array<ImportDcqlQueryItem>
|
|
124
116
|
tenantId?: string
|
|
125
117
|
version?: string
|
|
126
118
|
versionControlMode?: VersionControlMode
|
|
@@ -128,7 +120,7 @@ export interface ImportDefinitionsArgs {
|
|
|
128
120
|
|
|
129
121
|
export interface IGetRedirectUriArgs {
|
|
130
122
|
correlationId: string
|
|
131
|
-
|
|
123
|
+
queryId?: string
|
|
132
124
|
state?: string
|
|
133
125
|
}
|
|
134
126
|
|
|
@@ -144,7 +136,7 @@ export interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {
|
|
|
144
136
|
}
|
|
145
137
|
|
|
146
138
|
export interface ISiopRPInstanceArgs {
|
|
147
|
-
|
|
139
|
+
queryId?: string
|
|
148
140
|
responseRedirectURI?: string
|
|
149
141
|
}
|
|
150
142
|
|
|
@@ -169,7 +161,7 @@ export interface IRPOptions {
|
|
|
169
161
|
export interface IPEXOptions {
|
|
170
162
|
presentationVerifyCallback?: PresentationVerificationCallback
|
|
171
163
|
// definition?: IPresentationDefinition
|
|
172
|
-
|
|
164
|
+
queryId: string
|
|
173
165
|
version?: string
|
|
174
166
|
tenantId?: string
|
|
175
167
|
}
|
|
@@ -186,17 +178,9 @@ export interface PerDidResolver {
|
|
|
186
178
|
export interface IAuthRequestDetails {
|
|
187
179
|
rpDIDDocument?: DIDDocument
|
|
188
180
|
id: string
|
|
189
|
-
verifiablePresentationMatches: IPresentationWithDefinition[]
|
|
190
181
|
alsoKnownAs?: string[]
|
|
191
182
|
}
|
|
192
183
|
|
|
193
|
-
export interface IPresentationWithDefinition {
|
|
194
|
-
location: VPTokenLocation
|
|
195
|
-
definition: PresentationDefinitionWithLocation
|
|
196
|
-
format: VerifiablePresentationTypeFormat
|
|
197
|
-
presentation: W3CVerifiablePresentation
|
|
198
|
-
}
|
|
199
|
-
|
|
200
184
|
export interface ISIOPIdentifierOptions extends Omit<IDIDOptions, 'idOpts'> {
|
|
201
185
|
// we replace the legacy idOpts with the Managed Identifier opts from the identifier resolution module
|
|
202
186
|
idOpts: ManagedIdentifierOptsOrResult
|
|
@@ -210,16 +194,11 @@ export type CredentialOpts = {
|
|
|
210
194
|
hasher?: HasherSync
|
|
211
195
|
}
|
|
212
196
|
|
|
213
|
-
export interface AuthorizationResponseStateWithVerifiedData extends AuthorizationResponseState {
|
|
214
|
-
verifiedData?: AdditionalClaims
|
|
215
|
-
}
|
|
216
|
-
|
|
217
197
|
export type IRequiredContext = IAgentContext<
|
|
218
198
|
IResolver &
|
|
219
199
|
IDIDManager &
|
|
220
200
|
IKeyManager &
|
|
221
201
|
IIdentifierResolution &
|
|
222
|
-
ICredentialIssuer &
|
|
223
202
|
ICredentialValidation &
|
|
224
203
|
ICredentialVerifier &
|
|
225
204
|
IPresentationExchange &
|