@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.45.135 → 0.34.1-feature.SSISDK.45.189

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { IPluginMethodMap, IAgentContext, IResolver, IDIDManager, IKeyManager, ICredentialIssuer, ICredentialVerifier, IAgentPlugin } from '@veramo/core';
+import { IPluginMethodMap, IAgentContext, IResolver, IDIDManager, IKeyManager, ICredentialVerifier, IAgentPlugin } from '@veramo/core';
 import { ResponseURIType, ClaimPayloadCommonOpts, CallbackOpts, AuthorizationRequestPayload, RequestObjectPayload, AuthorizationRequestState, AuthorizationResponseStateWithVerifiedData, AuthorizationResponsePayload, VerifiedAuthorizationResponse, ResponseMode, SupportedVersion, IRPSessionManager, ClientMetadataOpts, VerifyJwtCallback, PresentationVerificationCallback, RP, URI, AuthorizationRequest } from '@sphereon/did-auth-siop';
 import { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter';
 import { DIDDocument } from '@sphereon/did-uni-client';
@@ -9,12 +9,13 @@ import { IIdentifierResolution, ManagedIdentifierOptsOrResult, ExternalIdentifie
 import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
 import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation';
 import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc';
-import { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
+import { IPDManager, ImportDcqlQueryItem, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
 import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange';
 import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
 import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common';
-import { DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types';
+import { HasherSync } from '@sphereon/ssi-types';
 import { VerifyCallback } from '@sphereon/wellknown-dids-client';
+import { DcqlQuery } from 'dcql';
 import { Resolvable } from 'did-resolver';
 import { EventEmitter } from 'events';
 
@@ -452,14 +453,10 @@ interface IVerifyAuthResponseStateArgs {
     queryId?: string;
     correlationId: string;
     audience?: string;
-    dcqlQueryPayload?: DcqlQueryPayload;
-}
-interface IDefinitionPair {
-    definitionPayload?: IPresentationDefinition;
-    dcqlPayload?: DcqlQueryPayload;
+    dcqlQuery?: DcqlQuery;
 }
 interface ImportDefinitionsArgs {
-    queries: Array<IDefinitionPair>;
+    importItems: Array<ImportDcqlQueryItem>;
     tenantId?: string;
     version?: string;
     versionControlMode?: VersionControlMode;
@@ -525,7 +522,7 @@ interface ISIOPIdentifierOptions extends Omit<IDIDOptions, 'idOpts'> {
 type CredentialOpts = {
     hasher?: HasherSync;
 };
-type IRequiredContext = IAgentContext<IResolver & IDIDManager & IKeyManager & IIdentifierResolution & ICredentialIssuer & ICredentialValidation & ICredentialVerifier & IPresentationExchange & IPDManager & ISDJwtPlugin & IJwtService & ImDLMdoc>;
+type IRequiredContext = IAgentContext<IResolver & IDIDManager & IKeyManager & IIdentifierResolution & ICredentialValidation & ICredentialVerifier & IPresentationExchange & IPDManager & ISDJwtPlugin & IJwtService & ImDLMdoc>;
 
 declare class RPInstance {
     private _rp;
@@ -898,4 +895,4 @@ declare class SIOPv2RP implements IAgentPlugin {
     private getDefaultOptions;
 }
 
-export { type CredentialOpts, type IAuthRequestDetails, type IAuthorizationRequestPayloads, type ICreateAuthRequestArgs, type IDefinitionPair, type IDeleteAuthStateArgs, type IGetAuthRequestStateArgs, type IGetAuthResponseStateArgs, type IGetRedirectUriArgs, type IPEXDefinitionPersistArgs, type IPEXInstanceOptions, type IPEXOptions, type IRPDefaultOpts, type IRPOptions, type IRequiredContext, type ISIOPIdentifierOptions, type ISIOPv2RP, type ISiopRPInstanceArgs, type ISiopv2RPOpts, type IUpdateRequestStateArgs, type IVerifyAuthResponseStateArgs, type ImportDefinitionsArgs, type PerDidResolver, SIOPv2RP, type VerificationPolicies, VerifiedDataMode, plugin_schema as schema };
+export { type CredentialOpts, type IAuthRequestDetails, type IAuthorizationRequestPayloads, type ICreateAuthRequestArgs, type IDeleteAuthStateArgs, type IGetAuthRequestStateArgs, type IGetAuthResponseStateArgs, type IGetRedirectUriArgs, type IPEXDefinitionPersistArgs, type IPEXInstanceOptions, type IPEXOptions, type IRPDefaultOpts, type IRPOptions, type IRequiredContext, type ISIOPIdentifierOptions, type ISIOPv2RP, type ISiopRPInstanceArgs, type ISiopv2RPOpts, type IUpdateRequestStateArgs, type IVerifyAuthResponseStateArgs, type ImportDefinitionsArgs, type PerDidResolver, SIOPv2RP, type VerificationPolicies, VerifiedDataMode, plugin_schema as schema };

package/dist/index.js

@@ -335,11 +335,12 @@ var plugin_schema_default = {
 // src/agent/SIOPv2RP.ts
 import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did-auth-siop";
 import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
+import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
 import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
 import { DcqlQuery } from "dcql";
 
 // src/functions.ts
-import { InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
+import { ClientIdentifierPrefix, InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
 import { SigningAlgo } from "@sphereon/oid4vc-common";
 import { getAgentDIDMethods, getAgentResolver } from "@sphereon/ssi-sdk-ext.did-utils";
 import { isExternalIdentifierOIDFEntityIdOpts, isManagedIdentifierDidOpts, isManagedIdentifierDidResult, isManagedIdentifierX5cOpts } from "@sphereon/ssi-sdk-ext.identifier-resolution";
@@ -369,8 +370,7 @@ function getPresentationVerificationCallback(idOpts, context) {
   async function presentationVerificationCallback(args, presentationSubmission) {
     if (CredentialMapper.isSdJwtEncoded(args)) {
       const result2 = await context.agent.verifySdJwtPresentation({
-        presentation: args,
-        kb: true
+        presentation: args
       });
       return {
         verified: !!result2.payload
@@ -413,7 +413,7 @@ async function createRPBuilder(args) {
     const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
       filter: [
         {
-          definitionId: pexOpts.queryId,
+          queryId: pexOpts.queryId,
           version: pexOpts.version,
           tenantId: pexOpts.tenantId
         }
@@ -421,9 +421,8 @@ async function createRPBuilder(args) {
     });
     if (presentationDefinitionItems.length > 0) {
       const presentationDefinitionItem = presentationDefinitionItems[0];
-      definition = presentationDefinitionItem.definitionPayload;
       if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
-        dcqlQuery = presentationDefinitionItem.dcqlPayload;
+        dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
       }
     }
   }
@@ -493,19 +492,16 @@ async function createRPBuilder(args) {
   }, context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
   const oidfOpts = identifierOpts.oidfOpts;
   if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
-    builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT).withClientIdScheme("entity_id", PropertyTarget.REQUEST_OBJECT);
+    builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT);
   } else {
     const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts);
-    builder.withClientId(resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint), PropertyTarget.REQUEST_OBJECT).withClientIdScheme(resolution.clientIdScheme ?? identifierOpts.idOpts.clientIdScheme, PropertyTarget.REQUEST_OBJECT);
+    const clientId = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint);
+    const clientIdPrefixed = prefixClientId(clientId);
+    builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT);
   }
   if (hasher) {
     builder.withHasher(hasher);
   }
-  if (definition) {
-    builder.withPresentationDefinition({
-      definition
-    }, PropertyTarget.REQUEST_OBJECT);
-  }
   if (dcqlQuery) {
     builder.withDcqlQuery(dcqlQuery);
   }
@@ -565,6 +561,13 @@ function getSigningAlgo(type) {
   }
 }
 __name(getSigningAlgo, "getSigningAlgo");
+function prefixClientId(clientId) {
+  if (clientId.startsWith("did:")) {
+    return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;
+  }
+  return clientId;
+}
+__name(prefixClientId, "prefixClientId");
 
 // src/RPInstance.ts
 import { v4 as uuidv4 } from "uuid";
@@ -687,7 +690,6 @@ var RPInstance = class {
 };
 
 // src/agent/SIOPv2RP.ts
-import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
 var SIOPv2RP = class _SIOPv2RP {
   static {
     __name(this, "SIOPv2RP");
@@ -830,39 +832,23 @@ var SIOPv2RP = class _SIOPv2RP {
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
       correlationId: args.correlationId,
-      ...args.dcqlQueryPayload ? {
-        dcqlQuery: args.dcqlQueryPayload.dcqlQuery
+      ...args.dcqlQuery ? {
+        dcqlQuery: args.dcqlQuery
       } : {},
       audience: args.audience
     })));
   }
   async siopImportDefinitions(args, context) {
-    const { queries, tenantId, version, versionControlMode } = args;
-    await Promise.all(queries.map(async (definitionPair) => {
-      const definitionPayload = definitionPair.definitionPayload;
-      if (!definitionPayload && !definitionPair.dcqlPayload) {
-        return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
-      }
-      let definitionId;
-      if (definitionPair.dcqlPayload) {
-        DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery);
-        console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`);
-        definitionId = definitionPair.dcqlPayload.queryId;
-      }
-      if (definitionPayload) {
-        await context.agent.pexValidateDefinition({
-          definition: definitionPayload
-        });
-        console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
-        definitionId = definitionPayload.id;
-      }
+    const { importItems, tenantId, version, versionControlMode } = args;
+    await Promise.all(importItems.map(async (importItem) => {
+      DcqlQuery.validate(importItem.query);
+      console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
       return context.agent.pdmPersistDefinition({
         definitionItem: {
-          definitionId,
+          queryId: importItem.queryId,
           tenantId,
           version,
-          definitionPayload,
-          dcqlPayload: definitionPair.dcqlPayload
+          query: importItem.query
         },
         opts: {
           versionControlMode
@@ -980,12 +966,12 @@ var SIOPv2RP = class _SIOPv2RP {
 };
 
 // src/types/ISIOPv2RP.ts
-var VerifiedDataMode = /* @__PURE__ */ function(VerifiedDataMode2) {
+var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
   VerifiedDataMode2["NONE"] = "none";
   VerifiedDataMode2["VERIFIED_PRESENTATION"] = "vp";
   VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
   return VerifiedDataMode2;
-}({});
+})({});
 export {
   SIOPv2RP,
   VerifiedDataMode,