@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.45.93 → 0.34.1-feature.SSISDK.46.151

package/dist/index.d.ts

@@ -13,7 +13,7 @@ import { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
 import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange';
 import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
 import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common';
-import { AdditionalClaims, DcqlQueryREST, HasherSync } from '@sphereon/ssi-types';
+import { AdditionalClaims, DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types';
 import { VerifyCallback } from '@sphereon/wellknown-dids-client';
 import { Resolvable } from 'did-resolver';
 import { EventEmitter } from 'events';
@@ -41,8 +41,9 @@ interface ISiopv2RPOpts {
 interface IRPDefaultOpts extends IRPOptions {
 }
 interface ICreateAuthRequestArgs {
-    definitionId: string;
+    queryId: string;
     correlationId: string;
+    useQueryIdInstance?: boolean;
     responseURIType: ResponseURIType;
     responseURI: string;
     responseRedirectURI?: string;
@@ -54,46 +55,46 @@ interface ICreateAuthRequestArgs {
 }
 interface IGetAuthRequestStateArgs {
     correlationId: string;
-    definitionId: string;
+    queryId?: string;
     errorOnNotFound?: boolean;
 }
 interface IGetAuthResponseStateArgs {
     correlationId: string;
-    definitionId: string;
+    queryId?: string;
     errorOnNotFound?: boolean;
     progressRequestStateTo?: AuthorizationRequestStateStatus;
     includeVerifiedData?: VerifiedDataMode;
 }
 interface IUpdateRequestStateArgs {
-    definitionId: string;
+    queryId: string;
     correlationId: string;
     state: AuthorizationRequestStateStatus;
     error?: string;
 }
 interface IDeleteAuthStateArgs {
     correlationId: string;
-    definitionId: string;
+    queryId?: string;
 }
 interface IVerifyAuthResponseStateArgs {
     authorizationResponse: string | AuthorizationResponsePayload;
-    definitionId?: string;
+    queryId?: string;
     correlationId: string;
     audience?: string;
-    dcqlQuery?: DcqlQueryREST;
+    dcqlQueryPayload?: DcqlQueryPayload;
 }
 interface IDefinitionPair {
-    definitionPayload: IPresentationDefinition;
-    dcqlPayload?: DcqlQueryREST;
+    definitionPayload?: IPresentationDefinition;
+    dcqlPayload?: DcqlQueryPayload;
 }
 interface ImportDefinitionsArgs {
-    definitions: Array<IDefinitionPair>;
+    queries: Array<IDefinitionPair>;
     tenantId?: string;
     version?: string;
     versionControlMode?: VersionControlMode;
 }
 interface IGetRedirectUriArgs {
     correlationId: string;
-    definitionId?: string;
+    queryId?: string;
     state?: string;
 }
 interface IAuthorizationRequestPayloads {
@@ -106,7 +107,7 @@ interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {
     ttl?: number;
 }
 interface ISiopRPInstanceArgs {
-    definitionId?: string;
+    queryId?: string;
     responseRedirectURI?: string;
 }
 interface IPEXInstanceOptions extends IPEXOptions {
@@ -127,7 +128,7 @@ interface IRPOptions {
 }
 interface IPEXOptions {
     presentationVerifyCallback?: PresentationVerificationCallback;
-    definitionId: string;
+    queryId: string;
     version?: string;
     tenantId?: string;
 }
@@ -171,8 +172,8 @@ declare class RPInstance {
     hasDefinition(): boolean;
     get definitionId(): string | undefined;
     getPresentationDefinition(context: IRequiredContext): Promise<IPresentationDefinition | undefined>;
-    createAuthorizationRequestURI(createArgs: Omit<ICreateAuthRequestArgs, 'definitionId'>, context: IRequiredContext): Promise<URI>;
-    createAuthorizationRequest(createArgs: Omit<ICreateAuthRequestArgs, 'definitionId'>, context: IRequiredContext): Promise<AuthorizationRequest>;
+    createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI>;
+    createAuthorizationRequest(createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>, context: IRequiredContext): Promise<AuthorizationRequest>;
 }
 
 declare class SIOPv2RP implements IAgentPlugin {
@@ -193,9 +194,9 @@ declare class SIOPv2RP implements IAgentPlugin {
     private siopVerifyAuthResponse;
     private siopImportDefinitions;
     private siopGetRedirectURI;
-    getRPInstance({ definitionId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance>;
+    getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance>;
     getRPOptions(context: IRequiredContext, opts: {
-        definitionId?: string;
+        queryId?: string;
         responseRedirectURI?: string;
     }): Promise<IRPOptions>;
     getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined;

package/dist/index.js

@@ -344,6 +344,7 @@ var require_plugin_schema = __commonJS({
 import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did-auth-siop";
 import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
 import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
+import { DcqlQuery } from "dcql";
 
 // src/functions.ts
 import { InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
@@ -376,8 +377,7 @@ function getPresentationVerificationCallback(idOpts, context) {
   async function presentationVerificationCallback(args, presentationSubmission) {
     if (CredentialMapper.isSdJwtEncoded(args)) {
       const result2 = await context.agent.verifySdJwtPresentation({
-        presentation: args,
-        kb: true
+        presentation: args
       });
       return {
         verified: !!result2.payload
@@ -416,11 +416,11 @@ async function createRPBuilder(args) {
   const { identifierOpts } = rpOpts;
   let definition = args.definition;
   let dcqlQuery = args.dcql;
-  if (!definition && pexOpts && pexOpts.definitionId) {
+  if (!definition && pexOpts && pexOpts.queryId) {
     const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
       filter: [
         {
-          definitionId: pexOpts.definitionId,
+          definitionId: pexOpts.queryId,
           version: pexOpts.version,
           tenantId: pexOpts.tenantId
         }
@@ -428,9 +428,8 @@ async function createRPBuilder(args) {
     });
     if (presentationDefinitionItems.length > 0) {
       const presentationDefinitionItem = presentationDefinitionItems[0];
-      definition = presentationDefinitionItem.definitionPayload;
       if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
-        dcqlQuery = presentationDefinitionItem.dcqlPayload;
+        dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
       }
     }
   }
@@ -500,19 +499,14 @@ async function createRPBuilder(args) {
   }, context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
   const oidfOpts = identifierOpts.oidfOpts;
   if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
-    builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT).withClientIdScheme("entity_id", PropertyTarget.REQUEST_OBJECT);
+    builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT);
   } else {
     const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts);
-    builder.withClientId(resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint), PropertyTarget.REQUEST_OBJECT).withClientIdScheme(resolution.clientIdScheme ?? identifierOpts.idOpts.clientIdScheme, PropertyTarget.REQUEST_OBJECT);
+    builder.withClientId(resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint), PropertyTarget.REQUEST_OBJECT);
   }
   if (hasher) {
     builder.withHasher(hasher);
   }
-  if (definition) {
-    builder.withPresentationDefinition({
-      definition
-    }, PropertyTarget.REQUEST_OBJECT);
-  }
   if (dcqlQuery) {
     builder.withDcqlQuery(dcqlQuery);
   }
@@ -608,7 +602,7 @@ var RPInstance = class {
     return this.definitionId !== void 0;
   }
   get definitionId() {
-    return this.pexOptions?.definitionId;
+    return this.pexOptions?.queryId;
   }
   async getPresentationDefinition(context) {
     return this.definitionId ? await context.agent.pexStoreGetDefinition({
@@ -617,7 +611,7 @@ var RPInstance = class {
     }) : void 0;
   }
   async createAuthorizationRequestURI(createArgs, context) {
-    const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
+    const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
     const nonce = createArgs.nonce ?? uuidv4();
     const state = createArgs.state ?? correlationId;
     let jwtIssuer;
@@ -645,6 +639,7 @@ var RPInstance = class {
     return await this.get(context).then((rp) => rp.createAuthorizationRequestURI({
       version: getRequestVersion(this.rpOptions),
       correlationId,
+      queryId,
       nonce,
       state,
       claims,
@@ -730,30 +725,32 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestURI(createArgs, context) {
     return await this.getRPInstance({
-      definitionId: createArgs.definitionId,
-      responseRedirectURI: createArgs.responseRedirectURI
+      responseRedirectURI: createArgs.responseRedirectURI,
+      ...createArgs.useQueryIdInstance === true && {
+        queryId: createArgs.queryId
+      }
     }, context).then((rp) => rp.createAuthorizationRequestURI(createArgs, context)).then((URI) => URI.encodedUri);
   }
   async createAuthorizationRequestPayloads(createArgs, context) {
     return await this.getRPInstance({
-      definitionId: createArgs.definitionId
+      queryId: createArgs.queryId
     }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
       const authRequest = {
         authorizationRequest: request.payload,
         requestObject: await request.requestObjectJwt(),
-        requestObjectDecoded: await request.requestObject?.getPayload()
+        requestObjectDecoded: request.requestObject?.getPayload()
       };
       return authRequest;
     });
   }
   async siopGetRequestState(args, context) {
     return await this.getRPInstance({
-      definitionId: args.definitionId
+      queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
   }
   async siopGetResponseState(args, context) {
     const rpInstance = await this.getRPInstance({
-      definitionId: args.definitionId
+      queryId: args.queryId
     }, context);
     const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
     if (authorizationResponseState === void 0) {
@@ -806,11 +803,11 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => CredentialMapper2.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : CredentialMapper2.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
   async siopUpdateRequestState(args, context) {
-    if (args.state !== "sent") {
-      throw Error(`Only 'sent' status is supported for this method at this point`);
+    if (args.state !== "authorization_request_created") {
+      throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
     }
     return await this.getRPInstance({
-      definitionId: args.definitionId
+      queryId: args.queryId
     }, context).then((rp) => rp.get(context).then(async (rp2) => {
       await rp2.signalAuthRequestRetrieved({
         correlationId: args.correlationId,
@@ -821,7 +818,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopDeleteState(args, context) {
     return await this.getRPInstance({
-      definitionId: args.definitionId
+      queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
   }
   async siopVerifyAuthResponse(args, context) {
@@ -830,25 +827,38 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     const authResponse = typeof args.authorizationResponse === "string" ? decodeUriAsJson(args.authorizationResponse) : args.authorizationResponse;
     return await this.getRPInstance({
-      definitionId: args.definitionId
+      queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
       correlationId: args.correlationId,
-      ...args.dcqlQuery ? {
-        dcqlQuery: args.dcqlQuery
+      ...args.dcqlQueryPayload ? {
+        dcqlQuery: args.dcqlQueryPayload.dcqlQuery
       } : {},
       audience: args.audience
     })));
   }
   async siopImportDefinitions(args, context) {
-    const { definitions, tenantId, version, versionControlMode } = args;
-    await Promise.all(definitions.map(async (definitionPair) => {
+    const { queries, tenantId, version, versionControlMode } = args;
+    await Promise.all(queries.map(async (definitionPair) => {
       const definitionPayload = definitionPair.definitionPayload;
-      await context.agent.pexValidateDefinition({
-        definition: definitionPayload
-      });
-      console.log(`persisting definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
+      if (!definitionPayload && !definitionPair.dcqlPayload) {
+        return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
+      }
+      let definitionId;
+      if (definitionPair.dcqlPayload) {
+        DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery);
+        console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`);
+        definitionId = definitionPair.dcqlPayload.queryId;
+      }
+      if (definitionPayload) {
+        await context.agent.pexValidateDefinition({
+          definition: definitionPayload
+        });
+        console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
+        definitionId = definitionPayload.id;
+      }
       return context.agent.pdmPersistDefinition({
         definitionItem: {
+          definitionId,
           tenantId,
           version,
           definitionPayload,
@@ -861,7 +871,7 @@ var SIOPv2RP = class _SIOPv2RP {
     }));
   }
   async siopGetRedirectURI(args, context) {
-    const instanceId = args.definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
+    const instanceId = args.queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
     if (this.instances.has(instanceId)) {
       const rpInstance = this.instances.get(instanceId);
       if (rpInstance !== void 0) {
@@ -877,12 +887,12 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     return void 0;
   }
-  async getRPInstance({ definitionId, responseRedirectURI }, context) {
-    const instanceId = definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
+  async getRPInstance({ queryId, responseRedirectURI }, context) {
+    const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
     if (!this.instances.has(instanceId)) {
-      const instanceOpts = this.getInstanceOpts(definitionId);
+      const instanceOpts = this.getInstanceOpts(queryId);
       const rpOpts = await this.getRPOptions(context, {
-        definitionId,
+        queryId,
         responseRedirectURI
       });
       if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== "function") {
@@ -894,7 +904,7 @@ var SIOPv2RP = class _SIOPv2RP {
             ...rpOpts.identifierOpts.resolveOpts
           };
         }
-        console.log("Using agent DID resolver for RP instance with definition id " + definitionId);
+        console.log("Using agent DID resolver for RP instance with definition id " + queryId);
         rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver2(context, {
           uniresolverResolution: true,
           localResolution: true,
@@ -913,10 +923,10 @@ var SIOPv2RP = class _SIOPv2RP {
     return rpInstance;
   }
   async getRPOptions(context, opts) {
-    const { definitionId, responseRedirectURI } = opts;
-    const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts;
+    const { queryId, responseRedirectURI } = opts;
+    const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts;
     if (!options) {
-      throw Error(`Could not get specific nor default options for definition ${definitionId}`);
+      throw Error(`Could not get specific nor default options for definition ${queryId}`);
     }
     if (this.opts.defaultOpts) {
       if (!options.identifierOpts) {
@@ -950,18 +960,18 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   getInstanceOpts(definitionId) {
     if (!this.opts.instanceOpts) return void 0;
-    const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : void 0;
+    const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : void 0;
     return instanceOpt ?? this.getDefaultOptions(definitionId);
   }
   getDefaultOptions(definitionId) {
     if (!this.opts.instanceOpts) return void 0;
-    const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === "default");
+    const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
     if (defaultOptions) {
       const clonedOptions = {
         ...defaultOptions
       };
       if (definitionId !== void 0) {
-        clonedOptions.definitionId = definitionId;
+        clonedOptions.queryId = definitionId;
       }
       return clonedOptions;
     }
@@ -970,12 +980,12 @@ var SIOPv2RP = class _SIOPv2RP {
 };
 
 // src/types/ISIOPv2RP.ts
-var VerifiedDataMode = /* @__PURE__ */ function(VerifiedDataMode2) {
+var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
   VerifiedDataMode2["NONE"] = "none";
   VerifiedDataMode2["VERIFIED_PRESENTATION"] = "vp";
   VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
   return VerifiedDataMode2;
-}({});
+})({});
 
 // src/index.ts
 var schema = require_plugin_schema();