@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.57.uni.client.169 → 0.34.1-feature.SSISDK.57.uni.client.203
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +90 -54
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +11 -15
- package/dist/index.d.ts +11 -15
- package/dist/index.js +91 -55
- package/dist/index.js.map +1 -1
- package/package.json +17 -17
- package/src/RPInstance.ts +7 -26
- package/src/agent/SIOPv2RP.ts +46 -14
- package/src/functions.ts +47 -38
- package/src/types/ISIOPv2RP.ts +5 -8
package/dist/index.cjs
CHANGED
|
@@ -362,6 +362,7 @@ var plugin_schema_default = {
|
|
|
362
362
|
var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
|
|
363
363
|
var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
|
|
364
364
|
var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
|
|
365
|
+
var import_uuid2 = require("uuid");
|
|
365
366
|
var import_ssi_types2 = require("@sphereon/ssi-types");
|
|
366
367
|
var import_dcql = require("dcql");
|
|
367
368
|
|
|
@@ -377,7 +378,7 @@ function getRequestVersion(rpOptions) {
|
|
|
377
378
|
if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
|
|
378
379
|
return rpOptions.supportedVersions[0];
|
|
379
380
|
}
|
|
380
|
-
return import_did_auth_siop.SupportedVersion.
|
|
381
|
+
return import_did_auth_siop.SupportedVersion.OID4VP_v1;
|
|
381
382
|
}
|
|
382
383
|
__name(getRequestVersion, "getRequestVersion");
|
|
383
384
|
function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
|
|
@@ -392,6 +393,33 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
|
|
|
392
393
|
};
|
|
393
394
|
}
|
|
394
395
|
__name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
|
|
396
|
+
function getDcqlQueryLookupCallback(context) {
|
|
397
|
+
async function dcqlQueryLookup(queryId, version, tenantId) {
|
|
398
|
+
const result = await context.agent.pdmGetDefinitions({
|
|
399
|
+
filter: [
|
|
400
|
+
{
|
|
401
|
+
queryId,
|
|
402
|
+
...tenantId && {
|
|
403
|
+
tenantId
|
|
404
|
+
},
|
|
405
|
+
...version && {
|
|
406
|
+
version
|
|
407
|
+
}
|
|
408
|
+
},
|
|
409
|
+
{
|
|
410
|
+
id: queryId
|
|
411
|
+
}
|
|
412
|
+
]
|
|
413
|
+
});
|
|
414
|
+
if (result && result.length > 0) {
|
|
415
|
+
return result[0].query;
|
|
416
|
+
}
|
|
417
|
+
return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
|
|
418
|
+
}
|
|
419
|
+
__name(dcqlQueryLookup, "dcqlQueryLookup");
|
|
420
|
+
return dcqlQueryLookup;
|
|
421
|
+
}
|
|
422
|
+
__name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
|
|
395
423
|
function getPresentationVerificationCallback(idOpts, context) {
|
|
396
424
|
async function presentationVerificationCallback(args, presentationSubmission) {
|
|
397
425
|
if (import_ssi_types.CredentialMapper.isSdJwtEncoded(args)) {
|
|
@@ -431,27 +459,8 @@ function getPresentationVerificationCallback(idOpts, context) {
|
|
|
431
459
|
}
|
|
432
460
|
__name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
|
|
433
461
|
async function createRPBuilder(args) {
|
|
434
|
-
const { rpOpts,
|
|
462
|
+
const { rpOpts, context } = args;
|
|
435
463
|
const { identifierOpts } = rpOpts;
|
|
436
|
-
let definition = args.definition;
|
|
437
|
-
let dcqlQuery = args.dcql;
|
|
438
|
-
if (!definition && pexOpts && pexOpts.queryId) {
|
|
439
|
-
const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
|
|
440
|
-
filter: [
|
|
441
|
-
{
|
|
442
|
-
queryId: pexOpts.queryId,
|
|
443
|
-
version: pexOpts.version,
|
|
444
|
-
tenantId: pexOpts.tenantId
|
|
445
|
-
}
|
|
446
|
-
]
|
|
447
|
-
});
|
|
448
|
-
if (presentationDefinitionItems.length > 0) {
|
|
449
|
-
const presentationDefinitionItem = presentationDefinitionItems[0];
|
|
450
|
-
if (!dcqlQuery) {
|
|
451
|
-
dcqlQuery = presentationDefinitionItem.dcqlQuery;
|
|
452
|
-
}
|
|
453
|
-
}
|
|
454
|
-
}
|
|
455
464
|
const didMethods = identifierOpts.supportedDIDMethods ?? await (0, import_ssi_sdk_ext.getAgentDIDMethods)(context);
|
|
456
465
|
const eventEmitter = rpOpts.eventEmitter ?? new import_events.EventEmitter();
|
|
457
466
|
const defaultClientMetadata = {
|
|
@@ -506,29 +515,27 @@ async function createRPBuilder(args) {
|
|
|
506
515
|
const builder = import_did_auth_siop.RP.builder({
|
|
507
516
|
requestVersion: getRequestVersion(rpOpts)
|
|
508
517
|
}).withScope("openid", import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? import_did_auth_siop.ResponseMode.POST).withResponseType(import_did_auth_siop.ResponseType.VP_TOKEN, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
|
|
509
|
-
import_did_auth_siop.SupportedVersion.
|
|
510
|
-
import_did_auth_siop.SupportedVersion.
|
|
511
|
-
import_did_auth_siop.SupportedVersion.SIOPv2_D11
|
|
518
|
+
import_did_auth_siop.SupportedVersion.OID4VP_v1,
|
|
519
|
+
import_did_auth_siop.SupportedVersion.SIOPv2_OID4VP_D28
|
|
512
520
|
]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new import_did_auth_siop.InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
|
|
513
521
|
resolver,
|
|
514
522
|
verifyOpts: {
|
|
515
523
|
wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
|
|
516
524
|
checkLinkedDomain: "if_present"
|
|
517
525
|
}
|
|
518
|
-
}, context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
|
|
526
|
+
}, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
|
|
519
527
|
const oidfOpts = identifierOpts.oidfOpts;
|
|
520
528
|
if (oidfOpts && (0, import_ssi_sdk_ext2.isExternalIdentifierOIDFEntityIdOpts)(oidfOpts)) {
|
|
521
529
|
builder.withEntityId(oidfOpts.identifier, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
|
|
522
530
|
} else {
|
|
523
531
|
const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts);
|
|
524
|
-
|
|
532
|
+
const clientId = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? ((0, import_ssi_sdk_ext2.isManagedIdentifierDidResult)(resolution) ? resolution.did : resolution.jwkThumbprint);
|
|
533
|
+
const clientIdPrefixed = prefixClientId(clientId);
|
|
534
|
+
builder.withClientId(clientIdPrefixed, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
|
|
525
535
|
}
|
|
526
536
|
if (hasher) {
|
|
527
537
|
builder.withHasher(hasher);
|
|
528
538
|
}
|
|
529
|
-
if (dcqlQuery) {
|
|
530
|
-
builder.withDcqlQuery(dcqlQuery);
|
|
531
|
-
}
|
|
532
539
|
if (rpOpts.responseRedirectUri) {
|
|
533
540
|
builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
|
|
534
541
|
}
|
|
@@ -585,6 +592,13 @@ function getSigningAlgo(type) {
|
|
|
585
592
|
}
|
|
586
593
|
}
|
|
587
594
|
__name(getSigningAlgo, "getSigningAlgo");
|
|
595
|
+
function prefixClientId(clientId) {
|
|
596
|
+
if (clientId.startsWith("did:")) {
|
|
597
|
+
return `${import_did_auth_siop.ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;
|
|
598
|
+
}
|
|
599
|
+
return clientId;
|
|
600
|
+
}
|
|
601
|
+
__name(prefixClientId, "prefixClientId");
|
|
588
602
|
|
|
589
603
|
// src/RPInstance.ts
|
|
590
604
|
var import_uuid = require("uuid");
|
|
@@ -594,17 +608,16 @@ var RPInstance = class {
|
|
|
594
608
|
__name(this, "RPInstance");
|
|
595
609
|
}
|
|
596
610
|
_rp;
|
|
597
|
-
|
|
611
|
+
_presentationOptions;
|
|
598
612
|
_rpOptions;
|
|
599
613
|
constructor({ rpOpts, pexOpts }) {
|
|
600
614
|
this._rpOptions = rpOpts;
|
|
601
|
-
this.
|
|
615
|
+
this._presentationOptions = pexOpts;
|
|
602
616
|
}
|
|
603
617
|
async get(context) {
|
|
604
618
|
if (!this._rp) {
|
|
605
619
|
const builder = await createRPBuilder({
|
|
606
620
|
rpOpts: this._rpOptions,
|
|
607
|
-
pexOpts: this._pexOptions,
|
|
608
621
|
context
|
|
609
622
|
});
|
|
610
623
|
this._rp = builder.build();
|
|
@@ -614,20 +627,8 @@ var RPInstance = class {
|
|
|
614
627
|
get rpOptions() {
|
|
615
628
|
return this._rpOptions;
|
|
616
629
|
}
|
|
617
|
-
get
|
|
618
|
-
return this.
|
|
619
|
-
}
|
|
620
|
-
hasDefinition() {
|
|
621
|
-
return this.definitionId !== void 0;
|
|
622
|
-
}
|
|
623
|
-
get definitionId() {
|
|
624
|
-
return this.pexOptions?.queryId;
|
|
625
|
-
}
|
|
626
|
-
async getPresentationDefinition(context) {
|
|
627
|
-
return this.definitionId ? await context.agent.pexStoreGetDefinition({
|
|
628
|
-
definitionId: this.definitionId,
|
|
629
|
-
tenantId: this.pexOptions?.tenantId
|
|
630
|
-
}) : void 0;
|
|
630
|
+
get presentationOptions() {
|
|
631
|
+
return this._presentationOptions;
|
|
631
632
|
}
|
|
632
633
|
async createAuthorizationRequestURI(createArgs, context) {
|
|
633
634
|
const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
|
|
@@ -744,6 +745,7 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
744
745
|
}
|
|
745
746
|
async createAuthorizationRequestURI(createArgs, context) {
|
|
746
747
|
return await this.getRPInstance({
|
|
748
|
+
createWhenNotPresent: true,
|
|
747
749
|
responseRedirectURI: createArgs.responseRedirectURI,
|
|
748
750
|
...createArgs.useQueryIdInstance === true && {
|
|
749
751
|
queryId: createArgs.queryId
|
|
@@ -752,6 +754,7 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
752
754
|
}
|
|
753
755
|
async createAuthorizationRequestPayloads(createArgs, context) {
|
|
754
756
|
return await this.getRPInstance({
|
|
757
|
+
createWhenNotPresent: true,
|
|
755
758
|
queryId: createArgs.queryId
|
|
756
759
|
}, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
|
|
757
760
|
const authRequest = {
|
|
@@ -764,11 +767,13 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
764
767
|
}
|
|
765
768
|
async siopGetRequestState(args, context) {
|
|
766
769
|
return await this.getRPInstance({
|
|
770
|
+
createWhenNotPresent: false,
|
|
767
771
|
queryId: args.queryId
|
|
768
772
|
}, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
|
|
769
773
|
}
|
|
770
774
|
async siopGetResponseState(args, context) {
|
|
771
775
|
const rpInstance = await this.getRPInstance({
|
|
776
|
+
createWhenNotPresent: false,
|
|
772
777
|
queryId: args.queryId
|
|
773
778
|
}, context);
|
|
774
779
|
const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
|
|
@@ -826,6 +831,7 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
826
831
|
throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
|
|
827
832
|
}
|
|
828
833
|
return await this.getRPInstance({
|
|
834
|
+
createWhenNotPresent: false,
|
|
829
835
|
queryId: args.queryId
|
|
830
836
|
}, context).then((rp) => rp.get(context).then(async (rp2) => {
|
|
831
837
|
await rp2.signalAuthRequestRetrieved({
|
|
@@ -837,6 +843,7 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
837
843
|
}
|
|
838
844
|
async siopDeleteState(args, context) {
|
|
839
845
|
return await this.getRPInstance({
|
|
846
|
+
createWhenNotPresent: false,
|
|
840
847
|
queryId: args.queryId
|
|
841
848
|
}, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
|
|
842
849
|
}
|
|
@@ -846,6 +853,7 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
846
853
|
}
|
|
847
854
|
const authResponse = typeof args.authorizationResponse === "string" ? (0, import_did_auth_siop2.decodeUriAsJson)(args.authorizationResponse) : args.authorizationResponse;
|
|
848
855
|
return await this.getRPInstance({
|
|
856
|
+
createWhenNotPresent: false,
|
|
849
857
|
queryId: args.queryId
|
|
850
858
|
}, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
|
|
851
859
|
correlationId: args.correlationId,
|
|
@@ -858,14 +866,14 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
858
866
|
async siopImportDefinitions(args, context) {
|
|
859
867
|
const { importItems, tenantId, version, versionControlMode } = args;
|
|
860
868
|
await Promise.all(importItems.map(async (importItem) => {
|
|
861
|
-
import_dcql.DcqlQuery.validate(importItem.
|
|
869
|
+
import_dcql.DcqlQuery.validate(importItem.query);
|
|
862
870
|
console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
|
|
863
871
|
return context.agent.pdmPersistDefinition({
|
|
864
872
|
definitionItem: {
|
|
865
873
|
queryId: importItem.queryId,
|
|
866
874
|
tenantId,
|
|
867
875
|
version,
|
|
868
|
-
|
|
876
|
+
query: importItem.query
|
|
869
877
|
},
|
|
870
878
|
opts: {
|
|
871
879
|
versionControlMode
|
|
@@ -890,9 +898,37 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
890
898
|
}
|
|
891
899
|
return void 0;
|
|
892
900
|
}
|
|
893
|
-
async getRPInstance({ queryId, responseRedirectURI }, context) {
|
|
894
|
-
|
|
895
|
-
|
|
901
|
+
async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
|
|
902
|
+
let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
|
|
903
|
+
let rpInstance;
|
|
904
|
+
if (queryId) {
|
|
905
|
+
if (this.instances.has(queryId)) {
|
|
906
|
+
rpInstanceId = queryId;
|
|
907
|
+
rpInstance = this.instances.get(rpInstanceId);
|
|
908
|
+
} else if ((0, import_uuid2.validate)(queryId)) {
|
|
909
|
+
try {
|
|
910
|
+
const pd = await context.agent.pdmGetDefinition({
|
|
911
|
+
itemId: queryId
|
|
912
|
+
});
|
|
913
|
+
if (this.instances.has(pd.queryId)) {
|
|
914
|
+
rpInstanceId = pd.queryId;
|
|
915
|
+
rpInstance = this.instances.get(rpInstanceId);
|
|
916
|
+
}
|
|
917
|
+
} catch (ignore) {
|
|
918
|
+
}
|
|
919
|
+
}
|
|
920
|
+
if (createWhenNotPresent) {
|
|
921
|
+
rpInstanceId = queryId;
|
|
922
|
+
} else {
|
|
923
|
+
rpInstance = this.instances.get(rpInstanceId);
|
|
924
|
+
}
|
|
925
|
+
} else {
|
|
926
|
+
rpInstance = this.instances.get(rpInstanceId);
|
|
927
|
+
}
|
|
928
|
+
if (!rpInstance) {
|
|
929
|
+
if (!createWhenNotPresent) {
|
|
930
|
+
return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
|
|
931
|
+
}
|
|
896
932
|
const instanceOpts = this.getInstanceOpts(queryId);
|
|
897
933
|
const rpOpts = await this.getRPOptions(context, {
|
|
898
934
|
queryId,
|
|
@@ -914,12 +950,12 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
914
950
|
resolverResolution: true
|
|
915
951
|
});
|
|
916
952
|
}
|
|
917
|
-
|
|
953
|
+
rpInstance = new RPInstance({
|
|
918
954
|
rpOpts,
|
|
919
955
|
pexOpts: instanceOpts
|
|
920
|
-
})
|
|
956
|
+
});
|
|
957
|
+
this.instances.set(rpInstanceId, rpInstance);
|
|
921
958
|
}
|
|
922
|
-
const rpInstance = this.instances.get(instanceId);
|
|
923
959
|
if (responseRedirectURI) {
|
|
924
960
|
rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
|
|
925
961
|
}
|