npm - @sphereon/ssi-sdk.siopv2-oid4vp-rp-auth - Versions diffs - 0.34.1-feature.SSISDK.57.uni.client.169 → 0.34.1-feature.SSISDK.57.uni.client.203 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.57.uni.client.169 → 0.34.1-feature.SSISDK.57.uni.client.203

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.js CHANGED Viewed

@@ -336,11 +336,12 @@ var plugin_schema_default = {
 import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did-auth-siop";
 import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
 import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
+import { validate as isValidUUID } from "uuid";
 import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
 import { DcqlQuery } from "dcql";
 // src/functions.ts
-import { InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
+import { ClientIdentifierPrefix, InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
 import { SigningAlgo } from "@sphereon/oid4vc-common";
 import { getAgentDIDMethods, getAgentResolver } from "@sphereon/ssi-sdk-ext.did-utils";
 import { isExternalIdentifierOIDFEntityIdOpts, isManagedIdentifierDidOpts, isManagedIdentifierDidResult, isManagedIdentifierX5cOpts } from "@sphereon/ssi-sdk-ext.identifier-resolution";
@@ -351,7 +352,7 @@ function getRequestVersion(rpOptions) {
   if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
     return rpOptions.supportedVersions[0];
   }
-  return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
+  return SupportedVersion.OID4VP_v1;
 }
 __name(getRequestVersion, "getRequestVersion");
 function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -366,6 +367,33 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
   };
 }
 __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
+function getDcqlQueryLookupCallback(context) {
+  async function dcqlQueryLookup(queryId, version, tenantId) {
+    const result = await context.agent.pdmGetDefinitions({
+      filter: [
+        {
+          queryId,
+          ...tenantId && {
+            tenantId
+          },
+          ...version && {
+            version
+          }
+        },
+        {
+          id: queryId
+        }
+      ]
+    });
+    if (result && result.length > 0) {
+      return result[0].query;
+    }
+    return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
+  }
+  __name(dcqlQueryLookup, "dcqlQueryLookup");
+  return dcqlQueryLookup;
+}
+__name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
 function getPresentationVerificationCallback(idOpts, context) {
   async function presentationVerificationCallback(args, presentationSubmission) {
     if (CredentialMapper.isSdJwtEncoded(args)) {
@@ -405,27 +433,8 @@ function getPresentationVerificationCallback(idOpts, context) {
 }
 __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
 async function createRPBuilder(args) {
-  const { rpOpts, pexOpts, context } = args;
+  const { rpOpts, context } = args;
   const { identifierOpts } = rpOpts;
-  let definition = args.definition;
-  let dcqlQuery = args.dcql;
-  if (!definition && pexOpts && pexOpts.queryId) {
-    const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
-      filter: [
-        {
-          queryId: pexOpts.queryId,
-          version: pexOpts.version,
-          tenantId: pexOpts.tenantId
-        }
-      ]
-    });
-    if (presentationDefinitionItems.length > 0) {
-      const presentationDefinitionItem = presentationDefinitionItems[0];
-      if (!dcqlQuery) {
-        dcqlQuery = presentationDefinitionItem.dcqlQuery;
-      }
-    }
-  }
   const didMethods = identifierOpts.supportedDIDMethods ?? await getAgentDIDMethods(context);
   const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter();
   const defaultClientMetadata = {
@@ -480,29 +489,27 @@ async function createRPBuilder(args) {
   const builder = RP.builder({
     requestVersion: getRequestVersion(rpOpts)
   }).withScope("openid", PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? ResponseMode.POST).withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
-    SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
-    SupportedVersion.SIOPv2_ID1,
-    SupportedVersion.SIOPv2_D11
+    SupportedVersion.OID4VP_v1,
+    SupportedVersion.SIOPv2_OID4VP_D28
   ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
     resolver,
     verifyOpts: {
       wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
       checkLinkedDomain: "if_present"
     }
-  }, context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
+  }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
   const oidfOpts = identifierOpts.oidfOpts;
   if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
     builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT);
   } else {
     const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts);
-    builder.withClientId(resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint), PropertyTarget.REQUEST_OBJECT);
+    const clientId = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint);
+    const clientIdPrefixed = prefixClientId(clientId);
+    builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT);
   }
   if (hasher) {
     builder.withHasher(hasher);
   }
-  if (dcqlQuery) {
-    builder.withDcqlQuery(dcqlQuery);
-  }
   if (rpOpts.responseRedirectUri) {
     builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
   }
@@ -559,6 +566,13 @@ function getSigningAlgo(type) {
   }
 }
 __name(getSigningAlgo, "getSigningAlgo");
+function prefixClientId(clientId) {
+  if (clientId.startsWith("did:")) {
+    return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;
+  }
+  return clientId;
+}
+__name(prefixClientId, "prefixClientId");
 // src/RPInstance.ts
 import { v4 as uuidv4 } from "uuid";
@@ -568,17 +582,16 @@ var RPInstance = class {
     __name(this, "RPInstance");
   }
   _rp;
-  _pexOptions;
+  _presentationOptions;
   _rpOptions;
   constructor({ rpOpts, pexOpts }) {
     this._rpOptions = rpOpts;
-    this._pexOptions = pexOpts;
+    this._presentationOptions = pexOpts;
   }
   async get(context) {
     if (!this._rp) {
       const builder = await createRPBuilder({
         rpOpts: this._rpOptions,
-        pexOpts: this._pexOptions,
         context
       });
       this._rp = builder.build();
@@ -588,20 +601,8 @@ var RPInstance = class {
   get rpOptions() {
     return this._rpOptions;
   }
-  get pexOptions() {
-    return this._pexOptions;
-  }
-  hasDefinition() {
-    return this.definitionId !== void 0;
-  }
-  get definitionId() {
-    return this.pexOptions?.queryId;
-  }
-  async getPresentationDefinition(context) {
-    return this.definitionId ? await context.agent.pexStoreGetDefinition({
-      definitionId: this.definitionId,
-      tenantId: this.pexOptions?.tenantId
-    }) : void 0;
+  get presentationOptions() {
+    return this._presentationOptions;
   }
   async createAuthorizationRequestURI(createArgs, context) {
     const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
@@ -718,6 +719,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestURI(createArgs, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: true,
       responseRedirectURI: createArgs.responseRedirectURI,
       ...createArgs.useQueryIdInstance === true && {
         queryId: createArgs.queryId
@@ -726,6 +728,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestPayloads(createArgs, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: true,
       queryId: createArgs.queryId
     }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
       const authRequest = {
@@ -738,11 +741,13 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopGetRequestState(args, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
   }
   async siopGetResponseState(args, context) {
     const rpInstance = await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context);
     const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
@@ -800,6 +805,7 @@ var SIOPv2RP = class _SIOPv2RP {
       throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
     }
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then(async (rp2) => {
       await rp2.signalAuthRequestRetrieved({
@@ -811,6 +817,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopDeleteState(args, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
   }
@@ -820,6 +827,7 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     const authResponse = typeof args.authorizationResponse === "string" ? decodeUriAsJson(args.authorizationResponse) : args.authorizationResponse;
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
       correlationId: args.correlationId,
@@ -832,14 +840,14 @@ var SIOPv2RP = class _SIOPv2RP {
   async siopImportDefinitions(args, context) {
     const { importItems, tenantId, version, versionControlMode } = args;
     await Promise.all(importItems.map(async (importItem) => {
-      DcqlQuery.validate(importItem.dcqlQuery);
+      DcqlQuery.validate(importItem.query);
       console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
       return context.agent.pdmPersistDefinition({
         definitionItem: {
           queryId: importItem.queryId,
           tenantId,
           version,
-          dcqlQuery: importItem.dcqlQuery
+          query: importItem.query
         },
         opts: {
           versionControlMode
@@ -864,9 +872,37 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     return void 0;
   }
-  async getRPInstance({ queryId, responseRedirectURI }, context) {
-    const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
-    if (!this.instances.has(instanceId)) {
+  async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
+    let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
+    let rpInstance;
+    if (queryId) {
+      if (this.instances.has(queryId)) {
+        rpInstanceId = queryId;
+        rpInstance = this.instances.get(rpInstanceId);
+      } else if (isValidUUID(queryId)) {
+        try {
+          const pd = await context.agent.pdmGetDefinition({
+            itemId: queryId
+          });
+          if (this.instances.has(pd.queryId)) {
+            rpInstanceId = pd.queryId;
+            rpInstance = this.instances.get(rpInstanceId);
+          }
+        } catch (ignore) {
+        }
+      }
+      if (createWhenNotPresent) {
+        rpInstanceId = queryId;
+      } else {
+        rpInstance = this.instances.get(rpInstanceId);
+      }
+    } else {
+      rpInstance = this.instances.get(rpInstanceId);
+    }
+    if (!rpInstance) {
+      if (!createWhenNotPresent) {
+        return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
+      }
       const instanceOpts = this.getInstanceOpts(queryId);
       const rpOpts = await this.getRPOptions(context, {
         queryId,
@@ -888,12 +924,12 @@ var SIOPv2RP = class _SIOPv2RP {
           resolverResolution: true
         });
       }
-      this.instances.set(instanceId, new RPInstance({
+      rpInstance = new RPInstance({
         rpOpts,
         pexOpts: instanceOpts
-      }));
+      });
+      this.instances.set(rpInstanceId, rpInstance);
     }
-    const rpInstance = this.instances.get(instanceId);
     if (responseRedirectURI) {
       rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
     }