npm - @sphereon/ssi-sdk.siopv2-oid4vp-rp-auth - Versions diffs - 0.34.1-feature.SSISDK.57.uni.client.169 → 0.34.1-feature.SSISDK.57.uni.client.203 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.57.uni.client.169 → 0.34.1-feature.SSISDK.57.uni.client.203

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/src/agent/SIOPv2RP.ts CHANGED Viewed

@@ -9,6 +9,7 @@ import {
 } from '@sphereon/did-auth-siop'
 import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
 import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
+import { validate as isValidUUID } from 'uuid'
 import type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'
 import {
@@ -87,7 +88,11 @@ export class SIOPv2RP implements IAgentPlugin {
   private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {
     return await this.getRPInstance(
-      { responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId }) },
+      {
+        createWhenNotPresent: true,
+        responseRedirectURI: createArgs.responseRedirectURI,
+        ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId }),
+      },
       context,
     )
       .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))
@@ -98,7 +103,7 @@ export class SIOPv2RP implements IAgentPlugin {
     createArgs: ICreateAuthRequestArgs,
     context: IRequiredContext,
   ): Promise<IAuthorizationRequestPayloads> {
-    return await this.getRPInstance({ queryId: createArgs.queryId }, context)
+    return await this.getRPInstance({ createWhenNotPresent: true, queryId: createArgs.queryId }, context)
       .then((rp) => rp.createAuthorizationRequest(createArgs, context))
       .then(async (request) => {
         const authRequest: IAuthorizationRequestPayloads = {
@@ -111,7 +116,7 @@ export class SIOPv2RP implements IAgentPlugin {
   }
   private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {
-    return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>
+    return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>
       rp.get(context).then((rp) => rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)),
     )
   }
@@ -120,7 +125,7 @@ export class SIOPv2RP implements IAgentPlugin {
     args: IGetAuthResponseStateArgs,
     context: IRequiredContext,
   ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {
-    const rpInstance: RPInstance = await this.getRPInstance({ queryId: args.queryId }, context)
+    const rpInstance: RPInstance = await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)
     const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance
       .get(context)
       .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))
@@ -200,7 +205,7 @@ export class SIOPv2RP implements IAgentPlugin {
     if (args.state !== 'authorization_request_created') {
       throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)
     }
-    return await this.getRPInstance({ queryId: args.queryId }, context)
+    return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)
       // todo: In the SIOP library we need to update the signal method to be more like this method
       .then((rp) =>
         rp.get(context).then(async (rp) => {
@@ -214,7 +219,7 @@ export class SIOPv2RP implements IAgentPlugin {
   }
   private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {
-    return await this.getRPInstance({ queryId: args.queryId }, context)
+    return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)
       .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))
       .then(() => true)
   }
@@ -227,7 +232,7 @@ export class SIOPv2RP implements IAgentPlugin {
       typeof args.authorizationResponse === 'string'
         ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)
         : args.authorizationResponse
-    return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>
+    return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>
       rp.get(context).then((rp) =>
         rp.verifyAuthorizationResponse(authResponse, {
           correlationId: args.correlationId,
@@ -242,7 +247,7 @@ export class SIOPv2RP implements IAgentPlugin {
     const { importItems, tenantId, version, versionControlMode } = args
     await Promise.all(
       importItems.map(async (importItem: ImportDcqlQueryItem) => {
-        DcqlQuery.validate(importItem.dcqlQuery)
+        DcqlQuery.validate(importItem.query)
         console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)
         return context.agent.pdmPersistDefinition({
@@ -250,7 +255,7 @@ export class SIOPv2RP implements IAgentPlugin {
             queryId: importItem.queryId!,
             tenantId: tenantId,
             version: version,
-            dcqlQuery: importItem.dcqlQuery,
+            query: importItem.query,
           },
           opts: { versionControlMode: versionControlMode },
         })
@@ -274,9 +279,36 @@ export class SIOPv2RP implements IAgentPlugin {
     return undefined
   }
-  async getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {
-    const instanceId = queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY
-    if (!this.instances.has(instanceId)) {
+  async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {
+    let rpInstanceId: string = SIOPv2RP._DEFAULT_OPTS_KEY
+    let rpInstance: RPInstance | undefined
+    if (queryId) {
+      if (this.instances.has(queryId)) {
+        rpInstanceId = queryId
+        rpInstance = this.instances.get(rpInstanceId)!
+      } else if (isValidUUID(queryId)) {
+        try {
+          // Check whether queryId is actually the PD item id
+          const pd = await context.agent.pdmGetDefinition({ itemId: queryId })
+          if (this.instances.has(pd.queryId)) {
+            rpInstanceId = pd.queryId
+            rpInstance = this.instances.get(rpInstanceId)!
+          }
+        } catch (ignore) {}
+      }
+      if (createWhenNotPresent) {
+        rpInstanceId = queryId
+      } else {
+        rpInstance = this.instances.get(rpInstanceId)
+      }
+    } else {
+      rpInstance = this.instances.get(rpInstanceId)
+    }
+    if (!rpInstance) {
+      if (!createWhenNotPresent) {
+        return Promise.reject(`No RP instance found for key ${rpInstanceId}`)
+      }
       const instanceOpts = this.getInstanceOpts(queryId)
       const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })
       if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {
@@ -291,9 +323,9 @@ export class SIOPv2RP implements IAgentPlugin {
           resolverResolution: true,
         })
       }
-      this.instances.set(instanceId, new RPInstance({ rpOpts, pexOpts: instanceOpts }))
+      rpInstance = new RPInstance({ rpOpts, pexOpts: instanceOpts })
+      this.instances.set(rpInstanceId, rpInstance)
     }
-    const rpInstance = this.instances.get(instanceId)!
     if (responseRedirectURI) {
       rpInstance.rpOptions.responseRedirectUri = responseRedirectURI
     }

package/src/functions.ts CHANGED Viewed

@@ -1,5 +1,7 @@
 import {
+  ClientIdentifierPrefix,
   ClientMetadataOpts,
+  DcqlQueryLookupCallback,
   InMemoryRPSessionManager,
   PassBy,
   PresentationVerificationCallback,
@@ -29,12 +31,11 @@ import { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'
 import { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'
 import { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'
 import { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'
-// import { KeyAlgo, SuppliedSigner } from '@sphereon/ssi-sdk.core'
 import { TKeyType } from '@veramo/core'
 import { JWTVerifyOptions } from 'did-jwt'
 import { Resolvable } from 'did-resolver'
 import { EventEmitter } from 'events'
-import { IPEXOptions, IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'
+import { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'
 import { DcqlQuery } from 'dcql'
 import { defaultHasher } from '@sphereon/ssi-sdk.core'
@@ -42,7 +43,7 @@ export function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {
   if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
     return rpOptions.supportedVersions[0]
   }
-  return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1
+  return SupportedVersion.OID4VP_v1
 }
 function getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {
@@ -57,6 +58,31 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOption
       }
 }
+export function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQueryLookupCallback {
+  async function dcqlQueryLookup(queryId: string, version?: string, tenantId?: string): Promise<DcqlQuery> {
+    // TODO Add caching?
+    const result = await context.agent.pdmGetDefinitions({
+      filter: [
+        {
+          queryId,
+          ...(tenantId && { tenantId }),
+          ...(version && { version }),
+        },
+        {
+          id: queryId,
+        },
+      ],
+    })
+    if (result && result.length > 0) {
+      return result[0].query
+    }
+    return Promise.reject(Error(`No dcql query found for queryId ${queryId}`))
+  }
+  return dcqlQueryLookup
+}
 export function getPresentationVerificationCallback(
   idOpts: ManagedIdentifierOptsOrResult,
   context: IRequiredContext,
@@ -101,34 +127,11 @@ export function getPresentationVerificationCallback(
 export async function createRPBuilder(args: {
   rpOpts: IRPOptions
-  pexOpts?: IPEXOptions | undefined
   definition?: IPresentationDefinition
-  dcql?: DcqlQuery
   context: IRequiredContext
 }): Promise<RPBuilder> {
-  const { rpOpts, pexOpts, context } = args
+  const { rpOpts, context } = args
   const { identifierOpts } = rpOpts
-  let definition: IPresentationDefinition | undefined = args.definition
-  let dcqlQuery: DcqlQuery | undefined = args.dcql
-  if (!definition && pexOpts && pexOpts.queryId) {
-    const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
-      filter: [
-        {
-          queryId: pexOpts.queryId,
-          version: pexOpts.version,
-          tenantId: pexOpts.tenantId,
-        },
-      ],
-    })
-    if (presentationDefinitionItems.length > 0) {
-      const presentationDefinitionItem = presentationDefinitionItems[0]
-      if (!dcqlQuery) {
-        dcqlQuery = presentationDefinitionItem.dcqlQuery
-      }
-    }
-  }
   const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))
   const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()
@@ -168,9 +171,7 @@ export async function createRPBuilder(args: {
     .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)
     .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)
     // todo: move to options fill/correct method
-    .withSupportedVersions(
-      rpOpts.supportedVersions ?? [SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1, SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11],
-    )
+    .withSupportedVersions(rpOpts.supportedVersions ?? [SupportedVersion.OID4VP_v1, SupportedVersion.SIOPv2_OID4VP_D28])
     .withEventEmitter(eventEmitter)
     .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))
@@ -189,6 +190,7 @@ export async function createRPBuilder(args: {
             context,
           ),
     )
+    .withDcqlQueryLookup(getDcqlQueryLookupCallback(context))
     .withRevocationVerification(RevocationVerification.NEVER)
     .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))
@@ -197,10 +199,12 @@ export async function createRPBuilder(args: {
     builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)
   } else {
     const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)
-    builder.withClientId(
-      resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint),
-      PropertyTarget.REQUEST_OBJECT,
-    )
+    const clientId: string =
+      rpOpts.clientMetadataOpts?.client_id ??
+      resolution.issuer ??
+      (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)
+    const clientIdPrefixed = prefixClientId(clientId)
+    builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)
   }
   if (hasher) {
@@ -214,10 +218,6 @@ export async function createRPBuilder(args: {
   //fixme: this has been removed in the new version of did-auth-siop
   // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))
-  if (dcqlQuery) {
-    builder.withDcqlQuery(dcqlQuery)
-  }
   if (rpOpts.responseRedirectUri) {
     builder.withResponseRedirectUri(rpOpts.responseRedirectUri)
   }
@@ -298,3 +298,12 @@ export function getSigningAlgo(type: TKeyType): SigningAlgo {
       throw Error('Key type not yet supported')
   }
 }
+export function prefixClientId(clientId: string): string {
+  // FIXME SSISDK-60
+  if (clientId.startsWith('did:')) {
+    return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`
+  }
+  return clientId
+}

package/src/types/ISIOPv2RP.ts CHANGED Viewed

@@ -30,7 +30,7 @@ import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'
 import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
 import { HasherSync } from '@sphereon/ssi-types'
 import { VerifyCallback } from '@sphereon/wellknown-dids-client'
-import { IAgentContext, ICredentialIssuer, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'
+import { IAgentContext, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'
 import { DcqlQuery } from 'dcql'
 import { Resolvable } from 'did-resolver'
@@ -137,11 +137,12 @@ export interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {
 }
 export interface ISiopRPInstanceArgs {
+  createWhenNotPresent: boolean
   queryId?: string
   responseRedirectURI?: string
 }
-export interface IPEXInstanceOptions extends IPEXOptions {
+export interface IPEXInstanceOptions extends IPresentationOptions {
   rpOpts?: IRPOptions
 }
@@ -159,12 +160,9 @@ export interface IRPOptions {
   responseRedirectUri?: string
 }
-export interface IPEXOptions {
-  presentationVerifyCallback?: PresentationVerificationCallback
-  // definition?: IPresentationDefinition
+export interface IPresentationOptions {
   queryId: string
-  version?: string
-  tenantId?: string
+  presentationVerifyCallback?: PresentationVerificationCallback
 }
 export type VerificationPolicies = {
@@ -200,7 +198,6 @@ export type IRequiredContext = IAgentContext<
     IDIDManager &
     IKeyManager &
     IIdentifierResolution &
-    ICredentialIssuer &
     ICredentialValidation &
     ICredentialVerifier &
     IPresentationExchange &