@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.57.uni.client.205 → 0.34.1-feature.SSISDK.58.host.nonce.endpoint.145

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/index.cjs +403 -417
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +45 -729
  4. package/dist/index.d.ts +45 -729
  5. package/dist/index.js +397 -410
  6. package/dist/index.js.map +1 -1
  7. package/package.json +17 -17
  8. package/src/RPInstance.ts +28 -11
  9. package/src/agent/SIOPv2RP.ts +55 -76
  10. package/src/functions.ts +46 -49
  11. package/src/index.ts +1 -1
  12. package/src/types/ISIOPv2RP.ts +32 -22
package/dist/index.js CHANGED
@@ -1,347 +1,353 @@
1
1
  var __defProp = Object.defineProperty;
2
+ var __getOwnPropNames = Object.getOwnPropertyNames;
2
3
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
4
+ var __commonJS = (cb, mod) => function __require() {
5
+ return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
6
+ };
3
7
 
4
8
  // plugin.schema.json
5
- var plugin_schema_default = {
6
- IDidAuthSiopOpAuthenticator: {
7
- components: {
8
- schemas: {
9
- IGetSiopSessionArgs: {
10
- type: "object",
11
- properties: {
12
- sessionId: {
13
- type: "string"
9
+ var require_plugin_schema = __commonJS({
10
+ "plugin.schema.json"(exports, module) {
11
+ module.exports = {
12
+ IDidAuthSiopOpAuthenticator: {
13
+ components: {
14
+ schemas: {
15
+ IGetSiopSessionArgs: {
16
+ type: "object",
17
+ properties: {
18
+ sessionId: {
19
+ type: "string"
20
+ },
21
+ additionalProperties: false
22
+ },
23
+ required: ["sessionId"],
24
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
14
25
  },
15
- additionalProperties: false
16
- },
17
- required: ["sessionId"],
18
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
19
- },
20
- IRegisterSiopSessionArgs: {
21
- type: "object",
22
- properties: {
23
- identifier: {
26
+ IRegisterSiopSessionArgs: {
24
27
  type: "object",
25
28
  properties: {
26
- did: {
29
+ identifier: {
30
+ type: "object",
31
+ properties: {
32
+ did: {
33
+ type: "string"
34
+ },
35
+ alias: {
36
+ type: "string"
37
+ },
38
+ provider: {
39
+ type: "string"
40
+ },
41
+ controllerKeyId: {
42
+ type: "string"
43
+ },
44
+ keys: {
45
+ type: "array",
46
+ items: {
47
+ type: "object",
48
+ properties: {
49
+ additionalProperties: true
50
+ }
51
+ }
52
+ },
53
+ services: {
54
+ type: "array",
55
+ items: {
56
+ type: "object",
57
+ properties: {
58
+ additionalProperties: true
59
+ }
60
+ }
61
+ }
62
+ },
63
+ additionalProperties: false,
64
+ required: ["did", "provider", "keys", "services"]
65
+ },
66
+ sessionId: {
27
67
  type: "string"
28
68
  },
29
- alias: {
69
+ expiresIn: {
70
+ type: "number"
71
+ },
72
+ additionalProperties: false
73
+ },
74
+ required: ["identifier"],
75
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
76
+ },
77
+ IRemoveSiopSessionArgs: {
78
+ type: "object",
79
+ properties: {
80
+ sessionId: {
30
81
  type: "string"
31
82
  },
32
- provider: {
83
+ additionalProperties: false
84
+ },
85
+ required: ["sessionId"],
86
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
87
+ },
88
+ IAuthenticateWithSiopArgs: {
89
+ type: "object",
90
+ properties: {
91
+ sessionId: {
33
92
  type: "string"
34
93
  },
35
- controllerKeyId: {
94
+ stateId: {
36
95
  type: "string"
37
96
  },
38
- keys: {
39
- type: "array",
40
- items: {
41
- type: "object",
42
- properties: {
43
- additionalProperties: true
44
- }
45
- }
97
+ redirectUrl: {
98
+ type: "string"
46
99
  },
47
- services: {
48
- type: "array",
49
- items: {
50
- type: "object",
51
- properties: {
52
- additionalProperties: true
53
- }
54
- }
55
- }
100
+ additionalProperties: false
56
101
  },
57
- additionalProperties: false,
58
- required: ["did", "provider", "keys", "services"]
59
- },
60
- sessionId: {
61
- type: "string"
102
+ required: ["sessionId", "stateId", "redirectUrl"],
103
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
62
104
  },
63
- expiresIn: {
64
- type: "number"
65
- },
66
- additionalProperties: false
67
- },
68
- required: ["identifier"],
69
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
70
- },
71
- IRemoveSiopSessionArgs: {
72
- type: "object",
73
- properties: {
74
- sessionId: {
75
- type: "string"
76
- },
77
- additionalProperties: false
78
- },
79
- required: ["sessionId"],
80
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
81
- },
82
- IAuthenticateWithSiopArgs: {
83
- type: "object",
84
- properties: {
85
- sessionId: {
86
- type: "string"
87
- },
88
- stateId: {
89
- type: "string"
90
- },
91
- redirectUrl: {
92
- type: "string"
93
- },
94
- additionalProperties: false
95
- },
96
- required: ["sessionId", "stateId", "redirectUrl"],
97
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
98
- },
99
- IResponse: {
100
- type: "object",
101
- properties: {
102
- status: {
103
- type: "number"
104
- },
105
- additionalProperties: true
106
- },
107
- required: ["status"],
108
- description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
109
- },
110
- IGetSiopAuthenticationRequestFromRpArgs: {
111
- type: "object",
112
- properties: {
113
- sessionId: {
114
- type: "string"
115
- },
116
- stateId: {
117
- type: "string"
118
- },
119
- redirectUrl: {
120
- type: "string"
121
- },
122
- additionalProperties: false
123
- },
124
- required: ["sessionId", "stateId", "redirectUrl"],
125
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
126
- },
127
- ParsedAuthenticationRequestURI: {
128
- type: "object",
129
- properties: {
130
- jwt: {
131
- type: "string"
132
- },
133
- requestPayload: {
105
+ IResponse: {
134
106
  type: "object",
135
107
  properties: {
108
+ status: {
109
+ type: "number"
110
+ },
136
111
  additionalProperties: true
137
- }
112
+ },
113
+ required: ["status"],
114
+ description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
138
115
  },
139
- registration: {
116
+ IGetSiopAuthenticationRequestFromRpArgs: {
140
117
  type: "object",
141
118
  properties: {
142
- additionalProperties: true
143
- }
144
- },
145
- additionalProperties: false
146
- },
147
- required: ["jwt", "requestPayload", "registration"],
148
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
149
- },
150
- IGetSiopAuthenticationRequestDetailsArgs: {
151
- type: "object",
152
- properties: {
153
- sessionId: {
154
- type: "string"
119
+ sessionId: {
120
+ type: "string"
121
+ },
122
+ stateId: {
123
+ type: "string"
124
+ },
125
+ redirectUrl: {
126
+ type: "string"
127
+ },
128
+ additionalProperties: false
129
+ },
130
+ required: ["sessionId", "stateId", "redirectUrl"],
131
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
155
132
  },
156
- verifiedAuthenticationRequest: {
133
+ ParsedAuthenticationRequestURI: {
157
134
  type: "object",
158
135
  properties: {
159
- additionalProperties: true
160
- }
136
+ jwt: {
137
+ type: "string"
138
+ },
139
+ requestPayload: {
140
+ type: "object",
141
+ properties: {
142
+ additionalProperties: true
143
+ }
144
+ },
145
+ registration: {
146
+ type: "object",
147
+ properties: {
148
+ additionalProperties: true
149
+ }
150
+ },
151
+ additionalProperties: false
152
+ },
153
+ required: ["jwt", "requestPayload", "registration"],
154
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
161
155
  },
162
- credentialFilter: {
156
+ IGetSiopAuthenticationRequestDetailsArgs: {
163
157
  type: "object",
164
158
  properties: {
165
- additionalProperties: true
166
- }
167
- },
168
- additionalProperties: false
169
- },
170
- required: ["sessionId", "verifiedAuthenticationRequest"],
171
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
172
- },
173
- IAuthRequestDetails: {
174
- type: "object",
175
- properties: {
176
- id: {
177
- type: "string"
178
- },
179
- alsoKnownAs: {
180
- type: "array",
181
- items: {
182
- type: "string"
183
- }
159
+ sessionId: {
160
+ type: "string"
161
+ },
162
+ verifiedAuthenticationRequest: {
163
+ type: "object",
164
+ properties: {
165
+ additionalProperties: true
166
+ }
167
+ },
168
+ credentialFilter: {
169
+ type: "object",
170
+ properties: {
171
+ additionalProperties: true
172
+ }
173
+ },
174
+ additionalProperties: false
175
+ },
176
+ required: ["sessionId", "verifiedAuthenticationRequest"],
177
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
184
178
  },
185
- vpResponseOpts: {
179
+ IAuthRequestDetails: {
186
180
  type: "object",
187
181
  properties: {
188
- additionalProperties: true
189
- }
190
- },
191
- additionalProperties: false
192
- },
193
- required: ["id", "vpResponseOpts"],
194
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
195
- },
196
- IVerifySiopAuthenticationRequestUriArgs: {
197
- type: "object",
198
- properties: {
199
- sessionId: {
200
- type: "string"
182
+ id: {
183
+ type: "string"
184
+ },
185
+ alsoKnownAs: {
186
+ type: "array",
187
+ items: {
188
+ type: "string"
189
+ }
190
+ },
191
+ vpResponseOpts: {
192
+ type: "object",
193
+ properties: {
194
+ additionalProperties: true
195
+ }
196
+ },
197
+ additionalProperties: false
198
+ },
199
+ required: ["id", "vpResponseOpts"],
200
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
201
201
  },
202
- ParsedAuthenticationRequestURI: {
202
+ IVerifySiopAuthenticationRequestUriArgs: {
203
203
  type: "object",
204
204
  properties: {
205
- additionalProperties: true
206
- }
205
+ sessionId: {
206
+ type: "string"
207
+ },
208
+ ParsedAuthenticationRequestURI: {
209
+ type: "object",
210
+ properties: {
211
+ additionalProperties: true
212
+ }
213
+ },
214
+ additionalProperties: false
215
+ },
216
+ required: ["sessionId", "ParsedAuthenticationRequestURI"],
217
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
207
218
  },
208
- additionalProperties: false
209
- },
210
- required: ["sessionId", "ParsedAuthenticationRequestURI"],
211
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
212
- },
213
- VerifiedAuthorizationRequest: {
214
- type: "object",
215
- properties: {
216
- payload: {
219
+ VerifiedAuthorizationRequest: {
217
220
  type: "object",
218
221
  properties: {
219
- additionalProperties: true
220
- }
222
+ payload: {
223
+ type: "object",
224
+ properties: {
225
+ additionalProperties: true
226
+ }
227
+ },
228
+ presentationDefinitions: {
229
+ type: "object",
230
+ properties: {
231
+ additionalProperties: true
232
+ }
233
+ },
234
+ verifyOpts: {
235
+ type: "object",
236
+ properties: {
237
+ additionalProperties: true
238
+ }
239
+ },
240
+ additionalProperties: false
241
+ },
242
+ required: ["payload", "verifyOpts"],
243
+ description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
221
244
  },
222
- presentationDefinitions: {
245
+ ISendSiopAuthenticationResponseArgs: {
223
246
  type: "object",
224
247
  properties: {
225
- additionalProperties: true
226
- }
248
+ sessionId: {
249
+ type: "string"
250
+ },
251
+ verifiedAuthenticationRequest: {
252
+ type: "object",
253
+ properties: {
254
+ additionalProperties: true
255
+ }
256
+ },
257
+ verifiablePresentationResponse: {
258
+ type: "object",
259
+ properties: {
260
+ additionalProperties: true
261
+ }
262
+ },
263
+ additionalProperties: false
264
+ },
265
+ required: ["sessionId", "verifiedAuthenticationRequest"],
266
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
267
+ }
268
+ },
269
+ methods: {
270
+ getSessionForSiop: {
271
+ description: "Get SIOP session",
272
+ arguments: {
273
+ $ref: "#/components/schemas/IGetSiopSessionArgs"
274
+ },
275
+ returnType: "object"
227
276
  },
228
- verifyOpts: {
229
- type: "object",
230
- properties: {
231
- additionalProperties: true
277
+ registerSessionForSiop: {
278
+ description: "Register SIOP session",
279
+ arguments: {
280
+ $ref: "#/components/schemas/IRegisterSiopSessionArgs"
281
+ },
282
+ returnType: "object"
283
+ },
284
+ removeSessionForSiop: {
285
+ description: "Remove SIOP session",
286
+ arguments: {
287
+ $ref: "#/components/schemas/IRemoveSiopSessionArgs"
288
+ },
289
+ returnType: "boolean"
290
+ },
291
+ authenticateWithSiop: {
292
+ description: "Authenticate using DID Auth SIOP",
293
+ arguments: {
294
+ $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
295
+ },
296
+ returnType: {
297
+ $ref: "#/components/schemas/Response"
232
298
  }
233
299
  },
234
- additionalProperties: false
235
- },
236
- required: ["payload", "verifyOpts"],
237
- description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
238
- },
239
- ISendSiopAuthenticationResponseArgs: {
240
- type: "object",
241
- properties: {
242
- sessionId: {
243
- type: "string"
300
+ getSiopAuthenticationRequestFromRP: {
301
+ description: "Get authentication request from RP",
302
+ arguments: {
303
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
304
+ },
305
+ returnType: {
306
+ $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
307
+ }
244
308
  },
245
- verifiedAuthenticationRequest: {
246
- type: "object",
247
- properties: {
248
- additionalProperties: true
309
+ getSiopAuthenticationRequestDetails: {
310
+ description: "Get authentication request details",
311
+ arguments: {
312
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
313
+ },
314
+ returnType: {
315
+ $ref: "#/components/schemas/IAuthRequestDetails"
249
316
  }
250
317
  },
251
- verifiablePresentationResponse: {
252
- type: "object",
253
- properties: {
254
- additionalProperties: true
318
+ verifySiopAuthenticationRequestURI: {
319
+ description: "Verify authentication request URI",
320
+ arguments: {
321
+ $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
322
+ },
323
+ returnType: {
324
+ $ref: "#/components/schemas/VerifiedAuthorizationRequest"
255
325
  }
256
326
  },
257
- additionalProperties: false
258
- },
259
- required: ["sessionId", "verifiedAuthenticationRequest"],
260
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
261
- }
262
- },
263
- methods: {
264
- getSessionForSiop: {
265
- description: "Get SIOP session",
266
- arguments: {
267
- $ref: "#/components/schemas/IGetSiopSessionArgs"
268
- },
269
- returnType: "object"
270
- },
271
- registerSessionForSiop: {
272
- description: "Register SIOP session",
273
- arguments: {
274
- $ref: "#/components/schemas/IRegisterSiopSessionArgs"
275
- },
276
- returnType: "object"
277
- },
278
- removeSessionForSiop: {
279
- description: "Remove SIOP session",
280
- arguments: {
281
- $ref: "#/components/schemas/IRemoveSiopSessionArgs"
282
- },
283
- returnType: "boolean"
284
- },
285
- authenticateWithSiop: {
286
- description: "Authenticate using DID Auth SIOP",
287
- arguments: {
288
- $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
289
- },
290
- returnType: {
291
- $ref: "#/components/schemas/Response"
292
- }
293
- },
294
- getSiopAuthenticationRequestFromRP: {
295
- description: "Get authentication request from RP",
296
- arguments: {
297
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
298
- },
299
- returnType: {
300
- $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
301
- }
302
- },
303
- getSiopAuthenticationRequestDetails: {
304
- description: "Get authentication request details",
305
- arguments: {
306
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
307
- },
308
- returnType: {
309
- $ref: "#/components/schemas/IAuthRequestDetails"
310
- }
311
- },
312
- verifySiopAuthenticationRequestURI: {
313
- description: "Verify authentication request URI",
314
- arguments: {
315
- $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
316
- },
317
- returnType: {
318
- $ref: "#/components/schemas/VerifiedAuthorizationRequest"
319
- }
320
- },
321
- sendSiopAuthenticationResponse: {
322
- description: "Send authentication response",
323
- arguments: {
324
- $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
325
- },
326
- returnType: {
327
- $ref: "#/components/schemas/IRequiredContext"
327
+ sendSiopAuthenticationResponse: {
328
+ description: "Send authentication response",
329
+ arguments: {
330
+ $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
331
+ },
332
+ returnType: {
333
+ $ref: "#/components/schemas/IRequiredContext"
334
+ }
335
+ }
328
336
  }
329
337
  }
330
338
  }
331
- }
339
+ };
332
340
  }
333
- };
341
+ });
334
342
 
335
343
  // src/agent/SIOPv2RP.ts
336
344
  import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did-auth-siop";
337
345
  import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
338
- import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
339
- import { validate as isValidUUID } from "uuid";
340
346
  import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
341
347
  import { DcqlQuery } from "dcql";
342
348
 
343
349
  // src/functions.ts
344
- import { ClientIdentifierPrefix, InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
350
+ import { InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
345
351
  import { SigningAlgo } from "@sphereon/oid4vc-common";
346
352
  import { getAgentDIDMethods, getAgentResolver } from "@sphereon/ssi-sdk-ext.did-utils";
347
353
  import { isExternalIdentifierOIDFEntityIdOpts, isManagedIdentifierDidOpts, isManagedIdentifierDidResult, isManagedIdentifierX5cOpts } from "@sphereon/ssi-sdk-ext.identifier-resolution";
@@ -352,7 +358,7 @@ function getRequestVersion(rpOptions) {
352
358
  if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
353
359
  return rpOptions.supportedVersions[0];
354
360
  }
355
- return SupportedVersion.OID4VP_v1;
361
+ return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
356
362
  }
357
363
  __name(getRequestVersion, "getRequestVersion");
358
364
  function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -367,33 +373,6 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
367
373
  };
368
374
  }
369
375
  __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
370
- function getDcqlQueryLookupCallback(context) {
371
- async function dcqlQueryLookup(queryId, version, tenantId) {
372
- const result = await context.agent.pdmGetDefinitions({
373
- filter: [
374
- {
375
- queryId,
376
- ...tenantId && {
377
- tenantId
378
- },
379
- ...version && {
380
- version
381
- }
382
- },
383
- {
384
- id: queryId
385
- }
386
- ]
387
- });
388
- if (result && result.length > 0) {
389
- return result[0].query;
390
- }
391
- return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
392
- }
393
- __name(dcqlQueryLookup, "dcqlQueryLookup");
394
- return dcqlQueryLookup;
395
- }
396
- __name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
397
376
  function getPresentationVerificationCallback(idOpts, context) {
398
377
  async function presentationVerificationCallback(args, presentationSubmission) {
399
378
  if (CredentialMapper.isSdJwtEncoded(args)) {
@@ -433,8 +412,27 @@ function getPresentationVerificationCallback(idOpts, context) {
433
412
  }
434
413
  __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
435
414
  async function createRPBuilder(args) {
436
- const { rpOpts, context } = args;
415
+ const { rpOpts, pexOpts, context } = args;
437
416
  const { identifierOpts } = rpOpts;
417
+ let definition = args.definition;
418
+ let dcqlQuery = args.dcql;
419
+ if (!definition && pexOpts && pexOpts.definitionId) {
420
+ const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
421
+ filter: [
422
+ {
423
+ definitionId: pexOpts.definitionId,
424
+ version: pexOpts.version,
425
+ tenantId: pexOpts.tenantId
426
+ }
427
+ ]
428
+ });
429
+ if (presentationDefinitionItems.length > 0) {
430
+ const presentationDefinitionItem = presentationDefinitionItems[0];
431
+ if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
432
+ dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
433
+ }
434
+ }
435
+ }
438
436
  const didMethods = identifierOpts.supportedDIDMethods ?? await getAgentDIDMethods(context);
439
437
  const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter();
440
438
  const defaultClientMetadata = {
@@ -489,27 +487,29 @@ async function createRPBuilder(args) {
489
487
  const builder = RP.builder({
490
488
  requestVersion: getRequestVersion(rpOpts)
491
489
  }).withScope("openid", PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? ResponseMode.POST).withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
492
- SupportedVersion.OID4VP_v1,
493
- SupportedVersion.SIOPv2_OID4VP_D28
490
+ SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
491
+ SupportedVersion.SIOPv2_ID1,
492
+ SupportedVersion.SIOPv2_D11
494
493
  ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
495
494
  resolver,
496
495
  verifyOpts: {
497
496
  wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
498
497
  checkLinkedDomain: "if_present"
499
498
  }
500
- }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
499
+ }, context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
501
500
  const oidfOpts = identifierOpts.oidfOpts;
502
501
  if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
503
502
  builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT);
504
503
  } else {
505
504
  const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts);
506
- const clientId = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint);
507
- const clientIdPrefixed = prefixClientId(clientId);
508
- builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT);
505
+ builder.withClientId(resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint), PropertyTarget.REQUEST_OBJECT);
509
506
  }
510
507
  if (hasher) {
511
508
  builder.withHasher(hasher);
512
509
  }
510
+ if (dcqlQuery) {
511
+ builder.withDcqlQuery(dcqlQuery);
512
+ }
513
513
  if (rpOpts.responseRedirectUri) {
514
514
  builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
515
515
  }
@@ -566,13 +566,6 @@ function getSigningAlgo(type) {
566
566
  }
567
567
  }
568
568
  __name(getSigningAlgo, "getSigningAlgo");
569
- function prefixClientId(clientId) {
570
- if (clientId.startsWith("did:")) {
571
- return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;
572
- }
573
- return clientId;
574
- }
575
- __name(prefixClientId, "prefixClientId");
576
569
 
577
570
  // src/RPInstance.ts
578
571
  import { v4 as uuidv4 } from "uuid";
@@ -582,16 +575,17 @@ var RPInstance = class {
582
575
  __name(this, "RPInstance");
583
576
  }
584
577
  _rp;
585
- _presentationOptions;
578
+ _pexOptions;
586
579
  _rpOptions;
587
580
  constructor({ rpOpts, pexOpts }) {
588
581
  this._rpOptions = rpOpts;
589
- this._presentationOptions = pexOpts;
582
+ this._pexOptions = pexOpts;
590
583
  }
591
584
  async get(context) {
592
585
  if (!this._rp) {
593
586
  const builder = await createRPBuilder({
594
587
  rpOpts: this._rpOptions,
588
+ pexOpts: this._pexOptions,
595
589
  context
596
590
  });
597
591
  this._rp = builder.build();
@@ -601,11 +595,23 @@ var RPInstance = class {
601
595
  get rpOptions() {
602
596
  return this._rpOptions;
603
597
  }
604
- get presentationOptions() {
605
- return this._presentationOptions;
598
+ get pexOptions() {
599
+ return this._pexOptions;
600
+ }
601
+ hasDefinition() {
602
+ return this.definitionId !== void 0;
603
+ }
604
+ get definitionId() {
605
+ return this.pexOptions?.definitionId;
606
+ }
607
+ async getPresentationDefinition(context) {
608
+ return this.definitionId ? await context.agent.pexStoreGetDefinition({
609
+ definitionId: this.definitionId,
610
+ tenantId: this.pexOptions?.tenantId
611
+ }) : void 0;
606
612
  }
607
613
  async createAuthorizationRequestURI(createArgs, context) {
608
- const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
614
+ const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
609
615
  const nonce = createArgs.nonce ?? uuidv4();
610
616
  const state = createArgs.state ?? correlationId;
611
617
  let jwtIssuer;
@@ -633,15 +639,13 @@ var RPInstance = class {
633
639
  return await this.get(context).then((rp) => rp.createAuthorizationRequestURI({
634
640
  version: getRequestVersion(this.rpOptions),
635
641
  correlationId,
636
- queryId,
637
642
  nonce,
638
643
  state,
639
644
  claims,
640
645
  requestByReferenceURI,
641
646
  responseURI,
642
647
  responseURIType,
643
- jwtIssuer,
644
- callback
648
+ jwtIssuer
645
649
  }));
646
650
  }
647
651
  async createAuthorizationRequest(createArgs, context) {
@@ -682,6 +686,7 @@ var RPInstance = class {
682
686
  };
683
687
 
684
688
  // src/agent/SIOPv2RP.ts
689
+ import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
685
690
  var SIOPv2RP = class _SIOPv2RP {
686
691
  static {
687
692
  __name(this, "SIOPv2RP");
@@ -689,7 +694,7 @@ var SIOPv2RP = class _SIOPv2RP {
689
694
  opts;
690
695
  static _DEFAULT_OPTS_KEY = "_default";
691
696
  instances = /* @__PURE__ */ new Map();
692
- schema = plugin_schema_default.IDidAuthSiopOpAuthenticator;
697
+ schema = schema.IDidAuthSiopOpAuthenticator;
693
698
  methods = {
694
699
  siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),
695
700
  siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),
@@ -719,36 +724,30 @@ var SIOPv2RP = class _SIOPv2RP {
719
724
  }
720
725
  async createAuthorizationRequestURI(createArgs, context) {
721
726
  return await this.getRPInstance({
722
- createWhenNotPresent: true,
723
- responseRedirectURI: createArgs.responseRedirectURI,
724
- ...createArgs.useQueryIdInstance === true && {
725
- queryId: createArgs.queryId
726
- }
727
+ definitionId: createArgs.definitionId,
728
+ responseRedirectURI: createArgs.responseRedirectURI
727
729
  }, context).then((rp) => rp.createAuthorizationRequestURI(createArgs, context)).then((URI) => URI.encodedUri);
728
730
  }
729
731
  async createAuthorizationRequestPayloads(createArgs, context) {
730
732
  return await this.getRPInstance({
731
- createWhenNotPresent: true,
732
- queryId: createArgs.queryId
733
+ definitionId: createArgs.definitionId
733
734
  }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
734
735
  const authRequest = {
735
736
  authorizationRequest: request.payload,
736
737
  requestObject: await request.requestObjectJwt(),
737
- requestObjectDecoded: request.requestObject?.getPayload()
738
+ requestObjectDecoded: await request.requestObject?.getPayload()
738
739
  };
739
740
  return authRequest;
740
741
  });
741
742
  }
742
743
  async siopGetRequestState(args, context) {
743
744
  return await this.getRPInstance({
744
- createWhenNotPresent: false,
745
- queryId: args.queryId
745
+ definitionId: args.definitionId
746
746
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
747
747
  }
748
748
  async siopGetResponseState(args, context) {
749
749
  const rpInstance = await this.getRPInstance({
750
- createWhenNotPresent: false,
751
- queryId: args.queryId
750
+ definitionId: args.definitionId
752
751
  }, context);
753
752
  const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
754
753
  if (authorizationResponseState === void 0) {
@@ -801,12 +800,11 @@ var SIOPv2RP = class _SIOPv2RP {
801
800
  }
802
801
  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => CredentialMapper2.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : CredentialMapper2.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
803
802
  async siopUpdateRequestState(args, context) {
804
- if (args.state !== "authorization_request_created") {
805
- throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
803
+ if (args.state !== "sent") {
804
+ throw Error(`Only 'sent' status is supported for this method at this point`);
806
805
  }
807
806
  return await this.getRPInstance({
808
- createWhenNotPresent: false,
809
- queryId: args.queryId
807
+ definitionId: args.definitionId
810
808
  }, context).then((rp) => rp.get(context).then(async (rp2) => {
811
809
  await rp2.signalAuthRequestRetrieved({
812
810
  correlationId: args.correlationId,
@@ -817,8 +815,7 @@ var SIOPv2RP = class _SIOPv2RP {
817
815
  }
818
816
  async siopDeleteState(args, context) {
819
817
  return await this.getRPInstance({
820
- createWhenNotPresent: false,
821
- queryId: args.queryId
818
+ definitionId: args.definitionId
822
819
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
823
820
  }
824
821
  async siopVerifyAuthResponse(args, context) {
@@ -827,27 +824,42 @@ var SIOPv2RP = class _SIOPv2RP {
827
824
  }
828
825
  const authResponse = typeof args.authorizationResponse === "string" ? decodeUriAsJson(args.authorizationResponse) : args.authorizationResponse;
829
826
  return await this.getRPInstance({
830
- createWhenNotPresent: false,
831
- queryId: args.queryId
827
+ definitionId: args.definitionId
832
828
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
833
829
  correlationId: args.correlationId,
834
- ...args.dcqlQuery ? {
835
- dcqlQuery: args.dcqlQuery
830
+ ...args.dcqlQueryPayload ? {
831
+ dcqlQuery: args.dcqlQueryPayload.dcqlQuery
836
832
  } : {},
837
833
  audience: args.audience
838
834
  })));
839
835
  }
840
836
  async siopImportDefinitions(args, context) {
841
- const { importItems, tenantId, version, versionControlMode } = args;
842
- await Promise.all(importItems.map(async (importItem) => {
843
- DcqlQuery.validate(importItem.query);
844
- console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
837
+ const { definitions, tenantId, version, versionControlMode } = args;
838
+ await Promise.all(definitions.map(async (definitionPair) => {
839
+ const definitionPayload = definitionPair.definitionPayload;
840
+ if (!definitionPayload && !definitionPair.dcqlPayload) {
841
+ return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
842
+ }
843
+ let definitionId;
844
+ if (definitionPair.dcqlPayload) {
845
+ DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery);
846
+ console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`);
847
+ definitionId = definitionPair.dcqlPayload.queryId;
848
+ }
849
+ if (definitionPayload) {
850
+ await context.agent.pexValidateDefinition({
851
+ definition: definitionPayload
852
+ });
853
+ console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
854
+ definitionId = definitionPayload.id;
855
+ }
845
856
  return context.agent.pdmPersistDefinition({
846
857
  definitionItem: {
847
- queryId: importItem.queryId,
858
+ definitionId,
848
859
  tenantId,
849
860
  version,
850
- query: importItem.query
861
+ definitionPayload,
862
+ dcqlPayload: definitionPair.dcqlPayload
851
863
  },
852
864
  opts: {
853
865
  versionControlMode
@@ -856,7 +868,7 @@ var SIOPv2RP = class _SIOPv2RP {
856
868
  }));
857
869
  }
858
870
  async siopGetRedirectURI(args, context) {
859
- const instanceId = args.queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
871
+ const instanceId = args.definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
860
872
  if (this.instances.has(instanceId)) {
861
873
  const rpInstance = this.instances.get(instanceId);
862
874
  if (rpInstance !== void 0) {
@@ -872,40 +884,12 @@ var SIOPv2RP = class _SIOPv2RP {
872
884
  }
873
885
  return void 0;
874
886
  }
875
- async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
876
- let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
877
- let rpInstance;
878
- if (queryId) {
879
- if (this.instances.has(queryId)) {
880
- rpInstanceId = queryId;
881
- rpInstance = this.instances.get(rpInstanceId);
882
- } else if (isValidUUID(queryId)) {
883
- try {
884
- const pd = await context.agent.pdmGetDefinition({
885
- itemId: queryId
886
- });
887
- if (this.instances.has(pd.queryId)) {
888
- rpInstanceId = pd.queryId;
889
- rpInstance = this.instances.get(rpInstanceId);
890
- }
891
- } catch (ignore) {
892
- }
893
- }
894
- if (createWhenNotPresent) {
895
- rpInstanceId = queryId;
896
- } else {
897
- rpInstance = this.instances.get(rpInstanceId);
898
- }
899
- } else {
900
- rpInstance = this.instances.get(rpInstanceId);
901
- }
902
- if (!rpInstance) {
903
- if (!createWhenNotPresent) {
904
- return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
905
- }
906
- const instanceOpts = this.getInstanceOpts(queryId);
887
+ async getRPInstance({ definitionId, responseRedirectURI }, context) {
888
+ const instanceId = definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
889
+ if (!this.instances.has(instanceId)) {
890
+ const instanceOpts = this.getInstanceOpts(definitionId);
907
891
  const rpOpts = await this.getRPOptions(context, {
908
- queryId,
892
+ definitionId,
909
893
  responseRedirectURI
910
894
  });
911
895
  if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== "function") {
@@ -917,29 +901,29 @@ var SIOPv2RP = class _SIOPv2RP {
917
901
  ...rpOpts.identifierOpts.resolveOpts
918
902
  };
919
903
  }
920
- console.log("Using agent DID resolver for RP instance with definition id " + queryId);
904
+ console.log("Using agent DID resolver for RP instance with definition id " + definitionId);
921
905
  rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver2(context, {
922
906
  uniresolverResolution: true,
923
907
  localResolution: true,
924
908
  resolverResolution: true
925
909
  });
926
910
  }
927
- rpInstance = new RPInstance({
911
+ this.instances.set(instanceId, new RPInstance({
928
912
  rpOpts,
929
913
  pexOpts: instanceOpts
930
- });
931
- this.instances.set(rpInstanceId, rpInstance);
914
+ }));
932
915
  }
916
+ const rpInstance = this.instances.get(instanceId);
933
917
  if (responseRedirectURI) {
934
918
  rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
935
919
  }
936
920
  return rpInstance;
937
921
  }
938
922
  async getRPOptions(context, opts) {
939
- const { queryId, responseRedirectURI } = opts;
940
- const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts;
923
+ const { definitionId, responseRedirectURI } = opts;
924
+ const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts;
941
925
  if (!options) {
942
- throw Error(`Could not get specific nor default options for definition ${queryId}`);
926
+ throw Error(`Could not get specific nor default options for definition ${definitionId}`);
943
927
  }
944
928
  if (this.opts.defaultOpts) {
945
929
  if (!options.identifierOpts) {
@@ -971,20 +955,20 @@ var SIOPv2RP = class _SIOPv2RP {
971
955
  }
972
956
  return options;
973
957
  }
974
- getInstanceOpts(queryId) {
958
+ getInstanceOpts(definitionId) {
975
959
  if (!this.opts.instanceOpts) return void 0;
976
- const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
977
- return instanceOpt ?? this.getDefaultOptions(queryId);
960
+ const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : void 0;
961
+ return instanceOpt ?? this.getDefaultOptions(definitionId);
978
962
  }
979
- getDefaultOptions(queryId) {
963
+ getDefaultOptions(definitionId) {
980
964
  if (!this.opts.instanceOpts) return void 0;
981
- const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
965
+ const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === "default");
982
966
  if (defaultOptions) {
983
967
  const clonedOptions = {
984
968
  ...defaultOptions
985
969
  };
986
- if (queryId !== void 0) {
987
- clonedOptions.queryId = queryId;
970
+ if (definitionId !== void 0) {
971
+ clonedOptions.definitionId = definitionId;
988
972
  }
989
973
  return clonedOptions;
990
974
  }
@@ -999,9 +983,12 @@ var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
999
983
  VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
1000
984
  return VerifiedDataMode2;
1001
985
  })({});
986
+
987
+ // src/index.ts
988
+ var schema = require_plugin_schema();
1002
989
  export {
1003
990
  SIOPv2RP,
1004
991
  VerifiedDataMode,
1005
- plugin_schema_default as schema
992
+ schema
1006
993
  };
1007
994
  //# sourceMappingURL=index.js.map