@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.57.uni.client.206 → 0.34.1-feature.SSISDK.58.host.nonce.endpoint.145

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/index.cjs +403 -417
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +45 -729
  4. package/dist/index.d.ts +45 -729
  5. package/dist/index.js +397 -410
  6. package/dist/index.js.map +1 -1
  7. package/package.json +17 -17
  8. package/src/RPInstance.ts +28 -11
  9. package/src/agent/SIOPv2RP.ts +55 -76
  10. package/src/functions.ts +46 -49
  11. package/src/index.ts +1 -1
  12. package/src/types/ISIOPv2RP.ts +32 -22
package/dist/index.cjs CHANGED
@@ -4,6 +4,9 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
4
  var __getOwnPropNames = Object.getOwnPropertyNames;
5
5
  var __hasOwnProp = Object.prototype.hasOwnProperty;
6
6
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
7
+ var __commonJS = (cb, mod) => function __require() {
8
+ return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
9
+ };
7
10
  var __export = (target, all) => {
8
11
  for (var name in all)
9
12
  __defProp(target, name, { get: all[name], enumerable: true });
@@ -18,351 +21,353 @@ var __copyProps = (to, from, except, desc) => {
18
21
  };
19
22
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
20
23
 
21
- // src/index.ts
22
- var index_exports = {};
23
- __export(index_exports, {
24
- SIOPv2RP: () => SIOPv2RP,
25
- VerifiedDataMode: () => VerifiedDataMode,
26
- schema: () => plugin_schema_default
27
- });
28
- module.exports = __toCommonJS(index_exports);
29
-
30
24
  // plugin.schema.json
31
- var plugin_schema_default = {
32
- IDidAuthSiopOpAuthenticator: {
33
- components: {
34
- schemas: {
35
- IGetSiopSessionArgs: {
36
- type: "object",
37
- properties: {
38
- sessionId: {
39
- type: "string"
25
+ var require_plugin_schema = __commonJS({
26
+ "plugin.schema.json"(exports, module2) {
27
+ module2.exports = {
28
+ IDidAuthSiopOpAuthenticator: {
29
+ components: {
30
+ schemas: {
31
+ IGetSiopSessionArgs: {
32
+ type: "object",
33
+ properties: {
34
+ sessionId: {
35
+ type: "string"
36
+ },
37
+ additionalProperties: false
38
+ },
39
+ required: ["sessionId"],
40
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
40
41
  },
41
- additionalProperties: false
42
- },
43
- required: ["sessionId"],
44
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
45
- },
46
- IRegisterSiopSessionArgs: {
47
- type: "object",
48
- properties: {
49
- identifier: {
42
+ IRegisterSiopSessionArgs: {
50
43
  type: "object",
51
44
  properties: {
52
- did: {
45
+ identifier: {
46
+ type: "object",
47
+ properties: {
48
+ did: {
49
+ type: "string"
50
+ },
51
+ alias: {
52
+ type: "string"
53
+ },
54
+ provider: {
55
+ type: "string"
56
+ },
57
+ controllerKeyId: {
58
+ type: "string"
59
+ },
60
+ keys: {
61
+ type: "array",
62
+ items: {
63
+ type: "object",
64
+ properties: {
65
+ additionalProperties: true
66
+ }
67
+ }
68
+ },
69
+ services: {
70
+ type: "array",
71
+ items: {
72
+ type: "object",
73
+ properties: {
74
+ additionalProperties: true
75
+ }
76
+ }
77
+ }
78
+ },
79
+ additionalProperties: false,
80
+ required: ["did", "provider", "keys", "services"]
81
+ },
82
+ sessionId: {
53
83
  type: "string"
54
84
  },
55
- alias: {
85
+ expiresIn: {
86
+ type: "number"
87
+ },
88
+ additionalProperties: false
89
+ },
90
+ required: ["identifier"],
91
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
92
+ },
93
+ IRemoveSiopSessionArgs: {
94
+ type: "object",
95
+ properties: {
96
+ sessionId: {
56
97
  type: "string"
57
98
  },
58
- provider: {
99
+ additionalProperties: false
100
+ },
101
+ required: ["sessionId"],
102
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
103
+ },
104
+ IAuthenticateWithSiopArgs: {
105
+ type: "object",
106
+ properties: {
107
+ sessionId: {
59
108
  type: "string"
60
109
  },
61
- controllerKeyId: {
110
+ stateId: {
62
111
  type: "string"
63
112
  },
64
- keys: {
65
- type: "array",
66
- items: {
67
- type: "object",
68
- properties: {
69
- additionalProperties: true
70
- }
71
- }
113
+ redirectUrl: {
114
+ type: "string"
72
115
  },
73
- services: {
74
- type: "array",
75
- items: {
76
- type: "object",
77
- properties: {
78
- additionalProperties: true
79
- }
80
- }
81
- }
116
+ additionalProperties: false
82
117
  },
83
- additionalProperties: false,
84
- required: ["did", "provider", "keys", "services"]
85
- },
86
- sessionId: {
87
- type: "string"
88
- },
89
- expiresIn: {
90
- type: "number"
91
- },
92
- additionalProperties: false
93
- },
94
- required: ["identifier"],
95
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
96
- },
97
- IRemoveSiopSessionArgs: {
98
- type: "object",
99
- properties: {
100
- sessionId: {
101
- type: "string"
102
- },
103
- additionalProperties: false
104
- },
105
- required: ["sessionId"],
106
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
107
- },
108
- IAuthenticateWithSiopArgs: {
109
- type: "object",
110
- properties: {
111
- sessionId: {
112
- type: "string"
113
- },
114
- stateId: {
115
- type: "string"
116
- },
117
- redirectUrl: {
118
- type: "string"
118
+ required: ["sessionId", "stateId", "redirectUrl"],
119
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
119
120
  },
120
- additionalProperties: false
121
- },
122
- required: ["sessionId", "stateId", "redirectUrl"],
123
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
124
- },
125
- IResponse: {
126
- type: "object",
127
- properties: {
128
- status: {
129
- type: "number"
130
- },
131
- additionalProperties: true
132
- },
133
- required: ["status"],
134
- description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
135
- },
136
- IGetSiopAuthenticationRequestFromRpArgs: {
137
- type: "object",
138
- properties: {
139
- sessionId: {
140
- type: "string"
141
- },
142
- stateId: {
143
- type: "string"
144
- },
145
- redirectUrl: {
146
- type: "string"
147
- },
148
- additionalProperties: false
149
- },
150
- required: ["sessionId", "stateId", "redirectUrl"],
151
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
152
- },
153
- ParsedAuthenticationRequestURI: {
154
- type: "object",
155
- properties: {
156
- jwt: {
157
- type: "string"
158
- },
159
- requestPayload: {
121
+ IResponse: {
160
122
  type: "object",
161
123
  properties: {
124
+ status: {
125
+ type: "number"
126
+ },
162
127
  additionalProperties: true
163
- }
128
+ },
129
+ required: ["status"],
130
+ description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
164
131
  },
165
- registration: {
132
+ IGetSiopAuthenticationRequestFromRpArgs: {
166
133
  type: "object",
167
134
  properties: {
168
- additionalProperties: true
169
- }
170
- },
171
- additionalProperties: false
172
- },
173
- required: ["jwt", "requestPayload", "registration"],
174
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
175
- },
176
- IGetSiopAuthenticationRequestDetailsArgs: {
177
- type: "object",
178
- properties: {
179
- sessionId: {
180
- type: "string"
135
+ sessionId: {
136
+ type: "string"
137
+ },
138
+ stateId: {
139
+ type: "string"
140
+ },
141
+ redirectUrl: {
142
+ type: "string"
143
+ },
144
+ additionalProperties: false
145
+ },
146
+ required: ["sessionId", "stateId", "redirectUrl"],
147
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
181
148
  },
182
- verifiedAuthenticationRequest: {
149
+ ParsedAuthenticationRequestURI: {
183
150
  type: "object",
184
151
  properties: {
185
- additionalProperties: true
186
- }
152
+ jwt: {
153
+ type: "string"
154
+ },
155
+ requestPayload: {
156
+ type: "object",
157
+ properties: {
158
+ additionalProperties: true
159
+ }
160
+ },
161
+ registration: {
162
+ type: "object",
163
+ properties: {
164
+ additionalProperties: true
165
+ }
166
+ },
167
+ additionalProperties: false
168
+ },
169
+ required: ["jwt", "requestPayload", "registration"],
170
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
187
171
  },
188
- credentialFilter: {
172
+ IGetSiopAuthenticationRequestDetailsArgs: {
189
173
  type: "object",
190
174
  properties: {
191
- additionalProperties: true
192
- }
193
- },
194
- additionalProperties: false
195
- },
196
- required: ["sessionId", "verifiedAuthenticationRequest"],
197
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
198
- },
199
- IAuthRequestDetails: {
200
- type: "object",
201
- properties: {
202
- id: {
203
- type: "string"
204
- },
205
- alsoKnownAs: {
206
- type: "array",
207
- items: {
208
- type: "string"
209
- }
175
+ sessionId: {
176
+ type: "string"
177
+ },
178
+ verifiedAuthenticationRequest: {
179
+ type: "object",
180
+ properties: {
181
+ additionalProperties: true
182
+ }
183
+ },
184
+ credentialFilter: {
185
+ type: "object",
186
+ properties: {
187
+ additionalProperties: true
188
+ }
189
+ },
190
+ additionalProperties: false
191
+ },
192
+ required: ["sessionId", "verifiedAuthenticationRequest"],
193
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
210
194
  },
211
- vpResponseOpts: {
195
+ IAuthRequestDetails: {
212
196
  type: "object",
213
197
  properties: {
214
- additionalProperties: true
215
- }
216
- },
217
- additionalProperties: false
218
- },
219
- required: ["id", "vpResponseOpts"],
220
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
221
- },
222
- IVerifySiopAuthenticationRequestUriArgs: {
223
- type: "object",
224
- properties: {
225
- sessionId: {
226
- type: "string"
198
+ id: {
199
+ type: "string"
200
+ },
201
+ alsoKnownAs: {
202
+ type: "array",
203
+ items: {
204
+ type: "string"
205
+ }
206
+ },
207
+ vpResponseOpts: {
208
+ type: "object",
209
+ properties: {
210
+ additionalProperties: true
211
+ }
212
+ },
213
+ additionalProperties: false
214
+ },
215
+ required: ["id", "vpResponseOpts"],
216
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
227
217
  },
228
- ParsedAuthenticationRequestURI: {
218
+ IVerifySiopAuthenticationRequestUriArgs: {
229
219
  type: "object",
230
220
  properties: {
231
- additionalProperties: true
232
- }
221
+ sessionId: {
222
+ type: "string"
223
+ },
224
+ ParsedAuthenticationRequestURI: {
225
+ type: "object",
226
+ properties: {
227
+ additionalProperties: true
228
+ }
229
+ },
230
+ additionalProperties: false
231
+ },
232
+ required: ["sessionId", "ParsedAuthenticationRequestURI"],
233
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
233
234
  },
234
- additionalProperties: false
235
- },
236
- required: ["sessionId", "ParsedAuthenticationRequestURI"],
237
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
238
- },
239
- VerifiedAuthorizationRequest: {
240
- type: "object",
241
- properties: {
242
- payload: {
235
+ VerifiedAuthorizationRequest: {
243
236
  type: "object",
244
237
  properties: {
245
- additionalProperties: true
246
- }
238
+ payload: {
239
+ type: "object",
240
+ properties: {
241
+ additionalProperties: true
242
+ }
243
+ },
244
+ presentationDefinitions: {
245
+ type: "object",
246
+ properties: {
247
+ additionalProperties: true
248
+ }
249
+ },
250
+ verifyOpts: {
251
+ type: "object",
252
+ properties: {
253
+ additionalProperties: true
254
+ }
255
+ },
256
+ additionalProperties: false
257
+ },
258
+ required: ["payload", "verifyOpts"],
259
+ description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
247
260
  },
248
- presentationDefinitions: {
261
+ ISendSiopAuthenticationResponseArgs: {
249
262
  type: "object",
250
263
  properties: {
251
- additionalProperties: true
252
- }
264
+ sessionId: {
265
+ type: "string"
266
+ },
267
+ verifiedAuthenticationRequest: {
268
+ type: "object",
269
+ properties: {
270
+ additionalProperties: true
271
+ }
272
+ },
273
+ verifiablePresentationResponse: {
274
+ type: "object",
275
+ properties: {
276
+ additionalProperties: true
277
+ }
278
+ },
279
+ additionalProperties: false
280
+ },
281
+ required: ["sessionId", "verifiedAuthenticationRequest"],
282
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
283
+ }
284
+ },
285
+ methods: {
286
+ getSessionForSiop: {
287
+ description: "Get SIOP session",
288
+ arguments: {
289
+ $ref: "#/components/schemas/IGetSiopSessionArgs"
290
+ },
291
+ returnType: "object"
253
292
  },
254
- verifyOpts: {
255
- type: "object",
256
- properties: {
257
- additionalProperties: true
293
+ registerSessionForSiop: {
294
+ description: "Register SIOP session",
295
+ arguments: {
296
+ $ref: "#/components/schemas/IRegisterSiopSessionArgs"
297
+ },
298
+ returnType: "object"
299
+ },
300
+ removeSessionForSiop: {
301
+ description: "Remove SIOP session",
302
+ arguments: {
303
+ $ref: "#/components/schemas/IRemoveSiopSessionArgs"
304
+ },
305
+ returnType: "boolean"
306
+ },
307
+ authenticateWithSiop: {
308
+ description: "Authenticate using DID Auth SIOP",
309
+ arguments: {
310
+ $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
311
+ },
312
+ returnType: {
313
+ $ref: "#/components/schemas/Response"
258
314
  }
259
315
  },
260
- additionalProperties: false
261
- },
262
- required: ["payload", "verifyOpts"],
263
- description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
264
- },
265
- ISendSiopAuthenticationResponseArgs: {
266
- type: "object",
267
- properties: {
268
- sessionId: {
269
- type: "string"
316
+ getSiopAuthenticationRequestFromRP: {
317
+ description: "Get authentication request from RP",
318
+ arguments: {
319
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
320
+ },
321
+ returnType: {
322
+ $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
323
+ }
270
324
  },
271
- verifiedAuthenticationRequest: {
272
- type: "object",
273
- properties: {
274
- additionalProperties: true
325
+ getSiopAuthenticationRequestDetails: {
326
+ description: "Get authentication request details",
327
+ arguments: {
328
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
329
+ },
330
+ returnType: {
331
+ $ref: "#/components/schemas/IAuthRequestDetails"
275
332
  }
276
333
  },
277
- verifiablePresentationResponse: {
278
- type: "object",
279
- properties: {
280
- additionalProperties: true
334
+ verifySiopAuthenticationRequestURI: {
335
+ description: "Verify authentication request URI",
336
+ arguments: {
337
+ $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
338
+ },
339
+ returnType: {
340
+ $ref: "#/components/schemas/VerifiedAuthorizationRequest"
281
341
  }
282
342
  },
283
- additionalProperties: false
284
- },
285
- required: ["sessionId", "verifiedAuthenticationRequest"],
286
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
287
- }
288
- },
289
- methods: {
290
- getSessionForSiop: {
291
- description: "Get SIOP session",
292
- arguments: {
293
- $ref: "#/components/schemas/IGetSiopSessionArgs"
294
- },
295
- returnType: "object"
296
- },
297
- registerSessionForSiop: {
298
- description: "Register SIOP session",
299
- arguments: {
300
- $ref: "#/components/schemas/IRegisterSiopSessionArgs"
301
- },
302
- returnType: "object"
303
- },
304
- removeSessionForSiop: {
305
- description: "Remove SIOP session",
306
- arguments: {
307
- $ref: "#/components/schemas/IRemoveSiopSessionArgs"
308
- },
309
- returnType: "boolean"
310
- },
311
- authenticateWithSiop: {
312
- description: "Authenticate using DID Auth SIOP",
313
- arguments: {
314
- $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
315
- },
316
- returnType: {
317
- $ref: "#/components/schemas/Response"
318
- }
319
- },
320
- getSiopAuthenticationRequestFromRP: {
321
- description: "Get authentication request from RP",
322
- arguments: {
323
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
324
- },
325
- returnType: {
326
- $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
327
- }
328
- },
329
- getSiopAuthenticationRequestDetails: {
330
- description: "Get authentication request details",
331
- arguments: {
332
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
333
- },
334
- returnType: {
335
- $ref: "#/components/schemas/IAuthRequestDetails"
336
- }
337
- },
338
- verifySiopAuthenticationRequestURI: {
339
- description: "Verify authentication request URI",
340
- arguments: {
341
- $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
342
- },
343
- returnType: {
344
- $ref: "#/components/schemas/VerifiedAuthorizationRequest"
345
- }
346
- },
347
- sendSiopAuthenticationResponse: {
348
- description: "Send authentication response",
349
- arguments: {
350
- $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
351
- },
352
- returnType: {
353
- $ref: "#/components/schemas/IRequiredContext"
343
+ sendSiopAuthenticationResponse: {
344
+ description: "Send authentication response",
345
+ arguments: {
346
+ $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
347
+ },
348
+ returnType: {
349
+ $ref: "#/components/schemas/IRequiredContext"
350
+ }
351
+ }
354
352
  }
355
353
  }
356
354
  }
357
- }
355
+ };
358
356
  }
359
- };
357
+ });
358
+
359
+ // src/index.ts
360
+ var index_exports = {};
361
+ __export(index_exports, {
362
+ SIOPv2RP: () => SIOPv2RP,
363
+ VerifiedDataMode: () => VerifiedDataMode,
364
+ schema: () => schema
365
+ });
366
+ module.exports = __toCommonJS(index_exports);
360
367
 
361
368
  // src/agent/SIOPv2RP.ts
362
369
  var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
363
370
  var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
364
- var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
365
- var import_uuid2 = require("uuid");
366
371
  var import_ssi_types2 = require("@sphereon/ssi-types");
367
372
  var import_dcql = require("dcql");
368
373
 
@@ -378,7 +383,7 @@ function getRequestVersion(rpOptions) {
378
383
  if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
379
384
  return rpOptions.supportedVersions[0];
380
385
  }
381
- return import_did_auth_siop.SupportedVersion.OID4VP_v1;
386
+ return import_did_auth_siop.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
382
387
  }
383
388
  __name(getRequestVersion, "getRequestVersion");
384
389
  function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -393,33 +398,6 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
393
398
  };
394
399
  }
395
400
  __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
396
- function getDcqlQueryLookupCallback(context) {
397
- async function dcqlQueryLookup(queryId, version, tenantId) {
398
- const result = await context.agent.pdmGetDefinitions({
399
- filter: [
400
- {
401
- queryId,
402
- ...tenantId && {
403
- tenantId
404
- },
405
- ...version && {
406
- version
407
- }
408
- },
409
- {
410
- id: queryId
411
- }
412
- ]
413
- });
414
- if (result && result.length > 0) {
415
- return result[0].query;
416
- }
417
- return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
418
- }
419
- __name(dcqlQueryLookup, "dcqlQueryLookup");
420
- return dcqlQueryLookup;
421
- }
422
- __name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
423
401
  function getPresentationVerificationCallback(idOpts, context) {
424
402
  async function presentationVerificationCallback(args, presentationSubmission) {
425
403
  if (import_ssi_types.CredentialMapper.isSdJwtEncoded(args)) {
@@ -459,8 +437,27 @@ function getPresentationVerificationCallback(idOpts, context) {
459
437
  }
460
438
  __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
461
439
  async function createRPBuilder(args) {
462
- const { rpOpts, context } = args;
440
+ const { rpOpts, pexOpts, context } = args;
463
441
  const { identifierOpts } = rpOpts;
442
+ let definition = args.definition;
443
+ let dcqlQuery = args.dcql;
444
+ if (!definition && pexOpts && pexOpts.definitionId) {
445
+ const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
446
+ filter: [
447
+ {
448
+ definitionId: pexOpts.definitionId,
449
+ version: pexOpts.version,
450
+ tenantId: pexOpts.tenantId
451
+ }
452
+ ]
453
+ });
454
+ if (presentationDefinitionItems.length > 0) {
455
+ const presentationDefinitionItem = presentationDefinitionItems[0];
456
+ if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
457
+ dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
458
+ }
459
+ }
460
+ }
464
461
  const didMethods = identifierOpts.supportedDIDMethods ?? await (0, import_ssi_sdk_ext.getAgentDIDMethods)(context);
465
462
  const eventEmitter = rpOpts.eventEmitter ?? new import_events.EventEmitter();
466
463
  const defaultClientMetadata = {
@@ -515,27 +512,29 @@ async function createRPBuilder(args) {
515
512
  const builder = import_did_auth_siop.RP.builder({
516
513
  requestVersion: getRequestVersion(rpOpts)
517
514
  }).withScope("openid", import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? import_did_auth_siop.ResponseMode.POST).withResponseType(import_did_auth_siop.ResponseType.VP_TOKEN, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
518
- import_did_auth_siop.SupportedVersion.OID4VP_v1,
519
- import_did_auth_siop.SupportedVersion.SIOPv2_OID4VP_D28
515
+ import_did_auth_siop.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
516
+ import_did_auth_siop.SupportedVersion.SIOPv2_ID1,
517
+ import_did_auth_siop.SupportedVersion.SIOPv2_D11
520
518
  ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new import_did_auth_siop.InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
521
519
  resolver,
522
520
  verifyOpts: {
523
521
  wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
524
522
  checkLinkedDomain: "if_present"
525
523
  }
526
- }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
524
+ }, context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
527
525
  const oidfOpts = identifierOpts.oidfOpts;
528
526
  if (oidfOpts && (0, import_ssi_sdk_ext2.isExternalIdentifierOIDFEntityIdOpts)(oidfOpts)) {
529
527
  builder.withEntityId(oidfOpts.identifier, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
530
528
  } else {
531
529
  const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts);
532
- const clientId = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? ((0, import_ssi_sdk_ext2.isManagedIdentifierDidResult)(resolution) ? resolution.did : resolution.jwkThumbprint);
533
- const clientIdPrefixed = prefixClientId(clientId);
534
- builder.withClientId(clientIdPrefixed, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
530
+ builder.withClientId(resolution.issuer ?? ((0, import_ssi_sdk_ext2.isManagedIdentifierDidResult)(resolution) ? resolution.did : resolution.jwkThumbprint), import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
535
531
  }
536
532
  if (hasher) {
537
533
  builder.withHasher(hasher);
538
534
  }
535
+ if (dcqlQuery) {
536
+ builder.withDcqlQuery(dcqlQuery);
537
+ }
539
538
  if (rpOpts.responseRedirectUri) {
540
539
  builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
541
540
  }
@@ -592,13 +591,6 @@ function getSigningAlgo(type) {
592
591
  }
593
592
  }
594
593
  __name(getSigningAlgo, "getSigningAlgo");
595
- function prefixClientId(clientId) {
596
- if (clientId.startsWith("did:")) {
597
- return `${import_did_auth_siop.ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;
598
- }
599
- return clientId;
600
- }
601
- __name(prefixClientId, "prefixClientId");
602
594
 
603
595
  // src/RPInstance.ts
604
596
  var import_uuid = require("uuid");
@@ -608,16 +600,17 @@ var RPInstance = class {
608
600
  __name(this, "RPInstance");
609
601
  }
610
602
  _rp;
611
- _presentationOptions;
603
+ _pexOptions;
612
604
  _rpOptions;
613
605
  constructor({ rpOpts, pexOpts }) {
614
606
  this._rpOptions = rpOpts;
615
- this._presentationOptions = pexOpts;
607
+ this._pexOptions = pexOpts;
616
608
  }
617
609
  async get(context) {
618
610
  if (!this._rp) {
619
611
  const builder = await createRPBuilder({
620
612
  rpOpts: this._rpOptions,
613
+ pexOpts: this._pexOptions,
621
614
  context
622
615
  });
623
616
  this._rp = builder.build();
@@ -627,11 +620,23 @@ var RPInstance = class {
627
620
  get rpOptions() {
628
621
  return this._rpOptions;
629
622
  }
630
- get presentationOptions() {
631
- return this._presentationOptions;
623
+ get pexOptions() {
624
+ return this._pexOptions;
625
+ }
626
+ hasDefinition() {
627
+ return this.definitionId !== void 0;
628
+ }
629
+ get definitionId() {
630
+ return this.pexOptions?.definitionId;
631
+ }
632
+ async getPresentationDefinition(context) {
633
+ return this.definitionId ? await context.agent.pexStoreGetDefinition({
634
+ definitionId: this.definitionId,
635
+ tenantId: this.pexOptions?.tenantId
636
+ }) : void 0;
632
637
  }
633
638
  async createAuthorizationRequestURI(createArgs, context) {
634
- const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
639
+ const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
635
640
  const nonce = createArgs.nonce ?? (0, import_uuid.v4)();
636
641
  const state = createArgs.state ?? correlationId;
637
642
  let jwtIssuer;
@@ -659,15 +664,13 @@ var RPInstance = class {
659
664
  return await this.get(context).then((rp) => rp.createAuthorizationRequestURI({
660
665
  version: getRequestVersion(this.rpOptions),
661
666
  correlationId,
662
- queryId,
663
667
  nonce,
664
668
  state,
665
669
  claims,
666
670
  requestByReferenceURI,
667
671
  responseURI,
668
672
  responseURIType,
669
- jwtIssuer,
670
- callback
673
+ jwtIssuer
671
674
  }));
672
675
  }
673
676
  async createAuthorizationRequest(createArgs, context) {
@@ -708,6 +711,7 @@ var RPInstance = class {
708
711
  };
709
712
 
710
713
  // src/agent/SIOPv2RP.ts
714
+ var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
711
715
  var SIOPv2RP = class _SIOPv2RP {
712
716
  static {
713
717
  __name(this, "SIOPv2RP");
@@ -715,7 +719,7 @@ var SIOPv2RP = class _SIOPv2RP {
715
719
  opts;
716
720
  static _DEFAULT_OPTS_KEY = "_default";
717
721
  instances = /* @__PURE__ */ new Map();
718
- schema = plugin_schema_default.IDidAuthSiopOpAuthenticator;
722
+ schema = schema.IDidAuthSiopOpAuthenticator;
719
723
  methods = {
720
724
  siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),
721
725
  siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),
@@ -745,36 +749,30 @@ var SIOPv2RP = class _SIOPv2RP {
745
749
  }
746
750
  async createAuthorizationRequestURI(createArgs, context) {
747
751
  return await this.getRPInstance({
748
- createWhenNotPresent: true,
749
- responseRedirectURI: createArgs.responseRedirectURI,
750
- ...createArgs.useQueryIdInstance === true && {
751
- queryId: createArgs.queryId
752
- }
752
+ definitionId: createArgs.definitionId,
753
+ responseRedirectURI: createArgs.responseRedirectURI
753
754
  }, context).then((rp) => rp.createAuthorizationRequestURI(createArgs, context)).then((URI) => URI.encodedUri);
754
755
  }
755
756
  async createAuthorizationRequestPayloads(createArgs, context) {
756
757
  return await this.getRPInstance({
757
- createWhenNotPresent: true,
758
- queryId: createArgs.queryId
758
+ definitionId: createArgs.definitionId
759
759
  }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
760
760
  const authRequest = {
761
761
  authorizationRequest: request.payload,
762
762
  requestObject: await request.requestObjectJwt(),
763
- requestObjectDecoded: request.requestObject?.getPayload()
763
+ requestObjectDecoded: await request.requestObject?.getPayload()
764
764
  };
765
765
  return authRequest;
766
766
  });
767
767
  }
768
768
  async siopGetRequestState(args, context) {
769
769
  return await this.getRPInstance({
770
- createWhenNotPresent: false,
771
- queryId: args.queryId
770
+ definitionId: args.definitionId
772
771
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
773
772
  }
774
773
  async siopGetResponseState(args, context) {
775
774
  const rpInstance = await this.getRPInstance({
776
- createWhenNotPresent: false,
777
- queryId: args.queryId
775
+ definitionId: args.definitionId
778
776
  }, context);
779
777
  const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
780
778
  if (authorizationResponseState === void 0) {
@@ -827,12 +825,11 @@ var SIOPv2RP = class _SIOPv2RP {
827
825
  }
828
826
  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => import_ssi_types2.CredentialMapper.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : import_ssi_types2.CredentialMapper.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
829
827
  async siopUpdateRequestState(args, context) {
830
- if (args.state !== "authorization_request_created") {
831
- throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
828
+ if (args.state !== "sent") {
829
+ throw Error(`Only 'sent' status is supported for this method at this point`);
832
830
  }
833
831
  return await this.getRPInstance({
834
- createWhenNotPresent: false,
835
- queryId: args.queryId
832
+ definitionId: args.definitionId
836
833
  }, context).then((rp) => rp.get(context).then(async (rp2) => {
837
834
  await rp2.signalAuthRequestRetrieved({
838
835
  correlationId: args.correlationId,
@@ -843,8 +840,7 @@ var SIOPv2RP = class _SIOPv2RP {
843
840
  }
844
841
  async siopDeleteState(args, context) {
845
842
  return await this.getRPInstance({
846
- createWhenNotPresent: false,
847
- queryId: args.queryId
843
+ definitionId: args.definitionId
848
844
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
849
845
  }
850
846
  async siopVerifyAuthResponse(args, context) {
@@ -853,27 +849,42 @@ var SIOPv2RP = class _SIOPv2RP {
853
849
  }
854
850
  const authResponse = typeof args.authorizationResponse === "string" ? (0, import_did_auth_siop2.decodeUriAsJson)(args.authorizationResponse) : args.authorizationResponse;
855
851
  return await this.getRPInstance({
856
- createWhenNotPresent: false,
857
- queryId: args.queryId
852
+ definitionId: args.definitionId
858
853
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
859
854
  correlationId: args.correlationId,
860
- ...args.dcqlQuery ? {
861
- dcqlQuery: args.dcqlQuery
855
+ ...args.dcqlQueryPayload ? {
856
+ dcqlQuery: args.dcqlQueryPayload.dcqlQuery
862
857
  } : {},
863
858
  audience: args.audience
864
859
  })));
865
860
  }
866
861
  async siopImportDefinitions(args, context) {
867
- const { importItems, tenantId, version, versionControlMode } = args;
868
- await Promise.all(importItems.map(async (importItem) => {
869
- import_dcql.DcqlQuery.validate(importItem.query);
870
- console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
862
+ const { definitions, tenantId, version, versionControlMode } = args;
863
+ await Promise.all(definitions.map(async (definitionPair) => {
864
+ const definitionPayload = definitionPair.definitionPayload;
865
+ if (!definitionPayload && !definitionPair.dcqlPayload) {
866
+ return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
867
+ }
868
+ let definitionId;
869
+ if (definitionPair.dcqlPayload) {
870
+ import_dcql.DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery);
871
+ console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`);
872
+ definitionId = definitionPair.dcqlPayload.queryId;
873
+ }
874
+ if (definitionPayload) {
875
+ await context.agent.pexValidateDefinition({
876
+ definition: definitionPayload
877
+ });
878
+ console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
879
+ definitionId = definitionPayload.id;
880
+ }
871
881
  return context.agent.pdmPersistDefinition({
872
882
  definitionItem: {
873
- queryId: importItem.queryId,
883
+ definitionId,
874
884
  tenantId,
875
885
  version,
876
- query: importItem.query
886
+ definitionPayload,
887
+ dcqlPayload: definitionPair.dcqlPayload
877
888
  },
878
889
  opts: {
879
890
  versionControlMode
@@ -882,7 +893,7 @@ var SIOPv2RP = class _SIOPv2RP {
882
893
  }));
883
894
  }
884
895
  async siopGetRedirectURI(args, context) {
885
- const instanceId = args.queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
896
+ const instanceId = args.definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
886
897
  if (this.instances.has(instanceId)) {
887
898
  const rpInstance = this.instances.get(instanceId);
888
899
  if (rpInstance !== void 0) {
@@ -898,40 +909,12 @@ var SIOPv2RP = class _SIOPv2RP {
898
909
  }
899
910
  return void 0;
900
911
  }
901
- async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
902
- let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
903
- let rpInstance;
904
- if (queryId) {
905
- if (this.instances.has(queryId)) {
906
- rpInstanceId = queryId;
907
- rpInstance = this.instances.get(rpInstanceId);
908
- } else if ((0, import_uuid2.validate)(queryId)) {
909
- try {
910
- const pd = await context.agent.pdmGetDefinition({
911
- itemId: queryId
912
- });
913
- if (this.instances.has(pd.queryId)) {
914
- rpInstanceId = pd.queryId;
915
- rpInstance = this.instances.get(rpInstanceId);
916
- }
917
- } catch (ignore) {
918
- }
919
- }
920
- if (createWhenNotPresent) {
921
- rpInstanceId = queryId;
922
- } else {
923
- rpInstance = this.instances.get(rpInstanceId);
924
- }
925
- } else {
926
- rpInstance = this.instances.get(rpInstanceId);
927
- }
928
- if (!rpInstance) {
929
- if (!createWhenNotPresent) {
930
- return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
931
- }
932
- const instanceOpts = this.getInstanceOpts(queryId);
912
+ async getRPInstance({ definitionId, responseRedirectURI }, context) {
913
+ const instanceId = definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
914
+ if (!this.instances.has(instanceId)) {
915
+ const instanceOpts = this.getInstanceOpts(definitionId);
933
916
  const rpOpts = await this.getRPOptions(context, {
934
- queryId,
917
+ definitionId,
935
918
  responseRedirectURI
936
919
  });
937
920
  if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== "function") {
@@ -943,29 +926,29 @@ var SIOPv2RP = class _SIOPv2RP {
943
926
  ...rpOpts.identifierOpts.resolveOpts
944
927
  };
945
928
  }
946
- console.log("Using agent DID resolver for RP instance with definition id " + queryId);
929
+ console.log("Using agent DID resolver for RP instance with definition id " + definitionId);
947
930
  rpOpts.identifierOpts.resolveOpts.resolver = (0, import_ssi_sdk_ext4.getAgentResolver)(context, {
948
931
  uniresolverResolution: true,
949
932
  localResolution: true,
950
933
  resolverResolution: true
951
934
  });
952
935
  }
953
- rpInstance = new RPInstance({
936
+ this.instances.set(instanceId, new RPInstance({
954
937
  rpOpts,
955
938
  pexOpts: instanceOpts
956
- });
957
- this.instances.set(rpInstanceId, rpInstance);
939
+ }));
958
940
  }
941
+ const rpInstance = this.instances.get(instanceId);
959
942
  if (responseRedirectURI) {
960
943
  rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
961
944
  }
962
945
  return rpInstance;
963
946
  }
964
947
  async getRPOptions(context, opts) {
965
- const { queryId, responseRedirectURI } = opts;
966
- const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts;
948
+ const { definitionId, responseRedirectURI } = opts;
949
+ const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts;
967
950
  if (!options) {
968
- throw Error(`Could not get specific nor default options for definition ${queryId}`);
951
+ throw Error(`Could not get specific nor default options for definition ${definitionId}`);
969
952
  }
970
953
  if (this.opts.defaultOpts) {
971
954
  if (!options.identifierOpts) {
@@ -997,20 +980,20 @@ var SIOPv2RP = class _SIOPv2RP {
997
980
  }
998
981
  return options;
999
982
  }
1000
- getInstanceOpts(queryId) {
983
+ getInstanceOpts(definitionId) {
1001
984
  if (!this.opts.instanceOpts) return void 0;
1002
- const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
1003
- return instanceOpt ?? this.getDefaultOptions(queryId);
985
+ const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : void 0;
986
+ return instanceOpt ?? this.getDefaultOptions(definitionId);
1004
987
  }
1005
- getDefaultOptions(queryId) {
988
+ getDefaultOptions(definitionId) {
1006
989
  if (!this.opts.instanceOpts) return void 0;
1007
- const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
990
+ const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === "default");
1008
991
  if (defaultOptions) {
1009
992
  const clonedOptions = {
1010
993
  ...defaultOptions
1011
994
  };
1012
- if (queryId !== void 0) {
1013
- clonedOptions.queryId = queryId;
995
+ if (definitionId !== void 0) {
996
+ clonedOptions.definitionId = definitionId;
1014
997
  }
1015
998
  return clonedOptions;
1016
999
  }
@@ -1025,4 +1008,7 @@ var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
1025
1008
  VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
1026
1009
  return VerifiedDataMode2;
1027
1010
  })({});
1011
+
1012
+ // src/index.ts
1013
+ var schema = require_plugin_schema();
1028
1014
  //# sourceMappingURL=index.cjs.map