@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.57.uni.client.206 → 0.34.1-feature.SSISDK.58.host.nonce.endpoint.194

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/index.cjs +57 -84
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +14 -10
  4. package/dist/index.d.ts +14 -10
  5. package/dist/index.js +57 -84
  6. package/dist/index.js.map +1 -1
  7. package/package.json +14 -14
  8. package/src/RPInstance.ts +26 -7
  9. package/src/agent/SIOPv2RP.ts +24 -55
  10. package/src/functions.ts +41 -40
  11. package/src/types/ISIOPv2RP.ts +6 -5
package/dist/index.cjs CHANGED
@@ -362,7 +362,6 @@ var plugin_schema_default = {
362
362
  var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
363
363
  var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
364
364
  var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
365
- var import_uuid2 = require("uuid");
366
365
  var import_ssi_types2 = require("@sphereon/ssi-types");
367
366
  var import_dcql = require("dcql");
368
367
 
@@ -378,7 +377,7 @@ function getRequestVersion(rpOptions) {
378
377
  if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
379
378
  return rpOptions.supportedVersions[0];
380
379
  }
381
- return import_did_auth_siop.SupportedVersion.OID4VP_v1;
380
+ return import_did_auth_siop.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
382
381
  }
383
382
  __name(getRequestVersion, "getRequestVersion");
384
383
  function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -393,33 +392,6 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
393
392
  };
394
393
  }
395
394
  __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
396
- function getDcqlQueryLookupCallback(context) {
397
- async function dcqlQueryLookup(queryId, version, tenantId) {
398
- const result = await context.agent.pdmGetDefinitions({
399
- filter: [
400
- {
401
- queryId,
402
- ...tenantId && {
403
- tenantId
404
- },
405
- ...version && {
406
- version
407
- }
408
- },
409
- {
410
- id: queryId
411
- }
412
- ]
413
- });
414
- if (result && result.length > 0) {
415
- return result[0].query;
416
- }
417
- return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
418
- }
419
- __name(dcqlQueryLookup, "dcqlQueryLookup");
420
- return dcqlQueryLookup;
421
- }
422
- __name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
423
395
  function getPresentationVerificationCallback(idOpts, context) {
424
396
  async function presentationVerificationCallback(args, presentationSubmission) {
425
397
  if (import_ssi_types.CredentialMapper.isSdJwtEncoded(args)) {
@@ -459,8 +431,27 @@ function getPresentationVerificationCallback(idOpts, context) {
459
431
  }
460
432
  __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
461
433
  async function createRPBuilder(args) {
462
- const { rpOpts, context } = args;
434
+ const { rpOpts, pexOpts, context } = args;
463
435
  const { identifierOpts } = rpOpts;
436
+ let definition = args.definition;
437
+ let dcqlQuery = args.dcql;
438
+ if (!definition && pexOpts && pexOpts.queryId) {
439
+ const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
440
+ filter: [
441
+ {
442
+ queryId: pexOpts.queryId,
443
+ version: pexOpts.version,
444
+ tenantId: pexOpts.tenantId
445
+ }
446
+ ]
447
+ });
448
+ if (presentationDefinitionItems.length > 0) {
449
+ const presentationDefinitionItem = presentationDefinitionItems[0];
450
+ if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
451
+ dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
452
+ }
453
+ }
454
+ }
464
455
  const didMethods = identifierOpts.supportedDIDMethods ?? await (0, import_ssi_sdk_ext.getAgentDIDMethods)(context);
465
456
  const eventEmitter = rpOpts.eventEmitter ?? new import_events.EventEmitter();
466
457
  const defaultClientMetadata = {
@@ -515,15 +506,16 @@ async function createRPBuilder(args) {
515
506
  const builder = import_did_auth_siop.RP.builder({
516
507
  requestVersion: getRequestVersion(rpOpts)
517
508
  }).withScope("openid", import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? import_did_auth_siop.ResponseMode.POST).withResponseType(import_did_auth_siop.ResponseType.VP_TOKEN, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
518
- import_did_auth_siop.SupportedVersion.OID4VP_v1,
519
- import_did_auth_siop.SupportedVersion.SIOPv2_OID4VP_D28
509
+ import_did_auth_siop.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
510
+ import_did_auth_siop.SupportedVersion.SIOPv2_ID1,
511
+ import_did_auth_siop.SupportedVersion.SIOPv2_D11
520
512
  ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new import_did_auth_siop.InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
521
513
  resolver,
522
514
  verifyOpts: {
523
515
  wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
524
516
  checkLinkedDomain: "if_present"
525
517
  }
526
- }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
518
+ }, context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
527
519
  const oidfOpts = identifierOpts.oidfOpts;
528
520
  if (oidfOpts && (0, import_ssi_sdk_ext2.isExternalIdentifierOIDFEntityIdOpts)(oidfOpts)) {
529
521
  builder.withEntityId(oidfOpts.identifier, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
@@ -536,6 +528,9 @@ async function createRPBuilder(args) {
536
528
  if (hasher) {
537
529
  builder.withHasher(hasher);
538
530
  }
531
+ if (dcqlQuery) {
532
+ builder.withDcqlQuery(dcqlQuery);
533
+ }
539
534
  if (rpOpts.responseRedirectUri) {
540
535
  builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
541
536
  }
@@ -608,16 +603,17 @@ var RPInstance = class {
608
603
  __name(this, "RPInstance");
609
604
  }
610
605
  _rp;
611
- _presentationOptions;
606
+ _pexOptions;
612
607
  _rpOptions;
613
608
  constructor({ rpOpts, pexOpts }) {
614
609
  this._rpOptions = rpOpts;
615
- this._presentationOptions = pexOpts;
610
+ this._pexOptions = pexOpts;
616
611
  }
617
612
  async get(context) {
618
613
  if (!this._rp) {
619
614
  const builder = await createRPBuilder({
620
615
  rpOpts: this._rpOptions,
616
+ pexOpts: this._pexOptions,
621
617
  context
622
618
  });
623
619
  this._rp = builder.build();
@@ -627,8 +623,20 @@ var RPInstance = class {
627
623
  get rpOptions() {
628
624
  return this._rpOptions;
629
625
  }
630
- get presentationOptions() {
631
- return this._presentationOptions;
626
+ get pexOptions() {
627
+ return this._pexOptions;
628
+ }
629
+ hasDefinition() {
630
+ return this.definitionId !== void 0;
631
+ }
632
+ get definitionId() {
633
+ return this.pexOptions?.queryId;
634
+ }
635
+ async getPresentationDefinition(context) {
636
+ return this.definitionId ? await context.agent.pexStoreGetDefinition({
637
+ definitionId: this.definitionId,
638
+ tenantId: this.pexOptions?.tenantId
639
+ }) : void 0;
632
640
  }
633
641
  async createAuthorizationRequestURI(createArgs, context) {
634
642
  const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
@@ -745,7 +753,6 @@ var SIOPv2RP = class _SIOPv2RP {
745
753
  }
746
754
  async createAuthorizationRequestURI(createArgs, context) {
747
755
  return await this.getRPInstance({
748
- createWhenNotPresent: true,
749
756
  responseRedirectURI: createArgs.responseRedirectURI,
750
757
  ...createArgs.useQueryIdInstance === true && {
751
758
  queryId: createArgs.queryId
@@ -754,7 +761,6 @@ var SIOPv2RP = class _SIOPv2RP {
754
761
  }
755
762
  async createAuthorizationRequestPayloads(createArgs, context) {
756
763
  return await this.getRPInstance({
757
- createWhenNotPresent: true,
758
764
  queryId: createArgs.queryId
759
765
  }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
760
766
  const authRequest = {
@@ -767,13 +773,11 @@ var SIOPv2RP = class _SIOPv2RP {
767
773
  }
768
774
  async siopGetRequestState(args, context) {
769
775
  return await this.getRPInstance({
770
- createWhenNotPresent: false,
771
776
  queryId: args.queryId
772
777
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
773
778
  }
774
779
  async siopGetResponseState(args, context) {
775
780
  const rpInstance = await this.getRPInstance({
776
- createWhenNotPresent: false,
777
781
  queryId: args.queryId
778
782
  }, context);
779
783
  const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
@@ -831,7 +835,6 @@ var SIOPv2RP = class _SIOPv2RP {
831
835
  throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
832
836
  }
833
837
  return await this.getRPInstance({
834
- createWhenNotPresent: false,
835
838
  queryId: args.queryId
836
839
  }, context).then((rp) => rp.get(context).then(async (rp2) => {
837
840
  await rp2.signalAuthRequestRetrieved({
@@ -843,7 +846,6 @@ var SIOPv2RP = class _SIOPv2RP {
843
846
  }
844
847
  async siopDeleteState(args, context) {
845
848
  return await this.getRPInstance({
846
- createWhenNotPresent: false,
847
849
  queryId: args.queryId
848
850
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
849
851
  }
@@ -853,7 +855,6 @@ var SIOPv2RP = class _SIOPv2RP {
853
855
  }
854
856
  const authResponse = typeof args.authorizationResponse === "string" ? (0, import_did_auth_siop2.decodeUriAsJson)(args.authorizationResponse) : args.authorizationResponse;
855
857
  return await this.getRPInstance({
856
- createWhenNotPresent: false,
857
858
  queryId: args.queryId
858
859
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
859
860
  correlationId: args.correlationId,
@@ -898,37 +899,9 @@ var SIOPv2RP = class _SIOPv2RP {
898
899
  }
899
900
  return void 0;
900
901
  }
901
- async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
902
- let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
903
- let rpInstance;
904
- if (queryId) {
905
- if (this.instances.has(queryId)) {
906
- rpInstanceId = queryId;
907
- rpInstance = this.instances.get(rpInstanceId);
908
- } else if ((0, import_uuid2.validate)(queryId)) {
909
- try {
910
- const pd = await context.agent.pdmGetDefinition({
911
- itemId: queryId
912
- });
913
- if (this.instances.has(pd.queryId)) {
914
- rpInstanceId = pd.queryId;
915
- rpInstance = this.instances.get(rpInstanceId);
916
- }
917
- } catch (ignore) {
918
- }
919
- }
920
- if (createWhenNotPresent) {
921
- rpInstanceId = queryId;
922
- } else {
923
- rpInstance = this.instances.get(rpInstanceId);
924
- }
925
- } else {
926
- rpInstance = this.instances.get(rpInstanceId);
927
- }
928
- if (!rpInstance) {
929
- if (!createWhenNotPresent) {
930
- return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
931
- }
902
+ async getRPInstance({ queryId, responseRedirectURI }, context) {
903
+ const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
904
+ if (!this.instances.has(instanceId)) {
932
905
  const instanceOpts = this.getInstanceOpts(queryId);
933
906
  const rpOpts = await this.getRPOptions(context, {
934
907
  queryId,
@@ -950,12 +923,12 @@ var SIOPv2RP = class _SIOPv2RP {
950
923
  resolverResolution: true
951
924
  });
952
925
  }
953
- rpInstance = new RPInstance({
926
+ this.instances.set(instanceId, new RPInstance({
954
927
  rpOpts,
955
928
  pexOpts: instanceOpts
956
- });
957
- this.instances.set(rpInstanceId, rpInstance);
929
+ }));
958
930
  }
931
+ const rpInstance = this.instances.get(instanceId);
959
932
  if (responseRedirectURI) {
960
933
  rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
961
934
  }
@@ -997,20 +970,20 @@ var SIOPv2RP = class _SIOPv2RP {
997
970
  }
998
971
  return options;
999
972
  }
1000
- getInstanceOpts(queryId) {
973
+ getInstanceOpts(definitionId) {
1001
974
  if (!this.opts.instanceOpts) return void 0;
1002
- const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
1003
- return instanceOpt ?? this.getDefaultOptions(queryId);
975
+ const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : void 0;
976
+ return instanceOpt ?? this.getDefaultOptions(definitionId);
1004
977
  }
1005
- getDefaultOptions(queryId) {
978
+ getDefaultOptions(definitionId) {
1006
979
  if (!this.opts.instanceOpts) return void 0;
1007
980
  const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
1008
981
  if (defaultOptions) {
1009
982
  const clonedOptions = {
1010
983
  ...defaultOptions
1011
984
  };
1012
- if (queryId !== void 0) {
1013
- clonedOptions.queryId = queryId;
985
+ if (definitionId !== void 0) {
986
+ clonedOptions.queryId = definitionId;
1014
987
  }
1015
988
  return clonedOptions;
1016
989
  }