npm - @sphereon/ssi-sdk.siopv2-oid4vp-rp-auth - Versions diffs - 0.34.1-feature.SSISDK.58.host.nonce.endpoint.145 → 0.34.1-feature.SSISDK.58.host.nonce.endpoint.194 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.58.host.nonce.endpoint.145 → 0.34.1-feature.SSISDK.58.host.nonce.endpoint.194

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/src/agent/SIOPv2RP.ts CHANGED Viewed

@@ -3,10 +3,13 @@ import {
   AuthorizationResponsePayload,
   AuthorizationResponseState,
   AuthorizationResponseStateStatus,
+  AuthorizationResponseStateWithVerifiedData,
   decodeUriAsJson,
-  VerifiedAuthorizationResponse,
+  VerifiedAuthorizationResponse
 } from '@sphereon/did-auth-siop'
 import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
+import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
+import type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'
 import {
   AdditionalClaims,
   CredentialMapper,
@@ -24,7 +27,6 @@ import {
 import { IAgentPlugin } from '@veramo/core'
 import { DcqlQuery } from 'dcql'
 import {
-  AuthorizationResponseStateWithVerifiedData,
   IAuthorizationRequestPayloads,
   ICreateAuthRequestArgs,
   IGetAuthRequestStateArgs,
@@ -43,9 +45,7 @@ import {
   VerifiedDataMode,
 } from '../index'
 import { RPInstance } from '../RPInstance'
 import { ISIOPv2RP } from '../types/ISIOPv2RP'
-import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
 export class SIOPv2RP implements IAgentPlugin {
   private readonly opts: ISiopv2RPOpts
@@ -85,7 +85,10 @@ export class SIOPv2RP implements IAgentPlugin {
   }
   private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {
-    return await this.getRPInstance({ definitionId: createArgs.definitionId, responseRedirectURI: createArgs.responseRedirectURI }, context)
+    return await this.getRPInstance(
+      { responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ) },
+      context,
+    )
       .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))
       .then((URI) => URI.encodedUri)
   }
@@ -94,21 +97,23 @@ export class SIOPv2RP implements IAgentPlugin {
     createArgs: ICreateAuthRequestArgs,
     context: IRequiredContext,
   ): Promise<IAuthorizationRequestPayloads> {
-    return await this.getRPInstance({ definitionId: createArgs.definitionId }, context)
+    return await this.getRPInstance({ queryId: createArgs.queryId }, context)
       .then((rp) => rp.createAuthorizationRequest(createArgs, context))
       .then(async (request) => {
         const authRequest: IAuthorizationRequestPayloads = {
           authorizationRequest: request.payload,
           requestObject: await request.requestObjectJwt(),
-          requestObjectDecoded: await request.requestObject?.getPayload(),
+          requestObjectDecoded: request.requestObject?.getPayload(),
         }
         return authRequest
       })
   }
   private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {
-    return await this.getRPInstance({ definitionId: args.definitionId }, context).then((rp) =>
-      rp.get(context).then((rp) => rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)),
+    return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>
+      rp.get(context).then((rp) =>
+        rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)
+      ),
     )
   }
@@ -116,7 +121,7 @@ export class SIOPv2RP implements IAgentPlugin {
     args: IGetAuthResponseStateArgs,
     context: IRequiredContext,
   ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {
-    const rpInstance: RPInstance = await this.getRPInstance({ definitionId: args.definitionId }, context)
+    const rpInstance: RPInstance = await this.getRPInstance({ queryId: args.queryId }, context)
     const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance
       .get(context)
       .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))
@@ -193,10 +198,10 @@ export class SIOPv2RP implements IAgentPlugin {
       : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)
   private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {
-    if (args.state !== 'sent') {
-      throw Error(`Only 'sent' status is supported for this method at this point`)
+    if (args.state !== 'authorization_request_created') {
+      throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)
     }
-    return await this.getRPInstance({ definitionId: args.definitionId }, context)
+    return await this.getRPInstance({ queryId: args.queryId }, context)
       // todo: In the SIOP library we need to update the signal method to be more like this method
       .then((rp) =>
         rp.get(context).then(async (rp) => {
@@ -210,7 +215,7 @@ export class SIOPv2RP implements IAgentPlugin {
   }
   private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {
-    return await this.getRPInstance({ definitionId: args.definitionId }, context)
+    return await this.getRPInstance({ queryId: args.queryId }, context)
       .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))
       .then(() => true)
   }
@@ -223,45 +228,30 @@ export class SIOPv2RP implements IAgentPlugin {
       typeof args.authorizationResponse === 'string'
         ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)
         : args.authorizationResponse
-    return await this.getRPInstance({ definitionId: args.definitionId }, context).then((rp) =>
+    return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>
       rp.get(context).then((rp) =>
         rp.verifyAuthorizationResponse(authResponse, {
           correlationId: args.correlationId,
-          ...(args.dcqlQueryPayload ? { dcqlQuery: args.dcqlQueryPayload.dcqlQuery } : {}),
-          audience: args.audience,
+            ...(args.dcqlQuery ? { dcqlQuery: args.dcqlQuery } : {}),
+            audience: args.audience,
         }),
       ),
     )
   }
   private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {
-    const { definitions, tenantId, version, versionControlMode } = args
+    const { importItems, tenantId, version, versionControlMode } = args
     await Promise.all(
-      definitions.map(async (definitionPair) => {
-        const definitionPayload = definitionPair.definitionPayload
-        if (!definitionPayload && !definitionPair.dcqlPayload) {
-          return Promise.reject(Error('Either dcqlPayload or definitionPayload must be suppplied'))
-        }
-        let definitionId: string
-        if (definitionPair.dcqlPayload) {
-          DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery)
-          console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`)
-          definitionId = definitionPair.dcqlPayload.queryId
-        }
-        if (definitionPayload) {
-          await context.agent.pexValidateDefinition({ definition: definitionPayload })
-          console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)
-          definitionId = definitionPayload.id
-        }
+      importItems.map(async (importItem: ImportDcqlQueryItem) => {
+        DcqlQuery.validate(importItem.query)
+        console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)
         return context.agent.pdmPersistDefinition({
           definitionItem: {
-            definitionId: definitionId!,
+            queryId: importItem.queryId!,
             tenantId: tenantId,
             version: version,
-            definitionPayload,
-            dcqlPayload: definitionPair.dcqlPayload,
+            query: importItem.query,
           },
           opts: { versionControlMode: versionControlMode },
         })
@@ -270,7 +260,7 @@ export class SIOPv2RP implements IAgentPlugin {
   }
   private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {
-    const instanceId = args.definitionId ?? SIOPv2RP._DEFAULT_OPTS_KEY
+    const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY
     if (this.instances.has(instanceId)) {
       const rpInstance = this.instances.get(instanceId)
       if (rpInstance !== undefined) {
@@ -285,17 +275,17 @@ export class SIOPv2RP implements IAgentPlugin {
     return undefined
   }
-  async getRPInstance({ definitionId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {
-    const instanceId = definitionId ?? SIOPv2RP._DEFAULT_OPTS_KEY
+  async getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {
+    const instanceId = queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY
     if (!this.instances.has(instanceId)) {
-      const instanceOpts = this.getInstanceOpts(definitionId)
-      const rpOpts = await this.getRPOptions(context, { definitionId, responseRedirectURI: responseRedirectURI })
+      const instanceOpts = this.getInstanceOpts(queryId)
+      const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })
       if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {
         if (!rpOpts.identifierOpts?.resolveOpts) {
           rpOpts.identifierOpts = { ...rpOpts.identifierOpts }
           rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }
         }
-        console.log('Using agent DID resolver for RP instance with definition id ' + definitionId)
+        console.log('Using agent DID resolver for RP instance with definition id ' + queryId)
         rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {
           uniresolverResolution: true,
           localResolution: true,
@@ -311,11 +301,11 @@ export class SIOPv2RP implements IAgentPlugin {
     return rpInstance
   }
-  async getRPOptions(context: IRequiredContext, opts: { definitionId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {
-    const { definitionId, responseRedirectURI: responseRedirectURI } = opts
-    const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts
+  async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {
+    const { queryId, responseRedirectURI: responseRedirectURI } = opts
+    const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts
     if (!options) {
-      throw Error(`Could not get specific nor default options for definition ${definitionId}`)
+      throw Error(`Could not get specific nor default options for definition ${queryId}`)
     }
     if (this.opts.defaultOpts) {
       if (!options.identifierOpts) {
@@ -349,7 +339,7 @@ export class SIOPv2RP implements IAgentPlugin {
   getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {
     if (!this.opts.instanceOpts) return undefined
-    const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : undefined
+    const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : undefined
     return instanceOpt ?? this.getDefaultOptions(definitionId)
   }
@@ -357,11 +347,11 @@ export class SIOPv2RP implements IAgentPlugin {
   private getDefaultOptions(definitionId: string | undefined) {
     if (!this.opts.instanceOpts) return undefined
-    const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === 'default')
+    const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')
     if (defaultOptions) {
       const clonedOptions = { ...defaultOptions }
       if (definitionId !== undefined) {
-        clonedOptions.definitionId = definitionId
+        clonedOptions.queryId = definitionId
       }
       return clonedOptions
     }

package/src/functions.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import {
+  ClientIdentifierPrefix,
   ClientMetadataOpts,
   InMemoryRPSessionManager,
   PassBy,
@@ -13,7 +14,7 @@ import {
   Scope,
   SubjectType,
   SupportedVersion,
-  VerifyJwtCallback,
+  VerifyJwtCallback
 } from '@sphereon/did-auth-siop'
 import { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'
 import { IPresentationDefinition } from '@sphereon/pex'
@@ -27,14 +28,8 @@ import {
 } from '@sphereon/ssi-sdk-ext.identifier-resolution'
 import { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'
 import { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'
-import {
-  CredentialMapper,
-  HasherSync,
-  OriginalVerifiableCredential,
-  PresentationSubmission
-} from '@sphereon/ssi-types'
+import { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'
 import { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'
-// import { KeyAlgo, SuppliedSigner } from '@sphereon/ssi-sdk.core'
 import { TKeyType } from '@veramo/core'
 import { JWTVerifyOptions } from 'did-jwt'
 import { Resolvable } from 'did-resolver'
@@ -72,7 +67,7 @@ export function getPresentationVerificationCallback(
   ): Promise<PresentationVerificationResult> {
     if (CredentialMapper.isSdJwtEncoded(args)) {
       const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({
-        presentation: args
+        presentation: args,
       })
       // fixme: investigate the correct way to handle this
       return { verified: !!result.payload }
@@ -116,11 +111,11 @@ export async function createRPBuilder(args: {
   let definition: IPresentationDefinition | undefined = args.definition
   let dcqlQuery: DcqlQuery | undefined = args.dcql
-  if (!definition && pexOpts && pexOpts.definitionId) {
+  if (!definition && pexOpts && pexOpts.queryId) {
     const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
       filter: [
         {
-          definitionId: pexOpts.definitionId,
+          queryId: pexOpts.queryId,
           version: pexOpts.version,
           tenantId: pexOpts.tenantId,
         },
@@ -202,11 +197,11 @@ export async function createRPBuilder(args: {
     builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)
   } else {
     const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)
-    builder
-      .withClientId(
-        resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint),
-        PropertyTarget.REQUEST_OBJECT,
-      )
+    const clientId: string = rpOpts.clientMetadataOpts?.client_id ??
+      resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)
+     const clientIdPrefixed = prefixClientId(clientId)
+    builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT
+    )
   }
   if (hasher) {
@@ -304,3 +299,12 @@ export function getSigningAlgo(type: TKeyType): SigningAlgo {
       throw Error('Key type not yet supported')
   }
 }
+export function prefixClientId(clientId: string): string {
+  // FIXME SSISDK-60
+  if (clientId.startsWith('did:')) {
+    return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;
+  }
+  return clientId;
+}

package/src/index.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * @public
  */
-const schema = require('../plugin.schema.json')
+import schema from '../plugin.schema.json'
 export { schema }
 export { SIOPv2RP } from './agent/SIOPv2RP'
 export * from './types/ISIOPv2RP'

package/src/types/ISIOPv2RP.ts CHANGED Viewed

@@ -2,7 +2,8 @@ import {
   AuthorizationRequestPayload,
   AuthorizationRequestState,
   AuthorizationResponsePayload,
-  AuthorizationResponseState,
+  AuthorizationResponseStateWithVerifiedData,
+  CallbackOpts,
   ClaimPayloadCommonOpts,
   ClientMetadataOpts,
   IRPSessionManager,
@@ -23,14 +24,14 @@ import { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdent
 import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'
 import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'
 import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'
-import { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'
+import { ImportDcqlQueryItem, IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'
 import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
 import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'
 import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
-import { AdditionalClaims, DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types'
+import { HasherSync } from '@sphereon/ssi-types'
 import { VerifyCallback } from '@sphereon/wellknown-dids-client'
-import { IAgentContext, ICredentialIssuer, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'
+import { IAgentContext, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'
+import { DcqlQuery } from 'dcql'
 import { Resolvable } from 'did-resolver'
 import { EventEmitter } from 'events'
@@ -52,7 +53,6 @@ export interface ISIOPv2RP extends IPluginMethodMap {
   siopDeleteAuthState(args: IDeleteAuthStateArgs, context: IRequiredContext): Promise<boolean>
   siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse>
   siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void>
   siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined>
 }
@@ -64,8 +64,9 @@ export interface ISiopv2RPOpts {
 export interface IRPDefaultOpts extends IRPOptions {}
 export interface ICreateAuthRequestArgs {
-  definitionId: string
+  queryId: string
   correlationId: string
+  useQueryIdInstance?: boolean
   responseURIType: ResponseURIType
   responseURI: string
   responseRedirectURI?: string
@@ -74,24 +75,25 @@ export interface ICreateAuthRequestArgs {
   nonce?: string
   state?: string
   claims?: ClaimPayloadCommonOpts
+  callback?: CallbackOpts
 }
 export interface IGetAuthRequestStateArgs {
   correlationId: string
-  definitionId: string
+  queryId?: string
   errorOnNotFound?: boolean
 }
 export interface IGetAuthResponseStateArgs {
   correlationId: string
-  definitionId: string
+  queryId?: string
   errorOnNotFound?: boolean
   progressRequestStateTo?: AuthorizationRequestStateStatus
   includeVerifiedData?: VerifiedDataMode
 }
 export interface IUpdateRequestStateArgs {
-  definitionId: string
+  queryId: string
   correlationId: string
   state: AuthorizationRequestStateStatus
   error?: string
@@ -99,24 +101,18 @@ export interface IUpdateRequestStateArgs {
 export interface IDeleteAuthStateArgs {
   correlationId: string
-  definitionId: string
+  queryId?: string
 }
 export interface IVerifyAuthResponseStateArgs {
   authorizationResponse: string | AuthorizationResponsePayload
-  definitionId?: string
+  queryId?: string
   correlationId: string
   audience?: string
-  dcqlQueryPayload?: DcqlQueryPayload
-}
-export interface IDefinitionPair {
-  definitionPayload?: IPresentationDefinition
-  dcqlPayload?: DcqlQueryPayload
+  dcqlQuery?: DcqlQuery
 }
 export interface ImportDefinitionsArgs {
-  definitions: Array<IDefinitionPair>
+  importItems: Array<ImportDcqlQueryItem>
   tenantId?: string
   version?: string
   versionControlMode?: VersionControlMode
@@ -124,7 +120,7 @@ export interface ImportDefinitionsArgs {
 export interface IGetRedirectUriArgs {
   correlationId: string
-  definitionId?: string
+  queryId?: string
   state?: string
 }
@@ -140,7 +136,7 @@ export interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {
 }
 export interface ISiopRPInstanceArgs {
-  definitionId?: string
+  queryId?: string
   responseRedirectURI?: string
 }
@@ -165,7 +161,7 @@ export interface IRPOptions {
 export interface IPEXOptions {
   presentationVerifyCallback?: PresentationVerificationCallback
   // definition?: IPresentationDefinition
-  definitionId: string
+  queryId: string
   version?: string
   tenantId?: string
 }
@@ -198,16 +194,11 @@ export type CredentialOpts = {
   hasher?: HasherSync
 }
-export interface AuthorizationResponseStateWithVerifiedData extends AuthorizationResponseState {
-  verifiedData?: AdditionalClaims
-}
 export type IRequiredContext = IAgentContext<
   IResolver &
     IDIDManager &
     IKeyManager &
     IIdentifierResolution &
-    ICredentialIssuer &
     ICredentialValidation &
     ICredentialVerifier &
     IPresentationExchange &