@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.58.host.nonce.endpoint.145 → 0.34.1-feature.SSISDK.62.218

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/index.cjs +417 -403
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +729 -45
  4. package/dist/index.d.ts +729 -45
  5. package/dist/index.js +410 -397
  6. package/dist/index.js.map +1 -1
  7. package/package.json +17 -17
  8. package/src/RPInstance.ts +11 -28
  9. package/src/agent/SIOPv2RP.ts +81 -58
  10. package/src/functions.ts +49 -46
  11. package/src/index.ts +1 -1
  12. package/src/types/ISIOPv2RP.ts +22 -33
package/dist/index.cjs CHANGED
@@ -4,9 +4,6 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
4
  var __getOwnPropNames = Object.getOwnPropertyNames;
5
5
  var __hasOwnProp = Object.prototype.hasOwnProperty;
6
6
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
7
- var __commonJS = (cb, mod) => function __require() {
8
- return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
9
- };
10
7
  var __export = (target, all) => {
11
8
  for (var name in all)
12
9
  __defProp(target, name, { get: all[name], enumerable: true });
@@ -21,353 +18,351 @@ var __copyProps = (to, from, except, desc) => {
21
18
  };
22
19
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
23
20
 
21
+ // src/index.ts
22
+ var index_exports = {};
23
+ __export(index_exports, {
24
+ SIOPv2RP: () => SIOPv2RP,
25
+ VerifiedDataMode: () => VerifiedDataMode,
26
+ schema: () => plugin_schema_default
27
+ });
28
+ module.exports = __toCommonJS(index_exports);
29
+
24
30
  // plugin.schema.json
25
- var require_plugin_schema = __commonJS({
26
- "plugin.schema.json"(exports, module2) {
27
- module2.exports = {
28
- IDidAuthSiopOpAuthenticator: {
29
- components: {
30
- schemas: {
31
- IGetSiopSessionArgs: {
32
- type: "object",
33
- properties: {
34
- sessionId: {
35
- type: "string"
36
- },
37
- additionalProperties: false
38
- },
39
- required: ["sessionId"],
40
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
31
+ var plugin_schema_default = {
32
+ IDidAuthSiopOpAuthenticator: {
33
+ components: {
34
+ schemas: {
35
+ IGetSiopSessionArgs: {
36
+ type: "object",
37
+ properties: {
38
+ sessionId: {
39
+ type: "string"
41
40
  },
42
- IRegisterSiopSessionArgs: {
41
+ additionalProperties: false
42
+ },
43
+ required: ["sessionId"],
44
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
45
+ },
46
+ IRegisterSiopSessionArgs: {
47
+ type: "object",
48
+ properties: {
49
+ identifier: {
43
50
  type: "object",
44
51
  properties: {
45
- identifier: {
46
- type: "object",
47
- properties: {
48
- did: {
49
- type: "string"
50
- },
51
- alias: {
52
- type: "string"
53
- },
54
- provider: {
55
- type: "string"
56
- },
57
- controllerKeyId: {
58
- type: "string"
59
- },
60
- keys: {
61
- type: "array",
62
- items: {
63
- type: "object",
64
- properties: {
65
- additionalProperties: true
66
- }
67
- }
68
- },
69
- services: {
70
- type: "array",
71
- items: {
72
- type: "object",
73
- properties: {
74
- additionalProperties: true
75
- }
76
- }
77
- }
78
- },
79
- additionalProperties: false,
80
- required: ["did", "provider", "keys", "services"]
81
- },
82
- sessionId: {
52
+ did: {
83
53
  type: "string"
84
54
  },
85
- expiresIn: {
86
- type: "number"
87
- },
88
- additionalProperties: false
89
- },
90
- required: ["identifier"],
91
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
92
- },
93
- IRemoveSiopSessionArgs: {
94
- type: "object",
95
- properties: {
96
- sessionId: {
55
+ alias: {
97
56
  type: "string"
98
57
  },
99
- additionalProperties: false
100
- },
101
- required: ["sessionId"],
102
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
103
- },
104
- IAuthenticateWithSiopArgs: {
105
- type: "object",
106
- properties: {
107
- sessionId: {
58
+ provider: {
108
59
  type: "string"
109
60
  },
110
- stateId: {
61
+ controllerKeyId: {
111
62
  type: "string"
112
63
  },
113
- redirectUrl: {
114
- type: "string"
64
+ keys: {
65
+ type: "array",
66
+ items: {
67
+ type: "object",
68
+ properties: {
69
+ additionalProperties: true
70
+ }
71
+ }
115
72
  },
116
- additionalProperties: false
73
+ services: {
74
+ type: "array",
75
+ items: {
76
+ type: "object",
77
+ properties: {
78
+ additionalProperties: true
79
+ }
80
+ }
81
+ }
117
82
  },
118
- required: ["sessionId", "stateId", "redirectUrl"],
119
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
83
+ additionalProperties: false,
84
+ required: ["did", "provider", "keys", "services"]
85
+ },
86
+ sessionId: {
87
+ type: "string"
88
+ },
89
+ expiresIn: {
90
+ type: "number"
91
+ },
92
+ additionalProperties: false
93
+ },
94
+ required: ["identifier"],
95
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
96
+ },
97
+ IRemoveSiopSessionArgs: {
98
+ type: "object",
99
+ properties: {
100
+ sessionId: {
101
+ type: "string"
102
+ },
103
+ additionalProperties: false
104
+ },
105
+ required: ["sessionId"],
106
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
107
+ },
108
+ IAuthenticateWithSiopArgs: {
109
+ type: "object",
110
+ properties: {
111
+ sessionId: {
112
+ type: "string"
113
+ },
114
+ stateId: {
115
+ type: "string"
116
+ },
117
+ redirectUrl: {
118
+ type: "string"
120
119
  },
121
- IResponse: {
120
+ additionalProperties: false
121
+ },
122
+ required: ["sessionId", "stateId", "redirectUrl"],
123
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
124
+ },
125
+ IResponse: {
126
+ type: "object",
127
+ properties: {
128
+ status: {
129
+ type: "number"
130
+ },
131
+ additionalProperties: true
132
+ },
133
+ required: ["status"],
134
+ description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
135
+ },
136
+ IGetSiopAuthenticationRequestFromRpArgs: {
137
+ type: "object",
138
+ properties: {
139
+ sessionId: {
140
+ type: "string"
141
+ },
142
+ stateId: {
143
+ type: "string"
144
+ },
145
+ redirectUrl: {
146
+ type: "string"
147
+ },
148
+ additionalProperties: false
149
+ },
150
+ required: ["sessionId", "stateId", "redirectUrl"],
151
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
152
+ },
153
+ ParsedAuthenticationRequestURI: {
154
+ type: "object",
155
+ properties: {
156
+ jwt: {
157
+ type: "string"
158
+ },
159
+ requestPayload: {
122
160
  type: "object",
123
161
  properties: {
124
- status: {
125
- type: "number"
126
- },
127
162
  additionalProperties: true
128
- },
129
- required: ["status"],
130
- description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
163
+ }
131
164
  },
132
- IGetSiopAuthenticationRequestFromRpArgs: {
165
+ registration: {
133
166
  type: "object",
134
167
  properties: {
135
- sessionId: {
136
- type: "string"
137
- },
138
- stateId: {
139
- type: "string"
140
- },
141
- redirectUrl: {
142
- type: "string"
143
- },
144
- additionalProperties: false
145
- },
146
- required: ["sessionId", "stateId", "redirectUrl"],
147
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
168
+ additionalProperties: true
169
+ }
148
170
  },
149
- ParsedAuthenticationRequestURI: {
171
+ additionalProperties: false
172
+ },
173
+ required: ["jwt", "requestPayload", "registration"],
174
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
175
+ },
176
+ IGetSiopAuthenticationRequestDetailsArgs: {
177
+ type: "object",
178
+ properties: {
179
+ sessionId: {
180
+ type: "string"
181
+ },
182
+ verifiedAuthenticationRequest: {
150
183
  type: "object",
151
184
  properties: {
152
- jwt: {
153
- type: "string"
154
- },
155
- requestPayload: {
156
- type: "object",
157
- properties: {
158
- additionalProperties: true
159
- }
160
- },
161
- registration: {
162
- type: "object",
163
- properties: {
164
- additionalProperties: true
165
- }
166
- },
167
- additionalProperties: false
168
- },
169
- required: ["jwt", "requestPayload", "registration"],
170
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
185
+ additionalProperties: true
186
+ }
171
187
  },
172
- IGetSiopAuthenticationRequestDetailsArgs: {
188
+ credentialFilter: {
173
189
  type: "object",
174
190
  properties: {
175
- sessionId: {
176
- type: "string"
177
- },
178
- verifiedAuthenticationRequest: {
179
- type: "object",
180
- properties: {
181
- additionalProperties: true
182
- }
183
- },
184
- credentialFilter: {
185
- type: "object",
186
- properties: {
187
- additionalProperties: true
188
- }
189
- },
190
- additionalProperties: false
191
- },
192
- required: ["sessionId", "verifiedAuthenticationRequest"],
193
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
191
+ additionalProperties: true
192
+ }
194
193
  },
195
- IAuthRequestDetails: {
194
+ additionalProperties: false
195
+ },
196
+ required: ["sessionId", "verifiedAuthenticationRequest"],
197
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
198
+ },
199
+ IAuthRequestDetails: {
200
+ type: "object",
201
+ properties: {
202
+ id: {
203
+ type: "string"
204
+ },
205
+ alsoKnownAs: {
206
+ type: "array",
207
+ items: {
208
+ type: "string"
209
+ }
210
+ },
211
+ vpResponseOpts: {
196
212
  type: "object",
197
213
  properties: {
198
- id: {
199
- type: "string"
200
- },
201
- alsoKnownAs: {
202
- type: "array",
203
- items: {
204
- type: "string"
205
- }
206
- },
207
- vpResponseOpts: {
208
- type: "object",
209
- properties: {
210
- additionalProperties: true
211
- }
212
- },
213
- additionalProperties: false
214
- },
215
- required: ["id", "vpResponseOpts"],
216
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
214
+ additionalProperties: true
215
+ }
217
216
  },
218
- IVerifySiopAuthenticationRequestUriArgs: {
217
+ additionalProperties: false
218
+ },
219
+ required: ["id", "vpResponseOpts"],
220
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
221
+ },
222
+ IVerifySiopAuthenticationRequestUriArgs: {
223
+ type: "object",
224
+ properties: {
225
+ sessionId: {
226
+ type: "string"
227
+ },
228
+ ParsedAuthenticationRequestURI: {
219
229
  type: "object",
220
230
  properties: {
221
- sessionId: {
222
- type: "string"
223
- },
224
- ParsedAuthenticationRequestURI: {
225
- type: "object",
226
- properties: {
227
- additionalProperties: true
228
- }
229
- },
230
- additionalProperties: false
231
- },
232
- required: ["sessionId", "ParsedAuthenticationRequestURI"],
233
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
231
+ additionalProperties: true
232
+ }
234
233
  },
235
- VerifiedAuthorizationRequest: {
234
+ additionalProperties: false
235
+ },
236
+ required: ["sessionId", "ParsedAuthenticationRequestURI"],
237
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
238
+ },
239
+ VerifiedAuthorizationRequest: {
240
+ type: "object",
241
+ properties: {
242
+ payload: {
236
243
  type: "object",
237
244
  properties: {
238
- payload: {
239
- type: "object",
240
- properties: {
241
- additionalProperties: true
242
- }
243
- },
244
- presentationDefinitions: {
245
- type: "object",
246
- properties: {
247
- additionalProperties: true
248
- }
249
- },
250
- verifyOpts: {
251
- type: "object",
252
- properties: {
253
- additionalProperties: true
254
- }
255
- },
256
- additionalProperties: false
257
- },
258
- required: ["payload", "verifyOpts"],
259
- description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
245
+ additionalProperties: true
246
+ }
260
247
  },
261
- ISendSiopAuthenticationResponseArgs: {
248
+ presentationDefinitions: {
262
249
  type: "object",
263
250
  properties: {
264
- sessionId: {
265
- type: "string"
266
- },
267
- verifiedAuthenticationRequest: {
268
- type: "object",
269
- properties: {
270
- additionalProperties: true
271
- }
272
- },
273
- verifiablePresentationResponse: {
274
- type: "object",
275
- properties: {
276
- additionalProperties: true
277
- }
278
- },
279
- additionalProperties: false
280
- },
281
- required: ["sessionId", "verifiedAuthenticationRequest"],
282
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
283
- }
284
- },
285
- methods: {
286
- getSessionForSiop: {
287
- description: "Get SIOP session",
288
- arguments: {
289
- $ref: "#/components/schemas/IGetSiopSessionArgs"
290
- },
291
- returnType: "object"
292
- },
293
- registerSessionForSiop: {
294
- description: "Register SIOP session",
295
- arguments: {
296
- $ref: "#/components/schemas/IRegisterSiopSessionArgs"
297
- },
298
- returnType: "object"
299
- },
300
- removeSessionForSiop: {
301
- description: "Remove SIOP session",
302
- arguments: {
303
- $ref: "#/components/schemas/IRemoveSiopSessionArgs"
304
- },
305
- returnType: "boolean"
306
- },
307
- authenticateWithSiop: {
308
- description: "Authenticate using DID Auth SIOP",
309
- arguments: {
310
- $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
311
- },
312
- returnType: {
313
- $ref: "#/components/schemas/Response"
251
+ additionalProperties: true
314
252
  }
315
253
  },
316
- getSiopAuthenticationRequestFromRP: {
317
- description: "Get authentication request from RP",
318
- arguments: {
319
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
320
- },
321
- returnType: {
322
- $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
254
+ verifyOpts: {
255
+ type: "object",
256
+ properties: {
257
+ additionalProperties: true
323
258
  }
324
259
  },
325
- getSiopAuthenticationRequestDetails: {
326
- description: "Get authentication request details",
327
- arguments: {
328
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
329
- },
330
- returnType: {
331
- $ref: "#/components/schemas/IAuthRequestDetails"
332
- }
260
+ additionalProperties: false
261
+ },
262
+ required: ["payload", "verifyOpts"],
263
+ description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
264
+ },
265
+ ISendSiopAuthenticationResponseArgs: {
266
+ type: "object",
267
+ properties: {
268
+ sessionId: {
269
+ type: "string"
333
270
  },
334
- verifySiopAuthenticationRequestURI: {
335
- description: "Verify authentication request URI",
336
- arguments: {
337
- $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
338
- },
339
- returnType: {
340
- $ref: "#/components/schemas/VerifiedAuthorizationRequest"
271
+ verifiedAuthenticationRequest: {
272
+ type: "object",
273
+ properties: {
274
+ additionalProperties: true
341
275
  }
342
276
  },
343
- sendSiopAuthenticationResponse: {
344
- description: "Send authentication response",
345
- arguments: {
346
- $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
347
- },
348
- returnType: {
349
- $ref: "#/components/schemas/IRequiredContext"
277
+ verifiablePresentationResponse: {
278
+ type: "object",
279
+ properties: {
280
+ additionalProperties: true
350
281
  }
351
- }
282
+ },
283
+ additionalProperties: false
284
+ },
285
+ required: ["sessionId", "verifiedAuthenticationRequest"],
286
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
287
+ }
288
+ },
289
+ methods: {
290
+ getSessionForSiop: {
291
+ description: "Get SIOP session",
292
+ arguments: {
293
+ $ref: "#/components/schemas/IGetSiopSessionArgs"
294
+ },
295
+ returnType: "object"
296
+ },
297
+ registerSessionForSiop: {
298
+ description: "Register SIOP session",
299
+ arguments: {
300
+ $ref: "#/components/schemas/IRegisterSiopSessionArgs"
301
+ },
302
+ returnType: "object"
303
+ },
304
+ removeSessionForSiop: {
305
+ description: "Remove SIOP session",
306
+ arguments: {
307
+ $ref: "#/components/schemas/IRemoveSiopSessionArgs"
308
+ },
309
+ returnType: "boolean"
310
+ },
311
+ authenticateWithSiop: {
312
+ description: "Authenticate using DID Auth SIOP",
313
+ arguments: {
314
+ $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
315
+ },
316
+ returnType: {
317
+ $ref: "#/components/schemas/Response"
318
+ }
319
+ },
320
+ getSiopAuthenticationRequestFromRP: {
321
+ description: "Get authentication request from RP",
322
+ arguments: {
323
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
324
+ },
325
+ returnType: {
326
+ $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
327
+ }
328
+ },
329
+ getSiopAuthenticationRequestDetails: {
330
+ description: "Get authentication request details",
331
+ arguments: {
332
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
333
+ },
334
+ returnType: {
335
+ $ref: "#/components/schemas/IAuthRequestDetails"
336
+ }
337
+ },
338
+ verifySiopAuthenticationRequestURI: {
339
+ description: "Verify authentication request URI",
340
+ arguments: {
341
+ $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
342
+ },
343
+ returnType: {
344
+ $ref: "#/components/schemas/VerifiedAuthorizationRequest"
345
+ }
346
+ },
347
+ sendSiopAuthenticationResponse: {
348
+ description: "Send authentication response",
349
+ arguments: {
350
+ $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
351
+ },
352
+ returnType: {
353
+ $ref: "#/components/schemas/IRequiredContext"
352
354
  }
353
355
  }
354
356
  }
355
- };
357
+ }
356
358
  }
357
- });
358
-
359
- // src/index.ts
360
- var index_exports = {};
361
- __export(index_exports, {
362
- SIOPv2RP: () => SIOPv2RP,
363
- VerifiedDataMode: () => VerifiedDataMode,
364
- schema: () => schema
365
- });
366
- module.exports = __toCommonJS(index_exports);
359
+ };
367
360
 
368
361
  // src/agent/SIOPv2RP.ts
369
362
  var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
370
363
  var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
364
+ var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
365
+ var import_uuid2 = require("uuid");
371
366
  var import_ssi_types2 = require("@sphereon/ssi-types");
372
367
  var import_dcql = require("dcql");
373
368
 
@@ -383,7 +378,7 @@ function getRequestVersion(rpOptions) {
383
378
  if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
384
379
  return rpOptions.supportedVersions[0];
385
380
  }
386
- return import_did_auth_siop.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
381
+ return import_did_auth_siop.SupportedVersion.OID4VP_v1;
387
382
  }
388
383
  __name(getRequestVersion, "getRequestVersion");
389
384
  function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -398,6 +393,33 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
398
393
  };
399
394
  }
400
395
  __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
396
+ function getDcqlQueryLookupCallback(context) {
397
+ async function dcqlQueryLookup(queryId, version, tenantId) {
398
+ const result = await context.agent.pdmGetDefinitions({
399
+ filter: [
400
+ {
401
+ queryId,
402
+ ...tenantId && {
403
+ tenantId
404
+ },
405
+ ...version && {
406
+ version
407
+ }
408
+ },
409
+ {
410
+ id: queryId
411
+ }
412
+ ]
413
+ });
414
+ if (result && result.length > 0) {
415
+ return result[0].query;
416
+ }
417
+ return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
418
+ }
419
+ __name(dcqlQueryLookup, "dcqlQueryLookup");
420
+ return dcqlQueryLookup;
421
+ }
422
+ __name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
401
423
  function getPresentationVerificationCallback(idOpts, context) {
402
424
  async function presentationVerificationCallback(args, presentationSubmission) {
403
425
  if (import_ssi_types.CredentialMapper.isSdJwtEncoded(args)) {
@@ -437,27 +459,8 @@ function getPresentationVerificationCallback(idOpts, context) {
437
459
  }
438
460
  __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
439
461
  async function createRPBuilder(args) {
440
- const { rpOpts, pexOpts, context } = args;
462
+ const { rpOpts, context } = args;
441
463
  const { identifierOpts } = rpOpts;
442
- let definition = args.definition;
443
- let dcqlQuery = args.dcql;
444
- if (!definition && pexOpts && pexOpts.definitionId) {
445
- const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
446
- filter: [
447
- {
448
- definitionId: pexOpts.definitionId,
449
- version: pexOpts.version,
450
- tenantId: pexOpts.tenantId
451
- }
452
- ]
453
- });
454
- if (presentationDefinitionItems.length > 0) {
455
- const presentationDefinitionItem = presentationDefinitionItems[0];
456
- if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
457
- dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
458
- }
459
- }
460
- }
461
464
  const didMethods = identifierOpts.supportedDIDMethods ?? await (0, import_ssi_sdk_ext.getAgentDIDMethods)(context);
462
465
  const eventEmitter = rpOpts.eventEmitter ?? new import_events.EventEmitter();
463
466
  const defaultClientMetadata = {
@@ -512,29 +515,27 @@ async function createRPBuilder(args) {
512
515
  const builder = import_did_auth_siop.RP.builder({
513
516
  requestVersion: getRequestVersion(rpOpts)
514
517
  }).withScope("openid", import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? import_did_auth_siop.ResponseMode.POST).withResponseType(import_did_auth_siop.ResponseType.VP_TOKEN, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
515
- import_did_auth_siop.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
516
- import_did_auth_siop.SupportedVersion.SIOPv2_ID1,
517
- import_did_auth_siop.SupportedVersion.SIOPv2_D11
518
+ import_did_auth_siop.SupportedVersion.OID4VP_v1,
519
+ import_did_auth_siop.SupportedVersion.SIOPv2_OID4VP_D28
518
520
  ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new import_did_auth_siop.InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
519
521
  resolver,
520
522
  verifyOpts: {
521
523
  wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
522
524
  checkLinkedDomain: "if_present"
523
525
  }
524
- }, context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
526
+ }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
525
527
  const oidfOpts = identifierOpts.oidfOpts;
526
528
  if (oidfOpts && (0, import_ssi_sdk_ext2.isExternalIdentifierOIDFEntityIdOpts)(oidfOpts)) {
527
529
  builder.withEntityId(oidfOpts.identifier, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
528
530
  } else {
529
531
  const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts);
530
- builder.withClientId(resolution.issuer ?? ((0, import_ssi_sdk_ext2.isManagedIdentifierDidResult)(resolution) ? resolution.did : resolution.jwkThumbprint), import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
532
+ const clientId = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? ((0, import_ssi_sdk_ext2.isManagedIdentifierDidResult)(resolution) ? resolution.did : resolution.jwkThumbprint);
533
+ const clientIdPrefixed = prefixClientId(clientId);
534
+ builder.withClientId(clientIdPrefixed, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
531
535
  }
532
536
  if (hasher) {
533
537
  builder.withHasher(hasher);
534
538
  }
535
- if (dcqlQuery) {
536
- builder.withDcqlQuery(dcqlQuery);
537
- }
538
539
  if (rpOpts.responseRedirectUri) {
539
540
  builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
540
541
  }
@@ -591,6 +592,13 @@ function getSigningAlgo(type) {
591
592
  }
592
593
  }
593
594
  __name(getSigningAlgo, "getSigningAlgo");
595
+ function prefixClientId(clientId) {
596
+ if (clientId.startsWith("did:")) {
597
+ return `${import_did_auth_siop.ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;
598
+ }
599
+ return clientId;
600
+ }
601
+ __name(prefixClientId, "prefixClientId");
594
602
 
595
603
  // src/RPInstance.ts
596
604
  var import_uuid = require("uuid");
@@ -600,17 +608,16 @@ var RPInstance = class {
600
608
  __name(this, "RPInstance");
601
609
  }
602
610
  _rp;
603
- _pexOptions;
611
+ _presentationOptions;
604
612
  _rpOptions;
605
613
  constructor({ rpOpts, pexOpts }) {
606
614
  this._rpOptions = rpOpts;
607
- this._pexOptions = pexOpts;
615
+ this._presentationOptions = pexOpts;
608
616
  }
609
617
  async get(context) {
610
618
  if (!this._rp) {
611
619
  const builder = await createRPBuilder({
612
620
  rpOpts: this._rpOptions,
613
- pexOpts: this._pexOptions,
614
621
  context
615
622
  });
616
623
  this._rp = builder.build();
@@ -620,23 +627,11 @@ var RPInstance = class {
620
627
  get rpOptions() {
621
628
  return this._rpOptions;
622
629
  }
623
- get pexOptions() {
624
- return this._pexOptions;
625
- }
626
- hasDefinition() {
627
- return this.definitionId !== void 0;
628
- }
629
- get definitionId() {
630
- return this.pexOptions?.definitionId;
631
- }
632
- async getPresentationDefinition(context) {
633
- return this.definitionId ? await context.agent.pexStoreGetDefinition({
634
- definitionId: this.definitionId,
635
- tenantId: this.pexOptions?.tenantId
636
- }) : void 0;
630
+ get presentationOptions() {
631
+ return this._presentationOptions;
637
632
  }
638
633
  async createAuthorizationRequestURI(createArgs, context) {
639
- const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
634
+ const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
640
635
  const nonce = createArgs.nonce ?? (0, import_uuid.v4)();
641
636
  const state = createArgs.state ?? correlationId;
642
637
  let jwtIssuer;
@@ -664,13 +659,15 @@ var RPInstance = class {
664
659
  return await this.get(context).then((rp) => rp.createAuthorizationRequestURI({
665
660
  version: getRequestVersion(this.rpOptions),
666
661
  correlationId,
662
+ queryId,
667
663
  nonce,
668
664
  state,
669
665
  claims,
670
666
  requestByReferenceURI,
671
667
  responseURI,
672
668
  responseURIType,
673
- jwtIssuer
669
+ jwtIssuer,
670
+ callback
674
671
  }));
675
672
  }
676
673
  async createAuthorizationRequest(createArgs, context) {
@@ -711,7 +708,6 @@ var RPInstance = class {
711
708
  };
712
709
 
713
710
  // src/agent/SIOPv2RP.ts
714
- var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
715
711
  var SIOPv2RP = class _SIOPv2RP {
716
712
  static {
717
713
  __name(this, "SIOPv2RP");
@@ -719,7 +715,7 @@ var SIOPv2RP = class _SIOPv2RP {
719
715
  opts;
720
716
  static _DEFAULT_OPTS_KEY = "_default";
721
717
  instances = /* @__PURE__ */ new Map();
722
- schema = schema.IDidAuthSiopOpAuthenticator;
718
+ schema = plugin_schema_default.IDidAuthSiopOpAuthenticator;
723
719
  methods = {
724
720
  siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),
725
721
  siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),
@@ -749,30 +745,36 @@ var SIOPv2RP = class _SIOPv2RP {
749
745
  }
750
746
  async createAuthorizationRequestURI(createArgs, context) {
751
747
  return await this.getRPInstance({
752
- definitionId: createArgs.definitionId,
753
- responseRedirectURI: createArgs.responseRedirectURI
748
+ createWhenNotPresent: true,
749
+ responseRedirectURI: createArgs.responseRedirectURI,
750
+ ...createArgs.useQueryIdInstance === true && {
751
+ queryId: createArgs.queryId
752
+ }
754
753
  }, context).then((rp) => rp.createAuthorizationRequestURI(createArgs, context)).then((URI) => URI.encodedUri);
755
754
  }
756
755
  async createAuthorizationRequestPayloads(createArgs, context) {
757
756
  return await this.getRPInstance({
758
- definitionId: createArgs.definitionId
757
+ createWhenNotPresent: true,
758
+ queryId: createArgs.queryId
759
759
  }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
760
760
  const authRequest = {
761
761
  authorizationRequest: request.payload,
762
762
  requestObject: await request.requestObjectJwt(),
763
- requestObjectDecoded: await request.requestObject?.getPayload()
763
+ requestObjectDecoded: request.requestObject?.getPayload()
764
764
  };
765
765
  return authRequest;
766
766
  });
767
767
  }
768
768
  async siopGetRequestState(args, context) {
769
769
  return await this.getRPInstance({
770
- definitionId: args.definitionId
770
+ createWhenNotPresent: false,
771
+ queryId: args.queryId
771
772
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
772
773
  }
773
774
  async siopGetResponseState(args, context) {
774
775
  const rpInstance = await this.getRPInstance({
775
- definitionId: args.definitionId
776
+ createWhenNotPresent: false,
777
+ queryId: args.queryId
776
778
  }, context);
777
779
  const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
778
780
  if (authorizationResponseState === void 0) {
@@ -825,11 +827,12 @@ var SIOPv2RP = class _SIOPv2RP {
825
827
  }
826
828
  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => import_ssi_types2.CredentialMapper.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : import_ssi_types2.CredentialMapper.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
827
829
  async siopUpdateRequestState(args, context) {
828
- if (args.state !== "sent") {
829
- throw Error(`Only 'sent' status is supported for this method at this point`);
830
+ if (args.state !== "authorization_request_created") {
831
+ throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
830
832
  }
831
833
  return await this.getRPInstance({
832
- definitionId: args.definitionId
834
+ createWhenNotPresent: false,
835
+ queryId: args.queryId
833
836
  }, context).then((rp) => rp.get(context).then(async (rp2) => {
834
837
  await rp2.signalAuthRequestRetrieved({
835
838
  correlationId: args.correlationId,
@@ -840,7 +843,8 @@ var SIOPv2RP = class _SIOPv2RP {
840
843
  }
841
844
  async siopDeleteState(args, context) {
842
845
  return await this.getRPInstance({
843
- definitionId: args.definitionId
846
+ createWhenNotPresent: false,
847
+ queryId: args.queryId
844
848
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
845
849
  }
846
850
  async siopVerifyAuthResponse(args, context) {
@@ -849,42 +853,27 @@ var SIOPv2RP = class _SIOPv2RP {
849
853
  }
850
854
  const authResponse = typeof args.authorizationResponse === "string" ? (0, import_did_auth_siop2.decodeUriAsJson)(args.authorizationResponse) : args.authorizationResponse;
851
855
  return await this.getRPInstance({
852
- definitionId: args.definitionId
856
+ createWhenNotPresent: false,
857
+ queryId: args.queryId
853
858
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
854
859
  correlationId: args.correlationId,
855
- ...args.dcqlQueryPayload ? {
856
- dcqlQuery: args.dcqlQueryPayload.dcqlQuery
860
+ ...args.dcqlQuery ? {
861
+ dcqlQuery: args.dcqlQuery
857
862
  } : {},
858
863
  audience: args.audience
859
864
  })));
860
865
  }
861
866
  async siopImportDefinitions(args, context) {
862
- const { definitions, tenantId, version, versionControlMode } = args;
863
- await Promise.all(definitions.map(async (definitionPair) => {
864
- const definitionPayload = definitionPair.definitionPayload;
865
- if (!definitionPayload && !definitionPair.dcqlPayload) {
866
- return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
867
- }
868
- let definitionId;
869
- if (definitionPair.dcqlPayload) {
870
- import_dcql.DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery);
871
- console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`);
872
- definitionId = definitionPair.dcqlPayload.queryId;
873
- }
874
- if (definitionPayload) {
875
- await context.agent.pexValidateDefinition({
876
- definition: definitionPayload
877
- });
878
- console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
879
- definitionId = definitionPayload.id;
880
- }
867
+ const { importItems, tenantId, version, versionControlMode } = args;
868
+ await Promise.all(importItems.map(async (importItem) => {
869
+ import_dcql.DcqlQuery.validate(importItem.query);
870
+ console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
881
871
  return context.agent.pdmPersistDefinition({
882
872
  definitionItem: {
883
- definitionId,
873
+ queryId: importItem.queryId,
884
874
  tenantId,
885
875
  version,
886
- definitionPayload,
887
- dcqlPayload: definitionPair.dcqlPayload
876
+ query: importItem.query
888
877
  },
889
878
  opts: {
890
879
  versionControlMode
@@ -893,7 +882,7 @@ var SIOPv2RP = class _SIOPv2RP {
893
882
  }));
894
883
  }
895
884
  async siopGetRedirectURI(args, context) {
896
- const instanceId = args.definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
885
+ const instanceId = args.queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
897
886
  if (this.instances.has(instanceId)) {
898
887
  const rpInstance = this.instances.get(instanceId);
899
888
  if (rpInstance !== void 0) {
@@ -909,12 +898,40 @@ var SIOPv2RP = class _SIOPv2RP {
909
898
  }
910
899
  return void 0;
911
900
  }
912
- async getRPInstance({ definitionId, responseRedirectURI }, context) {
913
- const instanceId = definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
914
- if (!this.instances.has(instanceId)) {
915
- const instanceOpts = this.getInstanceOpts(definitionId);
901
+ async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
902
+ let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
903
+ let rpInstance;
904
+ if (queryId) {
905
+ if (this.instances.has(queryId)) {
906
+ rpInstanceId = queryId;
907
+ rpInstance = this.instances.get(rpInstanceId);
908
+ } else if ((0, import_uuid2.validate)(queryId)) {
909
+ try {
910
+ const pd = await context.agent.pdmGetDefinition({
911
+ itemId: queryId
912
+ });
913
+ if (this.instances.has(pd.queryId)) {
914
+ rpInstanceId = pd.queryId;
915
+ rpInstance = this.instances.get(rpInstanceId);
916
+ }
917
+ } catch (ignore) {
918
+ }
919
+ }
920
+ if (createWhenNotPresent) {
921
+ rpInstanceId = queryId;
922
+ } else {
923
+ rpInstance = this.instances.get(rpInstanceId);
924
+ }
925
+ } else {
926
+ rpInstance = this.instances.get(rpInstanceId);
927
+ }
928
+ if (!rpInstance) {
929
+ if (!createWhenNotPresent) {
930
+ return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
931
+ }
932
+ const instanceOpts = this.getInstanceOpts(queryId);
916
933
  const rpOpts = await this.getRPOptions(context, {
917
- definitionId,
934
+ queryId,
918
935
  responseRedirectURI
919
936
  });
920
937
  if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== "function") {
@@ -926,29 +943,29 @@ var SIOPv2RP = class _SIOPv2RP {
926
943
  ...rpOpts.identifierOpts.resolveOpts
927
944
  };
928
945
  }
929
- console.log("Using agent DID resolver for RP instance with definition id " + definitionId);
946
+ console.log("Using agent DID resolver for RP instance with definition id " + queryId);
930
947
  rpOpts.identifierOpts.resolveOpts.resolver = (0, import_ssi_sdk_ext4.getAgentResolver)(context, {
931
948
  uniresolverResolution: true,
932
949
  localResolution: true,
933
950
  resolverResolution: true
934
951
  });
935
952
  }
936
- this.instances.set(instanceId, new RPInstance({
953
+ rpInstance = new RPInstance({
937
954
  rpOpts,
938
955
  pexOpts: instanceOpts
939
- }));
956
+ });
957
+ this.instances.set(rpInstanceId, rpInstance);
940
958
  }
941
- const rpInstance = this.instances.get(instanceId);
942
959
  if (responseRedirectURI) {
943
960
  rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
944
961
  }
945
962
  return rpInstance;
946
963
  }
947
964
  async getRPOptions(context, opts) {
948
- const { definitionId, responseRedirectURI } = opts;
949
- const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts;
965
+ const { queryId, responseRedirectURI } = opts;
966
+ const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts;
950
967
  if (!options) {
951
- throw Error(`Could not get specific nor default options for definition ${definitionId}`);
968
+ throw Error(`Could not get specific nor default options for definition ${queryId}`);
952
969
  }
953
970
  if (this.opts.defaultOpts) {
954
971
  if (!options.identifierOpts) {
@@ -980,20 +997,20 @@ var SIOPv2RP = class _SIOPv2RP {
980
997
  }
981
998
  return options;
982
999
  }
983
- getInstanceOpts(definitionId) {
1000
+ getInstanceOpts(queryId) {
984
1001
  if (!this.opts.instanceOpts) return void 0;
985
- const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : void 0;
986
- return instanceOpt ?? this.getDefaultOptions(definitionId);
1002
+ const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
1003
+ return instanceOpt ?? this.getDefaultOptions(queryId);
987
1004
  }
988
- getDefaultOptions(definitionId) {
1005
+ getDefaultOptions(queryId) {
989
1006
  if (!this.opts.instanceOpts) return void 0;
990
- const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === "default");
1007
+ const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
991
1008
  if (defaultOptions) {
992
1009
  const clonedOptions = {
993
1010
  ...defaultOptions
994
1011
  };
995
- if (definitionId !== void 0) {
996
- clonedOptions.definitionId = definitionId;
1012
+ if (queryId !== void 0) {
1013
+ clonedOptions.queryId = queryId;
997
1014
  }
998
1015
  return clonedOptions;
999
1016
  }
@@ -1008,7 +1025,4 @@ var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
1008
1025
  VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
1009
1026
  return VerifiedDataMode2;
1010
1027
  })({});
1011
-
1012
- // src/index.ts
1013
- var schema = require_plugin_schema();
1014
1028
  //# sourceMappingURL=index.cjs.map