@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.58.host.nonce.endpoint.145 → 0.34.1-feature.SSISDK.62.218

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/index.cjs +417 -403
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +729 -45
  4. package/dist/index.d.ts +729 -45
  5. package/dist/index.js +410 -397
  6. package/dist/index.js.map +1 -1
  7. package/package.json +17 -17
  8. package/src/RPInstance.ts +11 -28
  9. package/src/agent/SIOPv2RP.ts +81 -58
  10. package/src/functions.ts +49 -46
  11. package/src/index.ts +1 -1
  12. package/src/types/ISIOPv2RP.ts +22 -33
package/dist/index.js CHANGED
@@ -1,353 +1,347 @@
1
1
  var __defProp = Object.defineProperty;
2
- var __getOwnPropNames = Object.getOwnPropertyNames;
3
2
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
4
- var __commonJS = (cb, mod) => function __require() {
5
- return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
6
- };
7
3
 
8
4
  // plugin.schema.json
9
- var require_plugin_schema = __commonJS({
10
- "plugin.schema.json"(exports, module) {
11
- module.exports = {
12
- IDidAuthSiopOpAuthenticator: {
13
- components: {
14
- schemas: {
15
- IGetSiopSessionArgs: {
16
- type: "object",
17
- properties: {
18
- sessionId: {
19
- type: "string"
20
- },
21
- additionalProperties: false
22
- },
23
- required: ["sessionId"],
24
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
5
+ var plugin_schema_default = {
6
+ IDidAuthSiopOpAuthenticator: {
7
+ components: {
8
+ schemas: {
9
+ IGetSiopSessionArgs: {
10
+ type: "object",
11
+ properties: {
12
+ sessionId: {
13
+ type: "string"
25
14
  },
26
- IRegisterSiopSessionArgs: {
15
+ additionalProperties: false
16
+ },
17
+ required: ["sessionId"],
18
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
19
+ },
20
+ IRegisterSiopSessionArgs: {
21
+ type: "object",
22
+ properties: {
23
+ identifier: {
27
24
  type: "object",
28
25
  properties: {
29
- identifier: {
30
- type: "object",
31
- properties: {
32
- did: {
33
- type: "string"
34
- },
35
- alias: {
36
- type: "string"
37
- },
38
- provider: {
39
- type: "string"
40
- },
41
- controllerKeyId: {
42
- type: "string"
43
- },
44
- keys: {
45
- type: "array",
46
- items: {
47
- type: "object",
48
- properties: {
49
- additionalProperties: true
50
- }
51
- }
52
- },
53
- services: {
54
- type: "array",
55
- items: {
56
- type: "object",
57
- properties: {
58
- additionalProperties: true
59
- }
60
- }
61
- }
62
- },
63
- additionalProperties: false,
64
- required: ["did", "provider", "keys", "services"]
65
- },
66
- sessionId: {
26
+ did: {
67
27
  type: "string"
68
28
  },
69
- expiresIn: {
70
- type: "number"
71
- },
72
- additionalProperties: false
73
- },
74
- required: ["identifier"],
75
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
76
- },
77
- IRemoveSiopSessionArgs: {
78
- type: "object",
79
- properties: {
80
- sessionId: {
29
+ alias: {
81
30
  type: "string"
82
31
  },
83
- additionalProperties: false
84
- },
85
- required: ["sessionId"],
86
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
87
- },
88
- IAuthenticateWithSiopArgs: {
89
- type: "object",
90
- properties: {
91
- sessionId: {
32
+ provider: {
92
33
  type: "string"
93
34
  },
94
- stateId: {
35
+ controllerKeyId: {
95
36
  type: "string"
96
37
  },
97
- redirectUrl: {
98
- type: "string"
38
+ keys: {
39
+ type: "array",
40
+ items: {
41
+ type: "object",
42
+ properties: {
43
+ additionalProperties: true
44
+ }
45
+ }
99
46
  },
100
- additionalProperties: false
47
+ services: {
48
+ type: "array",
49
+ items: {
50
+ type: "object",
51
+ properties: {
52
+ additionalProperties: true
53
+ }
54
+ }
55
+ }
101
56
  },
102
- required: ["sessionId", "stateId", "redirectUrl"],
103
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
57
+ additionalProperties: false,
58
+ required: ["did", "provider", "keys", "services"]
59
+ },
60
+ sessionId: {
61
+ type: "string"
104
62
  },
105
- IResponse: {
63
+ expiresIn: {
64
+ type: "number"
65
+ },
66
+ additionalProperties: false
67
+ },
68
+ required: ["identifier"],
69
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
70
+ },
71
+ IRemoveSiopSessionArgs: {
72
+ type: "object",
73
+ properties: {
74
+ sessionId: {
75
+ type: "string"
76
+ },
77
+ additionalProperties: false
78
+ },
79
+ required: ["sessionId"],
80
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
81
+ },
82
+ IAuthenticateWithSiopArgs: {
83
+ type: "object",
84
+ properties: {
85
+ sessionId: {
86
+ type: "string"
87
+ },
88
+ stateId: {
89
+ type: "string"
90
+ },
91
+ redirectUrl: {
92
+ type: "string"
93
+ },
94
+ additionalProperties: false
95
+ },
96
+ required: ["sessionId", "stateId", "redirectUrl"],
97
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
98
+ },
99
+ IResponse: {
100
+ type: "object",
101
+ properties: {
102
+ status: {
103
+ type: "number"
104
+ },
105
+ additionalProperties: true
106
+ },
107
+ required: ["status"],
108
+ description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
109
+ },
110
+ IGetSiopAuthenticationRequestFromRpArgs: {
111
+ type: "object",
112
+ properties: {
113
+ sessionId: {
114
+ type: "string"
115
+ },
116
+ stateId: {
117
+ type: "string"
118
+ },
119
+ redirectUrl: {
120
+ type: "string"
121
+ },
122
+ additionalProperties: false
123
+ },
124
+ required: ["sessionId", "stateId", "redirectUrl"],
125
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
126
+ },
127
+ ParsedAuthenticationRequestURI: {
128
+ type: "object",
129
+ properties: {
130
+ jwt: {
131
+ type: "string"
132
+ },
133
+ requestPayload: {
106
134
  type: "object",
107
135
  properties: {
108
- status: {
109
- type: "number"
110
- },
111
136
  additionalProperties: true
112
- },
113
- required: ["status"],
114
- description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
137
+ }
115
138
  },
116
- IGetSiopAuthenticationRequestFromRpArgs: {
139
+ registration: {
117
140
  type: "object",
118
141
  properties: {
119
- sessionId: {
120
- type: "string"
121
- },
122
- stateId: {
123
- type: "string"
124
- },
125
- redirectUrl: {
126
- type: "string"
127
- },
128
- additionalProperties: false
129
- },
130
- required: ["sessionId", "stateId", "redirectUrl"],
131
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
142
+ additionalProperties: true
143
+ }
132
144
  },
133
- ParsedAuthenticationRequestURI: {
145
+ additionalProperties: false
146
+ },
147
+ required: ["jwt", "requestPayload", "registration"],
148
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
149
+ },
150
+ IGetSiopAuthenticationRequestDetailsArgs: {
151
+ type: "object",
152
+ properties: {
153
+ sessionId: {
154
+ type: "string"
155
+ },
156
+ verifiedAuthenticationRequest: {
134
157
  type: "object",
135
158
  properties: {
136
- jwt: {
137
- type: "string"
138
- },
139
- requestPayload: {
140
- type: "object",
141
- properties: {
142
- additionalProperties: true
143
- }
144
- },
145
- registration: {
146
- type: "object",
147
- properties: {
148
- additionalProperties: true
149
- }
150
- },
151
- additionalProperties: false
152
- },
153
- required: ["jwt", "requestPayload", "registration"],
154
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
159
+ additionalProperties: true
160
+ }
155
161
  },
156
- IGetSiopAuthenticationRequestDetailsArgs: {
162
+ credentialFilter: {
157
163
  type: "object",
158
164
  properties: {
159
- sessionId: {
160
- type: "string"
161
- },
162
- verifiedAuthenticationRequest: {
163
- type: "object",
164
- properties: {
165
- additionalProperties: true
166
- }
167
- },
168
- credentialFilter: {
169
- type: "object",
170
- properties: {
171
- additionalProperties: true
172
- }
173
- },
174
- additionalProperties: false
175
- },
176
- required: ["sessionId", "verifiedAuthenticationRequest"],
177
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
165
+ additionalProperties: true
166
+ }
167
+ },
168
+ additionalProperties: false
169
+ },
170
+ required: ["sessionId", "verifiedAuthenticationRequest"],
171
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
172
+ },
173
+ IAuthRequestDetails: {
174
+ type: "object",
175
+ properties: {
176
+ id: {
177
+ type: "string"
178
+ },
179
+ alsoKnownAs: {
180
+ type: "array",
181
+ items: {
182
+ type: "string"
183
+ }
178
184
  },
179
- IAuthRequestDetails: {
185
+ vpResponseOpts: {
180
186
  type: "object",
181
187
  properties: {
182
- id: {
183
- type: "string"
184
- },
185
- alsoKnownAs: {
186
- type: "array",
187
- items: {
188
- type: "string"
189
- }
190
- },
191
- vpResponseOpts: {
192
- type: "object",
193
- properties: {
194
- additionalProperties: true
195
- }
196
- },
197
- additionalProperties: false
198
- },
199
- required: ["id", "vpResponseOpts"],
200
- description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
188
+ additionalProperties: true
189
+ }
201
190
  },
202
- IVerifySiopAuthenticationRequestUriArgs: {
191
+ additionalProperties: false
192
+ },
193
+ required: ["id", "vpResponseOpts"],
194
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
195
+ },
196
+ IVerifySiopAuthenticationRequestUriArgs: {
197
+ type: "object",
198
+ properties: {
199
+ sessionId: {
200
+ type: "string"
201
+ },
202
+ ParsedAuthenticationRequestURI: {
203
203
  type: "object",
204
204
  properties: {
205
- sessionId: {
206
- type: "string"
207
- },
208
- ParsedAuthenticationRequestURI: {
209
- type: "object",
210
- properties: {
211
- additionalProperties: true
212
- }
213
- },
214
- additionalProperties: false
215
- },
216
- required: ["sessionId", "ParsedAuthenticationRequestURI"],
217
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
205
+ additionalProperties: true
206
+ }
218
207
  },
219
- VerifiedAuthorizationRequest: {
208
+ additionalProperties: false
209
+ },
210
+ required: ["sessionId", "ParsedAuthenticationRequestURI"],
211
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
212
+ },
213
+ VerifiedAuthorizationRequest: {
214
+ type: "object",
215
+ properties: {
216
+ payload: {
220
217
  type: "object",
221
218
  properties: {
222
- payload: {
223
- type: "object",
224
- properties: {
225
- additionalProperties: true
226
- }
227
- },
228
- presentationDefinitions: {
229
- type: "object",
230
- properties: {
231
- additionalProperties: true
232
- }
233
- },
234
- verifyOpts: {
235
- type: "object",
236
- properties: {
237
- additionalProperties: true
238
- }
239
- },
240
- additionalProperties: false
241
- },
242
- required: ["payload", "verifyOpts"],
243
- description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
219
+ additionalProperties: true
220
+ }
244
221
  },
245
- ISendSiopAuthenticationResponseArgs: {
222
+ presentationDefinitions: {
246
223
  type: "object",
247
224
  properties: {
248
- sessionId: {
249
- type: "string"
250
- },
251
- verifiedAuthenticationRequest: {
252
- type: "object",
253
- properties: {
254
- additionalProperties: true
255
- }
256
- },
257
- verifiablePresentationResponse: {
258
- type: "object",
259
- properties: {
260
- additionalProperties: true
261
- }
262
- },
263
- additionalProperties: false
264
- },
265
- required: ["sessionId", "verifiedAuthenticationRequest"],
266
- description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
267
- }
268
- },
269
- methods: {
270
- getSessionForSiop: {
271
- description: "Get SIOP session",
272
- arguments: {
273
- $ref: "#/components/schemas/IGetSiopSessionArgs"
274
- },
275
- returnType: "object"
276
- },
277
- registerSessionForSiop: {
278
- description: "Register SIOP session",
279
- arguments: {
280
- $ref: "#/components/schemas/IRegisterSiopSessionArgs"
281
- },
282
- returnType: "object"
283
- },
284
- removeSessionForSiop: {
285
- description: "Remove SIOP session",
286
- arguments: {
287
- $ref: "#/components/schemas/IRemoveSiopSessionArgs"
288
- },
289
- returnType: "boolean"
290
- },
291
- authenticateWithSiop: {
292
- description: "Authenticate using DID Auth SIOP",
293
- arguments: {
294
- $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
295
- },
296
- returnType: {
297
- $ref: "#/components/schemas/Response"
225
+ additionalProperties: true
298
226
  }
299
227
  },
300
- getSiopAuthenticationRequestFromRP: {
301
- description: "Get authentication request from RP",
302
- arguments: {
303
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
304
- },
305
- returnType: {
306
- $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
228
+ verifyOpts: {
229
+ type: "object",
230
+ properties: {
231
+ additionalProperties: true
307
232
  }
308
233
  },
309
- getSiopAuthenticationRequestDetails: {
310
- description: "Get authentication request details",
311
- arguments: {
312
- $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
313
- },
314
- returnType: {
315
- $ref: "#/components/schemas/IAuthRequestDetails"
316
- }
234
+ additionalProperties: false
235
+ },
236
+ required: ["payload", "verifyOpts"],
237
+ description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
238
+ },
239
+ ISendSiopAuthenticationResponseArgs: {
240
+ type: "object",
241
+ properties: {
242
+ sessionId: {
243
+ type: "string"
317
244
  },
318
- verifySiopAuthenticationRequestURI: {
319
- description: "Verify authentication request URI",
320
- arguments: {
321
- $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
322
- },
323
- returnType: {
324
- $ref: "#/components/schemas/VerifiedAuthorizationRequest"
245
+ verifiedAuthenticationRequest: {
246
+ type: "object",
247
+ properties: {
248
+ additionalProperties: true
325
249
  }
326
250
  },
327
- sendSiopAuthenticationResponse: {
328
- description: "Send authentication response",
329
- arguments: {
330
- $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
331
- },
332
- returnType: {
333
- $ref: "#/components/schemas/IRequiredContext"
251
+ verifiablePresentationResponse: {
252
+ type: "object",
253
+ properties: {
254
+ additionalProperties: true
334
255
  }
335
- }
256
+ },
257
+ additionalProperties: false
258
+ },
259
+ required: ["sessionId", "verifiedAuthenticationRequest"],
260
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
261
+ }
262
+ },
263
+ methods: {
264
+ getSessionForSiop: {
265
+ description: "Get SIOP session",
266
+ arguments: {
267
+ $ref: "#/components/schemas/IGetSiopSessionArgs"
268
+ },
269
+ returnType: "object"
270
+ },
271
+ registerSessionForSiop: {
272
+ description: "Register SIOP session",
273
+ arguments: {
274
+ $ref: "#/components/schemas/IRegisterSiopSessionArgs"
275
+ },
276
+ returnType: "object"
277
+ },
278
+ removeSessionForSiop: {
279
+ description: "Remove SIOP session",
280
+ arguments: {
281
+ $ref: "#/components/schemas/IRemoveSiopSessionArgs"
282
+ },
283
+ returnType: "boolean"
284
+ },
285
+ authenticateWithSiop: {
286
+ description: "Authenticate using DID Auth SIOP",
287
+ arguments: {
288
+ $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
289
+ },
290
+ returnType: {
291
+ $ref: "#/components/schemas/Response"
292
+ }
293
+ },
294
+ getSiopAuthenticationRequestFromRP: {
295
+ description: "Get authentication request from RP",
296
+ arguments: {
297
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
298
+ },
299
+ returnType: {
300
+ $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
301
+ }
302
+ },
303
+ getSiopAuthenticationRequestDetails: {
304
+ description: "Get authentication request details",
305
+ arguments: {
306
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
307
+ },
308
+ returnType: {
309
+ $ref: "#/components/schemas/IAuthRequestDetails"
310
+ }
311
+ },
312
+ verifySiopAuthenticationRequestURI: {
313
+ description: "Verify authentication request URI",
314
+ arguments: {
315
+ $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
316
+ },
317
+ returnType: {
318
+ $ref: "#/components/schemas/VerifiedAuthorizationRequest"
319
+ }
320
+ },
321
+ sendSiopAuthenticationResponse: {
322
+ description: "Send authentication response",
323
+ arguments: {
324
+ $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
325
+ },
326
+ returnType: {
327
+ $ref: "#/components/schemas/IRequiredContext"
336
328
  }
337
329
  }
338
330
  }
339
- };
331
+ }
340
332
  }
341
- });
333
+ };
342
334
 
343
335
  // src/agent/SIOPv2RP.ts
344
336
  import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did-auth-siop";
345
337
  import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
338
+ import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
339
+ import { validate as isValidUUID } from "uuid";
346
340
  import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
347
341
  import { DcqlQuery } from "dcql";
348
342
 
349
343
  // src/functions.ts
350
- import { InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
344
+ import { ClientIdentifierPrefix, InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
351
345
  import { SigningAlgo } from "@sphereon/oid4vc-common";
352
346
  import { getAgentDIDMethods, getAgentResolver } from "@sphereon/ssi-sdk-ext.did-utils";
353
347
  import { isExternalIdentifierOIDFEntityIdOpts, isManagedIdentifierDidOpts, isManagedIdentifierDidResult, isManagedIdentifierX5cOpts } from "@sphereon/ssi-sdk-ext.identifier-resolution";
@@ -358,7 +352,7 @@ function getRequestVersion(rpOptions) {
358
352
  if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
359
353
  return rpOptions.supportedVersions[0];
360
354
  }
361
- return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
355
+ return SupportedVersion.OID4VP_v1;
362
356
  }
363
357
  __name(getRequestVersion, "getRequestVersion");
364
358
  function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -373,6 +367,33 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
373
367
  };
374
368
  }
375
369
  __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
370
+ function getDcqlQueryLookupCallback(context) {
371
+ async function dcqlQueryLookup(queryId, version, tenantId) {
372
+ const result = await context.agent.pdmGetDefinitions({
373
+ filter: [
374
+ {
375
+ queryId,
376
+ ...tenantId && {
377
+ tenantId
378
+ },
379
+ ...version && {
380
+ version
381
+ }
382
+ },
383
+ {
384
+ id: queryId
385
+ }
386
+ ]
387
+ });
388
+ if (result && result.length > 0) {
389
+ return result[0].query;
390
+ }
391
+ return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
392
+ }
393
+ __name(dcqlQueryLookup, "dcqlQueryLookup");
394
+ return dcqlQueryLookup;
395
+ }
396
+ __name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
376
397
  function getPresentationVerificationCallback(idOpts, context) {
377
398
  async function presentationVerificationCallback(args, presentationSubmission) {
378
399
  if (CredentialMapper.isSdJwtEncoded(args)) {
@@ -412,27 +433,8 @@ function getPresentationVerificationCallback(idOpts, context) {
412
433
  }
413
434
  __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
414
435
  async function createRPBuilder(args) {
415
- const { rpOpts, pexOpts, context } = args;
436
+ const { rpOpts, context } = args;
416
437
  const { identifierOpts } = rpOpts;
417
- let definition = args.definition;
418
- let dcqlQuery = args.dcql;
419
- if (!definition && pexOpts && pexOpts.definitionId) {
420
- const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
421
- filter: [
422
- {
423
- definitionId: pexOpts.definitionId,
424
- version: pexOpts.version,
425
- tenantId: pexOpts.tenantId
426
- }
427
- ]
428
- });
429
- if (presentationDefinitionItems.length > 0) {
430
- const presentationDefinitionItem = presentationDefinitionItems[0];
431
- if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
432
- dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
433
- }
434
- }
435
- }
436
438
  const didMethods = identifierOpts.supportedDIDMethods ?? await getAgentDIDMethods(context);
437
439
  const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter();
438
440
  const defaultClientMetadata = {
@@ -487,29 +489,27 @@ async function createRPBuilder(args) {
487
489
  const builder = RP.builder({
488
490
  requestVersion: getRequestVersion(rpOpts)
489
491
  }).withScope("openid", PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? ResponseMode.POST).withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
490
- SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
491
- SupportedVersion.SIOPv2_ID1,
492
- SupportedVersion.SIOPv2_D11
492
+ SupportedVersion.OID4VP_v1,
493
+ SupportedVersion.SIOPv2_OID4VP_D28
493
494
  ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
494
495
  resolver,
495
496
  verifyOpts: {
496
497
  wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
497
498
  checkLinkedDomain: "if_present"
498
499
  }
499
- }, context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
500
+ }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
500
501
  const oidfOpts = identifierOpts.oidfOpts;
501
502
  if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
502
503
  builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT);
503
504
  } else {
504
505
  const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts);
505
- builder.withClientId(resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint), PropertyTarget.REQUEST_OBJECT);
506
+ const clientId = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint);
507
+ const clientIdPrefixed = prefixClientId(clientId);
508
+ builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT);
506
509
  }
507
510
  if (hasher) {
508
511
  builder.withHasher(hasher);
509
512
  }
510
- if (dcqlQuery) {
511
- builder.withDcqlQuery(dcqlQuery);
512
- }
513
513
  if (rpOpts.responseRedirectUri) {
514
514
  builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
515
515
  }
@@ -566,6 +566,13 @@ function getSigningAlgo(type) {
566
566
  }
567
567
  }
568
568
  __name(getSigningAlgo, "getSigningAlgo");
569
+ function prefixClientId(clientId) {
570
+ if (clientId.startsWith("did:")) {
571
+ return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;
572
+ }
573
+ return clientId;
574
+ }
575
+ __name(prefixClientId, "prefixClientId");
569
576
 
570
577
  // src/RPInstance.ts
571
578
  import { v4 as uuidv4 } from "uuid";
@@ -575,17 +582,16 @@ var RPInstance = class {
575
582
  __name(this, "RPInstance");
576
583
  }
577
584
  _rp;
578
- _pexOptions;
585
+ _presentationOptions;
579
586
  _rpOptions;
580
587
  constructor({ rpOpts, pexOpts }) {
581
588
  this._rpOptions = rpOpts;
582
- this._pexOptions = pexOpts;
589
+ this._presentationOptions = pexOpts;
583
590
  }
584
591
  async get(context) {
585
592
  if (!this._rp) {
586
593
  const builder = await createRPBuilder({
587
594
  rpOpts: this._rpOptions,
588
- pexOpts: this._pexOptions,
589
595
  context
590
596
  });
591
597
  this._rp = builder.build();
@@ -595,23 +601,11 @@ var RPInstance = class {
595
601
  get rpOptions() {
596
602
  return this._rpOptions;
597
603
  }
598
- get pexOptions() {
599
- return this._pexOptions;
600
- }
601
- hasDefinition() {
602
- return this.definitionId !== void 0;
603
- }
604
- get definitionId() {
605
- return this.pexOptions?.definitionId;
606
- }
607
- async getPresentationDefinition(context) {
608
- return this.definitionId ? await context.agent.pexStoreGetDefinition({
609
- definitionId: this.definitionId,
610
- tenantId: this.pexOptions?.tenantId
611
- }) : void 0;
604
+ get presentationOptions() {
605
+ return this._presentationOptions;
612
606
  }
613
607
  async createAuthorizationRequestURI(createArgs, context) {
614
- const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
608
+ const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
615
609
  const nonce = createArgs.nonce ?? uuidv4();
616
610
  const state = createArgs.state ?? correlationId;
617
611
  let jwtIssuer;
@@ -639,13 +633,15 @@ var RPInstance = class {
639
633
  return await this.get(context).then((rp) => rp.createAuthorizationRequestURI({
640
634
  version: getRequestVersion(this.rpOptions),
641
635
  correlationId,
636
+ queryId,
642
637
  nonce,
643
638
  state,
644
639
  claims,
645
640
  requestByReferenceURI,
646
641
  responseURI,
647
642
  responseURIType,
648
- jwtIssuer
643
+ jwtIssuer,
644
+ callback
649
645
  }));
650
646
  }
651
647
  async createAuthorizationRequest(createArgs, context) {
@@ -686,7 +682,6 @@ var RPInstance = class {
686
682
  };
687
683
 
688
684
  // src/agent/SIOPv2RP.ts
689
- import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
690
685
  var SIOPv2RP = class _SIOPv2RP {
691
686
  static {
692
687
  __name(this, "SIOPv2RP");
@@ -694,7 +689,7 @@ var SIOPv2RP = class _SIOPv2RP {
694
689
  opts;
695
690
  static _DEFAULT_OPTS_KEY = "_default";
696
691
  instances = /* @__PURE__ */ new Map();
697
- schema = schema.IDidAuthSiopOpAuthenticator;
692
+ schema = plugin_schema_default.IDidAuthSiopOpAuthenticator;
698
693
  methods = {
699
694
  siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),
700
695
  siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),
@@ -724,30 +719,36 @@ var SIOPv2RP = class _SIOPv2RP {
724
719
  }
725
720
  async createAuthorizationRequestURI(createArgs, context) {
726
721
  return await this.getRPInstance({
727
- definitionId: createArgs.definitionId,
728
- responseRedirectURI: createArgs.responseRedirectURI
722
+ createWhenNotPresent: true,
723
+ responseRedirectURI: createArgs.responseRedirectURI,
724
+ ...createArgs.useQueryIdInstance === true && {
725
+ queryId: createArgs.queryId
726
+ }
729
727
  }, context).then((rp) => rp.createAuthorizationRequestURI(createArgs, context)).then((URI) => URI.encodedUri);
730
728
  }
731
729
  async createAuthorizationRequestPayloads(createArgs, context) {
732
730
  return await this.getRPInstance({
733
- definitionId: createArgs.definitionId
731
+ createWhenNotPresent: true,
732
+ queryId: createArgs.queryId
734
733
  }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
735
734
  const authRequest = {
736
735
  authorizationRequest: request.payload,
737
736
  requestObject: await request.requestObjectJwt(),
738
- requestObjectDecoded: await request.requestObject?.getPayload()
737
+ requestObjectDecoded: request.requestObject?.getPayload()
739
738
  };
740
739
  return authRequest;
741
740
  });
742
741
  }
743
742
  async siopGetRequestState(args, context) {
744
743
  return await this.getRPInstance({
745
- definitionId: args.definitionId
744
+ createWhenNotPresent: false,
745
+ queryId: args.queryId
746
746
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
747
747
  }
748
748
  async siopGetResponseState(args, context) {
749
749
  const rpInstance = await this.getRPInstance({
750
- definitionId: args.definitionId
750
+ createWhenNotPresent: false,
751
+ queryId: args.queryId
751
752
  }, context);
752
753
  const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
753
754
  if (authorizationResponseState === void 0) {
@@ -800,11 +801,12 @@ var SIOPv2RP = class _SIOPv2RP {
800
801
  }
801
802
  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => CredentialMapper2.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : CredentialMapper2.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
802
803
  async siopUpdateRequestState(args, context) {
803
- if (args.state !== "sent") {
804
- throw Error(`Only 'sent' status is supported for this method at this point`);
804
+ if (args.state !== "authorization_request_created") {
805
+ throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
805
806
  }
806
807
  return await this.getRPInstance({
807
- definitionId: args.definitionId
808
+ createWhenNotPresent: false,
809
+ queryId: args.queryId
808
810
  }, context).then((rp) => rp.get(context).then(async (rp2) => {
809
811
  await rp2.signalAuthRequestRetrieved({
810
812
  correlationId: args.correlationId,
@@ -815,7 +817,8 @@ var SIOPv2RP = class _SIOPv2RP {
815
817
  }
816
818
  async siopDeleteState(args, context) {
817
819
  return await this.getRPInstance({
818
- definitionId: args.definitionId
820
+ createWhenNotPresent: false,
821
+ queryId: args.queryId
819
822
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
820
823
  }
821
824
  async siopVerifyAuthResponse(args, context) {
@@ -824,42 +827,27 @@ var SIOPv2RP = class _SIOPv2RP {
824
827
  }
825
828
  const authResponse = typeof args.authorizationResponse === "string" ? decodeUriAsJson(args.authorizationResponse) : args.authorizationResponse;
826
829
  return await this.getRPInstance({
827
- definitionId: args.definitionId
830
+ createWhenNotPresent: false,
831
+ queryId: args.queryId
828
832
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
829
833
  correlationId: args.correlationId,
830
- ...args.dcqlQueryPayload ? {
831
- dcqlQuery: args.dcqlQueryPayload.dcqlQuery
834
+ ...args.dcqlQuery ? {
835
+ dcqlQuery: args.dcqlQuery
832
836
  } : {},
833
837
  audience: args.audience
834
838
  })));
835
839
  }
836
840
  async siopImportDefinitions(args, context) {
837
- const { definitions, tenantId, version, versionControlMode } = args;
838
- await Promise.all(definitions.map(async (definitionPair) => {
839
- const definitionPayload = definitionPair.definitionPayload;
840
- if (!definitionPayload && !definitionPair.dcqlPayload) {
841
- return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
842
- }
843
- let definitionId;
844
- if (definitionPair.dcqlPayload) {
845
- DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery);
846
- console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`);
847
- definitionId = definitionPair.dcqlPayload.queryId;
848
- }
849
- if (definitionPayload) {
850
- await context.agent.pexValidateDefinition({
851
- definition: definitionPayload
852
- });
853
- console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
854
- definitionId = definitionPayload.id;
855
- }
841
+ const { importItems, tenantId, version, versionControlMode } = args;
842
+ await Promise.all(importItems.map(async (importItem) => {
843
+ DcqlQuery.validate(importItem.query);
844
+ console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
856
845
  return context.agent.pdmPersistDefinition({
857
846
  definitionItem: {
858
- definitionId,
847
+ queryId: importItem.queryId,
859
848
  tenantId,
860
849
  version,
861
- definitionPayload,
862
- dcqlPayload: definitionPair.dcqlPayload
850
+ query: importItem.query
863
851
  },
864
852
  opts: {
865
853
  versionControlMode
@@ -868,7 +856,7 @@ var SIOPv2RP = class _SIOPv2RP {
868
856
  }));
869
857
  }
870
858
  async siopGetRedirectURI(args, context) {
871
- const instanceId = args.definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
859
+ const instanceId = args.queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
872
860
  if (this.instances.has(instanceId)) {
873
861
  const rpInstance = this.instances.get(instanceId);
874
862
  if (rpInstance !== void 0) {
@@ -884,12 +872,40 @@ var SIOPv2RP = class _SIOPv2RP {
884
872
  }
885
873
  return void 0;
886
874
  }
887
- async getRPInstance({ definitionId, responseRedirectURI }, context) {
888
- const instanceId = definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
889
- if (!this.instances.has(instanceId)) {
890
- const instanceOpts = this.getInstanceOpts(definitionId);
875
+ async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
876
+ let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
877
+ let rpInstance;
878
+ if (queryId) {
879
+ if (this.instances.has(queryId)) {
880
+ rpInstanceId = queryId;
881
+ rpInstance = this.instances.get(rpInstanceId);
882
+ } else if (isValidUUID(queryId)) {
883
+ try {
884
+ const pd = await context.agent.pdmGetDefinition({
885
+ itemId: queryId
886
+ });
887
+ if (this.instances.has(pd.queryId)) {
888
+ rpInstanceId = pd.queryId;
889
+ rpInstance = this.instances.get(rpInstanceId);
890
+ }
891
+ } catch (ignore) {
892
+ }
893
+ }
894
+ if (createWhenNotPresent) {
895
+ rpInstanceId = queryId;
896
+ } else {
897
+ rpInstance = this.instances.get(rpInstanceId);
898
+ }
899
+ } else {
900
+ rpInstance = this.instances.get(rpInstanceId);
901
+ }
902
+ if (!rpInstance) {
903
+ if (!createWhenNotPresent) {
904
+ return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
905
+ }
906
+ const instanceOpts = this.getInstanceOpts(queryId);
891
907
  const rpOpts = await this.getRPOptions(context, {
892
- definitionId,
908
+ queryId,
893
909
  responseRedirectURI
894
910
  });
895
911
  if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== "function") {
@@ -901,29 +917,29 @@ var SIOPv2RP = class _SIOPv2RP {
901
917
  ...rpOpts.identifierOpts.resolveOpts
902
918
  };
903
919
  }
904
- console.log("Using agent DID resolver for RP instance with definition id " + definitionId);
920
+ console.log("Using agent DID resolver for RP instance with definition id " + queryId);
905
921
  rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver2(context, {
906
922
  uniresolverResolution: true,
907
923
  localResolution: true,
908
924
  resolverResolution: true
909
925
  });
910
926
  }
911
- this.instances.set(instanceId, new RPInstance({
927
+ rpInstance = new RPInstance({
912
928
  rpOpts,
913
929
  pexOpts: instanceOpts
914
- }));
930
+ });
931
+ this.instances.set(rpInstanceId, rpInstance);
915
932
  }
916
- const rpInstance = this.instances.get(instanceId);
917
933
  if (responseRedirectURI) {
918
934
  rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
919
935
  }
920
936
  return rpInstance;
921
937
  }
922
938
  async getRPOptions(context, opts) {
923
- const { definitionId, responseRedirectURI } = opts;
924
- const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts;
939
+ const { queryId, responseRedirectURI } = opts;
940
+ const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts;
925
941
  if (!options) {
926
- throw Error(`Could not get specific nor default options for definition ${definitionId}`);
942
+ throw Error(`Could not get specific nor default options for definition ${queryId}`);
927
943
  }
928
944
  if (this.opts.defaultOpts) {
929
945
  if (!options.identifierOpts) {
@@ -955,20 +971,20 @@ var SIOPv2RP = class _SIOPv2RP {
955
971
  }
956
972
  return options;
957
973
  }
958
- getInstanceOpts(definitionId) {
974
+ getInstanceOpts(queryId) {
959
975
  if (!this.opts.instanceOpts) return void 0;
960
- const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : void 0;
961
- return instanceOpt ?? this.getDefaultOptions(definitionId);
976
+ const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
977
+ return instanceOpt ?? this.getDefaultOptions(queryId);
962
978
  }
963
- getDefaultOptions(definitionId) {
979
+ getDefaultOptions(queryId) {
964
980
  if (!this.opts.instanceOpts) return void 0;
965
- const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === "default");
981
+ const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
966
982
  if (defaultOptions) {
967
983
  const clonedOptions = {
968
984
  ...defaultOptions
969
985
  };
970
- if (definitionId !== void 0) {
971
- clonedOptions.definitionId = definitionId;
986
+ if (queryId !== void 0) {
987
+ clonedOptions.queryId = queryId;
972
988
  }
973
989
  return clonedOptions;
974
990
  }
@@ -983,12 +999,9 @@ var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
983
999
  VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
984
1000
  return VerifiedDataMode2;
985
1001
  })({});
986
-
987
- // src/index.ts
988
- var schema = require_plugin_schema();
989
1002
  export {
990
1003
  SIOPv2RP,
991
1004
  VerifiedDataMode,
992
- schema
1005
+ plugin_schema_default as schema
993
1006
  };
994
1007
  //# sourceMappingURL=index.js.map