@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.58.host.nonce.endpoint.194 → 0.34.1-feature.SSISDK.62.219

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/index.cjs +84 -57
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +10 -14
  4. package/dist/index.d.ts +10 -14
  5. package/dist/index.js +84 -57
  6. package/dist/index.js.map +1 -1
  7. package/package.json +17 -17
  8. package/src/RPInstance.ts +7 -26
  9. package/src/agent/SIOPv2RP.ts +51 -18
  10. package/src/functions.ts +40 -41
  11. package/src/types/ISIOPv2RP.ts +4 -6
package/dist/index.cjs CHANGED
@@ -362,6 +362,7 @@ var plugin_schema_default = {
362
362
  var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
363
363
  var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
364
364
  var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
365
+ var import_uuid2 = require("uuid");
365
366
  var import_ssi_types2 = require("@sphereon/ssi-types");
366
367
  var import_dcql = require("dcql");
367
368
 
@@ -377,7 +378,7 @@ function getRequestVersion(rpOptions) {
377
378
  if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
378
379
  return rpOptions.supportedVersions[0];
379
380
  }
380
- return import_did_auth_siop.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
381
+ return import_did_auth_siop.SupportedVersion.OID4VP_v1;
381
382
  }
382
383
  __name(getRequestVersion, "getRequestVersion");
383
384
  function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -392,6 +393,33 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
392
393
  };
393
394
  }
394
395
  __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
396
+ function getDcqlQueryLookupCallback(context) {
397
+ async function dcqlQueryLookup(queryId, version, tenantId) {
398
+ const result = await context.agent.pdmGetDefinitions({
399
+ filter: [
400
+ {
401
+ queryId,
402
+ ...tenantId && {
403
+ tenantId
404
+ },
405
+ ...version && {
406
+ version
407
+ }
408
+ },
409
+ {
410
+ id: queryId
411
+ }
412
+ ]
413
+ });
414
+ if (result && result.length > 0) {
415
+ return result[0].query;
416
+ }
417
+ return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
418
+ }
419
+ __name(dcqlQueryLookup, "dcqlQueryLookup");
420
+ return dcqlQueryLookup;
421
+ }
422
+ __name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
395
423
  function getPresentationVerificationCallback(idOpts, context) {
396
424
  async function presentationVerificationCallback(args, presentationSubmission) {
397
425
  if (import_ssi_types.CredentialMapper.isSdJwtEncoded(args)) {
@@ -431,27 +459,8 @@ function getPresentationVerificationCallback(idOpts, context) {
431
459
  }
432
460
  __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
433
461
  async function createRPBuilder(args) {
434
- const { rpOpts, pexOpts, context } = args;
462
+ const { rpOpts, context } = args;
435
463
  const { identifierOpts } = rpOpts;
436
- let definition = args.definition;
437
- let dcqlQuery = args.dcql;
438
- if (!definition && pexOpts && pexOpts.queryId) {
439
- const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
440
- filter: [
441
- {
442
- queryId: pexOpts.queryId,
443
- version: pexOpts.version,
444
- tenantId: pexOpts.tenantId
445
- }
446
- ]
447
- });
448
- if (presentationDefinitionItems.length > 0) {
449
- const presentationDefinitionItem = presentationDefinitionItems[0];
450
- if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
451
- dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
452
- }
453
- }
454
- }
455
464
  const didMethods = identifierOpts.supportedDIDMethods ?? await (0, import_ssi_sdk_ext.getAgentDIDMethods)(context);
456
465
  const eventEmitter = rpOpts.eventEmitter ?? new import_events.EventEmitter();
457
466
  const defaultClientMetadata = {
@@ -506,16 +515,15 @@ async function createRPBuilder(args) {
506
515
  const builder = import_did_auth_siop.RP.builder({
507
516
  requestVersion: getRequestVersion(rpOpts)
508
517
  }).withScope("openid", import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? import_did_auth_siop.ResponseMode.POST).withResponseType(import_did_auth_siop.ResponseType.VP_TOKEN, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
509
- import_did_auth_siop.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
510
- import_did_auth_siop.SupportedVersion.SIOPv2_ID1,
511
- import_did_auth_siop.SupportedVersion.SIOPv2_D11
518
+ import_did_auth_siop.SupportedVersion.OID4VP_v1,
519
+ import_did_auth_siop.SupportedVersion.SIOPv2_OID4VP_D28
512
520
  ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new import_did_auth_siop.InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
513
521
  resolver,
514
522
  verifyOpts: {
515
523
  wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
516
524
  checkLinkedDomain: "if_present"
517
525
  }
518
- }, context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
526
+ }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
519
527
  const oidfOpts = identifierOpts.oidfOpts;
520
528
  if (oidfOpts && (0, import_ssi_sdk_ext2.isExternalIdentifierOIDFEntityIdOpts)(oidfOpts)) {
521
529
  builder.withEntityId(oidfOpts.identifier, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
@@ -528,9 +536,6 @@ async function createRPBuilder(args) {
528
536
  if (hasher) {
529
537
  builder.withHasher(hasher);
530
538
  }
531
- if (dcqlQuery) {
532
- builder.withDcqlQuery(dcqlQuery);
533
- }
534
539
  if (rpOpts.responseRedirectUri) {
535
540
  builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
536
541
  }
@@ -603,17 +608,16 @@ var RPInstance = class {
603
608
  __name(this, "RPInstance");
604
609
  }
605
610
  _rp;
606
- _pexOptions;
611
+ _presentationOptions;
607
612
  _rpOptions;
608
613
  constructor({ rpOpts, pexOpts }) {
609
614
  this._rpOptions = rpOpts;
610
- this._pexOptions = pexOpts;
615
+ this._presentationOptions = pexOpts;
611
616
  }
612
617
  async get(context) {
613
618
  if (!this._rp) {
614
619
  const builder = await createRPBuilder({
615
620
  rpOpts: this._rpOptions,
616
- pexOpts: this._pexOptions,
617
621
  context
618
622
  });
619
623
  this._rp = builder.build();
@@ -623,20 +627,8 @@ var RPInstance = class {
623
627
  get rpOptions() {
624
628
  return this._rpOptions;
625
629
  }
626
- get pexOptions() {
627
- return this._pexOptions;
628
- }
629
- hasDefinition() {
630
- return this.definitionId !== void 0;
631
- }
632
- get definitionId() {
633
- return this.pexOptions?.queryId;
634
- }
635
- async getPresentationDefinition(context) {
636
- return this.definitionId ? await context.agent.pexStoreGetDefinition({
637
- definitionId: this.definitionId,
638
- tenantId: this.pexOptions?.tenantId
639
- }) : void 0;
630
+ get presentationOptions() {
631
+ return this._presentationOptions;
640
632
  }
641
633
  async createAuthorizationRequestURI(createArgs, context) {
642
634
  const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
@@ -753,6 +745,7 @@ var SIOPv2RP = class _SIOPv2RP {
753
745
  }
754
746
  async createAuthorizationRequestURI(createArgs, context) {
755
747
  return await this.getRPInstance({
748
+ createWhenNotPresent: true,
756
749
  responseRedirectURI: createArgs.responseRedirectURI,
757
750
  ...createArgs.useQueryIdInstance === true && {
758
751
  queryId: createArgs.queryId
@@ -761,6 +754,7 @@ var SIOPv2RP = class _SIOPv2RP {
761
754
  }
762
755
  async createAuthorizationRequestPayloads(createArgs, context) {
763
756
  return await this.getRPInstance({
757
+ createWhenNotPresent: true,
764
758
  queryId: createArgs.queryId
765
759
  }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
766
760
  const authRequest = {
@@ -773,11 +767,13 @@ var SIOPv2RP = class _SIOPv2RP {
773
767
  }
774
768
  async siopGetRequestState(args, context) {
775
769
  return await this.getRPInstance({
770
+ createWhenNotPresent: false,
776
771
  queryId: args.queryId
777
772
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
778
773
  }
779
774
  async siopGetResponseState(args, context) {
780
775
  const rpInstance = await this.getRPInstance({
776
+ createWhenNotPresent: false,
781
777
  queryId: args.queryId
782
778
  }, context);
783
779
  const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
@@ -835,6 +831,7 @@ var SIOPv2RP = class _SIOPv2RP {
835
831
  throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
836
832
  }
837
833
  return await this.getRPInstance({
834
+ createWhenNotPresent: false,
838
835
  queryId: args.queryId
839
836
  }, context).then((rp) => rp.get(context).then(async (rp2) => {
840
837
  await rp2.signalAuthRequestRetrieved({
@@ -846,6 +843,7 @@ var SIOPv2RP = class _SIOPv2RP {
846
843
  }
847
844
  async siopDeleteState(args, context) {
848
845
  return await this.getRPInstance({
846
+ createWhenNotPresent: false,
849
847
  queryId: args.queryId
850
848
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
851
849
  }
@@ -855,6 +853,7 @@ var SIOPv2RP = class _SIOPv2RP {
855
853
  }
856
854
  const authResponse = typeof args.authorizationResponse === "string" ? (0, import_did_auth_siop2.decodeUriAsJson)(args.authorizationResponse) : args.authorizationResponse;
857
855
  return await this.getRPInstance({
856
+ createWhenNotPresent: false,
858
857
  queryId: args.queryId
859
858
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
860
859
  correlationId: args.correlationId,
@@ -899,9 +898,37 @@ var SIOPv2RP = class _SIOPv2RP {
899
898
  }
900
899
  return void 0;
901
900
  }
902
- async getRPInstance({ queryId, responseRedirectURI }, context) {
903
- const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
904
- if (!this.instances.has(instanceId)) {
901
+ async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
902
+ let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
903
+ let rpInstance;
904
+ if (queryId) {
905
+ if (this.instances.has(queryId)) {
906
+ rpInstanceId = queryId;
907
+ rpInstance = this.instances.get(rpInstanceId);
908
+ } else if ((0, import_uuid2.validate)(queryId)) {
909
+ try {
910
+ const pd = await context.agent.pdmGetDefinition({
911
+ itemId: queryId
912
+ });
913
+ if (this.instances.has(pd.queryId)) {
914
+ rpInstanceId = pd.queryId;
915
+ rpInstance = this.instances.get(rpInstanceId);
916
+ }
917
+ } catch (ignore) {
918
+ }
919
+ }
920
+ if (createWhenNotPresent) {
921
+ rpInstanceId = queryId;
922
+ } else {
923
+ rpInstance = this.instances.get(rpInstanceId);
924
+ }
925
+ } else {
926
+ rpInstance = this.instances.get(rpInstanceId);
927
+ }
928
+ if (!rpInstance) {
929
+ if (!createWhenNotPresent) {
930
+ return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
931
+ }
905
932
  const instanceOpts = this.getInstanceOpts(queryId);
906
933
  const rpOpts = await this.getRPOptions(context, {
907
934
  queryId,
@@ -923,12 +950,12 @@ var SIOPv2RP = class _SIOPv2RP {
923
950
  resolverResolution: true
924
951
  });
925
952
  }
926
- this.instances.set(instanceId, new RPInstance({
953
+ rpInstance = new RPInstance({
927
954
  rpOpts,
928
955
  pexOpts: instanceOpts
929
- }));
956
+ });
957
+ this.instances.set(rpInstanceId, rpInstance);
930
958
  }
931
- const rpInstance = this.instances.get(instanceId);
932
959
  if (responseRedirectURI) {
933
960
  rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
934
961
  }
@@ -970,20 +997,20 @@ var SIOPv2RP = class _SIOPv2RP {
970
997
  }
971
998
  return options;
972
999
  }
973
- getInstanceOpts(definitionId) {
1000
+ getInstanceOpts(queryId) {
974
1001
  if (!this.opts.instanceOpts) return void 0;
975
- const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : void 0;
976
- return instanceOpt ?? this.getDefaultOptions(definitionId);
1002
+ const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
1003
+ return instanceOpt ?? this.getDefaultOptions(queryId);
977
1004
  }
978
- getDefaultOptions(definitionId) {
1005
+ getDefaultOptions(queryId) {
979
1006
  if (!this.opts.instanceOpts) return void 0;
980
1007
  const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
981
1008
  if (defaultOptions) {
982
1009
  const clonedOptions = {
983
1010
  ...defaultOptions
984
1011
  };
985
- if (definitionId !== void 0) {
986
- clonedOptions.queryId = definitionId;
1012
+ if (queryId !== void 0) {
1013
+ clonedOptions.queryId = queryId;
987
1014
  }
988
1015
  return clonedOptions;
989
1016
  }