@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.62.226 → 0.34.1-feature.SSISDK.62.239
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +44 -30
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -8
- package/dist/index.d.ts +2 -8
- package/dist/index.js +44 -30
- package/dist/index.js.map +1 -1
- package/package.json +17 -17
- package/src/agent/SIOPv2RP.ts +51 -28
- package/src/types/ISIOPv2RP.ts +1 -8
package/src/agent/SIOPv2RP.ts
CHANGED
|
@@ -5,12 +5,12 @@ import {
|
|
|
5
5
|
AuthorizationResponseStateStatus,
|
|
6
6
|
AuthorizationResponseStateWithVerifiedData,
|
|
7
7
|
decodeUriAsJson,
|
|
8
|
+
EncodedDcqlPresentationVpToken,
|
|
8
9
|
VerifiedAuthorizationResponse
|
|
9
10
|
} from '@sphereon/did-auth-siop'
|
|
10
11
|
import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
|
|
11
12
|
import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
12
13
|
import { validate as isValidUUID } from 'uuid'
|
|
13
|
-
|
|
14
14
|
import type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'
|
|
15
15
|
import {
|
|
16
16
|
AdditionalClaims,
|
|
@@ -24,7 +24,7 @@ import {
|
|
|
24
24
|
MdocDeviceResponse,
|
|
25
25
|
MdocOid4vpMdocVpToken,
|
|
26
26
|
OriginalVerifiablePresentation,
|
|
27
|
-
SdJwtDecodedVerifiableCredential
|
|
27
|
+
SdJwtDecodedVerifiableCredential
|
|
28
28
|
} from '@sphereon/ssi-types'
|
|
29
29
|
import { IAgentPlugin } from '@veramo/core'
|
|
30
30
|
import { DcqlQuery } from 'dcql'
|
|
@@ -43,8 +43,7 @@ import {
|
|
|
43
43
|
ISiopv2RPOpts,
|
|
44
44
|
IUpdateRequestStateArgs,
|
|
45
45
|
IVerifyAuthResponseStateArgs,
|
|
46
|
-
schema
|
|
47
|
-
VerifiedDataMode,
|
|
46
|
+
schema
|
|
48
47
|
} from '../index'
|
|
49
48
|
import { RPInstance } from '../RPInstance'
|
|
50
49
|
import { ISIOPv2RP } from '../types/ISIOPv2RP'
|
|
@@ -136,11 +135,7 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
136
135
|
}
|
|
137
136
|
|
|
138
137
|
const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData
|
|
139
|
-
if (
|
|
140
|
-
responseState.status === AuthorizationResponseStateStatus.VERIFIED &&
|
|
141
|
-
args.includeVerifiedData &&
|
|
142
|
-
args.includeVerifiedData !== VerifiedDataMode.NONE
|
|
143
|
-
) {
|
|
138
|
+
if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {
|
|
144
139
|
let hasher: HasherSync | undefined
|
|
145
140
|
if (
|
|
146
141
|
CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&
|
|
@@ -148,19 +143,23 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
148
143
|
) {
|
|
149
144
|
hasher = defaultHasher
|
|
150
145
|
}
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
146
|
+
|
|
147
|
+
// FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token
|
|
148
|
+
const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
|
|
149
|
+
const claims = []
|
|
150
|
+
for (const [key, value] of Object.entries(vpToken)) {
|
|
151
|
+
// todo this should also include mdl-mdoc
|
|
152
|
+
const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
153
|
+
value as OriginalVerifiablePresentation,
|
|
154
|
+
//todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
155
|
+
hasher,
|
|
156
|
+
)
|
|
157
|
+
console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
|
|
158
|
+
|
|
159
|
+
const allClaims: AdditionalClaims = {}
|
|
160
|
+
const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)
|
|
161
|
+
if ('verifiableCredential' in presentationOrClaims) {
|
|
162
|
+
for (const credential of presentationOrClaims.verifiableCredential) {
|
|
164
163
|
const vc = credential as IVerifiableCredential
|
|
165
164
|
const schemaValidationResult = await context.agent.cvVerifySchema({
|
|
166
165
|
credential,
|
|
@@ -183,11 +182,34 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
183
182
|
allClaims[key] = value
|
|
184
183
|
}
|
|
185
184
|
})
|
|
185
|
+
|
|
186
|
+
claims.push({
|
|
187
|
+
id: key,
|
|
188
|
+
type: vc.type[0],
|
|
189
|
+
claims: allClaims
|
|
190
|
+
})
|
|
186
191
|
}
|
|
187
|
-
|
|
188
|
-
|
|
192
|
+
} else {
|
|
193
|
+
claims.push({
|
|
194
|
+
id: key,
|
|
195
|
+
type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,
|
|
196
|
+
claims: presentationOrClaims
|
|
197
|
+
})
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
|
|
201
|
+
responseState.verifiedData = {
|
|
202
|
+
...(responseState.response.payload.vp_token && {
|
|
203
|
+
authorization_response: {
|
|
204
|
+
vp_token: typeof responseState.response.payload.vp_token === 'string'
|
|
205
|
+
? JSON.parse(responseState.response.payload.vp_token)
|
|
206
|
+
: responseState.response.payload.vp_token
|
|
207
|
+
}
|
|
208
|
+
}),
|
|
209
|
+
...(claims.length > 0 && { credential_claims: claims })
|
|
189
210
|
}
|
|
190
211
|
}
|
|
212
|
+
|
|
191
213
|
return responseState
|
|
192
214
|
}
|
|
193
215
|
|
|
@@ -197,11 +219,12 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
197
219
|
| IVerifiablePresentation
|
|
198
220
|
| SdJwtDecodedVerifiableCredential
|
|
199
221
|
| MdocOid4vpMdocVpToken
|
|
200
|
-
| MdocDeviceResponse
|
|
201
|
-
): AdditionalClaims | IPresentation =>
|
|
202
|
-
CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
|
|
222
|
+
| MdocDeviceResponse
|
|
223
|
+
): AdditionalClaims | IPresentation => {
|
|
224
|
+
return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
|
|
203
225
|
? presentationDecoded.decodedPayload
|
|
204
226
|
: CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)
|
|
227
|
+
}
|
|
205
228
|
|
|
206
229
|
private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {
|
|
207
230
|
if (args.state !== 'authorization_request_created') {
|
|
@@ -238,7 +261,7 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
238
261
|
rp.get(context).then((rp) =>
|
|
239
262
|
rp.verifyAuthorizationResponse(authResponse, {
|
|
240
263
|
correlationId: args.correlationId,
|
|
241
|
-
...(args.dcqlQuery
|
|
264
|
+
...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),
|
|
242
265
|
audience: args.audience,
|
|
243
266
|
}),
|
|
244
267
|
),
|
package/src/types/ISIOPv2RP.ts
CHANGED
|
@@ -35,12 +35,6 @@ import { DcqlQuery } from 'dcql'
|
|
|
35
35
|
import { Resolvable } from 'did-resolver'
|
|
36
36
|
import { EventEmitter } from 'events'
|
|
37
37
|
|
|
38
|
-
export enum VerifiedDataMode {
|
|
39
|
-
NONE = 'none',
|
|
40
|
-
VERIFIED_PRESENTATION = 'vp',
|
|
41
|
-
CREDENTIAL_SUBJECT_FLATTENED = 'cs-flat',
|
|
42
|
-
}
|
|
43
|
-
|
|
44
38
|
export interface ISIOPv2RP extends IPluginMethodMap {
|
|
45
39
|
siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>
|
|
46
40
|
siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>
|
|
@@ -89,11 +83,10 @@ export interface IGetAuthResponseStateArgs {
|
|
|
89
83
|
queryId?: string
|
|
90
84
|
errorOnNotFound?: boolean
|
|
91
85
|
progressRequestStateTo?: AuthorizationRequestStateStatus
|
|
92
|
-
includeVerifiedData?: VerifiedDataMode
|
|
93
86
|
}
|
|
94
87
|
|
|
95
88
|
export interface IUpdateRequestStateArgs {
|
|
96
|
-
queryId
|
|
89
|
+
queryId?: string
|
|
97
90
|
correlationId: string
|
|
98
91
|
state: AuthorizationRequestStateStatus
|
|
99
92
|
error?: string
|