@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.62.241 → 0.34.1-feature.SSISDK.62.datastore.types.223
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +30 -44
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +8 -2
- package/dist/index.d.ts +8 -2
- package/dist/index.js +30 -44
- package/dist/index.js.map +1 -1
- package/package.json +17 -17
- package/src/agent/SIOPv2RP.ts +28 -51
- package/src/types/ISIOPv2RP.ts +8 -1
package/src/agent/SIOPv2RP.ts
CHANGED
|
@@ -5,12 +5,12 @@ import {
|
|
|
5
5
|
AuthorizationResponseStateStatus,
|
|
6
6
|
AuthorizationResponseStateWithVerifiedData,
|
|
7
7
|
decodeUriAsJson,
|
|
8
|
-
EncodedDcqlPresentationVpToken,
|
|
9
8
|
VerifiedAuthorizationResponse
|
|
10
9
|
} from '@sphereon/did-auth-siop'
|
|
11
10
|
import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
|
|
12
11
|
import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
13
12
|
import { validate as isValidUUID } from 'uuid'
|
|
13
|
+
|
|
14
14
|
import type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'
|
|
15
15
|
import {
|
|
16
16
|
AdditionalClaims,
|
|
@@ -24,7 +24,7 @@ import {
|
|
|
24
24
|
MdocDeviceResponse,
|
|
25
25
|
MdocOid4vpMdocVpToken,
|
|
26
26
|
OriginalVerifiablePresentation,
|
|
27
|
-
SdJwtDecodedVerifiableCredential
|
|
27
|
+
SdJwtDecodedVerifiableCredential,
|
|
28
28
|
} from '@sphereon/ssi-types'
|
|
29
29
|
import { IAgentPlugin } from '@veramo/core'
|
|
30
30
|
import { DcqlQuery } from 'dcql'
|
|
@@ -43,7 +43,8 @@ import {
|
|
|
43
43
|
ISiopv2RPOpts,
|
|
44
44
|
IUpdateRequestStateArgs,
|
|
45
45
|
IVerifyAuthResponseStateArgs,
|
|
46
|
-
schema
|
|
46
|
+
schema,
|
|
47
|
+
VerifiedDataMode,
|
|
47
48
|
} from '../index'
|
|
48
49
|
import { RPInstance } from '../RPInstance'
|
|
49
50
|
import { ISIOPv2RP } from '../types/ISIOPv2RP'
|
|
@@ -135,7 +136,11 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
135
136
|
}
|
|
136
137
|
|
|
137
138
|
const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData
|
|
138
|
-
if (
|
|
139
|
+
if (
|
|
140
|
+
responseState.status === AuthorizationResponseStateStatus.VERIFIED &&
|
|
141
|
+
args.includeVerifiedData &&
|
|
142
|
+
args.includeVerifiedData !== VerifiedDataMode.NONE
|
|
143
|
+
) {
|
|
139
144
|
let hasher: HasherSync | undefined
|
|
140
145
|
if (
|
|
141
146
|
CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&
|
|
@@ -143,23 +148,19 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
143
148
|
) {
|
|
144
149
|
hasher = defaultHasher
|
|
145
150
|
}
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
const allClaims: AdditionalClaims = {}
|
|
160
|
-
const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)
|
|
161
|
-
if ('verifiableCredential' in presentationOrClaims) {
|
|
162
|
-
for (const credential of presentationOrClaims.verifiableCredential) {
|
|
151
|
+
// todo this should also include mdl-mdoc
|
|
152
|
+
const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
153
|
+
responseState.response.payload.vp_token as OriginalVerifiablePresentation,
|
|
154
|
+
//todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
155
|
+
hasher,
|
|
156
|
+
)
|
|
157
|
+
switch (args.includeVerifiedData) {
|
|
158
|
+
case VerifiedDataMode.VERIFIED_PRESENTATION:
|
|
159
|
+
responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)
|
|
160
|
+
break
|
|
161
|
+
case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT
|
|
162
|
+
const allClaims: AdditionalClaims = {}
|
|
163
|
+
for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
|
|
163
164
|
const vc = credential as IVerifiableCredential
|
|
164
165
|
const schemaValidationResult = await context.agent.cvVerifySchema({
|
|
165
166
|
credential,
|
|
@@ -182,34 +183,11 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
182
183
|
allClaims[key] = value
|
|
183
184
|
}
|
|
184
185
|
})
|
|
185
|
-
|
|
186
|
-
claims.push({
|
|
187
|
-
id: key,
|
|
188
|
-
type: vc.type[0],
|
|
189
|
-
claims: allClaims
|
|
190
|
-
})
|
|
191
186
|
}
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
id: key,
|
|
195
|
-
type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,
|
|
196
|
-
claims: presentationOrClaims
|
|
197
|
-
})
|
|
198
|
-
}
|
|
199
|
-
}
|
|
200
|
-
|
|
201
|
-
responseState.verifiedData = {
|
|
202
|
-
...(responseState.response.payload.vp_token && {
|
|
203
|
-
authorization_response: {
|
|
204
|
-
vp_token: typeof responseState.response.payload.vp_token === 'string'
|
|
205
|
-
? JSON.parse(responseState.response.payload.vp_token)
|
|
206
|
-
: responseState.response.payload.vp_token
|
|
207
|
-
}
|
|
208
|
-
}),
|
|
209
|
-
...(claims.length > 0 && { credential_claims: claims })
|
|
187
|
+
responseState.verifiedData = allClaims
|
|
188
|
+
break
|
|
210
189
|
}
|
|
211
190
|
}
|
|
212
|
-
|
|
213
191
|
return responseState
|
|
214
192
|
}
|
|
215
193
|
|
|
@@ -219,12 +197,11 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
219
197
|
| IVerifiablePresentation
|
|
220
198
|
| SdJwtDecodedVerifiableCredential
|
|
221
199
|
| MdocOid4vpMdocVpToken
|
|
222
|
-
| MdocDeviceResponse
|
|
223
|
-
): AdditionalClaims | IPresentation =>
|
|
224
|
-
|
|
200
|
+
| MdocDeviceResponse,
|
|
201
|
+
): AdditionalClaims | IPresentation =>
|
|
202
|
+
CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
|
|
225
203
|
? presentationDecoded.decodedPayload
|
|
226
204
|
: CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)
|
|
227
|
-
}
|
|
228
205
|
|
|
229
206
|
private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {
|
|
230
207
|
if (args.state !== 'authorization_request_created') {
|
|
@@ -261,7 +238,7 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
261
238
|
rp.get(context).then((rp) =>
|
|
262
239
|
rp.verifyAuthorizationResponse(authResponse, {
|
|
263
240
|
correlationId: args.correlationId,
|
|
264
|
-
...(args.dcqlQuery
|
|
241
|
+
...(args.dcqlQuery ? { dcqlQuery: args.dcqlQuery } : {}),
|
|
265
242
|
audience: args.audience,
|
|
266
243
|
}),
|
|
267
244
|
),
|
package/src/types/ISIOPv2RP.ts
CHANGED
|
@@ -35,6 +35,12 @@ import { DcqlQuery } from 'dcql'
|
|
|
35
35
|
import { Resolvable } from 'did-resolver'
|
|
36
36
|
import { EventEmitter } from 'events'
|
|
37
37
|
|
|
38
|
+
export enum VerifiedDataMode {
|
|
39
|
+
NONE = 'none',
|
|
40
|
+
VERIFIED_PRESENTATION = 'vp',
|
|
41
|
+
CREDENTIAL_SUBJECT_FLATTENED = 'cs-flat',
|
|
42
|
+
}
|
|
43
|
+
|
|
38
44
|
export interface ISIOPv2RP extends IPluginMethodMap {
|
|
39
45
|
siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>
|
|
40
46
|
siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>
|
|
@@ -83,10 +89,11 @@ export interface IGetAuthResponseStateArgs {
|
|
|
83
89
|
queryId?: string
|
|
84
90
|
errorOnNotFound?: boolean
|
|
85
91
|
progressRequestStateTo?: AuthorizationRequestStateStatus
|
|
92
|
+
includeVerifiedData?: VerifiedDataMode
|
|
86
93
|
}
|
|
87
94
|
|
|
88
95
|
export interface IUpdateRequestStateArgs {
|
|
89
|
-
queryId
|
|
96
|
+
queryId: string
|
|
90
97
|
correlationId: string
|
|
91
98
|
state: AuthorizationRequestStateStatus
|
|
92
99
|
error?: string
|