@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.166 → 0.34.1-fix.169
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +46 -35
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -2
- package/dist/index.d.ts +1 -2
- package/dist/index.js +46 -35
- package/dist/index.js.map +1 -1
- package/package.json +17 -17
- package/src/agent/SIOPv2RP.ts +117 -43
- package/src/types/ISIOPv2RP.ts +2 -2
package/src/agent/SIOPv2RP.ts
CHANGED
|
@@ -4,7 +4,7 @@ import {
|
|
|
4
4
|
AuthorizationResponseState,
|
|
5
5
|
AuthorizationResponseStateStatus,
|
|
6
6
|
AuthorizationResponseStateWithVerifiedData,
|
|
7
|
-
decodeUriAsJson,
|
|
7
|
+
decodeUriAsJson, EncodedDcqlPresentationVpToken,
|
|
8
8
|
VerifiedAuthorizationResponse
|
|
9
9
|
} from '@sphereon/did-auth-siop'
|
|
10
10
|
import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
|
|
@@ -12,9 +12,12 @@ import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
|
12
12
|
import {
|
|
13
13
|
AdditionalClaims,
|
|
14
14
|
CredentialMapper,
|
|
15
|
+
//decodeSdJwtVc,
|
|
15
16
|
HasherSync,
|
|
16
17
|
ICredentialSubject,
|
|
17
18
|
IPresentation,
|
|
19
|
+
//IProofPurpose,
|
|
20
|
+
//IProofType,
|
|
18
21
|
IVerifiableCredential,
|
|
19
22
|
IVerifiablePresentation,
|
|
20
23
|
JwtDecodedVerifiablePresentation,
|
|
@@ -22,6 +25,7 @@ import {
|
|
|
22
25
|
MdocOid4vpMdocVpToken,
|
|
23
26
|
OriginalVerifiablePresentation,
|
|
24
27
|
SdJwtDecodedVerifiableCredential,
|
|
28
|
+
//sha256
|
|
25
29
|
} from '@sphereon/ssi-types'
|
|
26
30
|
import { IAgentPlugin } from '@veramo/core'
|
|
27
31
|
import { DcqlQuery } from 'dcql'
|
|
@@ -40,11 +44,11 @@ import {
|
|
|
40
44
|
ISiopv2RPOpts,
|
|
41
45
|
IUpdateRequestStateArgs,
|
|
42
46
|
IVerifyAuthResponseStateArgs,
|
|
43
|
-
schema
|
|
44
|
-
VerifiedDataMode,
|
|
47
|
+
schema
|
|
45
48
|
} from '../index'
|
|
46
49
|
import { RPInstance } from '../RPInstance'
|
|
47
50
|
import { ISIOPv2RP } from '../types/ISIOPv2RP'
|
|
51
|
+
//import { jwtDecode } from 'jwt-decode'
|
|
48
52
|
|
|
49
53
|
export class SIOPv2RP implements IAgentPlugin {
|
|
50
54
|
private readonly opts: ISiopv2RPOpts
|
|
@@ -126,11 +130,7 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
126
130
|
}
|
|
127
131
|
|
|
128
132
|
const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData
|
|
129
|
-
if (
|
|
130
|
-
responseState.status === AuthorizationResponseStateStatus.VERIFIED &&
|
|
131
|
-
args.includeVerifiedData &&
|
|
132
|
-
args.includeVerifiedData !== VerifiedDataMode.NONE
|
|
133
|
-
) {
|
|
133
|
+
if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {
|
|
134
134
|
let hasher: HasherSync | undefined
|
|
135
135
|
if (
|
|
136
136
|
CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&
|
|
@@ -138,45 +138,119 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
138
138
|
) {
|
|
139
139
|
hasher = defaultHasher
|
|
140
140
|
}
|
|
141
|
-
// todo this should also include mdl-mdoc
|
|
142
|
-
const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
143
|
-
responseState.response.payload.vp_token as OriginalVerifiablePresentation,
|
|
144
|
-
//todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
145
|
-
hasher,
|
|
146
|
-
)
|
|
147
|
-
switch (args.includeVerifiedData) {
|
|
148
|
-
case VerifiedDataMode.VERIFIED_PRESENTATION:
|
|
149
|
-
responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)
|
|
150
|
-
break
|
|
151
|
-
case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT
|
|
152
|
-
const allClaims: AdditionalClaims = {}
|
|
153
|
-
for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
|
|
154
|
-
const vc = credential as IVerifiableCredential
|
|
155
|
-
const schemaValidationResult = await context.agent.cvVerifySchema({
|
|
156
|
-
credential,
|
|
157
|
-
hasher,
|
|
158
|
-
validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,
|
|
159
|
-
})
|
|
160
|
-
if (!schemaValidationResult.result) {
|
|
161
|
-
responseState.status = AuthorizationResponseStateStatus.ERROR
|
|
162
|
-
responseState.error = new Error(schemaValidationResult.error)
|
|
163
|
-
return responseState
|
|
164
|
-
}
|
|
165
141
|
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
142
|
+
const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
|
|
143
|
+
const claims = []
|
|
144
|
+
for (const [key, value] of Object.entries(vpToken)) {
|
|
145
|
+
const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
146
|
+
value as OriginalVerifiablePresentation,
|
|
147
|
+
//todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
148
|
+
hasher,
|
|
149
|
+
)
|
|
150
|
+
console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
|
|
151
|
+
|
|
152
|
+
const allClaims: AdditionalClaims = {}
|
|
153
|
+
for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
|
|
154
|
+
const vc = credential as IVerifiableCredential
|
|
155
|
+
const schemaValidationResult = await context.agent.cvVerifySchema({
|
|
156
|
+
credential,
|
|
157
|
+
hasher,
|
|
158
|
+
validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,
|
|
159
|
+
})
|
|
160
|
+
if (!schemaValidationResult.result) {
|
|
161
|
+
responseState.status = AuthorizationResponseStateStatus.ERROR
|
|
162
|
+
responseState.error = new Error(schemaValidationResult.error)
|
|
163
|
+
return responseState
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims
|
|
167
|
+
if (!('id' in allClaims)) {
|
|
168
|
+
allClaims['id'] = credentialSubject.id
|
|
169
|
+
}
|
|
170
|
+
|
|
171
|
+
Object.entries(credentialSubject).forEach(([key, value]) => {
|
|
172
|
+
if (!(key in allClaims)) {
|
|
173
|
+
allClaims[key] = value
|
|
169
174
|
}
|
|
175
|
+
})
|
|
176
|
+
|
|
177
|
+
claims.push({
|
|
178
|
+
id: key,
|
|
179
|
+
type: vc.type[0],
|
|
180
|
+
claims: allClaims
|
|
181
|
+
})
|
|
182
|
+
}
|
|
183
|
+
}
|
|
170
184
|
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
185
|
+
// const claimsPromises = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
|
|
186
|
+
// .map(async (presentation: OriginalVerifiablePresentation) => {
|
|
187
|
+
// const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
188
|
+
// presentation,
|
|
189
|
+
// //todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
190
|
+
// hasher,
|
|
191
|
+
// )
|
|
192
|
+
//
|
|
193
|
+
//
|
|
194
|
+
//
|
|
195
|
+
// return {
|
|
196
|
+
// id: presentationDecoded.id
|
|
197
|
+
// }
|
|
198
|
+
//
|
|
199
|
+
// })
|
|
200
|
+
|
|
201
|
+
// // todo this should also include mdl-mdoc
|
|
202
|
+
// const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
203
|
+
// responseState.response.payload.vp_token as OriginalVerifiablePresentation,
|
|
204
|
+
// //todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
205
|
+
// hasher,
|
|
206
|
+
// )
|
|
207
|
+
// console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
|
|
208
|
+
|
|
209
|
+
responseState.verifiedData = {
|
|
210
|
+
...(responseState.response.payload.vp_token && {
|
|
211
|
+
authorization_response: {
|
|
212
|
+
vp_token: typeof responseState.response.payload.vp_token === 'string' // TODO we might not need this string check
|
|
213
|
+
? JSON.parse(responseState.response.payload.vp_token)
|
|
214
|
+
: responseState.response.payload.vp_token
|
|
176
215
|
}
|
|
177
|
-
|
|
178
|
-
|
|
216
|
+
}),
|
|
217
|
+
|
|
218
|
+
credential_claims: claims//(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()
|
|
179
219
|
}
|
|
220
|
+
|
|
221
|
+
// switch (args.includeVerifiedData) {
|
|
222
|
+
// case VerifiedDataMode.VERIFIED_PRESENTATION:
|
|
223
|
+
// responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)
|
|
224
|
+
// break
|
|
225
|
+
// case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT
|
|
226
|
+
// const allClaims: AdditionalClaims = {}
|
|
227
|
+
// for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
|
|
228
|
+
// const vc = credential as IVerifiableCredential
|
|
229
|
+
// const schemaValidationResult = await context.agent.cvVerifySchema({
|
|
230
|
+
// credential,
|
|
231
|
+
// hasher,
|
|
232
|
+
// validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,
|
|
233
|
+
// })
|
|
234
|
+
// if (!schemaValidationResult.result) {
|
|
235
|
+
// responseState.status = AuthorizationResponseStateStatus.ERROR
|
|
236
|
+
// responseState.error = new Error(schemaValidationResult.error)
|
|
237
|
+
// return responseState
|
|
238
|
+
// }
|
|
239
|
+
//
|
|
240
|
+
// const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims
|
|
241
|
+
// if (!('id' in allClaims)) {
|
|
242
|
+
// allClaims['id'] = credentialSubject.id
|
|
243
|
+
// }
|
|
244
|
+
//
|
|
245
|
+
// Object.entries(credentialSubject).forEach(([key, value]) => {
|
|
246
|
+
// if (!(key in allClaims)) {
|
|
247
|
+
// allClaims[key] = value
|
|
248
|
+
// }
|
|
249
|
+
// })
|
|
250
|
+
// }
|
|
251
|
+
// responseState.verifiedData = allClaims
|
|
252
|
+
// break
|
|
253
|
+
// }
|
|
180
254
|
}
|
|
181
255
|
return responseState
|
|
182
256
|
}
|
|
@@ -187,7 +261,7 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
187
261
|
| IVerifiablePresentation
|
|
188
262
|
| SdJwtDecodedVerifiableCredential
|
|
189
263
|
| MdocOid4vpMdocVpToken
|
|
190
|
-
| MdocDeviceResponse
|
|
264
|
+
| MdocDeviceResponse
|
|
191
265
|
): AdditionalClaims | IPresentation =>
|
|
192
266
|
CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
|
|
193
267
|
? presentationDecoded.decodedPayload
|
package/src/types/ISIOPv2RP.ts
CHANGED
|
@@ -89,11 +89,11 @@ export interface IGetAuthResponseStateArgs {
|
|
|
89
89
|
queryId?: string
|
|
90
90
|
errorOnNotFound?: boolean
|
|
91
91
|
progressRequestStateTo?: AuthorizationRequestStateStatus
|
|
92
|
-
includeVerifiedData?: VerifiedDataMode
|
|
92
|
+
//includeVerifiedData?: VerifiedDataMode
|
|
93
93
|
}
|
|
94
94
|
|
|
95
95
|
export interface IUpdateRequestStateArgs {
|
|
96
|
-
queryId
|
|
96
|
+
queryId?: string
|
|
97
97
|
correlationId: string
|
|
98
98
|
state: AuthorizationRequestStateStatus
|
|
99
99
|
error?: string
|