@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.167 → 0.34.1-fix.170
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +51 -20
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.js +52 -23
- package/dist/index.js.map +1 -1
- package/package.json +14 -14
- package/src/agent/SIOPv2RP.ts +107 -41
package/src/agent/SIOPv2RP.ts
CHANGED
|
@@ -4,24 +4,28 @@ import {
|
|
|
4
4
|
AuthorizationResponseState,
|
|
5
5
|
AuthorizationResponseStateStatus,
|
|
6
6
|
AuthorizationResponseStateWithVerifiedData,
|
|
7
|
-
decodeUriAsJson,
|
|
7
|
+
decodeUriAsJson, EncodedDcqlPresentationVpToken,
|
|
8
8
|
VerifiedAuthorizationResponse
|
|
9
9
|
} from '@sphereon/did-auth-siop'
|
|
10
10
|
import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
|
|
11
11
|
import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
12
12
|
import {
|
|
13
|
-
|
|
13
|
+
AdditionalClaims,
|
|
14
14
|
CredentialMapper,
|
|
15
|
+
//decodeSdJwtVc,
|
|
15
16
|
HasherSync,
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
//
|
|
19
|
-
//
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
17
|
+
ICredentialSubject,
|
|
18
|
+
IPresentation,
|
|
19
|
+
//IProofPurpose,
|
|
20
|
+
//IProofType,
|
|
21
|
+
IVerifiableCredential,
|
|
22
|
+
IVerifiablePresentation,
|
|
23
|
+
JwtDecodedVerifiablePresentation,
|
|
24
|
+
MdocDeviceResponse,
|
|
25
|
+
MdocOid4vpMdocVpToken,
|
|
23
26
|
OriginalVerifiablePresentation,
|
|
24
|
-
|
|
27
|
+
SdJwtDecodedVerifiableCredential,
|
|
28
|
+
//sha256
|
|
25
29
|
} from '@sphereon/ssi-types'
|
|
26
30
|
import { IAgentPlugin } from '@veramo/core'
|
|
27
31
|
import { DcqlQuery } from 'dcql'
|
|
@@ -40,11 +44,11 @@ import {
|
|
|
40
44
|
ISiopv2RPOpts,
|
|
41
45
|
IUpdateRequestStateArgs,
|
|
42
46
|
IVerifyAuthResponseStateArgs,
|
|
43
|
-
schema
|
|
44
|
-
// VerifiedDataMode,
|
|
47
|
+
schema
|
|
45
48
|
} from '../index'
|
|
46
49
|
import { RPInstance } from '../RPInstance'
|
|
47
50
|
import { ISIOPv2RP } from '../types/ISIOPv2RP'
|
|
51
|
+
//import { jwtDecode } from 'jwt-decode'
|
|
48
52
|
|
|
49
53
|
export class SIOPv2RP implements IAgentPlugin {
|
|
50
54
|
private readonly opts: ISiopv2RPOpts
|
|
@@ -126,12 +130,7 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
126
130
|
}
|
|
127
131
|
|
|
128
132
|
const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData
|
|
129
|
-
if (responseState.status === AuthorizationResponseStateStatus.VERIFIED
|
|
130
|
-
|
|
131
|
-
//&&
|
|
132
|
-
// args.includeVerifiedData &&
|
|
133
|
-
// args.includeVerifiedData !== VerifiedDataMode.NONE
|
|
134
|
-
) {
|
|
133
|
+
if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {
|
|
135
134
|
let hasher: HasherSync | undefined
|
|
136
135
|
if (
|
|
137
136
|
CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&
|
|
@@ -139,25 +138,92 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
139
138
|
) {
|
|
140
139
|
hasher = defaultHasher
|
|
141
140
|
}
|
|
142
|
-
|
|
143
|
-
const
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
141
|
+
|
|
142
|
+
const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
|
|
143
|
+
const claims = []
|
|
144
|
+
for (const [key, value] of Object.entries(vpToken)) {
|
|
145
|
+
const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
146
|
+
value as OriginalVerifiablePresentation,
|
|
147
|
+
//todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
148
|
+
hasher,
|
|
149
|
+
)
|
|
150
|
+
console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
|
|
151
|
+
|
|
152
|
+
let allClaims: AdditionalClaims = {}
|
|
153
|
+
const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)
|
|
154
|
+
if ('verifiableCredential' in presentationOrClaims) {
|
|
155
|
+
for (const credential of presentationOrClaims.verifiableCredential) {
|
|
156
|
+
const vc = credential as IVerifiableCredential
|
|
157
|
+
const schemaValidationResult = await context.agent.cvVerifySchema({
|
|
158
|
+
credential,
|
|
159
|
+
hasher,
|
|
160
|
+
validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,
|
|
161
|
+
})
|
|
162
|
+
if (!schemaValidationResult.result) {
|
|
163
|
+
responseState.status = AuthorizationResponseStateStatus.ERROR
|
|
164
|
+
responseState.error = new Error(schemaValidationResult.error)
|
|
165
|
+
return responseState
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims
|
|
169
|
+
if (!('id' in allClaims)) {
|
|
170
|
+
allClaims['id'] = credentialSubject.id
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
Object.entries(credentialSubject).forEach(([key, value]) => {
|
|
174
|
+
if (!(key in allClaims)) {
|
|
175
|
+
allClaims[key] = value
|
|
176
|
+
}
|
|
177
|
+
})
|
|
178
|
+
|
|
179
|
+
claims.push({
|
|
180
|
+
id: key,
|
|
181
|
+
type: vc.type[0],
|
|
182
|
+
claims: allClaims
|
|
183
|
+
})
|
|
184
|
+
}
|
|
185
|
+
} else {
|
|
186
|
+
claims.push({
|
|
187
|
+
id: key,
|
|
188
|
+
type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,
|
|
189
|
+
claims: presentationOrClaims
|
|
190
|
+
})
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
|
|
194
|
+
// const claimsPromises = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
|
|
195
|
+
// .map(async (presentation: OriginalVerifiablePresentation) => {
|
|
196
|
+
// const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
197
|
+
// presentation,
|
|
198
|
+
// //todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
199
|
+
// hasher,
|
|
200
|
+
// )
|
|
201
|
+
//
|
|
202
|
+
//
|
|
203
|
+
//
|
|
204
|
+
// return {
|
|
205
|
+
// id: presentationDecoded.id
|
|
206
|
+
// }
|
|
207
|
+
//
|
|
208
|
+
// })
|
|
209
|
+
|
|
210
|
+
// // todo this should also include mdl-mdoc
|
|
211
|
+
// const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
212
|
+
// responseState.response.payload.vp_token as OriginalVerifiablePresentation,
|
|
213
|
+
// //todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
214
|
+
// hasher,
|
|
215
|
+
// )
|
|
216
|
+
// console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
|
|
149
217
|
|
|
150
218
|
responseState.verifiedData = {
|
|
151
219
|
...(responseState.response.payload.vp_token && {
|
|
152
220
|
authorization_response: {
|
|
153
|
-
vp_token: typeof responseState.response.payload.vp_token === 'string'
|
|
221
|
+
vp_token: typeof responseState.response.payload.vp_token === 'string' // TODO we might not need this string check
|
|
154
222
|
? JSON.parse(responseState.response.payload.vp_token)
|
|
155
223
|
: responseState.response.payload.vp_token
|
|
156
224
|
}
|
|
157
225
|
}),
|
|
158
|
-
|
|
159
|
-
// TODO use ??
|
|
160
|
-
credential_claims: []//(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()
|
|
226
|
+
credential_claims: claims//(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()
|
|
161
227
|
}
|
|
162
228
|
|
|
163
229
|
// switch (args.includeVerifiedData) {
|
|
@@ -197,18 +263,18 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
197
263
|
return responseState
|
|
198
264
|
}
|
|
199
265
|
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
266
|
+
private presentationOrClaimsFrom = (
|
|
267
|
+
presentationDecoded:
|
|
268
|
+
| JwtDecodedVerifiablePresentation
|
|
269
|
+
| IVerifiablePresentation
|
|
270
|
+
| SdJwtDecodedVerifiableCredential
|
|
271
|
+
| MdocOid4vpMdocVpToken
|
|
272
|
+
| MdocDeviceResponse
|
|
273
|
+
): AdditionalClaims | IPresentation => {
|
|
274
|
+
return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
|
|
275
|
+
? presentationDecoded.decodedPayload
|
|
276
|
+
: CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)
|
|
277
|
+
}
|
|
212
278
|
|
|
213
279
|
private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {
|
|
214
280
|
if (args.state !== 'authorization_request_created') {
|