@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.169 → 0.34.1-fix.171
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +39 -25
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +40 -26
- package/dist/index.js.map +1 -1
- package/package.json +14 -14
- package/src/agent/SIOPv2RP.ts +46 -94
package/src/agent/SIOPv2RP.ts
CHANGED
|
@@ -4,7 +4,8 @@ import {
|
|
|
4
4
|
AuthorizationResponseState,
|
|
5
5
|
AuthorizationResponseStateStatus,
|
|
6
6
|
AuthorizationResponseStateWithVerifiedData,
|
|
7
|
-
decodeUriAsJson,
|
|
7
|
+
decodeUriAsJson,
|
|
8
|
+
EncodedDcqlPresentationVpToken,
|
|
8
9
|
VerifiedAuthorizationResponse
|
|
9
10
|
} from '@sphereon/did-auth-siop'
|
|
10
11
|
import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
|
|
@@ -12,23 +13,19 @@ import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
|
12
13
|
import {
|
|
13
14
|
AdditionalClaims,
|
|
14
15
|
CredentialMapper,
|
|
15
|
-
//decodeSdJwtVc,
|
|
16
16
|
HasherSync,
|
|
17
17
|
ICredentialSubject,
|
|
18
18
|
IPresentation,
|
|
19
|
-
//IProofPurpose,
|
|
20
|
-
//IProofType,
|
|
21
19
|
IVerifiableCredential,
|
|
22
20
|
IVerifiablePresentation,
|
|
23
21
|
JwtDecodedVerifiablePresentation,
|
|
24
22
|
MdocDeviceResponse,
|
|
25
23
|
MdocOid4vpMdocVpToken,
|
|
26
24
|
OriginalVerifiablePresentation,
|
|
27
|
-
SdJwtDecodedVerifiableCredential
|
|
28
|
-
//sha256
|
|
25
|
+
SdJwtDecodedVerifiableCredential
|
|
29
26
|
} from '@sphereon/ssi-types'
|
|
30
27
|
import { IAgentPlugin } from '@veramo/core'
|
|
31
|
-
import { DcqlQuery } from 'dcql'
|
|
28
|
+
import { DcqlPresentation, DcqlQuery } from 'dcql'
|
|
32
29
|
import {
|
|
33
30
|
IAuthorizationRequestPayloads,
|
|
34
31
|
ICreateAuthRequestArgs,
|
|
@@ -48,7 +45,6 @@ import {
|
|
|
48
45
|
} from '../index'
|
|
49
46
|
import { RPInstance } from '../RPInstance'
|
|
50
47
|
import { ISIOPv2RP } from '../types/ISIOPv2RP'
|
|
51
|
-
//import { jwtDecode } from 'jwt-decode'
|
|
52
48
|
|
|
53
49
|
export class SIOPv2RP implements IAgentPlugin {
|
|
54
50
|
private readonly opts: ISiopv2RPOpts
|
|
@@ -139,9 +135,13 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
139
135
|
hasher = defaultHasher
|
|
140
136
|
}
|
|
141
137
|
|
|
138
|
+
|
|
142
139
|
const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
|
|
140
|
+
const xx = DcqlPresentation.parse(vpToken)
|
|
141
|
+
console.log(`IS DCQL PRESENTATION: ${JSON.stringify(xx)}`)
|
|
143
142
|
const claims = []
|
|
144
143
|
for (const [key, value] of Object.entries(vpToken)) {
|
|
144
|
+
// todo this should also include mdl-mdoc
|
|
145
145
|
const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
146
146
|
value as OriginalVerifiablePresentation,
|
|
147
147
|
//todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
@@ -150,108 +150,59 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
150
150
|
console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
|
|
151
151
|
|
|
152
152
|
const allClaims: AdditionalClaims = {}
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
const
|
|
156
|
-
credential
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
if (!('id' in allClaims)) {
|
|
168
|
-
allClaims['id'] = credentialSubject.id
|
|
169
|
-
}
|
|
153
|
+
const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)
|
|
154
|
+
if ('verifiableCredential' in presentationOrClaims) {
|
|
155
|
+
for (const credential of presentationOrClaims.verifiableCredential) {
|
|
156
|
+
const vc = credential as IVerifiableCredential
|
|
157
|
+
const schemaValidationResult = await context.agent.cvVerifySchema({
|
|
158
|
+
credential,
|
|
159
|
+
hasher,
|
|
160
|
+
validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,
|
|
161
|
+
})
|
|
162
|
+
if (!schemaValidationResult.result) {
|
|
163
|
+
responseState.status = AuthorizationResponseStateStatus.ERROR
|
|
164
|
+
responseState.error = new Error(schemaValidationResult.error)
|
|
165
|
+
return responseState
|
|
166
|
+
}
|
|
170
167
|
|
|
171
|
-
|
|
172
|
-
if (!(
|
|
173
|
-
allClaims[
|
|
168
|
+
const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims
|
|
169
|
+
if (!('id' in allClaims)) {
|
|
170
|
+
allClaims['id'] = credentialSubject.id
|
|
174
171
|
}
|
|
175
|
-
})
|
|
176
172
|
|
|
173
|
+
Object.entries(credentialSubject).forEach(([key, value]) => {
|
|
174
|
+
if (!(key in allClaims)) {
|
|
175
|
+
allClaims[key] = value
|
|
176
|
+
}
|
|
177
|
+
})
|
|
178
|
+
|
|
179
|
+
claims.push({
|
|
180
|
+
id: key,
|
|
181
|
+
type: vc.type[0],
|
|
182
|
+
claims: allClaims
|
|
183
|
+
})
|
|
184
|
+
}
|
|
185
|
+
} else {
|
|
177
186
|
claims.push({
|
|
178
187
|
id: key,
|
|
179
|
-
type:
|
|
180
|
-
claims:
|
|
188
|
+
type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,
|
|
189
|
+
claims: presentationOrClaims
|
|
181
190
|
})
|
|
182
191
|
}
|
|
183
192
|
}
|
|
184
193
|
|
|
185
|
-
// const claimsPromises = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
|
|
186
|
-
// .map(async (presentation: OriginalVerifiablePresentation) => {
|
|
187
|
-
// const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
188
|
-
// presentation,
|
|
189
|
-
// //todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
190
|
-
// hasher,
|
|
191
|
-
// )
|
|
192
|
-
//
|
|
193
|
-
//
|
|
194
|
-
//
|
|
195
|
-
// return {
|
|
196
|
-
// id: presentationDecoded.id
|
|
197
|
-
// }
|
|
198
|
-
//
|
|
199
|
-
// })
|
|
200
|
-
|
|
201
|
-
// // todo this should also include mdl-mdoc
|
|
202
|
-
// const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
|
|
203
|
-
// responseState.response.payload.vp_token as OriginalVerifiablePresentation,
|
|
204
|
-
// //todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
205
|
-
// hasher,
|
|
206
|
-
// )
|
|
207
|
-
// console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
|
|
208
|
-
|
|
209
194
|
responseState.verifiedData = {
|
|
210
195
|
...(responseState.response.payload.vp_token && {
|
|
211
196
|
authorization_response: {
|
|
212
|
-
vp_token: typeof responseState.response.payload.vp_token === 'string'
|
|
197
|
+
vp_token: typeof responseState.response.payload.vp_token === 'string'
|
|
213
198
|
? JSON.parse(responseState.response.payload.vp_token)
|
|
214
199
|
: responseState.response.payload.vp_token
|
|
215
200
|
}
|
|
216
201
|
}),
|
|
217
|
-
|
|
218
|
-
credential_claims: claims//(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()
|
|
202
|
+
...(claims.length > 0 && { credential_claims: claims })
|
|
219
203
|
}
|
|
220
|
-
|
|
221
|
-
// switch (args.includeVerifiedData) {
|
|
222
|
-
// case VerifiedDataMode.VERIFIED_PRESENTATION:
|
|
223
|
-
// responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)
|
|
224
|
-
// break
|
|
225
|
-
// case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT
|
|
226
|
-
// const allClaims: AdditionalClaims = {}
|
|
227
|
-
// for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
|
|
228
|
-
// const vc = credential as IVerifiableCredential
|
|
229
|
-
// const schemaValidationResult = await context.agent.cvVerifySchema({
|
|
230
|
-
// credential,
|
|
231
|
-
// hasher,
|
|
232
|
-
// validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,
|
|
233
|
-
// })
|
|
234
|
-
// if (!schemaValidationResult.result) {
|
|
235
|
-
// responseState.status = AuthorizationResponseStateStatus.ERROR
|
|
236
|
-
// responseState.error = new Error(schemaValidationResult.error)
|
|
237
|
-
// return responseState
|
|
238
|
-
// }
|
|
239
|
-
//
|
|
240
|
-
// const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims
|
|
241
|
-
// if (!('id' in allClaims)) {
|
|
242
|
-
// allClaims['id'] = credentialSubject.id
|
|
243
|
-
// }
|
|
244
|
-
//
|
|
245
|
-
// Object.entries(credentialSubject).forEach(([key, value]) => {
|
|
246
|
-
// if (!(key in allClaims)) {
|
|
247
|
-
// allClaims[key] = value
|
|
248
|
-
// }
|
|
249
|
-
// })
|
|
250
|
-
// }
|
|
251
|
-
// responseState.verifiedData = allClaims
|
|
252
|
-
// break
|
|
253
|
-
// }
|
|
254
204
|
}
|
|
205
|
+
|
|
255
206
|
return responseState
|
|
256
207
|
}
|
|
257
208
|
|
|
@@ -262,10 +213,11 @@ export class SIOPv2RP implements IAgentPlugin {
|
|
|
262
213
|
| SdJwtDecodedVerifiableCredential
|
|
263
214
|
| MdocOid4vpMdocVpToken
|
|
264
215
|
| MdocDeviceResponse
|
|
265
|
-
): AdditionalClaims | IPresentation =>
|
|
266
|
-
CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
|
|
216
|
+
): AdditionalClaims | IPresentation => {
|
|
217
|
+
return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
|
|
267
218
|
? presentationDecoded.decodedPayload
|
|
268
219
|
: CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)
|
|
220
|
+
}
|
|
269
221
|
|
|
270
222
|
private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {
|
|
271
223
|
if (args.state !== 'authorization_request_created') {
|