@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.170 → 0.34.1-fix.182
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +28 -66
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +8 -10
- package/dist/index.d.ts +8 -10
- package/dist/index.js +28 -66
- package/dist/index.js.map +1 -1
- package/package.json +17 -17
- package/src/agent/SIOPv2RP.ts +40 -136
- package/src/functions.ts +8 -11
- package/src/types/ISIOPv2RP.ts +7 -12
package/dist/index.d.cts
CHANGED
|
@@ -9,12 +9,13 @@ import { IIdentifierResolution, ManagedIdentifierOptsOrResult, ExternalIdentifie
|
|
|
9
9
|
import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
|
|
10
10
|
import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation';
|
|
11
11
|
import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc';
|
|
12
|
-
import { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
|
|
12
|
+
import { IPDManager, ImportDcqlQueryItem, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
|
|
13
13
|
import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange';
|
|
14
14
|
import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
|
|
15
15
|
import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common';
|
|
16
|
-
import {
|
|
16
|
+
import { HasherSync } from '@sphereon/ssi-types';
|
|
17
17
|
import { VerifyCallback } from '@sphereon/wellknown-dids-client';
|
|
18
|
+
import { DcqlQuery } from 'dcql';
|
|
18
19
|
import { Resolvable } from 'did-resolver';
|
|
19
20
|
import { EventEmitter } from 'events';
|
|
20
21
|
|
|
@@ -435,9 +436,10 @@ interface IGetAuthResponseStateArgs {
|
|
|
435
436
|
queryId?: string;
|
|
436
437
|
errorOnNotFound?: boolean;
|
|
437
438
|
progressRequestStateTo?: AuthorizationRequestStateStatus;
|
|
439
|
+
includeVerifiedData?: VerifiedDataMode;
|
|
438
440
|
}
|
|
439
441
|
interface IUpdateRequestStateArgs {
|
|
440
|
-
queryId
|
|
442
|
+
queryId: string;
|
|
441
443
|
correlationId: string;
|
|
442
444
|
state: AuthorizationRequestStateStatus;
|
|
443
445
|
error?: string;
|
|
@@ -451,14 +453,10 @@ interface IVerifyAuthResponseStateArgs {
|
|
|
451
453
|
queryId?: string;
|
|
452
454
|
correlationId: string;
|
|
453
455
|
audience?: string;
|
|
454
|
-
|
|
455
|
-
}
|
|
456
|
-
interface IDefinitionPair {
|
|
457
|
-
definitionPayload?: IPresentationDefinition;
|
|
458
|
-
dcqlPayload?: DcqlQueryPayload;
|
|
456
|
+
dcqlQuery?: DcqlQuery;
|
|
459
457
|
}
|
|
460
458
|
interface ImportDefinitionsArgs {
|
|
461
|
-
|
|
459
|
+
importItems: Array<ImportDcqlQueryItem>;
|
|
462
460
|
tenantId?: string;
|
|
463
461
|
version?: string;
|
|
464
462
|
versionControlMode?: VersionControlMode;
|
|
@@ -897,4 +895,4 @@ declare class SIOPv2RP implements IAgentPlugin {
|
|
|
897
895
|
private getDefaultOptions;
|
|
898
896
|
}
|
|
899
897
|
|
|
900
|
-
export { type CredentialOpts, type IAuthRequestDetails, type IAuthorizationRequestPayloads, type ICreateAuthRequestArgs, type
|
|
898
|
+
export { type CredentialOpts, type IAuthRequestDetails, type IAuthorizationRequestPayloads, type ICreateAuthRequestArgs, type IDeleteAuthStateArgs, type IGetAuthRequestStateArgs, type IGetAuthResponseStateArgs, type IGetRedirectUriArgs, type IPEXDefinitionPersistArgs, type IPEXInstanceOptions, type IPEXOptions, type IRPDefaultOpts, type IRPOptions, type IRequiredContext, type ISIOPIdentifierOptions, type ISIOPv2RP, type ISiopRPInstanceArgs, type ISiopv2RPOpts, type IUpdateRequestStateArgs, type IVerifyAuthResponseStateArgs, type ImportDefinitionsArgs, type PerDidResolver, SIOPv2RP, type VerificationPolicies, VerifiedDataMode, plugin_schema as schema };
|
package/dist/index.d.ts
CHANGED
|
@@ -9,12 +9,13 @@ import { IIdentifierResolution, ManagedIdentifierOptsOrResult, ExternalIdentifie
|
|
|
9
9
|
import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
|
|
10
10
|
import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation';
|
|
11
11
|
import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc';
|
|
12
|
-
import { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
|
|
12
|
+
import { IPDManager, ImportDcqlQueryItem, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
|
|
13
13
|
import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange';
|
|
14
14
|
import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
|
|
15
15
|
import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common';
|
|
16
|
-
import {
|
|
16
|
+
import { HasherSync } from '@sphereon/ssi-types';
|
|
17
17
|
import { VerifyCallback } from '@sphereon/wellknown-dids-client';
|
|
18
|
+
import { DcqlQuery } from 'dcql';
|
|
18
19
|
import { Resolvable } from 'did-resolver';
|
|
19
20
|
import { EventEmitter } from 'events';
|
|
20
21
|
|
|
@@ -435,9 +436,10 @@ interface IGetAuthResponseStateArgs {
|
|
|
435
436
|
queryId?: string;
|
|
436
437
|
errorOnNotFound?: boolean;
|
|
437
438
|
progressRequestStateTo?: AuthorizationRequestStateStatus;
|
|
439
|
+
includeVerifiedData?: VerifiedDataMode;
|
|
438
440
|
}
|
|
439
441
|
interface IUpdateRequestStateArgs {
|
|
440
|
-
queryId
|
|
442
|
+
queryId: string;
|
|
441
443
|
correlationId: string;
|
|
442
444
|
state: AuthorizationRequestStateStatus;
|
|
443
445
|
error?: string;
|
|
@@ -451,14 +453,10 @@ interface IVerifyAuthResponseStateArgs {
|
|
|
451
453
|
queryId?: string;
|
|
452
454
|
correlationId: string;
|
|
453
455
|
audience?: string;
|
|
454
|
-
|
|
455
|
-
}
|
|
456
|
-
interface IDefinitionPair {
|
|
457
|
-
definitionPayload?: IPresentationDefinition;
|
|
458
|
-
dcqlPayload?: DcqlQueryPayload;
|
|
456
|
+
dcqlQuery?: DcqlQuery;
|
|
459
457
|
}
|
|
460
458
|
interface ImportDefinitionsArgs {
|
|
461
|
-
|
|
459
|
+
importItems: Array<ImportDcqlQueryItem>;
|
|
462
460
|
tenantId?: string;
|
|
463
461
|
version?: string;
|
|
464
462
|
versionControlMode?: VersionControlMode;
|
|
@@ -897,4 +895,4 @@ declare class SIOPv2RP implements IAgentPlugin {
|
|
|
897
895
|
private getDefaultOptions;
|
|
898
896
|
}
|
|
899
897
|
|
|
900
|
-
export { type CredentialOpts, type IAuthRequestDetails, type IAuthorizationRequestPayloads, type ICreateAuthRequestArgs, type
|
|
898
|
+
export { type CredentialOpts, type IAuthRequestDetails, type IAuthorizationRequestPayloads, type ICreateAuthRequestArgs, type IDeleteAuthStateArgs, type IGetAuthRequestStateArgs, type IGetAuthResponseStateArgs, type IGetRedirectUriArgs, type IPEXDefinitionPersistArgs, type IPEXInstanceOptions, type IPEXOptions, type IRPDefaultOpts, type IRPOptions, type IRequiredContext, type ISIOPIdentifierOptions, type ISIOPv2RP, type ISiopRPInstanceArgs, type ISiopv2RPOpts, type IUpdateRequestStateArgs, type IVerifyAuthResponseStateArgs, type ImportDefinitionsArgs, type PerDidResolver, SIOPv2RP, type VerificationPolicies, VerifiedDataMode, plugin_schema as schema };
|
package/dist/index.js
CHANGED
|
@@ -413,7 +413,7 @@ async function createRPBuilder(args) {
|
|
|
413
413
|
const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
|
|
414
414
|
filter: [
|
|
415
415
|
{
|
|
416
|
-
|
|
416
|
+
queryId: pexOpts.queryId,
|
|
417
417
|
version: pexOpts.version,
|
|
418
418
|
tenantId: pexOpts.tenantId
|
|
419
419
|
}
|
|
@@ -759,24 +759,23 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
759
759
|
return void 0;
|
|
760
760
|
}
|
|
761
761
|
const responseState = authorizationResponseState;
|
|
762
|
-
if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {
|
|
762
|
+
if (responseState.status === AuthorizationResponseStateStatus.VERIFIED && args.includeVerifiedData && args.includeVerifiedData !== VerifiedDataMode.NONE) {
|
|
763
763
|
let hasher;
|
|
764
764
|
if (CredentialMapper2.isSdJwtEncoded(responseState.response.payload.vp_token) && (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== "function")) {
|
|
765
765
|
hasher = defaultHasher2;
|
|
766
766
|
}
|
|
767
|
-
const
|
|
768
|
-
|
|
769
|
-
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
774
|
-
|
|
775
|
-
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
for (const credential of presentationOrClaims.verifiableCredential) {
|
|
767
|
+
const presentationDecoded = CredentialMapper2.decodeVerifiablePresentation(
|
|
768
|
+
responseState.response.payload.vp_token,
|
|
769
|
+
//todo: later we want to conditionally pass in options for mdl-mdoc here
|
|
770
|
+
hasher
|
|
771
|
+
);
|
|
772
|
+
switch (args.includeVerifiedData) {
|
|
773
|
+
case VerifiedDataMode.VERIFIED_PRESENTATION:
|
|
774
|
+
responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded);
|
|
775
|
+
break;
|
|
776
|
+
case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED:
|
|
777
|
+
const allClaims = {};
|
|
778
|
+
for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
|
|
780
779
|
const vc = credential;
|
|
781
780
|
const schemaValidationResult = await context.agent.cvVerifySchema({
|
|
782
781
|
credential,
|
|
@@ -792,40 +791,19 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
792
791
|
if (!("id" in allClaims)) {
|
|
793
792
|
allClaims["id"] = credentialSubject.id;
|
|
794
793
|
}
|
|
795
|
-
Object.entries(credentialSubject).forEach(([
|
|
796
|
-
if (!(
|
|
797
|
-
allClaims[
|
|
794
|
+
Object.entries(credentialSubject).forEach(([key, value]) => {
|
|
795
|
+
if (!(key in allClaims)) {
|
|
796
|
+
allClaims[key] = value;
|
|
798
797
|
}
|
|
799
798
|
});
|
|
800
|
-
claims.push({
|
|
801
|
-
id: key,
|
|
802
|
-
type: vc.type[0],
|
|
803
|
-
claims: allClaims
|
|
804
|
-
});
|
|
805
799
|
}
|
|
806
|
-
|
|
807
|
-
|
|
808
|
-
id: key,
|
|
809
|
-
type: presentationDecoded.decodedPayload.vct,
|
|
810
|
-
claims: presentationOrClaims
|
|
811
|
-
});
|
|
812
|
-
}
|
|
800
|
+
responseState.verifiedData = allClaims;
|
|
801
|
+
break;
|
|
813
802
|
}
|
|
814
|
-
responseState.verifiedData = {
|
|
815
|
-
...responseState.response.payload.vp_token && {
|
|
816
|
-
authorization_response: {
|
|
817
|
-
vp_token: typeof responseState.response.payload.vp_token === "string" ? JSON.parse(responseState.response.payload.vp_token) : responseState.response.payload.vp_token
|
|
818
|
-
}
|
|
819
|
-
},
|
|
820
|
-
credential_claims: claims
|
|
821
|
-
//(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()
|
|
822
|
-
};
|
|
823
803
|
}
|
|
824
804
|
return responseState;
|
|
825
805
|
}
|
|
826
|
-
presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) =>
|
|
827
|
-
return CredentialMapper2.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : CredentialMapper2.toUniformPresentation(presentationDecoded);
|
|
828
|
-
}, "presentationOrClaimsFrom");
|
|
806
|
+
presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => CredentialMapper2.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : CredentialMapper2.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
|
|
829
807
|
async siopUpdateRequestState(args, context) {
|
|
830
808
|
if (args.state !== "authorization_request_created") {
|
|
831
809
|
throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
|
|
@@ -854,39 +832,23 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
854
832
|
queryId: args.queryId
|
|
855
833
|
}, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
|
|
856
834
|
correlationId: args.correlationId,
|
|
857
|
-
...args.
|
|
858
|
-
dcqlQuery: args.
|
|
835
|
+
...args.dcqlQuery ? {
|
|
836
|
+
dcqlQuery: args.dcqlQuery
|
|
859
837
|
} : {},
|
|
860
838
|
audience: args.audience
|
|
861
839
|
})));
|
|
862
840
|
}
|
|
863
841
|
async siopImportDefinitions(args, context) {
|
|
864
|
-
const {
|
|
865
|
-
await Promise.all(
|
|
866
|
-
|
|
867
|
-
|
|
868
|
-
return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
|
|
869
|
-
}
|
|
870
|
-
let definitionId;
|
|
871
|
-
if (definitionPair.dcqlPayload) {
|
|
872
|
-
DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery);
|
|
873
|
-
console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`);
|
|
874
|
-
definitionId = definitionPair.dcqlPayload.queryId;
|
|
875
|
-
}
|
|
876
|
-
if (definitionPayload) {
|
|
877
|
-
await context.agent.pexValidateDefinition({
|
|
878
|
-
definition: definitionPayload
|
|
879
|
-
});
|
|
880
|
-
console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
|
|
881
|
-
definitionId = definitionPayload.id;
|
|
882
|
-
}
|
|
842
|
+
const { importItems, tenantId, version, versionControlMode } = args;
|
|
843
|
+
await Promise.all(importItems.map(async (importItem) => {
|
|
844
|
+
DcqlQuery.validate(importItem.query);
|
|
845
|
+
console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
|
|
883
846
|
return context.agent.pdmPersistDefinition({
|
|
884
847
|
definitionItem: {
|
|
885
|
-
|
|
848
|
+
queryId: importItem.queryId,
|
|
886
849
|
tenantId,
|
|
887
850
|
version,
|
|
888
|
-
|
|
889
|
-
dcqlPayload: definitionPair.dcqlPayload
|
|
851
|
+
query: importItem.query
|
|
890
852
|
},
|
|
891
853
|
opts: {
|
|
892
854
|
versionControlMode
|