npm - @sphereon/ssi-sdk.siopv2-oid4vp-rp-auth - Versions diffs - 0.34.1-fix.170 → 0.34.1-fix.182 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.170 → 0.34.1-fix.182

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/src/agent/SIOPv2RP.ts CHANGED Viewed

@@ -4,20 +4,18 @@ import {
   AuthorizationResponseState,
   AuthorizationResponseStateStatus,
   AuthorizationResponseStateWithVerifiedData,
-  decodeUriAsJson, EncodedDcqlPresentationVpToken,
-  VerifiedAuthorizationResponse
+  decodeUriAsJson,
+  VerifiedAuthorizationResponse,
 } from '@sphereon/did-auth-siop'
 import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
 import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
+import type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'
 import {
   AdditionalClaims,
   CredentialMapper,
-  //decodeSdJwtVc,
   HasherSync,
   ICredentialSubject,
   IPresentation,
-  //IProofPurpose,
-  //IProofType,
   IVerifiableCredential,
   IVerifiablePresentation,
   JwtDecodedVerifiablePresentation,
@@ -25,7 +23,6 @@ import {
   MdocOid4vpMdocVpToken,
   OriginalVerifiablePresentation,
   SdJwtDecodedVerifiableCredential,
-  //sha256
 } from '@sphereon/ssi-types'
 import { IAgentPlugin } from '@veramo/core'
 import { DcqlQuery } from 'dcql'
@@ -44,11 +41,11 @@ import {
   ISiopv2RPOpts,
   IUpdateRequestStateArgs,
   IVerifyAuthResponseStateArgs,
-  schema
+  schema,
+  VerifiedDataMode,
 } from '../index'
 import { RPInstance } from '../RPInstance'
 import { ISIOPv2RP } from '../types/ISIOPv2RP'
-//import { jwtDecode } from 'jwt-decode'
 export class SIOPv2RP implements IAgentPlugin {
   private readonly opts: ISiopv2RPOpts
@@ -88,7 +85,10 @@ export class SIOPv2RP implements IAgentPlugin {
   }
   private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {
-    return await this.getRPInstance({ responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ) }, context)
+    return await this.getRPInstance(
+      { responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId }) },
+      context,
+    )
       .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))
       .then((URI) => URI.encodedUri)
   }
@@ -111,9 +111,7 @@ export class SIOPv2RP implements IAgentPlugin {
   private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {
     return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>
-      rp.get(context).then((rp) =>
-        rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)
-      ),
+      rp.get(context).then((rp) => rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)),
     )
   }
@@ -130,7 +128,11 @@ export class SIOPv2RP implements IAgentPlugin {
     }
     const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData
-    if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {
+    if (
+      responseState.status === AuthorizationResponseStateStatus.VERIFIED &&
+      args.includeVerifiedData &&
+      args.includeVerifiedData !== VerifiedDataMode.NONE
+    ) {
       let hasher: HasherSync | undefined
       if (
         CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&
@@ -138,21 +140,19 @@ export class SIOPv2RP implements IAgentPlugin {
       ) {
         hasher = defaultHasher
       }
-      const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
-      const claims = []
-      for (const [key, value] of Object.entries(vpToken)) {
-        const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
-          value as OriginalVerifiablePresentation,
-          //todo: later we want to conditionally pass in options for mdl-mdoc here
-          hasher,
-        )
-        console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
-        let allClaims: AdditionalClaims = {}
-        const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)
-        if ('verifiableCredential' in presentationOrClaims) {
-          for (const credential of presentationOrClaims.verifiableCredential) {
+      // todo this should also include mdl-mdoc
+      const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
+        responseState.response.payload.vp_token as OriginalVerifiablePresentation,
+        //todo: later we want to conditionally pass in options for mdl-mdoc here
+        hasher,
+      )
+      switch (args.includeVerifiedData) {
+        case VerifiedDataMode.VERIFIED_PRESENTATION:
+          responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)
+          break
+        case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT
+          const allClaims: AdditionalClaims = {}
+          for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
             const vc = credential as IVerifiableCredential
             const schemaValidationResult = await context.agent.cvVerifySchema({
               credential,
@@ -175,90 +175,10 @@ export class SIOPv2RP implements IAgentPlugin {
                 allClaims[key] = value
               }
             })
-            claims.push({
-              id: key,
-              type: vc.type[0],
-              claims: allClaims
-            })
-          }
-        } else {
-          claims.push({
-            id: key,
-            type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,
-            claims: presentationOrClaims
-          })
-        }
-      }
-      // const claimsPromises = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
-      //   .map(async (presentation: OriginalVerifiablePresentation) => {
-      //     const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
-      //       presentation,
-      //       //todo: later we want to conditionally pass in options for mdl-mdoc here
-      //       hasher,
-      //     )
-      //
-      //
-      //
-      //     return {
-      //       id: presentationDecoded.id
-      //     }
-      //
-      //   })
-      // // todo this should also include mdl-mdoc
-      // const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
-      //   responseState.response.payload.vp_token as OriginalVerifiablePresentation,
-      //   //todo: later we want to conditionally pass in options for mdl-mdoc here
-      //   hasher,
-      // )
-      // console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
-      responseState.verifiedData = {
-        ...(responseState.response.payload.vp_token && {
-          authorization_response: {
-            vp_token: typeof responseState.response.payload.vp_token === 'string' // TODO we might not need this string check
-                ? JSON.parse(responseState.response.payload.vp_token)
-                : responseState.response.payload.vp_token
           }
-        }),
-        credential_claims: claims//(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()
+          responseState.verifiedData = allClaims
+          break
       }
-      // switch (args.includeVerifiedData) {
-      //   case VerifiedDataMode.VERIFIED_PRESENTATION:
-      //     responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)
-      //     break
-      //   case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT
-      //     const allClaims: AdditionalClaims = {}
-      //     for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
-      //       const vc = credential as IVerifiableCredential
-      //       const schemaValidationResult = await context.agent.cvVerifySchema({
-      //         credential,
-      //         hasher,
-      //         validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,
-      //       })
-      //       if (!schemaValidationResult.result) {
-      //         responseState.status = AuthorizationResponseStateStatus.ERROR
-      //         responseState.error = new Error(schemaValidationResult.error)
-      //         return responseState
-      //       }
-      //
-      //       const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims
-      //       if (!('id' in allClaims)) {
-      //         allClaims['id'] = credentialSubject.id
-      //       }
-      //
-      //       Object.entries(credentialSubject).forEach(([key, value]) => {
-      //         if (!(key in allClaims)) {
-      //           allClaims[key] = value
-      //         }
-      //       })
-      //     }
-      //     responseState.verifiedData = allClaims
-      //     break
-      // }
     }
     return responseState
   }
@@ -269,12 +189,11 @@ export class SIOPv2RP implements IAgentPlugin {
       | IVerifiablePresentation
       | SdJwtDecodedVerifiableCredential
       | MdocOid4vpMdocVpToken
-      | MdocDeviceResponse
-  ): AdditionalClaims | IPresentation => {
-    return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
+      | MdocDeviceResponse,
+  ): AdditionalClaims | IPresentation =>
+    CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
       ? presentationDecoded.decodedPayload
       : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)
-  }
   private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {
     if (args.state !== 'authorization_request_created') {
@@ -311,7 +230,7 @@ export class SIOPv2RP implements IAgentPlugin {
       rp.get(context).then((rp) =>
         rp.verifyAuthorizationResponse(authResponse, {
           correlationId: args.correlationId,
-          ...(args.dcqlQueryPayload ? { dcqlQuery: args.dcqlQueryPayload.dcqlQuery } : {}),
+          ...(args.dcqlQuery ? { dcqlQuery: args.dcqlQuery } : {}),
           audience: args.audience,
         }),
       ),
@@ -319,33 +238,18 @@ export class SIOPv2RP implements IAgentPlugin {
   }
   private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {
-    const { queries, tenantId, version, versionControlMode } = args
+    const { importItems, tenantId, version, versionControlMode } = args
     await Promise.all(
-      queries.map(async (definitionPair) => {
-        const definitionPayload = definitionPair.definitionPayload
-        if (!definitionPayload && !definitionPair.dcqlPayload) {
-          return Promise.reject(Error('Either dcqlPayload or definitionPayload must be suppplied'))
-        }
-        let definitionId: string
-        if (definitionPair.dcqlPayload) {
-          DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery)
-          console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`)
-          definitionId = definitionPair.dcqlPayload.queryId
-        }
-        if (definitionPayload) {
-          await context.agent.pexValidateDefinition({ definition: definitionPayload })
-          console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)
-          definitionId = definitionPayload.id
-        }
+      importItems.map(async (importItem: ImportDcqlQueryItem) => {
+        DcqlQuery.validate(importItem.query)
+        console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)
         return context.agent.pdmPersistDefinition({
           definitionItem: {
-            definitionId: definitionId!,
+            queryId: importItem.queryId!,
             tenantId: tenantId,
             version: version,
-            definitionPayload,
-            dcqlPayload: definitionPair.dcqlPayload,
+            query: importItem.query,
           },
           opts: { versionControlMode: versionControlMode },
         })

package/src/functions.ts CHANGED Viewed

@@ -28,12 +28,7 @@ import {
 } from '@sphereon/ssi-sdk-ext.identifier-resolution'
 import { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'
 import { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'
-import {
-  CredentialMapper,
-  HasherSync,
-  OriginalVerifiableCredential,
-  PresentationSubmission
-} from '@sphereon/ssi-types'
+import { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'
 import { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'
 import { TKeyType } from '@veramo/core'
 import { JWTVerifyOptions } from 'did-jwt'
@@ -72,7 +67,7 @@ export function getPresentationVerificationCallback(
   ): Promise<PresentationVerificationResult> {
     if (CredentialMapper.isSdJwtEncoded(args)) {
       const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({
-        presentation: args
+        presentation: args,
       })
       // fixme: investigate the correct way to handle this
       return { verified: !!result.payload }
@@ -120,7 +115,7 @@ export async function createRPBuilder(args: {
     const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
       filter: [
         {
-          definitionId: pexOpts.queryId,
+          queryId: pexOpts.queryId,
           version: pexOpts.version,
           tenantId: pexOpts.tenantId,
         },
@@ -202,9 +197,11 @@ export async function createRPBuilder(args: {
     builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)
   } else {
     const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)
-    const clientId: string = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)
-    const clientIdPrefixed = prefixClientId(clientId)
-    builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)
+    const clientId: string = rpOpts.clientMetadataOpts?.client_id ??
+      resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)
+     const clientIdPrefixed = prefixClientId(clientId)
+    builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT
+    )
   }
   if (hasher) {

package/src/types/ISIOPv2RP.ts CHANGED Viewed

@@ -24,13 +24,14 @@ import { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdent
 import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'
 import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'
 import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'
-import { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'
+import { ImportDcqlQueryItem, IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'
 import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
 import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'
 import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
-import { DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types'
+import { HasherSync } from '@sphereon/ssi-types'
 import { VerifyCallback } from '@sphereon/wellknown-dids-client'
 import { IAgentContext, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'
+import { DcqlQuery } from 'dcql'
 import { Resolvable } from 'did-resolver'
 import { EventEmitter } from 'events'
@@ -89,11 +90,11 @@ export interface IGetAuthResponseStateArgs {
   queryId?: string
   errorOnNotFound?: boolean
   progressRequestStateTo?: AuthorizationRequestStateStatus
-  //includeVerifiedData?: VerifiedDataMode
+  includeVerifiedData?: VerifiedDataMode
 }
 export interface IUpdateRequestStateArgs {
-  queryId?: string
+  queryId: string
   correlationId: string
   state: AuthorizationRequestStateStatus
   error?: string
@@ -109,16 +110,10 @@ export interface IVerifyAuthResponseStateArgs {
   queryId?: string
   correlationId: string
   audience?: string
-  dcqlQueryPayload?: DcqlQueryPayload
+  dcqlQuery?: DcqlQuery
 }
-export interface IDefinitionPair {
-  definitionPayload?: IPresentationDefinition
-  dcqlPayload?: DcqlQueryPayload
-}
 export interface ImportDefinitionsArgs {
-  queries: Array<IDefinitionPair>
+  importItems: Array<ImportDcqlQueryItem>
   tenantId?: string
   version?: string
   versionControlMode?: VersionControlMode