npm - @sphereon/ssi-sdk.siopv2-oid4vp-rp-auth - Versions diffs - 0.34.1-fix.171 → 0.34.1-fix.182 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.171 → 0.34.1-fix.182

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -9,12 +9,13 @@ import { IIdentifierResolution, ManagedIdentifierOptsOrResult, ExternalIdentifie
 import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
 import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation';
 import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc';
-import { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
+import { IPDManager, ImportDcqlQueryItem, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
 import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange';
 import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
 import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common';
-import { DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types';
+import { HasherSync } from '@sphereon/ssi-types';
 import { VerifyCallback } from '@sphereon/wellknown-dids-client';
+import { DcqlQuery } from 'dcql';
 import { Resolvable } from 'did-resolver';
 import { EventEmitter } from 'events';
@@ -435,9 +436,10 @@ interface IGetAuthResponseStateArgs {
     queryId?: string;
     errorOnNotFound?: boolean;
     progressRequestStateTo?: AuthorizationRequestStateStatus;
+    includeVerifiedData?: VerifiedDataMode;
 }
 interface IUpdateRequestStateArgs {
-    queryId?: string;
+    queryId: string;
     correlationId: string;
     state: AuthorizationRequestStateStatus;
     error?: string;
@@ -451,14 +453,10 @@ interface IVerifyAuthResponseStateArgs {
     queryId?: string;
     correlationId: string;
     audience?: string;
-    dcqlQueryPayload?: DcqlQueryPayload;
-}
-interface IDefinitionPair {
-    definitionPayload?: IPresentationDefinition;
-    dcqlPayload?: DcqlQueryPayload;
+    dcqlQuery?: DcqlQuery;
 }
 interface ImportDefinitionsArgs {
-    queries: Array<IDefinitionPair>;
+    importItems: Array<ImportDcqlQueryItem>;
     tenantId?: string;
     version?: string;
     versionControlMode?: VersionControlMode;
@@ -897,4 +895,4 @@ declare class SIOPv2RP implements IAgentPlugin {
     private getDefaultOptions;
 }
-export { type CredentialOpts, type IAuthRequestDetails, type IAuthorizationRequestPayloads, type ICreateAuthRequestArgs, type IDefinitionPair, type IDeleteAuthStateArgs, type IGetAuthRequestStateArgs, type IGetAuthResponseStateArgs, type IGetRedirectUriArgs, type IPEXDefinitionPersistArgs, type IPEXInstanceOptions, type IPEXOptions, type IRPDefaultOpts, type IRPOptions, type IRequiredContext, type ISIOPIdentifierOptions, type ISIOPv2RP, type ISiopRPInstanceArgs, type ISiopv2RPOpts, type IUpdateRequestStateArgs, type IVerifyAuthResponseStateArgs, type ImportDefinitionsArgs, type PerDidResolver, SIOPv2RP, type VerificationPolicies, VerifiedDataMode, plugin_schema as schema };
+export { type CredentialOpts, type IAuthRequestDetails, type IAuthorizationRequestPayloads, type ICreateAuthRequestArgs, type IDeleteAuthStateArgs, type IGetAuthRequestStateArgs, type IGetAuthResponseStateArgs, type IGetRedirectUriArgs, type IPEXDefinitionPersistArgs, type IPEXInstanceOptions, type IPEXOptions, type IRPDefaultOpts, type IRPOptions, type IRequiredContext, type ISIOPIdentifierOptions, type ISIOPv2RP, type ISiopRPInstanceArgs, type ISiopv2RPOpts, type IUpdateRequestStateArgs, type IVerifyAuthResponseStateArgs, type ImportDefinitionsArgs, type PerDidResolver, SIOPv2RP, type VerificationPolicies, VerifiedDataMode, plugin_schema as schema };

package/dist/index.js CHANGED Viewed

@@ -337,7 +337,7 @@ import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did
 import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
 import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
 import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
-import { DcqlPresentation, DcqlQuery } from "dcql";
+import { DcqlQuery } from "dcql";
 // src/functions.ts
 import { ClientIdentifierPrefix, InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
@@ -413,7 +413,7 @@ async function createRPBuilder(args) {
     const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
       filter: [
         {
-          definitionId: pexOpts.queryId,
+          queryId: pexOpts.queryId,
           version: pexOpts.version,
           tenantId: pexOpts.tenantId
         }
@@ -759,26 +759,23 @@ var SIOPv2RP = class _SIOPv2RP {
       return void 0;
     }
     const responseState = authorizationResponseState;
-    if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {
+    if (responseState.status === AuthorizationResponseStateStatus.VERIFIED && args.includeVerifiedData && args.includeVerifiedData !== VerifiedDataMode.NONE) {
       let hasher;
       if (CredentialMapper2.isSdJwtEncoded(responseState.response.payload.vp_token) && (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== "function")) {
         hasher = defaultHasher2;
       }
-      const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token);
-      const xx = DcqlPresentation.parse(vpToken);
-      console.log(`IS DCQL PRESENTATION: ${JSON.stringify(xx)}`);
-      const claims = [];
-      for (const [key, value] of Object.entries(vpToken)) {
-        const presentationDecoded = CredentialMapper2.decodeVerifiablePresentation(
-          value,
-          //todo: later we want to conditionally pass in options for mdl-mdoc here
-          hasher
-        );
-        console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`);
-        const allClaims = {};
-        const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded);
-        if ("verifiableCredential" in presentationOrClaims) {
-          for (const credential of presentationOrClaims.verifiableCredential) {
+      const presentationDecoded = CredentialMapper2.decodeVerifiablePresentation(
+        responseState.response.payload.vp_token,
+        //todo: later we want to conditionally pass in options for mdl-mdoc here
+        hasher
+      );
+      switch (args.includeVerifiedData) {
+        case VerifiedDataMode.VERIFIED_PRESENTATION:
+          responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded);
+          break;
+        case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED:
+          const allClaims = {};
+          for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
             const vc = credential;
             const schemaValidationResult = await context.agent.cvVerifySchema({
               credential,
@@ -794,41 +791,19 @@ var SIOPv2RP = class _SIOPv2RP {
             if (!("id" in allClaims)) {
               allClaims["id"] = credentialSubject.id;
             }
-            Object.entries(credentialSubject).forEach(([key2, value2]) => {
-              if (!(key2 in allClaims)) {
-                allClaims[key2] = value2;
+            Object.entries(credentialSubject).forEach(([key, value]) => {
+              if (!(key in allClaims)) {
+                allClaims[key] = value;
               }
             });
-            claims.push({
-              id: key,
-              type: vc.type[0],
-              claims: allClaims
-            });
           }
-        } else {
-          claims.push({
-            id: key,
-            type: presentationDecoded.decodedPayload.vct,
-            claims: presentationOrClaims
-          });
-        }
+          responseState.verifiedData = allClaims;
+          break;
       }
-      responseState.verifiedData = {
-        ...responseState.response.payload.vp_token && {
-          authorization_response: {
-            vp_token: typeof responseState.response.payload.vp_token === "string" ? JSON.parse(responseState.response.payload.vp_token) : responseState.response.payload.vp_token
-          }
-        },
-        ...claims.length > 0 && {
-          credential_claims: claims
-        }
-      };
     }
     return responseState;
   }
-  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => {
-    return CredentialMapper2.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : CredentialMapper2.toUniformPresentation(presentationDecoded);
-  }, "presentationOrClaimsFrom");
+  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => CredentialMapper2.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : CredentialMapper2.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
   async siopUpdateRequestState(args, context) {
     if (args.state !== "authorization_request_created") {
       throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
@@ -857,39 +832,23 @@ var SIOPv2RP = class _SIOPv2RP {
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
       correlationId: args.correlationId,
-      ...args.dcqlQueryPayload ? {
-        dcqlQuery: args.dcqlQueryPayload.dcqlQuery
+      ...args.dcqlQuery ? {
+        dcqlQuery: args.dcqlQuery
       } : {},
       audience: args.audience
     })));
   }
   async siopImportDefinitions(args, context) {
-    const { queries, tenantId, version, versionControlMode } = args;
-    await Promise.all(queries.map(async (definitionPair) => {
-      const definitionPayload = definitionPair.definitionPayload;
-      if (!definitionPayload && !definitionPair.dcqlPayload) {
-        return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
-      }
-      let definitionId;
-      if (definitionPair.dcqlPayload) {
-        DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery);
-        console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`);
-        definitionId = definitionPair.dcqlPayload.queryId;
-      }
-      if (definitionPayload) {
-        await context.agent.pexValidateDefinition({
-          definition: definitionPayload
-        });
-        console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
-        definitionId = definitionPayload.id;
-      }
+    const { importItems, tenantId, version, versionControlMode } = args;
+    await Promise.all(importItems.map(async (importItem) => {
+      DcqlQuery.validate(importItem.query);
+      console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
       return context.agent.pdmPersistDefinition({
         definitionItem: {
-          definitionId,
+          queryId: importItem.queryId,
           tenantId,
           version,
-          definitionPayload,
-          dcqlPayload: definitionPair.dcqlPayload
+          query: importItem.query
         },
         opts: {
           versionControlMode