@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.171 → 0.34.1-fix.223
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +93 -93
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +15 -27
- package/dist/index.d.ts +15 -27
- package/dist/index.js +94 -94
- package/dist/index.js.map +1 -1
- package/package.json +17 -17
- package/src/RPInstance.ts +7 -26
- package/src/agent/SIOPv2RP.ts +64 -45
- package/src/functions.ts +40 -44
- package/src/types/ISIOPv2RP.ts +9 -24
package/dist/index.cjs
CHANGED
|
@@ -22,7 +22,6 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
22
22
|
var index_exports = {};
|
|
23
23
|
__export(index_exports, {
|
|
24
24
|
SIOPv2RP: () => SIOPv2RP,
|
|
25
|
-
VerifiedDataMode: () => VerifiedDataMode,
|
|
26
25
|
schema: () => plugin_schema_default
|
|
27
26
|
});
|
|
28
27
|
module.exports = __toCommonJS(index_exports);
|
|
@@ -362,6 +361,7 @@ var plugin_schema_default = {
|
|
|
362
361
|
var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
|
|
363
362
|
var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
|
|
364
363
|
var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
|
|
364
|
+
var import_uuid2 = require("uuid");
|
|
365
365
|
var import_ssi_types2 = require("@sphereon/ssi-types");
|
|
366
366
|
var import_dcql = require("dcql");
|
|
367
367
|
|
|
@@ -377,7 +377,7 @@ function getRequestVersion(rpOptions) {
|
|
|
377
377
|
if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
|
|
378
378
|
return rpOptions.supportedVersions[0];
|
|
379
379
|
}
|
|
380
|
-
return import_did_auth_siop.SupportedVersion.
|
|
380
|
+
return import_did_auth_siop.SupportedVersion.OID4VP_v1;
|
|
381
381
|
}
|
|
382
382
|
__name(getRequestVersion, "getRequestVersion");
|
|
383
383
|
function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
|
|
@@ -392,6 +392,33 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
|
|
|
392
392
|
};
|
|
393
393
|
}
|
|
394
394
|
__name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
|
|
395
|
+
function getDcqlQueryLookupCallback(context) {
|
|
396
|
+
async function dcqlQueryLookup(queryId, version, tenantId) {
|
|
397
|
+
const result = await context.agent.pdmGetDefinitions({
|
|
398
|
+
filter: [
|
|
399
|
+
{
|
|
400
|
+
queryId,
|
|
401
|
+
...tenantId && {
|
|
402
|
+
tenantId
|
|
403
|
+
},
|
|
404
|
+
...version && {
|
|
405
|
+
version
|
|
406
|
+
}
|
|
407
|
+
},
|
|
408
|
+
{
|
|
409
|
+
id: queryId
|
|
410
|
+
}
|
|
411
|
+
]
|
|
412
|
+
});
|
|
413
|
+
if (result && result.length > 0) {
|
|
414
|
+
return result[0].query;
|
|
415
|
+
}
|
|
416
|
+
return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
|
|
417
|
+
}
|
|
418
|
+
__name(dcqlQueryLookup, "dcqlQueryLookup");
|
|
419
|
+
return dcqlQueryLookup;
|
|
420
|
+
}
|
|
421
|
+
__name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
|
|
395
422
|
function getPresentationVerificationCallback(idOpts, context) {
|
|
396
423
|
async function presentationVerificationCallback(args, presentationSubmission) {
|
|
397
424
|
if (import_ssi_types.CredentialMapper.isSdJwtEncoded(args)) {
|
|
@@ -431,27 +458,8 @@ function getPresentationVerificationCallback(idOpts, context) {
|
|
|
431
458
|
}
|
|
432
459
|
__name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
|
|
433
460
|
async function createRPBuilder(args) {
|
|
434
|
-
const { rpOpts,
|
|
461
|
+
const { rpOpts, context } = args;
|
|
435
462
|
const { identifierOpts } = rpOpts;
|
|
436
|
-
let definition = args.definition;
|
|
437
|
-
let dcqlQuery = args.dcql;
|
|
438
|
-
if (!definition && pexOpts && pexOpts.queryId) {
|
|
439
|
-
const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
|
|
440
|
-
filter: [
|
|
441
|
-
{
|
|
442
|
-
definitionId: pexOpts.queryId,
|
|
443
|
-
version: pexOpts.version,
|
|
444
|
-
tenantId: pexOpts.tenantId
|
|
445
|
-
}
|
|
446
|
-
]
|
|
447
|
-
});
|
|
448
|
-
if (presentationDefinitionItems.length > 0) {
|
|
449
|
-
const presentationDefinitionItem = presentationDefinitionItems[0];
|
|
450
|
-
if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
|
|
451
|
-
dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
|
|
452
|
-
}
|
|
453
|
-
}
|
|
454
|
-
}
|
|
455
463
|
const didMethods = identifierOpts.supportedDIDMethods ?? await (0, import_ssi_sdk_ext.getAgentDIDMethods)(context);
|
|
456
464
|
const eventEmitter = rpOpts.eventEmitter ?? new import_events.EventEmitter();
|
|
457
465
|
const defaultClientMetadata = {
|
|
@@ -506,16 +514,15 @@ async function createRPBuilder(args) {
|
|
|
506
514
|
const builder = import_did_auth_siop.RP.builder({
|
|
507
515
|
requestVersion: getRequestVersion(rpOpts)
|
|
508
516
|
}).withScope("openid", import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? import_did_auth_siop.ResponseMode.POST).withResponseType(import_did_auth_siop.ResponseType.VP_TOKEN, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
|
|
509
|
-
import_did_auth_siop.SupportedVersion.
|
|
510
|
-
import_did_auth_siop.SupportedVersion.
|
|
511
|
-
import_did_auth_siop.SupportedVersion.SIOPv2_D11
|
|
517
|
+
import_did_auth_siop.SupportedVersion.OID4VP_v1,
|
|
518
|
+
import_did_auth_siop.SupportedVersion.SIOPv2_OID4VP_D28
|
|
512
519
|
]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new import_did_auth_siop.InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
|
|
513
520
|
resolver,
|
|
514
521
|
verifyOpts: {
|
|
515
522
|
wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
|
|
516
523
|
checkLinkedDomain: "if_present"
|
|
517
524
|
}
|
|
518
|
-
}, context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
|
|
525
|
+
}, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
|
|
519
526
|
const oidfOpts = identifierOpts.oidfOpts;
|
|
520
527
|
if (oidfOpts && (0, import_ssi_sdk_ext2.isExternalIdentifierOIDFEntityIdOpts)(oidfOpts)) {
|
|
521
528
|
builder.withEntityId(oidfOpts.identifier, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
|
|
@@ -528,9 +535,6 @@ async function createRPBuilder(args) {
|
|
|
528
535
|
if (hasher) {
|
|
529
536
|
builder.withHasher(hasher);
|
|
530
537
|
}
|
|
531
|
-
if (dcqlQuery) {
|
|
532
|
-
builder.withDcqlQuery(dcqlQuery);
|
|
533
|
-
}
|
|
534
538
|
if (rpOpts.responseRedirectUri) {
|
|
535
539
|
builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
|
|
536
540
|
}
|
|
@@ -603,17 +607,16 @@ var RPInstance = class {
|
|
|
603
607
|
__name(this, "RPInstance");
|
|
604
608
|
}
|
|
605
609
|
_rp;
|
|
606
|
-
|
|
610
|
+
_presentationOptions;
|
|
607
611
|
_rpOptions;
|
|
608
612
|
constructor({ rpOpts, pexOpts }) {
|
|
609
613
|
this._rpOptions = rpOpts;
|
|
610
|
-
this.
|
|
614
|
+
this._presentationOptions = pexOpts;
|
|
611
615
|
}
|
|
612
616
|
async get(context) {
|
|
613
617
|
if (!this._rp) {
|
|
614
618
|
const builder = await createRPBuilder({
|
|
615
619
|
rpOpts: this._rpOptions,
|
|
616
|
-
pexOpts: this._pexOptions,
|
|
617
620
|
context
|
|
618
621
|
});
|
|
619
622
|
this._rp = builder.build();
|
|
@@ -623,20 +626,8 @@ var RPInstance = class {
|
|
|
623
626
|
get rpOptions() {
|
|
624
627
|
return this._rpOptions;
|
|
625
628
|
}
|
|
626
|
-
get
|
|
627
|
-
return this.
|
|
628
|
-
}
|
|
629
|
-
hasDefinition() {
|
|
630
|
-
return this.definitionId !== void 0;
|
|
631
|
-
}
|
|
632
|
-
get definitionId() {
|
|
633
|
-
return this.pexOptions?.queryId;
|
|
634
|
-
}
|
|
635
|
-
async getPresentationDefinition(context) {
|
|
636
|
-
return this.definitionId ? await context.agent.pexStoreGetDefinition({
|
|
637
|
-
definitionId: this.definitionId,
|
|
638
|
-
tenantId: this.pexOptions?.tenantId
|
|
639
|
-
}) : void 0;
|
|
629
|
+
get presentationOptions() {
|
|
630
|
+
return this._presentationOptions;
|
|
640
631
|
}
|
|
641
632
|
async createAuthorizationRequestURI(createArgs, context) {
|
|
642
633
|
const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
|
|
@@ -753,6 +744,7 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
753
744
|
}
|
|
754
745
|
async createAuthorizationRequestURI(createArgs, context) {
|
|
755
746
|
return await this.getRPInstance({
|
|
747
|
+
createWhenNotPresent: true,
|
|
756
748
|
responseRedirectURI: createArgs.responseRedirectURI,
|
|
757
749
|
...createArgs.useQueryIdInstance === true && {
|
|
758
750
|
queryId: createArgs.queryId
|
|
@@ -761,6 +753,7 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
761
753
|
}
|
|
762
754
|
async createAuthorizationRequestPayloads(createArgs, context) {
|
|
763
755
|
return await this.getRPInstance({
|
|
756
|
+
createWhenNotPresent: true,
|
|
764
757
|
queryId: createArgs.queryId
|
|
765
758
|
}, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
|
|
766
759
|
const authRequest = {
|
|
@@ -773,11 +766,13 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
773
766
|
}
|
|
774
767
|
async siopGetRequestState(args, context) {
|
|
775
768
|
return await this.getRPInstance({
|
|
769
|
+
createWhenNotPresent: false,
|
|
776
770
|
queryId: args.queryId
|
|
777
771
|
}, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
|
|
778
772
|
}
|
|
779
773
|
async siopGetResponseState(args, context) {
|
|
780
774
|
const rpInstance = await this.getRPInstance({
|
|
775
|
+
createWhenNotPresent: false,
|
|
781
776
|
queryId: args.queryId
|
|
782
777
|
}, context);
|
|
783
778
|
const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
|
|
@@ -791,8 +786,6 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
791
786
|
hasher = import_ssi_sdk2.shaHasher;
|
|
792
787
|
}
|
|
793
788
|
const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token);
|
|
794
|
-
const xx = import_dcql.DcqlPresentation.parse(vpToken);
|
|
795
|
-
console.log(`IS DCQL PRESENTATION: ${JSON.stringify(xx)}`);
|
|
796
789
|
const claims = [];
|
|
797
790
|
for (const [key, value] of Object.entries(vpToken)) {
|
|
798
791
|
const presentationDecoded = import_ssi_types2.CredentialMapper.decodeVerifiablePresentation(
|
|
@@ -860,6 +853,7 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
860
853
|
throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
|
|
861
854
|
}
|
|
862
855
|
return await this.getRPInstance({
|
|
856
|
+
createWhenNotPresent: false,
|
|
863
857
|
queryId: args.queryId
|
|
864
858
|
}, context).then((rp) => rp.get(context).then(async (rp2) => {
|
|
865
859
|
await rp2.signalAuthRequestRetrieved({
|
|
@@ -871,6 +865,7 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
871
865
|
}
|
|
872
866
|
async siopDeleteState(args, context) {
|
|
873
867
|
return await this.getRPInstance({
|
|
868
|
+
createWhenNotPresent: false,
|
|
874
869
|
queryId: args.queryId
|
|
875
870
|
}, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
|
|
876
871
|
}
|
|
@@ -880,42 +875,27 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
880
875
|
}
|
|
881
876
|
const authResponse = typeof args.authorizationResponse === "string" ? (0, import_did_auth_siop2.decodeUriAsJson)(args.authorizationResponse) : args.authorizationResponse;
|
|
882
877
|
return await this.getRPInstance({
|
|
878
|
+
createWhenNotPresent: false,
|
|
883
879
|
queryId: args.queryId
|
|
884
880
|
}, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
|
|
885
881
|
correlationId: args.correlationId,
|
|
886
|
-
...args.
|
|
887
|
-
dcqlQuery: args.
|
|
888
|
-
}
|
|
882
|
+
...args.dcqlQuery && {
|
|
883
|
+
dcqlQuery: args.dcqlQuery
|
|
884
|
+
},
|
|
889
885
|
audience: args.audience
|
|
890
886
|
})));
|
|
891
887
|
}
|
|
892
888
|
async siopImportDefinitions(args, context) {
|
|
893
|
-
const {
|
|
894
|
-
await Promise.all(
|
|
895
|
-
|
|
896
|
-
|
|
897
|
-
return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
|
|
898
|
-
}
|
|
899
|
-
let definitionId;
|
|
900
|
-
if (definitionPair.dcqlPayload) {
|
|
901
|
-
import_dcql.DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery);
|
|
902
|
-
console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`);
|
|
903
|
-
definitionId = definitionPair.dcqlPayload.queryId;
|
|
904
|
-
}
|
|
905
|
-
if (definitionPayload) {
|
|
906
|
-
await context.agent.pexValidateDefinition({
|
|
907
|
-
definition: definitionPayload
|
|
908
|
-
});
|
|
909
|
-
console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
|
|
910
|
-
definitionId = definitionPayload.id;
|
|
911
|
-
}
|
|
889
|
+
const { importItems, tenantId, version, versionControlMode } = args;
|
|
890
|
+
await Promise.all(importItems.map(async (importItem) => {
|
|
891
|
+
import_dcql.DcqlQuery.validate(importItem.query);
|
|
892
|
+
console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
|
|
912
893
|
return context.agent.pdmPersistDefinition({
|
|
913
894
|
definitionItem: {
|
|
914
|
-
|
|
895
|
+
queryId: importItem.queryId,
|
|
915
896
|
tenantId,
|
|
916
897
|
version,
|
|
917
|
-
|
|
918
|
-
dcqlPayload: definitionPair.dcqlPayload
|
|
898
|
+
query: importItem.query
|
|
919
899
|
},
|
|
920
900
|
opts: {
|
|
921
901
|
versionControlMode
|
|
@@ -940,9 +920,37 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
940
920
|
}
|
|
941
921
|
return void 0;
|
|
942
922
|
}
|
|
943
|
-
async getRPInstance({ queryId, responseRedirectURI }, context) {
|
|
944
|
-
|
|
945
|
-
|
|
923
|
+
async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
|
|
924
|
+
let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
|
|
925
|
+
let rpInstance;
|
|
926
|
+
if (queryId) {
|
|
927
|
+
if (this.instances.has(queryId)) {
|
|
928
|
+
rpInstanceId = queryId;
|
|
929
|
+
rpInstance = this.instances.get(rpInstanceId);
|
|
930
|
+
} else if ((0, import_uuid2.validate)(queryId)) {
|
|
931
|
+
try {
|
|
932
|
+
const pd = await context.agent.pdmGetDefinition({
|
|
933
|
+
itemId: queryId
|
|
934
|
+
});
|
|
935
|
+
if (this.instances.has(pd.queryId)) {
|
|
936
|
+
rpInstanceId = pd.queryId;
|
|
937
|
+
rpInstance = this.instances.get(rpInstanceId);
|
|
938
|
+
}
|
|
939
|
+
} catch (ignore) {
|
|
940
|
+
}
|
|
941
|
+
}
|
|
942
|
+
if (createWhenNotPresent) {
|
|
943
|
+
rpInstanceId = queryId;
|
|
944
|
+
} else {
|
|
945
|
+
rpInstance = this.instances.get(rpInstanceId);
|
|
946
|
+
}
|
|
947
|
+
} else {
|
|
948
|
+
rpInstance = this.instances.get(rpInstanceId);
|
|
949
|
+
}
|
|
950
|
+
if (!rpInstance) {
|
|
951
|
+
if (!createWhenNotPresent) {
|
|
952
|
+
return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
|
|
953
|
+
}
|
|
946
954
|
const instanceOpts = this.getInstanceOpts(queryId);
|
|
947
955
|
const rpOpts = await this.getRPOptions(context, {
|
|
948
956
|
queryId,
|
|
@@ -964,12 +972,12 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
964
972
|
resolverResolution: true
|
|
965
973
|
});
|
|
966
974
|
}
|
|
967
|
-
|
|
975
|
+
rpInstance = new RPInstance({
|
|
968
976
|
rpOpts,
|
|
969
977
|
pexOpts: instanceOpts
|
|
970
|
-
})
|
|
978
|
+
});
|
|
979
|
+
this.instances.set(rpInstanceId, rpInstance);
|
|
971
980
|
}
|
|
972
|
-
const rpInstance = this.instances.get(instanceId);
|
|
973
981
|
if (responseRedirectURI) {
|
|
974
982
|
rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
|
|
975
983
|
}
|
|
@@ -1011,32 +1019,24 @@ var SIOPv2RP = class _SIOPv2RP {
|
|
|
1011
1019
|
}
|
|
1012
1020
|
return options;
|
|
1013
1021
|
}
|
|
1014
|
-
getInstanceOpts(
|
|
1022
|
+
getInstanceOpts(queryId) {
|
|
1015
1023
|
if (!this.opts.instanceOpts) return void 0;
|
|
1016
|
-
const instanceOpt =
|
|
1017
|
-
return instanceOpt ?? this.getDefaultOptions(
|
|
1024
|
+
const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
|
|
1025
|
+
return instanceOpt ?? this.getDefaultOptions(queryId);
|
|
1018
1026
|
}
|
|
1019
|
-
getDefaultOptions(
|
|
1027
|
+
getDefaultOptions(queryId) {
|
|
1020
1028
|
if (!this.opts.instanceOpts) return void 0;
|
|
1021
1029
|
const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
|
|
1022
1030
|
if (defaultOptions) {
|
|
1023
1031
|
const clonedOptions = {
|
|
1024
1032
|
...defaultOptions
|
|
1025
1033
|
};
|
|
1026
|
-
if (
|
|
1027
|
-
clonedOptions.queryId =
|
|
1034
|
+
if (queryId !== void 0) {
|
|
1035
|
+
clonedOptions.queryId = queryId;
|
|
1028
1036
|
}
|
|
1029
1037
|
return clonedOptions;
|
|
1030
1038
|
}
|
|
1031
1039
|
return void 0;
|
|
1032
1040
|
}
|
|
1033
1041
|
};
|
|
1034
|
-
|
|
1035
|
-
// src/types/ISIOPv2RP.ts
|
|
1036
|
-
var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
|
|
1037
|
-
VerifiedDataMode2["NONE"] = "none";
|
|
1038
|
-
VerifiedDataMode2["VERIFIED_PRESENTATION"] = "vp";
|
|
1039
|
-
VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
|
|
1040
|
-
return VerifiedDataMode2;
|
|
1041
|
-
})({});
|
|
1042
1042
|
//# sourceMappingURL=index.cjs.map
|