@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.171 → 0.34.1-fix.223

package/dist/index.d.ts

@@ -9,12 +9,13 @@ import { IIdentifierResolution, ManagedIdentifierOptsOrResult, ExternalIdentifie
 import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
 import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation';
 import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc';
-import { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
+import { IPDManager, ImportDcqlQueryItem, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager';
 import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange';
 import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
 import { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common';
-import { DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types';
+import { HasherSync } from '@sphereon/ssi-types';
 import { VerifyCallback } from '@sphereon/wellknown-dids-client';
+import { DcqlQuery } from 'dcql';
 import { Resolvable } from 'did-resolver';
 import { EventEmitter } from 'events';
 
@@ -389,11 +390,6 @@ var plugin_schema = {
 	IDidAuthSiopOpAuthenticator: IDidAuthSiopOpAuthenticator
 };
 
-declare enum VerifiedDataMode {
-    NONE = "none",
-    VERIFIED_PRESENTATION = "vp",
-    CREDENTIAL_SUBJECT_FLATTENED = "cs-flat"
-}
 interface ISIOPv2RP extends IPluginMethodMap {
     siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>;
     siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>;
@@ -451,14 +447,10 @@ interface IVerifyAuthResponseStateArgs {
     queryId?: string;
     correlationId: string;
     audience?: string;
-    dcqlQueryPayload?: DcqlQueryPayload;
-}
-interface IDefinitionPair {
-    definitionPayload?: IPresentationDefinition;
-    dcqlPayload?: DcqlQueryPayload;
+    dcqlQuery?: DcqlQuery;
 }
 interface ImportDefinitionsArgs {
-    queries: Array<IDefinitionPair>;
+    importItems: Array<ImportDcqlQueryItem>;
     tenantId?: string;
     version?: string;
     versionControlMode?: VersionControlMode;
@@ -478,10 +470,11 @@ interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {
     ttl?: number;
 }
 interface ISiopRPInstanceArgs {
+    createWhenNotPresent: boolean;
     queryId?: string;
     responseRedirectURI?: string;
 }
-interface IPEXInstanceOptions extends IPEXOptions {
+interface IPEXInstanceOptions extends IPresentationOptions {
     rpOpts?: IRPOptions;
 }
 interface IRPOptions {
@@ -497,11 +490,9 @@ interface IRPOptions {
     verifyJwtCallback?: VerifyJwtCallback;
     responseRedirectUri?: string;
 }
-interface IPEXOptions {
-    presentationVerifyCallback?: PresentationVerificationCallback;
+interface IPresentationOptions {
     queryId: string;
-    version?: string;
-    tenantId?: string;
+    presentationVerifyCallback?: PresentationVerificationCallback;
 }
 type VerificationPolicies = {
     schemaValidation: SchemaValidation;
@@ -528,18 +519,15 @@ type IRequiredContext = IAgentContext<IResolver & IDIDManager & IKeyManager & II
 
 declare class RPInstance {
     private _rp;
-    private readonly _pexOptions;
+    private readonly _presentationOptions;
     private readonly _rpOptions;
     constructor({ rpOpts, pexOpts }: {
         rpOpts: IRPOptions;
-        pexOpts?: IPEXOptions;
+        pexOpts?: IPresentationOptions;
     });
     get(context: IRequiredContext): Promise<RP>;
     get rpOptions(): IRPOptions;
-    get pexOptions(): IPEXOptions | undefined;
-    hasDefinition(): boolean;
-    get definitionId(): string | undefined;
-    getPresentationDefinition(context: IRequiredContext): Promise<IPresentationDefinition | undefined>;
+    get presentationOptions(): IPresentationOptions | undefined;
     createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI>;
     createAuthorizationRequest(createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>, context: IRequiredContext): Promise<AuthorizationRequest>;
 }
@@ -888,13 +876,13 @@ declare class SIOPv2RP implements IAgentPlugin {
     private siopVerifyAuthResponse;
     private siopImportDefinitions;
     private siopGetRedirectURI;
-    getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance>;
+    getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance>;
     getRPOptions(context: IRequiredContext, opts: {
         queryId?: string;
         responseRedirectURI?: string;
     }): Promise<IRPOptions>;
-    getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined;
+    getInstanceOpts(queryId?: string): IPEXInstanceOptions | undefined;
     private getDefaultOptions;
 }
 
-export { type CredentialOpts, type IAuthRequestDetails, type IAuthorizationRequestPayloads, type ICreateAuthRequestArgs, type IDefinitionPair, type IDeleteAuthStateArgs, type IGetAuthRequestStateArgs, type IGetAuthResponseStateArgs, type IGetRedirectUriArgs, type IPEXDefinitionPersistArgs, type IPEXInstanceOptions, type IPEXOptions, type IRPDefaultOpts, type IRPOptions, type IRequiredContext, type ISIOPIdentifierOptions, type ISIOPv2RP, type ISiopRPInstanceArgs, type ISiopv2RPOpts, type IUpdateRequestStateArgs, type IVerifyAuthResponseStateArgs, type ImportDefinitionsArgs, type PerDidResolver, SIOPv2RP, type VerificationPolicies, VerifiedDataMode, plugin_schema as schema };
+export { type CredentialOpts, type IAuthRequestDetails, type IAuthorizationRequestPayloads, type ICreateAuthRequestArgs, type IDeleteAuthStateArgs, type IGetAuthRequestStateArgs, type IGetAuthResponseStateArgs, type IGetRedirectUriArgs, type IPEXDefinitionPersistArgs, type IPEXInstanceOptions, type IPresentationOptions, type IRPDefaultOpts, type IRPOptions, type IRequiredContext, type ISIOPIdentifierOptions, type ISIOPv2RP, type ISiopRPInstanceArgs, type ISiopv2RPOpts, type IUpdateRequestStateArgs, type IVerifyAuthResponseStateArgs, type ImportDefinitionsArgs, type PerDidResolver, SIOPv2RP, type VerificationPolicies, plugin_schema as schema };

package/dist/index.js

@@ -336,8 +336,9 @@ var plugin_schema_default = {
 import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did-auth-siop";
 import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
 import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
+import { validate as isValidUUID } from "uuid";
 import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
-import { DcqlPresentation, DcqlQuery } from "dcql";
+import { DcqlQuery } from "dcql";
 
 // src/functions.ts
 import { ClientIdentifierPrefix, InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
@@ -351,7 +352,7 @@ function getRequestVersion(rpOptions) {
   if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
     return rpOptions.supportedVersions[0];
   }
-  return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
+  return SupportedVersion.OID4VP_v1;
 }
 __name(getRequestVersion, "getRequestVersion");
 function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -366,6 +367,33 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
   };
 }
 __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
+function getDcqlQueryLookupCallback(context) {
+  async function dcqlQueryLookup(queryId, version, tenantId) {
+    const result = await context.agent.pdmGetDefinitions({
+      filter: [
+        {
+          queryId,
+          ...tenantId && {
+            tenantId
+          },
+          ...version && {
+            version
+          }
+        },
+        {
+          id: queryId
+        }
+      ]
+    });
+    if (result && result.length > 0) {
+      return result[0].query;
+    }
+    return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
+  }
+  __name(dcqlQueryLookup, "dcqlQueryLookup");
+  return dcqlQueryLookup;
+}
+__name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
 function getPresentationVerificationCallback(idOpts, context) {
   async function presentationVerificationCallback(args, presentationSubmission) {
     if (CredentialMapper.isSdJwtEncoded(args)) {
@@ -405,27 +433,8 @@ function getPresentationVerificationCallback(idOpts, context) {
 }
 __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
 async function createRPBuilder(args) {
-  const { rpOpts, pexOpts, context } = args;
+  const { rpOpts, context } = args;
   const { identifierOpts } = rpOpts;
-  let definition = args.definition;
-  let dcqlQuery = args.dcql;
-  if (!definition && pexOpts && pexOpts.queryId) {
-    const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
-      filter: [
-        {
-          definitionId: pexOpts.queryId,
-          version: pexOpts.version,
-          tenantId: pexOpts.tenantId
-        }
-      ]
-    });
-    if (presentationDefinitionItems.length > 0) {
-      const presentationDefinitionItem = presentationDefinitionItems[0];
-      if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
-        dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
-      }
-    }
-  }
   const didMethods = identifierOpts.supportedDIDMethods ?? await getAgentDIDMethods(context);
   const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter();
   const defaultClientMetadata = {
@@ -480,16 +489,15 @@ async function createRPBuilder(args) {
   const builder = RP.builder({
     requestVersion: getRequestVersion(rpOpts)
   }).withScope("openid", PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? ResponseMode.POST).withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
-    SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
-    SupportedVersion.SIOPv2_ID1,
-    SupportedVersion.SIOPv2_D11
+    SupportedVersion.OID4VP_v1,
+    SupportedVersion.SIOPv2_OID4VP_D28
   ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
     resolver,
     verifyOpts: {
       wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
       checkLinkedDomain: "if_present"
     }
-  }, context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
+  }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
   const oidfOpts = identifierOpts.oidfOpts;
   if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
     builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT);
@@ -502,9 +510,6 @@ async function createRPBuilder(args) {
   if (hasher) {
     builder.withHasher(hasher);
   }
-  if (dcqlQuery) {
-    builder.withDcqlQuery(dcqlQuery);
-  }
   if (rpOpts.responseRedirectUri) {
     builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
   }
@@ -577,17 +582,16 @@ var RPInstance = class {
     __name(this, "RPInstance");
   }
   _rp;
-  _pexOptions;
+  _presentationOptions;
   _rpOptions;
   constructor({ rpOpts, pexOpts }) {
     this._rpOptions = rpOpts;
-    this._pexOptions = pexOpts;
+    this._presentationOptions = pexOpts;
   }
   async get(context) {
     if (!this._rp) {
       const builder = await createRPBuilder({
         rpOpts: this._rpOptions,
-        pexOpts: this._pexOptions,
         context
       });
       this._rp = builder.build();
@@ -597,20 +601,8 @@ var RPInstance = class {
   get rpOptions() {
     return this._rpOptions;
   }
-  get pexOptions() {
-    return this._pexOptions;
-  }
-  hasDefinition() {
-    return this.definitionId !== void 0;
-  }
-  get definitionId() {
-    return this.pexOptions?.queryId;
-  }
-  async getPresentationDefinition(context) {
-    return this.definitionId ? await context.agent.pexStoreGetDefinition({
-      definitionId: this.definitionId,
-      tenantId: this.pexOptions?.tenantId
-    }) : void 0;
+  get presentationOptions() {
+    return this._presentationOptions;
   }
   async createAuthorizationRequestURI(createArgs, context) {
     const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
@@ -727,6 +719,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestURI(createArgs, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: true,
       responseRedirectURI: createArgs.responseRedirectURI,
       ...createArgs.useQueryIdInstance === true && {
         queryId: createArgs.queryId
@@ -735,6 +728,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestPayloads(createArgs, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: true,
       queryId: createArgs.queryId
     }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
       const authRequest = {
@@ -747,11 +741,13 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopGetRequestState(args, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
   }
   async siopGetResponseState(args, context) {
     const rpInstance = await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context);
     const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
@@ -765,8 +761,6 @@ var SIOPv2RP = class _SIOPv2RP {
         hasher = defaultHasher2;
       }
       const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token);
-      const xx = DcqlPresentation.parse(vpToken);
-      console.log(`IS DCQL PRESENTATION: ${JSON.stringify(xx)}`);
       const claims = [];
       for (const [key, value] of Object.entries(vpToken)) {
         const presentationDecoded = CredentialMapper2.decodeVerifiablePresentation(
@@ -834,6 +828,7 @@ var SIOPv2RP = class _SIOPv2RP {
       throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
     }
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then(async (rp2) => {
       await rp2.signalAuthRequestRetrieved({
@@ -845,6 +840,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopDeleteState(args, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
   }
@@ -854,42 +850,27 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     const authResponse = typeof args.authorizationResponse === "string" ? decodeUriAsJson(args.authorizationResponse) : args.authorizationResponse;
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
       correlationId: args.correlationId,
-      ...args.dcqlQueryPayload ? {
-        dcqlQuery: args.dcqlQueryPayload.dcqlQuery
-      } : {},
+      ...args.dcqlQuery && {
+        dcqlQuery: args.dcqlQuery
+      },
       audience: args.audience
     })));
   }
   async siopImportDefinitions(args, context) {
-    const { queries, tenantId, version, versionControlMode } = args;
-    await Promise.all(queries.map(async (definitionPair) => {
-      const definitionPayload = definitionPair.definitionPayload;
-      if (!definitionPayload && !definitionPair.dcqlPayload) {
-        return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
-      }
-      let definitionId;
-      if (definitionPair.dcqlPayload) {
-        DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery);
-        console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`);
-        definitionId = definitionPair.dcqlPayload.queryId;
-      }
-      if (definitionPayload) {
-        await context.agent.pexValidateDefinition({
-          definition: definitionPayload
-        });
-        console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`);
-        definitionId = definitionPayload.id;
-      }
+    const { importItems, tenantId, version, versionControlMode } = args;
+    await Promise.all(importItems.map(async (importItem) => {
+      DcqlQuery.validate(importItem.query);
+      console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`);
       return context.agent.pdmPersistDefinition({
         definitionItem: {
-          definitionId,
+          queryId: importItem.queryId,
           tenantId,
           version,
-          definitionPayload,
-          dcqlPayload: definitionPair.dcqlPayload
+          query: importItem.query
         },
         opts: {
           versionControlMode
@@ -914,9 +895,37 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     return void 0;
   }
-  async getRPInstance({ queryId, responseRedirectURI }, context) {
-    const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
-    if (!this.instances.has(instanceId)) {
+  async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
+    let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
+    let rpInstance;
+    if (queryId) {
+      if (this.instances.has(queryId)) {
+        rpInstanceId = queryId;
+        rpInstance = this.instances.get(rpInstanceId);
+      } else if (isValidUUID(queryId)) {
+        try {
+          const pd = await context.agent.pdmGetDefinition({
+            itemId: queryId
+          });
+          if (this.instances.has(pd.queryId)) {
+            rpInstanceId = pd.queryId;
+            rpInstance = this.instances.get(rpInstanceId);
+          }
+        } catch (ignore) {
+        }
+      }
+      if (createWhenNotPresent) {
+        rpInstanceId = queryId;
+      } else {
+        rpInstance = this.instances.get(rpInstanceId);
+      }
+    } else {
+      rpInstance = this.instances.get(rpInstanceId);
+    }
+    if (!rpInstance) {
+      if (!createWhenNotPresent) {
+        return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
+      }
       const instanceOpts = this.getInstanceOpts(queryId);
       const rpOpts = await this.getRPOptions(context, {
         queryId,
@@ -938,12 +947,12 @@ var SIOPv2RP = class _SIOPv2RP {
           resolverResolution: true
         });
       }
-      this.instances.set(instanceId, new RPInstance({
+      rpInstance = new RPInstance({
         rpOpts,
         pexOpts: instanceOpts
-      }));
+      });
+      this.instances.set(rpInstanceId, rpInstance);
     }
-    const rpInstance = this.instances.get(instanceId);
     if (responseRedirectURI) {
       rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
     }
@@ -985,37 +994,28 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     return options;
   }
-  getInstanceOpts(definitionId) {
+  getInstanceOpts(queryId) {
     if (!this.opts.instanceOpts) return void 0;
-    const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : void 0;
-    return instanceOpt ?? this.getDefaultOptions(definitionId);
+    const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
+    return instanceOpt ?? this.getDefaultOptions(queryId);
   }
-  getDefaultOptions(definitionId) {
+  getDefaultOptions(queryId) {
     if (!this.opts.instanceOpts) return void 0;
     const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
     if (defaultOptions) {
       const clonedOptions = {
         ...defaultOptions
       };
-      if (definitionId !== void 0) {
-        clonedOptions.queryId = definitionId;
+      if (queryId !== void 0) {
+        clonedOptions.queryId = queryId;
       }
       return clonedOptions;
     }
     return void 0;
   }
 };
-
-// src/types/ISIOPv2RP.ts
-var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
-  VerifiedDataMode2["NONE"] = "none";
-  VerifiedDataMode2["VERIFIED_PRESENTATION"] = "vp";
-  VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
-  return VerifiedDataMode2;
-})({});
 export {
   SIOPv2RP,
-  VerifiedDataMode,
   plugin_schema_default as schema
 };
 //# sourceMappingURL=index.js.map