npm - @sphereon/ssi-sdk.siopv2-oid4vp-rp-auth - Versions diffs - 0.34.1-fix.182 → 0.34.1-fix.223 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.182 → 0.34.1-fix.223

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.cjs CHANGED Viewed

@@ -22,7 +22,6 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   SIOPv2RP: () => SIOPv2RP,
-  VerifiedDataMode: () => VerifiedDataMode,
   schema: () => plugin_schema_default
 });
 module.exports = __toCommonJS(index_exports);
@@ -362,6 +361,7 @@ var plugin_schema_default = {
 var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
 var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
 var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
+var import_uuid2 = require("uuid");
 var import_ssi_types2 = require("@sphereon/ssi-types");
 var import_dcql = require("dcql");
@@ -377,7 +377,7 @@ function getRequestVersion(rpOptions) {
   if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
     return rpOptions.supportedVersions[0];
   }
-  return import_did_auth_siop.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
+  return import_did_auth_siop.SupportedVersion.OID4VP_v1;
 }
 __name(getRequestVersion, "getRequestVersion");
 function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -392,6 +392,33 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
   };
 }
 __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
+function getDcqlQueryLookupCallback(context) {
+  async function dcqlQueryLookup(queryId, version, tenantId) {
+    const result = await context.agent.pdmGetDefinitions({
+      filter: [
+        {
+          queryId,
+          ...tenantId && {
+            tenantId
+          },
+          ...version && {
+            version
+          }
+        },
+        {
+          id: queryId
+        }
+      ]
+    });
+    if (result && result.length > 0) {
+      return result[0].query;
+    }
+    return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
+  }
+  __name(dcqlQueryLookup, "dcqlQueryLookup");
+  return dcqlQueryLookup;
+}
+__name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
 function getPresentationVerificationCallback(idOpts, context) {
   async function presentationVerificationCallback(args, presentationSubmission) {
     if (import_ssi_types.CredentialMapper.isSdJwtEncoded(args)) {
@@ -431,27 +458,8 @@ function getPresentationVerificationCallback(idOpts, context) {
 }
 __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
 async function createRPBuilder(args) {
-  const { rpOpts, pexOpts, context } = args;
+  const { rpOpts, context } = args;
   const { identifierOpts } = rpOpts;
-  let definition = args.definition;
-  let dcqlQuery = args.dcql;
-  if (!definition && pexOpts && pexOpts.queryId) {
-    const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
-      filter: [
-        {
-          queryId: pexOpts.queryId,
-          version: pexOpts.version,
-          tenantId: pexOpts.tenantId
-        }
-      ]
-    });
-    if (presentationDefinitionItems.length > 0) {
-      const presentationDefinitionItem = presentationDefinitionItems[0];
-      if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
-        dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
-      }
-    }
-  }
   const didMethods = identifierOpts.supportedDIDMethods ?? await (0, import_ssi_sdk_ext.getAgentDIDMethods)(context);
   const eventEmitter = rpOpts.eventEmitter ?? new import_events.EventEmitter();
   const defaultClientMetadata = {
@@ -506,16 +514,15 @@ async function createRPBuilder(args) {
   const builder = import_did_auth_siop.RP.builder({
     requestVersion: getRequestVersion(rpOpts)
   }).withScope("openid", import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? import_did_auth_siop.ResponseMode.POST).withResponseType(import_did_auth_siop.ResponseType.VP_TOKEN, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
-    import_did_auth_siop.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
-    import_did_auth_siop.SupportedVersion.SIOPv2_ID1,
-    import_did_auth_siop.SupportedVersion.SIOPv2_D11
+    import_did_auth_siop.SupportedVersion.OID4VP_v1,
+    import_did_auth_siop.SupportedVersion.SIOPv2_OID4VP_D28
   ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new import_did_auth_siop.InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
     resolver,
     verifyOpts: {
       wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
       checkLinkedDomain: "if_present"
     }
-  }, context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
+  }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(import_did_auth_siop.RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
   const oidfOpts = identifierOpts.oidfOpts;
   if (oidfOpts && (0, import_ssi_sdk_ext2.isExternalIdentifierOIDFEntityIdOpts)(oidfOpts)) {
     builder.withEntityId(oidfOpts.identifier, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
@@ -528,9 +535,6 @@ async function createRPBuilder(args) {
   if (hasher) {
     builder.withHasher(hasher);
   }
-  if (dcqlQuery) {
-    builder.withDcqlQuery(dcqlQuery);
-  }
   if (rpOpts.responseRedirectUri) {
     builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
   }
@@ -603,17 +607,16 @@ var RPInstance = class {
     __name(this, "RPInstance");
   }
   _rp;
-  _pexOptions;
+  _presentationOptions;
   _rpOptions;
   constructor({ rpOpts, pexOpts }) {
     this._rpOptions = rpOpts;
-    this._pexOptions = pexOpts;
+    this._presentationOptions = pexOpts;
   }
   async get(context) {
     if (!this._rp) {
       const builder = await createRPBuilder({
         rpOpts: this._rpOptions,
-        pexOpts: this._pexOptions,
         context
       });
       this._rp = builder.build();
@@ -623,20 +626,8 @@ var RPInstance = class {
   get rpOptions() {
     return this._rpOptions;
   }
-  get pexOptions() {
-    return this._pexOptions;
-  }
-  hasDefinition() {
-    return this.definitionId !== void 0;
-  }
-  get definitionId() {
-    return this.pexOptions?.queryId;
-  }
-  async getPresentationDefinition(context) {
-    return this.definitionId ? await context.agent.pexStoreGetDefinition({
-      definitionId: this.definitionId,
-      tenantId: this.pexOptions?.tenantId
-    }) : void 0;
+  get presentationOptions() {
+    return this._presentationOptions;
   }
   async createAuthorizationRequestURI(createArgs, context) {
     const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
@@ -753,6 +744,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestURI(createArgs, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: true,
       responseRedirectURI: createArgs.responseRedirectURI,
       ...createArgs.useQueryIdInstance === true && {
         queryId: createArgs.queryId
@@ -761,6 +753,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestPayloads(createArgs, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: true,
       queryId: createArgs.queryId
     }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
       const authRequest = {
@@ -773,11 +766,13 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopGetRequestState(args, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
   }
   async siopGetResponseState(args, context) {
     const rpInstance = await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context);
     const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
@@ -785,23 +780,24 @@ var SIOPv2RP = class _SIOPv2RP {
       return void 0;
     }
     const responseState = authorizationResponseState;
-    if (responseState.status === import_did_auth_siop2.AuthorizationResponseStateStatus.VERIFIED && args.includeVerifiedData && args.includeVerifiedData !== VerifiedDataMode.NONE) {
+    if (responseState.status === import_did_auth_siop2.AuthorizationResponseStateStatus.VERIFIED) {
       let hasher;
       if (import_ssi_types2.CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token) && (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== "function")) {
         hasher = import_ssi_sdk2.shaHasher;
       }
-      const presentationDecoded = import_ssi_types2.CredentialMapper.decodeVerifiablePresentation(
-        responseState.response.payload.vp_token,
-        //todo: later we want to conditionally pass in options for mdl-mdoc here
-        hasher
-      );
-      switch (args.includeVerifiedData) {
-        case VerifiedDataMode.VERIFIED_PRESENTATION:
-          responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded);
-          break;
-        case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED:
-          const allClaims = {};
-          for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
+      const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token);
+      const claims = [];
+      for (const [key, value] of Object.entries(vpToken)) {
+        const presentationDecoded = import_ssi_types2.CredentialMapper.decodeVerifiablePresentation(
+          value,
+          //todo: later we want to conditionally pass in options for mdl-mdoc here
+          hasher
+        );
+        console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`);
+        const allClaims = {};
+        const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded);
+        if ("verifiableCredential" in presentationOrClaims) {
+          for (const credential of presentationOrClaims.verifiableCredential) {
             const vc = credential;
             const schemaValidationResult = await context.agent.cvVerifySchema({
               credential,
@@ -817,24 +813,47 @@ var SIOPv2RP = class _SIOPv2RP {
             if (!("id" in allClaims)) {
               allClaims["id"] = credentialSubject.id;
             }
-            Object.entries(credentialSubject).forEach(([key, value]) => {
-              if (!(key in allClaims)) {
-                allClaims[key] = value;
+            Object.entries(credentialSubject).forEach(([key2, value2]) => {
+              if (!(key2 in allClaims)) {
+                allClaims[key2] = value2;
               }
             });
+            claims.push({
+              id: key,
+              type: vc.type[0],
+              claims: allClaims
+            });
           }
-          responseState.verifiedData = allClaims;
-          break;
+        } else {
+          claims.push({
+            id: key,
+            type: presentationDecoded.decodedPayload.vct,
+            claims: presentationOrClaims
+          });
+        }
       }
+      responseState.verifiedData = {
+        ...responseState.response.payload.vp_token && {
+          authorization_response: {
+            vp_token: typeof responseState.response.payload.vp_token === "string" ? JSON.parse(responseState.response.payload.vp_token) : responseState.response.payload.vp_token
+          }
+        },
+        ...claims.length > 0 && {
+          credential_claims: claims
+        }
+      };
     }
     return responseState;
   }
-  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => import_ssi_types2.CredentialMapper.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : import_ssi_types2.CredentialMapper.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
+  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => {
+    return import_ssi_types2.CredentialMapper.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : import_ssi_types2.CredentialMapper.toUniformPresentation(presentationDecoded);
+  }, "presentationOrClaimsFrom");
   async siopUpdateRequestState(args, context) {
     if (args.state !== "authorization_request_created") {
       throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
     }
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then(async (rp2) => {
       await rp2.signalAuthRequestRetrieved({
@@ -846,6 +865,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopDeleteState(args, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
   }
@@ -855,12 +875,13 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     const authResponse = typeof args.authorizationResponse === "string" ? (0, import_did_auth_siop2.decodeUriAsJson)(args.authorizationResponse) : args.authorizationResponse;
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
       correlationId: args.correlationId,
-      ...args.dcqlQuery ? {
+      ...args.dcqlQuery && {
         dcqlQuery: args.dcqlQuery
-      } : {},
+      },
       audience: args.audience
     })));
   }
@@ -899,9 +920,37 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     return void 0;
   }
-  async getRPInstance({ queryId, responseRedirectURI }, context) {
-    const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
-    if (!this.instances.has(instanceId)) {
+  async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
+    let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
+    let rpInstance;
+    if (queryId) {
+      if (this.instances.has(queryId)) {
+        rpInstanceId = queryId;
+        rpInstance = this.instances.get(rpInstanceId);
+      } else if ((0, import_uuid2.validate)(queryId)) {
+        try {
+          const pd = await context.agent.pdmGetDefinition({
+            itemId: queryId
+          });
+          if (this.instances.has(pd.queryId)) {
+            rpInstanceId = pd.queryId;
+            rpInstance = this.instances.get(rpInstanceId);
+          }
+        } catch (ignore) {
+        }
+      }
+      if (createWhenNotPresent) {
+        rpInstanceId = queryId;
+      } else {
+        rpInstance = this.instances.get(rpInstanceId);
+      }
+    } else {
+      rpInstance = this.instances.get(rpInstanceId);
+    }
+    if (!rpInstance) {
+      if (!createWhenNotPresent) {
+        return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
+      }
       const instanceOpts = this.getInstanceOpts(queryId);
       const rpOpts = await this.getRPOptions(context, {
         queryId,
@@ -923,12 +972,12 @@ var SIOPv2RP = class _SIOPv2RP {
           resolverResolution: true
         });
       }
-      this.instances.set(instanceId, new RPInstance({
+      rpInstance = new RPInstance({
         rpOpts,
         pexOpts: instanceOpts
-      }));
+      });
+      this.instances.set(rpInstanceId, rpInstance);
     }
-    const rpInstance = this.instances.get(instanceId);
     if (responseRedirectURI) {
       rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
     }
@@ -970,32 +1019,24 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     return options;
   }
-  getInstanceOpts(definitionId) {
+  getInstanceOpts(queryId) {
     if (!this.opts.instanceOpts) return void 0;
-    const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : void 0;
-    return instanceOpt ?? this.getDefaultOptions(definitionId);
+    const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
+    return instanceOpt ?? this.getDefaultOptions(queryId);
   }
-  getDefaultOptions(definitionId) {
+  getDefaultOptions(queryId) {
     if (!this.opts.instanceOpts) return void 0;
     const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
     if (defaultOptions) {
       const clonedOptions = {
         ...defaultOptions
       };
-      if (definitionId !== void 0) {
-        clonedOptions.queryId = definitionId;
+      if (queryId !== void 0) {
+        clonedOptions.queryId = queryId;
       }
       return clonedOptions;
     }
     return void 0;
   }
 };
-// src/types/ISIOPv2RP.ts
-var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
-  VerifiedDataMode2["NONE"] = "none";
-  VerifiedDataMode2["VERIFIED_PRESENTATION"] = "vp";
-  VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
-  return VerifiedDataMode2;
-})({});
 //# sourceMappingURL=index.cjs.map