npm - @sphereon/ssi-sdk.siopv2-oid4vp-rp-auth - Versions diffs - 0.34.1-fix.182 → 0.34.1-fix.226 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.182 → 0.34.1-fix.226

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.js CHANGED Viewed

@@ -336,6 +336,7 @@ var plugin_schema_default = {
 import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did-auth-siop";
 import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
 import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
+import { validate as isValidUUID } from "uuid";
 import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
 import { DcqlQuery } from "dcql";
@@ -351,7 +352,7 @@ function getRequestVersion(rpOptions) {
   if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
     return rpOptions.supportedVersions[0];
   }
-  return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
+  return SupportedVersion.OID4VP_v1;
 }
 __name(getRequestVersion, "getRequestVersion");
 function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -366,6 +367,33 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
   };
 }
 __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
+function getDcqlQueryLookupCallback(context) {
+  async function dcqlQueryLookup(queryId, version, tenantId) {
+    const result = await context.agent.pdmGetDefinitions({
+      filter: [
+        {
+          queryId,
+          ...tenantId && {
+            tenantId
+          },
+          ...version && {
+            version
+          }
+        },
+        {
+          id: queryId
+        }
+      ]
+    });
+    if (result && result.length > 0) {
+      return result[0].query;
+    }
+    return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
+  }
+  __name(dcqlQueryLookup, "dcqlQueryLookup");
+  return dcqlQueryLookup;
+}
+__name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
 function getPresentationVerificationCallback(idOpts, context) {
   async function presentationVerificationCallback(args, presentationSubmission) {
     if (CredentialMapper.isSdJwtEncoded(args)) {
@@ -405,27 +433,8 @@ function getPresentationVerificationCallback(idOpts, context) {
 }
 __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
 async function createRPBuilder(args) {
-  const { rpOpts, pexOpts, context } = args;
+  const { rpOpts, context } = args;
   const { identifierOpts } = rpOpts;
-  let definition = args.definition;
-  let dcqlQuery = args.dcql;
-  if (!definition && pexOpts && pexOpts.queryId) {
-    const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
-      filter: [
-        {
-          queryId: pexOpts.queryId,
-          version: pexOpts.version,
-          tenantId: pexOpts.tenantId
-        }
-      ]
-    });
-    if (presentationDefinitionItems.length > 0) {
-      const presentationDefinitionItem = presentationDefinitionItems[0];
-      if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
-        dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
-      }
-    }
-  }
   const didMethods = identifierOpts.supportedDIDMethods ?? await getAgentDIDMethods(context);
   const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter();
   const defaultClientMetadata = {
@@ -480,16 +489,15 @@ async function createRPBuilder(args) {
   const builder = RP.builder({
     requestVersion: getRequestVersion(rpOpts)
   }).withScope("openid", PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? ResponseMode.POST).withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
-    SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
-    SupportedVersion.SIOPv2_ID1,
-    SupportedVersion.SIOPv2_D11
+    SupportedVersion.OID4VP_v1,
+    SupportedVersion.SIOPv2_OID4VP_D28
   ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
     resolver,
     verifyOpts: {
       wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
       checkLinkedDomain: "if_present"
     }
-  }, context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
+  }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
   const oidfOpts = identifierOpts.oidfOpts;
   if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
     builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT);
@@ -502,9 +510,6 @@ async function createRPBuilder(args) {
   if (hasher) {
     builder.withHasher(hasher);
   }
-  if (dcqlQuery) {
-    builder.withDcqlQuery(dcqlQuery);
-  }
   if (rpOpts.responseRedirectUri) {
     builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
   }
@@ -577,17 +582,16 @@ var RPInstance = class {
     __name(this, "RPInstance");
   }
   _rp;
-  _pexOptions;
+  _presentationOptions;
   _rpOptions;
   constructor({ rpOpts, pexOpts }) {
     this._rpOptions = rpOpts;
-    this._pexOptions = pexOpts;
+    this._presentationOptions = pexOpts;
   }
   async get(context) {
     if (!this._rp) {
       const builder = await createRPBuilder({
         rpOpts: this._rpOptions,
-        pexOpts: this._pexOptions,
         context
       });
       this._rp = builder.build();
@@ -597,20 +601,8 @@ var RPInstance = class {
   get rpOptions() {
     return this._rpOptions;
   }
-  get pexOptions() {
-    return this._pexOptions;
-  }
-  hasDefinition() {
-    return this.definitionId !== void 0;
-  }
-  get definitionId() {
-    return this.pexOptions?.queryId;
-  }
-  async getPresentationDefinition(context) {
-    return this.definitionId ? await context.agent.pexStoreGetDefinition({
-      definitionId: this.definitionId,
-      tenantId: this.pexOptions?.tenantId
-    }) : void 0;
+  get presentationOptions() {
+    return this._presentationOptions;
   }
   async createAuthorizationRequestURI(createArgs, context) {
     const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
@@ -727,6 +719,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestURI(createArgs, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: true,
       responseRedirectURI: createArgs.responseRedirectURI,
       ...createArgs.useQueryIdInstance === true && {
         queryId: createArgs.queryId
@@ -735,6 +728,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestPayloads(createArgs, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: true,
       queryId: createArgs.queryId
     }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
       const authRequest = {
@@ -747,11 +741,13 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopGetRequestState(args, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
   }
   async siopGetResponseState(args, context) {
     const rpInstance = await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context);
     const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
@@ -759,23 +755,24 @@ var SIOPv2RP = class _SIOPv2RP {
       return void 0;
     }
     const responseState = authorizationResponseState;
-    if (responseState.status === AuthorizationResponseStateStatus.VERIFIED && args.includeVerifiedData && args.includeVerifiedData !== VerifiedDataMode.NONE) {
+    if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {
       let hasher;
       if (CredentialMapper2.isSdJwtEncoded(responseState.response.payload.vp_token) && (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== "function")) {
         hasher = defaultHasher2;
       }
-      const presentationDecoded = CredentialMapper2.decodeVerifiablePresentation(
-        responseState.response.payload.vp_token,
-        //todo: later we want to conditionally pass in options for mdl-mdoc here
-        hasher
-      );
-      switch (args.includeVerifiedData) {
-        case VerifiedDataMode.VERIFIED_PRESENTATION:
-          responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded);
-          break;
-        case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED:
-          const allClaims = {};
-          for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
+      const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token);
+      const claims = [];
+      for (const [key, value] of Object.entries(vpToken)) {
+        const presentationDecoded = CredentialMapper2.decodeVerifiablePresentation(
+          value,
+          //todo: later we want to conditionally pass in options for mdl-mdoc here
+          hasher
+        );
+        console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`);
+        const allClaims = {};
+        const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded);
+        if ("verifiableCredential" in presentationOrClaims) {
+          for (const credential of presentationOrClaims.verifiableCredential) {
             const vc = credential;
             const schemaValidationResult = await context.agent.cvVerifySchema({
               credential,
@@ -791,24 +788,47 @@ var SIOPv2RP = class _SIOPv2RP {
             if (!("id" in allClaims)) {
               allClaims["id"] = credentialSubject.id;
             }
-            Object.entries(credentialSubject).forEach(([key, value]) => {
-              if (!(key in allClaims)) {
-                allClaims[key] = value;
+            Object.entries(credentialSubject).forEach(([key2, value2]) => {
+              if (!(key2 in allClaims)) {
+                allClaims[key2] = value2;
               }
             });
+            claims.push({
+              id: key,
+              type: vc.type[0],
+              claims: allClaims
+            });
           }
-          responseState.verifiedData = allClaims;
-          break;
+        } else {
+          claims.push({
+            id: key,
+            type: presentationDecoded.decodedPayload.vct,
+            claims: presentationOrClaims
+          });
+        }
       }
+      responseState.verifiedData = {
+        ...responseState.response.payload.vp_token && {
+          authorization_response: {
+            vp_token: typeof responseState.response.payload.vp_token === "string" ? JSON.parse(responseState.response.payload.vp_token) : responseState.response.payload.vp_token
+          }
+        },
+        ...claims.length > 0 && {
+          credential_claims: claims
+        }
+      };
     }
     return responseState;
   }
-  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => CredentialMapper2.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : CredentialMapper2.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
+  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => {
+    return CredentialMapper2.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : CredentialMapper2.toUniformPresentation(presentationDecoded);
+  }, "presentationOrClaimsFrom");
   async siopUpdateRequestState(args, context) {
     if (args.state !== "authorization_request_created") {
       throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
     }
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then(async (rp2) => {
       await rp2.signalAuthRequestRetrieved({
@@ -820,6 +840,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopDeleteState(args, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
   }
@@ -829,12 +850,13 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     const authResponse = typeof args.authorizationResponse === "string" ? decodeUriAsJson(args.authorizationResponse) : args.authorizationResponse;
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
       correlationId: args.correlationId,
-      ...args.dcqlQuery ? {
+      ...args.dcqlQuery && {
         dcqlQuery: args.dcqlQuery
-      } : {},
+      },
       audience: args.audience
     })));
   }
@@ -873,9 +895,37 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     return void 0;
   }
-  async getRPInstance({ queryId, responseRedirectURI }, context) {
-    const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
-    if (!this.instances.has(instanceId)) {
+  async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
+    let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
+    let rpInstance;
+    if (queryId) {
+      if (this.instances.has(queryId)) {
+        rpInstanceId = queryId;
+        rpInstance = this.instances.get(rpInstanceId);
+      } else if (isValidUUID(queryId)) {
+        try {
+          const pd = await context.agent.pdmGetDefinition({
+            itemId: queryId
+          });
+          if (this.instances.has(pd.queryId)) {
+            rpInstanceId = pd.queryId;
+            rpInstance = this.instances.get(rpInstanceId);
+          }
+        } catch (ignore) {
+        }
+      }
+      if (createWhenNotPresent) {
+        rpInstanceId = queryId;
+      } else {
+        rpInstance = this.instances.get(rpInstanceId);
+      }
+    } else {
+      rpInstance = this.instances.get(rpInstanceId);
+    }
+    if (!rpInstance) {
+      if (!createWhenNotPresent) {
+        return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
+      }
       const instanceOpts = this.getInstanceOpts(queryId);
       const rpOpts = await this.getRPOptions(context, {
         queryId,
@@ -897,12 +947,12 @@ var SIOPv2RP = class _SIOPv2RP {
           resolverResolution: true
         });
       }
-      this.instances.set(instanceId, new RPInstance({
+      rpInstance = new RPInstance({
         rpOpts,
         pexOpts: instanceOpts
-      }));
+      });
+      this.instances.set(rpInstanceId, rpInstance);
     }
-    const rpInstance = this.instances.get(instanceId);
     if (responseRedirectURI) {
       rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
     }
@@ -944,37 +994,28 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     return options;
   }
-  getInstanceOpts(definitionId) {
+  getInstanceOpts(queryId) {
     if (!this.opts.instanceOpts) return void 0;
-    const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : void 0;
-    return instanceOpt ?? this.getDefaultOptions(definitionId);
+    const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
+    return instanceOpt ?? this.getDefaultOptions(queryId);
   }
-  getDefaultOptions(definitionId) {
+  getDefaultOptions(queryId) {
     if (!this.opts.instanceOpts) return void 0;
     const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
     if (defaultOptions) {
       const clonedOptions = {
         ...defaultOptions
       };
-      if (definitionId !== void 0) {
-        clonedOptions.queryId = definitionId;
+      if (queryId !== void 0) {
+        clonedOptions.queryId = queryId;
       }
       return clonedOptions;
     }
     return void 0;
   }
 };
-// src/types/ISIOPv2RP.ts
-var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
-  VerifiedDataMode2["NONE"] = "none";
-  VerifiedDataMode2["VERIFIED_PRESENTATION"] = "vp";
-  VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
-  return VerifiedDataMode2;
-})({});
 export {
   SIOPv2RP,
-  VerifiedDataMode,
   plugin_schema_default as schema
 };
 //# sourceMappingURL=index.js.map