@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feat.SSISDK.35.63 → 0.34.1-feat.SSISDK.55.243

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/siop-api-functions.ts","../src/webapp-api-functions.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload, PresentationDefinitionLocation } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n  const contentType = request.header('content-type')\n\n  if (contentType === 'application/json') {\n    const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n    return payload as AuthorizationResponsePayload\n  }\n\n  if (contentType === 'application/x-www-form-urlencoded') {\n    const payload = request.body as AuthorizationResponsePayload\n\n    // Parse presentation_submission if it's a string\n    if (typeof payload.presentation_submission === 'string') {\n      console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n      payload.presentation_submission = JSON.parse(payload.presentation_submission)\n    }\n\n    // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n    if (typeof payload.vp_token === 'string') {\n      const { vp_token } = payload\n\n      // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n      // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n      if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n        payload.vp_token = JSON.parse(vp_token)\n      }\n    }\n\n    return payload\n  }\n\n  throw new Error(\n    `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n  )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(\n  router: Router,\n  context: IRequiredContext,\n  opts?: ISingleEndpointOpts & { presentationDefinitionLocation?: PresentationDefinitionLocation },\n) {\n  if (opts?.enabled === false) {\n    console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n    return\n  }\n  const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n  router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n    try {\n      const { correlationId, definitionId, tenantId, version } = request.params\n      if (!correlationId || !definitionId) {\n        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n        return sendErrorResponse(response, 404, 'No authorization request could be found')\n      }\n      console.log('Authorization Response (siop-sessions')\n      console.log(JSON.stringify(request.body, null, 2))\n      const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })\n      if (definitionItems.length === 0) {\n        console.log(`Could not get definition ${definitionId} from agent. Will return 404`)\n        response.statusCode = 404\n        response.statusMessage = `No definition ${definitionId}`\n        return response.send()\n      }\n\n      const authorizationResponse = parseAuthorizationResponse(request)\n      console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n      const definitionItem = definitionItems[0]\n      const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n        authorizationResponse,\n        correlationId,\n        definitionId,\n        presentationDefinitions: [\n          {\n            location: opts?.presentationDefinitionLocation ?? PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF,\n            definition: definitionItem.definitionPayload,\n          },\n        ],\n        dcqlQuery: definitionItem.dcqlPayload,\n      })\n\n      const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentations[0]\n      if (wrappedPresentation) {\n        // const credentialSubject = wrappedPresentation.presentation.verifiableCredential[0]?.credential?.credentialSubject\n        // console.log(JSON.stringify(credentialSubject, null, 2))\n        console.log('PRESENTATION:' + JSON.stringify(wrappedPresentation.presentation, null, 2))\n        response.statusCode = 200\n\n        const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n          presentation_during_issuance_session: verifiedResponse.correlationId,\n        }\n        if (authorizationResponse.is_first_party) {\n          response.setHeader('Content-Type', 'application/json')\n          return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n        }\n\n        const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })\n        if (responseRedirectURI) {\n          response.setHeader('Content-Type', 'application/json')\n          return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n        }\n        // todo: delete session\n      } else {\n        console.log('Missing Presentation (Verifiable Credentials)')\n        response.statusCode = 500\n        response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n      }\n      return response.send()\n    } catch (error) {\n      console.error(error)\n      return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n    }\n  })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`getAuthRequest SIOP endpoint is disabled`)\n    return\n  }\n  const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n  router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n    try {\n      const correlationId = request.params.correlationId\n      const definitionId = request.params.definitionId\n      if (!correlationId || !definitionId) {\n        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n        return sendErrorResponse(response, 404, 'No authorization request could be found')\n      }\n      const requestState = await context.agent.siopGetAuthRequestState({\n        correlationId,\n        definitionId,\n        errorOnNotFound: false,\n      })\n      if (!requestState) {\n        console.log(\n          `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n        )\n        return sendErrorResponse(response, 404, `No authorization request could be found`)\n      }\n      const requestObject = await requestState.request?.requestObject?.toJwt()\n      console.log('JWT Request object:')\n      console.log(requestObject)\n\n      let error: string | undefined\n      try {\n        response.statusCode = 200\n        response.setHeader('Content-Type', 'application/jwt')\n        return response.send(requestObject)\n      } catch (e) {\n        error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n        return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n      } finally {\n        await context.agent.siopUpdateAuthRequestState({\n          correlationId,\n          definitionId,\n          state: 'sent',\n          error,\n        })\n      }\n    } catch (error) {\n      return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n    }\n  })\n}\n","import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`createAuthRequest Webapp endpoint is disabled`)\n    return\n  }\n  const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests'\n  router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n    try {\n      // if (!request.agent) throw Error('No agent configured')\n      const definitionId = request.params.definitionId\n      if (!definitionId) {\n        return sendErrorResponse(response, 400, 'No definitionId query parameter provided')\n      }\n      const state: string = request.body.state ?? uuid.uuid()\n      const correlationId = request.body.correlationId ?? state\n      const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts\n\n      const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {\n        baseURI: opts?.siopBaseURI,\n      })\n      const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })\n      // first version is for backwards compat\n      const responseRedirectURI =\n        ('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??\n        ('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))\n\n      const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n        definitionId,\n        correlationId,\n        state,\n        nonce: uuid.uuid(),\n        requestByReferenceURI,\n        responseURIType: 'response_uri',\n        responseURI,\n        ...(responseRedirectURI && { responseRedirectURI }),\n      })\n\n      let qrCodeDataUri: string | undefined\n      if (qrCodeOpts) {\n        const { AwesomeQR } = await import('awesome-qr')\n        const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n        qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n      }\n      const authRequestBody: GenerateAuthRequestURIResponse = {\n        correlationId,\n        state,\n        definitionId,\n        authRequestURI,\n        authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,\n        ...(qrCodeDataUri && { qrCodeDataUri }),\n      }\n      console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n      return response.json(authRequestBody)\n    } catch (error) {\n      return sendErrorResponse(response, 500, 'Could not create an authorization request URI', error)\n    }\n  })\n}\n\nexport function authStatusWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`authStatus Webapp endpoint is disabled`)\n    return\n  }\n  const path = opts?.path ?? '/webapp/auth-status'\n  router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n    try {\n      console.log('Received auth-status request...')\n      const correlationId: string = request.body.correlationId as string\n      const definitionId: string = request.body.definitionId as string\n\n      const requestState =\n        correlationId && definitionId\n          ? await context.agent.siopGetAuthRequestState({\n              correlationId,\n              definitionId,\n              errorOnNotFound: false,\n            })\n          : undefined\n      if (!requestState || !definitionId || !correlationId) {\n        console.log(\n          `No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,\n        )\n        response.statusCode = 404\n        const statusBody: AuthStatusResponse = {\n          status: requestState ? requestState.status : 'error',\n          error: 'No authentication request mapping could be found for the given URL.',\n          correlationId,\n          definitionId,\n          lastUpdated: requestState ? requestState.lastUpdated : Date.now(),\n        }\n        return response.json(statusBody)\n      }\n\n      let includeVerifiedData: VerifiedDataMode = VerifiedDataMode.NONE\n      if ('includeVerifiedData' in request.body) {\n        includeVerifiedData = request.body.includeVerifiedData as VerifiedDataMode\n      }\n\n      let responseState\n      if (requestState.status === 'sent') {\n        responseState = (await context.agent.siopGetAuthResponseState({\n          correlationId,\n          definitionId,\n          includeVerifiedData: includeVerifiedData,\n          errorOnNotFound: false,\n        })) as AuthorizationResponseStateWithVerifiedData\n      }\n      const overallState: AuthorizationRequestState | AuthorizationResponseStateWithVerifiedData = responseState ?? requestState\n\n      const statusBody: AuthStatusResponse = {\n        status: overallState.status,\n        ...(overallState.error ? { error: overallState.error?.message } : {}),\n        correlationId,\n        definitionId,\n        lastUpdated: overallState.lastUpdated,\n        ...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED\n          ? {\n              payload: await responseState.response.mergedPayloads({ hasher: defaultHasher }),\n              verifiedData: responseState.verifiedData,\n            }\n          : {}),\n      }\n      console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n      if (overallState.status === 'error') {\n        response.statusCode = 500\n        return response.json(statusBody)\n      }\n      response.statusCode = 200\n      return response.json(statusBody)\n    } catch (error) {\n      return sendErrorResponse(response, 500, error.message, error)\n    }\n  })\n}\n\nexport function removeAuthRequestStateWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`removeAuthStatus Webapp endpoint is disabled`)\n    return\n  }\n  const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests/:correlationId'\n  router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n    try {\n      const correlationId: string = request.params.correlationId\n      const definitionId: string = request.params.definitionId\n      if (!correlationId || !definitionId) {\n        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n        return sendErrorResponse(response, 404, 'No authorization request could be found')\n      }\n      response.statusCode = 200\n      return response.json(await context.agent.siopDeleteAuthState({ definitionId, correlationId }))\n    } catch (error) {\n      return sendErrorResponse(response, 500, error.message, error)\n    }\n  })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`getDefinitions Webapp endpoint is disabled`)\n    return\n  }\n  const path = opts?.path ?? '/webapp/definitions'\n  router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n    try {\n      const definitions = await context.agent.pdmGetDefinitions()\n      response.statusCode = 200\n      return response.json(definitions)\n    } catch (error) {\n      return sendErrorResponse(response, 500, error.message, error)\n    }\n  })\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n  authStatusWebappEndpoint,\n  createAuthRequestWebappEndpoint,\n  getDefinitionsEndpoint,\n  removeAuthRequestStateWebappEndpoint,\n} from './webapp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n  private readonly _express: Express\n  private readonly _router: Router\n  private readonly _agent: TAgent<IPresentationExchange & ISIOPv2RP>\n  private readonly _opts?: ISIOPv2RPRestAPIOpts\n  private readonly _basePath: string\n\n  private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n  constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n    const { agent, opts } = args\n    this._agent = agent\n    copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n    if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n      copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n    }\n\n    this._opts = opts\n    this._express = args.expressSupport.express\n    this._router = express.Router()\n    const context = agentContext(agent)\n\n    const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n    console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n    // Webapp endpoints\n    if (features.includes('rp-status')) {\n      createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n      authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n      removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n      getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n    }\n\n    // SIOPv2 endpoints\n    if (features.includes('siop')) {\n      getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n      verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n    }\n    this._basePath = opts?.endpointOpts?.basePath ?? ''\n    this._express.use(this._basePath, this.router)\n    this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n    this.setupSwaggerUi()\n  }\n\n  private setupSwaggerUi() {\n    fetch(this.OID4VP_SWAGGER_URL)\n      .then((res) => res.json())\n      .then((swagger: any) => {\n        const apiDocs = `${this._basePath}/api-docs`\n        console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n        this._router.use(\n          '/api-docs',\n          (req: Request, res: Response, next: any) => {\n            const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n            swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n            // @ts-ignore\n            req.swaggerDoc = swagger\n            next()\n          },\n          swaggerUi.serveFiles(swagger, options),\n          swaggerUi.setup(),\n        )\n      })\n      .catch((err) => {\n        console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n      })\n    const options = {\n      // customCss: '.swagger-ui .topbar { display: none }',\n    }\n  }\n  get express(): Express {\n    return this._express\n  }\n\n  get router(): Router {\n    return this._router\n  }\n\n  get agent(): TAgent<IPresentationExchange & ISIOPv2RP> {\n    return this._agent\n  }\n\n  get opts(): ISIOPv2RPRestAPIOpts | undefined {\n    return this._opts\n  }\n}\n"],"mappings":";;;;AAAA,SAAuCA,sCAAsC;AAC7E,SAASC,WAAgCC,yBAAyB;AAClE,SAASC,wBAAwB;AAKjC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCACdC,QACAC,SACAC,MAAgG;AAEhG,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,cAAcC,UAAUC,QAAO,IAAK7B,QAAQ8B;AACnE,UAAI,CAACJ,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAET;YAAcC;YAAUC;UAAQ;;MAAG,CAAA;AAC9G,UAAII,gBAAgBI,WAAW,GAAG;AAChC7B,gBAAQC,IAAI,4BAA4BkB,YAAAA,8BAA0C;AAClFF,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB,iBAAiBZ,YAAAA;AAC1C,eAAOF,SAASe,KAAI;MACtB;AAEA,YAAMC,wBAAwB1C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAMzB,QAAQgB,MAAMU,uBAAuB;QAClEH;QACAf;QACAC;QACAkB,yBAAyB;UACvB;YACEC,UAAU3B,MAAM4B,kCAAkCC,+BAA+BC;YACjFC,YAAYR,eAAeS;UAC7B;;QAEFC,WAAWV,eAAeW;MAC5B,CAAA;AAEA,YAAMC,sBAAsBX,kBAAkBY,kBAAkBC,cAAc,CAAA;AAC9E,UAAIF,qBAAqB;AAGvB9C,gBAAQC,IAAI,kBAAkBJ,KAAK2B,UAAUsB,oBAAoBG,cAAc,MAAM,CAAA,CAAA;AACrFhC,iBAASa,aAAa;AAEtB,cAAMoB,2CAAqF;UACzFC,sCAAsChB,iBAAiBjB;QACzD;AACA,YAAIe,sBAAsBmB,gBAAgB;AACxCnC,mBAASoC,UAAU,gBAAgB,kBAAA;AACnC,iBAAOpC,SAASe,KAAKnC,KAAK2B,UAAU0B,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAM5C,QAAQgB,MAAM6B,mBAAmB;UAAErC;UAAeC;UAAcqC,OAAOrB,iBAAiBqB;QAAM,CAAA;AAChI,YAAIF,qBAAqB;AACvBrC,mBAASoC,UAAU,gBAAgB,kBAAA;AACnC,iBAAOpC,SAASe,KAAKnC,KAAK2B,UAAU;YAAEiC,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLtD,gBAAQC,IAAI,+CAAA;AACZgB,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB;MAC3B;AACA,aAAOd,SAASe,KAAI;IACtB,SAAS0B,OAAO;AACd1D,cAAQ0D,MAAMA,KAAAA;AACd,aAAOnC,kBAAkBN,UAAU,KAAK,gCAAgCyC,KAAAA;IAC1E;EACF,CAAA;AACF;AA5EgBlD;AA8ET,SAASmD,6BAA6BlD,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOmD,IAAI/C,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,eAAe3B,QAAQ8B,OAAOH;AACpC,UAAI,CAACD,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAM4C,eAAe,MAAMnD,QAAQgB,MAAMoC,wBAAwB;QAC/D5C;QACAC;QACA4C,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjB7D,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,YAAAA,EAAc;AAElJ,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAM+C,gBAAgB,MAAMH,aAAarE,SAASwE,eAAeC,MAAAA;AACjEjE,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI+D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFzC,iBAASa,aAAa;AACtBb,iBAASoC,UAAU,gBAAgB,iBAAA;AACnC,eAAOpC,SAASe,KAAKgC,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAa3D,QAAQ2D,EAAEC,UAAUC;AACrE,eAAO7C,kBAAkBN,UAAU,KAAK,uCAAuCiD,CAAAA;MACjF,UAAA;AACE,cAAMxD,QAAQgB,MAAM2C,2BAA2B;UAC7CnD;UACAC;UACAqC,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAOnC,kBAAkBN,UAAU,KAAK,uCAAuCyC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;ACzHhB,SAAoCW,wCAAwC;AAC5E,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAA6DC,mBAAmB;AAChF,SAAqDC,wBAAwB;AAE7E,OAAOC,UAAU;AAEjB,SAASC,aAAaC,qBAAqB;AAEpC,SAASC,gCAAgCC,QAAgBC,SAA2BC,MAA2C;AACpI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,+CAA+C;AAC3D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AAEF,YAAMC,eAAeF,QAAQG,OAAOD;AACpC,UAAI,CAACA,cAAc;AACjB,eAAOE,mBAAkBH,UAAU,KAAK,0CAAA;MAC1C;AACA,YAAMI,QAAgBL,QAAQM,KAAKD,SAASE,KAAKA,KAAI;AACrD,YAAMC,gBAAgBR,QAAQM,KAAKE,iBAAiBH;AACpD,YAAMI,aAAaT,QAAQM,KAAKG,cAAcjB,MAAMiB;AAEpD,YAAMC,wBAAwBC,YAAY,qBAAqBT,YAAAA,kBAA8BG,KAAAA,IAAS;QACpGO,SAASpB,MAAMqB;MACjB,CAAA;AACA,YAAMC,cAAcH,YAAY,qBAAqBT,YAAAA,mBAA+BG,KAAAA,IAAS;QAAEO,SAASpB,MAAMqB;MAAY,CAAA;AAE1H,YAAME,uBACH,2BAA2Bf,QAAQM,QAASN,QAAQM,KAAKU,2BACzD,yBAAyBhB,QAAQM,QAASN,QAAQM,KAAKS;AAE1D,YAAME,iBAAiB,MAAM1B,QAAQ2B,MAAMC,yBAAyB;QAClEjB;QACAM;QACAH;QACAe,OAAOb,KAAKA,KAAI;QAChBG;QACAW,iBAAiB;QACjBP;QACA,GAAIC,uBAAuB;UAAEA;QAAoB;MACnD,CAAA;AAEA,UAAIO;AACJ,UAAIb,YAAY;AACd,cAAM,EAAEc,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAGd;UAAYgB,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AACA,YAAMC,kBAAkD;QACtDpB;QACAH;QACAH;QACAe;QACAY,eAAe,GAAGlB,YAAYnB,MAAMsC,wBAAwB,uBAAuB;UAAElB,SAASpB,MAAMuC;QAAc,CAAA,CAAA;QAClH,GAAIT,iBAAiB;UAAEA;QAAc;MACvC;AACA5B,cAAQC,IAAI,uCAAuCqC,KAAKC,UAAUL,eAAAA,CAAAA,EAAkB;AACpF,aAAO3B,SAASiC,KAAKN,eAAAA;IACvB,SAASO,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAK,iDAAiDkC,KAAAA;IAC3F;EACF,CAAA;AACF;AAzDgB9C;AA2DT,SAAS+C,yBAAyB9C,QAAgBC,SAA2BC,MAA0B;AAC5G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wCAAwC;AACpD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AACFP,cAAQC,IAAI,iCAAA;AACZ,YAAMa,gBAAwBR,QAAQM,KAAKE;AAC3C,YAAMN,eAAuBF,QAAQM,KAAKJ;AAE1C,YAAMmC,eACJ7B,iBAAiBN,eACb,MAAMX,QAAQ2B,MAAMoB,wBAAwB;QAC1C9B;QACAN;QACAqC,iBAAiB;MACnB,CAAA,IACAC;AACN,UAAI,CAACH,gBAAgB,CAACnC,gBAAgB,CAACM,eAAe;AACpDd,gBAAQC,IACN,oFAAoFa,aAAAA,mBAAgCN,YAAAA,EAAc;AAEpID,iBAASwC,aAAa;AACtB,cAAMC,cAAiC;UACrCC,QAAQN,eAAeA,aAAaM,SAAS;UAC7CR,OAAO;UACP3B;UACAN;UACA0C,aAAaP,eAAeA,aAAaO,cAAcC,KAAKC,IAAG;QACjE;AACA,eAAO7C,SAASiC,KAAKQ,WAAAA;MACvB;AAEA,UAAIK,sBAAwCC,iBAAiBC;AAC7D,UAAI,yBAAyBjD,QAAQM,MAAM;AACzCyC,8BAAsB/C,QAAQM,KAAKyC;MACrC;AAEA,UAAIG;AACJ,UAAIb,aAAaM,WAAW,QAAQ;AAClCO,wBAAiB,MAAM3D,QAAQ2B,MAAMiC,yBAAyB;UAC5D3C;UACAN;UACA6C;UACAR,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMa,eAAuFF,iBAAiBb;AAE9G,YAAMK,aAAiC;QACrCC,QAAQS,aAAaT;QACrB,GAAIS,aAAajB,QAAQ;UAAEA,OAAOiB,aAAajB,OAAOkB;QAAQ,IAAI,CAAC;QACnE7C;QACAN;QACA0C,aAAaQ,aAAaR;QAC1B,GAAIM,iBAAiBA,cAAcP,WAAWW,iCAAiCC,WAC3E;UACEC,SAAS,MAAMN,cAAcjD,SAASwD,eAAe;YAAEC,QAAQC;UAAc,CAAA;UAC7EC,cAAcV,cAAcU;QAC9B,IACA,CAAC;MACP;AACAlE,cAAQmE,MAAM,0BAA0B7B,KAAKC,UAAUS,UAAAA,CAAAA,EAAa;AACpE,UAAIU,aAAaT,WAAW,SAAS;AACnC1C,iBAASwC,aAAa;AACtB,eAAOxC,SAASiC,KAAKQ,UAAAA;MACvB;AACAzC,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKQ,UAAAA;IACvB,SAASP,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AA3EgBC;AA6ET,SAAS0B,qCAAqCxE,QAAgBC,SAA2BC,MAA0B;AACxH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOyE,OAAOnE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACtE,QAAI;AACF,YAAMO,gBAAwBR,QAAQG,OAAOK;AAC7C,YAAMN,eAAuBF,QAAQG,OAAOD;AAC5C,UAAI,CAACM,iBAAiB,CAACN,cAAc;AACnCR,gBAAQC,IAAI,6EAA6Ea,aAAAA,mBAAgCN,YAAAA,EAAc;AACvI,eAAOE,mBAAkBH,UAAU,KAAK,yCAAA;MAC1C;AACAA,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAK,MAAM3C,QAAQ2B,MAAM8C,oBAAoB;QAAE9D;QAAcM;MAAc,CAAA,CAAA;IAC7F,SAAS2B,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AApBgB2B;AAsBT,SAASG,uBAAuB3E,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,4CAA4C;AACxD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO4E,IAAItE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMkE,cAAc,MAAM5E,QAAQ2B,MAAMkD,kBAAiB;AACzDnE,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKiC,WAAAA;IACvB,SAAShC,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AAfgB8B;;;ACvKhB,SAASI,oBAAoB;AAC7B,SAASC,iCAAiD;AAI1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAhBb,OAgBaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,sCAAgC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AAC3EC,+BAAyB,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AACpEC,2CAAqC,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AAChFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAAmD;AACrD,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["PresentationDefinitionLocation","checkAuth","sendErrorResponse","CredentialMapper","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","definitionId","tenantId","version","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","presentationDefinitions","location","presentationDefinitionLocation","PresentationDefinitionLocation","TOPLEVEL_PRESENTATION_DEF","definition","definitionPayload","dcqlQuery","dcqlPayload","wrappedPresentation","oid4vpSubmission","presentations","presentation","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","AuthorizationResponseStateStatus","checkAuth","sendErrorResponse","uriWithBase","VerifiedDataMode","uuid","shaHasher","defaultHasher","createAuthRequestWebappEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","request","response","definitionId","params","sendErrorResponse","state","body","uuid","correlationId","qrCodeOpts","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","responseRedirectURI","response_redirect_uri","authRequestURI","agent","siopCreateAuthRequestURI","nonce","responseURIType","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","authStatusURI","webappAuthStatusPath","webappBaseURI","JSON","stringify","json","error","authStatusWebappEndpoint","requestState","siopGetAuthRequestState","errorOnNotFound","undefined","statusCode","statusBody","status","lastUpdated","Date","now","includeVerifiedData","VerifiedDataMode","NONE","responseState","siopGetAuthResponseState","overallState","message","AuthorizationResponseStateStatus","VERIFIED","payload","mergedPayloads","hasher","defaultHasher","verifiedData","debug","removeAuthRequestStateWebappEndpoint","delete","siopDeleteAuthState","getDefinitionsEndpoint","get","definitions","pdmGetDefinitions","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestWebappEndpoint","webappCreateAuthRequest","authStatusWebappEndpoint","webappAuthStatus","removeAuthRequestStateWebappEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
+{"version":3,"sources":["../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload, PresentationSubmission } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\nimport { DcqlQuery } from 'dcql'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n  const contentType = request.header('content-type')\n\n  if (contentType === 'application/json') {\n    const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n    return payload as AuthorizationResponsePayload\n  }\n\n  if (contentType === 'application/x-www-form-urlencoded') {\n    const payload = request.body as AuthorizationResponsePayload\n\n    // Parse presentation_submission if it's a string\n    if (typeof payload.presentation_submission === 'string') {\n      console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n      payload.presentation_submission = JSON.parse(payload.presentation_submission)\n    }\n\n    // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n    if (typeof payload.vp_token === 'string') {\n      const { vp_token } = payload\n\n      // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n      // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n      if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n        payload.vp_token = JSON.parse(vp_token)\n      }\n    }\n\n    return payload\n  }\n\n  throw new Error(\n    `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n  )\n}\n\nconst validatePresentationSubmission = (query: DcqlQuery, submission: PresentationSubmission): boolean => {\n  return query.credentials.every(credential => credential.id in submission)\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n    return\n  }\n  const path = opts?.path ?? '/siop/queries/:queryId/auth-responses/:correlationId'\n  router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n    try {\n      const { correlationId, queryId, tenantId, version } = request.params\n      if (!correlationId) {\n        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`)\n        return sendErrorResponse(response, 404, 'No authorization request could be found')\n      }\n      console.debug('Authorization Response (siop-sessions') // TODO use logger\n      console.debug(JSON.stringify(request.body, null, 2))\n      const definitionItems = await context.agent.pdmGetDefinitions({\n        filter: [\n          {\n            queryId,\n            ...(tenantId && { tenantId }),\n            ...(version && { version }),\n          },\n          {\n            id: queryId,\n          },\n        ],\n      })\n      if (definitionItems.length === 0) {\n        console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n        response.statusCode = 404\n        response.statusMessage = `No definition ${queryId}`\n        return response.send()\n      }\n\n      const authorizationResponse = parseAuthorizationResponse(request)\n      console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n      const definitionItem = definitionItems[0]\n      const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n        authorizationResponse,\n        correlationId,\n        dcqlQuery: definitionItem.query,\n      })\n\n      const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n      if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {\n        console.log('PRESENTATIONS:' + JSON.stringify(presentation, null, 2))\n        response.statusCode = 200\n\n        const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n          presentation_during_issuance_session: verifiedResponse.correlationId,\n        }\n        if (authorizationResponse.is_first_party) {\n          response.setHeader('Content-Type', 'application/json')\n          return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n        }\n\n        const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, queryId, state: verifiedResponse.state })\n        if (responseRedirectURI) {\n          response.setHeader('Content-Type', 'application/json')\n          return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n        }\n        // todo: delete session\n      } else {\n        console.log('Missing Presentation (Verifiable Credentials)')\n        response.statusCode = 500\n        response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n      }\n      return response.send()\n    } catch (error) {\n      console.error(error)\n      return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n    }\n  })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`getAuthRequest SIOP endpoint is disabled`)\n    return\n  }\n  const path = opts?.path ?? '/siop/queries/:queryId/auth-requests/:correlationId'\n  router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n    try {\n      const correlationId = request.params.correlationId\n      const queryId = request.params.queryId\n      if (!correlationId || !queryId) {\n        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)\n        return sendErrorResponse(response, 404, 'No authorization request could be found')\n      }\n      const requestState = await context.agent.siopGetAuthRequestState({\n        correlationId,\n        errorOnNotFound: false,\n      })\n      if (!requestState) {\n        console.log(\n          `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`,\n        )\n        return sendErrorResponse(response, 404, `No authorization request could be found`)\n      }\n\n      const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ queryId }] });\n      if (definitionItems.length === 0) {\n        console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n        response.statusCode = 404\n        response.statusMessage = `No definition ${queryId}`\n        return response.send()\n      }\n      const payload = requestState.request?.requestObject?.getPayload()!\n      payload.dcql_query = definitionItems[0].query\n      const requestObject = await requestState.request?.requestObject?.toJwt()\n      console.log('JWT Request object:')\n      console.log(requestObject)\n\n      let error: string | undefined\n      try {\n        response.statusCode = 200\n        response.setHeader('Content-Type', 'application/jwt')\n        return response.send(requestObject)\n      } catch (e) {\n        error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n        return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n      } finally {\n        await context.agent.siopUpdateAuthRequestState({\n          correlationId,\n          state: 'authorization_request_created',\n          error,\n        })\n      }\n    } catch (error) {\n      return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n    }\n  })\n}\n","import {\n  AuthorizationRequestStateStatus,\n  CreateAuthorizationRequest,\n  createAuthorizationRequestFromPayload,\n  CreateAuthorizationRequestPayloadSchema,\n  CreateAuthorizationResponsePayload,\n} from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport {\n  AuthStatusResponse,\n  CreateAuthorizationRequestPayloadRequest,\n  CreateAuthorizationResponsePayloadResponse,\n  DeleteAuthorizationRequest,\n  GetAuthorizationRequestStatus,\n  ICreateAuthRequestWebappEndpointOpts,\n  IRequiredContext,\n  QRCodeOpts,\n} from './types'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n    return\n  }\n\n  const path = opts?.path ?? '/backend/auth/requests'\n  router.post(\n    path,\n    checkAuth(opts?.endpoint),\n    validateData(CreateAuthorizationRequestPayloadSchema),\n    async (request: CreateAuthorizationRequestPayloadRequest, response: CreateAuthorizationResponsePayloadResponse) => {\n      try {\n        const authRequest: CreateAuthorizationRequest = createAuthorizationRequestFromPayload(request.body)\n        const correlationId = authRequest.correlationId ?? uuid.uuid()\n        const qrCodeOpts = authRequest.qrCode ? ({ ...authRequest.qrCode } satisfies QRCodeOpts) : opts?.qrCodeOpts\n        const queryId = authRequest.queryId\n\n        const definitionItems = await context.agent.pdmGetDefinitions({\n          filter: [\n            { id: queryId }, // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version\n            { queryId },\n          ],\n        })\n        if (definitionItems.length === 0) {\n          console.log(`No query could be found for the given id. Query id: ${queryId}`)\n          return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n        }\n\n        const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {\n          baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI,\n        })\n        const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n        const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n          queryId,\n          correlationId,\n          nonce: uuid.uuid(),\n          requestByReferenceURI,\n          responseURIType: 'response_uri',\n          responseURI,\n          ...(authRequest.directPostResponseRedirectUri && { responseRedirectURI: authRequest.directPostResponseRedirectUri }),\n          ...(authRequest.callback && { callback: authRequest.callback }),\n        })\n\n        let qrCodeDataUri: string | undefined\n        if (qrCodeOpts) {\n          const { AwesomeQR } = await import('awesome-qr')\n          const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n          qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n        } else {\n          qrCodeDataUri = authRequestURI\n        }\n\n        const authRequestBody = {\n          query_id: queryId,\n          correlation_id: correlationId,\n          request_uri: authRequestURI,\n          status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n          ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n        } satisfies CreateAuthorizationResponsePayload\n        console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n        return response.status(201).json(authRequestBody)\n      } catch (error) {\n        return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n      }\n    },\n  )\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n    return\n  }\n\n  const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n  router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n    try {\n      const correlationId: string = request.params.correlationId\n\n      const authRequestState = await context.agent.siopGetAuthRequestState({\n        correlationId,\n        errorOnNotFound: false,\n      })\n      if (!authRequestState) {\n        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n        return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n      }\n\n      await context.agent.siopDeleteAuthState({ correlationId })\n\n      return response.status(204).json()\n    } catch (error) {\n      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n    }\n  })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`authStatus universal OID4VP endpoint is disabled`)\n    return\n  }\n\n  const path = opts?.path ?? '/backend/auth/status/:correlationId'\n  router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n    try {\n      console.log('Received auth-status request...')\n      const correlationId: string = request.params.correlationId\n\n      const requestState = await context.agent.siopGetAuthRequestState({\n        correlationId,\n        errorOnNotFound: false,\n      })\n\n      if (!requestState) {\n        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n        return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n      }\n\n      let responseState\n      if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {\n        responseState = await context.agent.siopGetAuthResponseState({\n          correlationId,\n          errorOnNotFound: false\n        })\n      }\n      const overallState = responseState ?? requestState\n\n      const statusBody = {\n        status: overallState.status,\n        correlation_id: overallState.correlationId,\n        query_id: overallState.queryId,\n        last_updated: overallState.lastUpdated,\n        ...('verifiedData' in overallState && { verified_data: overallState.verifiedData }),\n        ...(overallState.error && { message: overallState.error.message })\n      } satisfies AuthStatusResponse\n      console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n      if (overallState.status === 'error') {\n        return response.status(500).json(statusBody)\n      }\n      return response.status(200).json(statusBody)\n    } catch (error) {\n      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n    }\n  })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n  if (opts?.enabled === false) {\n    console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n    return\n  }\n\n  const path = opts?.path ?? '/backend/definitions'\n  router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n    try {\n      const definitions = await context.agent.pdmGetDefinitions()\n      response.statusCode = 200\n      return response.json(definitions)\n    } catch (error) {\n      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n    }\n  })\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n  return (req: Request, res: Response, next: NextFunction) => {\n    try {\n      schema.parse(req.body);\n      next();\n    } catch (error) {\n      if (error instanceof ZodError) {\n        const errorMessages = error.issues.map((issue: any) => ({\n          message: `${issue.path.join('.')} is ${issue.message}`,\n        }))\n        res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n      } else {\n        res.status(500).json({ status: 500, message: 'Internal Server Error' });\n      }\n    }\n  };\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n  authStatusUniversalOID4VPEndpoint,\n  createAuthRequestUniversalOID4VPEndpoint,\n  getDefinitionsEndpoint,\n  removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n  private readonly _express: Express\n  private readonly _router: Router\n  private readonly _agent: TAgent<ISIOPv2RP>\n  private readonly _opts?: ISIOPv2RPRestAPIOpts\n  private readonly _basePath: string\n\n  private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n  constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n    const { agent, opts } = args\n    this._agent = agent\n    copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n    if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n      copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n    }\n\n    this._opts = opts\n    this._express = args.expressSupport.express\n    this._router = express.Router()\n    const context = agentContext(agent)\n\n    const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n    console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n    // Webapp endpoints\n    if (features.includes('rp-status')) {\n      createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n      authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n      removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n      getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n    }\n\n    // SIOPv2 endpoints\n    if (features.includes('siop')) {\n      getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n      verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n    }\n    this._basePath = opts?.endpointOpts?.basePath ?? ''\n    this._express.use(this._basePath, this.router)\n    this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n    this.setupSwaggerUi()\n  }\n\n  private setupSwaggerUi() {\n    fetch(this.OID4VP_SWAGGER_URL)\n      .then((res) => res.json())\n      .then((swagger: any) => {\n        const apiDocs = `${this._basePath}/api-docs`\n        console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n        this._router.use(\n          '/api-docs',\n          (req: Request, res: Response, next: any) => {\n            const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n            swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n            // @ts-ignore\n            req.swaggerDoc = swagger\n            next()\n          },\n          swaggerUi.serveFiles(swagger, options),\n          swaggerUi.setup(),\n        )\n      })\n      .catch((err) => {\n        console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n      })\n    const options = {\n      // customCss: '.swagger-ui .topbar { display: none }',\n    }\n  }\n  get express(): Express {\n    return this._express\n  }\n\n  get router(): Router {\n    return this._router\n  }\n\n  get agent(): TAgent<ISIOPv2RP> {\n    return this._agent\n  }\n\n  get opts(): ISIOPv2RPRestAPIOpts | undefined {\n    return this._opts\n  }\n}\n"],"mappings":";;;;AACA,SAASA,WAAgCC,yBAAyB;AAElE,SAASC,wBAAwB;AAKjC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoCnC,IAAMe,iCAAiC,wBAACC,OAAkBC,eAAAA;AACxD,SAAOD,MAAME,YAAYC,MAAMC,CAAAA,eAAcA,WAAWC,MAAMJ,UAAAA;AAChE,GAFuC;AAIhC,SAASK,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,SAASC,UAAUC,QAAO,IAAKpC,QAAQqC;AAC9D,UAAI,CAACJ,eAAe;AAClBzB,gBAAQC,IAAI,6EAA6EwB,aAAAA,EAAe;AACxG,eAAOK,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAxB,cAAQ+B,MAAM,uCAAA;AACd/B,cAAQ+B,MAAMlC,KAAKmC,UAAUxC,QAAQI,MAAM,MAAM,CAAA,CAAA;AACjD,YAAMqC,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAC5DC,QAAQ;UACN;YACEV;YACA,GAAIC,YAAY;cAAEA;YAAS;YAC3B,GAAIC,WAAW;cAAEA;YAAQ;UAC3B;UACA;YACEd,IAAIY;UACN;;MAEJ,CAAA;AACA,UAAIO,gBAAgBI,WAAW,GAAG;AAChCrC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB,iBAAiBb,OAAAA;AAC1C,eAAOF,SAASgB,KAAI;MACtB;AAEA,YAAMC,wBAAwBlD,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAKmC,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAM1B,QAAQiB,MAAMU,uBAAuB;QAClEH;QACAhB;QACAoB,WAAWH,eAAejC;MAC5B,CAAA;AAEA,YAAMqC,eAAeH,kBAAkBI,kBAAkBD;AACzD,UAAIA,gBAAgBtC,+BAA+BkC,eAAejC,OAAOqC,YAAAA,GAAe;AACtF9C,gBAAQC,IAAI,mBAAmBJ,KAAKmC,UAAUc,cAAc,MAAM,CAAA,CAAA;AAClEtB,iBAASc,aAAa;AAEtB,cAAMU,2CAAqF;UACzFC,sCAAsCN,iBAAiBlB;QACzD;AACA,YAAIgB,sBAAsBS,gBAAgB;AACxC1B,mBAAS2B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO3B,SAASgB,KAAK3C,KAAKmC,UAAUgB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMnC,QAAQiB,MAAMmB,mBAAmB;UAAE5B;UAAeC;UAAS4B,OAAOX,iBAAiBW;QAAM,CAAA;AAC3H,YAAIF,qBAAqB;AACvB5B,mBAAS2B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO3B,SAASgB,KAAK3C,KAAKmC,UAAU;YAAEuB,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLpD,gBAAQC,IAAI,+CAAA;AACZuB,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB;MAC3B;AACA,aAAOf,SAASgB,KAAI;IACtB,SAASgB,OAAO;AACdxD,cAAQwD,MAAMA,KAAAA;AACd,aAAO1B,kBAAkBN,UAAU,KAAK,gCAAgCgC,KAAAA;IAC1E;EACF,CAAA;AACF;AA1EgBzC;AA4ET,SAAS0C,6BAA6BzC,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO0C,IAAItC,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgBjC,QAAQqC,OAAOJ;AACrC,YAAMC,UAAUlC,QAAQqC,OAAOH;AAC/B,UAAI,CAACD,iBAAiB,CAACC,SAAS;AAC9B1B,gBAAQC,IAAI,6EAA6EwB,aAAAA,cAA2BC,OAAAA,EAAS;AAC7H,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMmC,eAAe,MAAM1C,QAAQiB,MAAM0B,wBAAwB;QAC/DnC;QACAoC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjB3D,gBAAQC,IACN,kGAAkGwB,aAAAA,mBAAgCC,OAAAA,EAAS;AAE7I,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AAEA,YAAMS,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAEV;UAAQ;;MAAG,CAAA;AACtF,UAAIO,gBAAgBI,WAAW,GAAG;AAChCrC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB,iBAAiBb,OAAAA;AAC1C,eAAOF,SAASgB,KAAI;MACtB;AACA,YAAM7C,UAAUgE,aAAanE,SAASsE,eAAeC,WAAAA;AACrDpE,cAAQqE,aAAa/B,gBAAgB,CAAA,EAAGxB;AACxC,YAAMqD,gBAAgB,MAAMH,aAAanE,SAASsE,eAAeG,MAAAA;AACjEjE,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI6D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFhC,iBAASc,aAAa;AACtBd,iBAAS2B,UAAU,gBAAgB,iBAAA;AACnC,eAAO3B,SAASgB,KAAKsB,aAAAA;MACvB,SAASI,GAAG;AACVV,gBAAQ,OAAOU,MAAM,WAAWA,IAAIA,aAAa3D,QAAQ2D,EAAEC,UAAUC;AACrE,eAAOtC,kBAAkBN,UAAU,KAAK,uCAAuC0C,CAAAA;MACjF,UAAA;AACE,cAAMjD,QAAQiB,MAAMmC,2BAA2B;UAC7C5C;UACA6B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAO1B,kBAAkBN,UAAU,KAAK,uCAAuCgC,KAAAA;IACjF;EACF,CAAA;AACF;AAzDgBC;;;AC5HhB,SACEa,iCAEAC,uCACAC,+CAEK;AACP,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAASC,mBAAmB;AAE5B,OAAOC,UAAU;;;ACTjB,SAAYC,gBAAgB;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,UAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ADoBrB,SAASM,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KACLD,MACAE,WAAUN,MAAMO,QAAAA,GAChBC,aAAaC,uCAAAA,GACb,OAAOC,SAAmDC,aAAAA;AACxD,QAAI;AACF,YAAMC,cAA0CC,sCAAsCH,QAAQI,IAAI;AAClG,YAAMC,gBAAgBH,YAAYG,iBAAiBC,KAAKA,KAAI;AAC5D,YAAMC,aAAaL,YAAYM,SAAU;QAAE,GAAGN,YAAYM;MAAO,IAA0BlB,MAAMiB;AACjG,YAAME,UAAUP,YAAYO;AAE5B,YAAMC,kBAAkB,MAAMrB,QAAQsB,MAAMC,kBAAkB;QAC5DC,QAAQ;UACN;YAAEC,IAAIL;UAAQ;UACd;YAAEA;UAAQ;;MAEd,CAAA;AACA,UAAIC,gBAAgBK,WAAW,GAAG;AAChCvB,gBAAQC,IAAI,uDAAuDgB,OAAAA,EAAS;AAC5E,eAAOO,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC5F;AAEA,YAAMC,wBAAwBC,YAAY,iBAAiBX,OAAAA,kBAAyBJ,aAAAA,IAAiB;QACnGgB,SAASnB,YAAYoB,kBAAkBhC,MAAMiC;MAC/C,CAAA;AACA,YAAMC,cAAcJ,YAAY,iBAAiBX,OAAAA,mBAA0BJ,aAAAA,IAAiB;QAAEgB,SAAS/B,MAAMiC;MAAY,CAAA;AAEzH,YAAME,iBAAiB,MAAMpC,QAAQsB,MAAMe,yBAAyB;QAClEjB;QACAJ;QACAsB,OAAOrB,KAAKA,KAAI;QAChBa;QACAS,iBAAiB;QACjBJ;QACA,GAAItB,YAAY2B,iCAAiC;UAAEC,qBAAqB5B,YAAY2B;QAA8B;QAClH,GAAI3B,YAAY6B,YAAY;UAAEA,UAAU7B,YAAY6B;QAAS;MAC/D,CAAA;AAEA,UAAIC;AACJ,UAAIzB,YAAY;AACd,cAAM,EAAE0B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMzB,SAAS,IAAIyB,UAAU;UAAE,GAAG1B;UAAY2B,MAAMT;QAAe,CAAA;AACnEO,wBAAgB,0BAA0B,MAAMxB,OAAO2B,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E,OAAO;AACLJ,wBAAgBP;MAClB;AAEA,YAAMY,kBAAkB;QACtBC,UAAU7B;QACV8B,gBAAgBlC;QAChBmC,aAAaf;QACbgB,YAAY,GAAGrB,YAAY9B,MAAMoD,wBAAwB,wBAAwBrC,aAAAA,IAAiB;UAAEgB,SAAS/B,MAAMqD;QAAc,CAAA,CAAA;QACjI,GAAIX,iBAAiB;UAAEY,QAAQZ;QAAc;MAC/C;AACAxC,cAAQC,IAAI,uCAAuCoD,KAAKC,UAAUT,eAAAA,CAAAA,EAAkB;AAEpF,aAAOpC,SAASgB,OAAO,GAAA,EAAK8B,KAAKV,eAAAA;IACnC,SAASW,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS;MAAgD,GAAG8B,KAAAA;IACrH;EACF,CAAA;AAEJ;AArEgB7D;AAuET,SAAS8D,8CAA8C7D,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO8D,OAAOxD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMI,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAM+C,mBAAmB,MAAM/D,QAAQsB,MAAM0C,wBAAwB;QACnEhD;QACAiD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB5D,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,eAAOW,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAM7B,QAAQsB,MAAM4C,oBAAoB;QAAElD;MAAc,CAAA;AAExD,aAAOJ,SAASgB,OAAO,GAAA,EAAK8B,KAAI;IAClC,SAASC,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCpE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMY,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAMqD,eAAe,MAAMrE,QAAQsB,MAAM0C,wBAAwB;QAC/DhD;QACAiD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBlE,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,eAAOW,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAIyC;AACJ,UAAID,aAAazC,WAAW2C,gCAAgCC,WAAW;AACrEF,wBAAgB,MAAMtE,QAAQsB,MAAMmD,yBAAyB;UAC3DzD;UACAiD,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMS,eAAeJ,iBAAiBD;AAEtC,YAAMM,aAAa;QACjB/C,QAAQ8C,aAAa9C;QACrBsB,gBAAgBwB,aAAa1D;QAC7BiC,UAAUyB,aAAatD;QACvBwD,cAAcF,aAAaG;QAC3B,GAAI,kBAAkBH,gBAAgB;UAAEI,eAAeJ,aAAaK;QAAa;QACjF,GAAIL,aAAaf,SAAS;UAAE9B,SAAS6C,aAAaf,MAAM9B;QAAQ;MAClE;AACA1B,cAAQ6E,MAAM,0BAA0BxB,KAAKC,UAAUkB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAa9C,WAAW,SAAS;AACnC,eAAOhB,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;MACnC;AACA,aAAO/D,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;IACnC,SAAShB,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAjDgBQ;AAmDT,SAASc,uBAAuBlF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMsE,cAAc,MAAMlF,QAAQsB,MAAMC,kBAAiB;AACzDX,eAASuE,aAAa;AACtB,aAAOvE,SAAS8C,KAAKwB,WAAAA;IACvB,SAASvB,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBsB;;;AE9KhB,SAASG,oBAAoB;AAC7B,SAASC,iCAAiD;AAG1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["checkAuth","sendErrorResponse","CredentialMapper","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","validatePresentationSubmission","query","submission","credentials","every","credential","id","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","queryId","tenantId","version","params","sendErrorResponse","debug","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQuery","presentation","oid4vpSubmission","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","getPayload","dcql_query","toJwt","e","message","undefined","siopUpdateAuthRequestState","AuthorizationRequestStateStatus","createAuthorizationRequestFromPayload","CreateAuthorizationRequestPayloadSchema","checkAuth","sendErrorResponse","uriWithBase","uuid","ZodError","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestPayloadSchema","request","response","authRequest","createAuthorizationRequestFromPayload","body","correlationId","uuid","qrCodeOpts","qrCode","queryId","definitionItems","agent","pdmGetDefinitions","filter","id","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","requestUriBase","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","directPostResponseRedirectUri","responseRedirectURI","callback","qrCodeDataUri","AwesomeQR","text","draw","toString","authRequestBody","query_id","correlation_id","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","AuthorizationRequestStateStatus","RETRIEVED","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","verified_data","verifiedData","debug","getDefinitionsEndpoint","definitions","statusCode","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api",
-  "version": "0.34.1-feat.SSISDK.35.63+2245b8dc",
+  "version": "0.34.1-feat.SSISDK.55.243+668150e4",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -23,16 +23,16 @@
     "start:dev": "ts-node __tests__/RestAPI.ts"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.19.1-feature.SSISDK.13.32",
-    "@sphereon/ssi-express-support": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-sdk.core": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-sdk.credential-validation": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-sdk.pd-manager": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-types": "0.34.1-feat.SSISDK.35.63+2245b8dc",
+    "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.175",
+    "@sphereon/ssi-express-support": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.core": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.credential-validation": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.pd-manager": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-types": "0.34.1-feat.SSISDK.55.243+668150e4",
     "@veramo/core": "4.2.0",
     "@veramo/credential-w3c": "4.2.0",
     "awesome-qr": "^2.1.5-rc.0",
@@ -44,18 +44,22 @@
     "express": "^4.19.2",
     "short-uuid": "^4.2.2",
     "swagger-ui-express": "^5.0.1",
-    "uuid": "^9.0.1"
+    "uuid": "^9.0.1",
+    "zod": "^4.1.5"
   },
   "devDependencies": {
     "@decentralized-identity/ion-sdk": "^0.6.0",
-    "@sphereon/did-auth-siop-adapter": "0.19.1-feature.SSISDK.13.32",
+    "@sphereon/did-auth-siop-adapter": "0.19.1-feature.DIIPv4.175",
     "@sphereon/did-uni-client": "^0.6.3",
     "@sphereon/pex": "5.0.0-unstable.28",
     "@sphereon/pex-models": "^2.3.2",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-feat.SSISDK.35.63+2245b8dc",
-    "@sphereon/ssi-sdk.data-store": "0.34.1-feat.SSISDK.35.63+2245b8dc",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.data-store": "0.34.1-feat.SSISDK.55.243+668150e4",
+    "@sphereon/ssi-sdk.data-store-types": "0.34.1-feat.SSISDK.55.243+668150e4",
     "@types/body-parser": "^1.19.5",
     "@types/cookie-parser": "^1.4.7",
     "@types/cors": "^2.8.17",
@@ -79,6 +83,7 @@
     "@veramo/key-manager": "4.2.0",
     "@veramo/kms-local": "4.2.0",
     "@veramo/utils": "4.2.0",
+    "dcql": "1.0.1",
     "debug": "^4.4.0",
     "did-resolver": "^4.1.0",
     "morgan": "^1.10.0",
@@ -114,5 +119,5 @@
     "OpenID Connect",
     "Authenticator"
   ],
-  "gitHead": "2245b8dcad9012c87106493be9d8db2f5c04bdbf"
+  "gitHead": "668150e41a23897fd89a05a1971eaeb345f71737"
 }

package/src/index.ts

@@ -2,6 +2,6 @@
  * @public
  */
 export * from './siop-api-functions'
-export * from './webapp-api-functions'
+export * from './universal-oid4vp-api-functions'
 export * from './types'
 export * from './siopv2-rp-api-server'

package/src/middleware/validationMiddleware.ts

@@ -0,0 +1,20 @@
+import { Request, Response, NextFunction } from 'express';
+import { z, ZodError } from 'zod';
+
+export const validateData = (schema: z.ZodObject<any, any>) => {
+  return (req: Request, res: Response, next: NextFunction) => {
+    try {
+      schema.parse(req.body);
+      next();
+    } catch (error) {
+      if (error instanceof ZodError) {
+        const errorMessages = error.issues.map((issue: any) => ({
+          message: `${issue.path.join('.')} is ${issue.message}`,
+        }))
+        res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });
+      } else {
+        res.status(500).json({ status: 500, message: 'Internal Server Error' });
+      }
+    }
+  };
+}

package/src/siop-api-functions.ts

@@ -1,9 +1,10 @@
-import { AuthorizationResponsePayload, PresentationDefinitionLocation } from '@sphereon/did-auth-siop'
+import { AuthorizationResponsePayload, PresentationSubmission } from '@sphereon/did-auth-siop'
 import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
-import { CredentialMapper } from '@sphereon/ssi-types'
 import { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
+import { CredentialMapper } from '@sphereon/ssi-types'
 import { Request, Response, Router } from 'express'
 import { IRequiredContext } from './types'
+import { DcqlQuery } from 'dcql'
 
 const parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {
   const contentType = request.header('content-type')
@@ -41,30 +42,41 @@ const parseAuthorizationResponse = (request: Request): AuthorizationResponsePayl
   )
 }
 
-export function verifyAuthResponseSIOPv2Endpoint(
-  router: Router,
-  context: IRequiredContext,
-  opts?: ISingleEndpointOpts & { presentationDefinitionLocation?: PresentationDefinitionLocation },
-) {
+const validatePresentationSubmission = (query: DcqlQuery, submission: PresentationSubmission): boolean => {
+  return query.credentials.every(credential => credential.id in submission)
+}
+
+export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
   if (opts?.enabled === false) {
     console.log(`verifyAuthResponse SIOP endpoint is disabled`)
     return
   }
-  const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'
+  const path = opts?.path ?? '/siop/queries/:queryId/auth-responses/:correlationId'
   router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
     try {
-      const { correlationId, definitionId, tenantId, version } = request.params
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)
+      const { correlationId, queryId, tenantId, version } = request.params
+      if (!correlationId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`)
         return sendErrorResponse(response, 404, 'No authorization request could be found')
       }
-      console.log('Authorization Response (siop-sessions')
-      console.log(JSON.stringify(request.body, null, 2))
-      const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })
+      console.debug('Authorization Response (siop-sessions') // TODO use logger
+      console.debug(JSON.stringify(request.body, null, 2))
+      const definitionItems = await context.agent.pdmGetDefinitions({
+        filter: [
+          {
+            queryId,
+            ...(tenantId && { tenantId }),
+            ...(version && { version }),
+          },
+          {
+            id: queryId,
+          },
+        ],
+      })
       if (definitionItems.length === 0) {
-        console.log(`Could not get definition ${definitionId} from agent. Will return 404`)
+        console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)
         response.statusCode = 404
-        response.statusMessage = `No definition ${definitionId}`
+        response.statusMessage = `No definition ${queryId}`
         return response.send()
       }
 
@@ -75,21 +87,12 @@ export function verifyAuthResponseSIOPv2Endpoint(
       const verifiedResponse = await context.agent.siopVerifyAuthResponse({
         authorizationResponse,
         correlationId,
-        definitionId,
-        presentationDefinitions: [
-          {
-            location: opts?.presentationDefinitionLocation ?? PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF,
-            definition: definitionItem.definitionPayload,
-          },
-        ],
-        dcqlQuery: definitionItem.dcqlPayload,
+        dcqlQuery: definitionItem.query,
       })
 
-      const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentations[0]
-      if (wrappedPresentation) {
-        // const credentialSubject = wrappedPresentation.presentation.verifiableCredential[0]?.credential?.credentialSubject
-        // console.log(JSON.stringify(credentialSubject, null, 2))
-        console.log('PRESENTATION:' + JSON.stringify(wrappedPresentation.presentation, null, 2))
+      const presentation = verifiedResponse?.oid4vpSubmission?.presentation
+      if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {
+        console.log('PRESENTATIONS:' + JSON.stringify(presentation, null, 2))
         response.statusCode = 200
 
         const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {
@@ -100,7 +103,7 @@ export function verifyAuthResponseSIOPv2Endpoint(
           return response.send(JSON.stringify(authorizationChallengeValidationResponse))
         }
 
-        const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })
+        const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, queryId, state: verifiedResponse.state })
         if (responseRedirectURI) {
           response.setHeader('Content-Type', 'application/json')
           return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))
@@ -124,26 +127,35 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
     console.log(`getAuthRequest SIOP endpoint is disabled`)
     return
   }
-  const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'
+  const path = opts?.path ?? '/siop/queries/:queryId/auth-requests/:correlationId'
   router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
     try {
       const correlationId = request.params.correlationId
-      const definitionId = request.params.definitionId
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)
+      const queryId = request.params.queryId
+      if (!correlationId || !queryId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)
         return sendErrorResponse(response, 404, 'No authorization request could be found')
       }
       const requestState = await context.agent.siopGetAuthRequestState({
         correlationId,
-        definitionId,
         errorOnNotFound: false,
       })
       if (!requestState) {
         console.log(
-          `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,
+          `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`,
         )
         return sendErrorResponse(response, 404, `No authorization request could be found`)
       }
+
+      const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ queryId }] });
+      if (definitionItems.length === 0) {
+        console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)
+        response.statusCode = 404
+        response.statusMessage = `No definition ${queryId}`
+        return response.send()
+      }
+      const payload = requestState.request?.requestObject?.getPayload()!
+      payload.dcql_query = definitionItems[0].query
       const requestObject = await requestState.request?.requestObject?.toJwt()
       console.log('JWT Request object:')
       console.log(requestObject)
@@ -159,8 +171,7 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
       } finally {
         await context.agent.siopUpdateAuthRequestState({
           correlationId,
-          definitionId,
-          state: 'sent',
+          state: 'authorization_request_created',
           error,
         })
       }

package/src/siopv2-rp-api-server.ts

@@ -1,23 +1,22 @@
 import { agentContext } from '@sphereon/ssi-sdk.core'
 import { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'
-import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
 import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
 import { TAgent } from '@veramo/core'
 import express, { Express, Request, Response, Router } from 'express'
 import { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'
 import { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'
 import {
-  authStatusWebappEndpoint,
-  createAuthRequestWebappEndpoint,
+  authStatusUniversalOID4VPEndpoint,
+  createAuthRequestUniversalOID4VPEndpoint,
   getDefinitionsEndpoint,
-  removeAuthRequestStateWebappEndpoint,
-} from './webapp-api-functions'
+  removeAuthRequestStateUniversalOID4VPEndpoint,
+} from './universal-oid4vp-api-functions'
 import swaggerUi from 'swagger-ui-express'
 
 export class SIOPv2RPApiServer {
   private readonly _express: Express
   private readonly _router: Router
-  private readonly _agent: TAgent<IPresentationExchange & ISIOPv2RP>
+  private readonly _agent: TAgent<ISIOPv2RP>
   private readonly _opts?: ISIOPv2RPRestAPIOpts
   private readonly _basePath: string
 
@@ -40,9 +39,9 @@ export class SIOPv2RPApiServer {
 
     // Webapp endpoints
     if (features.includes('rp-status')) {
-      createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)
-      authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)
-      removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)
+      createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)
+      authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)
+      removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)
       getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)
     }
 
@@ -92,7 +91,7 @@ export class SIOPv2RPApiServer {
     return this._router
   }
 
-  get agent(): TAgent<IPresentationExchange & ISIOPv2RP> {
+  get agent(): TAgent<ISIOPv2RP> {
     return this._agent
   }
 

package/src/types/types.ts

@@ -1,11 +1,15 @@
+import { CreateAuthorizationRequestPayload, CreateAuthorizationResponsePayload } from '@sphereon/did-auth-siop'
 import { GenericAuthArgs, ISingleEndpointOpts } from '@sphereon/ssi-express-support'
-import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
+import { IPDManager } from '@sphereon/ssi-sdk.pd-manager'
+import { AuthorizationRequestStateStatus, AuthorizationResponseStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
 import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
 import { IAgentContext, ICredentialVerifier } from '@veramo/core'
-import { IPDManager } from '@sphereon/ssi-sdk.pd-manager'
+import { Request, Response } from 'express'
 import { QRCodeOpts } from './QRCode.types'
+import { VerifiedData } from '@sphereon/did-auth-siop'
 
 export type SiopFeatures = 'rp-status' | 'siop'
+
 export interface ISIOPv2RPRestAPIOpts {
   enableFeatures?: SiopFeatures[]
   endpointOpts?: {
@@ -28,5 +32,36 @@ export interface ICreateAuthRequestWebappEndpointOpts extends ISingleEndpointOpt
   responseRedirectURI?: string
 }
 
-export type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPresentationExchange & IPDManager
+export type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPDManager
 export type IRequiredContext = IAgentContext<IRequiredPlugins>
+
+export type CreateAuthorizationRequestPayloadRequest = Request<Record<string, never>, any, CreateAuthorizationRequestPayload, Record<string, never>>
+
+export type CreateAuthorizationResponsePayloadResponse = Response<CreateAuthorizationResponsePayload>
+
+export type DeleteAuthorizationRequest = Request<DeleteAuthorizationRequestPathParameters, any, Record<string, any>, Record<string, any>>
+
+export type DeleteAuthorizationRequestPathParameters = {
+  correlationId: string
+}
+
+export type GetAuthorizationRequestStatus = Request<GetAuthorizationRequestStatusPathParameters, any, Record<string, any>, Record<string, any>>
+
+export type GetAuthorizationRequestStatusPathParameters = {
+  correlationId: string
+}
+
+export type RequestError = {
+  status: number
+  message: string
+  error_details?: string
+}
+
+export interface AuthStatusResponse {
+  status: AuthorizationRequestStateStatus | AuthorizationResponseStateStatus
+  correlation_id: string
+  query_id: string
+  last_updated: number
+  verified_data?: VerifiedData
+  error?: RequestError
+}