@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feat.SSISDK.35.64 → 0.34.1-feat.SSISDK.55.244

package/dist/index.cjs

@@ -32,17 +32,16 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   SIOPv2RPApiServer: () => SIOPv2RPApiServer,
-  authStatusWebappEndpoint: () => authStatusWebappEndpoint,
-  createAuthRequestWebappEndpoint: () => createAuthRequestWebappEndpoint,
+  authStatusUniversalOID4VPEndpoint: () => authStatusUniversalOID4VPEndpoint,
+  createAuthRequestUniversalOID4VPEndpoint: () => createAuthRequestUniversalOID4VPEndpoint,
   getAuthRequestSIOPv2Endpoint: () => getAuthRequestSIOPv2Endpoint,
   getDefinitionsEndpoint: () => getDefinitionsEndpoint,
-  removeAuthRequestStateWebappEndpoint: () => removeAuthRequestStateWebappEndpoint,
+  removeAuthRequestStateUniversalOID4VPEndpoint: () => removeAuthRequestStateUniversalOID4VPEndpoint,
   verifyAuthResponseSIOPv2Endpoint: () => verifyAuthResponseSIOPv2Endpoint
 });
 module.exports = __toCommonJS(index_exports);
 
 // src/siop-api-functions.ts
-var import_did_auth_siop = require("@sphereon/did-auth-siop");
 var import_ssi_express_support = require("@sphereon/ssi-express-support");
 var import_ssi_types = require("@sphereon/ssi-types");
 var parseAuthorizationResponse = /* @__PURE__ */ __name((request) => {
@@ -67,34 +66,44 @@ var parseAuthorizationResponse = /* @__PURE__ */ __name((request) => {
   }
   throw new Error(`Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`);
 }, "parseAuthorizationResponse");
+var validatePresentationSubmission = /* @__PURE__ */ __name((query, submission) => {
+  return query.credentials.every((credential) => credential.id in submission);
+}, "validatePresentationSubmission");
 function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
   if (opts?.enabled === false) {
     console.log(`verifyAuthResponse SIOP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/siop/definitions/:definitionId/auth-responses/:correlationId";
+  const path = opts?.path ?? "/siop/queries/:queryId/auth-responses/:correlationId";
   router.post(path, (0, import_ssi_express_support.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
-      const { correlationId, definitionId, tenantId, version } = request.params;
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
+      const { correlationId, queryId, tenantId, version } = request.params;
+      if (!correlationId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`);
         return (0, import_ssi_express_support.sendErrorResponse)(response, 404, "No authorization request could be found");
       }
-      console.log("Authorization Response (siop-sessions");
-      console.log(JSON.stringify(request.body, null, 2));
+      console.debug("Authorization Response (siop-sessions");
+      console.debug(JSON.stringify(request.body, null, 2));
       const definitionItems = await context.agent.pdmGetDefinitions({
         filter: [
           {
-            definitionId,
-            tenantId,
-            version
+            queryId,
+            ...tenantId && {
+              tenantId
+            },
+            ...version && {
+              version
+            }
+          },
+          {
+            id: queryId
           }
         ]
       });
       if (definitionItems.length === 0) {
-        console.log(`Could not get definition ${definitionId} from agent. Will return 404`);
+        console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
         response.statusCode = 404;
-        response.statusMessage = `No definition ${definitionId}`;
+        response.statusMessage = `No definition ${queryId}`;
         return response.send();
       }
       const authorizationResponse = parseAuthorizationResponse(request);
@@ -103,18 +112,11 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
       const verifiedResponse = await context.agent.siopVerifyAuthResponse({
         authorizationResponse,
         correlationId,
-        definitionId,
-        presentationDefinitions: [
-          {
-            location: opts?.presentationDefinitionLocation ?? import_did_auth_siop.PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF,
-            definition: definitionItem.definitionPayload
-          }
-        ],
-        dcqlQuery: definitionItem.dcqlPayload
+        dcqlQuery: definitionItem.query
       });
-      const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentations[0];
-      if (wrappedPresentation) {
-        console.log("PRESENTATION:" + JSON.stringify(wrappedPresentation.presentation, null, 2));
+      const presentation = verifiedResponse?.oid4vpSubmission?.presentation;
+      if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {
+        console.log("PRESENTATIONS:" + JSON.stringify(presentation, null, 2));
         response.statusCode = 200;
         const authorizationChallengeValidationResponse = {
           presentation_during_issuance_session: verifiedResponse.correlationId
@@ -125,7 +127,6 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
         }
         const responseRedirectURI = await context.agent.siopGetRedirectURI({
           correlationId,
-          definitionId,
           state: verifiedResponse.state
         });
         if (responseRedirectURI) {
@@ -152,24 +153,38 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
     console.log(`getAuthRequest SIOP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/siop/definitions/:definitionId/auth-requests/:correlationId";
+  const path = opts?.path ?? "/siop/queries/:queryId/auth-requests/:correlationId";
   router.get(path, (0, import_ssi_express_support.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
       const correlationId = request.params.correlationId;
-      const definitionId = request.params.definitionId;
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
+      const queryId = request.params.queryId;
+      if (!correlationId || !queryId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`);
         return (0, import_ssi_express_support.sendErrorResponse)(response, 404, "No authorization request could be found");
       }
       const requestState = await context.agent.siopGetAuthRequestState({
         correlationId,
-        definitionId,
         errorOnNotFound: false
       });
       if (!requestState) {
-        console.log(`No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`);
+        console.log(`No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`);
         return (0, import_ssi_express_support.sendErrorResponse)(response, 404, `No authorization request could be found`);
       }
+      const definitionItems = await context.agent.pdmGetDefinitions({
+        filter: [
+          {
+            queryId
+          }
+        ]
+      });
+      if (definitionItems.length === 0) {
+        console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
+        response.statusCode = 404;
+        response.statusMessage = `No definition ${queryId}`;
+        return response.send();
+      }
+      const payload = requestState.request?.requestObject?.getPayload();
+      payload.dcql_query = definitionItems[0].query;
       const requestObject = await requestState.request?.requestObject?.toJwt();
       console.log("JWT Request object:");
       console.log(requestObject);
@@ -184,8 +199,7 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
       } finally {
         await context.agent.siopUpdateAuthRequestState({
           correlationId,
-          definitionId,
-          state: "sent",
+          state: "authorization_request_created",
           error
         });
       }
@@ -196,45 +210,89 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
 }
 __name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
 
-// src/webapp-api-functions.ts
-var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
+// src/universal-oid4vp-api-functions.ts
+var import_did_auth_siop = require("@sphereon/did-auth-siop");
 var import_ssi_express_support2 = require("@sphereon/ssi-express-support");
 var import_ssi_sdk = require("@sphereon/ssi-sdk.siopv2-oid4vp-common");
-var import_ssi_sdk2 = require("@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth");
 var import_short_uuid = __toESM(require("short-uuid"), 1);
-var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
-function createAuthRequestWebappEndpoint(router, context, opts) {
+
+// src/middleware/validationMiddleware.ts
+var import_zod = require("zod");
+var validateData = /* @__PURE__ */ __name((schema) => {
+  return (req, res, next) => {
+    try {
+      schema.parse(req.body);
+      next();
+    } catch (error) {
+      if (error instanceof import_zod.ZodError) {
+        const errorMessages = error.issues.map((issue) => ({
+          message: `${issue.path.join(".")} is ${issue.message}`
+        }));
+        res.status(400).json({
+          status: 400,
+          message: "Invalid data",
+          error_details: errorMessages[0].message
+        });
+      } else {
+        res.status(500).json({
+          status: 500,
+          message: "Internal Server Error"
+        });
+      }
+    }
+  };
+}, "validateData");
+
+// src/universal-oid4vp-api-functions.ts
+function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`createAuthRequest Webapp endpoint is disabled`);
+    console.log(`createAuthRequest universal OID4VP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests";
-  router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
+  const path = opts?.path ?? "/backend/auth/requests";
+  router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), validateData(import_did_auth_siop.CreateAuthorizationRequestPayloadSchema), async (request, response) => {
     try {
-      const definitionId = request.params.definitionId;
-      if (!definitionId) {
-        return (0, import_ssi_express_support2.sendErrorResponse)(response, 400, "No definitionId query parameter provided");
+      const authRequest = (0, import_did_auth_siop.createAuthorizationRequestFromPayload)(request.body);
+      const correlationId = authRequest.correlationId ?? import_short_uuid.default.uuid();
+      const qrCodeOpts = authRequest.qrCode ? {
+        ...authRequest.qrCode
+      } : opts?.qrCodeOpts;
+      const queryId = authRequest.queryId;
+      const definitionItems = await context.agent.pdmGetDefinitions({
+        filter: [
+          {
+            id: queryId
+          },
+          {
+            queryId
+          }
+        ]
+      });
+      if (definitionItems.length === 0) {
+        console.log(`No query could be found for the given id. Query id: ${queryId}`);
+        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
+          status: 404,
+          message: "No query could be found"
+        });
       }
-      const state = request.body.state ?? import_short_uuid.default.uuid();
-      const correlationId = request.body.correlationId ?? state;
-      const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts;
-      const requestByReferenceURI = (0, import_ssi_sdk.uriWithBase)(`/siop/definitions/${definitionId}/auth-requests/${state}`, {
-        baseURI: opts?.siopBaseURI
+      const requestByReferenceURI = (0, import_ssi_sdk.uriWithBase)(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {
+        baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI
       });
-      const responseURI = (0, import_ssi_sdk.uriWithBase)(`/siop/definitions/${definitionId}/auth-responses/${state}`, {
+      const responseURI = (0, import_ssi_sdk.uriWithBase)(`/siop/queries/${queryId}/auth-responses/${correlationId}`, {
         baseURI: opts?.siopBaseURI
       });
-      const responseRedirectURI = ("response_redirect_uri" in request.body && request.body.response_redirect_uri) ?? ("responseRedirectURI" in request.body && request.body.responseRedirectURI);
       const authRequestURI = await context.agent.siopCreateAuthRequestURI({
-        definitionId,
+        queryId,
         correlationId,
-        state,
         nonce: import_short_uuid.default.uuid(),
         requestByReferenceURI,
         responseURIType: "response_uri",
         responseURI,
-        ...responseRedirectURI && {
-          responseRedirectURI
+        ...authRequest.directPostResponseRedirectUri && {
+          responseRedirectURI: authRequest.directPostResponseRedirectUri
+        },
+        ...authRequest.callback && {
+          callback: authRequest.callback
         }
       });
       let qrCodeDataUri;
@@ -245,142 +303,142 @@ function createAuthRequestWebappEndpoint(router, context, opts) {
           text: authRequestURI
         });
         qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw()).toString("base64")}`;
+      } else {
+        qrCodeDataUri = authRequestURI;
       }
       const authRequestBody = {
-        correlationId,
-        state,
-        definitionId,
-        authRequestURI,
-        authStatusURI: `${(0, import_ssi_sdk.uriWithBase)(opts?.webappAuthStatusPath ?? "/webapp/auth-status", {
+        query_id: queryId,
+        correlation_id: correlationId,
+        request_uri: authRequestURI,
+        status_uri: `${(0, import_ssi_sdk.uriWithBase)(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, {
           baseURI: opts?.webappBaseURI
         })}`,
         ...qrCodeDataUri && {
-          qrCodeDataUri
+          qr_uri: qrCodeDataUri
         }
       };
       console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`);
-      return response.json(authRequestBody);
+      return response.status(201).json(authRequestBody);
     } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, "Could not create an authorization request URI", error);
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: "Could not create an authorization request URI"
+      }, error);
     }
   });
 }
-__name(createAuthRequestWebappEndpoint, "createAuthRequestWebappEndpoint");
-function authStatusWebappEndpoint(router, context, opts) {
+__name(createAuthRequestUniversalOID4VPEndpoint, "createAuthRequestUniversalOID4VPEndpoint");
+function removeAuthRequestStateUniversalOID4VPEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`authStatus Webapp endpoint is disabled`);
+    console.log(`removeAuthStatus universal OID4VP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/webapp/auth-status";
-  router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
+  const path = opts?.path ?? "/backend/auth/requests/:correlationId";
+  router.delete(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
-      console.log("Received auth-status request...");
-      const correlationId = request.body.correlationId;
-      const definitionId = request.body.definitionId;
-      const requestState = correlationId && definitionId ? await context.agent.siopGetAuthRequestState({
+      const correlationId = request.params.correlationId;
+      const authRequestState = await context.agent.siopGetAuthRequestState({
         correlationId,
-        definitionId,
         errorOnNotFound: false
-      }) : void 0;
-      if (!requestState || !definitionId || !correlationId) {
-        console.log(`No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`);
-        response.statusCode = 404;
-        const statusBody2 = {
-          status: requestState ? requestState.status : "error",
-          error: "No authentication request mapping could be found for the given URL.",
-          correlationId,
-          definitionId,
-          lastUpdated: requestState ? requestState.lastUpdated : Date.now()
-        };
-        return response.json(statusBody2);
+      });
+      if (!authRequestState) {
+        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
+        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
+          status: 404,
+          message: "No authorization request could be found"
+        });
       }
-      let includeVerifiedData = import_ssi_sdk2.VerifiedDataMode.NONE;
-      if ("includeVerifiedData" in request.body) {
-        includeVerifiedData = request.body.includeVerifiedData;
+      await context.agent.siopDeleteAuthState({
+        correlationId
+      });
+      return response.status(204).json();
+    } catch (error) {
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: error.message
+      }, error);
+    }
+  });
+}
+__name(removeAuthRequestStateUniversalOID4VPEndpoint, "removeAuthRequestStateUniversalOID4VPEndpoint");
+function authStatusUniversalOID4VPEndpoint(router, context, opts) {
+  if (opts?.enabled === false) {
+    console.log(`authStatus universal OID4VP endpoint is disabled`);
+    return;
+  }
+  const path = opts?.path ?? "/backend/auth/status/:correlationId";
+  router.get(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
+    try {
+      console.log("Received auth-status request...");
+      const correlationId = request.params.correlationId;
+      const requestState = await context.agent.siopGetAuthRequestState({
+        correlationId,
+        errorOnNotFound: false
+      });
+      if (!requestState) {
+        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
+        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
+          status: 404,
+          message: "No authorization request could be found"
+        });
       }
       let responseState;
-      if (requestState.status === "sent") {
+      if (requestState.status === import_did_auth_siop.AuthorizationRequestStateStatus.RETRIEVED) {
         responseState = await context.agent.siopGetAuthResponseState({
           correlationId,
-          definitionId,
-          includeVerifiedData,
           errorOnNotFound: false
         });
       }
       const overallState = responseState ?? requestState;
       const statusBody = {
         status: overallState.status,
-        ...overallState.error ? {
-          error: overallState.error?.message
-        } : {},
-        correlationId,
-        definitionId,
-        lastUpdated: overallState.lastUpdated,
-        ...responseState && responseState.status === import_did_auth_siop2.AuthorizationResponseStateStatus.VERIFIED ? {
-          payload: await responseState.response.mergedPayloads({
-            hasher: import_ssi_sdk3.shaHasher
-          }),
-          verifiedData: responseState.verifiedData
-        } : {}
+        correlation_id: overallState.correlationId,
+        query_id: overallState.queryId,
+        last_updated: overallState.lastUpdated,
+        ..."verifiedData" in overallState && {
+          verified_data: overallState.verifiedData
+        },
+        ...overallState.error && {
+          message: overallState.error.message
+        }
       };
       console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`);
       if (overallState.status === "error") {
-        response.statusCode = 500;
-        return response.json(statusBody);
-      }
-      response.statusCode = 200;
-      return response.json(statusBody);
-    } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
-    }
-  });
-}
-__name(authStatusWebappEndpoint, "authStatusWebappEndpoint");
-function removeAuthRequestStateWebappEndpoint(router, context, opts) {
-  if (opts?.enabled === false) {
-    console.log(`removeAuthStatus Webapp endpoint is disabled`);
-    return;
-  }
-  const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests/:correlationId";
-  router.delete(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
-    try {
-      const correlationId = request.params.correlationId;
-      const definitionId = request.params.definitionId;
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
-        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, "No authorization request could be found");
+        return response.status(500).json(statusBody);
       }
-      response.statusCode = 200;
-      return response.json(await context.agent.siopDeleteAuthState({
-        definitionId,
-        correlationId
-      }));
+      return response.status(200).json(statusBody);
     } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: error.message
+      }, error);
     }
   });
 }
-__name(removeAuthRequestStateWebappEndpoint, "removeAuthRequestStateWebappEndpoint");
+__name(authStatusUniversalOID4VPEndpoint, "authStatusUniversalOID4VPEndpoint");
 function getDefinitionsEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`getDefinitions Webapp endpoint is disabled`);
+    console.log(`getDefinitions universal OID4VP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/webapp/definitions";
+  const path = opts?.path ?? "/backend/definitions";
   router.get(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
       const definitions = await context.agent.pdmGetDefinitions();
       response.statusCode = 200;
       return response.json(definitions);
     } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: error.message
+      }, error);
     }
   });
 }
 __name(getDefinitionsEndpoint, "getDefinitionsEndpoint");
 
 // src/siopv2-rp-api-server.ts
-var import_ssi_sdk4 = require("@sphereon/ssi-sdk.core");
+var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
 var import_ssi_express_support3 = require("@sphereon/ssi-express-support");
 var import_express = __toESM(require("express"), 1);
 var import_swagger_ui_express = __toESM(require("swagger-ui-express"), 1);
@@ -417,16 +475,16 @@ var SIOPv2RPApiServer = class {
     this._opts = opts;
     this._express = args.expressSupport.express;
     this._router = import_express.default.Router();
-    const context = (0, import_ssi_sdk4.agentContext)(agent);
+    const context = (0, import_ssi_sdk2.agentContext)(agent);
     const features = opts?.enableFeatures ?? [
       "rp-status",
       "siop"
     ];
     console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`);
     if (features.includes("rp-status")) {
-      createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
-      authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
-      removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
+      createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
+      authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
+      removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
       getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions);
     }
     if (features.includes("siop")) {