@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.DIIPv4.144 → 0.34.1-feature.DIIPv4.152

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/index.cjs +202 -118
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +92 -6
  4. package/dist/index.d.ts +92 -6
  5. package/dist/index.js +198 -114
  6. package/dist/index.js.map +1 -1
  7. package/package.json +21 -18
  8. package/src/index.ts +1 -1
  9. package/src/middleware/validationMiddleware.ts +20 -0
  10. package/src/schemas/index.ts +51 -0
  11. package/src/siop-api-functions.ts +4 -5
  12. package/src/siopv2-rp-api-server.ts +7 -7
  13. package/src/types/types.ts +68 -1
  14. package/src/universal-oid4vp-api-functions.ts +171 -0
  15. package/src/webapp-api-functions.ts +0 -183
package/dist/index.cjs CHANGED
@@ -32,11 +32,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
32
32
  var index_exports = {};
33
33
  __export(index_exports, {
34
34
  SIOPv2RPApiServer: () => SIOPv2RPApiServer,
35
- authStatusWebappEndpoint: () => authStatusWebappEndpoint,
36
- createAuthRequestWebappEndpoint: () => createAuthRequestWebappEndpoint,
35
+ authStatusUniversalOID4VPEndpoint: () => authStatusUniversalOID4VPEndpoint,
36
+ createAuthRequestUniversalOID4VPEndpoint: () => createAuthRequestUniversalOID4VPEndpoint,
37
37
  getAuthRequestSIOPv2Endpoint: () => getAuthRequestSIOPv2Endpoint,
38
38
  getDefinitionsEndpoint: () => getDefinitionsEndpoint,
39
- removeAuthRequestStateWebappEndpoint: () => removeAuthRequestStateWebappEndpoint,
39
+ removeAuthRequestStateUniversalOID4VPEndpoint: () => removeAuthRequestStateUniversalOID4VPEndpoint,
40
40
  verifyAuthResponseSIOPv2Endpoint: () => verifyAuthResponseSIOPv2Endpoint
41
41
  });
42
42
  module.exports = __toCommonJS(index_exports);
@@ -102,7 +102,6 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
102
102
  const verifiedResponse = await context.agent.siopVerifyAuthResponse({
103
103
  authorizationResponse,
104
104
  correlationId,
105
- definitionId,
106
105
  dcqlQueryPayload: definitionItem.dcqlPayload
107
106
  });
108
107
  const presentation = verifiedResponse?.oid4vpSubmission?.presentation;
@@ -118,7 +117,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
118
117
  }
119
118
  const responseRedirectURI = await context.agent.siopGetRedirectURI({
120
119
  correlationId,
121
- definitionId,
120
+ queryId: definitionId,
122
121
  state: verifiedResponse.state
123
122
  });
124
123
  if (responseRedirectURI) {
@@ -156,7 +155,7 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
156
155
  }
157
156
  const requestState = await context.agent.siopGetAuthRequestState({
158
157
  correlationId,
159
- definitionId,
158
+ queryId: definitionId,
160
159
  errorOnNotFound: false
161
160
  });
162
161
  if (!requestState) {
@@ -177,8 +176,8 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
177
176
  } finally {
178
177
  await context.agent.siopUpdateAuthRequestState({
179
178
  correlationId,
180
- definitionId,
181
- state: "sent",
179
+ queryId: definitionId,
180
+ state: "authorization_request_created",
182
181
  error
183
182
  });
184
183
  }
@@ -189,45 +188,132 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
189
188
  }
190
189
  __name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
191
190
 
192
- // src/webapp-api-functions.ts
193
- var import_did_auth_siop = require("@sphereon/did-auth-siop");
191
+ // src/universal-oid4vp-api-functions.ts
192
+ var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
194
193
  var import_ssi_express_support2 = require("@sphereon/ssi-express-support");
195
- var import_ssi_sdk = require("@sphereon/ssi-sdk.siopv2-oid4vp-common");
196
- var import_ssi_sdk2 = require("@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth");
194
+ var import_ssi_sdk2 = require("@sphereon/ssi-sdk.siopv2-oid4vp-common");
197
195
  var import_short_uuid = __toESM(require("short-uuid"), 1);
198
- var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
199
- function createAuthRequestWebappEndpoint(router, context, opts) {
196
+
197
+ // src/middleware/validationMiddleware.ts
198
+ var import_zod = require("zod");
199
+ var validateData = /* @__PURE__ */ __name((schema) => {
200
+ return (req, res, next) => {
201
+ try {
202
+ schema.parse(req.body);
203
+ next();
204
+ } catch (error) {
205
+ if (error instanceof import_zod.ZodError) {
206
+ const errorMessages = error.issues.map((issue) => ({
207
+ message: `${issue.path.join(".")} is ${issue.message}`
208
+ }));
209
+ res.status(400).json({
210
+ status: 400,
211
+ message: "Invalid data",
212
+ error_details: errorMessages[0].message
213
+ });
214
+ } else {
215
+ res.status(500).json({
216
+ status: 500,
217
+ message: "Internal Server Error"
218
+ });
219
+ }
220
+ }
221
+ };
222
+ }, "validateData");
223
+
224
+ // src/schemas/index.ts
225
+ var import_zod2 = require("zod");
226
+ var import_ssi_sdk = require("@sphereon/ssi-sdk.siopv2-oid4vp-common");
227
+ var import_did_auth_siop = require("@sphereon/did-auth-siop");
228
+ var ResponseTypeSchema = import_zod2.z.enum([
229
+ import_did_auth_siop.ResponseType.VP_TOKEN
230
+ ]);
231
+ var ResponseModeSchema = import_zod2.z.enum([
232
+ import_did_auth_siop.ResponseMode.DIRECT_POST,
233
+ import_did_auth_siop.ResponseMode.DIRECT_POST_JWT
234
+ ]);
235
+ var requestUriMethods = [
236
+ "get",
237
+ "post"
238
+ ];
239
+ var RequestUriMethodSchema = import_zod2.z.enum(requestUriMethods);
240
+ var AuthorizationStatusSchema = import_zod2.z.enum([
241
+ ...import_ssi_sdk.authorizationRequestStatuses,
242
+ ...import_ssi_sdk.authorizationResponseStatuses
243
+ ]);
244
+ var CallbackOptsSchema = import_zod2.z.object({
245
+ url: import_zod2.z.string(),
246
+ status: import_zod2.z.array(AuthorizationStatusSchema).optional()
247
+ });
248
+ var QRCodeOptsSchema = import_zod2.z.object({
249
+ size: import_zod2.z.number().optional(),
250
+ color_dark: import_zod2.z.string().optional(),
251
+ color_light: import_zod2.z.string().optional()
252
+ });
253
+ var CreateAuthorizationRequestBodySchema = import_zod2.z.object({
254
+ query_id: import_zod2.z.string(),
255
+ client_id: import_zod2.z.string().optional(),
256
+ request_uri_base: import_zod2.z.string().optional(),
257
+ correlation_id: import_zod2.z.string().optional(),
258
+ request_uri_method: RequestUriMethodSchema.optional(),
259
+ response_type: ResponseTypeSchema.optional(),
260
+ response_mode: ResponseModeSchema.optional(),
261
+ transaction_data: import_zod2.z.array(import_zod2.z.string()).optional(),
262
+ qr_code: QRCodeOptsSchema.optional(),
263
+ direct_post_response_redirect_uri: import_zod2.z.string().optional(),
264
+ callback: CallbackOptsSchema.optional()
265
+ });
266
+ var CreateAuthorizationResponseSchema = import_zod2.z.object({
267
+ correlation_id: import_zod2.z.string(),
268
+ query_id: import_zod2.z.string(),
269
+ request_uri: import_zod2.z.string(),
270
+ status_uri: import_zod2.z.string(),
271
+ qr_uri: import_zod2.z.string().optional()
272
+ });
273
+
274
+ // src/universal-oid4vp-api-functions.ts
275
+ function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
200
276
  if (opts?.enabled === false) {
201
- console.log(`createAuthRequest Webapp endpoint is disabled`);
277
+ console.log(`createAuthRequest universal OID4VP endpoint is disabled`);
202
278
  return;
203
279
  }
204
- const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests";
205
- router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
280
+ const path = opts?.path ?? "/backend/auth/requests";
281
+ router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), validateData(CreateAuthorizationRequestBodySchema), async (request, response) => {
206
282
  try {
207
- const definitionId = request.params.definitionId;
208
- if (!definitionId) {
209
- return (0, import_ssi_express_support2.sendErrorResponse)(response, 400, "No definitionId query parameter provided");
283
+ const correlationId = request.body.correlation_id ?? import_short_uuid.default.uuid();
284
+ const qrCodeOpts = request.body.qr_code ?? opts?.qrCodeOpts;
285
+ const queryId = request.body.query_id;
286
+ const directPostResponseRedirectUri = request.body.direct_post_response_redirect_uri;
287
+ const requestUriBase = request.body.request_uri_base;
288
+ const definitionItems = await context.agent.pdmGetDefinitions({
289
+ filter: [
290
+ {
291
+ definitionId: queryId
292
+ }
293
+ ]
294
+ });
295
+ if (definitionItems.length === 0) {
296
+ console.log(`No query could be found for the given id. Query id: ${queryId}`);
297
+ return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
298
+ status: 404,
299
+ message: "No query could be found"
300
+ });
210
301
  }
211
- const state = request.body.state ?? import_short_uuid.default.uuid();
212
- const correlationId = request.body.correlationId ?? state;
213
- const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts;
214
- const requestByReferenceURI = (0, import_ssi_sdk.uriWithBase)(`/siop/definitions/${definitionId}/auth-requests/${state}`, {
215
- baseURI: opts?.siopBaseURI
302
+ const requestByReferenceURI = (0, import_ssi_sdk2.uriWithBase)(`/siop/definitions/${queryId}/auth-requests/${correlationId}`, {
303
+ baseURI: requestUriBase ?? opts?.siopBaseURI
216
304
  });
217
- const responseURI = (0, import_ssi_sdk.uriWithBase)(`/siop/definitions/${definitionId}/auth-responses/${state}`, {
305
+ const responseURI = (0, import_ssi_sdk2.uriWithBase)(`/siop/definitions/${queryId}/auth-responses/${correlationId}`, {
218
306
  baseURI: opts?.siopBaseURI
219
307
  });
220
- const responseRedirectURI = ("response_redirect_uri" in request.body && request.body.response_redirect_uri) ?? ("responseRedirectURI" in request.body && request.body.responseRedirectURI);
221
308
  const authRequestURI = await context.agent.siopCreateAuthRequestURI({
222
- definitionId,
309
+ queryId,
223
310
  correlationId,
224
- state,
225
311
  nonce: import_short_uuid.default.uuid(),
226
312
  requestByReferenceURI,
227
313
  responseURIType: "response_uri",
228
314
  responseURI,
229
- ...responseRedirectURI && {
230
- responseRedirectURI
315
+ ...directPostResponseRedirectUri && {
316
+ responseRedirectURI: directPostResponseRedirectUri
231
317
  }
232
318
  });
233
319
  let qrCodeDataUri;
@@ -240,140 +326,138 @@ function createAuthRequestWebappEndpoint(router, context, opts) {
240
326
  qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw()).toString("base64")}`;
241
327
  }
242
328
  const authRequestBody = {
243
- correlationId,
244
- state,
245
- definitionId,
246
- authRequestURI,
247
- authStatusURI: `${(0, import_ssi_sdk.uriWithBase)(opts?.webappAuthStatusPath ?? "/webapp/auth-status", {
329
+ query_id: queryId,
330
+ correlation_id: correlationId,
331
+ request_uri: authRequestURI,
332
+ status_uri: `${(0, import_ssi_sdk2.uriWithBase)(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, {
248
333
  baseURI: opts?.webappBaseURI
249
334
  })}`,
250
335
  ...qrCodeDataUri && {
251
- qrCodeDataUri
336
+ qr_uri: qrCodeDataUri
252
337
  }
253
338
  };
254
339
  console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`);
255
- return response.json(authRequestBody);
340
+ return response.status(201).json(authRequestBody);
256
341
  } catch (error) {
257
- return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, "Could not create an authorization request URI", error);
342
+ return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
343
+ status: 500,
344
+ message: "Could not create an authorization request URI"
345
+ }, error);
258
346
  }
259
347
  });
260
348
  }
261
- __name(createAuthRequestWebappEndpoint, "createAuthRequestWebappEndpoint");
262
- function authStatusWebappEndpoint(router, context, opts) {
349
+ __name(createAuthRequestUniversalOID4VPEndpoint, "createAuthRequestUniversalOID4VPEndpoint");
350
+ function removeAuthRequestStateUniversalOID4VPEndpoint(router, context, opts) {
263
351
  if (opts?.enabled === false) {
264
- console.log(`authStatus Webapp endpoint is disabled`);
352
+ console.log(`removeAuthStatus universal OID4VP endpoint is disabled`);
265
353
  return;
266
354
  }
267
- const path = opts?.path ?? "/webapp/auth-status";
268
- router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
355
+ const path = opts?.path ?? "/backend/auth/requests/:correlationId";
356
+ router.delete(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
269
357
  try {
270
- console.log("Received auth-status request...");
271
- const correlationId = request.body.correlationId;
272
- const definitionId = request.body.definitionId;
273
- const requestState = correlationId && definitionId ? await context.agent.siopGetAuthRequestState({
358
+ const correlationId = request.params.correlationId;
359
+ const authRequestState = await context.agent.siopGetAuthRequestState({
274
360
  correlationId,
275
- definitionId,
276
361
  errorOnNotFound: false
277
- }) : void 0;
278
- if (!requestState || !definitionId || !correlationId) {
279
- console.log(`No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`);
280
- response.statusCode = 404;
281
- const statusBody2 = {
282
- status: requestState ? requestState.status : "error",
283
- error: "No authentication request mapping could be found for the given URL.",
284
- correlationId,
285
- definitionId,
286
- lastUpdated: requestState ? requestState.lastUpdated : Date.now()
287
- };
288
- return response.json(statusBody2);
362
+ });
363
+ if (!authRequestState) {
364
+ console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
365
+ return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
366
+ status: 404,
367
+ message: "No authorization request could be found"
368
+ });
289
369
  }
290
- let includeVerifiedData = import_ssi_sdk2.VerifiedDataMode.NONE;
291
- if ("includeVerifiedData" in request.body) {
292
- includeVerifiedData = request.body.includeVerifiedData;
370
+ await context.agent.siopDeleteAuthState({
371
+ correlationId
372
+ });
373
+ return response.status(204).json();
374
+ } catch (error) {
375
+ return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
376
+ status: 500,
377
+ message: error.message
378
+ }, error);
379
+ }
380
+ });
381
+ }
382
+ __name(removeAuthRequestStateUniversalOID4VPEndpoint, "removeAuthRequestStateUniversalOID4VPEndpoint");
383
+ function authStatusUniversalOID4VPEndpoint(router, context, opts) {
384
+ if (opts?.enabled === false) {
385
+ console.log(`authStatus universal OID4VP endpoint is disabled`);
386
+ return;
387
+ }
388
+ const path = opts?.path ?? "/backend/auth/status/:correlationId";
389
+ router.get(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
390
+ try {
391
+ console.log("Received auth-status request...");
392
+ const correlationId = request.params.correlationId;
393
+ const requestState = await context.agent.siopGetAuthRequestState({
394
+ correlationId,
395
+ errorOnNotFound: false
396
+ });
397
+ if (!requestState) {
398
+ console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
399
+ return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
400
+ status: 404,
401
+ message: "No authorization request could be found"
402
+ });
293
403
  }
294
404
  let responseState;
295
- if (requestState.status === "sent") {
405
+ if (requestState.status === "authorization_request_created") {
296
406
  responseState = await context.agent.siopGetAuthResponseState({
297
407
  correlationId,
298
- definitionId,
299
- includeVerifiedData,
300
408
  errorOnNotFound: false
301
409
  });
302
410
  }
303
411
  const overallState = responseState ?? requestState;
304
412
  const statusBody = {
305
413
  status: overallState.status,
306
- ...overallState.error ? {
307
- error: overallState.error?.message
308
- } : {},
309
- correlationId,
310
- definitionId,
311
- lastUpdated: overallState.lastUpdated,
312
- ...responseState && responseState.status === import_did_auth_siop.AuthorizationResponseStateStatus.VERIFIED ? {
313
- payload: await responseState.response.mergedPayloads({
314
- hasher: import_ssi_sdk3.shaHasher
315
- }),
316
- verifiedData: responseState.verifiedData
317
- } : {}
414
+ correlation_id: overallState.correlationId,
415
+ query_id: overallState.queryId,
416
+ last_updated: overallState.lastUpdated,
417
+ ...responseState?.status === import_did_auth_siop2.AuthorizationResponseStateStatus.VERIFIED && responseState.verifiedData !== void 0 && {
418
+ verified_data: responseState.verifiedData
419
+ },
420
+ ...overallState.error && {
421
+ message: overallState.error.message
422
+ }
318
423
  };
319
424
  console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`);
320
425
  if (overallState.status === "error") {
321
- response.statusCode = 500;
322
- return response.json(statusBody);
426
+ return response.status(500).json(statusBody);
323
427
  }
324
- response.statusCode = 200;
325
- return response.json(statusBody);
428
+ return response.status(200).json(statusBody);
326
429
  } catch (error) {
327
- return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
430
+ return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
431
+ status: 500,
432
+ message: error.message
433
+ }, error);
328
434
  }
329
435
  });
330
436
  }
331
- __name(authStatusWebappEndpoint, "authStatusWebappEndpoint");
332
- function removeAuthRequestStateWebappEndpoint(router, context, opts) {
333
- if (opts?.enabled === false) {
334
- console.log(`removeAuthStatus Webapp endpoint is disabled`);
335
- return;
336
- }
337
- const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests/:correlationId";
338
- router.delete(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
339
- try {
340
- const correlationId = request.params.correlationId;
341
- const definitionId = request.params.definitionId;
342
- if (!correlationId || !definitionId) {
343
- console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
344
- return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, "No authorization request could be found");
345
- }
346
- response.statusCode = 200;
347
- return response.json(await context.agent.siopDeleteAuthState({
348
- definitionId,
349
- correlationId
350
- }));
351
- } catch (error) {
352
- return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
353
- }
354
- });
355
- }
356
- __name(removeAuthRequestStateWebappEndpoint, "removeAuthRequestStateWebappEndpoint");
437
+ __name(authStatusUniversalOID4VPEndpoint, "authStatusUniversalOID4VPEndpoint");
357
438
  function getDefinitionsEndpoint(router, context, opts) {
358
439
  if (opts?.enabled === false) {
359
- console.log(`getDefinitions Webapp endpoint is disabled`);
440
+ console.log(`getDefinitions universal OID4VP endpoint is disabled`);
360
441
  return;
361
442
  }
362
- const path = opts?.path ?? "/webapp/definitions";
443
+ const path = opts?.path ?? "/backend/definitions";
363
444
  router.get(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
364
445
  try {
365
446
  const definitions = await context.agent.pdmGetDefinitions();
366
447
  response.statusCode = 200;
367
448
  return response.json(definitions);
368
449
  } catch (error) {
369
- return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
450
+ return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
451
+ status: 500,
452
+ message: error.message
453
+ }, error);
370
454
  }
371
455
  });
372
456
  }
373
457
  __name(getDefinitionsEndpoint, "getDefinitionsEndpoint");
374
458
 
375
459
  // src/siopv2-rp-api-server.ts
376
- var import_ssi_sdk4 = require("@sphereon/ssi-sdk.core");
460
+ var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
377
461
  var import_ssi_express_support3 = require("@sphereon/ssi-express-support");
378
462
  var import_express = __toESM(require("express"), 1);
379
463
  var import_swagger_ui_express = __toESM(require("swagger-ui-express"), 1);
@@ -410,16 +494,16 @@ var SIOPv2RPApiServer = class {
410
494
  this._opts = opts;
411
495
  this._express = args.expressSupport.express;
412
496
  this._router = import_express.default.Router();
413
- const context = (0, import_ssi_sdk4.agentContext)(agent);
497
+ const context = (0, import_ssi_sdk3.agentContext)(agent);
414
498
  const features = opts?.enableFeatures ?? [
415
499
  "rp-status",
416
500
  "siop"
417
501
  ];
418
502
  console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`);
419
503
  if (features.includes("rp-status")) {
420
- createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
421
- authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
422
- removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
504
+ createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
505
+ authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
506
+ removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
423
507
  getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions);
424
508
  }
425
509
  if (features.includes("siop")) {
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/siop-api-functions.ts","../src/webapp-api-functions.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["/**\n * @public\n */\nexport * from './siop-api-functions'\nexport * from './webapp-api-functions'\nexport * from './types'\nexport * from './siopv2-rp-api-server'\n","import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, definitionId, tenantId, version } = request.params\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.log('Authorization Response (siop-sessions')\n console.log(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })\n if (definitionItems.length === 0) {\n console.log(`Could not get definition ${definitionId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${definitionId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n definitionId,\n dcqlQueryPayload: definitionItem.dcqlPayload,\n })\n\n // FIXME SSISDK-55 add proper support for checking for DCQL presentations\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && Object.keys(presentation).length > 0) {\n console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const definitionId = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n definitionId,\n state: 'sent',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n // if (!request.agent) throw Error('No agent configured')\n const definitionId = request.params.definitionId\n if (!definitionId) {\n return sendErrorResponse(response, 400, 'No definitionId query parameter provided')\n }\n const state: string = request.body.state ?? uuid.uuid()\n const correlationId = request.body.correlationId ?? state\n const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts\n\n const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {\n baseURI: opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })\n // first version is for backwards compat\n const responseRedirectURI =\n ('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??\n ('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n definitionId,\n correlationId,\n state,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(responseRedirectURI && { responseRedirectURI }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n }\n const authRequestBody: GenerateAuthRequestURIResponse = {\n correlationId,\n state,\n definitionId,\n authRequestURI,\n authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qrCodeDataUri }),\n }\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n return response.json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not create an authorization request URI', error)\n }\n })\n}\n\nexport function authStatusWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/auth-status'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.body.correlationId as string\n const definitionId: string = request.body.definitionId as string\n\n const requestState =\n correlationId && definitionId\n ? await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n : undefined\n if (!requestState || !definitionId || !correlationId) {\n console.log(\n `No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,\n )\n response.statusCode = 404\n const statusBody: AuthStatusResponse = {\n status: requestState ? requestState.status : 'error',\n error: 'No authentication request mapping could be found for the given URL.',\n correlationId,\n definitionId,\n lastUpdated: requestState ? requestState.lastUpdated : Date.now(),\n }\n return response.json(statusBody)\n }\n\n let includeVerifiedData: VerifiedDataMode = VerifiedDataMode.NONE\n if ('includeVerifiedData' in request.body) {\n includeVerifiedData = request.body.includeVerifiedData as VerifiedDataMode\n }\n\n let responseState\n if (requestState.status === 'sent') {\n responseState = (await context.agent.siopGetAuthResponseState({\n correlationId,\n definitionId,\n includeVerifiedData: includeVerifiedData,\n errorOnNotFound: false,\n })) as AuthorizationResponseStateWithVerifiedData\n }\n const overallState: AuthorizationRequestState | AuthorizationResponseStateWithVerifiedData = responseState ?? requestState\n\n const statusBody: AuthStatusResponse = {\n status: overallState.status,\n ...(overallState.error ? { error: overallState.error?.message } : {}),\n correlationId,\n definitionId,\n lastUpdated: overallState.lastUpdated,\n ...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED\n ? {\n payload: await responseState.response.mergedPayloads({ hasher: defaultHasher }),\n verifiedData: responseState.verifiedData,\n }\n : {}),\n }\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n if (overallState.status === 'error') {\n response.statusCode = 500\n return response.json(statusBody)\n }\n response.statusCode = 200\n return response.json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function removeAuthRequestStateWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n const definitionId: string = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n response.statusCode = 200\n return response.json(await context.agent.siopDeleteAuthState({ definitionId, correlationId }))\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusWebappEndpoint,\n createAuthRequestWebappEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateWebappEndpoint,\n} from './webapp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<IPresentationExchange & ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<IPresentationExchange & ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;ACCA,iCAAkE;AAElE,uBAAiC;AAIjC,IAAMA,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,kCAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,cAAcC,UAAUC,QAAO,IAAK7B,QAAQ8B;AACnE,UAAI,CAACJ,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAET;YAAcC;YAAUC;UAAQ;;MAAG,CAAA;AAC9G,UAAII,gBAAgBI,WAAW,GAAG;AAChC7B,gBAAQC,IAAI,4BAA4BkB,YAAAA,8BAA0C;AAClFF,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB,iBAAiBZ,YAAAA;AAC1C,eAAOF,SAASe,KAAI;MACtB;AAEA,YAAMC,wBAAwB1C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAMzB,QAAQgB,MAAMU,uBAAuB;QAClEH;QACAf;QACAC;QACAkB,kBAAkBH,eAAeI;MACnC,CAAA;AAGA,YAAMC,eAAeJ,kBAAkBK,kBAAkBD;AACzD,UAAIA,gBAAgBE,OAAOC,KAAKH,YAAAA,EAAcV,SAAS,GAAG;AACxD7B,gBAAQC,IAAI,mBAAmBJ,KAAK2B,UAAUW,kBAAkBK,kBAAkBD,cAAc,MAAM,CAAA,CAAA;AACtGtB,iBAASa,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBjB;QACzD;AACA,YAAIe,sBAAsBY,gBAAgB;AACxC5B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAUmB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMrC,QAAQgB,MAAMsB,mBAAmB;UAAE9B;UAAeC;UAAc8B,OAAOd,iBAAiBc;QAAM,CAAA;AAChI,YAAIF,qBAAqB;AACvB9B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAU;YAAE0B,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACL/C,gBAAQC,IAAI,+CAAA;AACZgB,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB;MAC3B;AACA,aAAOd,SAASe,KAAI;IACtB,SAASmB,OAAO;AACdnD,cAAQmD,MAAMA,KAAAA;AACd,iBAAO5B,8CAAkBN,UAAU,KAAK,gCAAgCkC,KAAAA;IAC1E;EACF,CAAA;AACF;AAjEgB3C;AAmET,SAAS4C,6BAA6B3C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO4C,IAAIxC,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,eAAe3B,QAAQ8B,OAAOH;AACpC,UAAI,CAACD,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMqC,eAAe,MAAM5C,QAAQgB,MAAM6B,wBAAwB;QAC/DrC;QACAC;QACAqC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBtD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,YAAAA,EAAc;AAElJ,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAMwC,gBAAgB,MAAMH,aAAa9D,SAASiE,eAAeC,MAAAA;AACjE1D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAIwD,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFlC,iBAASa,aAAa;AACtBb,iBAAS6B,UAAU,gBAAgB,iBAAA;AACnC,eAAO7B,SAASe,KAAKyB,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAapD,QAAQoD,EAAEC,UAAUC;AACrE,mBAAOtC,8CAAkBN,UAAU,KAAK,uCAAuC0C,CAAAA;MACjF,UAAA;AACE,cAAMjD,QAAQgB,MAAMoC,2BAA2B;UAC7C5C;UACAC;UACA8B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,iBAAO5B,8CAAkBN,UAAU,KAAK,uCAAuCkC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;AC9GhB,2BAA4E;AAC5E,IAAAW,8BAAkE;AAClE,qBAAgF;AAChF,IAAAC,kBAA6E;AAE7E,wBAAiB;AAEjB,IAAAA,kBAA2C;AAEpC,SAASC,gCAAgCC,QAAgBC,SAA2BC,MAA2C;AACpI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,+CAA+C;AAC3D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AAEF,YAAMC,eAAeF,QAAQG,OAAOD;AACpC,UAAI,CAACA,cAAc;AACjB,mBAAOE,+CAAkBH,UAAU,KAAK,0CAAA;MAC1C;AACA,YAAMI,QAAgBL,QAAQM,KAAKD,SAASE,kBAAAA,QAAKA,KAAI;AACrD,YAAMC,gBAAgBR,QAAQM,KAAKE,iBAAiBH;AACpD,YAAMI,aAAaT,QAAQM,KAAKG,cAAcjB,MAAMiB;AAEpD,YAAMC,4BAAwBC,4BAAY,qBAAqBT,YAAAA,kBAA8BG,KAAAA,IAAS;QACpGO,SAASpB,MAAMqB;MACjB,CAAA;AACA,YAAMC,kBAAcH,4BAAY,qBAAqBT,YAAAA,mBAA+BG,KAAAA,IAAS;QAAEO,SAASpB,MAAMqB;MAAY,CAAA;AAE1H,YAAME,uBACH,2BAA2Bf,QAAQM,QAASN,QAAQM,KAAKU,2BACzD,yBAAyBhB,QAAQM,QAASN,QAAQM,KAAKS;AAE1D,YAAME,iBAAiB,MAAM1B,QAAQ2B,MAAMC,yBAAyB;QAClEjB;QACAM;QACAH;QACAe,OAAOb,kBAAAA,QAAKA,KAAI;QAChBG;QACAW,iBAAiB;QACjBP;QACA,GAAIC,uBAAuB;UAAEA;QAAoB;MACnD,CAAA;AAEA,UAAIO;AACJ,UAAIb,YAAY;AACd,cAAM,EAAEc,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAGd;UAAYgB,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AACA,YAAMC,kBAAkD;QACtDpB;QACAH;QACAH;QACAe;QACAY,eAAe,OAAGlB,4BAAYnB,MAAMsC,wBAAwB,uBAAuB;UAAElB,SAASpB,MAAMuC;QAAc,CAAA,CAAA;QAClH,GAAIT,iBAAiB;UAAEA;QAAc;MACvC;AACA5B,cAAQC,IAAI,uCAAuCqC,KAAKC,UAAUL,eAAAA,CAAAA,EAAkB;AACpF,aAAO3B,SAASiC,KAAKN,eAAAA;IACvB,SAASO,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAK,iDAAiDkC,KAAAA;IAC3F;EACF,CAAA;AACF;AAzDgB9C;AA2DT,SAAS+C,yBAAyB9C,QAAgBC,SAA2BC,MAA0B;AAC5G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wCAAwC;AACpD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AACFP,cAAQC,IAAI,iCAAA;AACZ,YAAMa,gBAAwBR,QAAQM,KAAKE;AAC3C,YAAMN,eAAuBF,QAAQM,KAAKJ;AAE1C,YAAMmC,eACJ7B,iBAAiBN,eACb,MAAMX,QAAQ2B,MAAMoB,wBAAwB;QAC1C9B;QACAN;QACAqC,iBAAiB;MACnB,CAAA,IACAC;AACN,UAAI,CAACH,gBAAgB,CAACnC,gBAAgB,CAACM,eAAe;AACpDd,gBAAQC,IACN,oFAAoFa,aAAAA,mBAAgCN,YAAAA,EAAc;AAEpID,iBAASwC,aAAa;AACtB,cAAMC,cAAiC;UACrCC,QAAQN,eAAeA,aAAaM,SAAS;UAC7CR,OAAO;UACP3B;UACAN;UACA0C,aAAaP,eAAeA,aAAaO,cAAcC,KAAKC,IAAG;QACjE;AACA,eAAO7C,SAASiC,KAAKQ,WAAAA;MACvB;AAEA,UAAIK,sBAAwCC,iCAAiBC;AAC7D,UAAI,yBAAyBjD,QAAQM,MAAM;AACzCyC,8BAAsB/C,QAAQM,KAAKyC;MACrC;AAEA,UAAIG;AACJ,UAAIb,aAAaM,WAAW,QAAQ;AAClCO,wBAAiB,MAAM3D,QAAQ2B,MAAMiC,yBAAyB;UAC5D3C;UACAN;UACA6C;UACAR,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMa,eAAuFF,iBAAiBb;AAE9G,YAAMK,aAAiC;QACrCC,QAAQS,aAAaT;QACrB,GAAIS,aAAajB,QAAQ;UAAEA,OAAOiB,aAAajB,OAAOkB;QAAQ,IAAI,CAAC;QACnE7C;QACAN;QACA0C,aAAaQ,aAAaR;QAC1B,GAAIM,iBAAiBA,cAAcP,WAAWW,sDAAiCC,WAC3E;UACEC,SAAS,MAAMN,cAAcjD,SAASwD,eAAe;YAAEC,QAAQC,gBAAAA;UAAc,CAAA;UAC7EC,cAAcV,cAAcU;QAC9B,IACA,CAAC;MACP;AACAlE,cAAQmE,MAAM,0BAA0B7B,KAAKC,UAAUS,UAAAA,CAAAA,EAAa;AACpE,UAAIU,aAAaT,WAAW,SAAS;AACnC1C,iBAASwC,aAAa;AACtB,eAAOxC,SAASiC,KAAKQ,UAAAA;MACvB;AACAzC,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKQ,UAAAA;IACvB,SAASP,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AA3EgBC;AA6ET,SAAS0B,qCAAqCxE,QAAgBC,SAA2BC,MAA0B;AACxH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOyE,OAAOnE,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACtE,QAAI;AACF,YAAMO,gBAAwBR,QAAQG,OAAOK;AAC7C,YAAMN,eAAuBF,QAAQG,OAAOD;AAC5C,UAAI,CAACM,iBAAiB,CAACN,cAAc;AACnCR,gBAAQC,IAAI,6EAA6Ea,aAAAA,mBAAgCN,YAAAA,EAAc;AACvI,mBAAOE,+CAAkBH,UAAU,KAAK,yCAAA;MAC1C;AACAA,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAK,MAAM3C,QAAQ2B,MAAM8C,oBAAoB;QAAE9D;QAAcM;MAAc,CAAA,CAAA;IAC7F,SAAS2B,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AApBgB2B;AAsBT,SAASG,uBAAuB3E,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,4CAA4C;AACxD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO4E,IAAItE,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMkE,cAAc,MAAM5E,QAAQ2B,MAAMkD,kBAAiB;AACzDnE,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKiC,WAAAA;IACvB,SAAShC,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AAfgB8B;;;ACvKhB,IAAAI,kBAA6B;AAC7B,IAAAC,8BAA0D;AAI1D,qBAA4D;AAS5D,gCAAsB;AAEf,IAAMC,oBAAN,MAAMA;EAhBb,OAgBaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,+DAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,iEAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,eAAAA,QAAQC,OAAM;AAC7B,UAAMC,cAAUC,8BAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,sCAAgC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AAC3EC,+BAAyB,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AACpEC,2CAAqC,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AAChFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,0BAAAA,QAAUC,WAAWb,SAASc,OAAAA,GAC9BF,0BAAAA,QAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAAmD;AACrD,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","definitionId","tenantId","version","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQueryPayload","dcqlPayload","presentation","oid4vpSubmission","Object","keys","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","import_ssi_express_support","import_ssi_sdk","createAuthRequestWebappEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","request","response","definitionId","params","sendErrorResponse","state","body","uuid","correlationId","qrCodeOpts","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","responseRedirectURI","response_redirect_uri","authRequestURI","agent","siopCreateAuthRequestURI","nonce","responseURIType","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","authStatusURI","webappAuthStatusPath","webappBaseURI","JSON","stringify","json","error","authStatusWebappEndpoint","requestState","siopGetAuthRequestState","errorOnNotFound","undefined","statusCode","statusBody","status","lastUpdated","Date","now","includeVerifiedData","VerifiedDataMode","NONE","responseState","siopGetAuthResponseState","overallState","message","AuthorizationResponseStateStatus","VERIFIED","payload","mergedPayloads","hasher","defaultHasher","verifiedData","debug","removeAuthRequestStateWebappEndpoint","delete","siopDeleteAuthState","getDefinitionsEndpoint","get","definitions","pdmGetDefinitions","import_ssi_sdk","import_ssi_express_support","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestWebappEndpoint","webappCreateAuthRequest","authStatusWebappEndpoint","webappAuthStatus","removeAuthRequestStateWebappEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/schemas/index.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["/**\n * @public\n */\nexport * from './siop-api-functions'\nexport * from './universal-oid4vp-api-functions'\nexport * from './types'\nexport * from './siopv2-rp-api-server'\n","import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, definitionId, tenantId, version } = request.params\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.log('Authorization Response (siop-sessions')\n console.log(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })\n if (definitionItems.length === 0) {\n console.log(`Could not get definition ${definitionId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${definitionId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n dcqlQueryPayload: definitionItem.dcqlPayload,\n })\n\n // FIXME SSISDK-55 add proper support for checking for DCQL presentations\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && Object.keys(presentation).length > 0) {\n console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, queryId: definitionId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const definitionId = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n queryId: definitionId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n queryId: definitionId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport { CreateAuthorizationRequestBodySchema } from './schemas'\nimport {\n CreateAuthorizationRequest,\n CreateAuthorizationRequestResponse,\n CreateAuthorizationResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n GetAuthStatusResponse,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext\n} from './types'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(path, checkAuth(opts?.endpoint), validateData(CreateAuthorizationRequestBodySchema), async (request: CreateAuthorizationRequest, response: CreateAuthorizationResponse) => {\n try {\n const correlationId = request.body.correlation_id ?? uuid.uuid()\n const qrCodeOpts = request.body.qr_code ?? opts?.qrCodeOpts\n const queryId = request.body.query_id\n const directPostResponseRedirectUri = request.body.direct_post_response_redirect_uri // TODO Uri not URI\n const requestUriBase = request.body.request_uri_base\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId: queryId }] })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/definitions/${queryId}/auth-requests/${correlationId}`, {\n baseURI: requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/definitions/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(directPostResponseRedirectUri && { responseRedirectURI: directPostResponseRedirectUri }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationRequestResponse\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n })\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === 'authorization_request_created') {\n responseState = (await context.agent.siopGetAuthResponseState({ correlationId, errorOnNotFound: false }))\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...((responseState?.status === AuthorizationResponseStateStatus.VERIFIED && responseState.verifiedData !== undefined) && { verified_data: responseState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message })\n } satisfies GetAuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import { z } from 'zod';\nimport {\n authorizationRequestStatuses,\n authorizationResponseStatuses\n} from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { ResponseMode, ResponseType, RequestUriMethod } from '@sphereon/did-auth-siop'\n\nexport const ResponseTypeSchema = z.enum([ResponseType.VP_TOKEN]);\n\nexport const ResponseModeSchema = z.enum([ResponseMode.DIRECT_POST, ResponseMode.DIRECT_POST_JWT]);\n\nconst requestUriMethods = [\"get\", \"post\"] as const satisfies Array<RequestUriMethod>;\nexport const RequestUriMethodSchema = z.enum(requestUriMethods);\n\nexport const AuthorizationStatusSchema = z.enum([\n ...authorizationRequestStatuses,\n ...authorizationResponseStatuses\n]);\n\nexport const CallbackOptsSchema = z.object({\n url: z.string(),\n status: z.array(AuthorizationStatusSchema).optional(),\n});\n\nexport const QRCodeOptsSchema = z.object({\n size: z.number().optional(),\n color_dark: z.string().optional(),\n color_light: z.string().optional(),\n});\n\nexport const CreateAuthorizationRequestBodySchema = z.object({\n query_id: z.string(),\n client_id: z.string().optional(),\n request_uri_base: z.string().optional(),\n correlation_id: z.string().optional(),\n request_uri_method: RequestUriMethodSchema.optional(),\n response_type: ResponseTypeSchema.optional(),\n response_mode: ResponseModeSchema.optional(),\n transaction_data: z.array(z.string()).optional(),\n qr_code: QRCodeOptsSchema.optional(),\n direct_post_response_redirect_uri: z.string().optional(),\n callback: CallbackOptsSchema.optional(),\n});\n\nexport const CreateAuthorizationResponseSchema = z.object({\n correlation_id: z.string(),\n query_id: z.string(),\n request_uri: z.string(),\n status_uri: z.string(),\n qr_uri: z.string().optional(),\n});\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<IPresentationExchange & ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<IPresentationExchange & ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;ACCA,iCAAkE;AAElE,uBAAiC;AAIjC,IAAMA,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,kCAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,cAAcC,UAAUC,QAAO,IAAK7B,QAAQ8B;AACnE,UAAI,CAACJ,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAET;YAAcC;YAAUC;UAAQ;;MAAG,CAAA;AAC9G,UAAII,gBAAgBI,WAAW,GAAG;AAChC7B,gBAAQC,IAAI,4BAA4BkB,YAAAA,8BAA0C;AAClFF,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB,iBAAiBZ,YAAAA;AAC1C,eAAOF,SAASe,KAAI;MACtB;AAEA,YAAMC,wBAAwB1C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAMzB,QAAQgB,MAAMU,uBAAuB;QAClEH;QACAf;QACAmB,kBAAkBH,eAAeI;MACnC,CAAA;AAGA,YAAMC,eAAeJ,kBAAkBK,kBAAkBD;AACzD,UAAIA,gBAAgBE,OAAOC,KAAKH,YAAAA,EAAcV,SAAS,GAAG;AACxD7B,gBAAQC,IAAI,mBAAmBJ,KAAK2B,UAAUW,kBAAkBK,kBAAkBD,cAAc,MAAM,CAAA,CAAA;AACtGtB,iBAASa,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBjB;QACzD;AACA,YAAIe,sBAAsBY,gBAAgB;AACxC5B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAUmB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMrC,QAAQgB,MAAMsB,mBAAmB;UAAE9B;UAAe+B,SAAS9B;UAAc+B,OAAOf,iBAAiBe;QAAM,CAAA;AACzI,YAAIH,qBAAqB;AACvB9B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAU;YAAE2B,cAAcJ;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACL/C,gBAAQC,IAAI,+CAAA;AACZgB,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB;MAC3B;AACA,aAAOd,SAASe,KAAI;IACtB,SAASoB,OAAO;AACdpD,cAAQoD,MAAMA,KAAAA;AACd,iBAAO7B,8CAAkBN,UAAU,KAAK,gCAAgCmC,KAAAA;IAC1E;EACF,CAAA;AACF;AAhEgB5C;AAkET,SAAS6C,6BAA6B5C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO6C,IAAIzC,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,eAAe3B,QAAQ8B,OAAOH;AACpC,UAAI,CAACD,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMsC,eAAe,MAAM7C,QAAQgB,MAAM8B,wBAAwB;QAC/DtC;QACA+B,SAAS9B;QACTsC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBvD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,YAAAA,EAAc;AAElJ,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAMyC,gBAAgB,MAAMH,aAAa/D,SAASkE,eAAeC,MAAAA;AACjE3D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAIyD,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFnC,iBAASa,aAAa;AACtBb,iBAAS6B,UAAU,gBAAgB,iBAAA;AACnC,eAAO7B,SAASe,KAAK0B,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAarD,QAAQqD,EAAEC,UAAUC;AACrE,mBAAOvC,8CAAkBN,UAAU,KAAK,uCAAuC2C,CAAAA;MACjF,UAAA;AACE,cAAMlD,QAAQgB,MAAMqC,2BAA2B;UAC7C7C;UACA+B,SAAS9B;UACT+B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,iBAAO7B,8CAAkBN,UAAU,KAAK,uCAAuCmC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;AC7GhB,IAAAW,wBAAiD;AACjD,IAAAC,8BAAkE;AAClE,IAAAC,kBAA4B;AAE5B,wBAAiB;;;ACHjB,iBAA4B;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,qBAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ACH5B,IAAAM,cAAkB;AAClB,qBAGO;AACP,2BAA6D;AAEtD,IAAMC,qBAAqBC,cAAEC,KAAK;EAACC,kCAAaC;CAAS;AAEzD,IAAMC,qBAAqBJ,cAAEC,KAAK;EAACI,kCAAaC;EAAaD,kCAAaE;CAAgB;AAEjG,IAAMC,oBAAoB;EAAC;EAAO;;AAC3B,IAAMC,yBAAyBT,cAAEC,KAAKO,iBAAAA;AAEtC,IAAME,4BAA4BV,cAAEC,KAAK;KAC3CU;KACAC;CACJ;AAEM,IAAMC,qBAAqBb,cAAEc,OAAO;EACzCC,KAAKf,cAAEgB,OAAM;EACbC,QAAQjB,cAAEkB,MAAMR,yBAAAA,EAA2BS,SAAQ;AACrD,CAAA;AAEO,IAAMC,mBAAmBpB,cAAEc,OAAO;EACvCO,MAAMrB,cAAEsB,OAAM,EAAGH,SAAQ;EACzBI,YAAYvB,cAAEgB,OAAM,EAAGG,SAAQ;EAC/BK,aAAaxB,cAAEgB,OAAM,EAAGG,SAAQ;AAClC,CAAA;AAEO,IAAMM,uCAAuCzB,cAAEc,OAAO;EAC3DY,UAAU1B,cAAEgB,OAAM;EAClBW,WAAW3B,cAAEgB,OAAM,EAAGG,SAAQ;EAC9BS,kBAAkB5B,cAAEgB,OAAM,EAAGG,SAAQ;EACrCU,gBAAgB7B,cAAEgB,OAAM,EAAGG,SAAQ;EACnCW,oBAAoBrB,uBAAuBU,SAAQ;EACnDY,eAAehC,mBAAmBoB,SAAQ;EAC1Ca,eAAe5B,mBAAmBe,SAAQ;EAC1Cc,kBAAkBjC,cAAEkB,MAAMlB,cAAEgB,OAAM,CAAA,EAAIG,SAAQ;EAC9Ce,SAASd,iBAAiBD,SAAQ;EAClCgB,mCAAmCnC,cAAEgB,OAAM,EAAGG,SAAQ;EACtDiB,UAAUvB,mBAAmBM,SAAQ;AACvC,CAAA;AAEO,IAAMkB,oCAAoCrC,cAAEc,OAAO;EACxDe,gBAAgB7B,cAAEgB,OAAM;EACxBU,UAAU1B,cAAEgB,OAAM;EAClBsB,aAAatC,cAAEgB,OAAM;EACrBuB,YAAYvC,cAAEgB,OAAM;EACpBwB,QAAQxC,cAAEgB,OAAM,EAAGG,SAAQ;AAC7B,CAAA;;;AFhCO,SAASsB,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,UAAME,uCAAUN,MAAMO,QAAAA,GAAWC,aAAaC,oCAAAA,GAAuC,OAAOC,SAAqCC,aAAAA;AAC3I,QAAI;AACF,YAAMC,gBAAgBF,QAAQG,KAAKC,kBAAkBC,kBAAAA,QAAKA,KAAI;AAC9D,YAAMC,aAAaN,QAAQG,KAAKI,WAAWjB,MAAMgB;AACjD,YAAME,UAAUR,QAAQG,KAAKM;AAC7B,YAAMC,gCAAgCV,QAAQG,KAAKQ;AACnD,YAAMC,iBAAiBZ,QAAQG,KAAKU;AAEpC,YAAMC,kBAAkB,MAAMzB,QAAQ0B,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAEC,cAAcV;UAAQ;;MAAG,CAAA;AACpG,UAAIM,gBAAgBK,WAAW,GAAG;AAC9B3B,gBAAQC,IAAI,uDAAuDe,OAAAA,EAAS;AAC5E,mBAAOY,+CAAkBnB,UAAU,KAAK;UAAEoB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC9F;AAEA,YAAMC,4BAAwBC,6BAAY,qBAAqBhB,OAAAA,kBAAyBN,aAAAA,IAAiB;QACvGuB,SAASb,kBAAkBtB,MAAMoC;MACnC,CAAA;AACA,YAAMC,kBAAcH,6BAAY,qBAAqBhB,OAAAA,mBAA0BN,aAAAA,IAAiB;QAAEuB,SAASnC,MAAMoC;MAAY,CAAA;AAE7H,YAAME,iBAAiB,MAAMvC,QAAQ0B,MAAMc,yBAAyB;QAClErB;QACAN;QACA4B,OAAOzB,kBAAAA,QAAKA,KAAI;QAChBkB;QACAQ,iBAAiB;QACjBJ;QACA,GAAIjB,iCAAiC;UAAEsB,qBAAqBtB;QAA8B;MAC5F,CAAA;AAEA,UAAIuB;AACJ,UAAI3B,YAAY;AACd,cAAM,EAAE4B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAG5B;UAAY8B,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AAEA,YAAMC,kBAAkB;QACtB9B,UAAUD;QACVJ,gBAAgBF;QAChBsC,aAAaZ;QACba,YAAY,OAAGjB,6BAAYlC,MAAMoD,wBAAwB,wBAAwBxC,aAAAA,IAAiB;UAAEuB,SAASnC,MAAMqD;QAAc,CAAA,CAAA;QACjI,GAAIV,iBAAiB;UAAEW,QAAQX;QAAc;MAC/C;AACAzC,cAAQC,IAAI,uCAAuCoD,KAAKC,UAAUP,eAAAA,CAAAA,EAAkB;AAEpF,aAAOtC,SAASoB,OAAO,GAAA,EAAK0B,KAAKR,eAAAA;IACnC,SAASS,OAAO;AACd,iBAAO5B,+CAAkBnB,UAAU,KAAK;QAAEoB,QAAQ;QAAKC,SAAS;MAAgD,GAAG0B,KAAAA;IACrH;EACF,CAAA;AACF;AAzDgB7D;AA2DT,SAAS8D,8CAA8C7D,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO8D,OAAOxD,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMC,gBAAwBF,QAAQmD,OAAOjD;AAE7C,YAAMkD,mBAAmB,MAAM/D,QAAQ0B,MAAMsC,wBAAwB;QACnEnD;QACAoD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB5D,gBAAQC,IAAI,uFAAuFS,aAAAA,EAAe;AAClH,mBAAOkB,+CAAkBnB,UAAU,KAAK;UAAEoB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAMjC,QAAQ0B,MAAMwC,oBAAoB;QAAErD;MAAc,CAAA;AAExD,aAAOD,SAASoB,OAAO,GAAA,EAAK0B,KAAI;IAClC,SAASC,OAAO;AACd,iBAAO5B,+CAAkBnB,UAAU,KAAK;QAAEoB,QAAQ;QAAKC,SAAS0B,MAAM1B;MAAQ,GAAG0B,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCpE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMS,gBAAwBF,QAAQmD,OAAOjD;AAE7C,YAAMwD,eAAe,MAAMrE,QAAQ0B,MAAMsC,wBAAwB;QAC/DnD;QACAoD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBlE,gBAAQC,IAAI,uFAAuFS,aAAAA,EAAe;AAClH,mBAAOkB,+CAAkBnB,UAAU,KAAK;UAAEoB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAIqC;AACJ,UAAID,aAAarC,WAAW,iCAAiC;AAC3DsC,wBAAiB,MAAMtE,QAAQ0B,MAAM6C,yBAAyB;UAAE1D;UAAeoD,iBAAiB;QAAM,CAAA;MACxG;AACA,YAAMO,eAAeF,iBAAiBD;AAEtC,YAAMI,aAAa;QACjBzC,QAAQwC,aAAaxC;QACrBjB,gBAAgByD,aAAa3D;QAC7BO,UAAUoD,aAAarD;QACvBuD,cAAcF,aAAaG;QAC3B,GAAKL,eAAetC,WAAW4C,uDAAiCC,YAAYP,cAAcQ,iBAAiBC,UAAc;UAAEC,eAAeV,cAAcQ;QAAa;QACrK,GAAIN,aAAab,SAAS;UAAE1B,SAASuC,aAAab,MAAM1B;QAAQ;MAClE;AACA9B,cAAQ8E,MAAM,0BAA0BzB,KAAKC,UAAUgB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAaxC,WAAW,SAAS;AACnC,eAAOpB,SAASoB,OAAO,GAAA,EAAK0B,KAAKe,UAAAA;MACnC;AACA,aAAO7D,SAASoB,OAAO,GAAA,EAAK0B,KAAKe,UAAAA;IACnC,SAASd,OAAO;AACd,iBAAO5B,+CAAkBnB,UAAU,KAAK;QAAEoB,QAAQ;QAAKC,SAAS0B,MAAM1B;MAAQ,GAAG0B,KAAAA;IACnF;EACF,CAAA;AACF;AA9CgBQ;AAgDT,SAASe,uBAAuBnF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMuE,cAAc,MAAMnF,QAAQ0B,MAAMC,kBAAiB;AACzDf,eAASwE,aAAa;AACtB,aAAOxE,SAAS8C,KAAKyB,WAAAA;IACvB,SAASxB,OAAO;AACd,iBAAO5B,+CAAkBnB,UAAU,KAAK;QAAEoB,QAAQ;QAAKC,SAAS0B,MAAM1B;MAAQ,GAAG0B,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBuB;;;AG1JhB,IAAAG,kBAA6B;AAC7B,IAAAC,8BAA0D;AAI1D,qBAA4D;AAS5D,gCAAsB;AAEf,IAAMC,oBAAN,MAAMA;EAhBb,OAgBaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,+DAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,iEAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,eAAAA,QAAQC,OAAM;AAC7B,UAAMC,cAAUC,8BAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,0BAAAA,QAAUC,WAAWb,SAASc,OAAAA,GAC9BF,0BAAAA,QAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAAmD;AACrD,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","definitionId","tenantId","version","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQueryPayload","dcqlPayload","presentation","oid4vpSubmission","Object","keys","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","queryId","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","import_did_auth_siop","import_ssi_express_support","import_ssi_sdk","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","import_zod","ResponseTypeSchema","z","enum","ResponseType","VP_TOKEN","ResponseModeSchema","ResponseMode","DIRECT_POST","DIRECT_POST_JWT","requestUriMethods","RequestUriMethodSchema","AuthorizationStatusSchema","authorizationRequestStatuses","authorizationResponseStatuses","CallbackOptsSchema","object","url","string","status","array","optional","QRCodeOptsSchema","size","number","color_dark","color_light","CreateAuthorizationRequestBodySchema","query_id","client_id","request_uri_base","correlation_id","request_uri_method","response_type","response_mode","transaction_data","qr_code","direct_post_response_redirect_uri","callback","CreateAuthorizationResponseSchema","request_uri","status_uri","qr_uri","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestBodySchema","request","response","correlationId","body","correlation_id","uuid","qrCodeOpts","qr_code","queryId","query_id","directPostResponseRedirectUri","direct_post_response_redirect_uri","requestUriBase","request_uri_base","definitionItems","agent","pdmGetDefinitions","filter","definitionId","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","responseRedirectURI","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","AuthorizationResponseStateStatus","VERIFIED","verifiedData","undefined","verified_data","debug","getDefinitionsEndpoint","definitions","statusCode","import_ssi_sdk","import_ssi_express_support","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}