@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.DIIPv4.250 → 0.34.1-feature.DIIPv4.257

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/index.cjs +28 -35
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +8 -1
  4. package/dist/index.d.ts +8 -1
  5. package/dist/index.js +28 -35
  6. package/dist/index.js.map +1 -1
  7. package/package.json +21 -21
  8. package/src/siop-api-functions.ts +13 -11
  9. package/src/universal-oid4vp-api-functions.ts +7 -9
package/dist/index.cjs CHANGED
@@ -33,6 +33,7 @@ var index_exports = {};
33
33
  __export(index_exports, {
34
34
  SIOPv2RPApiServer: () => SIOPv2RPApiServer,
35
35
  authStatusUniversalOID4VPEndpoint: () => authStatusUniversalOID4VPEndpoint,
36
+ buildQueryIdFilter: () => buildQueryIdFilter,
36
37
  createAuthRequestUniversalOID4VPEndpoint: () => createAuthRequestUniversalOID4VPEndpoint,
37
38
  getAuthRequestSIOPv2Endpoint: () => getAuthRequestSIOPv2Endpoint,
38
39
  getDefinitionsEndpoint: () => getDefinitionsEndpoint,
@@ -44,6 +45,7 @@ module.exports = __toCommonJS(index_exports);
44
45
  // src/siop-api-functions.ts
45
46
  var import_ssi_express_support = require("@sphereon/ssi-express-support");
46
47
  var import_ssi_types = require("@sphereon/ssi-types");
48
+ var import_uuid = require("uuid");
47
49
  var parseAuthorizationResponse = /* @__PURE__ */ __name((request) => {
48
50
  const contentType = request.header("content-type");
49
51
  if (contentType === "application/json") {
@@ -85,20 +87,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
85
87
  console.debug("Authorization Response (siop-sessions");
86
88
  console.debug(JSON.stringify(request.body, null, 2));
87
89
  const definitionItems = await context.agent.pdmGetDefinitions({
88
- filter: [
89
- {
90
- queryId,
91
- ...tenantId && {
92
- tenantId
93
- },
94
- ...version && {
95
- version
96
- }
97
- },
98
- {
99
- id: queryId
100
- }
101
- ]
90
+ filter: buildQueryIdFilter(queryId, tenantId, version)
102
91
  });
103
92
  if (definitionItems.length === 0) {
104
93
  console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
@@ -171,11 +160,7 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
171
160
  return (0, import_ssi_express_support.sendErrorResponse)(response, 404, `No authorization request could be found`);
172
161
  }
173
162
  const definitionItems = await context.agent.pdmGetDefinitions({
174
- filter: [
175
- {
176
- queryId
177
- }
178
- ]
163
+ filter: buildQueryIdFilter(queryId)
179
164
  });
180
165
  if (definitionItems.length === 0) {
181
166
  console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
@@ -209,6 +194,26 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
209
194
  });
210
195
  }
211
196
  __name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
197
+ function buildQueryIdFilter(queryId, tenantId, version) {
198
+ const queryFilter = {
199
+ queryId,
200
+ ...tenantId ? {
201
+ tenantId
202
+ } : {},
203
+ ...version ? {
204
+ version
205
+ } : {}
206
+ };
207
+ return [
208
+ queryFilter,
209
+ ...(0, import_uuid.validate)(queryId) ? [
210
+ {
211
+ id: queryId
212
+ }
213
+ ] : []
214
+ ];
215
+ }
216
+ __name(buildQueryIdFilter, "buildQueryIdFilter");
212
217
 
213
218
  // src/universal-oid4vp-api-functions.ts
214
219
  var import_did_auth_siop = require("@sphereon/did-auth-siop");
@@ -244,7 +249,6 @@ var validateData = /* @__PURE__ */ __name((schema) => {
244
249
  }, "validateData");
245
250
 
246
251
  // src/universal-oid4vp-api-functions.ts
247
- var import_uuid = require("uuid");
248
252
  function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
249
253
  if (opts?.enabled === false) {
250
254
  console.log(`createAuthRequest universal OID4VP endpoint is disabled`);
@@ -293,8 +297,10 @@ function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
293
297
  if (qrCodeOpts) {
294
298
  const { AwesomeQR } = await import("awesome-qr");
295
299
  const qrCode = new AwesomeQR({
296
- ...qrCodeOpts,
297
- text: authRequestURI
300
+ text: authRequestURI,
301
+ size: qrCodeOpts.size ?? 250,
302
+ colorDark: qrCodeOpts.colorDark ?? "#000000",
303
+ colorLight: qrCodeOpts.colorLight ?? "#FFFFFF"
298
304
  });
299
305
  qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw()).toString("base64")}`;
300
306
  } else {
@@ -430,19 +436,6 @@ function getDefinitionsEndpoint(router, context, opts) {
430
436
  });
431
437
  }
432
438
  __name(getDefinitionsEndpoint, "getDefinitionsEndpoint");
433
- function buildQueryIdFilter(queryId) {
434
- return [
435
- ...(0, import_uuid.validate)(queryId) ? [
436
- {
437
- id: queryId
438
- }
439
- ] : [],
440
- {
441
- queryId
442
- }
443
- ];
444
- }
445
- __name(buildQueryIdFilter, "buildQueryIdFilter");
446
439
 
447
440
  // src/siopv2-rp-api-server.ts
448
441
  var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["/**\n * @public\n */\nexport * from './siop-api-functions'\nexport * from './universal-oid4vp-api-functions'\nexport * from './types'\nexport * from './siopv2-rp-api-server'\n","import { AuthorizationResponsePayload, PresentationSubmission } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\nimport { DcqlQuery } from 'dcql'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nconst validatePresentationSubmission = (query: DcqlQuery, submission: PresentationSubmission): boolean => {\n return query.credentials.every(credential => credential.id in submission)\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, queryId, tenantId, version } = request.params\n if (!correlationId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.debug('Authorization Response (siop-sessions') // TODO use logger\n console.debug(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n {\n id: queryId,\n },\n ],\n })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n dcqlQuery: definitionItem.query,\n })\n\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {\n console.log('PRESENTATIONS:' + JSON.stringify(presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const queryId = request.params.queryId\n if (!correlationId || !queryId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ queryId }] });\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n const payload = requestState.request?.requestObject?.getPayload()!\n payload.dcql_query = definitionItems[0].query\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import {\n AuthorizationRequestStateStatus,\n CreateAuthorizationRequest,\n createAuthorizationRequestFromPayload,\n CreateAuthorizationRequestPayloadSchema,\n CreateAuthorizationResponsePayload,\n} from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport {\n AuthStatusResponse,\n CreateAuthorizationRequestPayloadRequest,\n CreateAuthorizationResponsePayloadResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext,\n QRCodeOpts,\n} from './types'\nimport { validate as isValidUUID } from 'uuid'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(\n path,\n checkAuth(opts?.endpoint),\n validateData(CreateAuthorizationRequestPayloadSchema),\n async (request: CreateAuthorizationRequestPayloadRequest, response: CreateAuthorizationResponsePayloadResponse) => {\n try {\n const authRequest: CreateAuthorizationRequest = createAuthorizationRequestFromPayload(request.body)\n const correlationId = authRequest.correlationId ?? uuid.uuid()\n const qrCodeOpts = authRequest.qrCode ? ({ ...authRequest.qrCode } satisfies QRCodeOpts) : opts?.qrCodeOpts\n const queryId = authRequest.queryId\n\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: buildQueryIdFilter(queryId),\n })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {\n baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(authRequest.directPostResponseRedirectUri && { responseRedirectURI: authRequest.directPostResponseRedirectUri }),\n ...(authRequest.callback && { callback: authRequest.callback }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n } else {\n qrCodeDataUri = authRequestURI\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationResponsePayload\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n },\n )\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {\n responseState = await context.agent.siopGetAuthResponseState({\n correlationId,\n errorOnNotFound: false,\n })\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...('verifiedData' in overallState && { verified_data: overallState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message }),\n } satisfies AuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nfunction buildQueryIdFilter(queryId: string) {\n return [\n ...(isValidUUID(queryId) ? [{ id: queryId }] : []), // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version\n { queryId },\n ]\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;ACCA,iCAAkE;AAElE,uBAAiC;AAKjC,IAAMA,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,kCAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoCnC,IAAMe,iCAAiC,wBAACC,OAAkBC,eAAAA;AACxD,SAAOD,MAAME,YAAYC,MAAMC,CAAAA,eAAcA,WAAWC,MAAMJ,UAAAA;AAChE,GAFuC;AAIhC,SAASK,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,SAASC,UAAUC,QAAO,IAAKpC,QAAQqC;AAC9D,UAAI,CAACJ,eAAe;AAClBzB,gBAAQC,IAAI,6EAA6EwB,aAAAA,EAAe;AACxG,mBAAOK,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAxB,cAAQ+B,MAAM,uCAAA;AACd/B,cAAQ+B,MAAMlC,KAAKmC,UAAUxC,QAAQI,MAAM,MAAM,CAAA,CAAA;AACjD,YAAMqC,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAC5DC,QAAQ;UACN;YACEV;YACA,GAAIC,YAAY;cAAEA;YAAS;YAC3B,GAAIC,WAAW;cAAEA;YAAQ;UAC3B;UACA;YACEd,IAAIY;UACN;;MAEJ,CAAA;AACA,UAAIO,gBAAgBI,WAAW,GAAG;AAChCrC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB,iBAAiBb,OAAAA;AAC1C,eAAOF,SAASgB,KAAI;MACtB;AAEA,YAAMC,wBAAwBlD,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAKmC,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAM1B,QAAQiB,MAAMU,uBAAuB;QAClEH;QACAhB;QACAoB,WAAWH,eAAejC;MAC5B,CAAA;AAEA,YAAMqC,eAAeH,kBAAkBI,kBAAkBD;AACzD,UAAIA,gBAAgBtC,+BAA+BkC,eAAejC,OAAOqC,YAAAA,GAAe;AACtF9C,gBAAQC,IAAI,mBAAmBJ,KAAKmC,UAAUc,cAAc,MAAM,CAAA,CAAA;AAClEtB,iBAASc,aAAa;AAEtB,cAAMU,2CAAqF;UACzFC,sCAAsCN,iBAAiBlB;QACzD;AACA,YAAIgB,sBAAsBS,gBAAgB;AACxC1B,mBAAS2B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO3B,SAASgB,KAAK3C,KAAKmC,UAAUgB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMnC,QAAQiB,MAAMmB,mBAAmB;UAAE5B;UAAe6B,OAAOX,iBAAiBW;QAAM,CAAA;AAClH,YAAIF,qBAAqB;AACvB5B,mBAAS2B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO3B,SAASgB,KAAK3C,KAAKmC,UAAU;YAAEuB,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLpD,gBAAQC,IAAI,+CAAA;AACZuB,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB;MAC3B;AACA,aAAOf,SAASgB,KAAI;IACtB,SAASgB,OAAO;AACdxD,cAAQwD,MAAMA,KAAAA;AACd,iBAAO1B,8CAAkBN,UAAU,KAAK,gCAAgCgC,KAAAA;IAC1E;EACF,CAAA;AACF;AA1EgBzC;AA4ET,SAAS0C,6BAA6BzC,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO0C,IAAItC,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgBjC,QAAQqC,OAAOJ;AACrC,YAAMC,UAAUlC,QAAQqC,OAAOH;AAC/B,UAAI,CAACD,iBAAiB,CAACC,SAAS;AAC9B1B,gBAAQC,IAAI,6EAA6EwB,aAAAA,cAA2BC,OAAAA,EAAS;AAC7H,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMmC,eAAe,MAAM1C,QAAQiB,MAAM0B,wBAAwB;QAC/DnC;QACAoC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjB3D,gBAAQC,IACN,kGAAkGwB,aAAAA,mBAAgCC,OAAAA,EAAS;AAE7I,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAyC;MACnF;AAEA,YAAMS,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAEV;UAAQ;;MAAG,CAAA;AACtF,UAAIO,gBAAgBI,WAAW,GAAG;AAChCrC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB,iBAAiBb,OAAAA;AAC1C,eAAOF,SAASgB,KAAI;MACtB;AACA,YAAM7C,UAAUgE,aAAanE,SAASsE,eAAeC,WAAAA;AACrDpE,cAAQqE,aAAa/B,gBAAgB,CAAA,EAAGxB;AACxC,YAAMqD,gBAAgB,MAAMH,aAAanE,SAASsE,eAAeG,MAAAA;AACjEjE,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI6D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFhC,iBAASc,aAAa;AACtBd,iBAAS2B,UAAU,gBAAgB,iBAAA;AACnC,eAAO3B,SAASgB,KAAKsB,aAAAA;MACvB,SAASI,GAAG;AACVV,gBAAQ,OAAOU,MAAM,WAAWA,IAAIA,aAAa3D,QAAQ2D,EAAEC,UAAUC;AACrE,mBAAOtC,8CAAkBN,UAAU,KAAK,uCAAuC0C,CAAAA;MACjF,UAAA;AACE,cAAMjD,QAAQiB,MAAMmC,2BAA2B;UAC7C5C;UACA6B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,iBAAO1B,8CAAkBN,UAAU,KAAK,uCAAuCgC,KAAAA;IACjF;EACF,CAAA;AACF;AAzDgBC;;;AC5HhB,2BAMO;AACP,IAAAa,8BAAkE;AAClE,qBAA4B;AAE5B,wBAAiB;;;ACTjB,iBAA4B;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,qBAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ADmB5B,kBAAwC;AAEjC,SAASM,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KACLD,UACAE,uCAAUN,MAAMO,QAAAA,GAChBC,aAAaC,4DAAAA,GACb,OAAOC,SAAmDC,aAAAA;AACxD,QAAI;AACF,YAAMC,kBAA0CC,4DAAsCH,QAAQI,IAAI;AAClG,YAAMC,gBAAgBH,YAAYG,iBAAiBC,kBAAAA,QAAKA,KAAI;AAC5D,YAAMC,aAAaL,YAAYM,SAAU;QAAE,GAAGN,YAAYM;MAAO,IAA0BlB,MAAMiB;AACjG,YAAME,UAAUP,YAAYO;AAE5B,YAAMC,kBAAkB,MAAMrB,QAAQsB,MAAMC,kBAAkB;QAC5DC,QAAQC,mBAAmBL,OAAAA;MAC7B,CAAA;AACA,UAAIC,gBAAgBK,WAAW,GAAG;AAChCvB,gBAAQC,IAAI,uDAAuDgB,OAAAA,EAAS;AAC5E,mBAAOO,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC5F;AAEA,YAAMC,4BAAwBC,4BAAY,iBAAiBX,OAAAA,kBAAyBJ,aAAAA,IAAiB;QACnGgB,SAASnB,YAAYoB,kBAAkBhC,MAAMiC;MAC/C,CAAA;AACA,YAAMC,kBAAcJ,4BAAY,iBAAiBX,OAAAA,mBAA0BJ,aAAAA,IAAiB;QAAEgB,SAAS/B,MAAMiC;MAAY,CAAA;AAEzH,YAAME,iBAAiB,MAAMpC,QAAQsB,MAAMe,yBAAyB;QAClEjB;QACAJ;QACAsB,OAAOrB,kBAAAA,QAAKA,KAAI;QAChBa;QACAS,iBAAiB;QACjBJ;QACA,GAAItB,YAAY2B,iCAAiC;UAAEC,qBAAqB5B,YAAY2B;QAA8B;QAClH,GAAI3B,YAAY6B,YAAY;UAAEA,UAAU7B,YAAY6B;QAAS;MAC/D,CAAA;AAEA,UAAIC;AACJ,UAAIzB,YAAY;AACd,cAAM,EAAE0B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMzB,SAAS,IAAIyB,UAAU;UAAE,GAAG1B;UAAY2B,MAAMT;QAAe,CAAA;AACnEO,wBAAgB,0BAA0B,MAAMxB,OAAO2B,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E,OAAO;AACLJ,wBAAgBP;MAClB;AAEA,YAAMY,kBAAkB;QACtBC,UAAU7B;QACV8B,gBAAgBlC;QAChBmC,aAAaf;QACbgB,YAAY,OAAGrB,4BAAY9B,MAAMoD,wBAAwB,wBAAwBrC,aAAAA,IAAiB;UAAEgB,SAAS/B,MAAMqD;QAAc,CAAA,CAAA;QACjI,GAAIX,iBAAiB;UAAEY,QAAQZ;QAAc;MAC/C;AACAxC,cAAQC,IAAI,uCAAuCoD,KAAKC,UAAUT,eAAAA,CAAAA,EAAkB;AAEpF,aAAOpC,SAASgB,OAAO,GAAA,EAAK8B,KAAKV,eAAAA;IACnC,SAASW,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS;MAAgD,GAAG8B,KAAAA;IACrH;EACF,CAAA;AAEJ;AAlEgB7D;AAoET,SAAS8D,8CAA8C7D,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO8D,OAAOxD,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMI,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAM+C,mBAAmB,MAAM/D,QAAQsB,MAAM0C,wBAAwB;QACnEhD;QACAiD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB5D,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,mBAAOW,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAM7B,QAAQsB,MAAM4C,oBAAoB;QAAElD;MAAc,CAAA;AAExD,aAAOJ,SAASgB,OAAO,GAAA,EAAK8B,KAAI;IAClC,SAASC,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCpE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMY,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAMqD,eAAe,MAAMrE,QAAQsB,MAAM0C,wBAAwB;QAC/DhD;QACAiD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBlE,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,mBAAOW,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAIyC;AACJ,UAAID,aAAazC,WAAW2C,qDAAgCC,WAAW;AACrEF,wBAAgB,MAAMtE,QAAQsB,MAAMmD,yBAAyB;UAC3DzD;UACAiD,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMS,eAAeJ,iBAAiBD;AAEtC,YAAMM,aAAa;QACjB/C,QAAQ8C,aAAa9C;QACrBsB,gBAAgBwB,aAAa1D;QAC7BiC,UAAUyB,aAAatD;QACvBwD,cAAcF,aAAaG;QAC3B,GAAI,kBAAkBH,gBAAgB;UAAEI,eAAeJ,aAAaK;QAAa;QACjF,GAAIL,aAAaf,SAAS;UAAE9B,SAAS6C,aAAaf,MAAM9B;QAAQ;MAClE;AACA1B,cAAQ6E,MAAM,0BAA0BxB,KAAKC,UAAUkB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAa9C,WAAW,SAAS;AACnC,eAAOhB,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;MACnC;AACA,aAAO/D,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;IACnC,SAAShB,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAjDgBQ;AAmDT,SAASc,uBAAuBlF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMsE,cAAc,MAAMlF,QAAQsB,MAAMC,kBAAiB;AACzDX,eAASuE,aAAa;AACtB,aAAOvE,SAAS8C,KAAKwB,WAAAA;IACvB,SAASvB,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBsB;AAkBhB,SAASxD,mBAAmBL,SAAe;AACzC,SAAO;WACDgE,YAAAA,UAAYhE,OAAAA,IAAW;MAAC;QAAEiE,IAAIjE;MAAQ;QAAK,CAAA;IAC/C;MAAEA;IAAQ;;AAEd;AALSK;;;AE9LT,IAAA6D,kBAA6B;AAC7B,IAAAC,8BAA0D;AAG1D,qBAA4D;AAS5D,gCAAsB;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,+DAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,iEAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,eAAAA,QAAQC,OAAM;AAC7B,UAAMC,cAAUC,8BAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,0BAAAA,QAAUC,WAAWb,SAASc,OAAAA,GAC9BF,0BAAAA,QAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","validatePresentationSubmission","query","submission","credentials","every","credential","id","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","queryId","tenantId","version","params","sendErrorResponse","debug","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQuery","presentation","oid4vpSubmission","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","getPayload","dcql_query","toJwt","e","message","undefined","siopUpdateAuthRequestState","import_ssi_express_support","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestPayloadSchema","request","response","authRequest","createAuthorizationRequestFromPayload","body","correlationId","uuid","qrCodeOpts","qrCode","queryId","definitionItems","agent","pdmGetDefinitions","filter","buildQueryIdFilter","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","requestUriBase","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","directPostResponseRedirectUri","responseRedirectURI","callback","qrCodeDataUri","AwesomeQR","text","draw","toString","authRequestBody","query_id","correlation_id","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","AuthorizationRequestStateStatus","RETRIEVED","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","verified_data","verifiedData","debug","getDefinitionsEndpoint","definitions","statusCode","isValidUUID","id","import_ssi_sdk","import_ssi_express_support","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["/**\n * @public\n */\nexport * from './siop-api-functions'\nexport * from './universal-oid4vp-api-functions'\nexport * from './types'\nexport * from './siopv2-rp-api-server'\n","import { AuthorizationResponsePayload, PresentationSubmission } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { validate as isValidUUID } from 'uuid'\nimport { IRequiredContext } from './types'\nimport { DcqlQuery } from 'dcql'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nconst validatePresentationSubmission = (query: DcqlQuery, submission: PresentationSubmission): boolean => {\n return query.credentials.every(credential => credential.id in submission)\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, queryId, tenantId, version } = request.params\n if (!correlationId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.debug('Authorization Response (siop-sessions') // TODO use logger\n console.debug(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: buildQueryIdFilter(queryId, tenantId, version),\n })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n dcqlQuery: definitionItem.query,\n })\n\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {\n console.log('PRESENTATIONS:' + JSON.stringify(presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const queryId = request.params.queryId\n if (!correlationId || !queryId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: buildQueryIdFilter(queryId) })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n const payload = requestState.request?.requestObject?.getPayload()!\n payload.dcql_query = definitionItems[0].query\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n\nexport function buildQueryIdFilter(queryId: string, tenantId?: string, version?: string) {\n const queryFilter = {\n queryId,\n ...(tenantId ? { tenantId } : {}),\n ...(version ? { version } : {}),\n }\n\n return [queryFilter, ...(isValidUUID(queryId) ? [{ id: queryId }] : [])] // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version\n}\n","import {\n AuthorizationRequestStateStatus,\n CreateAuthorizationRequest,\n createAuthorizationRequestFromPayload,\n CreateAuthorizationRequestPayloadSchema,\n CreateAuthorizationResponsePayload,\n} from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport { buildQueryIdFilter } from './siop-api-functions'\nimport {\n AuthStatusResponse,\n CreateAuthorizationRequestPayloadRequest,\n CreateAuthorizationResponsePayloadResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext,\n QRCodeOpts,\n} from './types'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(\n path,\n checkAuth(opts?.endpoint),\n validateData(CreateAuthorizationRequestPayloadSchema),\n async (request: CreateAuthorizationRequestPayloadRequest, response: CreateAuthorizationResponsePayloadResponse) => {\n try {\n const authRequest: CreateAuthorizationRequest = createAuthorizationRequestFromPayload(request.body)\n const correlationId = authRequest.correlationId ?? uuid.uuid()\n const qrCodeOpts = authRequest.qrCode ? ({ ...authRequest.qrCode } satisfies QRCodeOpts) : opts?.qrCodeOpts\n const queryId = authRequest.queryId\n\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: buildQueryIdFilter(queryId),\n })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {\n baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(authRequest.directPostResponseRedirectUri && { responseRedirectURI: authRequest.directPostResponseRedirectUri }),\n ...(authRequest.callback && { callback: authRequest.callback }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({\n text: authRequestURI,\n size: qrCodeOpts.size ?? 250,\n colorDark: qrCodeOpts.colorDark ?? '#000000',\n colorLight: qrCodeOpts.colorLight ?? '#FFFFFF',\n })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n } else {\n qrCodeDataUri = authRequestURI\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationResponsePayload\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n },\n )\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {\n responseState = await context.agent.siopGetAuthResponseState({\n correlationId,\n errorOnNotFound: false,\n })\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...('verifiedData' in overallState && { verified_data: overallState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message }),\n } satisfies AuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;ACCA,iCAAkE;AAElE,uBAAiC;AAEjC,kBAAwC;AAIxC,IAAMA,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,kCAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoCnC,IAAMe,iCAAiC,wBAACC,OAAkBC,eAAAA;AACxD,SAAOD,MAAME,YAAYC,MAAMC,CAAAA,eAAcA,WAAWC,MAAMJ,UAAAA;AAChE,GAFuC;AAIhC,SAASK,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,SAASC,UAAUC,QAAO,IAAKpC,QAAQqC;AAC9D,UAAI,CAACJ,eAAe;AAClBzB,gBAAQC,IAAI,6EAA6EwB,aAAAA,EAAe;AACxG,mBAAOK,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAxB,cAAQ+B,MAAM,uCAAA;AACd/B,cAAQ+B,MAAMlC,KAAKmC,UAAUxC,QAAQI,MAAM,MAAM,CAAA,CAAA;AACjD,YAAMqC,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAC5DC,QAAQC,mBAAmBX,SAASC,UAAUC,OAAAA;MAChD,CAAA;AACA,UAAIK,gBAAgBK,WAAW,GAAG;AAChCtC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AAEA,YAAMC,wBAAwBnD,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAKmC,UAAUU,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBV,gBAAgB,CAAA;AACvC,YAAMW,mBAAmB,MAAM3B,QAAQiB,MAAMW,uBAAuB;QAClEH;QACAjB;QACAqB,WAAWH,eAAelC;MAC5B,CAAA;AAEA,YAAMsC,eAAeH,kBAAkBI,kBAAkBD;AACzD,UAAIA,gBAAgBvC,+BAA+BmC,eAAelC,OAAOsC,YAAAA,GAAe;AACtF/C,gBAAQC,IAAI,mBAAmBJ,KAAKmC,UAAUe,cAAc,MAAM,CAAA,CAAA;AAClEvB,iBAASe,aAAa;AAEtB,cAAMU,2CAAqF;UACzFC,sCAAsCN,iBAAiBnB;QACzD;AACA,YAAIiB,sBAAsBS,gBAAgB;AACxC3B,mBAAS4B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO5B,SAASiB,KAAK5C,KAAKmC,UAAUiB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMpC,QAAQiB,MAAMoB,mBAAmB;UAAE7B;UAAe8B,OAAOX,iBAAiBW;QAAM,CAAA;AAClH,YAAIF,qBAAqB;AACvB7B,mBAAS4B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO5B,SAASiB,KAAK5C,KAAKmC,UAAU;YAAEwB,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLrD,gBAAQC,IAAI,+CAAA;AACZuB,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB;MAC3B;AACA,aAAOhB,SAASiB,KAAI;IACtB,SAASgB,OAAO;AACdzD,cAAQyD,MAAMA,KAAAA;AACd,iBAAO3B,8CAAkBN,UAAU,KAAK,gCAAgCiC,KAAAA;IAC1E;EACF,CAAA;AACF;AAjEgB1C;AAmET,SAAS2C,6BAA6B1C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO2C,IAAIvC,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgBjC,QAAQqC,OAAOJ;AACrC,YAAMC,UAAUlC,QAAQqC,OAAOH;AAC/B,UAAI,CAACD,iBAAiB,CAACC,SAAS;AAC9B1B,gBAAQC,IAAI,6EAA6EwB,aAAAA,cAA2BC,OAAAA,EAAS;AAC7H,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMoC,eAAe,MAAM3C,QAAQiB,MAAM2B,wBAAwB;QAC/DpC;QACAqC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjB5D,gBAAQC,IACN,kGAAkGwB,aAAAA,mBAAgCC,OAAAA,EAAS;AAE7I,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAyC;MACnF;AAEA,YAAMS,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAAEC,QAAQC,mBAAmBX,OAAAA;MAAS,CAAA;AACpG,UAAIO,gBAAgBK,WAAW,GAAG;AAChCtC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AACA,YAAM9C,UAAUiE,aAAapE,SAASuE,eAAeC,WAAAA;AACrDrE,cAAQsE,aAAahC,gBAAgB,CAAA,EAAGxB;AACxC,YAAMsD,gBAAgB,MAAMH,aAAapE,SAASuE,eAAeG,MAAAA;AACjElE,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI8D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFjC,iBAASe,aAAa;AACtBf,iBAAS4B,UAAU,gBAAgB,iBAAA;AACnC,eAAO5B,SAASiB,KAAKsB,aAAAA;MACvB,SAASI,GAAG;AACVV,gBAAQ,OAAOU,MAAM,WAAWA,IAAIA,aAAa5D,QAAQ4D,EAAEC,UAAUC;AACrE,mBAAOvC,8CAAkBN,UAAU,KAAK,uCAAuC2C,CAAAA;MACjF,UAAA;AACE,cAAMlD,QAAQiB,MAAMoC,2BAA2B;UAC7C7C;UACA8B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,iBAAO3B,8CAAkBN,UAAU,KAAK,uCAAuCiC,KAAAA;IACjF;EACF,CAAA;AACF;AAzDgBC;AA2DT,SAASrB,mBAAmBX,SAAiBC,UAAmBC,SAAgB;AACrF,QAAM2C,cAAc;IAClB7C;IACA,GAAIC,WAAW;MAAEA;IAAS,IAAI,CAAC;IAC/B,GAAIC,UAAU;MAAEA;IAAQ,IAAI,CAAC;EAC/B;AAEA,SAAO;IAAC2C;WAAiBC,YAAAA,UAAY9C,OAAAA,IAAW;MAAC;QAAEZ,IAAIY;MAAQ;QAAK,CAAA;;AACtE;AARgBW;;;AC/KhB,2BAMO;AACP,IAAAoC,8BAAkE;AAClE,qBAA4B;AAE5B,wBAAiB;;;ACTjB,iBAA4B;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,qBAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ADqBrB,SAASM,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KACLD,UACAE,uCAAUN,MAAMO,QAAAA,GAChBC,aAAaC,4DAAAA,GACb,OAAOC,SAAmDC,aAAAA;AACxD,QAAI;AACF,YAAMC,kBAA0CC,4DAAsCH,QAAQI,IAAI;AAClG,YAAMC,gBAAgBH,YAAYG,iBAAiBC,kBAAAA,QAAKA,KAAI;AAC5D,YAAMC,aAAaL,YAAYM,SAAU;QAAE,GAAGN,YAAYM;MAAO,IAA0BlB,MAAMiB;AACjG,YAAME,UAAUP,YAAYO;AAE5B,YAAMC,kBAAkB,MAAMrB,QAAQsB,MAAMC,kBAAkB;QAC5DC,QAAQC,mBAAmBL,OAAAA;MAC7B,CAAA;AACA,UAAIC,gBAAgBK,WAAW,GAAG;AAChCvB,gBAAQC,IAAI,uDAAuDgB,OAAAA,EAAS;AAC5E,mBAAOO,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC5F;AAEA,YAAMC,4BAAwBC,4BAAY,iBAAiBX,OAAAA,kBAAyBJ,aAAAA,IAAiB;QACnGgB,SAASnB,YAAYoB,kBAAkBhC,MAAMiC;MAC/C,CAAA;AACA,YAAMC,kBAAcJ,4BAAY,iBAAiBX,OAAAA,mBAA0BJ,aAAAA,IAAiB;QAAEgB,SAAS/B,MAAMiC;MAAY,CAAA;AAEzH,YAAME,iBAAiB,MAAMpC,QAAQsB,MAAMe,yBAAyB;QAClEjB;QACAJ;QACAsB,OAAOrB,kBAAAA,QAAKA,KAAI;QAChBa;QACAS,iBAAiB;QACjBJ;QACA,GAAItB,YAAY2B,iCAAiC;UAAEC,qBAAqB5B,YAAY2B;QAA8B;QAClH,GAAI3B,YAAY6B,YAAY;UAAEA,UAAU7B,YAAY6B;QAAS;MAC/D,CAAA;AAEA,UAAIC;AACJ,UAAIzB,YAAY;AACd,cAAM,EAAE0B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMzB,SAAS,IAAIyB,UAAU;UAC3BC,MAAMT;UACNU,MAAM5B,WAAW4B,QAAQ;UACzBC,WAAW7B,WAAW6B,aAAa;UACnCC,YAAY9B,WAAW8B,cAAc;QACvC,CAAA;AACAL,wBAAgB,0BAA0B,MAAMxB,OAAO8B,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E,OAAO;AACLP,wBAAgBP;MAClB;AAEA,YAAMe,kBAAkB;QACtBC,UAAUhC;QACViC,gBAAgBrC;QAChBsC,aAAalB;QACbmB,YAAY,OAAGxB,4BAAY9B,MAAMuD,wBAAwB,wBAAwBxC,aAAAA,IAAiB;UAAEgB,SAAS/B,MAAMwD;QAAc,CAAA,CAAA;QACjI,GAAId,iBAAiB;UAAEe,QAAQf;QAAc;MAC/C;AACAxC,cAAQC,IAAI,uCAAuCuD,KAAKC,UAAUT,eAAAA,CAAAA,EAAkB;AAEpF,aAAOvC,SAASgB,OAAO,GAAA,EAAKiC,KAAKV,eAAAA;IACnC,SAASW,OAAO;AACd,iBAAOnC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS;MAAgD,GAAGiC,KAAAA;IACrH;EACF,CAAA;AAEJ;AAvEgBhE;AAyET,SAASiE,8CAA8ChE,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOiE,OAAO3D,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMI,gBAAwBL,QAAQsD,OAAOjD;AAE7C,YAAMkD,mBAAmB,MAAMlE,QAAQsB,MAAM6C,wBAAwB;QACnEnD;QACAoD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB/D,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,mBAAOW,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAM7B,QAAQsB,MAAM+C,oBAAoB;QAAErD;MAAc,CAAA;AAExD,aAAOJ,SAASgB,OAAO,GAAA,EAAKiC,KAAI;IAClC,SAASC,OAAO;AACd,iBAAOnC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAASiC,MAAMjC;MAAQ,GAAGiC,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCvE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOwE,IAAIlE,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMY,gBAAwBL,QAAQsD,OAAOjD;AAE7C,YAAMwD,eAAe,MAAMxE,QAAQsB,MAAM6C,wBAAwB;QAC/DnD;QACAoD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBrE,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,mBAAOW,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAI4C;AACJ,UAAID,aAAa5C,WAAW8C,qDAAgCC,WAAW;AACrEF,wBAAgB,MAAMzE,QAAQsB,MAAMsD,yBAAyB;UAC3D5D;UACAoD,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMS,eAAeJ,iBAAiBD;AAEtC,YAAMM,aAAa;QACjBlD,QAAQiD,aAAajD;QACrByB,gBAAgBwB,aAAa7D;QAC7BoC,UAAUyB,aAAazD;QACvB2D,cAAcF,aAAaG;QAC3B,GAAI,kBAAkBH,gBAAgB;UAAEI,eAAeJ,aAAaK;QAAa;QACjF,GAAIL,aAAaf,SAAS;UAAEjC,SAASgD,aAAaf,MAAMjC;QAAQ;MAClE;AACA1B,cAAQgF,MAAM,0BAA0BxB,KAAKC,UAAUkB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAajD,WAAW,SAAS;AACnC,eAAOhB,SAASgB,OAAO,GAAA,EAAKiC,KAAKiB,UAAAA;MACnC;AACA,aAAOlE,SAASgB,OAAO,GAAA,EAAKiC,KAAKiB,UAAAA;IACnC,SAAShB,OAAO;AACd,iBAAOnC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAASiC,MAAMjC;MAAQ,GAAGiC,KAAAA;IACnF;EACF,CAAA;AACF;AAjDgBQ;AAmDT,SAASc,uBAAuBrF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOwE,IAAIlE,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMyE,cAAc,MAAMrF,QAAQsB,MAAMC,kBAAiB;AACzDX,eAAS0E,aAAa;AACtB,aAAO1E,SAASiD,KAAKwB,WAAAA;IACvB,SAASvB,OAAO;AACd,iBAAOnC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAASiC,MAAMjC;MAAQ,GAAGiC,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBsB;;;AEjLhB,IAAAG,kBAA6B;AAC7B,IAAAC,8BAA0D;AAG1D,qBAA4D;AAS5D,gCAAsB;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,+DAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,iEAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,eAAAA,QAAQC,OAAM;AAC7B,UAAMC,cAAUC,8BAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,0BAAAA,QAAUC,WAAWb,SAASc,OAAAA,GAC9BF,0BAAAA,QAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","validatePresentationSubmission","query","submission","credentials","every","credential","id","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","queryId","tenantId","version","params","sendErrorResponse","debug","stringify","definitionItems","agent","pdmGetDefinitions","filter","buildQueryIdFilter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQuery","presentation","oid4vpSubmission","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","getPayload","dcql_query","toJwt","e","message","undefined","siopUpdateAuthRequestState","queryFilter","isValidUUID","import_ssi_express_support","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestPayloadSchema","request","response","authRequest","createAuthorizationRequestFromPayload","body","correlationId","uuid","qrCodeOpts","qrCode","queryId","definitionItems","agent","pdmGetDefinitions","filter","buildQueryIdFilter","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","requestUriBase","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","directPostResponseRedirectUri","responseRedirectURI","callback","qrCodeDataUri","AwesomeQR","text","size","colorDark","colorLight","draw","toString","authRequestBody","query_id","correlation_id","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","AuthorizationRequestStateStatus","RETRIEVED","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","verified_data","verifiedData","debug","getDefinitionsEndpoint","definitions","statusCode","import_ssi_sdk","import_ssi_express_support","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
package/dist/index.d.cts CHANGED
@@ -262,6 +262,13 @@ interface AuthStatusResponse {
262
262
 
263
263
  declare function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
264
264
  declare function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
265
+ declare function buildQueryIdFilter(queryId: string, tenantId?: string, version?: string): ({
266
+ version?: string | undefined;
267
+ tenantId?: string | undefined;
268
+ queryId: string;
269
+ } | {
270
+ id: string;
271
+ })[];
265
272
 
266
273
  declare function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts): void;
267
274
  declare function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
@@ -287,4 +294,4 @@ declare class SIOPv2RPApiServer {
287
294
  get opts(): ISIOPv2RPRestAPIOpts | undefined;
288
295
  }
289
296
 
290
- export { type AuthStatusResponse, type ComponentOptions, type CreateAuthorizationRequestPayloadRequest, type CreateAuthorizationResponsePayloadResponse, type DeleteAuthorizationRequest, type DeleteAuthorizationRequestPathParameters, type GetAuthorizationRequestStatus, type GetAuthorizationRequestStatusPathParameters, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type QRCodeOpts, type RequestError, SIOPv2RPApiServer, type SiopFeatures, authStatusUniversalOID4VPEndpoint, createAuthRequestUniversalOID4VPEndpoint, getAuthRequestSIOPv2Endpoint, getDefinitionsEndpoint, removeAuthRequestStateUniversalOID4VPEndpoint, verifyAuthResponseSIOPv2Endpoint };
297
+ export { type AuthStatusResponse, type ComponentOptions, type CreateAuthorizationRequestPayloadRequest, type CreateAuthorizationResponsePayloadResponse, type DeleteAuthorizationRequest, type DeleteAuthorizationRequestPathParameters, type GetAuthorizationRequestStatus, type GetAuthorizationRequestStatusPathParameters, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type QRCodeOpts, type RequestError, SIOPv2RPApiServer, type SiopFeatures, authStatusUniversalOID4VPEndpoint, buildQueryIdFilter, createAuthRequestUniversalOID4VPEndpoint, getAuthRequestSIOPv2Endpoint, getDefinitionsEndpoint, removeAuthRequestStateUniversalOID4VPEndpoint, verifyAuthResponseSIOPv2Endpoint };
package/dist/index.d.ts CHANGED
@@ -262,6 +262,13 @@ interface AuthStatusResponse {
262
262
 
263
263
  declare function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
264
264
  declare function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
265
+ declare function buildQueryIdFilter(queryId: string, tenantId?: string, version?: string): ({
266
+ version?: string | undefined;
267
+ tenantId?: string | undefined;
268
+ queryId: string;
269
+ } | {
270
+ id: string;
271
+ })[];
265
272
 
266
273
  declare function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts): void;
267
274
  declare function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
@@ -287,4 +294,4 @@ declare class SIOPv2RPApiServer {
287
294
  get opts(): ISIOPv2RPRestAPIOpts | undefined;
288
295
  }
289
296
 
290
- export { type AuthStatusResponse, type ComponentOptions, type CreateAuthorizationRequestPayloadRequest, type CreateAuthorizationResponsePayloadResponse, type DeleteAuthorizationRequest, type DeleteAuthorizationRequestPathParameters, type GetAuthorizationRequestStatus, type GetAuthorizationRequestStatusPathParameters, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type QRCodeOpts, type RequestError, SIOPv2RPApiServer, type SiopFeatures, authStatusUniversalOID4VPEndpoint, createAuthRequestUniversalOID4VPEndpoint, getAuthRequestSIOPv2Endpoint, getDefinitionsEndpoint, removeAuthRequestStateUniversalOID4VPEndpoint, verifyAuthResponseSIOPv2Endpoint };
297
+ export { type AuthStatusResponse, type ComponentOptions, type CreateAuthorizationRequestPayloadRequest, type CreateAuthorizationResponsePayloadResponse, type DeleteAuthorizationRequest, type DeleteAuthorizationRequestPathParameters, type GetAuthorizationRequestStatus, type GetAuthorizationRequestStatusPathParameters, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type QRCodeOpts, type RequestError, SIOPv2RPApiServer, type SiopFeatures, authStatusUniversalOID4VPEndpoint, buildQueryIdFilter, createAuthRequestUniversalOID4VPEndpoint, getAuthRequestSIOPv2Endpoint, getDefinitionsEndpoint, removeAuthRequestStateUniversalOID4VPEndpoint, verifyAuthResponseSIOPv2Endpoint };
package/dist/index.js CHANGED
@@ -4,6 +4,7 @@ var __name = (target, value) => __defProp(target, "name", { value, configurable:
4
4
  // src/siop-api-functions.ts
5
5
  import { checkAuth, sendErrorResponse } from "@sphereon/ssi-express-support";
6
6
  import { CredentialMapper } from "@sphereon/ssi-types";
7
+ import { validate as isValidUUID } from "uuid";
7
8
  var parseAuthorizationResponse = /* @__PURE__ */ __name((request) => {
8
9
  const contentType = request.header("content-type");
9
10
  if (contentType === "application/json") {
@@ -45,20 +46,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
45
46
  console.debug("Authorization Response (siop-sessions");
46
47
  console.debug(JSON.stringify(request.body, null, 2));
47
48
  const definitionItems = await context.agent.pdmGetDefinitions({
48
- filter: [
49
- {
50
- queryId,
51
- ...tenantId && {
52
- tenantId
53
- },
54
- ...version && {
55
- version
56
- }
57
- },
58
- {
59
- id: queryId
60
- }
61
- ]
49
+ filter: buildQueryIdFilter(queryId, tenantId, version)
62
50
  });
63
51
  if (definitionItems.length === 0) {
64
52
  console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
@@ -131,11 +119,7 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
131
119
  return sendErrorResponse(response, 404, `No authorization request could be found`);
132
120
  }
133
121
  const definitionItems = await context.agent.pdmGetDefinitions({
134
- filter: [
135
- {
136
- queryId
137
- }
138
- ]
122
+ filter: buildQueryIdFilter(queryId)
139
123
  });
140
124
  if (definitionItems.length === 0) {
141
125
  console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
@@ -169,6 +153,26 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
169
153
  });
170
154
  }
171
155
  __name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
156
+ function buildQueryIdFilter(queryId, tenantId, version) {
157
+ const queryFilter = {
158
+ queryId,
159
+ ...tenantId ? {
160
+ tenantId
161
+ } : {},
162
+ ...version ? {
163
+ version
164
+ } : {}
165
+ };
166
+ return [
167
+ queryFilter,
168
+ ...isValidUUID(queryId) ? [
169
+ {
170
+ id: queryId
171
+ }
172
+ ] : []
173
+ ];
174
+ }
175
+ __name(buildQueryIdFilter, "buildQueryIdFilter");
172
176
 
173
177
  // src/universal-oid4vp-api-functions.ts
174
178
  import { AuthorizationRequestStateStatus, createAuthorizationRequestFromPayload, CreateAuthorizationRequestPayloadSchema } from "@sphereon/did-auth-siop";
@@ -204,7 +208,6 @@ var validateData = /* @__PURE__ */ __name((schema) => {
204
208
  }, "validateData");
205
209
 
206
210
  // src/universal-oid4vp-api-functions.ts
207
- import { validate as isValidUUID } from "uuid";
208
211
  function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
209
212
  if (opts?.enabled === false) {
210
213
  console.log(`createAuthRequest universal OID4VP endpoint is disabled`);
@@ -253,8 +256,10 @@ function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
253
256
  if (qrCodeOpts) {
254
257
  const { AwesomeQR } = await import("awesome-qr");
255
258
  const qrCode = new AwesomeQR({
256
- ...qrCodeOpts,
257
- text: authRequestURI
259
+ text: authRequestURI,
260
+ size: qrCodeOpts.size ?? 250,
261
+ colorDark: qrCodeOpts.colorDark ?? "#000000",
262
+ colorLight: qrCodeOpts.colorLight ?? "#FFFFFF"
258
263
  });
259
264
  qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw()).toString("base64")}`;
260
265
  } else {
@@ -390,19 +395,6 @@ function getDefinitionsEndpoint(router, context, opts) {
390
395
  });
391
396
  }
392
397
  __name(getDefinitionsEndpoint, "getDefinitionsEndpoint");
393
- function buildQueryIdFilter(queryId) {
394
- return [
395
- ...isValidUUID(queryId) ? [
396
- {
397
- id: queryId
398
- }
399
- ] : [],
400
- {
401
- queryId
402
- }
403
- ];
404
- }
405
- __name(buildQueryIdFilter, "buildQueryIdFilter");
406
398
 
407
399
  // src/siopv2-rp-api-server.ts
408
400
  import { agentContext } from "@sphereon/ssi-sdk.core";
@@ -499,6 +491,7 @@ var SIOPv2RPApiServer = class {
499
491
  export {
500
492
  SIOPv2RPApiServer,
501
493
  authStatusUniversalOID4VPEndpoint,
494
+ buildQueryIdFilter,
502
495
  createAuthRequestUniversalOID4VPEndpoint,
503
496
  getAuthRequestSIOPv2Endpoint,
504
497
  getDefinitionsEndpoint,
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload, PresentationSubmission } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\nimport { DcqlQuery } from 'dcql'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nconst validatePresentationSubmission = (query: DcqlQuery, submission: PresentationSubmission): boolean => {\n return query.credentials.every(credential => credential.id in submission)\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, queryId, tenantId, version } = request.params\n if (!correlationId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.debug('Authorization Response (siop-sessions') // TODO use logger\n console.debug(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n {\n id: queryId,\n },\n ],\n })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n dcqlQuery: definitionItem.query,\n })\n\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {\n console.log('PRESENTATIONS:' + JSON.stringify(presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const queryId = request.params.queryId\n if (!correlationId || !queryId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ queryId }] });\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n const payload = requestState.request?.requestObject?.getPayload()!\n payload.dcql_query = definitionItems[0].query\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import {\n AuthorizationRequestStateStatus,\n CreateAuthorizationRequest,\n createAuthorizationRequestFromPayload,\n CreateAuthorizationRequestPayloadSchema,\n CreateAuthorizationResponsePayload,\n} from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport {\n AuthStatusResponse,\n CreateAuthorizationRequestPayloadRequest,\n CreateAuthorizationResponsePayloadResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext,\n QRCodeOpts,\n} from './types'\nimport { validate as isValidUUID } from 'uuid'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(\n path,\n checkAuth(opts?.endpoint),\n validateData(CreateAuthorizationRequestPayloadSchema),\n async (request: CreateAuthorizationRequestPayloadRequest, response: CreateAuthorizationResponsePayloadResponse) => {\n try {\n const authRequest: CreateAuthorizationRequest = createAuthorizationRequestFromPayload(request.body)\n const correlationId = authRequest.correlationId ?? uuid.uuid()\n const qrCodeOpts = authRequest.qrCode ? ({ ...authRequest.qrCode } satisfies QRCodeOpts) : opts?.qrCodeOpts\n const queryId = authRequest.queryId\n\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: buildQueryIdFilter(queryId),\n })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {\n baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(authRequest.directPostResponseRedirectUri && { responseRedirectURI: authRequest.directPostResponseRedirectUri }),\n ...(authRequest.callback && { callback: authRequest.callback }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n } else {\n qrCodeDataUri = authRequestURI\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationResponsePayload\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n },\n )\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {\n responseState = await context.agent.siopGetAuthResponseState({\n correlationId,\n errorOnNotFound: false,\n })\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...('verifiedData' in overallState && { verified_data: overallState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message }),\n } satisfies AuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nfunction buildQueryIdFilter(queryId: string) {\n return [\n ...(isValidUUID(queryId) ? [{ id: queryId }] : []), // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version\n { queryId },\n ]\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;AACA,SAASA,WAAgCC,yBAAyB;AAElE,SAASC,wBAAwB;AAKjC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoCnC,IAAMe,iCAAiC,wBAACC,OAAkBC,eAAAA;AACxD,SAAOD,MAAME,YAAYC,MAAMC,CAAAA,eAAcA,WAAWC,MAAMJ,UAAAA;AAChE,GAFuC;AAIhC,SAASK,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,SAASC,UAAUC,QAAO,IAAKpC,QAAQqC;AAC9D,UAAI,CAACJ,eAAe;AAClBzB,gBAAQC,IAAI,6EAA6EwB,aAAAA,EAAe;AACxG,eAAOK,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAxB,cAAQ+B,MAAM,uCAAA;AACd/B,cAAQ+B,MAAMlC,KAAKmC,UAAUxC,QAAQI,MAAM,MAAM,CAAA,CAAA;AACjD,YAAMqC,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAC5DC,QAAQ;UACN;YACEV;YACA,GAAIC,YAAY;cAAEA;YAAS;YAC3B,GAAIC,WAAW;cAAEA;YAAQ;UAC3B;UACA;YACEd,IAAIY;UACN;;MAEJ,CAAA;AACA,UAAIO,gBAAgBI,WAAW,GAAG;AAChCrC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB,iBAAiBb,OAAAA;AAC1C,eAAOF,SAASgB,KAAI;MACtB;AAEA,YAAMC,wBAAwBlD,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAKmC,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAM1B,QAAQiB,MAAMU,uBAAuB;QAClEH;QACAhB;QACAoB,WAAWH,eAAejC;MAC5B,CAAA;AAEA,YAAMqC,eAAeH,kBAAkBI,kBAAkBD;AACzD,UAAIA,gBAAgBtC,+BAA+BkC,eAAejC,OAAOqC,YAAAA,GAAe;AACtF9C,gBAAQC,IAAI,mBAAmBJ,KAAKmC,UAAUc,cAAc,MAAM,CAAA,CAAA;AAClEtB,iBAASc,aAAa;AAEtB,cAAMU,2CAAqF;UACzFC,sCAAsCN,iBAAiBlB;QACzD;AACA,YAAIgB,sBAAsBS,gBAAgB;AACxC1B,mBAAS2B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO3B,SAASgB,KAAK3C,KAAKmC,UAAUgB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMnC,QAAQiB,MAAMmB,mBAAmB;UAAE5B;UAAe6B,OAAOX,iBAAiBW;QAAM,CAAA;AAClH,YAAIF,qBAAqB;AACvB5B,mBAAS2B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO3B,SAASgB,KAAK3C,KAAKmC,UAAU;YAAEuB,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLpD,gBAAQC,IAAI,+CAAA;AACZuB,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB;MAC3B;AACA,aAAOf,SAASgB,KAAI;IACtB,SAASgB,OAAO;AACdxD,cAAQwD,MAAMA,KAAAA;AACd,aAAO1B,kBAAkBN,UAAU,KAAK,gCAAgCgC,KAAAA;IAC1E;EACF,CAAA;AACF;AA1EgBzC;AA4ET,SAAS0C,6BAA6BzC,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO0C,IAAItC,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgBjC,QAAQqC,OAAOJ;AACrC,YAAMC,UAAUlC,QAAQqC,OAAOH;AAC/B,UAAI,CAACD,iBAAiB,CAACC,SAAS;AAC9B1B,gBAAQC,IAAI,6EAA6EwB,aAAAA,cAA2BC,OAAAA,EAAS;AAC7H,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMmC,eAAe,MAAM1C,QAAQiB,MAAM0B,wBAAwB;QAC/DnC;QACAoC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjB3D,gBAAQC,IACN,kGAAkGwB,aAAAA,mBAAgCC,OAAAA,EAAS;AAE7I,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AAEA,YAAMS,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAEV;UAAQ;;MAAG,CAAA;AACtF,UAAIO,gBAAgBI,WAAW,GAAG;AAChCrC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB,iBAAiBb,OAAAA;AAC1C,eAAOF,SAASgB,KAAI;MACtB;AACA,YAAM7C,UAAUgE,aAAanE,SAASsE,eAAeC,WAAAA;AACrDpE,cAAQqE,aAAa/B,gBAAgB,CAAA,EAAGxB;AACxC,YAAMqD,gBAAgB,MAAMH,aAAanE,SAASsE,eAAeG,MAAAA;AACjEjE,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI6D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFhC,iBAASc,aAAa;AACtBd,iBAAS2B,UAAU,gBAAgB,iBAAA;AACnC,eAAO3B,SAASgB,KAAKsB,aAAAA;MACvB,SAASI,GAAG;AACVV,gBAAQ,OAAOU,MAAM,WAAWA,IAAIA,aAAa3D,QAAQ2D,EAAEC,UAAUC;AACrE,eAAOtC,kBAAkBN,UAAU,KAAK,uCAAuC0C,CAAAA;MACjF,UAAA;AACE,cAAMjD,QAAQiB,MAAMmC,2BAA2B;UAC7C5C;UACA6B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAO1B,kBAAkBN,UAAU,KAAK,uCAAuCgC,KAAAA;IACjF;EACF,CAAA;AACF;AAzDgBC;;;AC5HhB,SACEa,iCAEAC,uCACAC,+CAEK;AACP,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAASC,mBAAmB;AAE5B,OAAOC,UAAU;;;ACTjB,SAAYC,gBAAgB;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,UAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ADmB5B,SAASM,YAAYC,mBAAmB;AAEjC,SAASC,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KACLD,MACAE,WAAUN,MAAMO,QAAAA,GAChBC,aAAaC,uCAAAA,GACb,OAAOC,SAAmDC,aAAAA;AACxD,QAAI;AACF,YAAMC,cAA0CC,sCAAsCH,QAAQI,IAAI;AAClG,YAAMC,gBAAgBH,YAAYG,iBAAiBC,KAAKA,KAAI;AAC5D,YAAMC,aAAaL,YAAYM,SAAU;QAAE,GAAGN,YAAYM;MAAO,IAA0BlB,MAAMiB;AACjG,YAAME,UAAUP,YAAYO;AAE5B,YAAMC,kBAAkB,MAAMrB,QAAQsB,MAAMC,kBAAkB;QAC5DC,QAAQC,mBAAmBL,OAAAA;MAC7B,CAAA;AACA,UAAIC,gBAAgBK,WAAW,GAAG;AAChCvB,gBAAQC,IAAI,uDAAuDgB,OAAAA,EAAS;AAC5E,eAAOO,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC5F;AAEA,YAAMC,wBAAwBC,YAAY,iBAAiBX,OAAAA,kBAAyBJ,aAAAA,IAAiB;QACnGgB,SAASnB,YAAYoB,kBAAkBhC,MAAMiC;MAC/C,CAAA;AACA,YAAMC,cAAcJ,YAAY,iBAAiBX,OAAAA,mBAA0BJ,aAAAA,IAAiB;QAAEgB,SAAS/B,MAAMiC;MAAY,CAAA;AAEzH,YAAME,iBAAiB,MAAMpC,QAAQsB,MAAMe,yBAAyB;QAClEjB;QACAJ;QACAsB,OAAOrB,KAAKA,KAAI;QAChBa;QACAS,iBAAiB;QACjBJ;QACA,GAAItB,YAAY2B,iCAAiC;UAAEC,qBAAqB5B,YAAY2B;QAA8B;QAClH,GAAI3B,YAAY6B,YAAY;UAAEA,UAAU7B,YAAY6B;QAAS;MAC/D,CAAA;AAEA,UAAIC;AACJ,UAAIzB,YAAY;AACd,cAAM,EAAE0B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMzB,SAAS,IAAIyB,UAAU;UAAE,GAAG1B;UAAY2B,MAAMT;QAAe,CAAA;AACnEO,wBAAgB,0BAA0B,MAAMxB,OAAO2B,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E,OAAO;AACLJ,wBAAgBP;MAClB;AAEA,YAAMY,kBAAkB;QACtBC,UAAU7B;QACV8B,gBAAgBlC;QAChBmC,aAAaf;QACbgB,YAAY,GAAGrB,YAAY9B,MAAMoD,wBAAwB,wBAAwBrC,aAAAA,IAAiB;UAAEgB,SAAS/B,MAAMqD;QAAc,CAAA,CAAA;QACjI,GAAIX,iBAAiB;UAAEY,QAAQZ;QAAc;MAC/C;AACAxC,cAAQC,IAAI,uCAAuCoD,KAAKC,UAAUT,eAAAA,CAAAA,EAAkB;AAEpF,aAAOpC,SAASgB,OAAO,GAAA,EAAK8B,KAAKV,eAAAA;IACnC,SAASW,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS;MAAgD,GAAG8B,KAAAA;IACrH;EACF,CAAA;AAEJ;AAlEgB7D;AAoET,SAAS8D,8CAA8C7D,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO8D,OAAOxD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMI,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAM+C,mBAAmB,MAAM/D,QAAQsB,MAAM0C,wBAAwB;QACnEhD;QACAiD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB5D,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,eAAOW,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAM7B,QAAQsB,MAAM4C,oBAAoB;QAAElD;MAAc,CAAA;AAExD,aAAOJ,SAASgB,OAAO,GAAA,EAAK8B,KAAI;IAClC,SAASC,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCpE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMY,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAMqD,eAAe,MAAMrE,QAAQsB,MAAM0C,wBAAwB;QAC/DhD;QACAiD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBlE,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,eAAOW,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAIyC;AACJ,UAAID,aAAazC,WAAW2C,gCAAgCC,WAAW;AACrEF,wBAAgB,MAAMtE,QAAQsB,MAAMmD,yBAAyB;UAC3DzD;UACAiD,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMS,eAAeJ,iBAAiBD;AAEtC,YAAMM,aAAa;QACjB/C,QAAQ8C,aAAa9C;QACrBsB,gBAAgBwB,aAAa1D;QAC7BiC,UAAUyB,aAAatD;QACvBwD,cAAcF,aAAaG;QAC3B,GAAI,kBAAkBH,gBAAgB;UAAEI,eAAeJ,aAAaK;QAAa;QACjF,GAAIL,aAAaf,SAAS;UAAE9B,SAAS6C,aAAaf,MAAM9B;QAAQ;MAClE;AACA1B,cAAQ6E,MAAM,0BAA0BxB,KAAKC,UAAUkB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAa9C,WAAW,SAAS;AACnC,eAAOhB,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;MACnC;AACA,aAAO/D,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;IACnC,SAAShB,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAjDgBQ;AAmDT,SAASc,uBAAuBlF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMsE,cAAc,MAAMlF,QAAQsB,MAAMC,kBAAiB;AACzDX,eAASuE,aAAa;AACtB,aAAOvE,SAAS8C,KAAKwB,WAAAA;IACvB,SAASvB,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBsB;AAkBhB,SAASxD,mBAAmBL,SAAe;AACzC,SAAO;OACDgE,YAAYhE,OAAAA,IAAW;MAAC;QAAEiE,IAAIjE;MAAQ;QAAK,CAAA;IAC/C;MAAEA;IAAQ;;AAEd;AALSK;;;AE9LT,SAAS6D,oBAAoB;AAC7B,SAASC,iCAAiD;AAG1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["checkAuth","sendErrorResponse","CredentialMapper","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","validatePresentationSubmission","query","submission","credentials","every","credential","id","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","queryId","tenantId","version","params","sendErrorResponse","debug","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQuery","presentation","oid4vpSubmission","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","getPayload","dcql_query","toJwt","e","message","undefined","siopUpdateAuthRequestState","AuthorizationRequestStateStatus","createAuthorizationRequestFromPayload","CreateAuthorizationRequestPayloadSchema","checkAuth","sendErrorResponse","uriWithBase","uuid","ZodError","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","validate","isValidUUID","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestPayloadSchema","request","response","authRequest","createAuthorizationRequestFromPayload","body","correlationId","uuid","qrCodeOpts","qrCode","queryId","definitionItems","agent","pdmGetDefinitions","filter","buildQueryIdFilter","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","requestUriBase","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","directPostResponseRedirectUri","responseRedirectURI","callback","qrCodeDataUri","AwesomeQR","text","draw","toString","authRequestBody","query_id","correlation_id","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","AuthorizationRequestStateStatus","RETRIEVED","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","verified_data","verifiedData","debug","getDefinitionsEndpoint","definitions","statusCode","isValidUUID","id","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
1
+ {"version":3,"sources":["../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload, PresentationSubmission } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { validate as isValidUUID } from 'uuid'\nimport { IRequiredContext } from './types'\nimport { DcqlQuery } from 'dcql'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nconst validatePresentationSubmission = (query: DcqlQuery, submission: PresentationSubmission): boolean => {\n return query.credentials.every(credential => credential.id in submission)\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, queryId, tenantId, version } = request.params\n if (!correlationId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.debug('Authorization Response (siop-sessions') // TODO use logger\n console.debug(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: buildQueryIdFilter(queryId, tenantId, version),\n })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n dcqlQuery: definitionItem.query,\n })\n\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {\n console.log('PRESENTATIONS:' + JSON.stringify(presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const queryId = request.params.queryId\n if (!correlationId || !queryId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: buildQueryIdFilter(queryId) })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n const payload = requestState.request?.requestObject?.getPayload()!\n payload.dcql_query = definitionItems[0].query\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n\nexport function buildQueryIdFilter(queryId: string, tenantId?: string, version?: string) {\n const queryFilter = {\n queryId,\n ...(tenantId ? { tenantId } : {}),\n ...(version ? { version } : {}),\n }\n\n return [queryFilter, ...(isValidUUID(queryId) ? [{ id: queryId }] : [])] // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version\n}\n","import {\n AuthorizationRequestStateStatus,\n CreateAuthorizationRequest,\n createAuthorizationRequestFromPayload,\n CreateAuthorizationRequestPayloadSchema,\n CreateAuthorizationResponsePayload,\n} from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport { buildQueryIdFilter } from './siop-api-functions'\nimport {\n AuthStatusResponse,\n CreateAuthorizationRequestPayloadRequest,\n CreateAuthorizationResponsePayloadResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext,\n QRCodeOpts,\n} from './types'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(\n path,\n checkAuth(opts?.endpoint),\n validateData(CreateAuthorizationRequestPayloadSchema),\n async (request: CreateAuthorizationRequestPayloadRequest, response: CreateAuthorizationResponsePayloadResponse) => {\n try {\n const authRequest: CreateAuthorizationRequest = createAuthorizationRequestFromPayload(request.body)\n const correlationId = authRequest.correlationId ?? uuid.uuid()\n const qrCodeOpts = authRequest.qrCode ? ({ ...authRequest.qrCode } satisfies QRCodeOpts) : opts?.qrCodeOpts\n const queryId = authRequest.queryId\n\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: buildQueryIdFilter(queryId),\n })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {\n baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(authRequest.directPostResponseRedirectUri && { responseRedirectURI: authRequest.directPostResponseRedirectUri }),\n ...(authRequest.callback && { callback: authRequest.callback }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({\n text: authRequestURI,\n size: qrCodeOpts.size ?? 250,\n colorDark: qrCodeOpts.colorDark ?? '#000000',\n colorLight: qrCodeOpts.colorLight ?? '#FFFFFF',\n })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n } else {\n qrCodeDataUri = authRequestURI\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationResponsePayload\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n },\n )\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {\n responseState = await context.agent.siopGetAuthResponseState({\n correlationId,\n errorOnNotFound: false,\n })\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...('verifiedData' in overallState && { verified_data: overallState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message }),\n } satisfies AuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;AACA,SAASA,WAAgCC,yBAAyB;AAElE,SAASC,wBAAwB;AAEjC,SAASC,YAAYC,mBAAmB;AAIxC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoCnC,IAAMe,iCAAiC,wBAACC,OAAkBC,eAAAA;AACxD,SAAOD,MAAME,YAAYC,MAAMC,CAAAA,eAAcA,WAAWC,MAAMJ,UAAAA;AAChE,GAFuC;AAIhC,SAASK,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,SAASC,UAAUC,QAAO,IAAKpC,QAAQqC;AAC9D,UAAI,CAACJ,eAAe;AAClBzB,gBAAQC,IAAI,6EAA6EwB,aAAAA,EAAe;AACxG,eAAOK,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAxB,cAAQ+B,MAAM,uCAAA;AACd/B,cAAQ+B,MAAMlC,KAAKmC,UAAUxC,QAAQI,MAAM,MAAM,CAAA,CAAA;AACjD,YAAMqC,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAC5DC,QAAQC,mBAAmBX,SAASC,UAAUC,OAAAA;MAChD,CAAA;AACA,UAAIK,gBAAgBK,WAAW,GAAG;AAChCtC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AAEA,YAAMC,wBAAwBnD,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAKmC,UAAUU,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBV,gBAAgB,CAAA;AACvC,YAAMW,mBAAmB,MAAM3B,QAAQiB,MAAMW,uBAAuB;QAClEH;QACAjB;QACAqB,WAAWH,eAAelC;MAC5B,CAAA;AAEA,YAAMsC,eAAeH,kBAAkBI,kBAAkBD;AACzD,UAAIA,gBAAgBvC,+BAA+BmC,eAAelC,OAAOsC,YAAAA,GAAe;AACtF/C,gBAAQC,IAAI,mBAAmBJ,KAAKmC,UAAUe,cAAc,MAAM,CAAA,CAAA;AAClEvB,iBAASe,aAAa;AAEtB,cAAMU,2CAAqF;UACzFC,sCAAsCN,iBAAiBnB;QACzD;AACA,YAAIiB,sBAAsBS,gBAAgB;AACxC3B,mBAAS4B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO5B,SAASiB,KAAK5C,KAAKmC,UAAUiB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMpC,QAAQiB,MAAMoB,mBAAmB;UAAE7B;UAAe8B,OAAOX,iBAAiBW;QAAM,CAAA;AAClH,YAAIF,qBAAqB;AACvB7B,mBAAS4B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO5B,SAASiB,KAAK5C,KAAKmC,UAAU;YAAEwB,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLrD,gBAAQC,IAAI,+CAAA;AACZuB,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB;MAC3B;AACA,aAAOhB,SAASiB,KAAI;IACtB,SAASgB,OAAO;AACdzD,cAAQyD,MAAMA,KAAAA;AACd,aAAO3B,kBAAkBN,UAAU,KAAK,gCAAgCiC,KAAAA;IAC1E;EACF,CAAA;AACF;AAjEgB1C;AAmET,SAAS2C,6BAA6B1C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO2C,IAAIvC,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgBjC,QAAQqC,OAAOJ;AACrC,YAAMC,UAAUlC,QAAQqC,OAAOH;AAC/B,UAAI,CAACD,iBAAiB,CAACC,SAAS;AAC9B1B,gBAAQC,IAAI,6EAA6EwB,aAAAA,cAA2BC,OAAAA,EAAS;AAC7H,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMoC,eAAe,MAAM3C,QAAQiB,MAAM2B,wBAAwB;QAC/DpC;QACAqC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjB5D,gBAAQC,IACN,kGAAkGwB,aAAAA,mBAAgCC,OAAAA,EAAS;AAE7I,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AAEA,YAAMS,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAAEC,QAAQC,mBAAmBX,OAAAA;MAAS,CAAA;AACpG,UAAIO,gBAAgBK,WAAW,GAAG;AAChCtC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AACA,YAAM9C,UAAUiE,aAAapE,SAASuE,eAAeC,WAAAA;AACrDrE,cAAQsE,aAAahC,gBAAgB,CAAA,EAAGxB;AACxC,YAAMsD,gBAAgB,MAAMH,aAAapE,SAASuE,eAAeG,MAAAA;AACjElE,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI8D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFjC,iBAASe,aAAa;AACtBf,iBAAS4B,UAAU,gBAAgB,iBAAA;AACnC,eAAO5B,SAASiB,KAAKsB,aAAAA;MACvB,SAASI,GAAG;AACVV,gBAAQ,OAAOU,MAAM,WAAWA,IAAIA,aAAa5D,QAAQ4D,EAAEC,UAAUC;AACrE,eAAOvC,kBAAkBN,UAAU,KAAK,uCAAuC2C,CAAAA;MACjF,UAAA;AACE,cAAMlD,QAAQiB,MAAMoC,2BAA2B;UAC7C7C;UACA8B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAO3B,kBAAkBN,UAAU,KAAK,uCAAuCiC,KAAAA;IACjF;EACF,CAAA;AACF;AAzDgBC;AA2DT,SAASrB,mBAAmBX,SAAiBC,UAAmBC,SAAgB;AACrF,QAAM2C,cAAc;IAClB7C;IACA,GAAIC,WAAW;MAAEA;IAAS,IAAI,CAAC;IAC/B,GAAIC,UAAU;MAAEA;IAAQ,IAAI,CAAC;EAC/B;AAEA,SAAO;IAAC2C;OAAiBC,YAAY9C,OAAAA,IAAW;MAAC;QAAEZ,IAAIY;MAAQ;QAAK,CAAA;;AACtE;AARgBW;;;AC/KhB,SACEoC,iCAEAC,uCACAC,+CAEK;AACP,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAASC,mBAAmB;AAE5B,OAAOC,UAAU;;;ACTjB,SAAYC,gBAAgB;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,UAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ADqBrB,SAASM,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KACLD,MACAE,WAAUN,MAAMO,QAAAA,GAChBC,aAAaC,uCAAAA,GACb,OAAOC,SAAmDC,aAAAA;AACxD,QAAI;AACF,YAAMC,cAA0CC,sCAAsCH,QAAQI,IAAI;AAClG,YAAMC,gBAAgBH,YAAYG,iBAAiBC,KAAKA,KAAI;AAC5D,YAAMC,aAAaL,YAAYM,SAAU;QAAE,GAAGN,YAAYM;MAAO,IAA0BlB,MAAMiB;AACjG,YAAME,UAAUP,YAAYO;AAE5B,YAAMC,kBAAkB,MAAMrB,QAAQsB,MAAMC,kBAAkB;QAC5DC,QAAQC,mBAAmBL,OAAAA;MAC7B,CAAA;AACA,UAAIC,gBAAgBK,WAAW,GAAG;AAChCvB,gBAAQC,IAAI,uDAAuDgB,OAAAA,EAAS;AAC5E,eAAOO,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC5F;AAEA,YAAMC,wBAAwBC,YAAY,iBAAiBX,OAAAA,kBAAyBJ,aAAAA,IAAiB;QACnGgB,SAASnB,YAAYoB,kBAAkBhC,MAAMiC;MAC/C,CAAA;AACA,YAAMC,cAAcJ,YAAY,iBAAiBX,OAAAA,mBAA0BJ,aAAAA,IAAiB;QAAEgB,SAAS/B,MAAMiC;MAAY,CAAA;AAEzH,YAAME,iBAAiB,MAAMpC,QAAQsB,MAAMe,yBAAyB;QAClEjB;QACAJ;QACAsB,OAAOrB,KAAKA,KAAI;QAChBa;QACAS,iBAAiB;QACjBJ;QACA,GAAItB,YAAY2B,iCAAiC;UAAEC,qBAAqB5B,YAAY2B;QAA8B;QAClH,GAAI3B,YAAY6B,YAAY;UAAEA,UAAU7B,YAAY6B;QAAS;MAC/D,CAAA;AAEA,UAAIC;AACJ,UAAIzB,YAAY;AACd,cAAM,EAAE0B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMzB,SAAS,IAAIyB,UAAU;UAC3BC,MAAMT;UACNU,MAAM5B,WAAW4B,QAAQ;UACzBC,WAAW7B,WAAW6B,aAAa;UACnCC,YAAY9B,WAAW8B,cAAc;QACvC,CAAA;AACAL,wBAAgB,0BAA0B,MAAMxB,OAAO8B,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E,OAAO;AACLP,wBAAgBP;MAClB;AAEA,YAAMe,kBAAkB;QACtBC,UAAUhC;QACViC,gBAAgBrC;QAChBsC,aAAalB;QACbmB,YAAY,GAAGxB,YAAY9B,MAAMuD,wBAAwB,wBAAwBxC,aAAAA,IAAiB;UAAEgB,SAAS/B,MAAMwD;QAAc,CAAA,CAAA;QACjI,GAAId,iBAAiB;UAAEe,QAAQf;QAAc;MAC/C;AACAxC,cAAQC,IAAI,uCAAuCuD,KAAKC,UAAUT,eAAAA,CAAAA,EAAkB;AAEpF,aAAOvC,SAASgB,OAAO,GAAA,EAAKiC,KAAKV,eAAAA;IACnC,SAASW,OAAO;AACd,aAAOnC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS;MAAgD,GAAGiC,KAAAA;IACrH;EACF,CAAA;AAEJ;AAvEgBhE;AAyET,SAASiE,8CAA8ChE,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOiE,OAAO3D,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMI,gBAAwBL,QAAQsD,OAAOjD;AAE7C,YAAMkD,mBAAmB,MAAMlE,QAAQsB,MAAM6C,wBAAwB;QACnEnD;QACAoD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB/D,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,eAAOW,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAM7B,QAAQsB,MAAM+C,oBAAoB;QAAErD;MAAc,CAAA;AAExD,aAAOJ,SAASgB,OAAO,GAAA,EAAKiC,KAAI;IAClC,SAASC,OAAO;AACd,aAAOnC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAASiC,MAAMjC;MAAQ,GAAGiC,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCvE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOwE,IAAIlE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMY,gBAAwBL,QAAQsD,OAAOjD;AAE7C,YAAMwD,eAAe,MAAMxE,QAAQsB,MAAM6C,wBAAwB;QAC/DnD;QACAoD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBrE,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,eAAOW,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAI4C;AACJ,UAAID,aAAa5C,WAAW8C,gCAAgCC,WAAW;AACrEF,wBAAgB,MAAMzE,QAAQsB,MAAMsD,yBAAyB;UAC3D5D;UACAoD,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMS,eAAeJ,iBAAiBD;AAEtC,YAAMM,aAAa;QACjBlD,QAAQiD,aAAajD;QACrByB,gBAAgBwB,aAAa7D;QAC7BoC,UAAUyB,aAAazD;QACvB2D,cAAcF,aAAaG;QAC3B,GAAI,kBAAkBH,gBAAgB;UAAEI,eAAeJ,aAAaK;QAAa;QACjF,GAAIL,aAAaf,SAAS;UAAEjC,SAASgD,aAAaf,MAAMjC;QAAQ;MAClE;AACA1B,cAAQgF,MAAM,0BAA0BxB,KAAKC,UAAUkB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAajD,WAAW,SAAS;AACnC,eAAOhB,SAASgB,OAAO,GAAA,EAAKiC,KAAKiB,UAAAA;MACnC;AACA,aAAOlE,SAASgB,OAAO,GAAA,EAAKiC,KAAKiB,UAAAA;IACnC,SAAShB,OAAO;AACd,aAAOnC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAASiC,MAAMjC;MAAQ,GAAGiC,KAAAA;IACnF;EACF,CAAA;AACF;AAjDgBQ;AAmDT,SAASc,uBAAuBrF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOwE,IAAIlE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMyE,cAAc,MAAMrF,QAAQsB,MAAMC,kBAAiB;AACzDX,eAAS0E,aAAa;AACtB,aAAO1E,SAASiD,KAAKwB,WAAAA;IACvB,SAASvB,OAAO;AACd,aAAOnC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAASiC,MAAMjC;MAAQ,GAAGiC,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBsB;;;AEjLhB,SAASG,oBAAoB;AAC7B,SAASC,iCAAiD;AAG1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["checkAuth","sendErrorResponse","CredentialMapper","validate","isValidUUID","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","validatePresentationSubmission","query","submission","credentials","every","credential","id","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","queryId","tenantId","version","params","sendErrorResponse","debug","stringify","definitionItems","agent","pdmGetDefinitions","filter","buildQueryIdFilter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQuery","presentation","oid4vpSubmission","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","getPayload","dcql_query","toJwt","e","message","undefined","siopUpdateAuthRequestState","queryFilter","isValidUUID","AuthorizationRequestStateStatus","createAuthorizationRequestFromPayload","CreateAuthorizationRequestPayloadSchema","checkAuth","sendErrorResponse","uriWithBase","uuid","ZodError","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestPayloadSchema","request","response","authRequest","createAuthorizationRequestFromPayload","body","correlationId","uuid","qrCodeOpts","qrCode","queryId","definitionItems","agent","pdmGetDefinitions","filter","buildQueryIdFilter","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","requestUriBase","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","directPostResponseRedirectUri","responseRedirectURI","callback","qrCodeDataUri","AwesomeQR","text","size","colorDark","colorLight","draw","toString","authRequestBody","query_id","correlation_id","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","AuthorizationRequestStateStatus","RETRIEVED","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","verified_data","verifiedData","debug","getDefinitionsEndpoint","definitions","statusCode","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api",
3
- "version": "0.34.1-feature.DIIPv4.250+b668c8e4",
3
+ "version": "0.34.1-feature.DIIPv4.257+5c063f91",
4
4
  "source": "src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -23,16 +23,16 @@
23
23
  "start:dev": "ts-node __tests__/RestAPI.ts"
24
24
  },
25
25
  "dependencies": {
26
- "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.175",
27
- "@sphereon/ssi-express-support": "0.34.1-feature.DIIPv4.250+b668c8e4",
28
- "@sphereon/ssi-sdk.core": "0.34.1-feature.DIIPv4.250+b668c8e4",
29
- "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.DIIPv4.250+b668c8e4",
30
- "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feature.DIIPv4.250+b668c8e4",
31
- "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.DIIPv4.250+b668c8e4",
32
- "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.DIIPv4.250+b668c8e4",
33
- "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.DIIPv4.250+b668c8e4",
34
- "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-feature.DIIPv4.250+b668c8e4",
35
- "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.250+b668c8e4",
26
+ "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.184",
27
+ "@sphereon/ssi-express-support": "0.34.1-feature.DIIPv4.257+5c063f91",
28
+ "@sphereon/ssi-sdk.core": "0.34.1-feature.DIIPv4.257+5c063f91",
29
+ "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.DIIPv4.257+5c063f91",
30
+ "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feature.DIIPv4.257+5c063f91",
31
+ "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.DIIPv4.257+5c063f91",
32
+ "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.DIIPv4.257+5c063f91",
33
+ "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.DIIPv4.257+5c063f91",
34
+ "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-feature.DIIPv4.257+5c063f91",
35
+ "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.257+5c063f91",
36
36
  "@veramo/core": "4.2.0",
37
37
  "@veramo/credential-w3c": "4.2.0",
38
38
  "awesome-qr": "^2.1.5-rc.0",
@@ -40,6 +40,7 @@
40
40
  "cookie-parser": "^1.4.6",
41
41
  "cors": "^2.8.5",
42
42
  "cross-fetch": "^4.1.0",
43
+ "dcql": "1.0.1",
43
44
  "dotenv-flow": "^3.3.0",
44
45
  "express": "^4.19.2",
45
46
  "short-uuid": "^4.2.2",
@@ -49,17 +50,17 @@
49
50
  },
50
51
  "devDependencies": {
51
52
  "@decentralized-identity/ion-sdk": "^0.6.0",
52
- "@sphereon/did-auth-siop-adapter": "0.19.1-feature.DIIPv4.175",
53
+ "@sphereon/did-auth-siop-adapter": "0.19.1-feature.DIIPv4.184",
53
54
  "@sphereon/did-uni-client": "^0.6.3",
54
55
  "@sphereon/pex": "5.0.0-unstable.28",
55
56
  "@sphereon/pex-models": "^2.3.2",
56
- "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-feature.DIIPv4.250+b668c8e4",
57
- "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.DIIPv4.250+b668c8e4",
58
- "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.DIIPv4.250+b668c8e4",
59
- "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-feature.DIIPv4.250+b668c8e4",
60
- "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-feature.DIIPv4.250+b668c8e4",
61
- "@sphereon/ssi-sdk.data-store": "0.34.1-feature.DIIPv4.250+b668c8e4",
62
- "@sphereon/ssi-sdk.data-store-types": "0.34.1-feature.DIIPv4.250+b668c8e4",
57
+ "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-feature.DIIPv4.257+5c063f91",
58
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.DIIPv4.257+5c063f91",
59
+ "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.DIIPv4.257+5c063f91",
60
+ "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-feature.DIIPv4.257+5c063f91",
61
+ "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-feature.DIIPv4.257+5c063f91",
62
+ "@sphereon/ssi-sdk.data-store": "0.34.1-feature.DIIPv4.257+5c063f91",
63
+ "@sphereon/ssi-sdk.data-store-types": "0.34.1-feature.DIIPv4.257+5c063f91",
63
64
  "@types/body-parser": "^1.19.5",
64
65
  "@types/cookie-parser": "^1.4.7",
65
66
  "@types/cors": "^2.8.17",
@@ -83,7 +84,6 @@
83
84
  "@veramo/key-manager": "4.2.0",
84
85
  "@veramo/kms-local": "4.2.0",
85
86
  "@veramo/utils": "4.2.0",
86
- "dcql": "1.0.1",
87
87
  "debug": "^4.4.0",
88
88
  "did-resolver": "^4.1.0",
89
89
  "morgan": "^1.10.0",
@@ -119,5 +119,5 @@
119
119
  "OpenID Connect",
120
120
  "Authenticator"
121
121
  ],
122
- "gitHead": "b668c8e4a838107dbe766eade3bb9c5e48828273"
122
+ "gitHead": "5c063f91960f4954aca5d08bfc22b72a75fdc5cd"
123
123
  }
package/src/siop-api-functions.ts CHANGED
@@ -3,6 +3,7 @@ import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi
3
3
  import { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
4
4
  import { CredentialMapper } from '@sphereon/ssi-types'
5
5
  import { Request, Response, Router } from 'express'
6
+ import { validate as isValidUUID } from 'uuid'
6
7
  import { IRequiredContext } from './types'
7
8
  import { DcqlQuery } from 'dcql'
8
9
 
@@ -62,16 +63,7 @@ export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequi
62
63
  console.debug('Authorization Response (siop-sessions') // TODO use logger
63
64
  console.debug(JSON.stringify(request.body, null, 2))
64
65
  const definitionItems = await context.agent.pdmGetDefinitions({
65
- filter: [
66
- {
67
- queryId,
68
- ...(tenantId && { tenantId }),
69
- ...(version && { version }),
70
- },
71
- {
72
- id: queryId,
73
- },
74
- ],
66
+ filter: buildQueryIdFilter(queryId, tenantId, version),
75
67
  })
76
68
  if (definitionItems.length === 0) {
77
69
  console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)
@@ -147,7 +139,7 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
147
139
  return sendErrorResponse(response, 404, `No authorization request could be found`)
148
140
  }
149
141
 
150
- const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ queryId }] });
142
+ const definitionItems = await context.agent.pdmGetDefinitions({ filter: buildQueryIdFilter(queryId) })
151
143
  if (definitionItems.length === 0) {
152
144
  console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)
153
145
  response.statusCode = 404
@@ -180,3 +172,13 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
180
172
  }
181
173
  })
182
174
  }
175
+
176
+ export function buildQueryIdFilter(queryId: string, tenantId?: string, version?: string) {
177
+ const queryFilter = {
178
+ queryId,
179
+ ...(tenantId ? { tenantId } : {}),
180
+ ...(version ? { version } : {}),
181
+ }
182
+
183
+ return [queryFilter, ...(isValidUUID(queryId) ? [{ id: queryId }] : [])] // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version
184
+ }
package/src/universal-oid4vp-api-functions.ts CHANGED
@@ -10,6 +10,7 @@ import { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
10
10
  import { Request, Response, Router } from 'express'
11
11
  import uuid from 'short-uuid'
12
12
  import { validateData } from './middleware/validationMiddleware'
13
+ import { buildQueryIdFilter } from './siop-api-functions'
13
14
  import {
14
15
  AuthStatusResponse,
15
16
  CreateAuthorizationRequestPayloadRequest,
@@ -20,7 +21,6 @@ import {
20
21
  IRequiredContext,
21
22
  QRCodeOpts,
22
23
  } from './types'
23
- import { validate as isValidUUID } from 'uuid'
24
24
 
25
25
  export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {
26
26
  if (opts?.enabled === false) {
@@ -67,7 +67,12 @@ export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context
67
67
  let qrCodeDataUri: string | undefined
68
68
  if (qrCodeOpts) {
69
69
  const { AwesomeQR } = await import('awesome-qr')
70
- const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })
70
+ const qrCode = new AwesomeQR({
71
+ text: authRequestURI,
72
+ size: qrCodeOpts.size ?? 250,
73
+ colorDark: qrCodeOpts.colorDark ?? '#000000',
74
+ colorLight: qrCodeOpts.colorLight ?? '#FFFFFF',
75
+ })
71
76
  qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`
72
77
  } else {
73
78
  qrCodeDataUri = authRequestURI
@@ -187,10 +192,3 @@ export function getDefinitionsEndpoint(router: Router, context: IRequiredContext
187
192
  }
188
193
  })
189
194
  }
190
-
191
- function buildQueryIdFilter(queryId: string) {
192
- return [
193
- ...(isValidUUID(queryId) ? [{ id: queryId }] : []), // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version
194
- { queryId },
195
- ]
196
- }