@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.FIDES.1.274 → 0.34.1-feature.IDK.11.48

package/dist/index.js

@@ -2,16 +2,16 @@ var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
 
 // src/siop-api-functions.ts
+import { PresentationDefinitionLocation } from "@sphereon/did-auth-siop";
 import { checkAuth, sendErrorResponse } from "@sphereon/ssi-express-support";
 import { CredentialMapper } from "@sphereon/ssi-types";
-import { validate as isValidUUID } from "uuid";
 var parseAuthorizationResponse = /* @__PURE__ */ __name((request) => {
   const contentType = request.header("content-type");
-  if (contentType?.startsWith("application/json")) {
+  if (contentType === "application/json") {
     const payload = typeof request.body === "string" ? JSON.parse(request.body) : request.body;
     return payload;
   }
-  if (contentType?.startsWith("application/x-www-form-urlencoded")) {
+  if (contentType === "application/x-www-form-urlencoded") {
     const payload = request.body;
     if (typeof payload.presentation_submission === "string") {
       console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`);
@@ -27,31 +27,34 @@ var parseAuthorizationResponse = /* @__PURE__ */ __name((request) => {
   }
   throw new Error(`Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`);
 }, "parseAuthorizationResponse");
-var validatePresentationSubmission = /* @__PURE__ */ __name((query, submission) => {
-  return query.credentials.every((credential) => credential.id in submission);
-}, "validatePresentationSubmission");
 function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
   if (opts?.enabled === false) {
     console.log(`verifyAuthResponse SIOP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/siop/queries/:queryId/auth-responses/:correlationId";
+  const path = opts?.path ?? "/siop/definitions/:definitionId/auth-responses/:correlationId";
   router.post(path, checkAuth(opts?.endpoint), async (request, response) => {
     try {
-      const { correlationId, queryId, tenantId, version } = request.params;
-      if (!correlationId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`);
+      const { correlationId, definitionId, tenantId, version } = request.params;
+      if (!correlationId || !definitionId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
         return sendErrorResponse(response, 404, "No authorization request could be found");
       }
-      console.debug("Authorization Response (siop-sessions");
-      console.debug(JSON.stringify(request.body, null, 2));
+      console.log("Authorization Response (siop-sessions");
+      console.log(JSON.stringify(request.body, null, 2));
       const definitionItems = await context.agent.pdmGetDefinitions({
-        filter: buildQueryIdFilter(queryId, tenantId, version)
+        filter: [
+          {
+            definitionId,
+            tenantId,
+            version
+          }
+        ]
       });
       if (definitionItems.length === 0) {
-        console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
+        console.log(`Could not get definition ${definitionId} from agent. Will return 404`);
         response.statusCode = 404;
-        response.statusMessage = `No definition ${queryId}`;
+        response.statusMessage = `No definition ${definitionId}`;
         return response.send();
       }
       const authorizationResponse = parseAuthorizationResponse(request);
@@ -60,11 +63,18 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
       const verifiedResponse = await context.agent.siopVerifyAuthResponse({
         authorizationResponse,
         correlationId,
-        dcqlQuery: definitionItem.query
+        definitionId,
+        presentationDefinitions: [
+          {
+            location: opts?.presentationDefinitionLocation ?? PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF,
+            definition: definitionItem.definitionPayload
+          }
+        ],
+        dcqlQuery: definitionItem.dcqlPayload
       });
-      const presentation = verifiedResponse?.oid4vpSubmission?.presentation;
-      if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {
-        console.log("PRESENTATIONS:" + JSON.stringify(presentation, null, 2));
+      const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentations[0];
+      if (wrappedPresentation) {
+        console.log("PRESENTATION:" + JSON.stringify(wrappedPresentation.presentation, null, 2));
         response.statusCode = 200;
         const authorizationChallengeValidationResponse = {
           presentation_during_issuance_session: verifiedResponse.correlationId
@@ -75,6 +85,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
         }
         const responseRedirectURI = await context.agent.siopGetRedirectURI({
           correlationId,
+          definitionId,
           state: verifiedResponse.state
         });
         if (responseRedirectURI) {
@@ -101,34 +112,24 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
     console.log(`getAuthRequest SIOP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/siop/queries/:queryId/auth-requests/:correlationId";
+  const path = opts?.path ?? "/siop/definitions/:definitionId/auth-requests/:correlationId";
   router.get(path, checkAuth(opts?.endpoint), async (request, response) => {
     try {
       const correlationId = request.params.correlationId;
-      const queryId = request.params.queryId;
-      if (!correlationId || !queryId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`);
+      const definitionId = request.params.definitionId;
+      if (!correlationId || !definitionId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
         return sendErrorResponse(response, 404, "No authorization request could be found");
       }
       const requestState = await context.agent.siopGetAuthRequestState({
         correlationId,
+        definitionId,
         errorOnNotFound: false
       });
       if (!requestState) {
-        console.log(`No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`);
+        console.log(`No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`);
         return sendErrorResponse(response, 404, `No authorization request could be found`);
       }
-      const definitionItems = await context.agent.pdmGetDefinitions({
-        filter: buildQueryIdFilter(queryId)
-      });
-      if (definitionItems.length === 0) {
-        console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
-        response.statusCode = 404;
-        response.statusMessage = `No definition ${queryId}`;
-        return response.send();
-      }
-      const payload = requestState.request?.requestObject?.getPayload();
-      payload.dcql_query = definitionItems[0].query;
       const requestObject = await requestState.request?.requestObject?.toJwt();
       console.log("JWT Request object:");
       console.log(requestObject);
@@ -143,7 +144,8 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
       } finally {
         await context.agent.siopUpdateAuthRequestState({
           correlationId,
-          state: "authorization_request_created",
+          definitionId,
+          state: "sent",
           error
         });
       }
@@ -153,244 +155,185 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
   });
 }
 __name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
-function buildQueryIdFilter(queryId, tenantId, version) {
-  const queryFilter = {
-    queryId,
-    ...tenantId ? {
-      tenantId
-    } : {},
-    ...version ? {
-      version
-    } : {}
-  };
-  return [
-    queryFilter,
-    ...isValidUUID(queryId) ? [
-      {
-        id: queryId
-      }
-    ] : []
-  ];
-}
-__name(buildQueryIdFilter, "buildQueryIdFilter");
 
-// src/universal-oid4vp-api-functions.ts
-import { AuthorizationRequestStateStatus, createAuthorizationRequestFromPayload, CreateAuthorizationRequestPayloadSchema } from "@sphereon/did-auth-siop";
+// src/webapp-api-functions.ts
+import { AuthorizationResponseStateStatus } from "@sphereon/did-auth-siop";
 import { checkAuth as checkAuth2, sendErrorResponse as sendErrorResponse2 } from "@sphereon/ssi-express-support";
 import { uriWithBase } from "@sphereon/ssi-sdk.siopv2-oid4vp-common";
+import { VerifiedDataMode } from "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth";
 import uuid from "short-uuid";
-
-// src/middleware/validationMiddleware.ts
-import { ZodError } from "zod";
-var validateData = /* @__PURE__ */ __name((schema) => {
-  return (req, res, next) => {
-    try {
-      schema.parse(req.body);
-      next();
-    } catch (error) {
-      if (error instanceof ZodError) {
-        const errorMessages = error.issues.map((issue) => ({
-          message: `${issue.path.join(".")} is ${issue.message}`
-        }));
-        res.status(400).json({
-          status: 400,
-          message: "Invalid data",
-          error_details: errorMessages[0].message
-        });
-      } else {
-        res.status(500).json({
-          status: 500,
-          message: "Internal Server Error"
-        });
-      }
-    }
-  };
-}, "validateData");
-
-// src/universal-oid4vp-api-functions.ts
-function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
+import { shaHasher as defaultHasher } from "@sphereon/ssi-sdk.core";
+function createAuthRequestWebappEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`createAuthRequest universal OID4VP endpoint is disabled`);
+    console.log(`createAuthRequest Webapp endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/backend/auth/requests";
-  router.post(path, checkAuth2(opts?.endpoint), validateData(CreateAuthorizationRequestPayloadSchema), async (request, response) => {
+  const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests";
+  router.post(path, checkAuth2(opts?.endpoint), async (request, response) => {
     try {
-      const authRequest = createAuthorizationRequestFromPayload(request.body);
-      const correlationId = authRequest.correlationId ?? uuid.uuid();
-      const qrCodeOpts = authRequest.qrCode ? {
-        ...authRequest.qrCode
-      } : opts?.qrCodeOpts;
-      const queryId = authRequest.queryId;
-      const definitionItems = await context.agent.pdmGetDefinitions({
-        filter: buildQueryIdFilter(queryId)
-      });
-      if (definitionItems.length === 0) {
-        console.log(`No query could be found for the given id. Query id: ${queryId}`);
-        return sendErrorResponse2(response, 404, {
-          status: 404,
-          message: "No query could be found"
-        });
+      const definitionId = request.params.definitionId;
+      if (!definitionId) {
+        return sendErrorResponse2(response, 400, "No definitionId query parameter provided");
       }
-      const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {
-        baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI
+      const state = request.body.state ?? uuid.uuid();
+      const correlationId = request.body.correlationId ?? state;
+      const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts;
+      const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {
+        baseURI: opts?.siopBaseURI
       });
-      const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, {
+      const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, {
         baseURI: opts?.siopBaseURI
       });
+      const responseRedirectURI = ("response_redirect_uri" in request.body && request.body.response_redirect_uri) ?? ("responseRedirectURI" in request.body && request.body.responseRedirectURI);
       const authRequestURI = await context.agent.siopCreateAuthRequestURI({
-        queryId,
+        definitionId,
         correlationId,
+        state,
         nonce: uuid.uuid(),
         requestByReferenceURI,
         responseURIType: "response_uri",
         responseURI,
-        ...authRequest.directPostResponseRedirectUri && {
-          responseRedirectURI: authRequest.directPostResponseRedirectUri
-        },
-        ...authRequest.callback && {
-          callback: authRequest.callback
+        ...responseRedirectURI && {
+          responseRedirectURI
         }
       });
       let qrCodeDataUri;
       if (qrCodeOpts) {
         const { AwesomeQR } = await import("awesome-qr");
         const qrCode = new AwesomeQR({
-          text: authRequestURI,
-          size: qrCodeOpts.size ?? 250,
-          colorDark: qrCodeOpts.colorDark ?? "#000000",
-          colorLight: qrCodeOpts.colorLight ?? "#FFFFFF"
+          ...qrCodeOpts,
+          text: authRequestURI
         });
         qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw()).toString("base64")}`;
-      } else {
-        qrCodeDataUri = authRequestURI;
       }
       const authRequestBody = {
-        query_id: queryId,
-        correlation_id: correlationId,
-        request_uri: authRequestURI,
-        status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, {
+        correlationId,
+        state,
+        definitionId,
+        authRequestURI,
+        authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? "/webapp/auth-status", {
           baseURI: opts?.webappBaseURI
         })}`,
         ...qrCodeDataUri && {
-          qr_uri: qrCodeDataUri
+          qrCodeDataUri
         }
       };
       console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`);
-      return response.status(201).json(authRequestBody);
+      return response.json(authRequestBody);
     } catch (error) {
-      return sendErrorResponse2(response, 500, {
-        status: 500,
-        message: "Could not create an authorization request URI"
-      }, error);
+      return sendErrorResponse2(response, 500, "Could not create an authorization request URI", error);
     }
   });
 }
-__name(createAuthRequestUniversalOID4VPEndpoint, "createAuthRequestUniversalOID4VPEndpoint");
-function removeAuthRequestStateUniversalOID4VPEndpoint(router, context, opts) {
+__name(createAuthRequestWebappEndpoint, "createAuthRequestWebappEndpoint");
+function authStatusWebappEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`removeAuthStatus universal OID4VP endpoint is disabled`);
+    console.log(`authStatus Webapp endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/backend/auth/requests/:correlationId";
-  router.delete(path, checkAuth2(opts?.endpoint), async (request, response) => {
-    try {
-      const correlationId = request.params.correlationId;
-      const authRequestState = await context.agent.siopGetAuthRequestState({
-        correlationId,
-        errorOnNotFound: false
-      });
-      if (!authRequestState) {
-        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
-        return sendErrorResponse2(response, 404, {
-          status: 404,
-          message: "No authorization request could be found"
-        });
-      }
-      await context.agent.siopDeleteAuthState({
-        correlationId
-      });
-      return response.status(204).json();
-    } catch (error) {
-      return sendErrorResponse2(response, 500, {
-        status: 500,
-        message: error.message
-      }, error);
-    }
-  });
-}
-__name(removeAuthRequestStateUniversalOID4VPEndpoint, "removeAuthRequestStateUniversalOID4VPEndpoint");
-function authStatusUniversalOID4VPEndpoint(router, context, opts) {
-  if (opts?.enabled === false) {
-    console.log(`authStatus universal OID4VP endpoint is disabled`);
-    return;
-  }
-  const path = opts?.path ?? "/backend/auth/status/:correlationId";
-  router.get(path, checkAuth2(opts?.endpoint), async (request, response) => {
+  const path = opts?.path ?? "/webapp/auth-status";
+  router.post(path, checkAuth2(opts?.endpoint), async (request, response) => {
     try {
       console.log("Received auth-status request...");
-      const correlationId = request.params.correlationId;
-      const requestState = await context.agent.siopGetAuthRequestState({
+      const correlationId = request.body.correlationId;
+      const definitionId = request.body.definitionId;
+      const requestState = correlationId && definitionId ? await context.agent.siopGetAuthRequestState({
         correlationId,
+        definitionId,
         errorOnNotFound: false
-      });
-      if (!requestState) {
-        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
-        return sendErrorResponse2(response, 404, {
-          status: 404,
-          message: "No authorization request could be found"
-        });
+      }) : void 0;
+      if (!requestState || !definitionId || !correlationId) {
+        console.log(`No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`);
+        response.statusCode = 404;
+        const statusBody2 = {
+          status: requestState ? requestState.status : "error",
+          error: "No authentication request mapping could be found for the given URL.",
+          correlationId,
+          definitionId,
+          lastUpdated: requestState ? requestState.lastUpdated : Date.now()
+        };
+        return response.json(statusBody2);
+      }
+      let includeVerifiedData = VerifiedDataMode.NONE;
+      if ("includeVerifiedData" in request.body) {
+        includeVerifiedData = request.body.includeVerifiedData;
       }
       let responseState;
-      if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {
+      if (requestState.status === "sent") {
         responseState = await context.agent.siopGetAuthResponseState({
           correlationId,
+          definitionId,
+          includeVerifiedData,
           errorOnNotFound: false
         });
       }
       const overallState = responseState ?? requestState;
       const statusBody = {
         status: overallState.status,
-        correlation_id: overallState.correlationId,
-        query_id: overallState.queryId,
-        last_updated: overallState.lastUpdated,
-        ..."verifiedData" in overallState && {
-          verified_data: overallState.verifiedData
-        },
-        ...overallState.error && {
-          message: overallState.error.message
-        }
+        ...overallState.error ? {
+          error: overallState.error?.message
+        } : {},
+        correlationId,
+        definitionId,
+        lastUpdated: overallState.lastUpdated,
+        ...responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED ? {
+          payload: await responseState.response.mergedPayloads({
+            hasher: defaultHasher
+          }),
+          verifiedData: responseState.verifiedData
+        } : {}
       };
       console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`);
       if (overallState.status === "error") {
-        return response.status(500).json(statusBody);
+        response.statusCode = 500;
+        return response.json(statusBody);
+      }
+      response.statusCode = 200;
+      return response.json(statusBody);
+    } catch (error) {
+      return sendErrorResponse2(response, 500, error.message, error);
+    }
+  });
+}
+__name(authStatusWebappEndpoint, "authStatusWebappEndpoint");
+function removeAuthRequestStateWebappEndpoint(router, context, opts) {
+  if (opts?.enabled === false) {
+    console.log(`removeAuthStatus Webapp endpoint is disabled`);
+    return;
+  }
+  const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests/:correlationId";
+  router.delete(path, checkAuth2(opts?.endpoint), async (request, response) => {
+    try {
+      const correlationId = request.params.correlationId;
+      const definitionId = request.params.definitionId;
+      if (!correlationId || !definitionId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
+        return sendErrorResponse2(response, 404, "No authorization request could be found");
       }
-      return response.status(200).json(statusBody);
+      response.statusCode = 200;
+      return response.json(await context.agent.siopDeleteAuthState({
+        definitionId,
+        correlationId
+      }));
     } catch (error) {
-      return sendErrorResponse2(response, 500, {
-        status: 500,
-        message: error.message
-      }, error);
+      return sendErrorResponse2(response, 500, error.message, error);
     }
   });
 }
-__name(authStatusUniversalOID4VPEndpoint, "authStatusUniversalOID4VPEndpoint");
+__name(removeAuthRequestStateWebappEndpoint, "removeAuthRequestStateWebappEndpoint");
 function getDefinitionsEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`getDefinitions universal OID4VP endpoint is disabled`);
+    console.log(`getDefinitions Webapp endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/backend/definitions";
+  const path = opts?.path ?? "/webapp/definitions";
   router.get(path, checkAuth2(opts?.endpoint), async (request, response) => {
     try {
       const definitions = await context.agent.pdmGetDefinitions();
       response.statusCode = 200;
       return response.json(definitions);
     } catch (error) {
-      return sendErrorResponse2(response, 500, {
-        status: 500,
-        message: error.message
-      }, error);
+      return sendErrorResponse2(response, 500, error.message, error);
     }
   });
 }
@@ -441,9 +384,9 @@ var SIOPv2RPApiServer = class {
     ];
     console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`);
     if (features.includes("rp-status")) {
-      createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
-      authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
-      removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
+      createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
+      authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
+      removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
       getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions);
     }
     if (features.includes("siop")) {
@@ -490,12 +433,11 @@ var SIOPv2RPApiServer = class {
 };
 export {
   SIOPv2RPApiServer,
-  authStatusUniversalOID4VPEndpoint,
-  buildQueryIdFilter,
-  createAuthRequestUniversalOID4VPEndpoint,
+  authStatusWebappEndpoint,
+  createAuthRequestWebappEndpoint,
   getAuthRequestSIOPv2Endpoint,
   getDefinitionsEndpoint,
-  removeAuthRequestStateUniversalOID4VPEndpoint,
+  removeAuthRequestStateWebappEndpoint,
   verifyAuthResponseSIOPv2Endpoint
 };
 //# sourceMappingURL=index.js.map