@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.SSISDK.26.RP.57 → 0.34.1-feature.SSISDK.45.135

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/index.cjs +198 -131
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +100 -10
  4. package/dist/index.d.ts +100 -10
  5. package/dist/index.js +196 -129
  6. package/dist/index.js.map +1 -1
  7. package/package.json +21 -18
  8. package/src/index.ts +1 -1
  9. package/src/middleware/validationMiddleware.ts +20 -0
  10. package/src/schemas/index.ts +41 -0
  11. package/src/siop-api-functions.ts +22 -26
  12. package/src/siopv2-rp-api-server.ts +7 -7
  13. package/src/types/types.ts +68 -1
  14. package/src/universal-oid4vp-api-functions.ts +173 -0
  15. package/src/webapp-api-functions.ts +0 -183
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/siop-api-functions.ts","../src/webapp-api-functions.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload, PresentationDefinitionLocation } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(\n router: Router,\n context: IRequiredContext,\n opts?: ISingleEndpointOpts & { presentationDefinitionLocation?: PresentationDefinitionLocation },\n) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, definitionId, tenantId, version } = request.params\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.log('Authorization Response (siop-sessions')\n console.log(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })\n if (definitionItems.length === 0) {\n console.log(`Could not get definition ${definitionId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${definitionId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n definitionId,\n presentationDefinitions: [\n {\n location: opts?.presentationDefinitionLocation ?? PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF,\n definition: definitionItem.definitionPayload,\n },\n ],\n dcqlQuery: definitionItem.dcqlPayload,\n })\n\n const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentations[0]\n if (wrappedPresentation) {\n // const credentialSubject = wrappedPresentation.presentation.verifiableCredential[0]?.credential?.credentialSubject\n // console.log(JSON.stringify(credentialSubject, null, 2))\n console.log('PRESENTATION:' + JSON.stringify(wrappedPresentation.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const definitionId = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n definitionId,\n state: 'sent',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n // if (!request.agent) throw Error('No agent configured')\n const definitionId = request.params.definitionId\n if (!definitionId) {\n return sendErrorResponse(response, 400, 'No definitionId query parameter provided')\n }\n const state: string = request.body.state ?? uuid.uuid()\n const correlationId = request.body.correlationId ?? state\n const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts\n\n const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {\n baseURI: opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })\n // first version is for backwards compat\n const responseRedirectURI =\n ('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??\n ('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n definitionId,\n correlationId,\n state,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(responseRedirectURI && { responseRedirectURI }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n }\n const authRequestBody: GenerateAuthRequestURIResponse = {\n correlationId,\n state,\n definitionId,\n authRequestURI,\n authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qrCodeDataUri }),\n }\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n return response.json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not create an authorization request URI', error)\n }\n })\n}\n\nexport function authStatusWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/auth-status'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.body.correlationId as string\n const definitionId: string = request.body.definitionId as string\n\n const requestState =\n correlationId && definitionId\n ? await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n : undefined\n if (!requestState || !definitionId || !correlationId) {\n console.log(\n `No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,\n )\n response.statusCode = 404\n const statusBody: AuthStatusResponse = {\n status: requestState ? requestState.status : 'error',\n error: 'No authentication request mapping could be found for the given URL.',\n correlationId,\n definitionId,\n lastUpdated: requestState ? requestState.lastUpdated : Date.now(),\n }\n return response.json(statusBody)\n }\n\n let includeVerifiedData: VerifiedDataMode = VerifiedDataMode.NONE\n if ('includeVerifiedData' in request.body) {\n includeVerifiedData = request.body.includeVerifiedData as VerifiedDataMode\n }\n\n let responseState\n if (requestState.status === 'sent') {\n responseState = (await context.agent.siopGetAuthResponseState({\n correlationId,\n definitionId,\n includeVerifiedData: includeVerifiedData,\n errorOnNotFound: false,\n })) as AuthorizationResponseStateWithVerifiedData\n }\n const overallState: AuthorizationRequestState | AuthorizationResponseStateWithVerifiedData = responseState ?? requestState\n\n const statusBody: AuthStatusResponse = {\n status: overallState.status,\n ...(overallState.error ? { error: overallState.error?.message } : {}),\n correlationId,\n definitionId,\n lastUpdated: overallState.lastUpdated,\n ...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED\n ? {\n payload: await responseState.response.mergedPayloads({ hasher: defaultHasher }),\n verifiedData: responseState.verifiedData,\n }\n : {}),\n }\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n if (overallState.status === 'error') {\n response.statusCode = 500\n return response.json(statusBody)\n }\n response.statusCode = 200\n return response.json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function removeAuthRequestStateWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n const definitionId: string = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n response.statusCode = 200\n return response.json(await context.agent.siopDeleteAuthState({ definitionId, correlationId }))\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusWebappEndpoint,\n createAuthRequestWebappEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateWebappEndpoint,\n} from './webapp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<IPresentationExchange & ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<IPresentationExchange & ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;AAAA,SAAuCA,sCAAsC;AAC7E,SAASC,WAAgCC,yBAAyB;AAClE,SAASC,wBAAwB;AAKjC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCACdC,QACAC,SACAC,MAAgG;AAEhG,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,cAAcC,UAAUC,QAAO,IAAK7B,QAAQ8B;AACnE,UAAI,CAACJ,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAET;YAAcC;YAAUC;UAAQ;;MAAG,CAAA;AAC9G,UAAII,gBAAgBI,WAAW,GAAG;AAChC7B,gBAAQC,IAAI,4BAA4BkB,YAAAA,8BAA0C;AAClFF,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB,iBAAiBZ,YAAAA;AAC1C,eAAOF,SAASe,KAAI;MACtB;AAEA,YAAMC,wBAAwB1C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAMzB,QAAQgB,MAAMU,uBAAuB;QAClEH;QACAf;QACAC;QACAkB,yBAAyB;UACvB;YACEC,UAAU3B,MAAM4B,kCAAkCC,+BAA+BC;YACjFC,YAAYR,eAAeS;UAC7B;;QAEFC,WAAWV,eAAeW;MAC5B,CAAA;AAEA,YAAMC,sBAAsBX,kBAAkBY,kBAAkBC,cAAc,CAAA;AAC9E,UAAIF,qBAAqB;AAGvB9C,gBAAQC,IAAI,kBAAkBJ,KAAK2B,UAAUsB,oBAAoBG,cAAc,MAAM,CAAA,CAAA;AACrFhC,iBAASa,aAAa;AAEtB,cAAMoB,2CAAqF;UACzFC,sCAAsChB,iBAAiBjB;QACzD;AACA,YAAIe,sBAAsBmB,gBAAgB;AACxCnC,mBAASoC,UAAU,gBAAgB,kBAAA;AACnC,iBAAOpC,SAASe,KAAKnC,KAAK2B,UAAU0B,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAM5C,QAAQgB,MAAM6B,mBAAmB;UAAErC;UAAeC;UAAcqC,OAAOrB,iBAAiBqB;QAAM,CAAA;AAChI,YAAIF,qBAAqB;AACvBrC,mBAASoC,UAAU,gBAAgB,kBAAA;AACnC,iBAAOpC,SAASe,KAAKnC,KAAK2B,UAAU;YAAEiC,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLtD,gBAAQC,IAAI,+CAAA;AACZgB,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB;MAC3B;AACA,aAAOd,SAASe,KAAI;IACtB,SAAS0B,OAAO;AACd1D,cAAQ0D,MAAMA,KAAAA;AACd,aAAOnC,kBAAkBN,UAAU,KAAK,gCAAgCyC,KAAAA;IAC1E;EACF,CAAA;AACF;AA5EgBlD;AA8ET,SAASmD,6BAA6BlD,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOmD,IAAI/C,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,eAAe3B,QAAQ8B,OAAOH;AACpC,UAAI,CAACD,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAM4C,eAAe,MAAMnD,QAAQgB,MAAMoC,wBAAwB;QAC/D5C;QACAC;QACA4C,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjB7D,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,YAAAA,EAAc;AAElJ,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAM+C,gBAAgB,MAAMH,aAAarE,SAASwE,eAAeC,MAAAA;AACjEjE,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI+D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFzC,iBAASa,aAAa;AACtBb,iBAASoC,UAAU,gBAAgB,iBAAA;AACnC,eAAOpC,SAASe,KAAKgC,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAa3D,QAAQ2D,EAAEC,UAAUC;AACrE,eAAO7C,kBAAkBN,UAAU,KAAK,uCAAuCiD,CAAAA;MACjF,UAAA;AACE,cAAMxD,QAAQgB,MAAM2C,2BAA2B;UAC7CnD;UACAC;UACAqC,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAOnC,kBAAkBN,UAAU,KAAK,uCAAuCyC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;ACzHhB,SAAoCW,wCAAwC;AAC5E,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAA6DC,mBAAmB;AAChF,SAAqDC,wBAAwB;AAE7E,OAAOC,UAAU;AAEjB,SAASC,aAAaC,qBAAqB;AAEpC,SAASC,gCAAgCC,QAAgBC,SAA2BC,MAA2C;AACpI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,+CAA+C;AAC3D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AAEF,YAAMC,eAAeF,QAAQG,OAAOD;AACpC,UAAI,CAACA,cAAc;AACjB,eAAOE,mBAAkBH,UAAU,KAAK,0CAAA;MAC1C;AACA,YAAMI,QAAgBL,QAAQM,KAAKD,SAASE,KAAKA,KAAI;AACrD,YAAMC,gBAAgBR,QAAQM,KAAKE,iBAAiBH;AACpD,YAAMI,aAAaT,QAAQM,KAAKG,cAAcjB,MAAMiB;AAEpD,YAAMC,wBAAwBC,YAAY,qBAAqBT,YAAAA,kBAA8BG,KAAAA,IAAS;QACpGO,SAASpB,MAAMqB;MACjB,CAAA;AACA,YAAMC,cAAcH,YAAY,qBAAqBT,YAAAA,mBAA+BG,KAAAA,IAAS;QAAEO,SAASpB,MAAMqB;MAAY,CAAA;AAE1H,YAAME,uBACH,2BAA2Bf,QAAQM,QAASN,QAAQM,KAAKU,2BACzD,yBAAyBhB,QAAQM,QAASN,QAAQM,KAAKS;AAE1D,YAAME,iBAAiB,MAAM1B,QAAQ2B,MAAMC,yBAAyB;QAClEjB;QACAM;QACAH;QACAe,OAAOb,KAAKA,KAAI;QAChBG;QACAW,iBAAiB;QACjBP;QACA,GAAIC,uBAAuB;UAAEA;QAAoB;MACnD,CAAA;AAEA,UAAIO;AACJ,UAAIb,YAAY;AACd,cAAM,EAAEc,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAGd;UAAYgB,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AACA,YAAMC,kBAAkD;QACtDpB;QACAH;QACAH;QACAe;QACAY,eAAe,GAAGlB,YAAYnB,MAAMsC,wBAAwB,uBAAuB;UAAElB,SAASpB,MAAMuC;QAAc,CAAA,CAAA;QAClH,GAAIT,iBAAiB;UAAEA;QAAc;MACvC;AACA5B,cAAQC,IAAI,uCAAuCqC,KAAKC,UAAUL,eAAAA,CAAAA,EAAkB;AACpF,aAAO3B,SAASiC,KAAKN,eAAAA;IACvB,SAASO,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAK,iDAAiDkC,KAAAA;IAC3F;EACF,CAAA;AACF;AAzDgB9C;AA2DT,SAAS+C,yBAAyB9C,QAAgBC,SAA2BC,MAA0B;AAC5G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wCAAwC;AACpD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AACFP,cAAQC,IAAI,iCAAA;AACZ,YAAMa,gBAAwBR,QAAQM,KAAKE;AAC3C,YAAMN,eAAuBF,QAAQM,KAAKJ;AAE1C,YAAMmC,eACJ7B,iBAAiBN,eACb,MAAMX,QAAQ2B,MAAMoB,wBAAwB;QAC1C9B;QACAN;QACAqC,iBAAiB;MACnB,CAAA,IACAC;AACN,UAAI,CAACH,gBAAgB,CAACnC,gBAAgB,CAACM,eAAe;AACpDd,gBAAQC,IACN,oFAAoFa,aAAAA,mBAAgCN,YAAAA,EAAc;AAEpID,iBAASwC,aAAa;AACtB,cAAMC,cAAiC;UACrCC,QAAQN,eAAeA,aAAaM,SAAS;UAC7CR,OAAO;UACP3B;UACAN;UACA0C,aAAaP,eAAeA,aAAaO,cAAcC,KAAKC,IAAG;QACjE;AACA,eAAO7C,SAASiC,KAAKQ,WAAAA;MACvB;AAEA,UAAIK,sBAAwCC,iBAAiBC;AAC7D,UAAI,yBAAyBjD,QAAQM,MAAM;AACzCyC,8BAAsB/C,QAAQM,KAAKyC;MACrC;AAEA,UAAIG;AACJ,UAAIb,aAAaM,WAAW,QAAQ;AAClCO,wBAAiB,MAAM3D,QAAQ2B,MAAMiC,yBAAyB;UAC5D3C;UACAN;UACA6C;UACAR,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMa,eAAuFF,iBAAiBb;AAE9G,YAAMK,aAAiC;QACrCC,QAAQS,aAAaT;QACrB,GAAIS,aAAajB,QAAQ;UAAEA,OAAOiB,aAAajB,OAAOkB;QAAQ,IAAI,CAAC;QACnE7C;QACAN;QACA0C,aAAaQ,aAAaR;QAC1B,GAAIM,iBAAiBA,cAAcP,WAAWW,iCAAiCC,WAC3E;UACEC,SAAS,MAAMN,cAAcjD,SAASwD,eAAe;YAAEC,QAAQC;UAAc,CAAA;UAC7EC,cAAcV,cAAcU;QAC9B,IACA,CAAC;MACP;AACAlE,cAAQmE,MAAM,0BAA0B7B,KAAKC,UAAUS,UAAAA,CAAAA,EAAa;AACpE,UAAIU,aAAaT,WAAW,SAAS;AACnC1C,iBAASwC,aAAa;AACtB,eAAOxC,SAASiC,KAAKQ,UAAAA;MACvB;AACAzC,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKQ,UAAAA;IACvB,SAASP,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AA3EgBC;AA6ET,SAAS0B,qCAAqCxE,QAAgBC,SAA2BC,MAA0B;AACxH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOyE,OAAOnE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACtE,QAAI;AACF,YAAMO,gBAAwBR,QAAQG,OAAOK;AAC7C,YAAMN,eAAuBF,QAAQG,OAAOD;AAC5C,UAAI,CAACM,iBAAiB,CAACN,cAAc;AACnCR,gBAAQC,IAAI,6EAA6Ea,aAAAA,mBAAgCN,YAAAA,EAAc;AACvI,eAAOE,mBAAkBH,UAAU,KAAK,yCAAA;MAC1C;AACAA,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAK,MAAM3C,QAAQ2B,MAAM8C,oBAAoB;QAAE9D;QAAcM;MAAc,CAAA,CAAA;IAC7F,SAAS2B,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AApBgB2B;AAsBT,SAASG,uBAAuB3E,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,4CAA4C;AACxD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO4E,IAAItE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMkE,cAAc,MAAM5E,QAAQ2B,MAAMkD,kBAAiB;AACzDnE,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKiC,WAAAA;IACvB,SAAShC,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AAfgB8B;;;ACvKhB,SAASI,oBAAoB;AAC7B,SAASC,iCAAiD;AAI1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAhBb,OAgBaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtCC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKL,SAASM;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKR,QAAQM;AACb,SAAKT,WAAWO,KAAKQ,eAAeC;AACpC,SAAKf,UAAUe,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,sCAAgC,KAAK1B,SAASiB,SAAST,MAAMG,cAAcgB,uBAAAA;AAC3EC,+BAAyB,KAAK5B,SAASiB,SAAST,MAAMG,cAAckB,gBAAAA;AACpEC,2CAAqC,KAAK9B,SAASiB,SAAST,MAAMG,cAAcoB,uBAAAA;AAChFC,6BAAuB,KAAKhC,SAASiB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKlC,SAASiB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKpC,SAASiB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKlC,YAAYK,MAAMG,cAAc2B,YAAY;AACjD,SAAKvC,SAASwC,IAAI,KAAKpC,WAAW,KAAKqC,MAAM;AAC7C,SAAKzC,SAAS0C,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKxC,kBAAkB,EAC1ByC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK9C,SAAS;AACjCkB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKjD,QAAQuC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKhB;EACd;EAEA,IAAIyC,SAAiB;AACnB,WAAO,KAAKxC;EACd;EAEA,IAAIO,QAAmD;AACrD,WAAO,KAAKN;EACd;EAEA,IAAIO,OAAyC;AAC3C,WAAO,KAAKN;EACd;AACF;","names":["PresentationDefinitionLocation","checkAuth","sendErrorResponse","CredentialMapper","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","definitionId","tenantId","version","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","presentationDefinitions","location","presentationDefinitionLocation","PresentationDefinitionLocation","TOPLEVEL_PRESENTATION_DEF","definition","definitionPayload","dcqlQuery","dcqlPayload","wrappedPresentation","oid4vpSubmission","presentations","presentation","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","AuthorizationResponseStateStatus","checkAuth","sendErrorResponse","uriWithBase","VerifiedDataMode","uuid","shaHasher","defaultHasher","createAuthRequestWebappEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","request","response","definitionId","params","sendErrorResponse","state","body","uuid","correlationId","qrCodeOpts","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","responseRedirectURI","response_redirect_uri","authRequestURI","agent","siopCreateAuthRequestURI","nonce","responseURIType","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","authStatusURI","webappAuthStatusPath","webappBaseURI","JSON","stringify","json","error","authStatusWebappEndpoint","requestState","siopGetAuthRequestState","errorOnNotFound","undefined","statusCode","statusBody","status","lastUpdated","Date","now","includeVerifiedData","VerifiedDataMode","NONE","responseState","siopGetAuthResponseState","overallState","message","AuthorizationResponseStateStatus","VERIFIED","payload","mergedPayloads","hasher","defaultHasher","verifiedData","debug","removeAuthRequestStateWebappEndpoint","delete","siopDeleteAuthState","getDefinitionsEndpoint","get","definitions","pdmGetDefinitions","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","constructor","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestWebappEndpoint","webappCreateAuthRequest","authStatusWebappEndpoint","webappAuthStatus","removeAuthRequestStateWebappEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
1
+ {"version":3,"sources":["../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/schemas/index.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, tenantId, version, credentialQueryId } = request.params // TODO Can credentialQueryId be a request param\n if (!correlationId || !credentialQueryId) {\n console.log(\n `No authorization request could be found for the given url. correlationId: ${correlationId}, credentialQueryId: ${credentialQueryId}`,\n )\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.log('Authorization Response (siop-sessions')\n console.log(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId: credentialQueryId, tenantId, version }] })\n if (definitionItems.length === 0) {\n console.log(`Could not get definition ${credentialQueryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${credentialQueryId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n queryId: credentialQueryId,\n dcqlQueryPayload: definitionItem.dcqlPayload,\n })\n\n const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentation[credentialQueryId]\n if (wrappedPresentation) {\n // const credentialSubject = wrappedPresentation.presentation.verifiableCredential[0]?.credential?.credentialSubject\n // console.log(JSON.stringify(credentialSubject, null, 2))\n console.log('PRESENTATION:' + JSON.stringify(wrappedPresentation.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({\n correlationId,\n queryId: credentialQueryId,\n state: verifiedResponse.state,\n })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const definitionId = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n queryId: definitionId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n queryId: definitionId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport { CreateAuthorizationRequestBodySchema } from './schemas'\nimport {\n CreateAuthorizationRequest,\n CreateAuthorizationRequestResponse,\n CreateAuthorizationResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n AuthStatusResponse,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext\n} from './types'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(path, checkAuth(opts?.endpoint), validateData(CreateAuthorizationRequestBodySchema), async (request: CreateAuthorizationRequest, response: CreateAuthorizationResponse) => {\n try {\n const correlationId = request.body.correlation_id ?? uuid.uuid()\n const qrCodeOpts = request.body.qr_code ?? opts?.qrCodeOpts\n const queryId = request.body.query_id\n const directPostResponseRedirectUri = request.body.direct_post_response_redirect_uri // TODO Uri not URI\n const requestUriBase = request.body.request_uri_base\n const callback = request.body.callback\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId: queryId }] })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/definitions/${queryId}/auth-requests/${correlationId}`, {\n baseURI: requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/definitions/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(directPostResponseRedirectUri && { responseRedirectURI: directPostResponseRedirectUri }),\n callback\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationRequestResponse\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n })\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === 'authorization_request_created') {\n responseState = (await context.agent.siopGetAuthResponseState({ correlationId, errorOnNotFound: false }))\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...((responseState?.status === AuthorizationResponseStateStatus.VERIFIED && responseState.verifiedData !== undefined) && { verifiedData: responseState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message })\n } satisfies AuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import { z } from 'zod'\nimport {\n ResponseMode,\n ResponseType,\n RequestUriMethod,\n CallbackOptsSchema\n} from '@sphereon/did-auth-siop'\n\nexport const ResponseTypeSchema = z.enum([ResponseType.VP_TOKEN]);\n\nexport const ResponseModeSchema = z.enum([ResponseMode.DIRECT_POST, ResponseMode.DIRECT_POST_JWT]);\n\nexport const RequestUriMethodSchema = z.enum(Object.values(RequestUriMethod));\n\nexport const QRCodeOptsSchema = z.object({\n size: z.number().optional(),\n color_dark: z.string().optional(),\n color_light: z.string().optional(),\n});\n\nexport const CreateAuthorizationRequestBodySchema = z.object({\n query_id: z.string(),\n client_id: z.string().optional(),\n request_uri_base: z.string().optional(),\n correlation_id: z.string().optional(),\n request_uri_method: RequestUriMethodSchema.optional(),\n response_type: ResponseTypeSchema.optional(),\n response_mode: ResponseModeSchema.optional(),\n transaction_data: z.array(z.string()).optional(),\n qr_code: QRCodeOptsSchema.optional(),\n direct_post_response_redirect_uri: z.string().optional(),\n callback: CallbackOptsSchema.optional(),\n});\n\nexport const CreateAuthorizationResponseSchema = z.object({\n correlation_id: z.string(),\n query_id: z.string(),\n request_uri: z.string(),\n status_uri: z.string(),\n qr_uri: z.string().optional(),\n});\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<IPresentationExchange & ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<IPresentationExchange & ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;AACA,SAASA,WAAgCC,yBAAyB;AAElE,SAASC,wBAAwB;AAIjC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,UAAUC,SAASC,kBAAiB,IAAK7B,QAAQ8B;AACxE,UAAI,CAACJ,iBAAiB,CAACG,mBAAmB;AACxCrB,gBAAQC,IACN,6EAA6EiB,aAAAA,wBAAqCG,iBAAAA,EAAmB;AAEvI,eAAOE,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAEC,cAAcR;YAAmBF;YAAUC;UAAQ;;MAAG,CAAA;AACjI,UAAIK,gBAAgBK,WAAW,GAAG;AAChC9B,gBAAQC,IAAI,4BAA4BoB,iBAAAA,8BAA+C;AACvFJ,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB,iBAAiBX,iBAAAA;AAC1C,eAAOJ,SAASgB,KAAI;MACtB;AAEA,YAAMC,wBAAwB3C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUU,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBV,gBAAgB,CAAA;AACvC,YAAMW,mBAAmB,MAAM1B,QAAQgB,MAAMW,uBAAuB;QAClEH;QACAhB;QACAoB,SAASjB;QACTkB,kBAAkBJ,eAAeK;MACnC,CAAA;AAEA,YAAMC,sBAAsBL,kBAAkBM,kBAAkBC,aAAatB,iBAAAA;AAC7E,UAAIoB,qBAAqB;AAGvBzC,gBAAQC,IAAI,kBAAkBJ,KAAK2B,UAAUiB,oBAAoBE,cAAc,MAAM,CAAA,CAAA;AACrF1B,iBAASc,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBlB;QACzD;AACA,YAAIgB,sBAAsBY,gBAAgB;AACxC7B,mBAAS8B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO9B,SAASgB,KAAKpC,KAAK2B,UAAUoB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMtC,QAAQgB,MAAMuB,mBAAmB;UACjE/B;UACAoB,SAASjB;UACT6B,OAAOd,iBAAiBc;QAC1B,CAAA;AACA,YAAIF,qBAAqB;AACvB/B,mBAAS8B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO9B,SAASgB,KAAKpC,KAAK2B,UAAU;YAAE2B,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLhD,gBAAQC,IAAI,+CAAA;AACZgB,iBAASc,aAAa;AACtBd,iBAASe,gBAAgB;MAC3B;AACA,aAAOf,SAASgB,KAAI;IACtB,SAASmB,OAAO;AACdpD,cAAQoD,MAAMA,KAAAA;AACd,aAAO7B,kBAAkBN,UAAU,KAAK,gCAAgCmC,KAAAA;IAC1E;EACF,CAAA;AACF;AAxEgB5C;AA0ET,SAAS6C,6BAA6B5C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO6C,IAAIzC,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMW,eAAerC,QAAQ8B,OAAOO;AACpC,UAAI,CAACX,iBAAiB,CAACW,cAAc;AACnC7B,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCW,YAAAA,EAAc;AACvI,eAAON,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMsC,eAAe,MAAM7C,QAAQgB,MAAM8B,wBAAwB;QAC/DtC;QACAoB,SAAST;QACT4B,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBvD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCW,YAAAA,EAAc;AAElJ,eAAON,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAMyC,gBAAgB,MAAMH,aAAa/D,SAASkE,eAAeC,MAAAA;AACjE3D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAIyD,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFnC,iBAASc,aAAa;AACtBd,iBAAS8B,UAAU,gBAAgB,iBAAA;AACnC,eAAO9B,SAASgB,KAAKyB,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAarD,QAAQqD,EAAEC,UAAUC;AACrE,eAAOvC,kBAAkBN,UAAU,KAAK,uCAAuC2C,CAAAA;MACjF,UAAA;AACE,cAAMlD,QAAQgB,MAAMqC,2BAA2B;UAC7C7C;UACAoB,SAAST;UACTqB,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAO7B,kBAAkBN,UAAU,KAAK,uCAAuCmC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;ACrHhB,SAASW,wCAAwC;AACjD,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAASC,mBAAmB;AAE5B,OAAOC,UAAU;;;ACHjB,SAAYC,gBAAgB;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,UAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ACH5B,SAASM,SAAS;AAClB,SACEC,cACAC,cACAC,kBACAC,0BACK;AAEA,IAAMC,qBAAqBL,EAAEM,KAAK;EAACJ,aAAaK;CAAS;AAEzD,IAAMC,qBAAqBR,EAAEM,KAAK;EAACL,aAAaQ;EAAaR,aAAaS;CAAgB;AAE1F,IAAMC,yBAAyBX,EAAEM,KAAKM,OAAOC,OAAOV,gBAAAA,CAAAA;AAEpD,IAAMW,mBAAmBd,EAAEe,OAAO;EACvCC,MAAMhB,EAAEiB,OAAM,EAAGC,SAAQ;EACzBC,YAAYnB,EAAEoB,OAAM,EAAGF,SAAQ;EAC/BG,aAAarB,EAAEoB,OAAM,EAAGF,SAAQ;AAClC,CAAA;AAEO,IAAMI,uCAAuCtB,EAAEe,OAAO;EAC3DQ,UAAUvB,EAAEoB,OAAM;EAClBI,WAAWxB,EAAEoB,OAAM,EAAGF,SAAQ;EAC9BO,kBAAkBzB,EAAEoB,OAAM,EAAGF,SAAQ;EACrCQ,gBAAgB1B,EAAEoB,OAAM,EAAGF,SAAQ;EACnCS,oBAAoBhB,uBAAuBO,SAAQ;EACnDU,eAAevB,mBAAmBa,SAAQ;EAC1CW,eAAerB,mBAAmBU,SAAQ;EAC1CY,kBAAkB9B,EAAE+B,MAAM/B,EAAEoB,OAAM,CAAA,EAAIF,SAAQ;EAC9Cc,SAASlB,iBAAiBI,SAAQ;EAClCe,mCAAmCjC,EAAEoB,OAAM,EAAGF,SAAQ;EACtDgB,UAAU9B,mBAAmBc,SAAQ;AACvC,CAAA;AAEO,IAAMiB,oCAAoCnC,EAAEe,OAAO;EACxDW,gBAAgB1B,EAAEoB,OAAM;EACxBG,UAAUvB,EAAEoB,OAAM;EAClBgB,aAAapC,EAAEoB,OAAM;EACrBiB,YAAYrC,EAAEoB,OAAM;EACpBkB,QAAQtC,EAAEoB,OAAM,EAAGF,SAAQ;AAC7B,CAAA;;;AFtBO,SAASqB,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAWC,aAAaC,oCAAAA,GAAuC,OAAOC,SAAqCC,aAAAA;AAC3I,QAAI;AACF,YAAMC,gBAAgBF,QAAQG,KAAKC,kBAAkBC,KAAKA,KAAI;AAC9D,YAAMC,aAAaN,QAAQG,KAAKI,WAAWjB,MAAMgB;AACjD,YAAME,UAAUR,QAAQG,KAAKM;AAC7B,YAAMC,gCAAgCV,QAAQG,KAAKQ;AACnD,YAAMC,iBAAiBZ,QAAQG,KAAKU;AACpC,YAAMC,WAAWd,QAAQG,KAAKW;AAE9B,YAAMC,kBAAkB,MAAM1B,QAAQ2B,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAEC,cAAcX;UAAQ;;MAAG,CAAA;AACpG,UAAIO,gBAAgBK,WAAW,GAAG;AAC9B5B,gBAAQC,IAAI,uDAAuDe,OAAAA,EAAS;AAC5E,eAAOa,mBAAkBpB,UAAU,KAAK;UAAEqB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC9F;AAEA,YAAMC,wBAAwBC,YAAY,qBAAqBjB,OAAAA,kBAAyBN,aAAAA,IAAiB;QACvGwB,SAASd,kBAAkBtB,MAAMqC;MACnC,CAAA;AACA,YAAMC,cAAcH,YAAY,qBAAqBjB,OAAAA,mBAA0BN,aAAAA,IAAiB;QAAEwB,SAASpC,MAAMqC;MAAY,CAAA;AAE7H,YAAME,iBAAiB,MAAMxC,QAAQ2B,MAAMc,yBAAyB;QAClEtB;QACAN;QACA6B,OAAO1B,KAAKA,KAAI;QAChBmB;QACAQ,iBAAiB;QACjBJ;QACA,GAAIlB,iCAAiC;UAAEuB,qBAAqBvB;QAA8B;QAC1FI;MACF,CAAA;AAEA,UAAIoB;AACJ,UAAI5B,YAAY;AACd,cAAM,EAAE6B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAG7B;UAAY+B,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AAEA,YAAMC,kBAAkB;QACtB/B,UAAUD;QACVJ,gBAAgBF;QAChBuC,aAAaZ;QACba,YAAY,GAAGjB,YAAYnC,MAAMqD,wBAAwB,wBAAwBzC,aAAAA,IAAiB;UAAEwB,SAASpC,MAAMsD;QAAc,CAAA,CAAA;QACjI,GAAIV,iBAAiB;UAAEW,QAAQX;QAAc;MAC/C;AACA1C,cAAQC,IAAI,uCAAuCqD,KAAKC,UAAUP,eAAAA,CAAAA,EAAkB;AAEpF,aAAOvC,SAASqB,OAAO,GAAA,EAAK0B,KAAKR,eAAAA;IACnC,SAASS,OAAO;AACd,aAAO5B,mBAAkBpB,UAAU,KAAK;QAAEqB,QAAQ;QAAKC,SAAS;MAAgD,GAAG0B,KAAAA;IACrH;EACF,CAAA;AACF;AA3DgB9D;AA6DT,SAAS+D,8CAA8C9D,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO+D,OAAOzD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMC,gBAAwBF,QAAQoD,OAAOlD;AAE7C,YAAMmD,mBAAmB,MAAMhE,QAAQ2B,MAAMsC,wBAAwB;QACnEpD;QACAqD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB7D,gBAAQC,IAAI,uFAAuFS,aAAAA,EAAe;AAClH,eAAOmB,mBAAkBpB,UAAU,KAAK;UAAEqB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAMlC,QAAQ2B,MAAMwC,oBAAoB;QAAEtD;MAAc,CAAA;AAExD,aAAOD,SAASqB,OAAO,GAAA,EAAK0B,KAAI;IAClC,SAASC,OAAO;AACd,aAAO5B,mBAAkBpB,UAAU,KAAK;QAAEqB,QAAQ;QAAKC,SAAS0B,MAAM1B;MAAQ,GAAG0B,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCrE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOsE,IAAIhE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMS,gBAAwBF,QAAQoD,OAAOlD;AAE7C,YAAMyD,eAAe,MAAMtE,QAAQ2B,MAAMsC,wBAAwB;QAC/DpD;QACAqD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBnE,gBAAQC,IAAI,uFAAuFS,aAAAA,EAAe;AAClH,eAAOmB,mBAAkBpB,UAAU,KAAK;UAAEqB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAIqC;AACJ,UAAID,aAAarC,WAAW,iCAAiC;AAC3DsC,wBAAiB,MAAMvE,QAAQ2B,MAAM6C,yBAAyB;UAAE3D;UAAeqD,iBAAiB;QAAM,CAAA;MACxG;AACA,YAAMO,eAAeF,iBAAiBD;AAEtC,YAAMI,aAAa;QACjBzC,QAAQwC,aAAaxC;QACrBlB,gBAAgB0D,aAAa5D;QAC7BO,UAAUqD,aAAatD;QACvBwD,cAAcF,aAAaG;QAC3B,GAAKL,eAAetC,WAAW4C,iCAAiCC,YAAYP,cAAcQ,iBAAiBC,UAAc;UAAED,cAAcR,cAAcQ;QAAa;QACpK,GAAIN,aAAab,SAAS;UAAE1B,SAASuC,aAAab,MAAM1B;QAAQ;MAClE;AACA/B,cAAQ8E,MAAM,0BAA0BxB,KAAKC,UAAUgB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAaxC,WAAW,SAAS;AACnC,eAAOrB,SAASqB,OAAO,GAAA,EAAK0B,KAAKe,UAAAA;MACnC;AACA,aAAO9D,SAASqB,OAAO,GAAA,EAAK0B,KAAKe,UAAAA;IACnC,SAASd,OAAO;AACd,aAAO5B,mBAAkBpB,UAAU,KAAK;QAAEqB,QAAQ;QAAKC,SAAS0B,MAAM1B;MAAQ,GAAG0B,KAAAA;IACnF;EACF,CAAA;AACF;AA9CgBQ;AAgDT,SAASc,uBAAuBnF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOsE,IAAIhE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMuE,cAAc,MAAMnF,QAAQ2B,MAAMC,kBAAiB;AACzDhB,eAASwE,aAAa;AACtB,aAAOxE,SAAS+C,KAAKwB,WAAAA;IACvB,SAASvB,OAAO;AACd,aAAO5B,mBAAkBpB,UAAU,KAAK;QAAEqB,QAAQ;QAAKC,SAAS0B,MAAM1B;MAAQ,GAAG0B,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBsB;;;AG5JhB,SAASG,oBAAoB;AAC7B,SAASC,iCAAiD;AAI1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAhBb,OAgBaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtCC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKL,SAASM;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKR,QAAQM;AACb,SAAKT,WAAWO,KAAKQ,eAAeC;AACpC,SAAKf,UAAUe,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAK1B,SAASiB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK5B,SAASiB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK9B,SAASiB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAKhC,SAASiB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKlC,SAASiB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKpC,SAASiB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKlC,YAAYK,MAAMG,cAAc2B,YAAY;AACjD,SAAKvC,SAASwC,IAAI,KAAKpC,WAAW,KAAKqC,MAAM;AAC7C,SAAKzC,SAAS0C,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKxC,kBAAkB,EAC1ByC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK9C,SAAS;AACjCkB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKjD,QAAQuC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKhB;EACd;EAEA,IAAIyC,SAAiB;AACnB,WAAO,KAAKxC;EACd;EAEA,IAAIO,QAAmD;AACrD,WAAO,KAAKN;EACd;EAEA,IAAIO,OAAyC;AAC3C,WAAO,KAAKN;EACd;AACF;","names":["checkAuth","sendErrorResponse","CredentialMapper","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","tenantId","version","credentialQueryId","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","definitionId","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","queryId","dcqlQueryPayload","dcqlPayload","wrappedPresentation","oid4vpSubmission","presentation","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","AuthorizationResponseStateStatus","checkAuth","sendErrorResponse","uriWithBase","uuid","ZodError","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","z","ResponseMode","ResponseType","RequestUriMethod","CallbackOptsSchema","ResponseTypeSchema","enum","VP_TOKEN","ResponseModeSchema","DIRECT_POST","DIRECT_POST_JWT","RequestUriMethodSchema","Object","values","QRCodeOptsSchema","object","size","number","optional","color_dark","string","color_light","CreateAuthorizationRequestBodySchema","query_id","client_id","request_uri_base","correlation_id","request_uri_method","response_type","response_mode","transaction_data","array","qr_code","direct_post_response_redirect_uri","callback","CreateAuthorizationResponseSchema","request_uri","status_uri","qr_uri","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestBodySchema","request","response","correlationId","body","correlation_id","uuid","qrCodeOpts","qr_code","queryId","query_id","directPostResponseRedirectUri","direct_post_response_redirect_uri","requestUriBase","request_uri_base","callback","definitionItems","agent","pdmGetDefinitions","filter","definitionId","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","responseRedirectURI","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","AuthorizationResponseStateStatus","VERIFIED","verifiedData","undefined","debug","getDefinitionsEndpoint","definitions","statusCode","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","constructor","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api",
3
- "version": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
3
+ "version": "0.34.1-feature.SSISDK.45.135+c34457e7",
4
4
  "source": "src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -23,16 +23,16 @@
23
23
  "start:dev": "ts-node __tests__/RestAPI.ts"
24
24
  },
25
25
  "dependencies": {
26
- "@sphereon/did-auth-siop": "0.19.1-feature.SSISDK.13.32",
27
- "@sphereon/ssi-express-support": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
28
- "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
29
- "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
30
- "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
31
- "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
32
- "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
33
- "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
34
- "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
35
- "@sphereon/ssi-types": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
26
+ "@sphereon/did-auth-siop": "0.19.1-feature.SSISDK.45.120",
27
+ "@sphereon/ssi-express-support": "0.34.1-feature.SSISDK.45.135+c34457e7",
28
+ "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.45.135+c34457e7",
29
+ "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.SSISDK.45.135+c34457e7",
30
+ "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feature.SSISDK.45.135+c34457e7",
31
+ "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.SSISDK.45.135+c34457e7",
32
+ "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.SSISDK.45.135+c34457e7",
33
+ "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.SSISDK.45.135+c34457e7",
34
+ "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-feature.SSISDK.45.135+c34457e7",
35
+ "@sphereon/ssi-types": "0.34.1-feature.SSISDK.45.135+c34457e7",
36
36
  "@veramo/core": "4.2.0",
37
37
  "@veramo/credential-w3c": "4.2.0",
38
38
  "awesome-qr": "^2.1.5-rc.0",
@@ -44,18 +44,21 @@
44
44
  "express": "^4.19.2",
45
45
  "short-uuid": "^4.2.2",
46
46
  "swagger-ui-express": "^5.0.1",
47
- "uuid": "^9.0.1"
47
+ "uuid": "^9.0.1",
48
+ "zod": "^4.1.5"
48
49
  },
49
50
  "devDependencies": {
50
51
  "@decentralized-identity/ion-sdk": "^0.6.0",
51
- "@sphereon/did-auth-siop-adapter": "0.19.1-feature.SSISDK.13.32",
52
+ "@sphereon/did-auth-siop-adapter": "0.19.1-feature.SSISDK.45.120",
52
53
  "@sphereon/did-uni-client": "^0.6.3",
53
54
  "@sphereon/pex": "5.0.0-unstable.28",
54
55
  "@sphereon/pex-models": "^2.3.2",
55
- "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
56
- "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
57
- "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
58
- "@sphereon/ssi-sdk.data-store": "0.34.1-feature.SSISDK.26.RP.57+9836fe9c",
56
+ "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-feature.SSISDK.45.135+c34457e7",
57
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.SSISDK.45.135+c34457e7",
58
+ "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.SSISDK.45.135+c34457e7",
59
+ "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-feature.SSISDK.45.135+c34457e7",
60
+ "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-feature.SSISDK.45.135+c34457e7",
61
+ "@sphereon/ssi-sdk.data-store": "0.34.1-feature.SSISDK.45.135+c34457e7",
59
62
  "@types/body-parser": "^1.19.5",
60
63
  "@types/cookie-parser": "^1.4.7",
61
64
  "@types/cors": "^2.8.17",
@@ -114,5 +117,5 @@
114
117
  "OpenID Connect",
115
118
  "Authenticator"
116
119
  ],
117
- "gitHead": "9836fe9c1ba582b925c14e88fb09c43938edd9b2"
120
+ "gitHead": "c34457e783e778691ef94a2a266dca8bc8a44404"
118
121
  }
package/src/index.ts CHANGED
@@ -2,6 +2,6 @@
2
2
  * @public
3
3
  */
4
4
  export * from './siop-api-functions'
5
- export * from './webapp-api-functions'
5
+ export * from './universal-oid4vp-api-functions'
6
6
  export * from './types'
7
7
  export * from './siopv2-rp-api-server'
package/src/middleware/validationMiddleware.ts ADDED
@@ -0,0 +1,20 @@
1
+ import { Request, Response, NextFunction } from 'express';
2
+ import { z, ZodError } from 'zod';
3
+
4
+ export const validateData = (schema: z.ZodObject<any, any>) => {
5
+ return (req: Request, res: Response, next: NextFunction) => {
6
+ try {
7
+ schema.parse(req.body);
8
+ next();
9
+ } catch (error) {
10
+ if (error instanceof ZodError) {
11
+ const errorMessages = error.issues.map((issue: any) => ({
12
+ message: `${issue.path.join('.')} is ${issue.message}`,
13
+ }))
14
+ res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });
15
+ } else {
16
+ res.status(500).json({ status: 500, message: 'Internal Server Error' });
17
+ }
18
+ }
19
+ };
20
+ }
package/src/schemas/index.ts ADDED
@@ -0,0 +1,41 @@
1
+ import { z } from 'zod'
2
+ import {
3
+ ResponseMode,
4
+ ResponseType,
5
+ RequestUriMethod,
6
+ CallbackOptsSchema
7
+ } from '@sphereon/did-auth-siop'
8
+
9
+ export const ResponseTypeSchema = z.enum([ResponseType.VP_TOKEN]);
10
+
11
+ export const ResponseModeSchema = z.enum([ResponseMode.DIRECT_POST, ResponseMode.DIRECT_POST_JWT]);
12
+
13
+ export const RequestUriMethodSchema = z.enum(Object.values(RequestUriMethod));
14
+
15
+ export const QRCodeOptsSchema = z.object({
16
+ size: z.number().optional(),
17
+ color_dark: z.string().optional(),
18
+ color_light: z.string().optional(),
19
+ });
20
+
21
+ export const CreateAuthorizationRequestBodySchema = z.object({
22
+ query_id: z.string(),
23
+ client_id: z.string().optional(),
24
+ request_uri_base: z.string().optional(),
25
+ correlation_id: z.string().optional(),
26
+ request_uri_method: RequestUriMethodSchema.optional(),
27
+ response_type: ResponseTypeSchema.optional(),
28
+ response_mode: ResponseModeSchema.optional(),
29
+ transaction_data: z.array(z.string()).optional(),
30
+ qr_code: QRCodeOptsSchema.optional(),
31
+ direct_post_response_redirect_uri: z.string().optional(),
32
+ callback: CallbackOptsSchema.optional(),
33
+ });
34
+
35
+ export const CreateAuthorizationResponseSchema = z.object({
36
+ correlation_id: z.string(),
37
+ query_id: z.string(),
38
+ request_uri: z.string(),
39
+ status_uri: z.string(),
40
+ qr_uri: z.string().optional(),
41
+ });
package/src/siop-api-functions.ts CHANGED
@@ -1,7 +1,7 @@
1
- import { AuthorizationResponsePayload, PresentationDefinitionLocation } from '@sphereon/did-auth-siop'
1
+ import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'
2
2
  import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
3
- import { CredentialMapper } from '@sphereon/ssi-types'
4
3
  import { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
4
+ import { CredentialMapper } from '@sphereon/ssi-types'
5
5
  import { Request, Response, Router } from 'express'
6
6
  import { IRequiredContext } from './types'
7
7
 
@@ -41,11 +41,7 @@ const parseAuthorizationResponse = (request: Request): AuthorizationResponsePayl
41
41
  )
42
42
  }
43
43
 
44
- export function verifyAuthResponseSIOPv2Endpoint(
45
- router: Router,
46
- context: IRequiredContext,
47
- opts?: ISingleEndpointOpts & { presentationDefinitionLocation?: PresentationDefinitionLocation },
48
- ) {
44
+ export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
49
45
  if (opts?.enabled === false) {
50
46
  console.log(`verifyAuthResponse SIOP endpoint is disabled`)
51
47
  return
@@ -53,18 +49,20 @@ export function verifyAuthResponseSIOPv2Endpoint(
53
49
  const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'
54
50
  router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
55
51
  try {
56
- const { correlationId, definitionId, tenantId, version } = request.params
57
- if (!correlationId || !definitionId) {
58
- console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)
52
+ const { correlationId, tenantId, version, credentialQueryId } = request.params // TODO Can credentialQueryId be a request param
53
+ if (!correlationId || !credentialQueryId) {
54
+ console.log(
55
+ `No authorization request could be found for the given url. correlationId: ${correlationId}, credentialQueryId: ${credentialQueryId}`,
56
+ )
59
57
  return sendErrorResponse(response, 404, 'No authorization request could be found')
60
58
  }
61
59
  console.log('Authorization Response (siop-sessions')
62
60
  console.log(JSON.stringify(request.body, null, 2))
63
- const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })
61
+ const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId: credentialQueryId, tenantId, version }] })
64
62
  if (definitionItems.length === 0) {
65
- console.log(`Could not get definition ${definitionId} from agent. Will return 404`)
63
+ console.log(`Could not get definition ${credentialQueryId} from agent. Will return 404`)
66
64
  response.statusCode = 404
67
- response.statusMessage = `No definition ${definitionId}`
65
+ response.statusMessage = `No definition ${credentialQueryId}`
68
66
  return response.send()
69
67
  }
70
68
 
@@ -75,17 +73,11 @@ export function verifyAuthResponseSIOPv2Endpoint(
75
73
  const verifiedResponse = await context.agent.siopVerifyAuthResponse({
76
74
  authorizationResponse,
77
75
  correlationId,
78
- definitionId,
79
- presentationDefinitions: [
80
- {
81
- location: opts?.presentationDefinitionLocation ?? PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF,
82
- definition: definitionItem.definitionPayload,
83
- },
84
- ],
85
- dcqlQuery: definitionItem.dcqlPayload,
76
+ queryId: credentialQueryId,
77
+ dcqlQueryPayload: definitionItem.dcqlPayload,
86
78
  })
87
79
 
88
- const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentations[0]
80
+ const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentation[credentialQueryId]
89
81
  if (wrappedPresentation) {
90
82
  // const credentialSubject = wrappedPresentation.presentation.verifiableCredential[0]?.credential?.credentialSubject
91
83
  // console.log(JSON.stringify(credentialSubject, null, 2))
@@ -100,7 +92,11 @@ export function verifyAuthResponseSIOPv2Endpoint(
100
92
  return response.send(JSON.stringify(authorizationChallengeValidationResponse))
101
93
  }
102
94
 
103
- const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })
95
+ const responseRedirectURI = await context.agent.siopGetRedirectURI({
96
+ correlationId,
97
+ queryId: credentialQueryId,
98
+ state: verifiedResponse.state,
99
+ })
104
100
  if (responseRedirectURI) {
105
101
  response.setHeader('Content-Type', 'application/json')
106
102
  return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))
@@ -135,7 +131,7 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
135
131
  }
136
132
  const requestState = await context.agent.siopGetAuthRequestState({
137
133
  correlationId,
138
- definitionId,
134
+ queryId: definitionId,
139
135
  errorOnNotFound: false,
140
136
  })
141
137
  if (!requestState) {
@@ -159,8 +155,8 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
159
155
  } finally {
160
156
  await context.agent.siopUpdateAuthRequestState({
161
157
  correlationId,
162
- definitionId,
163
- state: 'sent',
158
+ queryId: definitionId,
159
+ state: 'authorization_request_created',
164
160
  error,
165
161
  })
166
162
  }
package/src/siopv2-rp-api-server.ts CHANGED
@@ -7,11 +7,11 @@ import express, { Express, Request, Response, Router } from 'express'
7
7
  import { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'
8
8
  import { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'
9
9
  import {
10
- authStatusWebappEndpoint,
11
- createAuthRequestWebappEndpoint,
10
+ authStatusUniversalOID4VPEndpoint,
11
+ createAuthRequestUniversalOID4VPEndpoint,
12
12
  getDefinitionsEndpoint,
13
- removeAuthRequestStateWebappEndpoint,
14
- } from './webapp-api-functions'
13
+ removeAuthRequestStateUniversalOID4VPEndpoint,
14
+ } from './universal-oid4vp-api-functions'
15
15
  import swaggerUi from 'swagger-ui-express'
16
16
 
17
17
  export class SIOPv2RPApiServer {
@@ -40,9 +40,9 @@ export class SIOPv2RPApiServer {
40
40
 
41
41
  // Webapp endpoints
42
42
  if (features.includes('rp-status')) {
43
- createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)
44
- authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)
45
- removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)
43
+ createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)
44
+ authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)
45
+ removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)
46
46
  getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)
47
47
  }
48
48
 
package/src/types/types.ts CHANGED
@@ -1,11 +1,17 @@
1
+ import { IAgentContext, ICredentialVerifier } from '@veramo/core'
1
2
  import { GenericAuthArgs, ISingleEndpointOpts } from '@sphereon/ssi-express-support'
2
3
  import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
3
4
  import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
4
- import { IAgentContext, ICredentialVerifier } from '@veramo/core'
5
5
  import { IPDManager } from '@sphereon/ssi-sdk.pd-manager'
6
+ import { AdditionalClaims } from '@sphereon/ssi-types'
7
+ import { AuthorizationRequestStateStatus, AuthorizationResponseStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
8
+ import { Request, Response } from 'express'
9
+ import { z } from 'zod'
10
+ import { CreateAuthorizationRequestBodySchema, CreateAuthorizationResponseSchema } from '../schemas'
6
11
  import { QRCodeOpts } from './QRCode.types'
7
12
 
8
13
  export type SiopFeatures = 'rp-status' | 'siop'
14
+
9
15
  export interface ISIOPv2RPRestAPIOpts {
10
16
  enableFeatures?: SiopFeatures[]
11
17
  endpointOpts?: {
@@ -30,3 +36,64 @@ export interface ICreateAuthRequestWebappEndpointOpts extends ISingleEndpointOpt
30
36
 
31
37
  export type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPresentationExchange & IPDManager
32
38
  export type IRequiredContext = IAgentContext<IRequiredPlugins>
39
+
40
+ export type CreateAuthorizationRequest = Request<Record<string, never>, any, CreateAuthorizationRequestBody, Record<string, never>>
41
+
42
+ export type CreateAuthorizationRequestBody = z.infer<typeof CreateAuthorizationRequestBodySchema>;
43
+
44
+ export type CreateAuthorizationResponse = Response<CreateAuthorizationRequestResponse>
45
+
46
+ export type CreateAuthorizationRequestResponse = z.infer<typeof CreateAuthorizationResponseSchema>;
47
+
48
+ export type DeleteAuthorizationRequest = Request<DeleteAuthorizationRequestPathParameters, any, Record<string, any>, Record<string, any>>
49
+
50
+ export type DeleteAuthorizationRequestPathParameters = {
51
+ correlationId: string;
52
+ }
53
+
54
+ export type GetAuthorizationRequestStatus = Request<GetAuthorizationRequestStatusPathParameters, any, Record<string, any>, Record<string, any>>
55
+
56
+ export type GetAuthorizationRequestStatusPathParameters = {
57
+ correlationId: string;
58
+ }
59
+
60
+ export type RequestError = {
61
+ status: number
62
+ message: string
63
+ error_details?: string
64
+ }
65
+
66
+ export interface AuthStatusResponse {
67
+ status: AuthorizationRequestStateStatus | AuthorizationResponseStateStatus
68
+ correlation_id: string
69
+ query_id: string
70
+ last_updated: number
71
+ verified_data?: VerifiedData
72
+ error?: RequestError
73
+ }
74
+
75
+ export type VerifiedData = {
76
+ authorization_response?: AuthorizationResponse
77
+ credential_claims?: AdditionalClaims
78
+ }
79
+
80
+ export type AuthorizationResponse = {
81
+ presentation_submission?: Record<string, any>
82
+ vp_token?: VpToken
83
+ }
84
+
85
+ export type SingleObjectVpTokenPE = Record<string, any>
86
+
87
+ export type SingleStringVpTokenPE = string
88
+
89
+ export type MultipleVpTokens = Array<SingleObjectVpTokenPE> | Array<SingleStringVpTokenPE>
90
+
91
+ export type MultipleVpTokenDCQL = {
92
+ [key: string]: MultipleVpTokens
93
+ }
94
+
95
+ export type VpToken =
96
+ | SingleObjectVpTokenPE
97
+ | SingleStringVpTokenPE
98
+ | MultipleVpTokens
99
+ | MultipleVpTokenDCQL