@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.SSISDK.45.94 → 0.34.1-feature.SSISDK.46.151

package/dist/index.cjs

@@ -32,11 +32,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   SIOPv2RPApiServer: () => SIOPv2RPApiServer,
-  authStatusWebappEndpoint: () => authStatusWebappEndpoint,
-  createAuthRequestWebappEndpoint: () => createAuthRequestWebappEndpoint,
+  authStatusUniversalOID4VPEndpoint: () => authStatusUniversalOID4VPEndpoint,
+  createAuthRequestUniversalOID4VPEndpoint: () => createAuthRequestUniversalOID4VPEndpoint,
   getAuthRequestSIOPv2Endpoint: () => getAuthRequestSIOPv2Endpoint,
   getDefinitionsEndpoint: () => getDefinitionsEndpoint,
-  removeAuthRequestStateWebappEndpoint: () => removeAuthRequestStateWebappEndpoint,
+  removeAuthRequestStateUniversalOID4VPEndpoint: () => removeAuthRequestStateUniversalOID4VPEndpoint,
   verifyAuthResponseSIOPv2Endpoint: () => verifyAuthResponseSIOPv2Endpoint
 });
 module.exports = __toCommonJS(index_exports);
@@ -74,7 +74,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
   const path = opts?.path ?? "/siop/definitions/:definitionId/auth-responses/:correlationId";
   router.post(path, (0, import_ssi_express_support.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
-      const { correlationId, definitionId, tenantId, version, credentialQueryId } = request.params;
+      const { correlationId, definitionId, tenantId, version } = request.params;
       if (!correlationId || !definitionId) {
         console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
         return (0, import_ssi_express_support.sendErrorResponse)(response, 404, "No authorization request could be found");
@@ -102,12 +102,11 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
       const verifiedResponse = await context.agent.siopVerifyAuthResponse({
         authorizationResponse,
         correlationId,
-        definitionId,
-        dcqlQuery: definitionItem.dcqlPayload
+        dcqlQueryPayload: definitionItem.dcqlPayload
       });
-      const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentation[credentialQueryId];
-      if (wrappedPresentation) {
-        console.log("PRESENTATION:" + JSON.stringify(wrappedPresentation.presentation, null, 2));
+      const presentation = verifiedResponse?.oid4vpSubmission?.presentation;
+      if (presentation && Object.keys(presentation).length > 0) {
+        console.log("PRESENTATIONS:" + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2));
         response.statusCode = 200;
         const authorizationChallengeValidationResponse = {
           presentation_during_issuance_session: verifiedResponse.correlationId
@@ -118,7 +117,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
         }
         const responseRedirectURI = await context.agent.siopGetRedirectURI({
           correlationId,
-          definitionId,
+          queryId: definitionId,
           state: verifiedResponse.state
         });
         if (responseRedirectURI) {
@@ -156,7 +155,7 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
       }
       const requestState = await context.agent.siopGetAuthRequestState({
         correlationId,
-        definitionId,
+        queryId: definitionId,
         errorOnNotFound: false
       });
       if (!requestState) {
@@ -177,8 +176,8 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
       } finally {
         await context.agent.siopUpdateAuthRequestState({
           correlationId,
-          definitionId,
-          state: "sent",
+          queryId: definitionId,
+          state: "authorization_request_created",
           error
         });
       }
@@ -189,45 +188,132 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
 }
 __name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
 
-// src/webapp-api-functions.ts
-var import_did_auth_siop = require("@sphereon/did-auth-siop");
+// src/universal-oid4vp-api-functions.ts
+var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
 var import_ssi_express_support2 = require("@sphereon/ssi-express-support");
-var import_ssi_sdk = require("@sphereon/ssi-sdk.siopv2-oid4vp-common");
-var import_ssi_sdk2 = require("@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth");
+var import_ssi_sdk2 = require("@sphereon/ssi-sdk.siopv2-oid4vp-common");
 var import_short_uuid = __toESM(require("short-uuid"), 1);
-var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
-function createAuthRequestWebappEndpoint(router, context, opts) {
+
+// src/middleware/validationMiddleware.ts
+var import_zod = require("zod");
+var validateData = /* @__PURE__ */ __name((schema) => {
+  return (req, res, next) => {
+    try {
+      schema.parse(req.body);
+      next();
+    } catch (error) {
+      if (error instanceof import_zod.ZodError) {
+        const errorMessages = error.issues.map((issue) => ({
+          message: `${issue.path.join(".")} is ${issue.message}`
+        }));
+        res.status(400).json({
+          status: 400,
+          message: "Invalid data",
+          error_details: errorMessages[0].message
+        });
+      } else {
+        res.status(500).json({
+          status: 500,
+          message: "Internal Server Error"
+        });
+      }
+    }
+  };
+}, "validateData");
+
+// src/schemas/index.ts
+var import_zod2 = require("zod");
+var import_ssi_sdk = require("@sphereon/ssi-sdk.siopv2-oid4vp-common");
+var import_did_auth_siop = require("@sphereon/did-auth-siop");
+var ResponseTypeSchema = import_zod2.z.enum([
+  import_did_auth_siop.ResponseType.VP_TOKEN
+]);
+var ResponseModeSchema = import_zod2.z.enum([
+  import_did_auth_siop.ResponseMode.DIRECT_POST,
+  import_did_auth_siop.ResponseMode.DIRECT_POST_JWT
+]);
+var requestUriMethods = [
+  "get",
+  "post"
+];
+var RequestUriMethodSchema = import_zod2.z.enum(requestUriMethods);
+var AuthorizationStatusSchema = import_zod2.z.enum([
+  ...import_ssi_sdk.authorizationRequestStatuses,
+  ...import_ssi_sdk.authorizationResponseStatuses
+]);
+var CallbackOptsSchema = import_zod2.z.object({
+  url: import_zod2.z.string(),
+  status: import_zod2.z.array(AuthorizationStatusSchema).optional()
+});
+var QRCodeOptsSchema = import_zod2.z.object({
+  size: import_zod2.z.number().optional(),
+  color_dark: import_zod2.z.string().optional(),
+  color_light: import_zod2.z.string().optional()
+});
+var CreateAuthorizationRequestBodySchema = import_zod2.z.object({
+  query_id: import_zod2.z.string(),
+  client_id: import_zod2.z.string().optional(),
+  request_uri_base: import_zod2.z.string().optional(),
+  correlation_id: import_zod2.z.string().optional(),
+  request_uri_method: RequestUriMethodSchema.optional(),
+  response_type: ResponseTypeSchema.optional(),
+  response_mode: ResponseModeSchema.optional(),
+  transaction_data: import_zod2.z.array(import_zod2.z.string()).optional(),
+  qr_code: QRCodeOptsSchema.optional(),
+  direct_post_response_redirect_uri: import_zod2.z.string().optional(),
+  callback: CallbackOptsSchema.optional()
+});
+var CreateAuthorizationResponseSchema = import_zod2.z.object({
+  correlation_id: import_zod2.z.string(),
+  query_id: import_zod2.z.string(),
+  request_uri: import_zod2.z.string(),
+  status_uri: import_zod2.z.string(),
+  qr_uri: import_zod2.z.string().optional()
+});
+
+// src/universal-oid4vp-api-functions.ts
+function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`createAuthRequest Webapp endpoint is disabled`);
+    console.log(`createAuthRequest universal OID4VP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests";
-  router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
+  const path = opts?.path ?? "/backend/auth/requests";
+  router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), validateData(CreateAuthorizationRequestBodySchema), async (request, response) => {
     try {
-      const definitionId = request.params.definitionId;
-      if (!definitionId) {
-        return (0, import_ssi_express_support2.sendErrorResponse)(response, 400, "No definitionId query parameter provided");
+      const correlationId = request.body.correlation_id ?? import_short_uuid.default.uuid();
+      const qrCodeOpts = request.body.qr_code ?? opts?.qrCodeOpts;
+      const queryId = request.body.query_id;
+      const directPostResponseRedirectUri = request.body.direct_post_response_redirect_uri;
+      const requestUriBase = request.body.request_uri_base;
+      const definitionItems = await context.agent.pdmGetDefinitions({
+        filter: [
+          {
+            definitionId: queryId
+          }
+        ]
+      });
+      if (definitionItems.length === 0) {
+        console.log(`No query could be found for the given id. Query id: ${queryId}`);
+        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
+          status: 404,
+          message: "No query could be found"
+        });
       }
-      const state = request.body.state ?? import_short_uuid.default.uuid();
-      const correlationId = request.body.correlationId ?? state;
-      const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts;
-      const requestByReferenceURI = (0, import_ssi_sdk.uriWithBase)(`/siop/definitions/${definitionId}/auth-requests/${state}`, {
-        baseURI: opts?.siopBaseURI
+      const requestByReferenceURI = (0, import_ssi_sdk2.uriWithBase)(`/siop/definitions/${queryId}/auth-requests/${correlationId}`, {
+        baseURI: requestUriBase ?? opts?.siopBaseURI
       });
-      const responseURI = (0, import_ssi_sdk.uriWithBase)(`/siop/definitions/${definitionId}/auth-responses/${state}`, {
+      const responseURI = (0, import_ssi_sdk2.uriWithBase)(`/siop/definitions/${queryId}/auth-responses/${correlationId}`, {
         baseURI: opts?.siopBaseURI
       });
-      const responseRedirectURI = ("response_redirect_uri" in request.body && request.body.response_redirect_uri) ?? ("responseRedirectURI" in request.body && request.body.responseRedirectURI);
       const authRequestURI = await context.agent.siopCreateAuthRequestURI({
-        definitionId,
+        queryId,
         correlationId,
-        state,
         nonce: import_short_uuid.default.uuid(),
         requestByReferenceURI,
         responseURIType: "response_uri",
         responseURI,
-        ...responseRedirectURI && {
-          responseRedirectURI
+        ...directPostResponseRedirectUri && {
+          responseRedirectURI: directPostResponseRedirectUri
         }
       });
       let qrCodeDataUri;
@@ -240,140 +326,138 @@ function createAuthRequestWebappEndpoint(router, context, opts) {
         qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw()).toString("base64")}`;
       }
       const authRequestBody = {
-        correlationId,
-        state,
-        definitionId,
-        authRequestURI,
-        authStatusURI: `${(0, import_ssi_sdk.uriWithBase)(opts?.webappAuthStatusPath ?? "/webapp/auth-status", {
+        query_id: queryId,
+        correlation_id: correlationId,
+        request_uri: authRequestURI,
+        status_uri: `${(0, import_ssi_sdk2.uriWithBase)(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, {
           baseURI: opts?.webappBaseURI
         })}`,
         ...qrCodeDataUri && {
-          qrCodeDataUri
+          qr_uri: qrCodeDataUri
         }
       };
       console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`);
-      return response.json(authRequestBody);
+      return response.status(201).json(authRequestBody);
     } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, "Could not create an authorization request URI", error);
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: "Could not create an authorization request URI"
+      }, error);
     }
   });
 }
-__name(createAuthRequestWebappEndpoint, "createAuthRequestWebappEndpoint");
-function authStatusWebappEndpoint(router, context, opts) {
+__name(createAuthRequestUniversalOID4VPEndpoint, "createAuthRequestUniversalOID4VPEndpoint");
+function removeAuthRequestStateUniversalOID4VPEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`authStatus Webapp endpoint is disabled`);
+    console.log(`removeAuthStatus universal OID4VP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/webapp/auth-status";
-  router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
+  const path = opts?.path ?? "/backend/auth/requests/:correlationId";
+  router.delete(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
-      console.log("Received auth-status request...");
-      const correlationId = request.body.correlationId;
-      const definitionId = request.body.definitionId;
-      const requestState = correlationId && definitionId ? await context.agent.siopGetAuthRequestState({
+      const correlationId = request.params.correlationId;
+      const authRequestState = await context.agent.siopGetAuthRequestState({
         correlationId,
-        definitionId,
         errorOnNotFound: false
-      }) : void 0;
-      if (!requestState || !definitionId || !correlationId) {
-        console.log(`No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`);
-        response.statusCode = 404;
-        const statusBody2 = {
-          status: requestState ? requestState.status : "error",
-          error: "No authentication request mapping could be found for the given URL.",
-          correlationId,
-          definitionId,
-          lastUpdated: requestState ? requestState.lastUpdated : Date.now()
-        };
-        return response.json(statusBody2);
+      });
+      if (!authRequestState) {
+        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
+        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
+          status: 404,
+          message: "No authorization request could be found"
+        });
       }
-      let includeVerifiedData = import_ssi_sdk2.VerifiedDataMode.NONE;
-      if ("includeVerifiedData" in request.body) {
-        includeVerifiedData = request.body.includeVerifiedData;
+      await context.agent.siopDeleteAuthState({
+        correlationId
+      });
+      return response.status(204).json();
+    } catch (error) {
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: error.message
+      }, error);
+    }
+  });
+}
+__name(removeAuthRequestStateUniversalOID4VPEndpoint, "removeAuthRequestStateUniversalOID4VPEndpoint");
+function authStatusUniversalOID4VPEndpoint(router, context, opts) {
+  if (opts?.enabled === false) {
+    console.log(`authStatus universal OID4VP endpoint is disabled`);
+    return;
+  }
+  const path = opts?.path ?? "/backend/auth/status/:correlationId";
+  router.get(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
+    try {
+      console.log("Received auth-status request...");
+      const correlationId = request.params.correlationId;
+      const requestState = await context.agent.siopGetAuthRequestState({
+        correlationId,
+        errorOnNotFound: false
+      });
+      if (!requestState) {
+        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
+        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
+          status: 404,
+          message: "No authorization request could be found"
+        });
       }
       let responseState;
-      if (requestState.status === "sent") {
+      if (requestState.status === "authorization_request_created") {
         responseState = await context.agent.siopGetAuthResponseState({
           correlationId,
-          definitionId,
-          includeVerifiedData,
           errorOnNotFound: false
         });
       }
       const overallState = responseState ?? requestState;
       const statusBody = {
         status: overallState.status,
-        ...overallState.error ? {
-          error: overallState.error?.message
-        } : {},
-        correlationId,
-        definitionId,
-        lastUpdated: overallState.lastUpdated,
-        ...responseState && responseState.status === import_did_auth_siop.AuthorizationResponseStateStatus.VERIFIED ? {
-          payload: await responseState.response.mergedPayloads({
-            hasher: import_ssi_sdk3.shaHasher
-          }),
-          verifiedData: responseState.verifiedData
-        } : {}
+        correlation_id: overallState.correlationId,
+        query_id: overallState.queryId,
+        last_updated: overallState.lastUpdated,
+        ...responseState?.status === import_did_auth_siop2.AuthorizationResponseStateStatus.VERIFIED && responseState.verifiedData !== void 0 && {
+          verified_data: responseState.verifiedData
+        },
+        ...overallState.error && {
+          message: overallState.error.message
+        }
       };
       console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`);
       if (overallState.status === "error") {
-        response.statusCode = 500;
-        return response.json(statusBody);
+        return response.status(500).json(statusBody);
       }
-      response.statusCode = 200;
-      return response.json(statusBody);
+      return response.status(200).json(statusBody);
     } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: error.message
+      }, error);
     }
   });
 }
-__name(authStatusWebappEndpoint, "authStatusWebappEndpoint");
-function removeAuthRequestStateWebappEndpoint(router, context, opts) {
-  if (opts?.enabled === false) {
-    console.log(`removeAuthStatus Webapp endpoint is disabled`);
-    return;
-  }
-  const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests/:correlationId";
-  router.delete(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
-    try {
-      const correlationId = request.params.correlationId;
-      const definitionId = request.params.definitionId;
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
-        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, "No authorization request could be found");
-      }
-      response.statusCode = 200;
-      return response.json(await context.agent.siopDeleteAuthState({
-        definitionId,
-        correlationId
-      }));
-    } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
-    }
-  });
-}
-__name(removeAuthRequestStateWebappEndpoint, "removeAuthRequestStateWebappEndpoint");
+__name(authStatusUniversalOID4VPEndpoint, "authStatusUniversalOID4VPEndpoint");
 function getDefinitionsEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`getDefinitions Webapp endpoint is disabled`);
+    console.log(`getDefinitions universal OID4VP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/webapp/definitions";
+  const path = opts?.path ?? "/backend/definitions";
   router.get(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
       const definitions = await context.agent.pdmGetDefinitions();
       response.statusCode = 200;
       return response.json(definitions);
     } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: error.message
+      }, error);
     }
   });
 }
 __name(getDefinitionsEndpoint, "getDefinitionsEndpoint");
 
 // src/siopv2-rp-api-server.ts
-var import_ssi_sdk4 = require("@sphereon/ssi-sdk.core");
+var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
 var import_ssi_express_support3 = require("@sphereon/ssi-express-support");
 var import_express = __toESM(require("express"), 1);
 var import_swagger_ui_express = __toESM(require("swagger-ui-express"), 1);
@@ -410,16 +494,16 @@ var SIOPv2RPApiServer = class {
     this._opts = opts;
     this._express = args.expressSupport.express;
     this._router = import_express.default.Router();
-    const context = (0, import_ssi_sdk4.agentContext)(agent);
+    const context = (0, import_ssi_sdk3.agentContext)(agent);
     const features = opts?.enableFeatures ?? [
       "rp-status",
       "siop"
     ];
     console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`);
     if (features.includes("rp-status")) {
-      createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
-      authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
-      removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
+      createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
+      authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
+      removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
       getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions);
     }
     if (features.includes("siop")) {