@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.SSISDK.47.42 → 0.34.1-feature.SSISDK.50.100

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api",
-  "version": "0.34.1-feature.SSISDK.47.42+117ad37d",
+  "version": "0.34.1-feature.SSISDK.50.100+f7758c66",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -23,42 +23,39 @@
     "start:dev": "ts-node __tests__/RestAPI.ts"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.19.1-feature.SSISDK.47.14",
-    "@sphereon/ssi-express-support": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.47.42+117ad37d",
+    "@sphereon/did-auth-siop": "0.19.1-feature.SSISDK.45.92",
+    "@sphereon/ssi-express-support": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.50.100+f7758c66",
     "@veramo/core": "4.2.0",
     "@veramo/credential-w3c": "4.2.0",
     "awesome-qr": "^2.1.5-rc.0",
     "body-parser": "^1.20.2",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
-    "cross-fetch": "^3.1.8",
+    "cross-fetch": "^4.1.0",
     "dotenv-flow": "^3.3.0",
     "express": "^4.19.2",
     "short-uuid": "^4.2.2",
     "swagger-ui-express": "^5.0.1",
-    "uuid": "^9.0.1",
-    "zod": "^4.1.5"
+    "uuid": "^9.0.1"
   },
   "devDependencies": {
     "@decentralized-identity/ion-sdk": "^0.6.0",
-    "@sphereon/did-auth-siop-adapter": "0.19.1-feature.SSISDK.47.14",
+    "@sphereon/did-auth-siop-adapter": "0.19.1-feature.SSISDK.45.92",
     "@sphereon/did-uni-client": "^0.6.3",
     "@sphereon/pex": "5.0.0-unstable.28",
     "@sphereon/pex-models": "^2.3.2",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-feature.SSISDK.47.42+117ad37d",
-    "@sphereon/ssi-sdk.data-store": "0.34.1-feature.SSISDK.47.42+117ad37d",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-feature.SSISDK.50.100+f7758c66",
+    "@sphereon/ssi-sdk.data-store": "0.34.1-feature.SSISDK.50.100+f7758c66",
     "@types/body-parser": "^1.19.5",
     "@types/cookie-parser": "^1.4.7",
     "@types/cors": "^2.8.17",
@@ -117,5 +114,5 @@
     "OpenID Connect",
     "Authenticator"
   ],
-  "gitHead": "117ad37d1397fe6c2f99f499761323dd8158699e"
+  "gitHead": "f7758c6686c8af51167365b8ecf2aa383d4b69a6"
 }

package/src/index.ts

@@ -2,6 +2,6 @@
  * @public
  */
 export * from './siop-api-functions'
-export * from './universal-oid4vp-api-functions'
+export * from './webapp-api-functions'
 export * from './types'
 export * from './siopv2-rp-api-server'

package/src/siop-api-functions.ts

@@ -1,4 +1,4 @@
-import { AuthorizationResponsePayload, PresentationDefinitionLocation } from '@sphereon/did-auth-siop'
+import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'
 import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
 import { CredentialMapper } from '@sphereon/ssi-types'
 import { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
@@ -41,11 +41,7 @@ const parseAuthorizationResponse = (request: Request): AuthorizationResponsePayl
   )
 }
 
-export function verifyAuthResponseSIOPv2Endpoint(
-  router: Router,
-  context: IRequiredContext,
-  opts?: ISingleEndpointOpts & { presentationDefinitionLocation?: PresentationDefinitionLocation },
-) {
+export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
   if (opts?.enabled === false) {
     console.log(`verifyAuthResponse SIOP endpoint is disabled`)
     return
@@ -53,7 +49,7 @@ export function verifyAuthResponseSIOPv2Endpoint(
   const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'
   router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
     try {
-      const { correlationId, definitionId, tenantId, version } = request.params
+      const { correlationId, definitionId, tenantId, version, credentialQueryId } = request.params // TODO Can credentialQueryId be a request param
       if (!correlationId || !definitionId) {
         console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)
         return sendErrorResponse(response, 404, 'No authorization request could be found')
@@ -75,17 +71,11 @@ export function verifyAuthResponseSIOPv2Endpoint(
       const verifiedResponse = await context.agent.siopVerifyAuthResponse({
         authorizationResponse,
         correlationId,
-        queryId: definitionId,
-        presentationDefinitions: [
-          {
-            location: opts?.presentationDefinitionLocation ?? PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF,
-            definition: definitionItem.definitionPayload,
-          },
-        ],
-        dcqlQuery: definitionItem.dcqlPayload,
+        definitionId,
+        dcqlQueryPayload: definitionItem.dcqlPayload,
       })
 
-      const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentations[0]
+      const wrappedPresentation = verifiedResponse?.oid4vpSubmission?.presentation[credentialQueryId]
       if (wrappedPresentation) {
         // const credentialSubject = wrappedPresentation.presentation.verifiableCredential[0]?.credential?.credentialSubject
         // console.log(JSON.stringify(credentialSubject, null, 2))
@@ -100,7 +90,7 @@ export function verifyAuthResponseSIOPv2Endpoint(
           return response.send(JSON.stringify(authorizationChallengeValidationResponse))
         }
 
-        const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, queryId: definitionId, state: verifiedResponse.state })
+        const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })
         if (responseRedirectURI) {
           response.setHeader('Content-Type', 'application/json')
           return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))
@@ -135,7 +125,7 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
       }
       const requestState = await context.agent.siopGetAuthRequestState({
         correlationId,
-        queryId: definitionId,
+        definitionId,
         errorOnNotFound: false,
       })
       if (!requestState) {
@@ -159,8 +149,8 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
       } finally {
         await context.agent.siopUpdateAuthRequestState({
           correlationId,
-          queryId: definitionId,
-          state: 'authorization_request_created',
+          definitionId,
+          state: 'sent',
           error,
         })
       }

package/src/siopv2-rp-api-server.ts

@@ -7,11 +7,11 @@ import express, { Express, Request, Response, Router } from 'express'
 import { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'
 import { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'
 import {
-  authStatusUniversalOID4VPEndpoint,
-  createAuthRequestUniversalOID4VPEndpoint,
+  authStatusWebappEndpoint,
+  createAuthRequestWebappEndpoint,
   getDefinitionsEndpoint,
-  removeAuthRequestStateUniversalOID4VPEndpoint,
-} from './universal-oid4vp-api-functions'
+  removeAuthRequestStateWebappEndpoint,
+} from './webapp-api-functions'
 import swaggerUi from 'swagger-ui-express'
 
 export class SIOPv2RPApiServer {
@@ -40,9 +40,9 @@ export class SIOPv2RPApiServer {
 
     // Webapp endpoints
     if (features.includes('rp-status')) {
-      createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)
-      authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)
-      removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)
+      createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)
+      authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)
+      removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)
       getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)
     }
 

package/src/types/types.ts

@@ -1,17 +1,11 @@
-import { IAgentContext, ICredentialVerifier } from '@veramo/core'
 import { GenericAuthArgs, ISingleEndpointOpts } from '@sphereon/ssi-express-support'
 import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
 import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
+import { IAgentContext, ICredentialVerifier } from '@veramo/core'
 import { IPDManager } from '@sphereon/ssi-sdk.pd-manager'
-import { AdditionalClaims } from '@sphereon/ssi-types'
-import { AuthorizationRequestStateStatus, AuthorizationResponseStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
-import { Request, Response } from 'express'
-import { z } from 'zod'
-import { CreateAuthorizationRequestBodySchema, CreateAuthorizationResponseSchema } from '../schemas'
 import { QRCodeOpts } from './QRCode.types'
 
 export type SiopFeatures = 'rp-status' | 'siop'
-
 export interface ISIOPv2RPRestAPIOpts {
   enableFeatures?: SiopFeatures[]
   endpointOpts?: {
@@ -36,38 +30,3 @@ export interface ICreateAuthRequestWebappEndpointOpts extends ISingleEndpointOpt
 
 export type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPresentationExchange & IPDManager
 export type IRequiredContext = IAgentContext<IRequiredPlugins>
-
-export type CreateAuthorizationRequest = Request<Record<string, never>, any, CreateAuthorizationRequestBody, Record<string, never>>
-
-export type CreateAuthorizationRequestBody = z.infer<typeof CreateAuthorizationRequestBodySchema>;
-
-export type CreateAuthorizationResponse = Response<CreateAuthorizationRequestResponse>
-
-export type CreateAuthorizationRequestResponse = z.infer<typeof CreateAuthorizationResponseSchema>;
-
-export type DeleteAuthorizationRequest = Request<DeleteAuthorizationRequestPathParameters, any, Record<string, any>, Record<string, any>>
-
-export type DeleteAuthorizationRequestPathParameters = {
-  correlationId: string;
-}
-
-export type GetAuthorizationRequestStatus = Request<GetAuthorizationRequestStatusPathParameters, any, Record<string, any>, Record<string, any>>
-
-export type GetAuthorizationRequestStatusPathParameters = {
-  correlationId: string;
-}
-
-export type RequestError = {
-  status: number
-  message: string
-  error_details?: string
-}
-
-export interface AuthStatusResponse {
-  status: AuthorizationRequestStateStatus | AuthorizationResponseStateStatus
-  correlation_id: string
-  query_id: string
-  last_updated: number
-  verified_data?: AdditionalClaims
-  error?: RequestError
-}

package/src/webapp-api-functions.ts

@@ -0,0 +1,183 @@
+import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'
+import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
+import { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
+import { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
+import { Request, Response, Router } from 'express'
+import uuid from 'short-uuid'
+import { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'
+import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
+
+export function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`createAuthRequest Webapp endpoint is disabled`)
+    return
+  }
+  const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests'
+  router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
+    try {
+      // if (!request.agent) throw Error('No agent configured')
+      const definitionId = request.params.definitionId
+      if (!definitionId) {
+        return sendErrorResponse(response, 400, 'No definitionId query parameter provided')
+      }
+      const state: string = request.body.state ?? uuid.uuid()
+      const correlationId = request.body.correlationId ?? state
+      const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts
+
+      const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {
+        baseURI: opts?.siopBaseURI,
+      })
+      const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })
+      // first version is for backwards compat
+      const responseRedirectURI =
+        ('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??
+        ('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))
+
+      const authRequestURI = await context.agent.siopCreateAuthRequestURI({
+        definitionId,
+        correlationId,
+        state,
+        nonce: uuid.uuid(),
+        requestByReferenceURI,
+        responseURIType: 'response_uri',
+        responseURI,
+        ...(responseRedirectURI && { responseRedirectURI }),
+      })
+
+      let qrCodeDataUri: string | undefined
+      if (qrCodeOpts) {
+        const { AwesomeQR } = await import('awesome-qr')
+        const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })
+        qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`
+      }
+      const authRequestBody: GenerateAuthRequestURIResponse = {
+        correlationId,
+        state,
+        definitionId,
+        authRequestURI,
+        authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,
+        ...(qrCodeDataUri && { qrCodeDataUri }),
+      }
+      console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)
+      return response.json(authRequestBody)
+    } catch (error) {
+      return sendErrorResponse(response, 500, 'Could not create an authorization request URI', error)
+    }
+  })
+}
+
+export function authStatusWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`authStatus Webapp endpoint is disabled`)
+    return
+  }
+  const path = opts?.path ?? '/webapp/auth-status'
+  router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
+    try {
+      console.log('Received auth-status request...')
+      const correlationId: string = request.body.correlationId as string
+      const definitionId: string = request.body.definitionId as string
+
+      const requestState =
+        correlationId && definitionId
+          ? await context.agent.siopGetAuthRequestState({
+              correlationId,
+              definitionId,
+              errorOnNotFound: false,
+            })
+          : undefined
+      if (!requestState || !definitionId || !correlationId) {
+        console.log(
+          `No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,
+        )
+        response.statusCode = 404
+        const statusBody: AuthStatusResponse = {
+          status: requestState ? requestState.status : 'error',
+          error: 'No authentication request mapping could be found for the given URL.',
+          correlationId,
+          definitionId,
+          lastUpdated: requestState ? requestState.lastUpdated : Date.now(),
+        }
+        return response.json(statusBody)
+      }
+
+      let includeVerifiedData: VerifiedDataMode = VerifiedDataMode.NONE
+      if ('includeVerifiedData' in request.body) {
+        includeVerifiedData = request.body.includeVerifiedData as VerifiedDataMode
+      }
+
+      let responseState
+      if (requestState.status === 'sent') {
+        responseState = (await context.agent.siopGetAuthResponseState({
+          correlationId,
+          definitionId,
+          includeVerifiedData: includeVerifiedData,
+          errorOnNotFound: false,
+        })) as AuthorizationResponseStateWithVerifiedData
+      }
+      const overallState: AuthorizationRequestState | AuthorizationResponseStateWithVerifiedData = responseState ?? requestState
+
+      const statusBody: AuthStatusResponse = {
+        status: overallState.status,
+        ...(overallState.error ? { error: overallState.error?.message } : {}),
+        correlationId,
+        definitionId,
+        lastUpdated: overallState.lastUpdated,
+        ...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED
+          ? {
+              payload: await responseState.response.mergedPayloads({ hasher: defaultHasher }),
+              verifiedData: responseState.verifiedData,
+            }
+          : {}),
+      }
+      console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)
+      if (overallState.status === 'error') {
+        response.statusCode = 500
+        return response.json(statusBody)
+      }
+      response.statusCode = 200
+      return response.json(statusBody)
+    } catch (error) {
+      return sendErrorResponse(response, 500, error.message, error)
+    }
+  })
+}
+
+export function removeAuthRequestStateWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`removeAuthStatus Webapp endpoint is disabled`)
+    return
+  }
+  const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests/:correlationId'
+  router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
+    try {
+      const correlationId: string = request.params.correlationId
+      const definitionId: string = request.params.definitionId
+      if (!correlationId || !definitionId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)
+        return sendErrorResponse(response, 404, 'No authorization request could be found')
+      }
+      response.statusCode = 200
+      return response.json(await context.agent.siopDeleteAuthState({ definitionId, correlationId }))
+    } catch (error) {
+      return sendErrorResponse(response, 500, error.message, error)
+    }
+  })
+}
+
+export function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`getDefinitions Webapp endpoint is disabled`)
+    return
+  }
+  const path = opts?.path ?? '/webapp/definitions'
+  router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
+    try {
+      const definitions = await context.agent.pdmGetDefinitions()
+      response.statusCode = 200
+      return response.json(definitions)
+    } catch (error) {
+      return sendErrorResponse(response, 500, error.message, error)
+    }
+  })
+}

package/src/middleware/validationMiddleware.ts

@@ -1,20 +0,0 @@
-import { Request, Response, NextFunction } from 'express';
-import { z, ZodError } from 'zod';
-
-export const validateData = (schema: z.ZodObject<any, any>) => {
-  return (req: Request, res: Response, next: NextFunction) => {
-    try {
-      schema.parse(req.body);
-      next();
-    } catch (error) {
-      if (error instanceof ZodError) {
-        const errorMessages = error.issues.map((issue: any) => ({
-          message: `${issue.path.join('.')} is ${issue.message}`,
-        }))
-        res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });
-      } else {
-        res.status(500).json({ status: 500, message: 'Internal Server Error' });
-      }
-    }
-  };
-}

package/src/schemas/index.ts

@@ -1,41 +0,0 @@
-import { z } from 'zod'
-import {
-  ResponseMode,
-  ResponseType,
-  RequestUriMethod,
-  CallbackOptsSchema
-} from '@sphereon/did-auth-siop'
-
-export const ResponseTypeSchema = z.enum([ResponseType.VP_TOKEN]);
-
-export const ResponseModeSchema = z.enum([ResponseMode.DIRECT_POST, ResponseMode.DIRECT_POST_JWT]);
-
-export const RequestUriMethodSchema = z.enum(Object.values(RequestUriMethod));
-
-export const QRCodeOptsSchema = z.object({
-  size: z.number().optional(),
-  color_dark: z.string().optional(),
-  color_light: z.string().optional(),
-});
-
-export const CreateAuthorizationRequestBodySchema = z.object({
-  query_id: z.string(),
-  client_id: z.string().optional(),
-  request_uri_base: z.string().optional(),
-  correlation_id: z.string().optional(),
-  request_uri_method: RequestUriMethodSchema.optional(),
-  response_type: ResponseTypeSchema.optional(),
-  response_mode: ResponseModeSchema.optional(),
-  transaction_data: z.array(z.string()).optional(),
-  qr_code: QRCodeOptsSchema.optional(),
-  direct_post_response_redirect_uri: z.string().optional(),
-  callback: CallbackOptsSchema.optional(),
-});
-
-export const CreateAuthorizationResponseSchema = z.object({
-  correlation_id: z.string(),
-  query_id: z.string(),
-  request_uri: z.string(),
-  status_uri: z.string(),
-  qr_uri: z.string().optional(),
-});

package/src/universal-oid4vp-api-functions.ts

@@ -1,174 +0,0 @@
-import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'
-import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
-import { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
-import { Request, Response, Router } from 'express'
-import uuid from 'short-uuid'
-import { validateData } from './middleware/validationMiddleware'
-import { CreateAuthorizationRequestBodySchema } from './schemas'
-import {
-  CreateAuthorizationRequest,
-  CreateAuthorizationRequestResponse,
-  CreateAuthorizationResponse,
-  DeleteAuthorizationRequest,
-  GetAuthorizationRequestStatus,
-  AuthStatusResponse,
-  ICreateAuthRequestWebappEndpointOpts,
-  IRequiredContext
-} from './types'
-
-export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {
-  if (opts?.enabled === false) {
-    console.log(`createAuthRequest universal OID4VP endpoint is disabled`)
-    return
-  }
-
-  const path = opts?.path ?? '/backend/auth/requests'
-  router.post(path, checkAuth(opts?.endpoint), validateData(CreateAuthorizationRequestBodySchema), async (request: CreateAuthorizationRequest, response: CreateAuthorizationResponse) => {
-    try {
-      const correlationId = request.body.correlation_id ?? uuid.uuid()
-      const qrCodeOpts = request.body.qr_code ?? opts?.qrCodeOpts
-      const queryId = request.body.query_id
-      const directPostResponseRedirectUri = request.body.direct_post_response_redirect_uri // TODO Uri not URI
-      const requestUriBase = request.body.request_uri_base
-      const callback = request.body.callback
-
-      try {
-        await context.agent.pdmGetDefinition({ itemId: queryId })
-      } catch(e) {
-        console.log(`No query could be found for the given id. Query id: ${queryId}`)
-        return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })
-      }
-
-      const requestByReferenceURI = uriWithBase(`/siop/definitions/${queryId}/auth-requests/${correlationId}`, {
-        baseURI: requestUriBase ?? opts?.siopBaseURI,
-      })
-      const responseURI = uriWithBase(`/siop/definitions/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })
-
-      const authRequestURI = await context.agent.siopCreateAuthRequestURI({
-        queryId,
-        correlationId,
-        nonce: uuid.uuid(),
-        requestByReferenceURI,
-        responseURIType: 'response_uri',
-        responseURI,
-        ...(directPostResponseRedirectUri && { responseRedirectURI: directPostResponseRedirectUri }),
-        callback
-      })
-
-      let qrCodeDataUri: string | undefined
-      if (qrCodeOpts) {
-        const { AwesomeQR } = await import('awesome-qr')
-        const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })
-        qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`
-      }
-
-      const authRequestBody = {
-        query_id: queryId,
-        correlation_id: correlationId,
-        request_uri: authRequestURI,
-        status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,
-        ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),
-      } satisfies CreateAuthorizationRequestResponse
-      console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)
-
-      return response.status(201).json(authRequestBody)
-    } catch (error) {
-      return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)
-    }
-  })
-}
-
-export function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
-  if (opts?.enabled === false) {
-    console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)
-    return
-  }
-
-  const path = opts?.path ?? '/backend/auth/requests/:correlationId'
-  router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {
-    try {
-      const correlationId: string = request.params.correlationId
-
-      const authRequestState = await context.agent.siopGetAuthRequestState({
-        correlationId,
-        errorOnNotFound: false
-      })
-      if (!authRequestState) {
-        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)
-        return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })
-      }
-
-      await context.agent.siopDeleteAuthState({ correlationId })
-
-      return response.status(204).json()
-    } catch (error) {
-      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)
-    }
-  })
-}
-
-export function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
-  if (opts?.enabled === false) {
-    console.log(`authStatus universal OID4VP endpoint is disabled`)
-    return
-  }
-
-  const path = opts?.path ?? '/backend/auth/status/:correlationId'
-  router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {
-    try {
-      console.log('Received auth-status request...')
-      const correlationId: string = request.params.correlationId
-
-      const requestState = await context.agent.siopGetAuthRequestState({
-        correlationId,
-        errorOnNotFound: false
-      })
-
-      if (!requestState) {
-        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)
-        return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })
-      }
-
-      let responseState
-      if (requestState.status === 'authorization_request_created') {
-        responseState = (await context.agent.siopGetAuthResponseState({ correlationId, errorOnNotFound: false }))
-      }
-      const overallState = responseState ?? requestState
-
-      const statusBody = {
-        status: overallState.status,
-        correlation_id: overallState.correlationId,
-        query_id: overallState.queryId,
-        last_updated: overallState.lastUpdated,
-        ...((responseState?.status === AuthorizationResponseStateStatus.VERIFIED && responseState.verifiedData !== undefined) && { verifiedData: responseState.verifiedData }),
-        ...(overallState.error && { message: overallState.error.message })
-      } satisfies AuthStatusResponse
-      console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)
-
-      if (overallState.status === 'error') {
-        return response.status(500).json(statusBody)
-      }
-      return response.status(200).json(statusBody)
-    } catch (error) {
-      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)
-    }
-  })
-}
-
-export function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
-  if (opts?.enabled === false) {
-    console.log(`getDefinitions universal OID4VP endpoint is disabled`)
-    return
-  }
-
-  const path = opts?.path ?? '/backend/definitions'
-  router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
-    try {
-      const definitions = await context.agent.pdmGetDefinitions()
-      response.statusCode = 200
-      return response.json(definitions)
-    } catch (error) {
-      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)
-    }
-  })
-}