@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.SSISDK.50.type.refactor.148 → 0.34.1-feature.SSISDK.57.uni.client.167
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +161 -122
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +47 -6
- package/dist/index.d.ts +47 -6
- package/dist/index.js +160 -121
- package/dist/index.js.map +1 -1
- package/package.json +21 -18
- package/src/index.ts +1 -1
- package/src/middleware/validationMiddleware.ts +20 -0
- package/src/schemas/index.ts +0 -0
- package/src/siop-api-functions.ts +12 -12
- package/src/siopv2-rp-api-server.ts +7 -7
- package/src/types/types.ts +59 -1
- package/src/universal-oid4vp-api-functions.ts +182 -0
- package/src/webapp-api-functions.ts +0 -183
package/dist/index.d.cts
CHANGED
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
import { ISingleEndpointOpts, GenericAuthArgs, ExpressSupport } from '@sphereon/ssi-express-support';
|
|
2
|
-
import { Router, Express } from 'express';
|
|
2
|
+
import { Request, Response, Router, Express } from 'express';
|
|
3
|
+
import { CreateAuthorizationRequestPayload, CreateAuthorizationResponsePayload } from '@sphereon/did-auth-siop';
|
|
4
|
+
import { IPDManager } from '@sphereon/ssi-sdk.pd-manager';
|
|
3
5
|
import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange';
|
|
6
|
+
import { AuthorizationRequestStateStatus, AuthorizationResponseStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common';
|
|
4
7
|
import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth';
|
|
8
|
+
import { AdditionalClaims } from '@sphereon/ssi-types';
|
|
5
9
|
import { IAgentContext, ICredentialVerifier, TAgent } from '@veramo/core';
|
|
6
|
-
import { IPDManager } from '@sphereon/ssi-sdk.pd-manager';
|
|
7
10
|
|
|
8
11
|
interface ComponentOptions {
|
|
9
12
|
/**
|
|
@@ -235,13 +238,51 @@ interface ICreateAuthRequestWebappEndpointOpts extends ISingleEndpointOpts {
|
|
|
235
238
|
}
|
|
236
239
|
type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPresentationExchange & IPDManager;
|
|
237
240
|
type IRequiredContext = IAgentContext<IRequiredPlugins>;
|
|
241
|
+
type CreateAuthorizationRequestPayloadRequest = Request<Record<string, never>, any, CreateAuthorizationRequestPayload, Record<string, never>>;
|
|
242
|
+
type CreateAuthorizationResponsePayloadResponse = Response<CreateAuthorizationResponsePayload>;
|
|
243
|
+
type DeleteAuthorizationRequest = Request<DeleteAuthorizationRequestPathParameters, any, Record<string, any>, Record<string, any>>;
|
|
244
|
+
type DeleteAuthorizationRequestPathParameters = {
|
|
245
|
+
correlationId: string;
|
|
246
|
+
};
|
|
247
|
+
type GetAuthorizationRequestStatus = Request<GetAuthorizationRequestStatusPathParameters, any, Record<string, any>, Record<string, any>>;
|
|
248
|
+
type GetAuthorizationRequestStatusPathParameters = {
|
|
249
|
+
correlationId: string;
|
|
250
|
+
};
|
|
251
|
+
type RequestError = {
|
|
252
|
+
status: number;
|
|
253
|
+
message: string;
|
|
254
|
+
error_details?: string;
|
|
255
|
+
};
|
|
256
|
+
interface AuthStatusResponse {
|
|
257
|
+
status: AuthorizationRequestStateStatus | AuthorizationResponseStateStatus;
|
|
258
|
+
correlation_id: string;
|
|
259
|
+
query_id: string;
|
|
260
|
+
last_updated: number;
|
|
261
|
+
verified_data?: VerifiedData;
|
|
262
|
+
error?: RequestError;
|
|
263
|
+
}
|
|
264
|
+
type VerifiedData = {
|
|
265
|
+
authorization_response?: AuthorizationResponse;
|
|
266
|
+
credential_claims?: AdditionalClaims;
|
|
267
|
+
};
|
|
268
|
+
type AuthorizationResponse = {
|
|
269
|
+
presentation_submission?: Record<string, any>;
|
|
270
|
+
vp_token?: VpToken;
|
|
271
|
+
};
|
|
272
|
+
type SingleObjectVpTokenPE = Record<string, any>;
|
|
273
|
+
type SingleStringVpTokenPE = string;
|
|
274
|
+
type MultipleVpTokens = Array<SingleObjectVpTokenPE> | Array<SingleStringVpTokenPE>;
|
|
275
|
+
type MultipleVpTokenDCQL = {
|
|
276
|
+
[key: string]: MultipleVpTokens;
|
|
277
|
+
};
|
|
278
|
+
type VpToken = SingleObjectVpTokenPE | SingleStringVpTokenPE | MultipleVpTokens | MultipleVpTokenDCQL;
|
|
238
279
|
|
|
239
280
|
declare function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
|
|
240
281
|
declare function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
|
|
241
282
|
|
|
242
|
-
declare function
|
|
243
|
-
declare function
|
|
244
|
-
declare function
|
|
283
|
+
declare function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts): void;
|
|
284
|
+
declare function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
|
|
285
|
+
declare function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
|
|
245
286
|
declare function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
|
|
246
287
|
|
|
247
288
|
declare class SIOPv2RPApiServer {
|
|
@@ -263,4 +304,4 @@ declare class SIOPv2RPApiServer {
|
|
|
263
304
|
get opts(): ISIOPv2RPRestAPIOpts | undefined;
|
|
264
305
|
}
|
|
265
306
|
|
|
266
|
-
export { type ComponentOptions, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type QRCodeOpts, SIOPv2RPApiServer, type SiopFeatures,
|
|
307
|
+
export { type AuthStatusResponse, type AuthorizationResponse, type ComponentOptions, type CreateAuthorizationRequestPayloadRequest, type CreateAuthorizationResponsePayloadResponse, type DeleteAuthorizationRequest, type DeleteAuthorizationRequestPathParameters, type GetAuthorizationRequestStatus, type GetAuthorizationRequestStatusPathParameters, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type MultipleVpTokenDCQL, type MultipleVpTokens, type QRCodeOpts, type RequestError, SIOPv2RPApiServer, type SingleObjectVpTokenPE, type SingleStringVpTokenPE, type SiopFeatures, type VerifiedData, type VpToken, authStatusUniversalOID4VPEndpoint, createAuthRequestUniversalOID4VPEndpoint, getAuthRequestSIOPv2Endpoint, getDefinitionsEndpoint, removeAuthRequestStateUniversalOID4VPEndpoint, verifyAuthResponseSIOPv2Endpoint };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
import { ISingleEndpointOpts, GenericAuthArgs, ExpressSupport } from '@sphereon/ssi-express-support';
|
|
2
|
-
import { Router, Express } from 'express';
|
|
2
|
+
import { Request, Response, Router, Express } from 'express';
|
|
3
|
+
import { CreateAuthorizationRequestPayload, CreateAuthorizationResponsePayload } from '@sphereon/did-auth-siop';
|
|
4
|
+
import { IPDManager } from '@sphereon/ssi-sdk.pd-manager';
|
|
3
5
|
import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange';
|
|
6
|
+
import { AuthorizationRequestStateStatus, AuthorizationResponseStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common';
|
|
4
7
|
import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth';
|
|
8
|
+
import { AdditionalClaims } from '@sphereon/ssi-types';
|
|
5
9
|
import { IAgentContext, ICredentialVerifier, TAgent } from '@veramo/core';
|
|
6
|
-
import { IPDManager } from '@sphereon/ssi-sdk.pd-manager';
|
|
7
10
|
|
|
8
11
|
interface ComponentOptions {
|
|
9
12
|
/**
|
|
@@ -235,13 +238,51 @@ interface ICreateAuthRequestWebappEndpointOpts extends ISingleEndpointOpts {
|
|
|
235
238
|
}
|
|
236
239
|
type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPresentationExchange & IPDManager;
|
|
237
240
|
type IRequiredContext = IAgentContext<IRequiredPlugins>;
|
|
241
|
+
type CreateAuthorizationRequestPayloadRequest = Request<Record<string, never>, any, CreateAuthorizationRequestPayload, Record<string, never>>;
|
|
242
|
+
type CreateAuthorizationResponsePayloadResponse = Response<CreateAuthorizationResponsePayload>;
|
|
243
|
+
type DeleteAuthorizationRequest = Request<DeleteAuthorizationRequestPathParameters, any, Record<string, any>, Record<string, any>>;
|
|
244
|
+
type DeleteAuthorizationRequestPathParameters = {
|
|
245
|
+
correlationId: string;
|
|
246
|
+
};
|
|
247
|
+
type GetAuthorizationRequestStatus = Request<GetAuthorizationRequestStatusPathParameters, any, Record<string, any>, Record<string, any>>;
|
|
248
|
+
type GetAuthorizationRequestStatusPathParameters = {
|
|
249
|
+
correlationId: string;
|
|
250
|
+
};
|
|
251
|
+
type RequestError = {
|
|
252
|
+
status: number;
|
|
253
|
+
message: string;
|
|
254
|
+
error_details?: string;
|
|
255
|
+
};
|
|
256
|
+
interface AuthStatusResponse {
|
|
257
|
+
status: AuthorizationRequestStateStatus | AuthorizationResponseStateStatus;
|
|
258
|
+
correlation_id: string;
|
|
259
|
+
query_id: string;
|
|
260
|
+
last_updated: number;
|
|
261
|
+
verified_data?: VerifiedData;
|
|
262
|
+
error?: RequestError;
|
|
263
|
+
}
|
|
264
|
+
type VerifiedData = {
|
|
265
|
+
authorization_response?: AuthorizationResponse;
|
|
266
|
+
credential_claims?: AdditionalClaims;
|
|
267
|
+
};
|
|
268
|
+
type AuthorizationResponse = {
|
|
269
|
+
presentation_submission?: Record<string, any>;
|
|
270
|
+
vp_token?: VpToken;
|
|
271
|
+
};
|
|
272
|
+
type SingleObjectVpTokenPE = Record<string, any>;
|
|
273
|
+
type SingleStringVpTokenPE = string;
|
|
274
|
+
type MultipleVpTokens = Array<SingleObjectVpTokenPE> | Array<SingleStringVpTokenPE>;
|
|
275
|
+
type MultipleVpTokenDCQL = {
|
|
276
|
+
[key: string]: MultipleVpTokens;
|
|
277
|
+
};
|
|
278
|
+
type VpToken = SingleObjectVpTokenPE | SingleStringVpTokenPE | MultipleVpTokens | MultipleVpTokenDCQL;
|
|
238
279
|
|
|
239
280
|
declare function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
|
|
240
281
|
declare function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
|
|
241
282
|
|
|
242
|
-
declare function
|
|
243
|
-
declare function
|
|
244
|
-
declare function
|
|
283
|
+
declare function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts): void;
|
|
284
|
+
declare function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
|
|
285
|
+
declare function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
|
|
245
286
|
declare function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
|
|
246
287
|
|
|
247
288
|
declare class SIOPv2RPApiServer {
|
|
@@ -263,4 +304,4 @@ declare class SIOPv2RPApiServer {
|
|
|
263
304
|
get opts(): ISIOPv2RPRestAPIOpts | undefined;
|
|
264
305
|
}
|
|
265
306
|
|
|
266
|
-
export { type ComponentOptions, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type QRCodeOpts, SIOPv2RPApiServer, type SiopFeatures,
|
|
307
|
+
export { type AuthStatusResponse, type AuthorizationResponse, type ComponentOptions, type CreateAuthorizationRequestPayloadRequest, type CreateAuthorizationResponsePayloadResponse, type DeleteAuthorizationRequest, type DeleteAuthorizationRequestPathParameters, type GetAuthorizationRequestStatus, type GetAuthorizationRequestStatusPathParameters, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type MultipleVpTokenDCQL, type MultipleVpTokens, type QRCodeOpts, type RequestError, SIOPv2RPApiServer, type SingleObjectVpTokenPE, type SingleStringVpTokenPE, type SiopFeatures, type VerifiedData, type VpToken, authStatusUniversalOID4VPEndpoint, createAuthRequestUniversalOID4VPEndpoint, getAuthRequestSIOPv2Endpoint, getDefinitionsEndpoint, removeAuthRequestStateUniversalOID4VPEndpoint, verifyAuthResponseSIOPv2Endpoint };
|
package/dist/index.js
CHANGED
|
@@ -31,12 +31,12 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
|
|
|
31
31
|
console.log(`verifyAuthResponse SIOP endpoint is disabled`);
|
|
32
32
|
return;
|
|
33
33
|
}
|
|
34
|
-
const path = opts?.path ?? "/siop/definitions/:
|
|
34
|
+
const path = opts?.path ?? "/siop/definitions/:queryId/auth-responses/:correlationId";
|
|
35
35
|
router.post(path, checkAuth(opts?.endpoint), async (request, response) => {
|
|
36
36
|
try {
|
|
37
|
-
const { correlationId,
|
|
38
|
-
if (!correlationId
|
|
39
|
-
console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}
|
|
37
|
+
const { correlationId, queryId, tenantId, version } = request.params;
|
|
38
|
+
if (!correlationId) {
|
|
39
|
+
console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`);
|
|
40
40
|
return sendErrorResponse(response, 404, "No authorization request could be found");
|
|
41
41
|
}
|
|
42
42
|
console.log("Authorization Response (siop-sessions");
|
|
@@ -44,16 +44,16 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
|
|
|
44
44
|
const definitionItems = await context.agent.pdmGetDefinitions({
|
|
45
45
|
filter: [
|
|
46
46
|
{
|
|
47
|
-
queryId
|
|
47
|
+
queryId,
|
|
48
48
|
tenantId,
|
|
49
49
|
version
|
|
50
50
|
}
|
|
51
51
|
]
|
|
52
52
|
});
|
|
53
53
|
if (definitionItems.length === 0) {
|
|
54
|
-
console.log(`Could not get
|
|
54
|
+
console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
|
|
55
55
|
response.statusCode = 404;
|
|
56
|
-
response.statusMessage = `No definition ${
|
|
56
|
+
response.statusMessage = `No definition ${queryId}`;
|
|
57
57
|
return response.send();
|
|
58
58
|
}
|
|
59
59
|
const authorizationResponse = parseAuthorizationResponse(request);
|
|
@@ -62,7 +62,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
|
|
|
62
62
|
const verifiedResponse = await context.agent.siopVerifyAuthResponse({
|
|
63
63
|
authorizationResponse,
|
|
64
64
|
correlationId,
|
|
65
|
-
|
|
65
|
+
queryId,
|
|
66
66
|
dcqlQuery: definitionItem.dcqlQuery
|
|
67
67
|
});
|
|
68
68
|
const presentation = verifiedResponse?.oid4vpSubmission?.presentation;
|
|
@@ -78,7 +78,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
|
|
|
78
78
|
}
|
|
79
79
|
const responseRedirectURI = await context.agent.siopGetRedirectURI({
|
|
80
80
|
correlationId,
|
|
81
|
-
|
|
81
|
+
queryId,
|
|
82
82
|
state: verifiedResponse.state
|
|
83
83
|
});
|
|
84
84
|
if (responseRedirectURI) {
|
|
@@ -116,7 +116,7 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
|
|
|
116
116
|
}
|
|
117
117
|
const requestState = await context.agent.siopGetAuthRequestState({
|
|
118
118
|
correlationId,
|
|
119
|
-
definitionId,
|
|
119
|
+
queryId: definitionId,
|
|
120
120
|
errorOnNotFound: false
|
|
121
121
|
});
|
|
122
122
|
if (!requestState) {
|
|
@@ -137,8 +137,8 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
|
|
|
137
137
|
} finally {
|
|
138
138
|
await context.agent.siopUpdateAuthRequestState({
|
|
139
139
|
correlationId,
|
|
140
|
-
definitionId,
|
|
141
|
-
state: "
|
|
140
|
+
queryId: definitionId,
|
|
141
|
+
state: "authorization_request_created",
|
|
142
142
|
error
|
|
143
143
|
});
|
|
144
144
|
}
|
|
@@ -149,45 +149,86 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
|
|
|
149
149
|
}
|
|
150
150
|
__name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
|
|
151
151
|
|
|
152
|
-
// src/
|
|
153
|
-
import { AuthorizationResponseStateStatus } from "@sphereon/did-auth-siop";
|
|
152
|
+
// src/universal-oid4vp-api-functions.ts
|
|
153
|
+
import { AuthorizationResponseStateStatus, createAuthorizationRequestFromPayload, CreateAuthorizationRequestPayloadSchema } from "@sphereon/did-auth-siop";
|
|
154
154
|
import { checkAuth as checkAuth2, sendErrorResponse as sendErrorResponse2 } from "@sphereon/ssi-express-support";
|
|
155
155
|
import { uriWithBase } from "@sphereon/ssi-sdk.siopv2-oid4vp-common";
|
|
156
|
-
import { VerifiedDataMode } from "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth";
|
|
157
156
|
import uuid from "short-uuid";
|
|
158
|
-
|
|
159
|
-
|
|
157
|
+
|
|
158
|
+
// src/middleware/validationMiddleware.ts
|
|
159
|
+
import { ZodError } from "zod";
|
|
160
|
+
var validateData = /* @__PURE__ */ __name((schema) => {
|
|
161
|
+
return (req, res, next) => {
|
|
162
|
+
try {
|
|
163
|
+
schema.parse(req.body);
|
|
164
|
+
next();
|
|
165
|
+
} catch (error) {
|
|
166
|
+
if (error instanceof ZodError) {
|
|
167
|
+
const errorMessages = error.issues.map((issue) => ({
|
|
168
|
+
message: `${issue.path.join(".")} is ${issue.message}`
|
|
169
|
+
}));
|
|
170
|
+
res.status(400).json({
|
|
171
|
+
status: 400,
|
|
172
|
+
message: "Invalid data",
|
|
173
|
+
error_details: errorMessages[0].message
|
|
174
|
+
});
|
|
175
|
+
} else {
|
|
176
|
+
res.status(500).json({
|
|
177
|
+
status: 500,
|
|
178
|
+
message: "Internal Server Error"
|
|
179
|
+
});
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
};
|
|
183
|
+
}, "validateData");
|
|
184
|
+
|
|
185
|
+
// src/universal-oid4vp-api-functions.ts
|
|
186
|
+
function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
|
|
160
187
|
if (opts?.enabled === false) {
|
|
161
|
-
console.log(`createAuthRequest
|
|
188
|
+
console.log(`createAuthRequest universal OID4VP endpoint is disabled`);
|
|
162
189
|
return;
|
|
163
190
|
}
|
|
164
|
-
const path = opts?.path ?? "/
|
|
165
|
-
router.post(path, checkAuth2(opts?.endpoint), async (request, response) => {
|
|
191
|
+
const path = opts?.path ?? "/backend/auth/requests";
|
|
192
|
+
router.post(path, checkAuth2(opts?.endpoint), validateData(CreateAuthorizationRequestPayloadSchema), async (request, response) => {
|
|
166
193
|
try {
|
|
167
|
-
const
|
|
168
|
-
|
|
169
|
-
|
|
194
|
+
const authRequest = createAuthorizationRequestFromPayload(request.body);
|
|
195
|
+
const correlationId = authRequest.correlationId ?? uuid.uuid();
|
|
196
|
+
const qrCodeOpts = authRequest.qrCode ? {
|
|
197
|
+
...authRequest.qrCode
|
|
198
|
+
} : opts?.qrCodeOpts;
|
|
199
|
+
const queryId = authRequest.queryId;
|
|
200
|
+
const definitionItems = await context.agent.pdmGetDefinitions({
|
|
201
|
+
filter: [
|
|
202
|
+
{
|
|
203
|
+
queryId
|
|
204
|
+
}
|
|
205
|
+
]
|
|
206
|
+
});
|
|
207
|
+
if (definitionItems.length === 0) {
|
|
208
|
+
console.log(`No query could be found for the given id. Query id: ${queryId}`);
|
|
209
|
+
return sendErrorResponse2(response, 404, {
|
|
210
|
+
status: 404,
|
|
211
|
+
message: "No query could be found"
|
|
212
|
+
});
|
|
170
213
|
}
|
|
171
|
-
const
|
|
172
|
-
|
|
173
|
-
const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts;
|
|
174
|
-
const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {
|
|
175
|
-
baseURI: opts?.siopBaseURI
|
|
214
|
+
const requestByReferenceURI = uriWithBase(`/siop/definitions/${queryId}/auth-requests/${correlationId}`, {
|
|
215
|
+
baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI
|
|
176
216
|
});
|
|
177
|
-
const responseURI = uriWithBase(`/siop/definitions/${
|
|
217
|
+
const responseURI = uriWithBase(`/siop/definitions/${queryId}/auth-responses/${correlationId}`, {
|
|
178
218
|
baseURI: opts?.siopBaseURI
|
|
179
219
|
});
|
|
180
|
-
const responseRedirectURI = ("response_redirect_uri" in request.body && request.body.response_redirect_uri) ?? ("responseRedirectURI" in request.body && request.body.responseRedirectURI);
|
|
181
220
|
const authRequestURI = await context.agent.siopCreateAuthRequestURI({
|
|
182
|
-
|
|
221
|
+
queryId,
|
|
183
222
|
correlationId,
|
|
184
|
-
state,
|
|
185
223
|
nonce: uuid.uuid(),
|
|
186
224
|
requestByReferenceURI,
|
|
187
225
|
responseURIType: "response_uri",
|
|
188
226
|
responseURI,
|
|
189
|
-
...
|
|
190
|
-
responseRedirectURI
|
|
227
|
+
...authRequest.directPostResponseRedirectUri && {
|
|
228
|
+
responseRedirectURI: authRequest.directPostResponseRedirectUri
|
|
229
|
+
},
|
|
230
|
+
...authRequest.callback && {
|
|
231
|
+
callback: authRequest.callback
|
|
191
232
|
}
|
|
192
233
|
});
|
|
193
234
|
let qrCodeDataUri;
|
|
@@ -200,133 +241,131 @@ function createAuthRequestWebappEndpoint(router, context, opts) {
|
|
|
200
241
|
qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw()).toString("base64")}`;
|
|
201
242
|
}
|
|
202
243
|
const authRequestBody = {
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? "/webapp/auth-status", {
|
|
244
|
+
query_id: queryId,
|
|
245
|
+
correlation_id: correlationId,
|
|
246
|
+
request_uri: authRequestURI,
|
|
247
|
+
status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, {
|
|
208
248
|
baseURI: opts?.webappBaseURI
|
|
209
249
|
})}`,
|
|
210
250
|
...qrCodeDataUri && {
|
|
211
|
-
qrCodeDataUri
|
|
251
|
+
qr_uri: qrCodeDataUri
|
|
212
252
|
}
|
|
213
253
|
};
|
|
214
254
|
console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`);
|
|
215
|
-
return response.json(authRequestBody);
|
|
255
|
+
return response.status(201).json(authRequestBody);
|
|
216
256
|
} catch (error) {
|
|
217
|
-
return sendErrorResponse2(response, 500,
|
|
257
|
+
return sendErrorResponse2(response, 500, {
|
|
258
|
+
status: 500,
|
|
259
|
+
message: "Could not create an authorization request URI"
|
|
260
|
+
}, error);
|
|
218
261
|
}
|
|
219
262
|
});
|
|
220
263
|
}
|
|
221
|
-
__name(
|
|
222
|
-
function
|
|
264
|
+
__name(createAuthRequestUniversalOID4VPEndpoint, "createAuthRequestUniversalOID4VPEndpoint");
|
|
265
|
+
function removeAuthRequestStateUniversalOID4VPEndpoint(router, context, opts) {
|
|
223
266
|
if (opts?.enabled === false) {
|
|
224
|
-
console.log(`
|
|
267
|
+
console.log(`removeAuthStatus universal OID4VP endpoint is disabled`);
|
|
225
268
|
return;
|
|
226
269
|
}
|
|
227
|
-
const path = opts?.path ?? "/
|
|
228
|
-
router.
|
|
270
|
+
const path = opts?.path ?? "/backend/auth/requests/:correlationId";
|
|
271
|
+
router.delete(path, checkAuth2(opts?.endpoint), async (request, response) => {
|
|
229
272
|
try {
|
|
230
|
-
|
|
231
|
-
const
|
|
232
|
-
const definitionId = request.body.definitionId;
|
|
233
|
-
const requestState = correlationId && definitionId ? await context.agent.siopGetAuthRequestState({
|
|
273
|
+
const correlationId = request.params.correlationId;
|
|
274
|
+
const authRequestState = await context.agent.siopGetAuthRequestState({
|
|
234
275
|
correlationId,
|
|
235
|
-
definitionId,
|
|
236
276
|
errorOnNotFound: false
|
|
237
|
-
})
|
|
238
|
-
if (!
|
|
239
|
-
console.log(`No
|
|
240
|
-
response
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
correlationId,
|
|
245
|
-
definitionId,
|
|
246
|
-
lastUpdated: requestState ? requestState.lastUpdated : Date.now()
|
|
247
|
-
};
|
|
248
|
-
return response.json(statusBody2);
|
|
277
|
+
});
|
|
278
|
+
if (!authRequestState) {
|
|
279
|
+
console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
|
|
280
|
+
return sendErrorResponse2(response, 404, {
|
|
281
|
+
status: 404,
|
|
282
|
+
message: "No authorization request could be found"
|
|
283
|
+
});
|
|
249
284
|
}
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
285
|
+
await context.agent.siopDeleteAuthState({
|
|
286
|
+
correlationId
|
|
287
|
+
});
|
|
288
|
+
return response.status(204).json();
|
|
289
|
+
} catch (error) {
|
|
290
|
+
return sendErrorResponse2(response, 500, {
|
|
291
|
+
status: 500,
|
|
292
|
+
message: error.message
|
|
293
|
+
}, error);
|
|
294
|
+
}
|
|
295
|
+
});
|
|
296
|
+
}
|
|
297
|
+
__name(removeAuthRequestStateUniversalOID4VPEndpoint, "removeAuthRequestStateUniversalOID4VPEndpoint");
|
|
298
|
+
function authStatusUniversalOID4VPEndpoint(router, context, opts) {
|
|
299
|
+
if (opts?.enabled === false) {
|
|
300
|
+
console.log(`authStatus universal OID4VP endpoint is disabled`);
|
|
301
|
+
return;
|
|
302
|
+
}
|
|
303
|
+
const path = opts?.path ?? "/backend/auth/status/:correlationId";
|
|
304
|
+
router.get(path, checkAuth2(opts?.endpoint), async (request, response) => {
|
|
305
|
+
try {
|
|
306
|
+
console.log("Received auth-status request...");
|
|
307
|
+
const correlationId = request.params.correlationId;
|
|
308
|
+
const requestState = await context.agent.siopGetAuthRequestState({
|
|
309
|
+
correlationId,
|
|
310
|
+
errorOnNotFound: false
|
|
311
|
+
});
|
|
312
|
+
if (!requestState) {
|
|
313
|
+
console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
|
|
314
|
+
return sendErrorResponse2(response, 404, {
|
|
315
|
+
status: 404,
|
|
316
|
+
message: "No authorization request could be found"
|
|
317
|
+
});
|
|
253
318
|
}
|
|
254
319
|
let responseState;
|
|
255
|
-
if (requestState.status === "
|
|
320
|
+
if (requestState.status === "authorization_request_created") {
|
|
256
321
|
responseState = await context.agent.siopGetAuthResponseState({
|
|
257
322
|
correlationId,
|
|
258
|
-
definitionId,
|
|
259
|
-
includeVerifiedData,
|
|
260
323
|
errorOnNotFound: false
|
|
261
324
|
});
|
|
262
325
|
}
|
|
263
326
|
const overallState = responseState ?? requestState;
|
|
264
327
|
const statusBody = {
|
|
265
328
|
status: overallState.status,
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
definitionId,
|
|
271
|
-
lastUpdated: overallState.lastUpdated,
|
|
272
|
-
...responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED ? {
|
|
273
|
-
payload: await responseState.response.mergedPayloads({
|
|
274
|
-
hasher: defaultHasher
|
|
275
|
-
}),
|
|
329
|
+
correlation_id: overallState.correlationId,
|
|
330
|
+
query_id: overallState.queryId,
|
|
331
|
+
last_updated: overallState.lastUpdated,
|
|
332
|
+
...responseState?.status === AuthorizationResponseStateStatus.VERIFIED && responseState.verifiedData !== void 0 && {
|
|
276
333
|
verifiedData: responseState.verifiedData
|
|
277
|
-
}
|
|
334
|
+
},
|
|
335
|
+
...overallState.error && {
|
|
336
|
+
message: overallState.error.message
|
|
337
|
+
}
|
|
278
338
|
};
|
|
279
339
|
console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`);
|
|
280
340
|
if (overallState.status === "error") {
|
|
281
|
-
response.
|
|
282
|
-
return response.json(statusBody);
|
|
341
|
+
return response.status(500).json(statusBody);
|
|
283
342
|
}
|
|
284
|
-
response.
|
|
285
|
-
return response.json(statusBody);
|
|
286
|
-
} catch (error) {
|
|
287
|
-
return sendErrorResponse2(response, 500, error.message, error);
|
|
288
|
-
}
|
|
289
|
-
});
|
|
290
|
-
}
|
|
291
|
-
__name(authStatusWebappEndpoint, "authStatusWebappEndpoint");
|
|
292
|
-
function removeAuthRequestStateWebappEndpoint(router, context, opts) {
|
|
293
|
-
if (opts?.enabled === false) {
|
|
294
|
-
console.log(`removeAuthStatus Webapp endpoint is disabled`);
|
|
295
|
-
return;
|
|
296
|
-
}
|
|
297
|
-
const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests/:correlationId";
|
|
298
|
-
router.delete(path, checkAuth2(opts?.endpoint), async (request, response) => {
|
|
299
|
-
try {
|
|
300
|
-
const correlationId = request.params.correlationId;
|
|
301
|
-
const definitionId = request.params.definitionId;
|
|
302
|
-
if (!correlationId || !definitionId) {
|
|
303
|
-
console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
|
|
304
|
-
return sendErrorResponse2(response, 404, "No authorization request could be found");
|
|
305
|
-
}
|
|
306
|
-
response.statusCode = 200;
|
|
307
|
-
return response.json(await context.agent.siopDeleteAuthState({
|
|
308
|
-
definitionId,
|
|
309
|
-
correlationId
|
|
310
|
-
}));
|
|
343
|
+
return response.status(200).json(statusBody);
|
|
311
344
|
} catch (error) {
|
|
312
|
-
return sendErrorResponse2(response, 500,
|
|
345
|
+
return sendErrorResponse2(response, 500, {
|
|
346
|
+
status: 500,
|
|
347
|
+
message: error.message
|
|
348
|
+
}, error);
|
|
313
349
|
}
|
|
314
350
|
});
|
|
315
351
|
}
|
|
316
|
-
__name(
|
|
352
|
+
__name(authStatusUniversalOID4VPEndpoint, "authStatusUniversalOID4VPEndpoint");
|
|
317
353
|
function getDefinitionsEndpoint(router, context, opts) {
|
|
318
354
|
if (opts?.enabled === false) {
|
|
319
|
-
console.log(`getDefinitions
|
|
355
|
+
console.log(`getDefinitions universal OID4VP endpoint is disabled`);
|
|
320
356
|
return;
|
|
321
357
|
}
|
|
322
|
-
const path = opts?.path ?? "/
|
|
358
|
+
const path = opts?.path ?? "/backend/definitions";
|
|
323
359
|
router.get(path, checkAuth2(opts?.endpoint), async (request, response) => {
|
|
324
360
|
try {
|
|
325
361
|
const definitions = await context.agent.pdmGetDefinitions();
|
|
326
362
|
response.statusCode = 200;
|
|
327
363
|
return response.json(definitions);
|
|
328
364
|
} catch (error) {
|
|
329
|
-
return sendErrorResponse2(response, 500,
|
|
365
|
+
return sendErrorResponse2(response, 500, {
|
|
366
|
+
status: 500,
|
|
367
|
+
message: error.message
|
|
368
|
+
}, error);
|
|
330
369
|
}
|
|
331
370
|
});
|
|
332
371
|
}
|
|
@@ -377,9 +416,9 @@ var SIOPv2RPApiServer = class {
|
|
|
377
416
|
];
|
|
378
417
|
console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`);
|
|
379
418
|
if (features.includes("rp-status")) {
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
419
|
+
createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
|
|
420
|
+
authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
|
|
421
|
+
removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
|
|
383
422
|
getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions);
|
|
384
423
|
}
|
|
385
424
|
if (features.includes("siop")) {
|
|
@@ -426,11 +465,11 @@ var SIOPv2RPApiServer = class {
|
|
|
426
465
|
};
|
|
427
466
|
export {
|
|
428
467
|
SIOPv2RPApiServer,
|
|
429
|
-
|
|
430
|
-
|
|
468
|
+
authStatusUniversalOID4VPEndpoint,
|
|
469
|
+
createAuthRequestUniversalOID4VPEndpoint,
|
|
431
470
|
getAuthRequestSIOPv2Endpoint,
|
|
432
471
|
getDefinitionsEndpoint,
|
|
433
|
-
|
|
472
|
+
removeAuthRequestStateUniversalOID4VPEndpoint,
|
|
434
473
|
verifyAuthResponseSIOPv2Endpoint
|
|
435
474
|
};
|
|
436
475
|
//# sourceMappingURL=index.js.map
|