@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.SSISDK.58.host.nonce.endpoint.145 → 0.34.1-feature.SSISDK.58.host.nonce.endpoint.194

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api",
-  "version": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
+  "version": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -23,16 +23,16 @@
     "start:dev": "ts-node __tests__/RestAPI.ts"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.19.1-feature.SSISDK.58.host.nonce.endpoint.107",
-    "@sphereon/ssi-express-support": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
+    "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.161",
+    "@sphereon/ssi-express-support": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
     "@veramo/core": "4.2.0",
     "@veramo/credential-w3c": "4.2.0",
     "awesome-qr": "^2.1.5-rc.0",
@@ -44,18 +44,19 @@
     "express": "^4.19.2",
     "short-uuid": "^4.2.2",
     "swagger-ui-express": "^5.0.1",
-    "uuid": "^9.0.1"
+    "uuid": "^9.0.1",
+    "zod": "^4.1.5"
   },
   "devDependencies": {
     "@decentralized-identity/ion-sdk": "^0.6.0",
-    "@sphereon/did-auth-siop-adapter": "0.19.1-feature.SSISDK.58.host.nonce.endpoint.107",
+    "@sphereon/did-auth-siop-adapter": "0.19.1-feature.DIIPv4.161",
     "@sphereon/did-uni-client": "^0.6.3",
-    "@sphereon/pex": "5.0.0-unstable.28",
-    "@sphereon/pex-models": "^2.3.2",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
-    "@sphereon/ssi-sdk.data-store": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.145+5bfc0b12",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
+    "@sphereon/ssi-sdk.data-store": "0.34.1-feature.SSISDK.58.host.nonce.endpoint.194+287878cc",
     "@types/body-parser": "^1.19.5",
     "@types/cookie-parser": "^1.4.7",
     "@types/cors": "^2.8.17",
@@ -114,5 +115,5 @@
     "OpenID Connect",
     "Authenticator"
   ],
-  "gitHead": "5bfc0b1229134b5d80279a3baf1fc64c9c6e755e"
+  "gitHead": "287878cc3c59e1fe8f3303600e4139ef30258b17"
 }

package/src/index.ts

@@ -2,6 +2,6 @@
  * @public
  */
 export * from './siop-api-functions'
-export * from './webapp-api-functions'
+export * from './universal-oid4vp-api-functions'
 export * from './types'
 export * from './siopv2-rp-api-server'

package/src/middleware/validationMiddleware.ts

@@ -0,0 +1,20 @@
+import { Request, Response, NextFunction } from 'express';
+import { z, ZodError } from 'zod';
+
+export const validateData = (schema: z.ZodObject<any, any>) => {
+  return (req: Request, res: Response, next: NextFunction) => {
+    try {
+      schema.parse(req.body);
+      next();
+    } catch (error) {
+      if (error instanceof ZodError) {
+        const errorMessages = error.issues.map((issue: any) => ({
+          message: `${issue.path.join('.')} is ${issue.message}`,
+        }))
+        res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });
+      } else {
+        res.status(500).json({ status: 500, message: 'Internal Server Error' });
+      }
+    }
+  };
+}

package/src/schemas/index.ts

@@ -0,0 +1,36 @@
+import { CallbackOptsSchema, RequestUriMethod, ResponseMode, ResponseType } from '@sphereon/did-auth-siop'
+import { z } from 'zod'
+
+export const ResponseTypeSchema = z.enum([ResponseType.VP_TOKEN])
+
+export const ResponseModeSchema = z.enum([ResponseMode.DIRECT_POST, ResponseMode.DIRECT_POST_JWT])
+
+const requestUriMethods = ['get', 'post'] as const satisfies Array<RequestUriMethod>
+export const RequestUriMethodSchema = z.enum(requestUriMethods)
+export const QRCodeOptsSchema = z.object({
+  size: z.number().optional(),
+  color_dark: z.string().optional(),
+  color_light: z.string().optional(),
+})
+
+export const CreateAuthorizationRequestBodySchema = z.object({
+  query_id: z.string(),
+  client_id: z.string().optional(),
+  request_uri_base: z.string().optional(),
+  correlation_id: z.string().optional(),
+  request_uri_method: RequestUriMethodSchema.optional(),
+  response_type: ResponseTypeSchema.optional(),
+  response_mode: ResponseModeSchema.optional(),
+  transaction_data: z.array(z.string()).optional(),
+  qr_code: QRCodeOptsSchema.optional(),
+  direct_post_response_redirect_uri: z.string().optional(),
+  callback: CallbackOptsSchema.optional(),
+})
+
+export const CreateAuthorizationResponseSchema = z.object({
+  correlation_id: z.string(),
+  query_id: z.string(),
+  request_uri: z.string(),
+  status_uri: z.string(),
+  qr_uri: z.string().optional(),
+})

package/src/siop-api-functions.ts

@@ -49,18 +49,18 @@ export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequi
   const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'
   router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
     try {
-      const { correlationId, definitionId, tenantId, version } = request.params
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)
+      const { correlationId, queryId, tenantId, version } = request.params
+      if (!correlationId || !queryId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)
         return sendErrorResponse(response, 404, 'No authorization request could be found')
       }
       console.log('Authorization Response (siop-sessions')
       console.log(JSON.stringify(request.body, null, 2))
-      const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })
+      const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ queryId, tenantId, version }] })
       if (definitionItems.length === 0) {
-        console.log(`Could not get definition ${definitionId} from agent. Will return 404`)
+        console.log(`Could not get definition ${queryId} from agent. Will return 404`)
         response.statusCode = 404
-        response.statusMessage = `No definition ${definitionId}`
+        response.statusMessage = `No definition ${queryId}`
         return response.send()
       }
 
@@ -71,8 +71,8 @@ export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequi
       const verifiedResponse = await context.agent.siopVerifyAuthResponse({
         authorizationResponse,
         correlationId,
-        definitionId,
-        dcqlQueryPayload: definitionItem.dcqlPayload,
+        queryId,
+        dcqlQuery: definitionItem.query,
       })
 
       // FIXME SSISDK-55 add proper support for checking for DCQL presentations
@@ -89,7 +89,7 @@ export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequi
           return response.send(JSON.stringify(authorizationChallengeValidationResponse))
         }
 
-        const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })
+        const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, queryId: queryId, state: verifiedResponse.state })
         if (responseRedirectURI) {
           response.setHeader('Content-Type', 'application/json')
           return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))
@@ -124,7 +124,7 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
       }
       const requestState = await context.agent.siopGetAuthRequestState({
         correlationId,
-        definitionId,
+        queryId: definitionId,
         errorOnNotFound: false,
       })
       if (!requestState) {
@@ -148,8 +148,8 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
       } finally {
         await context.agent.siopUpdateAuthRequestState({
           correlationId,
-          definitionId,
-          state: 'sent',
+          queryId: definitionId,
+          state: 'authorization_request_created',
           error,
         })
       }

package/src/siopv2-rp-api-server.ts

@@ -1,23 +1,22 @@
 import { agentContext } from '@sphereon/ssi-sdk.core'
 import { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'
-import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
 import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
 import { TAgent } from '@veramo/core'
 import express, { Express, Request, Response, Router } from 'express'
 import { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'
 import { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'
 import {
-  authStatusWebappEndpoint,
-  createAuthRequestWebappEndpoint,
+  authStatusUniversalOID4VPEndpoint,
+  createAuthRequestUniversalOID4VPEndpoint,
   getDefinitionsEndpoint,
-  removeAuthRequestStateWebappEndpoint,
-} from './webapp-api-functions'
+  removeAuthRequestStateUniversalOID4VPEndpoint,
+} from './universal-oid4vp-api-functions'
 import swaggerUi from 'swagger-ui-express'
 
 export class SIOPv2RPApiServer {
   private readonly _express: Express
   private readonly _router: Router
-  private readonly _agent: TAgent<IPresentationExchange & ISIOPv2RP>
+  private readonly _agent: TAgent<ISIOPv2RP>
   private readonly _opts?: ISIOPv2RPRestAPIOpts
   private readonly _basePath: string
 
@@ -40,9 +39,9 @@ export class SIOPv2RPApiServer {
 
     // Webapp endpoints
     if (features.includes('rp-status')) {
-      createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)
-      authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)
-      removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)
+      createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)
+      authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)
+      removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)
       getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)
     }
 
@@ -92,7 +91,7 @@ export class SIOPv2RPApiServer {
     return this._router
   }
 
-  get agent(): TAgent<IPresentationExchange & ISIOPv2RP> {
+  get agent(): TAgent<ISIOPv2RP> {
     return this._agent
   }
 

package/src/types/types.ts

@@ -1,11 +1,16 @@
+import { IAgentContext, ICredentialVerifier } from '@veramo/core'
 import { GenericAuthArgs, ISingleEndpointOpts } from '@sphereon/ssi-express-support'
-import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
 import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
-import { IAgentContext, ICredentialVerifier } from '@veramo/core'
 import { IPDManager } from '@sphereon/ssi-sdk.pd-manager'
+import { AdditionalClaims } from '@sphereon/ssi-types'
+import { AuthorizationRequestStateStatus, AuthorizationResponseStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
+import { Request, Response } from 'express'
+import { z } from 'zod'
+import { CreateAuthorizationRequestBodySchema, CreateAuthorizationResponseSchema } from '../schemas'
 import { QRCodeOpts } from './QRCode.types'
 
 export type SiopFeatures = 'rp-status' | 'siop'
+
 export interface ISIOPv2RPRestAPIOpts {
   enableFeatures?: SiopFeatures[]
   endpointOpts?: {
@@ -28,5 +33,66 @@ export interface ICreateAuthRequestWebappEndpointOpts extends ISingleEndpointOpt
   responseRedirectURI?: string
 }
 
-export type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPresentationExchange & IPDManager
+export type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPDManager
 export type IRequiredContext = IAgentContext<IRequiredPlugins>
+
+export type CreateAuthorizationRequest = Request<Record<string, never>, any, CreateAuthorizationRequestBody, Record<string, never>>
+
+export type CreateAuthorizationRequestBody = z.infer<typeof CreateAuthorizationRequestBodySchema>;
+
+export type CreateAuthorizationResponse = Response<CreateAuthorizationRequestResponse>
+
+export type CreateAuthorizationRequestResponse = z.infer<typeof CreateAuthorizationResponseSchema>;
+
+export type DeleteAuthorizationRequest = Request<DeleteAuthorizationRequestPathParameters, any, Record<string, any>, Record<string, any>>
+
+export type DeleteAuthorizationRequestPathParameters = {
+  correlationId: string;
+}
+
+export type GetAuthorizationRequestStatus = Request<GetAuthorizationRequestStatusPathParameters, any, Record<string, any>, Record<string, any>>
+
+export type GetAuthorizationRequestStatusPathParameters = {
+  correlationId: string;
+}
+
+export type RequestError = {
+  status: number
+  message: string
+  error_details?: string
+}
+
+export interface AuthStatusResponse {
+  status: AuthorizationRequestStateStatus | AuthorizationResponseStateStatus
+  correlation_id: string
+  query_id: string
+  last_updated: number
+  verified_data?: VerifiedData
+  error?: RequestError
+}
+
+export type VerifiedData = {
+  authorization_response?: AuthorizationResponse
+  credential_claims?: AdditionalClaims
+}
+
+export type AuthorizationResponse = {
+  presentation_submission?: Record<string, any>
+  vp_token?: VpToken
+}
+
+export type SingleObjectVpTokenPE = Record<string, any>
+
+export type SingleStringVpTokenPE = string
+
+export type MultipleVpTokens = Array<SingleObjectVpTokenPE> | Array<SingleStringVpTokenPE>
+
+export type MultipleVpTokenDCQL = {
+  [key: string]: MultipleVpTokens
+}
+
+export type VpToken =
+  | SingleObjectVpTokenPE
+  | SingleStringVpTokenPE
+  | MultipleVpTokens
+  | MultipleVpTokenDCQL

package/src/universal-oid4vp-api-functions.ts

@@ -0,0 +1,179 @@
+import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'
+import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
+import { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
+import { Request, Response, Router } from 'express'
+import uuid from 'short-uuid'
+import { validateData } from './middleware/validationMiddleware'
+import { CreateAuthorizationRequestBodySchema } from './schemas'
+import {
+  CreateAuthorizationRequest,
+  CreateAuthorizationRequestResponse,
+  CreateAuthorizationResponse,
+  DeleteAuthorizationRequest,
+  GetAuthorizationRequestStatus,
+  AuthStatusResponse,
+  ICreateAuthRequestWebappEndpointOpts,
+  IRequiredContext,
+} from './types'
+
+export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`createAuthRequest universal OID4VP endpoint is disabled`)
+    return
+  }
+
+  const path = opts?.path ?? '/backend/auth/requests'
+  router.post(
+    path,
+    checkAuth(opts?.endpoint),
+    validateData(CreateAuthorizationRequestBodySchema),
+    async (request: CreateAuthorizationRequest, response: CreateAuthorizationResponse) => {
+      try {
+        const correlationId = request.body.correlation_id ?? uuid.uuid()
+        const qrCodeOpts = request.body.qr_code ?? opts?.qrCodeOpts
+        const queryId = request.body.query_id
+        const directPostResponseRedirectUri = request.body.direct_post_response_redirect_uri // TODO Uri not URI
+        const requestUriBase = request.body.request_uri_base
+        const callback = request.body.callback
+
+        const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ queryId }] })
+        if (definitionItems.length === 0) {
+          console.log(`No query could be found for the given id. Query id: ${queryId}`)
+          return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })
+        }
+
+        const requestByReferenceURI = uriWithBase(`/siop/definitions/${queryId}/auth-requests/${correlationId}`, {
+          baseURI: requestUriBase ?? opts?.siopBaseURI,
+        })
+        const responseURI = uriWithBase(`/siop/definitions/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })
+
+        const authRequestURI = await context.agent.siopCreateAuthRequestURI({
+          queryId,
+          correlationId,
+          nonce: uuid.uuid(),
+          requestByReferenceURI,
+          responseURIType: 'response_uri',
+          responseURI,
+          ...(directPostResponseRedirectUri && { responseRedirectURI: directPostResponseRedirectUri }),
+          callback,
+        })
+
+        let qrCodeDataUri: string | undefined
+        if (qrCodeOpts) {
+          const { AwesomeQR } = await import('awesome-qr')
+          const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })
+          qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`
+        }
+
+        const authRequestBody = {
+          query_id: queryId,
+          correlation_id: correlationId,
+          request_uri: authRequestURI,
+          status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,
+          ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),
+        } satisfies CreateAuthorizationRequestResponse
+        console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)
+
+        return response.status(201).json(authRequestBody)
+      } catch (error) {
+        return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)
+      }
+    },
+  )
+}
+
+export function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)
+    return
+  }
+
+  const path = opts?.path ?? '/backend/auth/requests/:correlationId'
+  router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {
+    try {
+      const correlationId: string = request.params.correlationId
+
+      const authRequestState = await context.agent.siopGetAuthRequestState({
+        correlationId,
+        errorOnNotFound: false,
+      })
+      if (!authRequestState) {
+        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)
+        return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })
+      }
+
+      await context.agent.siopDeleteAuthState({ correlationId })
+
+      return response.status(204).json()
+    } catch (error) {
+      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)
+    }
+  })
+}
+
+export function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`authStatus universal OID4VP endpoint is disabled`)
+    return
+  }
+
+  const path = opts?.path ?? '/backend/auth/status/:correlationId'
+  router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {
+    try {
+      console.log('Received auth-status request...')
+      const correlationId: string = request.params.correlationId
+
+      const requestState = await context.agent.siopGetAuthRequestState({
+        correlationId,
+        errorOnNotFound: false,
+      })
+
+      if (!requestState) {
+        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)
+        return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })
+      }
+
+      let responseState
+      if (requestState.status === 'authorization_request_created') {
+        responseState = await context.agent.siopGetAuthResponseState({ correlationId, errorOnNotFound: false })
+      }
+      const overallState = responseState ?? requestState
+
+      const statusBody = {
+        status: overallState.status,
+        correlation_id: overallState.correlationId,
+        query_id: overallState.queryId,
+        last_updated: overallState.lastUpdated,
+        ...(responseState?.status === AuthorizationResponseStateStatus.VERIFIED &&
+          responseState.verifiedData !== undefined && { verified_data: responseState.verifiedData }),
+        ...(overallState.error && { message: overallState.error.message }),
+      } satisfies AuthStatusResponse
+      console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)
+
+      if (overallState.status === 'error') {
+        return response.status(500).json(statusBody)
+      }
+      return response.status(200).json(statusBody)
+    } catch (error) {
+      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)
+    }
+  })
+}
+
+export function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`getDefinitions universal OID4VP endpoint is disabled`)
+    return
+  }
+
+  const path = opts?.path ?? '/backend/definitions'
+  router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
+    try {
+      const definitions = await context.agent.pdmGetDefinitions()
+      response.statusCode = 200
+      return response.json(definitions)
+    } catch (error) {
+      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)
+    }
+  })
+}

package/src/webapp-api-functions.ts

@@ -2,10 +2,10 @@ import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sp
 import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
 import { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
 import { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
+import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
 import { Request, Response, Router } from 'express'
 import uuid from 'short-uuid'
 import { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'
-import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
 
 export function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {
   if (opts?.enabled === false) {