npm - @sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api - Versions diffs - 0.34.1-feature.SSISDK.58.host.nonce.endpoint.145 → 0.34.1-feature.SSISDK.62.218 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.SSISDK.58.host.nonce.endpoint.145 → 0.34.1-feature.SSISDK.62.218

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.cjs +186 -133
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +49 -9
package/dist/index.d.ts +49 -9
package/dist/index.js +185 -132
package/dist/index.js.map +1 -1
package/package.json +21 -18
package/src/index.ts +1 -1
package/src/middleware/validationMiddleware.ts +20 -0
package/src/siop-api-functions.ts +31 -20
package/src/siopv2-rp-api-server.ts +9 -10
package/src/types/types.ts +60 -3
package/src/universal-oid4vp-api-functions.ts +195 -0
package/src/webapp-api-functions.ts +26 -28

package/dist/index.cjs CHANGED Viewed

@@ -32,11 +32,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   SIOPv2RPApiServer: () => SIOPv2RPApiServer,
-  authStatusWebappEndpoint: () => authStatusWebappEndpoint,
-  createAuthRequestWebappEndpoint: () => createAuthRequestWebappEndpoint,
+  authStatusUniversalOID4VPEndpoint: () => authStatusUniversalOID4VPEndpoint,
+  createAuthRequestUniversalOID4VPEndpoint: () => createAuthRequestUniversalOID4VPEndpoint,
   getAuthRequestSIOPv2Endpoint: () => getAuthRequestSIOPv2Endpoint,
   getDefinitionsEndpoint: () => getDefinitionsEndpoint,
-  removeAuthRequestStateWebappEndpoint: () => removeAuthRequestStateWebappEndpoint,
+  removeAuthRequestStateUniversalOID4VPEndpoint: () => removeAuthRequestStateUniversalOID4VPEndpoint,
   verifyAuthResponseSIOPv2Endpoint: () => verifyAuthResponseSIOPv2Endpoint
 });
 module.exports = __toCommonJS(index_exports);
@@ -71,29 +71,36 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
     console.log(`verifyAuthResponse SIOP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/siop/definitions/:definitionId/auth-responses/:correlationId";
+  const path = opts?.path ?? "/siop/queries/:queryId/auth-responses/:correlationId";
   router.post(path, (0, import_ssi_express_support.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
-      const { correlationId, definitionId, tenantId, version } = request.params;
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
+      const { correlationId, queryId, tenantId, version } = request.params;
+      if (!correlationId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`);
         return (0, import_ssi_express_support.sendErrorResponse)(response, 404, "No authorization request could be found");
       }
-      console.log("Authorization Response (siop-sessions");
-      console.log(JSON.stringify(request.body, null, 2));
+      console.debug("Authorization Response (siop-sessions");
+      console.debug(JSON.stringify(request.body, null, 2));
       const definitionItems = await context.agent.pdmGetDefinitions({
         filter: [
           {
-            definitionId,
-            tenantId,
-            version
+            queryId,
+            ...tenantId && {
+              tenantId
+            },
+            ...version && {
+              version
+            }
+          },
+          {
+            id: queryId
           }
         ]
       });
       if (definitionItems.length === 0) {
-        console.log(`Could not get definition ${definitionId} from agent. Will return 404`);
+        console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
         response.statusCode = 404;
-        response.statusMessage = `No definition ${definitionId}`;
+        response.statusMessage = `No definition ${queryId}`;
         return response.send();
       }
       const authorizationResponse = parseAuthorizationResponse(request);
@@ -102,8 +109,8 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
       const verifiedResponse = await context.agent.siopVerifyAuthResponse({
         authorizationResponse,
         correlationId,
-        definitionId,
-        dcqlQueryPayload: definitionItem.dcqlPayload
+        queryId,
+        dcqlQuery: definitionItem.query
       });
       const presentation = verifiedResponse?.oid4vpSubmission?.presentation;
       if (presentation && Object.keys(presentation).length > 0) {
@@ -118,7 +125,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
         }
         const responseRedirectURI = await context.agent.siopGetRedirectURI({
           correlationId,
-          definitionId,
+          queryId,
           state: verifiedResponse.state
         });
         if (responseRedirectURI) {
@@ -145,22 +152,22 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
     console.log(`getAuthRequest SIOP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/siop/definitions/:definitionId/auth-requests/:correlationId";
+  const path = opts?.path ?? "/siop/queries/:queryId/auth-requests/:correlationId";
   router.get(path, (0, import_ssi_express_support.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
       const correlationId = request.params.correlationId;
-      const definitionId = request.params.definitionId;
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
+      const queryId = request.params.queryId;
+      if (!correlationId || !queryId) {
+        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`);
         return (0, import_ssi_express_support.sendErrorResponse)(response, 404, "No authorization request could be found");
       }
       const requestState = await context.agent.siopGetAuthRequestState({
         correlationId,
-        definitionId,
+        queryId,
         errorOnNotFound: false
       });
       if (!requestState) {
-        console.log(`No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`);
+        console.log(`No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`);
         return (0, import_ssi_express_support.sendErrorResponse)(response, 404, `No authorization request could be found`);
       }
       const requestObject = await requestState.request?.requestObject?.toJwt();
@@ -177,8 +184,8 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
       } finally {
         await context.agent.siopUpdateAuthRequestState({
           correlationId,
-          definitionId,
-          state: "sent",
+          queryId,
+          state: "authorization_request_created",
           error
         });
       }
@@ -189,45 +196,90 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
 }
 __name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
-// src/webapp-api-functions.ts
+// src/universal-oid4vp-api-functions.ts
 var import_did_auth_siop = require("@sphereon/did-auth-siop");
 var import_ssi_express_support2 = require("@sphereon/ssi-express-support");
 var import_ssi_sdk = require("@sphereon/ssi-sdk.siopv2-oid4vp-common");
 var import_ssi_sdk2 = require("@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth");
 var import_short_uuid = __toESM(require("short-uuid"), 1);
-var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
-function createAuthRequestWebappEndpoint(router, context, opts) {
+// src/middleware/validationMiddleware.ts
+var import_zod = require("zod");
+var validateData = /* @__PURE__ */ __name((schema) => {
+  return (req, res, next) => {
+    try {
+      schema.parse(req.body);
+      next();
+    } catch (error) {
+      if (error instanceof import_zod.ZodError) {
+        const errorMessages = error.issues.map((issue) => ({
+          message: `${issue.path.join(".")} is ${issue.message}`
+        }));
+        res.status(400).json({
+          status: 400,
+          message: "Invalid data",
+          error_details: errorMessages[0].message
+        });
+      } else {
+        res.status(500).json({
+          status: 500,
+          message: "Internal Server Error"
+        });
+      }
+    }
+  };
+}, "validateData");
+// src/universal-oid4vp-api-functions.ts
+function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`createAuthRequest Webapp endpoint is disabled`);
+    console.log(`createAuthRequest universal OID4VP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests";
-  router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
+  const path = opts?.path ?? "/backend/auth/requests";
+  router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), validateData(import_did_auth_siop.CreateAuthorizationRequestPayloadSchema), async (request, response) => {
     try {
-      const definitionId = request.params.definitionId;
-      if (!definitionId) {
-        return (0, import_ssi_express_support2.sendErrorResponse)(response, 400, "No definitionId query parameter provided");
+      const authRequest = (0, import_did_auth_siop.createAuthorizationRequestFromPayload)(request.body);
+      const correlationId = authRequest.correlationId ?? import_short_uuid.default.uuid();
+      const qrCodeOpts = authRequest.qrCode ? {
+        ...authRequest.qrCode
+      } : opts?.qrCodeOpts;
+      const queryId = authRequest.queryId;
+      const definitionItems = await context.agent.pdmGetDefinitions({
+        filter: [
+          {
+            id: queryId
+          },
+          {
+            queryId
+          }
+        ]
+      });
+      if (definitionItems.length === 0) {
+        console.log(`No query could be found for the given id. Query id: ${queryId}`);
+        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
+          status: 404,
+          message: "No query could be found"
+        });
       }
-      const state = request.body.state ?? import_short_uuid.default.uuid();
-      const correlationId = request.body.correlationId ?? state;
-      const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts;
-      const requestByReferenceURI = (0, import_ssi_sdk.uriWithBase)(`/siop/definitions/${definitionId}/auth-requests/${state}`, {
-        baseURI: opts?.siopBaseURI
+      const requestByReferenceURI = (0, import_ssi_sdk.uriWithBase)(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {
+        baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI
       });
-      const responseURI = (0, import_ssi_sdk.uriWithBase)(`/siop/definitions/${definitionId}/auth-responses/${state}`, {
+      const responseURI = (0, import_ssi_sdk.uriWithBase)(`/siop/queries/${queryId}/auth-responses/${correlationId}`, {
         baseURI: opts?.siopBaseURI
       });
-      const responseRedirectURI = ("response_redirect_uri" in request.body && request.body.response_redirect_uri) ?? ("responseRedirectURI" in request.body && request.body.responseRedirectURI);
       const authRequestURI = await context.agent.siopCreateAuthRequestURI({
-        definitionId,
+        queryId,
         correlationId,
-        state,
         nonce: import_short_uuid.default.uuid(),
         requestByReferenceURI,
         responseURIType: "response_uri",
         responseURI,
-        ...responseRedirectURI && {
-          responseRedirectURI
+        ...authRequest.directPostResponseRedirectUri && {
+          responseRedirectURI: authRequest.directPostResponseRedirectUri
+        },
+        ...authRequest.callback && {
+          callback: authRequest.callback
         }
       });
       let qrCodeDataUri;
@@ -238,142 +290,143 @@ function createAuthRequestWebappEndpoint(router, context, opts) {
           text: authRequestURI
         });
         qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw()).toString("base64")}`;
+      } else {
+        qrCodeDataUri = authRequestURI;
       }
       const authRequestBody = {
-        correlationId,
-        state,
-        definitionId,
-        authRequestURI,
-        authStatusURI: `${(0, import_ssi_sdk.uriWithBase)(opts?.webappAuthStatusPath ?? "/webapp/auth-status", {
+        query_id: queryId,
+        correlation_id: correlationId,
+        request_uri: authRequestURI,
+        status_uri: `${(0, import_ssi_sdk.uriWithBase)(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, {
           baseURI: opts?.webappBaseURI
         })}`,
         ...qrCodeDataUri && {
-          qrCodeDataUri
+          qr_uri: qrCodeDataUri
         }
       };
       console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`);
-      return response.json(authRequestBody);
+      return response.status(201).json(authRequestBody);
     } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, "Could not create an authorization request URI", error);
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: "Could not create an authorization request URI"
+      }, error);
     }
   });
 }
-__name(createAuthRequestWebappEndpoint, "createAuthRequestWebappEndpoint");
-function authStatusWebappEndpoint(router, context, opts) {
+__name(createAuthRequestUniversalOID4VPEndpoint, "createAuthRequestUniversalOID4VPEndpoint");
+function removeAuthRequestStateUniversalOID4VPEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`authStatus Webapp endpoint is disabled`);
+    console.log(`removeAuthStatus universal OID4VP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/webapp/auth-status";
-  router.post(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
+  const path = opts?.path ?? "/backend/auth/requests/:correlationId";
+  router.delete(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
-      console.log("Received auth-status request...");
-      const correlationId = request.body.correlationId;
-      const definitionId = request.body.definitionId;
-      const requestState = correlationId && definitionId ? await context.agent.siopGetAuthRequestState({
+      const correlationId = request.params.correlationId;
+      const authRequestState = await context.agent.siopGetAuthRequestState({
         correlationId,
-        definitionId,
         errorOnNotFound: false
-      }) : void 0;
-      if (!requestState || !definitionId || !correlationId) {
-        console.log(`No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`);
-        response.statusCode = 404;
-        const statusBody2 = {
-          status: requestState ? requestState.status : "error",
-          error: "No authentication request mapping could be found for the given URL.",
-          correlationId,
-          definitionId,
-          lastUpdated: requestState ? requestState.lastUpdated : Date.now()
-        };
-        return response.json(statusBody2);
+      });
+      if (!authRequestState) {
+        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
+        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
+          status: 404,
+          message: "No authorization request could be found"
+        });
       }
-      let includeVerifiedData = import_ssi_sdk2.VerifiedDataMode.NONE;
-      if ("includeVerifiedData" in request.body) {
-        includeVerifiedData = request.body.includeVerifiedData;
+      await context.agent.siopDeleteAuthState({
+        correlationId
+      });
+      return response.status(204).json();
+    } catch (error) {
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: error.message
+      }, error);
+    }
+  });
+}
+__name(removeAuthRequestStateUniversalOID4VPEndpoint, "removeAuthRequestStateUniversalOID4VPEndpoint");
+function authStatusUniversalOID4VPEndpoint(router, context, opts) {
+  if (opts?.enabled === false) {
+    console.log(`authStatus universal OID4VP endpoint is disabled`);
+    return;
+  }
+  const path = opts?.path ?? "/backend/auth/status/:correlationId";
+  router.get(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
+    try {
+      console.log("Received auth-status request...");
+      const correlationId = request.params.correlationId;
+      const requestState = await context.agent.siopGetAuthRequestState({
+        correlationId,
+        errorOnNotFound: false
+      });
+      if (!requestState) {
+        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
+        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, {
+          status: 404,
+          message: "No authorization request could be found"
+        });
       }
       let responseState;
-      if (requestState.status === "sent") {
+      if (requestState.status === import_did_auth_siop.AuthorizationRequestStateStatus.RETRIEVED) {
         responseState = await context.agent.siopGetAuthResponseState({
           correlationId,
-          definitionId,
-          includeVerifiedData,
-          errorOnNotFound: false
+          errorOnNotFound: false,
+          includeVerifiedData: import_ssi_sdk2.VerifiedDataMode.VERIFIED_PRESENTATION
         });
       }
       const overallState = responseState ?? requestState;
       const statusBody = {
         status: overallState.status,
-        ...overallState.error ? {
-          error: overallState.error?.message
-        } : {},
-        correlationId,
-        definitionId,
-        lastUpdated: overallState.lastUpdated,
-        ...responseState && responseState.status === import_did_auth_siop.AuthorizationResponseStateStatus.VERIFIED ? {
-          payload: await responseState.response.mergedPayloads({
-            hasher: import_ssi_sdk3.shaHasher
-          }),
-          verifiedData: responseState.verifiedData
-        } : {}
+        correlation_id: overallState.correlationId,
+        query_id: overallState.queryId,
+        last_updated: overallState.lastUpdated,
+        ...responseState?.status === import_did_auth_siop.AuthorizationResponseStateStatus.VERIFIED && responseState.verifiedData !== void 0 && {
+          verified_data: responseState.verifiedData
+        },
+        ...overallState.error && {
+          message: overallState.error.message
+        }
       };
       console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`);
       if (overallState.status === "error") {
-        response.statusCode = 500;
-        return response.json(statusBody);
+        return response.status(500).json(statusBody);
       }
-      response.statusCode = 200;
-      return response.json(statusBody);
+      return response.status(200).json(statusBody);
     } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: error.message
+      }, error);
     }
   });
 }
-__name(authStatusWebappEndpoint, "authStatusWebappEndpoint");
-function removeAuthRequestStateWebappEndpoint(router, context, opts) {
-  if (opts?.enabled === false) {
-    console.log(`removeAuthStatus Webapp endpoint is disabled`);
-    return;
-  }
-  const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests/:correlationId";
-  router.delete(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
-    try {
-      const correlationId = request.params.correlationId;
-      const definitionId = request.params.definitionId;
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
-        return (0, import_ssi_express_support2.sendErrorResponse)(response, 404, "No authorization request could be found");
-      }
-      response.statusCode = 200;
-      return response.json(await context.agent.siopDeleteAuthState({
-        definitionId,
-        correlationId
-      }));
-    } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
-    }
-  });
-}
-__name(removeAuthRequestStateWebappEndpoint, "removeAuthRequestStateWebappEndpoint");
+__name(authStatusUniversalOID4VPEndpoint, "authStatusUniversalOID4VPEndpoint");
 function getDefinitionsEndpoint(router, context, opts) {
   if (opts?.enabled === false) {
-    console.log(`getDefinitions Webapp endpoint is disabled`);
+    console.log(`getDefinitions universal OID4VP endpoint is disabled`);
     return;
   }
-  const path = opts?.path ?? "/webapp/definitions";
+  const path = opts?.path ?? "/backend/definitions";
   router.get(path, (0, import_ssi_express_support2.checkAuth)(opts?.endpoint), async (request, response) => {
     try {
       const definitions = await context.agent.pdmGetDefinitions();
       response.statusCode = 200;
       return response.json(definitions);
     } catch (error) {
-      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, error.message, error);
+      return (0, import_ssi_express_support2.sendErrorResponse)(response, 500, {
+        status: 500,
+        message: error.message
+      }, error);
     }
   });
 }
 __name(getDefinitionsEndpoint, "getDefinitionsEndpoint");
 // src/siopv2-rp-api-server.ts
-var import_ssi_sdk4 = require("@sphereon/ssi-sdk.core");
+var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
 var import_ssi_express_support3 = require("@sphereon/ssi-express-support");
 var import_express = __toESM(require("express"), 1);
 var import_swagger_ui_express = __toESM(require("swagger-ui-express"), 1);
@@ -410,16 +463,16 @@ var SIOPv2RPApiServer = class {
     this._opts = opts;
     this._express = args.expressSupport.express;
     this._router = import_express.default.Router();
-    const context = (0, import_ssi_sdk4.agentContext)(agent);
+    const context = (0, import_ssi_sdk3.agentContext)(agent);
     const features = opts?.enableFeatures ?? [
       "rp-status",
       "siop"
     ];
     console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`);
     if (features.includes("rp-status")) {
-      createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
-      authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
-      removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
+      createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
+      authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
+      removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
       getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions);
     }
     if (features.includes("siop")) {