@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.SSISDK.58.host.nonce.endpoint.194 → 0.34.1-feature.SSISDK.62.219
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +50 -75
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +7 -59
- package/dist/index.d.ts +7 -59
- package/dist/index.js +47 -72
- package/dist/index.js.map +1 -1
- package/package.json +21 -19
- package/src/siop-api-functions.ts +26 -15
- package/src/types/types.ts +9 -18
- package/src/universal-oid4vp-api-functions.ts +40 -24
- package/src/webapp-api-functions.ts +25 -27
- package/src/schemas/index.ts +0 -36
|
@@ -1,19 +1,26 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import {
|
|
2
|
+
AuthorizationRequestStateStatus,
|
|
3
|
+
AuthorizationResponseStateStatus,
|
|
4
|
+
CreateAuthorizationRequest,
|
|
5
|
+
createAuthorizationRequestFromPayload,
|
|
6
|
+
CreateAuthorizationRequestPayloadSchema,
|
|
7
|
+
CreateAuthorizationResponsePayload,
|
|
8
|
+
} from '@sphereon/did-auth-siop'
|
|
2
9
|
import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
|
|
3
10
|
import { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
|
|
11
|
+
import { VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
|
|
4
12
|
import { Request, Response, Router } from 'express'
|
|
5
13
|
import uuid from 'short-uuid'
|
|
6
14
|
import { validateData } from './middleware/validationMiddleware'
|
|
7
|
-
import { CreateAuthorizationRequestBodySchema } from './schemas'
|
|
8
15
|
import {
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
16
|
+
AuthStatusResponse,
|
|
17
|
+
CreateAuthorizationRequestPayloadRequest,
|
|
18
|
+
CreateAuthorizationResponsePayloadResponse,
|
|
12
19
|
DeleteAuthorizationRequest,
|
|
13
20
|
GetAuthorizationRequestStatus,
|
|
14
|
-
AuthStatusResponse,
|
|
15
21
|
ICreateAuthRequestWebappEndpointOpts,
|
|
16
22
|
IRequiredContext,
|
|
23
|
+
QRCodeOpts,
|
|
17
24
|
} from './types'
|
|
18
25
|
|
|
19
26
|
export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {
|
|
@@ -26,26 +33,29 @@ export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context
|
|
|
26
33
|
router.post(
|
|
27
34
|
path,
|
|
28
35
|
checkAuth(opts?.endpoint),
|
|
29
|
-
validateData(
|
|
30
|
-
async (request:
|
|
36
|
+
validateData(CreateAuthorizationRequestPayloadSchema),
|
|
37
|
+
async (request: CreateAuthorizationRequestPayloadRequest, response: CreateAuthorizationResponsePayloadResponse) => {
|
|
31
38
|
try {
|
|
32
|
-
const
|
|
33
|
-
const
|
|
34
|
-
const
|
|
35
|
-
const
|
|
36
|
-
|
|
37
|
-
const
|
|
38
|
-
|
|
39
|
-
|
|
39
|
+
const authRequest: CreateAuthorizationRequest = createAuthorizationRequestFromPayload(request.body)
|
|
40
|
+
const correlationId = authRequest.correlationId ?? uuid.uuid()
|
|
41
|
+
const qrCodeOpts = authRequest.qrCode ? ({ ...authRequest.qrCode } satisfies QRCodeOpts) : opts?.qrCodeOpts
|
|
42
|
+
const queryId = authRequest.queryId
|
|
43
|
+
|
|
44
|
+
const definitionItems = await context.agent.pdmGetDefinitions({
|
|
45
|
+
filter: [
|
|
46
|
+
{ id: queryId }, // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version
|
|
47
|
+
{ queryId },
|
|
48
|
+
],
|
|
49
|
+
})
|
|
40
50
|
if (definitionItems.length === 0) {
|
|
41
51
|
console.log(`No query could be found for the given id. Query id: ${queryId}`)
|
|
42
52
|
return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })
|
|
43
53
|
}
|
|
44
54
|
|
|
45
|
-
const requestByReferenceURI = uriWithBase(`/siop/
|
|
46
|
-
baseURI: requestUriBase ?? opts?.siopBaseURI,
|
|
55
|
+
const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {
|
|
56
|
+
baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI,
|
|
47
57
|
})
|
|
48
|
-
const responseURI = uriWithBase(`/siop/
|
|
58
|
+
const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })
|
|
49
59
|
|
|
50
60
|
const authRequestURI = await context.agent.siopCreateAuthRequestURI({
|
|
51
61
|
queryId,
|
|
@@ -54,8 +64,8 @@ export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context
|
|
|
54
64
|
requestByReferenceURI,
|
|
55
65
|
responseURIType: 'response_uri',
|
|
56
66
|
responseURI,
|
|
57
|
-
...(directPostResponseRedirectUri && { responseRedirectURI: directPostResponseRedirectUri }),
|
|
58
|
-
callback,
|
|
67
|
+
...(authRequest.directPostResponseRedirectUri && { responseRedirectURI: authRequest.directPostResponseRedirectUri }),
|
|
68
|
+
...(authRequest.callback && { callback: authRequest.callback }),
|
|
59
69
|
})
|
|
60
70
|
|
|
61
71
|
let qrCodeDataUri: string | undefined
|
|
@@ -63,6 +73,8 @@ export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context
|
|
|
63
73
|
const { AwesomeQR } = await import('awesome-qr')
|
|
64
74
|
const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })
|
|
65
75
|
qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`
|
|
76
|
+
} else {
|
|
77
|
+
qrCodeDataUri = authRequestURI
|
|
66
78
|
}
|
|
67
79
|
|
|
68
80
|
const authRequestBody = {
|
|
@@ -71,7 +83,7 @@ export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context
|
|
|
71
83
|
request_uri: authRequestURI,
|
|
72
84
|
status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,
|
|
73
85
|
...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),
|
|
74
|
-
} satisfies
|
|
86
|
+
} satisfies CreateAuthorizationResponsePayload
|
|
75
87
|
console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)
|
|
76
88
|
|
|
77
89
|
return response.status(201).json(authRequestBody)
|
|
@@ -134,8 +146,12 @@ export function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequ
|
|
|
134
146
|
}
|
|
135
147
|
|
|
136
148
|
let responseState
|
|
137
|
-
if (requestState.status ===
|
|
138
|
-
responseState = await context.agent.siopGetAuthResponseState({
|
|
149
|
+
if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {
|
|
150
|
+
responseState = await context.agent.siopGetAuthResponseState({
|
|
151
|
+
correlationId,
|
|
152
|
+
errorOnNotFound: false,
|
|
153
|
+
includeVerifiedData: VerifiedDataMode.VERIFIED_PRESENTATION,
|
|
154
|
+
})
|
|
139
155
|
}
|
|
140
156
|
const overallState = responseState ?? requestState
|
|
141
157
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'
|
|
1
|
+
import { AuthorizationRequestState, AuthorizationResponseStateStatus, AuthorizationResponseStateWithVerifiedData } from '@sphereon/did-auth-siop'
|
|
2
2
|
import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
|
|
3
3
|
import { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
|
|
4
|
-
import {
|
|
4
|
+
import { VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
|
|
5
5
|
import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
6
6
|
import { Request, Response, Router } from 'express'
|
|
7
7
|
import uuid from 'short-uuid'
|
|
@@ -12,29 +12,29 @@ export function createAuthRequestWebappEndpoint(router: Router, context: IRequir
|
|
|
12
12
|
console.log(`createAuthRequest Webapp endpoint is disabled`)
|
|
13
13
|
return
|
|
14
14
|
}
|
|
15
|
-
const path = opts?.path ?? '/webapp/
|
|
15
|
+
const path = opts?.path ?? '/webapp/queries/:queryId/auth-requests'
|
|
16
16
|
router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
|
|
17
17
|
try {
|
|
18
18
|
// if (!request.agent) throw Error('No agent configured')
|
|
19
|
-
const
|
|
20
|
-
if (!
|
|
21
|
-
return sendErrorResponse(response, 400, 'No
|
|
19
|
+
const queryId = request.params.queryId
|
|
20
|
+
if (!queryId) {
|
|
21
|
+
return sendErrorResponse(response, 400, 'No queryId query parameter provided')
|
|
22
22
|
}
|
|
23
23
|
const state: string = request.body.state ?? uuid.uuid()
|
|
24
24
|
const correlationId = request.body.correlationId ?? state
|
|
25
25
|
const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts
|
|
26
26
|
|
|
27
|
-
const requestByReferenceURI = uriWithBase(`/siop/
|
|
27
|
+
const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${state}`, {
|
|
28
28
|
baseURI: opts?.siopBaseURI,
|
|
29
29
|
})
|
|
30
|
-
const responseURI = uriWithBase(`/siop/
|
|
30
|
+
const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })
|
|
31
31
|
// first version is for backwards compat
|
|
32
32
|
const responseRedirectURI =
|
|
33
33
|
('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??
|
|
34
34
|
('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))
|
|
35
35
|
|
|
36
36
|
const authRequestURI = await context.agent.siopCreateAuthRequestURI({
|
|
37
|
-
|
|
37
|
+
queryId,
|
|
38
38
|
correlationId,
|
|
39
39
|
state,
|
|
40
40
|
nonce: uuid.uuid(),
|
|
@@ -53,7 +53,7 @@ export function createAuthRequestWebappEndpoint(router: Router, context: IRequir
|
|
|
53
53
|
const authRequestBody: GenerateAuthRequestURIResponse = {
|
|
54
54
|
correlationId,
|
|
55
55
|
state,
|
|
56
|
-
|
|
56
|
+
queryId,
|
|
57
57
|
authRequestURI,
|
|
58
58
|
authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,
|
|
59
59
|
...(qrCodeDataUri && { qrCodeDataUri }),
|
|
@@ -76,26 +76,24 @@ export function authStatusWebappEndpoint(router: Router, context: IRequiredConte
|
|
|
76
76
|
try {
|
|
77
77
|
console.log('Received auth-status request...')
|
|
78
78
|
const correlationId: string = request.body.correlationId as string
|
|
79
|
-
const
|
|
79
|
+
const queryId: string = request.body.queryId as string
|
|
80
80
|
|
|
81
81
|
const requestState =
|
|
82
|
-
correlationId &&
|
|
82
|
+
correlationId && queryId
|
|
83
83
|
? await context.agent.siopGetAuthRequestState({
|
|
84
84
|
correlationId,
|
|
85
|
-
|
|
85
|
+
queryId,
|
|
86
86
|
errorOnNotFound: false,
|
|
87
87
|
})
|
|
88
88
|
: undefined
|
|
89
|
-
if (!requestState || !
|
|
90
|
-
console.log(
|
|
91
|
-
`No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,
|
|
92
|
-
)
|
|
89
|
+
if (!requestState || !queryId || !correlationId) {
|
|
90
|
+
console.log(`No authentication request mapping could be found for the given URL. correlation: ${correlationId}, queryId: ${queryId}`)
|
|
93
91
|
response.statusCode = 404
|
|
94
92
|
const statusBody: AuthStatusResponse = {
|
|
95
93
|
status: requestState ? requestState.status : 'error',
|
|
96
94
|
error: 'No authentication request mapping could be found for the given URL.',
|
|
97
95
|
correlationId,
|
|
98
|
-
|
|
96
|
+
queryId,
|
|
99
97
|
lastUpdated: requestState ? requestState.lastUpdated : Date.now(),
|
|
100
98
|
}
|
|
101
99
|
return response.json(statusBody)
|
|
@@ -107,10 +105,10 @@ export function authStatusWebappEndpoint(router: Router, context: IRequiredConte
|
|
|
107
105
|
}
|
|
108
106
|
|
|
109
107
|
let responseState
|
|
110
|
-
if (requestState.status === '
|
|
108
|
+
if (requestState.status === 'authorization_request_retrieved') {
|
|
111
109
|
responseState = (await context.agent.siopGetAuthResponseState({
|
|
112
110
|
correlationId,
|
|
113
|
-
|
|
111
|
+
queryId,
|
|
114
112
|
includeVerifiedData: includeVerifiedData,
|
|
115
113
|
errorOnNotFound: false,
|
|
116
114
|
})) as AuthorizationResponseStateWithVerifiedData
|
|
@@ -121,7 +119,7 @@ export function authStatusWebappEndpoint(router: Router, context: IRequiredConte
|
|
|
121
119
|
status: overallState.status,
|
|
122
120
|
...(overallState.error ? { error: overallState.error?.message } : {}),
|
|
123
121
|
correlationId,
|
|
124
|
-
|
|
122
|
+
queryId,
|
|
125
123
|
lastUpdated: overallState.lastUpdated,
|
|
126
124
|
...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED
|
|
127
125
|
? {
|
|
@@ -148,17 +146,17 @@ export function removeAuthRequestStateWebappEndpoint(router: Router, context: IR
|
|
|
148
146
|
console.log(`removeAuthStatus Webapp endpoint is disabled`)
|
|
149
147
|
return
|
|
150
148
|
}
|
|
151
|
-
const path = opts?.path ?? '/webapp/
|
|
149
|
+
const path = opts?.path ?? '/webapp/queries/:queryId/auth-requests/:correlationId'
|
|
152
150
|
router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
|
|
153
151
|
try {
|
|
154
152
|
const correlationId: string = request.params.correlationId
|
|
155
|
-
const
|
|
156
|
-
if (!correlationId || !
|
|
157
|
-
console.log(`No authorization request could be found for the given url. correlationId: ${correlationId},
|
|
153
|
+
const queryId: string = request.params.queryId
|
|
154
|
+
if (!correlationId || !queryId) {
|
|
155
|
+
console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)
|
|
158
156
|
return sendErrorResponse(response, 404, 'No authorization request could be found')
|
|
159
157
|
}
|
|
160
158
|
response.statusCode = 200
|
|
161
|
-
return response.json(await context.agent.siopDeleteAuthState({
|
|
159
|
+
return response.json(await context.agent.siopDeleteAuthState({ queryId, correlationId }))
|
|
162
160
|
} catch (error) {
|
|
163
161
|
return sendErrorResponse(response, 500, error.message, error)
|
|
164
162
|
}
|
|
@@ -170,7 +168,7 @@ export function getDefinitionsEndpoint(router: Router, context: IRequiredContext
|
|
|
170
168
|
console.log(`getDefinitions Webapp endpoint is disabled`)
|
|
171
169
|
return
|
|
172
170
|
}
|
|
173
|
-
const path = opts?.path ?? '/webapp/
|
|
171
|
+
const path = opts?.path ?? '/webapp/queries'
|
|
174
172
|
router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
|
|
175
173
|
try {
|
|
176
174
|
const definitions = await context.agent.pdmGetDefinitions()
|
package/src/schemas/index.ts
DELETED
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
import { CallbackOptsSchema, RequestUriMethod, ResponseMode, ResponseType } from '@sphereon/did-auth-siop'
|
|
2
|
-
import { z } from 'zod'
|
|
3
|
-
|
|
4
|
-
export const ResponseTypeSchema = z.enum([ResponseType.VP_TOKEN])
|
|
5
|
-
|
|
6
|
-
export const ResponseModeSchema = z.enum([ResponseMode.DIRECT_POST, ResponseMode.DIRECT_POST_JWT])
|
|
7
|
-
|
|
8
|
-
const requestUriMethods = ['get', 'post'] as const satisfies Array<RequestUriMethod>
|
|
9
|
-
export const RequestUriMethodSchema = z.enum(requestUriMethods)
|
|
10
|
-
export const QRCodeOptsSchema = z.object({
|
|
11
|
-
size: z.number().optional(),
|
|
12
|
-
color_dark: z.string().optional(),
|
|
13
|
-
color_light: z.string().optional(),
|
|
14
|
-
})
|
|
15
|
-
|
|
16
|
-
export const CreateAuthorizationRequestBodySchema = z.object({
|
|
17
|
-
query_id: z.string(),
|
|
18
|
-
client_id: z.string().optional(),
|
|
19
|
-
request_uri_base: z.string().optional(),
|
|
20
|
-
correlation_id: z.string().optional(),
|
|
21
|
-
request_uri_method: RequestUriMethodSchema.optional(),
|
|
22
|
-
response_type: ResponseTypeSchema.optional(),
|
|
23
|
-
response_mode: ResponseModeSchema.optional(),
|
|
24
|
-
transaction_data: z.array(z.string()).optional(),
|
|
25
|
-
qr_code: QRCodeOptsSchema.optional(),
|
|
26
|
-
direct_post_response_redirect_uri: z.string().optional(),
|
|
27
|
-
callback: CallbackOptsSchema.optional(),
|
|
28
|
-
})
|
|
29
|
-
|
|
30
|
-
export const CreateAuthorizationResponseSchema = z.object({
|
|
31
|
-
correlation_id: z.string(),
|
|
32
|
-
query_id: z.string(),
|
|
33
|
-
request_uri: z.string(),
|
|
34
|
-
status_uri: z.string(),
|
|
35
|
-
qr_uri: z.string().optional(),
|
|
36
|
-
})
|