@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-fix.143 → 0.34.1-fix.146

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/index.cjs +1 -1
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +2 -3
  4. package/dist/index.d.ts +2 -3
  5. package/dist/index.js +1 -1
  6. package/dist/index.js.map +1 -1
  7. package/package.json +15 -17
  8. package/src/siopv2-rp-api-server.ts +2 -3
  9. package/src/types/types.ts +1 -2
  10. package/src/webapp-api-functions.ts +1 -1
package/dist/index.cjs CHANGED
@@ -194,8 +194,8 @@ var import_did_auth_siop = require("@sphereon/did-auth-siop");
194
194
  var import_ssi_express_support2 = require("@sphereon/ssi-express-support");
195
195
  var import_ssi_sdk = require("@sphereon/ssi-sdk.siopv2-oid4vp-common");
196
196
  var import_ssi_sdk2 = require("@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth");
197
- var import_short_uuid = __toESM(require("short-uuid"), 1);
198
197
  var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
198
+ var import_short_uuid = __toESM(require("short-uuid"), 1);
199
199
  function createAuthRequestWebappEndpoint(router, context, opts) {
200
200
  if (opts?.enabled === false) {
201
201
  console.log(`createAuthRequest Webapp endpoint is disabled`);
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/siop-api-functions.ts","../src/webapp-api-functions.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["/**\n * @public\n */\nexport * from './siop-api-functions'\nexport * from './webapp-api-functions'\nexport * from './types'\nexport * from './siopv2-rp-api-server'\n","import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, definitionId, tenantId, version } = request.params\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.log('Authorization Response (siop-sessions')\n console.log(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })\n if (definitionItems.length === 0) {\n console.log(`Could not get definition ${definitionId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${definitionId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n definitionId,\n dcqlQueryPayload: definitionItem.dcqlPayload,\n })\n\n // FIXME SSISDK-55 add proper support for checking for DCQL presentations\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && Object.keys(presentation).length > 0) {\n console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const definitionId = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n definitionId,\n state: 'sent',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n // if (!request.agent) throw Error('No agent configured')\n const definitionId = request.params.definitionId\n if (!definitionId) {\n return sendErrorResponse(response, 400, 'No definitionId query parameter provided')\n }\n const state: string = request.body.state ?? uuid.uuid()\n const correlationId = request.body.correlationId ?? state\n const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts\n\n const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {\n baseURI: opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })\n // first version is for backwards compat\n const responseRedirectURI =\n ('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??\n ('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n definitionId,\n correlationId,\n state,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(responseRedirectURI && { responseRedirectURI }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n }\n const authRequestBody: GenerateAuthRequestURIResponse = {\n correlationId,\n state,\n definitionId,\n authRequestURI,\n authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qrCodeDataUri }),\n }\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n return response.json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not create an authorization request URI', error)\n }\n })\n}\n\nexport function authStatusWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/auth-status'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.body.correlationId as string\n const definitionId: string = request.body.definitionId as string\n\n const requestState =\n correlationId && definitionId\n ? await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n : undefined\n if (!requestState || !definitionId || !correlationId) {\n console.log(\n `No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,\n )\n response.statusCode = 404\n const statusBody: AuthStatusResponse = {\n status: requestState ? requestState.status : 'error',\n error: 'No authentication request mapping could be found for the given URL.',\n correlationId,\n definitionId,\n lastUpdated: requestState ? requestState.lastUpdated : Date.now(),\n }\n return response.json(statusBody)\n }\n\n let includeVerifiedData: VerifiedDataMode = VerifiedDataMode.NONE\n if ('includeVerifiedData' in request.body) {\n includeVerifiedData = request.body.includeVerifiedData as VerifiedDataMode\n }\n\n let responseState\n if (requestState.status === 'sent') {\n responseState = (await context.agent.siopGetAuthResponseState({\n correlationId,\n definitionId,\n includeVerifiedData: includeVerifiedData,\n errorOnNotFound: false,\n })) as AuthorizationResponseStateWithVerifiedData\n }\n const overallState: AuthorizationRequestState | AuthorizationResponseStateWithVerifiedData = responseState ?? requestState\n\n const statusBody: AuthStatusResponse = {\n status: overallState.status,\n ...(overallState.error ? { error: overallState.error?.message } : {}),\n correlationId,\n definitionId,\n lastUpdated: overallState.lastUpdated,\n ...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED\n ? {\n payload: await responseState.response.mergedPayloads({ hasher: defaultHasher }),\n verifiedData: responseState.verifiedData,\n }\n : {}),\n }\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n if (overallState.status === 'error') {\n response.statusCode = 500\n return response.json(statusBody)\n }\n response.statusCode = 200\n return response.json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function removeAuthRequestStateWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n const definitionId: string = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n response.statusCode = 200\n return response.json(await context.agent.siopDeleteAuthState({ definitionId, correlationId }))\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusWebappEndpoint,\n createAuthRequestWebappEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateWebappEndpoint,\n} from './webapp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<IPresentationExchange & ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<IPresentationExchange & ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;ACCA,iCAAkE;AAElE,uBAAiC;AAIjC,IAAMA,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,kCAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,cAAcC,UAAUC,QAAO,IAAK7B,QAAQ8B;AACnE,UAAI,CAACJ,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAET;YAAcC;YAAUC;UAAQ;;MAAG,CAAA;AAC9G,UAAII,gBAAgBI,WAAW,GAAG;AAChC7B,gBAAQC,IAAI,4BAA4BkB,YAAAA,8BAA0C;AAClFF,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB,iBAAiBZ,YAAAA;AAC1C,eAAOF,SAASe,KAAI;MACtB;AAEA,YAAMC,wBAAwB1C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAMzB,QAAQgB,MAAMU,uBAAuB;QAClEH;QACAf;QACAC;QACAkB,kBAAkBH,eAAeI;MACnC,CAAA;AAGA,YAAMC,eAAeJ,kBAAkBK,kBAAkBD;AACzD,UAAIA,gBAAgBE,OAAOC,KAAKH,YAAAA,EAAcV,SAAS,GAAG;AACxD7B,gBAAQC,IAAI,mBAAmBJ,KAAK2B,UAAUW,kBAAkBK,kBAAkBD,cAAc,MAAM,CAAA,CAAA;AACtGtB,iBAASa,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBjB;QACzD;AACA,YAAIe,sBAAsBY,gBAAgB;AACxC5B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAUmB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMrC,QAAQgB,MAAMsB,mBAAmB;UAAE9B;UAAeC;UAAc8B,OAAOd,iBAAiBc;QAAM,CAAA;AAChI,YAAIF,qBAAqB;AACvB9B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAU;YAAE0B,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACL/C,gBAAQC,IAAI,+CAAA;AACZgB,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB;MAC3B;AACA,aAAOd,SAASe,KAAI;IACtB,SAASmB,OAAO;AACdnD,cAAQmD,MAAMA,KAAAA;AACd,iBAAO5B,8CAAkBN,UAAU,KAAK,gCAAgCkC,KAAAA;IAC1E;EACF,CAAA;AACF;AAjEgB3C;AAmET,SAAS4C,6BAA6B3C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO4C,IAAIxC,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,eAAe3B,QAAQ8B,OAAOH;AACpC,UAAI,CAACD,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMqC,eAAe,MAAM5C,QAAQgB,MAAM6B,wBAAwB;QAC/DrC;QACAC;QACAqC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBtD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,YAAAA,EAAc;AAElJ,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAMwC,gBAAgB,MAAMH,aAAa9D,SAASiE,eAAeC,MAAAA;AACjE1D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAIwD,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFlC,iBAASa,aAAa;AACtBb,iBAAS6B,UAAU,gBAAgB,iBAAA;AACnC,eAAO7B,SAASe,KAAKyB,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAapD,QAAQoD,EAAEC,UAAUC;AACrE,mBAAOtC,8CAAkBN,UAAU,KAAK,uCAAuC0C,CAAAA;MACjF,UAAA;AACE,cAAMjD,QAAQgB,MAAMoC,2BAA2B;UAC7C5C;UACAC;UACA8B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,iBAAO5B,8CAAkBN,UAAU,KAAK,uCAAuCkC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;AC9GhB,2BAA4E;AAC5E,IAAAW,8BAAkE;AAClE,qBAAgF;AAChF,IAAAC,kBAA6E;AAE7E,wBAAiB;AAEjB,IAAAA,kBAA2C;AAEpC,SAASC,gCAAgCC,QAAgBC,SAA2BC,MAA2C;AACpI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,+CAA+C;AAC3D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AAEF,YAAMC,eAAeF,QAAQG,OAAOD;AACpC,UAAI,CAACA,cAAc;AACjB,mBAAOE,+CAAkBH,UAAU,KAAK,0CAAA;MAC1C;AACA,YAAMI,QAAgBL,QAAQM,KAAKD,SAASE,kBAAAA,QAAKA,KAAI;AACrD,YAAMC,gBAAgBR,QAAQM,KAAKE,iBAAiBH;AACpD,YAAMI,aAAaT,QAAQM,KAAKG,cAAcjB,MAAMiB;AAEpD,YAAMC,4BAAwBC,4BAAY,qBAAqBT,YAAAA,kBAA8BG,KAAAA,IAAS;QACpGO,SAASpB,MAAMqB;MACjB,CAAA;AACA,YAAMC,kBAAcH,4BAAY,qBAAqBT,YAAAA,mBAA+BG,KAAAA,IAAS;QAAEO,SAASpB,MAAMqB;MAAY,CAAA;AAE1H,YAAME,uBACH,2BAA2Bf,QAAQM,QAASN,QAAQM,KAAKU,2BACzD,yBAAyBhB,QAAQM,QAASN,QAAQM,KAAKS;AAE1D,YAAME,iBAAiB,MAAM1B,QAAQ2B,MAAMC,yBAAyB;QAClEjB;QACAM;QACAH;QACAe,OAAOb,kBAAAA,QAAKA,KAAI;QAChBG;QACAW,iBAAiB;QACjBP;QACA,GAAIC,uBAAuB;UAAEA;QAAoB;MACnD,CAAA;AAEA,UAAIO;AACJ,UAAIb,YAAY;AACd,cAAM,EAAEc,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAGd;UAAYgB,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AACA,YAAMC,kBAAkD;QACtDpB;QACAH;QACAH;QACAe;QACAY,eAAe,OAAGlB,4BAAYnB,MAAMsC,wBAAwB,uBAAuB;UAAElB,SAASpB,MAAMuC;QAAc,CAAA,CAAA;QAClH,GAAIT,iBAAiB;UAAEA;QAAc;MACvC;AACA5B,cAAQC,IAAI,uCAAuCqC,KAAKC,UAAUL,eAAAA,CAAAA,EAAkB;AACpF,aAAO3B,SAASiC,KAAKN,eAAAA;IACvB,SAASO,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAK,iDAAiDkC,KAAAA;IAC3F;EACF,CAAA;AACF;AAzDgB9C;AA2DT,SAAS+C,yBAAyB9C,QAAgBC,SAA2BC,MAA0B;AAC5G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wCAAwC;AACpD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AACFP,cAAQC,IAAI,iCAAA;AACZ,YAAMa,gBAAwBR,QAAQM,KAAKE;AAC3C,YAAMN,eAAuBF,QAAQM,KAAKJ;AAE1C,YAAMmC,eACJ7B,iBAAiBN,eACb,MAAMX,QAAQ2B,MAAMoB,wBAAwB;QAC1C9B;QACAN;QACAqC,iBAAiB;MACnB,CAAA,IACAC;AACN,UAAI,CAACH,gBAAgB,CAACnC,gBAAgB,CAACM,eAAe;AACpDd,gBAAQC,IACN,oFAAoFa,aAAAA,mBAAgCN,YAAAA,EAAc;AAEpID,iBAASwC,aAAa;AACtB,cAAMC,cAAiC;UACrCC,QAAQN,eAAeA,aAAaM,SAAS;UAC7CR,OAAO;UACP3B;UACAN;UACA0C,aAAaP,eAAeA,aAAaO,cAAcC,KAAKC,IAAG;QACjE;AACA,eAAO7C,SAASiC,KAAKQ,WAAAA;MACvB;AAEA,UAAIK,sBAAwCC,iCAAiBC;AAC7D,UAAI,yBAAyBjD,QAAQM,MAAM;AACzCyC,8BAAsB/C,QAAQM,KAAKyC;MACrC;AAEA,UAAIG;AACJ,UAAIb,aAAaM,WAAW,QAAQ;AAClCO,wBAAiB,MAAM3D,QAAQ2B,MAAMiC,yBAAyB;UAC5D3C;UACAN;UACA6C;UACAR,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMa,eAAuFF,iBAAiBb;AAE9G,YAAMK,aAAiC;QACrCC,QAAQS,aAAaT;QACrB,GAAIS,aAAajB,QAAQ;UAAEA,OAAOiB,aAAajB,OAAOkB;QAAQ,IAAI,CAAC;QACnE7C;QACAN;QACA0C,aAAaQ,aAAaR;QAC1B,GAAIM,iBAAiBA,cAAcP,WAAWW,sDAAiCC,WAC3E;UACEC,SAAS,MAAMN,cAAcjD,SAASwD,eAAe;YAAEC,QAAQC,gBAAAA;UAAc,CAAA;UAC7EC,cAAcV,cAAcU;QAC9B,IACA,CAAC;MACP;AACAlE,cAAQmE,MAAM,0BAA0B7B,KAAKC,UAAUS,UAAAA,CAAAA,EAAa;AACpE,UAAIU,aAAaT,WAAW,SAAS;AACnC1C,iBAASwC,aAAa;AACtB,eAAOxC,SAASiC,KAAKQ,UAAAA;MACvB;AACAzC,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKQ,UAAAA;IACvB,SAASP,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AA3EgBC;AA6ET,SAAS0B,qCAAqCxE,QAAgBC,SAA2BC,MAA0B;AACxH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOyE,OAAOnE,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACtE,QAAI;AACF,YAAMO,gBAAwBR,QAAQG,OAAOK;AAC7C,YAAMN,eAAuBF,QAAQG,OAAOD;AAC5C,UAAI,CAACM,iBAAiB,CAACN,cAAc;AACnCR,gBAAQC,IAAI,6EAA6Ea,aAAAA,mBAAgCN,YAAAA,EAAc;AACvI,mBAAOE,+CAAkBH,UAAU,KAAK,yCAAA;MAC1C;AACAA,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAK,MAAM3C,QAAQ2B,MAAM8C,oBAAoB;QAAE9D;QAAcM;MAAc,CAAA,CAAA;IAC7F,SAAS2B,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AApBgB2B;AAsBT,SAASG,uBAAuB3E,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,4CAA4C;AACxD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO4E,IAAItE,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMkE,cAAc,MAAM5E,QAAQ2B,MAAMkD,kBAAiB;AACzDnE,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKiC,WAAAA;IACvB,SAAShC,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AAfgB8B;;;ACvKhB,IAAAI,kBAA6B;AAC7B,IAAAC,8BAA0D;AAI1D,qBAA4D;AAS5D,gCAAsB;AAEf,IAAMC,oBAAN,MAAMA;EAhBb,OAgBaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,+DAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,iEAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,eAAAA,QAAQC,OAAM;AAC7B,UAAMC,cAAUC,8BAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,sCAAgC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AAC3EC,+BAAyB,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AACpEC,2CAAqC,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AAChFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,0BAAAA,QAAUC,WAAWb,SAASc,OAAAA,GAC9BF,0BAAAA,QAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAAmD;AACrD,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","definitionId","tenantId","version","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQueryPayload","dcqlPayload","presentation","oid4vpSubmission","Object","keys","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","import_ssi_express_support","import_ssi_sdk","createAuthRequestWebappEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","request","response","definitionId","params","sendErrorResponse","state","body","uuid","correlationId","qrCodeOpts","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","responseRedirectURI","response_redirect_uri","authRequestURI","agent","siopCreateAuthRequestURI","nonce","responseURIType","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","authStatusURI","webappAuthStatusPath","webappBaseURI","JSON","stringify","json","error","authStatusWebappEndpoint","requestState","siopGetAuthRequestState","errorOnNotFound","undefined","statusCode","statusBody","status","lastUpdated","Date","now","includeVerifiedData","VerifiedDataMode","NONE","responseState","siopGetAuthResponseState","overallState","message","AuthorizationResponseStateStatus","VERIFIED","payload","mergedPayloads","hasher","defaultHasher","verifiedData","debug","removeAuthRequestStateWebappEndpoint","delete","siopDeleteAuthState","getDefinitionsEndpoint","get","definitions","pdmGetDefinitions","import_ssi_sdk","import_ssi_express_support","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestWebappEndpoint","webappCreateAuthRequest","authStatusWebappEndpoint","webappAuthStatus","removeAuthRequestStateWebappEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/siop-api-functions.ts","../src/webapp-api-functions.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["/**\n * @public\n */\nexport * from './siop-api-functions'\nexport * from './webapp-api-functions'\nexport * from './types'\nexport * from './siopv2-rp-api-server'\n","import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, definitionId, tenantId, version } = request.params\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.log('Authorization Response (siop-sessions')\n console.log(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })\n if (definitionItems.length === 0) {\n console.log(`Could not get definition ${definitionId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${definitionId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n definitionId,\n dcqlQueryPayload: definitionItem.dcqlPayload,\n })\n\n // FIXME SSISDK-55 add proper support for checking for DCQL presentations\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && Object.keys(presentation).length > 0) {\n console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const definitionId = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n definitionId,\n state: 'sent',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'\n\nexport function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n // if (!request.agent) throw Error('No agent configured')\n const definitionId = request.params.definitionId\n if (!definitionId) {\n return sendErrorResponse(response, 400, 'No definitionId query parameter provided')\n }\n const state: string = request.body.state ?? uuid.uuid()\n const correlationId = request.body.correlationId ?? state\n const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts\n\n const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {\n baseURI: opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })\n // first version is for backwards compat\n const responseRedirectURI =\n ('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??\n ('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n definitionId,\n correlationId,\n state,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(responseRedirectURI && { responseRedirectURI }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n }\n const authRequestBody: GenerateAuthRequestURIResponse = {\n correlationId,\n state,\n definitionId,\n authRequestURI,\n authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qrCodeDataUri }),\n }\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n return response.json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not create an authorization request URI', error)\n }\n })\n}\n\nexport function authStatusWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/auth-status'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.body.correlationId as string\n const definitionId: string = request.body.definitionId as string\n\n const requestState =\n correlationId && definitionId\n ? await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n : undefined\n if (!requestState || !definitionId || !correlationId) {\n console.log(\n `No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,\n )\n response.statusCode = 404\n const statusBody: AuthStatusResponse = {\n status: requestState ? requestState.status : 'error',\n error: 'No authentication request mapping could be found for the given URL.',\n correlationId,\n definitionId,\n lastUpdated: requestState ? requestState.lastUpdated : Date.now(),\n }\n return response.json(statusBody)\n }\n\n let includeVerifiedData: VerifiedDataMode = VerifiedDataMode.NONE\n if ('includeVerifiedData' in request.body) {\n includeVerifiedData = request.body.includeVerifiedData as VerifiedDataMode\n }\n\n let responseState\n if (requestState.status === 'sent') {\n responseState = (await context.agent.siopGetAuthResponseState({\n correlationId,\n definitionId,\n includeVerifiedData: includeVerifiedData,\n errorOnNotFound: false,\n })) as AuthorizationResponseStateWithVerifiedData\n }\n const overallState: AuthorizationRequestState | AuthorizationResponseStateWithVerifiedData = responseState ?? requestState\n\n const statusBody: AuthStatusResponse = {\n status: overallState.status,\n ...(overallState.error ? { error: overallState.error?.message } : {}),\n correlationId,\n definitionId,\n lastUpdated: overallState.lastUpdated,\n ...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED\n ? {\n payload: await responseState.response.mergedPayloads({ hasher: defaultHasher }),\n verifiedData: responseState.verifiedData,\n }\n : {}),\n }\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n if (overallState.status === 'error') {\n response.statusCode = 500\n return response.json(statusBody)\n }\n response.statusCode = 200\n return response.json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function removeAuthRequestStateWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n const definitionId: string = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n response.statusCode = 200\n return response.json(await context.agent.siopDeleteAuthState({ definitionId, correlationId }))\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusWebappEndpoint,\n createAuthRequestWebappEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateWebappEndpoint,\n} from './webapp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;ACCA,iCAAkE;AAElE,uBAAiC;AAIjC,IAAMA,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,kCAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,cAAcC,UAAUC,QAAO,IAAK7B,QAAQ8B;AACnE,UAAI,CAACJ,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAET;YAAcC;YAAUC;UAAQ;;MAAG,CAAA;AAC9G,UAAII,gBAAgBI,WAAW,GAAG;AAChC7B,gBAAQC,IAAI,4BAA4BkB,YAAAA,8BAA0C;AAClFF,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB,iBAAiBZ,YAAAA;AAC1C,eAAOF,SAASe,KAAI;MACtB;AAEA,YAAMC,wBAAwB1C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAMzB,QAAQgB,MAAMU,uBAAuB;QAClEH;QACAf;QACAC;QACAkB,kBAAkBH,eAAeI;MACnC,CAAA;AAGA,YAAMC,eAAeJ,kBAAkBK,kBAAkBD;AACzD,UAAIA,gBAAgBE,OAAOC,KAAKH,YAAAA,EAAcV,SAAS,GAAG;AACxD7B,gBAAQC,IAAI,mBAAmBJ,KAAK2B,UAAUW,kBAAkBK,kBAAkBD,cAAc,MAAM,CAAA,CAAA;AACtGtB,iBAASa,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBjB;QACzD;AACA,YAAIe,sBAAsBY,gBAAgB;AACxC5B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAUmB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMrC,QAAQgB,MAAMsB,mBAAmB;UAAE9B;UAAeC;UAAc8B,OAAOd,iBAAiBc;QAAM,CAAA;AAChI,YAAIF,qBAAqB;AACvB9B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAU;YAAE0B,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACL/C,gBAAQC,IAAI,+CAAA;AACZgB,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB;MAC3B;AACA,aAAOd,SAASe,KAAI;IACtB,SAASmB,OAAO;AACdnD,cAAQmD,MAAMA,KAAAA;AACd,iBAAO5B,8CAAkBN,UAAU,KAAK,gCAAgCkC,KAAAA;IAC1E;EACF,CAAA;AACF;AAjEgB3C;AAmET,SAAS4C,6BAA6B3C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO4C,IAAIxC,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,eAAe3B,QAAQ8B,OAAOH;AACpC,UAAI,CAACD,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMqC,eAAe,MAAM5C,QAAQgB,MAAM6B,wBAAwB;QAC/DrC;QACAC;QACAqC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBtD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,YAAAA,EAAc;AAElJ,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAMwC,gBAAgB,MAAMH,aAAa9D,SAASiE,eAAeC,MAAAA;AACjE1D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAIwD,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFlC,iBAASa,aAAa;AACtBb,iBAAS6B,UAAU,gBAAgB,iBAAA;AACnC,eAAO7B,SAASe,KAAKyB,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAapD,QAAQoD,EAAEC,UAAUC;AACrE,mBAAOtC,8CAAkBN,UAAU,KAAK,uCAAuC0C,CAAAA;MACjF,UAAA;AACE,cAAMjD,QAAQgB,MAAMoC,2BAA2B;UAC7C5C;UACAC;UACA8B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,iBAAO5B,8CAAkBN,UAAU,KAAK,uCAAuCkC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;AC9GhB,2BAA4E;AAC5E,IAAAW,8BAAkE;AAClE,qBAAgF;AAChF,IAAAC,kBAA6E;AAC7E,IAAAA,kBAA2C;AAE3C,wBAAiB;AAGV,SAASC,gCAAgCC,QAAgBC,SAA2BC,MAA2C;AACpI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,+CAA+C;AAC3D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AAEF,YAAMC,eAAeF,QAAQG,OAAOD;AACpC,UAAI,CAACA,cAAc;AACjB,mBAAOE,+CAAkBH,UAAU,KAAK,0CAAA;MAC1C;AACA,YAAMI,QAAgBL,QAAQM,KAAKD,SAASE,kBAAAA,QAAKA,KAAI;AACrD,YAAMC,gBAAgBR,QAAQM,KAAKE,iBAAiBH;AACpD,YAAMI,aAAaT,QAAQM,KAAKG,cAAcjB,MAAMiB;AAEpD,YAAMC,4BAAwBC,4BAAY,qBAAqBT,YAAAA,kBAA8BG,KAAAA,IAAS;QACpGO,SAASpB,MAAMqB;MACjB,CAAA;AACA,YAAMC,kBAAcH,4BAAY,qBAAqBT,YAAAA,mBAA+BG,KAAAA,IAAS;QAAEO,SAASpB,MAAMqB;MAAY,CAAA;AAE1H,YAAME,uBACH,2BAA2Bf,QAAQM,QAASN,QAAQM,KAAKU,2BACzD,yBAAyBhB,QAAQM,QAASN,QAAQM,KAAKS;AAE1D,YAAME,iBAAiB,MAAM1B,QAAQ2B,MAAMC,yBAAyB;QAClEjB;QACAM;QACAH;QACAe,OAAOb,kBAAAA,QAAKA,KAAI;QAChBG;QACAW,iBAAiB;QACjBP;QACA,GAAIC,uBAAuB;UAAEA;QAAoB;MACnD,CAAA;AAEA,UAAIO;AACJ,UAAIb,YAAY;AACd,cAAM,EAAEc,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAGd;UAAYgB,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AACA,YAAMC,kBAAkD;QACtDpB;QACAH;QACAH;QACAe;QACAY,eAAe,OAAGlB,4BAAYnB,MAAMsC,wBAAwB,uBAAuB;UAAElB,SAASpB,MAAMuC;QAAc,CAAA,CAAA;QAClH,GAAIT,iBAAiB;UAAEA;QAAc;MACvC;AACA5B,cAAQC,IAAI,uCAAuCqC,KAAKC,UAAUL,eAAAA,CAAAA,EAAkB;AACpF,aAAO3B,SAASiC,KAAKN,eAAAA;IACvB,SAASO,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAK,iDAAiDkC,KAAAA;IAC3F;EACF,CAAA;AACF;AAzDgB9C;AA2DT,SAAS+C,yBAAyB9C,QAAgBC,SAA2BC,MAA0B;AAC5G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wCAAwC;AACpD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AACFP,cAAQC,IAAI,iCAAA;AACZ,YAAMa,gBAAwBR,QAAQM,KAAKE;AAC3C,YAAMN,eAAuBF,QAAQM,KAAKJ;AAE1C,YAAMmC,eACJ7B,iBAAiBN,eACb,MAAMX,QAAQ2B,MAAMoB,wBAAwB;QAC1C9B;QACAN;QACAqC,iBAAiB;MACnB,CAAA,IACAC;AACN,UAAI,CAACH,gBAAgB,CAACnC,gBAAgB,CAACM,eAAe;AACpDd,gBAAQC,IACN,oFAAoFa,aAAAA,mBAAgCN,YAAAA,EAAc;AAEpID,iBAASwC,aAAa;AACtB,cAAMC,cAAiC;UACrCC,QAAQN,eAAeA,aAAaM,SAAS;UAC7CR,OAAO;UACP3B;UACAN;UACA0C,aAAaP,eAAeA,aAAaO,cAAcC,KAAKC,IAAG;QACjE;AACA,eAAO7C,SAASiC,KAAKQ,WAAAA;MACvB;AAEA,UAAIK,sBAAwCC,iCAAiBC;AAC7D,UAAI,yBAAyBjD,QAAQM,MAAM;AACzCyC,8BAAsB/C,QAAQM,KAAKyC;MACrC;AAEA,UAAIG;AACJ,UAAIb,aAAaM,WAAW,QAAQ;AAClCO,wBAAiB,MAAM3D,QAAQ2B,MAAMiC,yBAAyB;UAC5D3C;UACAN;UACA6C;UACAR,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMa,eAAuFF,iBAAiBb;AAE9G,YAAMK,aAAiC;QACrCC,QAAQS,aAAaT;QACrB,GAAIS,aAAajB,QAAQ;UAAEA,OAAOiB,aAAajB,OAAOkB;QAAQ,IAAI,CAAC;QACnE7C;QACAN;QACA0C,aAAaQ,aAAaR;QAC1B,GAAIM,iBAAiBA,cAAcP,WAAWW,sDAAiCC,WAC3E;UACEC,SAAS,MAAMN,cAAcjD,SAASwD,eAAe;YAAEC,QAAQC,gBAAAA;UAAc,CAAA;UAC7EC,cAAcV,cAAcU;QAC9B,IACA,CAAC;MACP;AACAlE,cAAQmE,MAAM,0BAA0B7B,KAAKC,UAAUS,UAAAA,CAAAA,EAAa;AACpE,UAAIU,aAAaT,WAAW,SAAS;AACnC1C,iBAASwC,aAAa;AACtB,eAAOxC,SAASiC,KAAKQ,UAAAA;MACvB;AACAzC,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKQ,UAAAA;IACvB,SAASP,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AA3EgBC;AA6ET,SAAS0B,qCAAqCxE,QAAgBC,SAA2BC,MAA0B;AACxH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOyE,OAAOnE,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACtE,QAAI;AACF,YAAMO,gBAAwBR,QAAQG,OAAOK;AAC7C,YAAMN,eAAuBF,QAAQG,OAAOD;AAC5C,UAAI,CAACM,iBAAiB,CAACN,cAAc;AACnCR,gBAAQC,IAAI,6EAA6Ea,aAAAA,mBAAgCN,YAAAA,EAAc;AACvI,mBAAOE,+CAAkBH,UAAU,KAAK,yCAAA;MAC1C;AACAA,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAK,MAAM3C,QAAQ2B,MAAM8C,oBAAoB;QAAE9D;QAAcM;MAAc,CAAA,CAAA;IAC7F,SAAS2B,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AApBgB2B;AAsBT,SAASG,uBAAuB3E,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,4CAA4C;AACxD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO4E,IAAItE,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMkE,cAAc,MAAM5E,QAAQ2B,MAAMkD,kBAAiB;AACzDnE,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKiC,WAAAA;IACvB,SAAShC,OAAO;AACd,iBAAO/B,+CAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AAfgB8B;;;ACvKhB,IAAAI,kBAA6B;AAC7B,IAAAC,8BAA0D;AAG1D,qBAA4D;AAS5D,gCAAsB;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,+DAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,iEAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,eAAAA,QAAQC,OAAM;AAC7B,UAAMC,cAAUC,8BAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,sCAAgC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AAC3EC,+BAAyB,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AACpEC,2CAAqC,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AAChFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,0BAAAA,QAAUC,WAAWb,SAASc,OAAAA,GAC9BF,0BAAAA,QAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","definitionId","tenantId","version","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQueryPayload","dcqlPayload","presentation","oid4vpSubmission","Object","keys","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","import_ssi_express_support","import_ssi_sdk","createAuthRequestWebappEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","request","response","definitionId","params","sendErrorResponse","state","body","uuid","correlationId","qrCodeOpts","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","responseRedirectURI","response_redirect_uri","authRequestURI","agent","siopCreateAuthRequestURI","nonce","responseURIType","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","authStatusURI","webappAuthStatusPath","webappBaseURI","JSON","stringify","json","error","authStatusWebappEndpoint","requestState","siopGetAuthRequestState","errorOnNotFound","undefined","statusCode","statusBody","status","lastUpdated","Date","now","includeVerifiedData","VerifiedDataMode","NONE","responseState","siopGetAuthResponseState","overallState","message","AuthorizationResponseStateStatus","VERIFIED","payload","mergedPayloads","hasher","defaultHasher","verifiedData","debug","removeAuthRequestStateWebappEndpoint","delete","siopDeleteAuthState","getDefinitionsEndpoint","get","definitions","pdmGetDefinitions","import_ssi_sdk","import_ssi_express_support","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestWebappEndpoint","webappCreateAuthRequest","authStatusWebappEndpoint","webappAuthStatus","removeAuthRequestStateWebappEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
package/dist/index.d.cts CHANGED
@@ -1,6 +1,5 @@
1
1
  import { ISingleEndpointOpts, GenericAuthArgs, ExpressSupport } from '@sphereon/ssi-express-support';
2
2
  import { Router, Express } from 'express';
3
- import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange';
4
3
  import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth';
5
4
  import { IAgentContext, ICredentialVerifier, TAgent } from '@veramo/core';
6
5
  import { IPDManager } from '@sphereon/ssi-sdk.pd-manager';
@@ -233,7 +232,7 @@ interface ICreateAuthRequestWebappEndpointOpts extends ISingleEndpointOpts {
233
232
  webappBaseURI?: string;
234
233
  responseRedirectURI?: string;
235
234
  }
236
- type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPresentationExchange & IPDManager;
235
+ type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPDManager;
237
236
  type IRequiredContext = IAgentContext<IRequiredPlugins>;
238
237
 
239
238
  declare function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
@@ -259,7 +258,7 @@ declare class SIOPv2RPApiServer {
259
258
  private setupSwaggerUi;
260
259
  get express(): Express;
261
260
  get router(): Router;
262
- get agent(): TAgent<IPresentationExchange & ISIOPv2RP>;
261
+ get agent(): TAgent<ISIOPv2RP>;
263
262
  get opts(): ISIOPv2RPRestAPIOpts | undefined;
264
263
  }
265
264
 
package/dist/index.d.ts CHANGED
@@ -1,6 +1,5 @@
1
1
  import { ISingleEndpointOpts, GenericAuthArgs, ExpressSupport } from '@sphereon/ssi-express-support';
2
2
  import { Router, Express } from 'express';
3
- import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange';
4
3
  import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth';
5
4
  import { IAgentContext, ICredentialVerifier, TAgent } from '@veramo/core';
6
5
  import { IPDManager } from '@sphereon/ssi-sdk.pd-manager';
@@ -233,7 +232,7 @@ interface ICreateAuthRequestWebappEndpointOpts extends ISingleEndpointOpts {
233
232
  webappBaseURI?: string;
234
233
  responseRedirectURI?: string;
235
234
  }
236
- type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPresentationExchange & IPDManager;
235
+ type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPDManager;
237
236
  type IRequiredContext = IAgentContext<IRequiredPlugins>;
238
237
 
239
238
  declare function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
@@ -259,7 +258,7 @@ declare class SIOPv2RPApiServer {
259
258
  private setupSwaggerUi;
260
259
  get express(): Express;
261
260
  get router(): Router;
262
- get agent(): TAgent<IPresentationExchange & ISIOPv2RP>;
261
+ get agent(): TAgent<ISIOPv2RP>;
263
262
  get opts(): ISIOPv2RPRestAPIOpts | undefined;
264
263
  }
265
264
 
package/dist/index.js CHANGED
@@ -154,8 +154,8 @@ import { AuthorizationResponseStateStatus } from "@sphereon/did-auth-siop";
154
154
  import { checkAuth as checkAuth2, sendErrorResponse as sendErrorResponse2 } from "@sphereon/ssi-express-support";
155
155
  import { uriWithBase } from "@sphereon/ssi-sdk.siopv2-oid4vp-common";
156
156
  import { VerifiedDataMode } from "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth";
157
- import uuid from "short-uuid";
158
157
  import { shaHasher as defaultHasher } from "@sphereon/ssi-sdk.core";
158
+ import uuid from "short-uuid";
159
159
  function createAuthRequestWebappEndpoint(router, context, opts) {
160
160
  if (opts?.enabled === false) {
161
161
  console.log(`createAuthRequest Webapp endpoint is disabled`);
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/siop-api-functions.ts","../src/webapp-api-functions.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, definitionId, tenantId, version } = request.params\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.log('Authorization Response (siop-sessions')\n console.log(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })\n if (definitionItems.length === 0) {\n console.log(`Could not get definition ${definitionId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${definitionId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n definitionId,\n dcqlQueryPayload: definitionItem.dcqlPayload,\n })\n\n // FIXME SSISDK-55 add proper support for checking for DCQL presentations\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && Object.keys(presentation).length > 0) {\n console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const definitionId = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n definitionId,\n state: 'sent',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n // if (!request.agent) throw Error('No agent configured')\n const definitionId = request.params.definitionId\n if (!definitionId) {\n return sendErrorResponse(response, 400, 'No definitionId query parameter provided')\n }\n const state: string = request.body.state ?? uuid.uuid()\n const correlationId = request.body.correlationId ?? state\n const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts\n\n const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {\n baseURI: opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })\n // first version is for backwards compat\n const responseRedirectURI =\n ('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??\n ('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n definitionId,\n correlationId,\n state,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(responseRedirectURI && { responseRedirectURI }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n }\n const authRequestBody: GenerateAuthRequestURIResponse = {\n correlationId,\n state,\n definitionId,\n authRequestURI,\n authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qrCodeDataUri }),\n }\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n return response.json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not create an authorization request URI', error)\n }\n })\n}\n\nexport function authStatusWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/auth-status'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.body.correlationId as string\n const definitionId: string = request.body.definitionId as string\n\n const requestState =\n correlationId && definitionId\n ? await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n : undefined\n if (!requestState || !definitionId || !correlationId) {\n console.log(\n `No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,\n )\n response.statusCode = 404\n const statusBody: AuthStatusResponse = {\n status: requestState ? requestState.status : 'error',\n error: 'No authentication request mapping could be found for the given URL.',\n correlationId,\n definitionId,\n lastUpdated: requestState ? requestState.lastUpdated : Date.now(),\n }\n return response.json(statusBody)\n }\n\n let includeVerifiedData: VerifiedDataMode = VerifiedDataMode.NONE\n if ('includeVerifiedData' in request.body) {\n includeVerifiedData = request.body.includeVerifiedData as VerifiedDataMode\n }\n\n let responseState\n if (requestState.status === 'sent') {\n responseState = (await context.agent.siopGetAuthResponseState({\n correlationId,\n definitionId,\n includeVerifiedData: includeVerifiedData,\n errorOnNotFound: false,\n })) as AuthorizationResponseStateWithVerifiedData\n }\n const overallState: AuthorizationRequestState | AuthorizationResponseStateWithVerifiedData = responseState ?? requestState\n\n const statusBody: AuthStatusResponse = {\n status: overallState.status,\n ...(overallState.error ? { error: overallState.error?.message } : {}),\n correlationId,\n definitionId,\n lastUpdated: overallState.lastUpdated,\n ...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED\n ? {\n payload: await responseState.response.mergedPayloads({ hasher: defaultHasher }),\n verifiedData: responseState.verifiedData,\n }\n : {}),\n }\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n if (overallState.status === 'error') {\n response.statusCode = 500\n return response.json(statusBody)\n }\n response.statusCode = 200\n return response.json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function removeAuthRequestStateWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n const definitionId: string = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n response.statusCode = 200\n return response.json(await context.agent.siopDeleteAuthState({ definitionId, correlationId }))\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusWebappEndpoint,\n createAuthRequestWebappEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateWebappEndpoint,\n} from './webapp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<IPresentationExchange & ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<IPresentationExchange & ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;AACA,SAASA,WAAgCC,yBAAyB;AAElE,SAASC,wBAAwB;AAIjC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,cAAcC,UAAUC,QAAO,IAAK7B,QAAQ8B;AACnE,UAAI,CAACJ,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAET;YAAcC;YAAUC;UAAQ;;MAAG,CAAA;AAC9G,UAAII,gBAAgBI,WAAW,GAAG;AAChC7B,gBAAQC,IAAI,4BAA4BkB,YAAAA,8BAA0C;AAClFF,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB,iBAAiBZ,YAAAA;AAC1C,eAAOF,SAASe,KAAI;MACtB;AAEA,YAAMC,wBAAwB1C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAMzB,QAAQgB,MAAMU,uBAAuB;QAClEH;QACAf;QACAC;QACAkB,kBAAkBH,eAAeI;MACnC,CAAA;AAGA,YAAMC,eAAeJ,kBAAkBK,kBAAkBD;AACzD,UAAIA,gBAAgBE,OAAOC,KAAKH,YAAAA,EAAcV,SAAS,GAAG;AACxD7B,gBAAQC,IAAI,mBAAmBJ,KAAK2B,UAAUW,kBAAkBK,kBAAkBD,cAAc,MAAM,CAAA,CAAA;AACtGtB,iBAASa,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBjB;QACzD;AACA,YAAIe,sBAAsBY,gBAAgB;AACxC5B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAUmB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMrC,QAAQgB,MAAMsB,mBAAmB;UAAE9B;UAAeC;UAAc8B,OAAOd,iBAAiBc;QAAM,CAAA;AAChI,YAAIF,qBAAqB;AACvB9B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAU;YAAE0B,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACL/C,gBAAQC,IAAI,+CAAA;AACZgB,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB;MAC3B;AACA,aAAOd,SAASe,KAAI;IACtB,SAASmB,OAAO;AACdnD,cAAQmD,MAAMA,KAAAA;AACd,aAAO5B,kBAAkBN,UAAU,KAAK,gCAAgCkC,KAAAA;IAC1E;EACF,CAAA;AACF;AAjEgB3C;AAmET,SAAS4C,6BAA6B3C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO4C,IAAIxC,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,eAAe3B,QAAQ8B,OAAOH;AACpC,UAAI,CAACD,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMqC,eAAe,MAAM5C,QAAQgB,MAAM6B,wBAAwB;QAC/DrC;QACAC;QACAqC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBtD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,YAAAA,EAAc;AAElJ,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAMwC,gBAAgB,MAAMH,aAAa9D,SAASiE,eAAeC,MAAAA;AACjE1D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAIwD,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFlC,iBAASa,aAAa;AACtBb,iBAAS6B,UAAU,gBAAgB,iBAAA;AACnC,eAAO7B,SAASe,KAAKyB,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAapD,QAAQoD,EAAEC,UAAUC;AACrE,eAAOtC,kBAAkBN,UAAU,KAAK,uCAAuC0C,CAAAA;MACjF,UAAA;AACE,cAAMjD,QAAQgB,MAAMoC,2BAA2B;UAC7C5C;UACAC;UACA8B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAO5B,kBAAkBN,UAAU,KAAK,uCAAuCkC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;AC9GhB,SAAoCW,wCAAwC;AAC5E,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAA6DC,mBAAmB;AAChF,SAAqDC,wBAAwB;AAE7E,OAAOC,UAAU;AAEjB,SAASC,aAAaC,qBAAqB;AAEpC,SAASC,gCAAgCC,QAAgBC,SAA2BC,MAA2C;AACpI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,+CAA+C;AAC3D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AAEF,YAAMC,eAAeF,QAAQG,OAAOD;AACpC,UAAI,CAACA,cAAc;AACjB,eAAOE,mBAAkBH,UAAU,KAAK,0CAAA;MAC1C;AACA,YAAMI,QAAgBL,QAAQM,KAAKD,SAASE,KAAKA,KAAI;AACrD,YAAMC,gBAAgBR,QAAQM,KAAKE,iBAAiBH;AACpD,YAAMI,aAAaT,QAAQM,KAAKG,cAAcjB,MAAMiB;AAEpD,YAAMC,wBAAwBC,YAAY,qBAAqBT,YAAAA,kBAA8BG,KAAAA,IAAS;QACpGO,SAASpB,MAAMqB;MACjB,CAAA;AACA,YAAMC,cAAcH,YAAY,qBAAqBT,YAAAA,mBAA+BG,KAAAA,IAAS;QAAEO,SAASpB,MAAMqB;MAAY,CAAA;AAE1H,YAAME,uBACH,2BAA2Bf,QAAQM,QAASN,QAAQM,KAAKU,2BACzD,yBAAyBhB,QAAQM,QAASN,QAAQM,KAAKS;AAE1D,YAAME,iBAAiB,MAAM1B,QAAQ2B,MAAMC,yBAAyB;QAClEjB;QACAM;QACAH;QACAe,OAAOb,KAAKA,KAAI;QAChBG;QACAW,iBAAiB;QACjBP;QACA,GAAIC,uBAAuB;UAAEA;QAAoB;MACnD,CAAA;AAEA,UAAIO;AACJ,UAAIb,YAAY;AACd,cAAM,EAAEc,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAGd;UAAYgB,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AACA,YAAMC,kBAAkD;QACtDpB;QACAH;QACAH;QACAe;QACAY,eAAe,GAAGlB,YAAYnB,MAAMsC,wBAAwB,uBAAuB;UAAElB,SAASpB,MAAMuC;QAAc,CAAA,CAAA;QAClH,GAAIT,iBAAiB;UAAEA;QAAc;MACvC;AACA5B,cAAQC,IAAI,uCAAuCqC,KAAKC,UAAUL,eAAAA,CAAAA,EAAkB;AACpF,aAAO3B,SAASiC,KAAKN,eAAAA;IACvB,SAASO,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAK,iDAAiDkC,KAAAA;IAC3F;EACF,CAAA;AACF;AAzDgB9C;AA2DT,SAAS+C,yBAAyB9C,QAAgBC,SAA2BC,MAA0B;AAC5G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wCAAwC;AACpD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AACFP,cAAQC,IAAI,iCAAA;AACZ,YAAMa,gBAAwBR,QAAQM,KAAKE;AAC3C,YAAMN,eAAuBF,QAAQM,KAAKJ;AAE1C,YAAMmC,eACJ7B,iBAAiBN,eACb,MAAMX,QAAQ2B,MAAMoB,wBAAwB;QAC1C9B;QACAN;QACAqC,iBAAiB;MACnB,CAAA,IACAC;AACN,UAAI,CAACH,gBAAgB,CAACnC,gBAAgB,CAACM,eAAe;AACpDd,gBAAQC,IACN,oFAAoFa,aAAAA,mBAAgCN,YAAAA,EAAc;AAEpID,iBAASwC,aAAa;AACtB,cAAMC,cAAiC;UACrCC,QAAQN,eAAeA,aAAaM,SAAS;UAC7CR,OAAO;UACP3B;UACAN;UACA0C,aAAaP,eAAeA,aAAaO,cAAcC,KAAKC,IAAG;QACjE;AACA,eAAO7C,SAASiC,KAAKQ,WAAAA;MACvB;AAEA,UAAIK,sBAAwCC,iBAAiBC;AAC7D,UAAI,yBAAyBjD,QAAQM,MAAM;AACzCyC,8BAAsB/C,QAAQM,KAAKyC;MACrC;AAEA,UAAIG;AACJ,UAAIb,aAAaM,WAAW,QAAQ;AAClCO,wBAAiB,MAAM3D,QAAQ2B,MAAMiC,yBAAyB;UAC5D3C;UACAN;UACA6C;UACAR,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMa,eAAuFF,iBAAiBb;AAE9G,YAAMK,aAAiC;QACrCC,QAAQS,aAAaT;QACrB,GAAIS,aAAajB,QAAQ;UAAEA,OAAOiB,aAAajB,OAAOkB;QAAQ,IAAI,CAAC;QACnE7C;QACAN;QACA0C,aAAaQ,aAAaR;QAC1B,GAAIM,iBAAiBA,cAAcP,WAAWW,iCAAiCC,WAC3E;UACEC,SAAS,MAAMN,cAAcjD,SAASwD,eAAe;YAAEC,QAAQC;UAAc,CAAA;UAC7EC,cAAcV,cAAcU;QAC9B,IACA,CAAC;MACP;AACAlE,cAAQmE,MAAM,0BAA0B7B,KAAKC,UAAUS,UAAAA,CAAAA,EAAa;AACpE,UAAIU,aAAaT,WAAW,SAAS;AACnC1C,iBAASwC,aAAa;AACtB,eAAOxC,SAASiC,KAAKQ,UAAAA;MACvB;AACAzC,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKQ,UAAAA;IACvB,SAASP,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AA3EgBC;AA6ET,SAAS0B,qCAAqCxE,QAAgBC,SAA2BC,MAA0B;AACxH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOyE,OAAOnE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACtE,QAAI;AACF,YAAMO,gBAAwBR,QAAQG,OAAOK;AAC7C,YAAMN,eAAuBF,QAAQG,OAAOD;AAC5C,UAAI,CAACM,iBAAiB,CAACN,cAAc;AACnCR,gBAAQC,IAAI,6EAA6Ea,aAAAA,mBAAgCN,YAAAA,EAAc;AACvI,eAAOE,mBAAkBH,UAAU,KAAK,yCAAA;MAC1C;AACAA,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAK,MAAM3C,QAAQ2B,MAAM8C,oBAAoB;QAAE9D;QAAcM;MAAc,CAAA,CAAA;IAC7F,SAAS2B,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AApBgB2B;AAsBT,SAASG,uBAAuB3E,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,4CAA4C;AACxD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO4E,IAAItE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMkE,cAAc,MAAM5E,QAAQ2B,MAAMkD,kBAAiB;AACzDnE,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKiC,WAAAA;IACvB,SAAShC,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AAfgB8B;;;ACvKhB,SAASI,oBAAoB;AAC7B,SAASC,iCAAiD;AAI1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAhBb,OAgBaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,sCAAgC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AAC3EC,+BAAyB,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AACpEC,2CAAqC,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AAChFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAAmD;AACrD,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["checkAuth","sendErrorResponse","CredentialMapper","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","definitionId","tenantId","version","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQueryPayload","dcqlPayload","presentation","oid4vpSubmission","Object","keys","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","AuthorizationResponseStateStatus","checkAuth","sendErrorResponse","uriWithBase","VerifiedDataMode","uuid","shaHasher","defaultHasher","createAuthRequestWebappEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","request","response","definitionId","params","sendErrorResponse","state","body","uuid","correlationId","qrCodeOpts","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","responseRedirectURI","response_redirect_uri","authRequestURI","agent","siopCreateAuthRequestURI","nonce","responseURIType","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","authStatusURI","webappAuthStatusPath","webappBaseURI","JSON","stringify","json","error","authStatusWebappEndpoint","requestState","siopGetAuthRequestState","errorOnNotFound","undefined","statusCode","statusBody","status","lastUpdated","Date","now","includeVerifiedData","VerifiedDataMode","NONE","responseState","siopGetAuthResponseState","overallState","message","AuthorizationResponseStateStatus","VERIFIED","payload","mergedPayloads","hasher","defaultHasher","verifiedData","debug","removeAuthRequestStateWebappEndpoint","delete","siopDeleteAuthState","getDefinitionsEndpoint","get","definitions","pdmGetDefinitions","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestWebappEndpoint","webappCreateAuthRequest","authStatusWebappEndpoint","webappAuthStatus","removeAuthRequestStateWebappEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
1
+ {"version":3,"sources":["../src/siop-api-functions.ts","../src/webapp-api-functions.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, definitionId, tenantId, version } = request.params\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.log('Authorization Response (siop-sessions')\n console.log(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })\n if (definitionItems.length === 0) {\n console.log(`Could not get definition ${definitionId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${definitionId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n definitionId,\n dcqlQueryPayload: definitionItem.dcqlPayload,\n })\n\n // FIXME SSISDK-55 add proper support for checking for DCQL presentations\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && Object.keys(presentation).length > 0) {\n console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const definitionId = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n definitionId,\n state: 'sent',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'\n\nexport function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n // if (!request.agent) throw Error('No agent configured')\n const definitionId = request.params.definitionId\n if (!definitionId) {\n return sendErrorResponse(response, 400, 'No definitionId query parameter provided')\n }\n const state: string = request.body.state ?? uuid.uuid()\n const correlationId = request.body.correlationId ?? state\n const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts\n\n const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {\n baseURI: opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })\n // first version is for backwards compat\n const responseRedirectURI =\n ('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??\n ('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n definitionId,\n correlationId,\n state,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(responseRedirectURI && { responseRedirectURI }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n }\n const authRequestBody: GenerateAuthRequestURIResponse = {\n correlationId,\n state,\n definitionId,\n authRequestURI,\n authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qrCodeDataUri }),\n }\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n return response.json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not create an authorization request URI', error)\n }\n })\n}\n\nexport function authStatusWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/auth-status'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.body.correlationId as string\n const definitionId: string = request.body.definitionId as string\n\n const requestState =\n correlationId && definitionId\n ? await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n : undefined\n if (!requestState || !definitionId || !correlationId) {\n console.log(\n `No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,\n )\n response.statusCode = 404\n const statusBody: AuthStatusResponse = {\n status: requestState ? requestState.status : 'error',\n error: 'No authentication request mapping could be found for the given URL.',\n correlationId,\n definitionId,\n lastUpdated: requestState ? requestState.lastUpdated : Date.now(),\n }\n return response.json(statusBody)\n }\n\n let includeVerifiedData: VerifiedDataMode = VerifiedDataMode.NONE\n if ('includeVerifiedData' in request.body) {\n includeVerifiedData = request.body.includeVerifiedData as VerifiedDataMode\n }\n\n let responseState\n if (requestState.status === 'sent') {\n responseState = (await context.agent.siopGetAuthResponseState({\n correlationId,\n definitionId,\n includeVerifiedData: includeVerifiedData,\n errorOnNotFound: false,\n })) as AuthorizationResponseStateWithVerifiedData\n }\n const overallState: AuthorizationRequestState | AuthorizationResponseStateWithVerifiedData = responseState ?? requestState\n\n const statusBody: AuthStatusResponse = {\n status: overallState.status,\n ...(overallState.error ? { error: overallState.error?.message } : {}),\n correlationId,\n definitionId,\n lastUpdated: overallState.lastUpdated,\n ...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED\n ? {\n payload: await responseState.response.mergedPayloads({ hasher: defaultHasher }),\n verifiedData: responseState.verifiedData,\n }\n : {}),\n }\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n if (overallState.status === 'error') {\n response.statusCode = 500\n return response.json(statusBody)\n }\n response.statusCode = 200\n return response.json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function removeAuthRequestStateWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n const definitionId: string = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n response.statusCode = 200\n return response.json(await context.agent.siopDeleteAuthState({ definitionId, correlationId }))\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusWebappEndpoint,\n createAuthRequestWebappEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateWebappEndpoint,\n} from './webapp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;AACA,SAASA,WAAgCC,yBAAyB;AAElE,SAASC,wBAAwB;AAIjC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,cAAcC,UAAUC,QAAO,IAAK7B,QAAQ8B;AACnE,UAAI,CAACJ,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAET;YAAcC;YAAUC;UAAQ;;MAAG,CAAA;AAC9G,UAAII,gBAAgBI,WAAW,GAAG;AAChC7B,gBAAQC,IAAI,4BAA4BkB,YAAAA,8BAA0C;AAClFF,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB,iBAAiBZ,YAAAA;AAC1C,eAAOF,SAASe,KAAI;MACtB;AAEA,YAAMC,wBAAwB1C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAMzB,QAAQgB,MAAMU,uBAAuB;QAClEH;QACAf;QACAC;QACAkB,kBAAkBH,eAAeI;MACnC,CAAA;AAGA,YAAMC,eAAeJ,kBAAkBK,kBAAkBD;AACzD,UAAIA,gBAAgBE,OAAOC,KAAKH,YAAAA,EAAcV,SAAS,GAAG;AACxD7B,gBAAQC,IAAI,mBAAmBJ,KAAK2B,UAAUW,kBAAkBK,kBAAkBD,cAAc,MAAM,CAAA,CAAA;AACtGtB,iBAASa,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBjB;QACzD;AACA,YAAIe,sBAAsBY,gBAAgB;AACxC5B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAUmB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMrC,QAAQgB,MAAMsB,mBAAmB;UAAE9B;UAAeC;UAAc8B,OAAOd,iBAAiBc;QAAM,CAAA;AAChI,YAAIF,qBAAqB;AACvB9B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAU;YAAE0B,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACL/C,gBAAQC,IAAI,+CAAA;AACZgB,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB;MAC3B;AACA,aAAOd,SAASe,KAAI;IACtB,SAASmB,OAAO;AACdnD,cAAQmD,MAAMA,KAAAA;AACd,aAAO5B,kBAAkBN,UAAU,KAAK,gCAAgCkC,KAAAA;IAC1E;EACF,CAAA;AACF;AAjEgB3C;AAmET,SAAS4C,6BAA6B3C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO4C,IAAIxC,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,eAAe3B,QAAQ8B,OAAOH;AACpC,UAAI,CAACD,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMqC,eAAe,MAAM5C,QAAQgB,MAAM6B,wBAAwB;QAC/DrC;QACAC;QACAqC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBtD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,YAAAA,EAAc;AAElJ,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAMwC,gBAAgB,MAAMH,aAAa9D,SAASiE,eAAeC,MAAAA;AACjE1D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAIwD,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFlC,iBAASa,aAAa;AACtBb,iBAAS6B,UAAU,gBAAgB,iBAAA;AACnC,eAAO7B,SAASe,KAAKyB,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAapD,QAAQoD,EAAEC,UAAUC;AACrE,eAAOtC,kBAAkBN,UAAU,KAAK,uCAAuC0C,CAAAA;MACjF,UAAA;AACE,cAAMjD,QAAQgB,MAAMoC,2BAA2B;UAC7C5C;UACAC;UACA8B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAO5B,kBAAkBN,UAAU,KAAK,uCAAuCkC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;AC9GhB,SAAoCW,wCAAwC;AAC5E,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAA6DC,mBAAmB;AAChF,SAAqDC,wBAAwB;AAC7E,SAASC,aAAaC,qBAAqB;AAE3C,OAAOC,UAAU;AAGV,SAASC,gCAAgCC,QAAgBC,SAA2BC,MAA2C;AACpI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,+CAA+C;AAC3D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AAEF,YAAMC,eAAeF,QAAQG,OAAOD;AACpC,UAAI,CAACA,cAAc;AACjB,eAAOE,mBAAkBH,UAAU,KAAK,0CAAA;MAC1C;AACA,YAAMI,QAAgBL,QAAQM,KAAKD,SAASE,KAAKA,KAAI;AACrD,YAAMC,gBAAgBR,QAAQM,KAAKE,iBAAiBH;AACpD,YAAMI,aAAaT,QAAQM,KAAKG,cAAcjB,MAAMiB;AAEpD,YAAMC,wBAAwBC,YAAY,qBAAqBT,YAAAA,kBAA8BG,KAAAA,IAAS;QACpGO,SAASpB,MAAMqB;MACjB,CAAA;AACA,YAAMC,cAAcH,YAAY,qBAAqBT,YAAAA,mBAA+BG,KAAAA,IAAS;QAAEO,SAASpB,MAAMqB;MAAY,CAAA;AAE1H,YAAME,uBACH,2BAA2Bf,QAAQM,QAASN,QAAQM,KAAKU,2BACzD,yBAAyBhB,QAAQM,QAASN,QAAQM,KAAKS;AAE1D,YAAME,iBAAiB,MAAM1B,QAAQ2B,MAAMC,yBAAyB;QAClEjB;QACAM;QACAH;QACAe,OAAOb,KAAKA,KAAI;QAChBG;QACAW,iBAAiB;QACjBP;QACA,GAAIC,uBAAuB;UAAEA;QAAoB;MACnD,CAAA;AAEA,UAAIO;AACJ,UAAIb,YAAY;AACd,cAAM,EAAEc,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAGd;UAAYgB,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AACA,YAAMC,kBAAkD;QACtDpB;QACAH;QACAH;QACAe;QACAY,eAAe,GAAGlB,YAAYnB,MAAMsC,wBAAwB,uBAAuB;UAAElB,SAASpB,MAAMuC;QAAc,CAAA,CAAA;QAClH,GAAIT,iBAAiB;UAAEA;QAAc;MACvC;AACA5B,cAAQC,IAAI,uCAAuCqC,KAAKC,UAAUL,eAAAA,CAAAA,EAAkB;AACpF,aAAO3B,SAASiC,KAAKN,eAAAA;IACvB,SAASO,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAK,iDAAiDkC,KAAAA;IAC3F;EACF,CAAA;AACF;AAzDgB9C;AA2DT,SAAS+C,yBAAyB9C,QAAgBC,SAA2BC,MAA0B;AAC5G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wCAAwC;AACpD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AACFP,cAAQC,IAAI,iCAAA;AACZ,YAAMa,gBAAwBR,QAAQM,KAAKE;AAC3C,YAAMN,eAAuBF,QAAQM,KAAKJ;AAE1C,YAAMmC,eACJ7B,iBAAiBN,eACb,MAAMX,QAAQ2B,MAAMoB,wBAAwB;QAC1C9B;QACAN;QACAqC,iBAAiB;MACnB,CAAA,IACAC;AACN,UAAI,CAACH,gBAAgB,CAACnC,gBAAgB,CAACM,eAAe;AACpDd,gBAAQC,IACN,oFAAoFa,aAAAA,mBAAgCN,YAAAA,EAAc;AAEpID,iBAASwC,aAAa;AACtB,cAAMC,cAAiC;UACrCC,QAAQN,eAAeA,aAAaM,SAAS;UAC7CR,OAAO;UACP3B;UACAN;UACA0C,aAAaP,eAAeA,aAAaO,cAAcC,KAAKC,IAAG;QACjE;AACA,eAAO7C,SAASiC,KAAKQ,WAAAA;MACvB;AAEA,UAAIK,sBAAwCC,iBAAiBC;AAC7D,UAAI,yBAAyBjD,QAAQM,MAAM;AACzCyC,8BAAsB/C,QAAQM,KAAKyC;MACrC;AAEA,UAAIG;AACJ,UAAIb,aAAaM,WAAW,QAAQ;AAClCO,wBAAiB,MAAM3D,QAAQ2B,MAAMiC,yBAAyB;UAC5D3C;UACAN;UACA6C;UACAR,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMa,eAAuFF,iBAAiBb;AAE9G,YAAMK,aAAiC;QACrCC,QAAQS,aAAaT;QACrB,GAAIS,aAAajB,QAAQ;UAAEA,OAAOiB,aAAajB,OAAOkB;QAAQ,IAAI,CAAC;QACnE7C;QACAN;QACA0C,aAAaQ,aAAaR;QAC1B,GAAIM,iBAAiBA,cAAcP,WAAWW,iCAAiCC,WAC3E;UACEC,SAAS,MAAMN,cAAcjD,SAASwD,eAAe;YAAEC,QAAQC;UAAc,CAAA;UAC7EC,cAAcV,cAAcU;QAC9B,IACA,CAAC;MACP;AACAlE,cAAQmE,MAAM,0BAA0B7B,KAAKC,UAAUS,UAAAA,CAAAA,EAAa;AACpE,UAAIU,aAAaT,WAAW,SAAS;AACnC1C,iBAASwC,aAAa;AACtB,eAAOxC,SAASiC,KAAKQ,UAAAA;MACvB;AACAzC,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKQ,UAAAA;IACvB,SAASP,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AA3EgBC;AA6ET,SAAS0B,qCAAqCxE,QAAgBC,SAA2BC,MAA0B;AACxH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOyE,OAAOnE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACtE,QAAI;AACF,YAAMO,gBAAwBR,QAAQG,OAAOK;AAC7C,YAAMN,eAAuBF,QAAQG,OAAOD;AAC5C,UAAI,CAACM,iBAAiB,CAACN,cAAc;AACnCR,gBAAQC,IAAI,6EAA6Ea,aAAAA,mBAAgCN,YAAAA,EAAc;AACvI,eAAOE,mBAAkBH,UAAU,KAAK,yCAAA;MAC1C;AACAA,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAK,MAAM3C,QAAQ2B,MAAM8C,oBAAoB;QAAE9D;QAAcM;MAAc,CAAA,CAAA;IAC7F,SAAS2B,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AApBgB2B;AAsBT,SAASG,uBAAuB3E,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,4CAA4C;AACxD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO4E,IAAItE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMkE,cAAc,MAAM5E,QAAQ2B,MAAMkD,kBAAiB;AACzDnE,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKiC,WAAAA;IACvB,SAAShC,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AAfgB8B;;;ACvKhB,SAASI,oBAAoB;AAC7B,SAASC,iCAAiD;AAG1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,sCAAgC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AAC3EC,+BAAyB,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AACpEC,2CAAqC,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AAChFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["checkAuth","sendErrorResponse","CredentialMapper","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","definitionId","tenantId","version","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQueryPayload","dcqlPayload","presentation","oid4vpSubmission","Object","keys","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","AuthorizationResponseStateStatus","checkAuth","sendErrorResponse","uriWithBase","VerifiedDataMode","shaHasher","defaultHasher","uuid","createAuthRequestWebappEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","request","response","definitionId","params","sendErrorResponse","state","body","uuid","correlationId","qrCodeOpts","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","responseRedirectURI","response_redirect_uri","authRequestURI","agent","siopCreateAuthRequestURI","nonce","responseURIType","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","authStatusURI","webappAuthStatusPath","webappBaseURI","JSON","stringify","json","error","authStatusWebappEndpoint","requestState","siopGetAuthRequestState","errorOnNotFound","undefined","statusCode","statusBody","status","lastUpdated","Date","now","includeVerifiedData","VerifiedDataMode","NONE","responseState","siopGetAuthResponseState","overallState","message","AuthorizationResponseStateStatus","VERIFIED","payload","mergedPayloads","hasher","defaultHasher","verifiedData","debug","removeAuthRequestStateWebappEndpoint","delete","siopDeleteAuthState","getDefinitionsEndpoint","get","definitions","pdmGetDefinitions","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestWebappEndpoint","webappCreateAuthRequest","authStatusWebappEndpoint","webappAuthStatus","removeAuthRequestStateWebappEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api",
3
- "version": "0.34.1-fix.143+663555b2",
3
+ "version": "0.34.1-fix.146+0585cd38",
4
4
  "source": "src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -24,15 +24,15 @@
24
24
  },
25
25
  "dependencies": {
26
26
  "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.106",
27
- "@sphereon/ssi-express-support": "0.34.1-fix.143+663555b2",
28
- "@sphereon/ssi-sdk.core": "0.34.1-fix.143+663555b2",
29
- "@sphereon/ssi-sdk.credential-validation": "0.34.1-fix.143+663555b2",
30
- "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-fix.143+663555b2",
31
- "@sphereon/ssi-sdk.pd-manager": "0.34.1-fix.143+663555b2",
32
- "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-fix.143+663555b2",
33
- "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-fix.143+663555b2",
34
- "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-fix.143+663555b2",
35
- "@sphereon/ssi-types": "0.34.1-fix.143+663555b2",
27
+ "@sphereon/ssi-express-support": "0.34.1-fix.146+0585cd38",
28
+ "@sphereon/ssi-sdk.core": "0.34.1-fix.146+0585cd38",
29
+ "@sphereon/ssi-sdk.credential-validation": "0.34.1-fix.146+0585cd38",
30
+ "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-fix.146+0585cd38",
31
+ "@sphereon/ssi-sdk.pd-manager": "0.34.1-fix.146+0585cd38",
32
+ "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-fix.146+0585cd38",
33
+ "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-fix.146+0585cd38",
34
+ "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-fix.146+0585cd38",
35
+ "@sphereon/ssi-types": "0.34.1-fix.146+0585cd38",
36
36
  "@veramo/core": "4.2.0",
37
37
  "@veramo/credential-w3c": "4.2.0",
38
38
  "awesome-qr": "^2.1.5-rc.0",
@@ -50,12 +50,10 @@
50
50
  "@decentralized-identity/ion-sdk": "^0.6.0",
51
51
  "@sphereon/did-auth-siop-adapter": "0.19.1-feature.DIIPv4.106",
52
52
  "@sphereon/did-uni-client": "^0.6.3",
53
- "@sphereon/pex": "5.0.0-unstable.28",
54
- "@sphereon/pex-models": "^2.3.2",
55
- "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-fix.143+663555b2",
56
- "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-fix.143+663555b2",
57
- "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-fix.143+663555b2",
58
- "@sphereon/ssi-sdk.data-store": "0.34.1-fix.143+663555b2",
53
+ "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-fix.146+0585cd38",
54
+ "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-fix.146+0585cd38",
55
+ "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-fix.146+0585cd38",
56
+ "@sphereon/ssi-sdk.data-store": "0.34.1-fix.146+0585cd38",
59
57
  "@types/body-parser": "^1.19.5",
60
58
  "@types/cookie-parser": "^1.4.7",
61
59
  "@types/cors": "^2.8.17",
@@ -114,5 +112,5 @@
114
112
  "OpenID Connect",
115
113
  "Authenticator"
116
114
  ],
117
- "gitHead": "663555b236defd6dd41c316274baee44683c6935"
115
+ "gitHead": "0585cd382d3a7996b529e577c7960dc28fad87c6"
118
116
  }
package/src/siopv2-rp-api-server.ts CHANGED
@@ -1,6 +1,5 @@
1
1
  import { agentContext } from '@sphereon/ssi-sdk.core'
2
2
  import { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'
3
- import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
4
3
  import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
5
4
  import { TAgent } from '@veramo/core'
6
5
  import express, { Express, Request, Response, Router } from 'express'
@@ -17,7 +16,7 @@ import swaggerUi from 'swagger-ui-express'
17
16
  export class SIOPv2RPApiServer {
18
17
  private readonly _express: Express
19
18
  private readonly _router: Router
20
- private readonly _agent: TAgent<IPresentationExchange & ISIOPv2RP>
19
+ private readonly _agent: TAgent<ISIOPv2RP>
21
20
  private readonly _opts?: ISIOPv2RPRestAPIOpts
22
21
  private readonly _basePath: string
23
22
 
@@ -92,7 +91,7 @@ export class SIOPv2RPApiServer {
92
91
  return this._router
93
92
  }
94
93
 
95
- get agent(): TAgent<IPresentationExchange & ISIOPv2RP> {
94
+ get agent(): TAgent<ISIOPv2RP> {
96
95
  return this._agent
97
96
  }
98
97
 
package/src/types/types.ts CHANGED
@@ -1,5 +1,4 @@
1
1
  import { GenericAuthArgs, ISingleEndpointOpts } from '@sphereon/ssi-express-support'
2
- import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'
3
2
  import { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
4
3
  import { IAgentContext, ICredentialVerifier } from '@veramo/core'
5
4
  import { IPDManager } from '@sphereon/ssi-sdk.pd-manager'
@@ -28,5 +27,5 @@ export interface ICreateAuthRequestWebappEndpointOpts extends ISingleEndpointOpt
28
27
  responseRedirectURI?: string
29
28
  }
30
29
 
31
- export type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPresentationExchange & IPDManager
30
+ export type IRequiredPlugins = ICredentialVerifier & ISIOPv2RP & IPDManager
32
31
  export type IRequiredContext = IAgentContext<IRequiredPlugins>
package/src/webapp-api-functions.ts CHANGED
@@ -2,10 +2,10 @@ import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sp
2
2
  import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
3
3
  import { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
4
4
  import { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
5
+ import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
5
6
  import { Request, Response, Router } from 'express'
6
7
  import uuid from 'short-uuid'
7
8
  import { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'
8
- import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
9
9
 
10
10
  export function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {
11
11
  if (opts?.enabled === false) {