@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-fix.148 → 0.34.1-fix.163

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/dist/index.cjs +195 -118
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +99 -6
  4. package/dist/index.d.ts +99 -6
  5. package/dist/index.js +192 -115
  6. package/dist/index.js.map +1 -1
  7. package/package.json +21 -18
  8. package/src/index.ts +1 -1
  9. package/src/middleware/validationMiddleware.ts +20 -0
  10. package/src/schemas/index.ts +42 -0
  11. package/src/siop-api-functions.ts +4 -5
  12. package/src/siopv2-rp-api-server.ts +7 -7
  13. package/src/types/types.ts +68 -1
  14. package/src/universal-oid4vp-api-functions.ts +173 -0
package/dist/index.js CHANGED
@@ -62,7 +62,6 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
62
62
  const verifiedResponse = await context.agent.siopVerifyAuthResponse({
63
63
  authorizationResponse,
64
64
  correlationId,
65
- definitionId,
66
65
  dcqlQueryPayload: definitionItem.dcqlPayload
67
66
  });
68
67
  const presentation = verifiedResponse?.oid4vpSubmission?.presentation;
@@ -78,7 +77,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
78
77
  }
79
78
  const responseRedirectURI = await context.agent.siopGetRedirectURI({
80
79
  correlationId,
81
- definitionId,
80
+ queryId: definitionId,
82
81
  state: verifiedResponse.state
83
82
  });
84
83
  if (responseRedirectURI) {
@@ -116,7 +115,7 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
116
115
  }
117
116
  const requestState = await context.agent.siopGetAuthRequestState({
118
117
  correlationId,
119
- definitionId,
118
+ queryId: definitionId,
120
119
  errorOnNotFound: false
121
120
  });
122
121
  if (!requestState) {
@@ -137,8 +136,8 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
137
136
  } finally {
138
137
  await context.agent.siopUpdateAuthRequestState({
139
138
  correlationId,
140
- definitionId,
141
- state: "sent",
139
+ queryId: definitionId,
140
+ state: "authorization_request_created",
142
141
  error
143
142
  });
144
143
  }
@@ -149,46 +148,126 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
149
148
  }
150
149
  __name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
151
150
 
152
- // src/webapp-api-functions.ts
151
+ // src/universal-oid4vp-api-functions.ts
153
152
  import { AuthorizationResponseStateStatus } from "@sphereon/did-auth-siop";
154
153
  import { checkAuth as checkAuth2, sendErrorResponse as sendErrorResponse2 } from "@sphereon/ssi-express-support";
155
154
  import { uriWithBase } from "@sphereon/ssi-sdk.siopv2-oid4vp-common";
156
- import { VerifiedDataMode } from "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth";
157
- import { shaHasher as defaultHasher } from "@sphereon/ssi-sdk.core";
158
155
  import uuid from "short-uuid";
159
- function createAuthRequestWebappEndpoint(router, context, opts) {
156
+
157
+ // src/middleware/validationMiddleware.ts
158
+ import { ZodError } from "zod";
159
+ var validateData = /* @__PURE__ */ __name((schema) => {
160
+ return (req, res, next) => {
161
+ try {
162
+ schema.parse(req.body);
163
+ next();
164
+ } catch (error) {
165
+ if (error instanceof ZodError) {
166
+ const errorMessages = error.issues.map((issue) => ({
167
+ message: `${issue.path.join(".")} is ${issue.message}`
168
+ }));
169
+ res.status(400).json({
170
+ status: 400,
171
+ message: "Invalid data",
172
+ error_details: errorMessages[0].message
173
+ });
174
+ } else {
175
+ res.status(500).json({
176
+ status: 500,
177
+ message: "Internal Server Error"
178
+ });
179
+ }
180
+ }
181
+ };
182
+ }, "validateData");
183
+
184
+ // src/schemas/index.ts
185
+ import { CallbackOptsSchema, ResponseMode, ResponseType } from "@sphereon/did-auth-siop";
186
+ import { z } from "zod";
187
+ var ResponseTypeSchema = z.enum([
188
+ ResponseType.VP_TOKEN
189
+ ]);
190
+ var ResponseModeSchema = z.enum([
191
+ ResponseMode.DIRECT_POST,
192
+ ResponseMode.DIRECT_POST_JWT
193
+ ]);
194
+ var requestUriMethods = [
195
+ "get",
196
+ "post"
197
+ ];
198
+ var RequestUriMethodSchema = z.enum(requestUriMethods);
199
+ var QRCodeOptsSchema = z.object({
200
+ size: z.number().optional(),
201
+ color_dark: z.string().optional(),
202
+ color_light: z.string().optional()
203
+ });
204
+ var CreateAuthorizationRequestBodySchema = z.object({
205
+ query_id: z.string(),
206
+ client_id: z.string().optional(),
207
+ request_uri_base: z.string().optional(),
208
+ correlation_id: z.string().optional(),
209
+ request_uri_method: RequestUriMethodSchema.optional(),
210
+ response_type: ResponseTypeSchema.optional(),
211
+ response_mode: ResponseModeSchema.optional(),
212
+ transaction_data: z.array(z.string()).optional(),
213
+ qr_code: QRCodeOptsSchema.optional(),
214
+ direct_post_response_redirect_uri: z.string().optional(),
215
+ callback: CallbackOptsSchema.optional()
216
+ });
217
+ var CreateAuthorizationResponseSchema = z.object({
218
+ correlation_id: z.string(),
219
+ query_id: z.string(),
220
+ request_uri: z.string(),
221
+ status_uri: z.string(),
222
+ qr_uri: z.string().optional()
223
+ });
224
+
225
+ // src/universal-oid4vp-api-functions.ts
226
+ function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
160
227
  if (opts?.enabled === false) {
161
- console.log(`createAuthRequest Webapp endpoint is disabled`);
228
+ console.log(`createAuthRequest universal OID4VP endpoint is disabled`);
162
229
  return;
163
230
  }
164
- const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests";
165
- router.post(path, checkAuth2(opts?.endpoint), async (request, response) => {
231
+ const path = opts?.path ?? "/backend/auth/requests";
232
+ router.post(path, checkAuth2(opts?.endpoint), validateData(CreateAuthorizationRequestBodySchema), async (request, response) => {
166
233
  try {
167
- const definitionId = request.params.definitionId;
168
- if (!definitionId) {
169
- return sendErrorResponse2(response, 400, "No definitionId query parameter provided");
234
+ const correlationId = request.body.correlation_id ?? uuid.uuid();
235
+ const qrCodeOpts = request.body.qr_code ?? opts?.qrCodeOpts;
236
+ const queryId = request.body.query_id;
237
+ const directPostResponseRedirectUri = request.body.direct_post_response_redirect_uri;
238
+ const requestUriBase = request.body.request_uri_base;
239
+ const callback = request.body.callback;
240
+ const definitionItems = await context.agent.pdmGetDefinitions({
241
+ filter: [
242
+ {
243
+ definitionId: queryId
244
+ }
245
+ ]
246
+ });
247
+ if (definitionItems.length === 0) {
248
+ console.log(`No query could be found for the given id. Query id: ${queryId}`);
249
+ return sendErrorResponse2(response, 404, {
250
+ status: 404,
251
+ message: "No query could be found"
252
+ });
170
253
  }
171
- const state = request.body.state ?? uuid.uuid();
172
- const correlationId = request.body.correlationId ?? state;
173
- const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts;
174
- const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {
175
- baseURI: opts?.siopBaseURI
254
+ const requestByReferenceURI = uriWithBase(`/siop/definitions/${queryId}/auth-requests/${correlationId}`, {
255
+ baseURI: requestUriBase ?? opts?.siopBaseURI
176
256
  });
177
- const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, {
257
+ const responseURI = uriWithBase(`/siop/definitions/${queryId}/auth-responses/${correlationId}`, {
178
258
  baseURI: opts?.siopBaseURI
179
259
  });
180
- const responseRedirectURI = ("response_redirect_uri" in request.body && request.body.response_redirect_uri) ?? ("responseRedirectURI" in request.body && request.body.responseRedirectURI);
181
260
  const authRequestURI = await context.agent.siopCreateAuthRequestURI({
182
- definitionId,
261
+ queryId,
183
262
  correlationId,
184
- state,
185
263
  nonce: uuid.uuid(),
186
264
  requestByReferenceURI,
187
265
  responseURIType: "response_uri",
188
266
  responseURI,
189
- ...responseRedirectURI && {
190
- responseRedirectURI
191
- }
267
+ ...directPostResponseRedirectUri && {
268
+ responseRedirectURI: directPostResponseRedirectUri
269
+ },
270
+ callback
192
271
  });
193
272
  let qrCodeDataUri;
194
273
  if (qrCodeOpts) {
@@ -200,133 +279,131 @@ function createAuthRequestWebappEndpoint(router, context, opts) {
200
279
  qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw()).toString("base64")}`;
201
280
  }
202
281
  const authRequestBody = {
203
- correlationId,
204
- state,
205
- definitionId,
206
- authRequestURI,
207
- authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? "/webapp/auth-status", {
282
+ query_id: queryId,
283
+ correlation_id: correlationId,
284
+ request_uri: authRequestURI,
285
+ status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, {
208
286
  baseURI: opts?.webappBaseURI
209
287
  })}`,
210
288
  ...qrCodeDataUri && {
211
- qrCodeDataUri
289
+ qr_uri: qrCodeDataUri
212
290
  }
213
291
  };
214
292
  console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`);
215
- return response.json(authRequestBody);
293
+ return response.status(201).json(authRequestBody);
216
294
  } catch (error) {
217
- return sendErrorResponse2(response, 500, "Could not create an authorization request URI", error);
295
+ return sendErrorResponse2(response, 500, {
296
+ status: 500,
297
+ message: "Could not create an authorization request URI"
298
+ }, error);
218
299
  }
219
300
  });
220
301
  }
221
- __name(createAuthRequestWebappEndpoint, "createAuthRequestWebappEndpoint");
222
- function authStatusWebappEndpoint(router, context, opts) {
302
+ __name(createAuthRequestUniversalOID4VPEndpoint, "createAuthRequestUniversalOID4VPEndpoint");
303
+ function removeAuthRequestStateUniversalOID4VPEndpoint(router, context, opts) {
223
304
  if (opts?.enabled === false) {
224
- console.log(`authStatus Webapp endpoint is disabled`);
305
+ console.log(`removeAuthStatus universal OID4VP endpoint is disabled`);
225
306
  return;
226
307
  }
227
- const path = opts?.path ?? "/webapp/auth-status";
228
- router.post(path, checkAuth2(opts?.endpoint), async (request, response) => {
308
+ const path = opts?.path ?? "/backend/auth/requests/:correlationId";
309
+ router.delete(path, checkAuth2(opts?.endpoint), async (request, response) => {
229
310
  try {
230
- console.log("Received auth-status request...");
231
- const correlationId = request.body.correlationId;
232
- const definitionId = request.body.definitionId;
233
- const requestState = correlationId && definitionId ? await context.agent.siopGetAuthRequestState({
311
+ const correlationId = request.params.correlationId;
312
+ const authRequestState = await context.agent.siopGetAuthRequestState({
234
313
  correlationId,
235
- definitionId,
236
314
  errorOnNotFound: false
237
- }) : void 0;
238
- if (!requestState || !definitionId || !correlationId) {
239
- console.log(`No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`);
240
- response.statusCode = 404;
241
- const statusBody2 = {
242
- status: requestState ? requestState.status : "error",
243
- error: "No authentication request mapping could be found for the given URL.",
244
- correlationId,
245
- definitionId,
246
- lastUpdated: requestState ? requestState.lastUpdated : Date.now()
247
- };
248
- return response.json(statusBody2);
315
+ });
316
+ if (!authRequestState) {
317
+ console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
318
+ return sendErrorResponse2(response, 404, {
319
+ status: 404,
320
+ message: "No authorization request could be found"
321
+ });
249
322
  }
250
- let includeVerifiedData = VerifiedDataMode.NONE;
251
- if ("includeVerifiedData" in request.body) {
252
- includeVerifiedData = request.body.includeVerifiedData;
323
+ await context.agent.siopDeleteAuthState({
324
+ correlationId
325
+ });
326
+ return response.status(204).json();
327
+ } catch (error) {
328
+ return sendErrorResponse2(response, 500, {
329
+ status: 500,
330
+ message: error.message
331
+ }, error);
332
+ }
333
+ });
334
+ }
335
+ __name(removeAuthRequestStateUniversalOID4VPEndpoint, "removeAuthRequestStateUniversalOID4VPEndpoint");
336
+ function authStatusUniversalOID4VPEndpoint(router, context, opts) {
337
+ if (opts?.enabled === false) {
338
+ console.log(`authStatus universal OID4VP endpoint is disabled`);
339
+ return;
340
+ }
341
+ const path = opts?.path ?? "/backend/auth/status/:correlationId";
342
+ router.get(path, checkAuth2(opts?.endpoint), async (request, response) => {
343
+ try {
344
+ console.log("Received auth-status request...");
345
+ const correlationId = request.params.correlationId;
346
+ const requestState = await context.agent.siopGetAuthRequestState({
347
+ correlationId,
348
+ errorOnNotFound: false
349
+ });
350
+ if (!requestState) {
351
+ console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`);
352
+ return sendErrorResponse2(response, 404, {
353
+ status: 404,
354
+ message: "No authorization request could be found"
355
+ });
253
356
  }
254
357
  let responseState;
255
- if (requestState.status === "sent") {
358
+ if (requestState.status === "authorization_request_created") {
256
359
  responseState = await context.agent.siopGetAuthResponseState({
257
360
  correlationId,
258
- definitionId,
259
- includeVerifiedData,
260
361
  errorOnNotFound: false
261
362
  });
262
363
  }
263
364
  const overallState = responseState ?? requestState;
264
365
  const statusBody = {
265
366
  status: overallState.status,
266
- ...overallState.error ? {
267
- error: overallState.error?.message
268
- } : {},
269
- correlationId,
270
- definitionId,
271
- lastUpdated: overallState.lastUpdated,
272
- ...responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED ? {
273
- payload: await responseState.response.mergedPayloads({
274
- hasher: defaultHasher
275
- }),
276
- verifiedData: responseState.verifiedData
277
- } : {}
367
+ correlation_id: overallState.correlationId,
368
+ query_id: overallState.queryId,
369
+ last_updated: overallState.lastUpdated,
370
+ ...responseState?.status === AuthorizationResponseStateStatus.VERIFIED && responseState.verifiedData !== void 0 && {
371
+ verified_data: responseState.verifiedData
372
+ },
373
+ ...overallState.error && {
374
+ message: overallState.error.message
375
+ }
278
376
  };
279
377
  console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`);
280
378
  if (overallState.status === "error") {
281
- response.statusCode = 500;
282
- return response.json(statusBody);
379
+ return response.status(500).json(statusBody);
283
380
  }
284
- response.statusCode = 200;
285
- return response.json(statusBody);
286
- } catch (error) {
287
- return sendErrorResponse2(response, 500, error.message, error);
288
- }
289
- });
290
- }
291
- __name(authStatusWebappEndpoint, "authStatusWebappEndpoint");
292
- function removeAuthRequestStateWebappEndpoint(router, context, opts) {
293
- if (opts?.enabled === false) {
294
- console.log(`removeAuthStatus Webapp endpoint is disabled`);
295
- return;
296
- }
297
- const path = opts?.path ?? "/webapp/definitions/:definitionId/auth-requests/:correlationId";
298
- router.delete(path, checkAuth2(opts?.endpoint), async (request, response) => {
299
- try {
300
- const correlationId = request.params.correlationId;
301
- const definitionId = request.params.definitionId;
302
- if (!correlationId || !definitionId) {
303
- console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`);
304
- return sendErrorResponse2(response, 404, "No authorization request could be found");
305
- }
306
- response.statusCode = 200;
307
- return response.json(await context.agent.siopDeleteAuthState({
308
- definitionId,
309
- correlationId
310
- }));
381
+ return response.status(200).json(statusBody);
311
382
  } catch (error) {
312
- return sendErrorResponse2(response, 500, error.message, error);
383
+ return sendErrorResponse2(response, 500, {
384
+ status: 500,
385
+ message: error.message
386
+ }, error);
313
387
  }
314
388
  });
315
389
  }
316
- __name(removeAuthRequestStateWebappEndpoint, "removeAuthRequestStateWebappEndpoint");
390
+ __name(authStatusUniversalOID4VPEndpoint, "authStatusUniversalOID4VPEndpoint");
317
391
  function getDefinitionsEndpoint(router, context, opts) {
318
392
  if (opts?.enabled === false) {
319
- console.log(`getDefinitions Webapp endpoint is disabled`);
393
+ console.log(`getDefinitions universal OID4VP endpoint is disabled`);
320
394
  return;
321
395
  }
322
- const path = opts?.path ?? "/webapp/definitions";
396
+ const path = opts?.path ?? "/backend/definitions";
323
397
  router.get(path, checkAuth2(opts?.endpoint), async (request, response) => {
324
398
  try {
325
399
  const definitions = await context.agent.pdmGetDefinitions();
326
400
  response.statusCode = 200;
327
401
  return response.json(definitions);
328
402
  } catch (error) {
329
- return sendErrorResponse2(response, 500, error.message, error);
403
+ return sendErrorResponse2(response, 500, {
404
+ status: 500,
405
+ message: error.message
406
+ }, error);
330
407
  }
331
408
  });
332
409
  }
@@ -377,9 +454,9 @@ var SIOPv2RPApiServer = class {
377
454
  ];
378
455
  console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`);
379
456
  if (features.includes("rp-status")) {
380
- createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
381
- authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
382
- removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
457
+ createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest);
458
+ authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus);
459
+ removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest);
383
460
  getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions);
384
461
  }
385
462
  if (features.includes("siop")) {
@@ -426,11 +503,11 @@ var SIOPv2RPApiServer = class {
426
503
  };
427
504
  export {
428
505
  SIOPv2RPApiServer,
429
- authStatusWebappEndpoint,
430
- createAuthRequestWebappEndpoint,
506
+ authStatusUniversalOID4VPEndpoint,
507
+ createAuthRequestUniversalOID4VPEndpoint,
431
508
  getAuthRequestSIOPv2Endpoint,
432
509
  getDefinitionsEndpoint,
433
- removeAuthRequestStateWebappEndpoint,
510
+ removeAuthRequestStateUniversalOID4VPEndpoint,
434
511
  verifyAuthResponseSIOPv2Endpoint
435
512
  };
436
513
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/siop-api-functions.ts","../src/webapp-api-functions.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, definitionId, tenantId, version } = request.params\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.log('Authorization Response (siop-sessions')\n console.log(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })\n if (definitionItems.length === 0) {\n console.log(`Could not get definition ${definitionId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${definitionId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n definitionId,\n dcqlQueryPayload: definitionItem.dcqlPayload,\n })\n\n // FIXME SSISDK-55 add proper support for checking for DCQL presentations\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && Object.keys(presentation).length > 0) {\n console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, definitionId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const definitionId = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n definitionId,\n state: 'sent',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'\n\nexport function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n // if (!request.agent) throw Error('No agent configured')\n const definitionId = request.params.definitionId\n if (!definitionId) {\n return sendErrorResponse(response, 400, 'No definitionId query parameter provided')\n }\n const state: string = request.body.state ?? uuid.uuid()\n const correlationId = request.body.correlationId ?? state\n const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts\n\n const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {\n baseURI: opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })\n // first version is for backwards compat\n const responseRedirectURI =\n ('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??\n ('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n definitionId,\n correlationId,\n state,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(responseRedirectURI && { responseRedirectURI }),\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n }\n const authRequestBody: GenerateAuthRequestURIResponse = {\n correlationId,\n state,\n definitionId,\n authRequestURI,\n authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qrCodeDataUri }),\n }\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n return response.json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not create an authorization request URI', error)\n }\n })\n}\n\nexport function authStatusWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/auth-status'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.body.correlationId as string\n const definitionId: string = request.body.definitionId as string\n\n const requestState =\n correlationId && definitionId\n ? await context.agent.siopGetAuthRequestState({\n correlationId,\n definitionId,\n errorOnNotFound: false,\n })\n : undefined\n if (!requestState || !definitionId || !correlationId) {\n console.log(\n `No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,\n )\n response.statusCode = 404\n const statusBody: AuthStatusResponse = {\n status: requestState ? requestState.status : 'error',\n error: 'No authentication request mapping could be found for the given URL.',\n correlationId,\n definitionId,\n lastUpdated: requestState ? requestState.lastUpdated : Date.now(),\n }\n return response.json(statusBody)\n }\n\n let includeVerifiedData: VerifiedDataMode = VerifiedDataMode.NONE\n if ('includeVerifiedData' in request.body) {\n includeVerifiedData = request.body.includeVerifiedData as VerifiedDataMode\n }\n\n let responseState\n if (requestState.status === 'sent') {\n responseState = (await context.agent.siopGetAuthResponseState({\n correlationId,\n definitionId,\n includeVerifiedData: includeVerifiedData,\n errorOnNotFound: false,\n })) as AuthorizationResponseStateWithVerifiedData\n }\n const overallState: AuthorizationRequestState | AuthorizationResponseStateWithVerifiedData = responseState ?? requestState\n\n const statusBody: AuthStatusResponse = {\n status: overallState.status,\n ...(overallState.error ? { error: overallState.error?.message } : {}),\n correlationId,\n definitionId,\n lastUpdated: overallState.lastUpdated,\n ...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED\n ? {\n payload: await responseState.response.mergedPayloads({ hasher: defaultHasher }),\n verifiedData: responseState.verifiedData,\n }\n : {}),\n }\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n if (overallState.status === 'error') {\n response.statusCode = 500\n return response.json(statusBody)\n }\n response.statusCode = 200\n return response.json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function removeAuthRequestStateWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n const definitionId: string = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n response.statusCode = 200\n return response.json(await context.agent.siopDeleteAuthState({ definitionId, correlationId }))\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions Webapp endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/webapp/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, error.message, error)\n }\n })\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusWebappEndpoint,\n createAuthRequestWebappEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateWebappEndpoint,\n} from './webapp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestWebappEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusWebappEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateWebappEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;AACA,SAASA,WAAgCC,yBAAyB;AAElE,SAASC,wBAAwB;AAIjC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,cAAcC,UAAUC,QAAO,IAAK7B,QAAQ8B;AACnE,UAAI,CAACJ,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAET;YAAcC;YAAUC;UAAQ;;MAAG,CAAA;AAC9G,UAAII,gBAAgBI,WAAW,GAAG;AAChC7B,gBAAQC,IAAI,4BAA4BkB,YAAAA,8BAA0C;AAClFF,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB,iBAAiBZ,YAAAA;AAC1C,eAAOF,SAASe,KAAI;MACtB;AAEA,YAAMC,wBAAwB1C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAMzB,QAAQgB,MAAMU,uBAAuB;QAClEH;QACAf;QACAC;QACAkB,kBAAkBH,eAAeI;MACnC,CAAA;AAGA,YAAMC,eAAeJ,kBAAkBK,kBAAkBD;AACzD,UAAIA,gBAAgBE,OAAOC,KAAKH,YAAAA,EAAcV,SAAS,GAAG;AACxD7B,gBAAQC,IAAI,mBAAmBJ,KAAK2B,UAAUW,kBAAkBK,kBAAkBD,cAAc,MAAM,CAAA,CAAA;AACtGtB,iBAASa,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBjB;QACzD;AACA,YAAIe,sBAAsBY,gBAAgB;AACxC5B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAUmB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMrC,QAAQgB,MAAMsB,mBAAmB;UAAE9B;UAAeC;UAAc8B,OAAOd,iBAAiBc;QAAM,CAAA;AAChI,YAAIF,qBAAqB;AACvB9B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAU;YAAE0B,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACL/C,gBAAQC,IAAI,+CAAA;AACZgB,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB;MAC3B;AACA,aAAOd,SAASe,KAAI;IACtB,SAASmB,OAAO;AACdnD,cAAQmD,MAAMA,KAAAA;AACd,aAAO5B,kBAAkBN,UAAU,KAAK,gCAAgCkC,KAAAA;IAC1E;EACF,CAAA;AACF;AAjEgB3C;AAmET,SAAS4C,6BAA6B3C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO4C,IAAIxC,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,eAAe3B,QAAQ8B,OAAOH;AACpC,UAAI,CAACD,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMqC,eAAe,MAAM5C,QAAQgB,MAAM6B,wBAAwB;QAC/DrC;QACAC;QACAqC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBtD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,YAAAA,EAAc;AAElJ,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAMwC,gBAAgB,MAAMH,aAAa9D,SAASiE,eAAeC,MAAAA;AACjE1D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAIwD,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFlC,iBAASa,aAAa;AACtBb,iBAAS6B,UAAU,gBAAgB,iBAAA;AACnC,eAAO7B,SAASe,KAAKyB,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAapD,QAAQoD,EAAEC,UAAUC;AACrE,eAAOtC,kBAAkBN,UAAU,KAAK,uCAAuC0C,CAAAA;MACjF,UAAA;AACE,cAAMjD,QAAQgB,MAAMoC,2BAA2B;UAC7C5C;UACAC;UACA8B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAO5B,kBAAkBN,UAAU,KAAK,uCAAuCkC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;AC9GhB,SAAoCW,wCAAwC;AAC5E,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAA6DC,mBAAmB;AAChF,SAAqDC,wBAAwB;AAC7E,SAASC,aAAaC,qBAAqB;AAE3C,OAAOC,UAAU;AAGV,SAASC,gCAAgCC,QAAgBC,SAA2BC,MAA2C;AACpI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,+CAA+C;AAC3D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AAEF,YAAMC,eAAeF,QAAQG,OAAOD;AACpC,UAAI,CAACA,cAAc;AACjB,eAAOE,mBAAkBH,UAAU,KAAK,0CAAA;MAC1C;AACA,YAAMI,QAAgBL,QAAQM,KAAKD,SAASE,KAAKA,KAAI;AACrD,YAAMC,gBAAgBR,QAAQM,KAAKE,iBAAiBH;AACpD,YAAMI,aAAaT,QAAQM,KAAKG,cAAcjB,MAAMiB;AAEpD,YAAMC,wBAAwBC,YAAY,qBAAqBT,YAAAA,kBAA8BG,KAAAA,IAAS;QACpGO,SAASpB,MAAMqB;MACjB,CAAA;AACA,YAAMC,cAAcH,YAAY,qBAAqBT,YAAAA,mBAA+BG,KAAAA,IAAS;QAAEO,SAASpB,MAAMqB;MAAY,CAAA;AAE1H,YAAME,uBACH,2BAA2Bf,QAAQM,QAASN,QAAQM,KAAKU,2BACzD,yBAAyBhB,QAAQM,QAASN,QAAQM,KAAKS;AAE1D,YAAME,iBAAiB,MAAM1B,QAAQ2B,MAAMC,yBAAyB;QAClEjB;QACAM;QACAH;QACAe,OAAOb,KAAKA,KAAI;QAChBG;QACAW,iBAAiB;QACjBP;QACA,GAAIC,uBAAuB;UAAEA;QAAoB;MACnD,CAAA;AAEA,UAAIO;AACJ,UAAIb,YAAY;AACd,cAAM,EAAEc,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAGd;UAAYgB,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AACA,YAAMC,kBAAkD;QACtDpB;QACAH;QACAH;QACAe;QACAY,eAAe,GAAGlB,YAAYnB,MAAMsC,wBAAwB,uBAAuB;UAAElB,SAASpB,MAAMuC;QAAc,CAAA,CAAA;QAClH,GAAIT,iBAAiB;UAAEA;QAAc;MACvC;AACA5B,cAAQC,IAAI,uCAAuCqC,KAAKC,UAAUL,eAAAA,CAAAA,EAAkB;AACpF,aAAO3B,SAASiC,KAAKN,eAAAA;IACvB,SAASO,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAK,iDAAiDkC,KAAAA;IAC3F;EACF,CAAA;AACF;AAzDgB9C;AA2DT,SAAS+C,yBAAyB9C,QAAgBC,SAA2BC,MAA0B;AAC5G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wCAAwC;AACpD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACpE,QAAI;AACFP,cAAQC,IAAI,iCAAA;AACZ,YAAMa,gBAAwBR,QAAQM,KAAKE;AAC3C,YAAMN,eAAuBF,QAAQM,KAAKJ;AAE1C,YAAMmC,eACJ7B,iBAAiBN,eACb,MAAMX,QAAQ2B,MAAMoB,wBAAwB;QAC1C9B;QACAN;QACAqC,iBAAiB;MACnB,CAAA,IACAC;AACN,UAAI,CAACH,gBAAgB,CAACnC,gBAAgB,CAACM,eAAe;AACpDd,gBAAQC,IACN,oFAAoFa,aAAAA,mBAAgCN,YAAAA,EAAc;AAEpID,iBAASwC,aAAa;AACtB,cAAMC,cAAiC;UACrCC,QAAQN,eAAeA,aAAaM,SAAS;UAC7CR,OAAO;UACP3B;UACAN;UACA0C,aAAaP,eAAeA,aAAaO,cAAcC,KAAKC,IAAG;QACjE;AACA,eAAO7C,SAASiC,KAAKQ,WAAAA;MACvB;AAEA,UAAIK,sBAAwCC,iBAAiBC;AAC7D,UAAI,yBAAyBjD,QAAQM,MAAM;AACzCyC,8BAAsB/C,QAAQM,KAAKyC;MACrC;AAEA,UAAIG;AACJ,UAAIb,aAAaM,WAAW,QAAQ;AAClCO,wBAAiB,MAAM3D,QAAQ2B,MAAMiC,yBAAyB;UAC5D3C;UACAN;UACA6C;UACAR,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMa,eAAuFF,iBAAiBb;AAE9G,YAAMK,aAAiC;QACrCC,QAAQS,aAAaT;QACrB,GAAIS,aAAajB,QAAQ;UAAEA,OAAOiB,aAAajB,OAAOkB;QAAQ,IAAI,CAAC;QACnE7C;QACAN;QACA0C,aAAaQ,aAAaR;QAC1B,GAAIM,iBAAiBA,cAAcP,WAAWW,iCAAiCC,WAC3E;UACEC,SAAS,MAAMN,cAAcjD,SAASwD,eAAe;YAAEC,QAAQC;UAAc,CAAA;UAC7EC,cAAcV,cAAcU;QAC9B,IACA,CAAC;MACP;AACAlE,cAAQmE,MAAM,0BAA0B7B,KAAKC,UAAUS,UAAAA,CAAAA,EAAa;AACpE,UAAIU,aAAaT,WAAW,SAAS;AACnC1C,iBAASwC,aAAa;AACtB,eAAOxC,SAASiC,KAAKQ,UAAAA;MACvB;AACAzC,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKQ,UAAAA;IACvB,SAASP,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AA3EgBC;AA6ET,SAAS0B,qCAAqCxE,QAAgBC,SAA2BC,MAA0B;AACxH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOyE,OAAOnE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACtE,QAAI;AACF,YAAMO,gBAAwBR,QAAQG,OAAOK;AAC7C,YAAMN,eAAuBF,QAAQG,OAAOD;AAC5C,UAAI,CAACM,iBAAiB,CAACN,cAAc;AACnCR,gBAAQC,IAAI,6EAA6Ea,aAAAA,mBAAgCN,YAAAA,EAAc;AACvI,eAAOE,mBAAkBH,UAAU,KAAK,yCAAA;MAC1C;AACAA,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAK,MAAM3C,QAAQ2B,MAAM8C,oBAAoB;QAAE9D;QAAcM;MAAc,CAAA,CAAA;IAC7F,SAAS2B,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AApBgB2B;AAsBT,SAASG,uBAAuB3E,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,4CAA4C;AACxD;EACF;AACA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO4E,IAAItE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOC,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMkE,cAAc,MAAM5E,QAAQ2B,MAAMkD,kBAAiB;AACzDnE,eAASwC,aAAa;AACtB,aAAOxC,SAASiC,KAAKiC,WAAAA;IACvB,SAAShC,OAAO;AACd,aAAO/B,mBAAkBH,UAAU,KAAKkC,MAAMkB,SAASlB,KAAAA;IACzD;EACF,CAAA;AACF;AAfgB8B;;;ACvKhB,SAASI,oBAAoB;AAC7B,SAASC,iCAAiD;AAG1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,sCAAgC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AAC3EC,+BAAyB,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AACpEC,2CAAqC,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AAChFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["checkAuth","sendErrorResponse","CredentialMapper","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","definitionId","tenantId","version","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQueryPayload","dcqlPayload","presentation","oid4vpSubmission","Object","keys","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","AuthorizationResponseStateStatus","checkAuth","sendErrorResponse","uriWithBase","VerifiedDataMode","shaHasher","defaultHasher","uuid","createAuthRequestWebappEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","request","response","definitionId","params","sendErrorResponse","state","body","uuid","correlationId","qrCodeOpts","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","responseRedirectURI","response_redirect_uri","authRequestURI","agent","siopCreateAuthRequestURI","nonce","responseURIType","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","authStatusURI","webappAuthStatusPath","webappBaseURI","JSON","stringify","json","error","authStatusWebappEndpoint","requestState","siopGetAuthRequestState","errorOnNotFound","undefined","statusCode","statusBody","status","lastUpdated","Date","now","includeVerifiedData","VerifiedDataMode","NONE","responseState","siopGetAuthResponseState","overallState","message","AuthorizationResponseStateStatus","VERIFIED","payload","mergedPayloads","hasher","defaultHasher","verifiedData","debug","removeAuthRequestStateWebappEndpoint","delete","siopDeleteAuthState","getDefinitionsEndpoint","get","definitions","pdmGetDefinitions","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestWebappEndpoint","webappCreateAuthRequest","authStatusWebappEndpoint","webappAuthStatus","removeAuthRequestStateWebappEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
1
+ {"version":3,"sources":["../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/schemas/index.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) || CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, definitionId, tenantId, version } = request.params\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.log('Authorization Response (siop-sessions')\n console.log(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId, tenantId, version }] })\n if (definitionItems.length === 0) {\n console.log(`Could not get definition ${definitionId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${definitionId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n dcqlQueryPayload: definitionItem.dcqlPayload,\n })\n\n // FIXME SSISDK-55 add proper support for checking for DCQL presentations\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && Object.keys(presentation).length > 0) {\n console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, queryId: definitionId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/definitions/:definitionId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const definitionId = request.params.definitionId\n if (!correlationId || !definitionId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n queryId: definitionId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${definitionId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string | undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n queryId: definitionId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport { CreateAuthorizationRequestBodySchema } from './schemas'\nimport {\n CreateAuthorizationRequest,\n CreateAuthorizationRequestResponse,\n CreateAuthorizationResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n AuthStatusResponse,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext\n} from './types'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(path, checkAuth(opts?.endpoint), validateData(CreateAuthorizationRequestBodySchema), async (request: CreateAuthorizationRequest, response: CreateAuthorizationResponse) => {\n try {\n const correlationId = request.body.correlation_id ?? uuid.uuid()\n const qrCodeOpts = request.body.qr_code ?? opts?.qrCodeOpts\n const queryId = request.body.query_id\n const directPostResponseRedirectUri = request.body.direct_post_response_redirect_uri // TODO Uri not URI\n const requestUriBase = request.body.request_uri_base\n const callback = request.body.callback\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId: queryId }] })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/definitions/${queryId}/auth-requests/${correlationId}`, {\n baseURI: requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/definitions/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(directPostResponseRedirectUri && { responseRedirectURI: directPostResponseRedirectUri }),\n callback\n })\n\n let qrCodeDataUri: string | undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationRequestResponse\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n })\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === 'authorization_request_created') {\n responseState = (await context.agent.siopGetAuthResponseState({ correlationId, errorOnNotFound: false }))\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...((responseState?.status === AuthorizationResponseStateStatus.VERIFIED && responseState.verifiedData !== undefined) && { verified_data: responseState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message })\n } satisfies AuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import {\n CallbackOptsSchema,\n RequestUriMethod,\n ResponseMode,\n ResponseType\n} from '@sphereon/did-auth-siop'\nimport { z } from 'zod'\n\nexport const ResponseTypeSchema = z.enum([ResponseType.VP_TOKEN]);\n\nexport const ResponseModeSchema = z.enum([ResponseMode.DIRECT_POST, ResponseMode.DIRECT_POST_JWT]);\n\nconst requestUriMethods = ['get', 'post'] as const satisfies Array<RequestUriMethod>;\nexport const RequestUriMethodSchema = z.enum(requestUriMethods);\n\nexport const QRCodeOptsSchema = z.object({\n size: z.number().optional(),\n color_dark: z.string().optional(),\n color_light: z.string().optional(),\n});\n\nexport const CreateAuthorizationRequestBodySchema = z.object({\n query_id: z.string(),\n client_id: z.string().optional(),\n request_uri_base: z.string().optional(),\n correlation_id: z.string().optional(),\n request_uri_method: RequestUriMethodSchema.optional(),\n response_type: ResponseTypeSchema.optional(),\n response_mode: ResponseModeSchema.optional(),\n transaction_data: z.array(z.string()).optional(),\n qr_code: QRCodeOptsSchema.optional(),\n direct_post_response_redirect_uri: z.string().optional(),\n callback: CallbackOptsSchema.optional(),\n});\n\nexport const CreateAuthorizationResponseSchema = z.object({\n correlation_id: z.string(),\n query_id: z.string(),\n request_uri: z.string(),\n status_uri: z.string(),\n qr_uri: z.string().optional(),\n});\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts | undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;AACA,SAASA,WAAgCC,yBAAyB;AAElE,SAASC,wBAAwB;AAIjC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,cAAcC,UAAUC,QAAO,IAAK7B,QAAQ8B;AACnE,UAAI,CAACJ,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQC,IAAI,uCAAA;AACZD,cAAQC,IAAIJ,KAAK2B,UAAUhC,QAAQI,MAAM,MAAM,CAAA,CAAA;AAC/C,YAAM6B,kBAAkB,MAAMf,QAAQgB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAET;YAAcC;YAAUC;UAAQ;;MAAG,CAAA;AAC9G,UAAII,gBAAgBI,WAAW,GAAG;AAChC7B,gBAAQC,IAAI,4BAA4BkB,YAAAA,8BAA0C;AAClFF,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB,iBAAiBZ,YAAAA;AAC1C,eAAOF,SAASe,KAAI;MACtB;AAEA,YAAMC,wBAAwB1C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK2B,UAAUS,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBT,gBAAgB,CAAA;AACvC,YAAMU,mBAAmB,MAAMzB,QAAQgB,MAAMU,uBAAuB;QAClEH;QACAf;QACAmB,kBAAkBH,eAAeI;MACnC,CAAA;AAGA,YAAMC,eAAeJ,kBAAkBK,kBAAkBD;AACzD,UAAIA,gBAAgBE,OAAOC,KAAKH,YAAAA,EAAcV,SAAS,GAAG;AACxD7B,gBAAQC,IAAI,mBAAmBJ,KAAK2B,UAAUW,kBAAkBK,kBAAkBD,cAAc,MAAM,CAAA,CAAA;AACtGtB,iBAASa,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBjB;QACzD;AACA,YAAIe,sBAAsBY,gBAAgB;AACxC5B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAUmB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMrC,QAAQgB,MAAMsB,mBAAmB;UAAE9B;UAAe+B,SAAS9B;UAAc+B,OAAOf,iBAAiBe;QAAM,CAAA;AACzI,YAAIH,qBAAqB;AACvB9B,mBAAS6B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO7B,SAASe,KAAKnC,KAAK2B,UAAU;YAAE2B,cAAcJ;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACL/C,gBAAQC,IAAI,+CAAA;AACZgB,iBAASa,aAAa;AACtBb,iBAASc,gBAAgB;MAC3B;AACA,aAAOd,SAASe,KAAI;IACtB,SAASoB,OAAO;AACdpD,cAAQoD,MAAMA,KAAAA;AACd,aAAO7B,kBAAkBN,UAAU,KAAK,gCAAgCmC,KAAAA;IAC1E;EACF,CAAA;AACF;AAhEgB5C;AAkET,SAAS6C,6BAA6B5C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO6C,IAAIzC,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,eAAe3B,QAAQ8B,OAAOH;AACpC,UAAI,CAACD,iBAAiB,CAACC,cAAc;AACnCnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,mBAAgCC,YAAAA,EAAc;AACvI,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMsC,eAAe,MAAM7C,QAAQgB,MAAM8B,wBAAwB;QAC/DtC;QACA+B,SAAS9B;QACTsC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBvD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,YAAAA,EAAc;AAElJ,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AACA,YAAMyC,gBAAgB,MAAMH,aAAa/D,SAASkE,eAAeC,MAAAA;AACjE3D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAIyD,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFnC,iBAASa,aAAa;AACtBb,iBAAS6B,UAAU,gBAAgB,iBAAA;AACnC,eAAO7B,SAASe,KAAK0B,aAAAA;MACvB,SAASE,GAAG;AACVR,gBAAQ,OAAOQ,MAAM,WAAWA,IAAIA,aAAarD,QAAQqD,EAAEC,UAAUC;AACrE,eAAOvC,kBAAkBN,UAAU,KAAK,uCAAuC2C,CAAAA;MACjF,UAAA;AACE,cAAMlD,QAAQgB,MAAMqC,2BAA2B;UAC7C7C;UACA+B,SAAS9B;UACT+B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAO7B,kBAAkBN,UAAU,KAAK,uCAAuCmC,KAAAA;IACjF;EACF,CAAA;AACF;AAjDgBC;;;AC7GhB,SAASW,wCAAwC;AACjD,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAASC,mBAAmB;AAE5B,OAAOC,UAAU;;;ACHjB,SAAYC,gBAAgB;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,UAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ACH5B,SACEM,oBAEAC,cACAC,oBACK;AACP,SAASC,SAAS;AAEX,IAAMC,qBAAqBD,EAAEE,KAAK;EAACH,aAAaI;CAAS;AAEzD,IAAMC,qBAAqBJ,EAAEE,KAAK;EAACJ,aAAaO;EAAaP,aAAaQ;CAAgB;AAEjG,IAAMC,oBAAoB;EAAC;EAAO;;AAC3B,IAAMC,yBAAyBR,EAAEE,KAAKK,iBAAAA;AAEtC,IAAME,mBAAmBT,EAAEU,OAAO;EACvCC,MAAMX,EAAEY,OAAM,EAAGC,SAAQ;EACzBC,YAAYd,EAAEe,OAAM,EAAGF,SAAQ;EAC/BG,aAAahB,EAAEe,OAAM,EAAGF,SAAQ;AAClC,CAAA;AAEO,IAAMI,uCAAuCjB,EAAEU,OAAO;EAC3DQ,UAAUlB,EAAEe,OAAM;EAClBI,WAAWnB,EAAEe,OAAM,EAAGF,SAAQ;EAC9BO,kBAAkBpB,EAAEe,OAAM,EAAGF,SAAQ;EACrCQ,gBAAgBrB,EAAEe,OAAM,EAAGF,SAAQ;EACnCS,oBAAoBd,uBAAuBK,SAAQ;EACnDU,eAAetB,mBAAmBY,SAAQ;EAC1CW,eAAepB,mBAAmBS,SAAQ;EAC1CY,kBAAkBzB,EAAE0B,MAAM1B,EAAEe,OAAM,CAAA,EAAIF,SAAQ;EAC9Cc,SAASlB,iBAAiBI,SAAQ;EAClCe,mCAAmC5B,EAAEe,OAAM,EAAGF,SAAQ;EACtDgB,UAAUhC,mBAAmBgB,SAAQ;AACvC,CAAA;AAEO,IAAMiB,oCAAoC9B,EAAEU,OAAO;EACxDW,gBAAgBrB,EAAEe,OAAM;EACxBG,UAAUlB,EAAEe,OAAM;EAClBgB,aAAa/B,EAAEe,OAAM;EACrBiB,YAAYhC,EAAEe,OAAM;EACpBkB,QAAQjC,EAAEe,OAAM,EAAGF,SAAQ;AAC7B,CAAA;;;AFvBO,SAASqB,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KAAKD,MAAME,WAAUN,MAAMO,QAAAA,GAAWC,aAAaC,oCAAAA,GAAuC,OAAOC,SAAqCC,aAAAA;AAC3I,QAAI;AACF,YAAMC,gBAAgBF,QAAQG,KAAKC,kBAAkBC,KAAKA,KAAI;AAC9D,YAAMC,aAAaN,QAAQG,KAAKI,WAAWjB,MAAMgB;AACjD,YAAME,UAAUR,QAAQG,KAAKM;AAC7B,YAAMC,gCAAgCV,QAAQG,KAAKQ;AACnD,YAAMC,iBAAiBZ,QAAQG,KAAKU;AACpC,YAAMC,WAAWd,QAAQG,KAAKW;AAE9B,YAAMC,kBAAkB,MAAM1B,QAAQ2B,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAEC,cAAcX;UAAQ;;MAAG,CAAA;AACpG,UAAIO,gBAAgBK,WAAW,GAAG;AAC9B5B,gBAAQC,IAAI,uDAAuDe,OAAAA,EAAS;AAC5E,eAAOa,mBAAkBpB,UAAU,KAAK;UAAEqB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC9F;AAEA,YAAMC,wBAAwBC,YAAY,qBAAqBjB,OAAAA,kBAAyBN,aAAAA,IAAiB;QACvGwB,SAASd,kBAAkBtB,MAAMqC;MACnC,CAAA;AACA,YAAMC,cAAcH,YAAY,qBAAqBjB,OAAAA,mBAA0BN,aAAAA,IAAiB;QAAEwB,SAASpC,MAAMqC;MAAY,CAAA;AAE7H,YAAME,iBAAiB,MAAMxC,QAAQ2B,MAAMc,yBAAyB;QAClEtB;QACAN;QACA6B,OAAO1B,KAAKA,KAAI;QAChBmB;QACAQ,iBAAiB;QACjBJ;QACA,GAAIlB,iCAAiC;UAAEuB,qBAAqBvB;QAA8B;QAC1FI;MACF,CAAA;AAEA,UAAIoB;AACJ,UAAI5B,YAAY;AACd,cAAM,EAAE6B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMC,SAAS,IAAID,UAAU;UAAE,GAAG7B;UAAY+B,MAAMR;QAAe,CAAA;AACnEK,wBAAgB,0BAA0B,MAAME,OAAOE,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E;AAEA,YAAMC,kBAAkB;QACtB/B,UAAUD;QACVJ,gBAAgBF;QAChBuC,aAAaZ;QACba,YAAY,GAAGjB,YAAYnC,MAAMqD,wBAAwB,wBAAwBzC,aAAAA,IAAiB;UAAEwB,SAASpC,MAAMsD;QAAc,CAAA,CAAA;QACjI,GAAIV,iBAAiB;UAAEW,QAAQX;QAAc;MAC/C;AACA1C,cAAQC,IAAI,uCAAuCqD,KAAKC,UAAUP,eAAAA,CAAAA,EAAkB;AAEpF,aAAOvC,SAASqB,OAAO,GAAA,EAAK0B,KAAKR,eAAAA;IACnC,SAASS,OAAO;AACd,aAAO5B,mBAAkBpB,UAAU,KAAK;QAAEqB,QAAQ;QAAKC,SAAS;MAAgD,GAAG0B,KAAAA;IACrH;EACF,CAAA;AACF;AA3DgB9D;AA6DT,SAAS+D,8CAA8C9D,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO+D,OAAOzD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMC,gBAAwBF,QAAQoD,OAAOlD;AAE7C,YAAMmD,mBAAmB,MAAMhE,QAAQ2B,MAAMsC,wBAAwB;QACnEpD;QACAqD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB7D,gBAAQC,IAAI,uFAAuFS,aAAAA,EAAe;AAClH,eAAOmB,mBAAkBpB,UAAU,KAAK;UAAEqB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAMlC,QAAQ2B,MAAMwC,oBAAoB;QAAEtD;MAAc,CAAA;AAExD,aAAOD,SAASqB,OAAO,GAAA,EAAK0B,KAAI;IAClC,SAASC,OAAO;AACd,aAAO5B,mBAAkBpB,UAAU,KAAK;QAAEqB,QAAQ;QAAKC,SAAS0B,MAAM1B;MAAQ,GAAG0B,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCrE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOsE,IAAIhE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMS,gBAAwBF,QAAQoD,OAAOlD;AAE7C,YAAMyD,eAAe,MAAMtE,QAAQ2B,MAAMsC,wBAAwB;QAC/DpD;QACAqD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBnE,gBAAQC,IAAI,uFAAuFS,aAAAA,EAAe;AAClH,eAAOmB,mBAAkBpB,UAAU,KAAK;UAAEqB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAIqC;AACJ,UAAID,aAAarC,WAAW,iCAAiC;AAC3DsC,wBAAiB,MAAMvE,QAAQ2B,MAAM6C,yBAAyB;UAAE3D;UAAeqD,iBAAiB;QAAM,CAAA;MACxG;AACA,YAAMO,eAAeF,iBAAiBD;AAEtC,YAAMI,aAAa;QACjBzC,QAAQwC,aAAaxC;QACrBlB,gBAAgB0D,aAAa5D;QAC7BO,UAAUqD,aAAatD;QACvBwD,cAAcF,aAAaG;QAC3B,GAAKL,eAAetC,WAAW4C,iCAAiCC,YAAYP,cAAcQ,iBAAiBC,UAAc;UAAEC,eAAeV,cAAcQ;QAAa;QACrK,GAAIN,aAAab,SAAS;UAAE1B,SAASuC,aAAab,MAAM1B;QAAQ;MAClE;AACA/B,cAAQ+E,MAAM,0BAA0BzB,KAAKC,UAAUgB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAaxC,WAAW,SAAS;AACnC,eAAOrB,SAASqB,OAAO,GAAA,EAAK0B,KAAKe,UAAAA;MACnC;AACA,aAAO9D,SAASqB,OAAO,GAAA,EAAK0B,KAAKe,UAAAA;IACnC,SAASd,OAAO;AACd,aAAO5B,mBAAkBpB,UAAU,KAAK;QAAEqB,QAAQ;QAAKC,SAAS0B,MAAM1B;MAAQ,GAAG0B,KAAAA;IACnF;EACF,CAAA;AACF;AA9CgBQ;AAgDT,SAASe,uBAAuBpF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOsE,IAAIhE,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMwE,cAAc,MAAMpF,QAAQ2B,MAAMC,kBAAiB;AACzDhB,eAASyE,aAAa;AACtB,aAAOzE,SAAS+C,KAAKyB,WAAAA;IACvB,SAASxB,OAAO;AACd,aAAO5B,mBAAkBpB,UAAU,KAAK;QAAEqB,QAAQ;QAAKC,SAAS0B,MAAM1B;MAAQ,GAAG0B,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBuB;;;AG5JhB,SAASG,oBAAoB;AAC7B,SAASC,iCAAiD;AAG1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["checkAuth","sendErrorResponse","CredentialMapper","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","definitionId","tenantId","version","params","sendErrorResponse","stringify","definitionItems","agent","pdmGetDefinitions","filter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQueryPayload","dcqlPayload","presentation","oid4vpSubmission","Object","keys","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","queryId","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","toJwt","e","message","undefined","siopUpdateAuthRequestState","AuthorizationResponseStateStatus","checkAuth","sendErrorResponse","uriWithBase","uuid","ZodError","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","CallbackOptsSchema","ResponseMode","ResponseType","z","ResponseTypeSchema","enum","VP_TOKEN","ResponseModeSchema","DIRECT_POST","DIRECT_POST_JWT","requestUriMethods","RequestUriMethodSchema","QRCodeOptsSchema","object","size","number","optional","color_dark","string","color_light","CreateAuthorizationRequestBodySchema","query_id","client_id","request_uri_base","correlation_id","request_uri_method","response_type","response_mode","transaction_data","array","qr_code","direct_post_response_redirect_uri","callback","CreateAuthorizationResponseSchema","request_uri","status_uri","qr_uri","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestBodySchema","request","response","correlationId","body","correlation_id","uuid","qrCodeOpts","qr_code","queryId","query_id","directPostResponseRedirectUri","direct_post_response_redirect_uri","requestUriBase","request_uri_base","callback","definitionItems","agent","pdmGetDefinitions","filter","definitionId","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","responseRedirectURI","qrCodeDataUri","AwesomeQR","qrCode","text","draw","toString","authRequestBody","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","AuthorizationResponseStateStatus","VERIFIED","verifiedData","undefined","verified_data","debug","getDefinitionsEndpoint","definitions","statusCode","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}