npm - @sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api - Versions diffs - 0.34.1-fix.226 → 0.34.1-fix.254 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-fix.226 → 0.34.1-fix.254

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.cjs +30 -30
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +8 -1
package/dist/index.d.ts +8 -1
package/dist/index.js +30 -30
package/dist/index.js.map +1 -1
package/package.json +21 -19
package/src/siop-api-functions.ts +22 -16
package/src/universal-oid4vp-api-functions.ts +4 -6

package/dist/index.cjs CHANGED Viewed

@@ -33,6 +33,7 @@ var index_exports = {};
 __export(index_exports, {
   SIOPv2RPApiServer: () => SIOPv2RPApiServer,
   authStatusUniversalOID4VPEndpoint: () => authStatusUniversalOID4VPEndpoint,
+  buildQueryIdFilter: () => buildQueryIdFilter,
   createAuthRequestUniversalOID4VPEndpoint: () => createAuthRequestUniversalOID4VPEndpoint,
   getAuthRequestSIOPv2Endpoint: () => getAuthRequestSIOPv2Endpoint,
   getDefinitionsEndpoint: () => getDefinitionsEndpoint,
@@ -44,6 +45,7 @@ module.exports = __toCommonJS(index_exports);
 // src/siop-api-functions.ts
 var import_ssi_express_support = require("@sphereon/ssi-express-support");
 var import_ssi_types = require("@sphereon/ssi-types");
+var import_uuid = require("uuid");
 var parseAuthorizationResponse = /* @__PURE__ */ __name((request) => {
   const contentType = request.header("content-type");
   if (contentType === "application/json") {
@@ -66,6 +68,9 @@ var parseAuthorizationResponse = /* @__PURE__ */ __name((request) => {
   }
   throw new Error(`Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`);
 }, "parseAuthorizationResponse");
+var validatePresentationSubmission = /* @__PURE__ */ __name((query, submission) => {
+  return query.credentials.every((credential) => credential.id in submission);
+}, "validatePresentationSubmission");
 function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
   if (opts?.enabled === false) {
     console.log(`verifyAuthResponse SIOP endpoint is disabled`);
@@ -82,20 +87,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
       console.debug("Authorization Response (siop-sessions");
       console.debug(JSON.stringify(request.body, null, 2));
       const definitionItems = await context.agent.pdmGetDefinitions({
-        filter: [
-          {
-            queryId,
-            ...tenantId && {
-              tenantId
-            },
-            ...version && {
-              version
-            }
-          },
-          {
-            id: queryId
-          }
-        ]
+        filter: buildQueryIdFilter(queryId, tenantId, version)
       });
       if (definitionItems.length === 0) {
         console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
@@ -112,8 +104,8 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
         dcqlQuery: definitionItem.query
       });
       const presentation = verifiedResponse?.oid4vpSubmission?.presentation;
-      if (presentation && Object.keys(presentation).length > 0) {
-        console.log("PRESENTATIONS:" + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2));
+      if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {
+        console.log("PRESENTATIONS:" + JSON.stringify(presentation, null, 2));
         response.statusCode = 200;
         const authorizationChallengeValidationResponse = {
           presentation_during_issuance_session: verifiedResponse.correlationId
@@ -124,7 +116,6 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
         }
         const responseRedirectURI = await context.agent.siopGetRedirectURI({
           correlationId,
-          queryId,
           state: verifiedResponse.state
         });
         if (responseRedirectURI) {
@@ -169,11 +160,7 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
         return (0, import_ssi_express_support.sendErrorResponse)(response, 404, `No authorization request could be found`);
       }
       const definitionItems = await context.agent.pdmGetDefinitions({
-        filter: [
-          {
-            queryId
-          }
-        ]
+        filter: buildQueryIdFilter(queryId)
       });
       if (definitionItems.length === 0) {
         console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
@@ -207,6 +194,26 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
   });
 }
 __name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
+function buildQueryIdFilter(queryId, tenantId, version) {
+  const queryFilter = {
+    queryId,
+    ...tenantId ? {
+      tenantId
+    } : {},
+    ...version ? {
+      version
+    } : {}
+  };
+  return [
+    queryFilter,
+    ...(0, import_uuid.validate)(queryId) ? [
+      {
+        id: queryId
+      }
+    ] : []
+  ];
+}
+__name(buildQueryIdFilter, "buildQueryIdFilter");
 // src/universal-oid4vp-api-functions.ts
 var import_did_auth_siop = require("@sphereon/did-auth-siop");
@@ -257,14 +264,7 @@ function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
       } : opts?.qrCodeOpts;
       const queryId = authRequest.queryId;
       const definitionItems = await context.agent.pdmGetDefinitions({
-        filter: [
-          {
-            id: queryId
-          },
-          {
-            queryId
-          }
-        ]
+        filter: buildQueryIdFilter(queryId)
       });
       if (definitionItems.length === 0) {
         console.log(`No query could be found for the given id. Query id: ${queryId}`);

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["/*\n @public\n /\nexport from './siop-api-functions'\nexport * from './universal-oid4vp-api-functions'\nexport * from './types'\nexport * from './siopv2-rp-api-server'\n","import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) \|\| CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, queryId, tenantId, version } = request.params\n if (!correlationId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.debug('Authorization Response (siop-sessions') // TODO use logger\n console.debug(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n {\n id: queryId,\n },\n ],\n })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n dcqlQuery: definitionItem.query,\n })\n\n // FIXME SSISDK-55 add proper support for checking for DCQL presentations\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && Object.keys(presentation).length > 0) {\n console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, queryId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const queryId = request.params.queryId\n if (!correlationId \|\| !queryId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ queryId }] });\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n const payload = requestState.request?.requestObject?.getPayload()!\n payload.dcql_query = definitionItems[0].query\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string \| undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import {\n AuthorizationRequestStateStatus,\n CreateAuthorizationRequest,\n createAuthorizationRequestFromPayload,\n CreateAuthorizationRequestPayloadSchema,\n CreateAuthorizationResponsePayload,\n} from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport {\n AuthStatusResponse,\n CreateAuthorizationRequestPayloadRequest,\n CreateAuthorizationResponsePayloadResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext,\n QRCodeOpts,\n} from './types'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(\n path,\n checkAuth(opts?.endpoint),\n validateData(CreateAuthorizationRequestPayloadSchema),\n async (request: CreateAuthorizationRequestPayloadRequest, response: CreateAuthorizationResponsePayloadResponse) => {\n try {\n const authRequest: CreateAuthorizationRequest = createAuthorizationRequestFromPayload(request.body)\n const correlationId = authRequest.correlationId ?? uuid.uuid()\n const qrCodeOpts = authRequest.qrCode ? ({ ...authRequest.qrCode } satisfies QRCodeOpts) : opts?.qrCodeOpts\n const queryId = authRequest.queryId\n\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n { id: queryId }, // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version\n { queryId },\n ],\n })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {\n baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(authRequest.directPostResponseRedirectUri && { responseRedirectURI: authRequest.directPostResponseRedirectUri }),\n ...(authRequest.callback && { callback: authRequest.callback }),\n })\n\n let qrCodeDataUri: string \| undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n } else {\n qrCodeDataUri = authRequestURI\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationResponsePayload\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n },\n )\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {\n responseState = await context.agent.siopGetAuthResponseState({\n correlationId,\n errorOnNotFound: false\n })\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...('verifiedData' in overallState && { verified_data: overallState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message })\n } satisfies AuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts \| undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;ACCA,iCAAkE;AAElE,uBAAiC;AAIjC,IAAMA,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,kCAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,SAASC,UAAUC,QAAO,IAAK7B,QAAQ8B;AAC9D,UAAI,CAACJ,eAAe;AAClBlB,gBAAQC,IAAI,6EAA6EiB,aAAAA,EAAe;AACxG,mBAAOK,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQwB,MAAM,uCAAA;AACdxB,cAAQwB,MAAM3B,KAAK4B,UAAUjC,QAAQI,MAAM,MAAM,CAAA,CAAA;AACjD,YAAM8B,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAC5DC,QAAQ;UACN;YACEV;YACA,GAAIC,YAAY;cAAEA;YAAS;YAC3B,GAAIC,WAAW;cAAEA;YAAQ;UAC3B;UACA;YACES,IAAIX;UACN;;MAEJ,CAAA;AACA,UAAIO,gBAAgBK,WAAW,GAAG;AAChC/B,gBAAQC,IAAI,oCAAoCkB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AAEA,YAAMC,wBAAwB5C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK4B,UAAUU,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBV,gBAAgB,CAAA;AACvC,YAAMW,mBAAmB,MAAM3B,QAAQiB,MAAMW,uBAAuB;QAClEH;QACAjB;QACAqB,WAAWH,eAAeI;MAC5B,CAAA;AAGA,YAAMC,eAAeJ,kBAAkBK,kBAAkBD;AACzD,UAAIA,gBAAgBE,OAAOC,KAAKH,YAAAA,EAAcV,SAAS,GAAG;AACxD/B,gBAAQC,IAAI,mBAAmBJ,KAAK4B,UAAUY,kBAAkBK,kBAAkBD,cAAc,MAAM,CAAA,CAAA;AACtGxB,iBAASe,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBnB;QACzD;AACA,YAAIiB,sBAAsBY,gBAAgB;AACxC9B,mBAAS+B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO/B,SAASiB,KAAKrC,KAAK4B,UAAUoB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMvC,QAAQiB,MAAMuB,mBAAmB;UAAEhC;UAAeC;UAASgC,OAAOd,iBAAiBc;QAAM,CAAA;AAC3H,YAAIF,qBAAqB;AACvBhC,mBAAS+B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO/B,SAASiB,KAAKrC,KAAK4B,UAAU;YAAE2B,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLjD,gBAAQC,IAAI,+CAAA;AACZgB,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB;MAC3B;AACA,aAAOhB,SAASiB,KAAI;IACtB,SAASmB,OAAO;AACdrD,cAAQqD,MAAMA,KAAAA;AACd,iBAAO9B,8CAAkBN,UAAU,KAAK,gCAAgCoC,KAAAA;IAC1E;EACF,CAAA;AACF;AA3EgB7C;AA6ET,SAAS8C,6BAA6B7C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO8C,IAAI1C,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,UAAU3B,QAAQ8B,OAAOH;AAC/B,UAAI,CAACD,iBAAiB,CAACC,SAAS;AAC9BnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,cAA2BC,OAAAA,EAAS;AAC7H,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMuC,eAAe,MAAM9C,QAAQiB,MAAM8B,wBAAwB;QAC/DvC;QACAwC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBxD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,OAAAA,EAAS;AAE7I,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAyC;MACnF;AAEA,YAAMS,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAEV;UAAQ;;MAAG,CAAA;AACtF,UAAIO,gBAAgBK,WAAW,GAAG;AAChC/B,gBAAQC,IAAI,oCAAoCkB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AACA,YAAMvC,UAAU6D,aAAahE,SAASmE,eAAeC,WAAAA;AACrDjE,cAAQkE,aAAanC,gBAAgB,CAAA,EAAGc;AACxC,YAAMmB,gBAAgB,MAAMH,aAAahE,SAASmE,eAAeG,MAAAA;AACjE9D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI0D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFpC,iBAASe,aAAa;AACtBf,iBAAS+B,UAAU,gBAAgB,iBAAA;AACnC,eAAO/B,SAASiB,KAAKyB,aAAAA;MACvB,SAASI,GAAG;AACVV,gBAAQ,OAAOU,MAAM,WAAWA,IAAIA,aAAaxD,QAAQwD,EAAEC,UAAUC;AACrE,mBAAO1C,8CAAkBN,UAAU,KAAK,uCAAuC8C,CAAAA;MACjF,UAAA;AACE,cAAMrD,QAAQiB,MAAMuC,2BAA2B;UAC7ChD;UACAiC,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,iBAAO9B,8CAAkBN,UAAU,KAAK,uCAAuCoC,KAAAA;IACjF;EACF,CAAA;AACF;AAzDgBC;;;ACxHhB,2BAMO;AACP,IAAAa,8BAAkE;AAClE,qBAA4B;AAE5B,wBAAiB;;;ACTjB,iBAA4B;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,qBAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ADoBrB,SAASM,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KACLD,UACAE,uCAAUN,MAAMO,QAAAA,GAChBC,aAAaC,4DAAAA,GACb,OAAOC,SAAmDC,aAAAA;AACxD,QAAI;AACF,YAAMC,kBAA0CC,4DAAsCH,QAAQI,IAAI;AAClG,YAAMC,gBAAgBH,YAAYG,iBAAiBC,kBAAAA,QAAKA,KAAI;AAC5D,YAAMC,aAAaL,YAAYM,SAAU;QAAE,GAAGN,YAAYM;MAAO,IAA0BlB,MAAMiB;AACjG,YAAME,UAAUP,YAAYO;AAE5B,YAAMC,kBAAkB,MAAMrB,QAAQsB,MAAMC,kBAAkB;QAC5DC,QAAQ;UACN;YAAEC,IAAIL;UAAQ;UACd;YAAEA;UAAQ;;MAEd,CAAA;AACA,UAAIC,gBAAgBK,WAAW,GAAG;AAChCvB,gBAAQC,IAAI,uDAAuDgB,OAAAA,EAAS;AAC5E,mBAAOO,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC5F;AAEA,YAAMC,4BAAwBC,4BAAY,iBAAiBX,OAAAA,kBAAyBJ,aAAAA,IAAiB;QACnGgB,SAASnB,YAAYoB,kBAAkBhC,MAAMiC;MAC/C,CAAA;AACA,YAAMC,kBAAcJ,4BAAY,iBAAiBX,OAAAA,mBAA0BJ,aAAAA,IAAiB;QAAEgB,SAAS/B,MAAMiC;MAAY,CAAA;AAEzH,YAAME,iBAAiB,MAAMpC,QAAQsB,MAAMe,yBAAyB;QAClEjB;QACAJ;QACAsB,OAAOrB,kBAAAA,QAAKA,KAAI;QAChBa;QACAS,iBAAiB;QACjBJ;QACA,GAAItB,YAAY2B,iCAAiC;UAAEC,qBAAqB5B,YAAY2B;QAA8B;QAClH,GAAI3B,YAAY6B,YAAY;UAAEA,UAAU7B,YAAY6B;QAAS;MAC/D,CAAA;AAEA,UAAIC;AACJ,UAAIzB,YAAY;AACd,cAAM,EAAE0B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMzB,SAAS,IAAIyB,UAAU;UAAE,GAAG1B;UAAY2B,MAAMT;QAAe,CAAA;AACnEO,wBAAgB,0BAA0B,MAAMxB,OAAO2B,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E,OAAO;AACLJ,wBAAgBP;MAClB;AAEA,YAAMY,kBAAkB;QACtBC,UAAU7B;QACV8B,gBAAgBlC;QAChBmC,aAAaf;QACbgB,YAAY,OAAGrB,4BAAY9B,MAAMoD,wBAAwB,wBAAwBrC,aAAAA,IAAiB;UAAEgB,SAAS/B,MAAMqD;QAAc,CAAA,CAAA;QACjI,GAAIX,iBAAiB;UAAEY,QAAQZ;QAAc;MAC/C;AACAxC,cAAQC,IAAI,uCAAuCoD,KAAKC,UAAUT,eAAAA,CAAAA,EAAkB;AAEpF,aAAOpC,SAASgB,OAAO,GAAA,EAAK8B,KAAKV,eAAAA;IACnC,SAASW,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS;MAAgD,GAAG8B,KAAAA;IACrH;EACF,CAAA;AAEJ;AArEgB7D;AAuET,SAAS8D,8CAA8C7D,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO8D,OAAOxD,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMI,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAM+C,mBAAmB,MAAM/D,QAAQsB,MAAM0C,wBAAwB;QACnEhD;QACAiD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB5D,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,mBAAOW,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAM7B,QAAQsB,MAAM4C,oBAAoB;QAAElD;MAAc,CAAA;AAExD,aAAOJ,SAASgB,OAAO,GAAA,EAAK8B,KAAI;IAClC,SAASC,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCpE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMY,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAMqD,eAAe,MAAMrE,QAAQsB,MAAM0C,wBAAwB;QAC/DhD;QACAiD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBlE,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,mBAAOW,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAIyC;AACJ,UAAID,aAAazC,WAAW2C,qDAAgCC,WAAW;AACrEF,wBAAgB,MAAMtE,QAAQsB,MAAMmD,yBAAyB;UAC3DzD;UACAiD,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMS,eAAeJ,iBAAiBD;AAEtC,YAAMM,aAAa;QACjB/C,QAAQ8C,aAAa9C;QACrBsB,gBAAgBwB,aAAa1D;QAC7BiC,UAAUyB,aAAatD;QACvBwD,cAAcF,aAAaG;QAC3B,GAAI,kBAAkBH,gBAAgB;UAAEI,eAAeJ,aAAaK;QAAa;QACjF,GAAIL,aAAaf,SAAS;UAAE9B,SAAS6C,aAAaf,MAAM9B;QAAQ;MAClE;AACA1B,cAAQ6E,MAAM,0BAA0BxB,KAAKC,UAAUkB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAa9C,WAAW,SAAS;AACnC,eAAOhB,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;MACnC;AACA,aAAO/D,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;IACnC,SAAShB,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAjDgBQ;AAmDT,SAASc,uBAAuBlF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMsE,cAAc,MAAMlF,QAAQsB,MAAMC,kBAAiB;AACzDX,eAASuE,aAAa;AACtB,aAAOvE,SAAS8C,KAAKwB,WAAAA;IACvB,SAASvB,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBsB;;;AE9KhB,IAAAG,kBAA6B;AAC7B,IAAAC,8BAA0D;AAG1D,qBAA4D;AAS5D,gCAAsB;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,+DAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,iEAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,eAAAA,QAAQC,OAAM;AAC7B,UAAMC,cAAUC,8BAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,0BAAAA,QAAUC,WAAWb,SAASc,OAAAA,GAC9BF,0BAAAA,QAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","queryId","tenantId","version","params","sendErrorResponse","debug","stringify","definitionItems","agent","pdmGetDefinitions","filter","id","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQuery","query","presentation","oid4vpSubmission","Object","keys","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","getPayload","dcql_query","toJwt","e","message","undefined","siopUpdateAuthRequestState","import_ssi_express_support","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestPayloadSchema","request","response","authRequest","createAuthorizationRequestFromPayload","body","correlationId","uuid","qrCodeOpts","qrCode","queryId","definitionItems","agent","pdmGetDefinitions","filter","id","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","requestUriBase","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","directPostResponseRedirectUri","responseRedirectURI","callback","qrCodeDataUri","AwesomeQR","text","draw","toString","authRequestBody","query_id","correlation_id","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","AuthorizationRequestStateStatus","RETRIEVED","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","verified_data","verifiedData","debug","getDefinitionsEndpoint","definitions","statusCode","import_ssi_sdk","import_ssi_express_support","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
1	+ {"version":3,"sources":["../src/index.ts","../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["/*\n @public\n /\nexport from './siop-api-functions'\nexport * from './universal-oid4vp-api-functions'\nexport * from './types'\nexport * from './siopv2-rp-api-server'\n","import { AuthorizationResponsePayload, PresentationSubmission } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { validate as isValidUUID } from 'uuid'\nimport { IRequiredContext } from './types'\nimport { DcqlQuery } from 'dcql'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) \|\| CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nconst validatePresentationSubmission = (query: DcqlQuery, submission: PresentationSubmission): boolean => {\n return query.credentials.every(credential => credential.id in submission)\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, queryId, tenantId, version } = request.params\n if (!correlationId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.debug('Authorization Response (siop-sessions') // TODO use logger\n console.debug(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: buildQueryIdFilter(queryId, tenantId, version),\n })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n dcqlQuery: definitionItem.query,\n })\n\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {\n console.log('PRESENTATIONS:' + JSON.stringify(presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const queryId = request.params.queryId\n if (!correlationId \|\| !queryId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: buildQueryIdFilter(queryId) })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n const payload = requestState.request?.requestObject?.getPayload()!\n payload.dcql_query = definitionItems[0].query\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string \| undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n\nexport function buildQueryIdFilter(queryId: string, tenantId?: string, version?: string) {\n const queryFilter = {\n queryId,\n ...(tenantId ? { tenantId } : {}),\n ...(version ? { version } : {}),\n }\n\n return [queryFilter, ...(isValidUUID(queryId) ? [{ id: queryId }] : [])] // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version\n}\n","import {\n AuthorizationRequestStateStatus,\n CreateAuthorizationRequest,\n createAuthorizationRequestFromPayload,\n CreateAuthorizationRequestPayloadSchema,\n CreateAuthorizationResponsePayload,\n} from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport { buildQueryIdFilter } from './siop-api-functions'\nimport {\n AuthStatusResponse,\n CreateAuthorizationRequestPayloadRequest,\n CreateAuthorizationResponsePayloadResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext,\n QRCodeOpts,\n} from './types'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(\n path,\n checkAuth(opts?.endpoint),\n validateData(CreateAuthorizationRequestPayloadSchema),\n async (request: CreateAuthorizationRequestPayloadRequest, response: CreateAuthorizationResponsePayloadResponse) => {\n try {\n const authRequest: CreateAuthorizationRequest = createAuthorizationRequestFromPayload(request.body)\n const correlationId = authRequest.correlationId ?? uuid.uuid()\n const qrCodeOpts = authRequest.qrCode ? ({ ...authRequest.qrCode } satisfies QRCodeOpts) : opts?.qrCodeOpts\n const queryId = authRequest.queryId\n\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: buildQueryIdFilter(queryId),\n })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {\n baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(authRequest.directPostResponseRedirectUri && { responseRedirectURI: authRequest.directPostResponseRedirectUri }),\n ...(authRequest.callback && { callback: authRequest.callback }),\n })\n\n let qrCodeDataUri: string \| undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n } else {\n qrCodeDataUri = authRequestURI\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationResponsePayload\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n },\n )\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {\n responseState = await context.agent.siopGetAuthResponseState({\n correlationId,\n errorOnNotFound: false,\n })\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...('verifiedData' in overallState && { verified_data: overallState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message }),\n } satisfies AuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts \| undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;ACCA,iCAAkE;AAElE,uBAAiC;AAEjC,kBAAwC;AAIxC,IAAMA,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,kCAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoCnC,IAAMe,iCAAiC,wBAACC,OAAkBC,eAAAA;AACxD,SAAOD,MAAME,YAAYC,MAAMC,CAAAA,eAAcA,WAAWC,MAAMJ,UAAAA;AAChE,GAFuC;AAIhC,SAASK,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,SAASC,UAAUC,QAAO,IAAKpC,QAAQqC;AAC9D,UAAI,CAACJ,eAAe;AAClBzB,gBAAQC,IAAI,6EAA6EwB,aAAAA,EAAe;AACxG,mBAAOK,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAxB,cAAQ+B,MAAM,uCAAA;AACd/B,cAAQ+B,MAAMlC,KAAKmC,UAAUxC,QAAQI,MAAM,MAAM,CAAA,CAAA;AACjD,YAAMqC,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAC5DC,QAAQC,mBAAmBX,SAASC,UAAUC,OAAAA;MAChD,CAAA;AACA,UAAIK,gBAAgBK,WAAW,GAAG;AAChCtC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AAEA,YAAMC,wBAAwBnD,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAKmC,UAAUU,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBV,gBAAgB,CAAA;AACvC,YAAMW,mBAAmB,MAAM3B,QAAQiB,MAAMW,uBAAuB;QAClEH;QACAjB;QACAqB,WAAWH,eAAelC;MAC5B,CAAA;AAEA,YAAMsC,eAAeH,kBAAkBI,kBAAkBD;AACzD,UAAIA,gBAAgBvC,+BAA+BmC,eAAelC,OAAOsC,YAAAA,GAAe;AACtF/C,gBAAQC,IAAI,mBAAmBJ,KAAKmC,UAAUe,cAAc,MAAM,CAAA,CAAA;AAClEvB,iBAASe,aAAa;AAEtB,cAAMU,2CAAqF;UACzFC,sCAAsCN,iBAAiBnB;QACzD;AACA,YAAIiB,sBAAsBS,gBAAgB;AACxC3B,mBAAS4B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO5B,SAASiB,KAAK5C,KAAKmC,UAAUiB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMpC,QAAQiB,MAAMoB,mBAAmB;UAAE7B;UAAe8B,OAAOX,iBAAiBW;QAAM,CAAA;AAClH,YAAIF,qBAAqB;AACvB7B,mBAAS4B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO5B,SAASiB,KAAK5C,KAAKmC,UAAU;YAAEwB,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLrD,gBAAQC,IAAI,+CAAA;AACZuB,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB;MAC3B;AACA,aAAOhB,SAASiB,KAAI;IACtB,SAASgB,OAAO;AACdzD,cAAQyD,MAAMA,KAAAA;AACd,iBAAO3B,8CAAkBN,UAAU,KAAK,gCAAgCiC,KAAAA;IAC1E;EACF,CAAA;AACF;AAjEgB1C;AAmET,SAAS2C,6BAA6B1C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO2C,IAAIvC,UAAME,sCAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgBjC,QAAQqC,OAAOJ;AACrC,YAAMC,UAAUlC,QAAQqC,OAAOH;AAC/B,UAAI,CAACD,iBAAiB,CAACC,SAAS;AAC9B1B,gBAAQC,IAAI,6EAA6EwB,aAAAA,cAA2BC,OAAAA,EAAS;AAC7H,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMoC,eAAe,MAAM3C,QAAQiB,MAAM2B,wBAAwB;QAC/DpC;QACAqC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjB5D,gBAAQC,IACN,kGAAkGwB,aAAAA,mBAAgCC,OAAAA,EAAS;AAE7I,mBAAOI,8CAAkBN,UAAU,KAAK,yCAAyC;MACnF;AAEA,YAAMS,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAAEC,QAAQC,mBAAmBX,OAAAA;MAAS,CAAA;AACpG,UAAIO,gBAAgBK,WAAW,GAAG;AAChCtC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AACA,YAAM9C,UAAUiE,aAAapE,SAASuE,eAAeC,WAAAA;AACrDrE,cAAQsE,aAAahC,gBAAgB,CAAA,EAAGxB;AACxC,YAAMsD,gBAAgB,MAAMH,aAAapE,SAASuE,eAAeG,MAAAA;AACjElE,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI8D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFjC,iBAASe,aAAa;AACtBf,iBAAS4B,UAAU,gBAAgB,iBAAA;AACnC,eAAO5B,SAASiB,KAAKsB,aAAAA;MACvB,SAASI,GAAG;AACVV,gBAAQ,OAAOU,MAAM,WAAWA,IAAIA,aAAa5D,QAAQ4D,EAAEC,UAAUC;AACrE,mBAAOvC,8CAAkBN,UAAU,KAAK,uCAAuC2C,CAAAA;MACjF,UAAA;AACE,cAAMlD,QAAQiB,MAAMoC,2BAA2B;UAC7C7C;UACA8B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,iBAAO3B,8CAAkBN,UAAU,KAAK,uCAAuCiC,KAAAA;IACjF;EACF,CAAA;AACF;AAzDgBC;AA2DT,SAASrB,mBAAmBX,SAAiBC,UAAmBC,SAAgB;AACrF,QAAM2C,cAAc;IAClB7C;IACA,GAAIC,WAAW;MAAEA;IAAS,IAAI,CAAC;IAC/B,GAAIC,UAAU;MAAEA;IAAQ,IAAI,CAAC;EAC/B;AAEA,SAAO;IAAC2C;WAAiBC,YAAAA,UAAY9C,OAAAA,IAAW;MAAC;QAAEZ,IAAIY;MAAQ;QAAK,CAAA;;AACtE;AARgBW;;;AC/KhB,2BAMO;AACP,IAAAoC,8BAAkE;AAClE,qBAA4B;AAE5B,wBAAiB;;;ACTjB,iBAA4B;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,qBAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ADqBrB,SAASM,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KACLD,UACAE,uCAAUN,MAAMO,QAAAA,GAChBC,aAAaC,4DAAAA,GACb,OAAOC,SAAmDC,aAAAA;AACxD,QAAI;AACF,YAAMC,kBAA0CC,4DAAsCH,QAAQI,IAAI;AAClG,YAAMC,gBAAgBH,YAAYG,iBAAiBC,kBAAAA,QAAKA,KAAI;AAC5D,YAAMC,aAAaL,YAAYM,SAAU;QAAE,GAAGN,YAAYM;MAAO,IAA0BlB,MAAMiB;AACjG,YAAME,UAAUP,YAAYO;AAE5B,YAAMC,kBAAkB,MAAMrB,QAAQsB,MAAMC,kBAAkB;QAC5DC,QAAQC,mBAAmBL,OAAAA;MAC7B,CAAA;AACA,UAAIC,gBAAgBK,WAAW,GAAG;AAChCvB,gBAAQC,IAAI,uDAAuDgB,OAAAA,EAAS;AAC5E,mBAAOO,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC5F;AAEA,YAAMC,4BAAwBC,4BAAY,iBAAiBX,OAAAA,kBAAyBJ,aAAAA,IAAiB;QACnGgB,SAASnB,YAAYoB,kBAAkBhC,MAAMiC;MAC/C,CAAA;AACA,YAAMC,kBAAcJ,4BAAY,iBAAiBX,OAAAA,mBAA0BJ,aAAAA,IAAiB;QAAEgB,SAAS/B,MAAMiC;MAAY,CAAA;AAEzH,YAAME,iBAAiB,MAAMpC,QAAQsB,MAAMe,yBAAyB;QAClEjB;QACAJ;QACAsB,OAAOrB,kBAAAA,QAAKA,KAAI;QAChBa;QACAS,iBAAiB;QACjBJ;QACA,GAAItB,YAAY2B,iCAAiC;UAAEC,qBAAqB5B,YAAY2B;QAA8B;QAClH,GAAI3B,YAAY6B,YAAY;UAAEA,UAAU7B,YAAY6B;QAAS;MAC/D,CAAA;AAEA,UAAIC;AACJ,UAAIzB,YAAY;AACd,cAAM,EAAE0B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMzB,SAAS,IAAIyB,UAAU;UAAE,GAAG1B;UAAY2B,MAAMT;QAAe,CAAA;AACnEO,wBAAgB,0BAA0B,MAAMxB,OAAO2B,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E,OAAO;AACLJ,wBAAgBP;MAClB;AAEA,YAAMY,kBAAkB;QACtBC,UAAU7B;QACV8B,gBAAgBlC;QAChBmC,aAAaf;QACbgB,YAAY,OAAGrB,4BAAY9B,MAAMoD,wBAAwB,wBAAwBrC,aAAAA,IAAiB;UAAEgB,SAAS/B,MAAMqD;QAAc,CAAA,CAAA;QACjI,GAAIX,iBAAiB;UAAEY,QAAQZ;QAAc;MAC/C;AACAxC,cAAQC,IAAI,uCAAuCoD,KAAKC,UAAUT,eAAAA,CAAAA,EAAkB;AAEpF,aAAOpC,SAASgB,OAAO,GAAA,EAAK8B,KAAKV,eAAAA;IACnC,SAASW,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS;MAAgD,GAAG8B,KAAAA;IACrH;EACF,CAAA;AAEJ;AAlEgB7D;AAoET,SAAS8D,8CAA8C7D,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO8D,OAAOxD,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMI,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAM+C,mBAAmB,MAAM/D,QAAQsB,MAAM0C,wBAAwB;QACnEhD;QACAiD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB5D,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,mBAAOW,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAM7B,QAAQsB,MAAM4C,oBAAoB;QAAElD;MAAc,CAAA;AAExD,aAAOJ,SAASgB,OAAO,GAAA,EAAK8B,KAAI;IAClC,SAASC,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCpE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMY,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAMqD,eAAe,MAAMrE,QAAQsB,MAAM0C,wBAAwB;QAC/DhD;QACAiD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBlE,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,mBAAOW,+CAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAIyC;AACJ,UAAID,aAAazC,WAAW2C,qDAAgCC,WAAW;AACrEF,wBAAgB,MAAMtE,QAAQsB,MAAMmD,yBAAyB;UAC3DzD;UACAiD,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMS,eAAeJ,iBAAiBD;AAEtC,YAAMM,aAAa;QACjB/C,QAAQ8C,aAAa9C;QACrBsB,gBAAgBwB,aAAa1D;QAC7BiC,UAAUyB,aAAatD;QACvBwD,cAAcF,aAAaG;QAC3B,GAAI,kBAAkBH,gBAAgB;UAAEI,eAAeJ,aAAaK;QAAa;QACjF,GAAIL,aAAaf,SAAS;UAAE9B,SAAS6C,aAAaf,MAAM9B;QAAQ;MAClE;AACA1B,cAAQ6E,MAAM,0BAA0BxB,KAAKC,UAAUkB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAa9C,WAAW,SAAS;AACnC,eAAOhB,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;MACnC;AACA,aAAO/D,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;IACnC,SAAShB,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAjDgBQ;AAmDT,SAASc,uBAAuBlF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,UAAME,uCAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMsE,cAAc,MAAMlF,QAAQsB,MAAMC,kBAAiB;AACzDX,eAASuE,aAAa;AACtB,aAAOvE,SAAS8C,KAAKwB,WAAAA;IACvB,SAASvB,OAAO;AACd,iBAAOhC,+CAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBsB;;;AE5KhB,IAAAG,kBAA6B;AAC7B,IAAAC,8BAA0D;AAG1D,qBAA4D;AAS5D,gCAAsB;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,+DAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,iEAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,eAAAA,QAAQC,OAAM;AAC7B,UAAMC,cAAUC,8BAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,0BAAAA,QAAUC,WAAWb,SAASc,OAAAA,GAC9BF,0BAAAA,QAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","validatePresentationSubmission","query","submission","credentials","every","credential","id","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","queryId","tenantId","version","params","sendErrorResponse","debug","stringify","definitionItems","agent","pdmGetDefinitions","filter","buildQueryIdFilter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQuery","presentation","oid4vpSubmission","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","getPayload","dcql_query","toJwt","e","message","undefined","siopUpdateAuthRequestState","queryFilter","isValidUUID","import_ssi_express_support","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestPayloadSchema","request","response","authRequest","createAuthorizationRequestFromPayload","body","correlationId","uuid","qrCodeOpts","qrCode","queryId","definitionItems","agent","pdmGetDefinitions","filter","buildQueryIdFilter","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","requestUriBase","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","directPostResponseRedirectUri","responseRedirectURI","callback","qrCodeDataUri","AwesomeQR","text","draw","toString","authRequestBody","query_id","correlation_id","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","AuthorizationRequestStateStatus","RETRIEVED","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","verified_data","verifiedData","debug","getDefinitionsEndpoint","definitions","statusCode","import_ssi_sdk","import_ssi_express_support","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}

package/dist/index.d.cts CHANGED Viewed

@@ -262,6 +262,13 @@ interface AuthStatusResponse {
 declare function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
 declare function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
+declare function buildQueryIdFilter(queryId: string, tenantId?: string, version?: string): ({
+    version?: string | undefined;
+    tenantId?: string | undefined;
+    queryId: string;
+} | {
+    id: string;
+})[];
 declare function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts): void;
 declare function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
@@ -287,4 +294,4 @@ declare class SIOPv2RPApiServer {
     get opts(): ISIOPv2RPRestAPIOpts | undefined;
 }
-export { type AuthStatusResponse, type ComponentOptions, type CreateAuthorizationRequestPayloadRequest, type CreateAuthorizationResponsePayloadResponse, type DeleteAuthorizationRequest, type DeleteAuthorizationRequestPathParameters, type GetAuthorizationRequestStatus, type GetAuthorizationRequestStatusPathParameters, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type QRCodeOpts, type RequestError, SIOPv2RPApiServer, type SiopFeatures, authStatusUniversalOID4VPEndpoint, createAuthRequestUniversalOID4VPEndpoint, getAuthRequestSIOPv2Endpoint, getDefinitionsEndpoint, removeAuthRequestStateUniversalOID4VPEndpoint, verifyAuthResponseSIOPv2Endpoint };
+export { type AuthStatusResponse, type ComponentOptions, type CreateAuthorizationRequestPayloadRequest, type CreateAuthorizationResponsePayloadResponse, type DeleteAuthorizationRequest, type DeleteAuthorizationRequestPathParameters, type GetAuthorizationRequestStatus, type GetAuthorizationRequestStatusPathParameters, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type QRCodeOpts, type RequestError, SIOPv2RPApiServer, type SiopFeatures, authStatusUniversalOID4VPEndpoint, buildQueryIdFilter, createAuthRequestUniversalOID4VPEndpoint, getAuthRequestSIOPv2Endpoint, getDefinitionsEndpoint, removeAuthRequestStateUniversalOID4VPEndpoint, verifyAuthResponseSIOPv2Endpoint };

package/dist/index.d.ts CHANGED Viewed

@@ -262,6 +262,13 @@ interface AuthStatusResponse {
 declare function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
 declare function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
+declare function buildQueryIdFilter(queryId: string, tenantId?: string, version?: string): ({
+    version?: string | undefined;
+    tenantId?: string | undefined;
+    queryId: string;
+} | {
+    id: string;
+})[];
 declare function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts): void;
 declare function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts): void;
@@ -287,4 +294,4 @@ declare class SIOPv2RPApiServer {
     get opts(): ISIOPv2RPRestAPIOpts | undefined;
 }
-export { type AuthStatusResponse, type ComponentOptions, type CreateAuthorizationRequestPayloadRequest, type CreateAuthorizationResponsePayloadResponse, type DeleteAuthorizationRequest, type DeleteAuthorizationRequestPathParameters, type GetAuthorizationRequestStatus, type GetAuthorizationRequestStatusPathParameters, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type QRCodeOpts, type RequestError, SIOPv2RPApiServer, type SiopFeatures, authStatusUniversalOID4VPEndpoint, createAuthRequestUniversalOID4VPEndpoint, getAuthRequestSIOPv2Endpoint, getDefinitionsEndpoint, removeAuthRequestStateUniversalOID4VPEndpoint, verifyAuthResponseSIOPv2Endpoint };
+export { type AuthStatusResponse, type ComponentOptions, type CreateAuthorizationRequestPayloadRequest, type CreateAuthorizationResponsePayloadResponse, type DeleteAuthorizationRequest, type DeleteAuthorizationRequestPathParameters, type GetAuthorizationRequestStatus, type GetAuthorizationRequestStatusPathParameters, type ICreateAuthRequestWebappEndpointOpts, type IRequiredContext, type IRequiredPlugins, type ISIOPv2RPRestAPIOpts, type QRCodeOpts, type RequestError, SIOPv2RPApiServer, type SiopFeatures, authStatusUniversalOID4VPEndpoint, buildQueryIdFilter, createAuthRequestUniversalOID4VPEndpoint, getAuthRequestSIOPv2Endpoint, getDefinitionsEndpoint, removeAuthRequestStateUniversalOID4VPEndpoint, verifyAuthResponseSIOPv2Endpoint };

package/dist/index.js CHANGED Viewed

@@ -4,6 +4,7 @@ var __name = (target, value) => __defProp(target, "name", { value, configurable:
 // src/siop-api-functions.ts
 import { checkAuth, sendErrorResponse } from "@sphereon/ssi-express-support";
 import { CredentialMapper } from "@sphereon/ssi-types";
+import { validate as isValidUUID } from "uuid";
 var parseAuthorizationResponse = /* @__PURE__ */ __name((request) => {
   const contentType = request.header("content-type");
   if (contentType === "application/json") {
@@ -26,6 +27,9 @@ var parseAuthorizationResponse = /* @__PURE__ */ __name((request) => {
   }
   throw new Error(`Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`);
 }, "parseAuthorizationResponse");
+var validatePresentationSubmission = /* @__PURE__ */ __name((query, submission) => {
+  return query.credentials.every((credential) => credential.id in submission);
+}, "validatePresentationSubmission");
 function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
   if (opts?.enabled === false) {
     console.log(`verifyAuthResponse SIOP endpoint is disabled`);
@@ -42,20 +46,7 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
       console.debug("Authorization Response (siop-sessions");
       console.debug(JSON.stringify(request.body, null, 2));
       const definitionItems = await context.agent.pdmGetDefinitions({
-        filter: [
-          {
-            queryId,
-            ...tenantId && {
-              tenantId
-            },
-            ...version && {
-              version
-            }
-          },
-          {
-            id: queryId
-          }
-        ]
+        filter: buildQueryIdFilter(queryId, tenantId, version)
       });
       if (definitionItems.length === 0) {
         console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
@@ -72,8 +63,8 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
         dcqlQuery: definitionItem.query
       });
       const presentation = verifiedResponse?.oid4vpSubmission?.presentation;
-      if (presentation && Object.keys(presentation).length > 0) {
-        console.log("PRESENTATIONS:" + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2));
+      if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {
+        console.log("PRESENTATIONS:" + JSON.stringify(presentation, null, 2));
         response.statusCode = 200;
         const authorizationChallengeValidationResponse = {
           presentation_during_issuance_session: verifiedResponse.correlationId
@@ -84,7 +75,6 @@ function verifyAuthResponseSIOPv2Endpoint(router, context, opts) {
         }
         const responseRedirectURI = await context.agent.siopGetRedirectURI({
           correlationId,
-          queryId,
           state: verifiedResponse.state
         });
         if (responseRedirectURI) {
@@ -129,11 +119,7 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
         return sendErrorResponse(response, 404, `No authorization request could be found`);
       }
       const definitionItems = await context.agent.pdmGetDefinitions({
-        filter: [
-          {
-            queryId
-          }
-        ]
+        filter: buildQueryIdFilter(queryId)
       });
       if (definitionItems.length === 0) {
         console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`);
@@ -167,6 +153,26 @@ function getAuthRequestSIOPv2Endpoint(router, context, opts) {
   });
 }
 __name(getAuthRequestSIOPv2Endpoint, "getAuthRequestSIOPv2Endpoint");
+function buildQueryIdFilter(queryId, tenantId, version) {
+  const queryFilter = {
+    queryId,
+    ...tenantId ? {
+      tenantId
+    } : {},
+    ...version ? {
+      version
+    } : {}
+  };
+  return [
+    queryFilter,
+    ...isValidUUID(queryId) ? [
+      {
+        id: queryId
+      }
+    ] : []
+  ];
+}
+__name(buildQueryIdFilter, "buildQueryIdFilter");
 // src/universal-oid4vp-api-functions.ts
 import { AuthorizationRequestStateStatus, createAuthorizationRequestFromPayload, CreateAuthorizationRequestPayloadSchema } from "@sphereon/did-auth-siop";
@@ -217,14 +223,7 @@ function createAuthRequestUniversalOID4VPEndpoint(router, context, opts) {
       } : opts?.qrCodeOpts;
       const queryId = authRequest.queryId;
       const definitionItems = await context.agent.pdmGetDefinitions({
-        filter: [
-          {
-            id: queryId
-          },
-          {
-            queryId
-          }
-        ]
+        filter: buildQueryIdFilter(queryId)
       });
       if (definitionItems.length === 0) {
         console.log(`No query could be found for the given id. Query id: ${queryId}`);
@@ -490,6 +489,7 @@ var SIOPv2RPApiServer = class {
 export {
   SIOPv2RPApiServer,
   authStatusUniversalOID4VPEndpoint,
+  buildQueryIdFilter,
   createAuthRequestUniversalOID4VPEndpoint,
   getAuthRequestSIOPv2Endpoint,
   getDefinitionsEndpoint,

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { IRequiredContext } from './types'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) \|\| CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, queryId, tenantId, version } = request.params\n if (!correlationId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.debug('Authorization Response (siop-sessions') // TODO use logger\n console.debug(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n {\n id: queryId,\n },\n ],\n })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n dcqlQuery: definitionItem.query,\n })\n\n // FIXME SSISDK-55 add proper support for checking for DCQL presentations\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && Object.keys(presentation).length > 0) {\n console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, queryId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const queryId = request.params.queryId\n if (!correlationId \|\| !queryId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ queryId }] });\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n const payload = requestState.request?.requestObject?.getPayload()!\n payload.dcql_query = definitionItems[0].query\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string \| undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n","import {\n AuthorizationRequestStateStatus,\n CreateAuthorizationRequest,\n createAuthorizationRequestFromPayload,\n CreateAuthorizationRequestPayloadSchema,\n CreateAuthorizationResponsePayload,\n} from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport {\n AuthStatusResponse,\n CreateAuthorizationRequestPayloadRequest,\n CreateAuthorizationResponsePayloadResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext,\n QRCodeOpts,\n} from './types'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(\n path,\n checkAuth(opts?.endpoint),\n validateData(CreateAuthorizationRequestPayloadSchema),\n async (request: CreateAuthorizationRequestPayloadRequest, response: CreateAuthorizationResponsePayloadResponse) => {\n try {\n const authRequest: CreateAuthorizationRequest = createAuthorizationRequestFromPayload(request.body)\n const correlationId = authRequest.correlationId ?? uuid.uuid()\n const qrCodeOpts = authRequest.qrCode ? ({ ...authRequest.qrCode } satisfies QRCodeOpts) : opts?.qrCodeOpts\n const queryId = authRequest.queryId\n\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n { id: queryId }, // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version\n { queryId },\n ],\n })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {\n baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(authRequest.directPostResponseRedirectUri && { responseRedirectURI: authRequest.directPostResponseRedirectUri }),\n ...(authRequest.callback && { callback: authRequest.callback }),\n })\n\n let qrCodeDataUri: string \| undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n } else {\n qrCodeDataUri = authRequestURI\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationResponsePayload\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n },\n )\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {\n responseState = await context.agent.siopGetAuthResponseState({\n correlationId,\n errorOnNotFound: false\n })\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...('verifiedData' in overallState && { verified_data: overallState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message })\n } satisfies AuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts \| undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;AACA,SAASA,WAAgCC,yBAAyB;AAElE,SAASC,wBAAwB;AAIjC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoC5B,SAASe,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,SAASC,UAAUC,QAAO,IAAK7B,QAAQ8B;AAC9D,UAAI,CAACJ,eAAe;AAClBlB,gBAAQC,IAAI,6EAA6EiB,aAAAA,EAAe;AACxG,eAAOK,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAjB,cAAQwB,MAAM,uCAAA;AACdxB,cAAQwB,MAAM3B,KAAK4B,UAAUjC,QAAQI,MAAM,MAAM,CAAA,CAAA;AACjD,YAAM8B,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAC5DC,QAAQ;UACN;YACEV;YACA,GAAIC,YAAY;cAAEA;YAAS;YAC3B,GAAIC,WAAW;cAAEA;YAAQ;UAC3B;UACA;YACES,IAAIX;UACN;;MAEJ,CAAA;AACA,UAAIO,gBAAgBK,WAAW,GAAG;AAChC/B,gBAAQC,IAAI,oCAAoCkB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AAEA,YAAMC,wBAAwB5C,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAK4B,UAAUU,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBV,gBAAgB,CAAA;AACvC,YAAMW,mBAAmB,MAAM3B,QAAQiB,MAAMW,uBAAuB;QAClEH;QACAjB;QACAqB,WAAWH,eAAeI;MAC5B,CAAA;AAGA,YAAMC,eAAeJ,kBAAkBK,kBAAkBD;AACzD,UAAIA,gBAAgBE,OAAOC,KAAKH,YAAAA,EAAcV,SAAS,GAAG;AACxD/B,gBAAQC,IAAI,mBAAmBJ,KAAK4B,UAAUY,kBAAkBK,kBAAkBD,cAAc,MAAM,CAAA,CAAA;AACtGxB,iBAASe,aAAa;AAEtB,cAAMa,2CAAqF;UACzFC,sCAAsCT,iBAAiBnB;QACzD;AACA,YAAIiB,sBAAsBY,gBAAgB;AACxC9B,mBAAS+B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO/B,SAASiB,KAAKrC,KAAK4B,UAAUoB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMvC,QAAQiB,MAAMuB,mBAAmB;UAAEhC;UAAeC;UAASgC,OAAOd,iBAAiBc;QAAM,CAAA;AAC3H,YAAIF,qBAAqB;AACvBhC,mBAAS+B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO/B,SAASiB,KAAKrC,KAAK4B,UAAU;YAAE2B,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLjD,gBAAQC,IAAI,+CAAA;AACZgB,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB;MAC3B;AACA,aAAOhB,SAASiB,KAAI;IACtB,SAASmB,OAAO;AACdrD,cAAQqD,MAAMA,KAAAA;AACd,aAAO9B,kBAAkBN,UAAU,KAAK,gCAAgCoC,KAAAA;IAC1E;EACF,CAAA;AACF;AA3EgB7C;AA6ET,SAAS8C,6BAA6B7C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BZ,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMY,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO8C,IAAI1C,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAOxB,SAAkByB,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgB1B,QAAQ8B,OAAOJ;AACrC,YAAMC,UAAU3B,QAAQ8B,OAAOH;AAC/B,UAAI,CAACD,iBAAiB,CAACC,SAAS;AAC9BnB,gBAAQC,IAAI,6EAA6EiB,aAAAA,cAA2BC,OAAAA,EAAS;AAC7H,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMuC,eAAe,MAAM9C,QAAQiB,MAAM8B,wBAAwB;QAC/DvC;QACAwC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjBxD,gBAAQC,IACN,kGAAkGiB,aAAAA,mBAAgCC,OAAAA,EAAS;AAE7I,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AAEA,YAAMS,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAAEC,QAAQ;UAAC;YAAEV;UAAQ;;MAAG,CAAA;AACtF,UAAIO,gBAAgBK,WAAW,GAAG;AAChC/B,gBAAQC,IAAI,oCAAoCkB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AACA,YAAMvC,UAAU6D,aAAahE,SAASmE,eAAeC,WAAAA;AACrDjE,cAAQkE,aAAanC,gBAAgB,CAAA,EAAGc;AACxC,YAAMmB,gBAAgB,MAAMH,aAAahE,SAASmE,eAAeG,MAAAA;AACjE9D,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI0D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFpC,iBAASe,aAAa;AACtBf,iBAAS+B,UAAU,gBAAgB,iBAAA;AACnC,eAAO/B,SAASiB,KAAKyB,aAAAA;MACvB,SAASI,GAAG;AACVV,gBAAQ,OAAOU,MAAM,WAAWA,IAAIA,aAAaxD,QAAQwD,EAAEC,UAAUC;AACrE,eAAO1C,kBAAkBN,UAAU,KAAK,uCAAuC8C,CAAAA;MACjF,UAAA;AACE,cAAMrD,QAAQiB,MAAMuC,2BAA2B;UAC7ChD;UACAiC,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAO9B,kBAAkBN,UAAU,KAAK,uCAAuCoC,KAAAA;IACjF;EACF,CAAA;AACF;AAzDgBC;;;ACxHhB,SACEa,iCAEAC,uCACAC,+CAEK;AACP,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAASC,mBAAmB;AAE5B,OAAOC,UAAU;;;ACTjB,SAAYC,gBAAgB;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,UAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ADoBrB,SAASM,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KACLD,MACAE,WAAUN,MAAMO,QAAAA,GAChBC,aAAaC,uCAAAA,GACb,OAAOC,SAAmDC,aAAAA;AACxD,QAAI;AACF,YAAMC,cAA0CC,sCAAsCH,QAAQI,IAAI;AAClG,YAAMC,gBAAgBH,YAAYG,iBAAiBC,KAAKA,KAAI;AAC5D,YAAMC,aAAaL,YAAYM,SAAU;QAAE,GAAGN,YAAYM;MAAO,IAA0BlB,MAAMiB;AACjG,YAAME,UAAUP,YAAYO;AAE5B,YAAMC,kBAAkB,MAAMrB,QAAQsB,MAAMC,kBAAkB;QAC5DC,QAAQ;UACN;YAAEC,IAAIL;UAAQ;UACd;YAAEA;UAAQ;;MAEd,CAAA;AACA,UAAIC,gBAAgBK,WAAW,GAAG;AAChCvB,gBAAQC,IAAI,uDAAuDgB,OAAAA,EAAS;AAC5E,eAAOO,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC5F;AAEA,YAAMC,wBAAwBC,YAAY,iBAAiBX,OAAAA,kBAAyBJ,aAAAA,IAAiB;QACnGgB,SAASnB,YAAYoB,kBAAkBhC,MAAMiC;MAC/C,CAAA;AACA,YAAMC,cAAcJ,YAAY,iBAAiBX,OAAAA,mBAA0BJ,aAAAA,IAAiB;QAAEgB,SAAS/B,MAAMiC;MAAY,CAAA;AAEzH,YAAME,iBAAiB,MAAMpC,QAAQsB,MAAMe,yBAAyB;QAClEjB;QACAJ;QACAsB,OAAOrB,KAAKA,KAAI;QAChBa;QACAS,iBAAiB;QACjBJ;QACA,GAAItB,YAAY2B,iCAAiC;UAAEC,qBAAqB5B,YAAY2B;QAA8B;QAClH,GAAI3B,YAAY6B,YAAY;UAAEA,UAAU7B,YAAY6B;QAAS;MAC/D,CAAA;AAEA,UAAIC;AACJ,UAAIzB,YAAY;AACd,cAAM,EAAE0B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMzB,SAAS,IAAIyB,UAAU;UAAE,GAAG1B;UAAY2B,MAAMT;QAAe,CAAA;AACnEO,wBAAgB,0BAA0B,MAAMxB,OAAO2B,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E,OAAO;AACLJ,wBAAgBP;MAClB;AAEA,YAAMY,kBAAkB;QACtBC,UAAU7B;QACV8B,gBAAgBlC;QAChBmC,aAAaf;QACbgB,YAAY,GAAGrB,YAAY9B,MAAMoD,wBAAwB,wBAAwBrC,aAAAA,IAAiB;UAAEgB,SAAS/B,MAAMqD;QAAc,CAAA,CAAA;QACjI,GAAIX,iBAAiB;UAAEY,QAAQZ;QAAc;MAC/C;AACAxC,cAAQC,IAAI,uCAAuCoD,KAAKC,UAAUT,eAAAA,CAAAA,EAAkB;AAEpF,aAAOpC,SAASgB,OAAO,GAAA,EAAK8B,KAAKV,eAAAA;IACnC,SAASW,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS;MAAgD,GAAG8B,KAAAA;IACrH;EACF,CAAA;AAEJ;AArEgB7D;AAuET,SAAS8D,8CAA8C7D,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO8D,OAAOxD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMI,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAM+C,mBAAmB,MAAM/D,QAAQsB,MAAM0C,wBAAwB;QACnEhD;QACAiD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB5D,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,eAAOW,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAM7B,QAAQsB,MAAM4C,oBAAoB;QAAElD;MAAc,CAAA;AAExD,aAAOJ,SAASgB,OAAO,GAAA,EAAK8B,KAAI;IAClC,SAASC,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCpE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMY,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAMqD,eAAe,MAAMrE,QAAQsB,MAAM0C,wBAAwB;QAC/DhD;QACAiD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBlE,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,eAAOW,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAIyC;AACJ,UAAID,aAAazC,WAAW2C,gCAAgCC,WAAW;AACrEF,wBAAgB,MAAMtE,QAAQsB,MAAMmD,yBAAyB;UAC3DzD;UACAiD,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMS,eAAeJ,iBAAiBD;AAEtC,YAAMM,aAAa;QACjB/C,QAAQ8C,aAAa9C;QACrBsB,gBAAgBwB,aAAa1D;QAC7BiC,UAAUyB,aAAatD;QACvBwD,cAAcF,aAAaG;QAC3B,GAAI,kBAAkBH,gBAAgB;UAAEI,eAAeJ,aAAaK;QAAa;QACjF,GAAIL,aAAaf,SAAS;UAAE9B,SAAS6C,aAAaf,MAAM9B;QAAQ;MAClE;AACA1B,cAAQ6E,MAAM,0BAA0BxB,KAAKC,UAAUkB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAa9C,WAAW,SAAS;AACnC,eAAOhB,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;MACnC;AACA,aAAO/D,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;IACnC,SAAShB,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAjDgBQ;AAmDT,SAASc,uBAAuBlF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMsE,cAAc,MAAMlF,QAAQsB,MAAMC,kBAAiB;AACzDX,eAASuE,aAAa;AACtB,aAAOvE,SAAS8C,KAAKwB,WAAAA;IACvB,SAASvB,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBsB;;;AE9KhB,SAASG,oBAAoB;AAC7B,SAASC,iCAAiD;AAG1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["checkAuth","sendErrorResponse","CredentialMapper","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","queryId","tenantId","version","params","sendErrorResponse","debug","stringify","definitionItems","agent","pdmGetDefinitions","filter","id","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQuery","query","presentation","oid4vpSubmission","Object","keys","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","getPayload","dcql_query","toJwt","e","message","undefined","siopUpdateAuthRequestState","AuthorizationRequestStateStatus","createAuthorizationRequestFromPayload","CreateAuthorizationRequestPayloadSchema","checkAuth","sendErrorResponse","uriWithBase","uuid","ZodError","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestPayloadSchema","request","response","authRequest","createAuthorizationRequestFromPayload","body","correlationId","uuid","qrCodeOpts","qrCode","queryId","definitionItems","agent","pdmGetDefinitions","filter","id","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","requestUriBase","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","directPostResponseRedirectUri","responseRedirectURI","callback","qrCodeDataUri","AwesomeQR","text","draw","toString","authRequestBody","query_id","correlation_id","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","AuthorizationRequestStateStatus","RETRIEVED","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","verified_data","verifiedData","debug","getDefinitionsEndpoint","definitions","statusCode","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}
1	+ {"version":3,"sources":["../src/siop-api-functions.ts","../src/universal-oid4vp-api-functions.ts","../src/middleware/validationMiddleware.ts","../src/siopv2-rp-api-server.ts"],"sourcesContent":["import { AuthorizationResponsePayload, PresentationSubmission } from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { CredentialMapper } from '@sphereon/ssi-types'\nimport { Request, Response, Router } from 'express'\nimport { validate as isValidUUID } from 'uuid'\nimport { IRequiredContext } from './types'\nimport { DcqlQuery } from 'dcql'\n\nconst parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {\n const contentType = request.header('content-type')\n\n if (contentType === 'application/json') {\n const payload = typeof request.body === 'string' ? JSON.parse(request.body) : request.body\n return payload as AuthorizationResponsePayload\n }\n\n if (contentType === 'application/x-www-form-urlencoded') {\n const payload = request.body as AuthorizationResponsePayload\n\n // Parse presentation_submission if it's a string\n if (typeof payload.presentation_submission === 'string') {\n console.log(`Supplied presentation_submission was a string instead of JSON. Correcting, but external party should fix their implementation!`)\n payload.presentation_submission = JSON.parse(payload.presentation_submission)\n }\n\n // when using FORM_URL_ENCODED, vp_token comes back as string not matter whether the input was string, object or array. Handled below.\n if (typeof payload.vp_token === 'string') {\n const { vp_token } = payload\n\n // The only use case where vp_object is an object is JsonLdAsString atm. For arrays, any objects will be parsed along with the array\n // (Leaving the vp_token JsonLdAsString causes problems because the original credential will remain string and will be interpreted as JWT in some parts of the code)\n if ((vp_token.startsWith('[') && vp_token.endsWith(']')) \|\| CredentialMapper.isJsonLdAsString(vp_token)) {\n payload.vp_token = JSON.parse(vp_token)\n }\n }\n\n return payload\n }\n\n throw new Error(\n `Unsupported content type: ${contentType}. Currently only application/x-www-form-urlencoded and application/json (for direct_post) are supported`,\n )\n}\n\nconst validatePresentationSubmission = (query: DcqlQuery, submission: PresentationSubmission): boolean => {\n return query.credentials.every(credential => credential.id in submission)\n}\n\nexport function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`verifyAuthResponse SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-responses/:correlationId'\n router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const { correlationId, queryId, tenantId, version } = request.params\n if (!correlationId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n console.debug('Authorization Response (siop-sessions') // TODO use logger\n console.debug(JSON.stringify(request.body, null, 2))\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: buildQueryIdFilter(queryId, tenantId, version),\n })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n\n const authorizationResponse = parseAuthorizationResponse(request)\n console.log(`URI: ${JSON.stringify(authorizationResponse)}`)\n\n const definitionItem = definitionItems[0]\n const verifiedResponse = await context.agent.siopVerifyAuthResponse({\n authorizationResponse,\n correlationId,\n dcqlQuery: definitionItem.query,\n })\n\n const presentation = verifiedResponse?.oid4vpSubmission?.presentation\n if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {\n console.log('PRESENTATIONS:' + JSON.stringify(presentation, null, 2))\n response.statusCode = 200\n\n const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {\n presentation_during_issuance_session: verifiedResponse.correlationId,\n }\n if (authorizationResponse.is_first_party) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify(authorizationChallengeValidationResponse))\n }\n\n const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, state: verifiedResponse.state })\n if (responseRedirectURI) {\n response.setHeader('Content-Type', 'application/json')\n return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))\n }\n // todo: delete session\n } else {\n console.log('Missing Presentation (Verifiable Credentials)')\n response.statusCode = 500\n response.statusMessage = 'Missing Presentation (Verifiable Credentials)'\n }\n return response.send()\n } catch (error) {\n console.error(error)\n return sendErrorResponse(response, 500, 'Could not verify auth status', error)\n }\n })\n}\n\nexport function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getAuthRequest SIOP endpoint is disabled`)\n return\n }\n const path = opts?.path ?? '/siop/queries/:queryId/auth-requests/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const correlationId = request.params.correlationId\n const queryId = request.params.queryId\n if (!correlationId \|\| !queryId) {\n console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, queryId: ${queryId}`)\n return sendErrorResponse(response, 404, 'No authorization request could be found')\n }\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!requestState) {\n console.log(\n `No authorization request could be found for the given url in the state manager. correlationId: ${correlationId}, definitionId: ${queryId}`,\n )\n return sendErrorResponse(response, 404, `No authorization request could be found`)\n }\n\n const definitionItems = await context.agent.pdmGetDefinitions({ filter: buildQueryIdFilter(queryId) })\n if (definitionItems.length === 0) {\n console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)\n response.statusCode = 404\n response.statusMessage = `No definition ${queryId}`\n return response.send()\n }\n const payload = requestState.request?.requestObject?.getPayload()!\n payload.dcql_query = definitionItems[0].query\n const requestObject = await requestState.request?.requestObject?.toJwt()\n console.log('JWT Request object:')\n console.log(requestObject)\n\n let error: string \| undefined\n try {\n response.statusCode = 200\n response.setHeader('Content-Type', 'application/jwt')\n return response.send(requestObject)\n } catch (e) {\n error = typeof e === 'string' ? e : e instanceof Error ? e.message : undefined\n return sendErrorResponse(response, 500, 'Could not get authorization request', e)\n } finally {\n await context.agent.siopUpdateAuthRequestState({\n correlationId,\n state: 'authorization_request_created',\n error,\n })\n }\n } catch (error) {\n return sendErrorResponse(response, 500, 'Could not get authorization request', error)\n }\n })\n}\n\nexport function buildQueryIdFilter(queryId: string, tenantId?: string, version?: string) {\n const queryFilter = {\n queryId,\n ...(tenantId ? { tenantId } : {}),\n ...(version ? { version } : {}),\n }\n\n return [queryFilter, ...(isValidUUID(queryId) ? [{ id: queryId }] : [])] // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version\n}\n","import {\n AuthorizationRequestStateStatus,\n CreateAuthorizationRequest,\n createAuthorizationRequestFromPayload,\n CreateAuthorizationRequestPayloadSchema,\n CreateAuthorizationResponsePayload,\n} from '@sphereon/did-auth-siop'\nimport { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'\nimport { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { Request, Response, Router } from 'express'\nimport uuid from 'short-uuid'\nimport { validateData } from './middleware/validationMiddleware'\nimport { buildQueryIdFilter } from './siop-api-functions'\nimport {\n AuthStatusResponse,\n CreateAuthorizationRequestPayloadRequest,\n CreateAuthorizationResponsePayloadResponse,\n DeleteAuthorizationRequest,\n GetAuthorizationRequestStatus,\n ICreateAuthRequestWebappEndpointOpts,\n IRequiredContext,\n QRCodeOpts,\n} from './types'\n\nexport function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`createAuthRequest universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests'\n router.post(\n path,\n checkAuth(opts?.endpoint),\n validateData(CreateAuthorizationRequestPayloadSchema),\n async (request: CreateAuthorizationRequestPayloadRequest, response: CreateAuthorizationResponsePayloadResponse) => {\n try {\n const authRequest: CreateAuthorizationRequest = createAuthorizationRequestFromPayload(request.body)\n const correlationId = authRequest.correlationId ?? uuid.uuid()\n const qrCodeOpts = authRequest.qrCode ? ({ ...authRequest.qrCode } satisfies QRCodeOpts) : opts?.qrCodeOpts\n const queryId = authRequest.queryId\n\n const definitionItems = await context.agent.pdmGetDefinitions({\n filter: buildQueryIdFilter(queryId),\n })\n if (definitionItems.length === 0) {\n console.log(`No query could be found for the given id. Query id: ${queryId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })\n }\n\n const requestByReferenceURI = uriWithBase(`/siop/queries/${queryId}/auth-requests/${correlationId}`, {\n baseURI: authRequest.requestUriBase ?? opts?.siopBaseURI,\n })\n const responseURI = uriWithBase(`/siop/queries/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })\n\n const authRequestURI = await context.agent.siopCreateAuthRequestURI({\n queryId,\n correlationId,\n nonce: uuid.uuid(),\n requestByReferenceURI,\n responseURIType: 'response_uri',\n responseURI,\n ...(authRequest.directPostResponseRedirectUri && { responseRedirectURI: authRequest.directPostResponseRedirectUri }),\n ...(authRequest.callback && { callback: authRequest.callback }),\n })\n\n let qrCodeDataUri: string \| undefined\n if (qrCodeOpts) {\n const { AwesomeQR } = await import('awesome-qr')\n const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })\n qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`\n } else {\n qrCodeDataUri = authRequestURI\n }\n\n const authRequestBody = {\n query_id: queryId,\n correlation_id: correlationId,\n request_uri: authRequestURI,\n status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,\n ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),\n } satisfies CreateAuthorizationResponsePayload\n console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)\n\n return response.status(201).json(authRequestBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)\n }\n },\n )\n}\n\nexport function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/requests/:correlationId'\n router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {\n try {\n const correlationId: string = request.params.correlationId\n\n const authRequestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n if (!authRequestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n await context.agent.siopDeleteAuthState({ correlationId })\n\n return response.status(204).json()\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`authStatus universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/auth/status/:correlationId'\n router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {\n try {\n console.log('Received auth-status request...')\n const correlationId: string = request.params.correlationId\n\n const requestState = await context.agent.siopGetAuthRequestState({\n correlationId,\n errorOnNotFound: false,\n })\n\n if (!requestState) {\n console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)\n return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })\n }\n\n let responseState\n if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {\n responseState = await context.agent.siopGetAuthResponseState({\n correlationId,\n errorOnNotFound: false,\n })\n }\n const overallState = responseState ?? requestState\n\n const statusBody = {\n status: overallState.status,\n correlation_id: overallState.correlationId,\n query_id: overallState.queryId,\n last_updated: overallState.lastUpdated,\n ...('verifiedData' in overallState && { verified_data: overallState.verifiedData }),\n ...(overallState.error && { message: overallState.error.message }),\n } satisfies AuthStatusResponse\n console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)\n\n if (overallState.status === 'error') {\n return response.status(500).json(statusBody)\n }\n return response.status(200).json(statusBody)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n\nexport function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {\n if (opts?.enabled === false) {\n console.log(`getDefinitions universal OID4VP endpoint is disabled`)\n return\n }\n\n const path = opts?.path ?? '/backend/definitions'\n router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {\n try {\n const definitions = await context.agent.pdmGetDefinitions()\n response.statusCode = 200\n return response.json(definitions)\n } catch (error) {\n return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)\n }\n })\n}\n","import { Request, Response, NextFunction } from 'express';\nimport { z, ZodError } from 'zod';\n\nexport const validateData = (schema: z.ZodObject<any, any>) => {\n return (req: Request, res: Response, next: NextFunction) => {\n try {\n schema.parse(req.body);\n next();\n } catch (error) {\n if (error instanceof ZodError) {\n const errorMessages = error.issues.map((issue: any) => ({\n message: `${issue.path.join('.')} is ${issue.message}`,\n }))\n res.status(400).json({ status: 400, message: 'Invalid data', error_details: errorMessages[0].message });\n } else {\n res.status(500).json({ status: 500, message: 'Internal Server Error' });\n }\n }\n };\n}\n","import { agentContext } from '@sphereon/ssi-sdk.core'\nimport { copyGlobalAuthToEndpoints, ExpressSupport } from '@sphereon/ssi-express-support'\nimport { ISIOPv2RP } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'\nimport { TAgent } from '@veramo/core'\nimport express, { Express, Request, Response, Router } from 'express'\nimport { getAuthRequestSIOPv2Endpoint, verifyAuthResponseSIOPv2Endpoint } from './siop-api-functions'\nimport { IRequiredPlugins, ISIOPv2RPRestAPIOpts } from './types'\nimport {\n authStatusUniversalOID4VPEndpoint,\n createAuthRequestUniversalOID4VPEndpoint,\n getDefinitionsEndpoint,\n removeAuthRequestStateUniversalOID4VPEndpoint,\n} from './universal-oid4vp-api-functions'\nimport swaggerUi from 'swagger-ui-express'\n\nexport class SIOPv2RPApiServer {\n private readonly _express: Express\n private readonly _router: Router\n private readonly _agent: TAgent<ISIOPv2RP>\n private readonly _opts?: ISIOPv2RPRestAPIOpts\n private readonly _basePath: string\n\n private readonly OID4VP_SWAGGER_URL = 'https://api.swaggerhub.com/apis/SphereonInt/OID4VP/0.1.0'\n constructor(args: { agent: TAgent<IRequiredPlugins>; expressSupport: ExpressSupport; opts?: ISIOPv2RPRestAPIOpts }) {\n const { agent, opts } = args\n this._agent = agent\n copyGlobalAuthToEndpoints({ opts, keys: ['webappCreateAuthRequest', 'webappAuthStatus', 'webappDeleteAuthRequest'] })\n if (opts?.endpointOpts?.globalAuth?.secureSiopEndpoints) {\n copyGlobalAuthToEndpoints({ opts, keys: ['siopGetAuthRequest', 'siopVerifyAuthResponse'] })\n }\n\n this._opts = opts\n this._express = args.expressSupport.express\n this._router = express.Router()\n const context = agentContext(agent)\n\n const features = opts?.enableFeatures ?? ['rp-status', 'siop']\n console.log(`SIOPv2 API enabled, with features: ${JSON.stringify(features)}}`)\n\n // Webapp endpoints\n if (features.includes('rp-status')) {\n createAuthRequestUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappCreateAuthRequest)\n authStatusUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappAuthStatus)\n removeAuthRequestStateUniversalOID4VPEndpoint(this._router, context, opts?.endpointOpts?.webappDeleteAuthRequest)\n getDefinitionsEndpoint(this._router, context, opts?.endpointOpts?.webappGetDefinitions)\n }\n\n // SIOPv2 endpoints\n if (features.includes('siop')) {\n getAuthRequestSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopGetAuthRequest)\n verifyAuthResponseSIOPv2Endpoint(this._router, context, opts?.endpointOpts?.siopVerifyAuthResponse)\n }\n this._basePath = opts?.endpointOpts?.basePath ?? ''\n this._express.use(this._basePath, this.router)\n this._express.set('trust proxy', opts?.endpointOpts?.trustProxy ?? true)\n this.setupSwaggerUi()\n }\n\n private setupSwaggerUi() {\n fetch(this.OID4VP_SWAGGER_URL)\n .then((res) => res.json())\n .then((swagger: any) => {\n const apiDocs = `${this._basePath}/api-docs`\n console.log(`[OID4P] API docs available at ${apiDocs}`)\n\n this._router.use(\n '/api-docs',\n (req: Request, res: Response, next: any) => {\n const regex = `${apiDocs.replace(/\\//, '\\/')}`.replace('/oid4vp', '').replace(/\\/api-docs.*/, '')\n swagger.servers = [{ url: `${req.protocol}://${req.get('host')}${regex}`, description: 'This server' }]\n // @ts-ignore\n req.swaggerDoc = swagger\n next()\n },\n swaggerUi.serveFiles(swagger, options),\n swaggerUi.setup(),\n )\n })\n .catch((err) => {\n console.log(`[OID4VP] Unable to fetch swagger document: ${err}. Will not host api-docs on this instance`)\n })\n const options = {\n // customCss: '.swagger-ui .topbar { display: none }',\n }\n }\n get express(): Express {\n return this._express\n }\n\n get router(): Router {\n return this._router\n }\n\n get agent(): TAgent<ISIOPv2RP> {\n return this._agent\n }\n\n get opts(): ISIOPv2RPRestAPIOpts \| undefined {\n return this._opts\n }\n}\n"],"mappings":";;;;AACA,SAASA,WAAgCC,yBAAyB;AAElE,SAASC,wBAAwB;AAEjC,SAASC,YAAYC,mBAAmB;AAIxC,IAAMC,6BAA6B,wBAACC,YAAAA;AAClC,QAAMC,cAAcD,QAAQE,OAAO,cAAA;AAEnC,MAAID,gBAAgB,oBAAoB;AACtC,UAAME,UAAU,OAAOH,QAAQI,SAAS,WAAWC,KAAKC,MAAMN,QAAQI,IAAI,IAAIJ,QAAQI;AACtF,WAAOD;EACT;AAEA,MAAIF,gBAAgB,qCAAqC;AACvD,UAAME,UAAUH,QAAQI;AAGxB,QAAI,OAAOD,QAAQI,4BAA4B,UAAU;AACvDC,cAAQC,IAAI,gIAAgI;AAC5IN,cAAQI,0BAA0BF,KAAKC,MAAMH,QAAQI,uBAAuB;IAC9E;AAGA,QAAI,OAAOJ,QAAQO,aAAa,UAAU;AACxC,YAAM,EAAEA,SAAQ,IAAKP;AAIrB,UAAKO,SAASC,WAAW,GAAA,KAAQD,SAASE,SAAS,GAAA,KAASC,iBAAiBC,iBAAiBJ,QAAAA,GAAW;AACvGP,gBAAQO,WAAWL,KAAKC,MAAMI,QAAAA;MAChC;IACF;AAEA,WAAOP;EACT;AAEA,QAAM,IAAIY,MACR,6BAA6Bd,WAAAA,yGAAoH;AAErJ,GAlCmC;AAoCnC,IAAMe,iCAAiC,wBAACC,OAAkBC,eAAAA;AACxD,SAAOD,MAAME,YAAYC,MAAMC,CAAAA,eAAcA,WAAWC,MAAMJ,UAAAA;AAChE,GAFuC;AAIhC,SAASK,iCAAiCC,QAAgBC,SAA2BC,MAA0B;AACpH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,8CAA8C;AAC1D;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAOK,KAAKD,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACpE,QAAI;AACF,YAAM,EAAEC,eAAeC,SAASC,UAAUC,QAAO,IAAKpC,QAAQqC;AAC9D,UAAI,CAACJ,eAAe;AAClBzB,gBAAQC,IAAI,6EAA6EwB,aAAAA,EAAe;AACxG,eAAOK,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACAxB,cAAQ+B,MAAM,uCAAA;AACd/B,cAAQ+B,MAAMlC,KAAKmC,UAAUxC,QAAQI,MAAM,MAAM,CAAA,CAAA;AACjD,YAAMqC,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAC5DC,QAAQC,mBAAmBX,SAASC,UAAUC,OAAAA;MAChD,CAAA;AACA,UAAIK,gBAAgBK,WAAW,GAAG;AAChCtC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AAEA,YAAMC,wBAAwBnD,2BAA2BC,OAAAA;AACzDQ,cAAQC,IAAI,QAAQJ,KAAKmC,UAAUU,qBAAAA,CAAAA,EAAwB;AAE3D,YAAMC,iBAAiBV,gBAAgB,CAAA;AACvC,YAAMW,mBAAmB,MAAM3B,QAAQiB,MAAMW,uBAAuB;QAClEH;QACAjB;QACAqB,WAAWH,eAAelC;MAC5B,CAAA;AAEA,YAAMsC,eAAeH,kBAAkBI,kBAAkBD;AACzD,UAAIA,gBAAgBvC,+BAA+BmC,eAAelC,OAAOsC,YAAAA,GAAe;AACtF/C,gBAAQC,IAAI,mBAAmBJ,KAAKmC,UAAUe,cAAc,MAAM,CAAA,CAAA;AAClEvB,iBAASe,aAAa;AAEtB,cAAMU,2CAAqF;UACzFC,sCAAsCN,iBAAiBnB;QACzD;AACA,YAAIiB,sBAAsBS,gBAAgB;AACxC3B,mBAAS4B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO5B,SAASiB,KAAK5C,KAAKmC,UAAUiB,wCAAAA,CAAAA;QACtC;AAEA,cAAMI,sBAAsB,MAAMpC,QAAQiB,MAAMoB,mBAAmB;UAAE7B;UAAe8B,OAAOX,iBAAiBW;QAAM,CAAA;AAClH,YAAIF,qBAAqB;AACvB7B,mBAAS4B,UAAU,gBAAgB,kBAAA;AACnC,iBAAO5B,SAASiB,KAAK5C,KAAKmC,UAAU;YAAEwB,cAAcH;UAAoB,CAAA,CAAA;QAC1E;MAEF,OAAO;AACLrD,gBAAQC,IAAI,+CAAA;AACZuB,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB;MAC3B;AACA,aAAOhB,SAASiB,KAAI;IACtB,SAASgB,OAAO;AACdzD,cAAQyD,MAAMA,KAAAA;AACd,aAAO3B,kBAAkBN,UAAU,KAAK,gCAAgCiC,KAAAA;IAC1E;EACF,CAAA;AACF;AAjEgB1C;AAmET,SAAS2C,6BAA6B1C,QAAgBC,SAA2BC,MAA0B;AAChH,MAAIA,MAAMC,YAAY,OAAO;AAC3BnB,YAAQC,IAAI,0CAA0C;AACtD;EACF;AACA,QAAMmB,OAAOF,MAAME,QAAQ;AAC3BJ,SAAO2C,IAAIvC,MAAME,UAAUJ,MAAMK,QAAAA,GAAW,OAAO/B,SAAkBgC,aAAAA;AACnE,QAAI;AACF,YAAMC,gBAAgBjC,QAAQqC,OAAOJ;AACrC,YAAMC,UAAUlC,QAAQqC,OAAOH;AAC/B,UAAI,CAACD,iBAAiB,CAACC,SAAS;AAC9B1B,gBAAQC,IAAI,6EAA6EwB,aAAAA,cAA2BC,OAAAA,EAAS;AAC7H,eAAOI,kBAAkBN,UAAU,KAAK,yCAAA;MAC1C;AACA,YAAMoC,eAAe,MAAM3C,QAAQiB,MAAM2B,wBAAwB;QAC/DpC;QACAqC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,cAAc;AACjB5D,gBAAQC,IACN,kGAAkGwB,aAAAA,mBAAgCC,OAAAA,EAAS;AAE7I,eAAOI,kBAAkBN,UAAU,KAAK,yCAAyC;MACnF;AAEA,YAAMS,kBAAkB,MAAMhB,QAAQiB,MAAMC,kBAAkB;QAAEC,QAAQC,mBAAmBX,OAAAA;MAAS,CAAA;AACpG,UAAIO,gBAAgBK,WAAW,GAAG;AAChCtC,gBAAQC,IAAI,oCAAoCyB,OAAAA,8BAAqC;AACrFF,iBAASe,aAAa;AACtBf,iBAASgB,gBAAgB,iBAAiBd,OAAAA;AAC1C,eAAOF,SAASiB,KAAI;MACtB;AACA,YAAM9C,UAAUiE,aAAapE,SAASuE,eAAeC,WAAAA;AACrDrE,cAAQsE,aAAahC,gBAAgB,CAAA,EAAGxB;AACxC,YAAMsD,gBAAgB,MAAMH,aAAapE,SAASuE,eAAeG,MAAAA;AACjElE,cAAQC,IAAI,qBAAA;AACZD,cAAQC,IAAI8D,aAAAA;AAEZ,UAAIN;AACJ,UAAI;AACFjC,iBAASe,aAAa;AACtBf,iBAAS4B,UAAU,gBAAgB,iBAAA;AACnC,eAAO5B,SAASiB,KAAKsB,aAAAA;MACvB,SAASI,GAAG;AACVV,gBAAQ,OAAOU,MAAM,WAAWA,IAAIA,aAAa5D,QAAQ4D,EAAEC,UAAUC;AACrE,eAAOvC,kBAAkBN,UAAU,KAAK,uCAAuC2C,CAAAA;MACjF,UAAA;AACE,cAAMlD,QAAQiB,MAAMoC,2BAA2B;UAC7C7C;UACA8B,OAAO;UACPE;QACF,CAAA;MACF;IACF,SAASA,OAAO;AACd,aAAO3B,kBAAkBN,UAAU,KAAK,uCAAuCiC,KAAAA;IACjF;EACF,CAAA;AACF;AAzDgBC;AA2DT,SAASrB,mBAAmBX,SAAiBC,UAAmBC,SAAgB;AACrF,QAAM2C,cAAc;IAClB7C;IACA,GAAIC,WAAW;MAAEA;IAAS,IAAI,CAAC;IAC/B,GAAIC,UAAU;MAAEA;IAAQ,IAAI,CAAC;EAC/B;AAEA,SAAO;IAAC2C;OAAiBC,YAAY9C,OAAAA,IAAW;MAAC;QAAEZ,IAAIY;MAAQ;QAAK,CAAA;;AACtE;AARgBW;;;AC/KhB,SACEoC,iCAEAC,uCACAC,+CAEK;AACP,SAASC,aAAAA,YAAgCC,qBAAAA,0BAAyB;AAClE,SAASC,mBAAmB;AAE5B,OAAOC,UAAU;;;ACTjB,SAAYC,gBAAgB;AAErB,IAAMC,eAAe,wBAACC,WAAAA;AAC3B,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnC,QAAI;AACFH,aAAOI,MAAMH,IAAII,IAAI;AACrBF,WAAAA;IACF,SAASG,OAAO;AACd,UAAIA,iBAAiBC,UAAU;AAC7B,cAAMC,gBAAgBF,MAAMG,OAAOC,IAAI,CAACC,WAAgB;UACtDC,SAAS,GAAGD,MAAME,KAAKC,KAAK,GAAA,CAAA,OAAWH,MAAMC,OAAO;QACtD,EAAA;AACAV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;UAAgBK,eAAeT,cAAc,CAAA,EAAGI;QAAQ,CAAA;MACvG,OAAO;AACLV,YAAIa,OAAO,GAAA,EAAKC,KAAK;UAAED,QAAQ;UAAKH,SAAS;QAAwB,CAAA;MACvE;IACF;EACF;AACF,GAhB4B;;;ADqBrB,SAASM,yCAAyCC,QAAgBC,SAA2BC,MAA2C;AAC7I,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,yDAAyD;AACrE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOO,KACLD,MACAE,WAAUN,MAAMO,QAAAA,GAChBC,aAAaC,uCAAAA,GACb,OAAOC,SAAmDC,aAAAA;AACxD,QAAI;AACF,YAAMC,cAA0CC,sCAAsCH,QAAQI,IAAI;AAClG,YAAMC,gBAAgBH,YAAYG,iBAAiBC,KAAKA,KAAI;AAC5D,YAAMC,aAAaL,YAAYM,SAAU;QAAE,GAAGN,YAAYM;MAAO,IAA0BlB,MAAMiB;AACjG,YAAME,UAAUP,YAAYO;AAE5B,YAAMC,kBAAkB,MAAMrB,QAAQsB,MAAMC,kBAAkB;QAC5DC,QAAQC,mBAAmBL,OAAAA;MAC7B,CAAA;AACA,UAAIC,gBAAgBK,WAAW,GAAG;AAChCvB,gBAAQC,IAAI,uDAAuDgB,OAAAA,EAAS;AAC5E,eAAOO,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0B,CAAA;MAC5F;AAEA,YAAMC,wBAAwBC,YAAY,iBAAiBX,OAAAA,kBAAyBJ,aAAAA,IAAiB;QACnGgB,SAASnB,YAAYoB,kBAAkBhC,MAAMiC;MAC/C,CAAA;AACA,YAAMC,cAAcJ,YAAY,iBAAiBX,OAAAA,mBAA0BJ,aAAAA,IAAiB;QAAEgB,SAAS/B,MAAMiC;MAAY,CAAA;AAEzH,YAAME,iBAAiB,MAAMpC,QAAQsB,MAAMe,yBAAyB;QAClEjB;QACAJ;QACAsB,OAAOrB,KAAKA,KAAI;QAChBa;QACAS,iBAAiB;QACjBJ;QACA,GAAItB,YAAY2B,iCAAiC;UAAEC,qBAAqB5B,YAAY2B;QAA8B;QAClH,GAAI3B,YAAY6B,YAAY;UAAEA,UAAU7B,YAAY6B;QAAS;MAC/D,CAAA;AAEA,UAAIC;AACJ,UAAIzB,YAAY;AACd,cAAM,EAAE0B,UAAS,IAAK,MAAM,OAAO,YAAA;AACnC,cAAMzB,SAAS,IAAIyB,UAAU;UAAE,GAAG1B;UAAY2B,MAAMT;QAAe,CAAA;AACnEO,wBAAgB,0BAA0B,MAAMxB,OAAO2B,KAAI,GAAKC,SAAS,QAAA,CAAA;MAC3E,OAAO;AACLJ,wBAAgBP;MAClB;AAEA,YAAMY,kBAAkB;QACtBC,UAAU7B;QACV8B,gBAAgBlC;QAChBmC,aAAaf;QACbgB,YAAY,GAAGrB,YAAY9B,MAAMoD,wBAAwB,wBAAwBrC,aAAAA,IAAiB;UAAEgB,SAAS/B,MAAMqD;QAAc,CAAA,CAAA;QACjI,GAAIX,iBAAiB;UAAEY,QAAQZ;QAAc;MAC/C;AACAxC,cAAQC,IAAI,uCAAuCoD,KAAKC,UAAUT,eAAAA,CAAAA,EAAkB;AAEpF,aAAOpC,SAASgB,OAAO,GAAA,EAAK8B,KAAKV,eAAAA;IACnC,SAASW,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS;MAAgD,GAAG8B,KAAAA;IACrH;EACF,CAAA;AAEJ;AAlEgB7D;AAoET,SAAS8D,8CAA8C7D,QAAgBC,SAA2BC,MAA0B;AACjI,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,wDAAwD;AACpE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAO8D,OAAOxD,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAqCC,aAAAA;AACzF,QAAI;AACF,YAAMI,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAM+C,mBAAmB,MAAM/D,QAAQsB,MAAM0C,wBAAwB;QACnEhD;QACAiD,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACF,kBAAkB;AACrB5D,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,eAAOW,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,YAAM7B,QAAQsB,MAAM4C,oBAAoB;QAAElD;MAAc,CAAA;AAExD,aAAOJ,SAASgB,OAAO,GAAA,EAAK8B,KAAI;IAClC,SAASC,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AA3BgBC;AA6BT,SAASO,kCAAkCpE,QAAgBC,SAA2BC,MAA0B;AACrH,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,kDAAkD;AAC9D;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAwCC,aAAAA;AACzF,QAAI;AACFT,cAAQC,IAAI,iCAAA;AACZ,YAAMY,gBAAwBL,QAAQmD,OAAO9C;AAE7C,YAAMqD,eAAe,MAAMrE,QAAQsB,MAAM0C,wBAAwB;QAC/DhD;QACAiD,iBAAiB;MACnB,CAAA;AAEA,UAAI,CAACI,cAAc;AACjBlE,gBAAQC,IAAI,uFAAuFY,aAAAA,EAAe;AAClH,eAAOW,mBAAkBf,UAAU,KAAK;UAAEgB,QAAQ;UAAKC,SAAS;QAA0C,CAAA;MAC5G;AAEA,UAAIyC;AACJ,UAAID,aAAazC,WAAW2C,gCAAgCC,WAAW;AACrEF,wBAAgB,MAAMtE,QAAQsB,MAAMmD,yBAAyB;UAC3DzD;UACAiD,iBAAiB;QACnB,CAAA;MACF;AACA,YAAMS,eAAeJ,iBAAiBD;AAEtC,YAAMM,aAAa;QACjB/C,QAAQ8C,aAAa9C;QACrBsB,gBAAgBwB,aAAa1D;QAC7BiC,UAAUyB,aAAatD;QACvBwD,cAAcF,aAAaG;QAC3B,GAAI,kBAAkBH,gBAAgB;UAAEI,eAAeJ,aAAaK;QAAa;QACjF,GAAIL,aAAaf,SAAS;UAAE9B,SAAS6C,aAAaf,MAAM9B;QAAQ;MAClE;AACA1B,cAAQ6E,MAAM,0BAA0BxB,KAAKC,UAAUkB,UAAAA,CAAAA,EAAa;AAEpE,UAAID,aAAa9C,WAAW,SAAS;AACnC,eAAOhB,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;MACnC;AACA,aAAO/D,SAASgB,OAAO,GAAA,EAAK8B,KAAKiB,UAAAA;IACnC,SAAShB,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAjDgBQ;AAmDT,SAASc,uBAAuBlF,QAAgBC,SAA2BC,MAA0B;AAC1G,MAAIA,MAAMC,YAAY,OAAO;AAC3BC,YAAQC,IAAI,sDAAsD;AAClE;EACF;AAEA,QAAMC,OAAOJ,MAAMI,QAAQ;AAC3BN,SAAOqE,IAAI/D,MAAME,WAAUN,MAAMO,QAAAA,GAAW,OAAOG,SAAkBC,aAAAA;AACnE,QAAI;AACF,YAAMsE,cAAc,MAAMlF,QAAQsB,MAAMC,kBAAiB;AACzDX,eAASuE,aAAa;AACtB,aAAOvE,SAAS8C,KAAKwB,WAAAA;IACvB,SAASvB,OAAO;AACd,aAAOhC,mBAAkBf,UAAU,KAAK;QAAEgB,QAAQ;QAAKC,SAAS8B,MAAM9B;MAAQ,GAAG8B,KAAAA;IACnF;EACF,CAAA;AACF;AAhBgBsB;;;AE5KhB,SAASG,oBAAoB;AAC7B,SAASC,iCAAiD;AAG1D,OAAOC,aAAqD;AAS5D,OAAOC,eAAe;AAEf,IAAMC,oBAAN,MAAMA;EAfb,OAeaA;;;EACMC;EACAC;EACAC;EACAC;EACAC;EAEAC,qBAAqB;EACtC,YAAYC,MAAwG;AAClH,UAAM,EAAEC,OAAOC,KAAI,IAAKF;AACxB,SAAKJ,SAASK;AACdE,8BAA0B;MAAED;MAAME,MAAM;QAAC;QAA2B;QAAoB;;IAA2B,CAAA;AACnH,QAAIF,MAAMG,cAAcC,YAAYC,qBAAqB;AACvDJ,gCAA0B;QAAED;QAAME,MAAM;UAAC;UAAsB;;MAA0B,CAAA;IAC3F;AAEA,SAAKP,QAAQK;AACb,SAAKR,WAAWM,KAAKQ,eAAeC;AACpC,SAAKd,UAAUc,QAAQC,OAAM;AAC7B,UAAMC,UAAUC,aAAaX,KAAAA;AAE7B,UAAMY,WAAWX,MAAMY,kBAAkB;MAAC;MAAa;;AACvDC,YAAQC,IAAI,sCAAsCC,KAAKC,UAAUL,QAAAA,CAAAA,GAAY;AAG7E,QAAIA,SAASM,SAAS,WAAA,GAAc;AAClCC,+CAAyC,KAAKzB,SAASgB,SAAST,MAAMG,cAAcgB,uBAAAA;AACpFC,wCAAkC,KAAK3B,SAASgB,SAAST,MAAMG,cAAckB,gBAAAA;AAC7EC,oDAA8C,KAAK7B,SAASgB,SAAST,MAAMG,cAAcoB,uBAAAA;AACzFC,6BAAuB,KAAK/B,SAASgB,SAAST,MAAMG,cAAcsB,oBAAAA;IACpE;AAGA,QAAId,SAASM,SAAS,MAAA,GAAS;AAC7BS,mCAA6B,KAAKjC,SAASgB,SAAST,MAAMG,cAAcwB,kBAAAA;AACxEC,uCAAiC,KAAKnC,SAASgB,SAAST,MAAMG,cAAc0B,sBAAAA;IAC9E;AACA,SAAKjC,YAAYI,MAAMG,cAAc2B,YAAY;AACjD,SAAKtC,SAASuC,IAAI,KAAKnC,WAAW,KAAKoC,MAAM;AAC7C,SAAKxC,SAASyC,IAAI,eAAejC,MAAMG,cAAc+B,cAAc,IAAA;AACnE,SAAKC,eAAc;EACrB;EAEQA,iBAAiB;AACvBC,UAAM,KAAKvC,kBAAkB,EAC1BwC,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,CAACG,YAAAA;AACL,YAAMC,UAAU,GAAG,KAAK7C,SAAS;AACjCiB,cAAQC,IAAI,iCAAiC2B,OAAAA,EAAS;AAEtD,WAAKhD,QAAQsC,IACX,aACA,CAACW,KAAcJ,KAAeK,SAAAA;AAC5B,cAAMC,QAAQ,GAAGH,QAAQI,QAAQ,MAAM,GAAA,CAAA,GAAQA,QAAQ,WAAW,EAAA,EAAIA,QAAQ,gBAAgB,EAAA;AAC9FL,gBAAQM,UAAU;UAAC;YAAEC,KAAK,GAAGL,IAAIM,QAAQ,MAAMN,IAAIO,IAAI,MAAA,CAAA,GAAUL,KAAAA;YAASM,aAAa;UAAc;;AAErGR,YAAIS,aAAaX;AACjBG,aAAAA;MACF,GACAS,UAAUC,WAAWb,SAASc,OAAAA,GAC9BF,UAAUG,MAAK,CAAA;IAEnB,CAAA,EACCC,MAAM,CAACC,QAAAA;AACN5C,cAAQC,IAAI,8CAA8C2C,GAAAA,2CAA8C;IAC1G,CAAA;AACF,UAAMH,UAAU,CAEhB;EACF;EACA,IAAI/C,UAAmB;AACrB,WAAO,KAAKf;EACd;EAEA,IAAIwC,SAAiB;AACnB,WAAO,KAAKvC;EACd;EAEA,IAAIM,QAA2B;AAC7B,WAAO,KAAKL;EACd;EAEA,IAAIM,OAAyC;AAC3C,WAAO,KAAKL;EACd;AACF;","names":["checkAuth","sendErrorResponse","CredentialMapper","validate","isValidUUID","parseAuthorizationResponse","request","contentType","header","payload","body","JSON","parse","presentation_submission","console","log","vp_token","startsWith","endsWith","CredentialMapper","isJsonLdAsString","Error","validatePresentationSubmission","query","submission","credentials","every","credential","id","verifyAuthResponseSIOPv2Endpoint","router","context","opts","enabled","path","post","checkAuth","endpoint","response","correlationId","queryId","tenantId","version","params","sendErrorResponse","debug","stringify","definitionItems","agent","pdmGetDefinitions","filter","buildQueryIdFilter","length","statusCode","statusMessage","send","authorizationResponse","definitionItem","verifiedResponse","siopVerifyAuthResponse","dcqlQuery","presentation","oid4vpSubmission","authorizationChallengeValidationResponse","presentation_during_issuance_session","is_first_party","setHeader","responseRedirectURI","siopGetRedirectURI","state","redirect_uri","error","getAuthRequestSIOPv2Endpoint","get","requestState","siopGetAuthRequestState","errorOnNotFound","requestObject","getPayload","dcql_query","toJwt","e","message","undefined","siopUpdateAuthRequestState","queryFilter","isValidUUID","AuthorizationRequestStateStatus","createAuthorizationRequestFromPayload","CreateAuthorizationRequestPayloadSchema","checkAuth","sendErrorResponse","uriWithBase","uuid","ZodError","validateData","schema","req","res","next","parse","body","error","ZodError","errorMessages","issues","map","issue","message","path","join","status","json","error_details","createAuthRequestUniversalOID4VPEndpoint","router","context","opts","enabled","console","log","path","post","checkAuth","endpoint","validateData","CreateAuthorizationRequestPayloadSchema","request","response","authRequest","createAuthorizationRequestFromPayload","body","correlationId","uuid","qrCodeOpts","qrCode","queryId","definitionItems","agent","pdmGetDefinitions","filter","buildQueryIdFilter","length","sendErrorResponse","status","message","requestByReferenceURI","uriWithBase","baseURI","requestUriBase","siopBaseURI","responseURI","authRequestURI","siopCreateAuthRequestURI","nonce","responseURIType","directPostResponseRedirectUri","responseRedirectURI","callback","qrCodeDataUri","AwesomeQR","text","draw","toString","authRequestBody","query_id","correlation_id","request_uri","status_uri","webappAuthStatusPath","webappBaseURI","qr_uri","JSON","stringify","json","error","removeAuthRequestStateUniversalOID4VPEndpoint","delete","params","authRequestState","siopGetAuthRequestState","errorOnNotFound","siopDeleteAuthState","authStatusUniversalOID4VPEndpoint","get","requestState","responseState","AuthorizationRequestStateStatus","RETRIEVED","siopGetAuthResponseState","overallState","statusBody","last_updated","lastUpdated","verified_data","verifiedData","debug","getDefinitionsEndpoint","definitions","statusCode","agentContext","copyGlobalAuthToEndpoints","express","swaggerUi","SIOPv2RPApiServer","_express","_router","_agent","_opts","_basePath","OID4VP_SWAGGER_URL","args","agent","opts","copyGlobalAuthToEndpoints","keys","endpointOpts","globalAuth","secureSiopEndpoints","expressSupport","express","Router","context","agentContext","features","enableFeatures","console","log","JSON","stringify","includes","createAuthRequestUniversalOID4VPEndpoint","webappCreateAuthRequest","authStatusUniversalOID4VPEndpoint","webappAuthStatus","removeAuthRequestStateUniversalOID4VPEndpoint","webappDeleteAuthRequest","getDefinitionsEndpoint","webappGetDefinitions","getAuthRequestSIOPv2Endpoint","siopGetAuthRequest","verifyAuthResponseSIOPv2Endpoint","siopVerifyAuthResponse","basePath","use","router","set","trustProxy","setupSwaggerUi","fetch","then","res","json","swagger","apiDocs","req","next","regex","replace","servers","url","protocol","get","description","swaggerDoc","swaggerUi","serveFiles","options","setup","catch","err"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api",
-  "version": "0.34.1-fix.226+0b5294f9",
+  "version": "0.34.1-fix.254+c3fdd3d0",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -23,16 +23,16 @@
     "start:dev": "ts-node __tests__/RestAPI.ts"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.170",
-    "@sphereon/ssi-express-support": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk.core": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk.credential-validation": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk.pd-manager": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-types": "0.34.1-fix.226+0b5294f9",
+    "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.184",
+    "@sphereon/ssi-express-support": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.core": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.credential-validation": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.pd-manager": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-types": "0.34.1-fix.254+c3fdd3d0",
     "@veramo/core": "4.2.0",
     "@veramo/credential-w3c": "4.2.0",
     "awesome-qr": "^2.1.5-rc.0",
@@ -40,6 +40,7 @@
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
     "cross-fetch": "^4.1.0",
+    "dcql": "1.0.1",
     "dotenv-flow": "^3.3.0",
     "express": "^4.19.2",
     "short-uuid": "^4.2.2",
@@ -49,16 +50,17 @@
   },
   "devDependencies": {
     "@decentralized-identity/ion-sdk": "^0.6.0",
-    "@sphereon/did-auth-siop-adapter": "0.19.1-feature.DIIPv4.170",
+    "@sphereon/did-auth-siop-adapter": "0.19.1-feature.DIIPv4.184",
     "@sphereon/did-uni-client": "^0.6.3",
     "@sphereon/pex": "5.0.0-unstable.28",
     "@sphereon/pex-models": "^2.3.2",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-fix.226+0b5294f9",
-    "@sphereon/ssi-sdk.data-store": "0.34.1-fix.226+0b5294f9",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.credential-vcdm-jsonld-provider": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.data-store": "0.34.1-fix.254+c3fdd3d0",
+    "@sphereon/ssi-sdk.data-store-types": "0.34.1-fix.254+c3fdd3d0",
     "@types/body-parser": "^1.19.5",
     "@types/cookie-parser": "^1.4.7",
     "@types/cors": "^2.8.17",
@@ -117,5 +119,5 @@
     "OpenID Connect",
     "Authenticator"
   ],
-  "gitHead": "0b5294f9513532c0bf553b1faf38363c5754b5af"
+  "gitHead": "c3fdd3d0d7e4124484f87a611792c9201a01256b"
 }

package/src/siop-api-functions.ts CHANGED Viewed

@@ -1,9 +1,11 @@
-import { AuthorizationResponsePayload } from '@sphereon/did-auth-siop'
+import { AuthorizationResponsePayload, PresentationSubmission } from '@sphereon/did-auth-siop'
 import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
 import { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
 import { CredentialMapper } from '@sphereon/ssi-types'
 import { Request, Response, Router } from 'express'
+import { validate as isValidUUID } from 'uuid'
 import { IRequiredContext } from './types'
+import { DcqlQuery } from 'dcql'
 const parseAuthorizationResponse = (request: Request): AuthorizationResponsePayload => {
   const contentType = request.header('content-type')
@@ -41,6 +43,10 @@ const parseAuthorizationResponse = (request: Request): AuthorizationResponsePayl
   )
 }
+const validatePresentationSubmission = (query: DcqlQuery, submission: PresentationSubmission): boolean => {
+  return query.credentials.every(credential => credential.id in submission)
+}
 export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
   if (opts?.enabled === false) {
     console.log(`verifyAuthResponse SIOP endpoint is disabled`)
@@ -57,16 +63,7 @@ export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequi
       console.debug('Authorization Response (siop-sessions') // TODO use logger
       console.debug(JSON.stringify(request.body, null, 2))
       const definitionItems = await context.agent.pdmGetDefinitions({
-        filter: [
-          {
-            queryId,
-            ...(tenantId && { tenantId }),
-            ...(version && { version }),
-          },
-          {
-            id: queryId,
-          },
-        ],
+        filter: buildQueryIdFilter(queryId, tenantId, version),
       })
       if (definitionItems.length === 0) {
         console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)
@@ -85,10 +82,9 @@ export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequi
         dcqlQuery: definitionItem.query,
       })
-      // FIXME SSISDK-55 add proper support for checking for DCQL presentations
       const presentation = verifiedResponse?.oid4vpSubmission?.presentation
-      if (presentation && Object.keys(presentation).length > 0) {
-        console.log('PRESENTATIONS:' + JSON.stringify(verifiedResponse?.oid4vpSubmission?.presentation, null, 2))
+      if (presentation && validatePresentationSubmission(definitionItem.query, presentation)) {
+        console.log('PRESENTATIONS:' + JSON.stringify(presentation, null, 2))
         response.statusCode = 200
         const authorizationChallengeValidationResponse: AuthorizationChallengeValidationResponse = {
@@ -99,7 +95,7 @@ export function verifyAuthResponseSIOPv2Endpoint(router: Router, context: IRequi
           return response.send(JSON.stringify(authorizationChallengeValidationResponse))
         }
-        const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, queryId, state: verifiedResponse.state })
+        const responseRedirectURI = await context.agent.siopGetRedirectURI({ correlationId, state: verifiedResponse.state })
         if (responseRedirectURI) {
           response.setHeader('Content-Type', 'application/json')
           return response.send(JSON.stringify({ redirect_uri: responseRedirectURI }))
@@ -143,7 +139,7 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
         return sendErrorResponse(response, 404, `No authorization request could be found`)
       }
-      const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ queryId }] });
+      const definitionItems = await context.agent.pdmGetDefinitions({ filter: buildQueryIdFilter(queryId) })
       if (definitionItems.length === 0) {
         console.log(`Could not get dcql query with id ${queryId} from agent. Will return 404`)
         response.statusCode = 404
@@ -176,3 +172,13 @@ export function getAuthRequestSIOPv2Endpoint(router: Router, context: IRequiredC
     }
   })
 }
+export function buildQueryIdFilter(queryId: string, tenantId?: string, version?: string) {
+  const queryFilter = {
+    queryId,
+    ...(tenantId ? { tenantId } : {}),
+    ...(version ? { version } : {}),
+  }
+  return [queryFilter, ...(isValidUUID(queryId) ? [{ id: queryId }] : [])] // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version
+}

package/src/universal-oid4vp-api-functions.ts CHANGED Viewed

@@ -10,6 +10,7 @@ import { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
 import { Request, Response, Router } from 'express'
 import uuid from 'short-uuid'
 import { validateData } from './middleware/validationMiddleware'
+import { buildQueryIdFilter } from './siop-api-functions'
 import {
   AuthStatusResponse,
   CreateAuthorizationRequestPayloadRequest,
@@ -40,10 +41,7 @@ export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context
         const queryId = authRequest.queryId
         const definitionItems = await context.agent.pdmGetDefinitions({
-          filter: [
-            { id: queryId }, // Allow both PK (unique queryId + version combi) or just plain queryId which assumes the latest version
-            { queryId },
-          ],
+          filter: buildQueryIdFilter(queryId),
         })
         if (definitionItems.length === 0) {
           console.log(`No query could be found for the given id. Query id: ${queryId}`)
@@ -147,7 +145,7 @@ export function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequ
       if (requestState.status === AuthorizationRequestStateStatus.RETRIEVED) {
         responseState = await context.agent.siopGetAuthResponseState({
           correlationId,
-          errorOnNotFound: false
+          errorOnNotFound: false,
         })
       }
       const overallState = responseState ?? requestState
@@ -158,7 +156,7 @@ export function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequ
         query_id: overallState.queryId,
         last_updated: overallState.lastUpdated,
         ...('verifiedData' in overallState && { verified_data: overallState.verifiedData }),
-        ...(overallState.error && { message: overallState.error.message })
+        ...(overallState.error && { message: overallState.error.message }),
       } satisfies AuthStatusResponse
       console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)