@sphereon/ssi-sdk.w3c-vc-api 0.13.1-next.32 → 0.13.1-next.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +175 -27
- package/dist/types.d.ts +0 -4
- package/dist/types.d.ts.map +1 -1
- package/package.json +11 -11
- package/src/types.ts +2 -2
package/README.md
CHANGED
|
@@ -2,51 +2,199 @@
|
|
|
2
2
|
<h1 align="center">
|
|
3
3
|
<br>
|
|
4
4
|
<a href="https://www.sphereon.com"><img src="https://sphereon.com/content/themes/sphereon/assets/img/logo.svg" alt="Sphereon" width="400"></a>
|
|
5
|
-
<br>
|
|
5
|
+
<br>W3C VC API
|
|
6
6
|
<br>
|
|
7
7
|
</h1>
|
|
8
8
|
|
|
9
9
|
---
|
|
10
10
|
|
|
11
|
-
**Warning: This package
|
|
11
|
+
**Warning: This package is in early development. Breaking changes without notice will happen at this point!**
|
|
12
12
|
|
|
13
13
|
---
|
|
14
14
|
|
|
15
|
-
|
|
16
|
-
the [Self Issued OpenID Provider v2 (SIOPv2)](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html)
|
|
17
|
-
and [OpenID Connect for Verifiable Presentations (OIDC4VP)](https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0.html)
|
|
18
|
-
as specified in the OpenID Connect working group.
|
|
15
|
+
This module provides a W3C Verifiable Credential API, to allow issuance and verification of VCs and VPs.
|
|
19
16
|
|
|
20
|
-
|
|
17
|
+
# VC API
|
|
21
18
|
|
|
22
|
-
For more information about
|
|
19
|
+
For more information about the W3C VC API visit
|
|
20
|
+
the [W3C VC API Github](https://w3c-ccg.github.io/vc-api/).
|
|
21
|
+
This module allows you to issue, persist, retrieve and verify Verifiable Credentials (other endpoints are not supported yet)
|
|
23
22
|
|
|
24
|
-
|
|
23
|
+
There are 3 modes of resolution, controlled by a query parameter, when calling the resolution endpoint. You can also set
|
|
24
|
+
a default mode when no query parameter is being used.
|
|
25
|
+
|
|
26
|
+
The modes are:
|
|
27
|
+
|
|
28
|
+
- **local**: Only DIDs managed by the agent can be resolved. DID:web and it's keys are translated to DID documents
|
|
29
|
+
- **global**: Resolves DIDs by using the supported resolvers of the agent, allowing external DID resolution
|
|
30
|
+
- **hybrid** (default): Tries to resolve locally first. If not found it will fallback to the global mode
|
|
31
|
+
|
|
32
|
+
### Issuance example
|
|
33
|
+
|
|
34
|
+
The below example resolves the provided did:web DID using external resolution by looking up the domain from the provided
|
|
35
|
+
host at https://ddip.sphereon.com.
|
|
36
|
+
|
|
37
|
+
```shell
|
|
38
|
+
curl -X POST\
|
|
39
|
+
-H "Accept: application/json"\
|
|
40
|
+
"https://agent/credentials/issue"
|
|
41
|
+
-d '<json body below>'
|
|
42
|
+
```
|
|
43
|
+
Body:
|
|
44
|
+
```json
|
|
45
|
+
{
|
|
46
|
+
"verifiableCredential": {
|
|
47
|
+
"@context": [
|
|
48
|
+
"https://www.w3.org/2018/credentials/v1"
|
|
49
|
+
],
|
|
50
|
+
"id": "https://example.com/8790171",
|
|
51
|
+
"type": [
|
|
52
|
+
"VerifiableCredential",
|
|
53
|
+
"GS1CompanyPrefixLicenseCredential"
|
|
54
|
+
],
|
|
55
|
+
"issuer": "did:web:example.com",
|
|
56
|
+
"issuanceDate": "2023-06-22T00:00:00.000Z",
|
|
57
|
+
"validUntil": "2024-06-22T00:00:00.000Z",
|
|
58
|
+
"credentialSubject": {
|
|
59
|
+
"id": "did:web:subject.example.com",
|
|
60
|
+
"example": "value"
|
|
61
|
+
},
|
|
62
|
+
"proof": {
|
|
63
|
+
"type": "JsonWebSignature2020",
|
|
64
|
+
"created": "2023-06-29T22:20:27.000Z",
|
|
65
|
+
"proofPurpose": "assertionMethod",
|
|
66
|
+
"verificationMethod": "did:web:example.com#key-1",
|
|
67
|
+
"jws": "ey......."
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
```json
|
|
74
|
+
{
|
|
75
|
+
|
|
76
|
+
}
|
|
77
|
+
```
|
|
25
78
|
|
|
26
|
-
For this plugin a DID resolver is also required. A DID resolver can be added to the agent as plugin as seen in the example below.
|
|
27
79
|
|
|
28
|
-
##
|
|
80
|
+
## Configure API
|
|
29
81
|
|
|
30
|
-
|
|
82
|
+
You can configure and build the API in multiple ways. This module also exposes functions for every endpoint, so you are
|
|
83
|
+
able to create your own Express router and then use functions to enable certain endpoints in your solution. The more
|
|
84
|
+
easy route is to use the `VcApiServer` class. This class has configuration support, allowing to enable/disable
|
|
85
|
+
certain features, like for instance whether VCs can be created, persisted, and/or verified.
|
|
31
86
|
|
|
32
|
-
|
|
87
|
+
Note: You can have multiple instances of the VcApiServer, as long as you make sure that the basePaths differs
|
|
88
|
+
for each instance and that the same express is being used.
|
|
33
89
|
|
|
34
90
|
```typescript
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
91
|
+
// agent is a configured SSI-SDK/Veramo agent (see below for an example)
|
|
92
|
+
|
|
93
|
+
// Let's first build express to listen on port 5000
|
|
94
|
+
const expressBuilder = ExpressBuilder.fromServerOpts({
|
|
95
|
+
port: 5000,
|
|
96
|
+
hostname: '0.0.0.0',
|
|
97
|
+
}).withPassportAuth(false)
|
|
98
|
+
const expressArgs = expressBuilder.build({ startListening: true })
|
|
99
|
+
|
|
100
|
+
// Now create the VC PI, with VC issuance, persistence and verification enabled and authentication disabled
|
|
101
|
+
new VcApiServer({
|
|
102
|
+
opts: {
|
|
103
|
+
endpointOpts: {
|
|
104
|
+
globalAuth: {
|
|
105
|
+
authentication: {
|
|
106
|
+
enabled: false,
|
|
107
|
+
},
|
|
108
|
+
},
|
|
109
|
+
},
|
|
110
|
+
issueCredentialOpts: {
|
|
111
|
+
enableFeatures: ['vc-issue', 'vc-persist', 'vc-verify'],
|
|
112
|
+
proofFormat: 'lds', // Issue JSON-LD VCs, can also be changed to `jwt`
|
|
113
|
+
fetchRemoteContexts: true, // Whether to allow fetching remote contexts, mainly used when verifying VCs
|
|
114
|
+
keyRef: '89a4661e446b46401325a38d3b20582d1dd277eb448a3181012a671b7ae15837', // The key to use when signing VCs
|
|
115
|
+
},
|
|
116
|
+
},
|
|
117
|
+
expressArgs,
|
|
118
|
+
agent,
|
|
119
|
+
})
|
|
120
|
+
// At this point you can execute the example above, as the VC API is now listening on port 5000
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
## Requirements
|
|
124
|
+
|
|
125
|
+
For this plugin a DID resolver is also required. A DID resolver can be added to the agent as plugin as seen in the
|
|
126
|
+
example below. You can find resolvers in the Veramo project and our
|
|
127
|
+
[SSI-SDK-crypto-extensions](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions.git)
|
|
128
|
+
|
|
129
|
+
### Agent setup
|
|
40
130
|
|
|
41
|
-
|
|
131
|
+
```typescript
|
|
132
|
+
export const resolver = new Resolver({
|
|
133
|
+
...getDidWebResolver(),
|
|
134
|
+
...getDidKeyResolver(),
|
|
135
|
+
...getDidJwkResolver(),
|
|
136
|
+
...getDidIonResolver(),
|
|
137
|
+
})
|
|
138
|
+
|
|
139
|
+
export const didProviders = {
|
|
140
|
+
[`did:web`]: new WebDIDProvider({
|
|
141
|
+
defaultKms: 'local',
|
|
142
|
+
}),
|
|
143
|
+
[`did:key`]: new KeyDIDProvider({
|
|
144
|
+
defaultKms: 'local',
|
|
145
|
+
}),
|
|
146
|
+
[`did:ion`]: new IonDIDProvider({
|
|
147
|
+
defaultKms: 'local',
|
|
148
|
+
}),
|
|
149
|
+
[`did:jwk`]: new JwkDIDProvider({
|
|
150
|
+
defaultKms: 'local',
|
|
151
|
+
}),
|
|
152
|
+
}
|
|
153
|
+
|
|
154
|
+
const agent = createAgent<
|
|
155
|
+
IDIDManager &
|
|
156
|
+
IKeyManager &
|
|
157
|
+
IDataStore &
|
|
158
|
+
IDataStoreORM &
|
|
159
|
+
IResolver &
|
|
160
|
+
IPresentationExchange &
|
|
161
|
+
ICredentialVerifier &
|
|
162
|
+
ICredentialHandlerLDLocal &
|
|
163
|
+
ICredentialPlugin
|
|
164
|
+
>({
|
|
42
165
|
plugins: [
|
|
43
|
-
new
|
|
166
|
+
new DataStore(dbConnection),
|
|
167
|
+
new DataStoreORM(dbConnection),
|
|
168
|
+
new KeyManager({
|
|
169
|
+
store: new KeyStore(dbConnection),
|
|
170
|
+
kms: {
|
|
171
|
+
local: new KeyManagementSystem(privateKeyStore),
|
|
172
|
+
},
|
|
173
|
+
}),
|
|
174
|
+
new DIDManager({
|
|
175
|
+
store: new DIDStore(dbConnection),
|
|
176
|
+
defaultProvider: `${DID_PREFIX}:${SupportedDidMethodEnum.DID_JWK}`,
|
|
177
|
+
providers: didProviders,
|
|
178
|
+
}),
|
|
44
179
|
new DIDResolverPlugin({
|
|
45
|
-
resolver
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
180
|
+
resolver,
|
|
181
|
+
}),
|
|
182
|
+
new PresentationExchange(),
|
|
183
|
+
new CredentialPlugin(),
|
|
184
|
+
new CredentialHandlerLDLocal({
|
|
185
|
+
contextMaps: [LdDefaultContexts],
|
|
186
|
+
suites: [
|
|
187
|
+
new SphereonEd25519Signature2018(),
|
|
188
|
+
new SphereonEd25519Signature2020(),
|
|
189
|
+
new SphereonBbsBlsSignature2020(),
|
|
190
|
+
new SphereonJsonWebSignature2020(),
|
|
191
|
+
new SphereonEcdsaSecp256k1RecoverySignature2020(),
|
|
192
|
+
],
|
|
193
|
+
bindingOverrides: new Map([
|
|
194
|
+
['createVerifiableCredentialLD', MethodNames.createVerifiableCredentialLDLocal],
|
|
195
|
+
['createVerifiablePresentationLD', MethodNames.createVerifiablePresentationLDLocal],
|
|
196
|
+
]),
|
|
197
|
+
keyStore: privateKeyStore,
|
|
50
198
|
}),
|
|
51
199
|
],
|
|
52
200
|
})
|
|
@@ -55,11 +203,11 @@ const agent = createAgent<IDidAuthSiopOpAuthenticator & IResolver>({
|
|
|
55
203
|
## Installation
|
|
56
204
|
|
|
57
205
|
```shell
|
|
58
|
-
|
|
206
|
+
pnpm add @sphereon/ssi-sdk.w3c-vc-api
|
|
59
207
|
```
|
|
60
208
|
|
|
61
209
|
## Build
|
|
62
210
|
|
|
63
211
|
```shell
|
|
64
|
-
|
|
212
|
+
pnpm build
|
|
65
213
|
```
|
package/dist/types.d.ts
CHANGED
|
@@ -3,11 +3,8 @@ import { IAgentContext, ICredentialIssuer, ICredentialPlugin, ICredentialVerifie
|
|
|
3
3
|
import { ProofFormat } from '@veramo/core/src/types/ICredentialIssuer';
|
|
4
4
|
export type IRequiredPlugins = IDataStore & IDataStoreORM & IDIDManager & IKeyManager & ICredentialIssuer & ICredentialVerifier & ICredentialPlugin & IResolver;
|
|
5
5
|
export type IRequiredContext = IAgentContext<IRequiredPlugins>;
|
|
6
|
-
interface IVCAPISecurityOpts {
|
|
7
|
-
}
|
|
8
6
|
export interface IVCAPIOpts {
|
|
9
7
|
endpointOpts?: IVCAPIEndpointOpts;
|
|
10
|
-
securityOpts?: IVCAPISecurityOpts;
|
|
11
8
|
issueCredentialOpts?: IVCAPIIssueOpts;
|
|
12
9
|
}
|
|
13
10
|
export interface IVCAPIEndpointOpts {
|
|
@@ -66,5 +63,4 @@ export interface ChallengeOptsPayload {
|
|
|
66
63
|
challenge?: string;
|
|
67
64
|
domain?: string;
|
|
68
65
|
}
|
|
69
|
-
export {};
|
|
70
66
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACxF,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,UAAU,EACV,aAAa,EACb,WAAW,EACX,WAAW,EACX,SAAS,EACV,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,WAAW,EAAE,MAAM,0CAA0C,CAAA;AAEtE,MAAM,MAAM,gBAAgB,GAAG,UAAU,GACvC,aAAa,GACb,WAAW,GACX,WAAW,GACX,iBAAiB,GACjB,mBAAmB,GACnB,iBAAiB,GACjB,SAAS,CAAA;AACX,MAAM,MAAM,gBAAgB,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACxF,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,UAAU,EACV,aAAa,EACb,WAAW,EACX,WAAW,EACX,SAAS,EACV,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,WAAW,EAAE,MAAM,0CAA0C,CAAA;AAEtE,MAAM,MAAM,gBAAgB,GAAG,UAAU,GACvC,aAAa,GACb,WAAW,GACX,WAAW,GACX,iBAAiB,GACjB,mBAAmB,GACnB,iBAAiB,GACjB,SAAS,CAAA;AACX,MAAM,MAAM,gBAAgB,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAA;AAI9D,MAAM,WAAW,UAAU;IACzB,YAAY,CAAC,EAAE,kBAAkB,CAAA;IAEjC,mBAAmB,CAAC,EAAE,eAAe,CAAA;CACtC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,eAAe,CAAA;IAC5B,eAAe,CAAC,EAAE,4BAA4B,CAAA;IAC9C,cAAc,CAAC,EAAE,mBAAmB,CAAA;IACpC,aAAa,CAAC,EAAE,mBAAmB,CAAA;IACnC,gBAAgB,CAAC,EAAE,mBAAmB,CAAA;IACtC,gBAAgB,CAAC,EAAE,6BAA6B,CAAA;IAChD,kBAAkB,CAAC,EAAE,mBAAmB,CAAA;CACzC;AAED,MAAM,MAAM,aAAa,GAAG,WAAW,GAAG,UAAU,GAAG,YAAY,CAAA;AAEnE,MAAM,WAAW,eAAe;IAC9B,cAAc,CAAC,EAAE,aAAa,EAAE,CAAA;IAChC,wBAAwB,CAAC,EAAE,OAAO,CAAA;IAElC;;OAEG;IACH,WAAW,EAAE,WAAW,CAAA;IAExB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAE9B;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IAEf;;;;;;OAMG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAA;CAC9B;AAED,MAAM,WAAW,4BAA6B,SAAQ,mBAAmB;IACvE,mBAAmB,CAAC,EAAE,eAAe,CAAA;IACrC,wBAAwB,CAAC,EAAE,OAAO,CAAA;CACnC;AAED,MAAM,WAAW,6BAA8B,SAAQ,mBAAmB;IACxE,mBAAmB,CAAC,EAAE,OAAO,CAAA;CAC9B;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,gBAAgB,CAAC,EAAE;QACjB,IAAI,EAAE,MAAM,CAAA;KACb,CAAA;CACF;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk.w3c-vc-api",
|
|
3
|
-
"version": "0.13.1-next.
|
|
3
|
+
"version": "0.13.1-next.33+a7cf5cd",
|
|
4
4
|
"source": "src/index.ts",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -12,11 +12,11 @@
|
|
|
12
12
|
},
|
|
13
13
|
"dependencies": {
|
|
14
14
|
"@sphereon/did-auth-siop": "0.3.2-unstable.7",
|
|
15
|
-
"@sphereon/ssi-sdk.core": "0.13.1-next.
|
|
16
|
-
"@sphereon/ssi-sdk.express-support": "0.13.1-next.
|
|
17
|
-
"@sphereon/ssi-sdk.kv-store-temp": "0.13.1-next.
|
|
18
|
-
"@sphereon/ssi-sdk.presentation-exchange": "0.13.1-next.
|
|
19
|
-
"@sphereon/ssi-types": "0.13.1-next.
|
|
15
|
+
"@sphereon/ssi-sdk.core": "0.13.1-next.33+a7cf5cd",
|
|
16
|
+
"@sphereon/ssi-sdk.express-support": "0.13.1-next.33+a7cf5cd",
|
|
17
|
+
"@sphereon/ssi-sdk.kv-store-temp": "0.13.1-next.33+a7cf5cd",
|
|
18
|
+
"@sphereon/ssi-sdk.presentation-exchange": "0.13.1-next.33+a7cf5cd",
|
|
19
|
+
"@sphereon/ssi-types": "0.13.1-next.33+a7cf5cd",
|
|
20
20
|
"@types/uuid": "^9.0.1",
|
|
21
21
|
"@veramo/core": "4.2.0",
|
|
22
22
|
"@veramo/credential-w3c": "4.2.0",
|
|
@@ -32,10 +32,10 @@
|
|
|
32
32
|
},
|
|
33
33
|
"devDependencies": {
|
|
34
34
|
"@sphereon/did-uni-client": "^0.6.0",
|
|
35
|
-
"@sphereon/ssi-sdk-ext.did-provider-jwk": "0.
|
|
36
|
-
"@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.
|
|
37
|
-
"@sphereon/ssi-sdk.data-store": "0.13.1-next.
|
|
38
|
-
"@sphereon/ssi-sdk.vc-handler-ld-local": "0.13.1-next.
|
|
35
|
+
"@sphereon/ssi-sdk-ext.did-provider-jwk": "0.13.0",
|
|
36
|
+
"@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.13.0",
|
|
37
|
+
"@sphereon/ssi-sdk.data-store": "0.13.1-next.33+a7cf5cd",
|
|
38
|
+
"@sphereon/ssi-sdk.vc-handler-ld-local": "0.13.1-next.33+a7cf5cd",
|
|
39
39
|
"@types/body-parser": "^1.19.2",
|
|
40
40
|
"@types/cookie-parser": "^1.4.3",
|
|
41
41
|
"@types/cors": "^2.8.13",
|
|
@@ -86,5 +86,5 @@
|
|
|
86
86
|
"W3C",
|
|
87
87
|
"VC API"
|
|
88
88
|
],
|
|
89
|
-
"gitHead": "
|
|
89
|
+
"gitHead": "a7cf5cd23f39321ecb7c35589723a5d23114d460"
|
|
90
90
|
}
|
package/src/types.ts
CHANGED
|
@@ -22,11 +22,11 @@ export type IRequiredPlugins = IDataStore &
|
|
|
22
22
|
IResolver
|
|
23
23
|
export type IRequiredContext = IAgentContext<IRequiredPlugins>
|
|
24
24
|
|
|
25
|
-
interface IVCAPISecurityOpts {}
|
|
25
|
+
// interface IVCAPISecurityOpts {}
|
|
26
26
|
|
|
27
27
|
export interface IVCAPIOpts {
|
|
28
28
|
endpointOpts?: IVCAPIEndpointOpts
|
|
29
|
-
securityOpts?: IVCAPISecurityOpts
|
|
29
|
+
// securityOpts?: IVCAPISecurityOpts
|
|
30
30
|
issueCredentialOpts?: IVCAPIIssueOpts
|
|
31
31
|
}
|
|
32
32
|
|