@twin.org/identity-authentication 0.0.2-next.8 → 0.0.3-next.1

package/dist/es/index.js

@@ -0,0 +1,12 @@
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export * from "./models/identityAuthenticationContexts.js";
+export * from "./models/identityAuthenticationTypes.js";
+export * from "./models/IIdentityAuthenticationActionRequest.js";
+export * from "./models/IVerifiableCredentialAuthenticationGeneratorConfig.js";
+export * from "./models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions.js";
+export * from "./models/IVerifiableCredentialAuthenticationProcessorConfig.js";
+export * from "./models/IVerifiableCredentialAuthenticationProcessorConstructorOptions.js";
+export * from "./verifiableCredentialAuthenticationGenerator.js";
+export * from "./verifiableCredentialAuthenticationProcessor.js";
+//# sourceMappingURL=index.js.map

package/dist/es/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,cAAc,4CAA4C,CAAC;AAC3D,cAAc,yCAAyC,CAAC;AACxD,cAAc,kDAAkD,CAAC;AACjE,cAAc,gEAAgE,CAAC;AAC/E,cAAc,4EAA4E,CAAC;AAC3F,cAAc,gEAAgE,CAAC;AAC/E,cAAc,4EAA4E,CAAC;AAC3F,cAAc,kDAAkD,CAAC;AACjE,cAAc,kDAAkD,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nexport * from \"./models/identityAuthenticationContexts.js\";\nexport * from \"./models/identityAuthenticationTypes.js\";\nexport * from \"./models/IIdentityAuthenticationActionRequest.js\";\nexport * from \"./models/IVerifiableCredentialAuthenticationGeneratorConfig.js\";\nexport * from \"./models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions.js\";\nexport * from \"./models/IVerifiableCredentialAuthenticationProcessorConfig.js\";\nexport * from \"./models/IVerifiableCredentialAuthenticationProcessorConstructorOptions.js\";\nexport * from \"./verifiableCredentialAuthenticationGenerator.js\";\nexport * from \"./verifiableCredentialAuthenticationProcessor.js\";\n"]}

package/dist/es/models/IIdentityAuthenticationActionRequest.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IIdentityAuthenticationActionRequest.js.map

package/dist/es/models/IIdentityAuthenticationActionRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IIdentityAuthenticationActionRequest.js","sourceRoot":"","sources":["../../../src/models/IIdentityAuthenticationActionRequest.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IdentityAuthenticationContexts } from \"./identityAuthenticationContexts.js\";\nimport type { IdentityAuthenticationTypes } from \"./identityAuthenticationTypes.js\";\n\n/**\n * The JSON-LD definition for a action request.\n */\nexport interface IIdentityAuthenticationActionRequest {\n\t/**\n\t * The JSON-LD context.\n\t */\n\t\"@context\": typeof IdentityAuthenticationContexts.ContextRoot;\n\n\t/**\n\t * The type of the request.\n\t */\n\ttype: typeof IdentityAuthenticationTypes.ActionRequest;\n\n\t/**\n\t * The identity of the entity making the request.\n\t */\n\trequester: string;\n\n\t/**\n\t * The action which can be checked to make sure it matches the specific operation.\n\t */\n\taction?: string;\n\n\t/**\n\t * Additional data for the action request, can be customised per request.\n\t */\n\tdata?: unknown;\n}\n"]}

package/dist/es/models/IVerifiableCredentialAuthenticationGeneratorConfig.js

@@ -0,0 +1,4 @@
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IVerifiableCredentialAuthenticationGeneratorConfig.js.map

package/dist/es/models/IVerifiableCredentialAuthenticationGeneratorConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IVerifiableCredentialAuthenticationGeneratorConfig.js","sourceRoot":"","sources":["../../../src/models/IVerifiableCredentialAuthenticationGeneratorConfig.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Configuration for the Verifiable Credential Authentication Generator.\n */\nexport interface IVerifiableCredentialAuthenticationGeneratorConfig {\n\t/**\n\t * The time-to-live (TTL) for token in seconds.\n\t * @default 60 (1 minute)\n\t */\n\ttokenTtlInSeconds?: number;\n\n\t/**\n\t * The context id to use as the base for the verification method e.g. node/organization.\n\t * @default node\n\t */\n\tcontextId?: string;\n\n\t/**\n\t * The id of the identity method to use when creating/verifying tokens.\n\t */\n\tverificationMethodId: string;\n}\n"]}

package/dist/es/models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IVerifiableCredentialAuthenticationGeneratorConstructorOptions.js.map

package/dist/es/models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IVerifiableCredentialAuthenticationGeneratorConstructorOptions.js","sourceRoot":"","sources":["../../../src/models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IVerifiableCredentialAuthenticationGeneratorConfig } from \"./IVerifiableCredentialAuthenticationGeneratorConfig.js\";\n\n/**\n * Options for the verifiable credential authentication generator constructor.\n */\nexport interface IVerifiableCredentialAuthenticationGeneratorConstructorOptions {\n\t/**\n\t * The type of identity connector to use.\n\t * @default identity\n\t */\n\tidentityConnectorType?: string;\n\n\t/**\n\t * The type of logging component to use.\n\t * @default logging\n\t */\n\tloggingComponentType?: string;\n\n\t/**\n\t * The configuration for the verifiable credential authentication generator.\n\t */\n\tconfig: IVerifiableCredentialAuthenticationGeneratorConfig;\n}\n"]}

package/dist/es/models/IVerifiableCredentialAuthenticationProcessorConfig.js

@@ -0,0 +1,4 @@
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IVerifiableCredentialAuthenticationProcessorConfig.js.map

package/dist/es/models/IVerifiableCredentialAuthenticationProcessorConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IVerifiableCredentialAuthenticationProcessorConfig.js","sourceRoot":"","sources":["../../../src/models/IVerifiableCredentialAuthenticationProcessorConfig.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Configuration for the Verifiable Credential Authentication Processor.\n */\nexport interface IVerifiableCredentialAuthenticationProcessorConfig {\n\t/**\n\t * The time-to-live (TTL) for token in seconds.\n\t * @default 60 (1 minute)\n\t */\n\ttokenTtlInSeconds?: number;\n}\n"]}

package/dist/es/models/IVerifiableCredentialAuthenticationProcessorConstructorOptions.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IVerifiableCredentialAuthenticationProcessorConstructorOptions.js.map

package/dist/es/models/IVerifiableCredentialAuthenticationProcessorConstructorOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IVerifiableCredentialAuthenticationProcessorConstructorOptions.js","sourceRoot":"","sources":["../../../src/models/IVerifiableCredentialAuthenticationProcessorConstructorOptions.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IVerifiableCredentialAuthenticationProcessorConfig } from \"./IVerifiableCredentialAuthenticationProcessorConfig.js\";\n\n/**\n * Options for the verifiable credential authentication processor constructor.\n */\nexport interface IVerifiableCredentialAuthenticationProcessorConstructorOptions {\n\t/**\n\t * The type of identity connector to use.\n\t * @default identity\n\t */\n\tidentityConnectorType?: string;\n\n\t/**\n\t * The type of logging component to use.\n\t * @default logging\n\t */\n\tloggingComponentType?: string;\n\n\t/**\n\t * The configuration for the verifiable credential authentication processor.\n\t */\n\tconfig?: IVerifiableCredentialAuthenticationProcessorConfig;\n}\n"]}

package/dist/es/models/identityAuthenticationContexts.js

@@ -0,0 +1,13 @@
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+/**
+ * The LD Contexts concerning Identity Authentication.
+ */
+// eslint-disable-next-line @typescript-eslint/naming-convention
+export const IdentityAuthenticationContexts = {
+    /**
+     * The Identity Authentication LD Context.
+     */
+    ContextRoot: "https://schema.twindev.org/identity-authentication"
+};
+//# sourceMappingURL=identityAuthenticationContexts.js.map

package/dist/es/models/identityAuthenticationContexts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identityAuthenticationContexts.js","sourceRoot":"","sources":["../../../src/models/identityAuthenticationContexts.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AAEvC;;GAEG;AACH,gEAAgE;AAChE,MAAM,CAAC,MAAM,8BAA8B,GAAG;IAC7C;;OAEG;IACH,WAAW,EAAE,oDAAoD;CACxD,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * The LD Contexts concerning Identity Authentication.\n */\n// eslint-disable-next-line @typescript-eslint/naming-convention\nexport const IdentityAuthenticationContexts = {\n\t/**\n\t * The Identity Authentication LD Context.\n\t */\n\tContextRoot: \"https://schema.twindev.org/identity-authentication\"\n} as const;\n\n/**\n * The LD Contexts concerning Identity Authentication.\n */\nexport type IdentityAuthenticationContexts =\n\t(typeof IdentityAuthenticationContexts)[keyof typeof IdentityAuthenticationContexts];\n"]}

package/dist/es/models/identityAuthenticationTypes.js

@@ -0,0 +1,13 @@
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+/**
+ * The types of Identity Authentication data.
+ */
+// eslint-disable-next-line @typescript-eslint/naming-convention
+export const IdentityAuthenticationTypes = {
+    /**
+     * Represents action request.
+     */
+    ActionRequest: "ActionRequest"
+};
+//# sourceMappingURL=identityAuthenticationTypes.js.map

package/dist/es/models/identityAuthenticationTypes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identityAuthenticationTypes.js","sourceRoot":"","sources":["../../../src/models/identityAuthenticationTypes.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AAEvC;;GAEG;AACH,gEAAgE;AAChE,MAAM,CAAC,MAAM,2BAA2B,GAAG;IAC1C;;OAEG;IACH,aAAa,EAAE,eAAe;CACrB,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * The types of Identity Authentication data.\n */\n// eslint-disable-next-line @typescript-eslint/naming-convention\nexport const IdentityAuthenticationTypes = {\n\t/**\n\t * Represents action request.\n\t */\n\tActionRequest: \"ActionRequest\"\n} as const;\n\n/**\n * The types of Identity Authentication data.\n */\nexport type IdentityAuthenticationTypes =\n\t(typeof IdentityAuthenticationTypes)[keyof typeof IdentityAuthenticationTypes];\n"]}

package/dist/es/verifiableCredentialAuthenticationGenerator.js

@@ -0,0 +1,67 @@
+import { ContextIdHelper, ContextIdStore } from "@twin.org/context";
+import { Guards } from "@twin.org/core";
+import { DocumentHelper, IdentityConnectorFactory } from "@twin.org/identity-models";
+import { HeaderHelper, HeaderTypes } from "@twin.org/web";
+/**
+ * Class performing verifiable credential authentication generation.
+ */
+export class VerifiableCredentialAuthenticationGenerator {
+    /**
+     * Runtime name for the class.
+     */
+    static CLASS_NAME = "VerifiableCredentialAuthenticationGenerator";
+    /**
+     * Connector for identity operations.
+     * @internal
+     */
+    _identityConnector;
+    /**
+     * The verification method ID for the connector to use.
+     * @internal
+     */
+    _verificationMethodId;
+    /**
+     * The time-to-live (TTL) for token in seconds.
+     * @internal
+     */
+    _tokenTtlInSeconds;
+    /**
+     * Create a new instance of VerifiableCredentialAuthenticationGenerator.
+     * @param options The options for the service.
+     */
+    constructor(options) {
+        Guards.object(VerifiableCredentialAuthenticationGenerator.CLASS_NAME, "options", options);
+        Guards.object(VerifiableCredentialAuthenticationGenerator.CLASS_NAME, "options.config", options.config);
+        Guards.stringValue(VerifiableCredentialAuthenticationGenerator.CLASS_NAME, "options.config.verificationMethodId", options.config.verificationMethodId);
+        this._identityConnector = IdentityConnectorFactory.get(options?.identityConnectorType ?? "identity");
+        this._verificationMethodId = options.config.verificationMethodId;
+        this._tokenTtlInSeconds = options.config.tokenTtlInSeconds ?? 60;
+    }
+    /**
+     * Returns the class name of the component.
+     * @returns The class name of the component.
+     */
+    className() {
+        return VerifiableCredentialAuthenticationGenerator.CLASS_NAME;
+    }
+    /**
+     * Adds authentication information to the request headers.
+     * @param requestHeaders The request headers to add authentication information to.
+     * @param authData Optional authentication data passed from the request.
+     * @param authData.contextId The context ID for the authentication.
+     * @param authData.subject The subject for the authentication.
+     * @returns A promise that resolves when the authentication information has been added.
+     */
+    async addAuthentication(requestHeaders, authData) {
+        Guards.object(VerifiableCredentialAuthenticationGenerator.CLASS_NAME, "requestHeaders", requestHeaders);
+        const contextIds = await ContextIdStore.getContextIds();
+        ContextIdHelper.guard(contextIds, authData.contextId);
+        const contextId = contextIds[authData.contextId];
+        const ttlMs = this._tokenTtlInSeconds * 1000;
+        const credential = await this._identityConnector.createVerifiableCredential(contextId, DocumentHelper.joinId(contextId, this._verificationMethodId), undefined, authData.subject ?? {}, {
+            expirationDate: new Date(Date.now() + ttlMs)
+        });
+        requestHeaders[HeaderTypes.Authorization] = HeaderHelper.createBearer(credential.jwt);
+    }
+}
+//# sourceMappingURL=verifiableCredentialAuthenticationGenerator.js.map

package/dist/es/verifiableCredentialAuthenticationGenerator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifiableCredentialAuthenticationGenerator.js","sourceRoot":"","sources":["../../src/verifiableCredentialAuthenticationGenerator.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,OAAO,EACN,cAAc,EACd,wBAAwB,EAExB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAqB,MAAM,eAAe,CAAC;AAI7E;;GAEG;AACH,MAAM,OAAO,2CAA2C;IACvD;;OAEG;IACI,MAAM,CAAU,UAAU,iDAAiE;IAElG;;;OAGG;IACc,kBAAkB,CAAqB;IAExD;;;OAGG;IACc,qBAAqB,CAAS;IAE/C;;;OAGG;IACc,kBAAkB,CAAS;IAE5C;;;OAGG;IACH,YAAY,OAAuE;QAClF,MAAM,CAAC,MAAM,CACZ,2CAA2C,CAAC,UAAU,aAEtD,OAAO,CACP,CAAC;QACF,MAAM,CAAC,MAAM,CACZ,2CAA2C,CAAC,UAAU,oBAEtD,OAAO,CAAC,MAAM,CACd,CAAC;QACF,MAAM,CAAC,WAAW,CACjB,2CAA2C,CAAC,UAAU,yCAEtD,OAAO,CAAC,MAAM,CAAC,oBAAoB,CACnC,CAAC;QAEF,IAAI,CAAC,kBAAkB,GAAG,wBAAwB,CAAC,GAAG,CACrD,OAAO,EAAE,qBAAqB,IAAI,UAAU,CAC5C,CAAC;QAEF,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACjE,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,IAAI,EAAE,CAAC;IAClE,CAAC;IAED;;;OAGG;IACI,SAAS;QACf,OAAO,2CAA2C,CAAC,UAAU,CAAC;IAC/D,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,iBAAiB,CAC7B,cAA4B,EAC5B,QAGC;QAED,MAAM,CAAC,MAAM,CACZ,2CAA2C,CAAC,UAAU,oBAEtD,cAAc,CACd,CAAC;QAEF,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,aAAa,EAAE,CAAC;QACxD,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAEjD,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;QAE7C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAC1E,SAAS,EACT,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,qBAAqB,CAAC,EAC5D,SAAS,EACT,QAAQ,CAAC,OAAO,IAAI,EAAE,EACtB;YACC,cAAc,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;SAC5C,CACD,CAAC;QAEF,cAAc,CAAC,WAAW,CAAC,aAAa,CAAC,GAAG,YAAY,CAAC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACvF,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationGenerator } from \"@twin.org/api-models\";\nimport { ContextIdHelper, ContextIdStore } from \"@twin.org/context\";\nimport { Guards } from \"@twin.org/core\";\nimport type { IJsonLdNodeObject } from \"@twin.org/data-json-ld\";\nimport {\n\tDocumentHelper,\n\tIdentityConnectorFactory,\n\ttype IIdentityConnector\n} from \"@twin.org/identity-models\";\nimport { nameof } from \"@twin.org/nameof\";\nimport { HeaderHelper, HeaderTypes, type IHttpHeaders } from \"@twin.org/web\";\nimport type { IVerifiableCredentialAuthenticationGeneratorConfig } from \"./models/IVerifiableCredentialAuthenticationGeneratorConfig.js\";\nimport type { IVerifiableCredentialAuthenticationGeneratorConstructorOptions } from \"./models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions.js\";\n\n/**\n * Class performing verifiable credential authentication generation.\n */\nexport class VerifiableCredentialAuthenticationGenerator implements IAuthenticationGenerator {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<VerifiableCredentialAuthenticationGenerator>();\n\n\t/**\n\t * Connector for identity operations.\n\t * @internal\n\t */\n\tprivate readonly _identityConnector: IIdentityConnector;\n\n\t/**\n\t * The verification method ID for the connector to use.\n\t * @internal\n\t */\n\tprivate readonly _verificationMethodId: string;\n\n\t/**\n\t * The time-to-live (TTL) for token in seconds.\n\t * @internal\n\t */\n\tprivate readonly _tokenTtlInSeconds: number;\n\n\t/**\n\t * Create a new instance of VerifiableCredentialAuthenticationGenerator.\n\t * @param options The options for the service.\n\t */\n\tconstructor(options: IVerifiableCredentialAuthenticationGeneratorConstructorOptions) {\n\t\tGuards.object<IVerifiableCredentialAuthenticationGeneratorConstructorOptions>(\n\t\t\tVerifiableCredentialAuthenticationGenerator.CLASS_NAME,\n\t\t\tnameof(options),\n\t\t\toptions\n\t\t);\n\t\tGuards.object<IVerifiableCredentialAuthenticationGeneratorConfig>(\n\t\t\tVerifiableCredentialAuthenticationGenerator.CLASS_NAME,\n\t\t\tnameof(options.config),\n\t\t\toptions.config\n\t\t);\n\t\tGuards.stringValue(\n\t\t\tVerifiableCredentialAuthenticationGenerator.CLASS_NAME,\n\t\t\tnameof(options.config.verificationMethodId),\n\t\t\toptions.config.verificationMethodId\n\t\t);\n\n\t\tthis._identityConnector = IdentityConnectorFactory.get(\n\t\t\toptions?.identityConnectorType ?? \"identity\"\n\t\t);\n\n\t\tthis._verificationMethodId = options.config.verificationMethodId;\n\t\tthis._tokenTtlInSeconds = options.config.tokenTtlInSeconds ?? 60;\n\t}\n\n\t/**\n\t * Returns the class name of the component.\n\t * @returns The class name of the component.\n\t */\n\tpublic className(): string {\n\t\treturn VerifiableCredentialAuthenticationGenerator.CLASS_NAME;\n\t}\n\n\t/**\n\t * Adds authentication information to the request headers.\n\t * @param requestHeaders The request headers to add authentication information to.\n\t * @param authData Optional authentication data passed from the request.\n\t * @param authData.contextId The context ID for the authentication.\n\t * @param authData.subject The subject for the authentication.\n\t * @returns A promise that resolves when the authentication information has been added.\n\t */\n\tpublic async addAuthentication(\n\t\trequestHeaders: IHttpHeaders,\n\t\tauthData: {\n\t\t\tcontextId: string;\n\t\t\tsubject?: IJsonLdNodeObject;\n\t\t}\n\t): Promise<void> {\n\t\tGuards.object<IHttpHeaders>(\n\t\t\tVerifiableCredentialAuthenticationGenerator.CLASS_NAME,\n\t\t\tnameof(requestHeaders),\n\t\t\trequestHeaders\n\t\t);\n\n\t\tconst contextIds = await ContextIdStore.getContextIds();\n\t\tContextIdHelper.guard(contextIds, authData.contextId);\n\t\tconst contextId = contextIds[authData.contextId];\n\n\t\tconst ttlMs = this._tokenTtlInSeconds * 1000;\n\n\t\tconst credential = await this._identityConnector.createVerifiableCredential(\n\t\t\tcontextId,\n\t\t\tDocumentHelper.joinId(contextId, this._verificationMethodId),\n\t\t\tundefined,\n\t\t\tauthData.subject ?? {},\n\t\t\t{\n\t\t\t\texpirationDate: new Date(Date.now() + ttlMs)\n\t\t\t}\n\t\t);\n\n\t\trequestHeaders[HeaderTypes.Authorization] = HeaderHelper.createBearer(credential.jwt);\n\t}\n}\n"]}

package/dist/es/verifiableCredentialAuthenticationProcessor.js

@@ -0,0 +1,109 @@
+import { ContextIdKeys } from "@twin.org/context";
+import { GeneralError, Is } from "@twin.org/core";
+import { IdentityConnectorFactory } from "@twin.org/identity-models";
+import { VerifiableCredentialHelper } from "@twin.org/standards-w3c-did";
+import { HeaderHelper, HeaderTypes } from "@twin.org/web";
+/**
+ * Handle a JWT token in the authorization header and verify the credential.
+ */
+export class VerifiableCredentialAuthenticationProcessor {
+    /**
+     * Runtime name for the class.
+     */
+    static CLASS_NAME = "VerifiableCredentialAuthenticationProcessor";
+    /**
+     * Connector for identity operations.
+     * @internal
+     */
+    _identityConnector;
+    /**
+     * The time-to-live (TTL) for token in seconds.
+     * @internal
+     */
+    _tokenTtlInSeconds;
+    /**
+     * Create a new instance of AuthCookiePreProcessor.
+     * @param options Options for the processor.
+     */
+    constructor(options) {
+        this._identityConnector = IdentityConnectorFactory.get(options?.identityConnectorType ?? "identity");
+        this._tokenTtlInSeconds = options?.config?.tokenTtlInSeconds ?? 60;
+    }
+    /**
+     * Returns the class name of the component.
+     * @returns The class name of the component.
+     */
+    className() {
+        return VerifiableCredentialAuthenticationProcessor.CLASS_NAME;
+    }
+    /**
+     * Features supported by this processor.
+     * If a route has any of these features listed, this processor will be run for that route.
+     * If this is not implemented, the processor will run for all routes.
+     * @returns The features supported by this processor.
+     */
+    features() {
+        return ["verifiableCredential"];
+    }
+    /**
+     * Pre process the REST request for the specified route.
+     * @param request The incoming request.
+     * @param response The outgoing response.
+     * @param route The route to process.
+     * @param contextIds The context IDs of the request.
+     * @param processorState The state handed through the processors.
+     * @returns Nothing
+     */
+    async pre(request, response, route, contextIds, processorState) {
+        try {
+            // Only process if the route has the verifiableCredential feature
+            if (Is.arrayValue(route?.processorFeatures) &&
+                route?.processorFeatures.includes("verifiableCredential")) {
+                const token = HeaderHelper.extractBearer(request.headers?.[HeaderTypes.Authorization]);
+                const result = await this._identityConnector.checkVerifiableCredential(token);
+                const verifiableCredential = result.verifiableCredential;
+                if (Is.empty(verifiableCredential)) {
+                    throw new GeneralError(VerifiableCredentialAuthenticationProcessor.CLASS_NAME, "tokenNoCredential");
+                }
+                const issuer = Is.stringValue(verifiableCredential.issuer)
+                    ? verifiableCredential.issuer
+                    : undefined;
+                if (Is.empty(issuer)) {
+                    throw new GeneralError(VerifiableCredentialAuthenticationProcessor.CLASS_NAME, "tokenNoIssuer");
+                }
+                const issuanceDate = VerifiableCredentialHelper.getValidFrom(verifiableCredential);
+                if (Is.empty(issuanceDate)) {
+                    throw new GeneralError(VerifiableCredentialAuthenticationProcessor.CLASS_NAME, "tokenMissingIssuanceDate", {
+                        issuer
+                    });
+                }
+                const tokenCreated = new Date(issuanceDate);
+                const now = Date.now();
+                const tokenTtlInMs = this._tokenTtlInSeconds * 1000;
+                // If the token has expired then we should reject it
+                if (tokenCreated.getTime() + tokenTtlInMs < now) {
+                    throw new GeneralError(VerifiableCredentialAuthenticationProcessor.CLASS_NAME, "tokenExpired", {
+                        issuer
+                    });
+                }
+                const subject = verifiableCredential.credentialSubject;
+                if (Is.empty(subject)) {
+                    throw new GeneralError(VerifiableCredentialAuthenticationProcessor.CLASS_NAME, "tokenMissingSubject", {
+                        issuer
+                    });
+                }
+                let contextId = ContextIdKeys.Organization;
+                if (Is.object(processorState?.verifiableCredential)) {
+                    contextId = processorState.verifiableCredential.contextId ?? contextId;
+                }
+                contextIds[contextId] = issuer;
+                processorState.verifiableCredentialJsonLd = verifiableCredential;
+                processorState.verifiableCredentialSubject = subject;
+            }
+        }
+        catch (err) {
+            throw new GeneralError(VerifiableCredentialAuthenticationProcessor.CLASS_NAME, "tokenFailed", undefined, err);
+        }
+    }
+}
+//# sourceMappingURL=verifiableCredentialAuthenticationProcessor.js.map

package/dist/es/verifiableCredentialAuthenticationProcessor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifiableCredentialAuthenticationProcessor.js","sourceRoot":"","sources":["../../src/verifiableCredentialAuthenticationProcessor.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,aAAa,EAAoB,MAAM,mBAAmB,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,wBAAwB,EAA2B,MAAM,2BAA2B,CAAC;AAE9F,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG1D;;GAEG;AACH,MAAM,OAAO,2CAA2C;IACvD;;OAEG;IACI,MAAM,CAAU,UAAU,iDAAiE;IAElG;;;OAGG;IACc,kBAAkB,CAAqB;IAExD;;;OAGG;IACc,kBAAkB,CAAS;IAE5C;;;OAGG;IACH,YAAY,OAAwE;QACnF,IAAI,CAAC,kBAAkB,GAAG,wBAAwB,CAAC,GAAG,CACrD,OAAO,EAAE,qBAAqB,IAAI,UAAU,CAC5C,CAAC;QACF,IAAI,CAAC,kBAAkB,GAAG,OAAO,EAAE,MAAM,EAAE,iBAAiB,IAAI,EAAE,CAAC;IACpE,CAAC;IAED;;;OAGG;IACI,SAAS;QACf,OAAO,2CAA2C,CAAC,UAAU,CAAC;IAC/D,CAAC;IAED;;;;;OAKG;IACI,QAAQ;QACd,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,GAAG,CACf,OAA2B,EAC3B,QAAuB,EACvB,KAA6B,EAC7B,UAAuB,EACvB,cAAyC;QAEzC,IAAI,CAAC;YACJ,iEAAiE;YACjE,IACC,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,iBAAiB,CAAC;gBACvC,KAAK,EAAE,iBAAiB,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EACxD,CAAC;gBACF,MAAM,KAAK,GAAG,YAAY,CAAC,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC;gBAEvF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC;gBAE9E,MAAM,oBAAoB,GAAG,MAAM,CAAC,oBAAoB,CAAC;gBACzD,IAAI,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,YAAY,CACrB,2CAA2C,CAAC,UAAU,EACtD,mBAAmB,CACnB,CAAC;gBACH,CAAC;gBAED,MAAM,MAAM,GAAuB,EAAE,CAAC,WAAW,CAAC,oBAAoB,CAAC,MAAM,CAAC;oBAC7E,CAAC,CAAC,oBAAoB,CAAC,MAAM;oBAC7B,CAAC,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBACtB,MAAM,IAAI,YAAY,CACrB,2CAA2C,CAAC,UAAU,EACtD,eAAe,CACf,CAAC;gBACH,CAAC;gBAED,MAAM,YAAY,GAAG,0BAA0B,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC;gBAEnF,IAAI,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC5B,MAAM,IAAI,YAAY,CACrB,2CAA2C,CAAC,UAAU,EACtD,0BAA0B,EAC1B;wBACC,MAAM;qBACN,CACD,CAAC;gBACH,CAAC;gBAED,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC;gBAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACvB,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;gBAEpD,oDAAoD;gBACpD,IAAI,YAAY,CAAC,OAAO,EAAE,GAAG,YAAY,GAAG,GAAG,EAAE,CAAC;oBACjD,MAAM,IAAI,YAAY,CACrB,2CAA2C,CAAC,UAAU,EACtD,cAAc,EACd;wBACC,MAAM;qBACN,CACD,CAAC;gBACH,CAAC;gBAED,MAAM,OAAO,GAAG,oBAAoB,CAAC,iBAAiB,CAAC;gBACvD,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;oBACvB,MAAM,IAAI,YAAY,CACrB,2CAA2C,CAAC,UAAU,EACtD,qBAAqB,EACrB;wBACC,MAAM;qBACN,CACD,CAAC;gBACH,CAAC;gBAED,IAAI,SAAS,GAAW,aAAa,CAAC,YAAY,CAAC;gBACnD,IAAI,EAAE,CAAC,MAAM,CAAyB,cAAc,EAAE,oBAAoB,CAAC,EAAE,CAAC;oBAC7E,SAAS,GAAG,cAAc,CAAC,oBAAoB,CAAC,SAAS,IAAI,SAAS,CAAC;gBACxE,CAAC;gBAED,UAAU,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC;gBAC/B,cAAc,CAAC,0BAA0B,GAAG,oBAAoB,CAAC;gBACjE,cAAc,CAAC,2BAA2B,GAAG,OAAO,CAAC;YACtD,CAAC;QACF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,YAAY,CACrB,2CAA2C,CAAC,UAAU,EACtD,aAAa,EACb,SAAS,EACT,GAAG,CACH,CAAC;QACH,CAAC;IACF,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type {\n\tIBaseRoute,\n\tIBaseRouteProcessor,\n\tIHttpResponse,\n\tIHttpServerRequest\n} from \"@twin.org/api-models\";\nimport { ContextIdKeys, type IContextIds } from \"@twin.org/context\";\nimport { GeneralError, Is } from \"@twin.org/core\";\nimport { IdentityConnectorFactory, type IIdentityConnector } from \"@twin.org/identity-models\";\nimport { nameof } from \"@twin.org/nameof\";\nimport { VerifiableCredentialHelper } from \"@twin.org/standards-w3c-did\";\nimport { HeaderHelper, HeaderTypes } from \"@twin.org/web\";\nimport type { IVerifiableCredentialAuthenticationProcessorConstructorOptions } from \"./models/IVerifiableCredentialAuthenticationProcessorConstructorOptions.js\";\n\n/**\n * Handle a JWT token in the authorization header and verify the credential.\n */\nexport class VerifiableCredentialAuthenticationProcessor implements IBaseRouteProcessor {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<VerifiableCredentialAuthenticationProcessor>();\n\n\t/**\n\t * Connector for identity operations.\n\t * @internal\n\t */\n\tprivate readonly _identityConnector: IIdentityConnector;\n\n\t/**\n\t * The time-to-live (TTL) for token in seconds.\n\t * @internal\n\t */\n\tprivate readonly _tokenTtlInSeconds: number;\n\n\t/**\n\t * Create a new instance of AuthCookiePreProcessor.\n\t * @param options Options for the processor.\n\t */\n\tconstructor(options?: IVerifiableCredentialAuthenticationProcessorConstructorOptions) {\n\t\tthis._identityConnector = IdentityConnectorFactory.get(\n\t\t\toptions?.identityConnectorType ?? \"identity\"\n\t\t);\n\t\tthis._tokenTtlInSeconds = options?.config?.tokenTtlInSeconds ?? 60;\n\t}\n\n\t/**\n\t * Returns the class name of the component.\n\t * @returns The class name of the component.\n\t */\n\tpublic className(): string {\n\t\treturn VerifiableCredentialAuthenticationProcessor.CLASS_NAME;\n\t}\n\n\t/**\n\t * Features supported by this processor.\n\t * If a route has any of these features listed, this processor will be run for that route.\n\t * If this is not implemented, the processor will run for all routes.\n\t * @returns The features supported by this processor.\n\t */\n\tpublic features(): string[] {\n\t\treturn [\"verifiableCredential\"];\n\t}\n\n\t/**\n\t * Pre process the REST request for the specified route.\n\t * @param request The incoming request.\n\t * @param response The outgoing response.\n\t * @param route The route to process.\n\t * @param contextIds The context IDs of the request.\n\t * @param processorState The state handed through the processors.\n\t * @returns Nothing\n\t */\n\tpublic async pre(\n\t\trequest: IHttpServerRequest,\n\t\tresponse: IHttpResponse,\n\t\troute: IBaseRoute | undefined,\n\t\tcontextIds: IContextIds,\n\t\tprocessorState: { [id: string]: unknown }\n\t): Promise<void> {\n\t\ttry {\n\t\t\t// Only process if the route has the verifiableCredential feature\n\t\t\tif (\n\t\t\t\tIs.arrayValue(route?.processorFeatures) &&\n\t\t\t\troute?.processorFeatures.includes(\"verifiableCredential\")\n\t\t\t) {\n\t\t\t\tconst token = HeaderHelper.extractBearer(request.headers?.[HeaderTypes.Authorization]);\n\n\t\t\t\tconst result = await this._identityConnector.checkVerifiableCredential(token);\n\n\t\t\t\tconst verifiableCredential = result.verifiableCredential;\n\t\t\t\tif (Is.empty(verifiableCredential)) {\n\t\t\t\t\tthrow new GeneralError(\n\t\t\t\t\t\tVerifiableCredentialAuthenticationProcessor.CLASS_NAME,\n\t\t\t\t\t\t\"tokenNoCredential\"\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst issuer: string | undefined = Is.stringValue(verifiableCredential.issuer)\n\t\t\t\t\t? verifiableCredential.issuer\n\t\t\t\t\t: undefined;\n\t\t\t\tif (Is.empty(issuer)) {\n\t\t\t\t\tthrow new GeneralError(\n\t\t\t\t\t\tVerifiableCredentialAuthenticationProcessor.CLASS_NAME,\n\t\t\t\t\t\t\"tokenNoIssuer\"\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst issuanceDate = VerifiableCredentialHelper.getValidFrom(verifiableCredential);\n\n\t\t\t\tif (Is.empty(issuanceDate)) {\n\t\t\t\t\tthrow new GeneralError(\n\t\t\t\t\t\tVerifiableCredentialAuthenticationProcessor.CLASS_NAME,\n\t\t\t\t\t\t\"tokenMissingIssuanceDate\",\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tissuer\n\t\t\t\t\t\t}\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst tokenCreated = new Date(issuanceDate);\n\t\t\t\tconst now = Date.now();\n\t\t\t\tconst tokenTtlInMs = this._tokenTtlInSeconds * 1000;\n\n\t\t\t\t// If the token has expired then we should reject it\n\t\t\t\tif (tokenCreated.getTime() + tokenTtlInMs < now) {\n\t\t\t\t\tthrow new GeneralError(\n\t\t\t\t\t\tVerifiableCredentialAuthenticationProcessor.CLASS_NAME,\n\t\t\t\t\t\t\"tokenExpired\",\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tissuer\n\t\t\t\t\t\t}\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst subject = verifiableCredential.credentialSubject;\n\t\t\t\tif (Is.empty(subject)) {\n\t\t\t\t\tthrow new GeneralError(\n\t\t\t\t\t\tVerifiableCredentialAuthenticationProcessor.CLASS_NAME,\n\t\t\t\t\t\t\"tokenMissingSubject\",\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tissuer\n\t\t\t\t\t\t}\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tlet contextId: string = ContextIdKeys.Organization;\n\t\t\t\tif (Is.object<{ contextId?: string }>(processorState?.verifiableCredential)) {\n\t\t\t\t\tcontextId = processorState.verifiableCredential.contextId ?? contextId;\n\t\t\t\t}\n\n\t\t\t\tcontextIds[contextId] = issuer;\n\t\t\t\tprocessorState.verifiableCredentialJsonLd = verifiableCredential;\n\t\t\t\tprocessorState.verifiableCredentialSubject = subject;\n\t\t\t}\n\t\t} catch (err) {\n\t\t\tthrow new GeneralError(\n\t\t\t\tVerifiableCredentialAuthenticationProcessor.CLASS_NAME,\n\t\t\t\t\"tokenFailed\",\n\t\t\t\tundefined,\n\t\t\t\terr\n\t\t\t);\n\t\t}\n\t}\n}\n"]}

package/dist/types/index.d.ts

@@ -1,9 +1,9 @@
-export * from "./models/identityAuthenticationContexts";
-export * from "./models/identityAuthenticationTypes";
-export * from "./models/IIdentityAuthenticationActionRequest";
-export * from "./models/IVerifiableCredentialAuthenticationGeneratorConfig";
-export * from "./models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions";
-export * from "./models/IVerifiableCredentialAuthenticationProcessorConfig";
-export * from "./models/IVerifiableCredentialAuthenticationProcessorConstructorOptions";
-export * from "./verifiableCredentialAuthenticationGenerator";
-export * from "./verifiableCredentialAuthenticationProcessor";
+export * from "./models/identityAuthenticationContexts.js";
+export * from "./models/identityAuthenticationTypes.js";
+export * from "./models/IIdentityAuthenticationActionRequest.js";
+export * from "./models/IVerifiableCredentialAuthenticationGeneratorConfig.js";
+export * from "./models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions.js";
+export * from "./models/IVerifiableCredentialAuthenticationProcessorConfig.js";
+export * from "./models/IVerifiableCredentialAuthenticationProcessorConstructorOptions.js";
+export * from "./verifiableCredentialAuthenticationGenerator.js";
+export * from "./verifiableCredentialAuthenticationProcessor.js";

package/dist/types/models/IIdentityAuthenticationActionRequest.d.ts

@@ -1,5 +1,5 @@
-import type { IdentityAuthenticationContexts } from "./identityAuthenticationContexts";
-import type { IdentityAuthenticationTypes } from "./identityAuthenticationTypes";
+import type { IdentityAuthenticationContexts } from "./identityAuthenticationContexts.js";
+import type { IdentityAuthenticationTypes } from "./identityAuthenticationTypes.js";
 /**
  * The JSON-LD definition for a action request.
  */

package/dist/types/models/IVerifiableCredentialAuthenticationGeneratorConfig.d.ts

@@ -7,6 +7,11 @@ export interface IVerifiableCredentialAuthenticationGeneratorConfig {
      * @default 60 (1 minute)
      */
     tokenTtlInSeconds?: number;
+    /**
+     * The context id to use as the base for the verification method e.g. node/organization.
+     * @default node
+     */
+    contextId?: string;
     /**
      * The id of the identity method to use when creating/verifying tokens.
      */

package/dist/types/models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions.d.ts

@@ -1,4 +1,4 @@
-import type { IVerifiableCredentialAuthenticationGeneratorConfig } from "./IVerifiableCredentialAuthenticationGeneratorConfig";
+import type { IVerifiableCredentialAuthenticationGeneratorConfig } from "./IVerifiableCredentialAuthenticationGeneratorConfig.js";
 /**
  * Options for the verifiable credential authentication generator constructor.
  */

package/dist/types/models/IVerifiableCredentialAuthenticationProcessorConstructorOptions.d.ts

@@ -1,4 +1,4 @@
-import type { IVerifiableCredentialAuthenticationProcessorConfig } from "./IVerifiableCredentialAuthenticationProcessorConfig";
+import type { IVerifiableCredentialAuthenticationProcessorConfig } from "./IVerifiableCredentialAuthenticationProcessorConfig.js";
 /**
  * Options for the verifiable credential authentication processor constructor.
  */

package/dist/types/verifiableCredentialAuthenticationGenerator.d.ts

@@ -1,7 +1,7 @@
 import type { IAuthenticationGenerator } from "@twin.org/api-models";
 import type { IJsonLdNodeObject } from "@twin.org/data-json-ld";
 import { type IHttpHeaders } from "@twin.org/web";
-import type { IVerifiableCredentialAuthenticationGeneratorConstructorOptions } from "./models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions";
+import type { IVerifiableCredentialAuthenticationGeneratorConstructorOptions } from "./models/IVerifiableCredentialAuthenticationGeneratorConstructorOptions.js";
 /**
  * Class performing verifiable credential authentication generation.
  */
@@ -9,24 +9,27 @@ export declare class VerifiableCredentialAuthenticationGenerator implements IAut
     /**
      * Runtime name for the class.
      */
-    readonly CLASS_NAME: string;
+    static readonly CLASS_NAME: string;
     /**
      * Create a new instance of VerifiableCredentialAuthenticationGenerator.
      * @param options The options for the service.
      */
     constructor(options: IVerifiableCredentialAuthenticationGeneratorConstructorOptions);
     /**
-     * The component needs to be started when the node is initialized.
-     * @param nodeIdentity The identity of the node starting the component.
-     * @param nodeLoggingComponentType The node logging component type.
-     * @returns Nothing.
+     * Returns the class name of the component.
+     * @returns The class name of the component.
      */
-    start(nodeIdentity: string, nodeLoggingComponentType: string | undefined): Promise<void>;
+    className(): string;
     /**
      * Adds authentication information to the request headers.
      * @param requestHeaders The request headers to add authentication information to.
      * @param authData Optional authentication data passed from the request.
+     * @param authData.contextId The context ID for the authentication.
+     * @param authData.subject The subject for the authentication.
      * @returns A promise that resolves when the authentication information has been added.
      */
-    addAuthentication(requestHeaders: IHttpHeaders, authData: IJsonLdNodeObject): Promise<void>;
+    addAuthentication(requestHeaders: IHttpHeaders, authData: {
+        contextId: string;
+        subject?: IJsonLdNodeObject;
+    }): Promise<void>;
 }

package/dist/types/verifiableCredentialAuthenticationProcessor.d.ts

@@ -1,5 +1,6 @@
-import type { IBaseRoute, IBaseRouteProcessor, IHttpRequestIdentity, IHttpResponse, IHttpServerRequest } from "@twin.org/api-models";
-import type { IVerifiableCredentialAuthenticationProcessorConstructorOptions } from "./models/IVerifiableCredentialAuthenticationProcessorConstructorOptions";
+import type { IBaseRoute, IBaseRouteProcessor, IHttpResponse, IHttpServerRequest } from "@twin.org/api-models";
+import { type IContextIds } from "@twin.org/context";
+import type { IVerifiableCredentialAuthenticationProcessorConstructorOptions } from "./models/IVerifiableCredentialAuthenticationProcessorConstructorOptions.js";
 /**
  * Handle a JWT token in the authorization header and verify the credential.
  */
@@ -7,12 +8,17 @@ export declare class VerifiableCredentialAuthenticationProcessor implements IBas
     /**
      * Runtime name for the class.
      */
-    readonly CLASS_NAME: string;
+    static readonly CLASS_NAME: string;
     /**
      * Create a new instance of AuthCookiePreProcessor.
      * @param options Options for the processor.
      */
     constructor(options?: IVerifiableCredentialAuthenticationProcessorConstructorOptions);
+    /**
+     * Returns the class name of the component.
+     * @returns The class name of the component.
+     */
+    className(): string;
     /**
      * Features supported by this processor.
      * If a route has any of these features listed, this processor will be run for that route.
@@ -25,11 +31,11 @@ export declare class VerifiableCredentialAuthenticationProcessor implements IBas
      * @param request The incoming request.
      * @param response The outgoing response.
      * @param route The route to process.
-     * @param requestIdentity The identity context for the request.
+     * @param contextIds The context IDs of the request.
      * @param processorState The state handed through the processors.
      * @returns Nothing
      */
-    pre(request: IHttpServerRequest, response: IHttpResponse, route: IBaseRoute | undefined, requestIdentity: IHttpRequestIdentity, processorState: {
+    pre(request: IHttpServerRequest, response: IHttpResponse, route: IBaseRoute | undefined, contextIds: IContextIds, processorState: {
         [id: string]: unknown;
     }): Promise<void>;
 }

package/docs/changelog.md

@@ -1,5 +1,56 @@
 # Changelog
 
+## [0.0.3-next.1](https://github.com/twinfoundation/identity/compare/identity-authentication-v0.0.3-next.0...identity-authentication-v0.0.3-next.1) (2025-11-11)
+
+
+### Features
+
+* add context id features ([#62](https://github.com/twinfoundation/identity/issues/62)) ([e02ecca](https://github.com/twinfoundation/identity/commit/e02ecca9c45a849104bfbf7bc18a1f44e6eea8a1))
+* add identity authentication module ([33fb5cc](https://github.com/twinfoundation/identity/commit/33fb5cc409ff11aba273b13c8d83724b0b0daa53))
+* add validate-locales ([04d74b4](https://github.com/twinfoundation/identity/commit/04d74b4d1ebe42672e8ca75a7bdb8e3556afd0be))
+* additional fields for IIdentityAuthenticationActionRequest ([5d7d688](https://github.com/twinfoundation/identity/commit/5d7d688f370978cd7287ce0e98dd8da82800b7ea))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/identity-models bumped from 0.0.3-next.0 to 0.0.3-next.1
+  * devDependencies
+    * @twin.org/identity-connector-entity-storage bumped from 0.0.3-next.0 to 0.0.3-next.1
+
+## [0.0.2-next.10](https://github.com/twinfoundation/identity/compare/identity-authentication-v0.0.2-next.9...identity-authentication-v0.0.2-next.10) (2025-10-27)
+
+
+### Miscellaneous Chores
+
+* **identity-authentication:** Synchronize repo versions
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/identity-models bumped from 0.0.2-next.9 to 0.0.2-next.10
+  * devDependencies
+    * @twin.org/identity-connector-entity-storage bumped from 0.0.2-next.9 to 0.0.2-next.10
+
+## [0.0.2-next.9](https://github.com/twinfoundation/identity/compare/identity-authentication-v0.0.2-next.8...identity-authentication-v0.0.2-next.9) (2025-10-09)
+
+
+### Features
+
+* add validate-locales ([04d74b4](https://github.com/twinfoundation/identity/commit/04d74b4d1ebe42672e8ca75a7bdb8e3556afd0be))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/identity-models bumped from 0.0.2-next.8 to 0.0.2-next.9
+  * devDependencies
+    * @twin.org/identity-connector-entity-storage bumped from 0.0.2-next.8 to 0.0.2-next.9
+
 ## [0.0.2-next.8](https://github.com/twinfoundation/identity/compare/identity-authentication-v0.0.2-next.7...identity-authentication-v0.0.2-next.8) (2025-09-25)
 
 

package/docs/reference/classes/VerifiableCredentialAuthenticationGenerator.md

@@ -30,45 +30,27 @@ The options for the service.
 
 ### CLASS\_NAME
 
-> `readonly` **CLASS\_NAME**: `string`
+> `readonly` `static` **CLASS\_NAME**: `string`
 
 Runtime name for the class.
 
-#### Implementation of
-
-`IAuthenticationGenerator.CLASS_NAME`
-
 ## Methods
 
-### start()
-
-> **start**(`nodeIdentity`, `nodeLoggingComponentType`): `Promise`\<`void`\>
-
-The component needs to be started when the node is initialized.
-
-#### Parameters
-
-##### nodeIdentity
-
-`string`
-
-The identity of the node starting the component.
+### className()
 
-##### nodeLoggingComponentType
+> **className**(): `string`
 
-The node logging component type.
-
-`undefined` | `string`
+Returns the class name of the component.
 
 #### Returns
 
-`Promise`\<`void`\>
+`string`
 
-Nothing.
+The class name of the component.
 
 #### Implementation of
 
-`IAuthenticationGenerator.start`
+`IAuthenticationGenerator.className`
 
 ***
 
@@ -88,9 +70,19 @@ The request headers to add authentication information to.
 
 ##### authData
 
+Optional authentication data passed from the request.
+
+###### contextId
+
+`string`
+
+The context ID for the authentication.
+
+###### subject?
+
 `IJsonLdNodeObject`
 
-Optional authentication data passed from the request.
+The subject for the authentication.
 
 #### Returns
 

package/docs/reference/classes/VerifiableCredentialAuthenticationProcessor.md

@@ -30,15 +30,29 @@ Options for the processor.
 
 ### CLASS\_NAME
 
-> `readonly` **CLASS\_NAME**: `string`
+> `readonly` `static` **CLASS\_NAME**: `string`
 
 Runtime name for the class.
 
+## Methods
+
+### className()
+
+> **className**(): `string`
+
+Returns the class name of the component.
+
+#### Returns
+
+`string`
+
+The class name of the component.
+
 #### Implementation of
 
-`IBaseRouteProcessor.CLASS_NAME`
+`IBaseRouteProcessor.className`
 
-## Methods
+***
 
 ### features()
 
@@ -62,7 +76,7 @@ The features supported by this processor.
 
 ### pre()
 
-> **pre**(`request`, `response`, `route`, `requestIdentity`, `processorState`): `Promise`\<`void`\>
+> **pre**(`request`, `response`, `route`, `contextIds`, `processorState`): `Promise`\<`void`\>
 
 Pre process the REST request for the specified route.
 
@@ -84,13 +98,13 @@ The outgoing response.
 
 The route to process.
 
-`undefined` | `IBaseRoute`
+`IBaseRoute` | `undefined`
 
-##### requestIdentity
+##### contextIds
 
-`IHttpRequestIdentity`
+`IContextIds`
 
-The identity context for the request.
+The context IDs of the request.
 
 ##### processorState
 

package/docs/reference/interfaces/IVerifiableCredentialAuthenticationGeneratorConfig.md

@@ -18,6 +18,20 @@ The time-to-live (TTL) for token in seconds.
 
 ***
 
+### contextId?
+
+> `optional` **contextId**: `string`
+
+The context id to use as the base for the verification method e.g. node/organization.
+
+#### Default
+
+```ts
+node
+```
+
+***
+
 ### verificationMethodId
 
 > **verificationMethodId**: `string`

package/locales/en.json

@@ -1,8 +1,5 @@
 {
 	"error": {
-		"verifiableCredentialAuthenticationGenerator": {
-			"missingNodeIdentity": "The authenticator can not generate a token without a node identity"
-		},
 		"verifiableCredentialAuthenticationProcessor": {
 			"tokenFailed": "Failed to verify token",
 			"tokenNoCredential": "The token does not contain a verifiable credential",

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/identity-authentication",
-	"version": "0.0.2-next.8",
+	"version": "0.0.3-next.1",
 	"description": "Authentication components implemented using identity",
 	"repository": {
 		"type": "git",
@@ -15,29 +15,43 @@
 	},
 	"dependencies": {
 		"@twin.org/api-models": "next",
+		"@twin.org/context": "next",
 		"@twin.org/core": "next",
 		"@twin.org/crypto": "next",
 		"@twin.org/data-json-ld": "next",
-		"@twin.org/identity-models": "0.0.2-next.8",
+		"@twin.org/identity-models": "0.0.3-next.1",
 		"@twin.org/standards-w3c-did": "next",
 		"@twin.org/web": "next"
 	},
-	"main": "./dist/cjs/index.cjs",
-	"module": "./dist/esm/index.mjs",
+	"main": "./dist/es/index.js",
 	"types": "./dist/types/index.d.ts",
 	"exports": {
 		".": {
 			"types": "./dist/types/index.d.ts",
-			"require": "./dist/cjs/index.cjs",
-			"import": "./dist/esm/index.mjs"
+			"import": "./dist/es/index.js",
+			"default": "./dist/es/index.js"
 		},
 		"./locales/*.json": "./locales/*.json"
 	},
 	"files": [
-		"dist/cjs",
-		"dist/esm",
+		"dist/es",
 		"dist/types",
 		"locales",
 		"docs"
-	]
+	],
+	"keywords": [
+		"twin",
+		"trade",
+		"iota",
+		"framework",
+		"blockchain",
+		"identity",
+		"did",
+		"credentials",
+		"authentication"
+	],
+	"bugs": {
+		"url": "git+https://github.com/twinfoundation/identity/issues"
+	},
+	"homepage": "https://twindev.org"
 }

package/dist/cjs/index.cjs

@@ -1,198 +0,0 @@
-'use strict';
-
-var core = require('@twin.org/core');
-var identityModels = require('@twin.org/identity-models');
-var web = require('@twin.org/web');
-var standardsW3cDid = require('@twin.org/standards-w3c-did');
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * The LD Contexts concerning Identity Authentication.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const IdentityAuthenticationContexts = {
-    /**
-     * The Identity Authentication LD Context.
-     */
-    ContextRoot: "https://schema.twindev.org/identity-authentication"
-};
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * The types of Identity Authentication data.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const IdentityAuthenticationTypes = {
-    /**
-     * Represents action request.
-     */
-    ActionRequest: "ActionRequest"
-};
-
-/**
- * Class performing verifiable credential authentication generation.
- */
-class VerifiableCredentialAuthenticationGenerator {
-    /**
-     * Runtime name for the class.
-     */
-    CLASS_NAME = "VerifiableCredentialAuthenticationGenerator";
-    /**
-     * Connector for identity operations.
-     * @internal
-     */
-    _identityConnector;
-    /**
-     * The verification method ID for the connector to use.
-     * @internal
-     */
-    _verificationMethodId;
-    /**
-     * The time-to-live (TTL) for token in seconds.
-     * @internal
-     */
-    _tokenTtlInSeconds;
-    /**
-     * The node identity.
-     * @internal
-     */
-    _nodeIdentity;
-    /**
-     * Create a new instance of VerifiableCredentialAuthenticationGenerator.
-     * @param options The options for the service.
-     */
-    constructor(options) {
-        core.Guards.object(this.CLASS_NAME, "options", options);
-        core.Guards.object(this.CLASS_NAME, "options.config", options.config);
-        core.Guards.stringValue(this.CLASS_NAME, "options.config.verificationMethodId", options.config.verificationMethodId);
-        this._identityConnector = identityModels.IdentityConnectorFactory.get(options?.identityConnectorType ?? "identity");
-        this._verificationMethodId = options.config.verificationMethodId;
-        this._tokenTtlInSeconds = options.config.tokenTtlInSeconds ?? 60;
-    }
-    /**
-     * The component needs to be started when the node is initialized.
-     * @param nodeIdentity The identity of the node starting the component.
-     * @param nodeLoggingComponentType The node logging component type.
-     * @returns Nothing.
-     */
-    async start(nodeIdentity, nodeLoggingComponentType) {
-        this._nodeIdentity = nodeIdentity;
-    }
-    /**
-     * Adds authentication information to the request headers.
-     * @param requestHeaders The request headers to add authentication information to.
-     * @param authData Optional authentication data passed from the request.
-     * @returns A promise that resolves when the authentication information has been added.
-     */
-    async addAuthentication(requestHeaders, authData) {
-        core.Guards.object(this.CLASS_NAME, "requestHeaders", requestHeaders);
-        if (!this._nodeIdentity) {
-            throw new core.GeneralError(this.CLASS_NAME, "missingNodeIdentity");
-        }
-        const ttlMs = this._tokenTtlInSeconds * 1000;
-        const credential = await this._identityConnector.createVerifiableCredential(this._nodeIdentity, identityModels.DocumentHelper.joinId(this._nodeIdentity, this._verificationMethodId), undefined, authData, {
-            expirationDate: new Date(Date.now() + ttlMs)
-        });
-        requestHeaders[web.HeaderTypes.Authorization] = web.HeaderHelper.createBearer(credential.jwt);
-    }
-}
-
-/**
- * Handle a JWT token in the authorization header and verify the credential.
- */
-class VerifiableCredentialAuthenticationProcessor {
-    /**
-     * Runtime name for the class.
-     */
-    CLASS_NAME = "VerifiableCredentialAuthenticationProcessor";
-    /**
-     * Connector for identity operations.
-     * @internal
-     */
-    _identityConnector;
-    /**
-     * The time-to-live (TTL) for token in seconds.
-     * @internal
-     */
-    _tokenTtlInSeconds;
-    /**
-     * Create a new instance of AuthCookiePreProcessor.
-     * @param options Options for the processor.
-     */
-    constructor(options) {
-        this._identityConnector = identityModels.IdentityConnectorFactory.get(options?.identityConnectorType ?? "identity");
-        this._tokenTtlInSeconds = options?.config?.tokenTtlInSeconds ?? 60;
-    }
-    /**
-     * Features supported by this processor.
-     * If a route has any of these features listed, this processor will be run for that route.
-     * If this is not implemented, the processor will run for all routes.
-     * @returns The features supported by this processor.
-     */
-    features() {
-        return ["verifiableCredential"];
-    }
-    /**
-     * Pre process the REST request for the specified route.
-     * @param request The incoming request.
-     * @param response The outgoing response.
-     * @param route The route to process.
-     * @param requestIdentity The identity context for the request.
-     * @param processorState The state handed through the processors.
-     * @returns Nothing
-     */
-    async pre(request, response, route, requestIdentity, processorState) {
-        try {
-            // Only process if the route has the verifiableCredential feature
-            if (core.Is.arrayValue(route?.processorFeatures) &&
-                route?.processorFeatures.includes("verifiableCredential")) {
-                const token = web.HeaderHelper.extractBearer(request.headers?.[web.HeaderTypes.Authorization]);
-                const result = await this._identityConnector.checkVerifiableCredential(token);
-                const verifiableCredential = result.verifiableCredential;
-                if (core.Is.empty(verifiableCredential)) {
-                    throw new core.GeneralError(this.CLASS_NAME, "tokenNoCredential");
-                }
-                const issuer = core.Is.stringValue(verifiableCredential.issuer)
-                    ? verifiableCredential.issuer
-                    : undefined;
-                if (core.Is.empty(issuer)) {
-                    throw new core.GeneralError(this.CLASS_NAME, "tokenNoIssuer");
-                }
-                const issuanceDate = standardsW3cDid.VerifiableCredentialHelper.getValidFrom(verifiableCredential);
-                if (core.Is.empty(issuanceDate)) {
-                    throw new core.GeneralError(this.CLASS_NAME, "tokenMissingIssuanceDate", {
-                        issuer
-                    });
-                }
-                const tokenCreated = new Date(issuanceDate);
-                const now = Date.now();
-                const tokenTtlInMs = this._tokenTtlInSeconds * 1000;
-                // If the token has expired then we should reject it
-                if (tokenCreated.getTime() + tokenTtlInMs < now) {
-                    throw new core.GeneralError(this.CLASS_NAME, "tokenExpired", {
-                        issuer
-                    });
-                }
-                const subject = verifiableCredential.credentialSubject;
-                if (core.Is.empty(subject)) {
-                    throw new core.GeneralError(this.CLASS_NAME, "tokenMissingSubject", {
-                        issuer
-                    });
-                }
-                processorState.verifiableCredentialIssuer = issuer;
-                processorState.verifiableCredential = verifiableCredential;
-                processorState.verifiableCredentialSubject = subject;
-            }
-        }
-        catch (err) {
-            throw new core.GeneralError(this.CLASS_NAME, "tokenFailed", undefined, err);
-        }
-    }
-}
-
-exports.IdentityAuthenticationContexts = IdentityAuthenticationContexts;
-exports.IdentityAuthenticationTypes = IdentityAuthenticationTypes;
-exports.VerifiableCredentialAuthenticationGenerator = VerifiableCredentialAuthenticationGenerator;
-exports.VerifiableCredentialAuthenticationProcessor = VerifiableCredentialAuthenticationProcessor;

package/dist/esm/index.mjs

@@ -1,193 +0,0 @@
-import { Guards, GeneralError, Is } from '@twin.org/core';
-import { IdentityConnectorFactory, DocumentHelper } from '@twin.org/identity-models';
-import { HeaderHelper, HeaderTypes } from '@twin.org/web';
-import { VerifiableCredentialHelper } from '@twin.org/standards-w3c-did';
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * The LD Contexts concerning Identity Authentication.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const IdentityAuthenticationContexts = {
-    /**
-     * The Identity Authentication LD Context.
-     */
-    ContextRoot: "https://schema.twindev.org/identity-authentication"
-};
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * The types of Identity Authentication data.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const IdentityAuthenticationTypes = {
-    /**
-     * Represents action request.
-     */
-    ActionRequest: "ActionRequest"
-};
-
-/**
- * Class performing verifiable credential authentication generation.
- */
-class VerifiableCredentialAuthenticationGenerator {
-    /**
-     * Runtime name for the class.
-     */
-    CLASS_NAME = "VerifiableCredentialAuthenticationGenerator";
-    /**
-     * Connector for identity operations.
-     * @internal
-     */
-    _identityConnector;
-    /**
-     * The verification method ID for the connector to use.
-     * @internal
-     */
-    _verificationMethodId;
-    /**
-     * The time-to-live (TTL) for token in seconds.
-     * @internal
-     */
-    _tokenTtlInSeconds;
-    /**
-     * The node identity.
-     * @internal
-     */
-    _nodeIdentity;
-    /**
-     * Create a new instance of VerifiableCredentialAuthenticationGenerator.
-     * @param options The options for the service.
-     */
-    constructor(options) {
-        Guards.object(this.CLASS_NAME, "options", options);
-        Guards.object(this.CLASS_NAME, "options.config", options.config);
-        Guards.stringValue(this.CLASS_NAME, "options.config.verificationMethodId", options.config.verificationMethodId);
-        this._identityConnector = IdentityConnectorFactory.get(options?.identityConnectorType ?? "identity");
-        this._verificationMethodId = options.config.verificationMethodId;
-        this._tokenTtlInSeconds = options.config.tokenTtlInSeconds ?? 60;
-    }
-    /**
-     * The component needs to be started when the node is initialized.
-     * @param nodeIdentity The identity of the node starting the component.
-     * @param nodeLoggingComponentType The node logging component type.
-     * @returns Nothing.
-     */
-    async start(nodeIdentity, nodeLoggingComponentType) {
-        this._nodeIdentity = nodeIdentity;
-    }
-    /**
-     * Adds authentication information to the request headers.
-     * @param requestHeaders The request headers to add authentication information to.
-     * @param authData Optional authentication data passed from the request.
-     * @returns A promise that resolves when the authentication information has been added.
-     */
-    async addAuthentication(requestHeaders, authData) {
-        Guards.object(this.CLASS_NAME, "requestHeaders", requestHeaders);
-        if (!this._nodeIdentity) {
-            throw new GeneralError(this.CLASS_NAME, "missingNodeIdentity");
-        }
-        const ttlMs = this._tokenTtlInSeconds * 1000;
-        const credential = await this._identityConnector.createVerifiableCredential(this._nodeIdentity, DocumentHelper.joinId(this._nodeIdentity, this._verificationMethodId), undefined, authData, {
-            expirationDate: new Date(Date.now() + ttlMs)
-        });
-        requestHeaders[HeaderTypes.Authorization] = HeaderHelper.createBearer(credential.jwt);
-    }
-}
-
-/**
- * Handle a JWT token in the authorization header and verify the credential.
- */
-class VerifiableCredentialAuthenticationProcessor {
-    /**
-     * Runtime name for the class.
-     */
-    CLASS_NAME = "VerifiableCredentialAuthenticationProcessor";
-    /**
-     * Connector for identity operations.
-     * @internal
-     */
-    _identityConnector;
-    /**
-     * The time-to-live (TTL) for token in seconds.
-     * @internal
-     */
-    _tokenTtlInSeconds;
-    /**
-     * Create a new instance of AuthCookiePreProcessor.
-     * @param options Options for the processor.
-     */
-    constructor(options) {
-        this._identityConnector = IdentityConnectorFactory.get(options?.identityConnectorType ?? "identity");
-        this._tokenTtlInSeconds = options?.config?.tokenTtlInSeconds ?? 60;
-    }
-    /**
-     * Features supported by this processor.
-     * If a route has any of these features listed, this processor will be run for that route.
-     * If this is not implemented, the processor will run for all routes.
-     * @returns The features supported by this processor.
-     */
-    features() {
-        return ["verifiableCredential"];
-    }
-    /**
-     * Pre process the REST request for the specified route.
-     * @param request The incoming request.
-     * @param response The outgoing response.
-     * @param route The route to process.
-     * @param requestIdentity The identity context for the request.
-     * @param processorState The state handed through the processors.
-     * @returns Nothing
-     */
-    async pre(request, response, route, requestIdentity, processorState) {
-        try {
-            // Only process if the route has the verifiableCredential feature
-            if (Is.arrayValue(route?.processorFeatures) &&
-                route?.processorFeatures.includes("verifiableCredential")) {
-                const token = HeaderHelper.extractBearer(request.headers?.[HeaderTypes.Authorization]);
-                const result = await this._identityConnector.checkVerifiableCredential(token);
-                const verifiableCredential = result.verifiableCredential;
-                if (Is.empty(verifiableCredential)) {
-                    throw new GeneralError(this.CLASS_NAME, "tokenNoCredential");
-                }
-                const issuer = Is.stringValue(verifiableCredential.issuer)
-                    ? verifiableCredential.issuer
-                    : undefined;
-                if (Is.empty(issuer)) {
-                    throw new GeneralError(this.CLASS_NAME, "tokenNoIssuer");
-                }
-                const issuanceDate = VerifiableCredentialHelper.getValidFrom(verifiableCredential);
-                if (Is.empty(issuanceDate)) {
-                    throw new GeneralError(this.CLASS_NAME, "tokenMissingIssuanceDate", {
-                        issuer
-                    });
-                }
-                const tokenCreated = new Date(issuanceDate);
-                const now = Date.now();
-                const tokenTtlInMs = this._tokenTtlInSeconds * 1000;
-                // If the token has expired then we should reject it
-                if (tokenCreated.getTime() + tokenTtlInMs < now) {
-                    throw new GeneralError(this.CLASS_NAME, "tokenExpired", {
-                        issuer
-                    });
-                }
-                const subject = verifiableCredential.credentialSubject;
-                if (Is.empty(subject)) {
-                    throw new GeneralError(this.CLASS_NAME, "tokenMissingSubject", {
-                        issuer
-                    });
-                }
-                processorState.verifiableCredentialIssuer = issuer;
-                processorState.verifiableCredential = verifiableCredential;
-                processorState.verifiableCredentialSubject = subject;
-            }
-        }
-        catch (err) {
-            throw new GeneralError(this.CLASS_NAME, "tokenFailed", undefined, err);
-        }
-    }
-}
-
-export { IdentityAuthenticationContexts, IdentityAuthenticationTypes, VerifiableCredentialAuthenticationGenerator, VerifiableCredentialAuthenticationProcessor };