@twin.org/trust-generators 0.0.3-next.20 → 0.0.3-next.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -32,37 +32,33 @@ export class JwtVerifiableCredentialGenerator {
32
32
  */
33
33
  _tokenTtlInSeconds;
34
34
  /**
35
- * Create a new instance of JwtVerifiableCredentialGenerator.
36
- * @param options The options for the service.
35
+ * Creates a new instance of JwtVerifiableCredentialGenerator.
36
+ * @param options The options for the generator.
37
37
  */
38
38
  constructor(options) {
39
- this._loggingComponent = ComponentFactory.getIfExists(options?.loggingComponentType ?? "logging");
39
+ this._loggingComponent = ComponentFactory.getIfExists(options?.loggingComponentType);
40
40
  this._identityComponent = ComponentFactory.get(options?.identityComponentType ?? "identity");
41
41
  this._verificationMethodId = options.config.verificationMethodId;
42
42
  this._tokenTtlInSeconds = options.config.tokenTtlInSeconds;
43
43
  }
44
44
  /**
45
45
  * Returns the class name of the component.
46
- * @returns The class name of the component.
46
+ * @returns The runtime class name string
47
47
  */
48
48
  className() {
49
49
  return JwtVerifiableCredentialGenerator.CLASS_NAME;
50
50
  }
51
51
  /**
52
- * Generate a trust payload.
53
- * @param identity The identity for which to generate the payload.
52
+ * Generates a JWT Verifiable Credential for the given organization identity.
53
+ * @param organizationId The identity for which to generate the credential.
54
54
  * @param info Information to use in the generation.
55
- * @param info.subject The subject of the verifiable credential (JSON-LD).
56
- * @param tenantIdHash Optional tenant identifier, should be an opaque hashed version. Embedded directly in the JWT as the tid claim.
57
- * @param organizationId Optional organization identifier. Embedded directly in
58
- * the JWT payload as the `org` claim.
55
+ * @param info.subject The subject of the verifiable credential as a JSON-LD node object; defaults to `{ id: organizationId }` when omitted.
59
56
  * @param options Per-call generation options.
60
- * @param options.tokenTtlInSeconds TTL override in seconds for this token only. Takes precedence over the
61
- * config-level `tokenTtlInSeconds` when provided.
62
- * @returns The generated JWT.
57
+ * @param options.tokenTtlInSeconds TTL override in seconds for this token only; takes precedence over the config-level value when provided.
58
+ * @returns A promise that resolves to the signed JWT string.
63
59
  */
64
- async generate(identity, info, tenantIdHash, organizationId, options) {
65
- Guards.stringValue(JwtVerifiableCredentialGenerator.CLASS_NAME, "identity", identity);
60
+ async generate(organizationId, info, options) {
61
+ Guards.stringValue(JwtVerifiableCredentialGenerator.CLASS_NAME, "organizationId", organizationId);
66
62
  const ttlInSeconds = Is.integer(options?.tokenTtlInSeconds)
67
63
  ? options.tokenTtlInSeconds
68
64
  : this._tokenTtlInSeconds;
@@ -71,18 +67,12 @@ export class JwtVerifiableCredentialGenerator {
71
67
  const ttlMs = ttlInSeconds * 1000;
72
68
  expirationDate = new Date(Date.now() + ttlMs);
73
69
  }
74
- const jwtPayloadFields = {};
75
- if (Is.stringValue(tenantIdHash)) {
76
- jwtPayloadFields.tid = tenantIdHash;
77
- }
78
- if (Is.stringValue(organizationId)) {
79
- jwtPayloadFields.org = organizationId;
80
- }
81
- const issuer = DocumentHelper.joinId(identity, this._verificationMethodId);
82
- const credential = await this._identityComponent.verifiableCredentialCreate(issuer, undefined, info?.subject ?? { id: issuer }, {
83
- expirationDate,
84
- jwtPayloadFields
85
- }, identity);
70
+ const credential = await this._identityComponent.verifiableCredentialCreate(DocumentHelper.joinId(organizationId, this._verificationMethodId), undefined,
71
+ // Identity subject can not be empty object, so fall back to the organization id
72
+ // when the subject is missing or an empty object (e.g. an empty PIP output).
73
+ Is.objectValue(info?.subject) ? info.subject : { id: organizationId }, {
74
+ expirationDate
75
+ }, organizationId);
86
76
  return credential.jwt;
87
77
  }
88
78
  }
@@ -1 +1 @@
1
- {"version":3,"file":"jwtVerifiableCredentialGenerator.js","sourceRoot":"","sources":["../../../src/generators/jwtVerifiableCredentialGenerator.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,cAAc,EAA2B,MAAM,2BAA2B,CAAC;AAMpF;;GAEG;AACH,MAAM,OAAO,gCAAgC;IAC5C;;OAEG;IACI,MAAM,CAAU,UAAU,sCAAsD;IAEvF;;;OAGG;IACH,8EAA8E;IAC7D,iBAAiB,CAAqB;IAEvD;;;OAGG;IACc,kBAAkB,CAAqB;IAExD;;;OAGG;IACc,qBAAqB,CAAS;IAE/C;;;OAGG;IACc,kBAAkB,CAAU;IAE7C;;;OAGG;IACH,YAAY,OAA4D;QACvE,IAAI,CAAC,iBAAiB,GAAG,gBAAgB,CAAC,WAAW,CACpD,OAAO,EAAE,oBAAoB,IAAI,SAAS,CAC1C,CAAC;QAEF,IAAI,CAAC,kBAAkB,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,qBAAqB,IAAI,UAAU,CAAC,CAAC;QAE7F,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACjE,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC;IAC5D,CAAC;IAED;;;OAGG;IACI,SAAS;QACf,OAAO,gCAAgC,CAAC,UAAU,CAAC;IACpD,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,KAAK,CAAC,QAAQ,CACpB,QAAgB,EAChB,IAAsC,EACtC,YAAqB,EACrB,cAAuB,EACvB,OAAuC;QAEvC,MAAM,CAAC,WAAW,CAAC,gCAAgC,CAAC,UAAU,cAAoB,QAAQ,CAAC,CAAC;QAE5F,MAAM,YAAY,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,iBAAiB,CAAC;YAC1D,CAAC,CAAC,OAAO,CAAC,iBAAiB;YAC3B,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;QAE3B,IAAI,cAAc,CAAC;QAEnB,IAAI,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,YAAY,GAAG,IAAI,CAAC;YAClC,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,gBAAgB,GAA8B,EAAE,CAAC;QACvD,IAAI,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,gBAAgB,CAAC,GAAG,GAAG,YAAY,CAAC;QACrC,CAAC;QACD,IAAI,EAAE,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC;YACpC,gBAAgB,CAAC,GAAG,GAAG,cAAc,CAAC;QACvC,CAAC;QAED,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAE3E,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAC1E,MAAM,EACN,SAAS,EACT,IAAI,EAAE,OAAO,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,EAC/B;YACC,cAAc;YACd,gBAAgB;SAChB,EACD,QAAQ,CACR,CAAC;QAEF,OAAO,UAAU,CAAC,GAAG,CAAC;IACvB,CAAC","sourcesContent":["// Copyright 2025 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport { ComponentFactory, Guards, Is } from \"@twin.org/core\";\nimport type { IJsonLdNodeObject } from \"@twin.org/data-json-ld\";\nimport { DocumentHelper, type IIdentityComponent } from \"@twin.org/identity-models\";\nimport type { ILoggingComponent } from \"@twin.org/logging-models\";\nimport { nameof } from \"@twin.org/nameof\";\nimport type { ITrustGenerator } from \"@twin.org/trust-models\";\nimport type { IJwtVerifiableCredentialGeneratorConstructorOptions } from \"../models/IJwtVerifiableCredentialGeneratorConstructorOptions.js\";\n\n/**\n * Class to generate a JWT Verifiable Credential.\n */\nexport class JwtVerifiableCredentialGenerator implements ITrustGenerator {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<JwtVerifiableCredentialGenerator>();\n\n\t/**\n\t * The logging component.\n\t * @internal\n\t */\n\t// eslint-disable-next-line @typescript-eslint/no-unused-private-class-members\n\tprivate readonly _loggingComponent?: ILoggingComponent;\n\n\t/**\n\t * The identity component.\n\t * @internal\n\t */\n\tprivate readonly _identityComponent: IIdentityComponent;\n\n\t/**\n\t * The verification method ID for the connector to use.\n\t * @internal\n\t */\n\tprivate readonly _verificationMethodId: string;\n\n\t/**\n\t * The time-to-live (TTL) for token in seconds.\n\t * @internal\n\t */\n\tprivate readonly _tokenTtlInSeconds?: number;\n\n\t/**\n\t * Create a new instance of JwtVerifiableCredentialGenerator.\n\t * @param options The options for the service.\n\t */\n\tconstructor(options: IJwtVerifiableCredentialGeneratorConstructorOptions) {\n\t\tthis._loggingComponent = ComponentFactory.getIfExists(\n\t\t\toptions?.loggingComponentType ?? \"logging\"\n\t\t);\n\n\t\tthis._identityComponent = ComponentFactory.get(options?.identityComponentType ?? \"identity\");\n\n\t\tthis._verificationMethodId = options.config.verificationMethodId;\n\t\tthis._tokenTtlInSeconds = options.config.tokenTtlInSeconds;\n\t}\n\n\t/**\n\t * Returns the class name of the component.\n\t * @returns The class name of the component.\n\t */\n\tpublic className(): string {\n\t\treturn JwtVerifiableCredentialGenerator.CLASS_NAME;\n\t}\n\n\t/**\n\t * Generate a trust payload.\n\t * @param identity The identity for which to generate the payload.\n\t * @param info Information to use in the generation.\n\t * @param info.subject The subject of the verifiable credential (JSON-LD).\n\t * @param tenantIdHash Optional tenant identifier, should be an opaque hashed version. Embedded directly in the JWT as the tid claim.\n\t * @param organizationId Optional organization identifier. Embedded directly in\n\t * the JWT payload as the `org` claim.\n\t * @param options Per-call generation options.\n\t * @param options.tokenTtlInSeconds TTL override in seconds for this token only. Takes precedence over the\n\t * config-level `tokenTtlInSeconds` when provided.\n\t * @returns The generated JWT.\n\t */\n\tpublic async generate(\n\t\tidentity: string,\n\t\tinfo?: { subject?: IJsonLdNodeObject },\n\t\ttenantIdHash?: string,\n\t\torganizationId?: string,\n\t\toptions?: { tokenTtlInSeconds: number }\n\t): Promise<unknown> {\n\t\tGuards.stringValue(JwtVerifiableCredentialGenerator.CLASS_NAME, nameof(identity), identity);\n\n\t\tconst ttlInSeconds = Is.integer(options?.tokenTtlInSeconds)\n\t\t\t? options.tokenTtlInSeconds\n\t\t\t: this._tokenTtlInSeconds;\n\n\t\tlet expirationDate;\n\n\t\tif (Is.integer(ttlInSeconds)) {\n\t\t\tconst ttlMs = ttlInSeconds * 1000;\n\t\t\texpirationDate = new Date(Date.now() + ttlMs);\n\t\t}\n\n\t\tconst jwtPayloadFields: { [key: string]: string } = {};\n\t\tif (Is.stringValue(tenantIdHash)) {\n\t\t\tjwtPayloadFields.tid = tenantIdHash;\n\t\t}\n\t\tif (Is.stringValue(organizationId)) {\n\t\t\tjwtPayloadFields.org = organizationId;\n\t\t}\n\n\t\tconst issuer = DocumentHelper.joinId(identity, this._verificationMethodId);\n\n\t\tconst credential = await this._identityComponent.verifiableCredentialCreate(\n\t\t\tissuer,\n\t\t\tundefined,\n\t\t\tinfo?.subject ?? { id: issuer },\n\t\t\t{\n\t\t\t\texpirationDate,\n\t\t\t\tjwtPayloadFields\n\t\t\t},\n\t\t\tidentity\n\t\t);\n\n\t\treturn credential.jwt;\n\t}\n}\n"]}
1
+ {"version":3,"file":"jwtVerifiableCredentialGenerator.js","sourceRoot":"","sources":["../../../src/generators/jwtVerifiableCredentialGenerator.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,cAAc,EAA2B,MAAM,2BAA2B,CAAC;AAMpF;;GAEG;AACH,MAAM,OAAO,gCAAgC;IAC5C;;OAEG;IACI,MAAM,CAAU,UAAU,sCAAsD;IAEvF;;;OAGG;IACH,8EAA8E;IAC7D,iBAAiB,CAAqB;IAEvD;;;OAGG;IACc,kBAAkB,CAAqB;IAExD;;;OAGG;IACc,qBAAqB,CAAS;IAE/C;;;OAGG;IACc,kBAAkB,CAAU;IAE7C;;;OAGG;IACH,YAAY,OAA4D;QACvE,IAAI,CAAC,iBAAiB,GAAG,gBAAgB,CAAC,WAAW,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;QAErF,IAAI,CAAC,kBAAkB,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,qBAAqB,IAAI,UAAU,CAAC,CAAC;QAE7F,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACjE,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC;IAC5D,CAAC;IAED;;;OAGG;IACI,SAAS;QACf,OAAO,gCAAgC,CAAC,UAAU,CAAC;IACpD,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,QAAQ,CACpB,cAAsB,EACtB,IAAsC,EACtC,OAAuC;QAEvC,MAAM,CAAC,WAAW,CACjB,gCAAgC,CAAC,UAAU,oBAE3C,cAAc,CACd,CAAC;QAEF,MAAM,YAAY,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,iBAAiB,CAAC;YAC1D,CAAC,CAAC,OAAO,CAAC,iBAAiB;YAC3B,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;QAE3B,IAAI,cAAc,CAAC;QAEnB,IAAI,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,YAAY,GAAG,IAAI,CAAC;YAClC,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAC1E,cAAc,CAAC,MAAM,CAAC,cAAc,EAAE,IAAI,CAAC,qBAAqB,CAAC,EACjE,SAAS;QACT,gFAAgF;QAChF,6EAA6E;QAC7E,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,cAAc,EAAE,EACrE;YACC,cAAc;SACd,EACD,cAAc,CACd,CAAC;QAEF,OAAO,UAAU,CAAC,GAAG,CAAC;IACvB,CAAC","sourcesContent":["// Copyright 2025 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport { ComponentFactory, Guards, Is } from \"@twin.org/core\";\nimport type { IJsonLdNodeObject } from \"@twin.org/data-json-ld\";\nimport { DocumentHelper, type IIdentityComponent } from \"@twin.org/identity-models\";\nimport type { ILoggingComponent } from \"@twin.org/logging-models\";\nimport { nameof } from \"@twin.org/nameof\";\nimport type { ITrustGenerator } from \"@twin.org/trust-models\";\nimport type { IJwtVerifiableCredentialGeneratorConstructorOptions } from \"../models/IJwtVerifiableCredentialGeneratorConstructorOptions.js\";\n\n/**\n * Class to generate a JWT Verifiable Credential.\n */\nexport class JwtVerifiableCredentialGenerator implements ITrustGenerator {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<JwtVerifiableCredentialGenerator>();\n\n\t/**\n\t * The logging component.\n\t * @internal\n\t */\n\t// eslint-disable-next-line @typescript-eslint/no-unused-private-class-members\n\tprivate readonly _loggingComponent?: ILoggingComponent;\n\n\t/**\n\t * The identity component.\n\t * @internal\n\t */\n\tprivate readonly _identityComponent: IIdentityComponent;\n\n\t/**\n\t * The verification method ID for the connector to use.\n\t * @internal\n\t */\n\tprivate readonly _verificationMethodId: string;\n\n\t/**\n\t * The time-to-live (TTL) for token in seconds.\n\t * @internal\n\t */\n\tprivate readonly _tokenTtlInSeconds?: number;\n\n\t/**\n\t * Creates a new instance of JwtVerifiableCredentialGenerator.\n\t * @param options The options for the generator.\n\t */\n\tconstructor(options: IJwtVerifiableCredentialGeneratorConstructorOptions) {\n\t\tthis._loggingComponent = ComponentFactory.getIfExists(options?.loggingComponentType);\n\n\t\tthis._identityComponent = ComponentFactory.get(options?.identityComponentType ?? \"identity\");\n\n\t\tthis._verificationMethodId = options.config.verificationMethodId;\n\t\tthis._tokenTtlInSeconds = options.config.tokenTtlInSeconds;\n\t}\n\n\t/**\n\t * Returns the class name of the component.\n\t * @returns The runtime class name string\n\t */\n\tpublic className(): string {\n\t\treturn JwtVerifiableCredentialGenerator.CLASS_NAME;\n\t}\n\n\t/**\n\t * Generates a JWT Verifiable Credential for the given organization identity.\n\t * @param organizationId The identity for which to generate the credential.\n\t * @param info Information to use in the generation.\n\t * @param info.subject The subject of the verifiable credential as a JSON-LD node object; defaults to `{ id: organizationId }` when omitted.\n\t * @param options Per-call generation options.\n\t * @param options.tokenTtlInSeconds TTL override in seconds for this token only; takes precedence over the config-level value when provided.\n\t * @returns A promise that resolves to the signed JWT string.\n\t */\n\tpublic async generate(\n\t\torganizationId: string,\n\t\tinfo?: { subject?: IJsonLdNodeObject },\n\t\toptions?: { tokenTtlInSeconds: number }\n\t): Promise<unknown> {\n\t\tGuards.stringValue(\n\t\t\tJwtVerifiableCredentialGenerator.CLASS_NAME,\n\t\t\tnameof(organizationId),\n\t\t\torganizationId\n\t\t);\n\n\t\tconst ttlInSeconds = Is.integer(options?.tokenTtlInSeconds)\n\t\t\t? options.tokenTtlInSeconds\n\t\t\t: this._tokenTtlInSeconds;\n\n\t\tlet expirationDate;\n\n\t\tif (Is.integer(ttlInSeconds)) {\n\t\t\tconst ttlMs = ttlInSeconds * 1000;\n\t\t\texpirationDate = new Date(Date.now() + ttlMs);\n\t\t}\n\n\t\tconst credential = await this._identityComponent.verifiableCredentialCreate(\n\t\t\tDocumentHelper.joinId(organizationId, this._verificationMethodId),\n\t\t\tundefined,\n\t\t\t// Identity subject can not be empty object, so fall back to the organization id\n\t\t\t// when the subject is missing or an empty object (e.g. an empty PIP output).\n\t\t\tIs.objectValue(info?.subject) ? info.subject : { id: organizationId },\n\t\t\t{\n\t\t\t\texpirationDate\n\t\t\t},\n\t\t\torganizationId\n\t\t);\n\n\t\treturn credential.jwt;\n\t}\n}\n"]}
@@ -1 +1 @@
1
- {"version":3,"file":"IJwtVerifiableCredentialGeneratorConstructorOptions.js","sourceRoot":"","sources":["../../../src/models/IJwtVerifiableCredentialGeneratorConstructorOptions.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2025 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\nimport type { IJwtVerifiableCredentialGeneratorConfig } from \"./IJwtVerifiableCredentialGeneratorConfig.js\";\n\n/**\n * The options for the JWT Verifiable Credential Generator.\n */\nexport interface IJwtVerifiableCredentialGeneratorConstructorOptions {\n\t/**\n\t * The logging component type.\n\t * @default logging\n\t */\n\tloggingComponentType?: string;\n\n\t/**\n\t * The identity component type.\n\t * @default identity\n\t */\n\tidentityComponentType?: string;\n\n\t/**\n\t * The configuration for the generator.\n\t */\n\tconfig: IJwtVerifiableCredentialGeneratorConfig;\n}\n"]}
1
+ {"version":3,"file":"IJwtVerifiableCredentialGeneratorConstructorOptions.js","sourceRoot":"","sources":["../../../src/models/IJwtVerifiableCredentialGeneratorConstructorOptions.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2025 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\nimport type { IJwtVerifiableCredentialGeneratorConfig } from \"./IJwtVerifiableCredentialGeneratorConfig.js\";\n\n/**\n * The options for the JWT Verifiable Credential Generator.\n */\nexport interface IJwtVerifiableCredentialGeneratorConstructorOptions {\n\t/**\n\t * The logging component type.\n\t */\n\tloggingComponentType?: string;\n\n\t/**\n\t * The identity component type.\n\t * @default identity\n\t */\n\tidentityComponentType?: string;\n\n\t/**\n\t * The configuration for the generator.\n\t */\n\tconfig: IJwtVerifiableCredentialGeneratorConfig;\n}\n"]}
@@ -10,31 +10,27 @@ export declare class JwtVerifiableCredentialGenerator implements ITrustGenerator
10
10
  */
11
11
  static readonly CLASS_NAME: string;
12
12
  /**
13
- * Create a new instance of JwtVerifiableCredentialGenerator.
14
- * @param options The options for the service.
13
+ * Creates a new instance of JwtVerifiableCredentialGenerator.
14
+ * @param options The options for the generator.
15
15
  */
16
16
  constructor(options: IJwtVerifiableCredentialGeneratorConstructorOptions);
17
17
  /**
18
18
  * Returns the class name of the component.
19
- * @returns The class name of the component.
19
+ * @returns The runtime class name string
20
20
  */
21
21
  className(): string;
22
22
  /**
23
- * Generate a trust payload.
24
- * @param identity The identity for which to generate the payload.
23
+ * Generates a JWT Verifiable Credential for the given organization identity.
24
+ * @param organizationId The identity for which to generate the credential.
25
25
  * @param info Information to use in the generation.
26
- * @param info.subject The subject of the verifiable credential (JSON-LD).
27
- * @param tenantIdHash Optional tenant identifier, should be an opaque hashed version. Embedded directly in the JWT as the tid claim.
28
- * @param organizationId Optional organization identifier. Embedded directly in
29
- * the JWT payload as the `org` claim.
26
+ * @param info.subject The subject of the verifiable credential as a JSON-LD node object; defaults to `{ id: organizationId }` when omitted.
30
27
  * @param options Per-call generation options.
31
- * @param options.tokenTtlInSeconds TTL override in seconds for this token only. Takes precedence over the
32
- * config-level `tokenTtlInSeconds` when provided.
33
- * @returns The generated JWT.
28
+ * @param options.tokenTtlInSeconds TTL override in seconds for this token only; takes precedence over the config-level value when provided.
29
+ * @returns A promise that resolves to the signed JWT string.
34
30
  */
35
- generate(identity: string, info?: {
31
+ generate(organizationId: string, info?: {
36
32
  subject?: IJsonLdNodeObject;
37
- }, tenantIdHash?: string, organizationId?: string, options?: {
33
+ }, options?: {
38
34
  tokenTtlInSeconds: number;
39
35
  }): Promise<unknown>;
40
36
  }
@@ -5,7 +5,6 @@ import type { IJwtVerifiableCredentialGeneratorConfig } from "./IJwtVerifiableCr
5
5
  export interface IJwtVerifiableCredentialGeneratorConstructorOptions {
6
6
  /**
7
7
  * The logging component type.
8
- * @default logging
9
8
  */
10
9
  loggingComponentType?: string;
11
10
  /**
package/docs/changelog.md CHANGED
@@ -1,5 +1,63 @@
1
1
  # Changelog
2
2
 
3
+ ## [0.0.3-next.24](https://github.com/iotaledger/twin-trust/compare/trust-generators-v0.0.3-next.23...trust-generators-v0.0.3-next.24) (2026-06-18)
4
+
5
+
6
+ ### Bug Fixes
7
+
8
+ * fall back to organization id when policy subject is empty ([#44](https://github.com/iotaledger/twin-trust/issues/44)) ([ee5e31c](https://github.com/iotaledger/twin-trust/commit/ee5e31c32c3ad465c9ffb9fa0c4cdfbaf3295e54))
9
+
10
+
11
+ ### Dependencies
12
+
13
+ * The following workspace dependencies were updated
14
+ * dependencies
15
+ * @twin.org/trust-models bumped from 0.0.3-next.23 to 0.0.3-next.24
16
+
17
+ ## [0.0.3-next.23](https://github.com/iotaledger/twin-trust/compare/trust-generators-v0.0.3-next.22...trust-generators-v0.0.3-next.23) (2026-06-11)
18
+
19
+
20
+ ### Features
21
+
22
+ * add default generator config ([54d98ba](https://github.com/iotaledger/twin-trust/commit/54d98ba53b7450b56337daeda504437be0d21943))
23
+ * add generators ([6228c88](https://github.com/iotaledger/twin-trust/commit/6228c88a8f0244b7bdfc76b8624c427c81d23f7b))
24
+ * add optional tenantId + organizationId to trust VC payload ([#19](https://github.com/iotaledger/twin-trust/issues/19)) ([1e93f6b](https://github.com/iotaledger/twin-trust/commit/1e93f6b0eacbfa725f3c3515d4255b39dd122ce7))
25
+ * add TrustHelper hashTenantId ([#22](https://github.com/iotaledger/twin-trust/issues/22)) ([1efa9dc](https://github.com/iotaledger/twin-trust/commit/1efa9dc7ef0534dbb1a789fac300409190452273))
26
+ * organization identifiers ([#39](https://github.com/iotaledger/twin-trust/issues/39)) ([a5891b9](https://github.com/iotaledger/twin-trust/commit/a5891b9d57ef209c20f53302442d1910dce963d2))
27
+ * ttl-token per generation ([#26](https://github.com/iotaledger/twin-trust/issues/26)) ([a35e925](https://github.com/iotaledger/twin-trust/commit/a35e925560d05f30dd8c02eb4184c0c503ca075a))
28
+ * typescript 6 update ([a232da2](https://github.com/iotaledger/twin-trust/commit/a232da293afbd3b42843e187e4952dabd7917397))
29
+ * update dependencies ([367d7fc](https://github.com/iotaledger/twin-trust/commit/367d7fc1f970522650c776d231bfacc84f97be67))
30
+ * update param names ([4c78d57](https://github.com/iotaledger/twin-trust/commit/4c78d5703ce7adef3fb5d3bbb1d2cde5db4376cc))
31
+
32
+
33
+ ### Bug Fixes
34
+
35
+ * default VC credentialSubject to the issuer when none is provided ([#37](https://github.com/iotaledger/twin-trust/issues/37)) ([9c7653d](https://github.com/iotaledger/twin-trust/commit/9c7653d6c34cc2014aac45ed7a3aa4ae720c3f63))
36
+ * jwt verifier return just token on creation ([9778491](https://github.com/iotaledger/twin-trust/commit/97784917c0ce53c3908e91a0db9137f8473eadeb))
37
+ * pass correct parameters to vc create ([bca9529](https://github.com/iotaledger/twin-trust/commit/bca95292605720f45f1f9dd2cec34053734b2d7f))
38
+ * tests ([fcadcf1](https://github.com/iotaledger/twin-trust/commit/fcadcf1f4e9bab4acbfc1722b0112f1d9723d7fa))
39
+
40
+
41
+ ### Dependencies
42
+
43
+ * The following workspace dependencies were updated
44
+ * dependencies
45
+ * @twin.org/trust-models bumped from 0.0.3-next.21 to 0.0.3-next.23
46
+
47
+ ## [0.0.3-next.21](https://github.com/iotaledger/twin-trust/compare/trust-generators-v0.0.3-next.20...trust-generators-v0.0.3-next.21) (2026-06-11)
48
+
49
+
50
+ ### Features
51
+
52
+ * organization identifiers ([#39](https://github.com/iotaledger/twin-trust/issues/39)) ([a5891b9](https://github.com/iotaledger/twin-trust/commit/a5891b9d57ef209c20f53302442d1910dce963d2))
53
+
54
+
55
+ ### Dependencies
56
+
57
+ * The following workspace dependencies were updated
58
+ * dependencies
59
+ * @twin.org/trust-models bumped from 0.0.3-next.20 to 0.0.3-next.21
60
+
3
61
  ## [0.0.3-next.20](https://github.com/iotaledger/twin-trust/compare/trust-generators-v0.0.3-next.19...trust-generators-v0.0.3-next.20) (2026-06-10)
4
62
 
5
63
 
@@ -12,7 +12,7 @@ Class to generate a JWT Verifiable Credential.
12
12
 
13
13
  > **new JwtVerifiableCredentialGenerator**(`options`): `JwtVerifiableCredentialGenerator`
14
14
 
15
- Create a new instance of JwtVerifiableCredentialGenerator.
15
+ Creates a new instance of JwtVerifiableCredentialGenerator.
16
16
 
17
17
  #### Parameters
18
18
 
@@ -20,7 +20,7 @@ Create a new instance of JwtVerifiableCredentialGenerator.
20
20
 
21
21
  [`IJwtVerifiableCredentialGeneratorConstructorOptions`](../interfaces/IJwtVerifiableCredentialGeneratorConstructorOptions.md)
22
22
 
23
- The options for the service.
23
+ The options for the generator.
24
24
 
25
25
  #### Returns
26
26
 
@@ -46,7 +46,7 @@ Returns the class name of the component.
46
46
 
47
47
  `string`
48
48
 
49
- The class name of the component.
49
+ The runtime class name string
50
50
 
51
51
  #### Implementation of
52
52
 
@@ -56,17 +56,17 @@ The class name of the component.
56
56
 
57
57
  ### generate() {#generate}
58
58
 
59
- > **generate**(`identity`, `info?`, `tenantIdHash?`, `organizationId?`, `options?`): `Promise`\<`unknown`\>
59
+ > **generate**(`organizationId`, `info?`, `options?`): `Promise`\<`unknown`\>
60
60
 
61
- Generate a trust payload.
61
+ Generates a JWT Verifiable Credential for the given organization identity.
62
62
 
63
63
  #### Parameters
64
64
 
65
- ##### identity
65
+ ##### organizationId
66
66
 
67
67
  `string`
68
68
 
69
- The identity for which to generate the payload.
69
+ The identity for which to generate the credential.
70
70
 
71
71
  ##### info?
72
72
 
@@ -76,20 +76,7 @@ Information to use in the generation.
76
76
 
77
77
  `IJsonLdNodeObject`
78
78
 
79
- The subject of the verifiable credential (JSON-LD).
80
-
81
- ##### tenantIdHash?
82
-
83
- `string`
84
-
85
- Optional tenant identifier, should be an opaque hashed version. Embedded directly in the JWT as the tid claim.
86
-
87
- ##### organizationId?
88
-
89
- `string`
90
-
91
- Optional organization identifier. Embedded directly in
92
- the JWT payload as the `org` claim.
79
+ The subject of the verifiable credential as a JSON-LD node object; defaults to `{ id: organizationId }` when omitted.
93
80
 
94
81
  ##### options?
95
82
 
@@ -99,14 +86,13 @@ Per-call generation options.
99
86
 
100
87
  `number`
101
88
 
102
- TTL override in seconds for this token only. Takes precedence over the
103
- config-level `tokenTtlInSeconds` when provided.
89
+ TTL override in seconds for this token only; takes precedence over the config-level value when provided.
104
90
 
105
91
  #### Returns
106
92
 
107
93
  `Promise`\<`unknown`\>
108
94
 
109
- The generated JWT.
95
+ A promise that resolves to the signed JWT string.
110
96
 
111
97
  #### Implementation of
112
98
 
@@ -10,12 +10,6 @@ The options for the JWT Verifiable Credential Generator.
10
10
 
11
11
  The logging component type.
12
12
 
13
- #### Default
14
-
15
- ```ts
16
- logging
17
- ```
18
-
19
13
  ***
20
14
 
21
15
  ### identityComponentType? {#identitycomponenttype}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@twin.org/trust-generators",
3
- "version": "0.0.3-next.20",
3
+ "version": "0.0.3-next.24",
4
4
  "description": "Implements trust credential generators that produce signed verifiable credential artefacts",
5
5
  "repository": {
6
6
  "type": "git",
@@ -19,7 +19,7 @@
19
19
  "@twin.org/identity-models": "next",
20
20
  "@twin.org/logging-models": "next",
21
21
  "@twin.org/nameof": "next",
22
- "@twin.org/trust-models": "0.0.3-next.20",
22
+ "@twin.org/trust-models": "0.0.3-next.24",
23
23
  "@twin.org/web": "next"
24
24
  },
25
25
  "main": "./dist/es/index.js",