@wireapp/core 43.7.1 → 43.8.0

package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.js

@@ -66,27 +66,15 @@ class E2EIServiceInternal {
     async startCertificateProcess(hasActiveCertificate) {
         // Step 0: Check if we have a handle in local storage
         // If we don't have a handle, we need to start a new OAuth flow
-        try {
-            // Initialize the identity
-            await this.initIdentity(hasActiveCertificate);
-            return this.startNewOAuthFlow();
-        }
-        catch (error) {
-            return this.exitWithError('Error while trying to start OAuth flow with error:', error);
-        }
+        await this.initIdentity(hasActiveCertificate);
+        return this.startNewOAuthFlow();
     }
     async continueCertificateProcess(oAuthIdToken) {
         // If we don't have a handle, we need to start a new OAuth flow
         if (this.e2eServiceExternal.isEnrollmentInProgress()) {
-            try {
-                return this.continueOAuthFlow(oAuthIdToken);
-            }
-            catch (error) {
-                return this.exitWithError('Error while trying to continue OAuth flow with error:', error);
-            }
+            return this.continueOAuthFlow(oAuthIdToken);
         }
-        this.logger.error('Error while trying to continue OAuth flow. No handle found in local storage');
-        return undefined;
+        throw new Error('Error while trying to continue OAuth flow. No enrollment in progress found');
     }
     // ############ Internal Functions ############
     async initIdentity(hasActiveCertificate) {
@@ -95,63 +83,35 @@ class E2EIServiceInternal {
         const expiryDays = 90;
         const ciphersuite = E2EIService_types_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519;
         if (hasActiveCertificate) {
-            try {
-                this.identity = await this.coreCryptoClient.e2eiNewRotateEnrollment(expiryDays, ciphersuite, user.displayName, user.handle);
-            }
-            catch (error) {
-                this.logger.error('Error while trying to initIdentity e2eiNewRotateEnrollment', error);
-                throw error;
-            }
+            this.identity = await this.coreCryptoClient.e2eiNewRotateEnrollment(expiryDays, ciphersuite, user.displayName, user.handle, user.teamId);
         }
         else {
-            this.identity = await this.coreCryptoClient.e2eiNewActivationEnrollment(user.displayName, user.handle, expiryDays, ciphersuite);
+            this.identity = await this.coreCryptoClient.e2eiNewActivationEnrollment(user.displayName, user.handle, expiryDays, ciphersuite, user.teamId);
         }
     }
-    exitWithError(message, error) {
-        this.logger.error(message, error);
-        return undefined;
-    }
     async init(params) {
-        try {
-            const { user, clientId, discoveryUrl } = params;
-            if (!user || !clientId) {
-                this.logger.error('user and clientId are required to initialize E2eIdentityService');
-                throw new Error();
-            }
-            this.acmeService = new AcmeServer_1.AcmeService(discoveryUrl);
-            this.isInitialized = true;
-        }
-        catch (error) {
-            this.logger.error('Error while trying to initialize E2eIdentityService', error);
-            throw error;
+        const { user, clientId, discoveryUrl } = params;
+        if (!user || !clientId) {
+            this.logger.error('user and clientId are required to initialize E2eIdentityService');
+            throw new Error();
         }
+        this.acmeService = new AcmeServer_1.AcmeService(discoveryUrl);
+        this.isInitialized = true;
     }
     async getDirectory(identity, connection) {
-        try {
-            const directory = await connection.getDirectory();
-            if (directory) {
-                const parsedDirectory = identity.directoryResponse(directory);
-                return parsedDirectory;
-            }
-        }
-        catch (error) {
-            this.logger.error('Error while trying to receive a directory', error);
-            throw error;
+        const directory = await connection.getDirectory();
+        if (directory) {
+            const parsedDirectory = identity.directoryResponse(directory);
+            return parsedDirectory;
         }
         return undefined;
     }
     async getInitialNonce(directory, connection) {
-        try {
-            const nonce = await connection.getInitialNonce(directory.newNonce);
-            if (nonce) {
-                return nonce;
-            }
+        const nonce = await connection.getInitialNonce(directory.newNonce);
+        if (!nonce) {
             throw new Error('No initial-nonce received');
         }
-        catch (error) {
-            this.logger.error('Error while trying to receive a nonce', error);
-            throw error;
-        }
+        return nonce;
     }
     /**
      * Start of the ACME enrollment flow
@@ -159,7 +119,7 @@ class E2EIServiceInternal {
      *
      * @returns authData
      */
-    async getAndStoreInitialEnrollmentData() {
+    async getEnrollmentChallenges() {
         if (!this.isInitialized || !this.identity || !this.acmeService) {
             throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
         }
@@ -173,31 +133,32 @@ class E2EIServiceInternal {
         if (!nonce) {
             throw new Error('Error while trying to start OAuth flow. No nonce received');
         }
+        const { acmeService, identity } = this;
         // Step 2: Create a new account
         const newAccountNonce = await (0, Account_1.createNewAccount)({
-            connection: this.acmeService,
+            connection: acmeService,
             directory,
-            identity: this.identity,
+            identity,
             nonce,
         });
         // Step 3: Create a new order
         const orderData = await (0, Order_1.createNewOrder)({
             directory,
-            connection: this.acmeService,
-            identity: this.identity,
+            connection: acmeService,
+            identity,
             nonce: newAccountNonce,
         });
         // Step 4: Get authorization challenges
-        const authData = await (0, Authorization_1.getAuthorization)({
-            connection: this.acmeService,
-            identity: this.identity,
-            authzUrl: orderData.authzUrl,
+        const authChallenges = await (0, Authorization_1.getAuthorizationChallenges)({
+            connection: acmeService,
+            identity: identity,
+            authzUrls: orderData.authzUrls,
             nonce: orderData.nonce,
         });
         // Store the values in local storage for later use (e.g. in the continue flow)
-        E2EIStorage_1.E2EIStorage.store.authData(authData);
+        E2EIStorage_1.E2EIStorage.store.authData(authChallenges);
         E2EIStorage_1.E2EIStorage.store.orderData({ orderUrl: orderData.orderUrl });
-        return { authData };
+        return authChallenges;
     }
     /**
      * Continuation of the ACME enrollment flow
@@ -207,14 +168,10 @@ class E2EIServiceInternal {
      * @param oAuthIdToken
      * @returns RotateBundle
      */
-    async getRotateBundleAndStoreCertificateData(oAuthIdToken) {
+    async getRotateBundleAndStoreCertificateData(oAuthIdToken, authData) {
         if (!this.isInitialized || !this.identity || !this.acmeService) {
             throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
         }
-        const authData = E2EIStorage_1.E2EIStorage.get.authData();
-        if (!authData.authorization.wireOidcChallenge) {
-            throw new Error('Error while trying to continue OAuth flow. No wireOidcChallenge received');
-        }
         // Step 7: Do OIDC client challenge
         const oidcData = await (0, OidcChallenge_1.doWireOidcChallenge)({
             coreCryptoClient: this.coreCryptoClient,
@@ -266,13 +223,7 @@ class E2EIServiceInternal {
             throw new Error('Error while trying to continue OAuth flow. No certificate received');
         }
         // Step 10: Initialize MLS with the certificate
-        try {
-            return await this.coreCryptoClient.e2eiRotateAll(this.identity, certificate, this.keyPackagesAmount);
-        }
-        catch (error) {
-            this.logger.error('Error while e2eiRotateAll', error);
-            throw error;
-        }
+        return this.coreCryptoClient.e2eiRotateAll(this.identity, certificate, this.keyPackagesAmount);
     }
     /**
      *  This function starts a new ACME enrollment flow for either a new client
@@ -280,23 +231,21 @@ class E2EIServiceInternal {
      */
     async startNewOAuthFlow() {
         if (this.e2eServiceExternal.isEnrollmentInProgress()) {
-            return this.exitWithError('Error while trying to start OAuth flow. There is already a flow in progress');
+            throw new Error('Error while trying to start OAuth flow. There is already a flow in progress');
         }
         if (!this.isInitialized || !this.identity) {
-            return this.exitWithError('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
+            throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
         }
-        const { authData } = await this.getAndStoreInitialEnrollmentData();
-        // Step 6: Start E2E OAuth flow
-        const { authorization: { wireOidcChallenge, keyauth }, } = authData;
-        if (wireOidcChallenge && keyauth) {
-            // stash the identity for later use
-            const handle = await this.coreCryptoClient.e2eiEnrollmentStash(this.identity);
-            // stash the handle in local storage
-            E2EIStorage_1.E2EIStorage.store.handle(bazinga64_1.Encoder.toBase64(handle).asString);
-            // we need to pass back the aquired wireOidcChallenge to the UI
-            return { challenge: wireOidcChallenge, keyAuth: keyauth };
+        const { authorization: { oidcChallenge: wireOidcChallenge, keyauth }, } = await this.getEnrollmentChallenges();
+        if (!wireOidcChallenge || !keyauth) {
+            throw new Error('missing wireOidcChallenge or keyauth');
         }
-        return undefined;
+        // stash the identity for later use
+        const handle = await this.coreCryptoClient.e2eiEnrollmentStash(this.identity);
+        // stash the handle in local storage
+        E2EIStorage_1.E2EIStorage.store.handle(bazinga64_1.Encoder.toBase64(handle).asString);
+        // we need to pass back the aquired wireOidcChallenge to the UI
+        return { challenge: wireOidcChallenge, keyAuth: keyauth };
     }
     /**
      * This function continues an ACME flow for either a new client
@@ -307,19 +256,14 @@ class E2EIServiceInternal {
      */
     async continueOAuthFlow(oAuthIdToken) {
         // If we have a handle, the user has already started the process to authenticate with the OIDC provider. We can continue the flow.
-        try {
-            if (!this.acmeService) {
-                return this.exitWithError('Error while trying to continue OAuth flow. AcmeService is not initialized');
-            }
-            const handle = E2EIStorage_1.E2EIStorage.get.handle();
-            this.identity = await this.coreCryptoClient.e2eiEnrollmentStashPop(bazinga64_1.Decoder.fromBase64(handle).asBytes);
-            this.logger.log('retrieved identity from stash');
-            return await this.getRotateBundleAndStoreCertificateData(oAuthIdToken);
-        }
-        catch (error) {
-            this.logger.error('Error while trying to continue OAuth flow', error);
-            throw error;
+        if (!this.acmeService) {
+            throw new Error('Error while trying to continue OAuth flow. AcmeService is not initialized');
         }
+        const handle = E2EIStorage_1.E2EIStorage.get.handle();
+        const authData = E2EIStorage_1.E2EIStorage.get.authData();
+        this.identity = await this.coreCryptoClient.e2eiEnrollmentStashPop(bazinga64_1.Decoder.fromBase64(handle).asBytes);
+        this.logger.log('retrieved identity from stash');
+        return this.getRotateBundleAndStoreCertificateData(oAuthIdToken, authData);
     }
     /**
      * This function starts a ACME refresh flow for an existing client with a valid refresh token
@@ -329,19 +273,13 @@ class E2EIServiceInternal {
      */
     async startRefreshCertficateFlow(oAuthIdToken, hasActiveCertificate) {
         // we dont have an oauth flow since we already get the oAuthIdToken from the client
-        try {
-            if (!this.acmeService) {
-                return this.exitWithError('Error while trying to continue OAuth flow. AcmeService is not initialized');
-            }
-            // We need to initialize the identity
-            await this.initIdentity(hasActiveCertificate);
-            await this.getAndStoreInitialEnrollmentData();
-            return await this.getRotateBundleAndStoreCertificateData(oAuthIdToken);
-        }
-        catch (error) {
-            this.logger.error('Error while trying do the certificate refresh flow', error);
-            throw error;
+        if (!this.acmeService) {
+            throw new Error('Error while trying to continue OAuth flow. AcmeService is not initialized');
         }
+        // We need to initialize the identity
+        await this.initIdentity(hasActiveCertificate);
+        const authData = await this.getEnrollmentChallenges();
+        return this.getRotateBundleAndStoreCertificateData(oAuthIdToken, authData);
     }
 }
 exports.E2EIServiceInternal = E2EIServiceInternal;

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.d.ts

@@ -1,15 +1,12 @@
 import { AcmeService } from '../Connection';
-import { E2eiEnrollment, NewAcmeAuthz, Nonce } from '../E2EIService.types';
+import { E2eiEnrollment, Nonce } from '../E2EIService.types';
+import { AuthData } from '../Storage/E2EIStorage.schema';
 interface GetAuthorizationParams {
     nonce: Nonce;
-    authzUrl: string;
+    authzUrls: string[];
     identity: E2eiEnrollment;
     connection: AcmeService;
 }
-export type GetAuthorizationReturnValue = {
-    authorization: NewAcmeAuthz;
-    nonce: Nonce;
-};
-export declare const getAuthorization: ({ authzUrl, nonce, identity, connection, }: GetAuthorizationParams) => Promise<GetAuthorizationReturnValue>;
+export declare const getAuthorizationChallenges: ({ authzUrls, nonce, identity, connection, }: GetAuthorizationParams) => Promise<AuthData>;
 export {};
 //# sourceMappingURL=Authorization.d.ts.map

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Authorization.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGzE,UAAU,sBAAsB;IAC9B,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,2BAA2B,GAAG;IAAC,aAAa,EAAE,YAAY,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAC,CAAC;AAEtF,eAAO,MAAM,gBAAgB,+CAK1B,sBAAsB,KAAG,QAAQ,2BAA2B,CA4B9D,CAAC"}
+{"version":3,"file":"Authorization.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,cAAc,EAAgB,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAEzE,OAAO,EAAC,QAAQ,EAAC,MAAM,+BAA+B,CAAC;AAEvD,UAAU,sBAAsB;IAC9B,KAAK,EAAE,KAAK,CAAC;IACb,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AAED,eAAO,MAAM,0BAA0B,gDAKpC,sBAAsB,KAAG,QAAQ,QAAQ,CAsC3C,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.js

@@ -18,33 +18,42 @@
  *
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAuthorization = void 0;
+exports.getAuthorizationChallenges = void 0;
 const Helper_1 = require("../Helper");
-const getAuthorization = async ({ authzUrl, nonce, identity, connection, }) => {
-    const reqBody = await identity.newAuthzRequest(authzUrl, nonce);
-    const response = await connection.getAuthorization(authzUrl, reqBody);
-    if ((response === null || response === void 0 ? void 0 : response.data) && !!response.data.status.length && !!response.nonce.length) {
-        const wasmData = await identity.newAuthzResponse((0, Helper_1.jsonToByteArray)(response.data));
-        // manual copy of the wasm data because of a problem while cloning it
-        const authorization = {
-            identifier: wasmData.identifier,
-            keyauth: wasmData.keyauth,
-            wireDpopChallenge: {
-                delegate: wasmData.wireDpopChallenge.delegate,
-                target: wasmData.wireDpopChallenge.target,
-                url: wasmData.wireDpopChallenge.url,
-            },
-            wireOidcChallenge: {
-                delegate: wasmData.wireOidcChallenge.delegate,
-                target: wasmData.wireOidcChallenge.target,
-                url: wasmData.wireOidcChallenge.url,
-            },
-        };
-        return {
-            authorization,
-            nonce: response.nonce,
-        };
+const getAuthorizationChallenges = async ({ authzUrls, nonce, identity, connection, }) => {
+    var _a, _b;
+    const challenges = [];
+    for (const authzUrl of authzUrls) {
+        const reqBody = await identity.newAuthzRequest(authzUrl, nonce);
+        const response = await connection.getAuthorization(authzUrl, reqBody);
+        // The backend returns a list of challenges (to be inline with the protocol), but in our case we are only ever going to have a single element in the list
+        const backendChallenge = response.data.challenges[0];
+        const challenge = await identity.newAuthzResponse((0, Helper_1.jsonToByteArray)(response.data));
+        challenges.push({ type: backendChallenge.type, challenge });
+        nonce = response.nonce;
     }
-    throw new Error('No authorization-data received');
+    const { challenge: oidcChallenge } = (_a = challenges.find(challenge => challenge.type.includes('oidc'))) !== null && _a !== void 0 ? _a : {};
+    const { challenge: dpopChallenge } = (_b = challenges.find(challenge => challenge.type.includes('dpop'))) !== null && _b !== void 0 ? _b : {};
+    if (!dpopChallenge || !oidcChallenge) {
+        throw new Error('missing dpop or oidc challenge');
+    }
+    // manual copy of the wasm data because of a problem while cloning it
+    const authorization = {
+        keyauth: oidcChallenge.keyauth,
+        dpopChallenge: {
+            delegate: dpopChallenge.challenge.delegate,
+            target: dpopChallenge.challenge.target,
+            url: dpopChallenge.challenge.url,
+        },
+        oidcChallenge: {
+            delegate: oidcChallenge.challenge.delegate,
+            target: oidcChallenge.challenge.target,
+            url: oidcChallenge.challenge.url,
+        },
+    };
+    return {
+        authorization,
+        nonce,
+    };
 };
-exports.getAuthorization = getAuthorization;
+exports.getAuthorizationChallenges = getAuthorizationChallenges;

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts

@@ -1,12 +1,9 @@
 import { DoWireDpopChallengeParams } from './DpopChallenge.types';
-export declare const doWireDpopChallenge: ({ apiClient, clientId, authData, identity, nonce, connection, expirySecs, userDomain, }: DoWireDpopChallengeParams) => Promise<{
-    data: {
-        type: string;
-        url: string;
-        status: string;
-        token: string;
-    };
-    nonce: string;
-    location?: string | undefined;
-}>;
+export declare const doWireDpopChallenge: ({ apiClient, clientId, authData, identity, nonce, connection, expirySecs, userDomain, }: DoWireDpopChallengeParams) => Promise<import("../../Connection/AcmeServer/AcmeService.types").PostJoseRequestReturnValue<{
+    type: string;
+    url: string;
+    target: string;
+    status: string;
+    token: string;
+}>>;
 //# sourceMappingURL=DpopChallenge.d.ts.map

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"DpopChallenge.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,yBAAyB,EAAmD,MAAM,uBAAuB,CAAC;AA6BlH,eAAO,MAAM,mBAAmB,4FAS7B,yBAAyB;;;;;;;;;EA+B3B,CAAC"}
+{"version":3,"file":"DpopChallenge.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,yBAAyB,EAAmD,MAAM,uBAAuB,CAAC;AA6BlH,eAAO,MAAM,mBAAmB,4FAS7B,yBAAyB;;;;;;GA+B3B,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.js

@@ -39,8 +39,8 @@ const getClientAccessToken = async ({ apiClient, clientNonce, identity, clientId
     return apiClient.api.client.getAccessToken(clientId, dpopToken);
 };
 const doWireDpopChallenge = async ({ apiClient, clientId, authData, identity, nonce, connection, expirySecs, userDomain, }) => {
-    const { wireDpopChallenge } = authData.authorization;
-    if (!wireDpopChallenge) {
+    const { dpopChallenge } = authData.authorization;
+    if (!dpopChallenge) {
         throw new Error('No wireDpopChallenge defined');
     }
     const clientNonce = await getClientNonce({ clientId, apiClient });
@@ -55,7 +55,7 @@ const doWireDpopChallenge = async ({ apiClient, clientId, authData, identity, no
         userDomain,
     });
     const reqBody = await identity.newDpopChallengeRequest(clientAccessTokenData.token, nonce);
-    const dpopChallengeResponse = await connection.validateDpopChallenge(wireDpopChallenge.url, reqBody);
+    const dpopChallengeResponse = await connection.validateDpopChallenge(dpopChallenge.url, reqBody);
     if (!dpopChallengeResponse) {
         throw new Error('No response received while validating DPOP challenge');
     }

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.d.ts

@@ -2,12 +2,12 @@ import { APIClient } from '@wireapp/api-client';
 import { ClientId } from '../../../types';
 import { AcmeService } from '../../Connection/AcmeServer';
 import { E2eiEnrollment, Nonce, User } from '../../E2EIService.types';
-import { GetAuthorizationReturnValue } from '../Authorization';
+import { AuthData } from '../../Storage/E2EIStorage.schema';
 export interface DoWireDpopChallengeParams {
     apiClient: APIClient;
     clientId: ClientId;
     userDomain: User['domain'];
-    authData: GetAuthorizationReturnValue;
+    authData: AuthData;
     identity: E2eiEnrollment;
     connection: AcmeService;
     nonce: Nonce;

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"DpopChallenge.types.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAE9C,OAAO,EAAC,QAAQ,EAAC,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAC,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAC,cAAc,EAAE,KAAK,EAAE,IAAI,EAAC,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAC,2BAA2B,EAAC,MAAM,kBAAkB,CAAC;AAE7D,MAAM,WAAW,yBAAyB;IACxC,SAAS,EAAE,SAAS,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3B,QAAQ,EAAE,2BAA2B,CAAC;IACtC,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,oBAAoB,GAAG,IAAI,CAAC,yBAAyB,EAAE,UAAU,GAAG,WAAW,CAAC,CAAC;AAE7F,MAAM,MAAM,0BAA0B,GAAG,IAAI,CAC3C,yBAAyB,EACzB,UAAU,GAAG,WAAW,GAAG,UAAU,GAAG,YAAY,GAAG,YAAY,CACpE,GAAG;IACF,WAAW,EAAE,KAAK,CAAC;CACpB,CAAC"}
+{"version":3,"file":"DpopChallenge.types.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAE9C,OAAO,EAAC,QAAQ,EAAC,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAC,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAC,cAAc,EAAE,KAAK,EAAE,IAAI,EAAC,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAC,QAAQ,EAAC,MAAM,kCAAkC,CAAC;AAE1D,MAAM,WAAW,yBAAyB;IACxC,SAAS,EAAE,SAAS,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3B,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,oBAAoB,GAAG,IAAI,CAAC,yBAAyB,EAAE,UAAU,GAAG,WAAW,CAAC,CAAC;AAE7F,MAAM,MAAM,0BAA0B,GAAG,IAAI,CAC3C,yBAAyB,EACzB,UAAU,GAAG,WAAW,GAAG,UAAU,GAAG,YAAY,GAAG,YAAY,CACpE,GAAG;IACF,WAAW,EAAE,KAAK,CAAC;CACpB,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.d.ts

@@ -1,29 +1,25 @@
-import { GetAuthorizationReturnValue } from './Authorization';
 import { AcmeService } from '../Connection/AcmeServer';
 import { CoreCrypto, E2eiEnrollment, Nonce } from '../E2EIService.types';
+import { AuthData } from '../Storage/E2EIStorage.schema';
 interface DoWireOidcChallengeParams {
     coreCryptoClient: CoreCrypto;
-    authData: GetAuthorizationReturnValue;
+    authData: AuthData;
     identity: E2eiEnrollment;
     connection: AcmeService;
     nonce: Nonce;
     oAuthIdToken: string;
 }
-export declare const doWireOidcChallenge: ({ coreCryptoClient, connection, authData, identity, nonce, oAuthIdToken, }: DoWireOidcChallengeParams) => Promise<{
-    data: {
+export declare const doWireOidcChallenge: ({ coreCryptoClient, connection, authData, identity, nonce, oAuthIdToken, }: DoWireOidcChallengeParams) => Promise<import("../Connection/AcmeServer/AcmeService.types").PostJoseRequestReturnValue<{
+    type: string;
+    url: string;
+    target: string;
+    status: string;
+    token: string;
+    validated?: string | undefined;
+    error?: {
         type: string;
-        url: string;
-        target: string;
-        status: string;
-        token: string;
-        validated?: string | undefined;
-        error?: {
-            type: string;
-            detail: string;
-        } | undefined;
-    };
-    nonce: string;
-    location?: string | undefined;
-}>;
+        detail: string;
+    } | undefined;
+}>>;
 export {};
 //# sourceMappingURL=OidcChallenge.d.ts.map

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"OidcChallenge.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,2BAA2B,EAAC,MAAM,iBAAiB,CAAC;AAE5D,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAC,UAAU,EAAE,cAAc,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAEvE,UAAU,yBAAyB;IACjC,gBAAgB,EAAE,UAAU,CAAC;IAC7B,QAAQ,EAAE,2BAA2B,CAAC;IACtC,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,eAAO,MAAM,mBAAmB,+EAO7B,yBAAyB;;;;;;;;;;;;;;;EAmB3B,CAAC"}
+{"version":3,"file":"OidcChallenge.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAC,UAAU,EAAE,cAAc,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AACvE,OAAO,EAAC,QAAQ,EAAC,MAAM,+BAA+B,CAAC;AAEvD,UAAU,yBAAyB;IACjC,gBAAgB,EAAE,UAAU,CAAC;IAC7B,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,eAAO,MAAM,mBAAmB,+EAO7B,yBAAyB;;;;;;;;;;;GAmB3B,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.js

@@ -21,13 +21,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.doWireOidcChallenge = void 0;
 const bazinga64_1 = require("bazinga64");
 const doWireOidcChallenge = async ({ coreCryptoClient, connection, authData, identity, nonce, oAuthIdToken, }) => {
-    const { wireOidcChallenge } = authData.authorization;
-    if (!wireOidcChallenge) {
+    const { oidcChallenge } = authData.authorization;
+    if (!oidcChallenge) {
         throw new Error('No wireOIDCChallenge defined');
     }
     const refreshToken = 'empty'; // CC just stores the refresh token (which we don't need for web, as our oidc library does that for us)
     const reqBody = await identity.newOidcChallengeRequest(oAuthIdToken, refreshToken, nonce);
-    const oidcChallengeResponse = await connection.validateOidcChallenge(wireOidcChallenge.url, reqBody);
+    const oidcChallengeResponse = await connection.validateOidcChallenge(oidcChallenge.url, reqBody);
     if (!oidcChallengeResponse) {
         throw new Error('No response received while validating OIDC challenge');
     }

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Order.d.ts

@@ -7,13 +7,13 @@ export interface CreateNewOrderParams {
     directory: AcmeDirectory;
     connection: AcmeService;
 }
-export type CreateNewOrderReturnValue = Promise<{
+export type CreateNewOrderReturnValue = {
     order: NewAcmeOrder;
     nonce: string;
-    authzUrl: string;
+    authzUrls: string[];
     orderUrl: OrderUrl;
-}>;
-export declare const createNewOrder: ({ identity, nonce, directory, connection, }: CreateNewOrderParams) => CreateNewOrderReturnValue;
+};
+export declare const createNewOrder: ({ identity, nonce, directory, connection, }: CreateNewOrderParams) => Promise<CreateNewOrderReturnValue>;
 export interface FinalizeOrderParams {
     connection: AcmeService;
     identity: E2eiEnrollment;

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Order.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Order.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Order.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGxF,KAAK,QAAQ,GAAG,MAAM,CAAC;AAEvB,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,SAAS,EAAE,aAAa,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,yBAAyB,GAAG,OAAO,CAAC;IAC9C,KAAK,EAAE,YAAY,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC,CAAC;AAEH,eAAO,MAAM,cAAc,gDAKxB,oBAAoB,8BAatB,CAAC;AAEF,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,WAAW,CAAC;IACxB,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;CACpB;AACD,eAAO,MAAM,aAAa,8CAAmD,mBAAmB;;;EAqB/F,CAAC"}
+{"version":3,"file":"Order.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Order.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGxF,KAAK,QAAQ,GAAG,MAAM,CAAC;AAEvB,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,SAAS,EAAE,aAAa,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,YAAY,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC;AAEF,eAAO,MAAM,cAAc,gDAKxB,oBAAoB,KAAG,QAAQ,yBAAyB,CAY1D,CAAC;AAEF,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,WAAW,CAAC;IACxB,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;CACpB;AACD,eAAO,MAAM,aAAa,8CAAmD,mBAAmB;;;EAqB/F,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Order.js

@@ -21,18 +21,17 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.finalizeOrder = exports.createNewOrder = void 0;
 const Helper_1 = require("../Helper");
 const createNewOrder = async ({ identity, nonce, directory, connection, }) => {
-    var _a;
     const reqBody = await identity.newOrderRequest(nonce);
-    const response = await connection.createNewOrder(directory.newOrder, reqBody);
-    if ((response === null || response === void 0 ? void 0 : response.data) && !!response.data.status.length && !!response.nonce.length && !!((_a = response.location) === null || _a === void 0 ? void 0 : _a.length)) {
-        return {
-            order: await identity.newOrderResponse((0, Helper_1.jsonToByteArray)(response.data)),
-            authzUrl: response.data.authorizations[0],
-            nonce: response.nonce,
-            orderUrl: response.location,
-        };
+    const { data, nonce: responseNonce, location } = await connection.createNewOrder(directory.newOrder, reqBody);
+    if (!location) {
+        throw new Error('No location header from API received for order creation');
     }
-    throw new Error('No createNewOrder-data received');
+    return {
+        order: await identity.newOrderResponse((0, Helper_1.jsonToByteArray)(data)),
+        authzUrls: data.authorizations,
+        nonce: responseNonce,
+        orderUrl: location,
+    };
 };
 exports.createNewOrder = createNewOrder;
 const finalizeOrder = async ({ identity, nonce, orderUrl, connection }) => {

package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.js

@@ -45,8 +45,8 @@ const getAndVerifyAuthData = () => {
     if (!data) {
         throw new Error('ACME: AuthData not found');
     }
-    const atob = window.atob(data);
-    return E2EIStorage_schema_1.AuthDataSchema.parse(JSON.parse(atob));
+    const decodedData = window.atob(data);
+    return E2EIStorage_schema_1.AuthDataSchema.parse(JSON.parse(decodedData));
 };
 const getInitialData = () => {
     const data = storage.get(InitialDataKey);