dataspace-client-sdk-node 0.1.1 → 0.2.0

package/src/index.ts

@@ -4,5 +4,6 @@
 // See subjectVaultPhoneResolution.test.ts for context and migration plan.
 export * from './types.js';
 export * from './builders.js';
+export * from './vp-token.js';
 export * from './client.js';
 export * from './sdk/dataspace-wallet-sdk-node/index.js';

package/src/types.ts

@@ -195,6 +195,26 @@ export type FamilyOrganizationSummary = {
   updatedAt?: string;
 };
 
+export type OfferPreview = {
+  offerId?: string;
+  amount?: string;
+  currency?: string;
+  seats?: number;
+  planName?: string;
+  sku?: string;
+  paymentMethod?: string;
+  checkoutUrl?: string;
+};
+
+export type OfferInfo = OfferPreview;
+
+export type EndpointSelector = {
+  section: string;
+  format: string;
+  resourceType: string;
+  action: string;
+};
+
 /**
  * Input for organization activation in GW using ICA-derived proof material.
  *
@@ -203,9 +223,40 @@ export type FamilyOrganizationSummary = {
  */
 export type GatewayOrganizationActivationInput = {
   vpToken: string;
+  /** Generic requested seats/members for initial offer sizing. Defaults to 2. */
+  numberOfMembers?: number;
   organizationVc?: string;
   legalRepresentativeVc?: string;
   regulatoryEvidence?: Record<string, unknown>;
+  /** @deprecated Prefer `numberOfMembers` and explicit input fields. */
+  additionalClaims?: Record<string, unknown>;
+};
+
+export type GatewayOrganizationActivationSimpleInput = {
+  jurisdiction?: string;
+  sector?: string;
+  vpToken: string;
+  serviceProviderDidWeb?: string;
+  serviceProviderUrl?: string;
+  controllerEmail?: string;
+  controllerTelephone?: string;
+  controllerRole: string;
+  numberOfMembers?: number;
+  timeoutSeconds?: number;
+  intervalSeconds?: number;
+  organizationVc?: string;
+  legalRepresentativeVc?: string;
+  regulatoryEvidence?: Record<string, unknown>;
+  additionalClaims?: Record<string, unknown>;
+};
+
+export type LegalOrganizationOrderSimpleInput = {
+  jurisdiction?: string;
+  sector?: string;
+  offerId: string;
+  timeoutSeconds?: number;
+  intervalSeconds?: number;
+  dataType?: string;
   additionalClaims?: Record<string, unknown>;
 };
 
@@ -219,6 +270,17 @@ export type EmployeeDeviceActivationInput = {
   pollOptions?: PollOptions;
 };
 
+export type EmployeeDeviceActivationSimpleInput = {
+  tenantId?: string;
+  jurisdiction?: string;
+  sector?: string;
+  activationCode: string;
+  idToken: string;
+  dcrPayload: Record<string, unknown>;
+  timeoutSeconds?: number;
+  intervalSeconds?: number;
+};
+
 /**
  * Result of device activation flow.
  *
@@ -256,6 +318,40 @@ export type SubjectOrganizationBootstrapResult = {
   confirmation?: SubmitAndPollResult;
 };
 
+export type IndividualOrganizationBootstrapSimpleInput = {
+  tenantId?: string;
+  jurisdiction?: string;
+  sector?: string;
+  alternateName: string;
+  controllerEmail?: string;
+  controllerTelephone?: string;
+  controllerRole?: string; // default org.hl7.v3.RoleCode|RESPRSN
+  timeoutSeconds?: number;
+  intervalSeconds?: number;
+  additionalClaims?: Record<string, unknown>;
+};
+
+export type IndividualOrganizationBootstrapSimpleResult = {
+  registration: SubmitAndPollResult;
+  offerId: string;
+  confirmation: SubmitAndPollResult;
+};
+
+export type IndividualOrganizationStartSimpleResult = {
+  registration: SubmitAndPollResult;
+  offerId: string;
+  offerPreview: OfferPreview;
+};
+
+export type IndividualOrganizationConfirmOrderSimpleInput = {
+  tenantId?: string;
+  jurisdiction?: string;
+  sector?: string;
+  offerId: string;
+  timeoutSeconds?: number;
+  intervalSeconds?: number;
+};
+
 /**
  * Input for UC 5.5 IPS/FHIR import and index update.
  */
@@ -413,6 +509,8 @@ export type ClientOptions = {
   bearerToken?: string;
   defaultHeaders?: Record<string, string>;
   wallet?: WalletProvider;
+  /** Optional default tenant context so calls can omit ctx repeatedly. */
+  ctx?: RouteContext;
 };
 
 /**
@@ -437,6 +535,8 @@ export type BackendPkceAuthOptions = {
   /** Requested scopes for the SMART bearer token. */
   scopes: string[];
   /** Cache key for the resulting bearer token. Defaults to `pkce:<apiKey prefix>`. */
+  tokenCacheKey?: string;
+  /** @deprecated Use `tokenCacheKey`. */
   endpointId?: string;
   /** PKCE code verifier. Auto-generated with randomUUID if not provided. */
   codeVerifier?: string;
@@ -447,6 +547,8 @@ export type BackendPkceAuthOptions = {
 export type BackendPkceAuthResult = {
   /** `fetched`: new token obtained. `cached`: valid token already in cache. `failed`: flow error. */
   status: 'fetched' | 'cached' | 'failed';
+  tokenCacheKey: string;
+  /** @deprecated Use `tokenCacheKey`. */
   endpointId: string;
   accessToken: string;
   tokenType: string;
@@ -458,6 +560,8 @@ export type BackendPkceAuthResult = {
 export type BackendSmartAuthOptions = {
   clientId: string;
   scopes: string[];
+  tokenCacheKey?: string;
+  /** @deprecated Use `tokenCacheKey`. */
   endpointId?: string;
   tokenUrl?: string;
   tokenPath?: string;
@@ -471,6 +575,8 @@ export type BackendSmartAuthOptions = {
 export type BackendSmartAuthResult = {
   status: 'fetched' | 'cached' | 'failed';
   profile: 'smart-backend.v1';
+  tokenCacheKey: string;
+  /** @deprecated Use `tokenCacheKey`. */
   endpointId: string;
   accessToken?: string;
   tokenType?: string;
@@ -481,12 +587,28 @@ export type BackendSmartAuthResult = {
 };
 
 export type SmartTokenExchangeInput = {
-  endpointId: string;
+  tokenCacheKey: string;
+  /** @deprecated Use `tokenCacheKey`. */
+  endpointId?: string;
   scopes: string[];
   exchangePayload: Record<string, unknown>;
   path?: string;
 };
 
+export type SmartTokenRequestSimpleInput = {
+  tenantId?: string;
+  jurisdiction?: string;
+  sector?: string;
+  idToken: string;
+  scopes: string[];
+  tokenCacheKey?: string;
+  /** @deprecated Use `tokenCacheKey`. */
+  endpointId?: string;
+  timeoutSeconds?: number;
+  intervalSeconds?: number;
+  additionalClaims?: Record<string, unknown>;
+};
+
 export type SmartTokenExchangeResult = {
   status: 'fetched' | 'cached' | 'failed';
   accessToken?: string;

package/src/vp-token.ts

@@ -0,0 +1,91 @@
+export type VpTokenHeader = {
+  alg: string;
+  typ?: string;
+  kid?: string;
+  [key: string]: unknown;
+};
+
+export type VpTokenPayload = {
+  iss: string;
+  sub?: string;
+  aud?: string;
+  jti?: string;
+  iat?: number;
+  exp?: number;
+  nonce?: string;
+  vp: {
+    '@context'?: unknown;
+    type?: unknown;
+    holder?: string;
+    verifiableCredential: string[];
+    [key: string]: unknown;
+  };
+  [key: string]: unknown;
+};
+
+function toB64UrlJson(input: unknown): string {
+  return Buffer.from(JSON.stringify(input), 'utf-8').toString('base64url');
+}
+
+function fallbackId(): string {
+  const rand = Math.random().toString(36).slice(2, 10);
+  return `id-${Date.now()}-${rand}`;
+}
+
+export function generateUuidLike(): string {
+  const fn = (globalThis as any)?.crypto?.randomUUID;
+  if (typeof fn === 'function') return fn.call((globalThis as any).crypto);
+  return fallbackId();
+}
+
+export function buildEpochWindow(ttlSeconds = 300): { iat: number; exp: number } {
+  const iat = Math.floor(Date.now() / 1000);
+  return { iat, exp: iat + Math.max(1, Math.floor(ttlSeconds)) };
+}
+
+export function createVP(input?: Partial<VpTokenPayload>): VpTokenPayload {
+  const ttl = input?.exp && input?.iat ? undefined : buildEpochWindow(300);
+  const jti = input?.jti || generateUuidLike();
+  const nonce = input?.nonce || generateUuidLike();
+  return {
+    iss: String(input?.iss || ''),
+    sub: input?.sub,
+    aud: input?.aud,
+    jti,
+    iat: input?.iat ?? ttl?.iat,
+    exp: input?.exp ?? ttl?.exp,
+    nonce,
+    vp: {
+      '@context': ['https://www.w3.org/2018/credentials/v1'],
+      type: ['VerifiablePresentation'],
+      holder: input?.vp?.holder || input?.iss || '',
+      verifiableCredential: [],
+      ...(input?.vp || {}),
+    },
+  };
+}
+
+export function addVC(vpPayload: VpTokenPayload, vcJwt: string): VpTokenPayload {
+  const v = String(vcJwt || '').trim();
+  if (v) vpPayload.vp.verifiableCredential.push(v);
+  return vpPayload;
+}
+
+export function prepareForSignature(header: VpTokenHeader, payload: VpTokenPayload): {
+  encodedHeader: string;
+  encodedPayload: string;
+  signingInput: string;
+} {
+  const encodedHeader = toB64UrlJson(header);
+  const encodedPayload = toB64UrlJson(payload);
+  return { encodedHeader, encodedPayload, signingInput: `${encodedHeader}.${encodedPayload}` };
+}
+
+export function prepareBytesForSignature(header: VpTokenHeader, payload: VpTokenPayload): Uint8Array {
+  const { signingInput } = prepareForSignature(header, payload);
+  return new TextEncoder().encode(signingInput);
+}
+
+export function buildVpTokenCompact(encodedHeader: string, encodedPayload: string, signatureBase64Url: string): string {
+  return `${encodedHeader}.${encodedPayload}.${String(signatureBase64Url || '').trim()}`;
+}