From 2cc45e707b866afb23e33231b1380add246365e1 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Mon, 18 Nov 2024 18:38:45 +0100 Subject: [PATCH 01/13] chore: Added federation_entity metadata to siop/oid4vp and oid4vci --- .../oid4vci-common/lib/types/v1_0_13.types.ts | 16 ++++++++++- packages/siop-oid4vp/lib/types/SIOP.types.ts | 27 ++++++++++++++++++- 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/packages/oid4vci-common/lib/types/v1_0_13.types.ts b/packages/oid4vci-common/lib/types/v1_0_13.types.ts index e601f4d9..3bb4720d 100644 --- a/packages/oid4vci-common/lib/types/v1_0_13.types.ts +++ b/packages/oid4vci-common/lib/types/v1_0_13.types.ts @@ -189,6 +189,18 @@ export interface CredentialOfferPayloadV1_0_13 { client_id?: string; } +export interface FederationEntityMetadataOpts { + federation_fetch_endpoint?: string + federation_list_endpoint?: string + federation_resolve_endpoint?: string + federation_trust_mark_status_endpoint?: string + federation_trust_mark_list_endpoint?: string + federation_trust_mark_endpoint?: string + federation_historical_keys_endpoint?: string + organization_name?: string + homepage_uri?: string +} + export interface CredentialIssuerMetadataOptsV1_0_13 { credential_endpoint: string; // REQUIRED. URL of the Credential Issuer's Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. batch_credential_endpoint?: string; // OPTIONAL. URL of the Credential Issuer's Batch Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. If omitted, the Credential Issuer does not support the Batch Credential Endpoint. @@ -205,6 +217,7 @@ export interface CredentialIssuerMetadataOptsV1_0_13 { //todo: these two are not mentioned in the spec token_endpoint?: string; credential_supplier_config?: CredentialSupplierConfig; + federation_entity?: FederationEntityMetadataOpts } // These can be used be a reducer @@ -226,7 +239,8 @@ export const credentialIssuerMetadataFieldNames: Array Date: Wed, 20 Nov 2024 13:31:48 +0100 Subject: [PATCH 02/13] chore: Added openid_credential_verifier into the client registration metadata --- .../AuthorizationRequestPayloadVD11.schema.ts | 210 +++++++++ ...ationRequestPayloadVD12OID4VPD18.schema.ts | 210 +++++++++ ...ationRequestPayloadVD12OID4VPD20.schema.ts | 210 +++++++++ .../AuthorizationRequestPayloadVID1.schema.ts | 210 +++++++++ .../AuthorizationResponseOpts.schema.ts | 412 ++++++++++++++---- .../DiscoveryMetadataPayload.schema.ts | 409 +++++++++++++---- .../RPRegistrationMetadataPayload.schema.ts | 210 +++++++++ packages/siop-oid4vp/lib/types/SIOP.types.ts | 6 + 8 files changed, 1699 insertions(+), 178 deletions(-) diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts index 020c0299..f863fe85 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts @@ -209,6 +209,72 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { {} ] }, + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_name": { "anyOf": [ { @@ -400,6 +466,150 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { ], "additionalProperties": false }, + "FederationEntityMetadataPayload": { + "type": "object", + "properties": { + "federation_fetch_endpoint": { + "type": "string" + }, + "federation_list_endpoint": { + "type": "string" + }, + "federation_resolve_endpoint": { + "type": "string" + }, + "federation_trust_mark_status_endpoint": { + "type": "string" + }, + "federation_trust_mark_list_endpoint": { + "type": "string" + }, + "federation_trust_mark_endpoint": { + "type": "string" + }, + "federation_historical_keys_endpoint": { + "type": "string" + }, + "organization_name": { + "type": "string" + }, + "homepage_uri": { + "type": "string" + } + }, + "additionalProperties": false + }, + "JWKS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { + "type": "object", + "properties": { + "kty": { + "type": "string" + }, + "crv": { + "type": "string" + }, + "x": { + "type": "string" + }, + "y": { + "type": "string" + }, + "e": { + "type": "string" + }, + "n": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "d": { + "type": "string" + }, + "dp": { + "type": "string" + }, + "dq": { + "type": "string" + }, + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { + "type": "string" + } + }, + "additionalProperties": {} + }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts index bb6429d1..70b075d6 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts @@ -215,6 +215,72 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { {} ] }, + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_name": { "anyOf": [ { @@ -406,6 +472,150 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { ], "additionalProperties": false }, + "FederationEntityMetadataPayload": { + "type": "object", + "properties": { + "federation_fetch_endpoint": { + "type": "string" + }, + "federation_list_endpoint": { + "type": "string" + }, + "federation_resolve_endpoint": { + "type": "string" + }, + "federation_trust_mark_status_endpoint": { + "type": "string" + }, + "federation_trust_mark_list_endpoint": { + "type": "string" + }, + "federation_trust_mark_endpoint": { + "type": "string" + }, + "federation_historical_keys_endpoint": { + "type": "string" + }, + "organization_name": { + "type": "string" + }, + "homepage_uri": { + "type": "string" + } + }, + "additionalProperties": false + }, + "JWKS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { + "type": "object", + "properties": { + "kty": { + "type": "string" + }, + "crv": { + "type": "string" + }, + "x": { + "type": "string" + }, + "y": { + "type": "string" + }, + "e": { + "type": "string" + }, + "n": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "d": { + "type": "string" + }, + "dp": { + "type": "string" + }, + "dq": { + "type": "string" + }, + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { + "type": "string" + } + }, + "additionalProperties": {} + }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts index 42961fb7..efbd7209 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts @@ -215,6 +215,72 @@ export const AuthorizationRequestPayloadVD12OID4VPD20SchemaObj = { {} ] }, + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_name": { "anyOf": [ { @@ -406,6 +472,150 @@ export const AuthorizationRequestPayloadVD12OID4VPD20SchemaObj = { ], "additionalProperties": false }, + "FederationEntityMetadataPayload": { + "type": "object", + "properties": { + "federation_fetch_endpoint": { + "type": "string" + }, + "federation_list_endpoint": { + "type": "string" + }, + "federation_resolve_endpoint": { + "type": "string" + }, + "federation_trust_mark_status_endpoint": { + "type": "string" + }, + "federation_trust_mark_list_endpoint": { + "type": "string" + }, + "federation_trust_mark_endpoint": { + "type": "string" + }, + "federation_historical_keys_endpoint": { + "type": "string" + }, + "organization_name": { + "type": "string" + }, + "homepage_uri": { + "type": "string" + } + }, + "additionalProperties": false + }, + "JWKS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { + "type": "object", + "properties": { + "kty": { + "type": "string" + }, + "crv": { + "type": "string" + }, + "x": { + "type": "string" + }, + "y": { + "type": "string" + }, + "e": { + "type": "string" + }, + "n": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "d": { + "type": "string" + }, + "dp": { + "type": "string" + }, + "dq": { + "type": "string" + }, + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { + "type": "string" + } + }, + "additionalProperties": {} + }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts index 0b78c774..c0573572 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts @@ -181,6 +181,72 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { {} ] }, + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_name": { "anyOf": [ { @@ -372,6 +438,150 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { ], "additionalProperties": false }, + "FederationEntityMetadataPayload": { + "type": "object", + "properties": { + "federation_fetch_endpoint": { + "type": "string" + }, + "federation_list_endpoint": { + "type": "string" + }, + "federation_resolve_endpoint": { + "type": "string" + }, + "federation_trust_mark_status_endpoint": { + "type": "string" + }, + "federation_trust_mark_list_endpoint": { + "type": "string" + }, + "federation_trust_mark_endpoint": { + "type": "string" + }, + "federation_historical_keys_endpoint": { + "type": "string" + }, + "organization_name": { + "type": "string" + }, + "homepage_uri": { + "type": "string" + } + }, + "additionalProperties": false + }, + "JWKS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { + "type": "object", + "properties": { + "kty": { + "type": "string" + }, + "crv": { + "type": "string" + }, + "x": { + "type": "string" + }, + "y": { + "type": "string" + }, + "e": { + "type": "string" + }, + "n": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "d": { + "type": "string" + }, + "dp": { + "type": "string" + }, + "dq": { + "type": "string" + }, + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { + "type": "string" + } + }, + "additionalProperties": {} + }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts index ffb4eee2..0cb365d1 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts @@ -431,6 +431,72 @@ export const AuthorizationResponseOptsSchemaObj = { "opTosUri": { "type": "string" }, + "federationEntity": { + "$ref": "#/definitions/FederationEntityMetadataOpts" + }, + "openidCredentialVerifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_id": { "type": "string" }, @@ -500,6 +566,7 @@ export const AuthorizationResponseOptsSchemaObj = { } }, "required": [ + "openidCredentialVerifier", "passBy" ] }, @@ -866,6 +933,72 @@ export const AuthorizationResponseOptsSchemaObj = { "opTosUri": { "type": "string" }, + "federationEntity": { + "$ref": "#/definitions/FederationEntityMetadataOpts" + }, + "openidCredentialVerifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_id": { "type": "string" }, @@ -929,6 +1062,7 @@ export const AuthorizationResponseOptsSchemaObj = { } }, "required": [ + "openidCredentialVerifier", "passBy" ] }, @@ -1295,6 +1429,72 @@ export const AuthorizationResponseOptsSchemaObj = { "opTosUri": { "type": "string" }, + "federationEntity": { + "$ref": "#/definitions/FederationEntityMetadataOpts" + }, + "openidCredentialVerifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "idTokenTypesSupported": { "anyOf": [ { @@ -1313,6 +1513,7 @@ export const AuthorizationResponseOptsSchemaObj = { } }, "required": [ + "openidCredentialVerifier", "passBy" ] } @@ -1449,116 +1650,38 @@ export const AuthorizationResponseOptsSchemaObj = { "distributed" ] }, - "JWKS": { + "FederationEntityMetadataOpts": { "type": "object", "properties": { - "keys": { - "type": "array", - "items": { - "$ref": "#/definitions/JWK" - } - } - }, - "required": [ - "keys" - ], - "additionalProperties": false - }, - "JWK": { - "type": "object", - "properties": { - "kty": { + "federationFetchEndpoint": { "type": "string" }, - "crv": { + "federationListEndpoint": { "type": "string" }, - "x": { - "type": "string" - }, - "y": { - "type": "string" - }, - "e": { + "federationResolveEndpoint": { "type": "string" }, - "n": { + "federationTrustMarkStatusEndpoint": { "type": "string" }, - "alg": { + "federationTrustMarkListEndpoint": { "type": "string" }, - "d": { + "federationTrustMarkEndpoint": { "type": "string" }, - "dp": { + "federationHistoricalKeysEndpoint": { "type": "string" }, - "dq": { + "organizationName": { "type": "string" }, - "ext": { - "type": "boolean" - }, - "k": { - "type": "string" - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "kid": { - "type": "string" - }, - "oth": { - "type": "array", - "items": { - "type": "object", - "properties": { - "d": { - "type": "string" - }, - "r": { - "type": "string" - }, - "t": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "qi": { - "type": "string" - }, - "use": { - "type": "string" - }, - "x5c": { - "type": "array", - "items": { - "type": "string" - } - }, - "x5t": { - "type": "string" - }, - "x5t#S256": { - "type": "string" - }, - "x5u": { + "homepageUri": { "type": "string" } }, - "additionalProperties": {} + "additionalProperties": false }, "Format": { "type": "object", @@ -1690,6 +1813,117 @@ export const AuthorizationResponseOptsSchemaObj = { ], "additionalProperties": false }, + "JWKS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { + "type": "object", + "properties": { + "kty": { + "type": "string" + }, + "crv": { + "type": "string" + }, + "x": { + "type": "string" + }, + "y": { + "type": "string" + }, + "e": { + "type": "string" + }, + "n": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "d": { + "type": "string" + }, + "dp": { + "type": "string" + }, + "dq": { + "type": "string" + }, + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { + "type": "string" + } + }, + "additionalProperties": {} + }, "IdTokenType": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts b/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts index ba4f744b..0e802b27 100644 --- a/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts @@ -355,6 +355,72 @@ export const DiscoveryMetadataPayloadSchemaObj = { "op_tos_uri": { "type": "string" }, + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "redirect_uris": { "type": "array", "items": { @@ -764,6 +830,72 @@ export const DiscoveryMetadataPayloadSchemaObj = { "op_tos_uri": { "type": "string" }, + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "redirect_uris": { "type": "array", "items": { @@ -1176,6 +1308,72 @@ export const DiscoveryMetadataPayloadSchemaObj = { "op_tos_uri": { "type": "string" }, + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "id_token_types_supported": { "anyOf": [ { @@ -1290,116 +1488,38 @@ export const DiscoveryMetadataPayloadSchemaObj = { "distributed" ] }, - "JWKS": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "$ref": "#/definitions/JWK" - } - } - }, - "required": [ - "keys" - ], - "additionalProperties": false - }, - "JWK": { + "FederationEntityMetadataPayload": { "type": "object", "properties": { - "kty": { - "type": "string" - }, - "crv": { - "type": "string" - }, - "x": { + "federation_fetch_endpoint": { "type": "string" }, - "y": { + "federation_list_endpoint": { "type": "string" }, - "e": { + "federation_resolve_endpoint": { "type": "string" }, - "n": { + "federation_trust_mark_status_endpoint": { "type": "string" }, - "alg": { + "federation_trust_mark_list_endpoint": { "type": "string" }, - "d": { + "federation_trust_mark_endpoint": { "type": "string" }, - "dp": { + "federation_historical_keys_endpoint": { "type": "string" }, - "dq": { + "organization_name": { "type": "string" }, - "ext": { - "type": "boolean" - }, - "k": { - "type": "string" - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "kid": { - "type": "string" - }, - "oth": { - "type": "array", - "items": { - "type": "object", - "properties": { - "d": { - "type": "string" - }, - "r": { - "type": "string" - }, - "t": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "qi": { - "type": "string" - }, - "use": { - "type": "string" - }, - "x5c": { - "type": "array", - "items": { - "type": "string" - } - }, - "x5t": { - "type": "string" - }, - "x5t#S256": { - "type": "string" - }, - "x5u": { + "homepage_uri": { "type": "string" } }, - "additionalProperties": {} + "additionalProperties": false }, "Format": { "type": "object", @@ -1531,6 +1651,117 @@ export const DiscoveryMetadataPayloadSchemaObj = { ], "additionalProperties": false }, + "JWKS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { + "type": "object", + "properties": { + "kty": { + "type": "string" + }, + "crv": { + "type": "string" + }, + "x": { + "type": "string" + }, + "y": { + "type": "string" + }, + "e": { + "type": "string" + }, + "n": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "d": { + "type": "string" + }, + "dp": { + "type": "string" + }, + "dq": { + "type": "string" + }, + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { + "type": "string" + } + }, + "additionalProperties": {} + }, "IdTokenType": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts b/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts index f3b2f432..eba69a3b 100644 --- a/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts @@ -93,6 +93,72 @@ export const RPRegistrationMetadataPayloadSchemaObj = { {} ] }, + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_name": { "anyOf": [ { @@ -283,6 +349,150 @@ export const RPRegistrationMetadataPayloadSchemaObj = { "alg" ], "additionalProperties": false + }, + "FederationEntityMetadataPayload": { + "type": "object", + "properties": { + "federation_fetch_endpoint": { + "type": "string" + }, + "federation_list_endpoint": { + "type": "string" + }, + "federation_resolve_endpoint": { + "type": "string" + }, + "federation_trust_mark_status_endpoint": { + "type": "string" + }, + "federation_trust_mark_list_endpoint": { + "type": "string" + }, + "federation_trust_mark_endpoint": { + "type": "string" + }, + "federation_historical_keys_endpoint": { + "type": "string" + }, + "organization_name": { + "type": "string" + }, + "homepage_uri": { + "type": "string" + } + }, + "additionalProperties": false + }, + "JWKS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { + "type": "object", + "properties": { + "kty": { + "type": "string" + }, + "crv": { + "type": "string" + }, + "x": { + "type": "string" + }, + "y": { + "type": "string" + }, + "e": { + "type": "string" + }, + "n": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "d": { + "type": "string" + }, + "dp": { + "type": "string" + }, + "dq": { + "type": "string" + }, + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { + "type": "string" + } + }, + "additionalProperties": {} } } }; \ No newline at end of file diff --git a/packages/siop-oid4vp/lib/types/SIOP.types.ts b/packages/siop-oid4vp/lib/types/SIOP.types.ts index 8648d9b4..21d3003f 100644 --- a/packages/siop-oid4vp/lib/types/SIOP.types.ts +++ b/packages/siop-oid4vp/lib/types/SIOP.types.ts @@ -276,6 +276,7 @@ interface DiscoveryMetadataCommonOpts { opPolicyUri?: string // from openid connect discovery 1_0 opTosUri?: string // from openid connect discovery 1_0 federationEntity?: FederationEntityMetadataOpts + openidCredentialVerifier: DynamicRegistrationClientMetadata & { vp_formats: Format } // eslint-disable-next-line @typescript-eslint/no-explicit-any [x: string]: any } @@ -383,6 +384,7 @@ interface DiscoveryMetadataCommonPayload { op_policy_uri?: string op_tos_uri?: string federation_entity?: FederationEntityMetadataPayload + openid_credential_verifier?: DynamicRegistrationClientMetadata & { vp_formats: Format } // eslint-disable-next-line @typescript-eslint/no-explicit-any [x: string]: any @@ -423,6 +425,8 @@ export type RPRegistrationMetadataOpts = Partial< | 'subjectTypesSupported' | 'subject_syntax_types_supported' | 'vpFormatsSupported' + | 'federationEntity' + | 'openidCredentialVerifier' | 'clientName' | 'logo_uri' | 'tos_uri' @@ -443,6 +447,8 @@ export type RPRegistrationMetadataPayload = Pick< | 'subject_types_supported' | 'subject_syntax_types_supported' | 'vp_formats' + | 'federation_entity' + | 'openid_credential_verifier' | 'client_name' | 'logo_uri' | 'client_purpose' From 70893501363a63c9e9cd1b6e06d667683111f248 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Wed, 20 Nov 2024 16:28:07 +0100 Subject: [PATCH 03/13] chore: Added openid_credential_issuer. oauth_authorization_server and openid_wallet_provider into the client registration metadata --- .../lib/types/ServerMetadata.ts | 42 +- .../oid4vci-common/lib/types/v1_0_13.types.ts | 39 +- .../AuthorizationRequestPayloadVD11.schema.ts | 266 +++++------ ...ationRequestPayloadVD12OID4VPD18.schema.ts | 266 +++++------ ...ationRequestPayloadVD12OID4VPD20.schema.ts | 266 +++++------ .../AuthorizationRequestPayloadVID1.schema.ts | 266 +++++------ .../AuthorizationResponseOpts.schema.ts | 412 ++++-------------- .../DiscoveryMetadataPayload.schema.ts | 409 ++++------------- .../RPRegistrationMetadataPayload.schema.ts | 266 +++++------ packages/siop-oid4vp/lib/types/SIOP.types.ts | 66 +-- pnpm-lock.yaml | 16 +- 11 files changed, 948 insertions(+), 1366 deletions(-) diff --git a/packages/oid4vci-common/lib/types/ServerMetadata.ts b/packages/oid4vci-common/lib/types/ServerMetadata.ts index b8f6208c..4ff9c116 100644 --- a/packages/oid4vci-common/lib/types/ServerMetadata.ts +++ b/packages/oid4vci-common/lib/types/ServerMetadata.ts @@ -78,9 +78,43 @@ export type RevocationEndpointAuthSigningAlg = export type PKCECodeChallengeMethod = | 'plain' - | 'S256'; + | 'S256'; + +export interface FederationEntityMetadata { + federation_fetch_endpoint?: string; + federation_list_endpoint?: string; + federation_resolve_endpoint?: string; + federation_trust_mark_status_endpoint?: string; + federation_trust_mark_list_endpoint?: string; + federation_trust_mark_endpoint?: string; + federation_historical_keys_endpoint?: string; + organization_name?: string; + homepage_uri?: string; +} + +export interface JwtObject { + alg_values_supported?: Array +} + +export interface FormatSupported { + jwt?: JwtObject; + jwt_vc?: JwtObject; + jwt_vc_json?: JwtObject; + jwt_vp?: JwtObject; + jwt_vp_json?: JwtObject; +} + +export type WalletMetadata = { + presentation_definition_uri_supported?: boolean + vp_formats_supported?: FormatSupported +} + +export type OpenIDWalletProviderMetadata = { + federation_entity?: FederationEntityMetadata + openid_wallet_provider?: AuthorizationServerMetadata & WalletMetadata +} -export interface AuthorizationServerMetadata extends DynamicRegistrationClientMetadata { +export interface AuthorizationServerMetadata extends DynamicRegistrationClientMetadata, OpenIDWalletProviderMetadata { issuer: string; authorization_endpoint?: string; token_endpoint?: string; @@ -159,7 +193,9 @@ export const authorizationServerMetadataFieldNames: Array; // REQUIRED. A JSON object containing a list of key value pairs, where the key is a string serving as an abstract identifier of the Credential. This identifier is RECOMMENDED to be collision resistant - it can be globally unique, but does not have to be when naming conflicts are unlikely to arise in a given use case. The value is a JSON object. The JSON object MUST conform to the structure of the Section 11.2.1. credential_issuer: string; // A Credential Issuer is identified by a case sensitive URL using the https scheme that contains scheme, host and, optionally, port number and path components, but no query or fragment components. credential_endpoint: string; // REQUIRED. URL of the OP's Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. @@ -189,19 +194,13 @@ export interface CredentialOfferPayloadV1_0_13 { client_id?: string; } -export interface FederationEntityMetadataOpts { - federation_fetch_endpoint?: string - federation_list_endpoint?: string - federation_resolve_endpoint?: string - federation_trust_mark_status_endpoint?: string - federation_trust_mark_list_endpoint?: string - federation_trust_mark_endpoint?: string - federation_historical_keys_endpoint?: string - organization_name?: string - homepage_uri?: string -} +export type OpenIDCredentialIssuer = { + federation_entity?: FederationEntityMetadata; + openid_credential_issuer?: DynamicRegistrationClientMetadata & { openid_credential_offer?: string }; + oauth_server_metadata?: AuthorizationServerMetadata +}; -export interface CredentialIssuerMetadataOptsV1_0_13 { +export interface CredentialIssuerMetadataOptsV1_0_13 extends OpenIDCredentialIssuer { credential_endpoint: string; // REQUIRED. URL of the Credential Issuer's Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. batch_credential_endpoint?: string; // OPTIONAL. URL of the Credential Issuer's Batch Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. If omitted, the Credential Issuer does not support the Batch Credential Endpoint. deferred_credential_endpoint?: string; // OPTIONAL. URL of the Credential Issuer's Deferred Credential Endpoint, as defined in Section 9. This URL MUST use the https scheme and MAY contain port, path, and query parameter components. If omitted, the Credential Issuer does not support the Deferred Credential Endpoint. @@ -217,7 +216,6 @@ export interface CredentialIssuerMetadataOptsV1_0_13 { //todo: these two are not mentioned in the spec token_endpoint?: string; credential_supplier_config?: CredentialSupplierConfig; - federation_entity?: FederationEntityMetadataOpts } // These can be used be a reducer @@ -240,9 +238,10 @@ export const credentialIssuerMetadataFieldNames: Array { +export interface CredentialIssuerMetadataV1_0_13 extends CredentialIssuerMetadataOptsV1_0_13 , Partial, OpenIDCredentialIssuer{ authorization_servers?: string[]; // OPTIONAL. Array of strings that identify the OAuth 2.0 Authorization Servers (as defined in [RFC8414]) the Credential Issuer relies on for authorization. If this element is omitted, the entity providing the Credential Issuer is also acting as the AS, i.e. the Credential Issuer's identifier is used as the OAuth 2.0 Issuer value to obtain the Authorization Server metadata as per [RFC8414]. credential_endpoint: string; // REQUIRED. URL of the Credential Issuer's Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. credential_configurations_supported: Record; // REQUIRED. A JSON array containing a list of JSON objects, each of them representing metadata about a separate credential type that the Credential Issuer can issue. The JSON objects in the array MUST conform to the structure of the Section 10.2.3.1. diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts index f863fe85..f91f842e 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts @@ -122,6 +122,72 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { "RPRegistrationMetadataPayload": { "type": "object", "properties": { + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_id": { "anyOf": [ { @@ -209,72 +275,6 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { {} ] }, - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_name": { "anyOf": [ { @@ -301,40 +301,38 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { } } }, - "SigningAlgo": { - "type": "string", - "enum": [ - "EdDSA", - "RS256", - "PS256", - "ES256", - "ES256K" - ] - }, - "ResponseType": { - "type": "string", - "enum": [ - "id_token", - "vp_token" - ] - }, - "Scope": { - "type": "string", - "enum": [ - "openid", - "openid did_authn", - "profile", - "email", - "address", - "phone" - ] - }, - "SubjectType": { - "type": "string", - "enum": [ - "public", - "pairwise" - ] + "FederationEntityMetadataPayload": { + "type": "object", + "properties": { + "federation_fetch_endpoint": { + "type": "string" + }, + "federation_list_endpoint": { + "type": "string" + }, + "federation_resolve_endpoint": { + "type": "string" + }, + "federation_trust_mark_status_endpoint": { + "type": "string" + }, + "federation_trust_mark_list_endpoint": { + "type": "string" + }, + "federation_trust_mark_endpoint": { + "type": "string" + }, + "federation_historical_keys_endpoint": { + "type": "string" + }, + "organization_name": { + "type": "string" + }, + "homepage_uri": { + "type": "string" + } + }, + "additionalProperties": false }, "Format": { "type": "object", @@ -466,39 +464,6 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { ], "additionalProperties": false }, - "FederationEntityMetadataPayload": { - "type": "object", - "properties": { - "federation_fetch_endpoint": { - "type": "string" - }, - "federation_list_endpoint": { - "type": "string" - }, - "federation_resolve_endpoint": { - "type": "string" - }, - "federation_trust_mark_status_endpoint": { - "type": "string" - }, - "federation_trust_mark_list_endpoint": { - "type": "string" - }, - "federation_trust_mark_endpoint": { - "type": "string" - }, - "federation_historical_keys_endpoint": { - "type": "string" - }, - "organization_name": { - "type": "string" - }, - "homepage_uri": { - "type": "string" - } - }, - "additionalProperties": false - }, "JWKS": { "type": "object", "properties": { @@ -610,6 +575,41 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { }, "additionalProperties": {} }, + "SigningAlgo": { + "type": "string", + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] + }, + "ResponseType": { + "type": "string", + "enum": [ + "id_token", + "vp_token" + ] + }, + "Scope": { + "type": "string", + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] + }, + "SubjectType": { + "type": "string", + "enum": [ + "public", + "pairwise" + ] + }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts index 70b075d6..5de0ba32 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts @@ -128,6 +128,72 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { "RPRegistrationMetadataPayload": { "type": "object", "properties": { + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_id": { "anyOf": [ { @@ -215,72 +281,6 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { {} ] }, - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_name": { "anyOf": [ { @@ -307,40 +307,38 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { } } }, - "SigningAlgo": { - "type": "string", - "enum": [ - "EdDSA", - "RS256", - "PS256", - "ES256", - "ES256K" - ] - }, - "ResponseType": { - "type": "string", - "enum": [ - "id_token", - "vp_token" - ] - }, - "Scope": { - "type": "string", - "enum": [ - "openid", - "openid did_authn", - "profile", - "email", - "address", - "phone" - ] - }, - "SubjectType": { - "type": "string", - "enum": [ - "public", - "pairwise" - ] + "FederationEntityMetadataPayload": { + "type": "object", + "properties": { + "federation_fetch_endpoint": { + "type": "string" + }, + "federation_list_endpoint": { + "type": "string" + }, + "federation_resolve_endpoint": { + "type": "string" + }, + "federation_trust_mark_status_endpoint": { + "type": "string" + }, + "federation_trust_mark_list_endpoint": { + "type": "string" + }, + "federation_trust_mark_endpoint": { + "type": "string" + }, + "federation_historical_keys_endpoint": { + "type": "string" + }, + "organization_name": { + "type": "string" + }, + "homepage_uri": { + "type": "string" + } + }, + "additionalProperties": false }, "Format": { "type": "object", @@ -472,39 +470,6 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { ], "additionalProperties": false }, - "FederationEntityMetadataPayload": { - "type": "object", - "properties": { - "federation_fetch_endpoint": { - "type": "string" - }, - "federation_list_endpoint": { - "type": "string" - }, - "federation_resolve_endpoint": { - "type": "string" - }, - "federation_trust_mark_status_endpoint": { - "type": "string" - }, - "federation_trust_mark_list_endpoint": { - "type": "string" - }, - "federation_trust_mark_endpoint": { - "type": "string" - }, - "federation_historical_keys_endpoint": { - "type": "string" - }, - "organization_name": { - "type": "string" - }, - "homepage_uri": { - "type": "string" - } - }, - "additionalProperties": false - }, "JWKS": { "type": "object", "properties": { @@ -616,6 +581,41 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { }, "additionalProperties": {} }, + "SigningAlgo": { + "type": "string", + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] + }, + "ResponseType": { + "type": "string", + "enum": [ + "id_token", + "vp_token" + ] + }, + "Scope": { + "type": "string", + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] + }, + "SubjectType": { + "type": "string", + "enum": [ + "public", + "pairwise" + ] + }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts index efbd7209..2d706bdb 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts @@ -128,6 +128,72 @@ export const AuthorizationRequestPayloadVD12OID4VPD20SchemaObj = { "RPRegistrationMetadataPayload": { "type": "object", "properties": { + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_id": { "anyOf": [ { @@ -215,72 +281,6 @@ export const AuthorizationRequestPayloadVD12OID4VPD20SchemaObj = { {} ] }, - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_name": { "anyOf": [ { @@ -307,40 +307,38 @@ export const AuthorizationRequestPayloadVD12OID4VPD20SchemaObj = { } } }, - "SigningAlgo": { - "type": "string", - "enum": [ - "EdDSA", - "RS256", - "PS256", - "ES256", - "ES256K" - ] - }, - "ResponseType": { - "type": "string", - "enum": [ - "id_token", - "vp_token" - ] - }, - "Scope": { - "type": "string", - "enum": [ - "openid", - "openid did_authn", - "profile", - "email", - "address", - "phone" - ] - }, - "SubjectType": { - "type": "string", - "enum": [ - "public", - "pairwise" - ] + "FederationEntityMetadataPayload": { + "type": "object", + "properties": { + "federation_fetch_endpoint": { + "type": "string" + }, + "federation_list_endpoint": { + "type": "string" + }, + "federation_resolve_endpoint": { + "type": "string" + }, + "federation_trust_mark_status_endpoint": { + "type": "string" + }, + "federation_trust_mark_list_endpoint": { + "type": "string" + }, + "federation_trust_mark_endpoint": { + "type": "string" + }, + "federation_historical_keys_endpoint": { + "type": "string" + }, + "organization_name": { + "type": "string" + }, + "homepage_uri": { + "type": "string" + } + }, + "additionalProperties": false }, "Format": { "type": "object", @@ -472,39 +470,6 @@ export const AuthorizationRequestPayloadVD12OID4VPD20SchemaObj = { ], "additionalProperties": false }, - "FederationEntityMetadataPayload": { - "type": "object", - "properties": { - "federation_fetch_endpoint": { - "type": "string" - }, - "federation_list_endpoint": { - "type": "string" - }, - "federation_resolve_endpoint": { - "type": "string" - }, - "federation_trust_mark_status_endpoint": { - "type": "string" - }, - "federation_trust_mark_list_endpoint": { - "type": "string" - }, - "federation_trust_mark_endpoint": { - "type": "string" - }, - "federation_historical_keys_endpoint": { - "type": "string" - }, - "organization_name": { - "type": "string" - }, - "homepage_uri": { - "type": "string" - } - }, - "additionalProperties": false - }, "JWKS": { "type": "object", "properties": { @@ -616,6 +581,41 @@ export const AuthorizationRequestPayloadVD12OID4VPD20SchemaObj = { }, "additionalProperties": {} }, + "SigningAlgo": { + "type": "string", + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] + }, + "ResponseType": { + "type": "string", + "enum": [ + "id_token", + "vp_token" + ] + }, + "Scope": { + "type": "string", + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] + }, + "SubjectType": { + "type": "string", + "enum": [ + "public", + "pairwise" + ] + }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts index c0573572..dcfda501 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts @@ -94,6 +94,72 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { "RPRegistrationMetadataPayload": { "type": "object", "properties": { + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_id": { "anyOf": [ { @@ -181,72 +247,6 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { {} ] }, - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_name": { "anyOf": [ { @@ -273,40 +273,38 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { } } }, - "SigningAlgo": { - "type": "string", - "enum": [ - "EdDSA", - "RS256", - "PS256", - "ES256", - "ES256K" - ] - }, - "ResponseType": { - "type": "string", - "enum": [ - "id_token", - "vp_token" - ] - }, - "Scope": { - "type": "string", - "enum": [ - "openid", - "openid did_authn", - "profile", - "email", - "address", - "phone" - ] - }, - "SubjectType": { - "type": "string", - "enum": [ - "public", - "pairwise" - ] + "FederationEntityMetadataPayload": { + "type": "object", + "properties": { + "federation_fetch_endpoint": { + "type": "string" + }, + "federation_list_endpoint": { + "type": "string" + }, + "federation_resolve_endpoint": { + "type": "string" + }, + "federation_trust_mark_status_endpoint": { + "type": "string" + }, + "federation_trust_mark_list_endpoint": { + "type": "string" + }, + "federation_trust_mark_endpoint": { + "type": "string" + }, + "federation_historical_keys_endpoint": { + "type": "string" + }, + "organization_name": { + "type": "string" + }, + "homepage_uri": { + "type": "string" + } + }, + "additionalProperties": false }, "Format": { "type": "object", @@ -438,39 +436,6 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { ], "additionalProperties": false }, - "FederationEntityMetadataPayload": { - "type": "object", - "properties": { - "federation_fetch_endpoint": { - "type": "string" - }, - "federation_list_endpoint": { - "type": "string" - }, - "federation_resolve_endpoint": { - "type": "string" - }, - "federation_trust_mark_status_endpoint": { - "type": "string" - }, - "federation_trust_mark_list_endpoint": { - "type": "string" - }, - "federation_trust_mark_endpoint": { - "type": "string" - }, - "federation_historical_keys_endpoint": { - "type": "string" - }, - "organization_name": { - "type": "string" - }, - "homepage_uri": { - "type": "string" - } - }, - "additionalProperties": false - }, "JWKS": { "type": "object", "properties": { @@ -582,6 +547,41 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { }, "additionalProperties": {} }, + "SigningAlgo": { + "type": "string", + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] + }, + "ResponseType": { + "type": "string", + "enum": [ + "id_token", + "vp_token" + ] + }, + "Scope": { + "type": "string", + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] + }, + "SubjectType": { + "type": "string", + "enum": [ + "public", + "pairwise" + ] + }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts index 0cb365d1..ffb4eee2 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts @@ -431,72 +431,6 @@ export const AuthorizationResponseOptsSchemaObj = { "opTosUri": { "type": "string" }, - "federationEntity": { - "$ref": "#/definitions/FederationEntityMetadataOpts" - }, - "openidCredentialVerifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_id": { "type": "string" }, @@ -566,7 +500,6 @@ export const AuthorizationResponseOptsSchemaObj = { } }, "required": [ - "openidCredentialVerifier", "passBy" ] }, @@ -933,72 +866,6 @@ export const AuthorizationResponseOptsSchemaObj = { "opTosUri": { "type": "string" }, - "federationEntity": { - "$ref": "#/definitions/FederationEntityMetadataOpts" - }, - "openidCredentialVerifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_id": { "type": "string" }, @@ -1062,7 +929,6 @@ export const AuthorizationResponseOptsSchemaObj = { } }, "required": [ - "openidCredentialVerifier", "passBy" ] }, @@ -1429,72 +1295,6 @@ export const AuthorizationResponseOptsSchemaObj = { "opTosUri": { "type": "string" }, - "federationEntity": { - "$ref": "#/definitions/FederationEntityMetadataOpts" - }, - "openidCredentialVerifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "idTokenTypesSupported": { "anyOf": [ { @@ -1513,7 +1313,6 @@ export const AuthorizationResponseOptsSchemaObj = { } }, "required": [ - "openidCredentialVerifier", "passBy" ] } @@ -1650,38 +1449,116 @@ export const AuthorizationResponseOptsSchemaObj = { "distributed" ] }, - "FederationEntityMetadataOpts": { + "JWKS": { "type": "object", "properties": { - "federationFetchEndpoint": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { + "type": "object", + "properties": { + "kty": { "type": "string" }, - "federationListEndpoint": { + "crv": { "type": "string" }, - "federationResolveEndpoint": { + "x": { + "type": "string" + }, + "y": { + "type": "string" + }, + "e": { "type": "string" }, - "federationTrustMarkStatusEndpoint": { + "n": { "type": "string" }, - "federationTrustMarkListEndpoint": { + "alg": { "type": "string" }, - "federationTrustMarkEndpoint": { + "d": { "type": "string" }, - "federationHistoricalKeysEndpoint": { + "dp": { "type": "string" }, - "organizationName": { + "dq": { "type": "string" }, - "homepageUri": { + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { "type": "string" } }, - "additionalProperties": false + "additionalProperties": {} }, "Format": { "type": "object", @@ -1813,117 +1690,6 @@ export const AuthorizationResponseOptsSchemaObj = { ], "additionalProperties": false }, - "JWKS": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "$ref": "#/definitions/JWK" - } - } - }, - "required": [ - "keys" - ], - "additionalProperties": false - }, - "JWK": { - "type": "object", - "properties": { - "kty": { - "type": "string" - }, - "crv": { - "type": "string" - }, - "x": { - "type": "string" - }, - "y": { - "type": "string" - }, - "e": { - "type": "string" - }, - "n": { - "type": "string" - }, - "alg": { - "type": "string" - }, - "d": { - "type": "string" - }, - "dp": { - "type": "string" - }, - "dq": { - "type": "string" - }, - "ext": { - "type": "boolean" - }, - "k": { - "type": "string" - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "kid": { - "type": "string" - }, - "oth": { - "type": "array", - "items": { - "type": "object", - "properties": { - "d": { - "type": "string" - }, - "r": { - "type": "string" - }, - "t": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "qi": { - "type": "string" - }, - "use": { - "type": "string" - }, - "x5c": { - "type": "array", - "items": { - "type": "string" - } - }, - "x5t": { - "type": "string" - }, - "x5t#S256": { - "type": "string" - }, - "x5u": { - "type": "string" - } - }, - "additionalProperties": {} - }, "IdTokenType": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts b/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts index 0e802b27..ba4f744b 100644 --- a/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts @@ -355,72 +355,6 @@ export const DiscoveryMetadataPayloadSchemaObj = { "op_tos_uri": { "type": "string" }, - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "redirect_uris": { "type": "array", "items": { @@ -830,72 +764,6 @@ export const DiscoveryMetadataPayloadSchemaObj = { "op_tos_uri": { "type": "string" }, - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "redirect_uris": { "type": "array", "items": { @@ -1308,72 +1176,6 @@ export const DiscoveryMetadataPayloadSchemaObj = { "op_tos_uri": { "type": "string" }, - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "id_token_types_supported": { "anyOf": [ { @@ -1488,38 +1290,116 @@ export const DiscoveryMetadataPayloadSchemaObj = { "distributed" ] }, - "FederationEntityMetadataPayload": { + "JWKS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { "type": "object", "properties": { - "federation_fetch_endpoint": { + "kty": { + "type": "string" + }, + "crv": { + "type": "string" + }, + "x": { "type": "string" }, - "federation_list_endpoint": { + "y": { "type": "string" }, - "federation_resolve_endpoint": { + "e": { "type": "string" }, - "federation_trust_mark_status_endpoint": { + "n": { "type": "string" }, - "federation_trust_mark_list_endpoint": { + "alg": { "type": "string" }, - "federation_trust_mark_endpoint": { + "d": { "type": "string" }, - "federation_historical_keys_endpoint": { + "dp": { "type": "string" }, - "organization_name": { + "dq": { "type": "string" }, - "homepage_uri": { + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { "type": "string" } }, - "additionalProperties": false + "additionalProperties": {} }, "Format": { "type": "object", @@ -1651,117 +1531,6 @@ export const DiscoveryMetadataPayloadSchemaObj = { ], "additionalProperties": false }, - "JWKS": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "$ref": "#/definitions/JWK" - } - } - }, - "required": [ - "keys" - ], - "additionalProperties": false - }, - "JWK": { - "type": "object", - "properties": { - "kty": { - "type": "string" - }, - "crv": { - "type": "string" - }, - "x": { - "type": "string" - }, - "y": { - "type": "string" - }, - "e": { - "type": "string" - }, - "n": { - "type": "string" - }, - "alg": { - "type": "string" - }, - "d": { - "type": "string" - }, - "dp": { - "type": "string" - }, - "dq": { - "type": "string" - }, - "ext": { - "type": "boolean" - }, - "k": { - "type": "string" - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "kid": { - "type": "string" - }, - "oth": { - "type": "array", - "items": { - "type": "object", - "properties": { - "d": { - "type": "string" - }, - "r": { - "type": "string" - }, - "t": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "qi": { - "type": "string" - }, - "use": { - "type": "string" - }, - "x5c": { - "type": "array", - "items": { - "type": "string" - } - }, - "x5t": { - "type": "string" - }, - "x5t#S256": { - "type": "string" - }, - "x5u": { - "type": "string" - } - }, - "additionalProperties": {} - }, "IdTokenType": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts b/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts index eba69a3b..3d2b5028 100644 --- a/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts @@ -6,6 +6,72 @@ export const RPRegistrationMetadataPayloadSchemaObj = { "RPRegistrationMetadataPayload": { "type": "object", "properties": { + "federation_entity": { + "$ref": "#/definitions/FederationEntityMetadataPayload" + }, + "openid_credential_verifier": { + "type": "object", + "additionalProperties": false, + "properties": { + "vp_formats": { + "$ref": "#/definitions/Format" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + } + }, + "required": [ + "vp_formats" + ] + }, "client_id": { "anyOf": [ { @@ -93,72 +159,6 @@ export const RPRegistrationMetadataPayloadSchemaObj = { {} ] }, - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_name": { "anyOf": [ { @@ -185,40 +185,38 @@ export const RPRegistrationMetadataPayloadSchemaObj = { } } }, - "SigningAlgo": { - "type": "string", - "enum": [ - "EdDSA", - "RS256", - "PS256", - "ES256", - "ES256K" - ] - }, - "ResponseType": { - "type": "string", - "enum": [ - "id_token", - "vp_token" - ] - }, - "Scope": { - "type": "string", - "enum": [ - "openid", - "openid did_authn", - "profile", - "email", - "address", - "phone" - ] - }, - "SubjectType": { - "type": "string", - "enum": [ - "public", - "pairwise" - ] + "FederationEntityMetadataPayload": { + "type": "object", + "properties": { + "federation_fetch_endpoint": { + "type": "string" + }, + "federation_list_endpoint": { + "type": "string" + }, + "federation_resolve_endpoint": { + "type": "string" + }, + "federation_trust_mark_status_endpoint": { + "type": "string" + }, + "federation_trust_mark_list_endpoint": { + "type": "string" + }, + "federation_trust_mark_endpoint": { + "type": "string" + }, + "federation_historical_keys_endpoint": { + "type": "string" + }, + "organization_name": { + "type": "string" + }, + "homepage_uri": { + "type": "string" + } + }, + "additionalProperties": false }, "Format": { "type": "object", @@ -350,39 +348,6 @@ export const RPRegistrationMetadataPayloadSchemaObj = { ], "additionalProperties": false }, - "FederationEntityMetadataPayload": { - "type": "object", - "properties": { - "federation_fetch_endpoint": { - "type": "string" - }, - "federation_list_endpoint": { - "type": "string" - }, - "federation_resolve_endpoint": { - "type": "string" - }, - "federation_trust_mark_status_endpoint": { - "type": "string" - }, - "federation_trust_mark_list_endpoint": { - "type": "string" - }, - "federation_trust_mark_endpoint": { - "type": "string" - }, - "federation_historical_keys_endpoint": { - "type": "string" - }, - "organization_name": { - "type": "string" - }, - "homepage_uri": { - "type": "string" - } - }, - "additionalProperties": false - }, "JWKS": { "type": "object", "properties": { @@ -493,6 +458,41 @@ export const RPRegistrationMetadataPayloadSchemaObj = { } }, "additionalProperties": {} + }, + "SigningAlgo": { + "type": "string", + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] + }, + "ResponseType": { + "type": "string", + "enum": [ + "id_token", + "vp_token" + ] + }, + "Scope": { + "type": "string", + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] + }, + "SubjectType": { + "type": "string", + "enum": [ + "public", + "pairwise" + ] } } }; \ No newline at end of file diff --git a/packages/siop-oid4vp/lib/types/SIOP.types.ts b/packages/siop-oid4vp/lib/types/SIOP.types.ts index 21d3003f..51527b3b 100644 --- a/packages/siop-oid4vp/lib/types/SIOP.types.ts +++ b/packages/siop-oid4vp/lib/types/SIOP.types.ts @@ -1,6 +1,10 @@ // noinspection JSUnusedGlobalSymbols import { JarmClientMetadata } from '@sphereon/jarm' -import { DynamicRegistrationClientMetadata, JWKS, SigningAlgo } from '@sphereon/oid4vc-common' +import { + DynamicRegistrationClientMetadata, + JWKS, + SigningAlgo +} from '@sphereon/oid4vc-common' import { Format, PresentationDefinitionV1, PresentationDefinitionV2 } from '@sphereon/pex-models' import { AdditionalClaims, @@ -11,22 +15,28 @@ import { PresentationSubmission, W3CVerifiableCredential, W3CVerifiablePresentation, - WrappedVerifiablePresentation, + WrappedVerifiablePresentation } from '@sphereon/ssi-types' -import { AuthorizationRequest, CreateAuthorizationRequestOpts, PropertyTargets, VerifyAuthorizationRequestOpts } from '../authorization-request' +import { + AuthorizationRequest, + CreateAuthorizationRequestOpts, + PropertyTargets, + VerifyAuthorizationRequestOpts +} from '../authorization-request' import { AuthorizationResponse, AuthorizationResponseOpts, PresentationDefinitionWithLocation, PresentationVerificationCallback, - VerifyAuthorizationResponseOpts, + VerifyAuthorizationResponseOpts } from '../authorization-response' -import { JwksMetadataParams } from '../helpers/ExtractJwks' +import { JwksMetadataParams } from '../helpers' import { RequestObject, RequestObjectOpts } from '../request-object' import { IRPSessionManager } from '../rp' import { JWTPayload, VerifiedJWT } from './index' + export const DEFAULT_EXPIRATION_TIME = 10 * 60 // https://openid.net/specs/openid-connect-core-1_0.html#RequestObject @@ -220,6 +230,18 @@ export interface RequestStateInfo { iat?: number } +export interface FederationEntityMetadataPayload { + federation_fetch_endpoint?: string + federation_list_endpoint?: string + federation_resolve_endpoint?: string + federation_trust_mark_status_endpoint?: string + federation_trust_mark_list_endpoint?: string + federation_trust_mark_endpoint?: string + federation_historical_keys_endpoint?: string + organization_name?: string + homepage_uri?: string +} + export interface FederationEntityMetadataOpts { federationFetchEndpoint?: string federationListEndpoint?: string @@ -232,6 +254,16 @@ export interface FederationEntityMetadataOpts { homepageUri?: string } +export type OpenIDCredentialVerifierOpts = { + federationEntity?: FederationEntityMetadataOpts; + openidCredentialVerifier?: DynamicRegistrationClientMetadata & { vp_formats: Format }; +}; + +export type OpenIDCredentialVerifierPayload = { + federation_entity?: FederationEntityMetadataPayload; + openid_credential_verifier?: DynamicRegistrationClientMetadata & { vp_formats: Format }; +}; + interface DiscoveryMetadataCommonOpts { //TODO add the check: Mandatory if PassBy.Value authorizationEndpoint?: Schema | string @@ -275,8 +307,6 @@ interface DiscoveryMetadataCommonOpts { requireRequestUriRegistration?: boolean // from openid connect discovery 1_0 opPolicyUri?: string // from openid connect discovery 1_0 opTosUri?: string // from openid connect discovery 1_0 - federationEntity?: FederationEntityMetadataOpts - openidCredentialVerifier: DynamicRegistrationClientMetadata & { vp_formats: Format } // eslint-disable-next-line @typescript-eslint/no-explicit-any [x: string]: any } @@ -312,18 +342,6 @@ interface DiscoveryMetadataOptsVD11 extends DiscoveryMetadataCommonOpts { vpFormatsSupported?: Format // from oidc4vp } -export interface FederationEntityMetadataPayload { - federation_fetch_endpoint?: string - federation_list_endpoint?: string - federation_resolve_endpoint?: string - federation_trust_mark_status_endpoint?: string - federation_trust_mark_list_endpoint?: string - federation_trust_mark_endpoint?: string - federation_historical_keys_endpoint?: string - organization_name?: string - homepage_uri?: string -} - // https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#section-8.2 // https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata interface DiscoveryMetadataCommonPayload { @@ -383,8 +401,6 @@ interface DiscoveryMetadataCommonPayload { require_request_uri_registration?: boolean op_policy_uri?: string op_tos_uri?: string - federation_entity?: FederationEntityMetadataPayload - openid_credential_verifier?: DynamicRegistrationClientMetadata & { vp_formats: Format } // eslint-disable-next-line @typescript-eslint/no-explicit-any [x: string]: any @@ -425,14 +441,12 @@ export type RPRegistrationMetadataOpts = Partial< | 'subjectTypesSupported' | 'subject_syntax_types_supported' | 'vpFormatsSupported' - | 'federationEntity' - | 'openidCredentialVerifier' | 'clientName' | 'logo_uri' | 'tos_uri' | 'clientPurpose' > -> & { +> & OpenIDCredentialVerifierOpts & { // eslint-disable-next-line @typescript-eslint/no-explicit-any [x: string]: any } @@ -447,12 +461,10 @@ export type RPRegistrationMetadataPayload = Pick< | 'subject_types_supported' | 'subject_syntax_types_supported' | 'vp_formats' - | 'federation_entity' - | 'openid_credential_verifier' | 'client_name' | 'logo_uri' | 'client_purpose' -> & { +> & OpenIDCredentialVerifierPayload & { // eslint-disable-next-line @typescript-eslint/no-explicit-any [x: string]: any } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 7378a309..a3eb2823 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -76,7 +76,7 @@ importers: version: link:../issuer '@sphereon/ssi-types': specifier: 0.30.1 - version: 0.30.1(encoding@0.1.13)(ts-node@10.9.2(@types/node@18.19.54)(typescript@5.4.5)) + version: 0.30.1(encoding@0.1.13)(ts-node@10.9.2(@types/node@18.19.54)(typescript@5.5.3)) jose: specifier: ^4.10.0 version: 4.15.9 @@ -129,7 +129,7 @@ importers: devDependencies: '@sphereon/ssi-sdk-ext.key-utils': specifier: ^0.23.0 - version: 0.23.0(expo@48.0.21(@babel/core@7.25.2)(encoding@0.1.13))(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) + version: 0.23.0(expo@48.0.21(@babel/core@7.25.2)(encoding@0.1.13))(msrcrypto@1.5.8)(react-native-securerandom@1.0.1(react-native@0.71.19(@babel/core@7.25.2)(encoding@0.1.13)(react@18.3.1))) '@transmute/did-key.js': specifier: ^0.3.0-unstable.10 version: 0.3.0-unstable.10(encoding@0.1.13) @@ -10164,7 +10164,7 @@ snapshots: '@digitalcredentials/bnid@2.1.2(react-native@0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1))': dependencies: '@digitalcredentials/base58-universal': 1.0.1 - react-native-securerandom: 1.0.1(react-native@0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1)) + react-native-securerandom: 1.0.1(react-native@0.71.19(@babel/core@7.25.2)(encoding@0.1.13)(react@18.3.1)) yargs: 15.4.1 transitivePeerDependencies: - react-native @@ -11982,7 +11982,7 @@ snapshots: transitivePeerDependencies: - encoding - '@sphereon/isomorphic-webcrypto@2.4.1-unstable.0(expo@48.0.21(@babel/core@7.25.2)(encoding@0.1.13))(msrcrypto@1.5.8)(react-native-securerandom@1.0.1)': + '@sphereon/isomorphic-webcrypto@2.4.1-unstable.0(expo@48.0.21(@babel/core@7.25.2)(encoding@0.1.13))(msrcrypto@1.5.8)(react-native-securerandom@1.0.1(react-native@0.71.19(@babel/core@7.25.2)(encoding@0.1.13)(react@18.3.1)))': dependencies: '@peculiar/webcrypto': 1.5.0 asmcrypto.js: 2.3.2 @@ -12000,7 +12000,7 @@ snapshots: webcrypto-shim: 0.1.7 optionalDependencies: expo: 48.0.21(@babel/core@7.25.2)(encoding@0.1.13) - react-native-securerandom: 1.0.1(react-native@0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1)) + react-native-securerandom: 1.0.1(react-native@0.71.19(@babel/core@7.25.2)(encoding@0.1.13)(react@18.3.1)) '@sphereon/kmp-mdl-mdoc@0.2.0-SNAPSHOT.22': dependencies: @@ -12264,10 +12264,10 @@ snapshots: transitivePeerDependencies: - supports-color - '@sphereon/ssi-sdk-ext.key-utils@0.23.0(expo@48.0.21(@babel/core@7.25.2)(encoding@0.1.13))(msrcrypto@1.5.8)(react-native-securerandom@1.0.1)': + '@sphereon/ssi-sdk-ext.key-utils@0.23.0(expo@48.0.21(@babel/core@7.25.2)(encoding@0.1.13))(msrcrypto@1.5.8)(react-native-securerandom@1.0.1(react-native@0.71.19(@babel/core@7.25.2)(encoding@0.1.13)(react@18.3.1)))': dependencies: '@ethersproject/random': 5.7.0 - '@sphereon/isomorphic-webcrypto': 2.4.1-unstable.0(expo@48.0.21(@babel/core@7.25.2)(encoding@0.1.13))(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) + '@sphereon/isomorphic-webcrypto': 2.4.1-unstable.0(expo@48.0.21(@babel/core@7.25.2)(encoding@0.1.13))(msrcrypto@1.5.8)(react-native-securerandom@1.0.1(react-native@0.71.19(@babel/core@7.25.2)(encoding@0.1.13)(react@18.3.1))) '@stablelib/ed25519': 1.0.3 '@stablelib/sha256': 1.0.1 '@stablelib/sha512': 1.0.1 @@ -18726,7 +18726,7 @@ snapshots: react-native: 0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1) optional: true - react-native-securerandom@1.0.1(react-native@0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1)): + react-native-securerandom@1.0.1(react-native@0.71.19(@babel/core@7.25.2)(encoding@0.1.13)(react@18.3.1)): dependencies: base64-js: 1.5.1 react-native: 0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1) From 2f91ee2854a63c9633f7259d50e6c5b2b5fc085e Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Mon, 25 Nov 2024 13:35:19 +0100 Subject: [PATCH 04/13] chore: Resolve the OID Federation metadata oid4vp --- .../lib/authorization-request/URI.ts | 34 ++++++-- packages/siop-oid4vp/lib/op/OP.ts | 4 +- packages/siop-oid4vp/lib/op/OPBuilder.ts | 6 ++ packages/siop-oid4vp/package.json | 5 ++ pnpm-lock.yaml | 85 ++++++++++++++++++- 5 files changed, 123 insertions(+), 11 deletions(-) diff --git a/packages/siop-oid4vp/lib/authorization-request/URI.ts b/packages/siop-oid4vp/lib/authorization-request/URI.ts index 7aa04815..f1dceb2f 100644 --- a/packages/siop-oid4vp/lib/authorization-request/URI.ts +++ b/packages/siop-oid4vp/lib/authorization-request/URI.ts @@ -1,4 +1,5 @@ import { parseJWT } from '@sphereon/oid4vc-common' +import { FederationClient, TrustChainResolveResponse } from '@sphereon/openid-federation-client' import { PresentationExchange } from '../authorization-response/PresentationExchange' import { decodeUriAsJson, encodeJsonAsURI, fetchByReferenceOrUseByValue } from '../helpers' @@ -126,7 +127,6 @@ export class URI implements AuthorizationRequestURI { ...authorizationRequest.options.requestObject, version: authorizationRequest.options.version, uriScheme: authorizationRequest.options.uriScheme, - }, authorizationRequest.payload, authorizationRequest.requestObject, @@ -194,7 +194,8 @@ export class URI implements AuthorizationRequestURI { } } else { try { - scheme = (await authorizationRequest.getSupportedVersion()) === SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1 ? 'openid-vc://' : 'openid4vp://' + scheme = + (await authorizationRequest.getSupportedVersion()) === SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1 ? 'openid-vc://' : 'openid4vp://' } catch (error: unknown) { scheme = 'openid4vp://' } @@ -235,16 +236,35 @@ export class URI implements AuthorizationRequestURI { return { scheme, authorizationRequestPayload } } - public static async parseAndResolve(uri: string) { + public static async parseAndResolve(uri: string, trustChain?: Array) { if (!uri) { throw Error(SIOPErrors.BAD_PARAMS) } const { authorizationRequestPayload, scheme } = this.parse(uri) + const requestObjectJwt = await fetchByReferenceOrUseByValue(authorizationRequestPayload.request_uri, authorizationRequestPayload.request, true) - const registrationMetadata: RPRegistrationMetadataPayload = await fetchByReferenceOrUseByValue( - authorizationRequestPayload['client_metadata_uri'] ?? authorizationRequestPayload['registration_uri'], - authorizationRequestPayload['client_metadata'] ?? authorizationRequestPayload['registration'], - ) + let registrationMetadata: RPRegistrationMetadataPayload + if (trustChain !== undefined && trustChain !== null) { + const fedClient = new FederationClient(null, null) + const resolvedTrustChain: TrustChainResolveResponse = await fedClient.resolveTrustChain( + authorizationRequestPayload['client_metadata_uri'], + trustChain, + ) + if (resolvedTrustChain !== null && resolvedTrustChain !== undefined) { + const clientMetadata = resolvedTrustChain.trustChain.asJsReadonlyArrayView()[1] + const subordinateStatement = JSON.parse(Buffer.from(clientMetadata.split('.')[1]).toString('base64url')) + registrationMetadata = {} + registrationMetadata.federation_entity = subordinateStatement.federationEntity + registrationMetadata.openid_credential_verifier = subordinateStatement.openIdRelyingParty + } else { + throw new Error('Cannot resolve OID Federation metadata') + } + } else { + registrationMetadata = await fetchByReferenceOrUseByValue( + authorizationRequestPayload['client_metadata_uri'] ?? authorizationRequestPayload['registration_uri'], + authorizationRequestPayload['client_metadata'] ?? authorizationRequestPayload['registration'], + ) + } assertValidRPRegistrationMedataPayload(registrationMetadata) return { scheme, authorizationRequestPayload, requestObjectJwt, registrationMetadata } } diff --git a/packages/siop-oid4vp/lib/op/OP.ts b/packages/siop-oid4vp/lib/op/OP.ts index 7fee9a0a..abda723d 100644 --- a/packages/siop-oid4vp/lib/op/OP.ts +++ b/packages/siop-oid4vp/lib/op/OP.ts @@ -39,9 +39,11 @@ import { createResponseOptsFromBuilderOrExistingOpts, createVerifyRequestOptsFro export class OP { private readonly _createResponseOptions: AuthorizationResponseOpts private readonly _verifyRequestOptions: Partial + private readonly _trustChain: Array private readonly _eventEmitter?: EventEmitter private constructor(opts: { builder?: OPBuilder; responseOpts?: AuthorizationResponseOpts; verifyOpts?: VerifyAuthorizationRequestOpts }) { + this._trustChain = opts.builder?.trustChain this._createResponseOptions = { ...createResponseOptsFromBuilderOrExistingOpts(opts) } this._verifyRequestOptions = { ...createVerifyRequestOptsFromBuilderOrExistingOpts(opts) } this._eventEmitter = opts.builder?.eventEmitter @@ -276,7 +278,7 @@ export class OP { * @param encodedUri */ public async parseAuthorizationRequestURI(encodedUri: string): Promise { - const { scheme, requestObjectJwt, authorizationRequestPayload, registrationMetadata } = await URI.parseAndResolve(encodedUri) + const { scheme, requestObjectJwt, authorizationRequestPayload, registrationMetadata } = await URI.parseAndResolve(encodedUri, this._trustChain) return { encodedUri, diff --git a/packages/siop-oid4vp/lib/op/OPBuilder.ts b/packages/siop-oid4vp/lib/op/OPBuilder.ts index 6db8dd54..58d8c0bd 100644 --- a/packages/siop-oid4vp/lib/op/OPBuilder.ts +++ b/packages/siop-oid4vp/lib/op/OPBuilder.ts @@ -17,6 +17,7 @@ export class OPBuilder { createJwtCallback?: CreateJwtCallback verifyJwtCallback?: VerifyJwtCallback presentationSignCallback?: PresentationSignCallback + trustChain?: Array supportedVersions?: SupportedVersion[] eventEmitter?: EventEmitter @@ -94,6 +95,11 @@ export class OPBuilder { return this } + withTrustChain(trustChain: Array): OPBuilder { + this.trustChain = trustChain + return this + } + withEventEmitter(eventEmitter?: EventEmitter): OPBuilder { this.eventEmitter = eventEmitter ?? new EventEmitter() return this diff --git a/packages/siop-oid4vp/package.json b/packages/siop-oid4vp/package.json index 15398327..b628e628 100644 --- a/packages/siop-oid4vp/package.json +++ b/packages/siop-oid4vp/package.json @@ -81,6 +81,11 @@ "tsimp": "^2.0.11", "typescript": "5.4.5" }, + "peerDependencies": { + "@sphereon/openid-federation-client": "^0.1.1-unstable.21e8440", + "@sphereon/openid-federation-common": "^0.1.1-unstable.21e8440", + "@sphereon/openid-federation-open-api": "^0.1.1-unstable.21e8440" + }, "resolutions": { "isomorphic-webcrypto": "npm:@sphereon/isomorphic-webcrypto@^2.4.1-unstable.0", "esline/**/strip-ansi": "6.0.1" diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 68b1155e..f1629032 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -448,6 +448,15 @@ importers: '@sphereon/oid4vc-common': specifier: workspace:* version: link:../common + '@sphereon/openid-federation-client': + specifier: ^0.1.1-unstable.21e8440 + version: 0.1.1-unstable.21e8440(encoding@0.1.13) + '@sphereon/openid-federation-common': + specifier: ^0.1.1-unstable.21e8440 + version: 0.1.1-unstable.21e8440(encoding@0.1.13) + '@sphereon/openid-federation-open-api': + specifier: ^0.1.1-unstable.21e8440 + version: 0.1.1-unstable.21e8440(encoding@0.1.13) '@sphereon/pex': specifier: 5.0.0-unstable.24 version: 5.0.0-unstable.24 @@ -2094,6 +2103,9 @@ packages: '@jridgewell/trace-mapping@0.3.9': resolution: {integrity: sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==} + '@js-joda/core@3.2.0': + resolution: {integrity: sha512-PMqgJ0sw5B7FKb2d5bWYIoxjri+QlW/Pys7+Rw82jSH0QN3rB05jZ/VrrsUdh1w4+i2kw9JOejXGq/KhDOX7Kg==} + '@js-joda/core@5.6.3': resolution: {integrity: sha512-T1rRxzdqkEXcou0ZprN1q9yDRlvzCPLqmlNt5IIsGBzoEVgLCCYrKEwc84+TvsXuAc95VAZwtWD2zVsKPY4bcA==} @@ -2522,6 +2534,16 @@ packages: '@sphereon/kmp-mdl-mdoc@0.2.0-SNAPSHOT.22': resolution: {integrity: sha512-uAZZExVy+ug9JLircejWa5eLtAZ7bnBP6xb7DO2+86LRsHNLh2k2jMWJYxp+iWtGHTsh6RYsZl14ScQLvjiQ/A==} + bundledDependencies: [] + + '@sphereon/openid-federation-client@0.1.1-unstable.21e8440': + resolution: {integrity: sha512-O1CW/t3Zan1wKQxdl6fzDXDrL/t+Ph9UB0rypJA4Pr9u4R+7nB+Z3KC/wphH2Q4NrJFP0sASKn0ER78Gc9onLw==} + + '@sphereon/openid-federation-common@0.1.1-unstable.21e8440': + resolution: {integrity: sha512-mumhjoqeP1qjy3SsT/3AExV+x+SwrO4On+ZrMTFNYjzY7zRKl6rKWkgA0iGbG6z2XR7xW3y1wzDqFxIGS94tXQ==} + + '@sphereon/openid-federation-open-api@0.1.1-unstable.21e8440': + resolution: {integrity: sha512-glePGlpbvZI+NhhsfoD44cFbamwIMIQF0xG1k1Ikr9i8XRZFBHz/w/WK9Hfc9dtP63Ry2Ckq8I4KlRZLL5OJ6g==} '@sphereon/pex-models@2.3.1': resolution: {integrity: sha512-SByU4cJ0XYA6VZQ/L6lsSiRcFtBPHbFioCeQ4GP7/W/jQ+PSBD7uK2oTnKQ9/0iEiMK/6JYqhKgLs4a9UX3UTQ==} @@ -5665,6 +5687,9 @@ packages: jose@4.15.9: resolution: {integrity: sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==} + jose@5.9.4: + resolution: {integrity: sha512-WBBl6au1qg6OHj67yCffCgFR3BADJBXN8MdRvCgJDuMv3driV2nHr7jdGvaKX9IolosAsn+M0XRArqLXUhyJHQ==} + js-base64@3.7.7: resolution: {integrity: sha512-7rCnleh0z2CkXhH67J8K1Ytz0b2Y+yxTPL+/KOJoa20hfnVQ/3/T6W/KflYI4bRHRagNeXeU2bkNGI3v1oS/lw==} @@ -8501,6 +8526,18 @@ packages: utf-8-validate: optional: true + ws@8.5.0: + resolution: {integrity: sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg==} + engines: {node: '>=10.0.0'} + peerDependencies: + bufferutil: ^4.0.1 + utf-8-validate: ^5.0.2 + peerDependenciesMeta: + bufferutil: + optional: true + utf-8-validate: + optional: true + x25519-key-agreement-2020-context@1.0.0: resolution: {integrity: sha512-zblYd8oSg6hNAD+fA9X7ek1hJQRircl3jVlEVCaBTNN9Mv9b4G32uJvRZFMQEMmda8iaTtYo9i2dRMdXX8pjpA==} @@ -9940,7 +9977,7 @@ snapshots: '@digitalcredentials/bnid@2.1.2(react-native@0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1))': dependencies: '@digitalcredentials/base58-universal': 1.0.1 - react-native-securerandom: 1.0.1(react-native@0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1)) + react-native-securerandom: 1.0.1(react-native@0.71.19(@babel/core@7.25.2)(encoding@0.1.13)(react@18.3.1)) yargs: 15.4.1 transitivePeerDependencies: - react-native @@ -11022,6 +11059,8 @@ snapshots: '@jridgewell/resolve-uri': 3.1.2 '@jridgewell/sourcemap-codec': 1.5.0 + '@js-joda/core@3.2.0': {} + '@js-joda/core@5.6.3': {} '@js-joda/timezone@2.3.0(@js-joda/core@5.6.3)': @@ -11764,7 +11803,7 @@ snapshots: webcrypto-shim: 0.1.7 optionalDependencies: expo: 48.0.21(@babel/core@7.25.2)(encoding@0.1.13) - react-native-securerandom: 1.0.1(react-native@0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1)) + react-native-securerandom: 1.0.1(react-native@0.71.19(@babel/core@7.25.2)(encoding@0.1.13)(react@18.3.1)) '@sphereon/kmp-mdl-mdoc@0.2.0-SNAPSHOT.22': dependencies: @@ -11772,6 +11811,42 @@ snapshots: '@js-joda/timezone': 2.3.0(@js-joda/core@5.6.3) format-util: 1.0.5 + '@sphereon/openid-federation-client@0.1.1-unstable.21e8440(encoding@0.1.13)': + dependencies: + '@js-joda/core': 3.2.0 + abort-controller: 3.0.0 + format-util: 1.0.5 + jose: 5.9.4 + node-fetch: 2.6.12(encoding@0.1.13) + ws: 8.5.0 + transitivePeerDependencies: + - bufferutil + - encoding + - utf-8-validate + + '@sphereon/openid-federation-common@0.1.1-unstable.21e8440(encoding@0.1.13)': + dependencies: + abort-controller: 3.0.0 + format-util: 1.0.5 + node-fetch: 2.6.12(encoding@0.1.13) + typescript: 5.5.3 + ws: 8.5.0 + transitivePeerDependencies: + - bufferutil + - encoding + - utf-8-validate + + '@sphereon/openid-federation-open-api@0.1.1-unstable.21e8440(encoding@0.1.13)': + dependencies: + abort-controller: 3.0.0 + format-util: 1.0.5 + node-fetch: 2.6.12(encoding@0.1.13) + ws: 8.5.0 + transitivePeerDependencies: + - bufferutil + - encoding + - utf-8-validate + '@sphereon/pex-models@2.3.1': {} '@sphereon/pex@5.0.0-unstable.24': @@ -16069,6 +16144,8 @@ snapshots: jose@4.15.9: {} + jose@5.9.4: {} + js-base64@3.7.7: {} js-binary-schema-parser@2.0.3: {} @@ -17960,7 +18037,7 @@ snapshots: react-native: 0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1) optional: true - react-native-securerandom@1.0.1(react-native@0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1)): + react-native-securerandom@1.0.1(react-native@0.71.19(@babel/core@7.25.2)(encoding@0.1.13)(react@18.3.1)): dependencies: base64-js: 1.5.1 react-native: 0.71.19(@babel/core@7.25.2)(@babel/preset-env@7.25.4(@babel/core@7.25.2))(encoding@0.1.13)(react@18.3.1) @@ -19446,6 +19523,8 @@ snapshots: ws@8.18.0: {} + ws@8.5.0: {} + x25519-key-agreement-2020-context@1.0.0: {} xcode@3.0.1: From 123ee3eac634d3c1cf61d700f64f1dfe84e158ff Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Mon, 25 Nov 2024 15:52:33 +0100 Subject: [PATCH 05/13] refactor: Refactored trust chain resolution --- .../lib/authorization-request/URI.ts | 25 ++++--------------- packages/siop-oid4vp/lib/op/OP.ts | 11 ++++---- packages/siop-oid4vp/lib/op/OPBuilder.ts | 6 ----- packages/siop-oid4vp/package.json | 5 ---- 4 files changed, 10 insertions(+), 37 deletions(-) diff --git a/packages/siop-oid4vp/lib/authorization-request/URI.ts b/packages/siop-oid4vp/lib/authorization-request/URI.ts index f1dceb2f..e6e58c50 100644 --- a/packages/siop-oid4vp/lib/authorization-request/URI.ts +++ b/packages/siop-oid4vp/lib/authorization-request/URI.ts @@ -1,5 +1,4 @@ import { parseJWT } from '@sphereon/oid4vc-common' -import { FederationClient, TrustChainResolveResponse } from '@sphereon/openid-federation-client' import { PresentationExchange } from '../authorization-response/PresentationExchange' import { decodeUriAsJson, encodeJsonAsURI, fetchByReferenceOrUseByValue } from '../helpers' @@ -194,8 +193,7 @@ export class URI implements AuthorizationRequestURI { } } else { try { - scheme = - (await authorizationRequest.getSupportedVersion()) === SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1 ? 'openid-vc://' : 'openid4vp://' + scheme = (await authorizationRequest.getSupportedVersion()) === SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1 ? 'openid-vc://' : 'openid4vp://' } catch (error: unknown) { scheme = 'openid4vp://' } @@ -236,7 +234,7 @@ export class URI implements AuthorizationRequestURI { return { scheme, authorizationRequestPayload } } - public static async parseAndResolve(uri: string, trustChain?: Array) { + public static async parseAndResolve(uri: string, rpRegistrationMetadata?: RPRegistrationMetadataPayload) { if (!uri) { throw Error(SIOPErrors.BAD_PARAMS) } @@ -244,23 +242,10 @@ export class URI implements AuthorizationRequestURI { const requestObjectJwt = await fetchByReferenceOrUseByValue(authorizationRequestPayload.request_uri, authorizationRequestPayload.request, true) let registrationMetadata: RPRegistrationMetadataPayload - if (trustChain !== undefined && trustChain !== null) { - const fedClient = new FederationClient(null, null) - const resolvedTrustChain: TrustChainResolveResponse = await fedClient.resolveTrustChain( - authorizationRequestPayload['client_metadata_uri'], - trustChain, - ) - if (resolvedTrustChain !== null && resolvedTrustChain !== undefined) { - const clientMetadata = resolvedTrustChain.trustChain.asJsReadonlyArrayView()[1] - const subordinateStatement = JSON.parse(Buffer.from(clientMetadata.split('.')[1]).toString('base64url')) - registrationMetadata = {} - registrationMetadata.federation_entity = subordinateStatement.federationEntity - registrationMetadata.openid_credential_verifier = subordinateStatement.openIdRelyingParty - } else { - throw new Error('Cannot resolve OID Federation metadata') - } + if (rpRegistrationMetadata !== undefined && rpRegistrationMetadata !== null) { + registrationMetadata = rpRegistrationMetadata } else { - registrationMetadata = await fetchByReferenceOrUseByValue( + registrationMetadata = await fetchByReferenceOrUseByValue( authorizationRequestPayload['client_metadata_uri'] ?? authorizationRequestPayload['registration_uri'], authorizationRequestPayload['client_metadata'] ?? authorizationRequestPayload['registration'], ) diff --git a/packages/siop-oid4vp/lib/op/OP.ts b/packages/siop-oid4vp/lib/op/OP.ts index abda723d..87872803 100644 --- a/packages/siop-oid4vp/lib/op/OP.ts +++ b/packages/siop-oid4vp/lib/op/OP.ts @@ -24,13 +24,13 @@ import { RegisterEventListener, RequestObjectPayload, ResponseIss, - ResponseMode, + ResponseMode, RPRegistrationMetadataPayload, SIOPErrors, SupportedVersion, UrlEncodingFormat, Verification, VerifiedAuthorizationRequest -} from '../types'; +} from '../types' import { OPBuilder } from './OPBuilder'; import { createResponseOptsFromBuilderOrExistingOpts, createVerifyRequestOptsFromBuilderOrExistingOpts } from './Opts'; @@ -39,11 +39,9 @@ import { createResponseOptsFromBuilderOrExistingOpts, createVerifyRequestOptsFro export class OP { private readonly _createResponseOptions: AuthorizationResponseOpts private readonly _verifyRequestOptions: Partial - private readonly _trustChain: Array private readonly _eventEmitter?: EventEmitter private constructor(opts: { builder?: OPBuilder; responseOpts?: AuthorizationResponseOpts; verifyOpts?: VerifyAuthorizationRequestOpts }) { - this._trustChain = opts.builder?.trustChain this._createResponseOptions = { ...createResponseOptsFromBuilderOrExistingOpts(opts) } this._verifyRequestOptions = { ...createVerifyRequestOptsFromBuilderOrExistingOpts(opts) } this._eventEmitter = opts.builder?.eventEmitter @@ -276,9 +274,10 @@ export class OP { * Create an Authentication Request Payload from a URI string * * @param encodedUri + * @param rpRegistrationMetadata */ - public async parseAuthorizationRequestURI(encodedUri: string): Promise { - const { scheme, requestObjectJwt, authorizationRequestPayload, registrationMetadata } = await URI.parseAndResolve(encodedUri, this._trustChain) + public async parseAuthorizationRequestURI(encodedUri: string, rpRegistrationMetadata?: RPRegistrationMetadataPayload): Promise { + const { scheme, requestObjectJwt, authorizationRequestPayload, registrationMetadata } = await URI.parseAndResolve(encodedUri, rpRegistrationMetadata) return { encodedUri, diff --git a/packages/siop-oid4vp/lib/op/OPBuilder.ts b/packages/siop-oid4vp/lib/op/OPBuilder.ts index 58d8c0bd..6db8dd54 100644 --- a/packages/siop-oid4vp/lib/op/OPBuilder.ts +++ b/packages/siop-oid4vp/lib/op/OPBuilder.ts @@ -17,7 +17,6 @@ export class OPBuilder { createJwtCallback?: CreateJwtCallback verifyJwtCallback?: VerifyJwtCallback presentationSignCallback?: PresentationSignCallback - trustChain?: Array supportedVersions?: SupportedVersion[] eventEmitter?: EventEmitter @@ -95,11 +94,6 @@ export class OPBuilder { return this } - withTrustChain(trustChain: Array): OPBuilder { - this.trustChain = trustChain - return this - } - withEventEmitter(eventEmitter?: EventEmitter): OPBuilder { this.eventEmitter = eventEmitter ?? new EventEmitter() return this diff --git a/packages/siop-oid4vp/package.json b/packages/siop-oid4vp/package.json index b628e628..15398327 100644 --- a/packages/siop-oid4vp/package.json +++ b/packages/siop-oid4vp/package.json @@ -81,11 +81,6 @@ "tsimp": "^2.0.11", "typescript": "5.4.5" }, - "peerDependencies": { - "@sphereon/openid-federation-client": "^0.1.1-unstable.21e8440", - "@sphereon/openid-federation-common": "^0.1.1-unstable.21e8440", - "@sphereon/openid-federation-open-api": "^0.1.1-unstable.21e8440" - }, "resolutions": { "isomorphic-webcrypto": "npm:@sphereon/isomorphic-webcrypto@^2.4.1-unstable.0", "esline/**/strip-ansi": "6.0.1" From 4e483a719459e3ee6c4be92868f12b8bac882d56 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Mon, 25 Nov 2024 16:15:47 +0100 Subject: [PATCH 06/13] refactor: Removed openid-federation-* dependencies --- packages/client/lib/MetadataClient.ts | 4 +- pnpm-lock.yaml | 78 --------------------------- 2 files changed, 3 insertions(+), 79 deletions(-) diff --git a/packages/client/lib/MetadataClient.ts b/packages/client/lib/MetadataClient.ts index a12caee9..e26a6247 100644 --- a/packages/client/lib/MetadataClient.ts +++ b/packages/client/lib/MetadataClient.ts @@ -60,10 +60,12 @@ export class MetadataClient { /** * Retrieve all metadata from an issuer * @param issuer The issuer URL + * @param credIssuerMetadata * @param opts */ public static async retrieveAllMetadata( issuer: string, + credIssuerMetadata?: CredentialIssuerMetadataV1_0_11 | CredentialIssuerMetadataV1_0_13 | (IssuerMetadataV1_0_08 & Partial), opts?: { errorOnNotFound: boolean }, ): Promise { let token_endpoint: string | undefined; @@ -74,7 +76,7 @@ export class MetadataClient { let authorization_servers: string[] | undefined = [issuer]; let authorization_server: string | undefined = undefined; const oid4vciResponse = await MetadataClient.retrieveOpenID4VCIServerMetadata(issuer, { errorOnNotFound: false }); // We will handle errors later, given we will also try other metadata locations - let credentialIssuerMetadata = oid4vciResponse?.successBody; + let credentialIssuerMetadata = credIssuerMetadata ?? oid4vciResponse?.successBody; if (credentialIssuerMetadata) { debug(`Issuer ${issuer} OID4VCI well-known server metadata\r\n${JSON.stringify(credentialIssuerMetadata)}`); credential_endpoint = credentialIssuerMetadata.credential_endpoint; diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f1629032..840cadca 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -448,15 +448,6 @@ importers: '@sphereon/oid4vc-common': specifier: workspace:* version: link:../common - '@sphereon/openid-federation-client': - specifier: ^0.1.1-unstable.21e8440 - version: 0.1.1-unstable.21e8440(encoding@0.1.13) - '@sphereon/openid-federation-common': - specifier: ^0.1.1-unstable.21e8440 - version: 0.1.1-unstable.21e8440(encoding@0.1.13) - '@sphereon/openid-federation-open-api': - specifier: ^0.1.1-unstable.21e8440 - version: 0.1.1-unstable.21e8440(encoding@0.1.13) '@sphereon/pex': specifier: 5.0.0-unstable.24 version: 5.0.0-unstable.24 @@ -2103,9 +2094,6 @@ packages: '@jridgewell/trace-mapping@0.3.9': resolution: {integrity: sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==} - '@js-joda/core@3.2.0': - resolution: {integrity: sha512-PMqgJ0sw5B7FKb2d5bWYIoxjri+QlW/Pys7+Rw82jSH0QN3rB05jZ/VrrsUdh1w4+i2kw9JOejXGq/KhDOX7Kg==} - '@js-joda/core@5.6.3': resolution: {integrity: sha512-T1rRxzdqkEXcou0ZprN1q9yDRlvzCPLqmlNt5IIsGBzoEVgLCCYrKEwc84+TvsXuAc95VAZwtWD2zVsKPY4bcA==} @@ -2536,15 +2524,6 @@ packages: resolution: {integrity: sha512-uAZZExVy+ug9JLircejWa5eLtAZ7bnBP6xb7DO2+86LRsHNLh2k2jMWJYxp+iWtGHTsh6RYsZl14ScQLvjiQ/A==} bundledDependencies: [] - '@sphereon/openid-federation-client@0.1.1-unstable.21e8440': - resolution: {integrity: sha512-O1CW/t3Zan1wKQxdl6fzDXDrL/t+Ph9UB0rypJA4Pr9u4R+7nB+Z3KC/wphH2Q4NrJFP0sASKn0ER78Gc9onLw==} - - '@sphereon/openid-federation-common@0.1.1-unstable.21e8440': - resolution: {integrity: sha512-mumhjoqeP1qjy3SsT/3AExV+x+SwrO4On+ZrMTFNYjzY7zRKl6rKWkgA0iGbG6z2XR7xW3y1wzDqFxIGS94tXQ==} - - '@sphereon/openid-federation-open-api@0.1.1-unstable.21e8440': - resolution: {integrity: sha512-glePGlpbvZI+NhhsfoD44cFbamwIMIQF0xG1k1Ikr9i8XRZFBHz/w/WK9Hfc9dtP63Ry2Ckq8I4KlRZLL5OJ6g==} - '@sphereon/pex-models@2.3.1': resolution: {integrity: sha512-SByU4cJ0XYA6VZQ/L6lsSiRcFtBPHbFioCeQ4GP7/W/jQ+PSBD7uK2oTnKQ9/0iEiMK/6JYqhKgLs4a9UX3UTQ==} @@ -5687,9 +5666,6 @@ packages: jose@4.15.9: resolution: {integrity: sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==} - jose@5.9.4: - resolution: {integrity: sha512-WBBl6au1qg6OHj67yCffCgFR3BADJBXN8MdRvCgJDuMv3driV2nHr7jdGvaKX9IolosAsn+M0XRArqLXUhyJHQ==} - js-base64@3.7.7: resolution: {integrity: sha512-7rCnleh0z2CkXhH67J8K1Ytz0b2Y+yxTPL+/KOJoa20hfnVQ/3/T6W/KflYI4bRHRagNeXeU2bkNGI3v1oS/lw==} @@ -8526,18 +8502,6 @@ packages: utf-8-validate: optional: true - ws@8.5.0: - resolution: {integrity: sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg==} - engines: {node: '>=10.0.0'} - peerDependencies: - bufferutil: ^4.0.1 - utf-8-validate: ^5.0.2 - peerDependenciesMeta: - bufferutil: - optional: true - utf-8-validate: - optional: true - x25519-key-agreement-2020-context@1.0.0: resolution: {integrity: sha512-zblYd8oSg6hNAD+fA9X7ek1hJQRircl3jVlEVCaBTNN9Mv9b4G32uJvRZFMQEMmda8iaTtYo9i2dRMdXX8pjpA==} @@ -11059,8 +11023,6 @@ snapshots: '@jridgewell/resolve-uri': 3.1.2 '@jridgewell/sourcemap-codec': 1.5.0 - '@js-joda/core@3.2.0': {} - '@js-joda/core@5.6.3': {} '@js-joda/timezone@2.3.0(@js-joda/core@5.6.3)': @@ -11811,42 +11773,6 @@ snapshots: '@js-joda/timezone': 2.3.0(@js-joda/core@5.6.3) format-util: 1.0.5 - '@sphereon/openid-federation-client@0.1.1-unstable.21e8440(encoding@0.1.13)': - dependencies: - '@js-joda/core': 3.2.0 - abort-controller: 3.0.0 - format-util: 1.0.5 - jose: 5.9.4 - node-fetch: 2.6.12(encoding@0.1.13) - ws: 8.5.0 - transitivePeerDependencies: - - bufferutil - - encoding - - utf-8-validate - - '@sphereon/openid-federation-common@0.1.1-unstable.21e8440(encoding@0.1.13)': - dependencies: - abort-controller: 3.0.0 - format-util: 1.0.5 - node-fetch: 2.6.12(encoding@0.1.13) - typescript: 5.5.3 - ws: 8.5.0 - transitivePeerDependencies: - - bufferutil - - encoding - - utf-8-validate - - '@sphereon/openid-federation-open-api@0.1.1-unstable.21e8440(encoding@0.1.13)': - dependencies: - abort-controller: 3.0.0 - format-util: 1.0.5 - node-fetch: 2.6.12(encoding@0.1.13) - ws: 8.5.0 - transitivePeerDependencies: - - bufferutil - - encoding - - utf-8-validate - '@sphereon/pex-models@2.3.1': {} '@sphereon/pex@5.0.0-unstable.24': @@ -16144,8 +16070,6 @@ snapshots: jose@4.15.9: {} - jose@5.9.4: {} - js-base64@3.7.7: {} js-binary-schema-parser@2.0.3: {} @@ -19523,8 +19447,6 @@ snapshots: ws@8.18.0: {} - ws@8.5.0: {} - x25519-key-agreement-2020-context@1.0.0: {} xcode@3.0.1: From 089be8aa7b9ba4eb8d8f75d6ca351ef1aa2e0593 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Mon, 25 Nov 2024 16:51:08 +0100 Subject: [PATCH 07/13] refactor: Rolled back the changes, metadata is already present in the constructor of the OpenID4VCIClient's constructor --- packages/client/lib/MetadataClient.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/packages/client/lib/MetadataClient.ts b/packages/client/lib/MetadataClient.ts index fa6ac508..e76f0c0b 100644 --- a/packages/client/lib/MetadataClient.ts +++ b/packages/client/lib/MetadataClient.ts @@ -60,12 +60,10 @@ export class MetadataClient { /** * Retrieve all metadata from an issuer * @param issuer The issuer URL - * @param credIssuerMetadata * @param opts */ public static async retrieveAllMetadata( issuer: string, - credIssuerMetadata?: CredentialIssuerMetadataV1_0_11 | CredentialIssuerMetadataV1_0_13 | (IssuerMetadataV1_0_08 & Partial), opts?: { errorOnNotFound: boolean }, ): Promise { let token_endpoint: string | undefined; @@ -76,7 +74,7 @@ export class MetadataClient { let authorization_servers: string[] | undefined = [issuer]; let authorization_server: string | undefined = undefined; const oid4vciResponse = await MetadataClient.retrieveOpenID4VCIServerMetadata(issuer, { errorOnNotFound: false }); // We will handle errors later, given we will also try other metadata locations - let credentialIssuerMetadata = credIssuerMetadata ?? oid4vciResponse?.successBody; + let credentialIssuerMetadata = oid4vciResponse?.successBody; if (credentialIssuerMetadata) { debug(`Issuer ${issuer} OID4VCI well-known server metadata\r\n${JSON.stringify(credentialIssuerMetadata)}`); credential_endpoint = credentialIssuerMetadata.credential_endpoint; From 38d68ab7df2ccfd6b1327ce067560878fc0f4020 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Mon, 25 Nov 2024 17:07:35 +0100 Subject: [PATCH 08/13] refactor: Removed the OIDF types from the library --- .../AuthorizationRequestPayloadVD11.schema.ts | 278 +++--------------- ...ationRequestPayloadVD12OID4VPD18.schema.ts | 278 +++--------------- ...ationRequestPayloadVD12OID4VPD20.schema.ts | 278 +++--------------- .../AuthorizationRequestPayloadVID1.schema.ts | 278 +++--------------- .../RPRegistrationMetadataPayload.schema.ts | 278 +++--------------- packages/siop-oid4vp/lib/types/SIOP.types.ts | 39 +-- 6 files changed, 173 insertions(+), 1256 deletions(-) diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts index f91f842e..020c0299 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD11.schema.ts @@ -122,72 +122,6 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { "RPRegistrationMetadataPayload": { "type": "object", "properties": { - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_id": { "anyOf": [ { @@ -301,38 +235,40 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { } } }, - "FederationEntityMetadataPayload": { - "type": "object", - "properties": { - "federation_fetch_endpoint": { - "type": "string" - }, - "federation_list_endpoint": { - "type": "string" - }, - "federation_resolve_endpoint": { - "type": "string" - }, - "federation_trust_mark_status_endpoint": { - "type": "string" - }, - "federation_trust_mark_list_endpoint": { - "type": "string" - }, - "federation_trust_mark_endpoint": { - "type": "string" - }, - "federation_historical_keys_endpoint": { - "type": "string" - }, - "organization_name": { - "type": "string" - }, - "homepage_uri": { - "type": "string" - } - }, - "additionalProperties": false + "SigningAlgo": { + "type": "string", + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] + }, + "ResponseType": { + "type": "string", + "enum": [ + "id_token", + "vp_token" + ] + }, + "Scope": { + "type": "string", + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] + }, + "SubjectType": { + "type": "string", + "enum": [ + "public", + "pairwise" + ] }, "Format": { "type": "object", @@ -464,152 +400,6 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { ], "additionalProperties": false }, - "JWKS": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "$ref": "#/definitions/JWK" - } - } - }, - "required": [ - "keys" - ], - "additionalProperties": false - }, - "JWK": { - "type": "object", - "properties": { - "kty": { - "type": "string" - }, - "crv": { - "type": "string" - }, - "x": { - "type": "string" - }, - "y": { - "type": "string" - }, - "e": { - "type": "string" - }, - "n": { - "type": "string" - }, - "alg": { - "type": "string" - }, - "d": { - "type": "string" - }, - "dp": { - "type": "string" - }, - "dq": { - "type": "string" - }, - "ext": { - "type": "boolean" - }, - "k": { - "type": "string" - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "kid": { - "type": "string" - }, - "oth": { - "type": "array", - "items": { - "type": "object", - "properties": { - "d": { - "type": "string" - }, - "r": { - "type": "string" - }, - "t": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "qi": { - "type": "string" - }, - "use": { - "type": "string" - }, - "x5c": { - "type": "array", - "items": { - "type": "string" - } - }, - "x5t": { - "type": "string" - }, - "x5t#S256": { - "type": "string" - }, - "x5u": { - "type": "string" - } - }, - "additionalProperties": {} - }, - "SigningAlgo": { - "type": "string", - "enum": [ - "EdDSA", - "RS256", - "PS256", - "ES256", - "ES256K" - ] - }, - "ResponseType": { - "type": "string", - "enum": [ - "id_token", - "vp_token" - ] - }, - "Scope": { - "type": "string", - "enum": [ - "openid", - "openid did_authn", - "profile", - "email", - "address", - "phone" - ] - }, - "SubjectType": { - "type": "string", - "enum": [ - "public", - "pairwise" - ] - }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts index 5de0ba32..bb6429d1 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts @@ -128,72 +128,6 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { "RPRegistrationMetadataPayload": { "type": "object", "properties": { - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_id": { "anyOf": [ { @@ -307,38 +241,40 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { } } }, - "FederationEntityMetadataPayload": { - "type": "object", - "properties": { - "federation_fetch_endpoint": { - "type": "string" - }, - "federation_list_endpoint": { - "type": "string" - }, - "federation_resolve_endpoint": { - "type": "string" - }, - "federation_trust_mark_status_endpoint": { - "type": "string" - }, - "federation_trust_mark_list_endpoint": { - "type": "string" - }, - "federation_trust_mark_endpoint": { - "type": "string" - }, - "federation_historical_keys_endpoint": { - "type": "string" - }, - "organization_name": { - "type": "string" - }, - "homepage_uri": { - "type": "string" - } - }, - "additionalProperties": false + "SigningAlgo": { + "type": "string", + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] + }, + "ResponseType": { + "type": "string", + "enum": [ + "id_token", + "vp_token" + ] + }, + "Scope": { + "type": "string", + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] + }, + "SubjectType": { + "type": "string", + "enum": [ + "public", + "pairwise" + ] }, "Format": { "type": "object", @@ -470,152 +406,6 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { ], "additionalProperties": false }, - "JWKS": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "$ref": "#/definitions/JWK" - } - } - }, - "required": [ - "keys" - ], - "additionalProperties": false - }, - "JWK": { - "type": "object", - "properties": { - "kty": { - "type": "string" - }, - "crv": { - "type": "string" - }, - "x": { - "type": "string" - }, - "y": { - "type": "string" - }, - "e": { - "type": "string" - }, - "n": { - "type": "string" - }, - "alg": { - "type": "string" - }, - "d": { - "type": "string" - }, - "dp": { - "type": "string" - }, - "dq": { - "type": "string" - }, - "ext": { - "type": "boolean" - }, - "k": { - "type": "string" - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "kid": { - "type": "string" - }, - "oth": { - "type": "array", - "items": { - "type": "object", - "properties": { - "d": { - "type": "string" - }, - "r": { - "type": "string" - }, - "t": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "qi": { - "type": "string" - }, - "use": { - "type": "string" - }, - "x5c": { - "type": "array", - "items": { - "type": "string" - } - }, - "x5t": { - "type": "string" - }, - "x5t#S256": { - "type": "string" - }, - "x5u": { - "type": "string" - } - }, - "additionalProperties": {} - }, - "SigningAlgo": { - "type": "string", - "enum": [ - "EdDSA", - "RS256", - "PS256", - "ES256", - "ES256K" - ] - }, - "ResponseType": { - "type": "string", - "enum": [ - "id_token", - "vp_token" - ] - }, - "Scope": { - "type": "string", - "enum": [ - "openid", - "openid did_authn", - "profile", - "email", - "address", - "phone" - ] - }, - "SubjectType": { - "type": "string", - "enum": [ - "public", - "pairwise" - ] - }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts index 9312cefe..3a74ad22 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVD12OID4VPD20.schema.ts @@ -128,72 +128,6 @@ export const AuthorizationRequestPayloadVD12OID4VPD20SchemaObj = { "RPRegistrationMetadataPayload": { "type": "object", "properties": { - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_id": { "anyOf": [ { @@ -307,38 +241,40 @@ export const AuthorizationRequestPayloadVD12OID4VPD20SchemaObj = { } } }, - "FederationEntityMetadataPayload": { - "type": "object", - "properties": { - "federation_fetch_endpoint": { - "type": "string" - }, - "federation_list_endpoint": { - "type": "string" - }, - "federation_resolve_endpoint": { - "type": "string" - }, - "federation_trust_mark_status_endpoint": { - "type": "string" - }, - "federation_trust_mark_list_endpoint": { - "type": "string" - }, - "federation_trust_mark_endpoint": { - "type": "string" - }, - "federation_historical_keys_endpoint": { - "type": "string" - }, - "organization_name": { - "type": "string" - }, - "homepage_uri": { - "type": "string" - } - }, - "additionalProperties": false + "SigningAlgo": { + "type": "string", + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] + }, + "ResponseType": { + "type": "string", + "enum": [ + "id_token", + "vp_token" + ] + }, + "Scope": { + "type": "string", + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] + }, + "SubjectType": { + "type": "string", + "enum": [ + "public", + "pairwise" + ] }, "Format": { "type": "object", @@ -470,152 +406,6 @@ export const AuthorizationRequestPayloadVD12OID4VPD20SchemaObj = { ], "additionalProperties": false }, - "JWKS": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "$ref": "#/definitions/JWK" - } - } - }, - "required": [ - "keys" - ], - "additionalProperties": false - }, - "JWK": { - "type": "object", - "properties": { - "kty": { - "type": "string" - }, - "crv": { - "type": "string" - }, - "x": { - "type": "string" - }, - "y": { - "type": "string" - }, - "e": { - "type": "string" - }, - "n": { - "type": "string" - }, - "alg": { - "type": "string" - }, - "d": { - "type": "string" - }, - "dp": { - "type": "string" - }, - "dq": { - "type": "string" - }, - "ext": { - "type": "boolean" - }, - "k": { - "type": "string" - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "kid": { - "type": "string" - }, - "oth": { - "type": "array", - "items": { - "type": "object", - "properties": { - "d": { - "type": "string" - }, - "r": { - "type": "string" - }, - "t": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "qi": { - "type": "string" - }, - "use": { - "type": "string" - }, - "x5c": { - "type": "array", - "items": { - "type": "string" - } - }, - "x5t": { - "type": "string" - }, - "x5t#S256": { - "type": "string" - }, - "x5u": { - "type": "string" - } - }, - "additionalProperties": {} - }, - "SigningAlgo": { - "type": "string", - "enum": [ - "EdDSA", - "RS256", - "PS256", - "ES256", - "ES256K" - ] - }, - "ResponseType": { - "type": "string", - "enum": [ - "id_token", - "vp_token" - ] - }, - "Scope": { - "type": "string", - "enum": [ - "openid", - "openid did_authn", - "profile", - "email", - "address", - "phone" - ] - }, - "SubjectType": { - "type": "string", - "enum": [ - "public", - "pairwise" - ] - }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts index dcfda501..0b78c774 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationRequestPayloadVID1.schema.ts @@ -94,72 +94,6 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { "RPRegistrationMetadataPayload": { "type": "object", "properties": { - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_id": { "anyOf": [ { @@ -273,38 +207,40 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { } } }, - "FederationEntityMetadataPayload": { - "type": "object", - "properties": { - "federation_fetch_endpoint": { - "type": "string" - }, - "federation_list_endpoint": { - "type": "string" - }, - "federation_resolve_endpoint": { - "type": "string" - }, - "federation_trust_mark_status_endpoint": { - "type": "string" - }, - "federation_trust_mark_list_endpoint": { - "type": "string" - }, - "federation_trust_mark_endpoint": { - "type": "string" - }, - "federation_historical_keys_endpoint": { - "type": "string" - }, - "organization_name": { - "type": "string" - }, - "homepage_uri": { - "type": "string" - } - }, - "additionalProperties": false + "SigningAlgo": { + "type": "string", + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] + }, + "ResponseType": { + "type": "string", + "enum": [ + "id_token", + "vp_token" + ] + }, + "Scope": { + "type": "string", + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] + }, + "SubjectType": { + "type": "string", + "enum": [ + "public", + "pairwise" + ] }, "Format": { "type": "object", @@ -436,152 +372,6 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { ], "additionalProperties": false }, - "JWKS": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "$ref": "#/definitions/JWK" - } - } - }, - "required": [ - "keys" - ], - "additionalProperties": false - }, - "JWK": { - "type": "object", - "properties": { - "kty": { - "type": "string" - }, - "crv": { - "type": "string" - }, - "x": { - "type": "string" - }, - "y": { - "type": "string" - }, - "e": { - "type": "string" - }, - "n": { - "type": "string" - }, - "alg": { - "type": "string" - }, - "d": { - "type": "string" - }, - "dp": { - "type": "string" - }, - "dq": { - "type": "string" - }, - "ext": { - "type": "boolean" - }, - "k": { - "type": "string" - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "kid": { - "type": "string" - }, - "oth": { - "type": "array", - "items": { - "type": "object", - "properties": { - "d": { - "type": "string" - }, - "r": { - "type": "string" - }, - "t": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "qi": { - "type": "string" - }, - "use": { - "type": "string" - }, - "x5c": { - "type": "array", - "items": { - "type": "string" - } - }, - "x5t": { - "type": "string" - }, - "x5t#S256": { - "type": "string" - }, - "x5u": { - "type": "string" - } - }, - "additionalProperties": {} - }, - "SigningAlgo": { - "type": "string", - "enum": [ - "EdDSA", - "RS256", - "PS256", - "ES256", - "ES256K" - ] - }, - "ResponseType": { - "type": "string", - "enum": [ - "id_token", - "vp_token" - ] - }, - "Scope": { - "type": "string", - "enum": [ - "openid", - "openid did_authn", - "profile", - "email", - "address", - "phone" - ] - }, - "SubjectType": { - "type": "string", - "enum": [ - "public", - "pairwise" - ] - }, "ResponseMode": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts b/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts index 3d2b5028..f3b2f432 100644 --- a/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/RPRegistrationMetadataPayload.schema.ts @@ -6,72 +6,6 @@ export const RPRegistrationMetadataPayloadSchemaObj = { "RPRegistrationMetadataPayload": { "type": "object", "properties": { - "federation_entity": { - "$ref": "#/definitions/FederationEntityMetadataPayload" - }, - "openid_credential_verifier": { - "type": "object", - "additionalProperties": false, - "properties": { - "vp_formats": { - "$ref": "#/definitions/Format" - }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "token_endpoint_auth_method": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, - "response_types": { - "type": "string" - }, - "client_name": { - "type": "string" - }, - "client_uri": { - "type": "string" - }, - "logo_uri": { - "type": "string" - }, - "scope": { - "type": "string" - }, - "contacts": { - "type": "array", - "items": { - "type": "string" - } - }, - "tos_uri": { - "type": "string" - }, - "policy_uri": { - "type": "string" - }, - "jwks_uri": { - "type": "string" - }, - "jwks": { - "$ref": "#/definitions/JWKS" - }, - "software_id": { - "type": "string" - }, - "software_version": { - "type": "string" - } - }, - "required": [ - "vp_formats" - ] - }, "client_id": { "anyOf": [ { @@ -185,38 +119,40 @@ export const RPRegistrationMetadataPayloadSchemaObj = { } } }, - "FederationEntityMetadataPayload": { - "type": "object", - "properties": { - "federation_fetch_endpoint": { - "type": "string" - }, - "federation_list_endpoint": { - "type": "string" - }, - "federation_resolve_endpoint": { - "type": "string" - }, - "federation_trust_mark_status_endpoint": { - "type": "string" - }, - "federation_trust_mark_list_endpoint": { - "type": "string" - }, - "federation_trust_mark_endpoint": { - "type": "string" - }, - "federation_historical_keys_endpoint": { - "type": "string" - }, - "organization_name": { - "type": "string" - }, - "homepage_uri": { - "type": "string" - } - }, - "additionalProperties": false + "SigningAlgo": { + "type": "string", + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] + }, + "ResponseType": { + "type": "string", + "enum": [ + "id_token", + "vp_token" + ] + }, + "Scope": { + "type": "string", + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] + }, + "SubjectType": { + "type": "string", + "enum": [ + "public", + "pairwise" + ] }, "Format": { "type": "object", @@ -347,152 +283,6 @@ export const RPRegistrationMetadataPayloadSchemaObj = { "alg" ], "additionalProperties": false - }, - "JWKS": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "$ref": "#/definitions/JWK" - } - } - }, - "required": [ - "keys" - ], - "additionalProperties": false - }, - "JWK": { - "type": "object", - "properties": { - "kty": { - "type": "string" - }, - "crv": { - "type": "string" - }, - "x": { - "type": "string" - }, - "y": { - "type": "string" - }, - "e": { - "type": "string" - }, - "n": { - "type": "string" - }, - "alg": { - "type": "string" - }, - "d": { - "type": "string" - }, - "dp": { - "type": "string" - }, - "dq": { - "type": "string" - }, - "ext": { - "type": "boolean" - }, - "k": { - "type": "string" - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "kid": { - "type": "string" - }, - "oth": { - "type": "array", - "items": { - "type": "object", - "properties": { - "d": { - "type": "string" - }, - "r": { - "type": "string" - }, - "t": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "qi": { - "type": "string" - }, - "use": { - "type": "string" - }, - "x5c": { - "type": "array", - "items": { - "type": "string" - } - }, - "x5t": { - "type": "string" - }, - "x5t#S256": { - "type": "string" - }, - "x5u": { - "type": "string" - } - }, - "additionalProperties": {} - }, - "SigningAlgo": { - "type": "string", - "enum": [ - "EdDSA", - "RS256", - "PS256", - "ES256", - "ES256K" - ] - }, - "ResponseType": { - "type": "string", - "enum": [ - "id_token", - "vp_token" - ] - }, - "Scope": { - "type": "string", - "enum": [ - "openid", - "openid did_authn", - "profile", - "email", - "address", - "phone" - ] - }, - "SubjectType": { - "type": "string", - "enum": [ - "public", - "pairwise" - ] } } }; \ No newline at end of file diff --git a/packages/siop-oid4vp/lib/types/SIOP.types.ts b/packages/siop-oid4vp/lib/types/SIOP.types.ts index 9071ae14..f9fc0cbc 100644 --- a/packages/siop-oid4vp/lib/types/SIOP.types.ts +++ b/packages/siop-oid4vp/lib/types/SIOP.types.ts @@ -231,40 +231,6 @@ export interface RequestStateInfo { iat?: number } -export interface FederationEntityMetadataPayload { - federation_fetch_endpoint?: string - federation_list_endpoint?: string - federation_resolve_endpoint?: string - federation_trust_mark_status_endpoint?: string - federation_trust_mark_list_endpoint?: string - federation_trust_mark_endpoint?: string - federation_historical_keys_endpoint?: string - organization_name?: string - homepage_uri?: string -} - -export interface FederationEntityMetadataOpts { - federationFetchEndpoint?: string - federationListEndpoint?: string - federationResolveEndpoint?: string - federationTrustMarkStatusEndpoint?: string - federationTrustMarkListEndpoint?: string - federationTrustMarkEndpoint?: string - federationHistoricalKeysEndpoint?: string - organizationName?: string - homepageUri?: string -} - -export type OpenIDCredentialVerifierOpts = { - federationEntity?: FederationEntityMetadataOpts; - openidCredentialVerifier?: DynamicRegistrationClientMetadata & { vp_formats: Format }; -}; - -export type OpenIDCredentialVerifierPayload = { - federation_entity?: FederationEntityMetadataPayload; - openid_credential_verifier?: DynamicRegistrationClientMetadata & { vp_formats: Format }; -}; - interface DiscoveryMetadataCommonOpts { //TODO add the check: Mandatory if PassBy.Value authorizationEndpoint?: Schema | string @@ -308,6 +274,7 @@ interface DiscoveryMetadataCommonOpts { requireRequestUriRegistration?: boolean // from openid connect discovery 1_0 opPolicyUri?: string // from openid connect discovery 1_0 opTosUri?: string // from openid connect discovery 1_0 + // eslint-disable-next-line @typescript-eslint/no-explicit-any [x: string]: any } @@ -447,7 +414,7 @@ export type RPRegistrationMetadataOpts = Partial< | 'tos_uri' | 'clientPurpose' > -> & OpenIDCredentialVerifierOpts & { +> & { // eslint-disable-next-line @typescript-eslint/no-explicit-any [x: string]: any } @@ -465,7 +432,7 @@ export type RPRegistrationMetadataPayload = Pick< | 'client_name' | 'logo_uri' | 'client_purpose' -> & OpenIDCredentialVerifierPayload & { +> & { // eslint-disable-next-line @typescript-eslint/no-explicit-any [x: string]: any } From 4060fe7f45a12e4eca2a8a321e219ee9ae7d7edf Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Tue, 26 Nov 2024 11:17:39 +0100 Subject: [PATCH 09/13] refactor: Added the OIDF client and check to the OID4VCI library --- packages/client/lib/OpenID4VCIClient.ts | 25 +++++++- packages/client/package.json | 5 ++ pnpm-lock.yaml | 79 +++++++++++++++++++++++++ 3 files changed, 106 insertions(+), 3 deletions(-) diff --git a/packages/client/lib/OpenID4VCIClient.ts b/packages/client/lib/OpenID4VCIClient.ts index 0ec729d2..90337abd 100644 --- a/packages/client/lib/OpenID4VCIClient.ts +++ b/packages/client/lib/OpenID4VCIClient.ts @@ -1,4 +1,4 @@ -import { CreateDPoPClientOpts, JWK } from '@sphereon/oid4vc-common'; +import { CreateDPoPClientOpts, JWK, parseJWT } from '@sphereon/oid4vc-common'; import { AccessTokenRequestOpts, AccessTokenResponse, @@ -35,6 +35,7 @@ import { ProofOfPossessionCallbacks, toAuthorizationResponsePayload, } from '@sphereon/oid4vci-common'; +import { FederationClient } from '@sphereon/openid-federation-client'; import { CredentialFormat } from '@sphereon/ssi-types'; import Debug from 'debug'; @@ -54,7 +55,9 @@ import { generateMissingPKCEOpts, sendNotification } from './functions'; const debug = Debug('sphereon:oid4vci'); -export type OpenID4VCIClientState = OpenID4VCIClientStateV1_0_11 | OpenID4VCIClientStateV1_0_13; +export type OpenID4VCIClientState = + | (OpenID4VCIClientStateV1_0_11 & { trustChains?: Array }) + | (OpenID4VCIClientStateV1_0_13 & { trustChains?: Array }); export type EndpointMetadataResult = EndpointMetadataResultV1_0_11 | EndpointMetadataResultV1_0_13; @@ -76,6 +79,7 @@ export class OpenID4VCIClient { authorizationRequestOpts, authorizationCodeResponse, authorizationURL, + trustChains, }: { credentialOffer?: CredentialOfferRequestWithBaseUrl; kid?: string; @@ -91,6 +95,7 @@ export class OpenID4VCIClient { authorizationRequestOpts?: AuthorizationRequestOpts; authorizationCodeResponse?: AuthorizationResponse; authorizationURL?: string; + trustChains?: Array; }) { const issuer = credentialIssuer ?? (credentialOffer ? getIssuerFromCredentialOfferPayload(credentialOffer.credential_offer) : undefined); if (!issuer) { @@ -113,6 +118,7 @@ export class OpenID4VCIClient { : (endpointMetadata as EndpointMetadataResultV1_0_13 | undefined), accessTokenResponse, authorizationURL, + trustChains, } as OpenID4VCIClientState; // Running syncAuthorizationRequestOpts later as it is using the state if (!this._state.authorizationRequestOpts) { @@ -130,6 +136,7 @@ export class OpenID4VCIClient { pkce, authorizationRequest, createAuthorizationRequestURL, + trustChains, }: { credentialIssuer: string; kid?: string; @@ -139,6 +146,7 @@ export class OpenID4VCIClient { createAuthorizationRequestURL?: boolean; authorizationRequest?: AuthorizationRequestOpts; // Can be provided here, or when manually calling createAuthorizationUrl pkce?: PKCEOpts; + trustChains?: Array; }) { const client = new OpenID4VCIClient({ kid, @@ -147,6 +155,7 @@ export class OpenID4VCIClient { credentialIssuer, pkce, authorizationRequest, + trustChains, }); if (retrieveServerMetadata === undefined || retrieveServerMetadata) { await client.retrieveServerMetadata(); @@ -257,7 +266,11 @@ export class OpenID4VCIClient { if (this.credentialOffer) { this._state.endpointMetadata = await MetadataClient.retrieveAllMetadataFromCredentialOffer(this.credentialOffer); } else if (this._state.credentialIssuer) { - this._state.endpointMetadata = await MetadataClient.retrieveAllMetadata(this._state.credentialIssuer); + if (this._state.trustChains !== undefined && this._state.trustChains !== null && this._state.trustChains.length !== 0) { + this._state.endpointMetadata = await this.retrieveTrustChainMetadata(this._state.credentialIssuer, this._state.trustChains); + } else { + this._state.endpointMetadata = await MetadataClient.retrieveAllMetadata(this._state.credentialIssuer); + } } else { throw Error(`Cannot retrieve issuer metadata without either a credential offer, or issuer value`); } @@ -266,6 +279,12 @@ export class OpenID4VCIClient { return this.endpointMetadata; } + private async retrieveTrustChainMetadata(credentialIssuer: string, trustChains: Array): Promise { + const oidfClient = new FederationClient(null, null); + const resolvedTrustChain = await oidfClient.resolveTrustChain(credentialIssuer, trustChains); + return resolvedTrustChain?.trustChain?.asJsReadonlyArrayView().map((s) => parseJWT(s))[1].payload as EndpointMetadataResult | undefined; + } + private calculatePKCEOpts(pkce?: PKCEOpts) { this._state.pkce = generateMissingPKCEOpts({ ...this._state.pkce, ...pkce }); } diff --git a/packages/client/package.json b/packages/client/package.json index 42c78f5f..abb569e3 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -47,6 +47,11 @@ "uint8arrays": "3.1.1", "uuid": "^9.0.1" }, + "peerDependencies": { + "@sphereon/openid-federation-client": "^0.1.1-unstable.21e8440", + "@sphereon/openid-federation-common": "^0.1.1-unstable.21e8440", + "@sphereon/openid-federation-open-api": "^0.1.1-unstable.21e8440" + }, "engines": { "node": ">=18" }, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 1ac67b6b..5786947b 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -118,6 +118,15 @@ importers: '@sphereon/oid4vci-common': specifier: workspace:* version: link:../oid4vci-common + '@sphereon/openid-federation-client': + specifier: ^0.1.1-unstable.21e8440 + version: 0.1.1-unstable.21e8440(encoding@0.1.13) + '@sphereon/openid-federation-common': + specifier: ^0.1.1-unstable.21e8440 + version: 0.1.1-unstable.21e8440(encoding@0.1.13) + '@sphereon/openid-federation-open-api': + specifier: ^0.1.1-unstable.21e8440 + version: 0.1.1-unstable.21e8440(encoding@0.1.13) '@sphereon/ssi-types': specifier: 0.30.2-feature.mdoc.funke2.367 version: 0.30.2-feature.mdoc.funke2.367 @@ -2116,6 +2125,9 @@ packages: '@jridgewell/trace-mapping@0.3.9': resolution: {integrity: sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==} + '@js-joda/core@3.2.0': + resolution: {integrity: sha512-PMqgJ0sw5B7FKb2d5bWYIoxjri+QlW/Pys7+Rw82jSH0QN3rB05jZ/VrrsUdh1w4+i2kw9JOejXGq/KhDOX7Kg==} + '@js-joda/core@5.6.3': resolution: {integrity: sha512-T1rRxzdqkEXcou0ZprN1q9yDRlvzCPLqmlNt5IIsGBzoEVgLCCYrKEwc84+TvsXuAc95VAZwtWD2zVsKPY4bcA==} @@ -2542,6 +2554,16 @@ packages: '@sphereon/kmp-mdoc-core@0.2.0-SNAPSHOT.10': resolution: {integrity: sha512-mHH7I6fWdztaNjguGJOLaerXWnQymQ/xKQ8NqClIXoI2PJNgmpQG6DxFcLRs1aYyWg1iY8bPliLJi41u94KdCA==} + bundledDependencies: [] + + '@sphereon/openid-federation-client@0.1.1-unstable.21e8440': + resolution: {integrity: sha512-O1CW/t3Zan1wKQxdl6fzDXDrL/t+Ph9UB0rypJA4Pr9u4R+7nB+Z3KC/wphH2Q4NrJFP0sASKn0ER78Gc9onLw==} + + '@sphereon/openid-federation-common@0.1.1-unstable.21e8440': + resolution: {integrity: sha512-mumhjoqeP1qjy3SsT/3AExV+x+SwrO4On+ZrMTFNYjzY7zRKl6rKWkgA0iGbG6z2XR7xW3y1wzDqFxIGS94tXQ==} + + '@sphereon/openid-federation-open-api@0.1.1-unstable.21e8440': + resolution: {integrity: sha512-glePGlpbvZI+NhhsfoD44cFbamwIMIQF0xG1k1Ikr9i8XRZFBHz/w/WK9Hfc9dtP63Ry2Ckq8I4KlRZLL5OJ6g==} '@sphereon/pex-models@2.3.1': resolution: {integrity: sha512-SByU4cJ0XYA6VZQ/L6lsSiRcFtBPHbFioCeQ4GP7/W/jQ+PSBD7uK2oTnKQ9/0iEiMK/6JYqhKgLs4a9UX3UTQ==} @@ -5716,6 +5738,9 @@ packages: jose@4.15.9: resolution: {integrity: sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==} + jose@5.9.4: + resolution: {integrity: sha512-WBBl6au1qg6OHj67yCffCgFR3BADJBXN8MdRvCgJDuMv3driV2nHr7jdGvaKX9IolosAsn+M0XRArqLXUhyJHQ==} + js-base64@3.7.7: resolution: {integrity: sha512-7rCnleh0z2CkXhH67J8K1Ytz0b2Y+yxTPL+/KOJoa20hfnVQ/3/T6W/KflYI4bRHRagNeXeU2bkNGI3v1oS/lw==} @@ -8601,6 +8626,18 @@ packages: utf-8-validate: optional: true + ws@8.5.0: + resolution: {integrity: sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg==} + engines: {node: '>=10.0.0'} + peerDependencies: + bufferutil: ^4.0.1 + utf-8-validate: ^5.0.2 + peerDependenciesMeta: + bufferutil: + optional: true + utf-8-validate: + optional: true + x25519-key-agreement-2020-context@1.0.0: resolution: {integrity: sha512-zblYd8oSg6hNAD+fA9X7ek1hJQRircl3jVlEVCaBTNN9Mv9b4G32uJvRZFMQEMmda8iaTtYo9i2dRMdXX8pjpA==} @@ -11142,6 +11179,8 @@ snapshots: '@jridgewell/resolve-uri': 3.1.2 '@jridgewell/sourcemap-codec': 1.5.0 + '@js-joda/core@3.2.0': {} + '@js-joda/core@5.6.3': {} '@js-joda/timezone@2.3.0(@js-joda/core@5.6.3)': @@ -11878,6 +11917,42 @@ snapshots: '@js-joda/timezone': 2.3.0(@js-joda/core@5.6.3) format-util: 1.0.5 + '@sphereon/openid-federation-client@0.1.1-unstable.21e8440(encoding@0.1.13)': + dependencies: + '@js-joda/core': 3.2.0 + abort-controller: 3.0.0 + format-util: 1.0.5 + jose: 5.9.4 + node-fetch: 2.6.12(encoding@0.1.13) + ws: 8.5.0 + transitivePeerDependencies: + - bufferutil + - encoding + - utf-8-validate + + '@sphereon/openid-federation-common@0.1.1-unstable.21e8440(encoding@0.1.13)': + dependencies: + abort-controller: 3.0.0 + format-util: 1.0.5 + node-fetch: 2.6.12(encoding@0.1.13) + typescript: 5.5.3 + ws: 8.5.0 + transitivePeerDependencies: + - bufferutil + - encoding + - utf-8-validate + + '@sphereon/openid-federation-open-api@0.1.1-unstable.21e8440(encoding@0.1.13)': + dependencies: + abort-controller: 3.0.0 + format-util: 1.0.5 + node-fetch: 2.6.12(encoding@0.1.13) + ws: 8.5.0 + transitivePeerDependencies: + - bufferutil + - encoding + - utf-8-validate + '@sphereon/pex-models@2.3.1': {} '@sphereon/pex@5.0.0-unstable.28': @@ -16301,6 +16376,8 @@ snapshots: jose@4.15.9: {} + jose@5.9.4: {} + js-base64@3.7.7: {} js-binary-schema-parser@2.0.3: {} @@ -19772,6 +19849,8 @@ snapshots: ws@8.18.0: {} + ws@8.5.0: {} + x25519-key-agreement-2020-context@1.0.0: {} xcode@3.0.1: From e04c3d13ca616e4168d4d7d84a22762a02f35c8f Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Tue, 26 Nov 2024 12:58:50 +0100 Subject: [PATCH 10/13] refactor: Removed the OIDF library and added the client metadata to the constructor functions --- packages/client/lib/OpenID4VCIClient.ts | 31 +++++++------------------ packages/client/package.json | 5 ---- 2 files changed, 9 insertions(+), 27 deletions(-) diff --git a/packages/client/lib/OpenID4VCIClient.ts b/packages/client/lib/OpenID4VCIClient.ts index 90337abd..3125208f 100644 --- a/packages/client/lib/OpenID4VCIClient.ts +++ b/packages/client/lib/OpenID4VCIClient.ts @@ -1,4 +1,4 @@ -import { CreateDPoPClientOpts, JWK, parseJWT } from '@sphereon/oid4vc-common'; +import { CreateDPoPClientOpts, JWK } from '@sphereon/oid4vc-common'; import { AccessTokenRequestOpts, AccessTokenResponse, @@ -35,7 +35,6 @@ import { ProofOfPossessionCallbacks, toAuthorizationResponsePayload, } from '@sphereon/oid4vci-common'; -import { FederationClient } from '@sphereon/openid-federation-client'; import { CredentialFormat } from '@sphereon/ssi-types'; import Debug from 'debug'; @@ -55,9 +54,7 @@ import { generateMissingPKCEOpts, sendNotification } from './functions'; const debug = Debug('sphereon:oid4vci'); -export type OpenID4VCIClientState = - | (OpenID4VCIClientStateV1_0_11 & { trustChains?: Array }) - | (OpenID4VCIClientStateV1_0_13 & { trustChains?: Array }); +export type OpenID4VCIClientState = OpenID4VCIClientStateV1_0_11 | OpenID4VCIClientStateV1_0_13; export type EndpointMetadataResult = EndpointMetadataResultV1_0_11 | EndpointMetadataResultV1_0_13; @@ -79,7 +76,6 @@ export class OpenID4VCIClient { authorizationRequestOpts, authorizationCodeResponse, authorizationURL, - trustChains, }: { credentialOffer?: CredentialOfferRequestWithBaseUrl; kid?: string; @@ -95,7 +91,6 @@ export class OpenID4VCIClient { authorizationRequestOpts?: AuthorizationRequestOpts; authorizationCodeResponse?: AuthorizationResponse; authorizationURL?: string; - trustChains?: Array; }) { const issuer = credentialIssuer ?? (credentialOffer ? getIssuerFromCredentialOfferPayload(credentialOffer.credential_offer) : undefined); if (!issuer) { @@ -118,7 +113,6 @@ export class OpenID4VCIClient { : (endpointMetadata as EndpointMetadataResultV1_0_13 | undefined), accessTokenResponse, authorizationURL, - trustChains, } as OpenID4VCIClientState; // Running syncAuthorizationRequestOpts later as it is using the state if (!this._state.authorizationRequestOpts) { @@ -136,7 +130,7 @@ export class OpenID4VCIClient { pkce, authorizationRequest, createAuthorizationRequestURL, - trustChains, + endpointMetadata }: { credentialIssuer: string; kid?: string; @@ -146,7 +140,7 @@ export class OpenID4VCIClient { createAuthorizationRequestURL?: boolean; authorizationRequest?: AuthorizationRequestOpts; // Can be provided here, or when manually calling createAuthorizationUrl pkce?: PKCEOpts; - trustChains?: Array; + endpointMetadata?: EndpointMetadataResult }) { const client = new OpenID4VCIClient({ kid, @@ -155,7 +149,7 @@ export class OpenID4VCIClient { credentialIssuer, pkce, authorizationRequest, - trustChains, + endpointMetadata }); if (retrieveServerMetadata === undefined || retrieveServerMetadata) { await client.retrieveServerMetadata(); @@ -182,6 +176,7 @@ export class OpenID4VCIClient { createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, + endpointMetadata }: { uri: string; kid?: string; @@ -192,6 +187,7 @@ export class OpenID4VCIClient { pkce?: PKCEOpts; clientId?: string; authorizationRequest?: AuthorizationRequestOpts; // Can be provided here, or when manually calling createAuthorizationUrl + endpointMetadata?: EndpointMetadataResult }): Promise { const credentialOfferClient = await CredentialOfferClient.fromURI(uri, { resolve: resolveOfferUri }); const client = new OpenID4VCIClient({ @@ -201,6 +197,7 @@ export class OpenID4VCIClient { clientId: clientId ?? authorizationRequest?.clientId ?? credentialOfferClient.clientId, pkce, authorizationRequest, + endpointMetadata }); if (retrieveServerMetadata === undefined || retrieveServerMetadata) { @@ -266,11 +263,7 @@ export class OpenID4VCIClient { if (this.credentialOffer) { this._state.endpointMetadata = await MetadataClient.retrieveAllMetadataFromCredentialOffer(this.credentialOffer); } else if (this._state.credentialIssuer) { - if (this._state.trustChains !== undefined && this._state.trustChains !== null && this._state.trustChains.length !== 0) { - this._state.endpointMetadata = await this.retrieveTrustChainMetadata(this._state.credentialIssuer, this._state.trustChains); - } else { - this._state.endpointMetadata = await MetadataClient.retrieveAllMetadata(this._state.credentialIssuer); - } + this._state.endpointMetadata = await MetadataClient.retrieveAllMetadata(this._state.credentialIssuer); } else { throw Error(`Cannot retrieve issuer metadata without either a credential offer, or issuer value`); } @@ -279,12 +272,6 @@ export class OpenID4VCIClient { return this.endpointMetadata; } - private async retrieveTrustChainMetadata(credentialIssuer: string, trustChains: Array): Promise { - const oidfClient = new FederationClient(null, null); - const resolvedTrustChain = await oidfClient.resolveTrustChain(credentialIssuer, trustChains); - return resolvedTrustChain?.trustChain?.asJsReadonlyArrayView().map((s) => parseJWT(s))[1].payload as EndpointMetadataResult | undefined; - } - private calculatePKCEOpts(pkce?: PKCEOpts) { this._state.pkce = generateMissingPKCEOpts({ ...this._state.pkce, ...pkce }); } diff --git a/packages/client/package.json b/packages/client/package.json index abb569e3..42c78f5f 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -47,11 +47,6 @@ "uint8arrays": "3.1.1", "uuid": "^9.0.1" }, - "peerDependencies": { - "@sphereon/openid-federation-client": "^0.1.1-unstable.21e8440", - "@sphereon/openid-federation-common": "^0.1.1-unstable.21e8440", - "@sphereon/openid-federation-open-api": "^0.1.1-unstable.21e8440" - }, "engines": { "node": ">=18" }, From 38171979d9e64a8c454122f20e3099a270ef25cc Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Tue, 26 Nov 2024 13:11:49 +0100 Subject: [PATCH 11/13] refactor: Updated pnpm-lock.yaml --- pnpm-lock.yaml | 78 -------------------------------------------------- 1 file changed, 78 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 5786947b..2b2bb1dc 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -118,15 +118,6 @@ importers: '@sphereon/oid4vci-common': specifier: workspace:* version: link:../oid4vci-common - '@sphereon/openid-federation-client': - specifier: ^0.1.1-unstable.21e8440 - version: 0.1.1-unstable.21e8440(encoding@0.1.13) - '@sphereon/openid-federation-common': - specifier: ^0.1.1-unstable.21e8440 - version: 0.1.1-unstable.21e8440(encoding@0.1.13) - '@sphereon/openid-federation-open-api': - specifier: ^0.1.1-unstable.21e8440 - version: 0.1.1-unstable.21e8440(encoding@0.1.13) '@sphereon/ssi-types': specifier: 0.30.2-feature.mdoc.funke2.367 version: 0.30.2-feature.mdoc.funke2.367 @@ -2125,9 +2116,6 @@ packages: '@jridgewell/trace-mapping@0.3.9': resolution: {integrity: sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==} - '@js-joda/core@3.2.0': - resolution: {integrity: sha512-PMqgJ0sw5B7FKb2d5bWYIoxjri+QlW/Pys7+Rw82jSH0QN3rB05jZ/VrrsUdh1w4+i2kw9JOejXGq/KhDOX7Kg==} - '@js-joda/core@5.6.3': resolution: {integrity: sha512-T1rRxzdqkEXcou0ZprN1q9yDRlvzCPLqmlNt5IIsGBzoEVgLCCYrKEwc84+TvsXuAc95VAZwtWD2zVsKPY4bcA==} @@ -2556,15 +2544,6 @@ packages: resolution: {integrity: sha512-mHH7I6fWdztaNjguGJOLaerXWnQymQ/xKQ8NqClIXoI2PJNgmpQG6DxFcLRs1aYyWg1iY8bPliLJi41u94KdCA==} bundledDependencies: [] - '@sphereon/openid-federation-client@0.1.1-unstable.21e8440': - resolution: {integrity: sha512-O1CW/t3Zan1wKQxdl6fzDXDrL/t+Ph9UB0rypJA4Pr9u4R+7nB+Z3KC/wphH2Q4NrJFP0sASKn0ER78Gc9onLw==} - - '@sphereon/openid-federation-common@0.1.1-unstable.21e8440': - resolution: {integrity: sha512-mumhjoqeP1qjy3SsT/3AExV+x+SwrO4On+ZrMTFNYjzY7zRKl6rKWkgA0iGbG6z2XR7xW3y1wzDqFxIGS94tXQ==} - - '@sphereon/openid-federation-open-api@0.1.1-unstable.21e8440': - resolution: {integrity: sha512-glePGlpbvZI+NhhsfoD44cFbamwIMIQF0xG1k1Ikr9i8XRZFBHz/w/WK9Hfc9dtP63Ry2Ckq8I4KlRZLL5OJ6g==} - '@sphereon/pex-models@2.3.1': resolution: {integrity: sha512-SByU4cJ0XYA6VZQ/L6lsSiRcFtBPHbFioCeQ4GP7/W/jQ+PSBD7uK2oTnKQ9/0iEiMK/6JYqhKgLs4a9UX3UTQ==} @@ -5738,9 +5717,6 @@ packages: jose@4.15.9: resolution: {integrity: sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==} - jose@5.9.4: - resolution: {integrity: sha512-WBBl6au1qg6OHj67yCffCgFR3BADJBXN8MdRvCgJDuMv3driV2nHr7jdGvaKX9IolosAsn+M0XRArqLXUhyJHQ==} - js-base64@3.7.7: resolution: {integrity: sha512-7rCnleh0z2CkXhH67J8K1Ytz0b2Y+yxTPL+/KOJoa20hfnVQ/3/T6W/KflYI4bRHRagNeXeU2bkNGI3v1oS/lw==} @@ -8626,18 +8602,6 @@ packages: utf-8-validate: optional: true - ws@8.5.0: - resolution: {integrity: sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg==} - engines: {node: '>=10.0.0'} - peerDependencies: - bufferutil: ^4.0.1 - utf-8-validate: ^5.0.2 - peerDependenciesMeta: - bufferutil: - optional: true - utf-8-validate: - optional: true - x25519-key-agreement-2020-context@1.0.0: resolution: {integrity: sha512-zblYd8oSg6hNAD+fA9X7ek1hJQRircl3jVlEVCaBTNN9Mv9b4G32uJvRZFMQEMmda8iaTtYo9i2dRMdXX8pjpA==} @@ -11179,8 +11143,6 @@ snapshots: '@jridgewell/resolve-uri': 3.1.2 '@jridgewell/sourcemap-codec': 1.5.0 - '@js-joda/core@3.2.0': {} - '@js-joda/core@5.6.3': {} '@js-joda/timezone@2.3.0(@js-joda/core@5.6.3)': @@ -11917,42 +11879,6 @@ snapshots: '@js-joda/timezone': 2.3.0(@js-joda/core@5.6.3) format-util: 1.0.5 - '@sphereon/openid-federation-client@0.1.1-unstable.21e8440(encoding@0.1.13)': - dependencies: - '@js-joda/core': 3.2.0 - abort-controller: 3.0.0 - format-util: 1.0.5 - jose: 5.9.4 - node-fetch: 2.6.12(encoding@0.1.13) - ws: 8.5.0 - transitivePeerDependencies: - - bufferutil - - encoding - - utf-8-validate - - '@sphereon/openid-federation-common@0.1.1-unstable.21e8440(encoding@0.1.13)': - dependencies: - abort-controller: 3.0.0 - format-util: 1.0.5 - node-fetch: 2.6.12(encoding@0.1.13) - typescript: 5.5.3 - ws: 8.5.0 - transitivePeerDependencies: - - bufferutil - - encoding - - utf-8-validate - - '@sphereon/openid-federation-open-api@0.1.1-unstable.21e8440(encoding@0.1.13)': - dependencies: - abort-controller: 3.0.0 - format-util: 1.0.5 - node-fetch: 2.6.12(encoding@0.1.13) - ws: 8.5.0 - transitivePeerDependencies: - - bufferutil - - encoding - - utf-8-validate - '@sphereon/pex-models@2.3.1': {} '@sphereon/pex@5.0.0-unstable.28': @@ -16376,8 +16302,6 @@ snapshots: jose@4.15.9: {} - jose@5.9.4: {} - js-base64@3.7.7: {} js-binary-schema-parser@2.0.3: {} @@ -19849,8 +19773,6 @@ snapshots: ws@8.18.0: {} - ws@8.5.0: {} - x25519-key-agreement-2020-context@1.0.0: {} xcode@3.0.1: From 61a14e601d0bf35a809961bff9e6c89bc7cd0866 Mon Sep 17 00:00:00 2001 From: sanderPostma Date: Wed, 11 Dec 2024 16:45:39 +0100 Subject: [PATCH 12/13] chore: return unencrypted state value along with jarm response --- .../jarm-auth-response-send.ts | 34 +++++++++---------- packages/siop-oid4vp/lib/op/OP.ts | 1 + 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts b/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts index 777b2caf..7bb77aeb 100644 --- a/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts +++ b/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts @@ -1,7 +1,7 @@ -import { appendFragmentParams, appendQueryParams } from '../utils.js'; -import type { JarmResponseMode, Openid4vpJarmResponseMode } from '../v-response-mode-registry.js'; -import { getJarmDefaultResponseMode, validateResponseMode } from '../v-response-mode-registry.js'; -import type { ResponseTypeOut } from '../v-response-type-registry.js'; +import { appendFragmentParams, appendQueryParams } from '../utils.js' +import type { JarmResponseMode, Openid4vpJarmResponseMode } from '../v-response-mode-registry.js' +import { getJarmDefaultResponseMode, validateResponseMode } from '../v-response-mode-registry.js' +import type { ResponseTypeOut } from '../v-response-type-registry.js' interface JarmAuthResponseSendInput { authRequestParams: { @@ -17,10 +17,11 @@ interface JarmAuthResponseSendInput { ); authResponse: string; + state: string; } export const jarmAuthResponseSend = async (input: JarmAuthResponseSendInput): Promise => { - const { authRequestParams, authResponse } = input; + const { authRequestParams, authResponse, state } = input; const responseEndpoint = 'response_uri' in authRequestParams ? new URL(authRequestParams.response_uri) : new URL(authRequestParams.redirect_uri); @@ -36,40 +37,39 @@ export const jarmAuthResponseSend = async (input: JarmAuthResponseSendInput): Pr switch (responseMode) { case 'direct_post.jwt': - return handleDirectPostJwt(responseEndpoint, authResponse); + return handleDirectPostJwt(responseEndpoint, authResponse, state); case 'query.jwt': - return handleQueryJwt(responseEndpoint, authResponse); + return handleQueryJwt(responseEndpoint, authResponse, state); case 'fragment.jwt': - return handleFragmentJwt(responseEndpoint, authResponse); + return handleFragmentJwt(responseEndpoint, authResponse, state); case 'form_post.jwt': throw new Error('Not implemented. form_post.jwt is not yet supported.'); } }; -async function handleDirectPostJwt(responseEndpoint: URL, responseJwt: string) { - const response = await fetch(responseEndpoint, { +async function handleDirectPostJwt(responseEndpoint: URL, responseJwt: string, state: string) { + const response = await fetch(responseEndpoint, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, - body: `response=${responseJwt}`, - }); - + body: `response=${responseJwt}&state=${state}` + }) return response; } -async function handleQueryJwt(responseEndpoint: URL, responseJwt: string) { +async function handleQueryJwt(responseEndpoint: URL, responseJwt: string, state: string) { const responseUrl = appendQueryParams({ url: responseEndpoint, - params: { response: responseJwt }, + params: { response: responseJwt, state }, }); const response = await fetch(responseUrl, { method: 'POST' }); return response; } -async function handleFragmentJwt(responseEndpoint: URL, responseJwt: string) { +async function handleFragmentJwt(responseEndpoint: URL, responseJwt: string, state: string) { const responseUrl = appendFragmentParams({ url: responseEndpoint, - fragments: { response: responseJwt }, + fragments: { response: responseJwt, state }, }); const response = await fetch(responseUrl, { method: 'POST' }); return response; diff --git a/packages/siop-oid4vp/lib/op/OP.ts b/packages/siop-oid4vp/lib/op/OP.ts index 0f188ccc..6ec4474d 100644 --- a/packages/siop-oid4vp/lib/op/OP.ts +++ b/packages/siop-oid4vp/lib/op/OP.ts @@ -246,6 +246,7 @@ export class OP { response_type: responseType, }, authResponse: response, + state: requestObjectPayload.state }) void this.emitEvent(AuthorizationEvents.ON_AUTH_RESPONSE_SENT_SUCCESS, { correlationId, subject: response }) return jarmResponse From 8b78e933ebb11ad7c88d2427a9766c090bac6eed Mon Sep 17 00:00:00 2001 From: sanderPostma Date: Mon, 13 Jan 2025 12:46:36 +0100 Subject: [PATCH 13/13] chore: throw reason for VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID --- .../lib/authorization-response/PresentationExchange.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/siop-oid4vp/lib/authorization-response/PresentationExchange.ts b/packages/siop-oid4vp/lib/authorization-response/PresentationExchange.ts index 66f717b2..6891bed8 100644 --- a/packages/siop-oid4vp/lib/authorization-response/PresentationExchange.ts +++ b/packages/siop-oid4vp/lib/authorization-response/PresentationExchange.ts @@ -397,7 +397,8 @@ export class PresentationExchange { try { verificationResult = await verifyPresentationCallback(presentation as W3CVerifiablePresentation, evaluationResults.value!) } catch (error: unknown) { - throw new Error(SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID) + const errorMessage = error instanceof Error ? error.message : String(error) + throw new Error(`${SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID}: ${errorMessage}`) } if (!verificationResult.verified) {