diff --git a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts index 5ae7d903..e7db5722 100644 --- a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts +++ b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts @@ -2,8 +2,8 @@ import { ErrorMessage, ExternalIdentifierOIDFEntityIdOpts, ExternalIdentifierOID import { IAgentContext } from '@veramo/core' import { IOIDFClient } from '@sphereon/ssi-sdk.oidf-client' import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config' -import { IJwsValidationResult } from '../types/IJwtService' - +import {IJwsValidationResult, JwsPayload} from '../types/IJwtService' +import * as u8a from 'uint8arrays' /** * Resolves an OIDF Entity ID against multiple trust anchors to establish trusted relationships * @@ -36,6 +36,7 @@ export async function resolveExternalOIDFEntityIdIdentifier( const errorList: Record = {} const jwkInfos: Array = [] + let payload: JwsPayload | undefined for (const trustAnchor of trustAnchors) { const resolveResult = await context.agent.resolveTrustChain({ entityIdentifier: identifier, @@ -64,6 +65,7 @@ export async function resolveExternalOIDFEntityIdIdentifier( continue } + payload = JSON.parse(u8a.toString(u8a.fromString(jwtVerifyResult.jws.payload, 'base64url'))) const signature = jwtVerifyResult.jws.signatures[0] if (signature.identifier.jwks.length === 0) { errorList[trustAnchor] = 'No JWK was present in the trust anchor signature' @@ -83,6 +85,7 @@ export async function resolveExternalOIDFEntityIdIdentifier( trustedAnchors: Array.from(trustedAnchors), ...(Object.keys(errorList).length > 0 && { errorList }), jwks: jwkInfos, + jwtPayload: payload, trustEstablished: trustedAnchors.size > 0, } } diff --git a/packages/identifier-resolution/src/types/externalIdentifierTypes.ts b/packages/identifier-resolution/src/types/externalIdentifierTypes.ts index 619375d9..750ca72f 100644 --- a/packages/identifier-resolution/src/types/externalIdentifierTypes.ts +++ b/packages/identifier-resolution/src/types/externalIdentifierTypes.ts @@ -14,6 +14,7 @@ import { isX5cIdentifier, JwkInfo, } from './common' +import {JwsPayload} from "./IJwtService"; /** * Use whenever we need to resolve an external identifier. We can pass in kids, DIDs, and x5chains @@ -172,6 +173,7 @@ export interface ExternalIdentifierOIDFEntityIdResult extends IExternalIdentifie method: 'entity_id' trustedAnchors: Array errorList?: Record + jwtPayload?: JwsPayload trustEstablished: boolean }