fix: Fixes for VP submission data + support for vc+sd-jwt

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/did-auth-siop",
-  "version": "0.5.0-unstable.5",
+  "version": "0.5.0-unstable.8",
   "source": "src/index.ts",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -25,13 +25,13 @@
     "uninstall": "rimraf dist coverage node_modules"
   },
   "engines": {
-    "node": ">=16"
+    "node": ">=18"
   },
   "dependencies": {
     "@sphereon/did-uni-client": "^0.6.0",
     "qs": "^6.11.2",
-    "@sphereon/pex": "2.2.0",
-    "@sphereon/pex-models": "^2.1.1",
+    "@sphereon/pex": "2.2.2",
+    "@sphereon/pex-models": "^2.1.2",
     "@sphereon/ssi-types": "^0.17.5",
     "@sphereon/wellknown-dids-client": "^0.1.3",
     "@astronautlabs/jsonpath": "^1.1.2",

src/authorization-response/OpenID4VP.ts

@@ -1,4 +1,4 @@
-import { PEX } from '@sphereon/pex';
+import { IPresentationDefinition, PEX } from '@sphereon/pex';
 import { Format } from '@sphereon/pex-models';
 import { CredentialMapper, PresentationSubmission, W3CVerifiablePresentation, WrappedVerifiablePresentation } from '@sphereon/ssi-types';
 
@@ -80,7 +80,7 @@ export const extractPresentationsFromAuthorizationResponse = async (response: Au
 
 export const createPresentationSubmission = async (
   verifiablePresentations: W3CVerifiablePresentation[],
-  opts?: { presentationDefinitions: PresentationDefinitionWithLocation[] }
+  opts?: { presentationDefinitions: (PresentationDefinitionWithLocation | IPresentationDefinition)[] }
 ): Promise<PresentationSubmission> => {
   let submission_data: PresentationSubmission;
   for (const verifiablePresentation of verifiablePresentations) {
@@ -90,18 +90,19 @@ export const createPresentationSubmission = async (
       wrappedPresentation.presentation.presentation_submission ||
       wrappedPresentation.decoded.presentation_submission ||
       (typeof wrappedPresentation.original !== 'string' && wrappedPresentation.original.presentation_submission);
-    if (!submission && opts.presentationDefinitions) {
+    if (!submission && opts?.presentationDefinitions) {
       console.log(`No submission_data in VPs and not provided. Will try to deduce, but it is better to create the submission data beforehand`);
-      for (const definition of opts.presentationDefinitions) {
-        const result = new PEX().evaluatePresentation(definition.definition, wrappedPresentation.original, { generatePresentationSubmission: true });
+      for (const definitionOpt of opts.presentationDefinitions) {
+        const definition = 'definition' in definitionOpt ? definitionOpt.definition : definitionOpt;
+        const result = new PEX().evaluatePresentation(definition, wrappedPresentation.original, { generatePresentationSubmission: true });
         if (result.areRequiredCredentialsPresent) {
           submission = result.value;
           break;
         }
       }
     }
     if (!submission) {
-      throw Error('Verifiable Presentation has no submission_data, it has not been provided seperately, and could also not be deduced');
+      throw Error('Verifiable Presentation has no submission_data, it has not been provided separately, and could also not be deduced');
     }
     // let's merge all submission data into one object
     if (!submission_data) {

src/authorization-response/PresentationExchange.ts

@@ -66,12 +66,12 @@ export class PresentationExchange {
         ...options.proofOptions,
         proofPurpose: options?.proofOptions?.proofPurpose ?? IProofPurpose.authentication,
         type: options?.proofOptions?.type ?? IProofType.EcdsaSecp256k1Signature2019,
-        challenge: options?.proofOptions?.challenge,
-        domain: options?.proofOptions?.domain,
+        /* challenge: options?.proofOptions?.challenge,
+        domain: options?.proofOptions?.domain,*/
       },
       signatureOptions: {
         ...options.signatureOptions,
-        verificationMethod: options?.signatureOptions?.verificationMethod,
+        // verificationMethod: options?.signatureOptions?.verificationMethod,
         keyEncoding: options?.signatureOptions?.keyEncoding ?? KeyEncoding.Hex,
       },
     };
@@ -109,7 +109,7 @@ export class PresentationExchange {
       // fixme limited disclosure
       limitDisclosureSignatureSuites: [],
     });
-    if (selectResults.areRequiredCredentialsPresent == Status.ERROR) {
+    if (selectResults.areRequiredCredentialsPresent === Status.ERROR) {
       throw new Error(`message: ${SIOPErrors.COULD_NOT_FIND_VCS_MATCHING_PD}, details: ${JSON.stringify(selectResults.errors)}`);
     }
     return selectResults;
@@ -220,7 +220,7 @@ export class PresentationExchange {
       }
       PresentationExchange.assertValidPresentationDefinition(definition);
       allDefinitions.push({
-        definition: definition,
+        definition,
         location: PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF,
         version,
       });
@@ -329,7 +329,7 @@ export class PresentationExchange {
         // So the behavior here is to bypass it if not present
         if (verifyPresentationCallback) {
           try {
-            await verifyPresentationCallback(vpw.original as W3CVerifiablePresentation);
+            await verifyPresentationCallback(vpw.original as W3CVerifiablePresentation, presentationSubmission);
           } catch (error: unknown) {
             throw new Error(SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID);
           }
@@ -350,7 +350,7 @@ export class PresentationExchange {
 
     const checkedPresentations: WrappedVerifiablePresentation[] = filterOutCorrectPresentation();
 
-    if (!checkedPresentations.length || checkedPresentations.length != 1) {
+    if (checkedPresentations.length !== 1) {
       throw new Error(`${SIOPErrors.COULD_NOT_FIND_VCS_MATCHING_PD}`);
     }
     const checkedPresentation = checkedPresentations[0];

src/authorization-response/types.ts

@@ -89,7 +89,7 @@ export enum VPTokenLocation {
 
 export type PresentationVerificationResult = { verified: boolean };
 
-export type PresentationVerificationCallback = (args: W3CVerifiablePresentation) => Promise<PresentationVerificationResult>;
+export type PresentationVerificationCallback = (args: W3CVerifiablePresentation, presentationSubmissionn) => Promise<PresentationVerificationResult>;
 
 export type PresentationSignCallback = (args: PresentationSignCallBackParams) => Promise<W3CVerifiablePresentation>;
 

src/schemas/AuthorizationRequestPayloadVD11.schema.ts

@@ -293,6 +293,9 @@ export const AuthorizationRequestPayloadVD11SchemaObj = {
         },
         "ldp_vp": {
           "$ref": "#/definitions/LdpObject"
+        },
+        "vc+sd-jwt": {
+          "$ref": "#/definitions/SdJwtObject"
         }
       },
       "additionalProperties": false
@@ -327,6 +330,24 @@ export const AuthorizationRequestPayloadVD11SchemaObj = {
       ],
       "additionalProperties": false
     },
+    "SdJwtObject": {
+      "type": "object",
+      "properties": {
+        "sd_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "kb_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "additionalProperties": false
+    },
     "ResponseMode": {
       "type": "string",
       "enum": [

src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts

@@ -299,6 +299,9 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = {
         },
         "ldp_vp": {
           "$ref": "#/definitions/LdpObject"
+        },
+        "vc+sd-jwt": {
+          "$ref": "#/definitions/SdJwtObject"
         }
       },
       "additionalProperties": false
@@ -333,6 +336,24 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = {
       ],
       "additionalProperties": false
     },
+    "SdJwtObject": {
+      "type": "object",
+      "properties": {
+        "sd_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "kb_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "additionalProperties": false
+    },
     "ResponseMode": {
       "type": "string",
       "enum": [

src/schemas/AuthorizationRequestPayloadVID1.schema.ts

@@ -265,6 +265,9 @@ export const AuthorizationRequestPayloadVID1SchemaObj = {
         },
         "ldp_vp": {
           "$ref": "#/definitions/LdpObject"
+        },
+        "vc+sd-jwt": {
+          "$ref": "#/definitions/SdJwtObject"
         }
       },
       "additionalProperties": false
@@ -299,6 +302,24 @@ export const AuthorizationRequestPayloadVID1SchemaObj = {
       ],
       "additionalProperties": false
     },
+    "SdJwtObject": {
+      "type": "object",
+      "properties": {
+        "sd_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "kb_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "additionalProperties": false
+    },
     "ResponseMode": {
       "type": "string",
       "enum": [

src/schemas/AuthorizationResponseOpts.schema.ts

@@ -1417,6 +1417,9 @@ export const AuthorizationResponseOptsSchemaObj = {
         },
         "ldp_vp": {
           "$ref": "#/definitions/LdpObject"
+        },
+        "vc+sd-jwt": {
+          "$ref": "#/definitions/SdJwtObject"
         }
       },
       "additionalProperties": false
@@ -1451,6 +1454,24 @@ export const AuthorizationResponseOptsSchemaObj = {
       ],
       "additionalProperties": false
     },
+    "SdJwtObject": {
+      "type": "object",
+      "properties": {
+        "sd_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "kb_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "additionalProperties": false
+    },
     "IdTokenType": {
       "type": "string",
       "enum": [

src/schemas/DiscoveryMetadataPayload.schema.ts

@@ -1253,6 +1253,9 @@ export const DiscoveryMetadataPayloadSchemaObj = {
         },
         "ldp_vp": {
           "$ref": "#/definitions/LdpObject"
+        },
+        "vc+sd-jwt": {
+          "$ref": "#/definitions/SdJwtObject"
         }
       },
       "additionalProperties": false
@@ -1287,6 +1290,24 @@ export const DiscoveryMetadataPayloadSchemaObj = {
       ],
       "additionalProperties": false
     },
+    "SdJwtObject": {
+      "type": "object",
+      "properties": {
+        "sd_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "kb_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "additionalProperties": false
+    },
     "IdTokenType": {
       "type": "string",
       "enum": [

src/schemas/RPRegistrationMetadataPayload.schema.ts

@@ -177,6 +177,9 @@ export const RPRegistrationMetadataPayloadSchemaObj = {
         },
         "ldp_vp": {
           "$ref": "#/definitions/LdpObject"
+        },
+        "vc+sd-jwt": {
+          "$ref": "#/definitions/SdJwtObject"
         }
       },
       "additionalProperties": false
@@ -210,6 +213,24 @@ export const RPRegistrationMetadataPayloadSchemaObj = {
         "proof_type"
       ],
       "additionalProperties": false
+    },
+    "SdJwtObject": {
+      "type": "object",
+      "properties": {
+        "sd_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "kb_jwt_alg_values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "additionalProperties": false
     }
   }
 };

test/AuthenticationResponse.response.spec.ts

@@ -446,7 +446,9 @@ describe('create JWT from Request JWT should', () => {
       presentationExchange: {
         verifiablePresentations: [verifiablePresentationResult.verifiablePresentation],
         vpTokenLocation: VPTokenLocation.ID_TOKEN,
-        presentationSubmission: await createPresentationSubmission([verifiablePresentationResult.verifiablePresentation]),
+        presentationSubmission: await createPresentationSubmission([verifiablePresentationResult.verifiablePresentation], {
+          presentationDefinitions: [definition],
+        }),
       },
       responseMode: ResponseMode.POST,
     };
@@ -620,7 +622,9 @@ describe('create JWT from Request JWT should', () => {
       },
       presentationExchange: {
         verifiablePresentations: [verifiablePresentationResult.verifiablePresentation],
-        presentationSubmission: await createPresentationSubmission([verifiablePresentationResult.verifiablePresentation]),
+        presentationSubmission: await createPresentationSubmission([verifiablePresentationResult.verifiablePresentation], {
+          presentationDefinitions: [definition],
+        }),
         vpTokenLocation: VPTokenLocation.ID_TOKEN,
       },