From 6546ffcae8432b02b5be2a16cc6fc200054db5cf Mon Sep 17 00:00:00 2001 From: Timo Glastra Date: Fri, 26 Jan 2024 17:58:45 +0700 Subject: [PATCH 01/15] fix: check presentation callback result Signed-off-by: Timo Glastra --- src/authorization-response/PresentationExchange.ts | 7 ++++++- src/authorization-response/types.ts | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/authorization-response/PresentationExchange.ts b/src/authorization-response/PresentationExchange.ts index 9636dae..671b82b 100644 --- a/src/authorization-response/PresentationExchange.ts +++ b/src/authorization-response/PresentationExchange.ts @@ -344,7 +344,12 @@ export class PresentationExchange { // So the behavior here is to bypass it if not present if (verifyPresentationCallback) { try { - await verifyPresentationCallback(vpw.original as W3CVerifiablePresentation, presentationSubmission); + const verificationResult = await verifyPresentationCallback(vpw.original as W3CVerifiablePresentation, presentationSubmission); + if (!verificationResult.verified) { + throw new Error( + SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID + verificationResult.reason ? `. ${verificationResult.reason}` : '' + ); + } } catch (error: unknown) { throw new Error(SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID); } diff --git a/src/authorization-response/types.ts b/src/authorization-response/types.ts index ca1954d..3589558 100644 --- a/src/authorization-response/types.ts +++ b/src/authorization-response/types.ts @@ -87,7 +87,7 @@ export enum VPTokenLocation { TOKEN_RESPONSE = 'token_response', } -export type PresentationVerificationResult = { verified: boolean }; +export type PresentationVerificationResult = { verified: boolean; reason?: string }; export type PresentationVerificationCallback = ( args: W3CVerifiablePresentation | CompactSdJwtVc, From 98c0d344ac71164a03cee1797842a7fb19d1ec6c Mon Sep 17 00:00:00 2001 From: Timo Glastra Date: Sun, 28 Jan 2024 17:48:50 +0700 Subject: [PATCH 02/15] fix: import response type Signed-off-by: Timo Glastra --- src/authorization-request/AuthorizationRequest.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/authorization-request/AuthorizationRequest.ts b/src/authorization-request/AuthorizationRequest.ts index d9891bf..af63c1e 100644 --- a/src/authorization-request/AuthorizationRequest.ts +++ b/src/authorization-request/AuthorizationRequest.ts @@ -12,6 +12,7 @@ import { RequestObjectJwt, RequestObjectPayload, RequestStateInfo, + ResponseType, ResponseURIType, RPRegistrationMetadataPayload, Schema, From 1a699a369299baa929bfa9f6143bb0520b33c6d2 Mon Sep 17 00:00:00 2001 From: Sander Date: Wed, 28 Feb 2024 12:10:01 +0100 Subject: [PATCH 03/15] null-check on verifiedIdToken? --- src/authorization-response/AuthorizationResponse.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/authorization-response/AuthorizationResponse.ts b/src/authorization-response/AuthorizationResponse.ts index d36783a..7999098 100644 --- a/src/authorization-response/AuthorizationResponse.ts +++ b/src/authorization-response/AuthorizationResponse.ts @@ -137,8 +137,8 @@ export class AuthorizationResponse { const verifiedIdToken = await this.idToken?.verify(verifyOpts); const oid4vp = await verifyPresentations(this, verifyOpts); - const nonce = merged.nonce ?? verifiedIdToken.payload.nonce ?? oid4vp.nonce; - const state = merged.state ?? verifiedIdToken.payload.state; + const nonce = merged.nonce ?? verifiedIdToken?.payload.nonce ?? oid4vp.nonce; + const state = merged.state ?? verifiedIdToken?.payload.state; if (!state) { throw Error(`State is required`); From c73f4f78e6bc1f530545d68990591b5feedd56ab Mon Sep 17 00:00:00 2001 From: sander Date: Wed, 28 Feb 2024 16:29:29 +0100 Subject: [PATCH 04/15] SPHEREON-1157: include presentationSubmission in auth response, include nonce in AuthorizationResponsePayload --- .eslintrc.json | 0 .github/workflows/main.yml | 0 .gitignore | 0 .prettierignore | 0 CHANGELOG.md | 0 LICENSE | 0 README.md | 0 docs/auth-flow.md | 0 docs/auth-flow.puml | 0 docs/didjwt-class-diagram.md | 0 docs/eosio-dids-testnet.md | 0 docs/gimly-logo.png | Bin docs/presentation-exchange.puml | 0 docs/services-class-diagram.md | 0 docs/services-class-diagram.svg | 0 docs/walk-through.md | 0 generator/schemaGenerator.ts | 0 jest.config.cjs | 0 package.json | 0 src/authorization-request/AuthorizationRequest.ts | 0 src/authorization-request/Opts.ts | 0 src/authorization-request/Payload.ts | 0 src/authorization-request/RequestRegistration.ts | 0 src/authorization-request/URI.ts | 0 src/authorization-request/index.ts | 0 src/authorization-request/types.ts | 0 src/authorization-response/AuthorizationResponse.ts | 4 +++- src/authorization-response/OpenID4VP.ts | 0 src/authorization-response/Opts.ts | 0 src/authorization-response/Payload.ts | 2 ++ src/authorization-response/PresentationExchange.ts | 0 src/authorization-response/ResponseRegistration.ts | 0 src/authorization-response/index.ts | 0 src/authorization-response/types.ts | 0 src/did/DIDResolution.ts | 0 src/did/DidJWT.ts | 0 src/did/LinkedDomainValidations.ts | 0 src/did/index.ts | 0 src/helpers/Encodings.ts | 0 src/helpers/HttpUtils.ts | 0 src/helpers/Keys.ts | 0 src/helpers/LanguageTagUtils.ts | 0 src/helpers/Metadata.ts | 0 src/helpers/ObjectUtils.ts | 0 src/helpers/Revocation.ts | 0 src/helpers/SIOPSpecVersion.ts | 0 src/helpers/State.ts | 0 src/helpers/index.ts | 0 src/id-token/IDToken.ts | 0 src/id-token/Payload.ts | 0 src/id-token/index.ts | 0 src/index.ts | 0 src/op/OP.ts | 0 src/op/OPBuilder.ts | 0 src/op/Opts.ts | 0 src/op/index.ts | 0 src/request-object/Opts.ts | 0 src/request-object/Payload.ts | 0 src/request-object/RequestObject.ts | 0 src/request-object/index.ts | 0 src/request-object/types.ts | 0 src/rp/InMemoryRPSessionManager.ts | 0 src/rp/Opts.ts | 0 src/rp/RP.ts | 0 src/rp/RPBuilder.ts | 0 src/rp/index.ts | 0 src/rp/types.ts | 0 .../AuthorizationRequestPayloadVD11.schema.ts | 0 ...thorizationRequestPayloadVD12OID4VPD18.schema.ts | 0 .../AuthorizationRequestPayloadVID1.schema.ts | 0 src/schemas/AuthorizationResponseOpts.schema.ts | 0 src/schemas/DiscoveryMetadataPayload.schema.ts | 0 src/schemas/RPRegistrationMetadataPayload.schema.ts | 0 src/schemas/index.ts | 0 src/schemas/validation/index.ts | 0 src/types/Errors.ts | 0 src/types/Events.ts | 0 src/types/JWT.types.ts | 0 src/types/SIOP.types.ts | 1 + src/types/SSI.types.ts | 0 src/types/SessionManager.ts | 0 src/types/index.ts | 0 test/AuthenticationRequest.request.spec.ts | 0 test/AuthenticationRequest.verify.spec.ts | 0 test/AuthenticationResponse.response.spec.ts | 0 test/AuthenticationResponse.verify.spec.ts | 0 test/DocumentLoader.ts | 0 test/HttpUtils.fetch.spec.ts | 0 test/IT.spec.ts | 0 test/OP.request.spec.ts | 0 test/PresentationExchange.spec.ts | 0 test/RP.request.spec.ts | 0 test/SdJwt.spec.ts | 0 test/TestUtils.ts | 0 test/data/mockedData.ts | 0 test/e2e/EBSI.spec.ts | 0 test/e2e/mattr.launchpad.spec.ts | 0 test/functions/DidJWT.spec.ts | 0 test/functions/DidSiopMetadata.spec.ts | 0 test/functions/Encodings.spec.ts | 0 test/functions/LanguageTagUtils.spec.ts | 0 test/functions/LinkedDomainValidations.spec.ts | 0 test/interop/EBSI/EBSI.spec.ts | 0 test/interop/auth0/auth0.spec.ts | 0 test/interop/auth0/fixtures.ts | 0 test/interop/mattr/fixtures.ts | 0 test/modules.d.ts | 0 test/regressions/ClientIdIsObject.spec.ts | 0 .../jwtVCPresentationProfile.spec.ts | 0 tsconfig.build.json | 0 tsconfig.json | 0 yarn.lock | 0 112 files changed, 6 insertions(+), 1 deletion(-) mode change 100644 => 100755 .eslintrc.json mode change 100644 => 100755 .github/workflows/main.yml mode change 100644 => 100755 .gitignore mode change 100644 => 100755 .prettierignore mode change 100644 => 100755 CHANGELOG.md mode change 100644 => 100755 LICENSE mode change 100644 => 100755 README.md mode change 100644 => 100755 docs/auth-flow.md mode change 100644 => 100755 docs/auth-flow.puml mode change 100644 => 100755 docs/didjwt-class-diagram.md mode change 100644 => 100755 docs/eosio-dids-testnet.md mode change 100644 => 100755 docs/gimly-logo.png mode change 100644 => 100755 docs/presentation-exchange.puml mode change 100644 => 100755 docs/services-class-diagram.md mode change 100644 => 100755 docs/services-class-diagram.svg mode change 100644 => 100755 docs/walk-through.md mode change 100644 => 100755 generator/schemaGenerator.ts mode change 100644 => 100755 jest.config.cjs mode change 100644 => 100755 package.json mode change 100644 => 100755 src/authorization-request/AuthorizationRequest.ts mode change 100644 => 100755 src/authorization-request/Opts.ts mode change 100644 => 100755 src/authorization-request/Payload.ts mode change 100644 => 100755 src/authorization-request/RequestRegistration.ts mode change 100644 => 100755 src/authorization-request/URI.ts mode change 100644 => 100755 src/authorization-request/index.ts mode change 100644 => 100755 src/authorization-request/types.ts mode change 100644 => 100755 src/authorization-response/AuthorizationResponse.ts mode change 100644 => 100755 src/authorization-response/OpenID4VP.ts mode change 100644 => 100755 src/authorization-response/Opts.ts mode change 100644 => 100755 src/authorization-response/Payload.ts mode change 100644 => 100755 src/authorization-response/PresentationExchange.ts mode change 100644 => 100755 src/authorization-response/ResponseRegistration.ts mode change 100644 => 100755 src/authorization-response/index.ts mode change 100644 => 100755 src/authorization-response/types.ts mode change 100644 => 100755 src/did/DIDResolution.ts mode change 100644 => 100755 src/did/DidJWT.ts mode change 100644 => 100755 src/did/LinkedDomainValidations.ts mode change 100644 => 100755 src/did/index.ts mode change 100644 => 100755 src/helpers/Encodings.ts mode change 100644 => 100755 src/helpers/HttpUtils.ts mode change 100644 => 100755 src/helpers/Keys.ts mode change 100644 => 100755 src/helpers/LanguageTagUtils.ts mode change 100644 => 100755 src/helpers/Metadata.ts mode change 100644 => 100755 src/helpers/ObjectUtils.ts mode change 100644 => 100755 src/helpers/Revocation.ts mode change 100644 => 100755 src/helpers/SIOPSpecVersion.ts mode change 100644 => 100755 src/helpers/State.ts mode change 100644 => 100755 src/helpers/index.ts mode change 100644 => 100755 src/id-token/IDToken.ts mode change 100644 => 100755 src/id-token/Payload.ts mode change 100644 => 100755 src/id-token/index.ts mode change 100644 => 100755 src/index.ts mode change 100644 => 100755 src/op/OP.ts mode change 100644 => 100755 src/op/OPBuilder.ts mode change 100644 => 100755 src/op/Opts.ts mode change 100644 => 100755 src/op/index.ts mode change 100644 => 100755 src/request-object/Opts.ts mode change 100644 => 100755 src/request-object/Payload.ts mode change 100644 => 100755 src/request-object/RequestObject.ts mode change 100644 => 100755 src/request-object/index.ts mode change 100644 => 100755 src/request-object/types.ts mode change 100644 => 100755 src/rp/InMemoryRPSessionManager.ts mode change 100644 => 100755 src/rp/Opts.ts mode change 100644 => 100755 src/rp/RP.ts mode change 100644 => 100755 src/rp/RPBuilder.ts mode change 100644 => 100755 src/rp/index.ts mode change 100644 => 100755 src/rp/types.ts mode change 100644 => 100755 src/schemas/AuthorizationRequestPayloadVD11.schema.ts mode change 100644 => 100755 src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts mode change 100644 => 100755 src/schemas/AuthorizationRequestPayloadVID1.schema.ts mode change 100644 => 100755 src/schemas/AuthorizationResponseOpts.schema.ts mode change 100644 => 100755 src/schemas/DiscoveryMetadataPayload.schema.ts mode change 100644 => 100755 src/schemas/RPRegistrationMetadataPayload.schema.ts mode change 100644 => 100755 src/schemas/index.ts mode change 100644 => 100755 src/schemas/validation/index.ts mode change 100644 => 100755 src/types/Errors.ts mode change 100644 => 100755 src/types/Events.ts mode change 100644 => 100755 src/types/JWT.types.ts mode change 100644 => 100755 src/types/SIOP.types.ts mode change 100644 => 100755 src/types/SSI.types.ts mode change 100644 => 100755 src/types/SessionManager.ts mode change 100644 => 100755 src/types/index.ts mode change 100644 => 100755 test/AuthenticationRequest.request.spec.ts mode change 100644 => 100755 test/AuthenticationRequest.verify.spec.ts mode change 100644 => 100755 test/AuthenticationResponse.response.spec.ts mode change 100644 => 100755 test/AuthenticationResponse.verify.spec.ts mode change 100644 => 100755 test/DocumentLoader.ts mode change 100644 => 100755 test/HttpUtils.fetch.spec.ts mode change 100644 => 100755 test/IT.spec.ts mode change 100644 => 100755 test/OP.request.spec.ts mode change 100644 => 100755 test/PresentationExchange.spec.ts mode change 100644 => 100755 test/RP.request.spec.ts mode change 100644 => 100755 test/SdJwt.spec.ts mode change 100644 => 100755 test/TestUtils.ts mode change 100644 => 100755 test/data/mockedData.ts mode change 100644 => 100755 test/e2e/EBSI.spec.ts mode change 100644 => 100755 test/e2e/mattr.launchpad.spec.ts mode change 100644 => 100755 test/functions/DidJWT.spec.ts mode change 100644 => 100755 test/functions/DidSiopMetadata.spec.ts mode change 100644 => 100755 test/functions/Encodings.spec.ts mode change 100644 => 100755 test/functions/LanguageTagUtils.spec.ts mode change 100644 => 100755 test/functions/LinkedDomainValidations.spec.ts mode change 100644 => 100755 test/interop/EBSI/EBSI.spec.ts mode change 100644 => 100755 test/interop/auth0/auth0.spec.ts mode change 100644 => 100755 test/interop/auth0/fixtures.ts mode change 100644 => 100755 test/interop/mattr/fixtures.ts mode change 100644 => 100755 test/modules.d.ts mode change 100644 => 100755 test/regressions/ClientIdIsObject.spec.ts mode change 100644 => 100755 test/spec-compliance/jwtVCPresentationProfile.spec.ts mode change 100644 => 100755 tsconfig.build.json mode change 100644 => 100755 tsconfig.json mode change 100644 => 100755 yarn.lock diff --git a/.eslintrc.json b/.eslintrc.json old mode 100644 new mode 100755 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml old mode 100644 new mode 100755 diff --git a/.gitignore b/.gitignore old mode 100644 new mode 100755 diff --git a/.prettierignore b/.prettierignore old mode 100644 new mode 100755 diff --git a/CHANGELOG.md b/CHANGELOG.md old mode 100644 new mode 100755 diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/docs/auth-flow.md b/docs/auth-flow.md old mode 100644 new mode 100755 diff --git a/docs/auth-flow.puml b/docs/auth-flow.puml old mode 100644 new mode 100755 diff --git a/docs/didjwt-class-diagram.md b/docs/didjwt-class-diagram.md old mode 100644 new mode 100755 diff --git a/docs/eosio-dids-testnet.md b/docs/eosio-dids-testnet.md old mode 100644 new mode 100755 diff --git a/docs/gimly-logo.png b/docs/gimly-logo.png old mode 100644 new mode 100755 diff --git a/docs/presentation-exchange.puml b/docs/presentation-exchange.puml old mode 100644 new mode 100755 diff --git a/docs/services-class-diagram.md b/docs/services-class-diagram.md old mode 100644 new mode 100755 diff --git a/docs/services-class-diagram.svg b/docs/services-class-diagram.svg old mode 100644 new mode 100755 diff --git a/docs/walk-through.md b/docs/walk-through.md old mode 100644 new mode 100755 diff --git a/generator/schemaGenerator.ts b/generator/schemaGenerator.ts old mode 100644 new mode 100755 diff --git a/jest.config.cjs b/jest.config.cjs old mode 100644 new mode 100755 diff --git a/package.json b/package.json old mode 100644 new mode 100755 diff --git a/src/authorization-request/AuthorizationRequest.ts b/src/authorization-request/AuthorizationRequest.ts old mode 100644 new mode 100755 diff --git a/src/authorization-request/Opts.ts b/src/authorization-request/Opts.ts old mode 100644 new mode 100755 diff --git a/src/authorization-request/Payload.ts b/src/authorization-request/Payload.ts old mode 100644 new mode 100755 diff --git a/src/authorization-request/RequestRegistration.ts b/src/authorization-request/RequestRegistration.ts old mode 100644 new mode 100755 diff --git a/src/authorization-request/URI.ts b/src/authorization-request/URI.ts old mode 100644 new mode 100755 diff --git a/src/authorization-request/index.ts b/src/authorization-request/index.ts old mode 100644 new mode 100755 diff --git a/src/authorization-request/types.ts b/src/authorization-request/types.ts old mode 100644 new mode 100755 diff --git a/src/authorization-response/AuthorizationResponse.ts b/src/authorization-response/AuthorizationResponse.ts old mode 100644 new mode 100755 index 7999098..f2d11e4 --- a/src/authorization-response/AuthorizationResponse.ts +++ b/src/authorization-response/AuthorizationResponse.ts @@ -120,7 +120,9 @@ export class AuthorizationResponse { presentationDefinitions, presentations: wrappedPresentations, verificationCallback: verifyOpts.verification.presentationVerificationCallback, - opts: { ...responseOpts.presentationExchange, hasher: verifyOpts.hasher }, + opts: { ...responseOpts.presentationExchange, + presentationSubmission: (responseOpts.presentationExchange.presentationSubmission ?? authorizationResponsePayload.presentation_submission), + hasher: verifyOpts.hasher }, }); } diff --git a/src/authorization-response/OpenID4VP.ts b/src/authorization-response/OpenID4VP.ts old mode 100644 new mode 100755 diff --git a/src/authorization-response/Opts.ts b/src/authorization-response/Opts.ts old mode 100644 new mode 100755 diff --git a/src/authorization-response/Payload.ts b/src/authorization-response/Payload.ts old mode 100644 new mode 100755 index 7e65300..2c395aa --- a/src/authorization-response/Payload.ts +++ b/src/authorization-response/Payload.ts @@ -19,11 +19,13 @@ export const createResponsePayload = async ( // If state was in request, it must be in response const state: string | undefined = await authorizationRequest.getMergedProperty('state'); + const payload = await authorizationRequest.requestObject.getPayload(); const responsePayload: AuthorizationResponsePayload = { ...(responseOpts.accessToken && { access_token: responseOpts.accessToken }), ...(responseOpts.tokenType && { token_type: responseOpts.tokenType }), ...(responseOpts.refreshToken && { refresh_token: responseOpts.refreshToken }), + ...(payload?.nonce && { nonce: payload.nonce}), expires_in: responseOpts.expiresIn || 3600, state, }; diff --git a/src/authorization-response/PresentationExchange.ts b/src/authorization-response/PresentationExchange.ts old mode 100644 new mode 100755 diff --git a/src/authorization-response/ResponseRegistration.ts b/src/authorization-response/ResponseRegistration.ts old mode 100644 new mode 100755 diff --git a/src/authorization-response/index.ts b/src/authorization-response/index.ts old mode 100644 new mode 100755 diff --git a/src/authorization-response/types.ts b/src/authorization-response/types.ts old mode 100644 new mode 100755 diff --git a/src/did/DIDResolution.ts b/src/did/DIDResolution.ts old mode 100644 new mode 100755 diff --git a/src/did/DidJWT.ts b/src/did/DidJWT.ts old mode 100644 new mode 100755 diff --git a/src/did/LinkedDomainValidations.ts b/src/did/LinkedDomainValidations.ts old mode 100644 new mode 100755 diff --git a/src/did/index.ts b/src/did/index.ts old mode 100644 new mode 100755 diff --git a/src/helpers/Encodings.ts b/src/helpers/Encodings.ts old mode 100644 new mode 100755 diff --git a/src/helpers/HttpUtils.ts b/src/helpers/HttpUtils.ts old mode 100644 new mode 100755 diff --git a/src/helpers/Keys.ts b/src/helpers/Keys.ts old mode 100644 new mode 100755 diff --git a/src/helpers/LanguageTagUtils.ts b/src/helpers/LanguageTagUtils.ts old mode 100644 new mode 100755 diff --git a/src/helpers/Metadata.ts b/src/helpers/Metadata.ts old mode 100644 new mode 100755 diff --git a/src/helpers/ObjectUtils.ts b/src/helpers/ObjectUtils.ts old mode 100644 new mode 100755 diff --git a/src/helpers/Revocation.ts b/src/helpers/Revocation.ts old mode 100644 new mode 100755 diff --git a/src/helpers/SIOPSpecVersion.ts b/src/helpers/SIOPSpecVersion.ts old mode 100644 new mode 100755 diff --git a/src/helpers/State.ts b/src/helpers/State.ts old mode 100644 new mode 100755 diff --git a/src/helpers/index.ts b/src/helpers/index.ts old mode 100644 new mode 100755 diff --git a/src/id-token/IDToken.ts b/src/id-token/IDToken.ts old mode 100644 new mode 100755 diff --git a/src/id-token/Payload.ts b/src/id-token/Payload.ts old mode 100644 new mode 100755 diff --git a/src/id-token/index.ts b/src/id-token/index.ts old mode 100644 new mode 100755 diff --git a/src/index.ts b/src/index.ts old mode 100644 new mode 100755 diff --git a/src/op/OP.ts b/src/op/OP.ts old mode 100644 new mode 100755 diff --git a/src/op/OPBuilder.ts b/src/op/OPBuilder.ts old mode 100644 new mode 100755 diff --git a/src/op/Opts.ts b/src/op/Opts.ts old mode 100644 new mode 100755 diff --git a/src/op/index.ts b/src/op/index.ts old mode 100644 new mode 100755 diff --git a/src/request-object/Opts.ts b/src/request-object/Opts.ts old mode 100644 new mode 100755 diff --git a/src/request-object/Payload.ts b/src/request-object/Payload.ts old mode 100644 new mode 100755 diff --git a/src/request-object/RequestObject.ts b/src/request-object/RequestObject.ts old mode 100644 new mode 100755 diff --git a/src/request-object/index.ts b/src/request-object/index.ts old mode 100644 new mode 100755 diff --git a/src/request-object/types.ts b/src/request-object/types.ts old mode 100644 new mode 100755 diff --git a/src/rp/InMemoryRPSessionManager.ts b/src/rp/InMemoryRPSessionManager.ts old mode 100644 new mode 100755 diff --git a/src/rp/Opts.ts b/src/rp/Opts.ts old mode 100644 new mode 100755 diff --git a/src/rp/RP.ts b/src/rp/RP.ts old mode 100644 new mode 100755 diff --git a/src/rp/RPBuilder.ts b/src/rp/RPBuilder.ts old mode 100644 new mode 100755 diff --git a/src/rp/index.ts b/src/rp/index.ts old mode 100644 new mode 100755 diff --git a/src/rp/types.ts b/src/rp/types.ts old mode 100644 new mode 100755 diff --git a/src/schemas/AuthorizationRequestPayloadVD11.schema.ts b/src/schemas/AuthorizationRequestPayloadVD11.schema.ts old mode 100644 new mode 100755 diff --git a/src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts b/src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts old mode 100644 new mode 100755 diff --git a/src/schemas/AuthorizationRequestPayloadVID1.schema.ts b/src/schemas/AuthorizationRequestPayloadVID1.schema.ts old mode 100644 new mode 100755 diff --git a/src/schemas/AuthorizationResponseOpts.schema.ts b/src/schemas/AuthorizationResponseOpts.schema.ts old mode 100644 new mode 100755 diff --git a/src/schemas/DiscoveryMetadataPayload.schema.ts b/src/schemas/DiscoveryMetadataPayload.schema.ts old mode 100644 new mode 100755 diff --git a/src/schemas/RPRegistrationMetadataPayload.schema.ts b/src/schemas/RPRegistrationMetadataPayload.schema.ts old mode 100644 new mode 100755 diff --git a/src/schemas/index.ts b/src/schemas/index.ts old mode 100644 new mode 100755 diff --git a/src/schemas/validation/index.ts b/src/schemas/validation/index.ts old mode 100644 new mode 100755 diff --git a/src/types/Errors.ts b/src/types/Errors.ts old mode 100644 new mode 100755 diff --git a/src/types/Events.ts b/src/types/Events.ts old mode 100644 new mode 100755 diff --git a/src/types/JWT.types.ts b/src/types/JWT.types.ts old mode 100644 new mode 100755 diff --git a/src/types/SIOP.types.ts b/src/types/SIOP.types.ts old mode 100644 new mode 100755 index 65e4933..c57f436 --- a/src/types/SIOP.types.ts +++ b/src/types/SIOP.types.ts @@ -155,6 +155,7 @@ export interface AuthorizationResponsePayload { refresh_token?: string; expires_in?: number; state?: string; + nonce?: string; id_token?: string; vp_token?: Array | W3CVerifiablePresentation | CompactSdJwtVc; presentation_submission?: PresentationSubmission; diff --git a/src/types/SSI.types.ts b/src/types/SSI.types.ts old mode 100644 new mode 100755 diff --git a/src/types/SessionManager.ts b/src/types/SessionManager.ts old mode 100644 new mode 100755 diff --git a/src/types/index.ts b/src/types/index.ts old mode 100644 new mode 100755 diff --git a/test/AuthenticationRequest.request.spec.ts b/test/AuthenticationRequest.request.spec.ts old mode 100644 new mode 100755 diff --git a/test/AuthenticationRequest.verify.spec.ts b/test/AuthenticationRequest.verify.spec.ts old mode 100644 new mode 100755 diff --git a/test/AuthenticationResponse.response.spec.ts b/test/AuthenticationResponse.response.spec.ts old mode 100644 new mode 100755 diff --git a/test/AuthenticationResponse.verify.spec.ts b/test/AuthenticationResponse.verify.spec.ts old mode 100644 new mode 100755 diff --git a/test/DocumentLoader.ts b/test/DocumentLoader.ts old mode 100644 new mode 100755 diff --git a/test/HttpUtils.fetch.spec.ts b/test/HttpUtils.fetch.spec.ts old mode 100644 new mode 100755 diff --git a/test/IT.spec.ts b/test/IT.spec.ts old mode 100644 new mode 100755 diff --git a/test/OP.request.spec.ts b/test/OP.request.spec.ts old mode 100644 new mode 100755 diff --git a/test/PresentationExchange.spec.ts b/test/PresentationExchange.spec.ts old mode 100644 new mode 100755 diff --git a/test/RP.request.spec.ts b/test/RP.request.spec.ts old mode 100644 new mode 100755 diff --git a/test/SdJwt.spec.ts b/test/SdJwt.spec.ts old mode 100644 new mode 100755 diff --git a/test/TestUtils.ts b/test/TestUtils.ts old mode 100644 new mode 100755 diff --git a/test/data/mockedData.ts b/test/data/mockedData.ts old mode 100644 new mode 100755 diff --git a/test/e2e/EBSI.spec.ts b/test/e2e/EBSI.spec.ts old mode 100644 new mode 100755 diff --git a/test/e2e/mattr.launchpad.spec.ts b/test/e2e/mattr.launchpad.spec.ts old mode 100644 new mode 100755 diff --git a/test/functions/DidJWT.spec.ts b/test/functions/DidJWT.spec.ts old mode 100644 new mode 100755 diff --git a/test/functions/DidSiopMetadata.spec.ts b/test/functions/DidSiopMetadata.spec.ts old mode 100644 new mode 100755 diff --git a/test/functions/Encodings.spec.ts b/test/functions/Encodings.spec.ts old mode 100644 new mode 100755 diff --git a/test/functions/LanguageTagUtils.spec.ts b/test/functions/LanguageTagUtils.spec.ts old mode 100644 new mode 100755 diff --git a/test/functions/LinkedDomainValidations.spec.ts b/test/functions/LinkedDomainValidations.spec.ts old mode 100644 new mode 100755 diff --git a/test/interop/EBSI/EBSI.spec.ts b/test/interop/EBSI/EBSI.spec.ts old mode 100644 new mode 100755 diff --git a/test/interop/auth0/auth0.spec.ts b/test/interop/auth0/auth0.spec.ts old mode 100644 new mode 100755 diff --git a/test/interop/auth0/fixtures.ts b/test/interop/auth0/fixtures.ts old mode 100644 new mode 100755 diff --git a/test/interop/mattr/fixtures.ts b/test/interop/mattr/fixtures.ts old mode 100644 new mode 100755 diff --git a/test/modules.d.ts b/test/modules.d.ts old mode 100644 new mode 100755 diff --git a/test/regressions/ClientIdIsObject.spec.ts b/test/regressions/ClientIdIsObject.spec.ts old mode 100644 new mode 100755 diff --git a/test/spec-compliance/jwtVCPresentationProfile.spec.ts b/test/spec-compliance/jwtVCPresentationProfile.spec.ts old mode 100644 new mode 100755 diff --git a/tsconfig.build.json b/tsconfig.build.json old mode 100644 new mode 100755 diff --git a/tsconfig.json b/tsconfig.json old mode 100644 new mode 100755 diff --git a/yarn.lock b/yarn.lock old mode 100644 new mode 100755 From 65f5273f367ed7d8d3b8cc36ccbc46d404a6616d Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Thu, 29 Feb 2024 21:57:40 +0100 Subject: [PATCH 05/15] fix: Verified ID token is optional. Was assumed for nonce and state determenation --- src/authorization-response/AuthorizationResponse.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/authorization-response/AuthorizationResponse.ts b/src/authorization-response/AuthorizationResponse.ts index d36783a..c606992 100644 --- a/src/authorization-response/AuthorizationResponse.ts +++ b/src/authorization-response/AuthorizationResponse.ts @@ -137,8 +137,8 @@ export class AuthorizationResponse { const verifiedIdToken = await this.idToken?.verify(verifyOpts); const oid4vp = await verifyPresentations(this, verifyOpts); - const nonce = merged.nonce ?? verifiedIdToken.payload.nonce ?? oid4vp.nonce; - const state = merged.state ?? verifiedIdToken.payload.state; + const nonce = merged.nonce ?? oid4vp.nonce ?? verifiedIdToken?.payload.nonce; + const state = merged.state ?? verifiedIdToken?.payload.state; if (!state) { throw Error(`State is required`); From 5441c9171d282ee0c06f6d7e966b05462b5fd9bf Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Thu, 29 Feb 2024 22:05:25 +0100 Subject: [PATCH 06/15] chore: prep release notes --- CHANGELOG.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 29f038c..c3f97cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,25 @@ # Release Notes -The DID Auth SIOP typescript library is still in an alpha state at this point. Please note that the interfaces might +The DID Auth SIOP typescript library is still in an beta state at this point. Please note that the interfaces might still change a bit as the software still is in active development. +## 0.6.0 - 2024-02-29 +- Added: + - Initial support for SIOPv2 draft 11 + - Initial support for OID4VP draft 18 + - SD-JWT support + - Partial support for http(s) client_ids instead of DIDs. No validation for keys in this case yet though! + - Convert presentation submissions that inadvertently come in from external OPs as a string instead of an object + - Allow id-token only handling + - Allow vp-token only handling + - EBSI support +- Fixed: + - issue with determining whether a Presentation Definition reference has been used + - vp_token handling and nonce management was incorrect in certain cases (for instance when no id token is used) + - Make sure a presentation verification callback result throws an error if it does not verify + - Do not put VP token in the id token as default for spec versions above v10 if no explicit location is provided + - Several small fixes + ## 0.4.2 - 2023-10-01 Fixed an issue with did:key resolution used in Veramo From bde2537d710997863d7439f7ed711ddf1534dc87 Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Thu, 29 Feb 2024 23:39:48 +0100 Subject: [PATCH 07/15] chore: Update PEX deps --- package.json | 4 ++-- yarn.lock | 59 +++++++++++++++++++++++++++++++++++----------------- 2 files changed, 42 insertions(+), 21 deletions(-) diff --git a/package.json b/package.json index 761e89e..270f59f 100644 --- a/package.json +++ b/package.json @@ -30,8 +30,8 @@ "dependencies": { "@astronautlabs/jsonpath": "^1.1.2", "@sphereon/did-uni-client": "^0.6.1", - "@sphereon/pex": "^3.2.0", - "@sphereon/pex-models": "^2.2.0", + "@sphereon/pex": "^3.3.0", + "@sphereon/pex-models": "^2.2.2", "@sphereon/ssi-types": "0.18.1", "@sphereon/wellknown-dids-client": "^0.1.3", "cross-fetch": "^4.0.0", diff --git a/yarn.lock b/yarn.lock index ad86166..0b157f7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2527,20 +2527,33 @@ "@sd-jwt/types" "0.2.0" "@sd-jwt/utils" "0.2.0" -"@sd-jwt/present@^0.2.0": - version "0.2.0" - resolved "https://registry.yarnpkg.com/@sd-jwt/present/-/present-0.2.0.tgz#01ecbd09dd21287be892b36d754a79c8629387f2" - integrity sha512-6xDBiB+UqCwW8k7O7OUJ7BgC/8zcO+AD5ZX1k4I6yjDM9vscgPulSVxT/yUH+Aov3cZ/BKvfKC0qDEZkHmP/kg== +"@sd-jwt/decode@^0.3.0": + version "0.3.0" + resolved "https://registry.yarnpkg.com/@sd-jwt/decode/-/decode-0.3.0.tgz#23627ce1b7c678a6ac685d7241e7f64e18bd9a8c" + integrity sha512-jCN1g3VzopiUxUtBZWq0Ojfzbg+wYkE1/gV86Xq7/gV8aNacCJo7Su5a3pYtoYg/rnH7ou1kwpD6vteQFkvXMQ== dependencies: - "@sd-jwt/types" "0.2.0" - "@sd-jwt/utils" "0.2.0" + "@sd-jwt/types" "0.3.0" + "@sd-jwt/utils" "0.3.0" + +"@sd-jwt/present@^0.3.0": + version "0.3.0" + resolved "https://registry.yarnpkg.com/@sd-jwt/present/-/present-0.3.0.tgz#e054f66c0ec9c339570ec028e0f2291d75c279e3" + integrity sha512-dICPhH5hqOLXmuJMdTaA47ZMpCDkTzbWUQXsIgw0vma7Aj9Bc6ySNevPwlsUx4K8XBjPgYWwBM9tKdrs3tsCvQ== + dependencies: + "@sd-jwt/types" "0.3.0" + "@sd-jwt/utils" "0.3.0" "@sd-jwt/types@0.2.0": version "0.2.0" resolved "https://registry.yarnpkg.com/@sd-jwt/types/-/types-0.2.0.tgz#3cb50392e1b76ce69453f403c71c937a6e202352" integrity sha512-16WFRcL/maG0/JxN9UCSx07/vJ2SDbGscv9gDLmFLgJzhJcGPer41XfI6aDfVARYP430wHFixChfY/n7qC1L/Q== -"@sd-jwt/utils@0.2.0", "@sd-jwt/utils@^0.2.0": +"@sd-jwt/types@0.3.0": + version "0.3.0" + resolved "https://registry.yarnpkg.com/@sd-jwt/types/-/types-0.3.0.tgz#12f2fa7b448f1f5e368ddfac8db2143ed58c38f7" + integrity sha512-JbpZICZ+nWPiKPKw+Veg5tf0Oftit4EzxhLJyvcd0u4R6IulNZvi6LCoUL7b2IT1H86eYPd/qB1KvSh43ByZOA== + +"@sd-jwt/utils@0.2.0": version "0.2.0" resolved "https://registry.yarnpkg.com/@sd-jwt/utils/-/utils-0.2.0.tgz#ef52b744116e874f72ec01978f0631ad5a131eb7" integrity sha512-oHCfRYVHCb5RNwdq3eHAt7P9d7TsEaSM1TTux+xl1I9PeQGLtZETnto9Gchtzn8FlTrMdVsLlcuAcK6Viwj1Qw== @@ -2548,6 +2561,14 @@ "@sd-jwt/types" "0.2.0" buffer "*" +"@sd-jwt/utils@0.3.0", "@sd-jwt/utils@^0.3.0": + version "0.3.0" + resolved "https://registry.yarnpkg.com/@sd-jwt/utils/-/utils-0.3.0.tgz#73ce9809ccc98b35d5a6d1bf1ed34758bcdfb39d" + integrity sha512-jQNYxvyfLda9StVLeUqUZtv5csI6IuzcD6b55/wsC9xJgTuntZqf8vyJvuu4MwEJUFwm9PdGkCJXyl/nbpmNLw== + dependencies: + "@sd-jwt/types" "0.3.0" + buffer "*" + "@sinclair/typebox@^0.27.8": version "0.27.8" resolved "https://registry.yarnpkg.com/@sinclair/typebox/-/typebox-0.27.8.tgz#6667fac16c436b5434a387a34dedb013198f6e6e" @@ -2575,21 +2596,21 @@ cross-fetch "^4.0.0" did-resolver "^4.1.0" -"@sphereon/pex-models@^2.2.0": - version "2.2.0" - resolved "https://registry.yarnpkg.com/@sphereon/pex-models/-/pex-models-2.2.0.tgz#32013fff43d4f47df03e213792a9bcc6866a1f06" - integrity sha512-dGDRdoxJj+P0TRqu0R8R0/IdIzrCya1MsnxIFbcmSW3rjPsbwXbV0EojEfxXGD5LhqsUJiuAffMtyE2dtVI/XQ== +"@sphereon/pex-models@^2.2.2": + version "2.2.2" + resolved "https://registry.yarnpkg.com/@sphereon/pex-models/-/pex-models-2.2.2.tgz#3f8b12c49d8fab7372b4b47eae5bcbf8729cccba" + integrity sha512-CZIsBoaV5rMZEWYBsmH+RxsdoxpXf5FSDwDz0GB0qOf5WFk1BGUnzpZzi5yJ+2L151mhPk97dlRc9Wb01Awr4Q== -"@sphereon/pex@^3.2.0": - version "3.2.0" - resolved "https://registry.yarnpkg.com/@sphereon/pex/-/pex-3.2.0.tgz#2b8cd5e9094c88c2cbf822b1b70584ca4a08293a" - integrity sha512-6qk4L7PaxFsHSVjG0w5SbffwuwI0sbnwyoaNBNku17u2WOThBcnH22sgCdNRRbzacXs0e4iAw7Cb1cd730LQaQ== +"@sphereon/pex@^3.3.0": + version "3.3.0" + resolved "https://registry.yarnpkg.com/@sphereon/pex/-/pex-3.3.0.tgz#86384f7ee6e5a966b98d3e8010a27e93eb144317" + integrity sha512-CNthF/6dlIECqTqdOWGD5HOT72OWjzKTFVuFGmSbgOqsEtEtGU0e0g0gYbvXWNm0hYKsyFgS5XIZ1Uj3NR5UMg== dependencies: "@astronautlabs/jsonpath" "^1.1.2" - "@sd-jwt/decode" "^0.2.0" - "@sd-jwt/present" "^0.2.0" - "@sd-jwt/utils" "^0.2.0" - "@sphereon/pex-models" "^2.2.0" + "@sd-jwt/decode" "^0.3.0" + "@sd-jwt/present" "^0.3.0" + "@sd-jwt/utils" "^0.3.0" + "@sphereon/pex-models" "^2.2.2" "@sphereon/ssi-types" "0.18.1" ajv "^8.12.0" ajv-formats "^2.1.1" From 225357330383fd83aee479b5fd7e0a0d5343ca49 Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Thu, 29 Feb 2024 23:45:49 +0100 Subject: [PATCH 08/15] chore: Update schemas --- src/schemas/AuthorizationRequestPayloadVD11.schema.ts | 3 +++ src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts | 3 +++ src/schemas/AuthorizationRequestPayloadVID1.schema.ts | 3 +++ src/schemas/AuthorizationResponseOpts.schema.ts | 3 +++ src/schemas/DiscoveryMetadataPayload.schema.ts | 3 +++ src/schemas/RPRegistrationMetadataPayload.schema.ts | 3 +++ 6 files changed, 18 insertions(+) diff --git a/src/schemas/AuthorizationRequestPayloadVD11.schema.ts b/src/schemas/AuthorizationRequestPayloadVD11.schema.ts index 2ff0581..bf287d0 100644 --- a/src/schemas/AuthorizationRequestPayloadVD11.schema.ts +++ b/src/schemas/AuthorizationRequestPayloadVD11.schema.ts @@ -285,6 +285,9 @@ export const AuthorizationRequestPayloadVD11SchemaObj = { "jwt_vp": { "$ref": "#/definitions/JwtObject" }, + "jwt_vp_json": { + "$ref": "#/definitions/JwtObject" + }, "ldp": { "$ref": "#/definitions/LdpObject" }, diff --git a/src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts b/src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts index ba6fd30..8a415a9 100644 --- a/src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts +++ b/src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts @@ -291,6 +291,9 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { "jwt_vp": { "$ref": "#/definitions/JwtObject" }, + "jwt_vp_json": { + "$ref": "#/definitions/JwtObject" + }, "ldp": { "$ref": "#/definitions/LdpObject" }, diff --git a/src/schemas/AuthorizationRequestPayloadVID1.schema.ts b/src/schemas/AuthorizationRequestPayloadVID1.schema.ts index 1eed0da..9660e84 100644 --- a/src/schemas/AuthorizationRequestPayloadVID1.schema.ts +++ b/src/schemas/AuthorizationRequestPayloadVID1.schema.ts @@ -257,6 +257,9 @@ export const AuthorizationRequestPayloadVID1SchemaObj = { "jwt_vp": { "$ref": "#/definitions/JwtObject" }, + "jwt_vp_json": { + "$ref": "#/definitions/JwtObject" + }, "ldp": { "$ref": "#/definitions/LdpObject" }, diff --git a/src/schemas/AuthorizationResponseOpts.schema.ts b/src/schemas/AuthorizationResponseOpts.schema.ts index 95a73b4..01533a4 100644 --- a/src/schemas/AuthorizationResponseOpts.schema.ts +++ b/src/schemas/AuthorizationResponseOpts.schema.ts @@ -1409,6 +1409,9 @@ export const AuthorizationResponseOptsSchemaObj = { "jwt_vp": { "$ref": "#/definitions/JwtObject" }, + "jwt_vp_json": { + "$ref": "#/definitions/JwtObject" + }, "ldp": { "$ref": "#/definitions/LdpObject" }, diff --git a/src/schemas/DiscoveryMetadataPayload.schema.ts b/src/schemas/DiscoveryMetadataPayload.schema.ts index aeeae0d..35bf911 100644 --- a/src/schemas/DiscoveryMetadataPayload.schema.ts +++ b/src/schemas/DiscoveryMetadataPayload.schema.ts @@ -1245,6 +1245,9 @@ export const DiscoveryMetadataPayloadSchemaObj = { "jwt_vp": { "$ref": "#/definitions/JwtObject" }, + "jwt_vp_json": { + "$ref": "#/definitions/JwtObject" + }, "ldp": { "$ref": "#/definitions/LdpObject" }, diff --git a/src/schemas/RPRegistrationMetadataPayload.schema.ts b/src/schemas/RPRegistrationMetadataPayload.schema.ts index dc2421f..0fcac0a 100644 --- a/src/schemas/RPRegistrationMetadataPayload.schema.ts +++ b/src/schemas/RPRegistrationMetadataPayload.schema.ts @@ -169,6 +169,9 @@ export const RPRegistrationMetadataPayloadSchemaObj = { "jwt_vp": { "$ref": "#/definitions/JwtObject" }, + "jwt_vp_json": { + "$ref": "#/definitions/JwtObject" + }, "ldp": { "$ref": "#/definitions/LdpObject" }, From 3ebd3557bc6d9b2d5e8df6f6d07366179fe144f0 Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Thu, 29 Feb 2024 23:48:30 +0100 Subject: [PATCH 09/15] v0.6.0 --- package.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/package.json b/package.json index 270f59f..d8a15f7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@sphereon/did-auth-siop", - "version": "0.6.0-unstable.9", + "version": "0.6.0", "source": "src/index.ts", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -46,20 +46,22 @@ "uuid": "^9.0.0" }, "devDependencies": { + "@babel/core": "^7.23.9", + "@babel/plugin-transform-runtime": "^7.16.0", + "@babel/preset-env": "^7.16.0", + "@cef-ebsi/ebsi-did-resolver": "^3.2.0", + "@cef-ebsi/key-did-resolver": "^1.1.0", + "@cef-ebsi/oauth2-auth": "^3.0.0", + "@cef-ebsi/siop-auth": "^4.0.0", + "@cef-ebsi/verifiable-presentation": "^6.1.0", + "@cef-ebsi/wallet-lib": "^4.2.0", "@digitalcredentials/did-method-key": "^2.0.3", "@digitalcredentials/ed25519-signature-2020": "^3.0.2", "@digitalcredentials/jsonld-signatures": "^9.3.2", "@digitalcredentials/vc": "^6.0.0", + "@transmute/did-key-ed25519": "^0.3.0-unstable.10", "@transmute/ed25519-key-pair": "0.7.0-unstable.82", "@transmute/ed25519-signature-2018": "^0.7.0-unstable.82", - "@transmute/did-key-ed25519": "^0.3.0-unstable.10", - "@cef-ebsi/wallet-lib": "^4.2.0", - "@cef-ebsi/siop-auth": "^4.0.0", - "@cef-ebsi/oauth2-auth": "^3.0.0", - "@cef-ebsi/ebsi-did-resolver": "^3.2.0", - "@cef-ebsi/key-did-resolver": "^1.1.0", - "@cef-ebsi/verifiable-presentation": "^6.1.0", - "did-resolver": "^4.1.0", "@types/jest": "^29.5.11", "@types/language-tags": "^1.0.4", "@types/qs": "^6.9.11", @@ -71,14 +73,12 @@ "bs58": "^5.0.0", "codecov": "^3.8.3", "cspell": "^6.26.3", + "did-resolver": "^4.1.0", "dotenv": "^16.3.1", "eslint": "^8.34.0", "eslint-config-prettier": "^8.6.0", "eslint-plugin-eslint-comments": "^3.2.0", "eslint-plugin-import": "^2.27.5", - "@babel/core": "^7.23.9", - "@babel/plugin-transform-runtime": "^7.16.0", - "@babel/preset-env": "^7.16.0", "ethers": "^6.10.0", "jest": "^29.7.0", "jest-junit": "^16.0.0", From 856b783bb4edbdb86eadcf74d962888f61a7d167 Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Thu, 29 Feb 2024 23:49:15 +0100 Subject: [PATCH 10/15] chore: new dev cycle --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d8a15f7..936510a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@sphereon/did-auth-siop", - "version": "0.6.0", + "version": "0.6.1-unstable.0", "source": "src/index.ts", "main": "dist/index.js", "types": "dist/index.d.ts", From 3e3bcd76553c7915a866eec132dbafc305d618da Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Mon, 4 Mar 2024 21:14:43 +0100 Subject: [PATCH 11/15] fix: redirect_uri or response_uri were not updated for new requests, resulting in recreating stale request objects --- src/request-object/Payload.ts | 3 ++- src/rp/RP.ts | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/request-object/Payload.ts b/src/request-object/Payload.ts index 94d8c10..caa8912 100644 --- a/src/request-object/Payload.ts +++ b/src/request-object/Payload.ts @@ -42,7 +42,8 @@ export const createRequestObjectPayload = async (opts: CreateAuthorizationReques scope: payload.scope ?? Scope.OPENID, //TODO implement /.well-known/openid-federation support in the OP side to resolve the client_id (URL) and retrieve the metadata client_id: clientId ?? opts.requestObject.signature.did, - redirect_uri: payload.redirect_uri, + ...(payload.redirect_uri && { redirect_uri: payload.redirect_uri }), + ...(payload.response_uri && { response_uri: payload.response_uri }), response_mode: payload.response_mode ?? ResponseMode.DIRECT_POST, ...(payload.id_token_hint && { id_token_hint: payload.id_token_hint }), registration_uri: registration.clientMetadataOpts.reference_uri, diff --git a/src/rp/RP.ts b/src/rp/RP.ts index 1e58ce6..5a19620 100644 --- a/src/rp/RP.ts +++ b/src/rp/RP.ts @@ -237,14 +237,14 @@ export class RP { throw Error(`A response or redirect URI is required at this point`); } else { if (responseURIType === 'redirect_uri') { - if (this._createRequestOptions?.requestObject?.payload && !this._createRequestOptions.requestObject?.payload?.redirect_uri) { + if (this._createRequestOptions?.requestObject?.payload) { this._createRequestOptions.requestObject.payload.redirect_uri = responseURI; } if (!referenceURI && !this._createRequestOptions.payload?.redirect_uri) { this._createRequestOptions.payload.redirect_uri = responseURI; } } else if (responseURIType === 'response_uri') { - if (this._createRequestOptions?.requestObject?.payload && !this._createRequestOptions.requestObject?.payload?.response_uri) { + if (this._createRequestOptions?.requestObject?.payload) { this._createRequestOptions.requestObject.payload.response_uri = responseURI; } if (!referenceURI && !this._createRequestOptions.payload?.response_uri) { From ff2df4c435c076d893a17d0311c89767aa8f7bd0 Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Mon, 4 Mar 2024 21:19:58 +0100 Subject: [PATCH 12/15] chore: release v0.6.1 --- CHANGELOG.md | 5 +++++ package.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3f97cc..321f503 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,11 @@ The DID Auth SIOP typescript library is still in an beta state at this point. Please note that the interfaces might still change a bit as the software still is in active development. +## 0.6.1 - 2024-03-04 + +- Fixed: + - RP kept stale options to create the request object, resulting in recreation of the same request object over and over + ## 0.6.0 - 2024-02-29 - Added: - Initial support for SIOPv2 draft 11 diff --git a/package.json b/package.json index d8a15f7..736aa8c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@sphereon/did-auth-siop", - "version": "0.6.0", + "version": "0.6.1", "source": "src/index.ts", "main": "dist/index.js", "types": "dist/index.d.ts", From cdf7ef3465e0b45319bfd16bb1941226687460e8 Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Mon, 4 Mar 2024 21:21:31 +0100 Subject: [PATCH 13/15] chore: release v0.6.2 --- CHANGELOG.md | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 321f503..4f8f000 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ The DID Auth SIOP typescript library is still in an beta state at this point. Please note that the interfaces might still change a bit as the software still is in active development. -## 0.6.1 - 2024-03-04 +## 0.6.2 - 2024-03-04 - Fixed: - RP kept stale options to create the request object, resulting in recreation of the same request object over and over diff --git a/package.json b/package.json index 736aa8c..7688d7e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@sphereon/did-auth-siop", - "version": "0.6.1", + "version": "0.6.2", "source": "src/index.ts", "main": "dist/index.js", "types": "dist/index.d.ts", From ad2cca52809b22764af2c1ae21da4b17c84ec7d4 Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Mon, 4 Mar 2024 21:23:11 +0100 Subject: [PATCH 14/15] chore: next dev cycle --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7688d7e..68b0a5c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@sphereon/did-auth-siop", - "version": "0.6.2", + "version": "0.6.3-unstable.0", "source": "src/index.ts", "main": "dist/index.js", "types": "dist/index.d.ts", From ef9a5ae0bee52b7b28c76595750e04c4900d7e20 Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Mon, 4 Mar 2024 21:24:43 +0100 Subject: [PATCH 15/15] chore: update deps --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 68b0a5c..0f20f96 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "@sphereon/did-uni-client": "^0.6.1", "@sphereon/pex": "^3.3.0", "@sphereon/pex-models": "^2.2.2", - "@sphereon/ssi-types": "0.18.1", + "@sphereon/ssi-types": "0.19.0", "@sphereon/wellknown-dids-client": "^0.1.3", "cross-fetch": "^4.0.0", "did-jwt": "6.11.6",