@sphereon/oid4vci-common - npm Package Compare versions

Comparing version 0.16.1-next.309 to 0.16.1-next.339

dist/functions/AuthorizationResponseUtil.d.ts

		@@ -1,3 +0,3 @@
		import { AuthorizationResponse } from '../types';
		export declare const toAuthorizationResponsePayload: (input: AuthorizationResponse \| string) => AuthorizationResponse;
		import { AuthorizationChallengeCodeResponse, AuthorizationResponse } from '../types';
		export declare const toAuthorizationResponsePayload: (input: AuthorizationResponse \| AuthorizationChallengeCodeResponse \| string) => AuthorizationResponse \| AuthorizationChallengeCodeResponse;
		//# sourceMappingURL=AuthorizationResponseUtil.d.ts.map

111

dist/types/Authorization.types.d.ts

		@@ -63,2 +63,113 @@ import { CreateDPoPClientOpts } from '@sphereon/oid4vc-common';
		}
		export interface CommonAuthorizationChallengeRequest {
		/**
		* REQUIRED if the client is not authenticating with the authorization server and if no auth_session is included..
		*/
		client_id?: string;
		/**
		* OPTIONAL. String value identifying a certain processing context at the Credential Issuer. A value for this parameter is typically passed in
		* an issuance initation request from the Credential Issuer to the Wallet. This request parameter is used to pass the
		* issuer_state value back to the Credential Issuer.
		*/
		issuer_state?: string;
		/**
		* The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings.
		*/
		scope?: string;
		/**
		* OPTIONAL. A random string or a JWE. The auth session allows the authorization server to associate subsequent
		* requests by this client with an ongoing authorization request sequence. The client MUST include the
		* auth_session in follow-up requests to the authorization challenge endpoint if it receives one along with
		* the error response.
		*/
		auth_session?: string;
		/**
		* OPTIONAL. If the "code_challenge_method" from Section 4.3 was "S256", the
		* received "code_verifier" is hashed by SHA-256, base64url-encoded, and
		* then compared to the "code_challenge", i.e.:
		* BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge
		*
		* If the "code_challenge_method" from Section 4.3 was "plain", they are
		* compared directly, i.e.:
		* code_verifier == code_challenge.
		*/
		code_challenge?: string;
		/**
		* OPTIONAL. value must be set either to "S256" or a value defined by a cryptographically secure
		*/
		code_challenge_method?: CodeChallengeMethod;
		/**
		* OPTIONAL. String containing information about the session when credential presentation is happening during issuance of another
		* credential. The content of this parameter is opaque to the wallet. When this parameter is present the Wallet MUST use this parameter in
		* the subsequent Authorization Challenge Request. This allows the Issuer to determine which it can be used by to prevent session
		* fixation attacks. The Response URI MAY return this parameter in response to successful Authorization Responses or for Error
		* Responses.
		*/
		presentation_during_issuance_session?: string;
		}
		export interface AuthorizationChallengeRequestOpts {
		clientId?: string;
		issuerState?: string;
		authSession?: string;
		scope?: string;
		codeChallenge?: string;
		codeChallengeMethod?: CodeChallengeMethod;
		presentationDuringIssuanceSession?: string;
		metadata?: EndpointMetadata;
		credentialIssuer?: string;
		}
		export interface AuthorizationChallengeErrorResponse {
		/**
		* A single ASCII error code of type AuthorizationChallengeError.
		*/
		error: AuthorizationChallengeError;
		/**
		* OPTIONAL. OPTIONAL. Human-readable ASCII text providing additional information, used
		* to assist the client developer in understanding the error that occurred. Values for the error_description
		* parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.
		*/
		error_description?: string;
		/**
		* OPTIONAL. A URI identifying a human-readable web page with information about the error, used
		* to provide the client developer with additional information about the error. Values for the error_uri
		* parameter MUST conform to the URI-reference syntax and thus MUST NOT include characters outside the
		* set %x21 / %x23-5B / %x5D-7E.
		*/
		error_uri?: string;
		/**
		* OPTIONAL. A random string or a JWE. The auth session allows the authorization server to associate subsequent
		* requests by this client with an ongoing authorization request sequence. The client MUST include the
		* auth_session in follow-up requests to the authorization challenge endpoint if it receives one along with
		* the error response.
		*/
		auth_session?: string;
		/**
		* OPTIONAL. The request URI corresponding to the authorization request posted. This URI is a single-use reference
		* to the respective request data in the subsequent authorization request.
		*/
		request_uri?: string;
		/**
		* OPTIONAL. A JSON number that represents the lifetime of the request URI in seconds as a positive integer.
		*/
		expires_in?: number;
		/**
		* String containing the OID4VP request URI. The Wallet will use this URI to start the OID4VP flow.
		*/
		presentation?: string;
		}
		export interface AuthorizationChallengeCodeResponse {
		/**
		* The authorization code issued by the authorization server.
		*/
		authorization_code: string;
		}
		export declare enum AuthorizationChallengeError {
		invalid_request = "invalid_request",
		invalid_client = "invalid_client",
		unauthorized_client = "unauthorized_client",
		invalid_session = "invalid_session",
		invalid_scope = "invalid_scope",
		insufficient_authorization = "insufficient_authorization",
		redirect_to_web = "redirect_to_web"
		}
		/**
		@@ -65,0 +176,0 @@ * string type added for conformity with our previous code in the client

dist/types/Authorization.types.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.AuthzFlowType = exports.CreateRequestObjectMode = exports.PARMode = exports.CodeChallengeMethod = exports.ResponseType = exports.Encoding = exports.GrantTypes = void 0;
		exports.AuthzFlowType = exports.CreateRequestObjectMode = exports.PARMode = exports.CodeChallengeMethod = exports.ResponseType = exports.Encoding = exports.GrantTypes = exports.AuthorizationChallengeError = void 0;
		const Generic_types_1 = require("./Generic.types");
		// https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-error-response
		var AuthorizationChallengeError;
		(function (AuthorizationChallengeError) {
		AuthorizationChallengeError["invalid_request"] = "invalid_request";
		AuthorizationChallengeError["invalid_client"] = "invalid_client";
		AuthorizationChallengeError["unauthorized_client"] = "unauthorized_client";
		AuthorizationChallengeError["invalid_session"] = "invalid_session";
		AuthorizationChallengeError["invalid_scope"] = "invalid_scope";
		AuthorizationChallengeError["insufficient_authorization"] = "insufficient_authorization";
		AuthorizationChallengeError["redirect_to_web"] = "redirect_to_web";
		})(AuthorizationChallengeError \|\| (exports.AuthorizationChallengeError = AuthorizationChallengeError = {}));
		var GrantTypes;
		@@ -6,0 +17,0 @@ (function (GrantTypes) {

dist/types/Generic.types.d.ts

		@@ -50,2 +50,3 @@ import { ICredentialContextType, IVerifiableCredential, W3CVerifiableCredential } from '@sphereon/ssi-types';
		notification_endpoint?: string;
		authorization_challenge_endpoint?: string;
		display?: MetadataDisplay[];
		@@ -52,0 +53,0 @@ credential_supplier_config?: CredentialSupplierConfig;

dist/types/ServerMetadata.d.ts

		@@ -14,2 +14,3 @@ import { DynamicRegistrationClientMetadata, SigningAlgo } from '@sphereon/oid4vc-common';
		authorization_endpoint?: string;
		authorization_challenge_endpoint?: string;
		token_endpoint?: string;
		@@ -68,3 +69,4 @@ token_endpoint_auth_methods_supported?: Array<TokenEndpointAuthMethod>;
		authorization_endpoint?: string;
		authorization_challenge_endpoint?: string;
		}
		//# sourceMappingURL=ServerMetadata.d.ts.map

dist/types/ServerMetadata.js

		@@ -8,2 +8,3 @@ "use strict";
		'authorization_endpoint',
		'authorization_challenge_endpoint',
		'token_endpoint',
		@@ -10,0 +11,0 @@ 'jwks_uri',

dist/types/StateManager.types.d.ts

		@@ -18,2 +18,3 @@ import { AssertedUniformCredentialOffer } from './CredentialIssuance.types';
		preAuthorizedCode?: string;
		authorizationCode?: string;
		}
		@@ -20,0 +21,0 @@ export declare enum IssueStatus {

dist/types/v1_0_13.types.d.ts

		@@ -17,2 +17,3 @@ import { JWK } from '@sphereon/oid4vc-common';
		display?: MetadataDisplay[];
		authorization_challenge_endpoint?: string;
		[x: string]: unknown;
		@@ -139,2 +140,3 @@ }
		display?: MetadataDisplay[];
		authorization_challenge_endpoint?: string;
		token_endpoint?: string;
		@@ -141,0 +143,0 @@ credential_supplier_config?: CredentialSupplierConfig;

lib/functions/AuthorizationResponseUtil.ts

		@@ -1,6 +0,6 @@
		import { AuthorizationResponse } from '../types';
		import { AuthorizationChallengeCodeResponse, AuthorizationResponse } from '../types'

		import { convertURIToJsonObject } from './Encoding';

		export const toAuthorizationResponsePayload = (input: AuthorizationResponse \| string): AuthorizationResponse => {
		export const toAuthorizationResponsePayload = (input: AuthorizationResponse \| AuthorizationChallengeCodeResponse \| string): AuthorizationResponse \| AuthorizationChallengeCodeResponse => {
		let response = input;
		@@ -7,0 +7,0 @@ if (typeof input === 'string') {

120

lib/types/Authorization.types.ts

		@@ -73,2 +73,122 @@ import { CreateDPoPClientOpts } from '@sphereon/oid4vc-common';

		// https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-authorization-challenge-req
		export interface CommonAuthorizationChallengeRequest {
		/**
		* REQUIRED if the client is not authenticating with the authorization server and if no auth_session is included..
		*/
		client_id?: string;
		/**
		* OPTIONAL. String value identifying a certain processing context at the Credential Issuer. A value for this parameter is typically passed in
		* an issuance initation request from the Credential Issuer to the Wallet. This request parameter is used to pass the
		* issuer_state value back to the Credential Issuer.
		*/
		issuer_state?: string
		/**
		* The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings.
		*/
		scope?: string; // TODO what we do with this
		/**
		* OPTIONAL. A random string or a JWE. The auth session allows the authorization server to associate subsequent
		* requests by this client with an ongoing authorization request sequence. The client MUST include the
		* auth_session in follow-up requests to the authorization challenge endpoint if it receives one along with
		* the error response.
		*/
		auth_session?: string
		/**
		* OPTIONAL. If the "code_challenge_method" from Section 4.3 was "S256", the
		* received "code_verifier" is hashed by SHA-256, base64url-encoded, and
		* then compared to the "code_challenge", i.e.:
		* BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge
		*
		* If the "code_challenge_method" from Section 4.3 was "plain", they are
		* compared directly, i.e.:
		* code_verifier == code_challenge.
		*/
		code_challenge?: string; // TODO what we do with this
		/**
		* OPTIONAL. value must be set either to "S256" or a value defined by a cryptographically secure
		*/
		code_challenge_method?: CodeChallengeMethod; // TODO what we do with this
		/**
		* OPTIONAL. String containing information about the session when credential presentation is happening during issuance of another
		* credential. The content of this parameter is opaque to the wallet. When this parameter is present the Wallet MUST use this parameter in
		* the subsequent Authorization Challenge Request. This allows the Issuer to determine which it can be used by to prevent session
		* fixation attacks. The Response URI MAY return this parameter in response to successful Authorization Responses or for Error
		* Responses.
		*/
		presentation_during_issuance_session?: string;
		}

		export interface AuthorizationChallengeRequestOpts {
		clientId?: string;
		issuerState?: string
		authSession?: string
		scope?: string
		codeChallenge?: string
		codeChallengeMethod?: CodeChallengeMethod
		presentationDuringIssuanceSession?: string;
		metadata?: EndpointMetadata;
		credentialIssuer?: string;
		}

		// https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-error-response
		export interface AuthorizationChallengeErrorResponse {
		/**
		* A single ASCII error code of type AuthorizationChallengeError.
		*/
		error: AuthorizationChallengeError
		/**
		* OPTIONAL. OPTIONAL. Human-readable ASCII text providing additional information, used
		* to assist the client developer in understanding the error that occurred. Values for the error_description
		* parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.
		*/
		error_description?: string
		/**
		* OPTIONAL. A URI identifying a human-readable web page with information about the error, used
		* to provide the client developer with additional information about the error. Values for the error_uri
		* parameter MUST conform to the URI-reference syntax and thus MUST NOT include characters outside the
		* set %x21 / %x23-5B / %x5D-7E.
		*/
		error_uri?: string
		/**
		* OPTIONAL. A random string or a JWE. The auth session allows the authorization server to associate subsequent
		* requests by this client with an ongoing authorization request sequence. The client MUST include the
		* auth_session in follow-up requests to the authorization challenge endpoint if it receives one along with
		* the error response.
		*/
		auth_session?: string
		/**
		* OPTIONAL. The request URI corresponding to the authorization request posted. This URI is a single-use reference
		* to the respective request data in the subsequent authorization request.
		*/
		request_uri?: string
		/**
		* OPTIONAL. A JSON number that represents the lifetime of the request URI in seconds as a positive integer.
		*/
		expires_in?: number
		/**
		* String containing the OID4VP request URI. The Wallet will use this URI to start the OID4VP flow.
		*/
		presentation?: string
		}

		// https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-authorization-challenge-res
		export interface AuthorizationChallengeCodeResponse {
		/**
		* The authorization code issued by the authorization server.
		*/
		authorization_code: string
		}

		// https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-error-response
		export enum AuthorizationChallengeError {
		invalid_request = 'invalid_request',
		invalid_client = 'invalid_client',
		unauthorized_client = 'unauthorized_client',
		invalid_session = 'invalid_session',
		invalid_scope = 'invalid_scope',
		insufficient_authorization = 'insufficient_authorization',
		redirect_to_web = 'redirect_to_web',
		}

		/**
		@@ -75,0 +195,0 @@ * string type added for conformity with our previous code in the client

lib/types/Generic.types.ts

		@@ -70,2 +70,3 @@ import { ICredentialContextType, IVerifiableCredential, W3CVerifiableCredential } from '@sphereon/ssi-types';
		notification_endpoint?: string;
		authorization_challenge_endpoint?: string // OPTIONAL URL of the Credential Issuer's Authorization Challenge Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. Described on https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-authorization-challenge-end
		display?: MetadataDisplay[]; // An array of objects, where each object contains display properties of a Credential Issuer for a certain language. Below is a non-exhaustive list of valid parameters that MAY be included:
		@@ -72,0 +73,0 @@ credential_supplier_config?: CredentialSupplierConfig;

lib/types/ServerMetadata.ts

		@@ -56,2 +56,3 @@ import { DynamicRegistrationClientMetadata, SigningAlgo } from '@sphereon/oid4vc-common';
		authorization_endpoint?: string;
		authorization_challenge_endpoint?: string;
		token_endpoint?: string;
		@@ -113,2 +114,3 @@ token_endpoint_auth_methods_supported?: Array<TokenEndpointAuthMethod>;
		'authorization_endpoint',
		'authorization_challenge_endpoint',
		'token_endpoint',
		@@ -152,2 +154,3 @@ 'jwks_uri',
		authorization_endpoint?: string; // Can be undefined in pre-auth flow
		authorization_challenge_endpoint?: string;
		}

lib/types/StateManager.types.ts

		@@ -20,2 +20,3 @@ import { AssertedUniformCredentialOffer } from './CredentialIssuance.types';
		preAuthorizedCode?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value
		authorizationCode?: string
		}
		@@ -22,0 +23,0 @@

lib/types/v1_0_13.types.ts

		@@ -35,2 +35,3 @@ import { JWK } from '@sphereon/oid4vc-common';
		display?: MetadataDisplay[];
		authorization_challenge_endpoint?: string

		@@ -205,2 +206,3 @@ [x: string]: unknown;
		display?: MetadataDisplay[]; // An array of objects, where each object contains display properties of a Credential Issuer for a certain language. Below is a non-exhaustive list of valid parameters that MAY be included:
		authorization_challenge_endpoint?: string // OPTIONAL URL of the Credential Issuer's Authorization Challenge Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. Described on https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-authorization-challenge-end

		@@ -207,0 +209,0 @@ //todo: these two are not mentioned in the spec

package.json

		{
		"name": "@sphereon/oid4vci-common",
		"version": "0.16.1-next.309+49de36e",
		"version": "0.16.1-next.339+b24bc4c",
		"description": "OpenID 4 Verifiable Credential Issuance Common Types",
		@@ -13,3 +13,3 @@ "source": "lib/index.ts",
		"dependencies": {
		"@sphereon/oid4vc-common": "0.16.1-next.309+49de36e",
		"@sphereon/oid4vc-common": "0.16.1-next.339+b24bc4c",
		"@sphereon/ssi-types": "0.32.1-feature.VDX.341.53",
		@@ -56,3 +56,3 @@ "cross-fetch": "^3.1.8",
		},
		"gitHead": "49de36edee06180707577defeb89b15af06de754"
		"gitHead": "b24bc4cad1fa44ded4bcd7ede84e0ff7856dfaab"
		}

dist/functions/AuthorizationResponseUtil.d.ts.map