Merge pull request #206 from Sphereon-Opensource/feature/SSISDK-65_redirect-fix

feature/SSISDK-65_redirect-fix

Author: sanderPostma

package.json

@@ -13,9 +13,9 @@
     "fix:lint": "biome lint --error-on-warnings",
     "fix:prettier": "biome format --write",
     "build": "turbo run build",
-    "test:ci": "vitest run --config ./vitest.config.ts --coverage",
+    "test:ci": "vitest run --config vitest.config.mts --coverage",
     "test": "turbo run test:vitest",
-    "test:vitest": "vitest run --config ./vitest.config.ts --coverage",
+    "test:vitest": "vitest run --config vitest.config.mts --coverage",
     "clean": "rimraf --glob **/dist **/.turbo **/.tsup **/coverage **/pnpm-lock.yaml packages/**/node_modules node_modules packages/**/tsconfig.tsbuildinfo",
     "publish:latest": "lerna publish --conventional-commits --include-merged-tags --create-release github --yes --dist-tag latest --registry https://registry.npmjs.org",
     "publish:next": "lerna publish --conventional-prerelease --force-publish --canary --no-git-tag-version --include-merged-tags --preid next --pre-dist-tag next --yes --registry https://registry.npmjs.org",

packages/common/package.json

@@ -19,7 +19,7 @@
   },
   "scripts": {
     "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json",
-    "test": "vitest run --config ../../vitest.config.ts --coverage"
+    "test": "vitest run --config ../../vitest.config.mts --coverage"
   },
   "dependencies": {
     "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.245",

packages/oid4vci-common/lib/functions/TypeConversionUtils.ts

@@ -93,7 +93,7 @@ export function getTypesFromCredentialSupported(
     credentialSupported.format === 'ldp_vc'
   ) {
     types = getTypesFromObject(credentialSupported) ?? []
-  } else if (credentialSupported.format === 'dc+sd-jwt'/* || credentialSupported.format === 'vc+sd-jwt'*/) { // TODO VCDM needs vc+sd-jwt back
+  } else if (credentialSupported.format === 'dc+sd-jwt' || credentialSupported.format === 'vc+sd-jwt') {
     types = [credentialSupported.vct]
   } else if (credentialSupported.format === 'mso_mdoc') {
     types = [credentialSupported.doctype]

packages/oid4vci-common/lib/types/Authorization.types.ts

@@ -288,7 +288,7 @@ export interface AuthorizationDetailsJwtVcJsonLdAndLdpVc extends CommonAuthoriza
 }
 
 export interface AuthorizationDetailsSdJwtVc extends CommonAuthorizationDetails {
-  format: 'dc+sd-jwt'
+  format: 'dc+sd-jwt' | 'vc+sd-jwt'
 
   vct: string
   claims?: IssuerCredentialSubject

packages/oid4vci-common/lib/types/Generic.types.ts

@@ -29,7 +29,7 @@ export interface ImageInfo {
   [key: string]: unknown
 }
 
-export type OID4VCICredentialFormat = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc' | 'dc+sd-jwt'| /*'vc+sd-jwt' |*/ 'jwt_vc' | 'mso_mdoc' // jwt_vc & vc+sd-jwt are added for backwards compat TODO SSISDK-36
+export type OID4VCICredentialFormat = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc' | 'dc+sd-jwt'| 'vc+sd-jwt' | 'jwt_vc' | 'mso_mdoc' // jwt_vc & vc+sd-jwt are added for backwards compat TODO SSISDK-36
 
 export const supportedOID4VCICredentialFormat: readonly (OID4VCICredentialFormat | string)[] = [
   'jwt_vc_json',
@@ -166,7 +166,7 @@ export interface CredentialSupportedJwtVcJson extends CommonCredentialSupported
 }
 
 export interface CredentialSupportedSdJwtVc extends CommonCredentialSupported {
-  format: 'dc+sd-jwt'
+  format: 'dc+sd-jwt' | 'vc+sd-jwt' // TODO Separate CredentialSupportedSdJwtVc for vcdm2?
 
   vct: string
   claims?: IssuerCredentialSubject

packages/siop-oid4vp/lib/__tests__/RP.request.spec.ts

@@ -304,7 +304,7 @@ describe('RP should', () => {
     expect(request.encodedUri).toMatch(expectedUri)
     expect(request.requestObjectJwt).toMatch(expectedJwtRegex)
 
-    const responseRedirectUri = rp.getResponseRedirectUri({ correlation_id: '1234', state: 'b32f0087fc9816eb813fd11f' })
+    const responseRedirectUri = await rp.getResponseRedirectUri({ correlation_id: '1234', state: 'b32f0087fc9816eb813fd11f' })
     expect(responseRedirectUri).toBe('https://acme.com/1234?state=b32f0087fc9816eb813fd11f')
   })
 })

packages/siop-oid4vp/lib/rp/InMemoryRPSessionManager.ts

@@ -199,14 +199,19 @@ export class InMemoryRPSessionManager implements IRPSessionManager {
         queryId: event.queryId ?? this.queryIdMapping[event.correlationId],
         ...(type === 'request' && { request: event.subject }),
         ...(type === 'response' && { response: event.subject }),
+        ...(type === 'request' && event.responseRedirectURI && {responseRedirectURI: event.responseRedirectURI}),
         ...(event.error && { error: event.error }),
         status,
         timestamp: event.timestamp,
         lastUpdated: event.timestamp,
       }
       let state: AuthorizationRequestState | AuthorizationResponseState
       if (type === 'request') {
-        state = eventState as AuthorizationRequestState
+        const prevState = this.authorizationRequests[event.correlationId]
+        state = {
+          ...prevState,
+          ...eventState
+        } as AuthorizationRequestState
         this.authorizationRequests[event.correlationId] = state
         this.updateMapping(this.nonceMapping, event, 'nonce', event.correlationId, true)
         this.updateMapping(this.stateMapping, event, 'state', event.correlationId, true)

packages/siop-oid4vp/lib/rp/RP.ts

@@ -37,7 +37,7 @@ import {
   SupportedVersion,
   Verification,
   VerifiedAuthorizationResponse,
-  CallbackOpts
+  CallbackOpts, AuthorizationRequestState
 } from '../types'
 
 
@@ -93,7 +93,8 @@ export class RP {
     version?: SupportedVersion
     requestByReferenceURI?: string
     responseURI?: string
-    responseURIType?: ResponseURIType
+    responseURIType?: ResponseURIType,
+    responseRedirectURI?: string
   }): Promise<AuthorizationRequest> {
     const authorizationRequestOpts = this.newAuthorizationRequestOpts(opts)
 
@@ -131,23 +132,20 @@ export class RP {
     requestByReferenceURI?: string
     responseURI?: string
     responseURIType?: ResponseURIType
-    callback?: CallbackOpts
+    callback?: CallbackOpts,
+    responseRedirectURI?: string
   }): Promise<URI> {
     const authorizationRequestOpts = this.newAuthorizationRequestOpts(opts)
 
     try {
-      if(opts.queryId && this._dcqlQueryLookupCallback) {
-        const dcqlQuery:DcqlQuery = await this._dcqlQueryLookupCallback(opts.queryId)
-        authorizationRequestOpts.payload.dcql_query = dcqlQuery
-      }
-
       const uri = await URI.fromOpts(authorizationRequestOpts)
       const authRequest = await AuthorizationRequest.fromOpts(authorizationRequestOpts)
       this.emitEvent(AuthorizationEvents.ON_AUTH_REQUEST_CREATED_SUCCESS, {
         correlationId: opts.correlationId,
         queryId: opts.queryId,
         subject: authRequest,
-        callback: opts.callback
+        callback: opts.callback,
+        responseRedirectURI: opts.responseRedirectURI
       })
       return uri
     } catch (error) {
@@ -279,14 +277,35 @@ export class RP {
     return this._verifyResponseOptions
   }
 
-  public getResponseRedirectUri(mappings?: Record<string, string>): string | undefined {
-    if (!this._responseRedirectUri) {
-      return undefined
-    }
+  public async getResponseRedirectUri(mappings?: Record<string, string>): Promise<string | undefined> {
     if (!mappings) {
       return this._responseRedirectUri
     }
-    return Object.entries(mappings).reduce((uri, [key, value]) => uri.replace(`:${key}`, value), this._responseRedirectUri)
+
+    // Attempt to retrieve state from session manager
+    let state: AuthorizationRequestState | undefined
+    if (this.sessionManager) {
+      const correlationId = mappings['correlation_id'] ?? mappings['correlationId']
+
+      if (correlationId) {
+        state = await this.sessionManager.getRequestStateByCorrelationId(correlationId, true)
+      } else if (mappings['state']) {
+        state = await this.sessionManager.getRequestStateByState(mappings['state'], true)
+      }
+    }
+
+    // Determine the redirect URI from state or fallback to default
+    const redirectUri = state?.responseRedirectURI ?? this._responseRedirectUri
+
+    if (!redirectUri) {
+      return undefined
+    }
+
+    // Apply mappings to the redirect URI
+    return Object.entries(mappings).reduce(
+      (uri, [key, value]) => uri.replace(`:${key}`, value),
+      redirectUri
+    )
   }
 
   private newAuthorizationRequestOpts(opts: {
@@ -458,6 +477,7 @@ export class RP {
       queryId?: string
       subject?: AuthorizationRequest | AuthorizationResponse | AuthorizationResponsePayload
       callback?: CallbackOpts
+      responseRedirectURI?: string
       error?: Error
     },
   ): void {

packages/siop-oid4vp/lib/types/Events.ts

@@ -33,14 +33,23 @@ export class AuthorizationEvent<T> {
   private readonly _timestamp: number
   private readonly _correlationId: string
   private readonly _queryId: string
-
-  public constructor(args: { correlationId: string; queryId?: string, subject?: T; callback?: CallbackOpts, error?: Error }) {
+  private readonly _responseRedirectURI: string
+
+  public constructor(args: {
+    correlationId: string;
+    queryId?: string,
+    subject?: T;
+    callback?: CallbackOpts;
+    responseRedirectURI?: string,
+    error?: Error
+  }) {
     //fixme: Create correlationId if not provided. Might need to be deferred to registry though
     this._correlationId = args.correlationId
     this._queryId = args.queryId
     this._timestamp = Date.now()
     this._subject = args.subject
     this._callback = args.callback
+    this._responseRedirectURI = args.responseRedirectURI
     this._error = args.error
   }
 
@@ -60,6 +69,10 @@ export class AuthorizationEvent<T> {
     return this._callback
   }
 
+  get responseRedirectURI(): string {
+    return this._responseRedirectURI
+  }
+
   public hasError(): boolean {
     return !!this._error
   }

packages/siop-oid4vp/lib/types/SessionManager.ts

@@ -8,6 +8,7 @@ export interface AuthorizationRequestState {
   request: AuthorizationRequest
   status: AuthorizationRequestStateStatus
   callback?: CallbackOpts
+  responseRedirectURI?: string
   timestamp: number
   lastUpdated: number
   error?: Error