Merge pull request #211 from Sphereon-Opensource/feature/SSISDK-78_code_auth_flow

feature/SSISDK-78_code_auth_flow

Author: sanderPostma

package.json

@@ -26,7 +26,7 @@
     "pnpm": ">=10"
   },
   "resolutions": {
-    "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.245",
+    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.78.280",
     "dcql": "1.0.1",
     "node-fetch": "2.6.12",
     "typescript": "5.8.3"

packages/callback-example/package.json

@@ -30,7 +30,7 @@
     "@sphereon/oid4vci-client": "workspace:^",
     "@sphereon/oid4vci-common": "workspace:^",
     "@sphereon/oid4vci-issuer": "workspace:^",
-    "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.245",
+    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.78.280",
     "jose": "^4.10.0"
   },
   "devDependencies": {

packages/client/lib/AuthorizationCodeClient.ts

@@ -109,12 +109,21 @@ export const createAuthorizationRequestUrl = async ({
   clientId?: string
   version?: OpenId4VCIVersion
 }): Promise<string> => {
-  function removeDisplayAndValueTypes(obj: any) {
+
+  function removeDisplayAndValueTypes(obj: any): any {
+    if (Array.isArray(obj)) {
+      return obj.map(item => removeDisplayAndValueTypes(item))
+    }
+
+    if (typeof obj !== 'object' || obj === null) {
+      return obj
+    }
+
     const newObj = { ...obj }
     for (const prop in newObj) {
       if (['display', 'value_type'].includes(prop)) {
         delete newObj[prop]
-      } else if (typeof newObj[prop] === 'object') {
+      } else if (typeof newObj[prop] === 'object' && newObj[prop] !== null) {
         newObj[prop] = removeDisplayAndValueTypes(newObj[prop])
       }
     }
@@ -215,7 +224,7 @@ export const createAuthorizationRequestUrl = async ({
     ...(credentialOffer?.issuerState && {
       issuer_state: credentialOffer.issuerState
     }),
-    scope: authorizationRequest.scope
+    scope: authorizationRequest.scope ?? 'openid'
   }
 
   if (credentialOffer?.issuerState) {
@@ -228,12 +237,11 @@ export const createAuthorizationRequestUrl = async ({
   } else if (parEndpoint && parMode !== PARMode.NEVER) {
     logger.debug(`USING PAR with endpoint ${parEndpoint}`)
 
-    const parResponse = await formPost<PushedAuthorizationResponse>(
-      parEndpoint,
-      convertJsonToURI(queryObj, {
-        mode: JsonURIMode.X_FORM_WWW_URLENCODED,
-        uriTypeProperties: ['client_id', 'request_uri', 'redirect_uri', 'scope', 'authorization_details', 'issuer_state', 'state']
-      }),
+    const parBody = convertJsonToURI(queryObj, {
+      mode: JsonURIMode.X_FORM_WWW_URLENCODED,
+      uriTypeProperties: ['client_id', 'request_uri', 'redirect_uri', 'scope', 'authorization_details', 'issuer_state', 'state']
+    })
+    const parResponse = await formPost<PushedAuthorizationResponse>(parEndpoint, parBody,
       { contentType: 'application/x-www-form-urlencoded', accept: 'application/json' }
     )
     if (parResponse.errorBody || !parResponse.successBody) {
@@ -322,6 +330,10 @@ const handleLocations = (
     } else {
       authorizationDetails.locations = [endpointMetadata.issuer]
     }
+
+    if (Array.isArray(authorizationDetails.locations)) {
+      authorizationDetails.locations = [...new Set(authorizationDetails.locations)]
+    }
   }
   return authorizationDetails
 }

packages/client/lib/CredentialRequestClient.ts

@@ -259,11 +259,12 @@ export class CredentialRequestClient {
     }
     response.access_token = requestToken
 
-    if ((uniformRequest.credential_subject_issuance && response.successBody) || response.successBody?.credential_subject_issuance) {
+/* TODO SSISDK-85
+  if ((uniformRequest.credential_subject_issuance && response.successBody) || response.successBody?.credential_subject_issuance) {
       if (JSON.stringify(uniformRequest.credential_subject_issuance) !== JSON.stringify(response.successBody?.credential_subject_issuance)) {
         throw Error('Subject signing was requested, but issuer did not provide the options in its response')
       }
-    }
+    }*/
     logger.debug(`Credential endpoint ${credentialEndpoint} response:\r\n${JSON.stringify(response, null, 2)}`)
 
     return {

packages/client/lib/__tests__/OpenID4VCIClient.spec.ts

@@ -129,7 +129,7 @@ describe('OpenID4VCIClient should', () => {
         },
       }),
     ).resolves.toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client',
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
     )
   })
   it('create an authorization request url with authorization_details object property', async () => {
@@ -156,7 +156,7 @@ describe('OpenID4VCIClient should', () => {
         },
       }),
     ).resolves.toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client',
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
     )
   })
 

packages/client/lib/__tests__/OpenID4VCIClientV1_0_15.spec.ts

@@ -121,7 +121,7 @@ describe('OpenID4VCIClientV1_0_15 should', () => {
         },
       }),
     ).resolves.toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client',
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
     )
   })
   it('create an authorization request url with authorization_details object property', async () => {
@@ -148,7 +148,7 @@ describe('OpenID4VCIClientV1_0_15 should', () => {
         },
       }),
     ).resolves.toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client',
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
     )
   })
 

packages/client/package.json

@@ -29,7 +29,7 @@
   "dependencies": {
     "@sphereon/oid4vc-common": "workspace:^",
     "@sphereon/oid4vci-common": "workspace:^",
-    "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.245",
+    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.78.280",
     "cross-fetch": "^4.1.0",
     "debug": "^4.4.0"
   },

packages/common/package.json

@@ -22,7 +22,7 @@
     "test": "vitest run --config ../../vitest.config.mts --coverage"
   },
   "dependencies": {
-    "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.245",
+    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.78.280",
     "jwt-decode": "^4.0.0",
     "uint8arrays": "^3.1.1",
     "uuid": "^9.0.0"

packages/issuer-rest/package.json

@@ -26,7 +26,7 @@
     "@sphereon/oid4vci-common": "workspace:^",
     "@sphereon/oid4vci-issuer": "workspace:^",
     "@sphereon/ssi-express-support": "0.34.1-next.3",
-    "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.245",
+    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.78.280",
     "body-parser": "^1.20.2",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",

packages/issuer/package.json

@@ -24,7 +24,7 @@
     "@sphereon/oid4vc-common": "workspace:^",
     "@sphereon/oid4vci-common": "workspace:^",
     "@sphereon/ssi-express-support": "0.34.1-next.3",
-    "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.245",
+    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.78.280",
     "short-uuid": "^4.2.2",
     "uuid": "^9.0.0"
   },