Merge pull request #120 from Sphereon-Opensource/develop

New release

Author: nklomp

packages/callback-example/lib/__tests__/issuerCallback.spec.ts

@@ -1,6 +1,6 @@
 import { KeyObject } from 'crypto'
 
-import { CredentialRequestClient, CredentialRequestClientBuilder, ProofOfPossessionBuilder } from '@sphereon/oid4vci-client'
+import { CredentialRequestClientBuilder, ProofOfPossessionBuilder } from '@sphereon/oid4vci-client'
 import {
   Alg,
   CNonceState,
@@ -252,7 +252,7 @@ describe('issuerCallback', () => {
       .withKid(kid)
       .build()
 
-    const credentialRequestClient = new CredentialRequestClient(credReqClient)
+    const credentialRequestClient = credReqClient.build()
     const credentialRequest: CredentialRequest = await credentialRequestClient.createCredentialRequest({
       credentialIdentifier: 'VerifiableCredential',
       // format: 'jwt_vc_json',

packages/callback-example/package.json

@@ -18,7 +18,7 @@
     "@sphereon/oid4vci-client": "workspace:*",
     "@sphereon/oid4vci-common": "workspace:*",
     "@sphereon/oid4vci-issuer": "workspace:*",
-    "@sphereon/ssi-types": "^0.18.1",
+    "@sphereon/ssi-types": "0.26.1-next.6",
     "jose": "^4.10.0"
   },
   "devDependencies": {

packages/client/lib/AccessTokenClient.ts

@@ -22,6 +22,7 @@ import {
 import { ObjectUtils } from '@sphereon/ssi-types';
 
 import { MetadataClientV1_0_13 } from './MetadataClientV1_0_13';
+import { createJwtBearerClientAssertion } from './functions';
 import { LOG } from './types';
 
 export class AccessTokenClient {
@@ -48,6 +49,9 @@ export class AccessTokenClient {
         code,
         redirectUri,
         pin,
+        credentialIssuer: issuer,
+        metadata,
+        additionalParams: opts.additionalParams,
         pinMetadata,
       }),
       pinMetadata,
@@ -90,11 +94,12 @@ export class AccessTokenClient {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
     const credentialOfferRequest = opts.credentialOffer ? await toUniformCredentialOfferRequest(opts.credentialOffer) : undefined;
-    const request: Partial<AccessTokenRequest> = {};
-
-    if (asOpts?.clientId) {
-      request.client_id = asOpts.clientId;
+    const request: Partial<AccessTokenRequest> = { ...opts.additionalParams };
+    if (asOpts?.clientOpts?.clientId) {
+      request.client_id = asOpts.clientOpts.clientId;
     }
+    const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer ?? opts.metadata?.issuer;
+    await createJwtBearerClientAssertion(request, { ...opts, credentialIssuer });
 
     if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
       this.assertAlphanumericPin(opts.pinMetadata, pin);

packages/client/lib/AccessTokenClientV1_0_11.ts

@@ -14,6 +14,7 @@ import {
   GrantTypes,
   IssuerOpts,
   JsonURIMode,
+  OpenId4VCIVersion,
   OpenIDResponse,
   PRE_AUTH_CODE_LITERAL,
   TokenErrorResponse,
@@ -24,6 +25,7 @@ import { ObjectUtils } from '@sphereon/ssi-types';
 import Debug from 'debug';
 
 import { MetadataClientV1_0_13 } from './MetadataClientV1_0_13';
+import { createJwtBearerClientAssertion } from './functions';
 
 const debug = Debug('sphereon:oid4vci:token');
 
@@ -51,6 +53,10 @@ export class AccessTokenClientV1_0_11 {
         code,
         redirectUri,
         pin,
+        credentialIssuer: issuer,
+        metadata,
+        additionalParams: opts.additionalParams,
+        pinMetadata: opts.pinMetadata,
       }),
       isPinRequired,
       metadata,
@@ -92,11 +98,13 @@ export class AccessTokenClientV1_0_11 {
     const credentialOfferRequest = opts.credentialOffer
       ? await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_11 | CredentialOfferV1_0_13)
       : undefined;
-    const request: Partial<AccessTokenRequest> = {};
+    const request: Partial<AccessTokenRequest> = { ...opts.additionalParams };
+    const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer ?? opts.metadata?.issuer;
 
-    if (asOpts?.clientId) {
-      request.client_id = asOpts.clientId;
+    if (asOpts?.clientOpts?.clientId) {
+      request.client_id = asOpts.clientOpts.clientId;
     }
+    await createJwtBearerClientAssertion(request, { ...opts, version: OpenId4VCIVersion.VER_1_0_11, credentialIssuer });
 
     if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
       this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);

packages/client/lib/AuthorizationCodeClient.ts

@@ -35,28 +35,31 @@ export async function createSignedAuthRequestWhenNeeded(requestObject: Record<st
     } else if (!opts.kid) {
       throw Error(`No kid found, whilst request object mode was set to ${opts.requestObjectMode}`);
     }
-    let client_metadata: any
+    let client_metadata: any;
     if (opts.clientMetadata || opts.jwksUri) {
       client_metadata = opts.clientMetadata ?? {};
       if (opts.jwksUri) {
         client_metadata['jwks_uri'] = opts.jwksUri;
       }
     }
-    let authorization_details = requestObject['authorization_details']
+    let authorization_details = requestObject['authorization_details'];
     if (typeof authorization_details === 'string') {
       authorization_details = JSON.parse(requestObject.authorization_details);
     }
     if (!requestObject.aud && opts.aud) {
       requestObject.aud = opts.aud;
     }
-    const iss = requestObject.iss ?? opts.iss ?? requestObject.client_id
+    const iss = requestObject.iss ?? opts.iss ?? requestObject.client_id;
 
-    const jwt: Jwt = { header: { alg: 'ES256', kid: opts.kid, typ: 'jwt' }, payload: {...requestObject, iss, authorization_details, ...(client_metadata && {client_metadata})} };
+    const jwt: Jwt = {
+      header: { alg: 'ES256', kid: opts.kid, typ: 'JWT' },
+      payload: { ...requestObject, iss, authorization_details, ...(client_metadata && { client_metadata }) },
+    };
     const pop = await ProofOfPossessionBuilder.fromJwt({
       jwt,
       callbacks: opts.signCallbacks,
       version: OpenId4VCIVersion.VER_1_0_11,
-      mode: 'jwt',
+      mode: 'JWT',
     }).build();
     requestObject['request'] = pop.jwt;
   }

packages/client/lib/CredentialRequestClient.ts

@@ -19,7 +19,8 @@ import { ExperimentalSubjectIssuance } from '@sphereon/oid4vci-common/dist/exper
 import { CredentialFormat } from '@sphereon/ssi-types';
 import Debug from 'debug';
 
-import { CredentialRequestClientBuilder } from './CredentialRequestClientBuilder';
+import { CredentialRequestClientBuilderV1_0_11 } from './CredentialRequestClientBuilderV1_0_11';
+import { CredentialRequestClientBuilderV1_0_13 } from './CredentialRequestClientBuilderV1_0_13';
 import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
 
 const debug = Debug('sphereon:oid4vci:credential');
@@ -78,7 +79,7 @@ export class CredentialRequestClient {
     return this.credentialRequestOpts.deferredCredentialEndpoint;
   }
 
-  public constructor(builder: CredentialRequestClientBuilder) {
+  public constructor(builder: CredentialRequestClientBuilderV1_0_13 | CredentialRequestClientBuilderV1_0_11) {
     this._credentialRequestOpts = { ...builder };
   }