chore: updated credential_offer_uri endpoint & enabled JSON fetch in CredentialOfferClientV1_0_13 & CredentialOfferClientV

sanderPostma · sanderPostma · commit 8bd61e82e7a5 · 2025-02-07T19:17:22.000+01:00
diff --git a/packages/client/lib/CredentialOfferClient.ts b/packages/client/lib/CredentialOfferClient.ts
@@ -6,17 +6,18 @@ import {
   CredentialOfferPayloadV1_0_09,
   CredentialOfferRequestWithBaseUrl,
   CredentialOfferV1_0_11,
-  CredentialOfferV1_0_13,
+  CredentialOfferV1_0_13, decodeJsonProperties,
   determineSpecVersionFromURI,
-  getClientIdFromCredentialOfferPayload,
+  getClientIdFromCredentialOfferPayload, getURIComponentsAsArray,
   OpenId4VCIVersion,
   PRE_AUTH_CODE_LITERAL,
   PRE_AUTH_GRANT_LITERAL,
-  toUniformCredentialOfferRequest,
-} from '@sphereon/oid4vci-common';
+  toUniformCredentialOfferRequest
+} from '@sphereon/oid4vci-common'
 import Debug from 'debug';
 
 import { LOG } from './types';
+import { fetch } from 'cross-fetch'
 
 const debug = Debug('sphereon:oid4vci:offer');
 
@@ -43,13 +44,27 @@ export class CredentialOfferClient {
         credential_offer: credentialOfferPayload,
       };
     } else {
-      credentialOffer = convertURIToJsonObject(uri, {
-        // It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
-        arrayTypeProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri='] : ['credential_offer='],
-        requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri='] : ['credential_offer='],
-      }) as CredentialOfferV1_0_11 | CredentialOfferV1_0_13;
+      if (uri.includes('credential_offer_uri')) {
+        const uriObj = getURIComponentsAsArray(uri) as unknown as Record<string, string> // FIXME
+        const credentialOfferUri = uriObj['credential_offer_uri']
+        const response = await fetch(credentialOfferUri)
+        if (!(response && response.status >= 200 && response.status < 400)) {
+          return Promise.reject(`the credential offer URI endpoint call was not successful. http code ${response.status} - reason ${response.statusText}`)
+        }
+
+        if (response.headers.get('Content-Type')?.startsWith('application/json') === false) {
+          return Promise.reject('the credential offer URI endpoint did not return content type application/json')
+        }
+        credentialOffer = decodeJsonProperties(await response.json()) as CredentialOfferV1_0_11 | CredentialOfferV1_0_13
+      } else {
+        credentialOffer = convertURIToJsonObject(uri, {
+          // It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
+          arrayTypeProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri='] : ['credential_offer='],
+          requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri='] : ['credential_offer=']
+        }) as CredentialOfferV1_0_11 | CredentialOfferV1_0_13
+      }
       if (credentialOffer?.credential_offer_uri === undefined && !credentialOffer?.credential_offer) {
-        throw Error('Either a credential_offer or credential_offer_uri should be present in ' + uri);
+        throw Error('Either a credential_offer or credential_offer_uri should be present in ' + uri)
       }
     }
 
diff --git a/packages/client/lib/CredentialOfferClientV1_0_13.ts b/packages/client/lib/CredentialOfferClientV1_0_13.ts
@@ -1,16 +1,17 @@
 import {
   convertJsonToURI,
-  convertURIToJsonObject,
-  CredentialOfferRequestWithBaseUrl,
-  CredentialOfferV1_0_13,
+  convertURIToJsonObject, CredentialOffer,
+  CredentialOfferRequestWithBaseUrl, CredentialOfferV1_0_11,
+  CredentialOfferV1_0_13, decodeJsonProperties,
   determineSpecVersionFromURI,
-  getClientIdFromCredentialOfferPayload,
+  getClientIdFromCredentialOfferPayload, getURIComponentsAsArray,
   OpenId4VCIVersion,
   PRE_AUTH_CODE_LITERAL,
   PRE_AUTH_GRANT_LITERAL,
-  toUniformCredentialOfferRequest,
-} from '@sphereon/oid4vci-common';
+  toUniformCredentialOfferRequest
+} from '@sphereon/oid4vci-common'
 import Debug from 'debug';
+import { fetch } from 'cross-fetch'
 
 const debug = Debug('sphereon:oid4vci:offer');
 
@@ -23,16 +24,31 @@ export class CredentialOfferClientV1_0_13 {
     }
     const scheme = uri.split('://')[0];
     const baseUrl = uri.split('?')[0];
-    const version = determineSpecVersionFromURI(uri);
-    const credentialOffer = convertURIToJsonObject(uri, {
-      // It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
-      arrayTypeProperties: uri.includes('credential_offer_uri=')
-        ? ['credential_configuration_ids', 'credential_offer_uri=']
-        : ['credential_configuration_ids', 'credential_offer='],
-      requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri='] : ['credential_offer='],
-    }) as CredentialOfferV1_0_13;
+    const version = determineSpecVersionFromURI(uri)
+    let credentialOffer: CredentialOffer
+    if (uri.includes('credential_offer_uri')) { // FIXME deduplicate
+      const uriObj = getURIComponentsAsArray(uri) as unknown as Record<string, string> // FIXME
+      const credentialOfferUri = uriObj['credential_offer_uri']
+      const response = await fetch(credentialOfferUri)
+      if (!(response && response.status >= 200 && response.status < 400)) {
+        return Promise.reject(`the credential offer URI endpoint call was not successful. http code ${response.status} - reason ${response.statusText}`)
+      }
+
+      if (response.headers.get('Content-Type')?.startsWith('application/json') === false) {
+        return Promise.reject('the credential offer URI endpoint did not return content type application/json')
+      }
+      credentialOffer = decodeJsonProperties(await response.json()) as CredentialOfferV1_0_11 | CredentialOfferV1_0_13
+    } else {
+      credentialOffer = convertURIToJsonObject(uri, {
+        // It must have the '=' sign after credential_offer otherwise the uri will get split at openid_credential_offer
+        arrayTypeProperties: uri.includes('credential_offer_uri=')
+          ? ['credential_configuration_ids', 'credential_offer_uri=']
+          : ['credential_configuration_ids', 'credential_offer='],
+        requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri='] : ['credential_offer=']
+      }) as CredentialOfferV1_0_13
+    }
     if (credentialOffer?.credential_offer_uri === undefined && !credentialOffer?.credential_offer) {
-      throw Error('Either a credential_offer or credential_offer_uri should be present in ' + uri);
+      throw Error('Either a credential_offer or credential_offer_uri should be present in ' + uri)
     }
 
     const request = await toUniformCredentialOfferRequest(credentialOffer, {
diff --git a/packages/issuer-rest/lib/oid4vci-api-functions.ts b/packages/issuer-rest/lib/oid4vci-api-functions.ts
@@ -97,11 +97,11 @@ export function getIssueStatusEndpoint<DIDDoc extends object>(router: Router, is
 }
 
 export function getIssuePayloadEndpoint<DIDDoc extends object>(router: Router, issuer: VcIssuer<DIDDoc>, opts: IGetIssueStatusEndpointOpts) : string {
-  const path = determinePath(opts.baseUrl, opts?.path ?? '/webapp/credential-offer-payload', { stripBasePath: true })
+  const path = determinePath(opts.baseUrl, opts?.path ?? '/credential-offers/:id', { stripBasePath: true })
   LOG.log(`[OID4VCI] getIssuePayloadEndpoint endpoint enabled at ${path}`)
   router.get(path, async (request: Request, response: Response) => {
     try {
-      const { id } = request.query
+      const { id } = request.params
       if (!id) {
         return sendErrorResponse(response, 404, {
           error: 'invalid_request',
diff --git a/packages/issuer/lib/VcIssuer.ts b/packages/issuer/lib/VcIssuer.ts
@@ -66,6 +66,8 @@ import {
   CredentialSignerCallback
 } from './types'
 
+import uuid from 'short-uuid'
+
 import { LOG } from './index'
 
 export class VcIssuer<DIDDoc extends object> {
@@ -228,12 +230,14 @@ export class VcIssuer<DIDDoc extends object> {
       if (!this.uris) {
         throw Error('No URI state manager set, whilst apparently credential offer URIs are being used')
       }
-      credentialOfferObject.credential_offer_uri = opts.credentialOfferUri ?? `${issuerPayloadUri}?id=${preAuthorizedCode}` // TODO how is this going to work with auth code flow?
+      const credentialOfferCorrelationId = uuid.uuid() // TODO allow to be supplied
+      credentialOfferObject.credential_offer_uri = opts.credentialOfferUri ?? `${issuerPayloadUri}/${credentialOfferCorrelationId}` // TODO how is this going to work with auth code flow?
       await this.uris.set(credentialOfferObject.credential_offer_uri, {
         uri: credentialOfferObject.credential_offer_uri,
         createdAt: createdAt,
         preAuthorizedCode,
         issuerState,
+        credentialOfferCorrelationId
       })
     }
 
diff --git a/packages/issuer/package.json b/packages/issuer/package.json
@@ -13,7 +13,8 @@
     "@sphereon/oid4vc-common": "workspace:*",
     "@sphereon/oid4vci-common": "workspace:*",
     "@sphereon/ssi-types": "0.32.1-next.113",
-    "uuid": "^9.0.0"
+    "uuid": "^9.0.0",
+    "short-uuid": "^4.2.2"
   },
   "peerDependencies": {
     "awesome-qr": "^2.1.5-rc.0"
diff --git a/packages/oid4vci-common/lib/functions/Encoding.ts b/packages/oid4vci-common/lib/functions/Encoding.ts
@@ -97,7 +97,7 @@ export function convertURIToJsonObject(uri: string, opts?: DecodeURIAsJsonOpts):
   return decodeJsonProperties(uriComponents);
 }
 
-function decodeJsonProperties(parts: string[] | string[][]): unknown {
+export function decodeJsonProperties(parts: string[] | string[][]): unknown {
   const json: { [s: string]: unknown } | ArrayLike<unknown> = {};
   for (const key in parts) {
     const value = parts[key];
@@ -133,7 +133,7 @@ function decodeJsonProperties(parts: string[] | string[][]): unknown {
  * @param {string} uri uri
  * @param {string[]} [arrayTypes] array of string containing array like keys
  */
-function getURIComponentsAsArray(uri: string, arrayTypes?: string[]): string[] | string[][] {
+export function getURIComponentsAsArray(uri: string, arrayTypes?: string[]): string[] | string[][] {
   const parts = uri.includes('?') ? uri.split('?')[1] : uri.includes('://') ? uri.split('://')[1] : uri;
   const json: string[] | string[][] = [];
   const dict: string[] = parts.split('&');
diff --git a/packages/oid4vci-common/lib/types/StateManager.types.ts b/packages/oid4vci-common/lib/types/StateManager.types.ts
@@ -43,6 +43,7 @@ export interface URIState extends StateType {
   issuerState?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value
   preAuthorizedCode?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value
   uri: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value
+  credentialOfferCorrelationId?: string;
 }
 
 export interface IssueStatusResponse {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml

Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,7 @@ export interface URIState extends StateType {`
`43`	`43`	`issuerState?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value`
`44`	`44`	`preAuthorizedCode?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value`
`45`	`45`	`uri: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value`
	`46`	`+ credentialOfferCorrelationId?: string;`
`46`	`47`	`}`
`47`	`48`
`48`	`49`	`export interface IssueStatusResponse {`