Merge pull request #98 from Sphereon-Opensource/develop

new release

Author: nklomp

packages/callback-example/lib/__tests__/issuerCallback.spec.ts

@@ -139,7 +139,7 @@ describe('issuerCallback', () => {
     })
 
     const nonces = new MemoryStates<CNonceState>()
-    nonces.set('test_value', { cNonce: 'test_value', createdAt: +new Date(), issuerState: 'existing-state' })
+    await nonces.set('test_value', { cNonce: 'test_value', createdAt: +new Date(), issuerState: 'existing-state' })
     vcIssuer = new VcIssuerBuilder<DIDDocument>()
       .withAuthorizationServer('https://authorization-server')
       .withCredentialEndpoint('https://credential-endpoint')

packages/client/lib/OpenID4VCIClient.ts

@@ -46,6 +46,7 @@ export interface OpenID4VCIClientState {
   endpointMetadata?: EndpointMetadataResult;
   accessTokenResponse?: AccessTokenResponse;
   authorizationRequestOpts?: AuthorizationRequestOpts;
+  authorizationCodeResponse?: AuthorizationResponse;
   pkce: PKCEOpts;
   authorizationURL?: string;
 }
@@ -65,6 +66,7 @@ export class OpenID4VCIClient {
     endpointMetadata,
     accessTokenResponse,
     authorizationRequestOpts,
+    authorizationCodeResponse,
     authorizationURL,
   }: {
     credentialOffer?: CredentialOfferRequestWithBaseUrl;
@@ -78,6 +80,7 @@ export class OpenID4VCIClient {
     endpointMetadata?: EndpointMetadataResult;
     accessTokenResponse?: AccessTokenResponse;
     authorizationRequestOpts?: AuthorizationRequestOpts;
+    authorizationCodeResponse?: AuthorizationResponse;
     authorizationURL?: string;
   }) {
     const issuer = credentialIssuer ?? (credentialOffer ? getIssuerFromCredentialOfferPayload(credentialOffer.credential_offer) : undefined);
@@ -93,6 +96,7 @@ export class OpenID4VCIClient {
       clientId: clientId ?? (credentialOffer && getClientIdFromCredentialOfferPayload(credentialOffer.credential_offer)) ?? kid?.split('#')[0],
       pkce: { disabled: false, codeChallengeMethod: CodeChallengeMethod.S256, ...pkce },
       authorizationRequestOpts,
+      authorizationCodeResponse,
       jwk,
       endpointMetadata,
       accessTokenResponse,
@@ -254,7 +258,12 @@ export class OpenID4VCIClient {
   }): Promise<AccessTokenResponse> {
     const { pin, clientId } = opts ?? {};
     let { redirectUri } = opts ?? {};
-    const code = opts?.code ?? (opts?.authorizationResponse ? toAuthorizationResponsePayload(opts.authorizationResponse).code : undefined);
+    if (opts?.authorizationResponse) {
+      this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(opts.authorizationResponse) };
+    } else if (opts?.code) {
+      this._state.authorizationCodeResponse = { code: opts.code };
+    }
+    const code = this._state.authorizationCodeResponse?.code;
 
     if (opts?.codeVerifier) {
       this._state.pkce.codeVerifier = opts.codeVerifier;
@@ -288,7 +297,7 @@ export class OpenID4VCIClient {
       });
 
       if (response.errorBody) {
-        debug(`Access token error:\r\n${response.errorBody}`);
+        debug(`Access token error:\r\n${JSON.stringify(response.errorBody)}`);
         throw Error(
           `Retrieving an access token from ${this._state.endpointMetadata?.token_endpoint} for issuer ${this.getIssuer()} failed with status: ${
             response.origResponse.status

packages/common/lib/functions/CredentialRequestUtil.ts

@@ -7,14 +7,12 @@ export function getTypesFromRequest(credentialRequest: UniformCredentialRequest,
   if (credentialRequest.format === 'jwt_vc_json' || credentialRequest.format === 'jwt_vc') {
     types = credentialRequest.types;
   } else if (credentialRequest.format === 'jwt_vc_json-ld' || credentialRequest.format === 'ldp_vc') {
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
     types =
       'credential_definition' in credentialRequest && credentialRequest.credential_definition
-        ? // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        ? credentialRequest.credential_definition.types
+        : // eslint-disable-next-line @typescript-eslint/ban-ts-comment
           // @ts-ignore
-          credentialRequest.credential_definition.types
-        : credentialRequest.types;
+          credentialRequest.types;
   } else if (credentialRequest.format === 'vc+sd-jwt') {
     types = [credentialRequest.vct];
   }

packages/common/lib/types/OpenID4VCIErrors.ts

@@ -1,12 +1,14 @@
-import { Alg } from './CredentialIssuance.types'
+import { Alg } from './CredentialIssuance.types';
 
 export const BAD_PARAMS = 'Wrong parameters provided';
 export const URL_NOT_VALID = 'Request url is not valid';
 export const JWS_NOT_VALID = 'JWS is not valid';
 export const PROOF_CANT_BE_CONSTRUCTED = "Proof can't be constructed.";
 export const NO_JWT_PROVIDED = 'No JWT provided';
 export const TYP_ERROR = 'Typ must be "openid4vci-proof+jwt"';
-export const ALG_ERROR = `Algorithm is a required field, you are free to use the signing algorithm of your choice or one of the following: ${Object.keys(Alg).join(', ')}`;
+export const ALG_ERROR = `Algorithm is a required field, you are free to use the signing algorithm of your choice or one of the following: ${Object.keys(
+  Alg,
+).join(', ')}`;
 export const KID_JWK_X5C_ERROR = 'Only one must be present: kid, jwk or x5c';
 export const KID_DID_NO_DID_ERROR = 'A DID value needs to be returned when kid is present';
 export const DID_NO_DIDDOC_ERROR = 'A DID Document needs to be resolved when a DID is encountered';

packages/common/lib/types/v1_0_11.types.ts

@@ -5,9 +5,9 @@ import {
   CredentialIssuerMetadataOpts,
   CredentialOfferFormat,
   CredentialRequestJwtVcJson,
+  CredentialRequestJwtVcJsonLdAndLdpVc,
   CredentialRequestSdJwtVc,
   Grant,
-  JsonLdIssuerCredentialDefinition,
 } from './Generic.types';
 import { QRCodeOpts } from './QRCode.types';
 import { AuthorizationServerMetadata } from './ServerMetadata';
@@ -58,13 +58,8 @@ export interface CredentialOfferPayloadV1_0_11 {
 }
 
 export type CredentialRequestV1_0_11 = CommonCredentialRequest &
-  (CredentialRequestJwtVcJson | CredentialRequestJwtVcJsonLdAndLdpVcV1_0_11 | CredentialRequestSdJwtVc);
+  (CredentialRequestJwtVcJson | CredentialRequestJwtVcJsonLdAndLdpVc | CredentialRequestSdJwtVc);
 
-export interface CredentialRequestJwtVcJsonLdAndLdpVcV1_0_11
-  extends CommonCredentialRequest,
-    Pick<JsonLdIssuerCredentialDefinition, 'credentialSubject' | 'types'> {
-  format: 'ldp_vc' | 'jwt_vc_json-ld';
-}
 export interface CredentialIssuerMetadataV1_0_11 extends CredentialIssuerMetadataOpts, Partial<AuthorizationServerMetadata> {
   credential_endpoint: string; // REQUIRED. URL of the Credential Issuer's Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components.
   authorization_server?: string;

packages/issuer/lib/VcIssuer.ts

@@ -32,19 +32,14 @@ import {
   toUniformCredentialOfferRequest,
   TYP_ERROR,
   UniformCredentialRequest,
-  URIState
+  URIState,
 } from '@sphereon/oid4vci-common'
 import { CompactSdJwtVc, CredentialMapper, W3CVerifiableCredential } from '@sphereon/ssi-types'
 import { v4 } from 'uuid'
 
 import { assertValidPinNumber, createCredentialOfferObject, createCredentialOfferURIFromObject } from './functions'
 import { LookupStateManager } from './state-manager'
-import {
-  CredentialDataSupplier,
-  CredentialDataSupplierArgs,
-  CredentialIssuanceInput,
-  CredentialSignerCallback
-} from './types'
+import { CredentialDataSupplier, CredentialDataSupplierArgs, CredentialIssuanceInput, CredentialSignerCallback } from './types'
 
 const SECOND = 1000
 
@@ -350,17 +345,17 @@ export class VcIssuer<DIDDoc extends object> {
         throw new Error(CREDENTIAL_MISSING_ERROR)
       }
       // remove the previous nonce
-      this.cNonces.delete(cNonceState.cNonce)
+      await this.cNonces.delete(cNonceState.cNonce)
 
       if (preAuthorizedCode && preAuthSession) {
         preAuthSession.lastUpdatedAt = +new Date()
         preAuthSession.status = IssueStatus.CREDENTIAL_ISSUED
-        this._credentialOfferSessions.set(preAuthorizedCode, preAuthSession)
+        await this._credentialOfferSessions.set(preAuthorizedCode, preAuthSession)
       } else if (issuerState && authSession) {
         // If both were set we used the pre auth flow above as well, hence the else if
         authSession.lastUpdatedAt = +new Date()
         authSession.status = IssueStatus.CREDENTIAL_ISSUED
-        this._credentialOfferSessions.set(issuerState, authSession)
+        await this._credentialOfferSessions.set(issuerState, authSession)
       }
 
       return {
@@ -390,7 +385,7 @@ export class VcIssuer<DIDDoc extends object> {
         preAuthSession.lastUpdatedAt = +new Date()
         preAuthSession.status = IssueStatus.ERROR
         preAuthSession.error = error instanceof Error ? error.message : error?.toString()
-        this._credentialOfferSessions.set(preAuthorizedCode, preAuthSession)
+        await this._credentialOfferSessions.set(preAuthorizedCode, preAuthSession)
       }
     }
     if (issuerState) {
@@ -399,7 +394,7 @@ export class VcIssuer<DIDDoc extends object> {
         authSession.lastUpdatedAt = +new Date()
         authSession.status = IssueStatus.ERROR
         authSession.error = error instanceof Error ? error.message : error?.toString()
-        this._credentialOfferSessions.set(issuerState, authSession)
+        await this._credentialOfferSessions.set(issuerState, authSession)
       }
     }
   }