diff --git a/packages/common/lib/index.ts b/packages/common/lib/index.ts index a5a2147c..942f50b9 100644 --- a/packages/common/lib/index.ts +++ b/packages/common/lib/index.ts @@ -5,6 +5,7 @@ export const VCI_LOG_COMMON = VCI_LOGGERS.get('sphereon:oid4vci:common'); export * from './jwt'; export * from './dpop'; +export * from './oauth'; export { v4 as uuidv4 } from 'uuid'; export { defaultHasher } from './hasher'; diff --git a/packages/common/lib/jwt/Jwk.types.ts b/packages/common/lib/jwt/Jwk.types.ts index 4d493144..fb3a6204 100644 --- a/packages/common/lib/jwt/Jwk.types.ts +++ b/packages/common/lib/jwt/Jwk.types.ts @@ -32,3 +32,7 @@ export interface JWK extends BaseJWK { [propName: string]: unknown; } + +export type JWKS = { + keys: JWK[] +} diff --git a/packages/common/lib/oauth/DynamicClientRegistration.types.ts b/packages/common/lib/oauth/DynamicClientRegistration.types.ts new file mode 100644 index 00000000..b86abab6 --- /dev/null +++ b/packages/common/lib/oauth/DynamicClientRegistration.types.ts @@ -0,0 +1,20 @@ +import { JWKS } from '../jwt' + +// https://www.rfc-editor.org/rfc/rfc7591.html#section-2 +export interface DynamicRegistrationClientMetadata { + redirect_uris?: string[] + token_endpoint_auth_method?: string + grant_types?: string + response_types?: string + client_name?: string + client_uri?: string + logo_uri?: string + scope?: string + contacts?: string[] + tos_uri?: string + policy_uri?: string + jwks_uri?: string + jwks?: JWKS + software_id?: string + software_version?: string +} diff --git a/packages/common/lib/oauth/index.ts b/packages/common/lib/oauth/index.ts new file mode 100644 index 00000000..23c811df --- /dev/null +++ b/packages/common/lib/oauth/index.ts @@ -0,0 +1 @@ +export * from './DynamicClientRegistration.types'; diff --git a/packages/oid4vci-common/lib/types/ServerMetadata.ts b/packages/oid4vci-common/lib/types/ServerMetadata.ts index a17427c3..246bdd03 100644 --- a/packages/oid4vci-common/lib/types/ServerMetadata.ts +++ b/packages/oid4vci-common/lib/types/ServerMetadata.ts @@ -1,13 +1,12 @@ -import { SigningAlgo } from '@sphereon/oid4vc-common'; +import { DynamicRegistrationClientMetadata, SigningAlgo } from '@sphereon/oid4vc-common'; -export interface AuthorizationServerMetadata { +export interface AuthorizationServerMetadata extends DynamicRegistrationClientMetadata { issuer: string; authorization_endpoint?: string; token_endpoint?: string; token_endpoint_auth_methods_supported?: string[]; token_endpoint_auth_signing_alg_values_supported?: string[]; - jwks_uri?: string; registration_endpoint?: string; scopes_supported?: string[]; response_types_supported: string[]; diff --git a/packages/siop-oid4vp/lib/authorization-response/ResponseRegistration.ts b/packages/siop-oid4vp/lib/authorization-response/ResponseRegistration.ts index e6ec4869..8b852d32 100644 --- a/packages/siop-oid4vp/lib/authorization-response/ResponseRegistration.ts +++ b/packages/siop-oid4vp/lib/authorization-response/ResponseRegistration.ts @@ -16,6 +16,14 @@ export const createDiscoveryMetadataPayload = (opts: DiscoveryMetadataOpts): Dis client_id: opts.client_id, redirect_uris: opts.redirectUris, client_name: opts.clientName, + client_uri: opts.clientUri, + scope: opts.scope, + contacts: opts.contacts, + tos_uri: opts.tosUri, + policy_uri: opts.policyUri, + jwks: opts.jwks, + software_id: opts.softwareId, + software_version: opts.softwareVersion, token_endpoint_auth_method: opts.tokenEndpointAuthMethod, application_type: opts.applicationType, response_types: opts.responseTypes, diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts index cdf66763..4b71ab59 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts @@ -450,6 +450,33 @@ export const AuthorizationResponseOptsSchemaObj = { "clientName": { "type": "string" }, + "clientUri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tosUri": { + "type": "string" + }, + "policyUri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "softwareId": { + "type": "string" + }, + "softwareVersion": { + "type": "string" + }, "tokenEndpointAuthMethod": { "type": "string" }, @@ -858,6 +885,33 @@ export const AuthorizationResponseOptsSchemaObj = { "clientName": { "type": "string" }, + "clientUri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tosUri": { + "type": "string" + }, + "policyUri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "softwareId": { + "type": "string" + }, + "softwareVersion": { + "type": "string" + }, "tokenEndpointAuthMethod": { "type": "string" }, @@ -1395,6 +1449,117 @@ export const AuthorizationResponseOptsSchemaObj = { "distributed" ] }, + "JWKS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { + "type": "object", + "properties": { + "kty": { + "type": "string" + }, + "crv": { + "type": "string" + }, + "x": { + "type": "string" + }, + "y": { + "type": "string" + }, + "e": { + "type": "string" + }, + "n": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "d": { + "type": "string" + }, + "dp": { + "type": "string" + }, + "dq": { + "type": "string" + }, + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { + "type": "string" + } + }, + "additionalProperties": {} + }, "Format": { "type": "object", "properties": { @@ -1677,102 +1842,6 @@ export const AuthorizationResponseOptsSchemaObj = { ], "additionalProperties": false }, - "JWK": { - "type": "object", - "properties": { - "kty": { - "type": "string" - }, - "crv": { - "type": "string" - }, - "x": { - "type": "string" - }, - "y": { - "type": "string" - }, - "e": { - "type": "string" - }, - "n": { - "type": "string" - }, - "alg": { - "type": "string" - }, - "d": { - "type": "string" - }, - "dp": { - "type": "string" - }, - "dq": { - "type": "string" - }, - "ext": { - "type": "boolean" - }, - "k": { - "type": "string" - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "kid": { - "type": "string" - }, - "oth": { - "type": "array", - "items": { - "type": "object", - "properties": { - "d": { - "type": "string" - }, - "r": { - "type": "string" - }, - "t": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "qi": { - "type": "string" - }, - "use": { - "type": "string" - }, - "x5c": { - "type": "array", - "items": { - "type": "string" - } - }, - "x5t": { - "type": "string" - }, - "x5t#S256": { - "type": "string" - }, - "x5u": { - "type": "string" - } - }, - "additionalProperties": {} - }, "JwtIssuerCustom": { "type": "object", "properties": { diff --git a/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts b/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts index a675aad4..80df8be0 100644 --- a/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/DiscoveryMetadataPayload.schema.ts @@ -8,6 +8,57 @@ export const DiscoveryMetadataPayloadSchemaObj = { { "type": "object", "properties": { + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, + "client_name": { + "type": "string" + }, + "client_uri": { + "type": "string" + }, + "logo_uri": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { + "type": "string" + }, "authorization_endpoint": { "anyOf": [ { @@ -105,9 +156,6 @@ export const DiscoveryMetadataPayloadSchemaObj = { "userinfo_endpoint": { "type": "string" }, - "jwks_uri": { - "type": "string" - }, "registration_endpoint": { "type": "string" }, @@ -358,35 +406,68 @@ export const DiscoveryMetadataPayloadSchemaObj = { "client_id": { "type": "string" }, + "application_type": { + "type": "string" + }, + "vp_formats": { + "$ref": "#/definitions/Format" + } + } + }, + { + "type": "object", + "properties": { "redirect_uris": { "type": "array", "items": { "type": "string" } }, + "token_endpoint_auth_method": { + "type": "string" + }, + "grant_types": { + "type": "string" + }, + "response_types": { + "type": "string" + }, "client_name": { "type": "string" }, - "token_endpoint_auth_method": { + "client_uri": { "type": "string" }, - "application_type": { + "logo_uri": { "type": "string" }, - "response_types": { + "scope": { "type": "string" }, - "grant_types": { + "contacts": { + "type": "array", + "items": { + "type": "string" + } + }, + "tos_uri": { + "type": "string" + }, + "policy_uri": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "jwks": { + "$ref": "#/definitions/JWKS" + }, + "software_id": { + "type": "string" + }, + "software_version": { "type": "string" }, - "vp_formats": { - "$ref": "#/definitions/Format" - } - } - }, - { - "type": "object", - "properties": { "authorization_endpoint": { "anyOf": [ { @@ -484,9 +565,6 @@ export const DiscoveryMetadataPayloadSchemaObj = { "userinfo_endpoint": { "type": "string" }, - "jwks_uri": { - "type": "string" - }, "registration_endpoint": { "type": "string" }, @@ -737,33 +815,12 @@ export const DiscoveryMetadataPayloadSchemaObj = { "client_id": { "type": "string" }, - "redirect_uris": { - "type": "array", - "items": { - "type": "string" - } - }, - "client_name": { - "type": "string" - }, - "token_endpoint_auth_method": { - "type": "string" - }, "application_type": { "type": "string" }, - "response_types": { - "type": "string" - }, - "grant_types": { - "type": "string" - }, "vp_formats": { "$ref": "#/definitions/Format" }, - "logo_uri": { - "type": "string" - }, "client_purpose": { "type": "string" } @@ -1139,6 +1196,117 @@ export const DiscoveryMetadataPayloadSchemaObj = { } ] }, + "JWKS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/JWK" + } + } + }, + "required": [ + "keys" + ], + "additionalProperties": false + }, + "JWK": { + "type": "object", + "properties": { + "kty": { + "type": "string" + }, + "crv": { + "type": "string" + }, + "x": { + "type": "string" + }, + "y": { + "type": "string" + }, + "e": { + "type": "string" + }, + "n": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "d": { + "type": "string" + }, + "dp": { + "type": "string" + }, + "dq": { + "type": "string" + }, + "ext": { + "type": "boolean" + }, + "k": { + "type": "string" + }, + "key_ops": { + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "type": "string" + }, + "oth": { + "type": "array", + "items": { + "type": "object", + "properties": { + "d": { + "type": "string" + }, + "r": { + "type": "string" + }, + "t": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "p": { + "type": "string" + }, + "q": { + "type": "string" + }, + "qi": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "type": "string" + }, + "x5t#S256": { + "type": "string" + }, + "x5u": { + "type": "string" + } + }, + "additionalProperties": {} + }, "Schema": { "type": "string", "enum": [ diff --git a/packages/siop-oid4vp/lib/types/SIOP.types.ts b/packages/siop-oid4vp/lib/types/SIOP.types.ts index b44484cf..0868ca26 100644 --- a/packages/siop-oid4vp/lib/types/SIOP.types.ts +++ b/packages/siop-oid4vp/lib/types/SIOP.types.ts @@ -1,6 +1,6 @@ // noinspection JSUnusedGlobalSymbols import { JarmClientMetadata } from '@sphereon/jarm' -import { SigningAlgo } from '@sphereon/oid4vc-common' +import { DynamicRegistrationClientMetadata, JWKS, SigningAlgo } from '@sphereon/oid4vc-common' import { Format, PresentationDefinitionV1, PresentationDefinitionV2 } from '@sphereon/pex-models' import { AdditionalClaims, @@ -268,6 +268,14 @@ interface DiscoveryMetadataOptsVID1 extends DiscoveryMetadataCommonOpts { client_id?: string // from oidc4vp redirectUris?: string[] | string // from oidc4vp clientName?: string // from oidc4vp + clientUri?: string // from oidc4vp + scope?: string // from oidc4vp + contacts?: string[] // from oidc4vp + tosUri?: string // from oidc4vp + policyUri?: string // from oidc4vp + jwks?: JWKS // from oidc4vp + softwareId?: string // from oidc4vp + softwareVersion?: string // from oidc4vp tokenEndpointAuthMethod?: string // from oidc4vp applicationType?: string // from oidc4vp responseTypes?: string // from oidc4vp, also name suggests array @@ -350,19 +358,13 @@ interface DiscoveryMetadataCommonPayload { [x: string]: any } -interface DiscoveryMetadataPayloadVID1 extends DiscoveryMetadataCommonPayload { +interface DiscoveryMetadataPayloadVID1 extends DiscoveryMetadataCommonPayload, DynamicRegistrationClientMetadata { client_id?: string - redirect_uris?: string[] - client_name?: string - token_endpoint_auth_method?: string application_type?: string - response_types?: string - grant_types?: string vp_formats?: Format } interface JWT_VCDiscoveryMetadataPayload extends DiscoveryMetadataPayloadVID1 { - logo_uri?: string client_purpose?: string }