diff --git a/src/authorization-response/Payload.ts b/src/authorization-response/Payload.ts index ebd9d9fb..b6b04cbc 100644 --- a/src/authorization-response/Payload.ts +++ b/src/authorization-response/Payload.ts @@ -16,10 +16,9 @@ export const createResponsePayload = async ( if (!authorizationRequest) { throw new Error(SIOPErrors.NO_REQUEST); } - const state: string = await authorizationRequest.getMergedProperty('state'); - if (!state) { - throw Error('No state'); - } + + // If state was in request, it must be in response + const state: string | undefined = await authorizationRequest.getMergedProperty('state'); const responsePayload: AuthorizationResponsePayload = { ...(responseOpts.accessToken && { access_token: responseOpts.accessToken }), diff --git a/src/id-token/IDToken.ts b/src/id-token/IDToken.ts index a676e585..061db3e8 100644 --- a/src/id-token/IDToken.ts +++ b/src/id-token/IDToken.ts @@ -37,12 +37,7 @@ export class IDToken { if (!authorizationRequestPayload) { throw new Error(SIOPErrors.NO_REQUEST); } - const mergedPayloads = await verifiedAuthorizationRequest.authorizationRequest.mergedPayloads(); - const idToken = new IDToken( - null, - await createIDTokenPayload(mergedPayloads, responseOpts, verifiedAuthorizationRequest.requestObject), - responseOpts - ); + const idToken = new IDToken(null, await createIDTokenPayload(verifiedAuthorizationRequest, responseOpts), responseOpts); if (verifyOpts) { await idToken.verify(verifyOpts); } diff --git a/src/id-token/Payload.ts b/src/id-token/Payload.ts index 5da849a7..48ad849f 100644 --- a/src/id-token/Payload.ts +++ b/src/id-token/Payload.ts @@ -1,9 +1,7 @@ import { AuthorizationResponseOpts, mergeOAuth2AndOpenIdInRequestPayload } from '../authorization-response'; import { assertValidResponseOpts } from '../authorization-response/Opts'; import { authorizationRequestVersionDiscovery } from '../helpers/SIOPSpecVersion'; -import { RequestObject } from '../request-object'; import { - AuthorizationRequestPayload, IDTokenPayload, isSuppliedSignature, JWK, @@ -11,29 +9,25 @@ import { SIOPErrors, SubjectSyntaxTypesSupportedValues, SupportedVersion, + VerifiedAuthorizationRequest, } from '../types'; export const createIDTokenPayload = async ( - authorizationRequestPayload: AuthorizationRequestPayload, - responseOpts: AuthorizationResponseOpts, - requestObject?: RequestObject + verifiedAuthorizationRequest: VerifiedAuthorizationRequest, + responseOpts: AuthorizationResponseOpts ): Promise => { assertValidResponseOpts(responseOpts); + const authorizationRequestPayload = await verifiedAuthorizationRequest.authorizationRequest.mergedPayloads(); + const requestObject = verifiedAuthorizationRequest.requestObject; if (!authorizationRequestPayload) { throw new Error(SIOPErrors.VERIFY_BAD_PARAMS); } const payload = await mergeOAuth2AndOpenIdInRequestPayload(authorizationRequestPayload, requestObject); - //fixme: client_metadata and fetch - const supportedDidMethods = payload['registration']?.subject_syntax_types_supported?.filter((sst) => + const supportedDidMethods = verifiedAuthorizationRequest.registrationMetadataPayload.subject_syntax_types_supported.filter((sst) => sst.includes(SubjectSyntaxTypesSupportedValues.DID.valueOf()) ); - if (!payload.state) { - throw Error('No state'); - } else if (!payload.nonce) { - throw Error('No nonce'); - } - // const state = payload.state; + const state = payload.state; const nonce = payload.nonce; const SEC_IN_MS = 1000; @@ -58,7 +52,7 @@ export const createIDTokenPayload = async ( sub: responseOpts.signature.did, auth_time: payload.auth_time, nonce, - // state, // ideally this is only placed in here if required + state, // ...(responseOpts.presentationExchange?._vp_token ? { _vp_token: responseOpts.presentationExchange._vp_token } : {}), }; if (supportedDidMethods.indexOf(SubjectSyntaxTypesSupportedValues.JWK_THUMBPRINT) != -1 && !responseOpts.signature.did) { @@ -85,5 +79,4 @@ const createThumbprintAndJWK = async (resOpts: AuthorizationResponseOpts): Promi } else { throw new Error(SIOPErrors.SIGNATURE_OBJECT_TYPE_NOT_SET); } - return { thumbprint, subJwk }; }; diff --git a/src/types/SIOP.types.ts b/src/types/SIOP.types.ts index 7ab56650..f4c8d273 100644 --- a/src/types/SIOP.types.ts +++ b/src/types/SIOP.types.ts @@ -132,7 +132,7 @@ export interface AuthorizationResponsePayload { token_type?: string; refresh_token?: string; expires_in?: number; - state: string; + state?: string; id_token?: string; vp_token?: W3CVerifiablePresentation | W3CVerifiablePresentation[]; presentation_submission?: PresentationSubmission;