Merge branch 'develop' into claims-not-required

Sphereon-Opensource · Sep 11, 2023 · c8ec990 · c8ec990
2 parents 46aca0e + 1500530
commit c8ec990
Show file tree

Hide file tree

Showing 11 changed files with 1,083 additions and 1,008 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/did-auth-siop",
-  "version": "0.3.2",
+  "version": "0.3.2-unstable.8",
   "source": "src/index.ts",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -29,12 +29,13 @@
   },
   "dependencies": {
     "@sphereon/did-uni-client": "^0.6.0",
-    "@sphereon/pex": "^2.0.1",
-    "@sphereon/pex-models": "^2.0.2",
-    "@sphereon/ssi-types": "^0.11.0",
+    "@sphereon/pex": "^2.1.0",
+    "@sphereon/pex-models": "^2.0.3",
+    "@sphereon/ssi-types": "^0.14.1",
     "@sphereon/wellknown-dids-client": "^0.1.3",
-    "cross-fetch": "^3.1.6",
-    "did-jwt": "^6.11.6",
+    "@astronautlabs/jsonpath": "^1.1.2",
+    "cross-fetch": "^3.1.8",
+    "did-jwt": "6.11.6",
     "did-resolver": "^4.1.0",
     "events": "^3.3.0",
     "language-tags": "^1.0.8",
@@ -44,39 +45,39 @@
     "uuid": "^9.0.0"
   },
   "devDependencies": {
-    "ts-interface-checker": "^1.0.2",
-    "ethers": "^6.3.0",
-    "jose": "^4.12.0",
-    "bs58": "^5.0.0",
     "@digitalcredentials/did-method-key": "^2.0.3",
     "@digitalcredentials/ed25519-signature-2020": "^3.0.2",
     "@digitalcredentials/jsonld-signatures": "^9.3.1",
     "@digitalcredentials/vc": "^5.0.0",
-    "@types/uuid": "^9.0.1",
-    "@types/jest": "^29.4.0",
+    "@types/jest": "^29.5.3",
     "@types/language-tags": "^1.0.1",
+    "@types/uuid": "^9.0.1",
     "@typescript-eslint/eslint-plugin": "^5.52.0",
     "@typescript-eslint/parser": "^5.52.0",
+    "ajv": "^8.12.0",
+    "bs58": "^5.0.0",
     "codecov": "^3.8.3",
     "cspell": "^6.26.3",
     "dotenv": "^16.0.3",
-    "ajv": "^8.12.0",
     "eslint": "^8.34.0",
     "eslint-config-prettier": "^8.6.0",
     "eslint-plugin-eslint-comments": "^3.2.0",
     "eslint-plugin-import": "^2.27.5",
+    "ethers": "^6.3.0",
     "jest": "^29.4.3",
     "jest-junit": "^15.0.0",
+    "jose": "^4.12.0",
     "jwt-decode": "^3.1.2",
     "moment": "^2.29.4",
     "nock": "^13.3.0",
     "npm-run-all": "^4.1.5",
     "open-cli": "^7.1.0",
-    "prettier": "^2.8.4",
-    "ts-jest": "^29.0.5",
+    "prettier": "^2.8.8",
+    "ts-interface-checker": "^1.0.2",
+    "ts-jest": "^29.1.1",
     "ts-json-schema-generator": "^1.2.0",
     "ts-node": "^10.9.1",
-    "typescript": "4.6.4"
+    "typescript": "4.9.5"
   },
   "resolutions": {
     "isomorphic-webcrypto": "npm:@sphereon/isomorphic-webcrypto@^2.4.0-unstable.1"

diff --git a/src/authorization-response/Payload.ts b/src/authorization-response/Payload.ts
@@ -16,10 +16,9 @@ export const createResponsePayload = async (
   if (!authorizationRequest) {
     throw new Error(SIOPErrors.NO_REQUEST);
   }
-  const state: string = await authorizationRequest.getMergedProperty('state');
-  if (!state) {
-    throw Error('No state');
-  }
+
+  // If state was in request, it must be in response
+  const state: string | undefined = await authorizationRequest.getMergedProperty('state');
 
   const responsePayload: AuthorizationResponsePayload = {
     ...(responseOpts.accessToken && { access_token: responseOpts.accessToken }),

diff --git a/src/authorization-response/PresentationExchange.ts b/src/authorization-response/PresentationExchange.ts
@@ -42,10 +42,10 @@ export class PresentationExchange {
 
   /**
    * Construct presentation submission from selected credentials
-   * @param presentationDefinition: payload object received by the OP from the RP
+   * @param presentationDefinition payload object received by the OP from the RP
    * @param selectedCredentials
    * @param presentationSignCallback
-   * @param options?
+   * @param options
    */
   public async createVerifiablePresentation(
     presentationDefinition: IPresentationDefinition,
@@ -83,7 +83,7 @@ export class PresentationExchange {
    * if requestPayload doesn't contain any valid presentationDefinition throws an error
    * if PEX library returns any error in the process, throws the error
    * returns the SelectResults object if successful
-   * @param presentationDefinition: object received by the OP from the RP
+   * @param presentationDefinition object received by the OP from the RP
    * @param opts
    */
   public async selectVerifiableCredentialsForSubmission(
@@ -114,8 +114,8 @@ export class PresentationExchange {
   /**
    * validatePresentationAgainstDefinition function is called mainly by the RP
    * after receiving the VP from the OP
-   * @param presentationDefinition: object containing PD
-   * @param verifiablePresentation:
+   * @param presentationDefinition object containing PD
+   * @param verifiablePresentation
    * @param opts
    */
   public static async validatePresentationAgainstDefinition(
@@ -157,7 +157,7 @@ export class PresentationExchange {
    * throws exception if the PresentationDefinition is not valid
    * returns null if no property named "presentation_definition" is found
    * returns a PresentationDefinition if a valid instance found
-   * @param authorizationRequestPayload: object that can have a presentation_definition inside
+   * @param authorizationRequestPayload object that can have a presentation_definition inside
    * @param version
    */
   public static async findValidPresentationDefinitions(
@@ -170,22 +170,22 @@ export class PresentationExchange {
       const vpTokens: PresentationDefinitionV1[] | PresentationDefinitionV2[] = extractDataFromPath(
         authorizationRequestPayload,
         '$..vp_token.presentation_definition'
-      );
+      ).map((d) => d.value);
       const vpTokenRefs = extractDataFromPath(authorizationRequestPayload, '$..vp_token.presentation_definition_uri');
       if (vpTokens && vpTokens.length && vpTokenRefs && vpTokenRefs.length) {
         throw new Error(SIOPErrors.REQUEST_CLAIMS_PRESENTATION_DEFINITION_BY_REF_AND_VALUE_NON_EXCLUSIVE);
       }
       if (vpTokens && vpTokens.length) {
-        vpTokens.forEach((vpToken) => {
+        vpTokens.forEach((vpToken: PresentationDefinitionV1 | PresentationDefinitionV2) => {
           if (allDefinitions.find((value) => value.definition.id === vpToken.id)) {
             console.log(
               `Warning. We encountered presentation definition with id ${vpToken.id}, more then once whilst processing! Make sure your payload is valid!`
             );
             return;
           }
-          PresentationExchange.assertValidPresentationDefinition(vpToken.value);
+          PresentationExchange.assertValidPresentationDefinition(vpToken);
           allDefinitions.push({
-            definition: vpToken.value,
+            definition: vpToken,
             location: PresentationDefinitionLocation.CLAIMS_VP_TOKEN,
             version,
           });
@@ -227,8 +227,8 @@ export class PresentationExchange {
       const definitionsFromList = extractDataFromPath(authorizationRequestPayload, '$.presentation_definition[*]');
       const definitionRefs = extractDataFromPath(authorizationRequestPayload, '$.presentation_definition_uri');
       const definitionRefsFromList = extractDataFromPath(authorizationRequestPayload, '$.presentation_definition_uri[*]');
-      const hasPD = (definitions && definitions.length > 0) || (definitionsFromList && definitionsFromList > 0);
-      const hasPdRef = (definitionRefs && definitionRefs.length > 0) || (definitionRefsFromList && definitionsFromList > 0);
+      const hasPD = (definitions && definitions.length > 0) || (definitionsFromList && definitionsFromList.length > 0);
+      const hasPdRef = (definitionRefs && definitionRefs.length > 0) || (definitionRefsFromList && definitionsFromList.length > 0);
       if (hasPD && hasPdRef) {
         throw new Error(SIOPErrors.REQUEST_CLAIMS_PRESENTATION_DEFINITION_BY_REF_AND_VALUE_NON_EXCLUSIVE);
       }

diff --git a/src/helpers/ObjectUtils.ts b/src/helpers/ObjectUtils.ts
@@ -1,6 +1,6 @@
-import jp from 'jsonpath';
+import { JSONPath as jp } from '@astronautlabs/jsonpath';
 
-export function extractDataFromPath(obj: unknown, path: string) {
+export function extractDataFromPath(obj: unknown, path: string): { path: string[]; value: any }[] {
   return jp.nodes(obj, path);
 }
 

diff --git a/src/helpers/SIOPSpecVersion.ts b/src/helpers/SIOPSpecVersion.ts
@@ -17,7 +17,7 @@ function isJWTVC1Payload(authorizationRequest: AuthorizationRequestPayload) {
     authorizationRequest.redirect_uri &&
     (authorizationRequest.registration_uri || authorizationRequest.registration) &&
     authorizationRequest.claims &&
-    authorizationRequest.claims['vp_token']
+    'vp_token' in authorizationRequest.claims
   );
 }
 

diff --git a/src/id-token/IDToken.ts b/src/id-token/IDToken.ts
@@ -37,12 +37,7 @@ export class IDToken {
     if (!authorizationRequestPayload) {
       throw new Error(SIOPErrors.NO_REQUEST);
     }
-    const mergedPayloads = await verifiedAuthorizationRequest.authorizationRequest.mergedPayloads();
-    const idToken = new IDToken(
-      null,
-      await createIDTokenPayload(mergedPayloads, responseOpts, verifiedAuthorizationRequest.requestObject),
-      responseOpts
-    );
+    const idToken = new IDToken(null, await createIDTokenPayload(verifiedAuthorizationRequest, responseOpts), responseOpts);
     if (verifyOpts) {
       await idToken.verify(verifyOpts);
     }

diff --git a/src/id-token/Payload.ts b/src/id-token/Payload.ts
@@ -1,39 +1,33 @@
 import { AuthorizationResponseOpts, mergeOAuth2AndOpenIdInRequestPayload } from '../authorization-response';
 import { assertValidResponseOpts } from '../authorization-response/Opts';
 import { authorizationRequestVersionDiscovery } from '../helpers/SIOPSpecVersion';
-import { RequestObject } from '../request-object';
 import {
-  AuthorizationRequestPayload,
   IDTokenPayload,
   isSuppliedSignature,
   JWK,
   ResponseIss,
   SIOPErrors,
   SubjectSyntaxTypesSupportedValues,
   SupportedVersion,
+  VerifiedAuthorizationRequest,
 } from '../types';
 
 export const createIDTokenPayload = async (
-  authorizationRequestPayload: AuthorizationRequestPayload,
-  responseOpts: AuthorizationResponseOpts,
-  requestObject?: RequestObject
+  verifiedAuthorizationRequest: VerifiedAuthorizationRequest,
+  responseOpts: AuthorizationResponseOpts
 ): Promise<IDTokenPayload> => {
   assertValidResponseOpts(responseOpts);
+  const authorizationRequestPayload = await verifiedAuthorizationRequest.authorizationRequest.mergedPayloads();
+  const requestObject = verifiedAuthorizationRequest.requestObject;
   if (!authorizationRequestPayload) {
     throw new Error(SIOPErrors.VERIFY_BAD_PARAMS);
   }
   const payload = await mergeOAuth2AndOpenIdInRequestPayload(authorizationRequestPayload, requestObject);
 
-  //fixme: client_metadata and fetch
-  const supportedDidMethods = payload['registration']?.subject_syntax_types_supported?.filter((sst) =>
+  const supportedDidMethods = verifiedAuthorizationRequest.registrationMetadataPayload.subject_syntax_types_supported.filter((sst) =>
     sst.includes(SubjectSyntaxTypesSupportedValues.DID.valueOf())
   );
-  if (!payload.state) {
-    throw Error('No state');
-  } else if (!payload.nonce) {
-    throw Error('No nonce');
-  }
-  // const state = payload.state;
+  const state = payload.state;
   const nonce = payload.nonce;
   const SEC_IN_MS = 1000;
 
@@ -58,7 +52,7 @@ export const createIDTokenPayload = async (
     sub: responseOpts.signature.did,
     auth_time: payload.auth_time,
     nonce,
-    // state, // ideally this is only placed in here if required
+    state,
     // ...(responseOpts.presentationExchange?._vp_token ? { _vp_token: responseOpts.presentationExchange._vp_token } : {}),
   };
   if (supportedDidMethods.indexOf(SubjectSyntaxTypesSupportedValues.JWK_THUMBPRINT) != -1 && !responseOpts.signature.did) {
@@ -85,5 +79,4 @@ const createThumbprintAndJWK = async (resOpts: AuthorizationResponseOpts): Promi
   } else {
     throw new Error(SIOPErrors.SIGNATURE_OBJECT_TYPE_NOT_SET);
   }
-  return { thumbprint, subJwk };
 };
diff --git a/src/schemas/AuthorizationRequestPayloadVD11.schema.ts b/src/schemas/AuthorizationRequestPayloadVD11.schema.ts
@@ -770,6 +770,9 @@ export const AuthorizationRequestPayloadVD11SchemaObj = {
         },
         "predicate": {
           "$ref": "#/definitions/Optionality"
+        },
+        "name": {
+          "type": "string"
         }
       },
       "additionalProperties": false

diff --git a/src/schemas/AuthorizationRequestPayloadVID1.schema.ts b/src/schemas/AuthorizationRequestPayloadVID1.schema.ts
@@ -772,6 +772,9 @@ export const AuthorizationRequestPayloadVID1SchemaObj = {
         },
         "predicate": {
           "$ref": "#/definitions/Optionality"
+        },
+        "name": {
+          "type": "string"
         }
       },
       "additionalProperties": false

diff --git a/src/types/SIOP.types.ts b/src/types/SIOP.types.ts
@@ -2,6 +2,7 @@
 
 import { Format, PresentationDefinitionV1, PresentationDefinitionV2 } from '@sphereon/pex-models';
 import {
+  AdditionalClaims,
   IPresentation,
   IVerifiablePresentation,
   PresentationSubmission,
@@ -131,11 +132,11 @@ export interface AuthorizationResponsePayload {
   token_type?: string;
   refresh_token?: string;
   expires_in?: number;
-  state: string;
+  state?: string;
   id_token?: string;
   vp_token?: W3CVerifiablePresentation | W3CVerifiablePresentation[];
   presentation_submission?: PresentationSubmission;
-
+  verifiedData?: IPresentation | AdditionalClaims;
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   [x: string]: any;
 }