fix: things

README.md

@@ -290,23 +290,23 @@ function verifyJwtCallback(): VerifyJwtCallback {
     } else if (jwtVerifier.method === 'jwk') {
       // verify jwk certificate protected jwt's
     } else if (jwtVerifier.method === 'custom') {
-      // Only called if based on the jwt the verification method could not been determined 
-      throw new Error(`Could not determine jwt verification method`)
+      // Only called if based on the jwt the verification method could not be determined 
+      throw new Error(`Unsupported JWT verifier method ${jwtIssuer.method}`)
     }
   }
 }
 
 function createJwtCallback(): CreateJwtCallback {
   return async (jwtIssuer, jwt) => {
-    if (jwtVerifier.method === 'did') {
+    if (jwtIssuer.method === 'did') {
       // create didJwt
-    } else if (jwtVerifier.method === 'x5c') {
+    } else if (jwtIssuer.method === 'x5c') {
       // create x5c certificate protected jwt
-    } else if (jwtVerifier.method === 'jwk') {
+    } else if (jwtIssuer.method === 'jwk') {
       // create a jwk certificate protected jwt
-    } else if (jwtVerifier.method === 'custom') {
+    } else if (jwtIssuer.method === 'custom') {
       // Only called if no or a Custom jwtIssuer was passed to the respective methods
-      throw new Error(`Could not determine jwt verification method`)
+      throw new Error(`Unsupported JWT issuer method ${jwtIssuer.method}`)
     }
   }
 }
@@ -786,7 +786,7 @@ export interface VerifiedJWT {
 }
 
 export interface VerifyAuthorizationRequestOpts {
-    verification: InternalVerification | ExternalVerification;  // To use internal verification or external hosted verification
+    verification: Verification
     nonce?: string; // If provided the nonce in the request needs to match
     verifyCallback?: VerifyCallback;
 }
@@ -819,7 +819,6 @@ static async verifyJWT(jwt:string, opts: SIOP.VerifyAuthorizationRequestOpts): P
 ````typescript
 const verifyOpts: VerifyAuthorizationRequestOpts = {
     verification: {
-        mode: VerificationMode.INTERNAL,
         resolveOpts: {
           subjectSyntaxTypesSupported: ['did:ethr'],
         }
@@ -874,7 +873,7 @@ export enum PresentationLocation {
 }
 
 export interface VerifyAuthorizationRequestOpts {
-    verification: InternalVerification | ExternalVerification;   // To use internal verification or external hosted verification
+    verification: Verification
     nonce?: string;                                              // If provided the nonce in the request needs to match
     verifyCallback?: VerifyCallback                              // Callback function to verify the domain linkage credential 
 }
@@ -938,12 +937,7 @@ static async createJWTFromRequestJWT(requestJwt: string, responseOpts: SIOP.Auth
   responseMode: ResponseMode.POST,
 }
 const verifyOpts: VerifyAuthorizationRequestOpts = {
-    verification: {
-        resolveOpts: {
-          subjectSyntaxTypesSupported: ['did:ethr:'],
-        },
-        mode: VerificationMode.INTERNAL,
-    }
+    verification: { }
 }
 createJWTFromRequestJWT('ey....', responseOpts, verifyOpts).then(resp => {
     console.log(resp.payload.sub);
@@ -961,12 +955,7 @@ const NONCE = "5c1d29c1-cf7d-4e14-9305-9db46d8c1916";
 const verifyOpts: VerifyAuthorizationResponseOpts = {
     audience: "https://rp.acme.com/siop/jwts",
     nonce: NONCE,
-    verification: {
-        resolveOpts: {
-          subjectSyntaxTypesSupported: ['did:ethr:'],
-        },
-        mode: VerificationMode.INTERNAL,
-    }
+    verification: { }
 }
 
 verifyJWT('ey......', verifyOpts).then(jwt => {

docs/services-class-diagram.md

@@ -54,7 +54,7 @@ RequestRegistrationOpts --|> RPRegistrationMetadataOpts
 
 class VerifyAuthenticationRequestOpts {
   <<interface>>
-  verification: InternalVerification | ExternalVerification;
+  verification: Verification
   nonce?: string;
 }
 
@@ -110,7 +110,7 @@ AuthenticationResponseWithJWT --> AuthenticationResponseOpts
 
 class VerifyAuthenticationResponseOpts {
   <<interface>>
-  verification: InternalVerification | ExternalVerification;
+  verification: Verification
   nonce?: string;
   state?: string;
   audience: string;

src/authorization-request/Opts.ts

@@ -1,5 +1,5 @@
 import { assertValidRequestObjectOpts } from '../request-object/Opts';
-import { ExternalVerification, InternalVerification, SIOPErrors } from '../types';
+import { SIOPErrors, Verification } from '../types';
 
 import { assertValidRequestRegistrationOpts } from './RequestRegistration';
 import { CreateAuthorizationRequestOpts, VerifyAuthorizationRequestOpts } from './types';
@@ -23,11 +23,11 @@ export const assertValidAuthorizationRequestOpts = (opts: CreateAuthorizationReq
 
 export const mergeVerificationOpts = (
   classOpts: {
-    verification?: InternalVerification | ExternalVerification;
+    verification?: Verification;
   },
   requestOpts: {
     correlationId: string;
-    verification?: InternalVerification | ExternalVerification;
+    verification?: Verification;
   },
 ) => {
   const presentationVerificationCallback =

src/authorization-request/types.ts

@@ -4,16 +4,15 @@ import { PresentationDefinitionPayloadOpts } from '../authorization-response';
 import { RequestObjectOpts } from '../request-object';
 import {
   ClientMetadataOpts,
-  ExternalVerification,
   IdTokenClaimPayload,
-  InternalVerification,
   ResponseMode,
   ResponseType,
   Schema,
   Scope,
   SigningAlgo,
   SubjectType,
   SupportedVersion,
+  Verification,
 } from '../types';
 import { VerifyJwtCallback } from '../types/JwtVerifier';
 
@@ -74,9 +73,8 @@ export type CreateAuthorizationRequestOpts = AuthorizationRequestOptsVID1 | Auth
 export interface VerifyAuthorizationRequestOpts {
   correlationId: string;
 
-  verification: InternalVerification | ExternalVerification; // To use internal verification or external hosted verification
+  verification: Verification;
   verifyJwtCallback: VerifyJwtCallback;
-  // didDocument?: DIDDocument; // If not provided the DID document will be resolved from the request
   nonce?: string; // If provided the nonce in the request needs to match
   state?: string; // If provided the state in the request needs to match
 

src/authorization-response/Opts.ts

@@ -1,4 +1,4 @@
-import { isExternalVerification, isInternalVerification, SIOPErrors } from '../types';
+import { SIOPErrors } from '../types';
 
 import { AuthorizationResponseOpts, VerifyAuthorizationResponseOpts } from './types';
 
@@ -9,7 +9,7 @@ export const assertValidResponseOpts = (opts: AuthorizationResponseOpts) => {
 };
 
 export const assertValidVerifyOpts = (opts: VerifyAuthorizationResponseOpts) => {
-  if (!opts?.verification || (!isExternalVerification(opts.verification) && !isInternalVerification(opts.verification))) {
+  if (!opts?.verification || !opts.verifyJwtCallback) {
     throw new Error(SIOPErrors.VERIFY_BAD_PARAMS);
   }
 };

src/authorization-response/types.ts

@@ -2,15 +2,7 @@ import { IPresentationDefinition, PresentationSignCallBackParams } from '@sphere
 import { Format } from '@sphereon/pex-models';
 import { CompactSdJwtVc, Hasher, PresentationSubmission, W3CVerifiablePresentation } from '@sphereon/ssi-types';
 
-import {
-  ExternalVerification,
-  InternalVerification,
-  ResponseMode,
-  ResponseRegistrationOpts,
-  ResponseURIType,
-  SupportedVersion,
-  VerifiablePresentationWithFormat,
-} from '../types';
+import { ResponseMode, ResponseRegistrationOpts, ResponseURIType, SupportedVersion, VerifiablePresentationWithFormat, Verification } from '../types';
 import { CreateJwtCallback, JwtIssuer } from '../types/JwtIssuer';
 import { VerifyJwtCallback } from '../types/JwtVerifier';
 
@@ -93,10 +85,9 @@ export type PresentationSignCallback = (args: PresentationSignCallBackParams) =>
 
 export interface VerifyAuthorizationResponseOpts {
   correlationId: string;
-  verification: InternalVerification | ExternalVerification;
+  verification: Verification;
   verifyJwtCallback: VerifyJwtCallback;
   hasher?: Hasher;
-  // didDocument?: DIDDocument; // If not provided the DID document will be resolved from the request
   nonce?: string; // To verify the response against the supplied nonce
   state?: string; // To verify the response against the supplied state
 

src/helpers/Keys.ts

@@ -135,7 +135,7 @@ export async function getDigestAlgorithmFromJwkThumbprintUri(uri: string): Promi
   if (!match) {
     throw new Error(`Invalid JWK thumbprint URI structure ${uri}`);
   }
-  const algorithm = match[1] as 'sha256' | 'sha384' | 'sha512';
+  const algorithm = `sha${match[1]}` as 'sha256' | 'sha384' | 'sha512';
   if (algorithm !== 'sha256' && algorithm !== 'sha384' && algorithm !== 'sha512') {
     throw new Error(`Invalid JWK thumbprint URI digest algorithm ${uri}`);
   }

src/id-token/IDToken.ts

@@ -87,7 +87,7 @@ export class IDToken {
   public async jwt(_jwtIssuer: JwtIssuer): Promise<IDTokenJwt> {
     if (!this._jwt) {
       if (!this.responseOpts) {
-        throw Error(SIOPErrors.BAD_SIGNATURE_PARAMS);
+        throw Error(SIOPErrors.BAD_IDTOKEN_RESPONSE_OPTS);
       }
 
       const jwtIssuer: JwtIssuerWithContext = _jwtIssuer
@@ -98,9 +98,7 @@ export class IDToken {
         this._jwt = await this.responseOpts.createJwtCallback(jwtIssuer, { header: {}, payload: this._payload });
       } else if (jwtIssuer.method === 'did') {
         const did = jwtIssuer.didUrl.split('#')[0];
-        if (!this._payload.sub) {
-          this._payload.sub = did;
-        }
+        this._payload.sub = did;
 
         const issuer = this._responseOpts.registration.issuer || this._payload.iss;
         if (!issuer || !(issuer.includes(ResponseIss.SELF_ISSUED_V2) || issuer === this._payload.sub)) {

src/op/OP.ts

@@ -17,8 +17,6 @@ import {
   AuthorizationEvent,
   AuthorizationEvents,
   ContentType,
-  ExternalVerification,
-  InternalVerification,
   JwtIssuer,
   ParsedAuthorizationRequestURI,
   RegisterEventListener,
@@ -28,6 +26,7 @@ import {
   SIOPResonse,
   SupportedVersion,
   UrlEncodingFormat,
+  Verification,
   VerifiedAuthorizationRequest,
 } from '../types';
 
@@ -56,7 +55,7 @@ export class OP {
 
   public async verifyAuthorizationRequest(
     requestJwtOrUri: string | URI,
-    requestOpts?: { correlationId?: string; verification?: InternalVerification | ExternalVerification },
+    requestOpts?: { correlationId?: string; verification?: Verification },
   ): Promise<VerifiedAuthorizationRequest> {
     const correlationId = requestOpts?.correlationId || uuidv4();
     const authorizationRequest = await AuthorizationRequest.fromUriOrJwt(requestJwtOrUri)
@@ -100,7 +99,7 @@ export class OP {
       correlationId?: string;
       audience?: string;
       issuer?: ResponseIss | string;
-      verification?: InternalVerification | ExternalVerification;
+      verification?: Verification;
       presentationExchange?: PresentationExchangeResponseOpts;
     },
   ): Promise<AuthorizationResponseWithCorrelationId> {
@@ -242,10 +241,7 @@ export class OP {
     };
   }
 
-  private newVerifyAuthorizationRequestOpts(requestOpts: {
-    correlationId: string;
-    verification?: InternalVerification | ExternalVerification;
-  }): VerifyAuthorizationRequestOpts {
+  private newVerifyAuthorizationRequestOpts(requestOpts: { correlationId: string; verification?: Verification }): VerifyAuthorizationRequestOpts {
     const verification: VerifyAuthorizationRequestOpts = {
       ...this._verifyRequestOptions,
       verifyJwtCallback: this._verifyRequestOptions.verifyJwtCallback,

src/op/Opts.ts

@@ -2,7 +2,7 @@ import { VerifyAuthorizationRequestOpts } from '../authorization-request';
 import { AuthorizationResponseOpts } from '../authorization-response';
 import { LanguageTagUtils } from '../helpers';
 import { AuthorizationResponseOptsSchema } from '../schemas';
-import { InternalVerification, PassBy, ResponseRegistrationOpts, VerificationMode } from '../types';
+import { PassBy, ResponseRegistrationOpts } from '../types';
 
 import { OPBuilder } from './OPBuilder';
 
@@ -64,9 +64,7 @@ export const createVerifyRequestOptsFromBuilderOrExistingOpts = (opts: {
     ? {
         verifyJwtCallback: opts.builder.verifyJwtCallback,
         hasher: opts.builder.hasher,
-        verification: {
-          mode: VerificationMode.INTERNAL,
-        } as InternalVerification,
+        verification: {},
         supportedVersions: opts.builder.supportedVersions,
         correlationId: undefined,
       }

src/request-object/RequestObject.ts

@@ -100,7 +100,7 @@ export class RequestObject {
         this.jwt = await this.opts.createJwtCallback(jwtIssuer, { header, payload: this.payload });
       } else if (jwtIssuer.method === 'jwk') {
         if (!this.payload.client_id) {
-          throw new Error('Plaese provide a client_id for the RP');
+          throw new Error('Please provide a client_id for the RP');
         }
 
         const header = { jwk: jwtIssuer.jwk, typ: 'JWT', alg: jwtIssuer.jwk.alg as string };

src/rp/Opts.ts

@@ -1,7 +1,7 @@
 import { CreateAuthorizationRequestOpts, PropertyTarget, PropertyTargets, RequestPropertyWithTargets } from '../authorization-request';
 import { VerifyAuthorizationResponseOpts } from '../authorization-response';
 // import { CreateAuthorizationRequestOptsSchema } from '../schemas';
-import { ClientMetadataOpts, InternalVerification, RequestObjectPayload, SIOPErrors, VerificationMode } from '../types';
+import { ClientMetadataOpts, RequestObjectPayload, SIOPErrors, Verification } from '../types';
 
 import { RPBuilder } from './RPBuilder';
 
@@ -52,15 +52,14 @@ export const createVerifyResponseOptsFromBuilderOrExistingOpts = (opts: { builde
         hasher: opts.builder.hasher,
         verifyJwtCallback: opts.builder.verifyJwtCallback,
         verification: {
-          mode: VerificationMode.INTERNAL,
           presentationVerificationCallback: opts.builder.presentationVerificationCallback,
           supportedVersions: opts.builder.supportedVersions,
           revocationOpts: {
             revocationVerification: opts.builder.revocationVerification,
             revocationVerificationCallback: opts.builder.revocationVerificationCallback,
           },
           replayRegistry: opts.builder.sessionManager,
-        } as InternalVerification,
+        } as Verification,
         audience: opts.builder.clientId || opts.builder.clientMetadata?.client_id,
       }
     : opts.verifyOpts;

src/rp/RP.ts

@@ -15,18 +15,16 @@ import {
 import { mergeVerificationOpts } from '../authorization-request/Opts';
 import { AuthorizationResponse, PresentationDefinitionWithLocation, VerifyAuthorizationResponseOpts } from '../authorization-response';
 import { getNonce, getState } from '../helpers';
-import { JwtIssuer } from '../types';
+import { JwtIssuer, PassBy } from '../types';
 import {
   AuthorizationEvent,
   AuthorizationEvents,
   AuthorizationResponsePayload,
-  ExternalVerification,
-  InternalVerification,
-  PassBy,
   RegisterEventListener,
   ResponseURIType,
   SIOPErrors,
   SupportedVersion,
+  Verification,
   VerifiedAuthorizationResponse,
 } from '../types';
 
@@ -143,7 +141,7 @@ export class RP {
       audience?: string;
       state?: string;
       nonce?: string;
-      verification?: InternalVerification | ExternalVerification;
+      verification?: Verification;
       presentationDefinitions?: PresentationDefinitionWithLocation | PresentationDefinitionWithLocation[];
     },
   ): Promise<VerifiedAuthorizationResponse> {
@@ -306,7 +304,7 @@ export class RP {
       hasher?: Hasher;
       state?: string;
       nonce?: string;
-      verification?: InternalVerification | ExternalVerification;
+      verification?: Verification;
       audience?: string;
       presentationDefinitions?: PresentationDefinitionWithLocation | PresentationDefinitionWithLocation[];
     },

src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts

@@ -1068,4 +1068,4 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = {
       ]
     }
   }
-};
+};

src/schemas/AuthorizationResponseOpts.schema.ts

@@ -1657,15 +1657,11 @@ export const AuthorizationResponseOptsSchemaObj = {
                 }
               },
               "additionalProperties": false
-            },
-            "jwkThumbprint": {
-              "type": "string"
             }
           },
           "required": [
             "method",
-            "jwk",
-            "jwkThumbprint"
+            "jwk"
           ],
           "additionalProperties": false
         },