diff --git a/README.md b/README.md index 74c81615..cc4d2a30 100644 --- a/README.md +++ b/README.md @@ -290,23 +290,23 @@ function verifyJwtCallback(): VerifyJwtCallback { } else if (jwtVerifier.method === 'jwk') { // verify jwk certificate protected jwt's } else if (jwtVerifier.method === 'custom') { - // Only called if based on the jwt the verification method could not been determined - throw new Error(`Could not determine jwt verification method`) + // Only called if based on the jwt the verification method could not be determined + throw new Error(`Unsupported JWT verifier method ${jwtIssuer.method}`) } } } function createJwtCallback(): CreateJwtCallback { return async (jwtIssuer, jwt) => { - if (jwtVerifier.method === 'did') { + if (jwtIssuer.method === 'did') { // create didJwt - } else if (jwtVerifier.method === 'x5c') { + } else if (jwtIssuer.method === 'x5c') { // create x5c certificate protected jwt - } else if (jwtVerifier.method === 'jwk') { + } else if (jwtIssuer.method === 'jwk') { // create a jwk certificate protected jwt - } else if (jwtVerifier.method === 'custom') { + } else if (jwtIssuer.method === 'custom') { // Only called if no or a Custom jwtIssuer was passed to the respective methods - throw new Error(`Could not determine jwt verification method`) + throw new Error(`Unsupported JWT issuer method ${jwtIssuer.method}`) } } } @@ -786,7 +786,7 @@ export interface VerifiedJWT { } export interface VerifyAuthorizationRequestOpts { - verification: InternalVerification | ExternalVerification; // To use internal verification or external hosted verification + verification: Verification nonce?: string; // If provided the nonce in the request needs to match verifyCallback?: VerifyCallback; } @@ -819,7 +819,6 @@ static async verifyJWT(jwt:string, opts: SIOP.VerifyAuthorizationRequestOpts): P ````typescript const verifyOpts: VerifyAuthorizationRequestOpts = { verification: { - mode: VerificationMode.INTERNAL, resolveOpts: { subjectSyntaxTypesSupported: ['did:ethr'], } @@ -874,7 +873,7 @@ export enum PresentationLocation { } export interface VerifyAuthorizationRequestOpts { - verification: InternalVerification | ExternalVerification; // To use internal verification or external hosted verification + verification: Verification nonce?: string; // If provided the nonce in the request needs to match verifyCallback?: VerifyCallback // Callback function to verify the domain linkage credential } @@ -938,12 +937,7 @@ static async createJWTFromRequestJWT(requestJwt: string, responseOpts: SIOP.Auth responseMode: ResponseMode.POST, } const verifyOpts: VerifyAuthorizationRequestOpts = { - verification: { - resolveOpts: { - subjectSyntaxTypesSupported: ['did:ethr:'], - }, - mode: VerificationMode.INTERNAL, - } + verification: { } } createJWTFromRequestJWT('ey....', responseOpts, verifyOpts).then(resp => { console.log(resp.payload.sub); @@ -961,12 +955,7 @@ const NONCE = "5c1d29c1-cf7d-4e14-9305-9db46d8c1916"; const verifyOpts: VerifyAuthorizationResponseOpts = { audience: "https://rp.acme.com/siop/jwts", nonce: NONCE, - verification: { - resolveOpts: { - subjectSyntaxTypesSupported: ['did:ethr:'], - }, - mode: VerificationMode.INTERNAL, - } + verification: { } } verifyJWT('ey......', verifyOpts).then(jwt => { diff --git a/docs/services-class-diagram.md b/docs/services-class-diagram.md index 785b0df9..a2e028e8 100644 --- a/docs/services-class-diagram.md +++ b/docs/services-class-diagram.md @@ -54,7 +54,7 @@ RequestRegistrationOpts --|> RPRegistrationMetadataOpts class VerifyAuthenticationRequestOpts { <> - verification: InternalVerification | ExternalVerification; + verification: Verification nonce?: string; } @@ -110,7 +110,7 @@ AuthenticationResponseWithJWT --> AuthenticationResponseOpts class VerifyAuthenticationResponseOpts { <> - verification: InternalVerification | ExternalVerification; + verification: Verification nonce?: string; state?: string; audience: string; diff --git a/docs/services-class-diagram.svg b/docs/services-class-diagram.svg index 69466101..a4c8112b 100644 --- a/docs/services-class-diagram.svg +++ b/docs/services-class-diagram.svg @@ -1 +1 @@ -
«service»
RP
createAuthenticationRequest(opts?) Promise(AuthenticationRequestURI)
verifyAuthenticationResponseJwt(jwt: string, opts?) Promise(VerifiedAuthenticationResponseWithJWT)
«interface»
AuthenticationRequestURI
jwt?: string;
requestOpts: AuthenticationRequestOpts;
requestPayload: AuthenticationRequestPayload;
«interface»
VerifiedAuthenticationResponseWithJWT
payload: AuthenticationResponsePayload;
verifyOpts: VerifyAuthenticationResponseOpts;
«service»
AuthorizationRequest
createURI(opts: AuthenticationRequestOpts) Promise(AuthenticationRequestURI)
createJWT(opts: AuthenticationRequestOpts)
verifyJWT(jwt: string, opts: VerifyAuthenticationRequestOpts) Promise(VerifiedAuthenticationRequestWithJWT)
«interface»
AuthenticationResponse
createJWTFromRequestJWT(jwt: string, responseOpts: AuthenticationResponseOpts, verifyOpts: VerifyAuthenticationRequestOpts) Promise(AuthenticationResponseWithJWT)
verifyJWT(jwt: string, verifyOpts: VerifyAuthenticationResponseOpts) Promise(VerifiedAuthenticationResponseWithJWT)
«service»
OP
createAuthenticationResponse(jwtOrUri: string, opts?) Promise(AuthenticationResponseWithJWT)
verifyAuthenticationRequest(jwt: string, opts?) Promise(VerifiedAuthenticationRequestWithJWT)
«interface»
AuthenticationResponseWithJWT
jwt: string;
nonce: string;
state: string;
payload: AuthenticationResponsePayload;
verifyOpts?: VerifyAuthenticationRequestOpts;
responseOpts: AuthenticationResponseOpts;
«interface»
VerifiedAuthenticationRequestWithJWT
payload: AuthenticationRequestPayload;
verifyOpts: VerifyAuthenticationRequestOpts;
«interface»
AuthenticationRequestOpts
redirectUri: string;
requestBy: ObjectBy;
signature: InternalSignature | ExternalSignature | NoSignature;
responseMode?: ResponseMode;
claims?: ClaimPayload;
registration: RequestRegistrationOpts;
nonce?: string;
state?: string;
«enum»
ResponseMode
«interface»
RPRegistrationMetadataOpts
subjectIdentifiersSupported: SubjectIdentifierType[] | SubjectIdentifierType;
didMethodsSupported?: string[] | string;
credentialFormatsSupported: CredentialFormat[] | CredentialFormat;
«interface»
RequestRegistrationOpts
registrationBy: RegistrationType;
«interface»
VerifyAuthenticationRequestOpts
verification: InternalVerification | ExternalVerification;
nonce?: string;
AuthenticationRequestWithJWT
«interface»
AuthenticationResponseOpts
signature: InternalSignature | ExternalSignature;
nonce?: string;
state?: string;
registration: ResponseRegistrationOpts;
responseMode?: ResponseMode;
did: string;
vp?: VerifiablePresentation;
expiresIn?: number;
«interface»
VerifyAuthenticationResponseOpts
verification: InternalVerification | ExternalVerification;
nonce?: string;
state?: string;
audience: string;
AuthenticationResponsePayload
«interface»
UriResponse
responseMode?: ResponseMode;
bodyEncoded?: string;
«interface»
SIOPURI
encodedUri: string;
encodingFormat: UrlEncodingFormat;
«enum»
UrlEncodingFormat
«interface»
AuthenticationRequestPayload
scope: Scope;
response_type: ResponseType;
client_id: string;
redirect_uri: string;
response_mode: ResponseMode;
request: string;
request_uri: string;
state?: string;
nonce: string;
did_doc?: DIDDocument;
claims?: RequestClaims;
JWTPayload
iss?: string
sub?: string
aud?: string | string[]
iat?: number
nbf?: number
exp?: number
rexp?: number
[x: string]: any
«interface»
VerifiedJWT
payload: Partial<JWTPayload>;
didResolutionResult: DIDResolutionResult;
issuer: string;
signer: VerificationMethod;
jwt: string;
 +
«service»
RP
createAuthenticationRequest(opts?) Promise(AuthenticationRequestURI)
verifyAuthenticationResponseJwt(jwt: string, opts?) Promise(VerifiedAuthenticationResponseWithJWT)
«interface»
AuthenticationRequestURI
jwt?: string;
requestOpts: AuthenticationRequestOpts;
requestPayload: AuthenticationRequestPayload;
«interface»
VerifiedAuthenticationResponseWithJWT
payload: AuthenticationResponsePayload;
verifyOpts: VerifyAuthenticationResponseOpts;
«service»
AuthorizationRequest
createURI(opts: AuthenticationRequestOpts) Promise(AuthenticationRequestURI)
createJWT(opts: AuthenticationRequestOpts)
verifyJWT(jwt: string, opts: VerifyAuthenticationRequestOpts) Promise(VerifiedAuthenticationRequestWithJWT)
«interface»
AuthenticationResponse
createJWTFromRequestJWT(jwt: string, responseOpts: AuthenticationResponseOpts, verifyOpts: VerifyAuthenticationRequestOpts) Promise(AuthenticationResponseWithJWT)
verifyJWT(jwt: string, verifyOpts: VerifyAuthenticationResponseOpts) Promise(VerifiedAuthenticationResponseWithJWT)
«service»
OP
createAuthenticationResponse(jwtOrUri: string, opts?) Promise(AuthenticationResponseWithJWT)
verifyAuthenticationRequest(jwt: string, opts?) Promise(VerifiedAuthenticationRequestWithJWT)
«interface»
AuthenticationResponseWithJWT
jwt: string;
nonce: string;
state: string;
payload: AuthenticationResponsePayload;
verifyOpts?: VerifyAuthenticationRequestOpts;
responseOpts: AuthenticationResponseOpts;
«interface»
VerifiedAuthenticationRequestWithJWT
payload: AuthenticationRequestPayload;
verifyOpts: VerifyAuthenticationRequestOpts;
«interface»
AuthenticationRequestOpts
redirectUri: string;
requestBy: ObjectBy;
signature: InternalSignature | ExternalSignature | NoSignature;
responseMode?: ResponseMode;
claims?: ClaimPayload;
registration: RequestRegistrationOpts;
nonce?: string;
state?: string;
«enum»
ResponseMode
«interface»
RPRegistrationMetadataOpts
subjectIdentifiersSupported: SubjectIdentifierType[] | SubjectIdentifierType;
didMethodsSupported?: string[] | string;
credentialFormatsSupported: CredentialFormat[] | CredentialFormat;
«interface»
RequestRegistrationOpts
registrationBy: RegistrationType;
«interface»
VerifyAuthenticationRequestOpts
verification: Verification;
nonce?: string;
AuthenticationRequestWithJWT
«interface»
AuthenticationResponseOpts
signature: InternalSignature | ExternalSignature;
nonce?: string;
state?: string;
registration: ResponseRegistrationOpts;
responseMode?: ResponseMode;
did: string;
vp?: VerifiablePresentation;
expiresIn?: number;
«interface»
VerifyAuthenticationResponseOpts
verification: Verification;
nonce?: string;
state?: string;
audience: string;
AuthenticationResponsePayload
«interface»
UriResponse
responseMode?: ResponseMode;
bodyEncoded?: string;
«interface»
SIOPURI
encodedUri: string;
encodingFormat: UrlEncodingFormat;
«enum»
UrlEncodingFormat
«interface»
AuthenticationRequestPayload
scope: Scope;
response_type: ResponseType;
client_id: string;
redirect_uri: string;
response_mode: ResponseMode;
request: string;
request_uri: string;
state?: string;
nonce: string;
did_doc?: DIDDocument;
claims?: RequestClaims;
JWTPayload
iss?: string
sub?: string
aud?: string | string[]
iat?: number
nbf?: number
exp?: number
rexp?: number
[x: string]: any
«interface»
VerifiedJWT
payload: Partial<JWTPayload>;
didResolutionResult: DIDResolutionResult;
issuer: string;
signer: VerificationMethod;
jwt: string;
 diff --git a/src/authorization-request/Opts.ts b/src/authorization-request/Opts.ts index 25495832..4b3deb1b 100644 --- a/src/authorization-request/Opts.ts +++ b/src/authorization-request/Opts.ts @@ -1,5 +1,5 @@ import { assertValidRequestObjectOpts } from '../request-object/Opts'; -import { ExternalVerification, InternalVerification, SIOPErrors } from '../types'; +import { SIOPErrors, Verification } from '../types'; import { assertValidRequestRegistrationOpts } from './RequestRegistration'; import { CreateAuthorizationRequestOpts, VerifyAuthorizationRequestOpts } from './types'; @@ -23,11 +23,11 @@ export const assertValidAuthorizationRequestOpts = (opts: CreateAuthorizationReq export const mergeVerificationOpts = ( classOpts: { - verification?: InternalVerification | ExternalVerification; + verification?: Verification; }, requestOpts: { correlationId: string; - verification?: InternalVerification | ExternalVerification; + verification?: Verification; }, ) => { const presentationVerificationCallback = diff --git a/src/authorization-request/types.ts b/src/authorization-request/types.ts index a6297e7f..636e065e 100644 --- a/src/authorization-request/types.ts +++ b/src/authorization-request/types.ts @@ -4,9 +4,7 @@ import { PresentationDefinitionPayloadOpts } from '../authorization-response'; import { RequestObjectOpts } from '../request-object'; import { ClientMetadataOpts, - ExternalVerification, IdTokenClaimPayload, - InternalVerification, ResponseMode, ResponseType, Schema, @@ -14,6 +12,7 @@ import { SigningAlgo, SubjectType, SupportedVersion, + Verification, } from '../types'; import { VerifyJwtCallback } from '../types/JwtVerifier'; @@ -74,9 +73,8 @@ export type CreateAuthorizationRequestOpts = AuthorizationRequestOptsVID1 | Auth export interface VerifyAuthorizationRequestOpts { correlationId: string; - verification: InternalVerification | ExternalVerification; // To use internal verification or external hosted verification + verification: Verification; verifyJwtCallback: VerifyJwtCallback; - // didDocument?: DIDDocument; // If not provided the DID document will be resolved from the request nonce?: string; // If provided the nonce in the request needs to match state?: string; // If provided the state in the request needs to match diff --git a/src/authorization-response/Opts.ts b/src/authorization-response/Opts.ts index 24c1fe47..753da683 100644 --- a/src/authorization-response/Opts.ts +++ b/src/authorization-response/Opts.ts @@ -1,4 +1,4 @@ -import { isExternalVerification, isInternalVerification, SIOPErrors } from '../types'; +import { SIOPErrors } from '../types'; import { AuthorizationResponseOpts, VerifyAuthorizationResponseOpts } from './types'; @@ -9,7 +9,7 @@ export const assertValidResponseOpts = (opts: AuthorizationResponseOpts) => { }; export const assertValidVerifyOpts = (opts: VerifyAuthorizationResponseOpts) => { - if (!opts?.verification || (!isExternalVerification(opts.verification) && !isInternalVerification(opts.verification))) { + if (!opts?.verification || !opts.verifyJwtCallback) { throw new Error(SIOPErrors.VERIFY_BAD_PARAMS); } }; diff --git a/src/authorization-response/types.ts b/src/authorization-response/types.ts index 6c7029f2..ec782296 100644 --- a/src/authorization-response/types.ts +++ b/src/authorization-response/types.ts @@ -2,15 +2,7 @@ import { IPresentationDefinition, PresentationSignCallBackParams } from '@sphere import { Format } from '@sphereon/pex-models'; import { CompactSdJwtVc, Hasher, PresentationSubmission, W3CVerifiablePresentation } from '@sphereon/ssi-types'; -import { - ExternalVerification, - InternalVerification, - ResponseMode, - ResponseRegistrationOpts, - ResponseURIType, - SupportedVersion, - VerifiablePresentationWithFormat, -} from '../types'; +import { ResponseMode, ResponseRegistrationOpts, ResponseURIType, SupportedVersion, VerifiablePresentationWithFormat, Verification } from '../types'; import { CreateJwtCallback, JwtIssuer } from '../types/JwtIssuer'; import { VerifyJwtCallback } from '../types/JwtVerifier'; @@ -93,10 +85,9 @@ export type PresentationSignCallback = (args: PresentationSignCallBackParams) => export interface VerifyAuthorizationResponseOpts { correlationId: string; - verification: InternalVerification | ExternalVerification; + verification: Verification; verifyJwtCallback: VerifyJwtCallback; hasher?: Hasher; - // didDocument?: DIDDocument; // If not provided the DID document will be resolved from the request nonce?: string; // To verify the response against the supplied nonce state?: string; // To verify the response against the supplied state diff --git a/src/helpers/Keys.ts b/src/helpers/Keys.ts index 3e56e5ff..5079a8f1 100644 --- a/src/helpers/Keys.ts +++ b/src/helpers/Keys.ts @@ -135,7 +135,7 @@ export async function getDigestAlgorithmFromJwkThumbprintUri(uri: string): Promi if (!match) { throw new Error(`Invalid JWK thumbprint URI structure ${uri}`); } - const algorithm = match[1] as 'sha256' | 'sha384' | 'sha512'; + const algorithm = `sha${match[1]}` as 'sha256' | 'sha384' | 'sha512'; if (algorithm !== 'sha256' && algorithm !== 'sha384' && algorithm !== 'sha512') { throw new Error(`Invalid JWK thumbprint URI digest algorithm ${uri}`); } diff --git a/src/id-token/IDToken.ts b/src/id-token/IDToken.ts index d0251f51..84e447a9 100644 --- a/src/id-token/IDToken.ts +++ b/src/id-token/IDToken.ts @@ -87,7 +87,7 @@ export class IDToken { public async jwt(_jwtIssuer: JwtIssuer): Promise { if (!this._jwt) { if (!this.responseOpts) { - throw Error(SIOPErrors.BAD_SIGNATURE_PARAMS); + throw Error(SIOPErrors.BAD_IDTOKEN_RESPONSE_OPTS); } const jwtIssuer: JwtIssuerWithContext = _jwtIssuer @@ -98,9 +98,7 @@ export class IDToken { this._jwt = await this.responseOpts.createJwtCallback(jwtIssuer, { header: {}, payload: this._payload }); } else if (jwtIssuer.method === 'did') { const did = jwtIssuer.didUrl.split('#')[0]; - if (!this._payload.sub) { - this._payload.sub = did; - } + this._payload.sub = did; const issuer = this._responseOpts.registration.issuer || this._payload.iss; if (!issuer || !(issuer.includes(ResponseIss.SELF_ISSUED_V2) || issuer === this._payload.sub)) { diff --git a/src/op/OP.ts b/src/op/OP.ts index 5db77d5f..eee5f257 100644 --- a/src/op/OP.ts +++ b/src/op/OP.ts @@ -17,8 +17,6 @@ import { AuthorizationEvent, AuthorizationEvents, ContentType, - ExternalVerification, - InternalVerification, JwtIssuer, ParsedAuthorizationRequestURI, RegisterEventListener, @@ -28,6 +26,7 @@ import { SIOPResonse, SupportedVersion, UrlEncodingFormat, + Verification, VerifiedAuthorizationRequest, } from '../types'; @@ -56,7 +55,7 @@ export class OP { public async verifyAuthorizationRequest( requestJwtOrUri: string | URI, - requestOpts?: { correlationId?: string; verification?: InternalVerification | ExternalVerification }, + requestOpts?: { correlationId?: string; verification?: Verification }, ): Promise { const correlationId = requestOpts?.correlationId || uuidv4(); const authorizationRequest = await AuthorizationRequest.fromUriOrJwt(requestJwtOrUri) @@ -100,7 +99,7 @@ export class OP { correlationId?: string; audience?: string; issuer?: ResponseIss | string; - verification?: InternalVerification | ExternalVerification; + verification?: Verification; presentationExchange?: PresentationExchangeResponseOpts; }, ): Promise { @@ -242,10 +241,7 @@ export class OP { }; } - private newVerifyAuthorizationRequestOpts(requestOpts: { - correlationId: string; - verification?: InternalVerification | ExternalVerification; - }): VerifyAuthorizationRequestOpts { + private newVerifyAuthorizationRequestOpts(requestOpts: { correlationId: string; verification?: Verification }): VerifyAuthorizationRequestOpts { const verification: VerifyAuthorizationRequestOpts = { ...this._verifyRequestOptions, verifyJwtCallback: this._verifyRequestOptions.verifyJwtCallback, diff --git a/src/op/Opts.ts b/src/op/Opts.ts index 0dbeec06..07f7b0f4 100644 --- a/src/op/Opts.ts +++ b/src/op/Opts.ts @@ -2,7 +2,7 @@ import { VerifyAuthorizationRequestOpts } from '../authorization-request'; import { AuthorizationResponseOpts } from '../authorization-response'; import { LanguageTagUtils } from '../helpers'; import { AuthorizationResponseOptsSchema } from '../schemas'; -import { InternalVerification, PassBy, ResponseRegistrationOpts, VerificationMode } from '../types'; +import { PassBy, ResponseRegistrationOpts } from '../types'; import { OPBuilder } from './OPBuilder'; @@ -64,9 +64,7 @@ export const createVerifyRequestOptsFromBuilderOrExistingOpts = (opts: { ? { verifyJwtCallback: opts.builder.verifyJwtCallback, hasher: opts.builder.hasher, - verification: { - mode: VerificationMode.INTERNAL, - } as InternalVerification, + verification: {}, supportedVersions: opts.builder.supportedVersions, correlationId: undefined, } diff --git a/src/request-object/RequestObject.ts b/src/request-object/RequestObject.ts index e325fb20..dd8f59e1 100644 --- a/src/request-object/RequestObject.ts +++ b/src/request-object/RequestObject.ts @@ -100,7 +100,7 @@ export class RequestObject { this.jwt = await this.opts.createJwtCallback(jwtIssuer, { header, payload: this.payload }); } else if (jwtIssuer.method === 'jwk') { if (!this.payload.client_id) { - throw new Error('Plaese provide a client_id for the RP'); + throw new Error('Please provide a client_id for the RP'); } const header = { jwk: jwtIssuer.jwk, typ: 'JWT', alg: jwtIssuer.jwk.alg as string }; diff --git a/src/rp/Opts.ts b/src/rp/Opts.ts index 64e66108..7df3b133 100644 --- a/src/rp/Opts.ts +++ b/src/rp/Opts.ts @@ -1,7 +1,7 @@ import { CreateAuthorizationRequestOpts, PropertyTarget, PropertyTargets, RequestPropertyWithTargets } from '../authorization-request'; import { VerifyAuthorizationResponseOpts } from '../authorization-response'; // import { CreateAuthorizationRequestOptsSchema } from '../schemas'; -import { ClientMetadataOpts, InternalVerification, RequestObjectPayload, SIOPErrors, VerificationMode } from '../types'; +import { ClientMetadataOpts, RequestObjectPayload, SIOPErrors, Verification } from '../types'; import { RPBuilder } from './RPBuilder'; @@ -52,7 +52,6 @@ export const createVerifyResponseOptsFromBuilderOrExistingOpts = (opts: { builde hasher: opts.builder.hasher, verifyJwtCallback: opts.builder.verifyJwtCallback, verification: { - mode: VerificationMode.INTERNAL, presentationVerificationCallback: opts.builder.presentationVerificationCallback, supportedVersions: opts.builder.supportedVersions, revocationOpts: { @@ -60,7 +59,7 @@ export const createVerifyResponseOptsFromBuilderOrExistingOpts = (opts: { builde revocationVerificationCallback: opts.builder.revocationVerificationCallback, }, replayRegistry: opts.builder.sessionManager, - } as InternalVerification, + } as Verification, audience: opts.builder.clientId || opts.builder.clientMetadata?.client_id, } : opts.verifyOpts; diff --git a/src/rp/RP.ts b/src/rp/RP.ts index 23716ad5..9f4c21b0 100644 --- a/src/rp/RP.ts +++ b/src/rp/RP.ts @@ -15,18 +15,16 @@ import { import { mergeVerificationOpts } from '../authorization-request/Opts'; import { AuthorizationResponse, PresentationDefinitionWithLocation, VerifyAuthorizationResponseOpts } from '../authorization-response'; import { getNonce, getState } from '../helpers'; -import { JwtIssuer } from '../types'; +import { JwtIssuer, PassBy } from '../types'; import { AuthorizationEvent, AuthorizationEvents, AuthorizationResponsePayload, - ExternalVerification, - InternalVerification, - PassBy, RegisterEventListener, ResponseURIType, SIOPErrors, SupportedVersion, + Verification, VerifiedAuthorizationResponse, } from '../types'; @@ -143,7 +141,7 @@ export class RP { audience?: string; state?: string; nonce?: string; - verification?: InternalVerification | ExternalVerification; + verification?: Verification; presentationDefinitions?: PresentationDefinitionWithLocation | PresentationDefinitionWithLocation[]; }, ): Promise { @@ -306,7 +304,7 @@ export class RP { hasher?: Hasher; state?: string; nonce?: string; - verification?: InternalVerification | ExternalVerification; + verification?: Verification; audience?: string; presentationDefinitions?: PresentationDefinitionWithLocation | PresentationDefinitionWithLocation[]; }, diff --git a/src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts b/src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts index e3f425d6..96cb5f7b 100644 --- a/src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts +++ b/src/schemas/AuthorizationRequestPayloadVD12OID4VPD18.schema.ts @@ -1068,4 +1068,4 @@ export const AuthorizationRequestPayloadVD12OID4VPD18SchemaObj = { ] } } -}; +}; \ No newline at end of file diff --git a/src/schemas/AuthorizationResponseOpts.schema.ts b/src/schemas/AuthorizationResponseOpts.schema.ts index b5815495..0350ea17 100644 --- a/src/schemas/AuthorizationResponseOpts.schema.ts +++ b/src/schemas/AuthorizationResponseOpts.schema.ts @@ -1657,15 +1657,11 @@ export const AuthorizationResponseOptsSchemaObj = { } }, "additionalProperties": false - }, - "jwkThumbprint": { - "type": "string" } }, "required": [ "method", - "jwk", - "jwkThumbprint" + "jwk" ], "additionalProperties": false }, diff --git a/src/types/Errors.ts b/src/types/Errors.ts index b9f23bca..3c4fe536 100644 --- a/src/types/Errors.ts +++ b/src/types/Errors.ts @@ -3,15 +3,12 @@ enum SIOPErrors { INVALID_REQUEST = 'The request contained invalid or conflicting parameters', AUTH_REQUEST_EXPECTS_VP = 'authentication request expects a verifiable presentation in the response', AUTH_REQUEST_DOESNT_EXPECT_VP = "authentication request doesn't expect a verifiable presentation in the response", - BAD_INTERNAL_VERIFICATION_PARAMS = 'Error: One of the either didUrlResolver or both registry and rpcUrl must be set', BAD_STATE = 'The state in the payload does not match the supplied state', BAD_NONCE = 'The nonce in the payload does not match the supplied nonce', + NO_ALG_SUPPORTED = 'Algorithm not supported.', BAD_PARAMS = 'Wrong parameters provided.', - BAD_SIGNATURE_PARAMS = 'Signature parameters should be internal signature with hexPrivateKey, did, and an optional kid, or external signature parameters with signatureUri, did, and optionals parameters authZToken, hexPublicKey, and kid', - CANT_UNMARSHAL_JWT_VP = "can't unmarshal the presentation object", - + BAD_IDTOKEN_RESPONSE_OPTS = 'Id-token response options are not set.', NO_REQUEST_VERSION = 'No request spec version provided.', - NO_REQUEST = 'No request (payload) provided.', NO_RESPONSE = 'No response (payload) provided.', NO_PRESENTATION_SUBMISSION = 'The VP did not contain a presentation submission. Did you forget to call PresentationExchange.checkSubmissionFrom?', @@ -20,39 +17,22 @@ enum SIOPErrors { COULD_NOT_FIND_VCS_MATCHING_PD = 'Could not find VerifiableCredentials matching presentationDefinition object in the provided VC list', DIDAUTH_REQUEST_PAYLOAD_NOT_CREATED = 'DidAuthRequestPayload not created', DID_METHODS_NOT_SUPORTED = 'DID_METHODS_NOT_SUPPORTED', - EVALUATE_PRSENTATION_EXCHANGE_FAILED = 'Evaluation of presentation definition from the request against the Verifiable Presentation failed.', - ERROR_ON_POST_CALL = 'Error on Post call: ', - ERROR_RETRIEVING_DID_DOCUMENT = 'Error retrieving DID document', - ERROR_RETRIEVING_VERIFICATION_METHOD = 'Error retrieving verification method from did document', - ERROR_VALIDATING_NONCE = 'Error validating nonce.', ERROR_VERIFYING_SIGNATURE = 'Error verifying the DID Auth Token signature.', + ERROR_INVALID_JWT = 'Received an invalid JWT.', EXPIRED = 'The token has expired', INVALID_AUDIENCE = 'Audience is invalid. Should be a string value.', ISS_DID_NOT_JWKS_URI_DID = ' DID in the jwks_uri does NOT match the DID in the iss claim', - JWK_THUMBPRINT_MISMATCH_SUB = 'JWK computed thumbprint does not match thumbprint included in Response Token sub claim', - LINK_DOMAIN_CANT_BE_VERIFIED = "Can't verify linked domains.", - MALFORMED_SIGNATURE_RESPONSE = 'Response format is malformed', - NO_ALG_SUPPORTED = 'Algorithm not supported.', - NO_ALG_SUPPORTED_YET = 'Algorithm is not supported yet. Only ES256 supported for this version.', NO_AUDIENCE = 'No audience found in JWT payload or not configured', - NO_DID_PAYLOAD = 'payload must contain did field in payload for self-issued tokens', - NO_IDENTIFIERS_URI = 'identifiersUri must be defined to get the publick key', NO_ISS_DID = 'Token does not have a iss DID', - NO_URI = 'no URI was supplied', NO_JWT = 'no JWT was supplied', - NO_KEY_CURVE_SUPPORTED = 'Key Curve not supported.', NO_NONCE = 'No nonce found in JWT payload', NO_REFERENCE_URI = 'referenceUri must be defined when REFERENCE option is used', REFERENCE_URI_NO_PAYLOAD = 'referenceUri specified, but object to host there is not present', - NO_DID_METHOD_FOUND = 'No did method found.', NO_SELFISSUED_ISS = 'The Response Token Issuer Claim (iss) MUST start with https://self-isued.me/v2', - NO_SUB_TYPE = 'No or empty sub_type found in JWT payload', REGISTRATION_NOT_SET = 'Registration metadata not set.', REQUEST_CLAIMS_PRESENTATION_DEFINITION_BY_REF_AND_VALUE_NON_EXCLUSIVE = "Request claims can't have both 'presentation_definition' and 'presentation_definition_uri'", REQUEST_CLAIMS_PRESENTATION_DEFINITION_NOT_VALID = 'Presentation definition in the request claims is not valid', REQUEST_OBJECT_TYPE_NOT_SET = 'Request object type is not set.', - RESPONSE_AUD_MISMATCH_REDIRECT_URI = 'The audience (aud) in Response Token does NOT match the redirect_uri value sent in the Authentication Request', - RESPONSE_OPTS_MUST_CONTAIN_VERIFIABLE_CREDENTIALS_AND_HOLDER_DID = "Since the request has a presentation definition, response must contain verifiable credentials and holder's did", RESPONSE_OPTS_PRESENTATIONS_SUBMISSION_IS_NOT_VALID = 'presentation_submission object inside the response opts vp should be valid', RESPONSE_STATUS_UNEXPECTED = 'Received unexpected response status', REG_OBJ_N_REG_URI_CANT_BE_SET_SIMULTANEOUSLY = 'Registration can either be passed by value or passed by reference. Hence, registration object and registration URI can not be set simultaneously', @@ -61,11 +41,7 @@ enum SIOPErrors { REGISTRATION_OBJECT_TYPE_NOT_SET = 'Registration object type is not set.', SIGNATURE_OBJECT_TYPE_NOT_SET = 'Signature object type is not set.', SIOP_VERSION_NOT_SUPPORTED = 'The SIOP spec version could not inferred from the authentication request payload', - SUB_JWK_NOT_FOUND_OR_NOT_KID = 'Response Token does not contains sub_jwk claim or sub_jwk does not contain kid attribute.', - VERIFIABLE_PRESENTATION_FORMAT_NOT_SUPPORTED = "This type of verifiable presentation isn't supported in this version", NO_VERIFIABLE_PRESENTATION_NO_CREDENTIALS = 'Either no verifiable presentation or no credentials found in the verifiable presentation', - VERIFICATION_METHOD_NOT_SUPPORTED = 'Verification method not supported', - VERIFICATION_METHOD_NO_MATCH = "The verification method from the RP's DID Document does NOT match the kid of the SIOP Request", VERIFY_BAD_PARAMS = 'Verify bad parameters', VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID = 'The signature of the verifiable presentation is not valid', VERIFIABLE_PRESENTATION_VERIFICATION_FUNCTION_MISSING = 'The verifiable presentation verification function is missing', diff --git a/src/types/JwtVerifier.ts b/src/types/JwtVerifier.ts index 942e2aae..363c9af3 100644 --- a/src/types/JwtVerifier.ts +++ b/src/types/JwtVerifier.ts @@ -1,17 +1,20 @@ import { calculateJwkThumbprintUri, getDigestAlgorithmFromJwkThumbprintUri } from '../helpers'; +import SIOPErrors from './Errors'; import { JWK, JwtHeader, JwtPayload } from './JWT.types'; -export type JwtVerificationContext = { type: 'id-token' } | { type: 'request-object' }; +export type JwtVerificationType = 'id-token' | 'request-object'; interface DidJwtVerifier { method: 'did'; + type: JwtVerificationType; didUrl: string; } interface X5cJwtVerifier { method: 'x5c'; + type: JwtVerificationType; /** * @@ -27,12 +30,21 @@ interface X5cJwtVerifier { issuer: string; } -interface JwkJwtVerifier { - method: 'jwk'; +type JwkJwtVerifier = + | { + method: 'jwk'; + type: 'id-token'; - jwk: JsonWebKey; - jwkThumbprint: string; -} + jwk: JsonWebKey; + jwkThumbprint: string; + } + | { + method: 'jwk'; + type: 'request-object'; + + jwk: JsonWebKey; + jwkThumbprint?: never; + }; interface CustomJwtVerifier extends Record { method: 'custom'; @@ -40,34 +52,40 @@ interface CustomJwtVerifier extends Record { export type JwtVerifier = DidJwtVerifier | X5cJwtVerifier | CustomJwtVerifier | JwkJwtVerifier; -export type JwtVerifierWithContext = JwtVerifier & JwtVerificationContext; +export type JwtVerifierWithContext = JwtVerifier; export const getJwtVerifierWithContext = async ( jwt: { header: JwtHeader; payload: JwtPayload }, - type: JwtVerifierWithContext['type'], + type: JwtVerificationType, ): Promise => { if (jwt.header.kid?.startsWith('did:')) { - if (!jwt.header.kid.includes('#')) throw new Error('TODO'); + if (!jwt.header.kid.includes('#')) throw new Error(`${SIOPErrors.ERROR_INVALID_JWT}. '${type}' contains an invalid kid header.`); return { method: 'did', didUrl: jwt.header.kid, type }; } else if (jwt.header.x5c) { - if (!Array.isArray(jwt.header.x5c) || typeof jwt.header.x5c.some((cert) => typeof cert !== 'string')) throw new Error('TODO'); + if (!Array.isArray(jwt.header.x5c) || typeof jwt.header.x5c.some((cert) => typeof cert !== 'string')) { + throw new Error(`${SIOPErrors.ERROR_INVALID_JWT}. '${type}' contains an invalid x5c header.`); + } return { method: 'x5c', chain: jwt.header.x5c, issuer: jwt.payload.iss, type }; } else if (jwt.header.jwk) { - if (typeof jwt.header.jwk !== 'object') throw new Error('TODO'); - if (typeof jwt.payload.sub_jwk !== 'string') throw new Error('Invalid JWT. Missing sub_jwk claim.'); + if (typeof jwt.header.jwk !== 'object') throw new Error(`${SIOPErrors.ERROR_INVALID_JWT} '${type}' contains an invalid jwk header.`); + if (type === 'id-token') { + if (typeof jwt.payload.sub_jwk !== 'string') throw new Error(`${SIOPErrors.ERROR_INVALID_JWT} '${type}' is missing the sub_jwk claim.`); + + const jwkThumbPrintUri = jwt.payload.sub_jwk; + const digestAlgorithm = await getDigestAlgorithmFromJwkThumbprintUri(jwkThumbPrintUri); + const selfComputedJwkThumbPrintUri = await calculateJwkThumbprintUri(jwt.header.jwk as JWK, digestAlgorithm); + + if (selfComputedJwkThumbPrintUri !== jwkThumbPrintUri) { + throw new Error(`${SIOPErrors.ERROR_INVALID_JWT} '${type}' contains an invalid sub_jwk claim.`); + } - const jwkThumbPrintUri = jwt.payload.sub_jwk; - const digestAlgorithm = await getDigestAlgorithmFromJwkThumbprintUri(jwkThumbPrintUri); - const selfComputedJwkThumbPrintUri = await calculateJwkThumbprintUri(jwt.header.jwk as JWK, digestAlgorithm); + return { method: 'jwk', type, jwk: jwt.header.jwk, jwkThumbprint: jwt.payload.sub_jwk }; + } - if (selfComputedJwkThumbPrintUri !== jwkThumbPrintUri) throw new Error('Invalid JWT. Thumbprint mismatch.'); - return { method: 'jwk', type, jwk: jwt.header.jwk, jwkThumbprint: jwt.payload.sub_jwk }; + return { method: 'jwk', type, jwk: jwt.header.jwk }; } else { return { method: 'custom', type }; } }; -export type VerifyJwtCallback = ( - jwtVerifier: JwtVerifier & JwtVerificationContext, - jwt: { header: JwtHeader; payload: JwtPayload; raw: string }, -) => Promise; +export type VerifyJwtCallback = (jwtVerifier: JwtVerifier, jwt: { header: JwtHeader; payload: JwtPayload; raw: string }) => Promise; diff --git a/src/types/SIOP.types.ts b/src/types/SIOP.types.ts index 4f9e974b..4cd99231 100644 --- a/src/types/SIOP.types.ts +++ b/src/types/SIOP.types.ts @@ -466,25 +466,12 @@ export enum ResponseContext { OP = 'op', } -export enum VerificationMode { - INTERNAL, - EXTERNAL, -} - export interface Verification { presentationVerificationCallback?: PresentationVerificationCallback; - mode: VerificationMode; revocationOpts?: RevocationOpts; replayRegistry?: IRPSessionManager; } -export type InternalVerification = Verification; - -export interface ExternalVerification extends Verification { - verifyUri: string; // url to call to verify the id_token withSignature - authZToken?: string; // Optional: bearer token to use to the call -} - export interface ResponseClaims { verified_claims?: string; encryption_key?: JsonWebKey; @@ -653,11 +640,6 @@ export const isRequestPayload = ( export const isResponsePayload = (object: RequestObjectPayload | IDTokenPayload): object is IDTokenPayload => 'iss' in object && 'aud' in object; -export const isInternalVerification = (object: InternalVerification | ExternalVerification): object is InternalVerification => - object.mode === VerificationMode.INTERNAL; /* && !isExternalVerification(object)*/ -export const isExternalVerification = (object: InternalVerification | ExternalVerification): object is ExternalVerification => - object.mode === VerificationMode.EXTERNAL; /*&& 'verifyUri' in object || 'authZToken' in object*/ - export const isVP = (object: IVerifiablePresentation | IPresentation): object is IVerifiablePresentation => 'presentation' in object; export const isPresentation = (object: IVerifiablePresentation | IPresentation): object is IPresentation => 'presentation_submission' in object; diff --git a/test/AuthenticationRequest.verify.spec.ts b/test/AuthenticationRequest.verify.spec.ts index 5e822698..a31e169f 100644 --- a/test/AuthenticationRequest.verify.spec.ts +++ b/test/AuthenticationRequest.verify.spec.ts @@ -13,7 +13,6 @@ import { SubjectSyntaxTypesSupportedValues, SubjectType, SupportedVersion, - VerificationMode, VerifyAuthorizationRequestOpts, } from '../src'; import { RPRegistrationMetadataPayloadSchemaObj } from '../src/schemas'; @@ -308,7 +307,7 @@ describe('verifyJWT should', () => { const resolver = getResolver('key'); const verifyOpts: VerifyAuthorizationRequestOpts = { verifyJwtCallback: getVerifyJwtCallback(resolver, { checkLinkedDomain: 'if_present' }), - verification: { mode: VerificationMode.INTERNAL }, + verification: {}, correlationId: '1234', supportedVersions: [SupportedVersion.SIOPv2_ID1], nonce: 'This nonce is different and should throw error', @@ -375,7 +374,7 @@ describe('verifyJWT should', () => { const resolver = getResolver('ethr'); const verifyOpts: VerifyAuthorizationRequestOpts = { verifyJwtCallback: getVerifyJwtCallback(resolver, { checkLinkedDomain: 'if_present' }), - verification: { mode: VerificationMode.INTERNAL }, + verification: {}, supportedVersions: [SupportedVersion.SIOPv2_ID1], correlationId: '1234', }; diff --git a/test/AuthenticationResponse.response.spec.ts b/test/AuthenticationResponse.response.spec.ts index b9ec3e46..414031e1 100644 --- a/test/AuthenticationResponse.response.spec.ts +++ b/test/AuthenticationResponse.response.spec.ts @@ -17,7 +17,6 @@ import { SubjectIdentifierType, SubjectType, SupportedVersion, - VerificationMode, VerifyAuthorizationRequestOpts, VPTokenLocation, } from '../src'; @@ -85,9 +84,7 @@ describe('create JWT from Request JWT should', () => { const resolver = getResolver('ethr'); const verifyOpts: VerifyAuthorizationRequestOpts = { verifyJwtCallback: getVerifyJwtCallback(resolver), - verification: { - mode: VerificationMode.INTERNAL, - }, + verification: {}, supportedVersions: [SupportedVersion.SIOPv2_ID1], correlationId: '1234', }; diff --git a/test/AuthenticationResponse.verify.spec.ts b/test/AuthenticationResponse.verify.spec.ts index 4b777928..f3724878 100644 --- a/test/AuthenticationResponse.verify.spec.ts +++ b/test/AuthenticationResponse.verify.spec.ts @@ -1,4 +1,4 @@ -import { IDToken, VerificationMode, VerifyAuthorizationResponseOpts } from '../src'; +import { IDToken, VerifyAuthorizationResponseOpts } from '../src'; import SIOPErrors from '../src/types/Errors'; import { getVerifyJwtCallback } from './DidJwtTestUtils'; @@ -17,9 +17,7 @@ describe('verify JWT from Request JWT should', () => { verifyJwtCallback: getVerifyJwtCallback(getResolver('ethr'), { checkLinkedDomain: 'if_present', }), - verification: { - mode: VerificationMode.INTERNAL, - }, + verification: {}, }; it('throw NO_JWT when no jwt is passed', async () => { diff --git a/test/IT.spec.ts b/test/IT.spec.ts index e33e09e2..108fb454 100644 --- a/test/IT.spec.ts +++ b/test/IT.spec.ts @@ -22,7 +22,6 @@ import { SigningAlgo, SubjectType, SupportedVersion, - VerificationMode, verifyRevocation, VPTokenLocation, } from '../src'; @@ -663,8 +662,6 @@ describe('RP and OP interaction should', () => { // audience: EXAMPLE_REDIRECT_URL, presentationDefinitions: [{ definition: pd[0].definition, location: pd[0].location }], verification: { - mode: VerificationMode.INTERNAL, - verifyUri: '', revocationOpts: { revocationVerification: RevocationVerification.ALWAYS, // eslint-disable-next-line @typescript-eslint/no-unused-vars diff --git a/test/OP.request.spec.ts b/test/OP.request.spec.ts index 23958f85..cced092c 100644 --- a/test/OP.request.spec.ts +++ b/test/OP.request.spec.ts @@ -15,7 +15,6 @@ import { SubjectIdentifierType, SubjectType, SupportedVersion, - VerificationMode, VerifyAuthorizationRequestOpts, } from '../src'; @@ -104,9 +103,7 @@ describe('OP should', () => { const resolver = getResolver('ethr'); const verifyOpts: VerifyAuthorizationRequestOpts = { verifyJwtCallback: getVerifyJwtCallback(resolver), - verification: { - mode: VerificationMode.INTERNAL, - }, + verification: {}, correlationId: '1234', supportedVersions: [SupportedVersion.SIOPv2_ID1], nonce: 'qBrR7mqnY3Qr49dAZycPF8FzgE83m6H0c2l0bzP4xSg', diff --git a/test/e2e/mattr.launchpad.spec.ts b/test/e2e/mattr.launchpad.spec.ts index 36b37220..09b15476 100644 --- a/test/e2e/mattr.launchpad.spec.ts +++ b/test/e2e/mattr.launchpad.spec.ts @@ -14,7 +14,6 @@ import { PresentationExchange, SigningAlgo, SupportedVersion, - VerificationMode, } from '../../src'; import { getCreateJwtCallback, getVerifyJwtCallback } from '../DidJwtTestUtils'; @@ -145,9 +144,7 @@ describe('OID4VCI-Client using Mattr issuer should', () => { const verifiedAuthRequest = await AuthorizationRequest.verify(authorizeRequestUri, { correlationId, verifyJwtCallback: getVerifyJwtCallback(getResolver()), - verification: { - mode: VerificationMode.INTERNAL, - }, + verification: {}, }); expect(verifiedAuthRequest).toBeDefined(); expect(verifiedAuthRequest.presentationDefinitions).toHaveLength(1); @@ -185,7 +182,7 @@ describe('OID4VCI-Client using Mattr issuer should', () => { { correlationId, verifyJwtCallback: getVerifyJwtCallback(getResolver()), - verification: { mode: VerificationMode.INTERNAL }, + verification: {}, nonce, state, }, @@ -238,7 +235,7 @@ describe('Mattr OID4VP v18 credential offer', () => { const verification = await authorizationRequest.verify({ verifyJwtCallback: getVerifyJwtCallback(getResolver()), correlationId: 'test', - verification: { mode: VerificationMode.INTERNAL }, + verification: {}, }); expect(verification).toBeDefined(); diff --git a/test/interop/EBSI/EBSI.spec.ts b/test/interop/EBSI/EBSI.spec.ts index 784f5094..ee9aa0a3 100644 --- a/test/interop/EBSI/EBSI.spec.ts +++ b/test/interop/EBSI/EBSI.spec.ts @@ -1,6 +1,6 @@ import nock from 'nock'; -import { AuthorizationResponseOpts, OP, SupportedVersion, VerificationMode, VerifyAuthorizationRequestOpts } from '../../../src'; +import { AuthorizationResponseOpts, OP, SupportedVersion, VerifyAuthorizationRequestOpts } from '../../../src'; import { getVerifyJwtCallback } from '../../DidJwtTestUtils'; import { getResolver } from '../../ResolverTestUtils'; import { UNIT_TEST_TIMEOUT } from '../../data/mockedData'; @@ -47,9 +47,7 @@ describe('EBSI', () => { const verifyOpts: VerifyAuthorizationRequestOpts = { verifyJwtCallback: getVerifyJwtCallback(getResolver('ebsi')), - verification: { - mode: VerificationMode.INTERNAL, - }, + verification: {}, correlationId: '1234', supportedVersions: [SupportedVersion.SIOPv2_D12_OID4VP_D18], }; diff --git a/test/spec-compliance/jwtVCPresentationProfile.spec.ts b/test/spec-compliance/jwtVCPresentationProfile.spec.ts index 7109c22a..0f62c0d0 100644 --- a/test/spec-compliance/jwtVCPresentationProfile.spec.ts +++ b/test/spec-compliance/jwtVCPresentationProfile.spec.ts @@ -22,7 +22,6 @@ import { RP, SigningAlgo, SupportedVersion, - VerificationMode, VPTokenLocation, } from '../../src'; import { getVerifyJwtCallback, internalSignature } from '../DidJwtTestUtils'; @@ -165,7 +164,6 @@ describe('RP using test vectors', () => { 'did:ion:EiBWe9RtHT7VZ-Juff8OnnJAyFJtCokcYHx1CQkFtpl7pw:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJrZXktMSIsInB1YmxpY0tleUp3ayI6eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6IkNfT1VKeEg2aUljQzZYZE5oN0ptQy1USFhBVmFYbnZ1OU9FRVo4dHE5TkkiLCJraWQiOiJrZXktMSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiJdLCJ0eXBlIjoiSnNvbldlYktleTIwMjAifV19fV0sInVwZGF0ZUNvbW1pdG1lbnQiOiJFaUNYTkJqSWZMVGZOV0NHMFQ2M2VaYmJEZFZoSmJUTjgtSmZlaUx4dW1oZW53In0sInN1ZmZpeERhdGEiOnsiZGVsdGFIYXNoIjoiRWlCZVZ5RXBDb0NPeXJ6VDhDSHlvQW1acU1CT1o0VTZqcm1sdUt1SjlxS0pkZyIsInJlY292ZXJ5Q29tbWl0bWVudCI6IkVpQnhkcHlyamlVSFZ1akNRWTBKMkhBUFFYZnNwWFBKYWluV21mV3RNcFhneFEifX0', verifyJwtCallback: verifyJwtCallback, verification: { - mode: VerificationMode.INTERNAL, presentationVerificationCallback, }, }), @@ -184,7 +182,6 @@ describe('RP using test vectors', () => { audience: 'did:ion:EiBWe9RtHT7VZ-Juff8OnnJAyFJtCokcYHx1CQkFtpl7pw:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJrZXktMSIsInB1YmxpY0tleUp3ayI6eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6IkNfT1VKeEg2aUljQzZYZE5oN0ptQy1USFhBVmFYbnZ1OU9FRVo4dHE5TkkiLCJraWQiOiJrZXktMSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiJdLCJ0eXBlIjoiSnNvbldlYktleTIwMjAifV19fV0sInVwZGF0ZUNvbW1pdG1lbnQiOiJFaUNYTkJqSWZMVGZOV0NHMFQ2M2VaYmJEZFZoSmJUTjgtSmZlaUx4dW1oZW53In0sInN1ZmZpeERhdGEiOnsiZGVsdGFIYXNoIjoiRWlCZVZ5RXBDb0NPeXJ6VDhDSHlvQW1acU1CT1o0VTZqcm1sdUt1SjlxS0pkZyIsInJlY292ZXJ5Q29tbWl0bWVudCI6IkVpQnhkcHlyamlVSFZ1akNRWTBKMkhBUFFYZnNwWFBKYWluV21mV3RNcFhneFEifX0', verification: { - mode: VerificationMode.INTERNAL, presentationVerificationCallback, revocationOpts: { revocationVerification: RevocationVerification.NEVER, @@ -202,7 +199,6 @@ describe('RP using test vectors', () => { audience: 'did:ion:EiBWe9RtHT7VZ-Juff8OnnJAyFJtCokcYHx1CQkFtpl7pw:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJrZXktMSIsInB1YmxpY0tleUp3ayI6eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6IkNfT1VKeEg2aUljQzZYZE5oN0ptQy1USFhBVmFYbnZ1OU9FRVo4dHE5TkkiLCJraWQiOiJrZXktMSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiJdLCJ0eXBlIjoiSnNvbldlYktleTIwMjAifV19fV0sInVwZGF0ZUNvbW1pdG1lbnQiOiJFaUNYTkJqSWZMVGZOV0NHMFQ2M2VaYmJEZFZoSmJUTjgtSmZlaUx4dW1oZW53In0sInN1ZmZpeERhdGEiOnsiZGVsdGFIYXNoIjoiRWlCZVZ5RXBDb0NPeXJ6VDhDSHlvQW1acU1CT1o0VTZqcm1sdUt1SjlxS0pkZyIsInJlY292ZXJ5Q29tbWl0bWVudCI6IkVpQnhkcHlyamlVSFZ1akNRWTBKMkhBUFFYZnNwWFBKYWluV21mV3RNcFhneFEifX0', verification: { - mode: VerificationMode.INTERNAL, presentationVerificationCallback, revocationOpts: { revocationVerification: RevocationVerification.NEVER, @@ -219,9 +215,7 @@ describe('OP using test vectors', () => { nock('https://example').get('/service/api/v1/presentation-request/649d8c3c-f5ac-41bd-9c19-5804ea1b8fe9').reply(200, TestVectors.requestObjectJwt); // expect.assertions(1); const result = await op.verifyAuthorizationRequest(TestVectors.auth_request, { - verification: { - mode: VerificationMode.INTERNAL, - }, + verification: {}, }); expect(result).toBeDefined(); }); @@ -262,7 +256,6 @@ describe('OP using test vectors', () => { audience: 'did:ion:EiBWe9RtHT7VZ-Juff8OnnJAyFJtCokcYHx1CQkFtpl7pw:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJrZXktMSIsInB1YmxpY0tleUp3ayI6eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6IkNfT1VKeEg2aUljQzZYZE5oN0ptQy1USFhBVmFYbnZ1OU9FRVo4dHE5TkkiLCJraWQiOiJrZXktMSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiJdLCJ0eXBlIjoiSnNvbldlYktleTIwMjAifV19fV0sInVwZGF0ZUNvbW1pdG1lbnQiOiJFaUNYTkJqSWZMVGZOV0NHMFQ2M2VaYmJEZFZoSmJUTjgtSmZlaUx4dW1oZW53In0sInN1ZmZpeERhdGEiOnsiZGVsdGFIYXNoIjoiRWlCZVZ5RXBDb0NPeXJ6VDhDSHlvQW1acU1CT1o0VTZqcm1sdUt1SjlxS0pkZyIsInJlY292ZXJ5Q29tbWl0bWVudCI6IkVpQnhkcHlyamlVSFZ1akNRWTBKMkhBUFFYZnNwWFBKYWluV21mV3RNcFhneFEifX0', verification: { - mode: VerificationMode.INTERNAL, revocationOpts: { revocationVerification: RevocationVerification.NEVER, }, @@ -289,9 +282,7 @@ describe('OP using test vectors', () => { .times(1) .reply(200, TestVectors.requestObjectJwt); const result = await op.verifyAuthorizationRequest(TestVectors.auth_request, { - verification: { - mode: VerificationMode.INTERNAL, - }, + verification: {}, }); const presentationExchange = new PresentationExchange({ allDIDs: [TestVectors.holderDID], @@ -315,9 +306,6 @@ describe('OP using test vectors', () => { presentationSubmission: TestVectors.presentation_submission, vpTokenLocation: VPTokenLocation.ID_TOKEN, }, - verification: { - mode: VerificationMode.INTERNAL, - }, }); }); });