From ca383c284e2073992a1fd280fca99bee1c2e19f8 Mon Sep 17 00:00:00 2001 From: Timo Glastra Date: Thu, 25 Apr 2024 10:02:34 +0100 Subject: [PATCH] fix: oid4vp can be used separate from idtoken (#1827) Signed-off-by: Timo Glastra --- packages/core/package.json | 6 +- packages/openid4vc/package.json | 4 +- .../OpenId4VcSiopVerifierService.ts | 54 +++++--- .../OpenId4VcSiopVerifierServiceOptions.ts | 8 +- .../__tests__/openid4vc-verifier.test.ts | 41 +++++- .../openid4vc/tests/openid4vc.e2e.test.ts | 103 +++++++++++---- yarn.lock | 125 +++++++++++------- 7 files changed, 238 insertions(+), 103 deletions(-) diff --git a/packages/core/package.json b/packages/core/package.json index d790d18184..fb5b36f4db 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -29,9 +29,9 @@ "@multiformats/base-x": "^4.0.1", "@sd-jwt/core": "^0.2.1", "@sd-jwt/decode": "^0.2.1", - "@sphereon/pex": "3.3.0", - "@sphereon/pex-models": "^2.2.2", - "@sphereon/ssi-types": "^0.18.1", + "@sphereon/pex": "^3.3.2", + "@sphereon/pex-models": "^2.2.4", + "@sphereon/ssi-types": "^0.23.0", "@stablelib/ed25519": "^1.0.2", "@stablelib/sha256": "^1.0.1", "@types/ws": "^8.5.4", diff --git a/packages/openid4vc/package.json b/packages/openid4vc/package.json index fe1acf0901..abd03eb27e 100644 --- a/packages/openid4vc/package.json +++ b/packages/openid4vc/package.json @@ -25,11 +25,11 @@ }, "dependencies": { "@credo-ts/core": "0.5.1", - "@sphereon/did-auth-siop": "0.6.2", + "@sphereon/did-auth-siop": "^0.6.4", "@sphereon/oid4vci-client": "^0.10.2", "@sphereon/oid4vci-common": "^0.10.1", "@sphereon/oid4vci-issuer": "^0.10.2", - "@sphereon/ssi-types": "^0.18.1", + "@sphereon/ssi-types": "^0.23.0", "class-transformer": "^0.5.1", "rxjs": "^7.8.0" }, diff --git a/packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierService.ts b/packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierService.ts index 2193947273..8013e8b917 100644 --- a/packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierService.ts +++ b/packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierService.ts @@ -136,11 +136,17 @@ export class OpenId4VcSiopVerifierService { requestByReferenceURI: hostedAuthorizationRequestUri, }) - const authorizationRequestUri = await authorizationRequest.uri() + // NOTE: it's not possible to set the uri scheme when using the RP to create an auth request, only lower level + // functions allow this. So we need to replace the uri scheme manually. + let authorizationRequestUri = (await authorizationRequest.uri()).encodedUri + if (options.presentationExchange && !options.idToken) { + authorizationRequestUri = authorizationRequestUri.replace('openid://', 'openid4vp://') + } + const verificationSession = await verificationSessionCreatedPromise return { - authorizationRequest: authorizationRequestUri.encodedUri, + authorizationRequest: authorizationRequestUri, verificationSession, } } @@ -193,7 +199,8 @@ export class OpenId4VcSiopVerifierService { (e) => e.payload.record.id === options.verificationSession.id && e.payload.record.verifierId === options.verificationSession.verifierId && - e.payload.record.state === OpenId4VcVerificationSessionState.ResponseVerified + (e.payload.record.state === OpenId4VcVerificationSessionState.ResponseVerified || + e.payload.record.state === OpenId4VcVerificationSessionState.Error) ), first(), timeout({ @@ -353,10 +360,12 @@ export class OpenId4VcSiopVerifierService { agentContext: AgentContext, verifierId: string, { + idToken, presentationDefinition, requestSigner, clientId, }: { + idToken?: boolean presentationDefinition?: DifPresentationExchangeDefinition requestSigner?: OpenId4VcJwtIssuer clientId?: string @@ -387,6 +396,17 @@ export class OpenId4VcSiopVerifierService { throw new CredoError("Either 'requestSigner' or 'clientId' must be provided.") } + const responseTypes: ResponseType[] = [] + if (!presentationDefinition && idToken === false) { + throw new CredoError('Either `presentationExchange` or `idToken` must be enabled') + } + if (presentationDefinition) { + responseTypes.push(ResponseType.VP_TOKEN) + } + if (idToken === true || !presentationDefinition) { + responseTypes.push(ResponseType.ID_TOKEN) + } + // FIXME: we now manually remove did:peer, we should probably allow the user to configure this const supportedDidMethods = agentContext.dependencyManager .resolve(DidsApi) @@ -402,12 +422,22 @@ export class OpenId4VcSiopVerifierService { .withRedirectUri(authorizationResponseUrl) .withIssuer(ResponseIss.SELF_ISSUED_V2) .withSupportedVersions([SupportedVersion.SIOPv2_D11, SupportedVersion.SIOPv2_D12_OID4VP_D18]) + .withCustomResolver(getSphereonDidResolver(agentContext)) + .withResponseMode(ResponseMode.POST) + .withHasher(Hasher.hash) + .withCheckLinkedDomain(CheckLinkedDomain.NEVER) + // FIXME: should allow verification of revocation + // .withRevocationVerificationCallback() + .withRevocationVerification(RevocationVerification.NEVER) + .withSessionManager(new OpenId4VcRelyingPartySessionManager(agentContext, verifierId)) + .withEventEmitter(sphereonEventEmitter) + .withResponseType(responseTypes) + // TODO: we should probably allow some dynamic values here .withClientMetadata({ client_id: _clientId, passBy: PassBy.VALUE, - idTokenSigningAlgValuesSupported: supportedAlgs as SigningAlgo[], - responseTypesSupported: [ResponseType.VP_TOKEN, ResponseType.ID_TOKEN], + responseTypesSupported: [ResponseType.VP_TOKEN], subject_syntax_types_supported: supportedDidMethods.map((m) => `did:${m}`), vpFormatsSupported: { jwt_vc: { @@ -431,21 +461,13 @@ export class OpenId4VcSiopVerifierService { }, }, }) - .withCustomResolver(getSphereonDidResolver(agentContext)) - .withResponseMode(ResponseMode.POST) - .withResponseType(presentationDefinition ? [ResponseType.ID_TOKEN, ResponseType.VP_TOKEN] : ResponseType.ID_TOKEN) - .withScope('openid') - .withHasher(Hasher.hash) - .withCheckLinkedDomain(CheckLinkedDomain.NEVER) - // FIXME: should allow verification of revocation - // .withRevocationVerificationCallback() - .withRevocationVerification(RevocationVerification.NEVER) - .withSessionManager(new OpenId4VcRelyingPartySessionManager(agentContext, verifierId)) - .withEventEmitter(sphereonEventEmitter) if (presentationDefinition) { builder.withPresentationDefinition({ definition: presentationDefinition }, [PropertyTarget.REQUEST_OBJECT]) } + if (responseTypes.includes(ResponseType.ID_TOKEN)) { + builder.withScope('openid') + } for (const supportedDidMethod of supportedDidMethods) { builder.addDidMethod(supportedDidMethod) diff --git a/packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.ts b/packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.ts index ca5c64a4fa..6229b6fc2a 100644 --- a/packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.ts +++ b/packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.ts @@ -18,6 +18,12 @@ export interface OpenId4VcSiopCreateAuthorizationRequestOptions { */ requestSigner: OpenId4VcJwtIssuer + /** + * Whether to reuqest an ID Token. Enabled by defualt when `presentationExchange` is not provided, + * disabled by default when `presentationExchange` is provided. + */ + idToken?: boolean + /** * A DIF Presentation Definition (v2) can be provided to request a Verifiable Presentation using OpenID4VP. */ @@ -39,7 +45,7 @@ export interface OpenId4VcSiopCreateAuthorizationRequestReturn { } /** - * Either `idToken` and/or `presentationExchange` will be present, but not none. + * Either `idToken` and/or `presentationExchange` will be present. */ export interface OpenId4VcSiopVerifiedAuthorizationResponse { idToken?: { diff --git a/packages/openid4vc/src/openid4vc-verifier/__tests__/openid4vc-verifier.test.ts b/packages/openid4vc/src/openid4vc-verifier/__tests__/openid4vc-verifier.test.ts index beccb93b79..8ef0e40936 100644 --- a/packages/openid4vc/src/openid4vc-verifier/__tests__/openid4vc-verifier.test.ts +++ b/packages/openid4vc/src/openid4vc-verifier/__tests__/openid4vc-verifier.test.ts @@ -33,7 +33,7 @@ describe('OpenId4VcVerifier', () => { enableNetConnect() }) - it('check openid proof request format', async () => { + it('check openid proof request format (vp token)', async () => { const openIdVerifier = await verifier.agent.modules.openId4VcVerifier.createVerifier() const { authorizationRequest, verificationSession } = await verifier.agent.modules.openId4VcVerifier.createAuthorizationRequest({ @@ -47,6 +47,43 @@ describe('OpenId4VcVerifier', () => { }, }) + expect( + authorizationRequest.startsWith( + `openid4vp://?request_uri=http%3A%2F%2Fredirect-uri%2F${openIdVerifier.verifierId}%2Fauthorization-requests%2F` + ) + ).toBe(true) + + const jwt = Jwt.fromSerializedJwt(verificationSession.authorizationRequestJwt) + + expect(jwt.header.kid) + + expect(jwt.header.kid).toEqual(verifier.kid) + expect(jwt.header.alg).toEqual(SigningAlgo.EDDSA) + expect(jwt.header.typ).toEqual('JWT') + expect(jwt.payload.additionalClaims.scope).toEqual('openid') + expect(jwt.payload.additionalClaims.client_id).toEqual(verifier.did) + expect(jwt.payload.additionalClaims.redirect_uri).toEqual( + `http://redirect-uri/${openIdVerifier.verifierId}/authorize` + ) + expect(jwt.payload.additionalClaims.response_mode).toEqual('post') + expect(jwt.payload.additionalClaims.nonce).toBeDefined() + expect(jwt.payload.additionalClaims.state).toBeDefined() + expect(jwt.payload.additionalClaims.response_type).toEqual('vp_token') + expect(jwt.payload.iss).toEqual(verifier.did) + expect(jwt.payload.sub).toEqual(verifier.did) + }) + + it('check openid proof request format (id token)', async () => { + const openIdVerifier = await verifier.agent.modules.openId4VcVerifier.createVerifier() + const { authorizationRequest, verificationSession } = + await verifier.agent.modules.openId4VcVerifier.createAuthorizationRequest({ + requestSigner: { + method: 'did', + didUrl: verifier.kid, + }, + verifierId: openIdVerifier.verifierId, + }) + expect( authorizationRequest.startsWith( `openid://?request_uri=http%3A%2F%2Fredirect-uri%2F${openIdVerifier.verifierId}%2Fauthorization-requests%2F` @@ -68,7 +105,7 @@ describe('OpenId4VcVerifier', () => { expect(jwt.payload.additionalClaims.response_mode).toEqual('post') expect(jwt.payload.additionalClaims.nonce).toBeDefined() expect(jwt.payload.additionalClaims.state).toBeDefined() - expect(jwt.payload.additionalClaims.response_type).toEqual('id_token vp_token') + expect(jwt.payload.additionalClaims.response_type).toEqual('id_token') expect(jwt.payload.iss).toEqual(verifier.did) expect(jwt.payload.sub).toEqual(verifier.did) }) diff --git a/packages/openid4vc/tests/openid4vc.e2e.test.ts b/packages/openid4vc/tests/openid4vc.e2e.test.ts index 339bbc3837..9f40b9c69d 100644 --- a/packages/openid4vc/tests/openid4vc.e2e.test.ts +++ b/packages/openid4vc/tests/openid4vc.e2e.test.ts @@ -336,6 +336,75 @@ describe('OpenId4Vc', () => { await holderTenant1.endSession() }) + it('e2e flow with tenants only requesting an id-token', async () => { + const holderTenant = await holder.agent.modules.tenants.getTenantAgent({ tenantId: holder1.tenantId }) + const verifierTenant1 = await verifier.agent.modules.tenants.getTenantAgent({ tenantId: verifier1.tenantId }) + + const openIdVerifierTenant1 = await verifierTenant1.modules.openId4VcVerifier.createVerifier() + + const { authorizationRequest: authorizationRequestUri1, verificationSession: verificationSession } = + await verifierTenant1.modules.openId4VcVerifier.createAuthorizationRequest({ + verifierId: openIdVerifierTenant1.verifierId, + requestSigner: { + method: 'did', + didUrl: verifier1.verificationMethod.id, + }, + }) + + expect(authorizationRequestUri1).toEqual( + `openid://?request_uri=${encodeURIComponent(verificationSession.authorizationRequestUri)}` + ) + + await verifierTenant1.endSession() + + const resolvedAuthorizationRequest = await holderTenant.modules.openId4VcHolder.resolveSiopAuthorizationRequest( + authorizationRequestUri1 + ) + + expect(resolvedAuthorizationRequest.presentationExchange).toBeUndefined() + + const { submittedResponse: submittedResponse1, serverResponse: serverResponse1 } = + await holderTenant.modules.openId4VcHolder.acceptSiopAuthorizationRequest({ + authorizationRequest: resolvedAuthorizationRequest.authorizationRequest, + openIdTokenIssuer: { + method: 'did', + didUrl: holder1.verificationMethod.id, + }, + }) + + expect(submittedResponse1).toEqual({ + expires_in: 6000, + id_token: expect.any(String), + state: expect.any(String), + }) + expect(serverResponse1).toMatchObject({ + status: 200, + }) + + // The RP MUST validate that the aud (audience) Claim contains the value of the client_id + // that the RP sent in the Authorization Request as an audience. + // When the request has been signed, the value might be an HTTPS URL, or a Decentralized Identifier. + const verifierTenant1_2 = await verifier.agent.modules.tenants.getTenantAgent({ tenantId: verifier1.tenantId }) + await waitForVerificationSessionRecordSubject(verifier.replaySubject, { + contextCorrelationId: verifierTenant1_2.context.contextCorrelationId, + state: OpenId4VcVerificationSessionState.ResponseVerified, + verificationSessionId: verificationSession.id, + }) + + const { idToken, presentationExchange } = + await verifierTenant1_2.modules.openId4VcVerifier.getVerifiedAuthorizationResponse(verificationSession.id) + + const requestObjectPayload = JsonEncoder.fromBase64( + verificationSession.authorizationRequestJwt?.split('.')[1] as string + ) + expect(idToken?.payload).toMatchObject({ + state: requestObjectPayload.state, + nonce: requestObjectPayload.nonce, + }) + + expect(presentationExchange).toBeUndefined() + }) + it('e2e flow with tenants, verifier endpoints verifying a jwt-vc', async () => { const holderTenant = await holder.agent.modules.tenants.getTenantAgent({ tenantId: holder1.tenantId }) const verifierTenant1 = await verifier.agent.modules.tenants.getTenantAgent({ tenantId: verifier1.tenantId }) @@ -384,7 +453,7 @@ describe('OpenId4Vc', () => { }) expect(authorizationRequestUri1).toEqual( - `openid://?request_uri=${encodeURIComponent(verificationSession1.authorizationRequestUri)}` + `openid4vp://?request_uri=${encodeURIComponent(verificationSession1.authorizationRequestUri)}` ) const { authorizationRequest: authorizationRequestUri2, verificationSession: verificationSession2 } = @@ -400,7 +469,7 @@ describe('OpenId4Vc', () => { }) expect(authorizationRequestUri2).toEqual( - `openid://?request_uri=${encodeURIComponent(verificationSession2.authorizationRequestUri)}` + `openid4vp://?request_uri=${encodeURIComponent(verificationSession2.authorizationRequestUri)}` ) await verifierTenant1.endSession() @@ -477,7 +546,6 @@ describe('OpenId4Vc', () => { expect(submittedResponse1).toEqual({ expires_in: 6000, - id_token: expect.any(String), presentation_submission: { definition_id: 'OpenBadgeCredential', descriptor_map: [ @@ -514,14 +582,7 @@ describe('OpenId4Vc', () => { const { idToken: idToken1, presentationExchange: presentationExchange1 } = await verifierTenant1_2.modules.openId4VcVerifier.getVerifiedAuthorizationResponse(verificationSession1.id) - const requestObjectPayload1 = JsonEncoder.fromBase64( - verificationSession1.authorizationRequestJwt?.split('.')[1] as string - ) - expect(idToken1?.payload).toMatchObject({ - state: requestObjectPayload1.state, - nonce: requestObjectPayload1.nonce, - }) - + expect(idToken1).toBeUndefined() expect(presentationExchange1).toMatchObject({ definition: openBadgePresentationDefinition, submission: { @@ -564,14 +625,7 @@ describe('OpenId4Vc', () => { }) const { idToken: idToken2, presentationExchange: presentationExchange2 } = await verifierTenant2_2.modules.openId4VcVerifier.getVerifiedAuthorizationResponse(verificationSession2.id) - - const requestObjectPayload2 = JsonEncoder.fromBase64( - verificationSession2.authorizationRequestJwt?.split('.')[1] as string - ) - expect(idToken2?.payload).toMatchObject({ - state: requestObjectPayload2.state, - nonce: requestObjectPayload2.nonce, - }) + expect(idToken2).toBeUndefined() expect(presentationExchange2).toMatchObject({ definition: universityDegreePresentationDefinition, @@ -658,7 +712,7 @@ describe('OpenId4Vc', () => { }) expect(authorizationRequest).toEqual( - `openid://?request_uri=${encodeURIComponent(verificationSession.authorizationRequestUri)}` + `openid4vp://?request_uri=${encodeURIComponent(verificationSession.authorizationRequestUri)}` ) const resolvedAuthorizationRequest = await holder.agent.modules.openId4VcHolder.resolveSiopAuthorizationRequest( @@ -726,7 +780,6 @@ describe('OpenId4Vc', () => { expect(submittedResponse.presentation_submission?.descriptor_map[0].path_nested).toBeUndefined() expect(submittedResponse).toEqual({ expires_in: 6000, - id_token: expect.any(String), presentation_submission: { definition_id: 'OpenBadgeCredential', descriptor_map: [ @@ -756,13 +809,7 @@ describe('OpenId4Vc', () => { const { idToken, presentationExchange } = await verifier.agent.modules.openId4VcVerifier.getVerifiedAuthorizationResponse(verificationSession.id) - const requestObjectPayload = JsonEncoder.fromBase64( - verificationSession.authorizationRequestJwt?.split('.')[1] as string - ) - expect(idToken?.payload).toMatchObject({ - state: requestObjectPayload.state, - nonce: requestObjectPayload.nonce, - }) + expect(idToken).toBeUndefined() const presentation = presentationExchange?.presentations[0] as SdJwtVc diff --git a/yarn.lock b/yarn.lock index 77366454d7..16fa1b44ae 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2391,6 +2391,14 @@ "@sd-jwt/types" "0.2.1" "@sd-jwt/utils" "0.2.1" +"@sd-jwt/decode@0.6.1", "@sd-jwt/decode@^0.6.1": + version "0.6.1" + resolved "https://registry.yarnpkg.com/@sd-jwt/decode/-/decode-0.6.1.tgz#141f7782df53bab7159a75d91ed4711e1c14a7ea" + integrity sha512-QgTIoYd5zyKKLgXB4xEYJTrvumVwtsj5Dog0v0L9UH9ZvHekDaeexS247X7A4iSdzTvmZzUpGskgABOa4D8NmQ== + dependencies: + "@sd-jwt/types" "0.6.1" + "@sd-jwt/utils" "0.6.1" + "@sd-jwt/decode@^0.2.0": version "0.2.0" resolved "https://registry.yarnpkg.com/@sd-jwt/decode/-/decode-0.2.0.tgz#44211418fd0884a160f8223feedfe04ae52398c4" @@ -2399,14 +2407,6 @@ "@sd-jwt/types" "0.2.0" "@sd-jwt/utils" "0.2.0" -"@sd-jwt/decode@^0.3.0": - version "0.3.0" - resolved "https://registry.yarnpkg.com/@sd-jwt/decode/-/decode-0.3.0.tgz#23627ce1b7c678a6ac685d7241e7f64e18bd9a8c" - integrity sha512-jCN1g3VzopiUxUtBZWq0Ojfzbg+wYkE1/gV86Xq7/gV8aNacCJo7Su5a3pYtoYg/rnH7ou1kwpD6vteQFkvXMQ== - dependencies: - "@sd-jwt/types" "0.3.0" - "@sd-jwt/utils" "0.3.0" - "@sd-jwt/present@0.2.1": version "0.2.1" resolved "https://registry.yarnpkg.com/@sd-jwt/present/-/present-0.2.1.tgz#ff9958626b271a60d539dd1e601763ff33c024e8" @@ -2415,13 +2415,14 @@ "@sd-jwt/types" "0.2.1" "@sd-jwt/utils" "0.2.1" -"@sd-jwt/present@^0.3.0": - version "0.3.0" - resolved "https://registry.yarnpkg.com/@sd-jwt/present/-/present-0.3.0.tgz#e054f66c0ec9c339570ec028e0f2291d75c279e3" - integrity sha512-dICPhH5hqOLXmuJMdTaA47ZMpCDkTzbWUQXsIgw0vma7Aj9Bc6ySNevPwlsUx4K8XBjPgYWwBM9tKdrs3tsCvQ== +"@sd-jwt/present@^0.6.1": + version "0.6.1" + resolved "https://registry.yarnpkg.com/@sd-jwt/present/-/present-0.6.1.tgz#82b9188becb0fa240897c397d84a54d55c7d169e" + integrity sha512-QRD3TUDLj4PqQNZ70bBxh8FLLrOE9mY8V9qiZrJSsaDOLFs2p1CtZG+v9ig62fxFYJZMf4bWKwYjz+qqGAtxCg== dependencies: - "@sd-jwt/types" "0.3.0" - "@sd-jwt/utils" "0.3.0" + "@sd-jwt/decode" "0.6.1" + "@sd-jwt/types" "0.6.1" + "@sd-jwt/utils" "0.6.1" "@sd-jwt/types@0.2.0": version "0.2.0" @@ -2433,10 +2434,10 @@ resolved "https://registry.yarnpkg.com/@sd-jwt/types/-/types-0.2.1.tgz#e1e6b47728dffa90ed244e15e2253bd01793cb96" integrity sha512-nbNik/cq6UIMsN144FcgPZQzaqIsjEEj307j3ZSFORkQBR4Tsmcj54aswTuNh0Z0z/4aSbfw14vOKBZvRWyVLQ== -"@sd-jwt/types@0.3.0": - version "0.3.0" - resolved "https://registry.yarnpkg.com/@sd-jwt/types/-/types-0.3.0.tgz#12f2fa7b448f1f5e368ddfac8db2143ed58c38f7" - integrity sha512-JbpZICZ+nWPiKPKw+Veg5tf0Oftit4EzxhLJyvcd0u4R6IulNZvi6LCoUL7b2IT1H86eYPd/qB1KvSh43ByZOA== +"@sd-jwt/types@0.6.1", "@sd-jwt/types@^0.6.1": + version "0.6.1" + resolved "https://registry.yarnpkg.com/@sd-jwt/types/-/types-0.6.1.tgz#fc4235e00cf40d35a21d6bc02e44e12d7162aa9b" + integrity sha512-LKpABZJGT77jNhOLvAHIkNNmGqXzyfwBT+6r+DN9zNzMx1CzuNR0qXk1GMUbast9iCfPkGbnEpUv/jHTBvlIvg== "@sd-jwt/utils@0.2.0": version "0.2.0" @@ -2454,13 +2455,13 @@ "@sd-jwt/types" "0.2.1" buffer "*" -"@sd-jwt/utils@0.3.0", "@sd-jwt/utils@^0.3.0": - version "0.3.0" - resolved "https://registry.yarnpkg.com/@sd-jwt/utils/-/utils-0.3.0.tgz#73ce9809ccc98b35d5a6d1bf1ed34758bcdfb39d" - integrity sha512-jQNYxvyfLda9StVLeUqUZtv5csI6IuzcD6b55/wsC9xJgTuntZqf8vyJvuu4MwEJUFwm9PdGkCJXyl/nbpmNLw== +"@sd-jwt/utils@0.6.1": + version "0.6.1" + resolved "https://registry.yarnpkg.com/@sd-jwt/utils/-/utils-0.6.1.tgz#33273b20c9eb1954e4eab34118158b646b574ff9" + integrity sha512-1NHZ//+GecGQJb+gSdDicnrHG0DvACUk9jTnXA5yLZhlRjgkjyfJLNsCZesYeCyVp/SiyvIC9B+JwoY4kI0TwQ== dependencies: - "@sd-jwt/types" "0.3.0" - buffer "*" + "@sd-jwt/types" "0.6.1" + js-base64 "^3.7.6" "@sideway/address@^4.1.5": version "4.1.5" @@ -2532,16 +2533,16 @@ resolved "https://registry.yarnpkg.com/@sovpro/delimited-stream/-/delimited-stream-1.1.0.tgz#4334bba7ee241036e580fdd99c019377630d26b4" integrity sha512-kQpk267uxB19X3X2T1mvNMjyvIEonpNSHrMlK5ZaBU6aZxw7wPbpgKJOjHN3+/GPVpXgAV9soVT2oyHpLkLtyw== -"@sphereon/did-auth-siop@0.6.2": - version "0.6.2" - resolved "https://registry.yarnpkg.com/@sphereon/did-auth-siop/-/did-auth-siop-0.6.2.tgz#3af0820c2771e80f8ed70abfe64fb7cd388459aa" - integrity sha512-fLoWk54I3EaLdTxqQLnhFMBLdsTdB7g1D/zcDndQWmp/p5Z9pwFf77FSIiIPOb409b4fqXnOMEVoVIlBlhqTbQ== +"@sphereon/did-auth-siop@^0.6.4": + version "0.6.4" + resolved "https://registry.yarnpkg.com/@sphereon/did-auth-siop/-/did-auth-siop-0.6.4.tgz#7abf0d0e8d2aa0f4108b90c2d7f6186093a23019" + integrity sha512-0hw/lypy7kHpChJc/206XFd1XVhfUEIg2RIuw2u0RE3POqMeuOL5DWiPHh3e7Oo0nzG9gdgJC8Yffv69d9QIrg== dependencies: "@astronautlabs/jsonpath" "^1.1.2" - "@sphereon/did-uni-client" "^0.6.1" - "@sphereon/pex" "^3.3.0" - "@sphereon/pex-models" "^2.2.2" - "@sphereon/ssi-types" "0.18.1" + "@sphereon/did-uni-client" "^0.6.2" + "@sphereon/pex" "^3.3.2" + "@sphereon/pex-models" "^2.2.4" + "@sphereon/ssi-types" "0.22.0" "@sphereon/wellknown-dids-client" "^0.1.3" cross-fetch "^4.0.0" did-jwt "6.11.6" @@ -2554,12 +2555,12 @@ uint8arrays "^3.1.1" uuid "^9.0.0" -"@sphereon/did-uni-client@^0.6.1": - version "0.6.1" - resolved "https://registry.yarnpkg.com/@sphereon/did-uni-client/-/did-uni-client-0.6.1.tgz#5fe7fa2b87c22f939c95d388b6fcf9e6e93c70a8" - integrity sha512-ryIPq9fAp8UuaN0ZQ16Gong5n5SX8G+SjNQ3x3Uy/pmd6syxh97kkmrfbna7a8dTmbP8YdNtgPLpcNbhLPMClQ== +"@sphereon/did-uni-client@^0.6.2": + version "0.6.2" + resolved "https://registry.yarnpkg.com/@sphereon/did-uni-client/-/did-uni-client-0.6.2.tgz#e3a04da7f03a270eda4758b38311f759ccef819b" + integrity sha512-zWfgEmV3Lh4K6InIz5FiozrmJCkRJNvnblD3EKH3SFrYo0t+u4Tp5r2g+7bVfCX3RjAVxvf9FIUdeU6wNs/nMg== dependencies: - cross-fetch "^4.0.0" + cross-fetch "^3.1.8" did-resolver "^4.1.0" "@sphereon/oid4vci-client@^0.10.2": @@ -2592,29 +2593,38 @@ "@sphereon/ssi-types" "^0.18.1" uuid "^9.0.0" -"@sphereon/pex-models@^2.2.2": - version "2.2.2" - resolved "https://registry.yarnpkg.com/@sphereon/pex-models/-/pex-models-2.2.2.tgz#3f8b12c49d8fab7372b4b47eae5bcbf8729cccba" - integrity sha512-CZIsBoaV5rMZEWYBsmH+RxsdoxpXf5FSDwDz0GB0qOf5WFk1BGUnzpZzi5yJ+2L151mhPk97dlRc9Wb01Awr4Q== +"@sphereon/pex-models@^2.2.4": + version "2.2.4" + resolved "https://registry.yarnpkg.com/@sphereon/pex-models/-/pex-models-2.2.4.tgz#0ce28e9858b38012fe1ff7d9fd12ec503473ee66" + integrity sha512-pGlp+wplneE1+Lk3U48/2htYKTbONMeG5/x7vhO6AnPUOsnOXeJdftPrBYWVSzz/JH5GJptAc6+pAyYE1zMu4Q== -"@sphereon/pex@3.3.0", "@sphereon/pex@^3.3.0": - version "3.3.0" - resolved "https://registry.yarnpkg.com/@sphereon/pex/-/pex-3.3.0.tgz#86384f7ee6e5a966b98d3e8010a27e93eb144317" - integrity sha512-CNthF/6dlIECqTqdOWGD5HOT72OWjzKTFVuFGmSbgOqsEtEtGU0e0g0gYbvXWNm0hYKsyFgS5XIZ1Uj3NR5UMg== +"@sphereon/pex@^3.3.2": + version "3.3.2" + resolved "https://registry.yarnpkg.com/@sphereon/pex/-/pex-3.3.2.tgz#51ebcefbb0c1e8d78445e3e7019ac5bcb35d4aa4" + integrity sha512-d83GLa07e1IZBGTUTZ5cQIrnrOtPcFfiLuLaDa/G/G/Xs3GiieZemgSQ3Dojvd6/Cosxh7LDCTdtFcyc4J18Ow== dependencies: "@astronautlabs/jsonpath" "^1.1.2" - "@sd-jwt/decode" "^0.3.0" - "@sd-jwt/present" "^0.3.0" - "@sd-jwt/utils" "^0.3.0" - "@sphereon/pex-models" "^2.2.2" - "@sphereon/ssi-types" "0.18.1" + "@sd-jwt/decode" "^0.6.1" + "@sd-jwt/present" "^0.6.1" + "@sd-jwt/types" "^0.6.1" + "@sphereon/pex-models" "^2.2.4" + "@sphereon/ssi-types" "0.22.0" ajv "^8.12.0" ajv-formats "^2.1.1" jwt-decode "^3.1.2" nanoid "^3.3.7" string.prototype.matchall "^4.0.10" + uint8arrays "^3.1.1" + +"@sphereon/ssi-types@0.22.0": + version "0.22.0" + resolved "https://registry.yarnpkg.com/@sphereon/ssi-types/-/ssi-types-0.22.0.tgz#da2eed7296e8932271af0c72a66eeea20b0b5689" + integrity sha512-YPJAZlKmzNALXK8ohP3ETxj1oVzL4+M9ljj3fD5xrbacvYax1JPCVKc8BWSubGcQckKHPbgbpcS7LYEeghyT9Q== + dependencies: + "@sd-jwt/decode" "^0.6.1" + jwt-decode "^3.1.2" -"@sphereon/ssi-types@0.18.1", "@sphereon/ssi-types@^0.18.1": +"@sphereon/ssi-types@^0.18.1": version "0.18.1" resolved "https://registry.yarnpkg.com/@sphereon/ssi-types/-/ssi-types-0.18.1.tgz#c00e4939149f4e441fae56af860735886a4c33a5" integrity sha512-uM0gb1woyc0R+p+qh8tVDi15ZWmpzo9BP0iBp/yRkJar7gAfgwox/yvtEToaH9jROKnDCwL3DDQCDeNucpMkwg== @@ -2622,6 +2632,14 @@ "@sd-jwt/decode" "^0.2.0" jwt-decode "^3.1.2" +"@sphereon/ssi-types@^0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@sphereon/ssi-types/-/ssi-types-0.23.0.tgz#e2d6a2a0edfa465bb1ae67c5579dd2aa045403e9" + integrity sha512-CXzKHFB1eoe8f/YrTFtnrj40hxkM9MQARrt3HbfBWB+yX3IlwWJZeSefFE1ucuz1HCEXQkYWiGj9wdRMiF2IBw== + dependencies: + "@sd-jwt/decode" "^0.6.1" + jwt-decode "^3.1.2" + "@sphereon/ssi-types@^0.9.0": version "0.9.0" resolved "https://registry.yarnpkg.com/@sphereon/ssi-types/-/ssi-types-0.9.0.tgz#d140eb6abd77381926d0da7ac51b3c4b96a31b4b" @@ -7570,6 +7588,11 @@ joi@^17.2.1: "@sideway/formula" "^3.0.1" "@sideway/pinpoint" "^2.0.0" +js-base64@^3.7.6: + version "3.7.7" + resolved "https://registry.yarnpkg.com/js-base64/-/js-base64-3.7.7.tgz#e51b84bf78fbf5702b9541e2cb7bfcb893b43e79" + integrity sha512-7rCnleh0z2CkXhH67J8K1Ytz0b2Y+yxTPL+/KOJoa20hfnVQ/3/T6W/KflYI4bRHRagNeXeU2bkNGI3v1oS/lw== + js-sha3@^0.8.0: version "0.8.0" resolved "https://registry.yarnpkg.com/js-sha3/-/js-sha3-0.8.0.tgz#b9b7a5da73afad7dedd0f8c463954cbde6818840"