Skip to content

Commit

Permalink
Merge pull request #72 from Sphereon-Opensource/develop
Browse files Browse the repository at this point in the history
New release
  • Loading branch information
nklomp authored Oct 14, 2023
2 parents c412093 + 861ee87 commit a691eb8
Showing 27 changed files with 146 additions and 235 deletions.
5 changes: 2 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -7,8 +7,7 @@

[![CI](https://github.com/Sphereon-Opensource/OID4VCI/actions/workflows/build-test-on-pr.yml/badge.svg)](https://github.com/Sphereon-Opensource/OID4VCI/actions/workflows/build-test-on-pr.yml) [![codecov](https://codecov.io/gh/Sphereon-Opensource/OID4VCI/branch/develop/graph/badge.svg)](https://codecov.io/gh/Sphereon-Opensource/OID4VCI) [![NPM Version](https://img.shields.io/npm/v/@sphereon/oid4vci-client.svg)](https://npm.im/@sphereon/oid4vci-client)

_IMPORTANT the packages are in an early development stage and currently only supports the pre-authorized code flow of
OpenID4VCI! Work is underway for the Authorized Flows as well, but not fully supported yet_
_IMPORTANT the packages are still in an early development stage, as such breaking changes are to be expected_

# Background

@@ -44,7 +43,7 @@ The spec lists 2 flows:

## Authorized Code Flow

This flow isn't fully supported yet, so you might run into issues trying to use it.
This flow is supported but might need more work, so you might run into issues trying to use it.

## Pre-authorized Code Flow

2 changes: 1 addition & 1 deletion lerna.json
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@
"packages": [
"packages/*"
],
"version": "0.7.3",
"version": "0.8.0",
"npmClient": "pnpm",
"command": {
"publish": {
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
@@ -11,6 +11,7 @@
"fix:lint": "eslint . --fix --ext .ts",
"fix:prettier": "prettier --write \"{packages,__tests__,!dist}/**/*.{ts,tsx,js,json,md,yml}\"",
"build": "pnpm -r --stream build",
"build:clean": "lerna clean -y && pnpm install && lerna run build:clean --concurrency 1",
"test:ci": "jest --config=jest.json",
"test": "jest --verbose --config=jest.json --coverage=true --detectOpenHandles",
"clean": "rimraf --glob **/dist **/coverage **/pnpm-lock.yaml packages/**/node_modules node_modules packages/**/tsconfig.tsbuildinfo",
15 changes: 1 addition & 14 deletions packages/callback-example/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -7,28 +7,15 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline

**Note:** Version bump only for package @sphereon/oid4vci-callback-example





## [0.7.2](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.7.1...v0.7.2) (2023-09-28)

**Note:** Version bump only for package @sphereon/oid4vci-callback-example





## [0.7.1](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.7.0...v0.7.1) (2023-09-28)


### Bug Fixes

* Better match credential offer types and formats onto issuer metadata ([4044c21](https://github.com/Sphereon-Opensource/OID4VCI/commit/4044c2175b4cbee16f44c8bb5499bba249ca4993))




- Better match credential offer types and formats onto issuer metadata ([4044c21](https://github.com/Sphereon-Opensource/OID4VCI/commit/4044c2175b4cbee16f44c8bb5499bba249ca4993))

# [0.7.0](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.6.0...v0.7.0) (2023-08-19)

3 changes: 2 additions & 1 deletion packages/callback-example/package.json
Original file line number Diff line number Diff line change
@@ -6,7 +6,8 @@
"main": "dist/index.js",
"types": "dist/index.d.ts",
"scripts": {
"build": "tsc"
"build": "tsc",
"build:clean": "tsc --build --clean && tsc --build"
},
"dependencies": {
"@digitalcredentials/did-method-key": "^2.0.3",
24 changes: 5 additions & 19 deletions packages/client/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -7,34 +7,20 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline

**Note:** Version bump only for package @sphereon/oid4vci-client





## [0.7.2](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.7.1...v0.7.2) (2023-09-28)


### Bug Fixes

* id lookup against server metadata not working ([592ec4b](https://github.com/Sphereon-Opensource/OID4VCI/commit/592ec4b837898eb3022d19479d79b6065e7a0d9e))




- id lookup against server metadata not working ([592ec4b](https://github.com/Sphereon-Opensource/OID4VCI/commit/592ec4b837898eb3022d19479d79b6065e7a0d9e))

## [0.7.1](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.7.0...v0.7.1) (2023-09-28)


### Bug Fixes

* Better match credential offer types and formats onto issuer metadata ([4044c21](https://github.com/Sphereon-Opensource/OID4VCI/commit/4044c2175b4cbee16f44c8bb5499bba249ca4993))
* clearinterval ([214e3c6](https://github.com/Sphereon-Opensource/OID4VCI/commit/214e3c6d7ced9b27c50186db8ed876330230a6a5))
* relax auth_endpoint handling. Doesn't have to be available when doing pre-auth flow. Client handles errors anyway in case of auth/par flow ([ce39958](https://github.com/Sphereon-Opensource/OID4VCI/commit/ce39958f21f82243f26111fd14bd2443517eef9c))
* relax auth_endpoint handling. Doesn't have to be available when doing pre-auth flow. Client handles errors anyway in case of auth/par flow ([cb5f9c1](https://github.com/Sphereon-Opensource/OID4VCI/commit/cb5f9c1c12285508c6d403814d032e8883a59e7d))




- Better match credential offer types and formats onto issuer metadata ([4044c21](https://github.com/Sphereon-Opensource/OID4VCI/commit/4044c2175b4cbee16f44c8bb5499bba249ca4993))
- clearinterval ([214e3c6](https://github.com/Sphereon-Opensource/OID4VCI/commit/214e3c6d7ced9b27c50186db8ed876330230a6a5))
- relax auth_endpoint handling. Doesn't have to be available when doing pre-auth flow. Client handles errors anyway in case of auth/par flow ([ce39958](https://github.com/Sphereon-Opensource/OID4VCI/commit/ce39958f21f82243f26111fd14bd2443517eef9c))
- relax auth_endpoint handling. Doesn't have to be available when doing pre-auth flow. Client handles errors anyway in case of auth/par flow ([cb5f9c1](https://github.com/Sphereon-Opensource/OID4VCI/commit/cb5f9c1c12285508c6d403814d032e8883a59e7d))

# [0.7.0](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.6.0...v0.7.0) (2023-08-19)

1 change: 0 additions & 1 deletion packages/client/README.md
Original file line number Diff line number Diff line change
@@ -57,7 +57,6 @@ import { OpenID4VCIClient } from '@sphereon/oid4vci-client';
// The client is initiated from a URI. This URI is provided by the Issuer, typically as a URL or QR code.
const client = await OpenID4VCIClient.fromURI({
uri: 'openid-initiate-issuance://?issuer=https%3A%2F%2Fissuer.research.identiproof.io&credential_type=OpenBadgeCredentialUrl&pre-authorized_code=4jLs9xZHEfqcoow0kHE7d1a8hUk6Sy-5bVSV2MqBUGUgiFFQi-ImL62T-FmLIo8hKA1UdMPH0lM1xAgcFkJfxIw9L-lI3mVs0hRT8YVwsEM1ma6N3wzuCdwtMU4bcwKp&user_pin_required=true',
flowType: AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW, // The flow to use
kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21#key-1', // Our DID. You can defer this also to when the acquireCredential method is called
alg: Alg.ES256, // The signing Algorithm we will use. You can defer this also to when the acquireCredential method is called
clientId: 'test-clientId', // The clientId if the Authrozation Service requires it. If a clientId is needed you can defer this also to when the acquireAccessToken method is called
36 changes: 18 additions & 18 deletions packages/client/lib/AccessTokenClient.ts
Original file line number Diff line number Diff line change
@@ -4,10 +4,10 @@ import {
AccessTokenResponse,
assertedUniformCredentialOffer,
AuthorizationServerOpts,
AuthzFlowType,
EndpointMetadata,
getIssuerFromCredentialOfferPayload,
GrantTypes,
isPreAuthCode,
IssuerOpts,
OpenIDResponse,
PRE_AUTH_CODE_LITERAL,
@@ -67,6 +67,7 @@ export class AccessTokenClient {
issuerOpts?: IssuerOpts;
}): Promise<OpenIDResponse<AccessTokenResponse>> {
this.validate(accessTokenRequest, isPinRequired);

const requestTokenURL = AccessTokenClient.determineTokenURL({
asOpts,
issuerOpts,
@@ -76,45 +77,44 @@ export class AccessTokenClient {
? await MetadataClient.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
: undefined,
});

return this.sendAuthCode(requestTokenURL, accessTokenRequest);
}

public async createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest> {
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
const credentialOfferRequest = await toUniformCredentialOfferRequest(opts.credentialOffer);
const request: Partial<AccessTokenRequest> = {};

if (asOpts?.clientId) {
request.client_id = asOpts.clientId;
}

this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
request.user_pin = pin;
if (credentialOfferRequest.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
request.user_pin = pin;

const isPreAuth = isPreAuthCode(credentialOfferRequest);
if (isPreAuth) {
if (codeVerifier) {
throw new Error('Cannot pass a code_verifier when flow type is pre-authorized');
}
request.grant_type = GrantTypes.PRE_AUTHORIZED_CODE;
// we actually know it is there because of the isPreAuthCode call
request[PRE_AUTH_CODE_LITERAL] =
credentialOfferRequest?.credential_offer.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.[PRE_AUTH_CODE_LITERAL];

return request as AccessTokenRequest;
}
if (!isPreAuth && credentialOfferRequest.credential_offer.grants?.authorization_code?.issuer_state) {
this.throwNotSupportedFlow(); // not supported yet

if (credentialOfferRequest.supportedFlows.includes(AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
request.grant_type = GrantTypes.AUTHORIZATION_CODE;
}
if (codeVerifier) {
request.code_verifier = codeVerifier;
request.code = code;
request.redirect_uri = redirectUri;
request.grant_type = GrantTypes.AUTHORIZATION_CODE;
}
if (request.grant_type === GrantTypes.AUTHORIZATION_CODE && isPreAuth) {
throw Error('A pre_authorized_code flow cannot have an issuer state in the credential offer');

if (codeVerifier) {
request.code_verifier = codeVerifier;
}

return request as AccessTokenRequest;
}

return request as AccessTokenRequest;
throw new Error('Credential offer request does not follow neither pre-authorized code nor authorization code flow requirements.');
}

private assertPreAuthorizedGrantType(grantType: GrantTypes): void {
Loading
Oops, something went wrong.

0 comments on commit a691eb8

Please sign in to comment.