@sphereon/did-auth-siop-adapter

import { VerifiedJWT, IDTokenPayload, RequestObjectPayload, JwtVerifier, JwtIssuerWithContext } from '@sphereon/did-auth-siop'; import { SigningAlgo, JwtHeader, JwtPayload } from '@sphereon/oid4vc-common'; import { JWTVerifyOptions, JWTPayload, JWTOptions, JWTHeader, Signer as Signer$1 } from 'did-jwt'; import { Resolvable, DIDDocument as DIDDocument$1 } from 'did-resolver'; import { VerifyCallback } from '@sphereon/wellknown-dids-client'; declare enum CheckLinkedDomain { NEVER = "never",// We don't want to verify Linked domains IF_PRESENT = "if_present",// If present, did-auth-siop will check the linked domain, if exist and not valid, throws an exception ALWAYS = "always" } interface InternalSignature { hexPrivateKey: string; did: string; alg: SigningAlgo; kid?: string; customJwtSigner?: Signer; } interface SuppliedSignature { signature: (data: string | Uint8Array) => Promise<EcdsaSignature | string>; alg: SigningAlgo; did: string; kid: string; } interface NoSignature { hexPublicKey: string; did: string; kid?: string; } interface ExternalSignature { signatureUri: string; did: string; authZToken: string; hexPublicKey?: string; alg: SigningAlgo; kid?: string; } declare enum VerificationMode { INTERNAL = 0, EXTERNAL = 1 } interface EcdsaSignature { r: string; s: string; recoveryParam?: number | null; } type Signer = (data: string | Uint8Array) => Promise<EcdsaSignature | string>; interface Verification { checkLinkedDomain?: CheckLinkedDomain; wellknownDIDVerifyCallback?: VerifyCallback; resolveOpts: ResolveOpts; } type InternalVerification = Verification; interface ExternalVerification extends Verification { verifyUri: string; authZToken?: string; } interface ResolveOpts { jwtVerifyOpts?: JWTVerifyOptions; resolver?: Resolvable; resolveUrl?: string; noUniversalResolverFallback?: boolean; subjectSyntaxTypesSupported?: string[]; } interface LinkedDataProof { type: string; created: string; creator: string; nonce: string; signatureValue: string; } interface DIDDocument extends DIDDocument$1 { owner?: string; created?: string; updated?: string; proof?: LinkedDataProof; } /** * Verifies given JWT. If the JWT is valid, the promise returns an object including the JWT, the payload of the JWT, * and the did doc of the issuer of the JWT. * * @example * verifyDidJWT('did:key:example', resolver, {audience: '5A8bRWU3F7j3REx3vkJ...', callbackUrl: 'https://...'}).then(obj => { * const did = obj.did // DIDres of signer * const payload = obj.payload * const doc = obj.doc // DIDres Document of signer * const JWT = obj.JWT // JWT * const signerKeyId = obj.signerKeyId // ID of key in DIDres document that signed JWT * ... * }) * * @param {String} jwt a JSON Web Token to verify * @param {Resolvable} resolver * @param {JWTVerifyOptions} [options] Options * @param {String} options.audience DID of the recipient of the JWT * @param {String} options.callbackUrl callback url in JWT * @return {Promise<Object, Error>} a promise which resolves with a response object or rejects with an error */ declare function verifyDidJWT(jwt: string, resolver: Resolvable, options: JWTVerifyOptions): Promise<VerifiedJWT>; /** * Creates a signed JWT given an address which becomes the issuer, a signer function, and a payload for which the withSignature is over. * * @example * const signer = ES256KSigner(process.env.PRIVATE_KEY) * createJWT({address: '5A8bRWU3F7j3REx3vkJ...', signer}, {key1: 'value', key2: ..., ... }).then(JWT => { * ... * }) * * @param {Object} payload payload object * @param {Object} [options] an unsigned credential object * @param {String} options.issuer The DID of the issuer (signer) of JWT * @param {Signer} options.signer a `Signer` function, Please see `ES256KSigner` or `EdDSASigner` * @param {boolean} options.canonicalize optional flag to canonicalize header and payload before signing * @param {Object} header optional object to specify or customize the JWT header * @return {Promise<Object, Error>} a promise which resolves with a signed JSON Web Token or rejects with an error */ declare function createDidJWT(payload: Partial<JWTPayload>, { issuer, signer, expiresIn, canonicalize }: JWTOptions, header: Partial<JWTHeader>): Promise<string>; declare function signIDTokenPayload(payload: IDTokenPayload, signature: InternalSignature | ExternalSignature | SuppliedSignature): Promise<string>; declare function signRequestObjectPayload(payload: RequestObjectPayload, signature: InternalSignature | ExternalSignature | SuppliedSignature): Promise<string>; declare function signDidJwtInternal(payload: IDTokenPayload | RequestObjectPayload, issuer: string, hexPrivateKey: string, alg: SigningAlgo, kid: string, customJwtSigner?: Signer$1): Promise<string>; declare function getAudience(jwt: string): string | undefined; declare function getSubDidFromPayload(payload: JWTPayload, header?: JWTHeader): string; declare function isIssSelfIssued(payload: JWTPayload): boolean; declare function getMethodFromDid(did: string): string; /** * Since the OIDC SIOP spec incorrectly uses 'did:<method>:' and calls that a method, we have to fix it * @param didOrMethod */ declare function toSIOPRegistrationDidMethod(didOrMethod: string): string; declare function getResolver(opts: ResolveOpts): Resolvable; /** * This method returns a resolver object in OP/RP * If the user of this library, configures OP/RP to have a customResolver, we will use that * If the user of this library configures OP/RP to use a custom resolver for any specific did method, we will use that * and in the end for the rest of the did methods, configured either with calling `addDidMethod` upon building OP/RP * (without any resolver configuration) or declaring in the subject_syntax_types_supported of the registration object * we will use universal resolver from Sphereon's DID Universal Resolver library * @param customResolver * @param subjectSyntaxTypesSupported * @param resolverMap */ declare function getResolverUnion(customResolver: Resolvable, subjectSyntaxTypesSupported: string[] | string, resolverMap: Map<string, Resolvable>): Resolvable; declare function mergeAllDidMethods(subjectSyntaxTypesSupported: string | string[], resolvers: Map<string, Resolvable>): string[]; declare function resolveDidDocument(did: string, opts?: ResolveOpts): Promise<DIDDocument>; declare function validateLinkedDomainWithDid(did: string, verification: InternalVerification | ExternalVerification): Promise<void>; declare const verfiyDidJwtAdapter: (jwtVerifier: JwtVerifier, jwt: { header: JwtHeader; payload: JwtPayload; raw: string; }, options: { verification: InternalVerification | ExternalVerification; resolver: Resolvable; }) => Promise<boolean>; declare const createDidJwtAdapter: (signature: InternalSignature | ExternalSignature | SuppliedSignature, jwtIssuer: JwtIssuerWithContext, jwt: { header: JwtHeader; payload: JwtPayload; }) => Promise<string>; declare const isInternalSignature: (object: InternalSignature | ExternalSignature | SuppliedSignature | NoSignature) => object is InternalSignature; declare const isExternalSignature: (object: InternalSignature | ExternalSignature | SuppliedSignature | NoSignature) => object is ExternalSignature; declare const isSuppliedSignature: (object: InternalSignature | ExternalSignature | SuppliedSignature | NoSignature) => object is SuppliedSignature; export { CheckLinkedDomain, type DIDDocument, type EcdsaSignature, type ExternalSignature, type ExternalVerification, type InternalSignature, type InternalVerification, type LinkedDataProof, type NoSignature, type ResolveOpts, type Signer, type SuppliedSignature, type Verification, VerificationMode, createDidJWT, createDidJwtAdapter, getAudience, getMethodFromDid, getResolver, getResolverUnion, getSubDidFromPayload, isExternalSignature, isInternalSignature, isIssSelfIssued, isSuppliedSignature, mergeAllDidMethods, resolveDidDocument, signDidJwtInternal, signIDTokenPayload, signRequestObjectPayload, toSIOPRegistrationDidMethod, validateLinkedDomainWithDid, verfiyDidJwtAdapter, verifyDidJWT };