UNPKG

@sphereon/did-auth-siop

Version:

Self Issued OpenID V2 (SIOPv2) and OpenID 4 Verifiable Presentations (OID4VP)

65 lines (55 loc) 2.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import { DcqlPresentation } from 'dcql' import { AuthorizationRequest } from '../authorization-request' import { IDToken } from '../id-token' import { RequestObject } from '../request-object' import { AuthorizationRequestPayload, AuthorizationResponsePayload, IDTokenPayload, SIOPErrors } from '../types' import { putPresentationSubmissionInLocation } from './OpenID4VP' import { assertValidResponseOpts } from './Opts' import { AuthorizationResponseOpts } from './types' export const createResponsePayload = async ( authorizationRequest: AuthorizationRequest, responseOpts: AuthorizationResponseOpts, idTokenPayload?: IDTokenPayload, ): Promise<AuthorizationResponsePayload | undefined> => { await assertValidResponseOpts(responseOpts) if (!authorizationRequest) { throw new Error(SIOPErrors.NO_REQUEST) } // If state was in request, it must be in response const state: string | undefined = authorizationRequest.getMergedProperty('state') const responsePayload: AuthorizationResponsePayload = { ...(responseOpts.accessToken && { access_token: responseOpts.accessToken, expires_in: responseOpts.expiresIn || 3600 }), ...(responseOpts.tokenType && { token_type: responseOpts.tokenType }), ...(responseOpts.refreshToken && { refresh_token: responseOpts.refreshToken }), ...(responseOpts.isFirstParty && { is_first_party: responseOpts.isFirstParty }), state, } // vp tokens if (responseOpts.dcqlResponse) { responsePayload.vp_token = DcqlPresentation.encode(responseOpts.dcqlResponse.dcqlPresentation as DcqlPresentation) } else { await putPresentationSubmissionInLocation(authorizationRequest, responsePayload, responseOpts, idTokenPayload) } if (idTokenPayload) { const idToken = await IDToken.fromIDTokenPayload(idTokenPayload, responseOpts) responsePayload.id_token = await idToken.jwt(responseOpts.jwtIssuer) } return responsePayload } /** * Properties can be in oAUth2 and OpenID (JWT) style. If they are in both the OpenID prop takes precedence as they are signed. * @param payload * @param requestObject */ export const mergeOAuth2AndOpenIdInRequestPayload = async ( payload: AuthorizationRequestPayload, requestObject?: RequestObject, ): Promise<AuthorizationRequestPayload> => { const payloadCopy = JSON.parse(JSON.stringify(payload)) const requestObj = requestObject ? requestObject : await RequestObject.fromAuthorizationRequestPayload(payload) if (!requestObj) { return payloadCopy } const requestObjectPayload = await requestObj.getPayload() return { ...payloadCopy, ...requestObjectPayload } }