@sphereon/oid4vci-client

import { Alg, Jwt } from '@sphereon/oid4vci-common'; import { toJwk } from '@sphereon/ssi-sdk-ext.key-utils'; import { CredentialMapper } from '@sphereon/ssi-types'; // eslint-disable-next-line @typescript-eslint/ban-ts-comment //@ts-ignore import { from } from '@trust/keyto'; import { fetch } from 'cross-fetch'; import debug from 'debug'; import { base64url, importJWK, JWK, SignJWT } from 'jose'; import * as u8a from 'uint8arrays'; import { OpenID4VCIClientV1_0_11 } from '..'; export const UNIT_TEST_TIMEOUT = 30000; const ISSUER_URL = 'https://conformance-test.ebsi.eu/conformance/v3/issuer-mock'; const AUTH_URL = 'https://conformance-test.ebsi.eu/conformance/v3/auth-mock'; const jwk: JWK = { alg: 'ES256', use: 'sig', kty: 'EC', crv: 'P-256', x: 'hUWYK06qFvdudydiqnEhVJhZ-73jcLtuzH8kIyNOSHE', y: 'UZf7oUkJdo65SQekMD5ssiRclEimG2SmlsjXf3QwQJo', d: 'zDeeo3K0Pk8dofeKcajvJYxMZ1vijx_cVDJQl1IpbAM', }; console.log(`JWK (private/orig): ${JSON.stringify(jwk, null, 2)}`); const privateKey = from(jwk, 'jwk').toString('blk', 'private'); const publicKey = from(jwk, 'jwk').toString('blk', 'public'); console.log(`Private key: ${privateKey}`); console.log(`Public key: ${publicKey}`); console.log(`Private key (b64): ${base64url.encode(u8a.fromString(privateKey, 'base16'))}`); console.log(`JWK (private 2) ${JSON.stringify(toJwk(privateKey, 'Secp256r1', { isPrivateKey: true }))}`); console.log(`JWK (public 2) ${JSON.stringify(toJwk(publicKey, 'Secp256r1', { isPrivateKey: false }))}`); // const DID_METHOD = 'did:key' const DID = 'did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9Kbrm54tL4pRrDDhR1QJ5RHPMXUq5MzYpZL2k35vya5eMiNxschNy9AJ74CC3MmcYiZJGZfyhWQ6qDgTVcDSHdquwPYvLDut383JbrgYdZYYSC2merTMgmQtUi3huYhaky1qE'; const DID_URL_ENCODED = 'did%3Akey%3Az2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9Kbrm54tL4pRrDDhR1QJ5RHPMXUq5MzYpZL2k35vya5eMiNxschNy9AJ74CC3MmcYiZJGZfyhWQ6qDgTVcDSHdquwPYvLDut383JbrgYdZYYSC2merTMgmQtUi3huYhaky1qE'; // const PRIVATE_KEY_HEX = '7dd923e40f4615ac496119f7e793cc2899e99b64b88ca8603db986700089532b' // const PUBLIC_KEY_HEX = // '04a23cb4c83901acc2eb0f852599610de0caeac260bf8ed05e7f902eaac0f9c8d74dd4841b94d13424d32af8ec0e9976db9abfa7e3a59e10d565c5d4d901b4be63' // pub hex: 35e03477cb29f3ac518770dccd4e26e703cd21b9741c24b038170c377b0d99d9 // priv hex: 913466d1a38d1d8c0d3c0fb0fc3b633075085a31372bbd2a8022215a88d9d1e5 // const did = `did:key:z6Mki5ZwZKN1dBQprfJTikUvkDxrHijiiQngkWviMF5gw2Hv`; const kid = `${DID}#z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9Kbrm54tL4pRrDDhR1QJ5RHPMXUq5MzYpZL2k35vya5eMiNxschNy9AJ74CC3MmcYiZJGZfyhWQ6qDgTVcDSHdquwPYvLDut383JbrgYdZYYSC2merTMgmQtUi3huYhaky1qE`; // const jw = jose.importKey() // EBSI returning a 500 in credential endpoint all of a sudden describe.skip('OID4VCI-Client using Sphereon issuer should', () => { async function test(credentialType: 'CTWalletCrossPreAuthorisedInTime' | 'CTWalletCrossPreAuthorisedDeferred' | 'CTWalletCrossAuthorisedInTime') { debug.enable('*'); const offer = await getCredentialOffer(credentialType); const client = await OpenID4VCIClientV1_0_11.fromURI({ uri: offer, kid, alg: Alg.ES256, clientId: DID_URL_ENCODED, }); expect(client.credentialOffer).toBeDefined(); expect(client.endpointMetadata).toBeDefined(); expect(client.getCredentialEndpoint()).toEqual(`${ISSUER_URL}/credential`); expect(client.getAccessTokenEndpoint()).toEqual(`${AUTH_URL}/token`); if (credentialType !== 'CTWalletCrossPreAuthorisedInTime') { const url = await client.createAuthorizationRequestUrl({ authorizationRequest: { redirectUri: 'openid4vc%3A', }, }); const result = await fetch(url); console.log(result.text()); } const accessToken = await client.acquireAccessToken({ pin: '0891' }); // console.log(accessToken); expect(accessToken).toMatchObject({ expires_in: 86400, // scope: 'GuestCredential', token_type: 'Bearer', }); const format = 'jwt_vc'; const credentialResponse = await client.acquireCredentials({ credentialTypes: client.getCredentialOfferTypes()[0], format, proofCallbacks: { signCallback: proofOfPossessionCallbackFunction, }, kid, deferredCredentialAwait: true, deferredCredentialIntervalInMS: 5000, }); console.log(JSON.stringify(credentialResponse, null, 2)); expect(credentialResponse.credential).toBeDefined(); const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credentialResponse.credential!); expect(format.startsWith(wrappedVC.format)).toEqual(true); } // Current conformance tests is not stable as changes are being applied it seems it( 'succeed in a full flow with the client using OpenID4VCI version 11 and jwt_vc_json', async () => { await test('CTWalletCrossPreAuthorisedInTime'); await test('CTWalletCrossPreAuthorisedDeferred'); // await test('CTWalletCrossAuthorisedInTime'); }, UNIT_TEST_TIMEOUT, ); }); async function getCredentialOffer( credentialType: 'CTWalletCrossPreAuthorisedInTime' | 'CTWalletCrossAuthorisedInTime' | 'CTWalletCrossPreAuthorisedDeferred', ): Promise<string> { const credentialOffer = await fetch( `https://conformance-test.ebsi.eu/conformance/v3/issuer-mock/initiate-credential-offer?credential_type=${credentialType}&client_id=${DID_URL_ENCODED}&credential_offer_endpoint=openid-credential-offer%3A%2F%2F`, { method: 'GET', headers: { Accept: 'application/json', 'Content-Type': 'application/json', }, }, ); return await credentialOffer.text(); } async function proofOfPossessionCallbackFunction(args: Jwt, kid?: string): Promise<string> { const importedJwk = await importJWK(jwk); return await new SignJWT({ ...args.payload }) .setProtectedHeader({ ...args.header, kid: kid! }) .setIssuer(DID) .setIssuedAt() .setExpirationTime('2m') .sign(importedJwk); }