UNPKG

@sphereon/ssi-sdk.ebsi-authorization-client

Version:

<!--suppress HtmlDeprecatedAttribute --> <h1 align="center"> <br> <a href="https://www.sphereon.com"><img src="https://sphereon.com/content/themes/sphereon/assets/img/logo.svg" alt="Sphereon" width="400"></a> <br>EBSI Authorization Client (Typescrip

129 lines 6.08 kB
import { CheckLinkedDomain, PresentationDefinitionLocation, SupportedVersion } from '@sphereon/did-auth-siop'; import { CredentialMapper } from '@sphereon/ssi-types'; import fetch from 'cross-fetch'; import { EbsiEnvironment, schema, } from '../index'; //const encodeBase64url = (input: string): string => u8a.toString(u8a.fromString(input), 'base64url') export class EBSIAuthorizationClient { schema = schema.IEBSIAuthorizationClient; methods = { ebsiAuthASDiscoveryMetadataGet: this.ebsiAuthASDiscoveryMetadataGet.bind(this), ebsiAuthASJwksGet: this.ebsiAuthASJwksGet.bind(this), ebsiAuthPresentationDefinitionGet: this.ebsiAuthPresentationDefinitionGet.bind(this), ebsiAuthAccessTokenGet: this.ebsiAuthAccessTokenGet.bind(this), }; async ebsiAuthASDiscoveryMetadataGet(args) { const url = await this.getDiscoveryEndpoint(args); return await (await fetch(url, { method: 'GET', headers: { Accept: 'application/json', }, })).json(); } async ebsiAuthASJwksGet(args) { const discoveryMetadata = await this.ebsiAuthASDiscoveryMetadataGet(args); return await (await fetch(`${discoveryMetadata.jwks_uri}`, { method: 'GET', headers: { Accept: 'application/jwk-set+json', }, })).json(); } async ebsiAuthPresentationDefinitionGet(args) { const { scope, apiOpts } = args; const discoveryMetadata = await this.ebsiAuthASDiscoveryMetadataGet(apiOpts); return (await (await fetch(`${discoveryMetadata.presentation_definition_endpoint}?scope=openid%20${scope}`, { method: 'GET', headers: { Accept: 'application/json', }, })).json()); } async ebsiAuthAccessTokenGet(args, context) { const { vc, scope, kid, did, definitionId, apiOpts } = args; console.log(vc, scope, kid, did, definitionId); const metadataResponse = await this.ebsiAuthASDiscoveryMetadataGet(args.apiOpts); const definitionResponse = await this.ebsiAuthPresentationDefinitionGet(args); const pexResult = await context.agent.pexDefinitionFilterCredentials({ presentationDefinition: definitionResponse, credentialFilterOpts: { verifiableCredentials: [vc] }, }); const definition = { definition: definitionResponse, location: PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF, version: SupportedVersion.SIOPv2_D11, }; const opSesssion = await context.agent.siopRegisterOPSession({ requestJwtOrUri: '', // Siop assumes we use an auth request, which we don't have in this case op: { checkLinkedDomains: CheckLinkedDomain.NEVER }, providedPresentationDefinitions: [definition], }); const oid4vp = await opSesssion.getOID4VP([did]); const vp = await oid4vp.createVerifiablePresentation({ definition, credentials: pexResult.filteredCredentials }, { proofOpts: { domain: metadataResponse.issuer, nonce: Date().toString() }, holderDID: did, identifierOpts: { identifier: did, kid }, skipDidResolution: scope === 'didr_invite', }); const accessToken = await this.getAccessTokenResponse({ grant_type: 'vp_token', vp_token: CredentialMapper.toCompactJWT(vp.verifiablePresentation), scope, presentation_submission: vp.presentationSubmission, apiOpts, }); //FIXME console.log(JSON.stringify(accessToken)); return accessToken; // // // const metadataResponse = await this.ebsiAuthASDiscoveryMetadataGet() // if ('status' in metadataResponse) { // throw Error(JSON.stringify(metadataResponse)) // } // // const tokenResponse = await this.getAccessToken({ // grant_type: 'vp_token', // vp_token: vpJwt.verifiablePresentation as CompactJWT, // presentation_submission: vpJwt.presentationSubmission, // scope, // }) // if ('status' in tokenResponse) { // throw new Error(JSON.stringify(tokenResponse)) // } } async getAccessTokenResponse(args) { const { grant_type = 'vp_token', scope, vp_token, presentation_submission, apiOpts } = args; const discoveryMetadata = await this.ebsiAuthASDiscoveryMetadataGet(apiOpts); return await (await fetch(`${discoveryMetadata.token_endpoint}`, { method: 'POST', headers: { ContentType: 'application/x-www-form-urlencoded', Accept: 'application/json', }, body: new URLSearchParams({ grant_type, scope: `openid ${scope}`, vp_token, presentation_submission: JSON.stringify(presentation_submission), }), })).json(); } async getUrl(args) { const { environment, version } = args ?? { environment: EbsiEnvironment.CONFORMANCE, version: 'v3' }; if (environment === EbsiEnvironment.MOCK) { return `https://api-conformance.ebsi.eu/conformance/${version}/auth-mock`; } else if (environment === EbsiEnvironment.ISSUER) { return `https://api-conformance.ebsi.eu/conformance/${version}/issuer-mock`; } return `https://api-${environment}.ebsi.eu/authorisation/${version}`; } async getDiscoveryEndpoint(args) { const { environment, version } = { environment: EbsiEnvironment.CONFORMANCE, version: 'v4', ...args }; if (environment === EbsiEnvironment.ISSUER) { return `${await this.getUrl({ environment, version })}/.well-known/openid-credential-issuer`; } return `${await this.getUrl({ environment, version })}/.well-known/openid-configuration`; } } //# sourceMappingURL=EBSIAuthorizationClient.js.map