@sphereon/ssi-sdk.ebsi-support

import * as _sphereon_ssi_types from '@sphereon/ssi-types'; import { W3CVerifiableCredential, CredentialRole, PresentationSubmission } from '@sphereon/ssi-types'; import { IIdentifier, MinimalImportableKey, TKeyType, IService, IAgentContext, IKeyManager, IKey, IDIDManager, IPluginMethodMap, IResolver, IAgentPlugin } from '@veramo/core'; import { DiscoveryMetadataPayload, JWK } from '@sphereon/did-auth-siop'; import { RequestObjectOpts, OID4VCICredentialFormat } from '@sphereon/oid4vci-common'; import { PresentationDefinitionV2, Format } from '@sphereon/pex-models'; import { ManagedIdentifierDidResult, IIdentifierResolution, ManagedIdentifierDidOpts } from '@sphereon/ssi-sdk-ext.identifier-resolution'; import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'; import { Party, IBasicCredentialLocaleBranding } from '@sphereon/ssi-sdk.data-store-types'; import { PrepareStartArgs, IssuanceOpts, IOID4VCIHolder, WalletType, ErrorDetails, MappedCredentialToAccept } from '@sphereon/ssi-sdk.oid4vci-holder'; import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'; import { IDidAuthSiopOpAuthenticator } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'; import { _ExtendedIKey } from '@veramo/utils'; import { DIDDocument, DIDResolver } from 'did-resolver'; import { BigNumberish, BytesLike, AccessListish } from 'ethers'; import { AbstractIdentifierProvider } from '@veramo/did-manager'; type IContext = IAgentContext<IKeyManager>; /** * The type of the DID to be created * @readonly * @enum {string} */ type EbsiDIDType = 'NATURAL_PERSON' | 'LEGAL_ENTITY'; /** * The DID method to use * @readonly * @enum {string} */ type EbsiDIDPrefix = 'did:ebsi:' | 'did:key:'; /** * @typedef EbsiDidSpecInfo * @type {object} * @property {EbsiDIDType} type - The type of the DID * @property {EbsiDIDPrefix} method - The method of the DID * @property {number} version - The version of the specs * @property {number} didLength - The length of the DID * @property {number} privateKeyLength The private key length */ interface EbsiDidSpecInfo { type: EbsiDIDType; method: EbsiDIDPrefix; version?: number; didLength?: number; privateKeyLength?: number; } declare const EBSI_DID_SPEC_INFOS: Record<string, EbsiDidSpecInfo>; /** * A minimal importable key with restricted types to choose from and purposes of the public key * @typedef IKeyOpts * @extends MinimalImportableKey * @property {EbsiKeyType} type * @property {EbsiPublicKeyPurpose[]} purposes */ interface IKeyOpts extends WithRequiredProperty<Partial<MinimalImportableKey>, 'privateKeyHex'> { type?: EbsiKeyType; purposes?: EbsiPublicKeyPurpose[]; } type WithRequiredProperty<Type, Key extends keyof Type> = Type & { [Property in Key]-?: Type[Property]; }; type RpcMethodArgs = { params: RPCParams[]; rpcId: number; accessToken: string; rpcMethod: EbsiRpcMethod; apiOpts?: ApiOpts; doNotThrowErrors?: boolean; }; type EbsiCreateIdentifierOpts = { methodSpecificId?: string; rpcId?: number; secp256k1Key?: IKeyOpts; secp256r1Key?: IKeyOpts; did?: string; keys?: IKeyOpts[]; executeLedgerOperation?: boolean; baseDocument?: string; notBefore?: number; notAfter?: number; accessTokenOpts: EbsiAccessTokenOpts; services?: IService[]; }; /** * @typedef ICreateIdentifierArgs * @type {object} * @property {string} kms - The kms to use * @property {string} alias - The alias of the DID * @property {EbsiDidSpecInfo} type * @property {string} options.methodSpecificId - method specific id for import * @property {IKeyOpts} secp256k1Key - The options to create the key * @property {IKeyOpts} secp256r1Key - The options to create the key */ interface ICreateIdentifierArgs { kms?: string; alias?: string; type?: EbsiDidSpecInfo; options: EbsiCreateIdentifierOpts; } /** * The Ebsi allowed key types - Secp256k1 and Secp256r1 * @readonly * @enum {string} */ type EbsiKeyType = Extract<TKeyType, 'Secp256k1' | 'Secp256r1'>; /** * The purpose of the public keys * @readonly * @enum {string} */ declare enum EbsiPublicKeyPurpose { Authentication = "authentication", AssertionMethod = "assertionMethod", CapabilityInvocation = "capabilityInvocation" } /** * @typedef InsertDidDocumentParams * @type {object} * @property {string} from - Ethereum address of the signer * @property {string} did - DID to insert. It must be for a legal entity (DID v1) * @property {string} BASE_CONTEXT_DOC - JSON string containing the @context of the DID document * @property {string} vMethodId - Thumbprint of the public key * @property {string} publicKey - Public key for secp256k1 in uncompressed format prefixed with "0x04" * @property {boolean} isSecp256k1 - It must be true * @property {number} notBefore - Capability invocation is valid from this time * @property {number} notAfter - Expiration of the capability invocation */ type InsertDidDocumentParams = { from: string; did: string; baseDocument: string; vMethodId: string; publicKey: string; isSecp256k1: boolean; notBefore: number; notAfter: number; }; /** * @typedef UpdateBaseDocumentParams * @type {object} * @property {string} from - Ethereum address of the signer * @property {string} did - Existing DID * @property {string} BASE_CONTEXT_DOC - JSON string containing the @context of the DID document */ type UpdateBaseDocumentParams = Pick<InsertDidDocumentParams, 'from' | 'did' | 'baseDocument'>; /** * @typedef UpdateIdentifierParams * @type {object} * @property {string} did - A DID * @property {Partial<DIDDocument>} document - The partial DID document * @property {{ [p: string]: any }} [options] - Any additional options */ type UpdateIdentifierParams = { did: string; document: Partial<DIDDocument>; options?: { [p: string]: any; }; }; type AddServiceParams = { from: string; did: string; service: IService; }; /** * @typedef AddVerificationMethodParams * @type {object} * @property {string} from - Ethereum address of the signer * @property {string} did - Existing DID * @property {string} vMethodId - New verification method id * @property {boolean} isSecp256k1 - Boolean defining if the public key is for secp256k1 curve or not * @property {string} publicKey - Public key as hex string. For an ES256K key, it must be in uncompressed format * prefixed with "0x04". For other algorithms, it must be the JWK transformed to string and then to hex format. */ type AddVerificationMethodParams = Pick<InsertDidDocumentParams, 'from' | 'did' | 'vMethodId' | 'isSecp256k1' | 'publicKey'>; /** * @typedef AddVerificationMethodRelationshipParams * @type {object} * @property {string} from - Ethereum address of the signer * @property {string} did - Existing DID * @property {string} name - Name of the verification relationship * @property {string} vMethodId - Reference to the verification method * @property {number} notBefore - Verification relationship is valid from this time * @property {number} notAfter - Expiration of the verification relationship */ type AddVerificationMethodRelationshipParams = Pick<InsertDidDocumentParams, 'from' | 'did' | 'vMethodId' | 'notBefore' | 'notAfter'> & { name: string; }; /** * @typedef UnsignedTransaction * @type {object} * @property {string} from - The sending address. * @property {string} to - The receiving address (if EOA, the transaction will transfer value. If a smart contract * account, the transaction will use contract code). * @property {string} data - Can contain code or a message to the recipient. * @property {string} nonce - A number used to track ordering of transactions and prevent replay attacks * @property {string} chainId - The Ethereum Network ID (ex: 1 - Ethereum Mainnet). * @property {string} gasLimit - The maximum amount of gas units that can be used. * @property {string} gasPrice - Gas price provided by the sender in Wei. * @property {string} value - The amount of ETH to be sent from the sending address (denominated in Wei) */ type UnsignedTransaction = { to?: string; nonce?: number; gasLimit?: BigNumberish; gasPrice?: BigNumberish; data?: BytesLike; value?: BigNumberish; chainId?: number; type?: number | null; accessList?: AccessListish; maxPriorityFeePerGas?: BigNumberish; maxFeePerGas?: BigNumberish; }; /** * @typedef SendSignedTransactionParams * @type {object} * @property {string} protocol - Example: eth * @property {UnsignedTransaction} unsignedTransaction - The unsigned transaction * @property {string} r - ECDSA signature r * @property {string} s - ECDSA signature s * @property {string} v - ECDSA recovery id * @property {string} signedRawTransaction - The signed raw transaction */ type SendSignedTransactionParams = { protocol: string; unsignedTransaction: UnsignedTransaction; r: string; s: string; v: string; signedRawTransaction: string; }; /** * @typedef RpcOkResponse * @type {object} * @property {string} JSON_RPC_VERSION - Must be exactly "2.0" * @property {number} id - Same identifier established by the client in the call * @property {object} result - Result of the transaction */ type RpcOkResponse = { jsonrpc: string; id: number; result: any; }; type RpcErrorResponse = { jsonrpc: string; id: number; error: { code: number; message: string; }; }; /** * @typedef ResponseNot200 * @type {object} * @property {URL | string} type - An absolute URI that identifies the problem type. When dereferenced, * it SHOULD provide human-readable documentation for the problem type. * @property {string} title - A short summary of the problem type. * @property {number} status - The HTTP status code generated by the origin server for this occurrence of the problem. * @property {string} detail - A human-readable explanation specific to this occurrence of the problem. * @property {URL | string} instance An absolute URI that identifies the specific occurrence of the problem. * It may or may not yield further information if dereferenced. */ type ResponseNot200 = { type: URL | string; id?: number; title: string; error?: { code: number; message: string; }; status: number; detail: string; instance: URL | string; }; /** * @typedef GetDidDocumentParams * @type {object} * @property {string} did * @property {string} validAt */ type GetDidDocumentParams = { did: string; validAt?: string; }; /** * @typedef GetDidDocumentsParams * @type {object} * @property {string} offset Originally page[after] Cursor that points to the end of the page of data that has been returned. * @property {number} size Originally page[size] Defines the maximum number of objects that may be returned. * @property {string} controller Filter by controller DID. */ type GetDidDocumentsParams = { offset?: string; size?: number; controller?: string; }; /** * Result of listing dids * @typedef {Item} * @type {object} * @property {string} did - The DID * @property {string} href - The referrer of the DID */ type Item = { did: string; href: string; }; /** * The links related to pagination * @typedef Links * @type {object} * @property {string} first - The link to the first page * @property {string} prev - The link ot the previous page * @property {string} next - The link to the next page * @property {string} last - The link to the last page */ type Links = { first: string; prev: string; next: string; last: string; }; /** * @typedef GetDidDocumentResponse * @type {object} * @property {string} self - Absolute path to the collection (consult) * @property {Item[]} items - List of DIDs and their referrers * @property {number} total - Total number of items across all pages. * @property {pageSize} number - Maximum number of items per page. For the last page, its value should be independent of the number of actually returned items. * @property {Links} links - The links related to pagination */ type GetDidDocumentsResponse = { self: string; items: Item[]; total: number; pageSize: number; links: Links; }; type EbsiAccessTokenOpts = { attestationToOnboard?: W3CVerifiableCredential; attestationToOnboardCredentialRole: CredentialRole; jwksUri?: string; redirectUri: string; credentialIssuer: string; clientId: string; environment: EbsiEnvironment; }; /** * @typedef CreateEbsiDidParams * @type {object} * @property {Omit<IIdentifier, 'provider'>} identifier An identifier without the provider * @property {ManagedKeyInfo} secp256k1ManagedKeyInfo A Secp256k1 managed key * @property {ManagedKeyInfo} secp256r1ManagedKeyInfo A Secp256r1 managed key * @property {number} id A client created id * @property {string} from The wallet eth like address * @property {string} [baseDocument] The base DID document * @property {number} notBefore Date of issuance of the identifier * @property {number} notAfter Date of expiration of the identifier * @property {ApiOpts} [apiOpts] The EBSI API options */ type CreateEbsiDidParams = { identifier: IIdentifier; rpcId?: number; notBefore?: number; notAfter?: number; baseDocument?: string; accessTokenOpts: EbsiAccessTokenOpts; }; interface CreateEbsiDidOnLedgerResult { identifier: IIdentifier; addVerificationMethod: EbsiRPCResponse; insertDidDoc: EbsiRPCResponse; addAssertionMethodRelationship: EbsiRPCResponse; addAuthenticationRelationship: EbsiRPCResponse; } /** * @constant JSON_RPC_VERSION */ declare const JSON_RPC_VERSION = "2.0"; /** * @constant BASE_CONTEXT_DOC */ declare const BASE_CONTEXT_DOC: string; interface EbsiDidRegistryAPIEndpoints { mutate: string; query: string; } /** * The EBSI RPC operations * @readonly * @enum {string} */ declare enum EbsiRpcMethod { INSERT_DID_DOCUMENT = "insertDidDocument", UPDATE_DID_DOCUMENT = "updateBaseDocument", ADD_VERIFICATION_METHOD = "addVerificationMethod", ADD_VERIFICATION_RELATIONSHIP = "addVerificationRelationship", ADD_SERVICE = "addService", SEND_SIGNED_TRANSACTION = "sendSignedTransaction" } type RPCParams = InsertDidDocumentParams | UpdateBaseDocumentParams | AddVerificationMethodParams | AddVerificationMethodRelationshipParams | SendSignedTransactionParams | AddServiceParams; type EbsiRPCResponse = RpcOkResponse | (RpcErrorResponse & { nonce: string; }); declare class EbsiDidProvider extends AbstractIdentifierProvider { static readonly PROVIDER = "did:ebsi"; private readonly defaultKms?; private readonly apiOpts?; constructor(options: { defaultKms?: string; apiOpts?: ApiOpts; }); createIdentifier(args: ICreateIdentifierArgs, context: IRequiredContext): Promise<Omit<IIdentifier, 'provider'>>; addKey(args: { identifier: IIdentifier; key: IKey; options: { rpcId?: number; accessToken: string; vmRelationships: 'authentication' | 'assertionMethod' | 'keyAgreement' | 'capabilityInvocation' | 'capabilityDelegation'[]; apiOpts?: ApiOpts; }; }, context: IAgentContext<IKeyManager>): Promise<any>; addService(args: { identifier: IIdentifier; service: IService; options: { rpcId?: number; accessToken: string; apiOpts?: ApiOpts; }; }, context: IAgentContext<IKeyManager>): Promise<any>; deleteIdentifier(args: IIdentifier, context: IAgentContext<IKeyManager>): Promise<boolean>; removeKey(args: { identifier: IIdentifier; kid: string; options?: any; }, context: IAgentContext<IKeyManager>): Promise<any>; removeService(args: { identifier: IIdentifier; id: string; options?: any; }, context: IAgentContext<IKeyManager>): Promise<any>; updateIdentifier(args: UpdateIdentifierParams, context: IAgentContext<IKeyManager & IDIDManager>): Promise<IIdentifier>; } declare function getDidEbsiResolver(): { key: DIDResolver; }; declare function generateEbsiMethodSpecificId(specInfo?: EbsiDidSpecInfo): string; declare function generateOrUseProvidedEbsiPrivateKeyHex(specInfo?: EbsiDidSpecInfo, privateKeyBytes?: Uint8Array): string; /** * Returns the public key in the correct format to be used with the did registry v5 * - in case of Secp256k1 - returns the uncompressed public key as hex string prefixed with 0x04 * - in case of Secp256r1 - returns the jwk public key as hex string * @param {{ key: IKey, type: EbsiKeyType }} args * - key is the cryptographic key containing the public key * - type is the type of the key which can be Secp256k1 or Secp256r1 * @returns {string} The properly formatted public key * @throws {Error} If the key type is invalid */ declare const formatEbsiPublicKey: (args: { key: IKey; type: TKeyType; }) => string; declare const ebsiGetIssuerMock: (args: { environment?: EbsiEnvironment; version?: EbsiApiVersion; }) => string; declare const ebsiGetAuthorisationServer: (args: { environment?: EbsiEnvironment; version?: EbsiApiVersion; }) => string; declare const ebsiGetRegistryAPIUrls: (args: { environment?: EbsiEnvironment; version?: EbsiApiVersion; }) => EbsiDidRegistryAPIEndpoints; declare const determineWellknownEndpoint: ({ environment, version, type, system, mock }: WellknownOpts) => string; declare const ebsiSignAndSendTransaction: (args: { rpcRequest: RpcMethodArgs; previousTxResponse?: EbsiRPCResponse; kid: string; accessToken: string; apiOpts?: ApiOpts; }, context: IContext) => Promise<EbsiRPCResponse>; declare const ebsiGenerateOrUseKeyPair: (args: { keyOpts?: IKeyOpts; keyType: EbsiKeyType; kms: string; controllerKey?: boolean; }, context: IAgentContext<IKeyManager>) => Promise<MinimalImportableKey>; declare const toMinimalImportableKey: (args: { key?: IKeyOpts; type: EbsiKeyType; kms: string; }) => Promise<MinimalImportableKey>; declare const assertedPurposes: (args: { key?: IKeyOpts; }) => EbsiPublicKeyPurpose[] | undefined; declare const setPurposes: (args: { key?: IKeyOpts; type: EbsiKeyType; }) => EbsiPublicKeyPurpose[]; declare const randomRpcId: () => number; declare const ebsiCreateDidOnLedger: (args: CreateEbsiDidParams, context: IRequiredContext) => Promise<CreateEbsiDidOnLedgerResult>; /** * Gets the DID document corresponding to the DID. * @param {{ params: GetDidDocumentParams, apiOpts?: ApiOpts }} args * @returns a did document */ declare const ebsiGetDidDocument: (args: { params: GetDidDocumentParams; apiOpts?: ApiOpts; }) => Promise<DIDDocument>; /** * Wait up to the number of MS for a DID Document or Verification methods and relationships to be registered. This is needed, as the EBSI blockchain does not directly propagate across all nodes, since it needs to mine for consensus first * @param args */ declare const ebsiWaitTillDocumentAnchored: (args: GetDidDocumentParams & ApiOpts & { startIntervalMS?: number; minIntervalMS?: number; decreaseIntervalMSPerStep?: number; maxWaitTime?: number; searchForObject?: Record<string, any>; }) => Promise<{ totalWaitTime: number; count: number; didDocument: DIDDocument | undefined; }>; /** * listDidDocuments - Returns a list of identifiers. * @param {{ params: GetDidDocumentsParams; apiOpts?: ApiOpts }} args * @returns a list of identifiers */ declare const ebsiListDidDocuments: (args: { params: GetDidDocumentsParams; apiOpts?: ApiOpts; }) => Promise<GetDidDocumentsResponse>; interface AttestationAuthRequestUrlResult extends Omit<Required<PrepareStartArgs>, 'issuanceOpt'> { issuanceOpt?: IssuanceOpts; authorizationCodeURL: string; identifier: ManagedIdentifierDidResult; authKey: _ExtendedIKey; } /** * The OpenID scope * @readonly * @enum {string} */ type EBSIScope = 'didr_write' | 'didr_invite' | 'tir_write' | 'tir_invite' | 'timestamp_write' | 'tnt_authorise' | 'tnt_create' | 'tnt_write' | 'did_authn'; declare enum TokenType { BEARER = "Bearer" } type EbsiEnvironment = 'pilot' | 'conformance' | 'conformance-test'; type EbsiApiVersion = 'v3' | 'v4' | 'v5'; type WellknownType = 'openid-credential-issuer' | 'openid-configuration'; type EbsiMock = 'issuer-mock' | 'auth-mock'; type EbsiSystem = 'authorisation' | 'conformance' | 'did-registry'; type ApiOpts = { environment?: EbsiEnvironment; version: EbsiApiVersion; }; type WellknownOpts = ApiOpts & { type: WellknownType; system?: EbsiSystem | EbsiEnvironment; mock?: EbsiMock; }; interface IEbsiSupport extends IPluginMethodMap { ebsiCreateDidOnLedger(args: CreateEbsiDidParams, context: IRequiredContext): Promise<CreateEbsiDidOnLedgerResult>; ebsiWellknownMetadata(args?: ApiOpts): Promise<GetOIDProviderMetadataResponse>; ebsiAuthorizationServerJwks(args?: ApiOpts): Promise<GetOIDProviderJwksResponse>; ebsiPresentationDefinitionGet(args: GetPresentationDefinitionArgs): Promise<GetPresentationDefinitionResponse>; ebsiAccessTokenGet(args: EBSIAuthAccessTokenGetArgs, context: IRequiredContext): Promise<GetAccessTokenResult>; ebsiCreateAttestationAuthRequestURL(args: CreateAttestationAuthRequestURLArgs, context: IRequiredContext): Promise<AttestationAuthRequestUrlResult>; ebsiGetAttestation(args: GetAttestationArgs, context: IRequiredContext): Promise<AttestationResult>; } /** * @typedef EbsiOpenIDMetadata * @type {object} * @property {(URL | string)} issuer URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier. MUST be identical to the iss Claim value in ID Tokens issued from this Issuer. * @property {(URL | string)} authorization_endpoint URL of the OP's OAuth 2.0 Authorization Endpoint. * @property {(URL | string)} token_endpoint URL of the OP's OAuth 2.0 Token Endpoint. * @property {(URL | string)} [presentation_definition_endpoint] URL of the OP's presentation definitions endpoint. Non-standard, used in EBSI * @property {(URL | string)} jwks_uri URL of the authorization server's JWK Set [JWK] document * @property {string[]} scopes_supported JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. (SIOP v2) * @property {string[]} response_types_supported JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports (SIOP v2) * @property {string[]} [response_mode_supported] JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports * @property {string[]} [grant_types_supported] JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports. * @property {string[]} subject_types_supported JSON array containing a list of the Subject Identifier types that this OP supports. * @property {string[]} id_token_signing_alg_values_supported JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT * @property {string[]} [request_object_signing_alg_values_supported] JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects * @property {string[]} [request_parameter_supported] Boolean value specifying whether the OP supports use of the request parameter, with true indicating support * @property {string[]} [token_endpoint_auth_methods_supported] JSON array containing a list of client authentication methods supported by this token endpoint * @property {{ authorization_endpoint: string[] }} [request_authentication_methods_supported] A JSON Object defining the client authentications supported for each endpoint * @property {string[]} [vp_formats_supported] An object containing a list of key value pairs, where the key is a string identifying a credential format supported by the AS * @property {(URL[] | string[])} [subject_syntax_types_supported] A JSON array of strings representing URI scheme identifiers and optionally method names of supported Subject Syntax Types * @property {string[]} [subject_trust_frameworks_supported] A JSON array of supported trust frameworks. * @property {string[]} [id_token_types_supported] A JSON array of strings containing the list of ID Token types supported by the OP */ type EbsiOpenIDMetadata = DiscoveryMetadataPayload & { presentation_definition_endpoint?: URL | string; }; /** * JSON Web Key Set * @typedef GetOIDProviderJwksSuccessResponse * @property {JWK[]} keys */ interface GetOIDProviderJwksSuccessResponse { keys: JWK[]; } /** * @typedef GetPresentationDefinitionArgs * @type {object} * @property {EBSIScope} scope * @property {ApiOpts} [apiOpts] The environment and version of the API */ interface GetPresentationDefinitionArgs { scope: EBSIScope; apiOpts?: WellknownOpts; openIDMetadata?: EbsiOpenIDMetadata; } type CreateAttestationAuthRequestURLArgs = { credentialIssuer: string; credentialType: string; idOpts: ManagedIdentifierDidOpts; requestObjectOpts: RequestObjectOpts; clientId?: string; redirectUri?: string; formats?: Array<Extract<OID4VCICredentialFormat, 'jwt_vc' | 'jwt_vc_json'>>; }; type GetAttestationArgs = { clientId: string; authReqResult: AttestationAuthRequestUrlResult; walletType?: WalletType; opts?: { timeout: number; }; }; /** * Presentation Definition V2 * @typedef GetPresentationDefinitionSuccessResponse * @type {object} * @property {string} id A UUID or some other unique ID to identify this Presentation Definition * @property {string} [name] A name property is a human-friendly string intended to constitute a distinctive designation of the Presentation Definition. * @property {string} [purpose] It describes the purpose for which the Presentation Definition's inputs are being requested. * @property {Format} [format] What claim variants Verifiers and Holders support. * @property {SubmissionRequirement[]} [submission_requirements] List of requirements for described inputs in input descriptors. * @property {InputDescriptor[]} input_descriptors List of descriptions of the required inputs. * @property {object} [frame] a JSON LD Framing Document object. */ type GetPresentationDefinitionSuccessResponse = PresentationDefinitionV2 & { format?: Pick<Format, 'jwt_vc' | 'jwt_vc_json' | 'jwt_vp' | 'jwt_vp_json'>; }; /** * @typedef GetAccessTokenArgs * @type {object} * @property {string} grant_type MUST be set to "vp_token" * @property {string} vp_token Signed Verifiable Presentation. See also the VP Token schema definition. * @property {PresentationSubmission} presentation_submission Descriptor for the vp_token, linked by presentation_definition. See also the Presentation Definition schema. * @property {EBSIScope} scope Possible values: [openid didr_write, openid didr_invite, openid tir_write, openid tir_invite, openid timestamp_write, openid tnt_authorise, openid tnt_create, openid tnt_write] OIDC scope * @property {ApiOpts} [apiOpts] The environment and the version of the API */ interface GetAccessTokenArgs { grant_type?: string; vp_token: string; presentation_submission: PresentationSubmission; scope: EBSIScope; openIDMetadata?: EbsiOpenIDMetadata; apiOpts: ApiOpts; } type GetAccessTokenResult = { identifier: ManagedIdentifierDidResult; scope: EBSIScope; accessTokenResponse: GetAccessTokenSuccessResponse; }; /** * @typedef EBSIAuthAccessTokenGetArgs * @type {object} * @property {string} attestationCredential Verifiable Credential (Verifiable Authorisation to Onboard) JWT format // * @property {ScopeByDefinition} definitionId The presentation definition id * @property {string} [domain] The domain of the issuer * @property {string} did The did of the VP issuer * @property {string} kid kid in the format: did#kid * @property {EBSIScope} scope Needed to retrieve the authentication request * @property {ApiOpts} [apiOpts] The environment and the version of the API */ interface EBSIAuthAccessTokenGetArgs { clientId: string; credentialRole: CredentialRole; credentialIssuer?: string; attestationCredential?: W3CVerifiableCredential; allVerifiableCredentials?: W3CVerifiableCredential[]; redirectUri?: string; jwksUri: string; idOpts: ManagedIdentifierDidOpts; scope: EBSIScope; environment: EbsiEnvironment; skipDidResolution?: boolean; } /** * @typedef GetAccessTokenSuccessResponse * @type {object} * @property {string} access_token ^(([A-Za-z0-9\-_])+\.)([A-Za-z0-9\-_]+)(\.([A-Za-z0-9\-_]+)?$ The access token issued by the authorization server in JWS format. See also the "Access Token" schema definition * @property {TokenType} token_type Possible values: [Bearer]/MUST be Bearer * @property {number} [expires_in] Possible values: >= 1. The lifetime in seconds of the access token * @property {EBSIScope} scope Possible values: [openid didr_write, openid didr_invite, openid tir_invite, openid tir_write, openid timestamp_write, openid tnt_authorise, openid tnt_create, openid tnt_write] The scope of the access token * @property {string} id_token ^(([A-Za-z0-9\-_])+\.)([A-Za-z0-9\-_]+)(\.([A-Za-z0-9\-_]+)?$ ID Token value associated with the authenticated session. Presents client's identity. ID Token is issued in a JWS format. See also the "ID Token" schema definition. * @property {ApiOpts} apiOpts The environment and the version of the API */ interface GetAccessTokenSuccessResponse { access_token: string; token_type: TokenType; expires_in?: number; scope: EBSIScope; id_token: string; apiOpts: ApiOpts; } /** * @typedef ExceptionResponse * @type {object} * @property {(URL | string)} [type] An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type. * @property {string} [title] A short summary of the problem type. * @property {number} [status] Possible values: >= 400 and <= 600. The HTTP status code generated by the origin server for this occurrence of the problem. * @property {string} [detail] A human readable explanation specific to this occurrence of the problem. * @property {(URL | string)} [instance] An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. */ interface ExceptionResponse { type?: URL | string; title?: string; status?: number; detail?: string; instance?: URL | string; } type AttestationResult = { contactAlias: string; contact: Party; credentialBranding?: Record<string, Array<IBasicCredentialLocaleBranding>> | undefined; identifier: ManagedIdentifierDidResult; error: ErrorDetails | undefined; credentials: Array<MappedCredentialToAccept>; }; type GetOIDProviderMetadataResponse = EbsiOpenIDMetadata; type GetOIDProviderJwksResponse = GetOIDProviderJwksSuccessResponse | ExceptionResponse; type GetPresentationDefinitionResponse = GetPresentationDefinitionSuccessResponse; type GetAccessTokenResponse = GetAccessTokenSuccessResponse | ExceptionResponse; type IRequiredContext = IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService & IDidAuthSiopOpAuthenticator & IPresentationExchange & IOID4VCIHolder & IEbsiSupport>; declare const ebsiSupportMethods: Array<string>; declare class EbsiSupport implements IAgentPlugin { readonly schema: any; readonly methods: IEbsiSupport; private ebsiCreateDidOnLedger; private ebsiWellknownMetadata; private ebsiAuthorizationServerJwks; private ebsiPresentationDefinitionGet; private ebsiAccessTokenGet; private getAccessToken; } declare const logger: _sphereon_ssi_types.ISimpleLogger<unknown>; declare const schema: any; export { type AddServiceParams, type AddVerificationMethodParams, type AddVerificationMethodRelationshipParams, type ApiOpts, type AttestationResult, BASE_CONTEXT_DOC, type CreateAttestationAuthRequestURLArgs, type CreateEbsiDidOnLedgerResult, type CreateEbsiDidParams, type EBSIAuthAccessTokenGetArgs, type EBSIScope, EBSI_DID_SPEC_INFOS, type EbsiAccessTokenOpts, type EbsiApiVersion, type EbsiCreateIdentifierOpts, type EbsiDIDPrefix, type EbsiDIDType, EbsiDidProvider, type EbsiDidRegistryAPIEndpoints, type EbsiDidSpecInfo, type EbsiEnvironment, type EbsiKeyType, type EbsiMock, type EbsiOpenIDMetadata, EbsiPublicKeyPurpose, type EbsiRPCResponse, EbsiRpcMethod, EbsiSupport, type EbsiSystem, type ExceptionResponse, type GetAccessTokenArgs, type GetAccessTokenResponse, type GetAccessTokenResult, type GetAccessTokenSuccessResponse, type GetAttestationArgs, type GetDidDocumentParams, type GetDidDocumentsParams, type GetDidDocumentsResponse, type GetOIDProviderJwksResponse, type GetOIDProviderJwksSuccessResponse, type GetOIDProviderMetadataResponse, type GetPresentationDefinitionArgs, type GetPresentationDefinitionResponse, type GetPresentationDefinitionSuccessResponse, type IContext, type ICreateIdentifierArgs, type IEbsiSupport, type IKeyOpts, type IRequiredContext, type InsertDidDocumentParams, type Item, JSON_RPC_VERSION, type Links, type RPCParams, type ResponseNot200, type RpcErrorResponse, type RpcMethodArgs, type RpcOkResponse, type SendSignedTransactionParams, TokenType, type UnsignedTransaction, type UpdateBaseDocumentParams, type UpdateIdentifierParams, type WellknownOpts, type WellknownType, assertedPurposes, determineWellknownEndpoint, ebsiCreateDidOnLedger, ebsiGenerateOrUseKeyPair, ebsiGetAuthorisationServer, ebsiGetDidDocument, ebsiGetIssuerMock, ebsiGetRegistryAPIUrls, ebsiListDidDocuments, ebsiSignAndSendTransaction, ebsiSupportMethods, ebsiWaitTillDocumentAnchored, formatEbsiPublicKey, generateEbsiMethodSpecificId, generateOrUseProvidedEbsiPrivateKeyHex, getDidEbsiResolver, logger, randomRpcId, schema, setPurposes, toMinimalImportableKey };