From 40bfafc7d9ab77eed7b7e354fdcb043d2f9b41b6 Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Mon, 21 Nov 2022 12:44:35 +0100 Subject: [PATCH] Fixes/accestoken in client (#16) * fix: Set the access token in the credential request * chore: Rename jwtArgs param to jwt * chore: Readme updates/fixes --- README.md | 18 +++++++++--------- lib/OpenID4VCIClient.ts | 2 +- lib/types/CredentialIssuance.types.ts | 2 +- package.json | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index cd68594a..8abdf9fe 100644 --- a/README.md +++ b/README.md @@ -57,15 +57,15 @@ import { OpenID4VCIClient } from '@sphereon/openid4vci-client'; const client = await OpenID4VCIClient.initiateFromURI({ issuanceInitiationURI: 'openid-initiate-issuance://?issuer=https%3A%2F%2Fissuer.research.identiproof.io&credential_type=OpenBadgeCredentialUrl&pre-authorized_code=4jLs9xZHEfqcoow0kHE7d1a8hUk6Sy-5bVSV2MqBUGUgiFFQi-ImL62T-FmLIo8hKA1UdMPH0lM1xAgcFkJfxIw9L-lI3mVs0hRT8YVwsEM1ma6N3wzuCdwtMU4bcwKp&user_pin_required=true', flowType: AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW, // The flow to use - kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21#key-1', // Our DID - alg: Alg.ES256, // The signing Algorithm we will use - clientId: 'test-clientId', // The clientId if the Authrozation Service requires it - retrieveServerMetadata: true // Already retrieve the server metadata. Can also be done afterwards + kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21#key-1', // Our DID. You can defer this also to when the acquireCredential method is called + alg: Alg.ES256, // The signing Algorithm we will use. You can defer this also to when the acquireCredential method is called + clientId: 'test-clientId', // The clientId if the Authrozation Service requires it. If a clientId is needed you can defer this also to when the acquireAccessToken method is called + retrieveServerMetadata: true // Already retrieve the server metadata. Can also be done afterwards by invoking a method yourself. }); console.log(client.getIssuer()); // https://issuer.research.identiproof.io -console.log(client.getCredentialEndpoint()); // 'https://issuer.research.identiproof.io/credential'; -console.log(client.getAccessTokenEndpoint()); // 'https://auth.research.identiproof.io/oauth2/token'; +console.log(client.getCredentialEndpoint()); // https://issuer.research.identiproof.io/credential +console.log(client.getAccessTokenEndpoint()); // https://auth.research.identiproof.io/oauth2/token ```` ## Server metadata @@ -115,9 +115,9 @@ The Proof of Possession using a signature callback function. The example uses th const { privateKey, publicKey } = await jose.generateKeyPair('ES256'); // Must be JWS -async function signCallback(args: JwtArgs, kid: string): Promise { +async function signCallback(args: Jwt, kid: string): Promise { return await new jose.SignJWT({ ...args.payload }) - .setProtectedHeader({ alg: 'ES256' }) + .setProtectedHeader({ args.header.alg }) .setIssuedAt() .setIssuer(kid) .setAudience(args.payload.aud) @@ -140,7 +140,7 @@ const credentialResponse = await client.acquireCredentials({ alg: Alg.ES256K, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1' }); -console.log(credentialResponse) +console.log(credentialResponse.credential) // JWT format. (LDP/JSON-LD is also supported by the client) // eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImlkIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzM3MzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiaHR0cHM6Ly9leGFtcGxlLmVkdS9pc3N1ZXJzLzU2NTA0OSIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMifX19LCJpc3MiOiJodHRwczovL2V4YW1wbGUuZWR1L2lzc3VlcnMvNTY1MDQ5IiwibmJmIjoxMjYyMzA0MDAwLCJqdGkiOiJodHRwOi8vZXhhbXBsZS5lZHUvY3JlZGVudGlhbHMvMzczMiIsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9.z5vgMTK1nfizNCg5N-niCOL3WUIAL7nXy-nGhDZYO_-PNGeE-0djCpWAMH8fD8eWSID5PfkPBYkx_dfLJnQ7NA ```` diff --git a/lib/OpenID4VCIClient.ts b/lib/OpenID4VCIClient.ts index d26c81fa..d7bf265c 100644 --- a/lib/OpenID4VCIClient.ts +++ b/lib/OpenID4VCIClient.ts @@ -120,6 +120,7 @@ export class OpenID4VCIClient { initiation: this.initiation, metadata: this.serverMetadata, }); + requestBuilder.withToken(this.accessTokenResponse.access_token); if (this.serverMetadata?.openid4vci_metadata) { const metadata = this.serverMetadata.openid4vci_metadata; const types = Array.isArray(credentialType) ? credentialType : [credentialType]; @@ -134,7 +135,6 @@ export class OpenID4VCIClient { callbacks: proofCallbacks, }) .withIssuer(this.getIssuer()) - .withAccessTokenResponse(this.accessTokenResponse) .withAlg(this.alg) .withJti(jti) .withClientId(this.clientId) diff --git a/lib/types/CredentialIssuance.types.ts b/lib/types/CredentialIssuance.types.ts index 6581d424..4d67e3d3 100644 --- a/lib/types/CredentialIssuance.types.ts +++ b/lib/types/CredentialIssuance.types.ts @@ -92,7 +92,7 @@ export interface JWTPayload { exp?: number; // Not longer than 5 minutes } -export type JWTSignerCallback = (jwtArgs: Jwt, kid: string) => Promise; +export type JWTSignerCallback = (jwt: Jwt, kid: string) => Promise; export type JWTVerifyCallback = (args: { jwt: string; kid: string }) => Promise; export type Request = CredentialRequest; diff --git a/package.json b/package.json index fde60ce2..03138ae9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@sphereon/openid4vci-client", - "version": "0.3.2-unstable.0", + "version": "0.3.2-unstable.1", "description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client", "main": "dist/main/index.js", "types": "dist/main/index.d.ts",