Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add siop-oid4vp package #125

Merged
merged 8 commits into from
Jul 15, 2024
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,8 @@
**/temp/*
**/tmp/*
*.tsbuildinfo

*.tsimp
*.log
packages/siop-oid4vp/lib/schemas/validation/schemaValidation.js
packages/siop-oid4vp/lib/generator/*
!packages/siop-oid4vp/lib/generator/schemaGenerator.ts
1 change: 1 addition & 0 deletions .prettierignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
**/dist
**/coverage
**/*/node_modules
packages/siop-oid4vp/lib/schemas
17 changes: 13 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<h1 align="center">
<br>
<a href="https://www.sphereon.com"><img src="https://sphereon.com/content/themes/sphereon/assets/img/logo.svg" alt="Sphereon" width="400"></a>
<br>OpenID for Verifiable Credential Issuance - Client and Issuer
<br>OpenID for Verifiable Credentials
<br>
</h1>

Expand All @@ -11,9 +11,11 @@ _IMPORTANT the packages are still in an early development stage, which means tha

# Background

This is a mono-repository with a client and issuer pacakge to request and receive Verifiable Credentials using
This is a mono-repository with a client and issuer package to request and receive Verifiable Credentials using
the [OpenID for Verifiable Credential Issuance](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html) (
OpenID4VCI) specification for receiving Verifiable Credentials as a holder/subject.
OpenID4VCI) specification for receiving Verifiable Credentials as a holder/subject. In addition the monorepo contains a package
for requesting the presentation of Verifiable Credentials and Verifying these presentations [OpenID for Verifiable Presentations](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html) (
OpenID4VP)

OpenID4VCI defines an API designated as Credential Endpoint that is used to issue verifiable credentials and
corresponding OAuth 2.0 based authorization mechanisms (see [RFC6749]) that a Wallet uses to obtain authorization to
Expand All @@ -36,8 +38,11 @@ The OpenID4VCI client is typically used in wallet type of applications, where th
The OpenID4VCI issuer is used in issuer type applications, where an organization is issuing the credential(s). More info can be found in the issuer [README](./packages/issuer/README.md).
Please note that the Issuer is a library. It has some examples on how to run it with REST endpoints. If you are however looking for a full solution we suggest our [SSI SDK](https://github.com/Sphereon-Opensource/ssi-sdk) or the [demo](https://github.com/Sphereon-Opensource/OID4VC-demo)

## OpenID for Verifiable Presentations

# Flows
The SIOP-OpenID4VP package is used in wallet type applications and verifier type of applications. Meaning it provides both Wallet (OpenId Provider) and Verifier (Relying Party) functionality. More info can be found in the siop-oid4vp package [README](./packages/siop-oid4vp/README.md)

# OpenID for VCI Flows

The spec lists 2 flows:

Expand All @@ -53,3 +58,7 @@ authenticate first.
The below diagram shows the steps involved in the pre-authorized code flow. Note that inner wallet functionalities (like
saving VCs) are out of scope for this library. Also This library doesn't include any functionalities of a VC Issuer
![Flow diagram](https://www.plantuml.com/plantuml/proxy?cache=no&src=https://raw.githubusercontent.com/Sphereon-Opensource/OID4VCI-client/develop/docs/preauthorized-code-flow.puml)

# OpenID for VP Flows

Visit the [README](./packages/siop-oid4vp/README.md) for more information.
27 changes: 9 additions & 18 deletions jest.json
Original file line number Diff line number Diff line change
@@ -1,11 +1,6 @@
{
"preset": "ts-jest",
"moduleFileExtensions": [
"ts",
"tsx",
"js",
"jsx"
],
"moduleFileExtensions": ["ts", "tsx", "js", "jsx"],
"collectCoverage": true,
"collectCoverageFrom": [
"packages/**/src/**/*.ts",
Expand All @@ -20,23 +15,19 @@
"!**/node_modules/**",
"!**/packages/**/index.ts"
],
"coverageReporters": [
"text",
"lcov",
"json"
],
"coverageReporters": ["text", "lcov", "json"],
"coverageDirectory": "./coverage",
"transform": {
"\\.jsx?$": "babel-jest",
"\\.tsx?$": ["ts-jest", {
"tsconfig": "./packages/tsconfig-base.json"
}
"\\.tsx?$": [
"ts-jest",
{
"tsconfig": "./packages/tsconfig-base.json"
}
]
},
"testMatch": [
"**/__tests__/**/*.spec.*",
"**/tests/**/*.spec.*"
],
"testMatch": ["**/__tests__/**/*.spec.*", "**/tests/**/*.spec.*"],
"modulePathIgnorePatterns": ["<rootDir>/packages/siop-oid4vp"],
"testEnvironment": "node",
"automock": false,
"verbose": true
Expand Down
14 changes: 10 additions & 4 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@sphereon/oid4vci-workspace",
"version": "0.11.0",
"description": "OpenID for Verifiable Credential Issuance workspace",
"description": "OpenID for Verifiable Credentials",
"author": "Sphereon",
"license": "Apache-2.0",
"private": true,
Expand All @@ -12,8 +12,8 @@
"fix:prettier": "prettier --write \"{packages,__tests__,!dist}/**/*.{ts,tsx,js,json,md,yml}\"",
"build": "pnpm -r --stream build",
"build:clean": "lerna clean -y && pnpm install && lerna run build:clean --concurrency 1",
"test:ci": "jest --config=jest.json",
"test": "jest --verbose --config=jest.json --coverage=true --detectOpenHandles",
"test:ci": "jest --config=jest.json && jest --config=packages/siop-oid4vp/jest.json",
nklomp marked this conversation as resolved.
Show resolved Hide resolved
"test": "jest --verbose --config=jest.json --coverage=true --detectOpenHandles && jest --verbose --config=packages/siop-oid4vp/jest.json --coverage=true --detectOpenHandles",
"clean": "rimraf --glob **/dist **/coverage **/pnpm-lock.yaml packages/**/node_modules node_modules packages/**/tsconfig.tsbuildinfo",
"publish:latest": "lerna publish --conventional-commits --include-merged-tags --create-release github --yes --dist-tag latest --registry https://registry.npmjs.org",
"publish:next": "lerna publish --conventional-prerelease --force-publish --canary --no-git-tag-version --include-merged-tags --preid next --pre-dist-tag next --yes --registry https://registry.npmjs.org",
Expand Down Expand Up @@ -49,11 +49,17 @@
"Sphereon",
"Verifiable Credentials",
"OpenID",
"SIOP",
"Self Issued OpenID Provider",
"OPenId for Verifiable Presentations",
"OpenID for Verifiable Credential Issuance",
"OAuth2",
"SSI",
"OpenID4VCI",
"OpenID4VP",
"OIDC4VCI",
"OID4VCI"
"OIDC4VP",
"OID4VCI",
"OID4VP"
]
}
244 changes: 244 additions & 0 deletions packages/siop-oid4vp/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,244 @@
# Release Notes

The DID Auth SIOP typescript library is still in an beta state at this point. Please note that the interfaces might
still change a bit as the software still is in active development.

## 0.6.5
nklomp marked this conversation as resolved.
Show resolved Hide resolved

- Added:
- Initial support for OID4VP draft 20
- Removed did-jwt and did-resolver dependencies
- Support for pluggable signing and verification methods
- Remove Signature Types
- Remove Verification Method Types
- This PR provides verification and signing 'adapters' for x5c, jwk, and did protected jwts (x5c, and jwk functionality was not present/possible previously)

## 0.6.4 - 2024-04-24

- Fixed:
- Success event was emitted even though presentation verification callback failed
- Always verify nonces, extract them from VP
- Updated:
- Update to latest @sphereon/ssi-types

## 0.6.3 - 2024-03-20

- Updated:
- Update to latest @sphereon/ssi-types, including the latest @sd-jwt packages

## 0.6.2 - 2024-03-04

- Fixed:
- RP kept stale options to create the request object, resulting in recreation of the same request object over and over

## 0.6.0 - 2024-02-29

- Added:
- Initial support for SIOPv2 draft 11
- Initial support for OID4VP draft 18
- SD-JWT support
- Partial support for http(s) client_ids instead of DIDs. No validation for keys in this case yet though!
- Convert presentation submissions that inadvertently come in from external OPs as a string instead of an object
- Allow id-token only handling
- Allow vp-token only handling
- EBSI support
- Fixed:
- issue with determining whether a Presentation Definition reference has been used
- vp_token handling and nonce management was incorrect in certain cases (for instance when no id token is used)
- Make sure a presentation verification callback result throws an error if it does not verify
- Do not put VP token in the id token as default for spec versions above v10 if no explicit location is provided
- Several small fixes

## 0.4.2 - 2023-10-01

Fixed an issue with did:key resolution used in Veramo

- Fixed:
- Fixed an issue with did:key resolution from Veramo. The driver requires a mediaType which according to the spec is
optional. We now always set it as it doesn't hurt to begin with.

## 0.4.1 - 2023-10-01

Fixed not being able to configure the resolver for well-known DIDs

- Fixed:
- Well-known DIDs did not use a configured DID resolver and thus always used the universal resolver, which has
issues quite often.

## 0.4.0 - 2023-09-28

- Fixed:

- Claims are not required in the auth request
- State is not required in payloads
- We didn't handle merging of verification options present on an object and passed in as argument nicely

- Updated:

- Updated to another JSONPath implementation for improved security `@astronautlabs/jsonpath`
- Better error handling and logging in the session manager
- Allow for numbers in the scheme thus supporting openid4vp://

- Added:
- Allow to pass additional claims as verified data in the authorization response. Which can be handy in case you
want to extract data from a VP and pass that to the app that uses this library

## v0.3.1 - 2023-05-17

Bugfix release, fixing RPBuilder export and a client_id bug when not explicitly provided to the RP.

- Fixed:
- Changed RPBuilder default export to a named export
- Fix #54. The client_id took the whole registration object, instead of the client_id in case it was not provided
explicitly
- Updated:
- SSI-types have been updated to the latest version.

## v0.3.0 - 2023-04-30

This release contains many breaking changes. Sorry for these, but this library still is in active development, as
reflected by the major version still being 0.
A lot of code has been refactored. Now certain classes have state, instead of passing around objects between static
methods.

- Added:
- Allow to restrict selecting VCs against Formats not communicated in a presentation definition. For instance useful
for filtering against a OID4VP RP, which signals support for certain Formats, but uses a definition which does not
include this information
- Allow to restrict selecting VCs against DID methods not communicated in a presentation definition. For instance
useful
for filtering against a OID4VP RP, which signals support for certain DID methods, but uses a definition which does
not
include this information
- Allow passing in submission data separately from a VP. Again useful in a OID4VP situation, where presentation
submission objects can be transferred next to the VP instead if in the VP
- A simple session/state manager for the RP side. This allows to find back definitions for responses coming back in.
As this is a library the only implementation is an in memory implementation. It is left up to implementers to
create their persistent implementations
- Added support for new version of the spec
- Support for JWT VC Presentation Profile
- Support for DID domain linkage
- Removed:
- Several dependencies have been removed or moved to development dependencies. Mainly the cryptographic libraries
have
been removed
- Changed:
- Requests and responses now contain state and can be instantiated from scratch/options or from an actual payload
- Schema's for AJV are now compiled at build time, instead of at runtime.
- Fixed:
- JSON-LD contexts where not always fetched correctly (Github for instance)
- Signature callback function was not always working after creating copies of data
- React-native not playing nicely with AJV schema's
- JWT VCs/VPs were not always handled correctly
- Submission data contained several errors
- Holder was sometimes missing from the VP
- Too many other fixes to list

## v0.2.14 - 2022-10-27

- Updated:
- Updated some dependencies

## v0.2.13 - 2022-08-15

- Updated:
- Updated some dependencies

## v0.2.12 - 2022-07-07

- Fixed:
- We did not check the proper claims in an AuthResponse to determine the key type, resulting in an invalid JWT
header
- Removed some remnants of the DID-jwt fork

## v0.2.11 - 2022-07-01

- Updated:
- Update to PEX 1.1.2
- Update several other deps
- Fixed:
- Only throw a PEX error in case PEX itself has flagged the submission to be in error
- Use nonce from request in response if available
- Remove DID-JWT fork as the current version supports SIOPv2 iss values

## v0.2.10 - 2022-02-25

- Added:
- Add default resolver support to builder

## v0.2.9 - 2022-02-23

- Fixed:
- Remove did-jwt dependency, since we use an internal fork for the time being anyway

## v0.2.7 - 2022-02-11

- Fixed:
- Revert back to commonjs

## v0.2.6 - 2022-02-10

- Added:
- Supplied withSignature support. Allowing to integrate withSignature callbacks, next to supplying private keys or
using external custodial signing with authn/authz

## v0.2.5 - 2022-01-26

- Updated:
- Update @sphereon/pex to the latest stable version v1.0.2
- Moved did-key dep to dev dependency and changed to @digitalcredentials/did-method-key

## v0.2.4 - 2022-01-13

- Updated:
- Update @sphereon/pex to latest stable version v1.0.1

## v0.2.3 - 2021-12-10

- Fixed:

- Check nonce and did support first before verifying JWT

- Updated:
- Updated PEX dependency that fixed a JSON-path bug impacting us

## v0.2.2 - 2021-11-29

- Updated:
- Updated dependencies

## v0.2.1 - 2021-11-28

- Updated:
- Presentation Exchange updated to latest PEX version 0.5.x. The eventual Presentation is not a VP yet (proof will
be in next minor release)
- Update Uni Resolver client to latest version 0.3.3

## v0.2.0 - 2021-10-06

- Added:

- Presentation Exchange support [OpenID Connect for Verifiable
Presentations(https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0.html)

- Fixed:
- Many bug fixes (see git history)

## v0.1.1 - 2021-09-29

- Fixed:
- Packaging fix for the did-jwt fork we include for now

## v0.1.0 - 2021-09-29

This is the first Alpha release of the DID Auth SIOP typescript library. Please note that the interfaces might still
change a bit as the software still is in active development.

- Alpha release:

- Low level Auth Request and Response service classes
- High Level OP and RP role service classes
- Support for most of [SIOPv2](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html)

- Planned for Beta:
- [Support for OpenID Connect for Verifiable Presentations](https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0.html)
Loading