Merge remote-tracking branch 'origin/develop' into fix/SPRIND-61_conf…

…ormance-fixes

.github/workflows/build-test-on-pr.yml

@@ -23,9 +23,9 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: '20.x'
-      - uses: pnpm/action-setup@v3
+      - uses: pnpm/action-setup@v4
         with:
-          version: 8.15.7
+          version: 9        
       - run: pnpm install
       - run: pnpm build
       - name: run CI tests
@@ -41,4 +41,13 @@ jobs:
           SPHEREON_SSI_MSAL_USERNAME: ${{ secrets.SPHEREON_SSI_MSAL_USERNAME }}
           SPHEREON_SSI_MSAL_PASSWORD: ${{ secrets.SPHEREON_SSI_MSAL_PASSWORD }}
         run: pnpm test:ci
-      - run: npx codecov
+      - name: codecov
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
+          name: codecove # optional
+          flags: unittest
+          fail_ci_if_error: true # optional (default = false)
+          #directory: ./coverage/reports/
+          #files: ./coverage1.xml,./coverage2.xml
+          verbose: true # optional (default = false)

.github/workflows/build-test-publish-on-push.yml

@@ -37,18 +37,9 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: '20.x'
-      - uses: pnpm/action-setup@v3
+      - uses: pnpm/action-setup@v4
         with:
-          version: 8.15.7
-#      - name: Get yarn cache directory path
-#        id: yarn-cache-dir-path
-#        run: echo "::set-output name=dir::$(yarn cache dir)"
-#      - uses: actions/cache@v2
-#        id: yarn-cache
-#        with:
-#          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-#          key: ${{ runner.os }}-yarn-2-${{ hashFiles('**/package.json') }}
-
+          version: 9
       - run: pnpm install
       - run: pnpm build
       - name: run integration tests
@@ -81,18 +72,25 @@ jobs:
       - name: diff
         run: git diff
 
+      - name: Sets PREID
+        env:
+          name: "${{github.ref_name}}"
+        run: |
+          echo "PRE_ID=${name//[\/_-]/.}" >> $GITHUB_ENV
+
       - name: publish @latest when on main
         if: github.ref == 'refs/heads/main'
-        run: pnpm publish:latest
+        run: lerna publish --conventional-commits --force-publish --include-merged-tags --sync-dist-version --create-release github --yes --dist-tag latest --registry https://registry.npmjs.org
 
       - name: publish @next when on develop
         if: github.ref == 'refs/heads/develop'
-        run: pnpm publish:next
+        run: lerna publish --conventional-prerelease --force-publish --canary --sync-dist-version --no-git-tag-version --include-merged-tags --preid next --pre-dist-tag next --yes --registry https://registry.npmjs.org
 
-      - name: publish @next when on fix
+      - name: publish @next when on fix branch
         if: startsWith(github.ref, 'refs/heads/fix')
-        run: pnpm publish:next
+        run: lerna publish --conventional-prerelease --force-publish --canary --sync-dist-version --no-git-tag-version --include-merged-tags --preid fix --pre-dist-tag fix --yes --registry https://registry.npmjs.org
 
       - name: publish @unstable when on unstable branch
         if: startsWith(github.ref, 'refs/heads/feat')
-        run: pnpm publish:unstable
+        run: lerna publish --conventional-prerelease --force-publish --canary --sync-dist-version --no-git-tag-version --include-merged-tags --preid $PRE_ID --pre-dist-tag unstable --yes --throttle-size 75 --registry https://registry.npmjs.org
+

package.json

@@ -35,7 +35,6 @@
     "@types/debug": "^4.1.12",
     "@types/jest": "^29.5.12",
     "@types/node": "^18.19.39",
-    "codecov": "^3.8.3",
     "jest": "^29.7.0",
     "lerna": "^8.1.6",
     "lerna-changelog": "^2.2.0",
@@ -66,3 +65,4 @@
     "OID4VP"
   ]
 }
+

packages/callback-example/package.json

@@ -19,7 +19,7 @@
     "@sphereon/oid4vci-client": "workspace:*",
     "@sphereon/oid4vci-common": "workspace:*",
     "@sphereon/oid4vci-issuer": "workspace:*",
-    "@sphereon/ssi-types": "0.29.1-unstable.208",
+    "@sphereon/ssi-types": "0.30.1",
     "jose": "^4.10.0"
   },
   "devDependencies": {

packages/client/lib/AccessTokenClient.ts

@@ -156,7 +156,7 @@ export class AccessTokenClient {
 
       return request as AccessTokenRequest;
     }
-    
+
     throw new Error('Credential offer request follows neither pre-authorized code nor authorization code flow requirements.');
   }
 

packages/client/lib/OpenID4VCIClientV1_0_13.ts

@@ -447,7 +447,7 @@ export class OpenID4VCIClientV1_0_13 {
           );
         }
         const credentialsSupported = metadata.credential_configurations_supported;
-        if (!metadata.credential_configurations_supported || !credentialsSupported[credentialIdentifier]) {
+        if (!credentialsSupported || !credentialsSupported[credentialIdentifier]) {
           throw new Error(`Credential type ${credentialIdentifier} is not supported by issuer ${this.getIssuer()}`);
         }
       } else if (!types) {
@@ -472,9 +472,19 @@ export class OpenID4VCIClientV1_0_13 {
           console.log(`Not all credential types ${JSON.stringify(credentialTypes)} are present in metadata for ${this.getIssuer()}`);
           // throw Error(`Not all credential types ${JSON.stringify(credentialTypes)} are supported by issuer ${this.getIssuer()}`);
         }
-      } else if (metadata.credential_configurations_supported && !Array.isArray(metadata.credential_configurations_supported)) {
-        const credentialsSupported = metadata.credential_configurations_supported;
-        if (types.some((type) => !metadata.credential_configurations_supported || !credentialsSupported[type])) {
+      } else if (metadata.credential_configurations_supported && typeof(metadata.credential_configurations_supported) === 'object') {
+        let typeSupported = false;
+        Object.values(metadata.credential_configurations_supported).forEach((supportedCredential) => {
+          const subTypes = getTypesFromCredentialSupported(supportedCredential);
+          if (
+            subTypes.every((t, i) => types[i] === t) ||
+            (types.length === 1 && (types[0] === supportedCredential.id || subTypes.includes(types[0])))
+          ) {
+            typeSupported = true;
+          }
+        })
+
+        if (!typeSupported) {
           throw Error(`Not all credential types ${JSON.stringify(credentialTypes)} are supported by issuer ${this.getIssuer()}`);
         }
       }

packages/client/lib/__tests__/SdJwt.spec.ts

@@ -85,7 +85,7 @@ describe('sd-jwt vc', () => {
       nock(vcIssuer.issuerMetadata.credential_issuer).get('/.well-known/oauth-authorization-server').reply(404);
 
       expect(offerUri.uri).toEqual(
-        'openid-credential-offer://?credential_offer=%7B%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22123%22%2C%22tx_code%22%3A%7B%22input_mode%22%3A%22text%22%2C%22length%22%3A3%7D%7D%7D%2C%22credential_configuration_ids%22%3A%5B%22SdJwtCredential%22%5D%2C%22credential_issuer%22%3A%22https%3A%2F%2Fexample.com%22%7D',
+        'openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fexample.com%22%2C%22credential_configuration_ids%22%3A%5B%22SdJwtCredential%22%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22tx_code%22%3A%7B%22input_mode%22%3A%22text%22%2C%22length%22%3A3%7D%2C%22pre-authorized_code%22%3A%22123%22%7D%7D%7D',
       );
 
       const client = await OpenID4VCIClientV1_0_13.fromURI({
@@ -188,7 +188,7 @@ describe('sd-jwt vc', () => {
       nock(vcIssuer.issuerMetadata.credential_issuer).get('/.well-known/oauth-authorization-server').reply(404);
 
       expect(offerUri.uri).toEqual(
-        'openid-credential-offer://?credential_offer=%7B%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22123%22%2C%22tx_code%22%3A%7B%22input_mode%22%3A%22text%22%2C%22length%22%3A3%7D%7D%7D%2C%22credential_configuration_ids%22%3A%5B%22SdJwtCredential%22%5D%2C%22credential_issuer%22%3A%22https%3A%2F%2Fexample.com%22%7D',
+        'openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fexample.com%22%2C%22credential_configuration_ids%22%3A%5B%22SdJwtCredential%22%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22tx_code%22%3A%7B%22input_mode%22%3A%22text%22%2C%22length%22%3A3%7D%2C%22pre-authorized_code%22%3A%22123%22%7D%7D%7D',
       );
 
       const client = await OpenID4VCIClientV1_0_13.fromURI({

packages/client/lib/__tests__/SphereonE2E.spec.test.ts

@@ -170,3 +170,4 @@ describe('ismapolis bug report #63, https://github.com/Sphereon-Opensource/OID4V
     console.log(JSON.stringify(credentialResponse.credential));
   });
 });
+

packages/client/package.json

@@ -17,7 +17,7 @@
   "dependencies": {
     "@sphereon/oid4vc-common": "workspace:*",
     "@sphereon/oid4vci-common": "workspace:*",
-    "@sphereon/ssi-types": "0.29.1-unstable.208",
+    "@sphereon/ssi-types": "0.30.1",
     "cross-fetch": "^3.1.8",
     "debug": "^4.3.5"
   },
@@ -30,7 +30,6 @@
     "@types/uuid": "^9.0.8",
     "@typescript-eslint/eslint-plugin": "^5.62.0",
     "@typescript-eslint/parser": "^5.62.0",
-    "codecov": "^3.8.3",
     "dotenv": "^16.4.5",
     "eslint": "^8.57.0",
     "eslint-config-prettier": "^9.1.0",

packages/common/lib/index.ts

@@ -5,6 +5,7 @@ export const VCI_LOG_COMMON = VCI_LOGGERS.get('sphereon:oid4vci:common');
 
 export * from './jwt';
 export * from './dpop';
+export * from './oauth';
 
 export { v4 as uuidv4 } from 'uuid';
 export { defaultHasher } from './hasher';

packages/common/lib/jwt/Jwk.types.ts

@@ -32,3 +32,7 @@ export interface JWK extends BaseJWK {
 
   [propName: string]: unknown;
 }
+
+export type JWKS = {
+  keys: JWK[]
+}

packages/common/lib/jwt/jwtUtils.ts

@@ -41,3 +41,31 @@ export function getNowSkewed(now?: number, skewTime?: number) {
 export function epochTime() {
   return Math.floor(Date.now() / 1000);
 }
+
+export const BASE64_URL_REGEX = /^([0-9a-zA-Z-_]{4})*(([0-9a-zA-Z-_]{2}(==)?)|([0-9a-zA-Z-_]{3}(=)?))?$/;
+
+export const isJws = (jws: string) => {
+  const jwsParts = jws.split('.');
+  return jwsParts.length === 3 && jwsParts.every((part) => BASE64_URL_REGEX.test(part));
+};
+export const isJwe = (jwe: string) => {
+  const jweParts = jwe.split('.');
+  return jweParts.length === 5 && jweParts.every((part) => BASE64_URL_REGEX.test(part));
+};
+
+export const decodeProtectedHeader = (jwt: string) => {
+  return jwtDecode(jwt, { header: true });
+};
+
+export const decodeJwt = (jwt: string): JwtPayload => {
+  return jwtDecode(jwt, { header: false });
+};
+
+export const checkExp = (input: {
+  exp: number;
+  now?: number; // The number of milliseconds elapsed since midnight, January 1, 1970 Universal Coordinated Time (UTC).
+  clockSkew?: number;
+}) => {
+  const { exp, now, clockSkew } = input;
+  return exp < (now ?? Date.now() / 1000) - (clockSkew ?? 120);
+};

packages/common/lib/oauth/DynamicClientRegistration.types.ts

@@ -0,0 +1,20 @@
+import { JWKS } from '../jwt'
+
+// https://www.rfc-editor.org/rfc/rfc7591.html#section-2
+export interface DynamicRegistrationClientMetadata {
+  redirect_uris?: string[]
+  token_endpoint_auth_method?: string
+  grant_types?: string
+  response_types?: string
+  client_name?: string
+  client_uri?: string
+  logo_uri?: string
+  scope?: string
+  contacts?: string[]
+  tos_uri?: string
+  policy_uri?: string
+  jwks_uri?: string
+  jwks?: JWKS
+  software_id?: string
+  software_version?: string
+}

packages/common/lib/oauth/index.ts

@@ -0,0 +1 @@
+export * from './DynamicClientRegistration.types';

packages/common/package.json

@@ -10,7 +10,7 @@
     "build:clean": "tsc --build --clean && tsc --build"
   },
   "dependencies": {
-    "@sphereon/ssi-types": "0.29.1-unstable.208",
+    "@sphereon/ssi-types": "0.30.1",
     "jwt-decode": "^4.0.0",
     "sha.js": "^2.4.11",
     "uint8arrays": "3.1.1",

packages/did-auth-siop-adapter/lib/did/DidJWT.ts

@@ -253,14 +253,14 @@ export function getSubDidFromPayload(payload: JWTPayload, header?: JWTHeader): s
       return did
     }
   }
-  return payload.sub
+  return payload.sub!
 }
 
 export function isIssSelfIssued(payload: JWTPayload): boolean {
   return (
-    (payload.iss && payload.iss.includes(ResponseIss.SELF_ISSUED_V1)) ||
+    (payload.iss && (payload.iss.includes(ResponseIss.SELF_ISSUED_V1)) ||
     (payload.iss && payload.iss.includes(ResponseIss.SELF_ISSUED_V2)) ||
-    payload.iss === payload.sub
+    payload.iss === payload.sub)
   )
 }
 

packages/issuer-rest/lib/__tests__/ClientIssuerIT.spec.ts

@@ -205,7 +205,7 @@ describe('VcIssuer', () => {
       })
       .then((response) => response.uri)
     expect(uri).toEqual(
-      'http://localhost:3456/test?credential_offer=%7B%22grants%22%3A%7B%22authorization_code%22%3A%7B%22issuer_state%22%3A%22previously-created-state%22%7D%2C%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22test_code%22%2C%22tx_code%22%3A%7B%22input_mode%22%3A%22text%22%2C%22length%22%3A4%7D%7D%7D%2C%22credential_configuration_ids%22%3A%5B%22UniversityDegree_JWT%22%5D%2C%22credential_issuer%22%3A%22http%3A%2F%2Flocalhost%3A3456%2Ftest%22%7D',
+      'http://localhost:3456/test?credential_offer=%7B%22credential_issuer%22%3A%22http%3A%2F%2Flocalhost%3A3456%2Ftest%22%2C%22credential_configuration_ids%22%3A%5B%22UniversityDegree_JWT%22%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22test_code%22%2C%22tx_code%22%3A%7B%22input_mode%22%3A%22text%22%2C%22length%22%3A4%7D%7D%2C%22authorization_code%22%3A%7B%22issuer_state%22%3A%22previously-created-state%22%7D%7D%7D',
     )
   })
 

packages/issuer-rest/package.json

@@ -14,8 +14,8 @@
     "@sphereon/oid4vc-common": "workspace:*",
     "@sphereon/oid4vci-common": "workspace:*",
     "@sphereon/oid4vci-issuer": "workspace:*",
-    "@sphereon/ssi-express-support": "0.29.1-unstable.208",
-    "@sphereon/ssi-types": "0.29.1-unstable.208",
+    "@sphereon/ssi-express-support": "0.30.1",
+    "@sphereon/ssi-types": "0.30.1",
     "body-parser": "^1.20.2",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",