diff --git a/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts b/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts index 777b2caf..7bb77aeb 100644 --- a/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts +++ b/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts @@ -1,7 +1,7 @@ -import { appendFragmentParams, appendQueryParams } from '../utils.js'; -import type { JarmResponseMode, Openid4vpJarmResponseMode } from '../v-response-mode-registry.js'; -import { getJarmDefaultResponseMode, validateResponseMode } from '../v-response-mode-registry.js'; -import type { ResponseTypeOut } from '../v-response-type-registry.js'; +import { appendFragmentParams, appendQueryParams } from '../utils.js' +import type { JarmResponseMode, Openid4vpJarmResponseMode } from '../v-response-mode-registry.js' +import { getJarmDefaultResponseMode, validateResponseMode } from '../v-response-mode-registry.js' +import type { ResponseTypeOut } from '../v-response-type-registry.js' interface JarmAuthResponseSendInput { authRequestParams: { @@ -17,10 +17,11 @@ interface JarmAuthResponseSendInput { ); authResponse: string; + state: string; } export const jarmAuthResponseSend = async (input: JarmAuthResponseSendInput): Promise => { - const { authRequestParams, authResponse } = input; + const { authRequestParams, authResponse, state } = input; const responseEndpoint = 'response_uri' in authRequestParams ? new URL(authRequestParams.response_uri) : new URL(authRequestParams.redirect_uri); @@ -36,40 +37,39 @@ export const jarmAuthResponseSend = async (input: JarmAuthResponseSendInput): Pr switch (responseMode) { case 'direct_post.jwt': - return handleDirectPostJwt(responseEndpoint, authResponse); + return handleDirectPostJwt(responseEndpoint, authResponse, state); case 'query.jwt': - return handleQueryJwt(responseEndpoint, authResponse); + return handleQueryJwt(responseEndpoint, authResponse, state); case 'fragment.jwt': - return handleFragmentJwt(responseEndpoint, authResponse); + return handleFragmentJwt(responseEndpoint, authResponse, state); case 'form_post.jwt': throw new Error('Not implemented. form_post.jwt is not yet supported.'); } }; -async function handleDirectPostJwt(responseEndpoint: URL, responseJwt: string) { - const response = await fetch(responseEndpoint, { +async function handleDirectPostJwt(responseEndpoint: URL, responseJwt: string, state: string) { + const response = await fetch(responseEndpoint, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, - body: `response=${responseJwt}`, - }); - + body: `response=${responseJwt}&state=${state}` + }) return response; } -async function handleQueryJwt(responseEndpoint: URL, responseJwt: string) { +async function handleQueryJwt(responseEndpoint: URL, responseJwt: string, state: string) { const responseUrl = appendQueryParams({ url: responseEndpoint, - params: { response: responseJwt }, + params: { response: responseJwt, state }, }); const response = await fetch(responseUrl, { method: 'POST' }); return response; } -async function handleFragmentJwt(responseEndpoint: URL, responseJwt: string) { +async function handleFragmentJwt(responseEndpoint: URL, responseJwt: string, state: string) { const responseUrl = appendFragmentParams({ url: responseEndpoint, - fragments: { response: responseJwt }, + fragments: { response: responseJwt, state }, }); const response = await fetch(responseUrl, { method: 'POST' }); return response; diff --git a/packages/siop-oid4vp/lib/op/OP.ts b/packages/siop-oid4vp/lib/op/OP.ts index 0f188ccc..6ec4474d 100644 --- a/packages/siop-oid4vp/lib/op/OP.ts +++ b/packages/siop-oid4vp/lib/op/OP.ts @@ -246,6 +246,7 @@ export class OP { response_type: responseType, }, authResponse: response, + state: requestObjectPayload.state }) void this.emitEvent(AuthorizationEvents.ON_AUTH_RESPONSE_SENT_SUCCESS, { correlationId, subject: response }) return jarmResponse