diff --git a/packages/siop-oid4vp/lib/op/OP.ts b/packages/siop-oid4vp/lib/op/OP.ts index 1795b99b..d84f7b1e 100644 --- a/packages/siop-oid4vp/lib/op/OP.ts +++ b/packages/siop-oid4vp/lib/op/OP.ts @@ -1,6 +1,7 @@ import { EventEmitter } from 'events' -import { JarmClientMetadataParams, sendJarmAuthResponse } from '@protokoll/jarm' +import { joseExtractJWKS } from '@protokoll/core' +import { JarmClientMetadataParams, sendJarmAuthRequest } from '@protokoll/jarm' import { JwtIssuer, uuidv4 } from '@sphereon/oid4vc-common' import { IIssuerId } from '@sphereon/ssi-types' @@ -169,7 +170,7 @@ export class OP { throw Error('No correlation Id provided') } - const isJarmResponseMode = (responseMode: string): responseMode is 'direct_post.jwt' | 'query.jwt' | 'fragment.jwt' => { + const isJarmResponseMode = (responseMode: string): responseMode is 'jwt' | 'direct_post.jwt' | 'query.jwt' | 'fragment.jwt' => { return responseMode === ResponseMode.DIRECT_POST_JWT || responseMode === ResponseMode.QUERY_JWT || responseMode === ResponseMode.FRAGMENT_JWT } @@ -204,17 +205,16 @@ export class OP { throw new Error(`Sending an authorization response with response_mode '${responseMode}' requires providing an encryptJwtCallback`) } - if (!clientMetadata.jwks) { - throw new Error('Currently the jarm response decryption key can only be extracted from the jwks client_metadata parameter') - } - - const decJwk = clientMetadata.jwks.keys.find((key) => key.use === 'enc') - if (!decJwk) { - throw new Error('No decyption key found in the jwks client_metadata parameter') + // The client metadata will be parsed in the joseExtractJWKS function + // eslint-disable-next-line @typescript-eslint/no-explicit-any + const jwks = await joseExtractJWKS(clientMetadata as any) + const dectyptionJwk = jwks.keys.find((key) => key.use === 'enc') + if (!dectyptionJwk) { + throw new Error('No decryption could be extracted from the client metadata') } const { jwe } = await this.createResponseOptions.encryptJwtCallback({ - jwk: decJwk, + jwk: dectyptionJwk, plaintext: JSON.stringify(response.payload), }) @@ -227,7 +227,7 @@ export class OP { responseType = 'vp_token' } - return sendJarmAuthResponse({ + return sendJarmAuthRequest({ authRequestParams: { response_uri: responseUri, response_mode: responseMode, diff --git a/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts b/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts index c6dac39d..9f4c4994 100644 --- a/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts +++ b/packages/siop-oid4vp/lib/schemas/AuthorizationResponseOpts.schema.ts @@ -1556,7 +1556,14 @@ export const AuthorizationResponseOptsSchemaObj = { } } }, - "EncryptJwtCallback": {}, + "EncryptJwtCallback": { + "properties": { + "isFunction": { + "type": "boolean", + "const": true + } + } + }, "JwtIssuer": { "anyOf": [ { diff --git a/packages/siop-oid4vp/package.json b/packages/siop-oid4vp/package.json index 7546fce7..ed05ed6c 100644 --- a/packages/siop-oid4vp/package.json +++ b/packages/siop-oid4vp/package.json @@ -15,7 +15,8 @@ }, "dependencies": { "@astronautlabs/jsonpath": "^1.1.2", - "@protokoll/jarm": "^0.2.7", + "@protokoll/jarm": "^0.2.10", + "@protokoll/core": "^0.2.10", "@sphereon/did-uni-client": "^0.6.2", "@sphereon/oid4vc-common": "workspace:*", "@sphereon/pex": "5.0.0-unstable.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 540cf8c3..2213476b 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -435,9 +435,12 @@ importers: '@astronautlabs/jsonpath': specifier: ^1.1.2 version: 1.1.2 + '@protokoll/core': + specifier: ^0.2.10 + version: 0.2.10(typescript@5.4.5) '@protokoll/jarm': - specifier: ^0.2.7 - version: 0.2.7(typescript@5.4.5) + specifier: ^0.2.10 + version: 0.2.10(typescript@5.4.5) '@sphereon/did-uni-client': specifier: ^0.6.2 version: 0.6.3(encoding@0.1.13) @@ -2385,11 +2388,11 @@ packages: resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==} engines: {node: '>=14'} - '@protokoll/core@0.2.7': - resolution: {integrity: sha512-7nxEVyM5k1l+jOHuBCr3QyQ8cXQLFYe/sDvzq56TCz+bSSJY2hAmwE5p2is0WTEfidsuOBlHL6t3BjSofolIBw==} + '@protokoll/core@0.2.10': + resolution: {integrity: sha512-TPKSa2f0Uo3AJiHJPAr/UxJQF0DE8uXNQ5YZ3JP5OJAodE/0RP9Cd7yGuC4T/j8fJygP7ln9nvYH7fcOP/irDw==} - '@protokoll/jarm@0.2.7': - resolution: {integrity: sha512-o4J0yDD51WgmCzPZsAmV7LoAu8TWjZWpyTcWhFUYK5HSzm6d68B5vLsCr7WDiFADeA4mgR1YcEyi1BKbf6lnCQ==} + '@protokoll/jarm@0.2.10': + resolution: {integrity: sha512-OafKkwEpO7ZfapqOZni2K+LVVlOnupsrP2wofn9KjuTi5QLz4rtc7ALg+/NAzVBSByc/qxH5QALs5bJNwW5TNw==} '@react-native-community/cli-clean@10.1.1': resolution: {integrity: sha512-iNsrjzjIRv9yb5y309SWJ8NDHdwYtnCpmxZouQDyOljUdC9MwdZ4ChbtA4rwQyAwgOVfS9F/j56ML3Cslmvrxg==} @@ -11736,16 +11739,16 @@ snapshots: '@pkgjs/parseargs@0.11.0': optional: true - '@protokoll/core@0.2.7(typescript@5.4.5)': + '@protokoll/core@0.2.10(typescript@5.4.5)': dependencies: jwt-decode: 4.0.0 valibot: 0.37.0(typescript@5.4.5) transitivePeerDependencies: - typescript - '@protokoll/jarm@0.2.7(typescript@5.4.5)': + '@protokoll/jarm@0.2.10(typescript@5.4.5)': dependencies: - '@protokoll/core': 0.2.7(typescript@5.4.5) + '@protokoll/core': 0.2.10(typescript@5.4.5) valibot: 0.37.0(typescript@5.4.5) transitivePeerDependencies: - typescript