diff --git a/packages/siop-oid4vp/lib/authorization-request/AuthorizationRequest.ts b/packages/siop-oid4vp/lib/authorization-request/AuthorizationRequest.ts index 7b384762..c3bfd6ed 100644 --- a/packages/siop-oid4vp/lib/authorization-request/AuthorizationRequest.ts +++ b/packages/siop-oid4vp/lib/authorization-request/AuthorizationRequest.ts @@ -205,6 +205,9 @@ export class AuthorizationRequest { mergedPayload, await this.getSupportedVersion(), ) + + const dcqlQuery = await findValidDcqlQuery(mergedPayload) + return { jwt, payload: parsedJwt?.payload, diff --git a/packages/siop-oid4vp/lib/authorization-request/Payload.ts b/packages/siop-oid4vp/lib/authorization-request/Payload.ts index b21d7c70..07290006 100644 --- a/packages/siop-oid4vp/lib/authorization-request/Payload.ts +++ b/packages/siop-oid4vp/lib/authorization-request/Payload.ts @@ -35,13 +35,13 @@ export const createPresentationDefinitionClaimsProperties = (opts: ClaimPayloadO return { ...(opts.id_token ? { id_token: opts.id_token } : {}), - ...((opts.vp_token.presentation_definition || opts.vp_token.presentation_definition_uri || opts.vp_token.dcql_query) && { + ...((opts.vp_token.presentation_definition || opts.vp_token.presentation_definition_uri) && { vp_token: { ...(!opts.vp_token.presentation_definition_uri && { presentation_definition: opts.vp_token.presentation_definition }), ...(opts.vp_token.presentation_definition_uri && { presentation_definition_uri: opts.vp_token.presentation_definition_uri }), - ...(opts.vp_token.dcql_query && { dcql_query: opts.vp_token.dcql_query }), }, }), + ...(opts.vp_token.dcql_query && { vp_token: { dcql_query: opts.vp_token.dcql_query } }), } } diff --git a/packages/siop-oid4vp/lib/authorization-response/AuthorizationResponse.ts b/packages/siop-oid4vp/lib/authorization-response/AuthorizationResponse.ts index 09d91a6c..da33733a 100644 --- a/packages/siop-oid4vp/lib/authorization-response/AuthorizationResponse.ts +++ b/packages/siop-oid4vp/lib/authorization-response/AuthorizationResponse.ts @@ -144,14 +144,12 @@ export class AuthorizationResponse { hasher: verifyOpts.hasher, }, }) - } else { - const dcqlQuery = verifiedAuthorizationRequest.dcqlQuery - if (!dcqlQuery) { - throw new Error('vp_token is present, but no presentation definitions or dcql query provided') - } - assertValidDcqlPresentationResult(responseOpts.dcqlQuery.dcqlPresentation as DcqlPresentation, dcqlQuery, { + } else if (verifiedAuthorizationRequest.dcqlQuery) { + assertValidDcqlPresentationResult(responseOpts.dcqlQuery.dcqlPresentation as DcqlPresentation, verifiedAuthorizationRequest.dcqlQuery, { hasher: verifyOpts.hasher, }) + } else { + throw new Error('vp_token is present, but no presentation definitions or dcql query provided') } return response diff --git a/packages/siop-oid4vp/lib/authorization-response/Dcql.ts b/packages/siop-oid4vp/lib/authorization-response/Dcql.ts index 77ab1da5..7740fdb3 100644 --- a/packages/siop-oid4vp/lib/authorization-response/Dcql.ts +++ b/packages/siop-oid4vp/lib/authorization-response/Dcql.ts @@ -43,10 +43,10 @@ export const getDcqlPresentationResult = (record: DcqlPresentation | string, dcq if (p.format === 'mso_mdoc') { return [ queryId, - { credentialFormat: 'mso_mdoc', doctype: p.vcs[0].credential.toJson().docType, namespaces: p.vcs[0].decoded } satisfies DcqlMdocCredential, + { credential_format: 'mso_mdoc', doctype: p.vcs[0].credential.toJson().docType, namespaces: p.vcs[0].decoded } satisfies DcqlMdocCredential, ] } else if (p.format === 'vc+sd-jwt') { - return [queryId, { credentialFormat: 'vc+sd-jwt', vct: p.vcs[0].decoded.vct, claims: p.vcs[0].decoded } satisfies DcqlSdJwtVcCredential] + return [queryId, { credential_format: 'vc+sd-jwt', vct: p.vcs[0].decoded.vct, claims: p.vcs[0].decoded } satisfies DcqlSdJwtVcCredential] } else { throw new Error('DcqlPresentation atm only supports mso_mdoc and vc+sd-jwt') } diff --git a/packages/siop-oid4vp/lib/authorization-response/OpenID4VP.ts b/packages/siop-oid4vp/lib/authorization-response/OpenID4VP.ts index f8bb6636..873529b2 100644 --- a/packages/siop-oid4vp/lib/authorization-response/OpenID4VP.ts +++ b/packages/siop-oid4vp/lib/authorization-response/OpenID4VP.ts @@ -187,7 +187,7 @@ export const extractPresentationsFromDcqlVpToken = ( export const extractPresentationsFromVpToken = ( vpToken: Array | W3CVerifiablePresentation | CompactSdJwtVc | string, opts?: { hasher?: Hasher }, -): Promise => { +): WrappedVerifiablePresentation[] | WrappedVerifiablePresentation => { const tokens = Array.isArray(vpToken) ? vpToken : [vpToken] const wrappedTokens = tokens.map((vp) => CredentialMapper.toWrappedVerifiablePresentation(vp, { hasher: opts?.hasher })) diff --git a/packages/siop-oid4vp/package.json b/packages/siop-oid4vp/package.json index a596d106..c9e31b7b 100644 --- a/packages/siop-oid4vp/package.json +++ b/packages/siop-oid4vp/package.json @@ -18,7 +18,7 @@ "@sphereon/jarm": "workspace:*", "@sphereon/oid4vc-common": "workspace:*", "@sphereon/pex": "5.0.0-unstable.28", - "dcql": "^0.2.13", + "dcql": "^0.2.14", "@sphereon/pex-models": "^2.3.1", "@sphereon/ssi-types": "0.30.2-feature.mdoc.funke2.367", "cross-fetch": "^4.0.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 7fa69663..a1e1683c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -462,8 +462,8 @@ importers: specifier: ^4.0.0 version: 4.0.0(encoding@0.1.13) dcql: - specifier: ^0.2.13 - version: 0.2.13(typescript@5.4.5) + specifier: ^0.2.14 + version: 0.2.14(typescript@5.4.5) debug: specifier: ^4.3.5 version: 4.3.7 @@ -2536,6 +2536,7 @@ packages: '@sphereon/kmp-mdoc-core@0.2.0-SNAPSHOT.10': resolution: {integrity: sha512-mHH7I6fWdztaNjguGJOLaerXWnQymQ/xKQ8NqClIXoI2PJNgmpQG6DxFcLRs1aYyWg1iY8bPliLJi41u94KdCA==} + bundledDependencies: [] '@sphereon/pex-models@2.3.1': resolution: {integrity: sha512-SByU4cJ0XYA6VZQ/L6lsSiRcFtBPHbFioCeQ4GP7/W/jQ+PSBD7uK2oTnKQ9/0iEiMK/6JYqhKgLs4a9UX3UTQ==} @@ -4010,8 +4011,8 @@ packages: dayjs@1.11.13: resolution: {integrity: sha512-oaMBel6gjolK862uaPQOVTA7q3TZhuSvuMQAAglQDOWYO9A91IrAOUJEyKVlqJlHE0vq5p5UXxzdPfMH/x6xNg==} - dcql@0.2.13: - resolution: {integrity: sha512-XfePsSz9ULj9HH3VFNguzK/xlFnliKDX2iUDb1tIrn97S+TfftcFo+jipw16m9jPlWLhhBx48QniF0D8KotIWA==} + dcql@0.2.14: + resolution: {integrity: sha512-vT0EZOs0k1gllaixZWRO8QjcTnlhUOZm5IDcPSjufHk0N7qS+LefHcXK+3EO9HKJ5NX8fgbO/sS4IxVHXuruUg==} debug@2.6.9: resolution: {integrity: sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==} @@ -13817,7 +13818,7 @@ snapshots: dayjs@1.11.13: {} - dcql@0.2.13(typescript@5.4.5): + dcql@0.2.14(typescript@5.4.5): dependencies: valibot: 0.37.0(typescript@5.4.5) transitivePeerDependencies: