Merge pull request #175 from Sphereon-Opensource/feature/SPRIND-113_i…

…nterop

chore: return unencrypted state value along with jarm response

packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts

@@ -1,7 +1,7 @@
-import { appendFragmentParams, appendQueryParams } from '../utils.js';
-import type { JarmResponseMode, Openid4vpJarmResponseMode } from '../v-response-mode-registry.js';
-import { getJarmDefaultResponseMode, validateResponseMode } from '../v-response-mode-registry.js';
-import type { ResponseTypeOut } from '../v-response-type-registry.js';
+import { appendFragmentParams, appendQueryParams } from '../utils.js'
+import type { JarmResponseMode, Openid4vpJarmResponseMode } from '../v-response-mode-registry.js'
+import { getJarmDefaultResponseMode, validateResponseMode } from '../v-response-mode-registry.js'
+import type { ResponseTypeOut } from '../v-response-type-registry.js'
 
 interface JarmAuthResponseSendInput {
   authRequestParams: {
@@ -17,10 +17,11 @@ interface JarmAuthResponseSendInput {
   );
 
   authResponse: string;
+  state: string;
 }
 
 export const jarmAuthResponseSend = async (input: JarmAuthResponseSendInput): Promise<Response> => {
-  const { authRequestParams, authResponse } = input;
+  const { authRequestParams, authResponse, state } = input;
 
   const responseEndpoint = 'response_uri' in authRequestParams ? new URL(authRequestParams.response_uri) : new URL(authRequestParams.redirect_uri);
 
@@ -36,40 +37,39 @@ export const jarmAuthResponseSend = async (input: JarmAuthResponseSendInput): Pr
 
   switch (responseMode) {
     case 'direct_post.jwt':
-      return handleDirectPostJwt(responseEndpoint, authResponse);
+      return handleDirectPostJwt(responseEndpoint, authResponse, state);
     case 'query.jwt':
-      return handleQueryJwt(responseEndpoint, authResponse);
+      return handleQueryJwt(responseEndpoint, authResponse, state);
     case 'fragment.jwt':
-      return handleFragmentJwt(responseEndpoint, authResponse);
+      return handleFragmentJwt(responseEndpoint, authResponse, state);
     case 'form_post.jwt':
       throw new Error('Not implemented. form_post.jwt is not yet supported.');
   }
 };
 
-async function handleDirectPostJwt(responseEndpoint: URL, responseJwt: string) {
-  const response = await fetch(responseEndpoint, {
+async function handleDirectPostJwt(responseEndpoint: URL, responseJwt: string, state: string) {
+  const response =  await fetch(responseEndpoint, {
     method: 'POST',
     headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-    body: `response=${responseJwt}`,
-  });
-
+    body: `response=${responseJwt}&state=${state}`
+  })
   return response;
 }
 
-async function handleQueryJwt(responseEndpoint: URL, responseJwt: string) {
+async function handleQueryJwt(responseEndpoint: URL, responseJwt: string, state: string) {
   const responseUrl = appendQueryParams({
     url: responseEndpoint,
-    params: { response: responseJwt },
+    params: { response: responseJwt, state },
   });
 
   const response = await fetch(responseUrl, { method: 'POST' });
   return response;
 }
 
-async function handleFragmentJwt(responseEndpoint: URL, responseJwt: string) {
+async function handleFragmentJwt(responseEndpoint: URL, responseJwt: string, state: string) {
   const responseUrl = appendFragmentParams({
     url: responseEndpoint,
-    fragments: { response: responseJwt },
+    fragments: { response: responseJwt, state },
   });
   const response = await fetch(responseUrl, { method: 'POST' });
   return response;

packages/siop-oid4vp/lib/op/OP.ts

@@ -246,6 +246,7 @@ export class OP {
             response_type: responseType,
           },
           authResponse: response,
+          state: requestObjectPayload.state
         })
         void this.emitEvent(AuthorizationEvents.ON_AUTH_RESPONSE_SENT_SUCCESS, { correlationId, subject: response })
         return jarmResponse