feature/SPRIND-89

packages/ebsi-support/package.json

@@ -15,8 +15,8 @@
   },
   "dependencies": {
     "@ethersproject/random": "^5.7.0",
-    "@sphereon/did-auth-siop": "0.16.1-next.233",
-    "@sphereon/did-auth-siop-adapter": "0.16.1-next.233",
+    "@sphereon/did-auth-siop": "0.16.1-next.339",
+    "@sphereon/did-auth-siop-adapter": "0.16.1-next.339",
     "@sphereon/pex": "5.0.0-unstable.28",
     "@sphereon/pex-models": "^2.3.2",
     "@sphereon/ssi-sdk-ext.did-resolver-ebsi": "0.27.0",
@@ -44,8 +44,8 @@
     "xstate": "^4.38.3"
   },
   "devDependencies": {
-    "@sphereon/oid4vci-client": "0.16.1-next.233",
-    "@sphereon/oid4vci-common": "0.16.1-next.233",
+    "@sphereon/oid4vci-client": "0.16.1-next.339",
+    "@sphereon/oid4vci-common": "0.16.1-next.339",
     "@sphereon/ssi-express-support": "workspace:*",
     "@sphereon/ssi-sdk-ext.key-manager": "0.27.0",
     "@sphereon/ssi-sdk-ext.kms-local": "0.27.0",

packages/mdl-mdoc/package.json

@@ -14,7 +14,7 @@
     "build:clean": "tsc --build --clean && tsc --build"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.16.1-next.233",
+    "@sphereon/did-auth-siop": "0.16.1-next.339",
     "@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
     "@sphereon/pex": "5.0.0-unstable.28",
     "@sphereon/pex-models": "^2.3.2",
@@ -35,8 +35,8 @@
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@sphereon/oid4vci-client": "0.16.1-next.233",
-    "@sphereon/oid4vci-common": "0.16.1-next.233",
+    "@sphereon/oid4vci-client": "0.16.1-next.339",
+    "@sphereon/oid4vci-common": "0.16.1-next.339",
     "@sphereon/ssi-express-support": "workspace:*",
     "@sphereon/ssi-sdk-ext.key-manager": "0.27.0",
     "@sphereon/ssi-sdk-ext.kms-local": "0.27.0",

packages/oid4vci-holder/package.json

@@ -15,8 +15,9 @@
   },
   "dependencies": {
     "@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
-    "@sphereon/oid4vci-client": "0.16.1-next.233",
-    "@sphereon/oid4vci-common": "0.16.1-next.233",
+    "@sphereon/did-auth-siop": "0.16.1-next.339",
+    "@sphereon/oid4vci-client": "0.16.1-next.339",
+    "@sphereon/oid4vci-common": "0.16.1-next.339",
     "@sphereon/ssi-sdk-ext.did-utils": "0.27.0",
     "@sphereon/ssi-sdk-ext.identifier-resolution": "0.27.0",
     "@sphereon/ssi-sdk-ext.jwt-service": "0.27.0",
@@ -30,6 +31,7 @@
     "@sphereon/ssi-sdk.mdl-mdoc": "workspace:*",
     "@sphereon/ssi-sdk.oidf-client": "workspace:*",
     "@sphereon/ssi-sdk.sd-jwt": "workspace:*",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "workspace:*",
     "@sphereon/ssi-sdk.xstate-machine-persistence": "workspace:*",
     "@sphereon/ssi-types": "workspace:*",
     "@veramo/core": "4.2.0",
@@ -43,7 +45,8 @@
     "xstate": "^4.38.3"
   },
   "devDependencies": {
-    "@sphereon/oid4vc-common": "0.16.1-next.187",
+    "@sphereon/oid4vc-common": "0.16.1-next.339",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "workspace:*",
     "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.27.0",
     "@types/i18n-js": "^3.8.9",
     "@types/lodash.memoize": "^4.1.9",

packages/oid4vci-holder/src/agent/OID4VCIHolder.ts

@@ -70,12 +70,12 @@ import {
 import { asArray, computeEntryHash } from '@veramo/utils'
 import { decodeJWT } from 'did-jwt'
 import { v4 as uuidv4 } from 'uuid'
-import { OID4VCIMachine } from '../machine/oid4vciMachine'
+import { OID4VCIMachine } from '../machines/oid4vciMachine'
 import {
   AddContactIdentityArgs,
   AssertValidCredentialsArgs,
   Attribute,
-  createCredentialsToSelectFromArgs,
+  CreateCredentialsToSelectFromArgs,
   CredentialToAccept,
   CredentialToSelectFromResult,
   GetContactArgs,
@@ -91,20 +91,23 @@ import {
   OID4VCIHolderOptions,
   OID4VCIMachine as OID4VCIMachineId,
   OID4VCIMachineInstanceOpts,
+  OID4VCIMachineServiceDefinitions,
+  OID4VCIMachineServices,
   OnContactIdentityCreatedArgs,
   OnCredentialStoredArgs,
   OnIdentifierCreatedArgs,
   PrepareStartArgs,
   RequestType,
   RequiredContext,
   SendNotificationArgs,
+  StartFirstPartApplicationMachine,
   StartResult,
   StoreCredentialBrandingArgs,
   StoreCredentialsArgs,
   StoreIssuerBrandingArgs,
   VerificationResult,
   VerifyEBSICredentialIssuerArgs,
-  VerifyEBSICredentialIssuerResult,
+  VerifyEBSICredentialIssuerResult
 } from '../types/IOID4VCIHolder'
 import {
   getBasicIssuerLocaleBranding,
@@ -115,8 +118,8 @@ import {
   mapCredentialToAccept,
   selectCredentialLocaleBranding,
   verifyCredentialToAccept,
-} from './OID4VCIHolderService'
-
+  startFirstPartApplicationMachine
+} from '../services/OID4VCIHolderService'
 import 'cross-fetch/polyfill'
 
 /**
@@ -307,27 +310,27 @@ export class OID4VCIHolder implements IAgentPlugin {
    */
   private async oid4vciHolderGetMachineInterpreter(opts: OID4VCIMachineInstanceOpts, context: RequiredContext): Promise<OID4VCIMachineId> {
     const authorizationRequestOpts = { ...this.defaultAuthorizationRequestOpts, ...opts.authorizationRequestOpts }
-    const services = {
-      start: (args: PrepareStartArgs) =>
+    const services: OID4VCIMachineServiceDefinitions = {
+      [OID4VCIMachineServices.start]: (args: PrepareStartArgs) =>
         this.oid4vciHolderStart(
           {
             ...args,
             authorizationRequestOpts,
           },
           context,
         ),
-      createCredentialsToSelectFrom: (args: createCredentialsToSelectFromArgs) => this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),
-      getContact: (args: GetContactArgs) => this.oid4vciHolderGetContact(args, context),
-      getCredentials: (args: GetCredentialsArgs) =>
-        this.oid4vciHolderGetCredentials({ accessTokenOpts: args.accessTokenOpts ?? opts.accessTokenOpts, ...args }, context),
-      addContactIdentity: (args: AddContactIdentityArgs) => this.oid4vciHolderAddContactIdentity(args, context),
-      getIssuerBranding: (args: GetIssuerBrandingArgs) => this.oid4vciHolderGetIssuerBranding(args, context),
-      storeIssuerBranding: (args: StoreIssuerBrandingArgs) => this.oid4vciHolderStoreIssuerBranding(args, context),
-      assertValidCredentials: (args: AssertValidCredentialsArgs) => this.oid4vciHolderAssertValidCredentials(args, context),
-      storeCredentialBranding: (args: StoreCredentialBrandingArgs) => this.oid4vciHolderStoreCredentialBranding(args, context),
-      storeCredentials: (args: StoreCredentialsArgs) => this.oid4vciHolderStoreCredentials(args, context),
-      sendNotification: (args: SendNotificationArgs) => this.oid4vciHolderSendNotification(args, context),
-      getFederationTrust: (args: GetFederationTrustArgs) => this.getFederationTrust(args, context),
+      [OID4VCIMachineServices.startFirstPartApplicationFlow]: (args: StartFirstPartApplicationMachine) => startFirstPartApplicationMachine({ ...args, stateNavigationListener: opts.firstPartyStateNavigationListener }, context),
+      [OID4VCIMachineServices.createCredentialsToSelectFrom]: (args: CreateCredentialsToSelectFromArgs) => this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),
+      [OID4VCIMachineServices.getContact]: (args: GetContactArgs) => this.oid4vciHolderGetContact(args, context),
+      [OID4VCIMachineServices.getCredentials]: (args: GetCredentialsArgs) => this.oid4vciHolderGetCredentials({ accessTokenOpts: args.accessTokenOpts ?? opts.accessTokenOpts, ...args }, context),
+      [OID4VCIMachineServices.addContactIdentity]: (args: AddContactIdentityArgs) => this.oid4vciHolderAddContactIdentity(args, context),
+      [OID4VCIMachineServices.getIssuerBranding]: (args: GetIssuerBrandingArgs) => this.oid4vciHolderGetIssuerBranding(args, context),
+      [OID4VCIMachineServices.storeIssuerBranding]: (args: StoreIssuerBrandingArgs) => this.oid4vciHolderStoreIssuerBranding(args, context),
+      [OID4VCIMachineServices.assertValidCredentials]: (args: AssertValidCredentialsArgs) => this.oid4vciHolderAssertValidCredentials(args, context),
+      [OID4VCIMachineServices.storeCredentialBranding]: (args: StoreCredentialBrandingArgs) => this.oid4vciHolderStoreCredentialBranding(args, context),
+      [OID4VCIMachineServices.storeCredentials]: (args: StoreCredentialsArgs) => this.oid4vciHolderStoreCredentials(args, context),
+      [OID4VCIMachineServices.sendNotification]: (args: SendNotificationArgs) => this.oid4vciHolderSendNotification(args, context),
+      [OID4VCIMachineServices.getFederationTrust]: (args: GetFederationTrustArgs) => this.getFederationTrust(args, context),
     }
 
     const oid4vciMachineInstanceArgs: OID4VCIMachineInstanceOpts = {
@@ -463,7 +466,7 @@ export class OID4VCIHolder implements IAgentPlugin {
   }
 
   private async oid4vciHolderCreateCredentialsToSelectFrom(
-    args: createCredentialsToSelectFromArgs,
+    args: CreateCredentialsToSelectFromArgs,
     context: RequiredContext,
   ): Promise<Array<CredentialToSelectFromResult>> {
     const { credentialBranding, locale, selectedCredentials /*, openID4VCIClientState*/, credentialsSupported } = args

packages/oid4vci-holder/src/index.ts

@@ -3,7 +3,9 @@
  */
 
 export { OID4VCIHolder, oid4vciHolderContextMethods, signCallback } from './agent/OID4VCIHolder'
-export * from './agent/OID4VCIHolderService'
+export * from './services/OID4VCIHolderService'
+export * from './services/FirstPartyMachineServices'
 export * from './types/IOID4VCIHolder'
-export * from './machine/headlessStateNavListener'
+export * from './types/FirstPartyMachine'
+export * from './listeners/headlessStateNavListener'
 export * from './link-handler'

packages/oid4vci-holder/src/link-handler/index.ts

@@ -3,23 +3,28 @@ import { AuthorizationRequestOpts, AuthorizationServerClientOpts, AuthzFlowType,
 import { DefaultLinkPriorities, LinkHandlerAdapter } from '@sphereon/ssi-sdk.core'
 import { IMachineStatePersistence, interpreterStartOrResume, SerializableState } from '@sphereon/ssi-sdk.xstate-machine-persistence'
 import { IAgentContext } from '@veramo/core'
-import { GetMachineArgs, IOID4VCIHolder, OID4VCIMachineEvents, OID4VCIMachineInterpreter, OID4VCIMachineState } from '../types/IOID4VCIHolder'
+import {
+  GetMachineArgs,
+  IOID4VCIHolder,
+  OID4VCIMachineEvents,
+  OID4VCIMachineStateNavigationListener
+} from '../types/IOID4VCIHolder'
+import { FirstPartyMachineStateNavigationListener } from '../types/FirstPartyMachine'
 
 /**
  * This handler only handles credential offer links (either by value or by reference)
  */
 export class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {
   private readonly context: IAgentContext<IOID4VCIHolder & IMachineStatePersistence>
-  private readonly stateNavigationListener:
-    | ((oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState, navigation?: any) => Promise<void>)
-    | undefined
+  private readonly stateNavigationListener?: OID4VCIMachineStateNavigationListener
+  private readonly firstPartyStateNavigationListener?: FirstPartyMachineStateNavigationListener
   private readonly noStateMachinePersistence: boolean
   private readonly authorizationRequestOpts?: AuthorizationRequestOpts
   private readonly clientOpts?: AuthorizationServerClientOpts
   private readonly trustAnchors?: Array<string>
 
   constructor(
-    args: Pick<GetMachineArgs, 'stateNavigationListener' | 'authorizationRequestOpts' | 'clientOpts' | 'trustAnchors'> & {
+    args: Pick<GetMachineArgs, 'stateNavigationListener' | 'authorizationRequestOpts' | 'clientOpts' | 'trustAnchors' | 'firstPartyStateNavigationListener'> & {
       priority?: number | DefaultLinkPriorities
       protocols?: Array<string | RegExp>
       noStateMachinePersistence?: boolean
@@ -32,6 +37,7 @@ export class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {
     this.context = args.context
     this.noStateMachinePersistence = args.noStateMachinePersistence === true
     this.stateNavigationListener = args.stateNavigationListener
+    this.firstPartyStateNavigationListener = args.firstPartyStateNavigationListener
     this.trustAnchors = args.trustAnchors
   }
 
@@ -63,6 +69,7 @@ export class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {
       authorizationRequestOpts: { ...this.authorizationRequestOpts, ...opts?.authorizationRequestOpts },
       ...((clientOpts.clientId || clientOpts.clientAssertionType) && { clientOpts: clientOpts as AuthorizationServerClientOpts }),
       stateNavigationListener: this.stateNavigationListener,
+      firstPartyStateNavigationListener: this.firstPartyStateNavigationListener
     })
 
     const interpreter = oid4vciMachine.interpreter

packages/oid4vci-holder/src/localization/translations/en.json

@@ -11,5 +11,9 @@
   "oid4vci_machine_initiation_error_title": "Initiate OID4VCI provider",
   "oid4vci_machine_credential_verification_failed_message": "The credential verification resulted in an error.",
   "oid4vci_machine_credential_verification_schema_failed_message": "The credential schema verification resulted in an error.",
-  "oid4vci_machine_retrieve_federation_trust_error_title": "Retrieve federation trust"
+  "oid4vci_machine_retrieve_federation_trust_error_title": "Retrieve federation trust",
+  "oid4vci_machine_first_party_error_title": "First party flow",
+  "oid4vci_machine_send_authorization_challenge_request_error_title": "Sending authorization challenge request",
+  "oid4vci_machine_create_config_error_title": "Creating siopV2 config",
+  "oid4vci_machine_get_request_error_title": "Getting siopV2 request"
 }

packages/oid4vci-holder/src/localization/translations/nl.json

@@ -10,5 +10,9 @@
   "oid4vci_machine_credential_selection_error_title": "Credential selectie",
   "oid4vci_machine_initiation_error_title": "Initiëren OID4VCI provider",
   "oid4vci_machine_credential_verification_failed_message": "Verificatie van de credential leidde tot een fout.",
-  "oid4vci_machine_retrieve_federation_trust_error_title": "Ophalen federatievertrouwen"
+  "oid4vci_machine_retrieve_federation_trust_error_title": "Ophalen federatievertrouwen",
+  "oid4vci_machine_first_party_error_title": "Eerste partijstroom",
+  "oid4vci_machine_send_authorization_challenge_request_error_title": "Versturen autorisatie-uitdaging aanvraag",
+  "oid4vci_machine_create_config_error_title": "SiopV2-configuratie aanmaken",
+  "oid4vci_machine_get_request_error_title": "SiopV2-verzoek ophalen"
 }