diff --git a/lib/rp.ts b/lib/rp.ts index de488c42..622dffea 100644 --- a/lib/rp.ts +++ b/lib/rp.ts @@ -104,7 +104,8 @@ const verifyDidJWT = async(jwt: string, resolver: Resolvable, options: JWTVerify const resolver = getResolver('ethr'); -export const rp = RP.builder({ requestVersion: SupportedVersion.SIOPv2_ID1 }) +export const rp = (type:string, id:string) => { + return RP.builder({ requestVersion: SupportedVersion.SIOPv2_ID1 }) .withClientId(identifier.did) .withScope('openid') .withResponseType('vp_token') @@ -115,6 +116,23 @@ export const rp = RP.builder({ requestVersion: SupportedVersion.SIOPv2_ID1 }) .withRequestBy(PassBy.VALUE) .withCreateJwtCallback(createJwtCallback()) .withSupportedVersions(SupportedVersion.SIOPv2_ID1) + .withPresentationDefinition({ + definition: { + id: id, + input_descriptors: [ + { + "id": "1", + "name": type + " Verifiable Credential", + "purpose": "We want a VC of this type to proof provider claim", + "schema": [ + { + "uri": "https://www.w3.org/2018/credentials/v1" + } + ] + } + ] + } + }) .withClientMetadata({ client_id: identifier.did, idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256], @@ -132,4 +150,5 @@ export const rp = RP.builder({ requestVersion: SupportedVersion.SIOPv2_ID1 }) clientName: 'Trustee', clientPurpose: "Grant Negotiation and Authorization Protocol (GNAP) Server" }) - .build(); \ No newline at end of file + .build(); +} \ No newline at end of file diff --git a/pages/api/vp/authorize.ts b/pages/api/vp/authorize.ts index 75bc8d55..672483df 100644 --- a/pages/api/vp/authorize.ts +++ b/pages/api/vp/authorize.ts @@ -39,7 +39,7 @@ async function handler(req: NextApiRequest, res: NextApiResponse) { console.log(req.body); console.log(req.body.vp_token); const { payload } = decodeJWT(req.body.vp_token); - const verifiedAuthResponse = await rp.verifyAuthorizationResponse(payload, { + const verifiedAuthResponse = await rp(doc.vc_type, doc.vc_id).verifyAuthorizationResponse(payload, { correlationId: doc._id, audience: url.protocol + "//" + url.hostname + "/api/vp/vp_response", }) diff --git a/pages/api/vp/response.ts b/pages/api/vp/response.ts index a8b4ba3f..98a2c7f9 100644 --- a/pages/api/vp/response.ts +++ b/pages/api/vp/response.ts @@ -38,47 +38,47 @@ async function handler(req: NextApiRequest, res: NextApiResponse) { const patient_doc = await patients.get(doc.email); console.log(doc); const { payload } = decodeJWT(req.body.vp_token); - // try { - // const verifiedAuthResponse = await rp.verifyAuthorizationResponse(req.body.id_token, { - // correlationId: doc._id, - // state: req.body.state, - // audience: url.protocol + "//" + url.hostname + "/api/vp/vp_response", - // }) - // console.log(verifiedAuthResponse) - // if (objectPath.get(verifiedAuthResponse, 'payload.state') === doc.vp_state) { - // console.log('state matches') - // } - // if (objectPath.get(verifiedAuthResponse, 'payload.nonce') === doc.vp_state) { - // console.log('state matches') - // } - // res.status(200).json({message: 'OK'}); - // } catch (e) { - // console.log(e) - // res.status(400).json({error: 'invalid_request'}); - // } - if (objectPath.has(payload, 'vp.verifiableCredential')) { - const vc = decodeJWT(objectPath.get(payload, 'vp.verifiableCredential.0')); - if (objectPath.has(doc, 'vc')) { - const vc_arr = objectPath.get(doc, 'vc'); - vc_arr.push(vc); - objectPath.set(doc, 'vc', vc_arr); - } else { - objectPath.set(doc, 'vc.0', vc); + try { + const verifiedAuthResponse = await rp(doc.vc_type, doc.vc_id).verifyAuthorizationResponse(req.body.id_token, { + correlationId: doc._id, + state: req.body.state, + audience: url.protocol + "//" + url.hostname + "/api/vp/vp_response", + }) + console.log(verifiedAuthResponse) + if (objectPath.get(verifiedAuthResponse, 'payload.state') === doc.vp_state) { + console.log('state matches') } - objectPath.set(doc, 'vp_status', 'complete'); - await gnap.insert(doc); - if (objectPath.has(patient_doc, 'vc')) { - const vc_arr1 = objectPath.get(patient_doc, 'vc'); - vc_arr1.push(vc); - objectPath.set(patient_doc, 'vc', vc_arr1); - } else { - objectPath.set(patient_doc, 'vc.0', vc); + if (objectPath.get(verifiedAuthResponse, 'payload.nonce') === doc.vp_state) { + console.log('state matches') } - await patients.insert(patient_doc); res.status(200).json({message: 'OK'}); - } else { - res.status(400).json({error: 'invalid_token'}); + } catch (e) { + console.log(e) + res.status(400).json({error: 'invalid_request'}); } + // if (objectPath.has(payload, 'vp.verifiableCredential')) { + // const vc = decodeJWT(objectPath.get(payload, 'vp.verifiableCredential.0')); + // if (objectPath.has(doc, 'vc')) { + // const vc_arr = objectPath.get(doc, 'vc'); + // vc_arr.push(vc); + // objectPath.set(doc, 'vc', vc_arr); + // } else { + // objectPath.set(doc, 'vc.0', vc); + // } + // objectPath.set(doc, 'vp_status', 'complete'); + // await gnap.insert(doc); + // if (objectPath.has(patient_doc, 'vc')) { + // const vc_arr1 = objectPath.get(patient_doc, 'vc'); + // vc_arr1.push(vc); + // objectPath.set(patient_doc, 'vc', vc_arr1); + // } else { + // objectPath.set(patient_doc, 'vc.0', vc); + // } + // await patients.insert(patient_doc); + // res.status(200).json({message: 'OK'}); + // } else { + // res.status(400).json({error: 'invalid_token'}); + // } } else { res.status(400).json({error: 'invalid_request'}); } diff --git a/pages/api/vp/share.ts b/pages/api/vp/share.ts index fed11f12..61faec24 100644 --- a/pages/api/vp/share.ts +++ b/pages/api/vp/share.ts @@ -34,39 +34,40 @@ async function handler(req: NextApiRequest, res: NextApiResponse) { objectPath.set(doc, 'vp_status', 'pending'); const url_req = url.protocol + "//" + url.hostname + "/api/vp/vp_request/" + vp_id; const link = "openid-vc://?request_uri=" + encodeURIComponent(url_req); - const authrequest = await rp.createAuthorizationRequestURI({ + const authrequest = await rp(doc.vc_type, doc.vp_id).createAuthorizationRequestURI({ correlationId: req.body._id, nonce: nonce, state: state, jwtIssuer: {method: 'did', alg: 'EdDSA', didUrl: identifier.did}, - claims: { - "vp_token": { - "presentation_definition": { - "id": vp_id, - "input_descriptors": [ - { - "id": "1", - "name": doc.vc_type + " Verifiable Credential", - "purpose": "We want a VC of this type to proof provider claim", - "schema": [ - { - "uri": "https://www.w3.org/2018/credentials/v1" - // "uri": "VerifiableCredential" - } - ] - // "format": { - // "jwt_vc_json": { - // "alg": [ - // "EdDSA" - // ] - // } - // } - } - ] - } - } - } + // claims: { + // "vp_token": { + // "presentation_definition": { + // "id": vp_id, + // "input_descriptors": [ + // { + // "id": "1", + // "name": doc.vc_type + " Verifiable Credential", + // "purpose": "We want a VC of this type to proof provider claim", + // "schema": [ + // { + // "uri": "https://www.w3.org/2018/credentials/v1" + // // "uri": "VerifiableCredential" + // } + // ] + // // "format": { + // // "jwt_vc_json": { + // // "alg": [ + // // "EdDSA" + // // ] + // // } + // // } + // } + // ] + // } + // } + // } }); + console.log(authrequest) objectPath.set(doc, 'vp_jwt', authrequest.requestObjectJwt) try { const response = await gnap.insert(doc);