fix: session and state to correlationId mapping bugfixes

Author: nklomp

packages/callback-example/lib/__tests__/issuerCallback.spec.ts

@@ -7,6 +7,7 @@ import {
   CNonceState,
   CredentialConfigurationSupportedV1_0_13,
   CredentialIssuerMetadataV1_0_13,
+  CredentialOfferSession,
   CredentialRequest,
   IssuerCredentialSubjectDisplay,
   IssueStatus,
@@ -15,9 +16,13 @@ import {
   OpenId4VCIVersion,
   ProofOfPossession,
 } from '@sphereon/oid4vci-common'
-import { CredentialOfferSession } from '@sphereon/oid4vci-common'
-import { AuthorizationServerMetadataBuilder, CredentialSupportedBuilderV1_13, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'
-import { MemoryStates } from '@sphereon/oid4vci-issuer'
+import {
+  AuthorizationServerMetadataBuilder,
+  CredentialSupportedBuilderV1_13,
+  MemoryStates,
+  VcIssuer,
+  VcIssuerBuilder,
+} from '@sphereon/oid4vci-issuer'
 import { CredentialDataSupplierResult } from '@sphereon/oid4vci-issuer/dist/types'
 import { ICredential, IProofPurpose, IProofType, W3CVerifiableCredential } from '@sphereon/ssi-types'
 import { DIDDocument } from 'did-resolver'
@@ -57,7 +62,7 @@ const authorizationServerMetadata = new AuthorizationServerMetadataBuilder()
   .withScopesSupported(['openid', 'abcdef'])
   .build()
 
-async function verifyCallbackFunction(args: { jwt: string; kid?: string }): Promise<JwtVerifyResult<DIDDocument>> {
+async function verifyCallbackFunction(args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> {
   const result = await jose.jwtVerify(args.jwt, keypair.publicKey)
   const kid = result.protectedHeader.kid ?? args.kid
   const did = kid!.split('#')[0]
@@ -93,7 +98,7 @@ afterAll(async () => {
   await new Promise((resolve) => setTimeout((v: void) => resolve(v), 500))
 })
 describe('issuerCallback', () => {
-  let vcIssuer: VcIssuer<DIDDocument>
+  let vcIssuer: VcIssuer
   const state = 'existing-state'
   const clientId = 'sphereon:wallet'
 
@@ -156,7 +161,7 @@ describe('issuerCallback', () => {
 
     const nonces = new MemoryStates<CNonceState>()
     await nonces.set('test_value', { cNonce: 'test_value', createdAt: +new Date(), issuerState: 'existing-state' })
-    vcIssuer = new VcIssuerBuilder<DIDDocument>()
+    vcIssuer = new VcIssuerBuilder()
       .withAuthorizationServers('https://authorization-server')
       .withCredentialEndpoint('https://credential-endpoint')
       .withCredentialIssuer(IDENTIPROOF_ISSUER_URL)

packages/client/lib/CredentialRequestClient.ts

@@ -5,6 +5,7 @@ import {
   CredentialRequestWithoutProofV1_0_13,
   CredentialResponse,
   DPoPResponseParams,
+  ExperimentalSubjectIssuance,
   getCredentialRequestForVersion,
   getUniformFormat,
   isDeferredCredentialResponse,
@@ -17,7 +18,6 @@ import {
   UniformCredentialRequest,
   URL_NOT_VALID,
 } from '@sphereon/oid4vci-common';
-import { ExperimentalSubjectIssuance } from '@sphereon/oid4vci-common';
 import { CredentialFormat, DIDDocument } from '@sphereon/ssi-types';
 import Debug from 'debug';
 
@@ -53,7 +53,7 @@ export type CreateCredentialRequestOpts<DIDDoc = DIDDocument> = {
 };
 
 export async function buildProof<DIDDoc = DIDDocument>(
-  proofInput: ProofOfPossessionBuilder<DIDDoc> | ProofOfPossession,
+  proofInput: ProofOfPossessionBuilder | ProofOfPossession,
   opts: {
     version: OpenId4VCIVersion;
     cNonce?: string;
@@ -111,7 +111,7 @@ export class CredentialRequestClient {
   }): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string }> {
     const { credentialIdentifier, credentialTypes, format, context, subjectIssuance } = opts;
 
-    const request = await this.createCredentialRequestWithoutProof<DIDDoc>({
+    const request = await this.createCredentialRequestWithoutProof({
       credentialTypes,
       context,
       format,
@@ -123,7 +123,7 @@ export class CredentialRequestClient {
   }
 
   public async acquireCredentialsUsingProof<DIDDoc = DIDDocument>(opts: {
-    proofInput: ProofOfPossessionBuilder<DIDDoc> | ProofOfPossession;
+    proofInput: ProofOfPossessionBuilder | ProofOfPossession;
     credentialIdentifier?: string;
     credentialTypes?: string | string[];
     context?: string[];
@@ -133,7 +133,7 @@ export class CredentialRequestClient {
   }): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string }> {
     const { credentialIdentifier, credentialTypes, proofInput, format, context, subjectIssuance } = opts;
 
-    const request = await this.createCredentialRequest<DIDDoc>({
+    const request = await this.createCredentialRequest({
       proofInput,
       credentialTypes,
       context,
@@ -246,22 +246,22 @@ export class CredentialRequestClient {
   }
 
   public async createCredentialRequestWithoutProof<DIDDoc = DIDDocument>(
-    opts: CreateCredentialRequestOpts<DIDDoc>,
+    opts: CreateCredentialRequestOpts,
   ): Promise<CredentialRequestWithoutProofV1_0_13> {
     return await this.createCredentialRequestImpl(opts);
   }
 
   public async createCredentialRequest<DIDDoc = DIDDocument>(
-    opts: CreateCredentialRequestOpts<DIDDoc> & {
-      proofInput: ProofOfPossessionBuilder<DIDDoc> | ProofOfPossession;
+    opts: CreateCredentialRequestOpts & {
+      proofInput: ProofOfPossessionBuilder | ProofOfPossession;
     },
   ): Promise<CredentialRequestV1_0_13> {
     return await this.createCredentialRequestImpl(opts);
   }
 
   private async createCredentialRequestImpl<DIDDoc = DIDDocument>(
-    opts: CreateCredentialRequestOpts<DIDDoc> & {
-      proofInput?: ProofOfPossessionBuilder<DIDDoc> | ProofOfPossession;
+    opts: CreateCredentialRequestOpts & {
+      proofInput?: ProofOfPossessionBuilder | ProofOfPossession;
     },
   ): Promise<CredentialRequestV1_0_13> {
     const { proofInput, credentialIdentifier: credential_identifier } = opts;

packages/client/lib/CredentialRequestClientV1_0_11.ts

@@ -62,8 +62,8 @@ export class CredentialRequestClientV1_0_11 {
     this._credentialRequestOpts = { ...builder };
   }
 
-  public async acquireCredentialsUsingProof<DIDDoc>(opts: {
-    proofInput: ProofOfPossessionBuilder<DIDDoc> | ProofOfPossession;
+  public async acquireCredentialsUsingProof(opts: {
+    proofInput: ProofOfPossessionBuilder | ProofOfPossession;
     credentialTypes?: string | string[];
     context?: string[];
     format?: CredentialFormat | OID4VCICredentialFormat;
@@ -153,8 +153,8 @@ export class CredentialRequestClientV1_0_11 {
     });
   }
 
-  public async createCredentialRequest<DIDDoc>(opts: {
-    proofInput: ProofOfPossessionBuilder<DIDDoc> | ProofOfPossession;
+  public async createCredentialRequest(opts: {
+    proofInput: ProofOfPossessionBuilder | ProofOfPossession;
     credentialTypes?: string | string[];
     context?: string[];
     format?: CredentialFormat | OID4VCICredentialFormat;

packages/client/lib/OpenID4VCIClient.ts

@@ -130,7 +130,7 @@ export class OpenID4VCIClient {
     pkce,
     authorizationRequest,
     createAuthorizationRequestURL,
-    endpointMetadata
+    endpointMetadata,
   }: {
     credentialIssuer: string;
     kid?: string;
@@ -140,7 +140,7 @@ export class OpenID4VCIClient {
     createAuthorizationRequestURL?: boolean;
     authorizationRequest?: AuthorizationRequestOpts; // Can be provided here, or when manually calling createAuthorizationUrl
     pkce?: PKCEOpts;
-    endpointMetadata?: EndpointMetadataResult
+    endpointMetadata?: EndpointMetadataResult;
   }) {
     const client = new OpenID4VCIClient({
       kid,
@@ -149,7 +149,7 @@ export class OpenID4VCIClient {
       credentialIssuer,
       pkce,
       authorizationRequest,
-      endpointMetadata
+      endpointMetadata,
     });
     if (retrieveServerMetadata === undefined || retrieveServerMetadata) {
       await client.retrieveServerMetadata();
@@ -176,7 +176,7 @@ export class OpenID4VCIClient {
     createAuthorizationRequestURL,
     authorizationRequest,
     resolveOfferUri,
-    endpointMetadata
+    endpointMetadata,
   }: {
     uri: string;
     kid?: string;
@@ -187,7 +187,7 @@ export class OpenID4VCIClient {
     pkce?: PKCEOpts;
     clientId?: string;
     authorizationRequest?: AuthorizationRequestOpts; // Can be provided here, or when manually calling createAuthorizationUrl
-    endpointMetadata?: EndpointMetadataResult
+    endpointMetadata?: EndpointMetadataResult;
   }): Promise<OpenID4VCIClient> {
     const credentialOfferClient = await CredentialOfferClient.fromURI(uri, { resolve: resolveOfferUri });
     const client = new OpenID4VCIClient({
@@ -197,7 +197,7 @@ export class OpenID4VCIClient {
       clientId: clientId ?? authorizationRequest?.clientId ?? credentialOfferClient.clientId,
       pkce,
       authorizationRequest,
-      endpointMetadata
+      endpointMetadata,
     });
 
     if (retrieveServerMetadata === undefined || retrieveServerMetadata) {
@@ -383,7 +383,7 @@ export class OpenID4VCIClient {
   }: {
     credentialTypes: string | string[];
     context?: string[];
-    proofCallbacks: ProofOfPossessionCallbacks<any>;
+    proofCallbacks: ProofOfPossessionCallbacks;
     format?: CredentialFormat | OID4VCICredentialFormat;
     kid?: string;
     jwk?: JWK;

packages/client/lib/OpenID4VCIClientV1_0_11.ts

@@ -362,7 +362,7 @@ export class OpenID4VCIClientV1_0_11 {
   }: {
     credentialTypes: string | string[];
     context?: string[];
-    proofCallbacks: ProofOfPossessionCallbacks<any>;
+    proofCallbacks: ProofOfPossessionCallbacks;
     format?: CredentialFormat | OID4VCICredentialFormat;
     kid?: string;
     jwk?: JWK;

packages/client/lib/OpenID4VCIClientV1_0_13.ts

@@ -29,7 +29,7 @@ import {
   ProofOfPossessionCallbacks,
   toAuthorizationResponsePayload,
 } from '@sphereon/oid4vci-common';
-import { CredentialFormat, DIDDocument } from '@sphereon/ssi-types';
+import { CredentialFormat } from '@sphereon/ssi-types';
 import Debug from 'debug';
 
 import { AccessTokenClient } from './AccessTokenClient';
@@ -371,7 +371,7 @@ export class OpenID4VCIClientV1_0_13 {
     credentialIdentifier?: string;
     credentialTypes?: string | string[];
     context?: string[];
-    proofCallbacks: ProofOfPossessionCallbacks<any>;
+    proofCallbacks: ProofOfPossessionCallbacks;
     format?: CredentialFormat | OID4VCICredentialFormat;
     kid?: string;
     jwk?: JWK;
@@ -402,7 +402,7 @@ export class OpenID4VCIClientV1_0_13 {
     credentialIdentifier?: string;
     credentialTypes?: string | string[];
     context?: string[];
-    proofCallbacks?: ProofOfPossessionCallbacks<any>;
+    proofCallbacks?: ProofOfPossessionCallbacks;
     format?: CredentialFormat | OID4VCICredentialFormat;
     kid?: string;
     jwk?: JWK;
@@ -521,7 +521,7 @@ export class OpenID4VCIClientV1_0_13 {
       }
     }
     const request = proofBuilder
-      ? await credentialRequestClient.createCredentialRequest<DIDDocument>({
+      ? await credentialRequestClient.createCredentialRequest({
           proofInput: proofBuilder,
           credentialTypes,
           context,
@@ -530,7 +530,7 @@ export class OpenID4VCIClientV1_0_13 {
           credentialIdentifier,
           subjectIssuance,
         })
-      : await credentialRequestClient.createCredentialRequestWithoutProof<DIDDocument>({
+      : await credentialRequestClient.createCredentialRequestWithoutProof({
           credentialTypes,
           context,
           format,

packages/client/lib/ProofOfPossessionBuilder.ts

@@ -16,7 +16,7 @@ import {
 
 export class ProofOfPossessionBuilder<DIDDoc = never> {
   private readonly proof?: ProofOfPossession;
-  private readonly callbacks?: ProofOfPossessionCallbacks<DIDDoc>;
+  private readonly callbacks?: ProofOfPossessionCallbacks;
   private readonly version: OpenId4VCIVersion;
   private readonly mode: PoPMode = 'pop';
 
@@ -40,7 +40,7 @@ export class ProofOfPossessionBuilder<DIDDoc = never> {
     mode = 'pop',
   }: {
     proof?: ProofOfPossession;
-    callbacks?: ProofOfPossessionCallbacks<DIDDoc>;
+    callbacks?: ProofOfPossessionCallbacks;
     accessTokenResponse?: AccessTokenResponse;
     jwt?: Jwt;
     version: OpenId4VCIVersion;
@@ -60,49 +60,49 @@ export class ProofOfPossessionBuilder<DIDDoc = never> {
     }
   }
 
-  static manual<DIDDoc>({
+  static manual({
     jwt,
     callbacks,
     version,
     mode = 'JWT',
   }: {
     jwt?: Jwt;
-    callbacks: ProofOfPossessionCallbacks<DIDDoc>;
+    callbacks: ProofOfPossessionCallbacks;
     version: OpenId4VCIVersion;
     mode?: PoPMode;
-  }): ProofOfPossessionBuilder<DIDDoc> {
+  }): ProofOfPossessionBuilder {
     return new ProofOfPossessionBuilder({ callbacks, jwt, version, mode });
   }
 
-  static fromJwt<DIDDoc>({
+  static fromJwt({
     jwt,
     callbacks,
     version,
     mode = 'pop',
   }: {
     jwt: Jwt;
-    callbacks: ProofOfPossessionCallbacks<DIDDoc>;
+    callbacks: ProofOfPossessionCallbacks;
     version: OpenId4VCIVersion;
     mode?: PoPMode;
-  }): ProofOfPossessionBuilder<DIDDoc> {
+  }): ProofOfPossessionBuilder {
     return new ProofOfPossessionBuilder({ callbacks, jwt, version, mode });
   }
 
-  static fromAccessTokenResponse<DIDDoc>({
+  static fromAccessTokenResponse({
     accessTokenResponse,
     callbacks,
     version,
     mode = 'pop',
   }: {
     accessTokenResponse: AccessTokenResponse;
-    callbacks: ProofOfPossessionCallbacks<DIDDoc>;
+    callbacks: ProofOfPossessionCallbacks;
     version: OpenId4VCIVersion;
     mode?: PoPMode;
-  }): ProofOfPossessionBuilder<DIDDoc> {
+  }): ProofOfPossessionBuilder {
     return new ProofOfPossessionBuilder({ callbacks, accessTokenResponse, version, mode });
   }
 
-  static fromProof<DIDDoc>(proof: ProofOfPossession, version: OpenId4VCIVersion): ProofOfPossessionBuilder<DIDDoc> {
+  static fromProof(proof: ProofOfPossession, version: OpenId4VCIVersion): ProofOfPossessionBuilder {
     return new ProofOfPossessionBuilder({ proof, version });
   }
 

packages/client/lib/__tests__/CredentialRequestClientBuilder.spec.ts

@@ -57,7 +57,7 @@ interface KeyPair {
   privateKey: KeyObject;
 }
 
-async function proofOfPossessionVerifierCallbackFunction(args: { jwt: string; kid?: string }): Promise<JwtVerifyResult<unknown>> {
+async function proofOfPossessionVerifierCallbackFunction(args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> {
   const result = await jose.jwtVerify(args.jwt, keypair.publicKey);
   const kid = result.protectedHeader.kid ?? args.kid;
   const did = kid!.split('#')[0];

packages/client/lib/__tests__/SphereonE2E.spec.test.ts

@@ -155,7 +155,7 @@ describe('ismapolis bug report #63, https://github.com/Sphereon-Opensource/OID4V
         .sign(edPrivateKey);
     }
 
-    const callbacks: ProofOfPossessionCallbacks<never> = {
+    const callbacks: ProofOfPossessionCallbacks = {
       signCallback: signCallback,
     };
 

packages/common/lib/jwt/Jwt.types.ts

@@ -1,6 +1,7 @@
 import { JwtHeader as jwtDecodeJwtHeader, JwtPayload as jwtDecodePayload } from 'jwt-decode';
 
 import { JWK } from '.';
+
 export type JwtHeader = jwtDecodeJwtHeader & {
   alg?: string;
   x5c?: string[];

packages/did-auth-siop-adapter/lib/DidJwtAdapter.ts

@@ -1,5 +1,4 @@
-import { AuthorizationRequestPayload, IDTokenPayload, JwtIssuerWithContext, RequestObjectPayload } from '@sphereon/did-auth-siop'
-import { JwtVerifier } from '@sphereon/did-auth-siop'
+import { AuthorizationRequestPayload, IDTokenPayload, JwtIssuerWithContext, JwtVerifier, RequestObjectPayload } from '@sphereon/did-auth-siop'
 import { JwtHeader, JwtPayload } from '@sphereon/oid4vc-common'
 import { Resolvable } from 'did-resolver'