Send OID4VP authorization requests in Requests (#898)

* feat: add dcql

* feat: remove auto-selector

* fix: correct input descriptor

* test: adapt tests

* fix: typo

* test: correct runtime services no, credential count

* test: skip some tests

* test: prettier tests

* chore: fix vulnerability

* test: update service image

* feat: presentation request requests

* feat: remove event

* refactor: split folder

* fix: make expander work

* feat: improve no match error msg

* feat: adapt to new plan

* refactor: prettier test

* test: adapt test

* chore: build schemas

* chore: remove package override

* test: correct services no

Author: Magnus-Kuhn

packages/consumption/src/consumption/ConsumptionController.ts

@@ -11,6 +11,7 @@ import {
     ProposeAttributeRequestItem,
     ReadAttributeRequestItem,
     ShareAttributeRequestItem,
+    ShareAuthorizationRequestRequestItem,
     ShareCredentialOfferRequestItem,
     TransferFileOwnershipRequestItem
 } from "@nmshd/content";
@@ -42,6 +43,7 @@ import {
     RequestItemProcessorRegistry,
     SettingsController,
     ShareAttributeRequestItemProcessor,
+    ShareAuthorizationRequestRequestItemProcessor,
     ShareCredentialOfferRequestItemProcessor,
     TransferFileOwnershipRequestItemProcessor
 } from "../modules";
@@ -163,7 +165,8 @@ export class ConsumptionController {
             [AuthenticationRequestItem, GenericRequestItemProcessor],
             [FormFieldRequestItem, FormFieldRequestItemProcessor],
             [TransferFileOwnershipRequestItem, TransferFileOwnershipRequestItemProcessor],
-            [ShareCredentialOfferRequestItem, ShareCredentialOfferRequestItemProcessor]
+            [ShareCredentialOfferRequestItem, ShareCredentialOfferRequestItemProcessor],
+            [ShareAuthorizationRequestRequestItem, ShareAuthorizationRequestRequestItemProcessor]
         ]);
     }
 

packages/consumption/src/modules/requests/index.ts

@@ -30,6 +30,8 @@ export * from "./itemProcessors/RequestItemConstructor";
 export * from "./itemProcessors/RequestItemProcessorConstructor";
 export * from "./itemProcessors/RequestItemProcessorRegistry";
 export * from "./itemProcessors/shareAttribute/ShareAttributeRequestItemProcessor";
+export * from "./itemProcessors/shareAuthorizationRequest/AcceptShareAuthorizationRequestRequestItemParameters";
+export * from "./itemProcessors/shareAuthorizationRequest/ShareAuthorizationRequestRequestItemProcessor";
 export * from "./itemProcessors/shareCredentialOffer/ShareCredentialOfferRequestItemProcessor";
 export * from "./itemProcessors/transferFileOwnership/TransferFileOwnershipRequestItemProcessor";
 export * from "./local/LocalRequest";

packages/consumption/src/modules/requests/itemProcessors/shareAuthorizationRequest/AcceptShareAuthorizationRequestRequestItemParameters.ts

@@ -0,0 +1,18 @@
+import { Serializable, serialize, type, validate } from "@js-soft/ts-serval";
+import { OwnIdentityAttribute, OwnIdentityAttributeJSON } from "../../../attributes";
+import { AcceptRequestItemParametersJSON } from "../../incoming/decide/AcceptRequestItemParameters";
+
+export interface AcceptShareAuthorizationRequestRequestItemParametersJSON extends AcceptRequestItemParametersJSON {
+    attribute: OwnIdentityAttributeJSON;
+}
+
+@type("AcceptShareAuthorizationRequestRequestItemParameters")
+export class AcceptShareAuthorizationRequestRequestItemParameters extends Serializable {
+    @serialize()
+    @validate()
+    public attribute: OwnIdentityAttribute;
+
+    public static from(value: AcceptShareAuthorizationRequestRequestItemParametersJSON): AcceptShareAuthorizationRequestRequestItemParameters {
+        return this.fromAny(value);
+    }
+}

packages/consumption/src/modules/requests/itemProcessors/shareAuthorizationRequest/ShareAuthorizationRequestRequestItemProcessor.ts

@@ -0,0 +1,18 @@
+import { AcceptResponseItem, ResponseItemResult, ShareAuthorizationRequestRequestItem } from "@nmshd/content";
+import { OwnIdentityAttribute } from "../../../attributes";
+import { GenericRequestItemProcessor } from "../GenericRequestItemProcessor";
+import { LocalRequestInfo } from "../IRequestItemProcessor";
+import { AcceptShareAuthorizationRequestRequestItemParametersJSON } from "./AcceptShareAuthorizationRequestRequestItemParameters";
+
+export class ShareAuthorizationRequestRequestItemProcessor extends GenericRequestItemProcessor<ShareAuthorizationRequestRequestItem> {
+    public override async accept(
+        requestItem: ShareAuthorizationRequestRequestItem,
+        params: AcceptShareAuthorizationRequestRequestItemParametersJSON,
+        _requestInfo: LocalRequestInfo
+    ): Promise<AcceptResponseItem> {
+        const resolvedAuthorizationRequest = await this.consumptionController.openId4Vc.resolveAuthorizationRequest(requestItem.authorizationRequestUrl);
+        await this.consumptionController.openId4Vc.acceptAuthorizationRequest(resolvedAuthorizationRequest.authorizationRequest, OwnIdentityAttribute.from(params.attribute));
+
+        return AcceptResponseItem.from({ result: ResponseItemResult.Accepted });
+    }
+}

packages/content/src/requests/RequestItem.ts

@@ -19,6 +19,7 @@ import {
     IProposeAttributeRequestItem,
     IReadAttributeRequestItem,
     IShareAttributeRequestItem,
+    IShareAuthorizationRequestRequestItem,
     IShareCredentialOfferRequestItem,
     ITransferFileOwnershipRequestItem,
     ProposeAttributeRequestItem,
@@ -27,6 +28,8 @@ import {
     ReadAttributeRequestItemJSON,
     ShareAttributeRequestItem,
     ShareAttributeRequestItemJSON,
+    ShareAuthorizationRequestRequestItem,
+    ShareAuthorizationRequestRequestItemJSON,
     ShareCredentialOfferRequestItem,
     ShareCredentialOfferRequestItemJSON,
     TransferFileOwnershipRequestItem,
@@ -65,7 +68,8 @@ export type RequestItemJSONDerivations =
     | AuthenticationRequestItemJSON
     | FormFieldRequestItemJSON
     | TransferFileOwnershipRequestItemJSON
-    | ShareCredentialOfferRequestItemJSON;
+    | ShareCredentialOfferRequestItemJSON
+    | ShareAuthorizationRequestRequestItemJSON;
 
 export interface IRequestItem extends ISerializable {
     /**
@@ -99,7 +103,8 @@ export type IRequestItemDerivations =
     | IAuthenticationRequestItem
     | IFormFieldRequestItem
     | ITransferFileOwnershipRequestItem
-    | IShareCredentialOfferRequestItem;
+    | IShareCredentialOfferRequestItem
+    | IShareAuthorizationRequestRequestItem;
 
 export abstract class RequestItem extends Serializable {
     @serialize()
@@ -130,7 +135,8 @@ export type RequestItemDerivations =
     | AuthenticationRequestItem
     | FormFieldRequestItem
     | TransferFileOwnershipRequestItem
-    | ShareCredentialOfferRequestItem;
+    | ShareCredentialOfferRequestItem
+    | ShareAuthorizationRequestRequestItem;
 
 export function isRequestItemDerivation(input: any): input is RequestItemDerivations {
     return (
@@ -144,6 +150,7 @@ export function isRequestItemDerivation(input: any): input is RequestItemDerivat
         input["@type"] === "AuthenticationRequestItem" ||
         input["@type"] === "FormFieldRequestItem" ||
         input["@type"] === "TransferFileOwnershipRequestItem" ||
-        input["@type"] === "ShareCredentialOfferRequestItem"
+        input["@type"] === "ShareCredentialOfferRequestItem" ||
+        input["@type"] === "ShareAuthorizationRequestRequestItem"
     );
 }

packages/content/src/requests/items/index.ts

@@ -14,6 +14,7 @@ export * from "./proposeAttribute/ProposeAttributeRequestItem";
 export * from "./readAttribute/ReadAttributeAcceptResponseItem";
 export * from "./readAttribute/ReadAttributeRequestItem";
 export * from "./shareAttribute/ShareAttributeRequestItem";
+export * from "./shareAuthorizationRequest/ShareAuthorizationRequestRequestItem";
 export * from "./shareCredentialOffer/ShareCredentialOfferRequestItem";
 export * from "./transferFileOwnership/TransferFileOwnershipAcceptResponseItem";
 export * from "./transferFileOwnership/TransferFileOwnershipRequestItem";

packages/content/src/requests/items/shareAuthorizationRequest/ShareAuthorizationRequestRequestItem.ts

@@ -0,0 +1,29 @@
+import { serialize, type, validate } from "@js-soft/ts-serval";
+import { RequestItemJSON } from "../..";
+import { IRequestItem, RequestItem } from "../../RequestItem";
+
+export interface ShareAuthorizationRequestRequestItemJSON extends RequestItemJSON {
+    "@type": "ShareAuthorizationRequestRequestItem";
+    authorizationRequestUrl: string;
+}
+
+export interface IShareAuthorizationRequestRequestItem extends IRequestItem {
+    authorizationRequestUrl: string;
+}
+
+@type("ShareAuthorizationRequestRequestItem")
+export class ShareAuthorizationRequestRequestItem extends RequestItem implements IShareAuthorizationRequestRequestItem {
+    @serialize()
+    @validate()
+    public authorizationRequestUrl: string;
+
+    public static from(
+        value: IShareAuthorizationRequestRequestItem | Omit<ShareAuthorizationRequestRequestItemJSON, "@type"> | ShareAuthorizationRequestRequestItemJSON
+    ): ShareAuthorizationRequestRequestItem {
+        return this.fromAny(value);
+    }
+
+    public override toJSON(verbose?: boolean | undefined, serializeAsString?: boolean | undefined): ShareAuthorizationRequestRequestItemJSON {
+        return super.toJSON(verbose, serializeAsString) as ShareAuthorizationRequestRequestItemJSON;
+    }
+}

packages/runtime/src/dataViews/DataViewExpander.ts

@@ -49,6 +49,7 @@ import {
     ResponseJSON,
     SexJSON,
     ShareAttributeRequestItemJSON,
+    ShareAuthorizationRequestRequestItemJSON,
     ShareCredentialOfferRequestItemJSON,
     SurnameJSON,
     ThirdPartyRelationshipAttributeQueryJSON,
@@ -133,6 +134,7 @@ import {
     ResponseItemDVO,
     ResponseItemGroupDVO,
     ShareAttributeRequestItemDVO,
+    ShareAuthorizationRequestRequestItemDVO,
     ShareCredentialOfferRequestItemDVO,
     ThirdPartyRelationshipAttributeQueryDVO,
     TransferFileOwnershipAcceptResponseItemDVO,
@@ -655,6 +657,24 @@ export class DataViewExpander {
                     credentialResponses
                 } as ShareCredentialOfferRequestItemDVO;
 
+            case "ShareAuthorizationRequestRequestItem":
+                const shareAuthorizationRequestRequestItem = requestItem as ShareAuthorizationRequestRequestItemJSON;
+
+                const resolutionResult = await this.consumption.openId4Vc.resolveAuthorizationRequest({
+                    authorizationRequestUrl: shareAuthorizationRequestRequestItem.authorizationRequestUrl
+                });
+                const matchingCredentials = resolutionResult.isSuccess ? resolutionResult.value.matchingCredentials : [];
+
+                return {
+                    ...shareAuthorizationRequestRequestItem,
+                    type: "ShareAuthorizationRequestRequestItemDVO",
+                    id: "",
+                    name: this.generateRequestItemName(requestItem["@type"], isDecidable),
+                    isDecidable: isDecidable && matchingCredentials.length > 0,
+                    response: responseItemDVO,
+                    matchingCredentials: await this.expandLocalAttributeDTOs(matchingCredentials)
+                } as ShareAuthorizationRequestRequestItemDVO;
+
             default:
                 return {
                     ...requestItem,

packages/runtime/src/dataViews/content/RequestItemDVOs.ts

@@ -82,3 +82,9 @@ export interface ShareCredentialOfferRequestItemDVO extends RequestItemDVO {
     credentialOfferUrl: string;
     credentialResponses?: OpenId4VciCredentialResponseJSON[];
 }
+
+export interface ShareAuthorizationRequestRequestItemDVO extends RequestItemDVO {
+    type: "ShareAuthorizationRequestRequestItemDVO";
+    authorizationRequestUrl: string;
+    matchingCredentials: LocalAttributeDVO[];
+}

packages/runtime/src/useCases/common/Schemas.ts

@@ -317,6 +317,9 @@ export const CanCreateOutgoingRequestRequest: any = {
                 },
                 {
                     "$ref": "#/definitions/ShareCredentialOfferRequestItemJSON"
+                },
+                {
+                    "$ref": "#/definitions/ShareAuthorizationRequestRequestItemJSON"
                 }
             ]
         },
@@ -2784,6 +2787,42 @@ export const CanCreateOutgoingRequestRequest: any = {
             ],
             "additionalProperties": false
         },
+        "ShareAuthorizationRequestRequestItemJSON": {
+            "type": "object",
+            "properties": {
+                "@type": {
+                    "type": "string",
+                    "const": "ShareAuthorizationRequestRequestItem"
+                },
+                "@context": {
+                    "type": "string"
+                },
+                "@version": {
+                    "type": "string"
+                },
+                "description": {
+                    "type": "string",
+                    "description": "The human-readable description of this item."
+                },
+                "metadata": {
+                    "type": "object",
+                    "description": "This property can be used to add some arbitrary metadata to this item. The content of this property will be copied into the response on the side of the recipient, so the sender can use it to identify the item as they receive the response."
+                },
+                "mustBeAccepted": {
+                    "type": "boolean",
+                    "description": "If set to `true`, the recipient has to accept this item if they want to accept the Request. If set to `false`, the recipient can decide whether they want to accept it or not."
+                },
+                "authorizationRequestUrl": {
+                    "type": "string"
+                }
+            },
+            "required": [
+                "@type",
+                "authorizationRequestUrl",
+                "mustBeAccepted"
+            ],
+            "additionalProperties": false
+        },
         "AddressString": {
             "type": "string",
             "pattern": "did:e:((([A-Za-z0-9]+(-[A-Za-z0-9]+)*)\\.)+[a-z]{2,}|localhost):dids:[0-9a-f]{22}"
@@ -7192,6 +7231,9 @@ export const CreateOutgoingRequestRequest: any = {
                 },
                 {
                     "$ref": "#/definitions/ShareCredentialOfferRequestItemJSON"
+                },
+                {
+                    "$ref": "#/definitions/ShareAuthorizationRequestRequestItemJSON"
                 }
             ]
         },
@@ -9659,6 +9701,42 @@ export const CreateOutgoingRequestRequest: any = {
             ],
             "additionalProperties": false
         },
+        "ShareAuthorizationRequestRequestItemJSON": {
+            "type": "object",
+            "properties": {
+                "@type": {
+                    "type": "string",
+                    "const": "ShareAuthorizationRequestRequestItem"
+                },
+                "@context": {
+                    "type": "string"
+                },
+                "@version": {
+                    "type": "string"
+                },
+                "description": {
+                    "type": "string",
+                    "description": "The human-readable description of this item."
+                },
+                "metadata": {
+                    "type": "object",
+                    "description": "This property can be used to add some arbitrary metadata to this item. The content of this property will be copied into the response on the side of the recipient, so the sender can use it to identify the item as they receive the response."
+                },
+                "mustBeAccepted": {
+                    "type": "boolean",
+                    "description": "If set to `true`, the recipient has to accept this item if they want to accept the Request. If set to `false`, the recipient can decide whether they want to accept it or not."
+                },
+                "authorizationRequestUrl": {
+                    "type": "string"
+                }
+            },
+            "required": [
+                "@type",
+                "authorizationRequestUrl",
+                "mustBeAccepted"
+            ],
+            "additionalProperties": false
+        },
         "AddressString": {
             "type": "string",
             "pattern": "did:e:((([A-Za-z0-9]+(-[A-Za-z0-9]+)*)\\.)+[a-z]{2,}|localhost):dids:[0-9a-f]{22}"
@@ -10320,6 +10398,9 @@ export const ReceivedIncomingRequestRequest: any = {
                 },
                 {
                     "$ref": "#/definitions/ShareCredentialOfferRequestItemJSON"
+                },
+                {
+                    "$ref": "#/definitions/ShareAuthorizationRequestRequestItemJSON"
                 }
             ]
         },
@@ -12787,6 +12868,42 @@ export const ReceivedIncomingRequestRequest: any = {
             ],
             "additionalProperties": false
         },
+        "ShareAuthorizationRequestRequestItemJSON": {
+            "type": "object",
+            "properties": {
+                "@type": {
+                    "type": "string",
+                    "const": "ShareAuthorizationRequestRequestItem"
+                },
+                "@context": {
+                    "type": "string"
+                },
+                "@version": {
+                    "type": "string"
+                },
+                "description": {
+                    "type": "string",
+                    "description": "The human-readable description of this item."
+                },
+                "metadata": {
+                    "type": "object",
+                    "description": "This property can be used to add some arbitrary metadata to this item. The content of this property will be copied into the response on the side of the recipient, so the sender can use it to identify the item as they receive the response."
+                },
+                "mustBeAccepted": {
+                    "type": "boolean",
+                    "description": "If set to `true`, the recipient has to accept this item if they want to accept the Request. If set to `false`, the recipient can decide whether they want to accept it or not."
+                },
+                "authorizationRequestUrl": {
+                    "type": "string"
+                }
+            },
+            "required": [
+                "@type",
+                "authorizationRequestUrl",
+                "mustBeAccepted"
+            ],
+            "additionalProperties": false
+        },
         "MessageIdString": {
             "type": "string",
             "pattern": "MSG[A-Za-z0-9]{17}"