Sphereon-Opensource · zoemaas · Jan 14, 2025 · Nov 18, 2024 · Nov 20, 2024 · Nov 20, 2024
diff --git a/packages/client/lib/OpenID4VCIClient.ts b/packages/client/lib/OpenID4VCIClient.ts
@@ -130,6 +130,7 @@ export class OpenID4VCIClient {
     pkce,
     authorizationRequest,
     createAuthorizationRequestURL,
+    endpointMetadata
   }: {
     credentialIssuer: string;
     kid?: string;
@@ -139,6 +140,7 @@ export class OpenID4VCIClient {
     createAuthorizationRequestURL?: boolean;
     authorizationRequest?: AuthorizationRequestOpts; // Can be provided here, or when manually calling createAuthorizationUrl
     pkce?: PKCEOpts;
+    endpointMetadata?: EndpointMetadataResult
   }) {
     const client = new OpenID4VCIClient({
       kid,
@@ -147,6 +149,7 @@ export class OpenID4VCIClient {
       credentialIssuer,
       pkce,
       authorizationRequest,
+      endpointMetadata
     });
     if (retrieveServerMetadata === undefined || retrieveServerMetadata) {
       await client.retrieveServerMetadata();
@@ -173,6 +176,7 @@ export class OpenID4VCIClient {
     createAuthorizationRequestURL,
     authorizationRequest,
     resolveOfferUri,
+    endpointMetadata
   }: {
     uri: string;
     kid?: string;
@@ -183,6 +187,7 @@ export class OpenID4VCIClient {
     pkce?: PKCEOpts;
     clientId?: string;
     authorizationRequest?: AuthorizationRequestOpts; // Can be provided here, or when manually calling createAuthorizationUrl
+    endpointMetadata?: EndpointMetadataResult
   }): Promise<OpenID4VCIClient> {
     const credentialOfferClient = await CredentialOfferClient.fromURI(uri, { resolve: resolveOfferUri });
     const client = new OpenID4VCIClient({
@@ -192,6 +197,7 @@ export class OpenID4VCIClient {
       clientId: clientId ?? authorizationRequest?.clientId ?? credentialOfferClient.clientId,
       pkce,
       authorizationRequest,
+      endpointMetadata
     });
 
     if (retrieveServerMetadata === undefined || retrieveServerMetadata) {

diff --git a/packages/siop-oid4vp/lib/authorization-request/URI.ts b/packages/siop-oid4vp/lib/authorization-request/URI.ts
@@ -235,16 +235,22 @@ export class URI implements AuthorizationRequestURI {
     return { scheme, authorizationRequestPayload }
   }
 
-  public static async parseAndResolve(uri: string) {
+  public static async parseAndResolve(uri: string, rpRegistrationMetadata?: RPRegistrationMetadataPayload) {
-  public static async parseAndResolve(uri: string, rpRegistrationMetadata?: RPRegistrationMetadataPayload) {
+   /**
+   * Parses the URI and resolves the registration metadata
+   * @param uri 
+   * @param rpRegistrationMetadata 
+   * @returns Promise<{scheme: string, authorizationRequestPayload: AuthorizationRequestPayload, requestObjectJwt: RequestObjectJwt, registrationMetadata: RPRegistrationMetadataPayload}>
+   */
+  public static async parseAndResolve(uri: string, rpRegistrationMetadata?: RPRegistrationMetadataPayload) {
+    if (!uri) {
+      throw Error(SIOPErrors.BAD_PARAMS)
+    }
+    const { authorizationRequestPayload, scheme } = this.parse(uri)
+
+    const requestObjectJwt = await fetchByReferenceOrUseByValue(
+      authorizationRequestPayload.client_metadata_uri, 
+      authorizationRequestPayload.client_metadata
+    )
+
+    const registrationMetadata = await this.resolveRegistrationMetadata(
+      rpRegistrationMetadata,
+      authorizationRequestPayload,
+    )
+    assertValidRPRegistrationMedataPayload(registrationMetadata)
+    return { scheme, authorizationRequestPayload, requestObjectJwt, registrationMetadata }
+  }
+
+  /**
+   * Resolves the registration metadata
+   * @param providedMetadata 
+   * @param authPayload 
+   * @returns Promise<RPRegistrationMetadataPayload>
+   */
+  private static async resolveRegistrationMetadata(
+    providedMetadata?: RPRegistrationMetadataPayload,
+    authPayload?: AuthorizationRequestPayload
+  ): Promise<RPRegistrationMetadataPayload> {
+    if (providedMetadata) {
+      return providedMetadata
+    }
+    return await fetchByReferenceOrUseByValue(
+      authPayload?.['client_metadata_uri'] ?? authPayload?.['registration_uri'],
+      authPayload?.['client_metadata'] ?? authPayload?.['registration']
+    )
+  }
-  public static async parseAndResolve(uri: string, rpRegistrationMetadata?: RPRegistrationMetadataPayload) {
+   /**
+   * Parses the URI and resolves the registration metadata
+   * @param uri 
+   * @param rpRegistrationMetadata 
+   * @returns Promise<{scheme: string, authorizationRequestPayload: AuthorizationRequestPayload, requestObjectJwt: RequestObjectJwt, registrationMetadata: RPRegistrationMetadataPayload}>
+   */
+  public static async parseAndResolve(uri: string, rpRegistrationMetadata?: RPRegistrationMetadataPayload) {
+    if (!uri) {
+      throw Error(SIOPErrors.BAD_PARAMS)
+    }
+    const { authorizationRequestPayload, scheme } = this.parse(uri)
+
+    const requestObjectJwt = await fetchByReferenceOrUseByValue(
+      authorizationRequestPayload.client_metadata_uri, 
+      authorizationRequestPayload.client_metadata
+    )
+
+    const registrationMetadata = await this.resolveRegistrationMetadata(
+      rpRegistrationMetadata,
+      authorizationRequestPayload,
+    )
+    assertValidRPRegistrationMedataPayload(registrationMetadata)
+    return { scheme, authorizationRequestPayload, requestObjectJwt, registrationMetadata }
+  }
+
+  /**
+   * Resolves the registration metadata
+   * @param providedMetadata 
+   * @param authPayload 
+   * @returns Promise<RPRegistrationMetadataPayload>
+   */
+  private static async resolveRegistrationMetadata(
+    providedMetadata?: RPRegistrationMetadataPayload,
+    authPayload?: AuthorizationRequestPayload
+  ): Promise<RPRegistrationMetadataPayload> {
+    if (providedMetadata) {
+      return providedMetadata
+    }
+    return await fetchByReferenceOrUseByValue(
+      authPayload?.['client_metadata_uri'] ?? authPayload?.['registration_uri'],
+      authPayload?.['client_metadata'] ?? authPayload?.['registration']
+    )
+  }
     if (!uri) {
       throw Error(SIOPErrors.BAD_PARAMS)
     }
     const { authorizationRequestPayload, scheme } = this.parse(uri)
+
     const requestObjectJwt = await fetchByReferenceOrUseByValue(authorizationRequestPayload.request_uri, authorizationRequestPayload.request, true)
-    const registrationMetadata: RPRegistrationMetadataPayload = await fetchByReferenceOrUseByValue(
-      authorizationRequestPayload['client_metadata_uri'] ?? authorizationRequestPayload['registration_uri'],
-      authorizationRequestPayload['client_metadata'] ?? authorizationRequestPayload['registration'],
-    )
+    let registrationMetadata: RPRegistrationMetadataPayload
+    if (rpRegistrationMetadata !== undefined && rpRegistrationMetadata !== null) {
+      registrationMetadata = rpRegistrationMetadata
+    } else {
+        registrationMetadata = await fetchByReferenceOrUseByValue(
+        authorizationRequestPayload['client_metadata_uri'] ?? authorizationRequestPayload['registration_uri'],
+        authorizationRequestPayload['client_metadata'] ?? authorizationRequestPayload['registration'],
+      )
+    }
     assertValidRPRegistrationMedataPayload(registrationMetadata)
     return { scheme, authorizationRequestPayload, requestObjectJwt, registrationMetadata }
   }

diff --git a/packages/siop-oid4vp/lib/op/OP.ts b/packages/siop-oid4vp/lib/op/OP.ts
@@ -24,7 +24,7 @@ import {
   RegisterEventListener,
   RequestObjectPayload,
   ResponseIss,
-  ResponseMode,
+  ResponseMode, RPRegistrationMetadataPayload,
   SIOPErrors,
   SupportedVersion,
   UrlEncodingFormat,
@@ -275,9 +275,10 @@ export class OP {
    * Create an Authentication Request Payload from a URI string
    *
    * @param encodedUri
+   * @param rpRegistrationMetadata
    */
-  public async parseAuthorizationRequestURI(encodedUri: string): Promise<ParsedAuthorizationRequestURI> {
-    const { scheme, requestObjectJwt, authorizationRequestPayload, registrationMetadata } = await URI.parseAndResolve(encodedUri)
+  public async parseAuthorizationRequestURI(encodedUri: string, rpRegistrationMetadata?: RPRegistrationMetadataPayload): Promise<ParsedAuthorizationRequestURI> {
+    const { scheme, requestObjectJwt, authorizationRequestPayload, registrationMetadata } = await URI.parseAndResolve(encodedUri, rpRegistrationMetadata)
 
     return {
       encodedUri,

diff --git a/packages/siop-oid4vp/lib/types/SIOP.types.ts b/packages/siop-oid4vp/lib/types/SIOP.types.ts
@@ -1,6 +1,10 @@
 // noinspection JSUnusedGlobalSymbols
 import { JarmClientMetadata } from '@sphereon/jarm'
-import { DynamicRegistrationClientMetadata, JWKS, SigningAlgo } from '@sphereon/oid4vc-common'
+import {
+  DynamicRegistrationClientMetadata,
+  JWKS,
+  SigningAlgo
+} from '@sphereon/oid4vc-common'
 import { Format, PresentationDefinitionV1, PresentationDefinitionV2 } from '@sphereon/pex-models'
 import {
   AdditionalClaims,
@@ -11,22 +15,28 @@ import {
   PresentationSubmission,
   W3CVerifiableCredential,
   W3CVerifiablePresentation,
-  WrappedVerifiablePresentation,
+  WrappedVerifiablePresentation
 } from '@sphereon/ssi-types'
 
-import { AuthorizationRequest, CreateAuthorizationRequestOpts, PropertyTargets, VerifyAuthorizationRequestOpts } from '../authorization-request'
+import {
+  AuthorizationRequest,
+  CreateAuthorizationRequestOpts,
+  PropertyTargets,
+  VerifyAuthorizationRequestOpts
+} from '../authorization-request'
 import {
   AuthorizationResponse,
   AuthorizationResponseOpts,
   PresentationDefinitionWithLocation,
   PresentationVerificationCallback,
-  VerifyAuthorizationResponseOpts,
+  VerifyAuthorizationResponseOpts
 } from '../authorization-response'
-import { JwksMetadataParams } from '../helpers/ExtractJwks'
+import { JwksMetadataParams } from '../helpers'
 import { RequestObject, RequestObjectOpts } from '../request-object'
 import { IRPSessionManager } from '../rp'
 
 import { JWTPayload, VerifiedJWT } from './index'
+
 export const DEFAULT_EXPIRATION_TIME = 10 * 60
 
 // https://openid.net/specs/openid-connect-core-1_0.html#RequestObject