feat: accept header

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@0xpolygonid/js-sdk",
-  "version": "1.18.0",
+  "version": "1.18.1",
   "description": "SDK to work with Polygon ID",
   "main": "dist/node/cjs/index.js",
   "module": "dist/node/esm/index.js",

src/iden3comm/constants.ts

@@ -1,3 +1,5 @@
+import { AcceptProfile } from './types';
+
 const IDEN3_PROTOCOL = 'https://iden3-communication.io/';
 /**
  * Constants for Iden3 protocol
@@ -79,5 +81,30 @@ export const SUPPORTED_PUBLIC_KEY_TYPES = {
   ]
 };
 
+export enum ProtocolVersion {
+  v1 = 'iden3comm/v1'
+}
+
+export enum AcceptAuthCircuits {
+  authV2 = 'authV2',
+  authV3 = 'authV3'
+}
+
+export enum AcceptJwzAlgorithms {
+  groth16 = 'groth16'
+}
+
+export enum AcceptJwsAlgorithms {
+  ES256K = 'ES256K',
+  ES256KR = 'ES256K-R'
+}
+
+export const defaultAcceptProfile: AcceptProfile = {
+  protocolVersion: ProtocolVersion.v1,
+  env: MediaType.ZKPMessage,
+  circuits: [AcceptAuthCircuits.authV2],
+  alg: [AcceptJwzAlgorithms.groth16]
+};
+
 export const DEFAULT_PROOF_VERIFY_DELAY = 1 * 60 * 60 * 1000; // 1 hour
 export const DEFAULT_AUTH_VERIFY_DELAY = 5 * 60 * 1000; // 5 minutes

src/iden3comm/handlers/auth.ts

@@ -1,4 +1,4 @@
-import { MediaType } from '../constants';
+import { MediaType, ProtocolVersion } from '../constants';
 import { IProofService } from '../../proof/proof-service';
 import { PROTOCOL_MESSAGE_TYPE } from '../constants';
 
@@ -21,6 +21,7 @@ import { byteDecoder, byteEncoder } from '../../utils';
 import { processZeroKnowledgeProofRequests } from './common';
 import { CircuitId } from '../../circuits';
 import { AbstractMessageHandler, IProtocolMessageHandler } from './message-handler';
+import { parseAcceptProfile } from '../utils';
 
 /**
  *  createAuthorizationRequest is a function to create protocol authorization request
@@ -231,13 +232,44 @@ export class AuthHandler
 
     // override sender did if it's explicitly specified in the auth request
     const to = authRequest.to ? DID.parse(authRequest.to) : ctx.senderDid;
-    const mediaType = ctx.mediaType || MediaType.ZKPMessage;
     const guid = uuid.v4();
 
     if (!authRequest.from) {
       throw new Error('auth request should contain from field');
     }
 
+    const responseType = PROTOCOL_MESSAGE_TYPE.AUTHORIZATION_RESPONSE_MESSAGE_TYPE;
+    let mediaType: MediaType;
+    if (authRequest.body.accept?.length) {
+      const supportedMediaTypes: MediaType[] = [];
+      for (const acceptProfile of authRequest.body.accept || []) {
+        // 1. check protocol version
+        const { protocolVersion, env } = parseAcceptProfile(acceptProfile);
+        const responseTypeVersion = Number(responseType.split('/').at(-2));
+        if (
+          protocolVersion === ProtocolVersion.v1 &&
+          (responseTypeVersion < 1 || responseTypeVersion >= 2)
+        ) {
+          continue;
+        }
+        // 2. check packer support
+        if (this._packerMgr.isSupported(env, acceptProfile)) {
+          supportedMediaTypes.push(env);
+        }
+      }
+
+      if (!supportedMediaTypes.length) {
+        throw new Error('no profile meets `access` header requirements');
+      }
+
+      mediaType = supportedMediaTypes[0];
+      if (ctx.mediaType && supportedMediaTypes.includes(ctx.mediaType)) {
+        mediaType = ctx.mediaType;
+      }
+    } else {
+      mediaType = ctx.mediaType || MediaType.ZKPMessage;
+    }
+
     const from = DID.parse(authRequest.from);
 
     const responseScope = await processZeroKnowledgeProofRequests(
@@ -250,8 +282,8 @@ export class AuthHandler
 
     return {
       id: guid,
-      typ: ctx.mediaType,
-      type: PROTOCOL_MESSAGE_TYPE.AUTHORIZATION_RESPONSE_MESSAGE_TYPE,
+      typ: mediaType,
+      type: responseType,
       thid: authRequest.thid ?? guid,
       body: {
         message: authRequest?.body?.message,

src/iden3comm/index.ts

@@ -3,6 +3,7 @@ export * from './packers';
 export * from './types';
 export * from './handlers';
 export * from './utils/did';
+export * from './utils/accept-profile';
 
 import * as PROTOCOL_CONSTANTS from './constants';
 export { PROTOCOL_CONSTANTS };

src/iden3comm/packageManager.ts

@@ -21,6 +21,21 @@ export class PackageManager implements IPackageManager {
     this.packers = new Map<MediaType, IPacker>();
   }
 
+  /** {@inheritDoc IPackageManager.isSupported} */
+  isSupported(mediaType: MediaType, profile: string): boolean {
+    const p = this.packers.get(mediaType);
+    if (!p) {
+      return false;
+    }
+
+    return p.isProfileSupported(profile);
+  }
+
+  /** {@inheritDoc IPackageManager.getSupportedMediaTypes} */
+  getSupportedMediaTypes(): MediaType[] {
+    return [...this.packers.keys()];
+  }
+
   /** {@inheritDoc IPackageManager.registerPackers} */
   registerPackers(packers: Array<IPacker>): void {
     packers.forEach((p) => {

src/iden3comm/packers/jws.ts

@@ -1,5 +1,5 @@
 import { BasicMessage, IPacker, JWSPackerParams } from '../types';
-import { MediaType, SUPPORTED_PUBLIC_KEY_TYPES } from '../constants';
+import { AcceptJwsAlgorithms, MediaType, SUPPORTED_PUBLIC_KEY_TYPES } from '../constants';
 import { extractPublicKeyBytes, resolveVerificationMethods } from '../utils/did';
 import { keyPath, KMS } from '../../kms/';
 
@@ -13,6 +13,7 @@ import {
   decodeBase64url,
   encodeBase64url
 } from '../../utils';
+import { parseAcceptProfile } from '../utils';
 
 /**
  * Packer that can pack message to JWZ token,
@@ -102,6 +103,38 @@ export class JWSPacker implements IPacker {
     return MediaType.SignedMessage;
   }
 
+  /** {@inheritDoc IPacker.getEnvelope} */
+  getEnvelope(): string {
+    return `env=${this.mediaType()}&alg=${this.getSupportedAlgorithms().join(',')}`;
+  }
+
+  /** {@inheritDoc IPacker.isProfileSupported} */
+  isProfileSupported(profile: string) {
+    const { env, circuits, alg } = parseAcceptProfile(profile);
+    if (env !== this.mediaType()) {
+      return false;
+    }
+
+    if (circuits) {
+      throw new Error(`Circuits are not supported for ${env} media type`);
+    }
+
+    let algSupported = !alg?.length;
+    const supportedAlgs = this.getSupportedAlgorithms();
+    for (const a of alg || []) {
+      if (supportedAlgs.includes(a as AcceptJwsAlgorithms)) {
+        algSupported = true;
+        break;
+      }
+    }
+
+    return algSupported;
+  }
+
+  private getSupportedAlgorithms(): AcceptJwsAlgorithms[] {
+    return [AcceptJwsAlgorithms.ES256K, AcceptJwsAlgorithms.ES256KR];
+  }
+
   private async resolveDidDoc(from: string) {
     let didDocument: DIDDocument;
     try {

src/iden3comm/packers/plain.ts

@@ -1,6 +1,7 @@
 import { BasicMessage, IPacker } from '../types';
 import { MediaType } from '../constants';
 import { byteDecoder, byteEncoder } from '../../utils';
+import { parseAcceptProfile } from '../utils';
 
 /**
  * Plain packer just serializes bytes to JSON and adds media type
@@ -53,4 +54,27 @@ export class PlainPacker implements IPacker {
   mediaType(): MediaType {
     return MediaType.PlainMessage;
   }
+
+  /** {@inheritDoc IPacker.getEnvelope} */
+  getEnvelope(): string {
+    return `env=${this.mediaType()}`;
+  }
+
+  /** {@inheritDoc IPacker.isProfileSupported} */
+  isProfileSupported(profile: string) {
+    const { env, circuits, alg } = parseAcceptProfile(profile);
+    if (env !== this.mediaType()) {
+      return false;
+    }
+
+    if (circuits) {
+      throw new Error(`Circuits are not supported for ${env} media type`);
+    }
+
+    if (alg) {
+      throw new Error(`Algorithms are not supported for ${env} media type`);
+    }
+
+    return true;
+  }
 }

src/iden3comm/packers/zkp.ts

@@ -20,9 +20,10 @@ import {
   ErrStateVerificationFailed,
   ErrUnknownCircuitID
 } from '../errors';
-import { MediaType } from '../constants';
+import { AcceptAuthCircuits, AcceptJwzAlgorithms, MediaType } from '../constants';
 import { byteDecoder, byteEncoder } from '../../utils';
 import { DEFAULT_AUTH_VERIFY_DELAY } from '../constants';
+import { parseAcceptProfile } from '../utils';
 
 const { getProvingMethod } = proving;
 
@@ -174,6 +175,49 @@ export class ZKPPacker implements IPacker {
   mediaType(): MediaType {
     return MediaType.ZKPMessage;
   }
+
+  /** {@inheritDoc IPacker.getEnvelope} */
+  getEnvelope(): string {
+    return `env=${this.mediaType()}&alg=${this.getSupportedAlgorithms().join(
+      ','
+    )}&circuitIds=${this.getSupportedCircuitIds().join(',')}`;
+  }
+
+  /** {@inheritDoc IPacker.isProfileSupported} */
+  isProfileSupported(profile: string) {
+    const { env, circuits, alg } = parseAcceptProfile(profile);
+    if (env !== this.mediaType()) {
+      return false;
+    }
+
+    let circuitIdSupported = !circuits?.length;
+    const supportedCircuitIds = this.getSupportedCircuitIds();
+    for (const c of circuits || []) {
+      if (supportedCircuitIds.includes(c)) {
+        circuitIdSupported = true;
+        break;
+      }
+    }
+
+    let algSupported = !alg?.length;
+    const supportedAlgs = this.getSupportedAlgorithms();
+    for (const a of alg || []) {
+      if (supportedAlgs.includes(a as AcceptJwzAlgorithms)) {
+        algSupported = true;
+        break;
+      }
+    }
+
+    return algSupported && circuitIdSupported;
+  }
+
+  private getSupportedAlgorithms(): AcceptJwzAlgorithms[] {
+    return [AcceptJwzAlgorithms.groth16];
+  }
+
+  private getSupportedCircuitIds(): AcceptAuthCircuits[] {
+    return [AcceptAuthCircuits.authV2];
+  }
 }
 
 const verifySender = async (token: Token, msg: BasicMessage): Promise<void> => {

src/iden3comm/types/index.ts

@@ -6,6 +6,7 @@ export * from './protocol/revocation';
 export * from './protocol/contract-request';
 export * from './protocol/proposal-request';
 export * from './protocol/payment';
+export * from './protocol/accept-profile';
 
 export * from './packer';
 export * from './models';

src/iden3comm/types/packageManager.ts

@@ -74,6 +74,21 @@ export interface IPackageManager {
    * @returns MediaType
    */
   getMediaType(envelope: string): MediaType;
+
+  /**
+   * gets supported media type by packer manager
+   *
+   * @returns MediaType[]
+   */
+  getSupportedMediaTypes(): MediaType[];
+
+  /**
+   * gets if media type and algorithms supported by packer manager
+   *
+   * @param {MediaType} mediaType
+   * @returns AcceptJwzAlgorithms[] | AcceptJwsAlgorithms[]
+   */
+  isSupported(mediaType: MediaType, profile: string): boolean;
 }
 /**
  * EnvelopeStub is used to stub the jwt based envelops

src/iden3comm/types/packer.ts

@@ -137,6 +137,21 @@ export interface IPacker {
    * @returns The media type as a MediaType.
    */
   mediaType(): MediaType;
+
+  /**
+   * gets packer envelope with options
+   *
+   * @returns {string}
+   */
+  getEnvelope(): string;
+
+  /**
+   * returns true if profile is supported by packer
+   *
+   * @param {string} profile
+   * @returns {boolean}
+   */
+  isProfileSupported(profile: string): boolean;
 }
 /**
  * Params for verification of auth circuit public signals

src/iden3comm/types/protocol/accept-profile.ts

@@ -0,0 +1,14 @@
+import {
+  AcceptAuthCircuits,
+  AcceptJwsAlgorithms,
+  AcceptJwzAlgorithms,
+  MediaType,
+  ProtocolVersion
+} from '../../constants';
+
+export type AcceptProfile = {
+  protocolVersion: ProtocolVersion;
+  env: MediaType;
+  circuits?: AcceptAuthCircuits[];
+  alg?: AcceptJwsAlgorithms[] | AcceptJwzAlgorithms[];
+};

src/iden3comm/types/protocol/auth.ts

@@ -29,6 +29,7 @@ export type AuthorizationRequestMessageBody = {
   callbackUrl: string;
   reason?: string;
   message?: string;
+  accept?: string[];
   did_doc?: JsonDocumentObject;
   scope: Array<ZeroKnowledgeProofRequest>;
 };