feat: Add status support to sessions

packages/common/lib/types/StateManager.types.ts

@@ -8,10 +8,23 @@ export interface CredentialOfferSession extends StateType {
   clientId?: string;
   credentialOffer: AssertedUniformCredentialOffer;
   userPin?: string;
+  status: IssueStatus;
+  error?: string;
+  lastUpdatedAt: number;
   issuerState?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value
   preAuthorizedCode?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value
 }
 
+export enum IssueStatus {
+  OFFER_CREATED = 'OFFER_CREATED',
+  OFFER_URI_RETRIEVED = 'OFFER_URI_RETRIEVED', // This state is optional. as an offer uri is optional
+  ACCESS_TOKEN_REQUESTED = 'ACCESS_TOKEN_CREATED', // Optional state, given the token endpoint could also be on a separate AS
+  ACCESS_TOKEN_CREATED = 'ACCESS_TOKEN_CREATED', // Optional state, given the token endpoint could also be on a separate AS
+  CREDENTIAL_REQUEST_RECEIVED = 'CREDENTIAL_REQUEST_RECEIVED', // Credential request received. Next state would either be error or issued
+  CREDENTIAL_ISSUED = 'CREDENTIAL_ISSUED',
+  ERROR = 'ERROR',
+}
+
 export interface CNonceState extends StateType {
   cNonce: string;
   issuerState?: string;

packages/issuer-rest/lib/IssuerTokenEndpoint.ts

@@ -40,6 +40,7 @@ export const handleTokenRequest = ({
 
     try {
       const responseBody = await createAccessTokenResponse(request.body, {
+        credentialOfferSessions: issuer.credentialOfferSessions,
         accessTokenIssuer,
         cNonces: issuer.cNonces,
         cNonce: v4(),

packages/issuer-rest/lib/OID4VCIServer.ts

@@ -76,9 +76,18 @@ export interface ICreateCredentialOfferOpts {
   //todo: Add authn/z, as this endpoint would be called by an integration instead of wallets
 }
 
+export interface IGetIssueStatusOpts {
+  getStatusPath?: string
+  getStatusEndpointDisabled?: boolean // Disable the REST endpoint for getting the issue status
+  //todo: Add authn/z, as this endpoint would be called by an integration instead of wallets
+  // issuerState?: string
+  // preAuthorizedCode?: string
+}
+
 export interface IOID4VCIServerOpts {
   tokenEndpointOpts?: ITokenEndpointOpts
   credentialOfferOpts?: ICreateCredentialOfferOpts
+  getStatusOpts?: IGetIssueStatusOpts
   serverOpts?: {
     app?: Express
     port?: number
@@ -143,6 +152,9 @@ export class OID4VCIServer {
     if (!this.isTokenEndpointDisabled(opts?.tokenEndpointOpts)) {
       this.accessTokenEndpoint(opts?.tokenEndpointOpts)
     }
+    if (!this.isStatusEndpointDisabled(opts?.getStatusOpts)) {
+      this.getIssueStatusEndpoint(opts?.getStatusOpts)
+    }
     this.cNonceExpiresIn = opts?.tokenEndpointOpts?.cNonceExpiresIn ?? 300000
     this.tokenExpiresIn = opts?.tokenEndpointOpts?.tokenExpiresIn ?? 300000
     this._app.use(this.getBasePath(), this._router)
@@ -182,7 +194,7 @@ export class OID4VCIServer {
       skipBaseUrlCheck: false,
       stripBasePath: true,
     })
-    // let's fix any baseUrl ending with a slash as path will always start with a slash and we already removed it at the end of the base url
+    // let's fix any baseUrl ending with a slash as path will always start with a slash, and we already removed it at the end of the base url
 
     const url = new URL(`${baseUrl}${path}`)
     // this.issuer.issuerMetadata.token_endpoint = url.toString()
@@ -273,6 +285,42 @@ export class OID4VCIServer {
     })
   }
 
+  // fixme authz and enable/disable
+  private getIssueStatusEndpoint(opts?: IGetIssueStatusOpts) {
+    const path = this.determinePath(opts?.getStatusPath ?? '/webapp/credential-offer-status', { stripBasePath: true })
+    this.app.post(path, async (request: Request, response: Response) => {
+      try {
+        const { id } = request.body
+        const session = await this.issuer.credentialOfferSessions.get(id)
+        if (!session || !session.credentialOffer) {
+          return sendErrorResponse(response, 404, {
+            error: 'invalid_request',
+            error_description: `Credential offer ${id} not found`,
+          })
+        }
+
+        return response.send(
+          JSON.stringify({
+            createdAt: session.createdAt,
+            lastUpdatedAt: session.lastUpdatedAt,
+            status: session.status,
+            ...(session.clientId && { clientId: session.clientId }),
+          })
+        )
+      } catch (e) {
+        return sendErrorResponse(
+          response,
+          500,
+          {
+            error: 'invalid_request',
+            error_description: (e as Error).message,
+          },
+          e
+        )
+      }
+    })
+  }
+
   private getCredentialOfferEndpoint(opts?: ICreateCredentialOfferOpts) {
     const path = this.determinePath(opts?.getOfferPath ?? '/webapp/credential-offers/:id', { stripBasePath: true })
     this.app.get(path, async (request: Request, response: Response) => {
@@ -375,6 +423,10 @@ export class OID4VCIServer {
     return tokenEndpointOpts?.tokenEndpointDisabled === true || process.env.TOKEN_ENDPOINT_DISABLED === 'true'
   }
 
+  private isStatusEndpointDisabled(statusEndpointOpts?: IGetIssueStatusOpts) {
+    return statusEndpointOpts?.getStatusEndpointDisabled === true || process.env.STATUS_ENDPOINT_DISABLED === 'true'
+  }
+
   private assertAccessTokenHandling(tokenEndpointOpts?: ITokenEndpointOpts) {
     const authServer = this.issuer.issuerMetadata.authorization_server
     if (this.isTokenEndpointDisabled(tokenEndpointOpts)) {

packages/issuer-rest/lib/__tests__/IssuerTokenServer.spec.ts

@@ -7,6 +7,7 @@ import {
   CredentialIssuerMetadataOpts,
   CredentialOfferJwtVcJsonLdAndLdpVcV1_0_11,
   CredentialOfferSession,
+  IssueStatus,
   Jwt,
   STATE_MISSING_ERROR,
   URIState,
@@ -37,6 +38,8 @@ describe('OID4VCIServer', () => {
       preAuthorizedCode: preAuthorizedCode1,
       userPin: '493536',
       createdAt: +new Date(),
+      lastUpdatedAt: +new Date(),
+      status: IssueStatus.OFFER_CREATED,
       credentialOffer: {
         credential_offer: {
           credential_issuer: 'test_issuer',