Implement verifyClaims (#154)

* bump typescript version
* change `offering.vcRequirements` to `offering.requiredClaims` and `rfq.vcs` to `rfq.claims`
* version bump

Author: mistermoe

README.md

@@ -100,7 +100,7 @@ An `Offering` is used by the PFI to describe a currency pair they have to _offer
 | `quoteUnitsPerBaseUnit` | string                                                                                                   | Y        | Number of quote units on offer for one base currency unit (i.e 290000 USD for 1 BTC                                                  |
 | `baseCurrency`          | [`CurrencyDetails`](#currencydetails)                                                                    | Y        | Details about the currency that the PFI is selling.                                                                                  |
 | `quoteCurrency`         | [`CurrencyDetails`](#currencydetails)                                                                    | Y        | Details about the currency that the PFI is accepting as payment for `baseCurrency`.                                                  |
-| `vcRequirements`        | [`PresentationDefinitionV2`](https://identity.foundation/presentation-exchange/#presentation-definition) | Y        | Articulates the credential(s) required when submitting an RFQ for this offering.                                                     |
+| `requiredClaims`        | [`PresentationDefinitionV2`](https://identity.foundation/presentation-exchange/#presentation-definition) | Y        | Articulates the claim(s) required when submitting an RFQ for this offering.                                                          |
 | `payinMethods`          | [`PaymentMethod[]`](#paymentmethod)                                                                      | Y        | A list of payment methods the counterparty (Alice) can choose to send payment to the PFI from in order to qualify for this offering. |
 | `payoutMethods`         | [`PaymentMethod[]`](#paymentmethod)                                                                      | Y        | A list of payment methods the counterparty (Alice) can choose to receive payment from the PFI in order to qualify for this offering. |
 | `createdAt`             | datetime                                                                                                 | Y        | The creation time of the resource. Expressed as ISO8601                                                                              |
@@ -385,13 +385,13 @@ Base64-encoded data is safe for transmission over most protocols and systems sin
 ### `RFQ (Request For Quote)`
 > Alice -> PFI: "OK, that offering looks good. Give me a Quote against that Offering, and here is how much USD (quote currency) I want to trade for BTC (base currency). Here are the credentials you're asking for, the payment method I intend to pay you USD with, and the payment method I expect you to pay me BTC in."
 
-| field                 | data type                                         | required | description                                                                                                         |
-| --------------------- | ------------------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------- |
-| `offeringId`          | string                                            | Y        | Offering which Alice would like to get a quote for                                                                  |
-| `quoteAmountSubunits` | string                                            | Y        | Amount of quote currency you want to spend in order to receive base currency                                        |
-| `vcs`                 | string                                            | Y        | VerifiablePresentation in JWT string format that meets the specification per PresentationDefinition in the Offering |
-| `payinMethod`         | [`SelectedPaymentMethod`](#selectedpaymentmethod) | Y        | Specify which payment method to send quote currency.                                                                |
-| `payoutMethod`        | [`SelectedPaymentMethod`](#selectedpaymentmethod) | Y        | Specify which payment method to receive base currency.                                                              |
+| field                 | data type                                         | required | description                                                                           |
+| --------------------- | ------------------------------------------------- | -------- | ------------------------------------------------------------------------------------- |
+| `offeringId`          | string                                            | Y        | Offering which Alice would like to get a quote for                                    |
+| `quoteAmountSubunits` | string                                            | Y        | Amount of quote currency you want in exchange for base currency                       |
+| `claims`              | string[]                                          | Y        | an array of claims that fulfill the requirements declared in an [Offering](#offering) |
+| `payinMethod`         | [`SelectedPaymentMethod`](#selectedpaymentmethod) | Y        | Specify which payment method to send quote currency.                                  |
+| `payoutMethod`        | [`SelectedPaymentMethod`](#selectedpaymentmethod) | Y        | Specify which payment method to receive base currency.                                |
 
 #### `SelectedPaymentMethod`
 | field            | data type | required | description                                                                                       |

js/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@tbd54566975/tbdex",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "type": "module",
   "description": "Library that includes type definitions for tbdex messages",
   "license": "Apache-2.0",
@@ -85,12 +85,12 @@
     "sinon": "15.0.2",
     "typedoc": "0.25.0",
     "typedoc-plugin-markdown": "3.16.0",
-    "typescript": "5.0.4"
+    "typescript": "5.2.2"
   },
   "scripts": {
     "clean": "rimraf generated dist tests/compiled",
     "compile-validators": "rimraf generated && node build/compile-validators.js",
-    "build:esm": "rimraf dist/esm dist/types && npx tsc -p tsconfig.json",
+    "build:esm": "rimraf dist/esm dist/types && tsc",
     "build:cjs": "rimraf dist/cjs && npx tsc -p tsconfig.cjs.json && echo '{\"type\": \"commonjs\"}' > ./dist/cjs/package.json",
     "build:browser": "rimraf dist/browser.mjs dist/browser.js && node build/bundles.js",
     "test:node": "rimraf tests/compiled && npm run compile-validators && tsc -p tests/tsconfig.json && mocha",

js/package.json

@@ -8,7 +8,7 @@ import { Convert } from '@web5/common'
 import { Rfq } from './message-kinds/index.js'
 import { Offering } from './resource-kinds/index.js'
 import { Crypto } from './crypto.js'
-import { OfferingModel, RfqModel } from './types.js'
+import { OfferingData, RfqData } from './types.js'
 
 export type DidMethodOptions = 'key' | 'ion'
 
@@ -61,7 +61,7 @@ export class DevTools {
    * creates and returns an example offering. Useful for testing purposes
    */
   static createOffering() {
-    const offeringData: OfferingModel = {
+    const offeringData: OfferingData = {
       description  : 'Selling BTC for USD',
       baseCurrency : {
         currencyCode : 'BTC',
@@ -118,7 +118,7 @@ export class DevTools {
           additionalProperties : false
         }
       }],
-      vcRequirements: {
+      requiredClaims: {
         id                : '7ce4004c-3c38-4853-968b-e411bafcd945',
         input_descriptors : [{
           id          : 'bbdb9b7c-5754-4f46-b63b-590bada959e0',
@@ -146,11 +146,11 @@ export class DevTools {
    * creates and returns an example rfq for the offering returned by {@link DevTools.createOffering}.
    * Useful for testing purposes.
    *
-   * **NOTE**: generates a random credential that fulfills the vcRequirements of the offering
+   * **NOTE**: generates a random credential that fulfills the offering's required claims
    */
   static async createRfq(opts: RfqOptions) {
     const { sender } = opts
-    const { signedCredential: _signedCredential } = await DevTools.createCredential({
+    const { signedCredential } = await DevTools.createCredential({
       type    : 'YoloCredential',
       issuer  : sender,
       subject : sender.did,
@@ -159,7 +159,7 @@ export class DevTools {
       }
     })
 
-    const rfqData: RfqModel = {
+    const rfqData: RfqData = {
       offeringId  : 'abcd123',
       payinMethod : {
         kind           : 'DEBIT_CARD',
@@ -177,7 +177,7 @@ export class DevTools {
         }
       },
       quoteAmountSubunits : '20000',
-      vcs                 : ''
+      claims              : [signedCredential]
     }
 
     return Rfq.create({

js/src/dev-tools.ts

@@ -55,7 +55,6 @@ export async function deferenceDidUrl(didUrl: string): Promise<DidResource> {
   // create a set of possible id matches. the DID spec allows for an id to be the entire did#fragment or just #fragment.
   // See: https://www.w3.org/TR/did-core/#relative-did-urls
   // using a set for fast string comparison. DIDs can be lonnng.
-  // TODO: check to see if parsedDid.fragment includes a '#'
   const idSet = new Set([didUrl, parsedDid.fragment, `#${parsedDid.fragment}`])
 
   for (let vm of verificationMethod) {

js/src/did-resolver.ts

@@ -7,9 +7,7 @@ export type CreateCloseOptions = {
   metadata: Omit<MessageMetadata<'close'>, 'id' |'kind' | 'createdAt'>
 }
 
-/**
- * a Close can be sent by Alice or the PFI as a reply to an RFQ or a Quote
- */
+/** a Close can be sent by Alice or the PFI as a reply to an RFQ or a Quote */
 export class Close extends Message<'close'> {
   /** a set of valid Message kinds that can come after a close */
   readonly validNext = new Set<MessageKind>([])

js/src/message-kinds/close.ts

@@ -7,6 +7,7 @@ export type CreateOrderOptions = {
   private?: Record<string, any>
 }
 
+/** Message sent by Alice to the PFI to accept a Quote. */
 export class Order extends Message<'order'> {
   readonly validNext = new Set<MessageKind>(['orderstatus'])
 

js/src/message-kinds/order.ts

@@ -52,16 +52,16 @@ export class Rfq extends Message<'rfq'> {
     // TODO: validate rfq's payoutMethod.kind against offering's payoutMethods
     // TODO: validate rfq's payoutMethod.paymentDetails against offering's respective requiredPaymentDetails json schema
 
-    this.verifyCredentialRequirements(offering)
+    this.verifyClaims(offering)
   }
 
   /**
-   * checks the claims provided in this rfq against the provided offering's requirements
+   * checks the claims provided in this rfq against an offering's requirements
    * @param offering - the offering to check against
-   * @throws
+   * @throws if rfq's claims do not fulfill the offering's requirements
    */
-  verifyCredentialRequirements(offering: Offering | ResourceModel<'offering'>) {
-    const { areRequiredCredentialsPresent } = pex.evaluatePresentation(offering.data.vcRequirements, this.vcs)
+  verifyClaims(offering: Offering | ResourceModel<'offering'>) {
+    const { areRequiredCredentialsPresent } = pex.evaluateCredentials(offering.data.requiredClaims, this.claims)
 
     if (areRequiredCredentialsPresent === 'error') {
       throw new Error(`claims do not fulfill the offering's requirements`)
@@ -81,8 +81,8 @@ export class Rfq extends Message<'rfq'> {
   }
 
   /** Presentation Submission VP that fulfills the requirements included in the respective Offering */
-  get vcs() {
-    return this.data.vcs
+  get claims() {
+    return this.data.claims
   }
 
   /** Selected payment method that Alice will use to send the listed quote currency to the PFI. */

js/src/message-kinds/rfq.ts

@@ -88,8 +88,8 @@ export class Message<T extends MessageKind> {
   /**
    * signs the message as a jws with detached content and sets the signature property
    * @param privateKeyJwk - the key to sign with
-   * @param kid - the kid to include in the jws header. used by the verifier to select the appropriate verificationMethod
-   *              when dereferencing the signer's DID
+   * @param kid - the verification method id to include in the jws header. used by the verifier to
+   *               select the appropriate verificationMethod when dereferencing the signer's DID
    */
   async sign(privateKeyJwk: Web5PrivateKeyJwk, kid: string): Promise<void> {
     const toSign = { metadata: this.metadata, data: this.data }

js/src/message.ts

@@ -1,4 +1,4 @@
-import type { ResourceMetadata, MessageModel, OfferingModel, ResourceModel, MessageKind } from '../types.js'
+import type { ResourceMetadata, MessageModel, OfferingData, ResourceModel, MessageKind } from '../types.js'
 import type { DataResponse, ErrorDetail, ErrorResponse, HttpResponse } from './types.js'
 import type { PrivateKeyJwk as Web5PrivateKeyJwk } from '@web5/crypto'
 
@@ -27,9 +27,9 @@ export type GetOfferingsOptions = {
   pfiDid: string
   params?: {
     /** ISO 3166 currency code string */
-    baseCurrency: OfferingModel['baseCurrency']['currencyCode']
+    baseCurrency: OfferingData['baseCurrency']['currencyCode']
     /** ISO 3166 currency code string */
-    quoteCurrency: OfferingModel['baseCurrency']['currencyCode']
+    quoteCurrency: OfferingData['baseCurrency']['currencyCode']
     id: ResourceMetadata<any>['id']
   }
 }
@@ -77,8 +77,9 @@ export class PfiRestClient {
     let response: Response
     try {
       response = await fetch(apiRoute, {
-        method : 'POST',
-        body   : JSON.stringify(jsonMessage)
+        method  : 'POST',
+        headers : { 'content-type': 'application/json' },
+        body    : JSON.stringify(jsonMessage)
       })
     } catch(e) {
       throw new Error(`Failed to send message to ${pfiDid}. Error: ${e.message}`)
@@ -220,6 +221,10 @@ export class PfiRestClient {
    *              when dereferencing the signer's DID
    */
   static async generateRequestToken(privateKeyJwk: Web5PrivateKeyJwk, kid: string): Promise<string> {
+    // TODO: include exp property. expires 1 minute from generation time
+    // TODO: include aud property. should be DID of receipient
+    // TODO: include nbf property. not before current time
+    // TODO: include iss property. should be requester's did
     const tokenPayload = { timestamp: new Date().toISOString() }
     return Crypto.sign({ privateKeyJwk, kid, payload: tokenPayload })
   }