introduce wallet connect

packages/agent/src/connect.ts

@@ -1,12 +1,18 @@
+import { CryptoUtils } from '@web5/crypto';
 import { DwnProtocolDefinition, DwnRecordsPermissionScope } from './index.js';
 import {
   Web5ConnectAuthResponse,
   Oidc,
   type PushedAuthResponse,
 } from './oidc.js';
 import { pollWithTtl } from './utils.js';
-import { DidDht } from '@web5/dids';
+import { DidJwk } from '@web5/dids';
+import { Convert } from '@web5/common';
 
+/**
+ * Initiates the wallet connect process. Used when a client wants to obtain
+ * a did from a provider.
+ */
 async function initClient({
   connectServerUrl,
   walletUri,
@@ -16,13 +22,14 @@
 }: WalletConnectOptions) {
   // ephemeral client did for ECDH, signing, verification
   // TODO: use separate keys for ECDH vs. sign/verify. could maybe use secp256k1.
-  const clientDid = await DidDht.create();
+  const clientDid = await DidJwk.create();
 
   // TODO: properly implement PKCE. this implementation is lacking server side validations and more.
   // https://github.com/TBD54566975/web5-js/issues/829
   // Derive the code challenge based on the code verifier
-  const { codeChallengeBytes, codeChallengeBase64Url } =
-    await Oidc.generateCodeChallenge();
+  // const { codeChallengeBytes, codeChallengeBase64Url } =
+  //   await Oidc.generateCodeChallenge();
+  const encryptionKey = CryptoUtils.randomBytes(32);
 
   // build callback URL to pass into the auth request
   const callbackEndpoint = Oidc.buildOidcUrl({
@@ -32,12 +39,12 @@
 
   // build the PAR request
   const request = await Oidc.createAuthRequest({
-    client_id             : clientDid.uri,
-    scope                 : 'web5', // TODO: clear with frank
-    code_challenge        : codeChallengeBase64Url,
-    code_challenge_method : 'S256',
-    permissionRequests    : permissionRequests,
-    redirect_uri          : callbackEndpoint,
+    client_id          : clientDid.uri,
+    scope              : 'web5', // TODO: clear with frank
+    // code_challenge        : codeChallengeBase64Url,
+    // code_challenge_method : 'S256',
+    permissionRequests : permissionRequests,
+    redirect_uri       : callbackEndpoint,
   });
 
   // Sign the Request Object using the Client DID's signing key.
@@ -47,12 +54,12 @@
   });
 
   if (!requestJwt) {
     throw new Error('Unable to sign requestObject');
   }
   // Encrypt the Request Object JWT using the code challenge.
   const requestObjectJwe = await Oidc.encryptAuthRequest({
-    jwt           : requestJwt,
-    codeChallenge : codeChallengeBytes,
+    jwt: requestJwt,
+    encryptionKey,
   });
 
   // Convert the encrypted Request Object to URLSearchParams for form encoding.
@@ -74,8 +81,8 @@
   });
 
   if (!parResponse.ok) {
     throw new Error(`${parResponse.status}: ${parResponse.statusText}`);
   }
 
   const parData: PushedAuthResponse = await parResponse.json();
 
@@ -83,7 +90,7 @@
   // a route to its web5 connect provider flow and the params of where to fetch the auth request.
   const generatedWalletUri = new URL(walletUri);
   generatedWalletUri.searchParams.set('request_uri', parData.request_uri);
-  generatedWalletUri.searchParams.set('code_challenge', codeChallengeBase64Url);
+  generatedWalletUri.searchParams.set('encryption_key', Convert.uint8Array(encryptionKey).toBase64Url());
 
   // call user's callback so they can send the URI to the wallet as they see fit
   onWalletUriReady(generatedWalletUri.toString());
@@ -116,8 +123,8 @@
 }
 
 /**
- * Initiates the wallet connect process. Used when the app (client) wants to import
- * a delegated identity DID from a wallet (provider).
+ * Initiates the wallet connect process. Used when a client wants to obtain
+ * a did from a provider.
  */
 export type WalletConnectOptions = {
   /** The URL of the intermediary server which relays messages between the client and provider */
@@ -140,9 +147,9 @@
   /**
    * The Web5 API provides a URI to the wallet based on the `walletUri` plus a query params payload valid for 5 minutes.
    * The link can either be used as a deep link on the same device or a QR code for cross device or both.
-   * The query params are `{ request_uri: string; code_challenge: string; }`
+   * The query params are `{ request_uri: string; encryption_key: string; }`
    * The wallet will use the `request_uri to contact the intermediary server's `authorize` endpoint
-   * and pull down the {@link Web5ConnectAuthRequest} and use the `code_challenge` to decrypt it.
+   * and pull down the {@link Web5ConnectAuthRequest} and use the `encryption_key` to decrypt it.
    *
    * @param uri - The URI returned by the web5 connect API to be passed to a provider.
    */