feat: Support meta credential tokens

joachimvh · joachimvh · commit 6fb6b6a1dcda · 2025-10-06T11:02:10.000+02:00
diff --git a/packages/uma/config/credentials/verifiers/default.json b/packages/uma/config/credentials/verifiers/default.json
@@ -6,6 +6,7 @@
     {
       "@id": "urn:uma:default:Verifier",
       "@type": "TypedVerifier",
+      "metaType": "urn:solidlab:uma:claims:formats:meta",
       "verifiers": [
         {
           "TypedVerifier:_verifiers_key": "urn:solidlab:uma:claims:formats:webid",
diff --git a/packages/uma/src/credentials/Formats.ts b/packages/uma/src/credentials/Formats.ts
@@ -1,4 +1,5 @@
 
 export const JWT = 'urn:solidlab:uma:claims:formats:jwt';
 export const UNSECURE = 'urn:solidlab:uma:claims:formats:webid';
+export const META = 'urn:solidlab:uma:claims:formats:meta';
 export const OIDC = 'http://openid.net/specs/openid-connect-core-1_0.html#IDToken';
diff --git a/packages/uma/src/credentials/verify/TypedVerifier.ts b/packages/uma/src/credentials/verify/TypedVerifier.ts
@@ -3,12 +3,32 @@ import { ClaimSet } from "../ClaimSet";
 import { Credential } from "../Credential";
 import { Verifier } from "./Verifier";
 
+/**
+ * Redirect verification requests to the relevant verifier by matching the credential format
+ * to the keys of the internal verifier map.
+ * In case the credential format is the meta type, it is assumed the value is a key/value map
+ * with keys being credential formats, and values the associated tokens.
+ * These results will be merged, if multiple credentials map to the same claim,
+ * the result will depend on the execution order.
+ */
 export class TypedVerifier implements Verifier {
   private readonly logger = getLoggerFor(this);
 
-  constructor(protected verifiers: Record<string, Verifier>) {}
+  constructor(
+    protected readonly verifiers: Record<string, Verifier>,
+    protected readonly metaType?: string,
+  ) {}
 
   public async verify(credential: Credential): Promise<ClaimSet> {
+    // Recursively verify in case of a meta credential token
+    if (credential.format === this.metaType) {
+      const metaClaims = {};
+      for (const [ format, token ] of Object.entries(credential.token)) {
+        Object.assign(metaClaims, await this.verify({ format, token }));
+      }
+      return metaClaims;
+    }
+
     const verifier = this.verifiers[credential.format];
     this.logger.debug(`Verifying credential with typed verifier ${JSON.stringify(credential)}`);
 

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`{`
`7`	`7`	`"@id": "urn:uma:default:Verifier",`
`8`	`8`	`"@type": "TypedVerifier",`
	`9`	`+ "metaType": "urn:solidlab:uma:claims:formats:meta",`
`9`	`10`	`"verifiers": [`
`10`	`11`	`{`
`11`	`12`	`"TypedVerifier:_verifiers_key": "urn:solidlab:uma:claims:formats:webid",`