feat: add support for SIOP request JWT (#262)

src/JWT.ts

@@ -402,10 +402,10 @@ export async function verifyJWT(
       : undefined
     : options.proofPurpose
 
-  let did = ''
+  let did
 
-  if (!payload.iss) {
-    throw new Error(`${JWT_ERROR.INVALID_JWT}: JWT iss is required`)
+  if (!payload.iss && !payload.client_id) {
+    throw new Error(`${JWT_ERROR.INVALID_JWT}: JWT iss or client_id are required`)
   }
 
   if (payload.iss === SELF_ISSUED_V2 || payload.iss === SELF_ISSUED_V2_VC_INTEROP) {
@@ -422,6 +422,13 @@ export async function verifyJWT(
       throw new Error(`${JWT_ERROR.INVALID_JWT}: JWT did is required`)
     }
     did = payload.did
+  } else if (!payload.iss && payload.scope === 'openid' && payload.redirect_uri) {
+    // SIOP Request payload
+    // https://identity.foundation/jwt-vc-presentation-profile/#self-issued-op-request-object
+    if (!payload.client_id) {
+      throw new Error(`${JWT_ERROR.INVALID_JWT}: JWT client_id is required`)
+    }
+    did = payload.client_id
   } else {
     did = payload.iss
   }

src/__tests__/JWT.test.ts

@@ -1005,11 +1005,11 @@ describe('verifyJWT() for ES256K', () => {
     )
   })
 
-  it('rejects a pregenerated JWT without iss', async () => {
+  it('rejects a pregenerated JWT without iss or client_id', async () => {
     expect.assertions(1)
     const jwt =
       'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJpYXQiOjE0ODUzMjExMzN9.aa3_8ZH99MjFoHTrNjOm7Pgq5VL5A13DHR5MTd_dBw2B_pWgNuz4N1tbrocTP0MgDlRbovKmTTDrGNjNMPqH3g'
-    await expect(verifyJWT(jwt, { resolver })).rejects.toThrowError(/JWT iss is required/)
+    await expect(verifyJWT(jwt, { resolver })).rejects.toThrowError(/JWT iss or client_id are required/)
   })
 
   it('rejects a self-issued v2 JWT without sub', async () => {