@pagopa/io-react-native-wallet 0.1.0 → 0.1.1

package/lib/typescript/rp/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/rp/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoBxB,CAAC;AAGH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkChC,CAAC"}

package/lib/typescript/utils/dpop.d.ts

@@ -0,0 +1,21 @@
+import * as z from "zod";
+import type { JWK } from "./jwk";
+export declare const getUnsignedDPop: (jwk: JWK, payload: DPoPPayload) => string;
+export type DPoPPayload = z.infer<typeof DPoPPayload>;
+export declare const DPoPPayload: z.ZodObject<{
+    jti: z.ZodString;
+    htm: z.ZodUnion<[z.ZodLiteral<"POST">, z.ZodLiteral<"GET">]>;
+    htu: z.ZodString;
+    ath: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    jti: string;
+    htm: "GET" | "POST";
+    htu: string;
+    ath: string;
+}, {
+    jti: string;
+    htm: "GET" | "POST";
+    htu: string;
+    ath: string;
+}>;
+//# sourceMappingURL=dpop.d.ts.map

package/lib/typescript/utils/dpop.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dpop.d.ts","sourceRoot":"","sources":["../../../src/utils/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAGzB,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAEjC,eAAO,MAAM,eAAe,QAAS,GAAG,WAAW,WAAW,KAAG,MAWhE,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AACtD,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;EAKtB,CAAC"}

package/lib/typescript/utils/errors.d.ts

@@ -42,4 +42,17 @@ export declare class WalletInstanceAttestationIssuingError extends IoWalletError
     reason: string;
     constructor(message: string, claim?: string, reason?: string);
 }
+/**
+ * An error subclass thrown when auth request decode fail
+ *
+ */
+export declare class AuthRequestDecodeError extends IoWalletError {
+    static get code(): "ERR_IO_WALLET_AUTHENTICATION_REQUEST_DECODE_FAILED";
+    code: string;
+    /** The Claim for which the validation failed. */
+    claim: string;
+    /** Reason code for the validation failure. */
+    reason: string;
+    constructor(message: string, claim?: string, reason?: string);
+}
 //# sourceMappingURL=errors.d.ts.map

package/lib/typescript/utils/errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/utils/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACtC,6DAA6D;IAC7D,MAAM,KAAK,IAAI,IAAI,MAAM,CAExB;IAED,6DAA6D;IAC7D,IAAI,EAAE,MAAM,CAA2B;gBAE3B,OAAO,CAAC,EAAE,MAAM;CAM7B;AACD;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,aAAa;IACjD,MAAM,KAAK,IAAI,IAAI,iCAAiC,CAEnD;IAED,IAAI,SAAqC;IAEzC,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAEH,OAAO,EAAE,MAAM,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAK3E;AAED;;;GAGG;AACH,qBAAa,qCAAsC,SAAQ,aAAa;IACtE,MAAM,KAAK,IAAI,IAAI,mDAAmD,CAErE;IAED,IAAI,SAAuD;IAE3D,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAEH,OAAO,EAAE,MAAM,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAK3E"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/utils/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACtC,6DAA6D;IAC7D,MAAM,KAAK,IAAI,IAAI,MAAM,CAExB;IAED,6DAA6D;IAC7D,IAAI,EAAE,MAAM,CAA2B;gBAE3B,OAAO,CAAC,EAAE,MAAM;CAM7B;AACD;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,aAAa;IACjD,MAAM,KAAK,IAAI,IAAI,iCAAiC,CAEnD;IAED,IAAI,SAAqC;IAEzC,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAEH,OAAO,EAAE,MAAM,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAK3E;AAED;;;GAGG;AACH,qBAAa,qCAAsC,SAAQ,aAAa;IACtE,MAAM,KAAK,IAAI,IAAI,mDAAmD,CAErE;IAED,IAAI,SAAuD;IAE3D,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAEH,OAAO,EAAE,MAAM,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAK3E;AAED;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,MAAM,KAAK,IAAI,IAAI,oDAAoD,CAEtE;IAED,IAAI,SAAwD;IAE5D,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAEH,OAAO,EAAE,MAAM,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAK3E"}

package/lib/typescript/utils/signature.d.ts

@@ -0,0 +1,2 @@
+export declare const getSignedJwt: (unsignedJwt: string, signature: string) => Promise<string>;
+//# sourceMappingURL=signature.d.ts.map

package/lib/typescript/utils/signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../../../src/utils/signature.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,YAAY,gBAAuB,MAAM,aAAa,MAAM,oBAClB,CAAC"}

package/lib/typescript/wallet-instance-attestation/issuing.d.ts

@@ -1,7 +1,8 @@
 import { JWK } from "../utils/jwk";
 export declare class Issuing {
     walletProviderBaseUrl: string;
-    constructor(walletProviderBaseUrl: string);
+    appFetch: GlobalFetch["fetch"];
+    constructor(walletProviderBaseUrl: string, appFetch?: GlobalFetch["fetch"]);
     /**
      * Get the Wallet Instance Attestation Request to sign
      *
@@ -22,11 +23,10 @@ export declare class Issuing {
      * @param attestationRequest Wallet Instance Attestaion Request
      * obtained with {@link getAttestationRequestToSign}
      * @param signature Signature of the Wallet Instance Attestaion Request
-     * @param appFetch Optional object with fetch function to use
      *
      * @returns {string} Wallet Instance Attestation
      *
      */
-    getAttestation(attestationRequest: string, signature: string, appFetch?: GlobalFetch): Promise<String>;
+    getAttestation(attestationRequest: string, signature: string): Promise<String>;
 }
 //# sourceMappingURL=issuing.d.ts.map

package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/issuing.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAKnC,qBAAa,OAAO;IAClB,qBAAqB,EAAE,MAAM,CAAC;gBAElB,qBAAqB,EAAE,MAAM;IAIzC;;;;;;;;;OASG;IACG,2BAA2B,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IA0B5D;;;;;;;;;;;;;OAaG;IACG,cAAc,CAClB,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,MAAM,EACjB,QAAQ,GAAE,WAAuB,GAChC,OAAO,CAAC,MAAM,CAAC;CAqCnB"}
+{"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/issuing.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAKnC,qBAAa,OAAO;IAClB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;gBAE7B,qBAAqB,EAAE,MAAM,EAC7B,QAAQ,GAAE,WAAW,CAAC,OAAO,CAAS;IAMxC;;;;;;;;;OASG;IACG,2BAA2B,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IA0B5D;;;;;;;;;;;;OAYG;IACG,cAAc,CAClB,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;CAqCnB"}

package/lib/typescript/wallet-instance-attestation/types.d.ts

@@ -575,8 +575,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
     }, "strip", z.ZodTypeAny, {
         type: "WalletInstanceAttestation";
         policy_uri: string;
-        tos_uri: string;
         logo_uri: string;
+        tos_uri: string;
         asc: string;
         authorization_endpoint: string;
         response_types_supported: string[];
@@ -593,8 +593,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
     }, {
         type: "WalletInstanceAttestation";
         policy_uri: string;
-        tos_uri: string;
         logo_uri: string;
+        tos_uri: string;
         asc: string;
         authorization_endpoint: string;
         response_types_supported: string[];
@@ -653,8 +653,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
     } & {
         type: "WalletInstanceAttestation";
         policy_uri: string;
-        tos_uri: string;
         logo_uri: string;
+        tos_uri: string;
         asc: string;
         authorization_endpoint: string;
         response_types_supported: string[];
@@ -713,8 +713,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
     } & {
         type: "WalletInstanceAttestation";
         policy_uri: string;
-        tos_uri: string;
         logo_uri: string;
+        tos_uri: string;
         asc: string;
         authorization_endpoint: string;
         response_types_supported: string[];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",

package/src/index.ts

@@ -1,8 +1,15 @@
 import * as PID from "./pid";
+import * as RP from "./rp";
+import * as Errors from "./utils/errors";
 import * as WalletInstanceAttestation from "./wallet-instance-attestation";
+import { getUnsignedDPop } from "./utils/dpop";
+import { getSignedJwt } from "./utils/signature";
 
-export function multiply(a: number, b: number): Promise<number> {
-  return Promise.resolve(a * b);
-}
-
-export { PID, WalletInstanceAttestation };
+export {
+  PID,
+  RP,
+  WalletInstanceAttestation,
+  Errors,
+  getUnsignedDPop,
+  getSignedJwt,
+};

package/src/rp/__test__/index.test.ts

@@ -0,0 +1,23 @@
+import { RelyingPartySolution } from "..";
+import { AuthRequestDecodeError } from "../../utils/errors";
+
+const walletInstanceAttestation =
+  "eyJhbGciOiJFUzI1NiIsImtpZCI6IjV0NVlZcEJoTi1FZ0lFRUk1aVV6cjZyME1SMDJMblZRME9tZWttTktjalkiLCJ0cnVzdF9jaGFpbiI6WyJleUpoYkdjaU9pSkZVei4uLjZTMEEiLCJleUpoYkdjaU9pSkZVei4uLmpKTEEiLCJleUpoYkdjaU9pSkZVei4uLkg5Z3ciXSwidHlwIjoidmErand0IiwieDVjIjpbIk1JSUJqRENDIC4uLiBYRmVoZ0tRQT09Il19.eyJpc3MiOiJodHRwczovL3dhbGxldC1wcm92aWRlci5leGFtcGxlLm9yZyIsInN1YiI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMiLCJ0eXBlIjoiV2FsbGV0SW5zdGFuY2VBdHRlc3RhdGlvbiIsInBvbGljeV91cmkiOiJodHRwczovL3dhbGxldC1wcm92aWRlci5leGFtcGxlLm9yZy9wcml2YWN5X3BvbGljeSIsInRvc191cmkiOiJodHRwczovL3dhbGxldC1wcm92aWRlci5leGFtcGxlLm9yZy9pbmZvX3BvbGljeSIsImxvZ29fdXJpIjoiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmcvbG9nby5zdmciLCJhc2MiOiJodHRwczovL3dhbGxldC1wcm92aWRlci5leGFtcGxlLm9yZy9Mb0EvYmFzaWMiLCJjbmYiOnsiandrIjp7ImNydiI6IlAtMjU2Iiwia3R5IjoiRUMiLCJ4IjoiNEhOcHRJLXhyMnBqeVJKS0dNbno0V21kblFEX3VKU3E0Ujk1Tmo5OGI0NCIsInkiOiJMSVpuU0IzOXZGSmhZZ1MzazdqWEU0cjMtQ29HRlF3WnRQQklScXBObHJnIiwia2lkIjoidmJlWEprc000NXhwaHRBTm5DaUc2bUN5dVU0amZHTnpvcEd1S3ZvZ2c5YyJ9fSwiYXV0aG9yaXphdGlvbl9lbmRwb2ludCI6ImV1ZGl3OiIsInJlc3BvbnNlX3R5cGVzX3N1cHBvcnRlZCI6WyJ2cF90b2tlbiJdLCJ2cF9mb3JtYXRzX3N1cHBvcnRlZCI6eyJqd3RfdnBfanNvbiI6eyJhbGdfdmFsdWVzX3N1cHBvcnRlZCI6WyJFUzI1NiJdfSwiand0X3ZjX2pzb24iOnsiYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiRVMyNTYiXX19LCJyZXF1ZXN0X29iamVjdF9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIkVTMjU2Il0sInByZXNlbnRhdGlvbl9kZWZpbml0aW9uX3VyaV9zdXBwb3J0ZWQiOmZhbHNlLCJpYXQiOjE2ODcyODExOTUsImV4cCI6MTY4NzI4ODM5NX0.OTuPik6p3o9j6VOx-uCyxRvHwoh1pDiiZcBQFNQt2uE3dK-8izGNflJVETi_uhGSZOf25Enkq-UvEin9NrbJNw";
+const rp = new RelyingPartySolution(
+  "http://rp.example",
+  walletInstanceAttestation
+);
+describe("decodeAuthRequestQR", () => {
+  it("should return authentication request URL", async () => {
+    const qrcode =
+      "ZXVkaXc6Ly9hdXRob3JpemU/Y2xpZW50X2lkPWh0dHBzOi8vdmVyaWZpZXIuZXhhbXBsZS5vcmcmcmVxdWVzdF91cmk9aHR0cHM6Ly92ZXJpZmllci5leGFtcGxlLm9yZy9yZXF1ZXN0X3VyaQ==";
+    const result = rp.decodeAuthRequestQR(qrcode);
+    expect(result).toEqual("https://verifier.example.org/request_uri");
+  });
+  it("should throw exception with invalid QR", async () => {
+    const qrcode = "aHR0cDovL2dvb2dsZS5pdA==";
+    expect(() => rp.decodeAuthRequestQR(qrcode)).toThrowError(
+      AuthRequestDecodeError
+    );
+  });
+});

package/src/rp/index.ts

@@ -0,0 +1,150 @@
+import { AuthRequestDecodeError, IoWalletError } from "../utils/errors";
+import {
+  decode as decodeJwt,
+  decodeBase64,
+  sha256ToBase64,
+  SignJWT,
+} from "@pagopa/io-react-native-jwt";
+import { RequestObject, RpEntityConfiguration } from "./types";
+
+import uuid from "react-native-uuid";
+import type { JWK } from "@pagopa/io-react-native-jwt/lib/typescript/types";
+
+export class RelyingPartySolution {
+  relyingPartyBaseUrl: string;
+  walletInstanceAttestation: string;
+  appFetch: GlobalFetch["fetch"];
+
+  constructor(
+    relyingPartyBaseUrl: string,
+    walletInstanceAttestation: string,
+    appFetch: GlobalFetch["fetch"] = fetch
+  ) {
+    this.relyingPartyBaseUrl = relyingPartyBaseUrl;
+    this.walletInstanceAttestation = walletInstanceAttestation;
+    this.appFetch = appFetch;
+  }
+
+  /**
+   * Decode a QR code content to an authentication request url.
+   * @function
+   * @param qrcode QR code content
+   *
+   * @returns The authentication request url
+   *
+   */
+  decodeAuthRequestQR(qrcode: string): string {
+    try {
+      const decoded = decodeBase64(qrcode);
+      const decodedUrl = new URL(decoded);
+      const requestUri = decodedUrl.searchParams.get("request_uri");
+      if (requestUri) {
+        return requestUri;
+      } else {
+        throw new AuthRequestDecodeError(
+          "Unable to obtain request_uri from QR code",
+          `${decodedUrl}`
+        );
+      }
+    } catch {
+      throw new AuthRequestDecodeError(
+        "Unable to decode QR code authentication request url",
+        qrcode
+      );
+    }
+  }
+  /**
+   * Obtain the unsigned wallet instance DPoP for authentication request
+   *
+   * @function
+   * @param walletInstanceAttestationJwk JWT of the Wallet Instance Attestation
+   * @param authRequestUrl authentication request url
+   *
+   * @returns The unsigned wallet instance DPoP
+   *
+   */
+  async getUnsignedWalletInstanceDPoP(
+    walletInstanceAttestationJwk: JWK,
+    authRequestUrl: string
+  ): Promise<string> {
+    return await new SignJWT({
+      jti: `${uuid.v4()}`,
+      htm: "GET",
+      htu: authRequestUrl,
+      ath: await sha256ToBase64(this.walletInstanceAttestation),
+    })
+      .setProtectedHeader({
+        alg: "ES256",
+        jwk: walletInstanceAttestationJwk,
+        typ: "dpop+jwt",
+      })
+      .setIssuedAt()
+      .setExpirationTime("1h")
+      .toSign();
+  }
+
+  /**
+   * Obtain the Request Object for RP authentication
+   *
+   * @function
+   * @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
+   *
+   * @returns The Request Object JWT
+   *
+   */
+  async getRequestObject(
+    signedWalletInstanceDPoP: string
+  ): Promise<RequestObject> {
+    const decodedJwtDPop = await decodeJwt(signedWalletInstanceDPoP);
+    const requestUri = decodedJwtDPop.payload.htu as string;
+
+    const response = await this.appFetch(requestUri, {
+      method: "GET",
+      headers: {
+        Authorization: `DPoP ${this.walletInstanceAttestation}`,
+        DPoP: signedWalletInstanceDPoP,
+      },
+    });
+
+    if (response.status === 200) {
+      const responseText = await response.text();
+      const responseJwt = await decodeJwt(responseText);
+      const requestObj = RequestObject.parse({
+        header: responseJwt.protectedHeader,
+        payload: responseJwt.payload,
+      });
+      return requestObj;
+    }
+
+    throw new IoWalletError(
+      `Unable to obtain Request Object. Response code: ${response.status}`
+    );
+  }
+
+  /**
+   * Obtain the relying party entity configuration.
+   */
+  async getEntityConfiguration(): Promise<RpEntityConfiguration> {
+    const wellKnownUrl = new URL(
+      "/.well-known/openid-federation",
+      this.relyingPartyBaseUrl
+    ).href;
+
+    const response = await this.appFetch(wellKnownUrl, {
+      method: "GET",
+    });
+
+    if (response.status === 200) {
+      const responseText = await response.text();
+      const responseJwt = await decodeJwt(responseText);
+      return RpEntityConfiguration.parse({
+        header: responseJwt.protectedHeader,
+        payload: responseJwt.payload,
+      });
+    }
+
+    throw new IoWalletError(
+      `Unable to obtain RP Entity Configuration. Response code: ${response.status}`
+    );
+  }
+}

package/src/rp/types.ts

@@ -0,0 +1,64 @@
+import { JWK } from "../utils/jwk";
+import { UnixTime } from "../sd-jwt/types";
+import * as z from "zod";
+
+export type RequestObject = z.infer<typeof RequestObject>;
+export const RequestObject = z.object({
+  header: z.object({
+    typ: z.literal("JWT"),
+    alg: z.string(),
+    kid: z.string(),
+    trust_chain: z.array(z.string()),
+  }),
+  payload: z.object({
+    iss: z.string(),
+    iat: UnixTime,
+    exp: UnixTime,
+    state: z.string(),
+    nonce: z.string(),
+    response_uri: z.string(),
+    response_type: z.literal("vp_token"),
+    response_mode: z.literal("direct_post.jwt"),
+    client_id: z.string(),
+    client_id_scheme: z.literal("entity_id"),
+    scope: z.string(),
+  }),
+});
+
+// TODO: This types is WIP in technical rules
+export type RpEntityConfiguration = z.infer<typeof RpEntityConfiguration>;
+export const RpEntityConfiguration = z.object({
+  header: z.object({
+    typ: z.literal("entity-statement+jwt"),
+    alg: z.string(),
+    kid: z.string(),
+  }),
+  payload: z.object({
+    exp: UnixTime,
+    iat: UnixTime,
+    iss: z.string(),
+    sub: z.string(),
+    jwks: z.object({
+      keys: z.array(JWK),
+    }),
+    metadata: z.object({
+      wallet_relying_party: z.object({
+        application_type: z.string(),
+        client_id: z.string(),
+        client_name: z.string(),
+        jwks: z.object({
+          keys: z.array(JWK),
+        }),
+        contacts: z.array(z.string()),
+      }),
+      federation_entity: z.object({
+        organization_name: z.string(),
+        homepage_uri: z.string(),
+        policy_uri: z.string(),
+        logo_uri: z.string(),
+        contacts: z.array(z.string()),
+      }),
+    }),
+    authority_hints: z.array(z.string()),
+  }),
+});

package/src/utils/dpop.ts

@@ -0,0 +1,25 @@
+import * as z from "zod";
+
+import { SignJWT } from "@pagopa/io-react-native-jwt";
+import type { JWK } from "./jwk";
+
+export const getUnsignedDPop = (jwk: JWK, payload: DPoPPayload): string => {
+  const dPop = new SignJWT(payload)
+    .setProtectedHeader({
+      alg: "ES256",
+      typ: "dpop+jwt",
+      jwk,
+    })
+    .setIssuedAt()
+    .setExpirationTime("1h")
+    .toSign();
+  return dPop;
+};
+
+export type DPoPPayload = z.infer<typeof DPoPPayload>;
+export const DPoPPayload = z.object({
+  jti: z.string(),
+  htm: z.union([z.literal("POST"), z.literal("GET")]),
+  htu: z.string(),
+  ath: z.string(),
+});

package/src/utils/errors.ts

@@ -72,3 +72,27 @@ export class WalletInstanceAttestationIssuingError extends IoWalletError {
     this.reason = reason;
   }
 }
+
+/**
+ * An error subclass thrown when auth request decode fail
+ *
+ */
+export class AuthRequestDecodeError extends IoWalletError {
+  static get code(): "ERR_IO_WALLET_AUTHENTICATION_REQUEST_DECODE_FAILED" {
+    return "ERR_IO_WALLET_AUTHENTICATION_REQUEST_DECODE_FAILED";
+  }
+
+  code = "ERR_IO_WALLET_AUTHENTICATION_REQUEST_DECODE_FAILED";
+
+  /** The Claim for which the validation failed. */
+  claim: string;
+
+  /** Reason code for the validation failure. */
+  reason: string;
+
+  constructor(message: string, claim = "unspecified", reason = "unspecified") {
+    super(message);
+    this.claim = claim;
+    this.reason = reason;
+  }
+}

package/src/utils/signature.ts

@@ -0,0 +1,4 @@
+import { SignJWT } from "@pagopa/io-react-native-jwt";
+
+export const getSignedJwt = async (unsignedJwt: string, signature: string) =>
+  await SignJWT.appendSignature(unsignedJwt, signature);

package/src/wallet-instance-attestation/issuing.ts

@@ -8,9 +8,13 @@ import { WalletInstanceAttestationIssuingError } from "../utils/errors";
 
 export class Issuing {
   walletProviderBaseUrl: string;
-
-  constructor(walletProviderBaseUrl: string) {
+  appFetch: GlobalFetch["fetch"];
+  constructor(
+    walletProviderBaseUrl: string,
+    appFetch: GlobalFetch["fetch"] = fetch
+  ) {
     this.walletProviderBaseUrl = walletProviderBaseUrl;
+    this.appFetch = appFetch;
   }
 
   /**
@@ -58,15 +62,13 @@ export class Issuing {
    * @param attestationRequest Wallet Instance Attestaion Request
    * obtained with {@link getAttestationRequestToSign}
    * @param signature Signature of the Wallet Instance Attestaion Request
-   * @param appFetch Optional object with fetch function to use
    *
    * @returns {string} Wallet Instance Attestation
    *
    */
   async getAttestation(
     attestationRequest: string,
-    signature: string,
-    appFetch: GlobalFetch = { fetch }
+    signature: string
   ): Promise<String> {
     const signedAttestationRequest = await SignJWT.appendSignature(
       attestationRequest,
@@ -87,7 +89,7 @@ export class Issuing {
         "urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation",
       assertion: signedAttestationRequest,
     };
-    const response = await appFetch.fetch(tokenUrl, {
+    const response = await this.appFetch(tokenUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",