@pagopa/io-react-native-wallet 0.10.2 → 0.11.1

package/lib/commonjs/credential/issuance/06-obtain-credential.js

@@ -27,8 +27,16 @@ const createNonceProof = async (nonce, issuer, audience, ctx) => {
 exports.createNonceProof = createNonceProof;
 const CredentialEndpointResponse = z.object({
   credential: z.string(),
-  format: _const.SupportedCredentialFormat
+  format: _const.SupportedCredentialFormat,
+  // nonce used to perform multiple credential requests
+  // re-using the same authorization profile
+  c_nonce: z.string(),
+  c_nonce_expires_in: z.number()
 });
+// Checks whether in the Entity confoguration at least one credential
+// is defined for the given type and format
+const isCredentialAvailable = (issuerConf, credentialType, credentialFormat) => issuerConf.openid_credential_issuer.credentials_supported.some(c => c.format === credentialFormat && c.credential_definition.type.includes(credentialType));
+
 /**
  * Fetch a credential from the issuer
  *
@@ -37,17 +45,21 @@ const CredentialEndpointResponse = z.object({
  * @param nonce The nonce value to prevent reply attacks, obtained with the access authorization step
  * @param clientId Identifies the current client across all the requests of the issuing flow
  * @param credentialType The type of the credential to be requested
+ * @param credentialFormat The format of the requested credential. @see {SupportedCredentialFormat}
  * @param context.credentialCryptoContext The context to access the key the Credential will be bound to
  * @param context.walletProviderBaseUrl The base url of the Wallet Provider
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
  * @returns The signed credential token
  */
-const obtainCredential = async (issuerConf, accessToken, nonce, clientId, credentialType, context) => {
+const obtainCredential = async (issuerConf, accessToken, nonce, clientId, credentialType, credentialFormat, context) => {
   const {
     credentialCryptoContext,
     walletProviderBaseUrl,
     appFetch = fetch
   } = context;
+  if (!isCredentialAvailable(issuerConf, credentialType, credentialFormat)) {
+    throw new Error(`The Issuer provides no credential for type ${credentialType} and format ${credentialFormat}`);
+  }
   const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
 
   /** DPoP token for demonstating the possession
@@ -69,7 +81,7 @@ const obtainCredential = async (issuerConf, accessToken, nonce, clientId, creden
     credential_definition: JSON.stringify({
       type: [credentialType]
     }),
-    format: "vc+sd-jwt",
+    format: credentialFormat,
     proof: JSON.stringify({
       jwt: signedNonceProof,
       proof_type: "jwt"
@@ -77,7 +89,8 @@ const obtainCredential = async (issuerConf, accessToken, nonce, clientId, creden
   });
   const {
     credential,
-    format
+    format,
+    c_nonce
   } = await appFetch(credentialUrl, {
     method: "POST",
     headers: {
@@ -89,7 +102,8 @@ const obtainCredential = async (issuerConf, accessToken, nonce, clientId, creden
   }).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(CredentialEndpointResponse.parse);
   return {
     credential,
-    format
+    format,
+    nonce: c_nonce
   };
 };
 exports.obtainCredential = obtainCredential;

package/lib/commonjs/credential/issuance/06-obtain-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_dpop","_misc","_const","obj","__esModule","default","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createNonceProof","nonce","issuer","audience","ctx","SignJWT","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","CredentialEndpointResponse","object","credential","string","format","SupportedCredentialFormat","obtainCredential","issuerConf","accessToken","clientId","credentialType","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","credentialUrl","openid_credential_issuer","credential_endpoint","signedDPopForPid","createDPopToken","htm","htu","jti","uuid","v4","signedNonceProof","formBody","URLSearchParams","credential_definition","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","hasStatus","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAGA,IAAAK,KAAA,GAAAL,OAAA;AAGA,IAAAM,MAAA,GAAAN,OAAA;AAAoD,SAAAE,uBAAAK,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAZ,wBAAAQ,GAAA,EAAAI,WAAA,SAAAA,WAAA,IAAAJ,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAQ,KAAA,GAAAL,wBAAA,CAAAC,WAAA,OAAAI,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAT,GAAA,YAAAQ,KAAA,CAAAE,GAAA,CAAAV,GAAA,SAAAW,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAhB,GAAA,QAAAgB,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAnB,GAAA,EAAAgB,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAf,GAAA,EAAAgB,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAhB,GAAA,CAAAgB,GAAA,SAAAL,MAAA,CAAAT,OAAA,GAAAF,GAAA,MAAAQ,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAArB,GAAA,EAAAW,MAAA,YAAAA,MAAA;AAEpD;AACA;AACA;AACO,MAAMW,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIC,yBAAO,CAACD,GAAG,CAAC,CACpBE,UAAU,CAAC;IACVL,KAAK;IACLM,GAAG,EAAE,MAAMH,GAAG,CAACI,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAEF,MAAMiB,0BAA0B,GAAGhD,CAAC,CAACiD,MAAM,CAAC;EAC1CC,UAAU,EAAElD,CAAC,CAACmD,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEC;AACV,CAAC,CAAC;AAeF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXxB,KAAK,EACLyB,QAAQ,EACRC,cAAc,EACdC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,qBAAe,EAC5C;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEN,aAAa;IAClBO,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDb,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMc,gBAAgB,GAAG,MAAM3C,gBAAgB,CAC7CC,KAAK,EACLyB,QAAQ,EACRI,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMe,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;MACpCtC,IAAI,EAAE,CAACiB,cAAc;IACvB,CAAC,CAAC;IACFN,MAAM,EAAE,WAAW;IACnB4B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEP,gBAAgB;MACrBQ,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAEhC,UAAU;IAAEE;EAAO,CAAC,GAAG,MAAMU,QAAQ,CAACE,aAAa,EAAE;IAC3DmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAElB,gBAAgB;MACtBmB,aAAa,EAAE9B;IACjB,CAAC;IACD+B,IAAI,EAAEZ,QAAQ,CAACa,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,eAAS,EAAC,GAAG,CAAC,CAAC,CACpBD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACzC,0BAA0B,CAAC6C,KAAK,CAAC;EAEzC,OAAO;IAAE3C,UAAU;IAAEE;EAAO,CAAC;AAC/B,CAAC;AAACL,OAAA,CAAAO,gBAAA,GAAAA,gBAAA"}
+{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_dpop","_misc","_const","obj","__esModule","default","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createNonceProof","nonce","issuer","audience","ctx","SignJWT","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","CredentialEndpointResponse","object","credential","string","format","SupportedCredentialFormat","c_nonce","c_nonce_expires_in","number","isCredentialAvailable","issuerConf","credentialType","credentialFormat","openid_credential_issuer","credentials_supported","some","c","credential_definition","includes","obtainCredential","accessToken","clientId","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","Error","credentialUrl","credential_endpoint","signedDPopForPid","createDPopToken","htm","htu","jti","uuid","v4","signedNonceProof","formBody","URLSearchParams","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","hasStatus","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAGA,IAAAK,KAAA,GAAAL,OAAA;AAGA,IAAAM,MAAA,GAAAN,OAAA;AAAoD,SAAAE,uBAAAK,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAZ,wBAAAQ,GAAA,EAAAI,WAAA,SAAAA,WAAA,IAAAJ,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAQ,KAAA,GAAAL,wBAAA,CAAAC,WAAA,OAAAI,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAT,GAAA,YAAAQ,KAAA,CAAAE,GAAA,CAAAV,GAAA,SAAAW,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAhB,GAAA,QAAAgB,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAnB,GAAA,EAAAgB,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAf,GAAA,EAAAgB,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAhB,GAAA,CAAAgB,GAAA,SAAAL,MAAA,CAAAT,OAAA,GAAAF,GAAA,MAAAQ,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAArB,GAAA,EAAAW,MAAA,YAAAA,MAAA;AAEpD;AACA;AACA;AACO,MAAMW,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIC,yBAAO,CAACD,GAAG,CAAC,CACpBE,UAAU,CAAC;IACVL,KAAK;IACLM,GAAG,EAAE,MAAMH,GAAG,CAACI,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAEF,MAAMiB,0BAA0B,GAAGhD,CAAC,CAACiD,MAAM,CAAC;EAC1CC,UAAU,EAAElD,CAAC,CAACmD,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEC,gCAAyB;EACjC;EACA;EACAC,OAAO,EAAEtD,CAAC,CAACmD,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAEvD,CAAC,CAACwD,MAAM,CAAC;AAC/B,CAAC,CAAC;AAoBF;AACA;AACA,MAAMC,qBAAqB,GAAGA,CAC5BC,UAAkD,EAClDC,cAAgD,EAChDC,gBAA2C,KAE3CF,UAAU,CAACG,wBAAwB,CAACC,qBAAqB,CAACC,IAAI,CAC3DC,CAAC,IACAA,CAAC,CAACZ,MAAM,KAAKQ,gBAAgB,IAC7BI,CAAC,CAACC,qBAAqB,CAACxB,IAAI,CAACyB,QAAQ,CAACP,cAAc,CACxD,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMQ,gBAAkC,GAAG,MAAAA,CAChDT,UAAU,EACVU,WAAW,EACXpC,KAAK,EACLqC,QAAQ,EACRV,cAAc,EACdC,gBAAgB,EAChBU,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,IAAI,CAACb,qBAAqB,CAACC,UAAU,EAAEC,cAAc,EAAEC,gBAAgB,CAAC,EAAE;IACxE,MAAM,IAAIe,KAAK,CACZ,8CAA6ChB,cAAe,eAAcC,gBAAiB,EAC9F,CAAC;EACH;EAEA,MAAMgB,aAAa,GAAGlB,UAAU,CAACG,wBAAwB,CAACgB,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,qBAAe,EAC5C;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEL,aAAa;IAClBM,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDb,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMc,gBAAgB,GAAG,MAAMtD,gBAAgB,CAC7CC,KAAK,EACLqC,QAAQ,EACRG,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMe,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCtB,qBAAqB,EAAEuB,IAAI,CAACC,SAAS,CAAC;MACpChD,IAAI,EAAE,CAACkB,cAAc;IACvB,CAAC,CAAC;IACFP,MAAM,EAAEQ,gBAAgB;IACxB8B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEN,gBAAgB;MACrBO,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAE1C,UAAU;IAAEE,MAAM;IAAEE;EAAQ,CAAC,GAAG,MAAMmB,QAAQ,CAACG,aAAa,EAAE;IACpEiB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEjB,gBAAgB;MACtBkB,aAAa,EAAE5B;IACjB,CAAC;IACD6B,IAAI,EAAEX,QAAQ,CAACY,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,eAAS,EAAC,GAAG,CAAC,CAAC,CACpBD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACnD,0BAA0B,CAACuD,KAAK,CAAC;EAEzC,OAAO;IAAErD,UAAU;IAAEE,MAAM;IAAEpB,KAAK,EAAEsB;EAAQ,CAAC;AAC/C,CAAC;AAACP,OAAA,CAAAoB,gBAAA,GAAAA,gBAAA"}

package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js

@@ -20,7 +20,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
   let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
   // find the definition that matches the received credential's type
   // warning: if more then a defintion is found, the first is retrieved
-  const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
+  const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.format === "vc+sd-jwt" && c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
 
   // the received credential matches no supported credential, throw an exception
   if (!credentialSubject) {
@@ -55,7 +55,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
 
   // attributes that are defined in the issuer configuration
   // and are present in the disclosure set
-  const definedValues = attrDefinitions
+  const definedValues = Object.fromEntries(attrDefinitions
   // retrieve the value from the disclosure set
   .map(_ref4 => {
     var _disclosures$find;
@@ -85,21 +85,21 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
         };
       }, {})
     }];
-  });
+  }));
 
   // attributes that are in the disclosure set
   // but are not defined in the issuer configuration
-  const undefinedValues = disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
+  const undefinedValues = Object.fromEntries(disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
     let [, key, value] = _ref7;
     return [key, {
       value,
       mandatory: false,
       name: key
     }];
-  });
+  }));
   return {
-    ...Object.fromEntries(definedValues),
-    ...Object.fromEntries(undefinedValues)
+    ...definedValues,
+    ...undefinedValues
   };
 };
 
@@ -144,6 +144,10 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
     parsedCredential
   };
 };
+const verifyAndParseCredentialMdoc = async (_issuerConf, _credential, _, _ctx) => {
+  // TODO: [SIW-686] decode MDOC credentials
+  throw new Error("verifyAndParseCredentialMdoc not implemented yet");
+};
 
 /**
  * Verify and parse an encoded credential
@@ -161,6 +165,8 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
 const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
   if (format === "vc+sd-jwt") {
     return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
+  } else if (format === "vc+mdoc-cbor") {
+    return verifyAndParseCredentialMdoc(issuerConf, credential, format, context);
   }
   const _ = format;
   throw new _errors.IoWalletError(`Unsupported credential format: ${_}`);

package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["_errors","require","_types","_sdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","credential_definition","type","includes","payload","expected","flatMap","_","join","IoWalletError","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","fromEntries","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","verifyAndParseCredential","format","context","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAcA;;AAmBA;;AAKA,MAAMG,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAkH,EAAAC,IAAA,EAG7F;EAAA,IAAAC,qBAAA;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAH,IAAA;EAAA,IAC9CI,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC;EACA;EACA,MAAMG,iBAAiB,IAAAP,qBAAA,GAAGF,qBAAqB,CAACU,IAAI,CAAEC,CAAC,IACrDA,CAAC,CAACC,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACX,KAAK,CAACY,OAAO,CAACF,IAAI,CAC1D,CAAC,cAAAX,qBAAA,uBAFyBA,qBAAA,CAEvBU,qBAAqB,CAACH,iBAAiB;;EAE1C;EACA,IAAI,CAACA,iBAAiB,EAAE;IACtB,MAAMO,QAAQ,GAAGhB,qBAAqB,CACnCiB,OAAO,CAAEC,CAAC,IAAKA,CAAC,CAACN,qBAAqB,CAACC,IAAI,CAAC,CAC5CM,IAAI,CAAC,IAAI,CAAC;IACb,MAAM,IAAIC,qBAAa,CACpB,gEAA+DJ,QAAS,gBAAeb,KAAK,CAACY,OAAO,CAACF,IAAK,KAC7G,CAAC;EACH;;EAEA;EACA,MAAMQ,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACd,iBAAiB,CAAC;;EAEzD;EACA;EACA,MAAMe,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC;IAAU,CAAC,CAAC,GAAAF,KAAA;IAAA,OACvBE,SAAS,IAAI,CAACxB,WAAW,CAACyB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACjB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMyB,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMe,QAAQ,GAAG9B,WAAW,CAAC6B,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE;IACA;IACA;IACA,IAAI,CAACd,uBAAuB,EAAE;MAC5B,MAAM,IAAIe,qBAAa,CACpB,4DAA2DY,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd;EACpB;EAAA,CACCY,GAAG,CACFG,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACV,OAAO,EAAEW,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACET,OAAO,EACP;MACE,GAAGW,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEjC,WAAW,CAACM,IAAI,CACpBQ,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKS,OAC7B,CAAC,cAAAU,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCJ,GAAG,CACFO,KAAA;IAAA,IAAC,CAACb,OAAO,EAAE;MAAEc,OAAO;MAAE,GAAGH;IAAW,CAAC,CAAC,GAAAE,KAAA;IAAA,OACpC,CACEb,OAAO,EACP;MACE,GAAGW,UAAU;MACbP,IAAI,EAAEU,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEd;QAAK,CAAC,GAAAa,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGd;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CAAC;;EAEH;EACA;EACA,MAAMe,eAAe,GAAG1C,WAAW,CAChCqB,MAAM,CAAEP,CAAC,IAAK,CAACI,MAAM,CAACyB,IAAI,CAACZ,aAAa,CAAC,CAACrB,QAAQ,CAACI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDe,GAAG,CAACe,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEV,KAAK,CAAC,GAAAS,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEV,KAAK;MAAEX,SAAS,EAAE,KAAK;MAAEG,IAAI,EAAEkB;IAAI,CAAC,CAAC;EAAA,EAAC;EAEzE,OAAO;IACL,GAAG3B,MAAM,CAAC4B,WAAW,CAACf,aAAa,CAAC;IACpC,GAAGb,MAAM,CAAC4B,WAAW,CAACJ,eAAe;EACvC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeK,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACO,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGP,iBAAiB,CAACpD,KAAK,CAACY,OAAO;EAE/C,IAAI,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKR,gBAAgB,CAACQ,GAAG,EAAE;IACxD,MAAM,IAAI5C,qBAAa,CACpB,kDAAiDoC,gBAAgB,CAACQ,GAAI,UAAST,iBAAiB,CAACpD,KAAK,CAACY,OAAO,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOT,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMU,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVjD,CAAC,EAAAkD,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAEhE;EAAwB,CAAC,GAAA+D,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMnB,qBAAqB,CACzCgB,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACzB,IAAI,EAC7CsB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAG1E,oBAAoB,CAC3CmE,UAAU,CAACK,wBAAwB,CAACvE,qBAAqB,EACzDsE,OAAO,EACPjE,uBACF,CAAC;EAED,OAAO;IAAEoE;EAAiB,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,wBAAkD,GAAG,MAAAA,CAChER,UAAU,EACVC,UAAU,EACVQ,MAAM,EACNC,OAAO,KACJ;EACH,IAAID,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOV,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVQ,MAAM,EACNC,OACF,CAAC;EACH;EAEA,MAAM1D,CAAQ,GAAGyD,MAAM;EACvB,MAAM,IAAIvD,qBAAa,CAAE,kCAAiCF,CAAE,EAAC,CAAC;AAChE,CAAC;AAAC2D,OAAA,CAAAH,wBAAA,GAAAA,wBAAA"}
+{"version":3,"names":["_errors","require","_types","_sdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","format","credential_definition","type","includes","payload","expected","flatMap","_","join","IoWalletError","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","verifyAndParseCredentialMdoc","_issuerConf","_credential","_ctx","Error","verifyAndParseCredential","context","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAcA;;AAmBA;;AAKA,MAAMG,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAkH,EAAAC,IAAA,EAG7F;EAAA,IAAAC,qBAAA;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAH,IAAA;EAAA,IAC9CI,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC;EACA;EACA,MAAMG,iBAAiB,IAAAP,qBAAA,GAAGF,qBAAqB,CAACU,IAAI,CACjDC,CAAC,IACAA,CAAC,CAACC,MAAM,KAAK,WAAW,IACxBD,CAAC,CAACE,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACZ,KAAK,CAACa,OAAO,CAACF,IAAI,CAC5D,CAAC,cAAAZ,qBAAA,uBAJyBA,qBAAA,CAIvBW,qBAAqB,CAACJ,iBAAiB;;EAE1C;EACA,IAAI,CAACA,iBAAiB,EAAE;IACtB,MAAMQ,QAAQ,GAAGjB,qBAAqB,CACnCkB,OAAO,CAAEC,CAAC,IAAKA,CAAC,CAACN,qBAAqB,CAACC,IAAI,CAAC,CAC5CM,IAAI,CAAC,IAAI,CAAC;IACb,MAAM,IAAIC,qBAAa,CACpB,gEAA+DJ,QAAS,gBAAed,KAAK,CAACa,OAAO,CAACF,IAAK,KAC7G,CAAC;EACH;;EAEA;EACA,MAAMQ,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACf,iBAAiB,CAAC;;EAEzD;EACA;EACA,MAAMgB,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC;IAAU,CAAC,CAAC,GAAAF,KAAA;IAAA,OACvBE,SAAS,IAAI,CAACzB,WAAW,CAAC0B,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAAClB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAM0B,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMe,QAAQ,GAAG/B,WAAW,CAAC8B,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE;IACA;IACA;IACA,IAAI,CAACf,uBAAuB,EAAE;MAC5B,MAAM,IAAIgB,qBAAa,CACpB,4DAA2DY,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGb,MAAM,CAACc,WAAW,CACtCf;EACE;EAAA,CACCY,GAAG,CACFI,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACX,OAAO,EAAEY,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEV,OAAO,EACP;MACE,GAAGY,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEnC,WAAW,CAACM,IAAI,CACpBS,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKS,OAC7B,CAAC,cAAAW,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCL,GAAG,CACFQ,KAAA;IAAA,IAAC,CAACd,OAAO,EAAE;MAAEe,OAAO;MAAE,GAAGH;IAAW,CAAC,CAAC,GAAAE,KAAA;IAAA,OACpC,CACEd,OAAO,EACP;MACE,GAAGY,UAAU;MACbR,IAAI,EAAEW,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEf;QAAK,CAAC,GAAAc,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGf;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;;EAED;EACA;EACA,MAAMgB,eAAe,GAAGzB,MAAM,CAACc,WAAW,CACxCjC,WAAW,CACRsB,MAAM,CAAEP,CAAC,IAAK,CAACI,MAAM,CAAC0B,IAAI,CAACb,aAAa,CAAC,CAACrB,QAAQ,CAACI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDe,GAAG,CAACgB,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEV,KAAK,CAAC,GAAAS,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEV,KAAK;MAAEZ,SAAS,EAAE,KAAK;MAAEG,IAAI,EAAEmB;IAAI,CAAC,CAAC;EAAA,EAC1E,CAAC;EAED,OAAO;IACL,GAAGf,aAAa;IAChB,GAAGY;EACL,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeI,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACO,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGP,iBAAiB,CAACrD,KAAK,CAACa,OAAO;EAE/C,IAAI,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKR,gBAAgB,CAACQ,GAAG,EAAE;IACxD,MAAM,IAAI5C,qBAAa,CACpB,kDAAiDoC,gBAAgB,CAACQ,GAAI,UAAST,iBAAiB,CAACrD,KAAK,CAACa,OAAO,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOT,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMU,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVjD,CAAC,EAAAkD,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAEjE;EAAwB,CAAC,GAAAgE,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMnB,qBAAqB,CACzCgB,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACxB,IAAI,EAC7CqB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAG3E,oBAAoB,CAC3CoE,UAAU,CAACK,wBAAwB,CAACxE,qBAAqB,EACzDuE,OAAO,EACPlE,uBACF,CAAC;EAED,OAAO;IAAEqE;EAAiB,CAAC;AAC7B,CAAC;AAED,MAAMC,4BAAwD,GAAG,MAAAA,CAC/DC,WAAW,EACXC,WAAW,EACX1D,CAAC,EACD2D,IAAI,KACD;EACH;EACA,MAAM,IAAIC,KAAK,CAAC,kDAAkD,CAAC;AACrE,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,wBAAkD,GAAG,MAAAA,CAChEb,UAAU,EACVC,UAAU,EACVxD,MAAM,EACNqE,OAAO,KACJ;EACH,IAAIrE,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOsD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVxD,MAAM,EACNqE,OACF,CAAC;EACH,CAAC,MAAM,IAAIrE,MAAM,KAAK,cAAc,EAAE;IACpC,OAAO+D,4BAA4B,CACjCR,UAAU,EACVC,UAAU,EACVxD,MAAM,EACNqE,OACF,CAAC;EACH;EAEA,MAAM9D,CAAQ,GAAGP,MAAM;EACvB,MAAM,IAAIS,qBAAa,CAAE,kCAAiCF,CAAE,EAAC,CAAC;AAChE,CAAC;AAAC+D,OAAA,CAAAF,wBAAA,GAAAA,wBAAA"}

package/lib/commonjs/credential/issuance/const.js

@@ -9,6 +9,6 @@ function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "functio
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
 exports.ASSERTION_TYPE = ASSERTION_TYPE;
-const SupportedCredentialFormat = z.literal("vc+sd-jwt");
+const SupportedCredentialFormat = z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
 exports.SupportedCredentialFormat = SupportedCredentialFormat;
 //# sourceMappingURL=const.js.map

package/lib/commonjs/credential/issuance/const.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","ASSERTION_TYPE","exports","SupportedCredentialFormat","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAClB,MAAMW,cAAc,GACzB,oEAAoE;AAACC,OAAA,CAAAD,cAAA,GAAAA,cAAA;AAKhE,MAAME,yBAAyB,GAAG3B,CAAC,CAAC4B,OAAO,CAAC,WAAW,CAAC;AAACF,OAAA,CAAAC,yBAAA,GAAAA,yBAAA"}
+{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","ASSERTION_TYPE","exports","SupportedCredentialFormat","union","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAClB,MAAMW,cAAc,GACzB,oEAAoE;AAACC,OAAA,CAAAD,cAAA,GAAAA,cAAA;AAKhE,MAAME,yBAAyB,GAAG3B,CAAC,CAAC4B,KAAK,CAAC,CAC/C5B,CAAC,CAAC6B,OAAO,CAAC,WAAW,CAAC,EACtB7B,CAAC,CAAC6B,OAAO,CAAC,cAAc,CAAC,CAC1B,CAAC;AAACH,OAAA,CAAAC,yBAAA,GAAAA,yBAAA"}

package/lib/module/credential/issuance/06-obtain-credential.js

@@ -18,8 +18,16 @@ export const createNonceProof = async (nonce, issuer, audience, ctx) => {
 };
 const CredentialEndpointResponse = z.object({
   credential: z.string(),
-  format: SupportedCredentialFormat
+  format: SupportedCredentialFormat,
+  // nonce used to perform multiple credential requests
+  // re-using the same authorization profile
+  c_nonce: z.string(),
+  c_nonce_expires_in: z.number()
 });
+// Checks whether in the Entity confoguration at least one credential
+// is defined for the given type and format
+const isCredentialAvailable = (issuerConf, credentialType, credentialFormat) => issuerConf.openid_credential_issuer.credentials_supported.some(c => c.format === credentialFormat && c.credential_definition.type.includes(credentialType));
+
 /**
  * Fetch a credential from the issuer
  *
@@ -28,17 +36,21 @@ const CredentialEndpointResponse = z.object({
  * @param nonce The nonce value to prevent reply attacks, obtained with the access authorization step
  * @param clientId Identifies the current client across all the requests of the issuing flow
  * @param credentialType The type of the credential to be requested
+ * @param credentialFormat The format of the requested credential. @see {SupportedCredentialFormat}
  * @param context.credentialCryptoContext The context to access the key the Credential will be bound to
  * @param context.walletProviderBaseUrl The base url of the Wallet Provider
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
  * @returns The signed credential token
  */
-export const obtainCredential = async (issuerConf, accessToken, nonce, clientId, credentialType, context) => {
+export const obtainCredential = async (issuerConf, accessToken, nonce, clientId, credentialType, credentialFormat, context) => {
   const {
     credentialCryptoContext,
     walletProviderBaseUrl,
     appFetch = fetch
   } = context;
+  if (!isCredentialAvailable(issuerConf, credentialType, credentialFormat)) {
+    throw new Error(`The Issuer provides no credential for type ${credentialType} and format ${credentialFormat}`);
+  }
   const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
 
   /** DPoP token for demonstating the possession
@@ -60,7 +72,7 @@ export const obtainCredential = async (issuerConf, accessToken, nonce, clientId,
     credential_definition: JSON.stringify({
       type: [credentialType]
     }),
-    format: "vc+sd-jwt",
+    format: credentialFormat,
     proof: JSON.stringify({
       jwt: signedNonceProof,
       proof_type: "jwt"
@@ -68,7 +80,8 @@ export const obtainCredential = async (issuerConf, accessToken, nonce, clientId,
   });
   const {
     credential,
-    format
+    format,
+    c_nonce
   } = await appFetch(credentialUrl, {
     method: "POST",
     headers: {
@@ -80,7 +93,8 @@ export const obtainCredential = async (issuerConf, accessToken, nonce, clientId,
   }).then(hasStatus(200)).then(res => res.json()).then(CredentialEndpointResponse.parse);
   return {
     credential,
-    format
+    format,
+    nonce: c_nonce
   };
 };
 //# sourceMappingURL=06-obtain-credential.js.map

package/lib/module/credential/issuance/06-obtain-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","uuid","SignJWT","createDPopToken","hasStatus","SupportedCredentialFormat","createNonceProof","nonce","issuer","audience","ctx","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","CredentialEndpointResponse","object","credential","string","format","obtainCredential","issuerConf","accessToken","clientId","credentialType","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","credentialUrl","openid_credential_issuer","credential_endpoint","signedDPopForPid","htm","htu","jti","v4","signedNonceProof","formBody","URLSearchParams","credential_definition","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,OAAO,QAA4B,6BAA6B;AACzE,SAASC,eAAe,QAAQ,kBAAkB;AAGlD,SAASC,SAAS,QAAkB,kBAAkB;AAGtD,SAASC,yBAAyB,QAAQ,SAAS;;AAEnD;AACA;AACA;AACA,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIR,OAAO,CAACQ,GAAG,CAAC,CACpBC,UAAU,CAAC;IACVJ,KAAK;IACLK,GAAG,EAAE,MAAMF,GAAG,CAACG,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAED,MAAMC,0BAA0B,GAAGrB,CAAC,CAACsB,MAAM,CAAC;EAC1CC,UAAU,EAAEvB,CAAC,CAACwB,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEpB;AACV,CAAC,CAAC;AAeF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMqB,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXrB,KAAK,EACLsB,QAAQ,EACRC,cAAc,EACdC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAMpC,eAAe,CAC5C;IACEqC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEL,aAAa;IAClBM,GAAG,EAAG,GAAEzC,IAAI,CAAC0C,EAAE,CAAC,CAAE;EACpB,CAAC,EACDX,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMY,gBAAgB,GAAG,MAAMtC,gBAAgB,CAC7CC,KAAK,EACLsB,QAAQ,EACRI,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMa,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;MACpClC,IAAI,EAAE,CAACe,cAAc;IACvB,CAAC,CAAC;IACFL,MAAM,EAAE,WAAW;IACnByB,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEP,gBAAgB;MACrBQ,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAE7B,UAAU;IAAEE;EAAO,CAAC,GAAG,MAAMS,QAAQ,CAACE,aAAa,EAAE;IAC3DiB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEhB,gBAAgB;MACtBiB,aAAa,EAAE5B;IACjB,CAAC;IACD6B,IAAI,EAAEZ,QAAQ,CAACa,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAACvD,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBuD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACtC,0BAA0B,CAACyC,KAAK,CAAC;EAEzC,OAAO;IAAEvC,UAAU;IAAEE;EAAO,CAAC;AAC/B,CAAC"}
+{"version":3,"names":["z","uuid","SignJWT","createDPopToken","hasStatus","SupportedCredentialFormat","createNonceProof","nonce","issuer","audience","ctx","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","CredentialEndpointResponse","object","credential","string","format","c_nonce","c_nonce_expires_in","number","isCredentialAvailable","issuerConf","credentialType","credentialFormat","openid_credential_issuer","credentials_supported","some","c","credential_definition","includes","obtainCredential","accessToken","clientId","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","Error","credentialUrl","credential_endpoint","signedDPopForPid","htm","htu","jti","v4","signedNonceProof","formBody","URLSearchParams","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,OAAO,QAA4B,6BAA6B;AACzE,SAASC,eAAe,QAAQ,kBAAkB;AAGlD,SAASC,SAAS,QAAkB,kBAAkB;AAGtD,SAASC,yBAAyB,QAAQ,SAAS;;AAEnD;AACA;AACA;AACA,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIR,OAAO,CAACQ,GAAG,CAAC,CACpBC,UAAU,CAAC;IACVJ,KAAK;IACLK,GAAG,EAAE,MAAMF,GAAG,CAACG,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAED,MAAMC,0BAA0B,GAAGrB,CAAC,CAACsB,MAAM,CAAC;EAC1CC,UAAU,EAAEvB,CAAC,CAACwB,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEpB,yBAAyB;EACjC;EACA;EACAqB,OAAO,EAAE1B,CAAC,CAACwB,MAAM,CAAC,CAAC;EACnBG,kBAAkB,EAAE3B,CAAC,CAAC4B,MAAM,CAAC;AAC/B,CAAC,CAAC;AAoBF;AACA;AACA,MAAMC,qBAAqB,GAAGA,CAC5BC,UAAkD,EAClDC,cAAgD,EAChDC,gBAA2C,KAE3CF,UAAU,CAACG,wBAAwB,CAACC,qBAAqB,CAACC,IAAI,CAC3DC,CAAC,IACAA,CAAC,CAACX,MAAM,KAAKO,gBAAgB,IAC7BI,CAAC,CAACC,qBAAqB,CAACtB,IAAI,CAACuB,QAAQ,CAACP,cAAc,CACxD,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,gBAAkC,GAAG,MAAAA,CAChDT,UAAU,EACVU,WAAW,EACXjC,KAAK,EACLkC,QAAQ,EACRV,cAAc,EACdC,gBAAgB,EAChBU,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,IAAI,CAACb,qBAAqB,CAACC,UAAU,EAAEC,cAAc,EAAEC,gBAAgB,CAAC,EAAE;IACxE,MAAM,IAAIe,KAAK,CACZ,8CAA6ChB,cAAe,eAAcC,gBAAiB,EAC9F,CAAC;EACH;EAEA,MAAMgB,aAAa,GAAGlB,UAAU,CAACG,wBAAwB,CAACgB,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM/C,eAAe,CAC5C;IACEgD,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEJ,aAAa;IAClBK,GAAG,EAAG,GAAEpD,IAAI,CAACqD,EAAE,CAAC,CAAE;EACpB,CAAC,EACDX,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMY,gBAAgB,GAAG,MAAMjD,gBAAgB,CAC7CC,KAAK,EACLkC,QAAQ,EACRG,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMa,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCpB,qBAAqB,EAAEqB,IAAI,CAACC,SAAS,CAAC;MACpC5C,IAAI,EAAE,CAACgB,cAAc;IACvB,CAAC,CAAC;IACFN,MAAM,EAAEO,gBAAgB;IACxB4B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEN,gBAAgB;MACrBO,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAEvC,UAAU;IAAEE,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMmB,QAAQ,CAACG,aAAa,EAAE;IACpEe,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEf,gBAAgB;MACtBgB,aAAa,EAAE1B;IACjB,CAAC;IACD2B,IAAI,EAAEX,QAAQ,CAACY,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAACjE,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBiE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAChD,0BAA0B,CAACmD,KAAK,CAAC;EAEzC,OAAO;IAAEjD,UAAU;IAAEE,MAAM;IAAElB,KAAK,EAAEmB;EAAQ,CAAC;AAC/C,CAAC"}

package/lib/module/credential/issuance/07-verify-and-parse-credential.js

@@ -15,7 +15,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
   let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
   // find the definition that matches the received credential's type
   // warning: if more then a defintion is found, the first is retrieved
-  const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
+  const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.format === "vc+sd-jwt" && c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
 
   // the received credential matches no supported credential, throw an exception
   if (!credentialSubject) {
@@ -50,7 +50,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
 
   // attributes that are defined in the issuer configuration
   // and are present in the disclosure set
-  const definedValues = attrDefinitions
+  const definedValues = Object.fromEntries(attrDefinitions
   // retrieve the value from the disclosure set
   .map(_ref4 => {
     var _disclosures$find;
@@ -80,21 +80,21 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
         };
       }, {})
     }];
-  });
+  }));
 
   // attributes that are in the disclosure set
   // but are not defined in the issuer configuration
-  const undefinedValues = disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
+  const undefinedValues = Object.fromEntries(disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
     let [, key, value] = _ref7;
     return [key, {
       value,
       mandatory: false,
       name: key
     }];
-  });
+  }));
   return {
-    ...Object.fromEntries(definedValues),
-    ...Object.fromEntries(undefinedValues)
+    ...definedValues,
+    ...undefinedValues
   };
 };
 
@@ -139,6 +139,10 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
     parsedCredential
   };
 };
+const verifyAndParseCredentialMdoc = async (_issuerConf, _credential, _, _ctx) => {
+  // TODO: [SIW-686] decode MDOC credentials
+  throw new Error("verifyAndParseCredentialMdoc not implemented yet");
+};
 
 /**
  * Verify and parse an encoded credential
@@ -156,6 +160,8 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
 export const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
   if (format === "vc+sd-jwt") {
     return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
+  } else if (format === "vc+mdoc-cbor") {
+    return verifyAndParseCredentialMdoc(issuerConf, credential, format, context);
   }
   const _ = format;
   throw new IoWalletError(`Unsupported credential format: ${_}`);

package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","credential_definition","type","includes","payload","expected","flatMap","_","join","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","fromEntries","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","verifyAndParseCredential","format","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;;AAcpD;;AAmBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAkH,EAAAC,IAAA,EAG7F;EAAA,IAAAC,qBAAA;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAH,IAAA;EAAA,IAC9CI,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC;EACA;EACA,MAAMG,iBAAiB,IAAAP,qBAAA,GAAGF,qBAAqB,CAACU,IAAI,CAAEC,CAAC,IACrDA,CAAC,CAACC,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACX,KAAK,CAACY,OAAO,CAACF,IAAI,CAC1D,CAAC,cAAAX,qBAAA,uBAFyBA,qBAAA,CAEvBU,qBAAqB,CAACH,iBAAiB;;EAE1C;EACA,IAAI,CAACA,iBAAiB,EAAE;IACtB,MAAMO,QAAQ,GAAGhB,qBAAqB,CACnCiB,OAAO,CAAEC,CAAC,IAAKA,CAAC,CAACN,qBAAqB,CAACC,IAAI,CAAC,CAC5CM,IAAI,CAAC,IAAI,CAAC;IACb,MAAM,IAAIxB,aAAa,CACpB,gEAA+DqB,QAAS,gBAAeb,KAAK,CAACY,OAAO,CAACF,IAAK,KAC7G,CAAC;EACH;;EAEA;EACA,MAAMO,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACb,iBAAiB,CAAC;;EAEzD;EACA;EACA,MAAMc,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC;IAAU,CAAC,CAAC,GAAAF,KAAA;IAAA,OACvBE,SAAS,IAAI,CAACvB,WAAW,CAACwB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAAChB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMwB,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEd,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMc,QAAQ,GAAG7B,WAAW,CAAC4B,GAAG,CAAEd,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE;IACA;IACA;IACA,IAAI,CAACd,uBAAuB,EAAE;MAC5B,MAAM,IAAIV,aAAa,CACpB,4DAA2DoC,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd;EACpB;EAAA,CACCY,GAAG,CACFG,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACV,OAAO,EAAEW,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACET,OAAO,EACP;MACE,GAAGW,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEhC,WAAW,CAACM,IAAI,CACpBQ,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKQ,OAC7B,CAAC,cAAAU,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCJ,GAAG,CACFO,KAAA;IAAA,IAAC,CAACb,OAAO,EAAE;MAAEc,OAAO;MAAE,GAAGH;IAAW,CAAC,CAAC,GAAAE,KAAA;IAAA,OACpC,CACEb,OAAO,EACP;MACE,GAAGW,UAAU;MACbP,IAAI,EAAEU,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEd;QAAK,CAAC,GAAAa,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGd;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CAAC;;EAEH;EACA;EACA,MAAMe,eAAe,GAAGzC,WAAW,CAChCoB,MAAM,CAAEN,CAAC,IAAK,CAACG,MAAM,CAACyB,IAAI,CAACZ,aAAa,CAAC,CAACpB,QAAQ,CAACI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDc,GAAG,CAACe,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEV,KAAK,CAAC,GAAAS,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEV,KAAK;MAAEX,SAAS,EAAE,KAAK;MAAEG,IAAI,EAAEkB;IAAI,CAAC,CAAC;EAAA,EAAC;EAEzE,OAAO;IACL,GAAG3B,MAAM,CAAC4B,WAAW,CAACf,aAAa,CAAC;IACpC,GAAGb,MAAM,CAAC4B,WAAW,CAACJ,eAAe;EACvC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeK,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB3D,WAAW,CAACqD,aAAa,EAAEC,UAAU,EAAExD,QAAQ,CAAC,EAChDyD,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACnD,KAAK,CAACY,OAAO;EAE/C,IAAI,CAAC4C,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAIlE,aAAa,CACpB,kDAAiD4D,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACnD,KAAK,CAACY,OAAO,CAAC4C,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACV9C,CAAC,EAAA+C,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAE7D;EAAwB,CAAC,GAAA4D,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACvB,IAAI,EAC7CoB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAGvE,oBAAoB,CAC3CgE,UAAU,CAACK,wBAAwB,CAACpE,qBAAqB,EACzDmE,OAAO,EACP9D,uBACF,CAAC;EAED,OAAO;IAAEiE;EAAiB,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wBAAkD,GAAG,MAAAA,CAChER,UAAU,EACVC,UAAU,EACVQ,MAAM,EACNC,OAAO,KACJ;EACH,IAAID,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOV,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVQ,MAAM,EACNC,OACF,CAAC;EACH;EAEA,MAAMvD,CAAQ,GAAGsD,MAAM;EACvB,MAAM,IAAI7E,aAAa,CAAE,kCAAiCuB,CAAE,EAAC,CAAC;AAChE,CAAC"}
+{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","format","credential_definition","type","includes","payload","expected","flatMap","_","join","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","verifyAndParseCredentialMdoc","_issuerConf","_credential","_ctx","Error","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;;AAcpD;;AAmBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAkH,EAAAC,IAAA,EAG7F;EAAA,IAAAC,qBAAA;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAH,IAAA;EAAA,IAC9CI,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC;EACA;EACA,MAAMG,iBAAiB,IAAAP,qBAAA,GAAGF,qBAAqB,CAACU,IAAI,CACjDC,CAAC,IACAA,CAAC,CAACC,MAAM,KAAK,WAAW,IACxBD,CAAC,CAACE,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACZ,KAAK,CAACa,OAAO,CAACF,IAAI,CAC5D,CAAC,cAAAZ,qBAAA,uBAJyBA,qBAAA,CAIvBW,qBAAqB,CAACJ,iBAAiB;;EAE1C;EACA,IAAI,CAACA,iBAAiB,EAAE;IACtB,MAAMQ,QAAQ,GAAGjB,qBAAqB,CACnCkB,OAAO,CAAEC,CAAC,IAAKA,CAAC,CAACN,qBAAqB,CAACC,IAAI,CAAC,CAC5CM,IAAI,CAAC,IAAI,CAAC;IACb,MAAM,IAAIzB,aAAa,CACpB,gEAA+DsB,QAAS,gBAAed,KAAK,CAACa,OAAO,CAACF,IAAK,KAC7G,CAAC;EACH;;EAEA;EACA,MAAMO,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACd,iBAAiB,CAAC;;EAEzD;EACA;EACA,MAAMe,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC;IAAU,CAAC,CAAC,GAAAF,KAAA;IAAA,OACvBE,SAAS,IAAI,CAACxB,WAAW,CAACyB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACjB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMyB,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEd,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMc,QAAQ,GAAG9B,WAAW,CAAC6B,GAAG,CAAEd,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE;IACA;IACA;IACA,IAAI,CAACf,uBAAuB,EAAE;MAC5B,MAAM,IAAIV,aAAa,CACpB,4DAA2DqC,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGb,MAAM,CAACc,WAAW,CACtCf;EACE;EAAA,CACCY,GAAG,CACFI,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACX,OAAO,EAAEY,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEV,OAAO,EACP;MACE,GAAGY,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAElC,WAAW,CAACM,IAAI,CACpBS,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKQ,OAC7B,CAAC,cAAAW,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCL,GAAG,CACFQ,KAAA;IAAA,IAAC,CAACd,OAAO,EAAE;MAAEe,OAAO;MAAE,GAAGH;IAAW,CAAC,CAAC,GAAAE,KAAA;IAAA,OACpC,CACEd,OAAO,EACP;MACE,GAAGY,UAAU;MACbR,IAAI,EAAEW,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEf;QAAK,CAAC,GAAAc,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGf;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;;EAED;EACA;EACA,MAAMgB,eAAe,GAAGzB,MAAM,CAACc,WAAW,CACxChC,WAAW,CACRqB,MAAM,CAAEN,CAAC,IAAK,CAACG,MAAM,CAAC0B,IAAI,CAACb,aAAa,CAAC,CAACpB,QAAQ,CAACI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDc,GAAG,CAACgB,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEV,KAAK,CAAC,GAAAS,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEV,KAAK;MAAEZ,SAAS,EAAE,KAAK;MAAEG,IAAI,EAAEmB;IAAI,CAAC,CAAC;EAAA,EAC1E,CAAC;EAED,OAAO;IACL,GAAGf,aAAa;IAChB,GAAGY;EACL,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeI,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB5D,WAAW,CAACsD,aAAa,EAAEC,UAAU,EAAEzD,QAAQ,CAAC,EAChD0D,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACpD,KAAK,CAACa,OAAO;EAE/C,IAAI,CAAC4C,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAInE,aAAa,CACpB,kDAAiD6D,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACpD,KAAK,CAACa,OAAO,CAAC4C,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACV9C,CAAC,EAAA+C,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAE9D;EAAwB,CAAC,GAAA6D,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACtB,IAAI,EAC7CmB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAGxE,oBAAoB,CAC3CiE,UAAU,CAACK,wBAAwB,CAACrE,qBAAqB,EACzDoE,OAAO,EACP/D,uBACF,CAAC;EAED,OAAO;IAAEkE;EAAiB,CAAC;AAC7B,CAAC;AAED,MAAMC,4BAAwD,GAAG,MAAAA,CAC/DC,WAAW,EACXC,WAAW,EACXvD,CAAC,EACDwD,IAAI,KACD;EACH;EACA,MAAM,IAAIC,KAAK,CAAC,kDAAkD,CAAC;AACrE,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wBAAkD,GAAG,MAAAA,CAChEb,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNkE,OAAO,KACJ;EACH,IAAIlE,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOmD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNkE,OACF,CAAC;EACH,CAAC,MAAM,IAAIlE,MAAM,KAAK,cAAc,EAAE;IACpC,OAAO4D,4BAA4B,CACjCR,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNkE,OACF,CAAC;EACH;EAEA,MAAM3D,CAAQ,GAAGP,MAAM;EACvB,MAAM,IAAIjB,aAAa,CAAE,kCAAiCwB,CAAE,EAAC,CAAC;AAChE,CAAC"}

package/lib/module/credential/issuance/const.js

@@ -1,4 +1,4 @@
 import * as z from "zod";
 export const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
-export const SupportedCredentialFormat = z.literal("vc+sd-jwt");
+export const SupportedCredentialFormat = z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
 //# sourceMappingURL=const.js.map

package/lib/module/credential/issuance/const.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","ASSERTION_TYPE","SupportedCredentialFormat","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAO,MAAMC,cAAc,GACzB,oEAAoE;AAKtE,OAAO,MAAMC,yBAAyB,GAAGF,CAAC,CAACG,OAAO,CAAC,WAAW,CAAC"}
+{"version":3,"names":["z","ASSERTION_TYPE","SupportedCredentialFormat","union","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAO,MAAMC,cAAc,GACzB,oEAAoE;AAKtE,OAAO,MAAMC,yBAAyB,GAAGF,CAAC,CAACG,KAAK,CAAC,CAC/CH,CAAC,CAACI,OAAO,CAAC,WAAW,CAAC,EACtBJ,CAAC,CAACI,OAAO,CAAC,cAAc,CAAC,CAC1B,CAAC"}

package/lib/typescript/credential/issuance/06-obtain-credential.d.ts

@@ -8,13 +8,14 @@ import { SupportedCredentialFormat } from "./const";
  * Return the signed jwt for nonce proof of possession
  */
 export declare const createNonceProof: (nonce: string, issuer: string, audience: string, ctx: CryptoContext) => Promise<string>;
-export type ObtainCredential = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], accessToken: Out<AuthorizeAccess>["accessToken"], nonce: Out<AuthorizeAccess>["nonce"], clientId: Out<AuthorizeAccess>["clientId"], credentialType: Out<StartFlow>["credentialType"], context: {
+export type ObtainCredential = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], accessToken: Out<AuthorizeAccess>["accessToken"], nonce: Out<AuthorizeAccess>["nonce"], clientId: Out<AuthorizeAccess>["clientId"], credentialType: Out<StartFlow>["credentialType"], credentialFormat: SupportedCredentialFormat, context: {
     credentialCryptoContext: CryptoContext;
     walletProviderBaseUrl: string;
     appFetch?: GlobalFetch["fetch"];
 }) => Promise<{
     credential: string;
     format: SupportedCredentialFormat;
+    nonce: string;
 }>;
 /**
  * Fetch a credential from the issuer
@@ -24,6 +25,7 @@ export type ObtainCredential = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf
  * @param nonce The nonce value to prevent reply attacks, obtained with the access authorization step
  * @param clientId Identifies the current client across all the requests of the issuing flow
  * @param credentialType The type of the credential to be requested
+ * @param credentialFormat The format of the requested credential. @see {SupportedCredentialFormat}
  * @param context.credentialCryptoContext The context to access the key the Credential will be bound to
  * @param context.walletProviderBaseUrl The base url of the Wallet Provider
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch

package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"06-obtain-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/06-obtain-credential.ts"],"names":[],"mappings":"AAEA,OAAO,EAAW,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAG1E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAa,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAEpD;;GAEG;AACH,eAAO,MAAM,gBAAgB,UACpB,MAAM,UACL,MAAM,YACJ,MAAM,OACX,aAAa,KACjB,QAAQ,MAAM,CAchB,CAAC;AAOF,MAAM,MAAM,gBAAgB,GAAG,CAC7B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,WAAW,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,aAAa,CAAC,EAChD,KAAK,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,EACpC,QAAQ,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,UAAU,CAAC,EAC1C,cAAc,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,gBAAgB,CAAC,EAChD,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,yBAAyB,CAAA;CAAE,CAAC,CAAC;AAExE;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,gBAAgB,EAAE,gBAgE9B,CAAC"}
+{"version":3,"file":"06-obtain-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/06-obtain-credential.ts"],"names":[],"mappings":"AAEA,OAAO,EAAW,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAG1E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAa,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAEpD;;GAEG;AACH,eAAO,MAAM,gBAAgB,UACpB,MAAM,UACL,MAAM,YACJ,MAAM,OACX,aAAa,KACjB,QAAQ,MAAM,CAchB,CAAC;AAWF,MAAM,MAAM,gBAAgB,GAAG,CAC7B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,WAAW,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,aAAa,CAAC,EAChD,KAAK,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,EACpC,QAAQ,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,UAAU,CAAC,EAC1C,cAAc,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,gBAAgB,CAAC,EAChD,gBAAgB,EAAE,yBAAyB,EAC3C,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,yBAAyB,CAAC;IAClC,KAAK,EAAE,MAAM,CAAC;CACf,CAAC,CAAC;AAeH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,gBAAgB,EAAE,gBAuE9B,CAAC"}

package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"07-verify-and-parse-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/07-verify-and-parse-credential.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAK/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,MAAM,MAAM,wBAAwB,GAAG,CACrC,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,EAC/C,MAAM,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,EACvC,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC,uBAAuB,CAAC,EAAE,OAAO,CAAC;CACnC,KACE,OAAO,CAAC;IAAE,gBAAgB,EAAE,gBAAgB,CAAA;CAAE,CAAC,CAAC;AAGrD,KAAK,gBAAgB,GAAG,MAAM;AAC5B,oBAAoB;AACpB,MAAM,EACN;IACE,2CAA2C;IAC3C,IAAI,EACA,yBAAyB,CAAC,MAAM,CAC9B,MAAM,EACN,MAAM,CACP,GACD,4BAA4B,CAAC,MAAM,CAAC;IACxC,+CAA+C;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,wCAAwC;IACxC,KAAK,EAAE,OAAO,CAAC;CAChB,CACF,CAAC;AAkKF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,wBAAwB,EAAE,wBAiBtC,CAAC"}
+{"version":3,"file":"07-verify-and-parse-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/07-verify-and-parse-credential.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAK/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,MAAM,MAAM,wBAAwB,GAAG,CACrC,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,EAC/C,MAAM,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,EACvC,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC,uBAAuB,CAAC,EAAE,OAAO,CAAC;CACnC,KACE,OAAO,CAAC;IAAE,gBAAgB,EAAE,gBAAgB,CAAA;CAAE,CAAC,CAAC;AAGrD,KAAK,gBAAgB,GAAG,MAAM;AAC5B,oBAAoB;AACpB,MAAM,EACN;IACE,2CAA2C;IAC3C,IAAI,EACA,yBAAyB,CAAC,MAAM,CAC9B,MAAM,EACN,MAAM,CACP,GACD,4BAA4B,CAAC,MAAM,CAAC;IACxC,+CAA+C;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,wCAAwC;IACxC,KAAK,EAAE,OAAO,CAAC;CAChB,CACF,CAAC;AAkLF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,wBAAwB,EAAE,wBAwBtC,CAAC"}

package/lib/typescript/credential/issuance/const.d.ts

@@ -1,5 +1,5 @@
 import * as z from "zod";
 export declare const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
 export type SupportedCredentialFormat = z.infer<typeof SupportedCredentialFormat>;
-export declare const SupportedCredentialFormat: z.ZodLiteral<"vc+sd-jwt">;
+export declare const SupportedCredentialFormat: z.ZodUnion<[z.ZodLiteral<"vc+sd-jwt">, z.ZodLiteral<"vc+mdoc-cbor">]>;
 //# sourceMappingURL=const.d.ts.map

package/lib/typescript/credential/issuance/const.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"const.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/const.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AACzB,eAAO,MAAM,cAAc,uEAC2C,CAAC;AAEvE,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,yBAAyB,CACjC,CAAC;AACF,eAAO,MAAM,yBAAyB,2BAAyB,CAAC"}
+{"version":3,"file":"const.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/const.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AACzB,eAAO,MAAM,cAAc,uEAC2C,CAAC;AAEvE,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,yBAAyB,CACjC,CAAC;AACF,eAAO,MAAM,yBAAyB,uEAGpC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "0.10.2",
+  "version": "0.11.1",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -82,7 +82,7 @@
   "engines": {
     "node": ">= 16.0.0"
   },
-  "packageManager": "^yarn@1.22.21",
+  "packageManager": "yarn@1.22.19",
   "jest": {
     "preset": "react-native",
     "modulePathIgnorePatterns": [
@@ -109,4 +109,4 @@
     "react-native-uuid": "^2.0.1",
     "zod": "^3.21.4"
   }
-}
+}

package/src/credential/issuance/06-obtain-credential.ts

@@ -36,6 +36,10 @@ export const createNonceProof = async (
 const CredentialEndpointResponse = z.object({
   credential: z.string(),
   format: SupportedCredentialFormat,
+  // nonce used to perform multiple credential requests
+  // re-using the same authorization profile
+  c_nonce: z.string(),
+  c_nonce_expires_in: z.number(),
 });
 
 export type ObtainCredential = (
@@ -44,12 +48,30 @@ export type ObtainCredential = (
   nonce: Out<AuthorizeAccess>["nonce"],
   clientId: Out<AuthorizeAccess>["clientId"],
   credentialType: Out<StartFlow>["credentialType"],
+  credentialFormat: SupportedCredentialFormat,
   context: {
     credentialCryptoContext: CryptoContext;
     walletProviderBaseUrl: string;
     appFetch?: GlobalFetch["fetch"];
   }
-) => Promise<{ credential: string; format: SupportedCredentialFormat }>;
+) => Promise<{
+  credential: string;
+  format: SupportedCredentialFormat;
+  nonce: string;
+}>;
+
+// Checks whether in the Entity confoguration at least one credential
+// is defined for the given type and format
+const isCredentialAvailable = (
+  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
+  credentialType: Out<StartFlow>["credentialType"],
+  credentialFormat: SupportedCredentialFormat
+): boolean =>
+  issuerConf.openid_credential_issuer.credentials_supported.some(
+    (c) =>
+      c.format === credentialFormat &&
+      c.credential_definition.type.includes(credentialType)
+  );
 
 /**
  * Fetch a credential from the issuer
@@ -59,6 +81,7 @@ export type ObtainCredential = (
  * @param nonce The nonce value to prevent reply attacks, obtained with the access authorization step
  * @param clientId Identifies the current client across all the requests of the issuing flow
  * @param credentialType The type of the credential to be requested
+ * @param credentialFormat The format of the requested credential. @see {SupportedCredentialFormat}
  * @param context.credentialCryptoContext The context to access the key the Credential will be bound to
  * @param context.walletProviderBaseUrl The base url of the Wallet Provider
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
@@ -70,6 +93,7 @@ export const obtainCredential: ObtainCredential = async (
   nonce,
   clientId,
   credentialType,
+  credentialFormat,
   context
 ) => {
   const {
@@ -78,6 +102,12 @@ export const obtainCredential: ObtainCredential = async (
     appFetch = fetch,
   } = context;
 
+  if (!isCredentialAvailable(issuerConf, credentialType, credentialFormat)) {
+    throw new Error(
+      `The Issuer provides no credential for type ${credentialType} and format ${credentialFormat}`
+    );
+  }
+
   const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
 
   /** DPoP token for demonstating the possession
@@ -107,14 +137,14 @@ export const obtainCredential: ObtainCredential = async (
     credential_definition: JSON.stringify({
       type: [credentialType],
     }),
-    format: "vc+sd-jwt",
+    format: credentialFormat,
     proof: JSON.stringify({
       jwt: signedNonceProof,
       proof_type: "jwt",
     }),
   });
 
-  const { credential, format } = await appFetch(credentialUrl, {
+  const { credential, format, c_nonce } = await appFetch(credentialUrl, {
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded",
@@ -127,5 +157,5 @@ export const obtainCredential: ObtainCredential = async (
     .then((res) => res.json())
     .then(CredentialEndpointResponse.parse);
 
-  return { credential, format };
+  return { credential, format, nonce: c_nonce };
 };

package/src/credential/issuance/07-verify-and-parse-credential.ts

@@ -49,8 +49,10 @@ const parseCredentialSdJwt = (
 ): ParsedCredential => {
   // find the definition that matches the received credential's type
   // warning: if more then a defintion is found, the first is retrieved
-  const credentialSubject = credentials_supported.find((c) =>
-    c.credential_definition.type.includes(sdJwt.payload.type)
+  const credentialSubject = credentials_supported.find(
+    (c) =>
+      c.format === "vc+sd-jwt" &&
+      c.credential_definition.type.includes(sdJwt.payload.type)
   )?.credential_definition.credentialSubject;
 
   // the received credential matches no supported credential, throw an exception
@@ -87,45 +89,49 @@ const parseCredentialSdJwt = (
 
   // attributes that are defined in the issuer configuration
   // and are present in the disclosure set
-  const definedValues = attrDefinitions
-    // retrieve the value from the disclosure set
-    .map(
-      ([attrKey, definition]) =>
-        [
-          attrKey,
-          {
-            ...definition,
-            value: disclosures.find(
-              (_) => _[1 /* name */] === attrKey
-            )?.[2 /* value */],
-          },
-        ] as const
-    )
-    // add a human readable attribute name, with i18n, in the form { locale: name }
-    // example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
-    .map(
-      ([attrKey, { display, ...definition }]) =>
-        [
-          attrKey,
-          {
-            ...definition,
-            name: display.reduce(
-              (names, { locale, name }) => ({ ...names, [locale]: name }),
-              {} as Record<string, string>
-            ),
-          },
-        ] as const
-    );
+  const definedValues = Object.fromEntries(
+    attrDefinitions
+      // retrieve the value from the disclosure set
+      .map(
+        ([attrKey, definition]) =>
+          [
+            attrKey,
+            {
+              ...definition,
+              value: disclosures.find(
+                (_) => _[1 /* name */] === attrKey
+              )?.[2 /* value */],
+            },
+          ] as const
+      )
+      // add a human readable attribute name, with i18n, in the form { locale: name }
+      // example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
+      .map(
+        ([attrKey, { display, ...definition }]) =>
+          [
+            attrKey,
+            {
+              ...definition,
+              name: display.reduce(
+                (names, { locale, name }) => ({ ...names, [locale]: name }),
+                {} as Record<string, string>
+              ),
+            },
+          ] as const
+      )
+  );
 
   // attributes that are in the disclosure set
   // but are not defined in the issuer configuration
-  const undefinedValues = disclosures
-    .filter((_) => !Object.keys(definedValues).includes(_[1]))
-    .map(([, key, value]) => [key, { value, mandatory: false, name: key }]);
+  const undefinedValues = Object.fromEntries(
+    disclosures
+      .filter((_) => !Object.keys(definedValues).includes(_[1]))
+      .map(([, key, value]) => [key, { value, mandatory: false, name: key }])
+  );
 
   return {
-    ...Object.fromEntries(definedValues),
-    ...Object.fromEntries(undefinedValues),
+    ...definedValues,
+    ...undefinedValues,
   };
 };
 
@@ -196,6 +202,16 @@ const verifyAndParseCredentialSdJwt: WithFormat<"vc+sd-jwt"> = async (
   return { parsedCredential };
 };
 
+const verifyAndParseCredentialMdoc: WithFormat<"vc+mdoc-cbor"> = async (
+  _issuerConf,
+  _credential,
+  _,
+  _ctx
+) => {
+  // TODO: [SIW-686] decode MDOC credentials
+  throw new Error("verifyAndParseCredentialMdoc not implemented yet");
+};
+
 /**
  * Verify and parse an encoded credential
  *
@@ -222,6 +238,13 @@ export const verifyAndParseCredential: VerifyAndParseCredential = async (
       format,
       context
     );
+  } else if (format === "vc+mdoc-cbor") {
+    return verifyAndParseCredentialMdoc(
+      issuerConf,
+      credential,
+      format,
+      context
+    );
   }
 
   const _: never = format;

package/src/credential/issuance/const.ts

@@ -5,4 +5,7 @@ export const ASSERTION_TYPE =
 export type SupportedCredentialFormat = z.infer<
   typeof SupportedCredentialFormat
 >;
-export const SupportedCredentialFormat = z.literal("vc+sd-jwt");
+export const SupportedCredentialFormat = z.union([
+  z.literal("vc+sd-jwt"),
+  z.literal("vc+mdoc-cbor"),
+]);