@pagopa/io-react-native-wallet 0.11.1 → 0.13.0

package/lib/commonjs/wallet-instance-attestation/types.js

@@ -32,7 +32,7 @@ const Jwt = z.object({
 });
 const WalletInstanceAttestationRequestJwt = z.object({
   header: z.intersection(Jwt.shape.header, z.object({
-    typ: z.literal("wiar+jwt")
+    typ: z.literal("war+jwt")
   })),
   payload: z.intersection(Jwt.shape.payload, z.object({
     aud: z.string(),
@@ -47,16 +47,16 @@ const WalletInstanceAttestationJwt = z.object({
   })),
   payload: z.intersection(Jwt.shape.payload, z.object({
     sub: z.string(),
-    attested_security_context: z.string(),
+    aal: z.string(),
     authorization_endpoint: z.string(),
     response_types_supported: z.array(z.string()),
     vp_formats_supported: z.object({
-      jwt_vp_json: z.object({
-        alg_values_supported: z.array(z.string())
-      }),
-      jwt_vc_json: z.object({
-        alg_values_supported: z.array(z.string())
-      })
+      "vc+sd-jwt": z.object({
+        "sd-jwt_alg_values": z.array(z.string())
+      }).optional(),
+      "vp+sd-jwt": z.object({
+        "sd-jwt_alg_values": z.array(z.string())
+      }).optional()
     }),
     request_object_signing_alg_values_supported: z.array(z.string()),
     presentation_definition_uri_supported: z.boolean()

package/lib/commonjs/wallet-instance-attestation/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["_jwk","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","UnixTime","number","min","max","Jwt","object","header","alg","string","kid","typ","x5c","array","optional","trust_chain","payload","iss","iat","exp","cnf","jwk","intersection","JWK","WalletInstanceAttestationRequestJwt","shape","literal","aud","jti","nonce","exports","WalletInstanceAttestationJwt","sub","attested_security_context","authorization_endpoint","response_types_supported","vp_formats_supported","jwt_vp_json","alg_values_supported","jwt_vc_json","request_object_signing_alg_values_supported","presentation_definition_uri_supported","boolean"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB,MAAMW,QAAQ,GAAGxB,CAAC,CAACyB,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAGrD,MAAMC,GAAG,GAAG5B,CAAC,CAAC6B,MAAM,CAAC;EACnBC,MAAM,EAAE9B,CAAC,CAAC6B,MAAM,CAAC;IACfE,GAAG,EAAE/B,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEjC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfE,GAAG,EAAElC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfG,GAAG,EAAEnC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IACnCC,WAAW,EAAEtC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;EAC5C,CAAC,CAAC;EACFE,OAAO,EAAEvC,CAAC,CAAC6B,MAAM,CAAC;IAChBW,GAAG,EAAExC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfS,GAAG,EAAEjB,QAAQ;IACbkB,GAAG,EAAElB,QAAQ;IACbmB,GAAG,EAAE3C,CAAC,CAAC6B,MAAM,CAAC;MACZe,GAAG,EAAE5C,CAAC,CAAC6C,YAAY,CACjBC,QAAG;MACH;MACA9C,CAAC,CAAC6B,MAAM,CAAC;QAAEI,GAAG,EAAEjC,CAAC,CAACgC,MAAM,CAAC;MAAE,CAAC,CAC9B;IACF,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAKK,MAAMe,mCAAmC,GAAG/C,CAAC,CAAC6B,MAAM,CAAC;EAC1DC,MAAM,EAAE9B,CAAC,CAAC6C,YAAY,CACpBjB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChB9B,CAAC,CAAC6B,MAAM,CAAC;IACPK,GAAG,EAAElC,CAAC,CAACiD,OAAO,CAAC,UAAU;EAC3B,CAAC,CACH,CAAC;EACDV,OAAO,EAAEvC,CAAC,CAAC6C,YAAY,CACrBjB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBvC,CAAC,CAAC6B,MAAM,CAAC;IACPqB,GAAG,EAAElD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfmB,GAAG,EAAEnD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfoB,KAAK,EAAEpD,CAAC,CAACgC,MAAM,CAAC;EAClB,CAAC,CACH;AACF,CAAC,CAAC;AAACqB,OAAA,CAAAN,mCAAA,GAAAA,mCAAA;AAKI,MAAMO,4BAA4B,GAAGtD,CAAC,CAAC6B,MAAM,CAAC;EACnDC,MAAM,EAAE9B,CAAC,CAAC6C,YAAY,CACpBjB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChB9B,CAAC,CAAC6B,MAAM,CAAC;IACPK,GAAG,EAAElC,CAAC,CAACiD,OAAO,CAAC,wBAAwB;EACzC,CAAC,CACH,CAAC;EACDV,OAAO,EAAEvC,CAAC,CAAC6C,YAAY,CACrBjB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBvC,CAAC,CAAC6B,MAAM,CAAC;IACP0B,GAAG,EAAEvD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfwB,yBAAyB,EAAExD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACrCyB,sBAAsB,EAAEzD,CAAC,CAACgC,MAAM,CAAC,CAAC;IAClC0B,wBAAwB,EAAE1D,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC;IAC7C2B,oBAAoB,EAAE3D,CAAC,CAAC6B,MAAM,CAAC;MAC7B+B,WAAW,EAAE5D,CAAC,CAAC6B,MAAM,CAAC;QACpBgC,oBAAoB,EAAE7D,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC;MAC1C,CAAC,CAAC;MACF8B,WAAW,EAAE9D,CAAC,CAAC6B,MAAM,CAAC;QACpBgC,oBAAoB,EAAE7D,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC;MAC1C,CAAC;IACH,CAAC,CAAC;IACF+B,2CAA2C,EAAE/D,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC;IAChEgC,qCAAqC,EAAEhE,CAAC,CAACiE,OAAO,CAAC;EACnD,CAAC,CACH;AACF,CAAC,CAAC;AAACZ,OAAA,CAAAC,4BAAA,GAAAA,4BAAA"}
+{"version":3,"names":["_jwk","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","UnixTime","number","min","max","Jwt","object","header","alg","string","kid","typ","x5c","array","optional","trust_chain","payload","iss","iat","exp","cnf","jwk","intersection","JWK","WalletInstanceAttestationRequestJwt","shape","literal","aud","jti","nonce","exports","WalletInstanceAttestationJwt","sub","aal","authorization_endpoint","response_types_supported","vp_formats_supported","request_object_signing_alg_values_supported","presentation_definition_uri_supported","boolean"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB,MAAMW,QAAQ,GAAGxB,CAAC,CAACyB,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAGrD,MAAMC,GAAG,GAAG5B,CAAC,CAAC6B,MAAM,CAAC;EACnBC,MAAM,EAAE9B,CAAC,CAAC6B,MAAM,CAAC;IACfE,GAAG,EAAE/B,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEjC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfE,GAAG,EAAElC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfG,GAAG,EAAEnC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IACnCC,WAAW,EAAEtC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;EAC5C,CAAC,CAAC;EACFE,OAAO,EAAEvC,CAAC,CAAC6B,MAAM,CAAC;IAChBW,GAAG,EAAExC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfS,GAAG,EAAEjB,QAAQ;IACbkB,GAAG,EAAElB,QAAQ;IACbmB,GAAG,EAAE3C,CAAC,CAAC6B,MAAM,CAAC;MACZe,GAAG,EAAE5C,CAAC,CAAC6C,YAAY,CACjBC,QAAG;MACH;MACA9C,CAAC,CAAC6B,MAAM,CAAC;QAAEI,GAAG,EAAEjC,CAAC,CAACgC,MAAM,CAAC;MAAE,CAAC,CAC9B;IACF,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAKK,MAAMe,mCAAmC,GAAG/C,CAAC,CAAC6B,MAAM,CAAC;EAC1DC,MAAM,EAAE9B,CAAC,CAAC6C,YAAY,CACpBjB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChB9B,CAAC,CAAC6B,MAAM,CAAC;IACPK,GAAG,EAAElC,CAAC,CAACiD,OAAO,CAAC,SAAS;EAC1B,CAAC,CACH,CAAC;EACDV,OAAO,EAAEvC,CAAC,CAAC6C,YAAY,CACrBjB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBvC,CAAC,CAAC6B,MAAM,CAAC;IACPqB,GAAG,EAAElD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfmB,GAAG,EAAEnD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfoB,KAAK,EAAEpD,CAAC,CAACgC,MAAM,CAAC;EAClB,CAAC,CACH;AACF,CAAC,CAAC;AAACqB,OAAA,CAAAN,mCAAA,GAAAA,mCAAA;AAKI,MAAMO,4BAA4B,GAAGtD,CAAC,CAAC6B,MAAM,CAAC;EACnDC,MAAM,EAAE9B,CAAC,CAAC6C,YAAY,CACpBjB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChB9B,CAAC,CAAC6B,MAAM,CAAC;IACPK,GAAG,EAAElC,CAAC,CAACiD,OAAO,CAAC,wBAAwB;EACzC,CAAC,CACH,CAAC;EACDV,OAAO,EAAEvC,CAAC,CAAC6C,YAAY,CACrBjB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBvC,CAAC,CAAC6B,MAAM,CAAC;IACP0B,GAAG,EAAEvD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfwB,GAAG,EAAExD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfyB,sBAAsB,EAAEzD,CAAC,CAACgC,MAAM,CAAC,CAAC;IAClC0B,wBAAwB,EAAE1D,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC;IAC7C2B,oBAAoB,EAAE3D,CAAC,CAAC6B,MAAM,CAAC;MAC7B,WAAW,EAAE7B,CAAC,CACX6B,MAAM,CAAC;QACN,mBAAmB,EAAE7B,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC;MACzC,CAAC,CAAC,CACDK,QAAQ,CAAC,CAAC;MACb,WAAW,EAAErC,CAAC,CACX6B,MAAM,CAAC;QACN,mBAAmB,EAAE7B,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC;MACzC,CAAC,CAAC,CACDK,QAAQ,CAAC;IACd,CAAC,CAAC;IACFuB,2CAA2C,EAAE5D,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC;IAChE6B,qCAAqC,EAAE7D,CAAC,CAAC8D,OAAO,CAAC;EACnD,CAAC,CACH;AACF,CAAC,CAAC;AAACT,OAAA,CAAAC,4BAAA,GAAAA,4BAAA"}

package/lib/module/client/generated/wallet-provider.js

@@ -0,0 +1,102 @@
+import z from "zod";
+export const NonceDetailView = z.object({
+  nonce: z.string()
+});
+export const WalletAttestationView = z.string();
+export const CreateWalletInstanceBody = z.object({
+  challenge: z.string(),
+  key_attestation: z.string(),
+  hardware_key_tag: z.string()
+});
+export const CreateWalletAttestationBody = z.object({
+  grant_type: z.literal("urn:ietf:params:oauth:grant-type:jwt-bearer"),
+  assertion: z.string()
+});
+export const ProblemDetail = z.object({
+  type: z.string().optional(),
+  title: z.string().optional(),
+  status: z.number().optional(),
+  detail: z.string().optional(),
+  instance: z.string().optional()
+});
+export const FiscalCode = z.string();
+export const Id = z.string();
+export const get_GetNonce = {
+  method: z.literal("GET"),
+  path: z.literal("/nonce"),
+  parameters: z.never(),
+  response: NonceDetailView
+};
+export const post_CreateWalletInstance = {
+  method: z.literal("POST"),
+  path: z.literal("/wallet-instances"),
+  parameters: z.object({
+    body: CreateWalletInstanceBody
+  }),
+  response: z.unknown()
+};
+export const post_CreateWalletAttestation = {
+  method: z.literal("POST"),
+  path: z.literal("/token"),
+  parameters: z.object({
+    body: CreateWalletAttestationBody
+  }),
+  response: z.unknown()
+};
+
+// <EndpointByMethod>
+export const EndpointByMethod = {
+  get: {
+    "/nonce": get_GetNonce
+  },
+  post: {
+    "/wallet-instances": post_CreateWalletInstance,
+    "/token": post_CreateWalletAttestation
+  }
+};
+
+// </EndpointByMethod>
+// <EndpointByMethod.Shorthands>
+// </EndpointByMethod.Shorthands>
+// <ApiClientTypes>
+// </ApiClientTypes>
+// <ApiClient>
+export class ApiClient {
+  baseUrl = "";
+  constructor(fetcher) {
+    this.fetcher = fetcher;
+  }
+  setBaseUrl(baseUrl) {
+    this.baseUrl = baseUrl;
+    return this;
+  }
+
+  // <ApiClient.get>
+  get(path) {
+    return this.fetcher("get", this.baseUrl + path, arguments.length <= 1 ? undefined : arguments[1]);
+  }
+  // </ApiClient.get>
+
+  // <ApiClient.post>
+  post(path) {
+    return this.fetcher("post", this.baseUrl + path, arguments.length <= 1 ? undefined : arguments[1]);
+  }
+  // </ApiClient.post>
+}
+
+export function createApiClient(fetcher, baseUrl) {
+  return new ApiClient(fetcher).setBaseUrl(baseUrl ?? "");
+}
+
+/**
+ Example usage:
+ const api = createApiClient((method, url, params) =>
+   fetch(url, { method, body: JSON.stringify(params) }).then((res) => res.json()),
+ );
+ api.get("/users").then((users) => console.log(users));
+ api.post("/users", { body: { name: "John" } }).then((user) => console.log(user));
+ api.put("/users/:id", { path: { id: 1 }, body: { name: "John" } }).then((user) => console.log(user));
+*/
+
+// </ApiClient
+//# sourceMappingURL=wallet-provider.js.map

package/lib/module/client/generated/wallet-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["z","NonceDetailView","object","nonce","string","WalletAttestationView","CreateWalletInstanceBody","challenge","key_attestation","hardware_key_tag","CreateWalletAttestationBody","grant_type","literal","assertion","ProblemDetail","type","optional","title","status","number","detail","instance","FiscalCode","Id","get_GetNonce","method","path","parameters","never","response","post_CreateWalletInstance","body","unknown","post_CreateWalletAttestation","EndpointByMethod","get","post","ApiClient","baseUrl","constructor","fetcher","setBaseUrl","arguments","length","undefined","createApiClient"],"sourceRoot":"../../../../src","sources":["client/generated/wallet-provider.ts"],"mappings":"AAAA,OAAOA,CAAC,MAAM,KAAK;AAGnB,OAAO,MAAMC,eAAe,GAAGD,CAAC,CAACE,MAAM,CAAC;EACtCC,KAAK,EAAEH,CAAC,CAACI,MAAM,CAAC;AAClB,CAAC,CAAC;AAGF,OAAO,MAAMC,qBAAqB,GAAGL,CAAC,CAACI,MAAM,CAAC,CAAC;AAG/C,OAAO,MAAME,wBAAwB,GAAGN,CAAC,CAACE,MAAM,CAAC;EAC/CK,SAAS,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;EACrBI,eAAe,EAAER,CAAC,CAACI,MAAM,CAAC,CAAC;EAC3BK,gBAAgB,EAAET,CAAC,CAACI,MAAM,CAAC;AAC7B,CAAC,CAAC;AAGF,OAAO,MAAMM,2BAA2B,GAAGV,CAAC,CAACE,MAAM,CAAC;EAClDS,UAAU,EAAEX,CAAC,CAACY,OAAO,CAAC,6CAA6C,CAAC;EACpEC,SAAS,EAAEb,CAAC,CAACI,MAAM,CAAC;AACtB,CAAC,CAAC;AAGF,OAAO,MAAMU,aAAa,GAAGd,CAAC,CAACE,MAAM,CAAC;EACpCa,IAAI,EAAEf,CAAC,CAACI,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EAC3BC,KAAK,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EAC5BE,MAAM,EAAElB,CAAC,CAACmB,MAAM,CAAC,CAAC,CAACH,QAAQ,CAAC,CAAC;EAC7BI,MAAM,EAAEpB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EAC7BK,QAAQ,EAAErB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC;AAChC,CAAC,CAAC;AAGF,OAAO,MAAMM,UAAU,GAAGtB,CAAC,CAACI,MAAM,CAAC,CAAC;AAGpC,OAAO,MAAMmB,EAAE,GAAGvB,CAAC,CAACI,MAAM,CAAC,CAAC;AAG5B,OAAO,MAAMoB,YAAY,GAAG;EAC1BC,MAAM,EAAEzB,CAAC,CAACY,OAAO,CAAC,KAAK,CAAC;EACxBc,IAAI,EAAE1B,CAAC,CAACY,OAAO,CAAC,QAAQ,CAAC;EACzBe,UAAU,EAAE3B,CAAC,CAAC4B,KAAK,CAAC,CAAC;EACrBC,QAAQ,EAAE5B;AACZ,CAAC;AAGD,OAAO,MAAM6B,yBAAyB,GAAG;EACvCL,MAAM,EAAEzB,CAAC,CAACY,OAAO,CAAC,MAAM,CAAC;EACzBc,IAAI,EAAE1B,CAAC,CAACY,OAAO,CAAC,mBAAmB,CAAC;EACpCe,UAAU,EAAE3B,CAAC,CAACE,MAAM,CAAC;IACnB6B,IAAI,EAAEzB;EACR,CAAC,CAAC;EACFuB,QAAQ,EAAE7B,CAAC,CAACgC,OAAO,CAAC;AACtB,CAAC;AAGD,OAAO,MAAMC,4BAA4B,GAAG;EAC1CR,MAAM,EAAEzB,CAAC,CAACY,OAAO,CAAC,MAAM,CAAC;EACzBc,IAAI,EAAE1B,CAAC,CAACY,OAAO,CAAC,QAAQ,CAAC;EACzBe,UAAU,EAAE3B,CAAC,CAACE,MAAM,CAAC;IACnB6B,IAAI,EAAErB;EACR,CAAC,CAAC;EACFmB,QAAQ,EAAE7B,CAAC,CAACgC,OAAO,CAAC;AACtB,CAAC;;AAED;AACA,OAAO,MAAME,gBAAgB,GAAG;EAC9BC,GAAG,EAAE;IACH,QAAQ,EAAEX;EACZ,CAAC;EACDY,IAAI,EAAE;IACJ,mBAAmB,EAAEN,yBAAyB;IAC9C,QAAQ,EAAEG;EACZ;AACF,CAAC;;AAED;AAEA;AAIA;AAEA;AAyCA;AAEA;AACA,OAAO,MAAMI,SAAS,CAAC;EACrBC,OAAO,GAAW,EAAE;EAEpBC,WAAWA,CAAQC,OAAgB,EAAE;IAAA,KAAlBA,OAAgB,GAAhBA,OAAgB;EAAG;EAEtCC,UAAUA,CAACH,OAAe,EAAE;IAC1B,IAAI,CAACA,OAAO,GAAGA,OAAO;IACtB,OAAO,IAAI;EACb;;EAEA;EACAH,GAAGA,CACDT,IAAU,EAE+B;IACzC,OAAO,IAAI,CAACc,OAAO,CAAC,KAAK,EAAE,IAAI,CAACF,OAAO,GAAGZ,IAAI,EAAAgB,SAAA,CAAAC,MAAA,QAAAC,SAAA,GAAAF,SAAA,GAAW,CAAC;EAC5D;EACA;;EAEA;EACAN,IAAIA,CACFV,IAAU,EAE+B;IACzC,OAAO,IAAI,CAACc,OAAO,CAAC,MAAM,EAAE,IAAI,CAACF,OAAO,GAAGZ,IAAI,EAAAgB,SAAA,CAAAC,MAAA,QAAAC,SAAA,GAAAF,SAAA,GAAW,CAAC;EAC7D;EACA;AACF;;AAEA,OAAO,SAASG,eAAeA,CAACL,OAAgB,EAAEF,OAAgB,EAAE;EAClE,OAAO,IAAID,SAAS,CAACG,OAAO,CAAC,CAACC,UAAU,CAACH,OAAO,IAAI,EAAE,CAAC;AACzD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA"}

package/lib/module/client/index.js

@@ -0,0 +1,33 @@
+import { WalletProviderResponseError } from "../utils/errors";
+import { ProblemDetail, createApiClient as createWalletProviderApiClient } from "./generated/wallet-provider";
+const validateResponse = async response => {
+  if (!response.ok) {
+    let problemDetail = {};
+    try {
+      problemDetail = ProblemDetail.parse(await response.json());
+    } catch {
+      problemDetail = {
+        title: "Invalid response from Wallet Provider"
+      };
+    }
+    throw new WalletProviderResponseError(problemDetail.title ?? "Invalid response from Wallet Provider", problemDetail.type, problemDetail.detail, response.status);
+  }
+  return response;
+};
+export const getWalletProviderClient = context => {
+  const {
+    walletProviderBaseUrl,
+    appFetch = fetch
+  } = context;
+  return createWalletProviderApiClient((method, url, params) => appFetch(url, {
+    method,
+    body: params ? JSON.stringify(params.body) : undefined
+  }).then(validateResponse).then(res => {
+    const contentType = res.headers.get("content-type");
+    if (contentType === "application/json") {
+      return res.json();
+    }
+    return res.text();
+  }), walletProviderBaseUrl);
+};
+//# sourceMappingURL=index.js.map

package/lib/module/client/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["WalletProviderResponseError","ProblemDetail","createApiClient","createWalletProviderApiClient","validateResponse","response","ok","problemDetail","parse","json","title","type","detail","status","getWalletProviderClient","context","walletProviderBaseUrl","appFetch","fetch","method","url","params","body","JSON","stringify","undefined","then","res","contentType","headers","get","text"],"sourceRoot":"../../../src","sources":["client/index.ts"],"mappings":"AAAA,SAASA,2BAA2B,QAAQ,iBAAiB;AAC7D,SACEC,aAAa,EACbC,eAAe,IAAIC,6BAA6B,QAC3C,6BAA6B;AAKpC,MAAMC,gBAAgB,GAAG,MAAOC,QAAkB,IAAK;EACrD,IAAI,CAACA,QAAQ,CAACC,EAAE,EAAE;IAChB,IAAIC,aAA4B,GAAG,CAAC,CAAC;IACrC,IAAI;MACFA,aAAa,GAAGN,aAAa,CAACO,KAAK,CAAC,MAAMH,QAAQ,CAACI,IAAI,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,MAAM;MACNF,aAAa,GAAG;QACdG,KAAK,EAAE;MACT,CAAC;IACH;IAEA,MAAM,IAAIV,2BAA2B,CACnCO,aAAa,CAACG,KAAK,IAAI,uCAAuC,EAC9DH,aAAa,CAACI,IAAI,EAClBJ,aAAa,CAACK,MAAM,EACpBP,QAAQ,CAACQ,MACX,CAAC;EACH;EACA,OAAOR,QAAQ;AACjB,CAAC;AAED,OAAO,MAAMS,uBAAuB,GAAIC,OAGvC,IAAK;EACJ,MAAM;IAAEC,qBAAqB;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAGH,OAAO;EAE3D,OAAOZ,6BAA6B,CAClC,CAACgB,MAAM,EAAEC,GAAG,EAAEC,MAAM,KAClBJ,QAAQ,CAACG,GAAG,EAAE;IACZD,MAAM;IACNG,IAAI,EAAED,MAAM,GAAGE,IAAI,CAACC,SAAS,CAACH,MAAM,CAACC,IAAI,CAAC,GAAGG;EAC/C,CAAC,CAAC,CACCC,IAAI,CAACtB,gBAAgB,CAAC,CACtBsB,IAAI,CAAEC,GAAG,IAAK;IACb,MAAMC,WAAW,GAAGD,GAAG,CAACE,OAAO,CAACC,GAAG,CAAC,cAAc,CAAC;IACnD,IAAIF,WAAW,KAAK,kBAAkB,EAAE;MACtC,OAAOD,GAAG,CAAClB,IAAI,CAAC,CAAC;IACnB;IACA,OAAOkB,GAAG,CAACI,IAAI,CAAC,CAAC;EACnB,CAAC,CAAC,EACNf,qBACF,CAAC;AACH,CAAC"}

package/lib/module/credential/issuance/02-evaluate-issuer-trust.js

@@ -1,9 +1,10 @@
 import { getCredentialIssuerEntityConfiguration } from "../../trust";
 /**
+ * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
  * The Issuer trust evaluation phase.
  * Fetch the Issuer's configuration and verify trust.
  *
- * @param issuerUrl The base url of the Issuer
+ * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
  * @returns The Issuer's configuration
  */

package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map

@@ -1 +1 @@
-{"version":3,"names":["getCredentialIssuerEntityConfiguration","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","appFetch","then","_","payload","metadata"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":"AAAA,SAASA,sCAAsC,QAAQ,aAAa;AAcpE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAMP,sCAAsC,CAACE,SAAS,EAAE;IACzEM,QAAQ,EAAEL,OAAO,CAACK;EACpB,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAACC,QAAQ,CAAC;EAClC,OAAO;IAAEL;EAAW,CAAC;AACvB,CAAC"}
+{"version":3,"names":["getCredentialIssuerEntityConfiguration","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","appFetch","then","_","payload","metadata"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":"AAAA,SAASA,sCAAsC,QAAQ,aAAa;AAcpE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAMP,sCAAsC,CAACE,SAAS,EAAE;IACzEM,QAAQ,EAAEL,OAAO,CAACK;EACpB,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAACC,QAAQ,CAAC;EAClC,OAAO;IAAEL;EAAW,CAAC;AACvB,CAAC"}

package/lib/module/credential/issuance/03-start-credential-issuance.js

@@ -0,0 +1,276 @@
+import uuid from "react-native-uuid";
+import { makeParRequest } from "../../utils/par";
+import { SignJWT } from "@pagopa/io-react-native-jwt";
+import { generateRandomAlphaNumericString, hasStatus, until } from "../../utils/misc";
+import { ASSERTION_TYPE } from "./const";
+import parseUrl from "parse-url";
+import { AuthorizationError, AuthorizationIdpError, ValidationFailed } from "../../utils/errors";
+import { AuthorizationErrorShape, AuthorizationResultShape } from "../../utils/auth";
+import { withEphemeralKey } from "../../utils/crypto";
+import { createDPopToken } from "../../utils/dpop";
+import { createPopToken } from "../../utils/pop";
+import { CredentialResponse, TokenResponse } from "./types";
+import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
+import { Linking } from "react-native";
+
+/**
+ * Ensures that the credential type requested is supported by the issuer and contained in the
+ * issuer configuration.
+ * @param issuerConf The issuer configuration
+ * @param credentialType The type of the credential to be requested
+ * @returns The credential definition to be used in the request which includes the format and the type and its type
+ */
+const selectCredentialDefinition = (issuerConf, credentialType) => {
+  const credential_configurations_supported = issuerConf.openid_credential_issuer.credential_configurations_supported;
+  const [result] = Object.keys(credential_configurations_supported).filter(e => e.includes(credentialType)).map(e => ({
+    credential_configuration_id: credentialType,
+    format: credential_configurations_supported[e].format,
+    type: "openid_credential"
+  }));
+  if (!result) {
+    throw new Error(`No credential support the type '${credentialType}'`);
+  }
+  return result;
+};
+
+/**
+ * Ensures that the response mode requested is supported by the issuer and contained in the issuer configuration.
+ * @param issuerConf The issuer configuration
+ * @param credentialType The type of the credential to be requested
+ * @returns The response mode to be used in the request, "query" for PersonIdentificationData and "form_post.jwt" for all other types.
+ */
+const selectResponseMode = (issuerConf, credentialType) => {
+  const responseModeSupported = issuerConf.oauth_authorization_server.response_modes_supported;
+  const responseMode = credentialType === "PersonIdentificationData" ? "query" : "form_post.jwt";
+  if (!responseModeSupported.includes(responseMode)) {
+    throw new Error(`No response mode support the type '${credentialType}'`);
+  }
+  return responseMode;
+};
+/**
+ * Starts the credential issuance flow to obtain a credential from the issuer.
+ * @param issuerConf The Issuer configuration
+ * @param credentialType The type of the credential to be requested
+ * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
+ * @param context.credentialCryptoContext The context to access the key to associat with credential
+ * @param context.walletInstanceAttestation The Wallet Instance Attestation token
+ * @param context.authorizationContext The context to identify the user which will be used to start the authorization. It's needed only when requesting a PersonalIdentificationData credential. The implementantion should open an in-app browser capable of catching the redirectSchema. If not specified, the default browser is used.
+ * @param context.redirectUri The internal URL to which to redirect has passed the in-app browser login phase. If you don't use authorizationContext remember to register this URL as customUrl or deepLink. See https://reactnative.dev/docs/linking
+ * @param context.idphint Unique identifier of the SPID IDP
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @throws {AuthorizationError} When the response from the authorization response is not parsable
+ * @returns The credential obtained
+ */
+
+export const startCredentialIssuance = async (issuerConf, credentialType, ctx) => {
+  const {
+    wiaCryptoContext,
+    credentialCryptoContext,
+    walletInstanceAttestation,
+    authorizationContext,
+    redirectUri,
+    idphint,
+    appFetch = fetch
+  } = ctx;
+
+  /**
+   * Creates and sends a PAR request to the /as/par endpoint of the authroization server.
+   * This starts the authentication flow to obtain an access token.
+   * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer.
+   * This is an HTTP POST request containing the Wallet Instance identifier (client id), the code challenge and challenge method as specified by PKCE according to RFC 9126
+   * along with the WTE and its proof of possession (WTE-PoP).
+   * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details),
+   * the application session identifier on the Wallet Instance side (state),
+   * the method (query or form_post.jwt) by which the Authorization Server
+   * should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
+   * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirect_uri of the Wallet Instance where the Authorization Response
+   * should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
+   */
+  const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
+  const codeVerifier = generateRandomAlphaNumericString(64);
+  const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
+  const parUrl = new URL(parEndpoint);
+  const aud = `${parUrl.protocol}//${parUrl.hostname}`;
+  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
+  const credentialDefinition = selectCredentialDefinition(issuerConf, credentialType);
+  const responseMode = selectResponseMode(issuerConf, credentialType);
+  const getPar = makeParRequest({
+    wiaCryptoContext,
+    appFetch
+  });
+  const issuerRequestUri = await getPar(clientId, codeVerifier, redirectUri, responseMode, parEndpoint, walletInstanceAttestation, [credentialDefinition], ASSERTION_TYPE);
+
+  /**
+   * Starts the authorization flow which dependes on the response mode and the request credential.
+   * If the response mode is "query" the authorization flow is handled differently via the authorization context which opens an in-app browser capable of catching the redirectSchema.
+   * The form_post.jwt mode is not currently supported.
+   */
+  const authorizeFlowResult = await (async () => {
+    const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
+    if (responseMode === "query") {
+      const params = new URLSearchParams({
+        client_id: clientId,
+        request_uri: issuerRequestUri,
+        idphint
+      });
+
+      /**
+       * Starts the authorization flow to obtain an authorization code by performing a GET request to the /authorize endpoint of the authorization server.
+       */
+      return await authorizeUserWithQueryMode(authzRequestEndpoint, params, redirectUri, authorizationContext);
+    } else {
+      throw new AuthorizationError("Response mode not supported for this type of credential");
+    }
+  })();
+
+  /**
+   * Creates and sends the DPoP Proof JWT to be presented with the authorization code to the /token endpoint of the authorization server
+   * for requesting the issuance of an access token bound to the public key of the Wallet Instance contained within the DPoP.
+   * This enables the Wallet Instance to request a digital credential.
+   * The DPoP Proof JWT is generated according to the section 4.3 of the DPoP RFC 9449 specification.
+   */
+
+  const {
+    code
+  } = authorizeFlowResult;
+  const tokenUrl = issuerConf.oauth_authorization_server.token_endpoint;
+  // Use an ephemeral key to be destroyed after use
+  const tokenRequestSignedDPop = await withEphemeralKey(async ephimeralContext => {
+    return await createDPopToken({
+      htm: "POST",
+      htu: tokenUrl,
+      jti: `${uuid.v4()}`
+    }, ephimeralContext);
+  });
+  const signedWiaPoP = await createPopToken({
+    jti: `${uuid.v4()}`,
+    aud,
+    iss
+  }, wiaCryptoContext);
+  const requestBody = {
+    grant_type: "authorization_code",
+    client_id: clientId,
+    code,
+    redirect_uri: redirectUri,
+    code_verifier: codeVerifier,
+    client_assertion_type: ASSERTION_TYPE,
+    client_assertion: walletInstanceAttestation + "~" + signedWiaPoP
+  };
+  const authorizationRequestFormBody = new URLSearchParams(requestBody);
+  const tokenRes = await appFetch(tokenUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      DPoP: tokenRequestSignedDPop
+    },
+    body: authorizationRequestFormBody.toString()
+  }).then(hasStatus(200)).then(res => res.json()).then(body => TokenResponse.safeParse(body));
+  if (!tokenRes.success) {
+    throw new ValidationFailed(tokenRes.error.message);
+  }
+
+  /**
+   * Validates the token response and extracts the access token, c_nonce and c_nonce_expires_in.
+   */
+  const accessTokenResponse = tokenRes.data;
+  const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
+
+  /**
+   * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
+   * This is presented along with the access token to the Credential Endpoint as proof of possession of the private key used to sign the Access Token.
+   * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
+   */
+  const signedNonceProof = await createNonceProof(accessTokenResponse.c_nonce, clientId, credentialUrl, credentialCryptoContext);
+
+  // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
+  const constainsCredentialDefinition = accessTokenResponse.authorization_details.some(c => c.credential_configuration_id === credentialDefinition.credential_configuration_id && c.format === credentialDefinition.format && c.type === credentialDefinition.type);
+  if (!constainsCredentialDefinition) {
+    throw new ValidationFailed("The access token response does not contain the requested credential");
+  }
+
+  /** The credential request body */
+  const credentialRequestFormBody = {
+    credential_definition: {
+      type: [credentialDefinition.credential_configuration_id]
+    },
+    format: credentialDefinition.format,
+    proof: {
+      jwt: signedNonceProof,
+      proof_type: "jwt"
+    }
+  };
+  const credentialRes = await appFetch(credentialUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      DPoP: tokenRequestSignedDPop,
+      Authorization: `${accessTokenResponse.token_type} ${accessTokenResponse.access_token}`
+    },
+    body: JSON.stringify(credentialRequestFormBody)
+  }).then(hasStatus(200)).then(res => res.json()).then(body => CredentialResponse.safeParse(body));
+  if (!credentialRes.success) {
+    throw new ValidationFailed(credentialRes.error.message);
+  }
+  return credentialRes.data;
+};
+
+/**
+ * Authorizes the user using the query mode and the authorization context.
+ * @param authzRequestEndpoint The authorization endpoint of the authorization server
+ * @param params The query parameters to be used in the request
+ * @param redirectUri The URL to which the redirect is made is usually a custom URL or deeplink
+ * @param authorizationContext The AuthorizationContext to manage the internal webview. If not specified, the default browser is used
+ * @returns The authrozation result containing the authorization code, state and issuer
+ */
+export const authorizeUserWithQueryMode = async (authzRequestEndpoint, params, redirectUri, authorizationContext) => {
+  const authUrl = `${authzRequestEndpoint}?${params}`;
+  var authRedirectUrl;
+  if (authorizationContext) {
+    const redirectSchema = new URL(redirectUri).protocol.replace(":", "");
+    authRedirectUrl = await authorizationContext.authorize(authUrl, redirectSchema).catch(e => {
+      throw new AuthorizationError(e.message);
+    });
+  } else {
+    // handler for redirectUri
+    Linking.addEventListener("url", _ref => {
+      let {
+        url
+      } = _ref;
+      if (url.includes(redirectUri)) {
+        authRedirectUrl = url;
+      }
+    });
+    const openAuthUrlInBrowser = Linking.openURL(authUrl);
+
+    /*
+     * Waits for 120 seconds for the identificationRedirectUrl variable to be set
+     * by the custom url handler. If the timeout is exceeded, throw an exception
+     */
+    const unitAuthRedirectIsNotUndefined = until(() => authRedirectUrl !== undefined, 120);
+    await Promise.all([openAuthUrlInBrowser, unitAuthRedirectIsNotUndefined]);
+    if (authRedirectUrl === undefined) {
+      throw new AuthorizationError("Invalid authentication redirect url");
+    }
+  }
+  const urlParse = parseUrl(authRedirectUrl);
+  const authRes = AuthorizationResultShape.safeParse(urlParse.query);
+  if (!authRes.success) {
+    const authErr = AuthorizationErrorShape.safeParse(urlParse.query);
+    if (!authErr.success) {
+      throw new AuthorizationError(authRes.error.message); // an error occured while parsing the result and the error
+    }
+
+    throw new AuthorizationIdpError(authErr.data.error, authErr.data.error_description);
+  }
+  return authRes.data;
+};
+export const createNonceProof = async (nonce, issuer, audience, ctx) => {
+  const jwk = await ctx.getPublicKey();
+  return new SignJWT(ctx).setPayload({
+    nonce
+  }).setProtectedHeader({
+    typ: "openid4vci-proof+jwt",
+    jwk
+  }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("5min").sign();
+};
+//# sourceMappingURL=03-start-credential-issuance.js.map

package/lib/module/credential/issuance/03-start-credential-issuance.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["uuid","makeParRequest","SignJWT","generateRandomAlphaNumericString","hasStatus","until","ASSERTION_TYPE","parseUrl","AuthorizationError","AuthorizationIdpError","ValidationFailed","AuthorizationErrorShape","AuthorizationResultShape","withEphemeralKey","createDPopToken","createPopToken","CredentialResponse","TokenResponse","WalletInstanceAttestation","Linking","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","format","type","Error","selectResponseMode","responseModeSupported","oauth_authorization_server","response_modes_supported","responseMode","startCredentialIssuance","ctx","wiaCryptoContext","credentialCryptoContext","walletInstanceAttestation","authorizationContext","redirectUri","idphint","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","credentialDefinition","getPar","issuerRequestUri","authorizeFlowResult","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","authorizeUserWithQueryMode","code","tokenUrl","token_endpoint","tokenRequestSignedDPop","ephimeralContext","htm","htu","jti","v4","signedWiaPoP","requestBody","grant_type","redirect_uri","code_verifier","client_assertion_type","client_assertion","authorizationRequestFormBody","tokenRes","method","headers","DPoP","body","toString","res","json","safeParse","success","error","message","accessTokenResponse","data","credentialUrl","credential_endpoint","signedNonceProof","createNonceProof","c_nonce","constainsCredentialDefinition","authorization_details","some","c","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","credentialRes","Authorization","token_type","access_token","JSON","stringify","authUrl","authRedirectUrl","redirectSchema","replace","authorize","catch","addEventListener","_ref","url","openAuthUrlInBrowser","openURL","unitAuthRedirectIsNotUndefined","undefined","Promise","all","urlParse","authRes","query","authErr","error_description","nonce","issuer","audience","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-credential-issuance.ts"],"mappings":"AAAA,OAAOA,IAAI,MAAM,mBAAmB;AACpC,SAA8BC,cAAc,QAAQ,iBAAiB;AACrE,SAASC,OAAO,QAA4B,6BAA6B;AACzE,SACEC,gCAAgC,EAChCC,SAAS,EACTC,KAAK,QAEA,kBAAkB;AAGzB,SAASC,cAAc,QAAQ,SAAS;AACxC,OAAOC,QAAQ,MAAM,WAAW;AAChC,SACEC,kBAAkB,EAClBC,qBAAqB,EACrBC,gBAAgB,QACX,oBAAoB;AAC3B,SACEC,uBAAuB,EACvBC,wBAAwB,QAGnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAQ,oBAAoB;AACrD,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,cAAc,QAAQ,iBAAiB;AAChD,SAASC,kBAAkB,EAAEC,aAAa,QAA2B,SAAS;AAC9E,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAC9E,SAASC,OAAO,QAAQ,cAAc;;AAEtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,cAAc,CAAC,CAAC,CACzCS,GAAG,CAAEF,CAAC,KAAM;IACXG,2BAA2B,EAAEV,cAAc;IAC3CW,MAAM,EAAEV,mCAAmC,CAACM,CAAC,CAAC,CAAEI,MAAM;IACtDC,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACT,MAAM,EAAE;IACX,MAAM,IAAIU,KAAK,CAAE,mCAAkCb,cAAe,GAAE,CAAC;EACvE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMW,kBAAkB,GAAGA,CACzBf,UAAkD,EAClDC,cAAgD,KAC/B;EACjB,MAAMe,qBAAqB,GACzBhB,UAAU,CAACiB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,YAAY,GAChBlB,cAAc,KAAK,0BAA0B,GAAG,OAAO,GAAG,eAAe;EAE3E,IAAI,CAACe,qBAAqB,CAACP,QAAQ,CAACU,YAAY,CAAC,EAAE;IACjD,MAAM,IAAIL,KAAK,CAAE,sCAAqCb,cAAe,GAAE,CAAC;EAC1E;EAEA,OAAOkB,YAAY;AACrB,CAAC;AAgBD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMC,uBAAgD,GAAG,MAAAA,CAC9DpB,UAAU,EACVC,cAAc,EACdoB,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,uBAAuB;IACvBC,yBAAyB;IACzBC,oBAAoB;IACpBC,WAAW;IACXC,OAAO;IACPC,QAAQ,GAAGC;EACb,CAAC,GAAGR,GAAG;;EAEP;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMS,QAAQ,GAAG,MAAMR,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,MAAMC,YAAY,GAAGrD,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAMsD,WAAW,GACfpC,UAAU,CAACiB,0BAA0B,CAACoB,qCAAqC;EAC7E,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACH,WAAW,CAAC;EACnC,MAAMI,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAG9C,yBAAyB,CAAC+C,MAAM,CAACpB,yBAAyB,CAAC,CACpEqB,OAAO,CAACC,GAAG,CAACC,GAAG,CAACb,GAAG;EACtB,MAAMc,oBAAoB,GAAGjD,0BAA0B,CACrDC,UAAU,EACVC,cACF,CAAC;EACD,MAAMkB,YAAY,GAAGJ,kBAAkB,CAACf,UAAU,EAAEC,cAAc,CAAC;EAEnE,MAAMgD,MAAM,GAAGrE,cAAc,CAAC;IAAE0C,gBAAgB;IAAEM;EAAS,CAAC,CAAC;EAC7D,MAAMsB,gBAAgB,GAAG,MAAMD,MAAM,CACnCnB,QAAQ,EACRK,YAAY,EACZT,WAAW,EACXP,YAAY,EACZiB,WAAW,EACXZ,yBAAyB,EACzB,CAACwB,oBAAoB,CAAC,EACtB/D,cACF,CAAC;;EAED;AACF;AACA;AACA;AACA;EACE,MAAMkE,mBAAmB,GAAG,MAAM,CAAC,YAAY;IAC7C,MAAMC,oBAAoB,GACxBpD,UAAU,CAACiB,0BAA0B,CAACoC,sBAAsB;IAC9D,IAAIlC,YAAY,KAAK,OAAO,EAAE;MAC5B,MAAMmC,MAAM,GAAG,IAAIC,eAAe,CAAC;QACjCC,SAAS,EAAE1B,QAAQ;QACnB2B,WAAW,EAAEP,gBAAgB;QAC7BvB;MACF,CAAC,CAAC;;MAEF;AACN;AACA;MACM,OAAO,MAAM+B,0BAA0B,CACrCN,oBAAoB,EACpBE,MAAM,EACN5B,WAAW,EACXD,oBACF,CAAC;IACH,CAAC,MAAM;MACL,MAAM,IAAItC,kBAAkB,CAC1B,yDACF,CAAC;IACH;EACF,CAAC,EAAE,CAAC;;EAEJ;AACF;AACA;AACA;AACA;AACA;;EAEE,MAAM;IAAEwE;EAAK,CAAC,GAAGR,mBAAmB;EACpC,MAAMS,QAAQ,GAAG5D,UAAU,CAACiB,0BAA0B,CAAC4C,cAAc;EACrE;EACA,MAAMC,sBAAsB,GAAG,MAAMtE,gBAAgB,CACnD,MAAOuE,gBAAgB,IAAK;IAC1B,OAAO,MAAMtE,eAAe,CAC1B;MACEuE,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEL,QAAQ;MACbM,GAAG,EAAG,GAAEvF,IAAI,CAACwF,EAAE,CAAC,CAAE;IACpB,CAAC,EACDJ,gBACF,CAAC;EACH,CACF,CAAC;EAED,MAAMK,YAAY,GAAG,MAAM1E,cAAc,CACvC;IACEwE,GAAG,EAAG,GAAEvF,IAAI,CAACwF,EAAE,CAAC,CAAE,EAAC;IACnB3B,GAAG;IACHG;EACF,CAAC,EACDrB,gBACF,CAAC;EAED,MAAM+C,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCd,SAAS,EAAE1B,QAAQ;IACnB6B,IAAI;IACJY,YAAY,EAAE7C,WAAW;IACzB8C,aAAa,EAAErC,YAAY;IAC3BsC,qBAAqB,EAAExF,cAAc;IACrCyF,gBAAgB,EAAElD,yBAAyB,GAAG,GAAG,GAAG4C;EACtD,CAAC;EAED,MAAMO,4BAA4B,GAAG,IAAIpB,eAAe,CAACc,WAAW,CAAC;EACrE,MAAMO,QAAQ,GAAG,MAAMhD,QAAQ,CAACgC,QAAQ,EAAE;IACxCiB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEjB;IACR,CAAC;IACDkB,IAAI,EAAEL,4BAA4B,CAACM,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCjD,IAAI,CAACjD,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBiD,IAAI,CAAEkD,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBnD,IAAI,CAAEgD,IAAI,IAAKpF,aAAa,CAACwF,SAAS,CAACJ,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACS,OAAO,EAAE;IACrB,MAAM,IAAIhG,gBAAgB,CAACuF,QAAQ,CAACU,KAAK,CAACC,OAAO,CAAC;EACpD;;EAEA;AACF;AACA;EACE,MAAMC,mBAAmB,GAAGZ,QAAQ,CAACa,IAAI;EACzC,MAAMC,aAAa,GAAG1F,UAAU,CAACG,wBAAwB,CAACwF,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAMC,gBAAgB,CAC7CL,mBAAmB,CAACM,OAAO,EAC3BhE,QAAQ,EACR4D,aAAa,EACbnE,uBACF,CAAC;;EAED;EACA,MAAMwE,6BAA6B,GACjCP,mBAAmB,CAACQ,qBAAqB,CAACC,IAAI,CAC3CC,CAAC,IACAA,CAAC,CAACvF,2BAA2B,KAC3BqC,oBAAoB,CAACrC,2BAA2B,IAClDuF,CAAC,CAACtF,MAAM,KAAKoC,oBAAoB,CAACpC,MAAM,IACxCsF,CAAC,CAACrF,IAAI,KAAKmC,oBAAoB,CAACnC,IACpC,CAAC;EAEH,IAAI,CAACkF,6BAA6B,EAAE;IAClC,MAAM,IAAI1G,gBAAgB,CACxB,qEACF,CAAC;EACH;;EAEA;EACA,MAAM8G,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBvF,IAAI,EAAE,CAACmC,oBAAoB,CAACrC,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEoC,oBAAoB,CAACpC,MAAM;IACnCyF,KAAK,EAAE;MACLC,GAAG,EAAEV,gBAAgB;MACrBW,UAAU,EAAE;IACd;EACF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAM5E,QAAQ,CAAC8D,aAAa,EAAE;IAClDb,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAEjB,sBAAsB;MAC5B2C,aAAa,EAAG,GAAEjB,mBAAmB,CAACkB,UAAW,IAAGlB,mBAAmB,CAACmB,YAAa;IACvF,CAAC;IACD3B,IAAI,EAAE4B,IAAI,CAACC,SAAS,CAACV,yBAAyB;EAChD,CAAC,CAAC,CACCnE,IAAI,CAACjD,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBiD,IAAI,CAAEkD,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBnD,IAAI,CAAEgD,IAAI,IAAKrF,kBAAkB,CAACyF,SAAS,CAACJ,IAAI,CAAC,CAAC;EAErD,IAAI,CAACwB,aAAa,CAACnB,OAAO,EAAE;IAC1B,MAAM,IAAIhG,gBAAgB,CAACmH,aAAa,CAAClB,KAAK,CAACC,OAAO,CAAC;EACzD;EAEA,OAAOiB,aAAa,CAACf,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM/B,0BAA0B,GAAG,MAAAA,CACxCN,oBAA4B,EAC5BE,MAAuB,EACvB5B,WAAmB,EACnBD,oBAA2C,KACV;EACjC,MAAMqF,OAAO,GAAI,GAAE1D,oBAAqB,IAAGE,MAAO,EAAC;EACnD,IAAIyD,eAAmC;EAEvC,IAAItF,oBAAoB,EAAE;IACxB,MAAMuF,cAAc,GAAG,IAAIzE,GAAG,CAACb,WAAW,CAAC,CAACe,QAAQ,CAACwE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;IACrEF,eAAe,GAAG,MAAMtF,oBAAoB,CACzCyF,SAAS,CAACJ,OAAO,EAAEE,cAAc,CAAC,CAClCG,KAAK,CAAE3G,CAAC,IAAK;MACZ,MAAM,IAAIrB,kBAAkB,CAACqB,CAAC,CAAC+E,OAAO,CAAC;IACzC,CAAC,CAAC;EACN,CAAC,MAAM;IACL;IACAzF,OAAO,CAACsH,gBAAgB,CAAC,KAAK,EAAEC,IAAA,IAAa;MAAA,IAAZ;QAAEC;MAAI,CAAC,GAAAD,IAAA;MACtC,IAAIC,GAAG,CAAC7G,QAAQ,CAACiB,WAAW,CAAC,EAAE;QAC7BqF,eAAe,GAAGO,GAAG;MACvB;IACF,CAAC,CAAC;IAEF,MAAMC,oBAAoB,GAAGzH,OAAO,CAAC0H,OAAO,CAACV,OAAO,CAAC;;IAErD;AACJ;AACA;AACA;IACI,MAAMW,8BAA8B,GAAGzI,KAAK,CAC1C,MAAM+H,eAAe,KAAKW,SAAS,EACnC,GACF,CAAC;IAED,MAAMC,OAAO,CAACC,GAAG,CAAC,CAACL,oBAAoB,EAAEE,8BAA8B,CAAC,CAAC;IAEzE,IAAIV,eAAe,KAAKW,SAAS,EAAE;MACjC,MAAM,IAAIvI,kBAAkB,CAAC,qCAAqC,CAAC;IACrE;EACF;EAEA,MAAM0I,QAAQ,GAAG3I,QAAQ,CAAC6H,eAAe,CAAC;EAC1C,MAAMe,OAAO,GAAGvI,wBAAwB,CAAC6F,SAAS,CAACyC,QAAQ,CAACE,KAAK,CAAC;EAClE,IAAI,CAACD,OAAO,CAACzC,OAAO,EAAE;IACpB,MAAM2C,OAAO,GAAG1I,uBAAuB,CAAC8F,SAAS,CAACyC,QAAQ,CAACE,KAAK,CAAC;IACjE,IAAI,CAACC,OAAO,CAAC3C,OAAO,EAAE;MACpB,MAAM,IAAIlG,kBAAkB,CAAC2I,OAAO,CAACxC,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IACvD;;IACA,MAAM,IAAInG,qBAAqB,CAC7B4I,OAAO,CAACvC,IAAI,CAACH,KAAK,EAClB0C,OAAO,CAACvC,IAAI,CAACwC,iBACf,CAAC;EACH;EACA,OAAOH,OAAO,CAACrC,IAAI;AACrB,CAAC;AAED,OAAO,MAAMI,gBAAgB,GAAG,MAAAA,CAC9BqC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChB/G,GAAkB,KACE;EACpB,MAAM0B,GAAG,GAAG,MAAM1B,GAAG,CAACU,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIlD,OAAO,CAACwC,GAAG,CAAC,CACpBgH,UAAU,CAAC;IACVH;EACF,CAAC,CAAC,CACDI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BxF;EACF,CAAC,CAAC,CACDyF,WAAW,CAACJ,QAAQ,CAAC,CACrBK,SAAS,CAACN,MAAM,CAAC,CACjBO,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC"}