@pagopa/io-react-native-wallet 0.12.0 → 0.13.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (205) hide show
  1. package/lib/commonjs/client/generated/wallet-provider.js +22 -22
  2. package/lib/commonjs/client/generated/wallet-provider.js.map +1 -1
  3. package/lib/commonjs/client/index.js +1 -2
  4. package/lib/commonjs/client/index.js.map +1 -1
  5. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js +2 -1
  6. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
  7. package/lib/commonjs/credential/issuance/03-start-credential-issuance.js +287 -0
  8. package/lib/commonjs/credential/issuance/03-start-credential-issuance.js.map +1 -0
  9. package/lib/commonjs/credential/issuance/03-start-user-authorization.js +56 -83
  10. package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
  11. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +88 -0
  12. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
  13. package/lib/commonjs/credential/issuance/05-authorize-access.js +56 -33
  14. package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
  15. package/lib/commonjs/credential/issuance/06-obtain-credential.js +51 -78
  16. package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
  17. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +21 -44
  18. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  19. package/lib/commonjs/credential/issuance/index.js +7 -0
  20. package/lib/commonjs/credential/issuance/index.js.map +1 -1
  21. package/lib/commonjs/credential/issuance/types.js +28 -0
  22. package/lib/commonjs/credential/issuance/types.js.map +1 -0
  23. package/lib/commonjs/index.js.map +1 -1
  24. package/lib/commonjs/pid/sd-jwt/converters.js +5 -9
  25. package/lib/commonjs/pid/sd-jwt/converters.js.map +1 -1
  26. package/lib/commonjs/pid/sd-jwt/types.js +3 -3
  27. package/lib/commonjs/pid/sd-jwt/types.js.map +1 -1
  28. package/lib/commonjs/sd-jwt/__test__/converters.test.js +1 -1
  29. package/lib/commonjs/sd-jwt/__test__/converters.test.js.map +1 -1
  30. package/lib/commonjs/sd-jwt/__test__/index.test.js +30 -43
  31. package/lib/commonjs/sd-jwt/__test__/index.test.js.map +1 -1
  32. package/lib/commonjs/sd-jwt/__test__/types.test.js +16 -24
  33. package/lib/commonjs/sd-jwt/__test__/types.test.js.map +1 -1
  34. package/lib/commonjs/sd-jwt/index.js +3 -9
  35. package/lib/commonjs/sd-jwt/index.js.map +1 -1
  36. package/lib/commonjs/sd-jwt/types.js +11 -16
  37. package/lib/commonjs/sd-jwt/types.js.map +1 -1
  38. package/lib/commonjs/trust/types.js +70 -29
  39. package/lib/commonjs/trust/types.js.map +1 -1
  40. package/lib/commonjs/utils/auth.js +44 -0
  41. package/lib/commonjs/utils/auth.js.map +1 -0
  42. package/lib/commonjs/utils/errors.js +77 -2
  43. package/lib/commonjs/utils/errors.js.map +1 -1
  44. package/lib/commonjs/utils/misc.js +34 -1
  45. package/lib/commonjs/utils/misc.js.map +1 -1
  46. package/lib/commonjs/utils/par.js +23 -15
  47. package/lib/commonjs/utils/par.js.map +1 -1
  48. package/lib/commonjs/utils/pop.js +33 -0
  49. package/lib/commonjs/utils/pop.js.map +1 -0
  50. package/lib/commonjs/wallet-instance-attestation/issuing.js +17 -2
  51. package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
  52. package/lib/commonjs/wallet-instance-attestation/types.js +7 -7
  53. package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
  54. package/lib/module/client/generated/wallet-provider.js +16 -19
  55. package/lib/module/client/generated/wallet-provider.js.map +1 -1
  56. package/lib/module/client/index.js +1 -2
  57. package/lib/module/client/index.js.map +1 -1
  58. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js +2 -1
  59. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
  60. package/lib/module/credential/issuance/03-start-credential-issuance.js +276 -0
  61. package/lib/module/credential/issuance/03-start-credential-issuance.js.map +1 -0
  62. package/lib/module/credential/issuance/03-start-user-authorization.js +56 -80
  63. package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
  64. package/lib/module/credential/issuance/04-complete-user-authorization.js +85 -1
  65. package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
  66. package/lib/module/credential/issuance/05-authorize-access.js +54 -33
  67. package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
  68. package/lib/module/credential/issuance/06-obtain-credential.js +50 -75
  69. package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
  70. package/lib/module/credential/issuance/07-verify-and-parse-credential.js +21 -44
  71. package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  72. package/lib/module/credential/issuance/index.js +2 -1
  73. package/lib/module/credential/issuance/index.js.map +1 -1
  74. package/lib/module/credential/issuance/types.js +18 -0
  75. package/lib/module/credential/issuance/types.js.map +1 -0
  76. package/lib/module/index.js.map +1 -1
  77. package/lib/module/pid/sd-jwt/converters.js +5 -9
  78. package/lib/module/pid/sd-jwt/converters.js.map +1 -1
  79. package/lib/module/pid/sd-jwt/types.js +3 -3
  80. package/lib/module/pid/sd-jwt/types.js.map +1 -1
  81. package/lib/module/sd-jwt/__test__/converters.test.js +1 -1
  82. package/lib/module/sd-jwt/__test__/converters.test.js.map +1 -1
  83. package/lib/module/sd-jwt/__test__/index.test.js +30 -43
  84. package/lib/module/sd-jwt/__test__/index.test.js.map +1 -1
  85. package/lib/module/sd-jwt/__test__/types.test.js +16 -24
  86. package/lib/module/sd-jwt/__test__/types.test.js.map +1 -1
  87. package/lib/module/sd-jwt/index.js +3 -9
  88. package/lib/module/sd-jwt/index.js.map +1 -1
  89. package/lib/module/sd-jwt/types.js +11 -16
  90. package/lib/module/sd-jwt/types.js.map +1 -1
  91. package/lib/module/sd-jwt/verifier.js.map +1 -1
  92. package/lib/module/trust/types.js +70 -29
  93. package/lib/module/trust/types.js.map +1 -1
  94. package/lib/module/utils/auth.js +35 -0
  95. package/lib/module/utils/auth.js.map +1 -0
  96. package/lib/module/utils/errors.js +71 -0
  97. package/lib/module/utils/errors.js.map +1 -1
  98. package/lib/module/utils/misc.js +31 -0
  99. package/lib/module/utils/misc.js.map +1 -1
  100. package/lib/module/utils/par.js +24 -16
  101. package/lib/module/utils/par.js.map +1 -1
  102. package/lib/module/utils/pop.js +24 -0
  103. package/lib/module/utils/pop.js.map +1 -0
  104. package/lib/module/wallet-instance-attestation/issuing.js +17 -2
  105. package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
  106. package/lib/module/wallet-instance-attestation/types.js +7 -7
  107. package/lib/module/wallet-instance-attestation/types.js.map +1 -1
  108. package/lib/typescript/client/generated/wallet-provider.d.ts +35 -13
  109. package/lib/typescript/client/generated/wallet-provider.d.ts.map +1 -1
  110. package/lib/typescript/client/index.d.ts.map +1 -1
  111. package/lib/typescript/credential/issuance/01-start-flow.d.ts +1 -0
  112. package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -1
  113. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts +2 -1
  114. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map +1 -1
  115. package/lib/typescript/credential/issuance/03-start-credential-issuance.d.ts +41 -0
  116. package/lib/typescript/credential/issuance/03-start-credential-issuance.d.ts.map +1 -0
  117. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +23 -18
  118. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
  119. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +24 -12
  120. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
  121. package/lib/typescript/credential/issuance/05-authorize-access.d.ts +22 -16
  122. package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
  123. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +19 -26
  124. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
  125. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts +10 -15
  126. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
  127. package/lib/typescript/credential/issuance/index.d.ts +3 -4
  128. package/lib/typescript/credential/issuance/index.d.ts.map +1 -1
  129. package/lib/typescript/credential/issuance/types.d.ts +63 -0
  130. package/lib/typescript/credential/issuance/types.d.ts.map +1 -0
  131. package/lib/typescript/credential/presentation/types.d.ts +6 -6
  132. package/lib/typescript/index.d.ts +2 -1
  133. package/lib/typescript/index.d.ts.map +1 -1
  134. package/lib/typescript/pid/sd-jwt/converters.d.ts.map +1 -1
  135. package/lib/typescript/pid/sd-jwt/types.d.ts +36 -36
  136. package/lib/typescript/pid/sd-jwt/types.d.ts.map +1 -1
  137. package/lib/typescript/sd-jwt/index.d.ts +40 -68
  138. package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
  139. package/lib/typescript/sd-jwt/types.d.ts +64 -121
  140. package/lib/typescript/sd-jwt/types.d.ts.map +1 -1
  141. package/lib/typescript/trust/index.d.ts +150 -48
  142. package/lib/typescript/trust/index.d.ts.map +1 -1
  143. package/lib/typescript/trust/types.d.ts +2838 -1740
  144. package/lib/typescript/trust/types.d.ts.map +1 -1
  145. package/lib/typescript/utils/auth.d.ts +52 -0
  146. package/lib/typescript/utils/auth.d.ts.map +1 -0
  147. package/lib/typescript/utils/errors.d.ts +36 -1
  148. package/lib/typescript/utils/errors.d.ts.map +1 -1
  149. package/lib/typescript/utils/integrity.d.ts +1 -1
  150. package/lib/typescript/utils/misc.d.ts +18 -0
  151. package/lib/typescript/utils/misc.d.ts.map +1 -1
  152. package/lib/typescript/utils/par.d.ts +8 -31
  153. package/lib/typescript/utils/par.d.ts.map +1 -1
  154. package/lib/typescript/utils/pop.d.ts +26 -0
  155. package/lib/typescript/utils/pop.d.ts.map +1 -0
  156. package/lib/typescript/wallet-instance-attestation/issuing.d.ts +2 -1
  157. package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
  158. package/lib/typescript/wallet-instance-attestation/types.d.ts +59 -59
  159. package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
  160. package/package.json +2 -1
  161. package/src/client/generated/wallet-provider.ts +24 -21
  162. package/src/client/index.ts +3 -8
  163. package/src/credential/issuance/01-start-flow.ts +1 -0
  164. package/src/credential/issuance/02-evaluate-issuer-trust.ts +2 -1
  165. package/src/credential/issuance/03-start-credential-issuance.ts +407 -0
  166. package/src/credential/issuance/03-start-user-authorization.ts +91 -92
  167. package/src/credential/issuance/04-complete-user-authorization.ts +114 -13
  168. package/src/credential/issuance/05-authorize-access.ts +74 -49
  169. package/src/credential/issuance/06-obtain-credential.ts +77 -111
  170. package/src/credential/issuance/07-verify-and-parse-credential.ts +30 -67
  171. package/src/credential/issuance/index.ts +6 -4
  172. package/src/credential/issuance/types.ts +25 -0
  173. package/src/index.ts +2 -1
  174. package/src/pid/sd-jwt/converters.ts +5 -11
  175. package/src/pid/sd-jwt/types.ts +8 -6
  176. package/src/sd-jwt/__test__/converters.test.ts +1 -1
  177. package/src/sd-jwt/__test__/index.test.ts +45 -74
  178. package/src/sd-jwt/__test__/types.test.ts +21 -33
  179. package/src/sd-jwt/index.ts +3 -12
  180. package/src/sd-jwt/types.ts +17 -22
  181. package/src/trust/types.ts +64 -32
  182. package/src/utils/auth.ts +37 -0
  183. package/src/utils/errors.ts +85 -1
  184. package/src/utils/integrity.ts +1 -1
  185. package/src/utils/misc.ts +43 -0
  186. package/src/utils/par.ts +29 -17
  187. package/src/utils/pop.ts +34 -0
  188. package/src/wallet-instance-attestation/issuing.ts +39 -2
  189. package/src/wallet-instance-attestation/types.ts +11 -7
  190. package/lib/commonjs/credential/issuance/07-confirm-credential.js +0 -6
  191. package/lib/commonjs/credential/issuance/07-confirm-credential.js.map +0 -1
  192. package/lib/commonjs/credential/issuance/08-confirm-credential.js +0 -6
  193. package/lib/commonjs/credential/issuance/08-confirm-credential.js.map +0 -1
  194. package/lib/module/credential/issuance/07-confirm-credential.js +0 -2
  195. package/lib/module/credential/issuance/07-confirm-credential.js.map +0 -1
  196. package/lib/module/credential/issuance/08-confirm-credential.js +0 -2
  197. package/lib/module/credential/issuance/08-confirm-credential.js.map +0 -1
  198. package/lib/typescript/credential/issuance/07-confirm-credential.d.ts +0 -11
  199. package/lib/typescript/credential/issuance/07-confirm-credential.d.ts.map +0 -1
  200. package/lib/typescript/credential/issuance/08-confirm-credential.d.ts +0 -11
  201. package/lib/typescript/credential/issuance/08-confirm-credential.d.ts.map +0 -1
  202. package/src/credential/issuance/07-confirm-credential.ts +0 -14
  203. package/src/credential/issuance/08-confirm-credential.ts +0 -14
  204. package/src/sd-jwt/__test__/converters.test.js +0 -24
  205. package/src/sd-jwt/verifier.js +0 -12
package/lib/module/credential/issuance/05-authorize-access.js CHANGED
@@ -1,55 +1,76 @@
1
+ import { hasStatus } from "../../../src/utils/misc";
2
+ import { withEphemeralKey } from "../../../src/utils/crypto";
3
+ import { createDPopToken } from "../../../src/utils/dpop";
1
4
  import uuid from "react-native-uuid";
2
- import { withEphemeralKey } from "../../utils/crypto";
3
- import { createDPopToken } from "../../utils/dpop";
4
- import { hasStatus } from "../../utils/misc";
5
+ import { createPopToken } from "../../../src/utils/pop";
6
+ import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
5
7
  import { ASSERTION_TYPE } from "./const";
8
+ import { TokenResponse } from "./types";
9
+ import { ValidationFailed } from "../../../src/utils/errors";
6
10
  /**
7
- * Obtain the access token to finally request the credential
8
- *
9
- * @param issuerConf The Issuer configuration
10
- * @param code The access code from the User authorization phase
11
- * @param clientId Identifies the current client across all the requests of the issuing flow
12
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
13
- * @param context.walletProviderBaseUrl The base url of the Wallet Provider
11
+ * Creates and sends the DPoP Proof JWT to be presented with the authorization code to the /token endpoint of the authorization server
12
+ * for requesting the issuance of an access token bound to the public key of the Wallet Instance contained within the DPoP.
13
+ * This enables the Wallet Instance to request a digital credential.
14
+ * The DPoP Proof JWT is generated according to the section 4.3 of the DPoP RFC 9449 specification.
15
+ * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
16
+ * @param code The authorization code returned by {@link completeUserAuthorizationWithQueryMode} or {@link completeUserAuthorizationWithFormPost}
17
+ * @param redirectUri The redirect URI which is the custom URL scheme that the Wallet Instance is registered to handle
18
+ * @param clientId The client id returned by {@link startUserAuthorization}
19
+ * @param codeVerifier The code verifier returned by {@link startUserAuthorization}
20
+ * @param context.walletInstanceAttestation The Wallet Instance's attestation
21
+ * @param context.wiaCryptoContext The Wallet Instance's crypto context
14
22
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
15
- * @returns
23
+ * @throws {ValidationFailed} if an error occurs while parsing the token response
24
+ * @return The token response containing the access token along with the token request signed with DPoP which has to be used in the {@link obtainCredential} step.
16
25
  */
17
- export const authorizeAccess = async (issuerConf, code, clientId, context) => {
26
+ export const authorizeAccess = async (issuerConf, code, clientId, redirectUri, codeVerifier, context) => {
18
27
  const {
19
28
  appFetch = fetch,
20
29
  walletInstanceAttestation,
21
- walletProviderBaseUrl
30
+ wiaCryptoContext
22
31
  } = context;
23
- const tokenUrl = issuerConf.openid_credential_issuer.token_endpoint;
24
-
32
+ const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
33
+ const parUrl = new URL(parEndpoint);
34
+ const aud = `${parUrl.protocol}//${parUrl.hostname}`;
35
+ const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
36
+ const tokenUrl = issuerConf.oauth_authorization_server.token_endpoint;
25
37
  // Use an ephemeral key to be destroyed after use
26
- const signedDPop = await withEphemeralKey(ephemeralContext => createDPopToken({
27
- htm: "POST",
28
- htu: tokenUrl,
29
- jti: `${uuid.v4()}`
30
- }, ephemeralContext));
31
- const codeVerifier = `${uuid.v4()}`;
38
+ const tokenRequestSignedDPop = await withEphemeralKey(async ephimeralContext => {
39
+ return await createDPopToken({
40
+ htm: "POST",
41
+ htu: tokenUrl,
42
+ jti: `${uuid.v4()}`
43
+ }, ephimeralContext);
44
+ });
45
+ const signedWiaPoP = await createPopToken({
46
+ jti: `${uuid.v4()}`,
47
+ aud,
48
+ iss
49
+ }, wiaCryptoContext);
32
50
  const requestBody = {
33
- grant_type: "authorization code",
51
+ grant_type: "authorization_code",
34
52
  client_id: clientId,
35
53
  code,
54
+ redirect_uri: redirectUri,
36
55
  code_verifier: codeVerifier,
37
56
  client_assertion_type: ASSERTION_TYPE,
38
- client_assertion: walletInstanceAttestation,
39
- redirect_uri: walletProviderBaseUrl
57
+ client_assertion: walletInstanceAttestation + "~" + signedWiaPoP
40
58
  };
41
- var formBody = new URLSearchParams(requestBody);
42
- return appFetch(tokenUrl, {
59
+ const authorizationRequestFormBody = new URLSearchParams(requestBody);
60
+ const tokenRes = await appFetch(tokenUrl, {
43
61
  method: "POST",
44
62
  headers: {
45
63
  "Content-Type": "application/x-www-form-urlencoded",
46
- DPoP: signedDPop
64
+ DPoP: tokenRequestSignedDPop
47
65
  },
48
- body: formBody.toString()
49
- }).then(hasStatus(200)).then(res => res.json()).then(body => ({
50
- accessToken: body.access_token,
51
- nonce: body.c_nonce,
52
- clientId
53
- }));
66
+ body: authorizationRequestFormBody.toString()
67
+ }).then(hasStatus(200)).then(res => res.json()).then(body => TokenResponse.safeParse(body));
68
+ if (!tokenRes.success) {
69
+ throw new ValidationFailed(tokenRes.error.message);
70
+ }
71
+ return {
72
+ accessToken: tokenRes.data,
73
+ tokenRequestSignedDPop
74
+ };
54
75
  };
55
76
  //# sourceMappingURL=05-authorize-access.js.map
package/lib/module/credential/issuance/05-authorize-access.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["uuid","withEphemeralKey","createDPopToken","hasStatus","ASSERTION_TYPE","authorizeAccess","issuerConf","code","clientId","context","appFetch","fetch","walletInstanceAttestation","walletProviderBaseUrl","tokenUrl","openid_credential_issuer","token_endpoint","signedDPop","ephemeralContext","htm","htu","jti","v4","codeVerifier","requestBody","grant_type","client_id","code_verifier","client_assertion_type","client_assertion","redirect_uri","formBody","URLSearchParams","method","headers","DPoP","body","toString","then","res","json","accessToken","access_token","nonce","c_nonce"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,OAAOA,IAAI,MAAM,mBAAmB;AACpC,SAASC,gBAAgB,QAAQ,oBAAoB;AACrD,SAASC,eAAe,QAAQ,kBAAkB;AAElD,SAASC,SAAS,QAAkB,kBAAkB;AAEtD,SAASC,cAAc,QAAQ,SAAS;AAqBxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,QAAQ,EACRC,OAAO,KAC+D;EACtE,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,QAAQ,GAAGR,UAAU,CAACS,wBAAwB,CAACC,cAAc;;EAEnE;EACA,MAAMC,UAAU,GAAG,MAAMhB,gBAAgB,CAAEiB,gBAAgB,IACzDhB,eAAe,CACb;IACEiB,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEN,QAAQ;IACbO,GAAG,EAAG,GAAErB,IAAI,CAACsB,EAAE,CAAC,CAAE;EACpB,CAAC,EACDJ,gBACF,CACF,CAAC;EAED,MAAMK,YAAY,GAAI,GAAEvB,IAAI,CAACsB,EAAE,CAAC,CAAE,EAAC;EACnC,MAAME,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCC,SAAS,EAAElB,QAAQ;IACnBD,IAAI;IACJoB,aAAa,EAAEJ,YAAY;IAC3BK,qBAAqB,EAAExB,cAAc;IACrCyB,gBAAgB,EAAEjB,yBAAyB;IAC3CkB,YAAY,EAAEjB;EAChB,CAAC;EACD,IAAIkB,QAAQ,GAAG,IAAIC,eAAe,CAACR,WAAW,CAAC;EAE/C,OAAOd,QAAQ,CAACI,QAAQ,EAAE;IACxBmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAElB;IACR,CAAC;IACDmB,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAACnC,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBmC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,KAAM;IACfK,WAAW,EAAEL,IAAI,CAACM,YAAY;IAC9BC,KAAK,EAAEP,IAAI,CAACQ,OAAO;IACnBpC;EACF,CAAC,CAAC,CAAC;AACP,CAAC"}
1
+ {"version":3,"names":["hasStatus","withEphemeralKey","createDPopToken","uuid","createPopToken","WalletInstanceAttestation","ASSERTION_TYPE","TokenResponse","ValidationFailed","authorizeAccess","issuerConf","code","clientId","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","parEndpoint","oauth_authorization_server","pushed_authorization_request_endpoint","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","kid","tokenUrl","token_endpoint","tokenRequestSignedDPop","ephimeralContext","htm","htu","jti","v4","signedWiaPoP","requestBody","grant_type","client_id","redirect_uri","code_verifier","client_assertion_type","client_assertion","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","res","json","safeParse","success","error","message","accessToken","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,SAASA,SAAS,QAAkB,yBAAyB;AAG7D,SAASC,gBAAgB,QAAQ,2BAA2B;AAC5D,SAASC,eAAe,QAAQ,yBAAyB;AACzD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,cAAc,QAAQ,wBAAwB;AACvD,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,cAAc,QAAQ,SAAS;AACxC,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,gBAAgB,QAAQ,2BAA2B;AAgB5D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,QAAQ,EACRC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,WAAW,GACfV,UAAU,CAACW,0BAA0B,CAACC,qCAAqC;EAC7E,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACJ,WAAW,CAAC;EACnC,MAAMK,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAGvB,yBAAyB,CAACwB,MAAM,CAACX,yBAAyB,CAAC,CACpEY,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGxB,UAAU,CAACW,0BAA0B,CAACc,cAAc;EACrE;EACA,MAAMC,sBAAsB,GAAG,MAAMnC,gBAAgB,CACnD,MAAOoC,gBAAgB,IAAK;IAC1B,OAAO,MAAMnC,eAAe,CAC1B;MACEoC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEL,QAAQ;MACbM,GAAG,EAAG,GAAErC,IAAI,CAACsC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDJ,gBACF,CAAC;EACH,CACF,CAAC;EAED,MAAMK,YAAY,GAAG,MAAMtC,cAAc,CACvC;IACEoC,GAAG,EAAG,GAAErC,IAAI,CAACsC,EAAE,CAAC,CAAE,EAAC;IACnBhB,GAAG;IACHG;EACF,CAAC,EACDT,gBACF,CAAC;EAED,MAAMwB,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCC,SAAS,EAAEjC,QAAQ;IACnBD,IAAI;IACJmC,YAAY,EAAEjC,WAAW;IACzBkC,aAAa,EAAEjC,YAAY;IAC3BkC,qBAAqB,EAAE1C,cAAc;IACrC2C,gBAAgB,EAAE/B,yBAAyB,GAAG,GAAG,GAAGwB;EACtD,CAAC;EAED,MAAMQ,4BAA4B,GAAG,IAAIC,eAAe,CAACR,WAAW,CAAC;EACrE,MAAMS,QAAQ,GAAG,MAAMpC,QAAQ,CAACkB,QAAQ,EAAE;IACxCmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEnB;IACR,CAAC;IACDoB,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAAC1D,SAAS,CAAC,GAAG,CAAC,CAAC,CACpB0D,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,IAAKjD,aAAa,CAACsD,SAAS,CAACL,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACU,OAAO,EAAE;IACrB,MAAM,IAAItD,gBAAgB,CAAC4C,QAAQ,CAACW,KAAK,CAACC,OAAO,CAAC;EACpD;EAEA,OAAO;IAAEC,WAAW,EAAEb,QAAQ,CAACc,IAAI;IAAE9B;EAAuB,CAAC;AAC/D,CAAC"}
package/lib/module/credential/issuance/06-obtain-credential.js CHANGED
@@ -1,100 +1,75 @@
1
- import * as z from "zod";
2
- import uuid from "react-native-uuid";
3
1
  import { SignJWT } from "@pagopa/io-react-native-jwt";
4
- import { createDPopToken } from "../../utils/dpop";
5
- import { hasStatus } from "../../utils/misc";
6
- import { SupportedCredentialFormat } from "./const";
7
-
8
- /**
9
- * Return the signed jwt for nonce proof of possession
10
- */
2
+ import { hasStatus } from "../../../src/utils/misc";
3
+ import { ValidationFailed } from "../../../src/utils/errors";
4
+ import { CredentialResponse } from "./types";
11
5
  export const createNonceProof = async (nonce, issuer, audience, ctx) => {
6
+ const jwk = await ctx.getPublicKey();
12
7
  return new SignJWT(ctx).setPayload({
13
- nonce,
14
- jwk: await ctx.getPublicKey()
8
+ nonce
15
9
  }).setProtectedHeader({
16
- type: "openid4vci-proof+jwt"
17
- }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
10
+ typ: "openid4vci-proof+jwt",
11
+ jwk
12
+ }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("5min").sign();
18
13
  };
19
- const CredentialEndpointResponse = z.object({
20
- credential: z.string(),
21
- format: SupportedCredentialFormat,
22
- // nonce used to perform multiple credential requests
23
- // re-using the same authorization profile
24
- c_nonce: z.string(),
25
- c_nonce_expires_in: z.number()
26
- });
27
- // Checks whether in the Entity confoguration at least one credential
28
- // is defined for the given type and format
29
- const isCredentialAvailable = (issuerConf, credentialType, credentialFormat) => issuerConf.openid_credential_issuer.credentials_supported.some(c => c.format === credentialFormat && c.credential_definition.type.includes(credentialType));
30
14
 
31
15
  /**
32
- * Fetch a credential from the issuer
33
- *
34
- * @param issuerConf The Issuer configuration
35
- * @param accessToken The access token to grant access to the credential, obtained with the access authorization step
36
- * @param nonce The nonce value to prevent reply attacks, obtained with the access authorization step
37
- * @param clientId Identifies the current client across all the requests of the issuing flow
38
- * @param credentialType The type of the credential to be requested
39
- * @param credentialFormat The format of the requested credential. @see {SupportedCredentialFormat}
40
- * @param context.credentialCryptoContext The context to access the key the Credential will be bound to
41
- * @param context.walletProviderBaseUrl The base url of the Wallet Provider
16
+ * Obtains the credential from the issuer.
17
+ * The key pair of the credentialCryptoContext is used for Openid4vci proof JWT to be presented with the Access Token and the DPoP Proof JWT at the Credential Endpoint
18
+ * of the Credential Issuer to request the issuance of a credential linked to the public key contained in the JWT proof.
19
+ * The Openid4vci proof JWT incapsulates the nonce extracted from the token response from the {@link authorizeAccess} step.
20
+ * The credential request is sent to the Credential Endpoint of the Credential Issuer via HTTP POST with the type of the credential, its format, the access token and the JWT proof.
21
+ * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
22
+ * @param accessToken The access token response returned by {@link authorizeAccess}
23
+ * @param clientId The client id returned by {@link startUserAuthorization}
24
+ * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link startUserAuthorization}
25
+ * @param tokenRequestSignedDPop The DPoP signed token request returned by {@link authorizeAccess}
26
+ * @param context.credentialCryptoContext The crypto context used to obtain the credential
42
27
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
43
- * @returns The signed credential token
28
+ * @returns The credential response containing the credential
44
29
  */
45
- export const obtainCredential = async (issuerConf, accessToken, nonce, clientId, credentialType, credentialFormat, context) => {
30
+ export const obtainCredential = async (issuerConf, accessToken, clientId, credentialDefinition, tokenRequestSignedDPop, context) => {
46
31
  const {
47
32
  credentialCryptoContext,
48
- walletProviderBaseUrl,
49
33
  appFetch = fetch
50
34
  } = context;
51
- if (!isCredentialAvailable(issuerConf, credentialType, credentialFormat)) {
52
- throw new Error(`The Issuer provides no credential for type ${credentialType} and format ${credentialFormat}`);
53
- }
54
35
  const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
55
36
 
56
- /** DPoP token for demonstating the possession
57
- of the key that will bind the holder User with the Credential
58
- @see https://datatracker.ietf.org/doc/html/rfc9449 */
59
- const signedDPopForPid = await createDPopToken({
60
- htm: "POST",
61
- htu: credentialUrl,
62
- jti: `${uuid.v4()}`
63
- }, credentialCryptoContext);
37
+ /**
38
+ * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
39
+ * This is presented along with the access token to the Credential Endpoint as proof of possession of the private key used to sign the Access Token.
40
+ * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
41
+ */
42
+ const signedNonceProof = await createNonceProof(accessToken.c_nonce, clientId, credentialUrl, credentialCryptoContext);
64
43
 
65
- /** JWT proof token to bind the request nonce
66
- to the key that will bind the holder User with the Credential
67
- @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types */
68
- const signedNonceProof = await createNonceProof(nonce, clientId, walletProviderBaseUrl, credentialCryptoContext);
44
+ // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
45
+ const constainsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credentialDefinition.credential_configuration_id && c.format === credentialDefinition.format && c.type === credentialDefinition.type);
46
+ if (!constainsCredentialDefinition) {
47
+ throw new ValidationFailed("The access token response does not contain the requested credential");
48
+ }
69
49
 
70
50
  /** The credential request body */
71
- const formBody = new URLSearchParams({
72
- credential_definition: JSON.stringify({
73
- type: [credentialType]
74
- }),
75
- format: credentialFormat,
76
- proof: JSON.stringify({
51
+ const credentialRequestFormBody = {
52
+ credential_definition: {
53
+ type: [credentialDefinition.credential_configuration_id]
54
+ },
55
+ format: credentialDefinition.format,
56
+ proof: {
77
57
  jwt: signedNonceProof,
78
58
  proof_type: "jwt"
79
- })
80
- });
81
- const {
82
- credential,
83
- format,
84
- c_nonce
85
- } = await appFetch(credentialUrl, {
59
+ }
60
+ };
61
+ const credentialRes = await appFetch(credentialUrl, {
86
62
  method: "POST",
87
63
  headers: {
88
- "Content-Type": "application/x-www-form-urlencoded",
89
- DPoP: signedDPopForPid,
90
- Authorization: accessToken
64
+ "Content-Type": "application/json",
65
+ DPoP: tokenRequestSignedDPop,
66
+ Authorization: `${accessToken.token_type} ${accessToken.access_token}`
91
67
  },
92
- body: formBody.toString()
93
- }).then(hasStatus(200)).then(res => res.json()).then(CredentialEndpointResponse.parse);
94
- return {
95
- credential,
96
- format,
97
- nonce: c_nonce
98
- };
68
+ body: JSON.stringify(credentialRequestFormBody)
69
+ }).then(hasStatus(200)).then(res => res.json()).then(body => CredentialResponse.safeParse(body));
70
+ if (!credentialRes.success) {
71
+ throw new ValidationFailed(credentialRes.error.message);
72
+ }
73
+ return credentialRes.data;
99
74
  };
100
75
  //# sourceMappingURL=06-obtain-credential.js.map
package/lib/module/credential/issuance/06-obtain-credential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["z","uuid","SignJWT","createDPopToken","hasStatus","SupportedCredentialFormat","createNonceProof","nonce","issuer","audience","ctx","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","CredentialEndpointResponse","object","credential","string","format","c_nonce","c_nonce_expires_in","number","isCredentialAvailable","issuerConf","credentialType","credentialFormat","openid_credential_issuer","credentials_supported","some","c","credential_definition","includes","obtainCredential","accessToken","clientId","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","Error","credentialUrl","credential_endpoint","signedDPopForPid","htm","htu","jti","v4","signedNonceProof","formBody","URLSearchParams","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,OAAO,QAA4B,6BAA6B;AACzE,SAASC,eAAe,QAAQ,kBAAkB;AAGlD,SAASC,SAAS,QAAkB,kBAAkB;AAGtD,SAASC,yBAAyB,QAAQ,SAAS;;AAEnD;AACA;AACA;AACA,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIR,OAAO,CAACQ,GAAG,CAAC,CACpBC,UAAU,CAAC;IACVJ,KAAK;IACLK,GAAG,EAAE,MAAMF,GAAG,CAACG,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAED,MAAMC,0BAA0B,GAAGrB,CAAC,CAACsB,MAAM,CAAC;EAC1CC,UAAU,EAAEvB,CAAC,CAACwB,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEpB,yBAAyB;EACjC;EACA;EACAqB,OAAO,EAAE1B,CAAC,CAACwB,MAAM,CAAC,CAAC;EACnBG,kBAAkB,EAAE3B,CAAC,CAAC4B,MAAM,CAAC;AAC/B,CAAC,CAAC;AAoBF;AACA;AACA,MAAMC,qBAAqB,GAAGA,CAC5BC,UAAkD,EAClDC,cAAgD,EAChDC,gBAA2C,KAE3CF,UAAU,CAACG,wBAAwB,CAACC,qBAAqB,CAACC,IAAI,CAC3DC,CAAC,IACAA,CAAC,CAACX,MAAM,KAAKO,gBAAgB,IAC7BI,CAAC,CAACC,qBAAqB,CAACtB,IAAI,CAACuB,QAAQ,CAACP,cAAc,CACxD,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,gBAAkC,GAAG,MAAAA,CAChDT,UAAU,EACVU,WAAW,EACXjC,KAAK,EACLkC,QAAQ,EACRV,cAAc,EACdC,gBAAgB,EAChBU,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,IAAI,CAACb,qBAAqB,CAACC,UAAU,EAAEC,cAAc,EAAEC,gBAAgB,CAAC,EAAE;IACxE,MAAM,IAAIe,KAAK,CACZ,8CAA6ChB,cAAe,eAAcC,gBAAiB,EAC9F,CAAC;EACH;EAEA,MAAMgB,aAAa,GAAGlB,UAAU,CAACG,wBAAwB,CAACgB,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM/C,eAAe,CAC5C;IACEgD,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEJ,aAAa;IAClBK,GAAG,EAAG,GAAEpD,IAAI,CAACqD,EAAE,CAAC,CAAE;EACpB,CAAC,EACDX,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMY,gBAAgB,GAAG,MAAMjD,gBAAgB,CAC7CC,KAAK,EACLkC,QAAQ,EACRG,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMa,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCpB,qBAAqB,EAAEqB,IAAI,CAACC,SAAS,CAAC;MACpC5C,IAAI,EAAE,CAACgB,cAAc;IACvB,CAAC,CAAC;IACFN,MAAM,EAAEO,gBAAgB;IACxB4B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEN,gBAAgB;MACrBO,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAEvC,UAAU;IAAEE,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMmB,QAAQ,CAACG,aAAa,EAAE;IACpEe,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEf,gBAAgB;MACtBgB,aAAa,EAAE1B;IACjB,CAAC;IACD2B,IAAI,EAAEX,QAAQ,CAACY,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAACjE,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBiE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAChD,0BAA0B,CAACmD,KAAK,CAAC;EAEzC,OAAO;IAAEjD,UAAU;IAAEE,MAAM;IAAElB,KAAK,EAAEmB;EAAQ,CAAC;AAC/C,CAAC"}
1
+ {"version":3,"names":["SignJWT","hasStatus","ValidationFailed","CredentialResponse","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","tokenRequestSignedDPop","context","credentialCryptoContext","appFetch","fetch","credentialUrl","openid_credential_issuer","credential_endpoint","signedNonceProof","c_nonce","constainsCredentialDefinition","authorization_details","some","c","credential_configuration_id","format","type","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","credentialRes","method","headers","DPoP","Authorization","token_type","access_token","body","JSON","stringify","then","res","json","safeParse","success","error","message","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAASA,OAAO,QAA4B,6BAA6B;AAGzE,SAASC,SAAS,QAAkB,yBAAyB;AAE7D,SAASC,gBAAgB,QAAQ,2BAA2B;AAC5D,SAASC,kBAAkB,QAAQ,SAAS;AAc5C,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIV,OAAO,CAACQ,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,sBAAsB,EACtBC,OAAO,KACJ;EACH,MAAM;IAAEC,uBAAuB;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAGH,OAAO;EAE7D,MAAMI,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM5B,gBAAgB,CAC7CiB,WAAW,CAACY,OAAO,EACnBX,QAAQ,EACRO,aAAa,EACbH,uBACF,CAAC;;EAED;EACA,MAAMQ,6BAA6B,GAAGb,WAAW,CAACc,qBAAqB,CAACC,IAAI,CACzEC,CAAC,IACAA,CAAC,CAACC,2BAA2B,KAC3Bf,oBAAoB,CAACe,2BAA2B,IAClDD,CAAC,CAACE,MAAM,KAAKhB,oBAAoB,CAACgB,MAAM,IACxCF,CAAC,CAACG,IAAI,KAAKjB,oBAAoB,CAACiB,IACpC,CAAC;EAED,IAAI,CAACN,6BAA6B,EAAE;IAClC,MAAM,IAAIhC,gBAAgB,CACxB,qEACF,CAAC;EACH;;EAEA;EACA,MAAMuC,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBF,IAAI,EAAE,CAACjB,oBAAoB,CAACe,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEhB,oBAAoB,CAACgB,MAAM;IACnCI,KAAK,EAAE;MACLC,GAAG,EAAEZ,gBAAgB;MACrBa,UAAU,EAAE;IACd;EACF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMnB,QAAQ,CAACE,aAAa,EAAE;IAClDkB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAEzB,sBAAsB;MAC5B0B,aAAa,EAAG,GAAE7B,WAAW,CAAC8B,UAAW,IAAG9B,WAAW,CAAC+B,YAAa;IACvE,CAAC;IACDC,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACd,yBAAyB;EAChD,CAAC,CAAC,CACCe,IAAI,CAACvD,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBuD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEH,IAAI,IAAKlD,kBAAkB,CAACwD,SAAS,CAACN,IAAI,CAAC,CAAC;EAErD,IAAI,CAACP,aAAa,CAACc,OAAO,EAAE;IAC1B,MAAM,IAAI1D,gBAAgB,CAAC4C,aAAa,CAACe,KAAK,CAACC,OAAO,CAAC;EACzD;EAEA,OAAOhB,aAAa,CAACiB,IAAI;AAC3B,CAAC"}
package/lib/module/credential/issuance/07-verify-and-parse-credential.js CHANGED
@@ -6,33 +6,26 @@ import { verify as verifySdJwt } from "../../sd-jwt";
6
6
 
7
7
  // handy alias
8
8
 
9
- const parseCredentialSdJwt = function (credentials_supported, _ref) {
10
- var _credentials_supporte;
9
+ const parseCredentialSdJwt = (credentials_supported, _ref) => {
11
10
  let {
12
11
  sdJwt,
13
12
  disclosures
14
13
  } = _ref;
15
- let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
16
- // find the definition that matches the received credential's type
17
- // warning: if more then a defintion is found, the first is retrieved
18
- const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.format === "vc+sd-jwt" && c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
19
-
20
- // the received credential matches no supported credential, throw an exception
14
+ const credentialSubject = credentials_supported[sdJwt.payload.vct];
21
15
  if (!credentialSubject) {
22
- const expected = credentials_supported.flatMap(_ => _.credential_definition.type).join(", ");
23
- throw new IoWalletError(`Received credential is of an unknwown type. Expected one of [${expected}], received '${sdJwt.payload.type}', `);
16
+ throw new IoWalletError("Credential type not supported by the issuer");
17
+ }
18
+ if (credentialSubject.format !== sdJwt.header.typ) {
19
+ throw new IoWalletError(`Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}', `);
24
20
  }
25
21
 
26
22
  // transfrom a record { key: value } in an iterable of pairs [key, value]
27
- const attrDefinitions = Object.entries(credentialSubject);
23
+ const attrDefinitions = Object.entries(credentialSubject.claims);
28
24
 
29
- // every mandatory attribute must be present in the credential's disclosures
30
25
  // the key of the attribute defintion must match the disclosure's name
31
26
  const attrsNotInDisclosures = attrDefinitions.filter(_ref2 => {
32
- let [attrKey, {
33
- mandatory
34
- }] = _ref2;
35
- return mandatory && !disclosures.some(_ref3 => {
27
+ let [attrKey] = _ref2;
28
+ return !disclosures.some(_ref3 => {
36
29
  let [, name] = _ref3;
37
30
  return name === attrKey;
38
31
  });
@@ -40,12 +33,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
40
33
  if (attrsNotInDisclosures.length > 0) {
41
34
  const missing = attrsNotInDisclosures.map(_ => _[0 /* key */]).join(", ");
42
35
  const received = disclosures.map(_ => _[1 /* name */]).join(", ");
43
- // the rationale of this condition is that we may want to be permissive
44
- // on incomplete credentials in the test phase of the project.
45
- // we might want to be strict once in production, hence remove this condition
46
- if (!ignoreMissingAttributes) {
47
- throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
48
- }
36
+ throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
49
37
  }
50
38
 
51
39
  // attributes that are defined in the issuer configuration
@@ -88,7 +76,6 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
88
76
  let [, key, value] = _ref7;
89
77
  return [key, {
90
78
  value,
91
- mandatory: false,
92
79
  name: key
93
80
  }];
94
81
  }));
@@ -130,40 +117,30 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
130
117
 
131
118
  const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) => {
132
119
  let {
133
- credentialCryptoContext,
134
- ignoreMissingAttributes
120
+ credentialCryptoContext
135
121
  } = _ref8;
136
122
  const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
137
- const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credentials_supported, decoded, ignoreMissingAttributes);
123
+ const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credential_configurations_supported, decoded);
138
124
  return {
139
125
  parsedCredential
140
126
  };
141
127
  };
142
- const verifyAndParseCredentialMdoc = async (_issuerConf, _credential, _, _ctx) => {
143
- // TODO: [SIW-686] decode MDOC credentials
144
- throw new Error("verifyAndParseCredentialMdoc not implemented yet");
145
- };
146
128
 
147
129
  /**
148
- * Verify and parse an encoded credential
149
- *
150
- * @param issuerConf The Issuer configuration
151
- * @param credential The encoded credential
152
- * @param format The format of the credentual
153
- * @param context.credentialCryptoContext The context to access the key the Credential will be bound to
154
- * @param context.ignoreMissingAttributes (optional) Whether to fail if a defined attribute is note present in the credentual. Default: false
130
+ * Verify and parse an encoded credential.
131
+ * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
132
+ * @param credential The encoded credential returned by {@link obtainCredential}
133
+ * @param format The format of the credentual returned by {@link obtainCredential}
134
+ * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
155
135
  * @returns A parsed credential with attributes in plain value
156
- * @throws If the credential signature is not verified with the Issuer key set
157
- * @throws If the credential is not bound to the provided user key
158
- * @throws If the credential data fail to parse
136
+ * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
137
+ * @throws {IoWalletError} If the credential is not bound to the provided user key
138
+ * @throws {IoWalletError} If the credential data fail to parse
159
139
  */
160
140
  export const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
161
141
  if (format === "vc+sd-jwt") {
162
142
  return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
163
- } else if (format === "vc+mdoc-cbor") {
164
- return verifyAndParseCredentialMdoc(issuerConf, credential, format, context);
165
143
  }
166
- const _ = format;
167
- throw new IoWalletError(`Unsupported credential format: ${_}`);
144
+ throw new IoWalletError(`Unsupported credential format: ${format}`);
168
145
  };
169
146
  //# sourceMappingURL=07-verify-and-parse-credential.js.map
package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","format","credential_definition","type","includes","payload","expected","flatMap","_","join","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","verifyAndParseCredentialMdoc","_issuerConf","_credential","_ctx","Error","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;;AAcpD;;AAmBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAkH,EAAAC,IAAA,EAG7F;EAAA,IAAAC,qBAAA;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAH,IAAA;EAAA,IAC9CI,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC;EACA;EACA,MAAMG,iBAAiB,IAAAP,qBAAA,GAAGF,qBAAqB,CAACU,IAAI,CACjDC,CAAC,IACAA,CAAC,CAACC,MAAM,KAAK,WAAW,IACxBD,CAAC,CAACE,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACZ,KAAK,CAACa,OAAO,CAACF,IAAI,CAC5D,CAAC,cAAAZ,qBAAA,uBAJyBA,qBAAA,CAIvBW,qBAAqB,CAACJ,iBAAiB;;EAE1C;EACA,IAAI,CAACA,iBAAiB,EAAE;IACtB,MAAMQ,QAAQ,GAAGjB,qBAAqB,CACnCkB,OAAO,CAAEC,CAAC,IAAKA,CAAC,CAACN,qBAAqB,CAACC,IAAI,CAAC,CAC5CM,IAAI,CAAC,IAAI,CAAC;IACb,MAAM,IAAIzB,aAAa,CACpB,gEAA+DsB,QAAS,gBAAed,KAAK,CAACa,OAAO,CAACF,IAAK,KAC7G,CAAC;EACH;;EAEA;EACA,MAAMO,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACd,iBAAiB,CAAC;;EAEzD;EACA;EACA,MAAMe,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC;IAAU,CAAC,CAAC,GAAAF,KAAA;IAAA,OACvBE,SAAS,IAAI,CAACxB,WAAW,CAACyB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACjB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMyB,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEd,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMc,QAAQ,GAAG9B,WAAW,CAAC6B,GAAG,CAAEd,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE;IACA;IACA;IACA,IAAI,CAACf,uBAAuB,EAAE;MAC5B,MAAM,IAAIV,aAAa,CACpB,4DAA2DqC,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGb,MAAM,CAACc,WAAW,CACtCf;EACE;EAAA,CACCY,GAAG,CACFI,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACX,OAAO,EAAEY,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEV,OAAO,EACP;MACE,GAAGY,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAElC,WAAW,CAACM,IAAI,CACpBS,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKQ,OAC7B,CAAC,cAAAW,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCL,GAAG,CACFQ,KAAA;IAAA,IAAC,CAACd,OAAO,EAAE;MAAEe,OAAO;MAAE,GAAGH;IAAW,CAAC,CAAC,GAAAE,KAAA;IAAA,OACpC,CACEd,OAAO,EACP;MACE,GAAGY,UAAU;MACbR,IAAI,EAAEW,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEf;QAAK,CAAC,GAAAc,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGf;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;;EAED;EACA;EACA,MAAMgB,eAAe,GAAGzB,MAAM,CAACc,WAAW,CACxChC,WAAW,CACRqB,MAAM,CAAEN,CAAC,IAAK,CAACG,MAAM,CAAC0B,IAAI,CAACb,aAAa,CAAC,CAACpB,QAAQ,CAACI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDc,GAAG,CAACgB,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEV,KAAK,CAAC,GAAAS,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEV,KAAK;MAAEZ,SAAS,EAAE,KAAK;MAAEG,IAAI,EAAEmB;IAAI,CAAC,CAAC;EAAA,EAC1E,CAAC;EAED,OAAO;IACL,GAAGf,aAAa;IAChB,GAAGY;EACL,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeI,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB5D,WAAW,CAACsD,aAAa,EAAEC,UAAU,EAAEzD,QAAQ,CAAC,EAChD0D,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACpD,KAAK,CAACa,OAAO;EAE/C,IAAI,CAAC4C,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAInE,aAAa,CACpB,kDAAiD6D,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACpD,KAAK,CAACa,OAAO,CAAC4C,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACV9C,CAAC,EAAA+C,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAE9D;EAAwB,CAAC,GAAA6D,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACtB,IAAI,EAC7CmB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAGxE,oBAAoB,CAC3CiE,UAAU,CAACK,wBAAwB,CAACrE,qBAAqB,EACzDoE,OAAO,EACP/D,uBACF,CAAC;EAED,OAAO;IAAEkE;EAAiB,CAAC;AAC7B,CAAC;AAED,MAAMC,4BAAwD,GAAG,MAAAA,CAC/DC,WAAW,EACXC,WAAW,EACXvD,CAAC,EACDwD,IAAI,KACD;EACH;EACA,MAAM,IAAIC,KAAK,CAAC,kDAAkD,CAAC;AACrE,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wBAAkD,GAAG,MAAAA,CAChEb,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNkE,OAAO,KACJ;EACH,IAAIlE,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOmD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNkE,OACF,CAAC;EACH,CAAC,MAAM,IAAIlE,MAAM,KAAK,cAAc,EAAE;IACpC,OAAO4D,4BAA4B,CACjCR,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNkE,OACF,CAAC;EACH;EAEA,MAAM3D,CAAQ,GAAGP,MAAM;EACvB,MAAM,IAAIjB,aAAa,CAAE,kCAAiCwB,CAAE,EAAC,CAAC;AAChE,CAAC"}
1
+ {"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","credentialSubject","payload","vct","format","header","typ","attrDefinitions","Object","entries","claims","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","length","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","credential_configurations_supported","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAEA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;;AAcpD;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAGA,CAE3BC,qBAAgI,EAAAC,IAAA,KAE3G;EAAA,IADrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAE9C,MAAMG,iBAAiB,GAAGJ,qBAAqB,CAACE,KAAK,CAACG,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtB,MAAM,IAAIT,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIS,iBAAiB,CAACG,MAAM,KAAKL,KAAK,CAACM,MAAM,CAACC,GAAG,EAAE;IACjD,MAAM,IAAId,aAAa,CACpB,gEAA+DS,iBAAiB,CAACG,MAAO,gBAAeL,KAAK,CAACM,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,MAAMC,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACR,iBAAiB,CAACS,MAAM,CAAC;;EAEhE;EACA,MAAMC,qBAAqB,GAAGJ,eAAe,CAACK,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAACb,WAAW,CAACe,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACO,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMC,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAGvB,WAAW,CAACoB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,MAAM,IAAI9B,aAAa,CACpB,4DAA2D2B,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;EACH;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGhB,MAAM,CAACiB,WAAW,CACtClB;EACE;EAAA,CACCa,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACb,OAAO,EAAEc,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEZ,OAAO,EACP;MACE,GAAGc,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAE3B,WAAW,CAAC8B,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKP,OAC7B,CAAC,cAAAa,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAACjB,OAAO,EAAE;MAAEkB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEjB,OAAO,EACP;MACE,GAAGc,UAAU;MACbX,IAAI,EAAEe,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEnB;QAAK,CAAC,GAAAkB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGnB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;;EAED;EACA;EACA,MAAMoB,eAAe,GAAG7B,MAAM,CAACiB,WAAW,CACxCzB,WAAW,CACRY,MAAM,CAAES,CAAC,IAAK,CAACb,MAAM,CAAC8B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEZ,KAAK;MAAEZ,IAAI,EAAEwB;IAAI,CAAC,CAAC;EAAA,EACxD,CAAC;EAED,OAAO;IACL,GAAGjB,aAAa;IAChB,GAAGa;EACL,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeK,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChBtD,WAAW,CAACgD,aAAa,EAAEC,UAAU,EAAEnD,QAAQ,CAAC,EAChDoD,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAAC/C,KAAK,CAACG,OAAO;EAE/C,IAAI,CAACiD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAI7D,aAAa,CACpB,kDAAiDuD,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAAC/C,KAAK,CAACG,OAAO,CAACiD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVnC,CAAC,EAAAoC,KAAA,KAEE;EAAA,IADH;IAAEC;EAAwB,CAAC,GAAAD,KAAA;EAE3B,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACvB,IAAI,EAC7CoB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAGlE,oBAAoB,CAC3C2D,UAAU,CAACK,wBAAwB,CAACG,mCAAmC,EACvEJ,OACF,CAAC;EAED,OAAO;IAAEG;EAAiB,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,wBAAkD,GAAG,MAAAA,CAChET,UAAU,EACVC,UAAU,EACVpD,MAAM,EACN6D,OAAO,KACJ;EACH,IAAI7D,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOkD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVpD,MAAM,EACN6D,OACF,CAAC;EACH;EAEA,MAAM,IAAIzE,aAAa,CAAE,kCAAiCY,MAAO,EAAC,CAAC;AACrE,CAAC"}
package/lib/module/credential/issuance/index.js CHANGED
@@ -1,7 +1,8 @@
1
1
  import { evaluateIssuerTrust } from "./02-evaluate-issuer-trust";
2
2
  import { startUserAuthorization } from "./03-start-user-authorization";
3
+ import { completeUserAuthorizationWithQueryMode } from "./04-complete-user-authorization";
3
4
  import { authorizeAccess } from "./05-authorize-access";
4
5
  import { obtainCredential } from "./06-obtain-credential";
5
6
  import { verifyAndParseCredential } from "./07-verify-and-parse-credential";
6
- export { evaluateIssuerTrust, startUserAuthorization, authorizeAccess, obtainCredential, verifyAndParseCredential };
7
+ export { evaluateIssuerTrust, startUserAuthorization, completeUserAuthorizationWithQueryMode, authorizeAccess, obtainCredential, verifyAndParseCredential };
7
8
  //# sourceMappingURL=index.js.map
package/lib/module/credential/issuance/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","authorizeAccess","obtainCredential","verifyAndParseCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AAEtC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AAGzC,SACEJ,mBAAmB,EACnBC,sBAAsB,EACtBC,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB"}
1
+ {"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","completeUserAuthorizationWithQueryMode","authorizeAccess","obtainCredential","verifyAndParseCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,QAEjC,kCAAkC;AACzC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AAEzC,SACEL,mBAAmB,EACnBC,sBAAsB,EACtBC,sCAAsC,EACtCC,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB"}
package/lib/module/credential/issuance/types.js ADDED
@@ -0,0 +1,18 @@
1
+ import { AuthorizationDetail } from "../../utils/par";
2
+ import * as z from "zod";
3
+ import { SupportedCredentialFormat } from "./const";
4
+ export const TokenResponse = z.object({
5
+ access_token: z.string(),
6
+ authorization_details: z.array(AuthorizationDetail),
7
+ c_nonce: z.string(),
8
+ c_nonce_expires_in: z.number(),
9
+ expires_in: z.number(),
10
+ token_type: z.string()
11
+ });
12
+ export const CredentialResponse = z.object({
13
+ c_nonce: z.string(),
14
+ c_nonce_expires_in: z.number(),
15
+ credential: z.string(),
16
+ format: SupportedCredentialFormat
17
+ });
18
+ //# sourceMappingURL=types.js.map
package/lib/module/credential/issuance/types.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"names":["AuthorizationDetail","z","SupportedCredentialFormat","TokenResponse","object","access_token","string","authorization_details","array","c_nonce","c_nonce_expires_in","number","expires_in","token_type","CredentialResponse","credential","format"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,iBAAiB;AACrD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,yBAAyB,QAAQ,SAAS;AAInD,OAAO,MAAMC,aAAa,GAAGF,CAAC,CAACG,MAAM,CAAC;EACpCC,YAAY,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBC,qBAAqB,EAAEN,CAAC,CAACO,KAAK,CAACR,mBAAmB,CAAC;EACnDS,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BC,UAAU,EAAEX,CAAC,CAACU,MAAM,CAAC,CAAC;EACtBE,UAAU,EAAEZ,CAAC,CAACK,MAAM,CAAC;AACvB,CAAC,CAAC;AAIF,OAAO,MAAMQ,kBAAkB,GAAGb,CAAC,CAACG,MAAM,CAAC;EACzCK,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BI,UAAU,EAAEd,CAAC,CAACK,MAAM,CAAC,CAAC;EACtBU,MAAM,EAAEd;AACV,CAAC,CAAC"}
package/lib/module/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["fixBase64EncodingOnKey","Credential","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","WalletInstance","AuthorizationDetail","AuthorizationDetails","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"AAAA,SAASA,sBAAsB,QAAQ,aAAa;AACpD;AACA;AACA,OAAO,gCAAgC;AAEvC,OAAO,KAAKC,UAAU,MAAM,cAAc;AAC1C,OAAO,KAAKC,GAAG,MAAM,OAAO;AAC5B,OAAO,KAAKC,KAAK,MAAM,UAAU;AACjC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,yBAAyB,MAAM,+BAA+B;AAC1E,OAAO,KAAKC,KAAK,MAAM,SAAS;AAChC,OAAO,KAAKC,cAAc,MAAM,mBAAmB;AACnD,SAASC,mBAAmB,EAAEC,oBAAoB,QAAQ,aAAa;AACvE,SAASC,sBAAsB,QAAQ,gBAAgB;AAGvD,SACEP,KAAK,EACLD,GAAG,EACHD,UAAU,EACVI,yBAAyB,EACzBE,cAAc,EACdH,MAAM,EACNE,KAAK,EACLI,sBAAsB,EACtBF,mBAAmB,EACnBC,oBAAoB,EACpBT,sBAAsB"}
1
+ {"version":3,"names":["fixBase64EncodingOnKey","Credential","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","WalletInstance","AuthorizationDetail","AuthorizationDetails","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"AACA,SAASA,sBAAsB,QAAQ,aAAa;AACpD;AACA;AACA,OAAO,gCAAgC;AAEvC,OAAO,KAAKC,UAAU,MAAM,cAAc;AAC1C,OAAO,KAAKC,GAAG,MAAM,OAAO;AAC5B,OAAO,KAAKC,KAAK,MAAM,UAAU;AACjC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,yBAAyB,MAAM,+BAA+B;AAC1E,OAAO,KAAKC,KAAK,MAAM,SAAS;AAChC,OAAO,KAAKC,cAAc,MAAM,mBAAmB;AACnD,SAASC,mBAAmB,EAAEC,oBAAoB,QAAQ,aAAa;AACvE,SAASC,sBAAsB,QAAQ,gBAAgB;AAGvD,SACEP,KAAK,EACLD,GAAG,EACHD,UAAU,EACVI,yBAAyB,EACzBE,cAAc,EACdH,MAAM,EACNE,KAAK,EACLI,sBAAsB,EACtBF,mBAAmB,EACnBC,oBAAoB,EACpBT,sBAAsB"}
package/lib/module/pid/sd-jwt/converters.js CHANGED
@@ -1,22 +1,18 @@
1
1
  import { getValueFromDisclosures } from "../../sd-jwt/converters";
2
2
  import { PID } from "./types";
3
3
  export function pidFromToken(sdJwt, disclosures) {
4
+ const placeOfBirth = getValueFromDisclosures(disclosures, "place_of_birth");
4
5
  return PID.parse({
5
6
  issuer: sdJwt.payload.iss,
6
- issuedAt: new Date(sdJwt.payload.iat * 1000),
7
+ issuedAt: new Date(getValueFromDisclosures(disclosures, "iat") * 1000),
7
8
  expiration: new Date(sdJwt.payload.exp * 1000),
8
- verification: {
9
- trustFramework: sdJwt.payload.verified_claims.verification.trust_framework,
10
- assuranceLevel: sdJwt.payload.verified_claims.verification.assurance_level,
11
- evidence: getValueFromDisclosures(disclosures, "evidence")
12
- },
13
9
  claims: {
14
10
  uniqueId: getValueFromDisclosures(disclosures, "unique_id"),
15
11
  givenName: getValueFromDisclosures(disclosures, "given_name"),
16
12
  familyName: getValueFromDisclosures(disclosures, "family_name"),
17
- birthdate: getValueFromDisclosures(disclosures, "birthdate"),
18
- placeOfBirth: getValueFromDisclosures(disclosures, "place_of_birth"),
19
- taxIdCode: getValueFromDisclosures(disclosures, "tax_id_number")
13
+ birthDate: getValueFromDisclosures(disclosures, "birth_date"),
14
+ ...(placeOfBirth && placeOfBirth),
15
+ taxIdCode: getValueFromDisclosures(disclosures, "tax_id_code")
20
16
  }
21
17
  });
22
18
  }
package/lib/module/pid/sd-jwt/converters.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["getValueFromDisclosures","PID","pidFromToken","sdJwt","disclosures","parse","issuer","payload","iss","issuedAt","Date","iat","expiration","exp","verification","trustFramework","verified_claims","trust_framework","assuranceLevel","assurance_level","evidence","claims","uniqueId","givenName","familyName","birthdate","placeOfBirth","taxIdCode"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/converters.ts"],"mappings":"AAAA,SAASA,uBAAuB,QAAQ,yBAAyB;AAEjE,SAASC,GAAG,QAAQ,SAAS;AAE7B,OAAO,SAASC,YAAYA,CAACC,KAAe,EAAEC,WAAyB,EAAO;EAC5E,OAAOH,GAAG,CAACI,KAAK,CAAC;IACfC,MAAM,EAAEH,KAAK,CAACI,OAAO,CAACC,GAAG;IACzBC,QAAQ,EAAE,IAAIC,IAAI,CAACP,KAAK,CAACI,OAAO,CAACI,GAAG,GAAG,IAAI,CAAC;IAC5CC,UAAU,EAAE,IAAIF,IAAI,CAACP,KAAK,CAACI,OAAO,CAACM,GAAG,GAAG,IAAI,CAAC;IAC9CC,YAAY,EAAE;MACZC,cAAc,EACZZ,KAAK,CAACI,OAAO,CAACS,eAAe,CAACF,YAAY,CAACG,eAAe;MAC5DC,cAAc,EACZf,KAAK,CAACI,OAAO,CAACS,eAAe,CAACF,YAAY,CAACK,eAAe;MAC5DC,QAAQ,EAAEpB,uBAAuB,CAACI,WAAW,EAAE,UAAU;IAC3D,CAAC;IACDiB,MAAM,EAAE;MACNC,QAAQ,EAAEtB,uBAAuB,CAACI,WAAW,EAAE,WAAW,CAAC;MAC3DmB,SAAS,EAAEvB,uBAAuB,CAACI,WAAW,EAAE,YAAY,CAAC;MAC7DoB,UAAU,EAAExB,uBAAuB,CAACI,WAAW,EAAE,aAAa,CAAC;MAC/DqB,SAAS,EAAEzB,uBAAuB,CAACI,WAAW,EAAE,WAAW,CAAC;MAC5DsB,YAAY,EAAE1B,uBAAuB,CAACI,WAAW,EAAE,gBAAgB,CAAC;MACpEuB,SAAS,EAAE3B,uBAAuB,CAACI,WAAW,EAAE,eAAe;IACjE;EACF,CAAC,CAAC;AACJ"}
1
+ {"version":3,"names":["getValueFromDisclosures","PID","pidFromToken","sdJwt","disclosures","placeOfBirth","parse","issuer","payload","iss","issuedAt","Date","expiration","exp","claims","uniqueId","givenName","familyName","birthDate","taxIdCode"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/converters.ts"],"mappings":"AAAA,SAASA,uBAAuB,QAAQ,yBAAyB;AAEjE,SAASC,GAAG,QAAQ,SAAS;AAE7B,OAAO,SAASC,YAAYA,CAACC,KAAe,EAAEC,WAAyB,EAAO;EAC5E,MAAMC,YAAY,GAAGL,uBAAuB,CAACI,WAAW,EAAE,gBAAgB,CAAC;EAC3E,OAAOH,GAAG,CAACK,KAAK,CAAC;IACfC,MAAM,EAAEJ,KAAK,CAACK,OAAO,CAACC,GAAG;IACzBC,QAAQ,EAAE,IAAIC,IAAI,CAACX,uBAAuB,CAACI,WAAW,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC;IACtEQ,UAAU,EAAE,IAAID,IAAI,CAACR,KAAK,CAACK,OAAO,CAACK,GAAG,GAAG,IAAI,CAAC;IAC9CC,MAAM,EAAE;MACNC,QAAQ,EAAEf,uBAAuB,CAACI,WAAW,EAAE,WAAW,CAAC;MAC3DY,SAAS,EAAEhB,uBAAuB,CAACI,WAAW,EAAE,YAAY,CAAC;MAC7Da,UAAU,EAAEjB,uBAAuB,CAACI,WAAW,EAAE,aAAa,CAAC;MAC/Dc,SAAS,EAAElB,uBAAuB,CAACI,WAAW,EAAE,YAAY,CAAC;MAC7D,IAAIC,YAAY,IAAIA,YAAY,CAAC;MACjCc,SAAS,EAAEnB,uBAAuB,CAACI,WAAW,EAAE,aAAa;IAC/D;EACF,CAAC,CAAC;AACJ"}
package/lib/module/pid/sd-jwt/types.js CHANGED
@@ -27,16 +27,16 @@ export const PID = z.object({
27
27
  issuer: z.string(),
28
28
  issuedAt: z.date(),
29
29
  expiration: z.date(),
30
- verification: Verification,
30
+ verification: Verification.optional(),
31
31
  claims: z.object({
32
32
  uniqueId: z.string(),
33
33
  givenName: z.string(),
34
34
  familyName: z.string(),
35
- birthdate: z.string(),
35
+ birthDate: z.string(),
36
36
  placeOfBirth: z.object({
37
37
  country: z.string(),
38
38
  locality: z.string()
39
- }),
39
+ }).optional(),
40
40
  taxIdCode: z.string()
41
41
  })
42
42
  });
package/lib/module/pid/sd-jwt/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["z","VerificationEvidence","object","type","string","record","source","organization_name","organization_id","country_code","Verification","trustFramework","literal","assuranceLevel","evidence","array","PID","issuer","issuedAt","date","expiration","verification","claims","uniqueId","givenName","familyName","birthdate","placeOfBirth","country","locality","taxIdCode"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/types.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AAEvB,MAAMC,oBAAoB,GAAGD,CAAC,CAACE,MAAM,CAAC;EACpCC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEL,CAAC,CAACE,MAAM,CAAC;IACfC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;IAChBE,MAAM,EAAEN,CAAC,CAACE,MAAM,CAAC;MACfK,iBAAiB,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;MAC7BI,eAAe,EAAER,CAAC,CAACI,MAAM,CAAC,CAAC;MAC3BK,YAAY,EAAET,CAAC,CAACI,MAAM,CAAC;IACzB,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAEF,MAAMM,YAAY,GAAGV,CAAC,CAACE,MAAM,CAAC;EAC5BS,cAAc,EAAEX,CAAC,CAACY,OAAO,CAAC,OAAO,CAAC;EAClCC,cAAc,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;EAC1BU,QAAQ,EAAEd,CAAC,CAACe,KAAK,CAACd,oBAAoB;AACxC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMe,GAAG,GAAGhB,CAAC,CAACE,MAAM,CAAC;EAC1Be,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBc,QAAQ,EAAElB,CAAC,CAACmB,IAAI,CAAC,CAAC;EAClBC,UAAU,EAAEpB,CAAC,CAACmB,IAAI,CAAC,CAAC;EACpBE,YAAY,EAAEX,YAAY;EAC1BY,MAAM,EAAEtB,CAAC,CAACE,MAAM,CAAC;IACfqB,QAAQ,EAAEvB,CAAC,CAACI,MAAM,CAAC,CAAC;IACpBoB,SAAS,EAAExB,CAAC,CAACI,MAAM,CAAC,CAAC;IACrBqB,UAAU,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC;IACtBsB,SAAS,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC;IACrBuB,YAAY,EAAE3B,CAAC,CAACE,MAAM,CAAC;MACrB0B,OAAO,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC;MACnByB,QAAQ,EAAE7B,CAAC,CAACI,MAAM,CAAC;IACrB,CAAC,CAAC;IACF0B,SAAS,EAAE9B,CAAC,CAACI,MAAM,CAAC;EACtB,CAAC;AACH,CAAC,CAAC"}
1
+ {"version":3,"names":["z","VerificationEvidence","object","type","string","record","source","organization_name","organization_id","country_code","Verification","trustFramework","literal","assuranceLevel","evidence","array","PID","issuer","issuedAt","date","expiration","verification","optional","claims","uniqueId","givenName","familyName","birthDate","placeOfBirth","country","locality","taxIdCode"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/types.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AAEvB,MAAMC,oBAAoB,GAAGD,CAAC,CAACE,MAAM,CAAC;EACpCC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEL,CAAC,CAACE,MAAM,CAAC;IACfC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;IAChBE,MAAM,EAAEN,CAAC,CAACE,MAAM,CAAC;MACfK,iBAAiB,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;MAC7BI,eAAe,EAAER,CAAC,CAACI,MAAM,CAAC,CAAC;MAC3BK,YAAY,EAAET,CAAC,CAACI,MAAM,CAAC;IACzB,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAEF,MAAMM,YAAY,GAAGV,CAAC,CAACE,MAAM,CAAC;EAC5BS,cAAc,EAAEX,CAAC,CAACY,OAAO,CAAC,OAAO,CAAC;EAClCC,cAAc,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;EAC1BU,QAAQ,EAAEd,CAAC,CAACe,KAAK,CAACd,oBAAoB;AACxC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMe,GAAG,GAAGhB,CAAC,CAACE,MAAM,CAAC;EAC1Be,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBc,QAAQ,EAAElB,CAAC,CAACmB,IAAI,CAAC,CAAC;EAClBC,UAAU,EAAEpB,CAAC,CAACmB,IAAI,CAAC,CAAC;EACpBE,YAAY,EAAEX,YAAY,CAACY,QAAQ,CAAC,CAAC;EACrCC,MAAM,EAAEvB,CAAC,CAACE,MAAM,CAAC;IACfsB,QAAQ,EAAExB,CAAC,CAACI,MAAM,CAAC,CAAC;IACpBqB,SAAS,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC;IACrBsB,UAAU,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC;IACtBuB,SAAS,EAAE3B,CAAC,CAACI,MAAM,CAAC,CAAC;IACrBwB,YAAY,EAAE5B,CAAC,CACZE,MAAM,CAAC;MACN2B,OAAO,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC;MACnB0B,QAAQ,EAAE9B,CAAC,CAACI,MAAM,CAAC;IACrB,CAAC,CAAC,CACDkB,QAAQ,CAAC,CAAC;IACbS,SAAS,EAAE/B,CAAC,CAACI,MAAM,CAAC;EACtB,CAAC;AACH,CAAC,CAAC"}
package/lib/module/sd-jwt/__test__/converters.test.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import { getValueFromDisclosures } from "../converters";
2
- const disclosures = [["6w1_soRXFgaHKfpYn3cvfQ", "given_name", "Mario"], ["fuNp97Hf3wV6y48y-QZhIg", "birthdate", "1980-10-01"], ["p-9LzyWHZBVDvhXDWkN2xA", "place_of_birth", {
2
+ const disclosures = [["6w1_soRXFgaHKfpYn3cvfQ", "given_name", "Mario"], ["fuNp97Hf3wV6y48y-QZhIg", "birth_date", "1980-10-01"], ["p-9LzyWHZBVDvhXDWkN2xA", "place_of_birth", {
3
3
  country: "IT",
4
4
  locality: "Rome"
5
5
  }]];