@pagopa/io-react-native-wallet 0.12.0 → 0.13.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (205) hide show
  1. package/lib/commonjs/client/generated/wallet-provider.js +22 -22
  2. package/lib/commonjs/client/generated/wallet-provider.js.map +1 -1
  3. package/lib/commonjs/client/index.js +1 -2
  4. package/lib/commonjs/client/index.js.map +1 -1
  5. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js +2 -1
  6. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
  7. package/lib/commonjs/credential/issuance/03-start-credential-issuance.js +287 -0
  8. package/lib/commonjs/credential/issuance/03-start-credential-issuance.js.map +1 -0
  9. package/lib/commonjs/credential/issuance/03-start-user-authorization.js +55 -82
  10. package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
  11. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +88 -0
  12. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
  13. package/lib/commonjs/credential/issuance/05-authorize-access.js +55 -32
  14. package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
  15. package/lib/commonjs/credential/issuance/06-obtain-credential.js +50 -77
  16. package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
  17. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +21 -44
  18. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  19. package/lib/commonjs/credential/issuance/index.js +7 -0
  20. package/lib/commonjs/credential/issuance/index.js.map +1 -1
  21. package/lib/commonjs/credential/issuance/types.js +28 -0
  22. package/lib/commonjs/credential/issuance/types.js.map +1 -0
  23. package/lib/commonjs/index.js.map +1 -1
  24. package/lib/commonjs/pid/sd-jwt/converters.js +5 -9
  25. package/lib/commonjs/pid/sd-jwt/converters.js.map +1 -1
  26. package/lib/commonjs/pid/sd-jwt/types.js +3 -3
  27. package/lib/commonjs/pid/sd-jwt/types.js.map +1 -1
  28. package/lib/commonjs/sd-jwt/__test__/converters.test.js +1 -1
  29. package/lib/commonjs/sd-jwt/__test__/converters.test.js.map +1 -1
  30. package/lib/commonjs/sd-jwt/__test__/index.test.js +30 -43
  31. package/lib/commonjs/sd-jwt/__test__/index.test.js.map +1 -1
  32. package/lib/commonjs/sd-jwt/__test__/types.test.js +16 -24
  33. package/lib/commonjs/sd-jwt/__test__/types.test.js.map +1 -1
  34. package/lib/commonjs/sd-jwt/index.js +3 -9
  35. package/lib/commonjs/sd-jwt/index.js.map +1 -1
  36. package/lib/commonjs/sd-jwt/types.js +11 -16
  37. package/lib/commonjs/sd-jwt/types.js.map +1 -1
  38. package/lib/commonjs/trust/types.js +70 -29
  39. package/lib/commonjs/trust/types.js.map +1 -1
  40. package/lib/commonjs/utils/auth.js +44 -0
  41. package/lib/commonjs/utils/auth.js.map +1 -0
  42. package/lib/commonjs/utils/errors.js +77 -2
  43. package/lib/commonjs/utils/errors.js.map +1 -1
  44. package/lib/commonjs/utils/misc.js +34 -1
  45. package/lib/commonjs/utils/misc.js.map +1 -1
  46. package/lib/commonjs/utils/par.js +23 -15
  47. package/lib/commonjs/utils/par.js.map +1 -1
  48. package/lib/commonjs/utils/pop.js +33 -0
  49. package/lib/commonjs/utils/pop.js.map +1 -0
  50. package/lib/commonjs/wallet-instance-attestation/issuing.js +17 -2
  51. package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
  52. package/lib/commonjs/wallet-instance-attestation/types.js +7 -7
  53. package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
  54. package/lib/module/client/generated/wallet-provider.js +16 -19
  55. package/lib/module/client/generated/wallet-provider.js.map +1 -1
  56. package/lib/module/client/index.js +1 -2
  57. package/lib/module/client/index.js.map +1 -1
  58. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js +2 -1
  59. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
  60. package/lib/module/credential/issuance/03-start-credential-issuance.js +276 -0
  61. package/lib/module/credential/issuance/03-start-credential-issuance.js.map +1 -0
  62. package/lib/module/credential/issuance/03-start-user-authorization.js +55 -79
  63. package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
  64. package/lib/module/credential/issuance/04-complete-user-authorization.js +85 -1
  65. package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
  66. package/lib/module/credential/issuance/05-authorize-access.js +53 -32
  67. package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
  68. package/lib/module/credential/issuance/06-obtain-credential.js +49 -74
  69. package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
  70. package/lib/module/credential/issuance/07-verify-and-parse-credential.js +21 -44
  71. package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  72. package/lib/module/credential/issuance/index.js +2 -1
  73. package/lib/module/credential/issuance/index.js.map +1 -1
  74. package/lib/module/credential/issuance/types.js +18 -0
  75. package/lib/module/credential/issuance/types.js.map +1 -0
  76. package/lib/module/index.js.map +1 -1
  77. package/lib/module/pid/sd-jwt/converters.js +5 -9
  78. package/lib/module/pid/sd-jwt/converters.js.map +1 -1
  79. package/lib/module/pid/sd-jwt/types.js +3 -3
  80. package/lib/module/pid/sd-jwt/types.js.map +1 -1
  81. package/lib/module/sd-jwt/__test__/converters.test.js +1 -1
  82. package/lib/module/sd-jwt/__test__/converters.test.js.map +1 -1
  83. package/lib/module/sd-jwt/__test__/index.test.js +30 -43
  84. package/lib/module/sd-jwt/__test__/index.test.js.map +1 -1
  85. package/lib/module/sd-jwt/__test__/types.test.js +16 -24
  86. package/lib/module/sd-jwt/__test__/types.test.js.map +1 -1
  87. package/lib/module/sd-jwt/index.js +3 -9
  88. package/lib/module/sd-jwt/index.js.map +1 -1
  89. package/lib/module/sd-jwt/types.js +11 -16
  90. package/lib/module/sd-jwt/types.js.map +1 -1
  91. package/lib/module/sd-jwt/verifier.js.map +1 -1
  92. package/lib/module/trust/types.js +70 -29
  93. package/lib/module/trust/types.js.map +1 -1
  94. package/lib/module/utils/auth.js +35 -0
  95. package/lib/module/utils/auth.js.map +1 -0
  96. package/lib/module/utils/errors.js +71 -0
  97. package/lib/module/utils/errors.js.map +1 -1
  98. package/lib/module/utils/misc.js +31 -0
  99. package/lib/module/utils/misc.js.map +1 -1
  100. package/lib/module/utils/par.js +24 -16
  101. package/lib/module/utils/par.js.map +1 -1
  102. package/lib/module/utils/pop.js +24 -0
  103. package/lib/module/utils/pop.js.map +1 -0
  104. package/lib/module/wallet-instance-attestation/issuing.js +17 -2
  105. package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
  106. package/lib/module/wallet-instance-attestation/types.js +7 -7
  107. package/lib/module/wallet-instance-attestation/types.js.map +1 -1
  108. package/lib/typescript/client/generated/wallet-provider.d.ts +35 -13
  109. package/lib/typescript/client/generated/wallet-provider.d.ts.map +1 -1
  110. package/lib/typescript/client/index.d.ts.map +1 -1
  111. package/lib/typescript/credential/issuance/01-start-flow.d.ts +1 -0
  112. package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -1
  113. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts +2 -1
  114. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map +1 -1
  115. package/lib/typescript/credential/issuance/03-start-credential-issuance.d.ts +41 -0
  116. package/lib/typescript/credential/issuance/03-start-credential-issuance.d.ts.map +1 -0
  117. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +22 -17
  118. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
  119. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +24 -12
  120. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
  121. package/lib/typescript/credential/issuance/05-authorize-access.d.ts +21 -15
  122. package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
  123. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +19 -26
  124. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
  125. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts +10 -15
  126. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
  127. package/lib/typescript/credential/issuance/index.d.ts +3 -4
  128. package/lib/typescript/credential/issuance/index.d.ts.map +1 -1
  129. package/lib/typescript/credential/issuance/types.d.ts +63 -0
  130. package/lib/typescript/credential/issuance/types.d.ts.map +1 -0
  131. package/lib/typescript/credential/presentation/types.d.ts +6 -6
  132. package/lib/typescript/index.d.ts +2 -1
  133. package/lib/typescript/index.d.ts.map +1 -1
  134. package/lib/typescript/pid/sd-jwt/converters.d.ts.map +1 -1
  135. package/lib/typescript/pid/sd-jwt/types.d.ts +36 -36
  136. package/lib/typescript/pid/sd-jwt/types.d.ts.map +1 -1
  137. package/lib/typescript/sd-jwt/index.d.ts +40 -68
  138. package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
  139. package/lib/typescript/sd-jwt/types.d.ts +64 -121
  140. package/lib/typescript/sd-jwt/types.d.ts.map +1 -1
  141. package/lib/typescript/trust/index.d.ts +150 -48
  142. package/lib/typescript/trust/index.d.ts.map +1 -1
  143. package/lib/typescript/trust/types.d.ts +2838 -1740
  144. package/lib/typescript/trust/types.d.ts.map +1 -1
  145. package/lib/typescript/utils/auth.d.ts +52 -0
  146. package/lib/typescript/utils/auth.d.ts.map +1 -0
  147. package/lib/typescript/utils/errors.d.ts +36 -1
  148. package/lib/typescript/utils/errors.d.ts.map +1 -1
  149. package/lib/typescript/utils/integrity.d.ts +1 -1
  150. package/lib/typescript/utils/misc.d.ts +18 -0
  151. package/lib/typescript/utils/misc.d.ts.map +1 -1
  152. package/lib/typescript/utils/par.d.ts +8 -31
  153. package/lib/typescript/utils/par.d.ts.map +1 -1
  154. package/lib/typescript/utils/pop.d.ts +26 -0
  155. package/lib/typescript/utils/pop.d.ts.map +1 -0
  156. package/lib/typescript/wallet-instance-attestation/issuing.d.ts +2 -1
  157. package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
  158. package/lib/typescript/wallet-instance-attestation/types.d.ts +59 -59
  159. package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
  160. package/package.json +2 -1
  161. package/src/client/generated/wallet-provider.ts +24 -21
  162. package/src/client/index.ts +3 -8
  163. package/src/credential/issuance/01-start-flow.ts +1 -0
  164. package/src/credential/issuance/02-evaluate-issuer-trust.ts +2 -1
  165. package/src/credential/issuance/03-start-credential-issuance.ts +407 -0
  166. package/src/credential/issuance/03-start-user-authorization.ts +87 -92
  167. package/src/credential/issuance/04-complete-user-authorization.ts +114 -13
  168. package/src/credential/issuance/05-authorize-access.ts +73 -48
  169. package/src/credential/issuance/06-obtain-credential.ts +77 -111
  170. package/src/credential/issuance/07-verify-and-parse-credential.ts +30 -67
  171. package/src/credential/issuance/index.ts +6 -4
  172. package/src/credential/issuance/types.ts +25 -0
  173. package/src/index.ts +2 -1
  174. package/src/pid/sd-jwt/converters.ts +5 -11
  175. package/src/pid/sd-jwt/types.ts +8 -6
  176. package/src/sd-jwt/__test__/converters.test.ts +1 -1
  177. package/src/sd-jwt/__test__/index.test.ts +45 -74
  178. package/src/sd-jwt/__test__/types.test.ts +21 -33
  179. package/src/sd-jwt/index.ts +3 -12
  180. package/src/sd-jwt/types.ts +17 -22
  181. package/src/trust/types.ts +64 -32
  182. package/src/utils/auth.ts +37 -0
  183. package/src/utils/errors.ts +85 -1
  184. package/src/utils/integrity.ts +1 -1
  185. package/src/utils/misc.ts +43 -0
  186. package/src/utils/par.ts +29 -17
  187. package/src/utils/pop.ts +34 -0
  188. package/src/wallet-instance-attestation/issuing.ts +39 -2
  189. package/src/wallet-instance-attestation/types.ts +11 -7
  190. package/lib/commonjs/credential/issuance/07-confirm-credential.js +0 -6
  191. package/lib/commonjs/credential/issuance/07-confirm-credential.js.map +0 -1
  192. package/lib/commonjs/credential/issuance/08-confirm-credential.js +0 -6
  193. package/lib/commonjs/credential/issuance/08-confirm-credential.js.map +0 -1
  194. package/lib/module/credential/issuance/07-confirm-credential.js +0 -2
  195. package/lib/module/credential/issuance/07-confirm-credential.js.map +0 -1
  196. package/lib/module/credential/issuance/08-confirm-credential.js +0 -2
  197. package/lib/module/credential/issuance/08-confirm-credential.js.map +0 -1
  198. package/lib/typescript/credential/issuance/07-confirm-credential.d.ts +0 -11
  199. package/lib/typescript/credential/issuance/07-confirm-credential.d.ts.map +0 -1
  200. package/lib/typescript/credential/issuance/08-confirm-credential.d.ts +0 -11
  201. package/lib/typescript/credential/issuance/08-confirm-credential.d.ts.map +0 -1
  202. package/src/credential/issuance/07-confirm-credential.ts +0 -14
  203. package/src/credential/issuance/08-confirm-credential.ts +0 -14
  204. package/src/sd-jwt/__test__/converters.test.js +0 -24
  205. package/src/sd-jwt/verifier.js +0 -12
@@ -13,99 +13,70 @@ import { SdJwt4VC } from "../types";
13
13
  // - "address" is used as verification._sd
14
14
  // - all others disclosures are in claims._sd
15
15
  const token =
16
- "eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImIxODZlYTBjMTkyNTc5MzA5N2JmMDFiOGEyODlhNDVmIiwidHJ1c3RfY2hhaW4iOlsiTkVoUmRFUnBZbmxIWTNNNVdsZFdUV1oyYVVobSAuLi4iLCJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2IC4uLiIsIklrSllkbVp5Ykc1b1FVMTFTRkl3TjJGcVZXMUIgLi4uIl19.eyJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tL2lzc3VlciIsInN1YiI6Ik56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcy4uLiIsImp0aSI6InVybjp1dWlkOjZjNWMwYTQ5LWI1ODktNDMxZC1iYWU3LTIxOTEyMmE5ZWMyYyIsImlhdCI6MTU0MTQ5MzcyNCwiZXhwIjoxNTQxNDkzNzI0LCJzdGF0dXMiOiJodHRwczovL2V4YW1wbGUuY29tL3N0YXR1cyIsImNuZiI6eyJqd2siOnsia3R5IjoiUlNBIiwidXNlIjoic2lnIiwibiI6IjFUYS1zRSIsImUiOiJBUUFCIiwia2lkIjoiWWhORlMzWW5DOXRqaUNhaXZoV0xWVUozQXh3R0d6Xzk4dVJGYXFNRUVzIn19LCJ0eXBlIjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwidmVyaWZpZWRfY2xhaW1zIjp7InZlcmlmaWNhdGlvbiI6eyJfc2QiOlsiSnpZakg0c3ZsaUgwUjNQeUVNZmVadTZKdDY5dTVxZWhabzdGN0VQWWxTRSJdLCJ0cnVzdF9mcmFtZXdvcmsiOiJlaWRhcyIsImFzc3VyYW5jZV9sZXZlbCI6ImhpZ2gifSwiY2xhaW1zIjp7Il9zZCI6WyIwOXZLckpNT2x5VFdNMHNqcHVfcGRPQlZCUTJNMXkzS2hwSDUxNW5Ya3BZIiwiMnJzakdiYUMwa3k4bVQwcEpyUGlvV1RxMF9kYXcxc1g3NnBvVWxnQ3diSSIsIkVrTzhkaFcwZEhFSmJ2VUhsRV9WQ2V1Qzl1UkVMT2llTFpoaDdYYlVUdEEiLCJJbER6SUtlaVpkRHdwcXBLNlpmYnlwaEZ2ejVGZ25XYS1zTjZ3cVFYQ2l3IiwiUG9yRmJwS3VWdTZ4eW1KYWd2a0ZzRlhBYlJvYzJKR2xBVUEyQkE0bzdjSSIsIlRHZjRvTGJnd2Q1SlFhSHlLVlFaVTlVZEdFMHc1cnREc3JaemZVYW9tTG8iLCJqZHJURThZY2JZNEVpZnVnaWhpQWVfQlBla3hKUVpJQ2VpVVF3WTlRcXhJIiwianN1OXlWdWx3UVFsaEZsTV8zSmx6TWFTRnpnbGhRRzBEcGZheVF3TFVLNCJdfX0sIl9zZF9hbGciOiJzaGEtMjU2In0.8wwSHCd47wCgzRYXvvPTTRXGS-hk9V8jRzy7WSjRBTZxSHxJkGOSWwBVAA-kpJ-IvQS7699aLWxIMqAvr34sOA~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgIkRvZSJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX251bWJlciIsICIrMS0yMDItNTU1LTAxMDEiXQ~WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImJpcnRoZGF0ZSIsICIxOTQwLTAxLTAxIl0~WyJQYzMzSk0yTGNoY1VfbEhnZ3ZfdWZRIiwgImlzX292ZXJfMTgiLCB0cnVlXQ~WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgImlzX292ZXJfMjEiLCB0cnVlXQ~WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLCB0cnVlXQ~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0";
16
+ "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2QiOlsiMHExRDVKbWF2NnBRYUVoX0pfRmN2X3VOTk1RSWdDeWhRT3hxbFk0bDNxVSIsIktDSi1BVk52ODhkLXhqNnNVSUFPSnhGbmJVaDNySFhES2tJSDFsRnFiUnMiLCJNOWxvOVl4RE5JWHJBcTJxV2VpQ0E0MHpwSl96WWZGZFJfNEFFQUxjUnRVIiwiY3pnalVrMG5xUkNzd1NoQ2hDamRTNkExLXY0N2RfcVRDU0ZJdklIaE1vSSIsIm5HblFyN2NsbTN0ZlRwOHlqTF91SHJEU090elIyUFZiOFM3R2VMZEFxQlEiLCJ4TklWd2xwU3NhWjhDSlNmMGd6NXhfNzVWUldXYzZWMW1scGVqZENycVVzIl0sInN1YiI6IjIxNmY4OTQ2LTllY2ItNDgxOS05MzA5LWMwNzZmMzRhN2UxMSIsIl9zZF9hbGciOiJzaGEtMjU2IiwidmN0IjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwiaXNzIjoiaHR0cHM6Ly9wcmUuZWlkLndhbGxldC5pcHpzLml0IiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiUnYzVy1FaUtwdkJUeWs1eVp4dnJldi03TURCNlNselVDQm9fQ1FqamRkVSIsIngiOiIwV294N1F0eVBxQnlnMzVNSF9YeUNjbmQ1TGUtSm0wQVhIbFVnREJBMDNZIiwieSI6ImVFaFZ2ZzFKUHFOZDNEVFNhNG1HREdCbHdZNk5QLUVaYkxiTkZYU1h3SWcifX0sImV4cCI6MTc1MTU0NjU3Niwic3RhdHVzIjp7InN0YXR1c19hdHRlc3RhdGlvbiI6eyJjcmVkZW50aWFsX2hhc2hfYWxnIjoic2hhLTI1NiJ9fX0.qXHA2oqr8trX4fGxpxpUft2GX380TM3pzfo1MYAsDjUC8HsODA-4rdRWAvDe2zYP57x4tJU7eiABkd1Kmln9yQ~WyJrSkRFUDhFYU5URU1CRE9aelp6VDR3IiwidW5pcXVlX2lkIiwiVElOSVQtTFZMREFBODVUNTBHNzAyQiJd~WyJ6SUF5VUZ2UGZJcEUxekJxeEk1aGFRIiwiYmlydGhfZGF0ZSIsIjE5ODUtMTItMTAiXQ~WyJHcjNSM3MyOTBPa1FVbS1ORlR1OTZBIiwidGF4X2lkX2NvZGUiLCJUSU5JVC1MVkxEQUE4NVQ1MEc3MDJCIl0~WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd~WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd~WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ";
17
17
 
18
18
  const unsigned =
19
- "eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImIxODZlYTBjMTkyNTc5MzA5N2JmMDFiOGEyODlhNDVmIiwidHJ1c3RfY2hhaW4iOlsiTkVoUmRFUnBZbmxIWTNNNVdsZFdUV1oyYVVobSAuLi4iLCJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2IC4uLiIsIklrSllkbVp5Ykc1b1FVMTFTRkl3TjJGcVZXMUIgLi4uIl19.eyJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tL2lzc3VlciIsInN1YiI6Ik56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcy4uLiIsImp0aSI6InVybjp1dWlkOjZjNWMwYTQ5LWI1ODktNDMxZC1iYWU3LTIxOTEyMmE5ZWMyYyIsImlhdCI6MTU0MTQ5MzcyNCwiZXhwIjoxNTQxNDkzNzI0LCJzdGF0dXMiOiJodHRwczovL2V4YW1wbGUuY29tL3N0YXR1cyIsImNuZiI6eyJqd2siOnsia3R5IjoiUlNBIiwidXNlIjoic2lnIiwibiI6IjFUYS1zRSIsImUiOiJBUUFCIiwia2lkIjoiWWhORlMzWW5DOXRqaUNhaXZoV0xWVUozQXh3R0d6Xzk4dVJGYXFNRUVzIn19LCJ0eXBlIjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwidmVyaWZpZWRfY2xhaW1zIjp7InZlcmlmaWNhdGlvbiI6eyJfc2QiOlsiSnpZakg0c3ZsaUgwUjNQeUVNZmVadTZKdDY5dTVxZWhabzdGN0VQWWxTRSJdLCJ0cnVzdF9mcmFtZXdvcmsiOiJlaWRhcyIsImFzc3VyYW5jZV9sZXZlbCI6ImhpZ2gifSwiY2xhaW1zIjp7Il9zZCI6WyIwOXZLckpNT2x5VFdNMHNqcHVfcGRPQlZCUTJNMXkzS2hwSDUxNW5Ya3BZIiwiMnJzakdiYUMwa3k4bVQwcEpyUGlvV1RxMF9kYXcxc1g3NnBvVWxnQ3diSSIsIkVrTzhkaFcwZEhFSmJ2VUhsRV9WQ2V1Qzl1UkVMT2llTFpoaDdYYlVUdEEiLCJJbER6SUtlaVpkRHdwcXBLNlpmYnlwaEZ2ejVGZ25XYS1zTjZ3cVFYQ2l3IiwiUG9yRmJwS3VWdTZ4eW1KYWd2a0ZzRlhBYlJvYzJKR2xBVUEyQkE0bzdjSSIsIlRHZjRvTGJnd2Q1SlFhSHlLVlFaVTlVZEdFMHc1cnREc3JaemZVYW9tTG8iLCJqZHJURThZY2JZNEVpZnVnaWhpQWVfQlBla3hKUVpJQ2VpVVF3WTlRcXhJIiwianN1OXlWdWx3UVFsaEZsTV8zSmx6TWFTRnpnbGhRRzBEcGZheVF3TFVLNCJdfX0sIl9zZF9hbGciOiJzaGEtMjU2In0";
19
+ "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2QiOlsiMHExRDVKbWF2NnBRYUVoX0pfRmN2X3VOTk1RSWdDeWhRT3hxbFk0bDNxVSIsIktDSi1BVk52ODhkLXhqNnNVSUFPSnhGbmJVaDNySFhES2tJSDFsRnFiUnMiLCJNOWxvOVl4RE5JWHJBcTJxV2VpQ0E0MHpwSl96WWZGZFJfNEFFQUxjUnRVIiwiY3pnalVrMG5xUkNzd1NoQ2hDamRTNkExLXY0N2RfcVRDU0ZJdklIaE1vSSIsIm5HblFyN2NsbTN0ZlRwOHlqTF91SHJEU090elIyUFZiOFM3R2VMZEFxQlEiLCJ4TklWd2xwU3NhWjhDSlNmMGd6NXhfNzVWUldXYzZWMW1scGVqZENycVVzIl0sInN1YiI6IjIxNmY4OTQ2LTllY2ItNDgxOS05MzA5LWMwNzZmMzRhN2UxMSIsIl9zZF9hbGciOiJzaGEtMjU2IiwidmN0IjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwiaXNzIjoiaHR0cHM6Ly9wcmUuZWlkLndhbGxldC5pcHpzLml0IiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiUnYzVy1FaUtwdkJUeWs1eVp4dnJldi03TURCNlNselVDQm9fQ1FqamRkVSIsIngiOiIwV294N1F0eVBxQnlnMzVNSF9YeUNjbmQ1TGUtSm0wQVhIbFVnREJBMDNZIiwieSI6ImVFaFZ2ZzFKUHFOZDNEVFNhNG1HREdCbHdZNk5QLUVaYkxiTkZYU1h3SWcifX0sImV4cCI6MTc1MTU0NjU3Niwic3RhdHVzIjp7InN0YXR1c19hdHRlc3RhdGlvbiI6eyJjcmVkZW50aWFsX2hhc2hfYWxnIjoic2hhLTI1NiJ9fX0";
20
20
 
21
21
  const signature =
22
- "8wwSHCd47wCgzRYXvvPTTRXGS-hk9V8jRzy7WSjRBTZxSHxJkGOSWwBVAA-kpJ-IvQS7699aLWxIMqAvr34sOA";
22
+ "qXHA2oqr8trX4fGxpxpUft2GX380TM3pzfo1MYAsDjUC8HsODA-4rdRWAvDe2zYP57x4tJU7eiABkd1Kmln9yQ";
23
23
 
24
24
  const signed = `${unsigned}.${signature}`;
25
25
 
26
26
  const tokenizedDisclosures = [
27
- "WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd",
28
- "WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgIkRvZSJd",
29
- "WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ",
30
- "WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX251bWJlciIsICIrMS0yMDItNTU1LTAxMDEiXQ",
31
- "WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImJpcnRoZGF0ZSIsICIxOTQwLTAxLTAxIl0",
32
- "WyJQYzMzSk0yTGNoY1VfbEhnZ3ZfdWZRIiwgImlzX292ZXJfMTgiLCB0cnVlXQ",
33
- "WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgImlzX292ZXJfMjEiLCB0cnVlXQ",
34
- "WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLCB0cnVlXQ",
35
- "WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0",
27
+ "WyJrSkRFUDhFYU5URU1CRE9aelp6VDR3IiwidW5pcXVlX2lkIiwiVElOSVQtTFZMREFBODVUNTBHNzAyQiJd",
28
+ "WyJ6SUF5VUZ2UGZJcEUxekJxeEk1aGFRIiwiYmlydGhfZGF0ZSIsIjE5ODUtMTItMTAiXQ",
29
+ "WyJHcjNSM3MyOTBPa1FVbS1ORlR1OTZBIiwidGF4X2lkX2NvZGUiLCJUSU5JVC1MVkxEQUE4NVQ1MEc3MDJCIl0",
30
+ "WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd",
31
+ "WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd",
32
+ "WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ",
36
33
  ];
37
34
 
38
35
  const sdJwt = {
39
36
  header: {
37
+ kid: "-F_6Uga8n3VegjY2U7YUHK1zLoaD-NPTc63RMISnLaw",
40
38
  typ: "vc+sd-jwt",
41
39
  alg: "ES256",
42
- kid: "b186ea0c1925793097bf01b8a289a45f",
43
- trust_chain: [
44
- "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
45
- "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...",
46
- "IkJYdmZybG5oQU11SFIwN2FqVW1B ...",
47
- ],
48
40
  },
49
41
  payload: {
50
- iss: "https://example.com/issuer",
51
- sub: "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs...",
52
- jti: "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c",
53
- iat: 1541493724,
54
- exp: 1541493724,
55
- status: "https://example.com/status",
42
+ _sd: [
43
+ "0q1D5Jmav6pQaEh_J_Fcv_uNNMQIgCyhQOxqlY4l3qU",
44
+ "KCJ-AVNv88d-xj6sUIAOJxFnbUh3rHXDKkIH1lFqbRs",
45
+ "M9lo9YxDNIXrAq2qWeiCA40zpJ_zYfFdR_4AEALcRtU",
46
+ "czgjUk0nqRCswShChCjdS6A1-v47d_qTCSFIvIHhMoI",
47
+ "nGnQr7clm3tfTp8yjL_uHrDSOtzR2PVb8S7GeLdAqBQ",
48
+ "xNIVwlpSsaZ8CJSf0gz5x_75VRWWc6V1mlpejdCrqUs",
49
+ ],
50
+ sub: "216f8946-9ecb-4819-9309-c076f34a7e11",
51
+ _sd_alg: "sha-256",
52
+ vct: "PersonIdentificationData",
53
+ iss: "https://pre.eid.wallet.ipzs.it",
56
54
  cnf: {
57
55
  jwk: {
58
- kty: "RSA",
59
- use: "sig",
60
- n: "1Ta-sE",
61
- e: "AQAB",
62
- kid: "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
56
+ kty: "EC",
57
+ crv: "P-256",
58
+ kid: "Rv3W-EiKpvBTyk5yZxvrev-7MDB6SlzUCBo_CQjjddU",
59
+ x: "0Wox7QtyPqByg35MH_XyCcnd5Le-Jm0AXHlUgDBA03Y",
60
+ y: "eEhVvg1JPqNd3DTSa4mGDGBlwY6NP-EZbLbNFXSXwIg",
63
61
  },
64
62
  },
65
- type: "PersonIdentificationData",
66
- verified_claims: {
67
- verification: {
68
- _sd: ["JzYjH4svliH0R3PyEMfeZu6Jt69u5qehZo7F7EPYlSE"],
69
- trust_framework: "eidas",
70
- assurance_level: "high",
71
- },
72
- claims: {
73
- _sd: [
74
- "09vKrJMOlyTWM0sjpu_pdOBVBQ2M1y3KhpH515nXkpY",
75
- "2rsjGbaC0ky8mT0pJrPioWTq0_daw1sX76poUlgCwbI",
76
- "EkO8dhW0dHEJbvUHlE_VCeuC9uRELOieLZhh7XbUTtA",
77
- "IlDzIKeiZdDwpqpK6ZfbyphFvz5FgnWa-sN6wqQXCiw",
78
- "PorFbpKuVu6xymJagvkFsFXAbRoc2JGlAUA2BA4o7cI",
79
- "TGf4oLbgwd5JQaHyKVQZU9UdGE0w5rtDsrZzfUaomLo",
80
- "jdrTE8YcbY4EifugihiAe_BPekxJQZICeiUQwY9QqxI",
81
- "jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4",
82
- ],
63
+ exp: 1751546576,
64
+ status: {
65
+ status_attestation: {
66
+ credential_hash_alg: "sha-256",
83
67
  },
84
68
  },
85
- _sd_alg: "sha-256",
86
69
  },
87
70
  };
88
71
 
89
72
  // In the very same order than tokenizedDisclosures
90
73
  const disclosures = [
91
- ["2GLC42sKQveCfGfryNRN9w", "given_name", "John"],
92
- ["eluV5Og3gSNII8EYnsxA_A", "family_name", "Doe"],
93
- ["6Ij7tM-a5iVPGboS5tmvVA", "email", "johndoe@example.com"],
94
- ["eI8ZWm9QnKPpNPeNenHdhQ", "phone_number", "+1-202-555-0101"],
95
- ["AJx-095VPrpTtN4QMOqROA", "birthdate", "1940-01-01"],
96
- ["Pc33JM2LchcU_lHggv_ufQ", "is_over_18", true],
97
- ["G02NSrQfjFXQ7Io09syajA", "is_over_21", true],
98
- ["lklxF5jMYlGTPUovMNIvCA", "is_over_65", true],
99
- [
100
- "Qg_O64zqAxe412a108iroA",
101
- "address",
102
- {
103
- street_address: "123 Main St",
104
- locality: "Anytown",
105
- region: "Anystate",
106
- country: "US",
107
- },
108
- ],
74
+ ["kJDEP8EaNTEMBDOZzZzT4w", "unique_id", "TINIT-LVLDAA85T50G702B"],
75
+ ["zIAyUFvPfIpE1zBqxI5haQ", "birth_date", "1985-12-10"],
76
+ ["Gr3R3s290OkQUm-NFTu96A", "tax_id_code", "TINIT-LVLDAA85T50G702B"],
77
+ ["GxORalMAelfZ0edFJjjYUw", "given_name", "Ada"],
78
+ ["_vV5RIkl0IOEXKots9kt1w", "family_name", "Lovelace"],
79
+ ["Cj5tccR72Jwrze2TW4a-wg", "iat", 1720010575],
109
80
  ];
110
81
  it("Ensures example data correctness", () => {
111
82
  expect(
@@ -161,8 +132,8 @@ describe("disclose", () => {
161
132
  it("should encode a valid sdjwt (one claim)", async () => {
162
133
  const result = await disclose(token, ["given_name"]);
163
134
  const expected = {
164
- token: `${signed}~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd`,
165
- paths: [{ claim: "given_name", path: "verified_claims.claims._sd[7]" }],
135
+ token: `${signed}~WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd`,
136
+ paths: [{ claim: "given_name", path: "verified_claims.claims._sd[3]" }],
166
137
  };
167
138
 
168
139
  expect(result).toEqual(expected);
@@ -176,17 +147,17 @@ describe("disclose", () => {
176
147
  });
177
148
 
178
149
  it("should encode a valid sdjwt (multiple claims)", async () => {
179
- const result = await disclose(token, ["given_name", "email"]);
150
+ const result = await disclose(token, ["iat", "family_name"]);
180
151
  const expected = {
181
- token: `${signed}~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ`,
152
+ token: `${signed}~WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd~WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ`,
182
153
  paths: [
183
154
  {
184
- claim: "given_name",
185
- path: "verified_claims.claims._sd[7]",
155
+ claim: "iat",
156
+ path: "verified_claims.claims._sd[4]",
186
157
  },
187
158
  {
188
- claim: "email",
189
- path: "verified_claims.verification._sd[0]",
159
+ claim: "family_name",
160
+ path: "verified_claims.claims._sd[0]",
190
161
  },
191
162
  ],
192
163
  };
@@ -8,47 +8,35 @@ describe("SdJwt4VC", () => {
8
8
  typ: "vc+sd-jwt",
9
9
  alg: "RS512",
10
10
  kid: "dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw",
11
- trust_chain: [
12
- "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
13
- "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...",
14
- "IkJYdmZybG5oQU11SFIwN2FqVW1B ...",
15
- ],
16
11
  },
17
12
  payload: {
18
- iss: "https://pidprovider.example.org",
19
- sub: "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs...",
20
- jti: "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c",
21
- iat: 1541493724,
22
- exp: 1541493724,
23
- status: "https://pidprovider.example.org/status",
13
+ _sd: [
14
+ "0q1D5Jmav6pQaEh_J_Fcv_uNNMQIgCyhQOxqlY4l3qU",
15
+ "KCJ-AVNv88d-xj6sUIAOJxFnbUh3rHXDKkIH1lFqbRs",
16
+ "M9lo9YxDNIXrAq2qWeiCA40zpJ_zYfFdR_4AEALcRtU",
17
+ "czgjUk0nqRCswShChCjdS6A1-v47d_qTCSFIvIHhMoI",
18
+ "nGnQr7clm3tfTp8yjL_uHrDSOtzR2PVb8S7GeLdAqBQ",
19
+ "xNIVwlpSsaZ8CJSf0gz5x_75VRWWc6V1mlpejdCrqUs",
20
+ ],
21
+ sub: "216f8946-9ecb-4819-9309-c076f34a7e11",
22
+ _sd_alg: "sha-256",
23
+ vct: "PersonIdentificationData",
24
+ iss: "https://pidprovider.example.com",
24
25
  cnf: {
25
26
  jwk: {
26
- kty: "RSA",
27
- use: "sig",
28
- n: "1Ta-sE …",
29
- e: "AQAB",
30
- kid: "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
27
+ kty: "EC",
28
+ crv: "P-256",
29
+ kid: "zEv_qGSL5r0_F67j2dwEgUJmBgbMNSEJ5K_iH1PYc7A",
30
+ x: "0Pj7v_afNp9ETJx11JbYgkI7yQpd0rtiYuo5feuAN2o",
31
+ y: "XB62Um02vHqedkOzSfJ5hdtjPz-zmV9jmWh4sKgdD9o",
31
32
  },
32
33
  },
33
- type: "PersonIdentificationData",
34
- verified_claims: {
35
- verification: {
36
- _sd: ["OGm7ryXgt5Xzlevp-Hu-UTk0a-TxAaPAobqv1pIWMfw"],
37
- trust_framework: "eidas",
38
- assurance_level: "high",
39
- },
40
- claims: {
41
- _sd: [
42
- "8JjozBfovMNvQ3HflmPWy4O19Gpxs61FWHjZebU589E",
43
- "BoMGktW1rbikntw8Fzx_BeL4YbAndr6AHsdgpatFCig",
44
- "CFLGzentGNRFngnLVVQVcoAFi05r6RJUX-rdbLdEfew",
45
- "JU_sTaHCngS32X-0ajHrd1-HCLCkpT5YqgcfQme168w",
46
- "VQI-S1mT1Kxfq2o8J9io7xMMX2MIxaG9M9PeJVqrMcA",
47
- "zVdghcmClMVWlUgGsGpSkCPkEHZ4u9oWj1SlIBlCc1o",
48
- ],
34
+ exp: 1751107255,
35
+ status: {
36
+ status_attestation: {
37
+ credential_hash_alg: "sha-256",
49
38
  },
50
39
  },
51
- _sd_alg: "sha-256",
52
40
  },
53
41
  };
54
42
 
@@ -101,15 +101,9 @@ export const disclose = async (
101
101
 
102
102
  // _sd is defined in verified_claims.claims and verified_claims.verification
103
103
  // we must look into both
104
- if (sdJwt.payload.verified_claims.claims._sd.includes(hash)) {
105
- const index = sdJwt.payload.verified_claims.claims._sd.indexOf(hash);
104
+ if (sdJwt.payload._sd.includes(hash)) {
105
+ const index = sdJwt.payload._sd.indexOf(hash);
106
106
  return { claim, path: `verified_claims.claims._sd[${index}]` };
107
- } else if (
108
- sdJwt.payload.verified_claims.verification._sd.includes(hash)
109
- ) {
110
- const index =
111
- sdJwt.payload.verified_claims.verification._sd.indexOf(hash);
112
- return { claim, path: `verified_claims.verification._sd[${index}]` };
113
107
  }
114
108
 
115
109
  throw new ClaimsNotFoundInToken(claim);
@@ -158,10 +152,7 @@ export const verify = async <S extends z.ZodType<SdJwt4VC>>(
158
152
  await verifyJwt(rawSdJwt, publicKey);
159
153
 
160
154
  //Check disclosures in sd-jwt
161
- const claims = [
162
- ...decoded.sdJwt.payload.verified_claims.verification._sd,
163
- ...decoded.sdJwt.payload.verified_claims.claims._sd,
164
- ];
155
+ const claims = [...decoded.sdJwt.payload._sd];
165
156
 
166
157
  await Promise.all(
167
158
  decoded.disclosures.map(
@@ -39,29 +39,24 @@ export const SdJwt4VC = z.object({
39
39
  typ: z.literal("vc+sd-jwt"),
40
40
  alg: z.string(),
41
41
  kid: z.string().optional(),
42
- trust_chain: z.array(z.string()),
43
42
  }),
44
- payload: z.object({
45
- iss: z.string(),
46
- sub: z.string(),
47
- jti: z.string(),
48
- iat: UnixTime,
49
- exp: UnixTime,
50
- status: z.string(),
51
- cnf: z.object({
52
- jwk: JWK,
53
- }),
54
- type: z.string(),
55
- verified_claims: z.object({
56
- verification: z.intersection(
57
- z.object({
58
- trust_framework: z.literal("eidas"),
59
- assurance_level: z.string(),
43
+ payload: z.intersection(
44
+ z.object({
45
+ iss: z.string(),
46
+ sub: z.string(),
47
+ iat: UnixTime.optional(),
48
+ exp: UnixTime,
49
+ _sd_alg: z.literal("sha-256"),
50
+ status: z.object({
51
+ status_attestation: z.object({
52
+ credential_hash_alg: z.literal("sha-256"),
60
53
  }),
61
- ObfuscatedDisclosures
62
- ),
63
- claims: ObfuscatedDisclosures,
54
+ }),
55
+ cnf: z.object({
56
+ jwk: JWK,
57
+ }),
58
+ vct: z.string(),
64
59
  }),
65
- _sd_alg: z.literal("sha-256"),
66
- }),
60
+ ObfuscatedDisclosures
61
+ ),
67
62
  });
@@ -18,38 +18,48 @@ const RelyingPartyMetadata = z.object({
18
18
  // instruct the Wallet Solution on how to render the credential correctly
19
19
  type CredentialDisplayMetadata = z.infer<typeof CredentialDisplayMetadata>;
20
20
  const CredentialDisplayMetadata = z.object({
21
+ name: z.string(),
22
+ locale: z.string(),
23
+ logo: z
24
+ .object({
25
+ url: z.string(),
26
+ alt_text: z.string(),
27
+ })
28
+ .optional(), // TODO [SIW-1268]: should not be optional
29
+ background_color: z.string().optional(), // TODO [SIW-1268]: should not be optional
30
+ text_color: z.string().optional(), // TODO [SIW-1268]: should not be optional
31
+ });
32
+
33
+ // Metadata for displaying issuer information
34
+ type CredentialIssuerDisplayMetadata = z.infer<
35
+ typeof CredentialIssuerDisplayMetadata
36
+ >;
37
+ const CredentialIssuerDisplayMetadata = z.object({
21
38
  name: z.string(),
22
39
  locale: z.string(),
23
40
  logo: z.object({
24
41
  url: z.string(),
25
42
  alt_text: z.string(),
26
43
  }),
27
- background_color: z.string(),
28
- text_color: z.string(),
29
44
  });
30
45
 
31
- type CredentialDefinitionMetadata = z.infer<
32
- typeof CredentialDefinitionMetadata
33
- >;
34
- const CredentialDefinitionMetadata = z.object({
35
- type: z.array(z.string()),
36
- credentialSubject: z.record(
37
- z.object({
38
- mandatory: z.boolean(),
39
- display: z.array(z.object({ name: z.string(), locale: z.string() })),
40
- })
41
- ),
42
- });
46
+ type ClaimsMetadata = z.infer<typeof ClaimsMetadata>;
47
+ const ClaimsMetadata = z.record(
48
+ z.object({
49
+ value_type: z.string(),
50
+ display: z.array(z.object({ name: z.string(), locale: z.string() })),
51
+ })
52
+ );
43
53
 
44
54
  // Metadata for a credentia which i supported by a Issuer
45
55
  type SupportedCredentialMetadata = z.infer<typeof SupportedCredentialMetadata>;
46
56
  const SupportedCredentialMetadata = z.object({
47
- id: z.string(),
48
57
  format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
49
- cryptographic_binding_methods_supported: z.array(z.string()),
50
- cryptographic_suites_supported: z.array(z.string()),
58
+ scope: z.string(),
51
59
  display: z.array(CredentialDisplayMetadata),
52
- credential_definition: CredentialDefinitionMetadata,
60
+ claims: ClaimsMetadata,
61
+ cryptographic_binding_methods_supported: z.array(z.string()),
62
+ credential_signing_alg_values_supported: z.array(z.string()),
53
63
  });
54
64
 
55
65
  export type EntityStatement = z.infer<typeof EntityStatement>;
@@ -101,19 +111,19 @@ const BaseEntityConfiguration = z.object({
101
111
  header: EntityConfigurationHeader,
102
112
  payload: z
103
113
  .object({
104
- exp: UnixTime,
105
- iat: UnixTime,
106
114
  iss: z.string(),
107
115
  sub: z.string(),
108
- jwks: z.object({
109
- keys: z.array(JWK),
110
- }),
116
+ iat: UnixTime,
117
+ exp: UnixTime,
118
+ authority_hints: z.array(z.string()).optional(),
111
119
  metadata: z
112
120
  .object({
113
121
  federation_entity: FederationEntityMetadata,
114
122
  })
115
123
  .passthrough(),
116
- authority_hints: z.array(z.string()).optional(),
124
+ jwks: z.object({
125
+ keys: z.array(JWK),
126
+ }),
117
127
  })
118
128
  .passthrough(),
119
129
  });
@@ -135,18 +145,42 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(
135
145
  metadata: z.object({
136
146
  openid_credential_issuer: z.object({
137
147
  credential_issuer: z.string(),
148
+ credential_endpoint: z.string(),
149
+ revocation_endpoint: z.string(),
150
+ status_attestation_endpoint: z.string(),
151
+ display: z.array(CredentialIssuerDisplayMetadata),
152
+ credential_configurations_supported: z.record(
153
+ SupportedCredentialMetadata
154
+ ),
155
+ jwks: z.object({ keys: z.array(JWK) }),
156
+ }),
157
+ oauth_authorization_server: z.object({
138
158
  authorization_endpoint: z.string(),
139
- token_endpoint: z.string(),
140
159
  pushed_authorization_request_endpoint: z.string(),
141
- dpop_signing_alg_values_supported: z.array(z.string()),
142
- credential_endpoint: z.string(),
143
- credentials_supported: z.array(SupportedCredentialMetadata),
160
+ dpop_signing_alg_values_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional
161
+ token_endpoint: z.string(),
162
+ introspection_endpoint: z.string().optional(), // TODO [SIW-1268]: should not be optional
163
+ client_registration_types_supported: z.array(z.string()),
164
+ code_challenge_methods_supported: z.array(z.string()),
165
+ authorization_details_types_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional,
166
+ acr_values_supported: z.array(z.string()),
167
+ grant_types_supported: z.array(z.string()),
168
+ issuer: z.string(),
144
169
  jwks: z.object({ keys: z.array(JWK) }),
170
+ scopes_supported: z.array(z.string()),
171
+ request_parameter_supported: z.boolean().optional(), // TODO [SIW-1268]: should not be optional
172
+ request_uri_parameter_supported: z.boolean().optional(), // TODO [SIW-1268]: should not be optional
173
+ response_types_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional
174
+ response_modes_supported: z.array(z.string()),
175
+ subject_types_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional
176
+ token_endpoint_auth_methods_supported: z.array(z.string()),
177
+ token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
178
+ request_object_signing_alg_values_supported: z.array(z.string()),
145
179
  }),
146
180
  /** Credential Issuers act as Relying Party
147
181
  when they require the presentation of other credentials.
148
182
  This does not apply for PID issuance, which requires CIE authz. */
149
- wallet_relying_party: RelyingPartyMetadata.optional(),
183
+ openid_relying_party: RelyingPartyMetadata.optional(),
150
184
  }),
151
185
  }),
152
186
  })
@@ -177,9 +211,7 @@ export const WalletProviderEntityConfiguration = BaseEntityConfiguration.and(
177
211
  wallet_provider: z
178
212
  .object({
179
213
  token_endpoint: z.string(),
180
- attested_security_context_values_supported: z
181
- .array(z.string())
182
- .optional(),
214
+ aal_values_supported: z.array(z.string()).optional(),
183
215
  grant_types_supported: z.array(z.string()),
184
216
  token_endpoint_auth_methods_supported: z.array(z.string()),
185
217
  token_endpoint_auth_signing_alg_values_supported: z.array(
@@ -0,0 +1,37 @@
1
+ import * as z from "zod";
2
+
3
+ /**
4
+ * Context for authorization during the {@link 03-start-user-authorization.ts} phase.
5
+ * It consists of a single method to identify the user which takes a URL and a redirect schema as input.
6
+ * Once the authorization is completed and the URL calls the redirect schema, the method should return the redirect URL.
7
+ */
8
+ export interface AuthorizationContext {
9
+ authorize: (url: string, redirectSchema: string) => Promise<string>;
10
+ }
11
+
12
+ /**
13
+ * The result of the identification process.
14
+ */
15
+ export const AuthorizationResultShape = z.object({
16
+ code: z.string(),
17
+ state: z.string(),
18
+ iss: z.string().optional(),
19
+ });
20
+
21
+ /**
22
+ * The error of the identification process.
23
+ * It follows the OAuth/OIDC error response format.
24
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#AuthError
25
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
26
+ */
27
+ export const AuthorizationErrorShape = z.object({
28
+ error: z.string(), // not enforcing the error code format
29
+ error_description: z.string().optional(),
30
+ error_uri: z.string().optional(),
31
+ state: z.string().optional(),
32
+ });
33
+
34
+ /**
35
+ * Type of the identification result.
36
+ */
37
+ export type AuthorizationResult = z.infer<typeof AuthorizationResultShape>;
@@ -251,13 +251,97 @@ export class WalletProviderResponseError extends IoWalletError {
251
251
  /** Reason code for the validation failure. */
252
252
  reason: string;
253
253
 
254
+ /** HTTP status code */
255
+ statusCode: number;
256
+
254
257
  constructor(
255
258
  message: string,
256
259
  claim: string = "unspecified",
257
- reason: string = "unspecified"
260
+ reason: string = "unspecified",
261
+ statusCode: number
258
262
  ) {
263
+ super(
264
+ serializeAttrs({
265
+ message,
266
+ claim,
267
+ reason,
268
+ statusCode: statusCode.toString(),
269
+ })
270
+ );
271
+ this.claim = claim;
272
+ this.reason = reason;
273
+ this.statusCode = statusCode;
274
+ }
275
+ }
276
+
277
+ export class WalletInstanceRevokedError extends IoWalletError {
278
+ static get code(): "ERR_IO_WALLET_INSTANCE_REVOKED" {
279
+ return "ERR_IO_WALLET_INSTANCE_REVOKED";
280
+ }
281
+
282
+ code = "ERR_IO_WALLET_INSTANCE_REVOKED";
283
+
284
+ claim: string;
285
+ reason: string;
286
+
287
+ constructor(message: string, claim: string, reason: string = "unspecified") {
259
288
  super(serializeAttrs({ message, claim, reason }));
289
+ this.reason = reason;
260
290
  this.claim = claim;
291
+ }
292
+ }
293
+
294
+ export class WalletInstanceNotFoundError extends IoWalletError {
295
+ static get code(): "ERR_IO_WALLET_INSTANCE_NOT_FOUND" {
296
+ return "ERR_IO_WALLET_INSTANCE_NOT_FOUND";
297
+ }
298
+
299
+ code = "ERR_IO_WALLET_INSTANCE_NOT_FOUND";
300
+
301
+ claim: string;
302
+ reason: string;
303
+
304
+ constructor(message: string, claim: string, reason: string = "unspecified") {
305
+ super(serializeAttrs({ message, claim, reason }));
261
306
  this.reason = reason;
307
+ this.claim = claim;
308
+ }
309
+ }
310
+
311
+ /**
312
+ * An error subclass thrown when an error occurs during the authorization process.
313
+ */
314
+ export class AuthorizationError extends IoWalletError {
315
+ static get code(): "ERR_IO_WALLET_AUTHORIZATION_ERROR" {
316
+ return "ERR_IO_WALLET_AUTHORIZATION_ERROR";
317
+ }
318
+
319
+ code = "ERR_IO_WALLET_AUTHORIZATION_ERROR";
320
+
321
+ constructor(message?: string) {
322
+ super(message);
323
+ }
324
+ }
325
+
326
+ /**
327
+ * An error subclass thrown when an error occurs during the authorization process with the IDP.
328
+ * It contains the error and error description returned by the IDP.
329
+ */
330
+ export class AuthorizationIdpError extends IoWalletError {
331
+ static get code(): "ERR_IO_WALLET_IDENTIFICATION_RESPONSE_ERROR" {
332
+ return "ERR_IO_WALLET_IDENTIFICATION_RESPONSE_ERROR";
333
+ }
334
+
335
+ code = "ERR_IO_WALLET_IDENTIFICATION_RESPONSE_PARSING_FAILED";
336
+
337
+ error: string;
338
+ errorDescription?: string;
339
+
340
+ constructor(error: string, errorDescription?: string) {
341
+ super(
342
+ serializeAttrs(errorDescription ? { error, errorDescription } : { error })
343
+ );
344
+ this.error = error;
345
+ this.errorDescription = errorDescription;
262
346
  }
263
347
  }
@@ -1,7 +1,7 @@
1
1
  /**
2
2
  * Interface for the integrity context which provides the necessary functions to interact with the integrity service.
3
3
  * The functions are platform specific and must be implemented in the platform specific code.
4
- * getHardwareKeyTag: returns the hardware key tag.
4
+ * getHardwareKeyTag: returns the hardware key tag in a url safe format (e.g. base64url).
5
5
  * getAttestation: requests the attestation from the integrity service.
6
6
  * getHardwareSignatureWithAuthData: signs the clientData and returns the signature with the authenticator data.
7
7
  */