@pagopa/io-react-native-wallet 0.13.1 → 0.14.0

package/lib/typescript/credential/issuance/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EACL,mBAAmB,EACnB,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,sBAAsB,EACtB,KAAK,sBAAsB,EAC5B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,sCAAsC,EACtC,KAAK,sCAAsC,EAC5C,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,KAAK,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACtB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,wBAAwB,EACxB,KAAK,wBAAwB,EAC9B,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,sCAAsC,EACtC,eAAe,EACf,gBAAgB,EAChB,wBAAwB,GACzB,CAAC;AACF,YAAY,EACV,SAAS,EACT,mBAAmB,EACnB,sBAAsB,EACtB,sCAAsC,EACtC,eAAe,EACf,gBAAgB,EAChB,wBAAwB,GACzB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EACL,mBAAmB,EACnB,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,sBAAsB,EACtB,KAAK,sBAAsB,EAC5B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,sCAAsC,EACtC,oBAAoB,EACpB,KAAK,sCAAsC,EAC5C,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,KAAK,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACtB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,wBAAwB,EACxB,KAAK,wBAAwB,EAC9B,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,sCAAsC,EACtC,eAAe,EACf,gBAAgB,EAChB,wBAAwB,EACxB,oBAAoB,GACrB,CAAC;AACF,YAAY,EACV,SAAS,EACT,mBAAmB,EACnB,sBAAsB,EACtB,sCAAsC,EACtC,eAAe,EACf,gBAAgB,EAChB,wBAAwB,GACzB,CAAC"}

package/lib/typescript/index.d.ts

@@ -8,9 +8,10 @@ import * as Errors from "./utils/errors";
 import * as WalletInstanceAttestation from "./wallet-instance-attestation";
 import * as Trust from "./trust";
 import * as WalletInstance from "./wallet-instance";
+import * as Cie from "./cie";
 import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
 import { createCryptoContextFor } from "./utils/crypto";
 import type { IntegrityContext } from "./utils/integrity";
-export { SdJwt, PID, Credential, WalletInstanceAttestation, WalletInstance, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails, fixBase64EncodingOnKey, };
+export { SdJwt, PID, Credential, WalletInstanceAttestation, WalletInstance, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails, fixBase64EncodingOnKey, Cie, };
 export type { IntegrityContext, AuthorizationContext };
 //# sourceMappingURL=index.d.ts.map

package/lib/typescript/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAGrD,OAAO,gCAAgC,CAAC;AAExC,OAAO,KAAK,UAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,KAAK,KAAK,MAAM,UAAU,CAAC;AAClC,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AACzC,OAAO,KAAK,yBAAyB,MAAM,+BAA+B,CAAC;AAC3E,OAAO,KAAK,KAAK,MAAM,SAAS,CAAC;AACjC,OAAO,KAAK,cAAc,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAE1D,OAAO,EACL,KAAK,EACL,GAAG,EACH,UAAU,EACV,yBAAyB,EACzB,cAAc,EACd,MAAM,EACN,KAAK,EACL,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,sBAAsB,GACvB,CAAC;AAEF,YAAY,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAGrD,OAAO,gCAAgC,CAAC;AAExC,OAAO,KAAK,UAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,KAAK,KAAK,MAAM,UAAU,CAAC;AAClC,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AACzC,OAAO,KAAK,yBAAyB,MAAM,+BAA+B,CAAC;AAC3E,OAAO,KAAK,KAAK,MAAM,SAAS,CAAC;AACjC,OAAO,KAAK,cAAc,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAE1D,OAAO,EACL,KAAK,EACL,GAAG,EACH,UAAU,EACV,yBAAyB,EACzB,cAAc,EACd,MAAM,EACN,KAAK,EACL,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,sBAAsB,EACtB,GAAG,GACJ,CAAC;AAEF,YAAY,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "0.13.1",
+  "version": "0.14.0",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -56,6 +56,7 @@
     "@pagopa/eslint-config": "^3.0.0",
     "@pagopa/io-react-native-crypto": "^0.2.3",
     "@pagopa/io-react-native-jwt": "^1.2.0",
+    "@pagopa/react-native-cie": "^1.3.0",
     "@react-native/eslint-config": "^0.72.2",
     "@rushstack/eslint-patch": "^1.3.2",
     "@types/jest": "^28.1.2",
@@ -70,6 +71,7 @@
     "react": "18.2.0",
     "react-native": "0.72.14",
     "react-native-builder-bob": "^0.20.0",
+    "react-native-webview": "^13.10.5",
     "typed-openapi": "^0.4.1",
     "typescript": "^5.0.2"
   },
@@ -79,8 +81,10 @@
   "peerDependencies": {
     "@pagopa/io-react-native-crypto": "*",
     "@pagopa/io-react-native-jwt": "*",
+    "@pagopa/react-native-cie": "*",
     "react": "*",
-    "react-native": "*"
+    "react-native": "*",
+    "react-native-webview": "*"
   },
   "engines": {
     "node": ">= 16.0.0"

package/src/cie/component.tsx

@@ -0,0 +1,216 @@
+import React, { createRef } from "react";
+import { Platform } from "react-native";
+import { WebView } from "react-native-webview";
+
+import type {
+  WebViewErrorEvent,
+  WebViewNavigationEvent,
+  WebViewMessageEvent,
+  WebViewNavigation,
+  WebViewHttpErrorEvent,
+} from "react-native-webview/lib/WebViewTypes";
+import { startCieAndroid, startCieiOS, type ContinueWithUrl } from "./manager";
+import { CieError, CieErrorType } from "./error";
+
+/* To obtain the authentication URL on CIE L3 it is necessary to take the
+ * link contained in the "Entra con lettura carta CIE" button.
+ * This link can then be used on CieManager.
+ * This javascript code takes the link in question and sends it to the react native function via postMessage
+ */
+const injectedJavaScript = `
+    (function() {
+      function sendDocumentContent() {
+        const idpAuthUrl = [...document.querySelectorAll("a")]
+        .filter(a => a.textContent.includes("lettura carta CIE"))
+        .map(a=>a.href)[0];
+
+        if(idpAuthUrl) {
+          window.ReactNativeWebView.postMessage(idpAuthUrl);
+        }
+      }
+      if (document.readyState === 'complete') {
+        sendDocumentContent();
+      } else {
+        window.addEventListener('load', sendDocumentContent);
+      }
+    })();
+    true;
+  `;
+export type OnSuccess = (url: string) => void;
+export type OnError = (e: CieError) => void;
+export type OnCieEvent = (e: CieEvent) => void;
+export enum CieEvent {
+  "reading" = "reading",
+  "completed" = "completed",
+  "waiting_card" = "waiting_card",
+}
+
+type CIEParams = {
+  authUrl: string;
+  onSuccess: OnSuccess;
+  onError: OnError;
+  pin: string;
+  useUat: boolean;
+  redirectUrl: string;
+  onEvent: OnCieEvent;
+};
+
+/*
+ * To make sure the server recognizes the client as valid iPhone device (iOS only) we use a custom header
+ * on Android it is not required.
+ */
+const iOSUserAgent =
+  "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1";
+const defaultUserAgent = Platform.select({
+  ios: iOSUserAgent,
+  default: undefined,
+});
+
+const webView = createRef<WebView>();
+
+/**
+ * WebViewComponent
+ *
+ * Component that manages authentication via CIE L3 (NFC+PIN) based on WebView (react-native-webview).
+ * In particular, once rendered, it makes a series of calls to the authUrl in the WebView,
+ * extrapolates the authentication URL necessary for CieManager to sign via certificate
+ * and calls the CIE SDK which is responsible for starting card reading via NFC.
+ * At the end of the reading, a redirect is made in the WebView towards the page that asks
+ * the user for consent to send the data to the Service Provider. This moment can be captured
+ * via the onUserInteraction parameter. When the user allows or denies their consent,
+ * a redirect is made to the URL set by the Service Provider.
+ * This url can be configured using the redirectUrl parameter which allows you to close the WebView.
+ * The event can then be captured via the onSuccess parameter.
+ *
+ * @param {CIEParams} params - Parameters required by the component.
+ * @param {string} params.authUrl -The authentication URL of the Service Provider to which to authenticate.
+ * @param {boolean} params.useUat - If set to true it uses the CIE testing environment.
+ * @param {string} params.pin - CIE pin for use with NFC reading.
+ * @param {Function} params.onError - Callback function in case of error. The function is passed the Error parameter.
+ * @param {Function} params.onSuccess - Callback at the end of authentication to which the redirect URL including parameters is passed.
+ * @param {string} params.redirectUrl - Redirect URL set by the Service Provider. It is used to stop the flow and return to the calling function via onSuccess.
+ * @param {Function} params.onEvent - Callback function that is called whenever there is a new CieEvent from the CIE reader.
+ * @returns {JSX.Element} - The configured component with WebView.
+ */
+export const WebViewComponent = (params: CIEParams) => {
+  const [webViewUrl, setWebViewUrl] = React.useState(params.authUrl);
+  const [isCardReadingFinished, setCardReadingFinished] = React.useState(false);
+
+  /*
+   * Once the reading of the card with NFC is finished, it is necessary
+   * to change the URL of the WebView by redirecting to the URL returned by
+   * CieManager to allow the user to continue with the consent authorization
+   * */
+  const continueWithUrl: ContinueWithUrl = (callbackUrl: string) => {
+    setCardReadingFinished(true);
+    setWebViewUrl(callbackUrl);
+  };
+
+  // This function is called from the injected javascript code (postMessage). Which receives the authentication URL
+  const handleMessage = async (event: WebViewMessageEvent) => {
+    const cieAuthorizationUri = event.nativeEvent.data;
+    const startCie = Platform.select({
+      ios: startCieiOS,
+      default: startCieAndroid,
+    });
+    await startCie(
+      params.useUat,
+      params.pin,
+      params.onError,
+      params.onEvent,
+      cieAuthorizationUri,
+      continueWithUrl
+    );
+  };
+
+  //This function is called when authentication with CIE ends and the SP URL containing code and state is returned
+  const handleShouldStartLoading =
+    (onSuccess: OnSuccess, redirectUrl: string) =>
+    (event: WebViewNavigation): boolean => {
+      if (isCardReadingFinished && event.url.includes(redirectUrl)) {
+        onSuccess(event.url);
+        return false;
+      } else {
+        return true;
+      }
+    };
+
+  const handleOnLoadEnd =
+    (onError: OnError, onCieEvent: OnCieEvent) =>
+    (e: WebViewNavigationEvent | WebViewErrorEvent) => {
+      const eventTitle = e.nativeEvent.title.toLowerCase();
+      if (
+        eventTitle === "pagina web non disponibile" ||
+        // On Android, if we attempt to access the idp URL twice,
+        // we are presented with an error page titled "ERROR".
+        eventTitle === "errore"
+      ) {
+        handleOnError(onError)(new Error(eventTitle));
+      }
+
+      /* At the end of loading the page, if the card has already been read
+       * then the WebView has loaded the page to ask the user for consent,
+       * so send the completed event
+       * */
+      if (isCardReadingFinished) {
+        onCieEvent(CieEvent.completed);
+      }
+    };
+
+  const handleOnError =
+    (onError: OnError) =>
+    (e: WebViewErrorEvent | WebViewHttpErrorEvent | Error): void => {
+      const error = e as Error;
+      const webViewError = e as WebViewErrorEvent;
+      const webViewHttpError = e as WebViewHttpErrorEvent;
+      if (webViewHttpError.nativeEvent.statusCode) {
+        const { description, statusCode } = webViewHttpError.nativeEvent;
+        onError(
+          new CieError({
+            message: `WebView http error: ${description} with status code: ${statusCode}`,
+            type: CieErrorType.WEB_VIEW_ERROR,
+          })
+        );
+      } else if (webViewError.nativeEvent) {
+        const { code, description } = webViewError.nativeEvent;
+        onError(
+          new CieError({
+            message: `WebView error: ${description} with code: ${code}`,
+            type: CieErrorType.WEB_VIEW_ERROR,
+          })
+        );
+      } else if (error.message !== undefined) {
+        onError(
+          new CieError({
+            message: `${error.message}`,
+            type: CieErrorType.WEB_VIEW_ERROR,
+          })
+        );
+      } else {
+        onError(
+          new CieError({
+            message: "An error occurred in the WebView",
+            type: CieErrorType.WEB_VIEW_ERROR,
+          })
+        );
+      }
+    };
+
+  return (
+    <WebView
+      ref={webView}
+      userAgent={defaultUserAgent}
+      javaScriptEnabled={true}
+      source={{ uri: webViewUrl }}
+      onLoadEnd={handleOnLoadEnd(params.onError, params.onEvent)}
+      onError={handleOnError(params.onError)}
+      onHttpError={handleOnError(params.onError)}
+      injectedJavaScript={injectedJavaScript}
+      onShouldStartLoadWithRequest={handleShouldStartLoading(
+        params.onSuccess,
+        params.redirectUrl
+      )}
+      onMessage={handleMessage}
+    />
+  );
+};

package/src/cie/error.ts

@@ -0,0 +1,58 @@
+export enum CieErrorType {
+  GENERIC,
+  TAG_NOT_VALID,
+  WEB_VIEW_ERROR,
+  NFC_ERROR,
+  AUTHENTICATION_ERROR,
+  PIN_ERROR,
+  PIN_LOCKED,
+  CERTIFICATE_ERROR,
+}
+
+interface BaseCieError {
+  message: string;
+  type?: CieErrorType;
+}
+
+interface PinErrorOptions extends BaseCieError {
+  type: CieErrorType.PIN_ERROR;
+  attemptsLeft: number;
+}
+
+interface NonPinErrorOptions extends BaseCieError {
+  type?: Exclude<CieErrorType, CieErrorType.PIN_ERROR>;
+  attemptsLeft?: number;
+}
+
+type ErrorOptions = PinErrorOptions | NonPinErrorOptions;
+
+export class CieError extends Error {
+  public type: CieErrorType;
+  public attemptsLeft?: number;
+  constructor(options: ErrorOptions) {
+    super(options.message);
+
+    if (options.type) {
+      this.type = options.type;
+    } else {
+      this.type = CieErrorType.GENERIC;
+    }
+
+    if (this.type === CieErrorType.PIN_ERROR) {
+      this.attemptsLeft = options.attemptsLeft;
+    } else if (this.type === CieErrorType.PIN_LOCKED) {
+      this.attemptsLeft = 0;
+    }
+
+    this.name = this.constructor.name;
+  }
+
+  toString(): string {
+    return JSON.stringify({
+      name: this.name,
+      type: CieErrorType[this.type],
+      message: this.message,
+      attemptsLeft: this.attemptsLeft,
+    });
+  }
+}

package/src/cie/index.ts

@@ -0,0 +1,4 @@
+import { CieEvent, WebViewComponent } from "./component";
+import { CieError, CieErrorType } from "./error";
+
+export { WebViewComponent, CieError, CieErrorType, CieEvent };

package/src/cie/manager.ts

@@ -0,0 +1,183 @@
+import cieManager, { type Event as CEvent } from "@pagopa/react-native-cie";
+import { Platform } from "react-native";
+import { CieEvent, type OnCieEvent, type OnError } from "./component";
+import { CieError, CieErrorType } from "./error";
+
+const BASE_UAT_URL = "https://collaudo.idserver.servizicie.interno.gov.it/idp/";
+
+export type ContinueWithUrl = (callbackUrl: string) => void;
+
+export const startCieAndroid = (
+  useCieUat: boolean,
+  ciePin: string,
+  onError: OnError,
+  onEvent: OnCieEvent,
+  cieAuthorizationUri: string,
+  continueWithUrl: ContinueWithUrl
+) => {
+  try {
+    cieManager.removeAllListeners();
+    cieManager
+      .start()
+      .then(async () => {
+        cieManager.onEvent(handleCieEvent(onError, onEvent));
+        cieManager.onError((e: Error) => {
+          console.error(e);
+          return onError(new CieError({ message: e.message }));
+        });
+        cieManager.onSuccess(handleCieSuccess(continueWithUrl));
+        await cieManager.setPin(ciePin);
+        cieManager.setAuthenticationUrl(cieAuthorizationUri);
+        cieManager.enableLog(useCieUat);
+        cieManager.setCustomIdpUrl(useCieUat ? getCieUatEndpoint() : null);
+        await cieManager.startListeningNFC();
+        onEvent(CieEvent.waiting_card);
+      })
+      .catch(onError);
+  } catch {
+    onError(
+      new CieError({
+        message: "Unable to start CIE NFC manager on iOS",
+        type: CieErrorType.NFC_ERROR,
+      })
+    );
+  }
+};
+
+export const startCieiOS = async (
+  useCieUat: boolean,
+  ciePin: string,
+  onError: OnError,
+  onEvent: OnCieEvent,
+  cieAuthorizationUri: string,
+  continueWithUrl: ContinueWithUrl
+) => {
+  try {
+    cieManager.removeAllListeners();
+    cieManager.onEvent(handleCieEvent(onError, onEvent));
+    cieManager.onError((e: Error) =>
+      onError(new CieError({ message: e.message }))
+    );
+    cieManager.onSuccess(handleCieSuccess(continueWithUrl));
+    cieManager.enableLog(useCieUat);
+    cieManager.setCustomIdpUrl(useCieUat ? getCieUatEndpoint() : null);
+    await cieManager.setPin(ciePin);
+    cieManager.setAuthenticationUrl(cieAuthorizationUri);
+    cieManager
+      .start()
+      .then(async () => {
+        await cieManager.startListeningNFC();
+        onEvent(CieEvent.waiting_card);
+      })
+      .catch(onError);
+  } catch {
+    onError(
+      new CieError({
+        message: "Unable to start CIE NFC manager on Android",
+        type: CieErrorType.NFC_ERROR,
+      })
+    );
+  }
+};
+
+const handleCieEvent =
+  (onError: OnError, onEvent: OnCieEvent) => (event: CEvent) => {
+    switch (event.event) {
+      // Reading starts
+      case "ON_TAG_DISCOVERED":
+        onEvent(CieEvent.reading);
+        break;
+      // "Function not supported" seems to be TAG_ERROR_NFC_NOT_SUPPORTED
+      // for the iOS SDK
+      case "Function not supported" as unknown:
+      case "TAG_ERROR_NFC_NOT_SUPPORTED":
+      case "ON_TAG_DISCOVERED_NOT_CIE":
+        onError(
+          new CieError({
+            message: `Invalid CIE card:  ${event.event}`,
+            type: CieErrorType.TAG_NOT_VALID,
+          })
+        );
+        break;
+      case "AUTHENTICATION_ERROR":
+      case "ON_NO_INTERNET_CONNECTION":
+        onError(
+          new CieError({
+            message: `Authentication error or no internet connection`,
+            type: CieErrorType.AUTHENTICATION_ERROR,
+          })
+        );
+        break;
+      case "EXTENDED_APDU_NOT_SUPPORTED":
+        onError(
+          new CieError({
+            message: `APDU not supported`,
+            type: CieErrorType.NFC_ERROR,
+          })
+        );
+        break;
+      case "Transmission Error":
+      case "ON_TAG_LOST":
+        onError(
+          new CieError({
+            message: `Trasmission error`,
+            type: CieErrorType.NFC_ERROR,
+          })
+        );
+        break;
+
+      // The card is temporarily locked. Unlock is available by CieID app
+      case "PIN Locked":
+      case "ON_CARD_PIN_LOCKED":
+        onError(
+          new CieError({
+            message: `PIN locked`,
+            type: CieErrorType.PIN_LOCKED,
+          })
+        );
+        break;
+      case "ON_PIN_ERROR":
+        onError(
+          new CieError({
+            message: `PIN locked`,
+            type: CieErrorType.PIN_ERROR,
+            attemptsLeft: event.attemptsLeft,
+          })
+        );
+        break;
+
+      // CIE is Expired or Revoked
+      case "CERTIFICATE_EXPIRED":
+        onError(
+          new CieError({
+            message: `Certificate expired`,
+            type: CieErrorType.CERTIFICATE_ERROR,
+          })
+        );
+        break;
+      case "CERTIFICATE_REVOKED":
+        onError(
+          new CieError({
+            message: `Certificate revoked`,
+            type: CieErrorType.CERTIFICATE_ERROR,
+          })
+        );
+
+        break;
+
+      default:
+        break;
+    }
+  };
+
+const handleCieSuccess =
+  (continueWithUrl: ContinueWithUrl) => (url: string) => {
+    continueWithUrl(decodeURIComponent(url));
+  };
+
+const getCieUatEndpoint = () =>
+  Platform.select({
+    ios: `${BASE_UAT_URL}Authn/SSL/Login2`,
+    android: BASE_UAT_URL,
+    default: null,
+  });

package/src/client/index.ts

@@ -39,11 +39,14 @@ export const getWalletProviderClient = (context: {
       appFetch(url, {
         method,
         body: params ? JSON.stringify(params.body) : undefined,
+        headers: {
+          "Content-Type": "application/json",
+        },
       })
         .then(validateResponse)
         .then((res) => {
           const contentType = res.headers.get("content-type");
-          if (contentType === "application/json") {
+          if (contentType?.includes("application/json")) {
             return res.json();
           }
           return res.text();

package/src/credential/issuance/04-complete-user-authorization.ts

@@ -96,21 +96,24 @@ export const completeUserAuthorizationWithQueryMode: CompleteUserAuthorizationWi
         throw new AuthorizationError("Invalid authentication redirect url");
       }
     }
+    return parseAuthRedirectUrl(authRedirectUrl);
+  };
 
-    const urlParse = parseUrl(authRedirectUrl);
-    const authRes = AuthorizationResultShape.safeParse(urlParse.query);
-    if (!authRes.success) {
-      const authErr = AuthorizationErrorShape.safeParse(urlParse.query);
-      if (!authErr.success) {
-        throw new AuthorizationError(authRes.error.message); // an error occured while parsing the result and the error
-      }
-      throw new AuthorizationIdpError(
-        authErr.data.error,
-        authErr.data.error_description
-      );
+export const parseAuthRedirectUrl = (authRedirectUrl: string) => {
+  const urlParse = parseUrl(authRedirectUrl);
+  const authRes = AuthorizationResultShape.safeParse(urlParse.query);
+  if (!authRes.success) {
+    const authErr = AuthorizationErrorShape.safeParse(urlParse.query);
+    if (!authErr.success) {
+      throw new AuthorizationError(authRes.error.message); // an error occured while parsing the result and the error
     }
-    return authRes.data;
-  };
+    throw new AuthorizationIdpError(
+      authErr.data.error,
+      authErr.data.error_description
+    );
+  }
+  return authRes.data;
+};
 
 // TODO: SIW-1120 implement generic credential issuance flow
 export const completeUserAuthorizationWithFormPostJwtMode = () => {

package/src/credential/issuance/index.ts

@@ -9,6 +9,7 @@ import {
 } from "./03-start-user-authorization";
 import {
   completeUserAuthorizationWithQueryMode,
+  parseAuthRedirectUrl,
   type CompleteUserAuthorizationWithQueryMode,
 } from "./04-complete-user-authorization";
 import { authorizeAccess, type AuthorizeAccess } from "./05-authorize-access";
@@ -28,6 +29,7 @@ export {
   authorizeAccess,
   obtainCredential,
   verifyAndParseCredential,
+  parseAuthRedirectUrl,
 };
 export type {
   StartFlow,

package/src/index.ts

@@ -11,6 +11,7 @@ import * as Errors from "./utils/errors";
 import * as WalletInstanceAttestation from "./wallet-instance-attestation";
 import * as Trust from "./trust";
 import * as WalletInstance from "./wallet-instance";
+import * as Cie from "./cie";
 import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
 import { createCryptoContextFor } from "./utils/crypto";
 import type { IntegrityContext } from "./utils/integrity";
@@ -27,6 +28,7 @@ export {
   AuthorizationDetail,
   AuthorizationDetails,
   fixBase64EncodingOnKey,
+  Cie,
 };
 
 export type { IntegrityContext, AuthorizationContext };