@pagopa/io-react-native-wallet 0.13.1 → 0.15.0

package/lib/module/cie/index.js

@@ -0,0 +1,4 @@
+import { CieEvent, WebViewComponent } from "./component";
+import { CieError, CieErrorType } from "./error";
+export { WebViewComponent, CieError, CieErrorType, CieEvent };
+//# sourceMappingURL=index.js.map

package/lib/module/cie/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["CieEvent","WebViewComponent","CieError","CieErrorType"],"sourceRoot":"../../../src","sources":["cie/index.ts"],"mappings":"AAAA,SAASA,QAAQ,EAAEC,gBAAgB,QAAQ,aAAa;AACxD,SAASC,QAAQ,EAAEC,YAAY,QAAQ,SAAS;AAEhD,SAASF,gBAAgB,EAAEC,QAAQ,EAAEC,YAAY,EAAEH,QAAQ"}

package/lib/module/cie/manager.js

@@ -0,0 +1,133 @@
+import cieManager from "@pagopa/react-native-cie";
+import { Platform } from "react-native";
+import { CieEvent } from "./component";
+import { CieError, CieErrorType } from "./error";
+const BASE_UAT_URL = "https://collaudo.idserver.servizicie.interno.gov.it/idp/";
+export const startCieAndroid = (useCieUat, ciePin, onError, onEvent, cieAuthorizationUri, continueWithUrl) => {
+  try {
+    cieManager.removeAllListeners();
+    cieManager.start().then(async () => {
+      cieManager.onEvent(handleCieEvent(onError, onEvent));
+      cieManager.onError(e => {
+        console.error(e);
+        return onError(new CieError({
+          message: e.message
+        }));
+      });
+      cieManager.onSuccess(handleCieSuccess(continueWithUrl));
+      await cieManager.setPin(ciePin);
+      cieManager.setAuthenticationUrl(cieAuthorizationUri);
+      cieManager.enableLog(useCieUat);
+      cieManager.setCustomIdpUrl(useCieUat ? getCieUatEndpoint() : null);
+      await cieManager.startListeningNFC();
+      onEvent(CieEvent.waiting_card);
+    }).catch(onError);
+  } catch (e) {
+    onError(new CieError({
+      message: `Unable to start CIE NFC manager on Android: ${e}`,
+      type: CieErrorType.NFC_ERROR
+    }));
+  }
+};
+export const startCieiOS = async (useCieUat, ciePin, onError, onEvent, cieAuthorizationUri, continueWithUrl) => {
+  try {
+    cieManager.removeAllListeners();
+    cieManager.onEvent(handleCieEvent(onError, onEvent));
+    cieManager.onError(e => onError(new CieError({
+      message: e.message
+    })));
+    cieManager.onSuccess(handleCieSuccess(continueWithUrl));
+    cieManager.enableLog(useCieUat);
+    cieManager.setCustomIdpUrl(useCieUat ? getCieUatEndpoint() : null);
+    await cieManager.setPin(ciePin);
+    cieManager.setAuthenticationUrl(cieAuthorizationUri);
+    cieManager.start().then(async () => {
+      await cieManager.startListeningNFC();
+      onEvent(CieEvent.waiting_card);
+    }).catch(onError);
+  } catch (e) {
+    onError(new CieError({
+      message: `Unable to start CIE NFC manager on iOS: ${e}`,
+      type: CieErrorType.NFC_ERROR
+    }));
+  }
+};
+const handleCieEvent = (onError, onEvent) => event => {
+  switch (event.event) {
+    // Reading starts
+    case "ON_TAG_DISCOVERED":
+      onEvent(CieEvent.reading);
+      break;
+    // "Function not supported" seems to be TAG_ERROR_NFC_NOT_SUPPORTED
+    // for the iOS SDK
+    case "Function not supported":
+    case "TAG_ERROR_NFC_NOT_SUPPORTED":
+    case "ON_TAG_DISCOVERED_NOT_CIE":
+      onError(new CieError({
+        message: `Invalid CIE card:  ${event.event}`,
+        type: CieErrorType.TAG_NOT_VALID
+      }));
+      break;
+    case "AUTHENTICATION_ERROR":
+    case "ON_NO_INTERNET_CONNECTION":
+      onError(new CieError({
+        message: `Authentication error or no internet connection`,
+        type: CieErrorType.AUTHENTICATION_ERROR
+      }));
+      break;
+    case "EXTENDED_APDU_NOT_SUPPORTED":
+      onError(new CieError({
+        message: `APDU not supported`,
+        type: CieErrorType.NFC_ERROR
+      }));
+      break;
+    case "Transmission Error":
+    case "ON_TAG_LOST":
+      onError(new CieError({
+        message: `Trasmission error`,
+        type: CieErrorType.NFC_ERROR
+      }));
+      break;
+
+    // The card is temporarily locked. Unlock is available by CieID app
+    case "PIN Locked":
+    case "ON_CARD_PIN_LOCKED":
+      onError(new CieError({
+        message: `PIN locked`,
+        type: CieErrorType.PIN_LOCKED
+      }));
+      break;
+    case "ON_PIN_ERROR":
+      onError(new CieError({
+        message: `PIN locked`,
+        type: CieErrorType.PIN_ERROR,
+        attemptsLeft: event.attemptsLeft
+      }));
+      break;
+
+    // CIE is Expired or Revoked
+    case "CERTIFICATE_EXPIRED":
+      onError(new CieError({
+        message: `Certificate expired`,
+        type: CieErrorType.CERTIFICATE_ERROR
+      }));
+      break;
+    case "CERTIFICATE_REVOKED":
+      onError(new CieError({
+        message: `Certificate revoked`,
+        type: CieErrorType.CERTIFICATE_ERROR
+      }));
+      break;
+    default:
+      break;
+  }
+};
+const handleCieSuccess = continueWithUrl => url => {
+  continueWithUrl(decodeURIComponent(url));
+};
+const getCieUatEndpoint = () => Platform.select({
+  ios: `${BASE_UAT_URL}Authn/SSL/Login2`,
+  android: BASE_UAT_URL,
+  default: null
+});
+//# sourceMappingURL=manager.js.map

package/lib/module/cie/manager.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["cieManager","Platform","CieEvent","CieError","CieErrorType","BASE_UAT_URL","startCieAndroid","useCieUat","ciePin","onError","onEvent","cieAuthorizationUri","continueWithUrl","removeAllListeners","start","then","handleCieEvent","e","console","error","message","onSuccess","handleCieSuccess","setPin","setAuthenticationUrl","enableLog","setCustomIdpUrl","getCieUatEndpoint","startListeningNFC","waiting_card","catch","type","NFC_ERROR","startCieiOS","event","reading","TAG_NOT_VALID","AUTHENTICATION_ERROR","PIN_LOCKED","PIN_ERROR","attemptsLeft","CERTIFICATE_ERROR","url","decodeURIComponent","select","ios","android","default"],"sourceRoot":"../../../src","sources":["cie/manager.ts"],"mappings":"AAAA,OAAOA,UAAU,MAAgC,0BAA0B;AAC3E,SAASC,QAAQ,QAAQ,cAAc;AACvC,SAASC,QAAQ,QAAuC,aAAa;AACrE,SAASC,QAAQ,EAAEC,YAAY,QAAQ,SAAS;AAEhD,MAAMC,YAAY,GAAG,0DAA0D;AAI/E,OAAO,MAAMC,eAAe,GAAGA,CAC7BC,SAAkB,EAClBC,MAAc,EACdC,OAAgB,EAChBC,OAAmB,EACnBC,mBAA2B,EAC3BC,eAAgC,KAC7B;EACH,IAAI;IACFZ,UAAU,CAACa,kBAAkB,CAAC,CAAC;IAC/Bb,UAAU,CACPc,KAAK,CAAC,CAAC,CACPC,IAAI,CAAC,YAAY;MAChBf,UAAU,CAACU,OAAO,CAACM,cAAc,CAACP,OAAO,EAAEC,OAAO,CAAC,CAAC;MACpDV,UAAU,CAACS,OAAO,CAAEQ,CAAQ,IAAK;QAC/BC,OAAO,CAACC,KAAK,CAACF,CAAC,CAAC;QAChB,OAAOR,OAAO,CAAC,IAAIN,QAAQ,CAAC;UAAEiB,OAAO,EAAEH,CAAC,CAACG;QAAQ,CAAC,CAAC,CAAC;MACtD,CAAC,CAAC;MACFpB,UAAU,CAACqB,SAAS,CAACC,gBAAgB,CAACV,eAAe,CAAC,CAAC;MACvD,MAAMZ,UAAU,CAACuB,MAAM,CAACf,MAAM,CAAC;MAC/BR,UAAU,CAACwB,oBAAoB,CAACb,mBAAmB,CAAC;MACpDX,UAAU,CAACyB,SAAS,CAAClB,SAAS,CAAC;MAC/BP,UAAU,CAAC0B,eAAe,CAACnB,SAAS,GAAGoB,iBAAiB,CAAC,CAAC,GAAG,IAAI,CAAC;MAClE,MAAM3B,UAAU,CAAC4B,iBAAiB,CAAC,CAAC;MACpClB,OAAO,CAACR,QAAQ,CAAC2B,YAAY,CAAC;IAChC,CAAC,CAAC,CACDC,KAAK,CAACrB,OAAO,CAAC;EACnB,CAAC,CAAC,OAAOQ,CAAC,EAAE;IACVR,OAAO,CACL,IAAIN,QAAQ,CAAC;MACXiB,OAAO,EAAG,+CAA8CH,CAAE,EAAC;MAC3Dc,IAAI,EAAE3B,YAAY,CAAC4B;IACrB,CAAC,CACH,CAAC;EACH;AACF,CAAC;AAED,OAAO,MAAMC,WAAW,GAAG,MAAAA,CACzB1B,SAAkB,EAClBC,MAAc,EACdC,OAAgB,EAChBC,OAAmB,EACnBC,mBAA2B,EAC3BC,eAAgC,KAC7B;EACH,IAAI;IACFZ,UAAU,CAACa,kBAAkB,CAAC,CAAC;IAC/Bb,UAAU,CAACU,OAAO,CAACM,cAAc,CAACP,OAAO,EAAEC,OAAO,CAAC,CAAC;IACpDV,UAAU,CAACS,OAAO,CAAEQ,CAAQ,IAC1BR,OAAO,CAAC,IAAIN,QAAQ,CAAC;MAAEiB,OAAO,EAAEH,CAAC,CAACG;IAAQ,CAAC,CAAC,CAC9C,CAAC;IACDpB,UAAU,CAACqB,SAAS,CAACC,gBAAgB,CAACV,eAAe,CAAC,CAAC;IACvDZ,UAAU,CAACyB,SAAS,CAAClB,SAAS,CAAC;IAC/BP,UAAU,CAAC0B,eAAe,CAACnB,SAAS,GAAGoB,iBAAiB,CAAC,CAAC,GAAG,IAAI,CAAC;IAClE,MAAM3B,UAAU,CAACuB,MAAM,CAACf,MAAM,CAAC;IAC/BR,UAAU,CAACwB,oBAAoB,CAACb,mBAAmB,CAAC;IACpDX,UAAU,CACPc,KAAK,CAAC,CAAC,CACPC,IAAI,CAAC,YAAY;MAChB,MAAMf,UAAU,CAAC4B,iBAAiB,CAAC,CAAC;MACpClB,OAAO,CAACR,QAAQ,CAAC2B,YAAY,CAAC;IAChC,CAAC,CAAC,CACDC,KAAK,CAACrB,OAAO,CAAC;EACnB,CAAC,CAAC,OAAOQ,CAAC,EAAE;IACVR,OAAO,CACL,IAAIN,QAAQ,CAAC;MACXiB,OAAO,EAAG,2CAA0CH,CAAE,EAAC;MACvDc,IAAI,EAAE3B,YAAY,CAAC4B;IACrB,CAAC,CACH,CAAC;EACH;AACF,CAAC;AAED,MAAMhB,cAAc,GAClBA,CAACP,OAAgB,EAAEC,OAAmB,KAAMwB,KAAa,IAAK;EAC5D,QAAQA,KAAK,CAACA,KAAK;IACjB;IACA,KAAK,mBAAmB;MACtBxB,OAAO,CAACR,QAAQ,CAACiC,OAAO,CAAC;MACzB;IACF;IACA;IACA,KAAK,wBAAwB;IAC7B,KAAK,6BAA6B;IAClC,KAAK,2BAA2B;MAC9B1B,OAAO,CACL,IAAIN,QAAQ,CAAC;QACXiB,OAAO,EAAG,sBAAqBc,KAAK,CAACA,KAAM,EAAC;QAC5CH,IAAI,EAAE3B,YAAY,CAACgC;MACrB,CAAC,CACH,CAAC;MACD;IACF,KAAK,sBAAsB;IAC3B,KAAK,2BAA2B;MAC9B3B,OAAO,CACL,IAAIN,QAAQ,CAAC;QACXiB,OAAO,EAAG,gDAA+C;QACzDW,IAAI,EAAE3B,YAAY,CAACiC;MACrB,CAAC,CACH,CAAC;MACD;IACF,KAAK,6BAA6B;MAChC5B,OAAO,CACL,IAAIN,QAAQ,CAAC;QACXiB,OAAO,EAAG,oBAAmB;QAC7BW,IAAI,EAAE3B,YAAY,CAAC4B;MACrB,CAAC,CACH,CAAC;MACD;IACF,KAAK,oBAAoB;IACzB,KAAK,aAAa;MAChBvB,OAAO,CACL,IAAIN,QAAQ,CAAC;QACXiB,OAAO,EAAG,mBAAkB;QAC5BW,IAAI,EAAE3B,YAAY,CAAC4B;MACrB,CAAC,CACH,CAAC;MACD;;IAEF;IACA,KAAK,YAAY;IACjB,KAAK,oBAAoB;MACvBvB,OAAO,CACL,IAAIN,QAAQ,CAAC;QACXiB,OAAO,EAAG,YAAW;QACrBW,IAAI,EAAE3B,YAAY,CAACkC;MACrB,CAAC,CACH,CAAC;MACD;IACF,KAAK,cAAc;MACjB7B,OAAO,CACL,IAAIN,QAAQ,CAAC;QACXiB,OAAO,EAAG,YAAW;QACrBW,IAAI,EAAE3B,YAAY,CAACmC,SAAS;QAC5BC,YAAY,EAAEN,KAAK,CAACM;MACtB,CAAC,CACH,CAAC;MACD;;IAEF;IACA,KAAK,qBAAqB;MACxB/B,OAAO,CACL,IAAIN,QAAQ,CAAC;QACXiB,OAAO,EAAG,qBAAoB;QAC9BW,IAAI,EAAE3B,YAAY,CAACqC;MACrB,CAAC,CACH,CAAC;MACD;IACF,KAAK,qBAAqB;MACxBhC,OAAO,CACL,IAAIN,QAAQ,CAAC;QACXiB,OAAO,EAAG,qBAAoB;QAC9BW,IAAI,EAAE3B,YAAY,CAACqC;MACrB,CAAC,CACH,CAAC;MAED;IAEF;MACE;EACJ;AACF,CAAC;AAEH,MAAMnB,gBAAgB,GACnBV,eAAgC,IAAM8B,GAAW,IAAK;EACrD9B,eAAe,CAAC+B,kBAAkB,CAACD,GAAG,CAAC,CAAC;AAC1C,CAAC;AAEH,MAAMf,iBAAiB,GAAGA,CAAA,KACxB1B,QAAQ,CAAC2C,MAAM,CAAC;EACdC,GAAG,EAAG,GAAExC,YAAa,kBAAiB;EACtCyC,OAAO,EAAEzC,YAAY;EACrB0C,OAAO,EAAE;AACX,CAAC,CAAC"}

package/lib/module/client/index.js

@@ -21,10 +21,13 @@ export const getWalletProviderClient = context => {
   } = context;
   return createWalletProviderApiClient((method, url, params) => appFetch(url, {
     method,
-    body: params ? JSON.stringify(params.body) : undefined
+    body: params ? JSON.stringify(params.body) : undefined,
+    headers: {
+      "Content-Type": "application/json"
+    }
   }).then(validateResponse).then(res => {
     const contentType = res.headers.get("content-type");
-    if (contentType === "application/json") {
+    if (contentType !== null && contentType !== void 0 && contentType.includes("application/json")) {
       return res.json();
     }
     return res.text();

package/lib/module/client/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["WalletProviderResponseError","ProblemDetail","createApiClient","createWalletProviderApiClient","validateResponse","response","ok","problemDetail","parse","json","title","type","detail","status","getWalletProviderClient","context","walletProviderBaseUrl","appFetch","fetch","method","url","params","body","JSON","stringify","undefined","then","res","contentType","headers","get","text"],"sourceRoot":"../../../src","sources":["client/index.ts"],"mappings":"AAAA,SAASA,2BAA2B,QAAQ,iBAAiB;AAC7D,SACEC,aAAa,EACbC,eAAe,IAAIC,6BAA6B,QAC3C,6BAA6B;AAKpC,MAAMC,gBAAgB,GAAG,MAAOC,QAAkB,IAAK;EACrD,IAAI,CAACA,QAAQ,CAACC,EAAE,EAAE;IAChB,IAAIC,aAA4B,GAAG,CAAC,CAAC;IACrC,IAAI;MACFA,aAAa,GAAGN,aAAa,CAACO,KAAK,CAAC,MAAMH,QAAQ,CAACI,IAAI,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,MAAM;MACNF,aAAa,GAAG;QACdG,KAAK,EAAE;MACT,CAAC;IACH;IAEA,MAAM,IAAIV,2BAA2B,CACnCO,aAAa,CAACG,KAAK,IAAI,uCAAuC,EAC9DH,aAAa,CAACI,IAAI,EAClBJ,aAAa,CAACK,MAAM,EACpBP,QAAQ,CAACQ,MACX,CAAC;EACH;EACA,OAAOR,QAAQ;AACjB,CAAC;AAED,OAAO,MAAMS,uBAAuB,GAAIC,OAGvC,IAAK;EACJ,MAAM;IAAEC,qBAAqB;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAGH,OAAO;EAE3D,OAAOZ,6BAA6B,CAClC,CAACgB,MAAM,EAAEC,GAAG,EAAEC,MAAM,KAClBJ,QAAQ,CAACG,GAAG,EAAE;IACZD,MAAM;IACNG,IAAI,EAAED,MAAM,GAAGE,IAAI,CAACC,SAAS,CAACH,MAAM,CAACC,IAAI,CAAC,GAAGG;EAC/C,CAAC,CAAC,CACCC,IAAI,CAACtB,gBAAgB,CAAC,CACtBsB,IAAI,CAAEC,GAAG,IAAK;IACb,MAAMC,WAAW,GAAGD,GAAG,CAACE,OAAO,CAACC,GAAG,CAAC,cAAc,CAAC;IACnD,IAAIF,WAAW,KAAK,kBAAkB,EAAE;MACtC,OAAOD,GAAG,CAAClB,IAAI,CAAC,CAAC;IACnB;IACA,OAAOkB,GAAG,CAACI,IAAI,CAAC,CAAC;EACnB,CAAC,CAAC,EACNf,qBACF,CAAC;AACH,CAAC"}
+{"version":3,"names":["WalletProviderResponseError","ProblemDetail","createApiClient","createWalletProviderApiClient","validateResponse","response","ok","problemDetail","parse","json","title","type","detail","status","getWalletProviderClient","context","walletProviderBaseUrl","appFetch","fetch","method","url","params","body","JSON","stringify","undefined","headers","then","res","contentType","get","includes","text"],"sourceRoot":"../../../src","sources":["client/index.ts"],"mappings":"AAAA,SAASA,2BAA2B,QAAQ,iBAAiB;AAC7D,SACEC,aAAa,EACbC,eAAe,IAAIC,6BAA6B,QAC3C,6BAA6B;AAKpC,MAAMC,gBAAgB,GAAG,MAAOC,QAAkB,IAAK;EACrD,IAAI,CAACA,QAAQ,CAACC,EAAE,EAAE;IAChB,IAAIC,aAA4B,GAAG,CAAC,CAAC;IACrC,IAAI;MACFA,aAAa,GAAGN,aAAa,CAACO,KAAK,CAAC,MAAMH,QAAQ,CAACI,IAAI,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,MAAM;MACNF,aAAa,GAAG;QACdG,KAAK,EAAE;MACT,CAAC;IACH;IAEA,MAAM,IAAIV,2BAA2B,CACnCO,aAAa,CAACG,KAAK,IAAI,uCAAuC,EAC9DH,aAAa,CAACI,IAAI,EAClBJ,aAAa,CAACK,MAAM,EACpBP,QAAQ,CAACQ,MACX,CAAC;EACH;EACA,OAAOR,QAAQ;AACjB,CAAC;AAED,OAAO,MAAMS,uBAAuB,GAAIC,OAGvC,IAAK;EACJ,MAAM;IAAEC,qBAAqB;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAGH,OAAO;EAE3D,OAAOZ,6BAA6B,CAClC,CAACgB,MAAM,EAAEC,GAAG,EAAEC,MAAM,KAClBJ,QAAQ,CAACG,GAAG,EAAE;IACZD,MAAM;IACNG,IAAI,EAAED,MAAM,GAAGE,IAAI,CAACC,SAAS,CAACH,MAAM,CAACC,IAAI,CAAC,GAAGG,SAAS;IACtDC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB;EACF,CAAC,CAAC,CACCC,IAAI,CAACvB,gBAAgB,CAAC,CACtBuB,IAAI,CAAEC,GAAG,IAAK;IACb,MAAMC,WAAW,GAAGD,GAAG,CAACF,OAAO,CAACI,GAAG,CAAC,cAAc,CAAC;IACnD,IAAID,WAAW,aAAXA,WAAW,eAAXA,WAAW,CAAEE,QAAQ,CAAC,kBAAkB,CAAC,EAAE;MAC7C,OAAOH,GAAG,CAACnB,IAAI,CAAC,CAAC;IACnB;IACA,OAAOmB,GAAG,CAACI,IAAI,CAAC,CAAC;EACnB,CAAC,CAAC,EACNhB,qBACF,CAAC;AACH,CAAC"}

package/lib/module/credential/issuance/04-complete-user-authorization.js

@@ -1,8 +1,13 @@
 import { AuthorizationErrorShape, AuthorizationResultShape } from "../../utils/auth";
-import { until } from "../../utils/misc";
+import { hasStatus, until } from "../../utils/misc";
 import parseUrl from "parse-url";
-import { AuthorizationError, AuthorizationIdpError } from "../../utils/errors";
+import { AuthorizationError, AuthorizationIdpError, ValidationFailed } from "../../utils/errors";
 import { Linking } from "react-native";
+import { decode, encodeBase64, SignJWT } from "@pagopa/io-react-native-jwt";
+import { RequestObject } from "../presentation/types";
+import uuid from "react-native-uuid";
+import { ResponseUriResultShape } from "./types";
+import { getJwtFromFormPost } from "../../../src/utils/decoder";
 
 /**
  * The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
@@ -26,11 +31,6 @@ import { Linking } from "react-native";
  * @returns the authorization response which contains code, state and iss
  */
 export const completeUserAuthorizationWithQueryMode = async (issuerRequestUri, clientId, issuerConf, idpHint, redirectUri, authorizationContext) => {
-  /**
-   * Starts the authorization flow which dependes on the response mode and the request credential.
-   * If the response mode is "query" the authorization flow is handled differently via the authorization context which opens an in-app browser capable of catching the redirectSchema.
-   * The form_post.jwt mode is not currently supported.
-   */
   const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
   const params = new URLSearchParams({
     client_id: clientId,
@@ -66,21 +66,144 @@ export const completeUserAuthorizationWithQueryMode = async (issuerRequestUri, c
       throw new AuthorizationError("Invalid authentication redirect url");
     }
   }
-  const urlParse = parseUrl(authRedirectUrl);
-  const authRes = AuthorizationResultShape.safeParse(urlParse.query);
-  if (!authRes.success) {
-    const authErr = AuthorizationErrorShape.safeParse(urlParse.query);
+  const query = parseUrl(authRedirectUrl).query;
+  return parseAuthroizationResponse(query);
+};
+
+/**
+ * WARNING: This function must be called after {@link startUserAuthorization}. The next function to be called is {@link completeUserAuthorizationWithFormPostJwtMode}.
+ * The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
+ * It is used as a first step to complete the user authorization by obtaining the requested credential to be presented from the authorization server.
+ * The information is obtained by performing a GET request to the authorization endpoint with request_uri and client_id parameters.
+ * @param issuerRequestUri the URI of the issuer where the request is sent
+ * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
+ * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @throws {ValidationFailed} if an error while validating the response
+ * @returns the request object which contains the credential to be presented in order to obtain the requested credential
+ */
+export const getRequestedCredentialToBePresented = async function (issuerRequestUri, clientId, issuerConf) {
+  let appFetch = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : fetch;
+  const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
+  const params = new URLSearchParams({
+    client_id: clientId,
+    request_uri: issuerRequestUri
+  });
+  const requestObject = await appFetch(`${authzRequestEndpoint}?${params.toString()}`, {
+    method: "GET"
+  }).then(hasStatus(200)).then(res => res.text()).then(jws => decode(jws)).then(reqObj => RequestObject.safeParse(reqObj.payload));
+  if (!requestObject.success) {
+    throw new ValidationFailed("Request Object validation failed", requestObject.error.message);
+  }
+  return requestObject.data;
+};
+
+/**
+ * WARNING: This function must be called after {@link startUserAuthorization}. The next function to be called is {@link completeUserAuthorizationWithFormPostJwtMode}.
+ * The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
+ * It is used as a first step to complete the user authorization by obtaining the requested credential to be presented from the authorization server.
+ * The information is obtained by performing a GET request to the authorization endpoint with request_uri and client_id parameters.
+ * @param issuerRequestUri the URI of the issuer where the request is sent
+ * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
+ * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param context.walletInstanceAccestation the Wallet Instance's attestation to be presented
+ * @param context.pid the PID to be presented
+ * @param context.wiaCryptoContext The Wallet Instance's crypto context associated with the walletInstanceAttestation parameter
+ * @param context.pidCryptoContext The PID crypto context associated with the pid parameter
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @throws {ValidationFailed} if an error while validating the response
+ * @returns the authorization response which contains code, state and iss
+ */
+export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, ctx) => {
+  const {
+    wiaCryptoContext,
+    pidCryptoContext,
+    pid,
+    walletInstanceAttestation,
+    appFetch = fetch
+  } = ctx;
+  const wiaWpToken = await new SignJWT(wiaCryptoContext).setProtectedHeader({
+    alg: "ES256",
+    typ: "JWT"
+  }).setPayload({
+    vp: walletInstanceAttestation,
+    jti: uuid.v4().toString(),
+    nonce: requestObject.nonce
+  }).setIssuedAt().setExpirationTime("5m").setAudience(requestObject.response_uri).sign();
+  const pidWpToken = await new SignJWT(pidCryptoContext).setProtectedHeader({
+    alg: "ES256",
+    typ: "JWT"
+  }).setPayload({
+    vp: pid,
+    jti: uuid.v4().toString(),
+    nonce: requestObject.nonce
+  }).setIssuedAt().setExpirationTime("5m").setAudience(requestObject.response_uri).sign();
+
+  /* The path parameter refers to the vp_token variable of the authzResponsePayload and must point to the plain credential which
+   * is cointaned in the `vp` property of the signed jwt token payload
+   */
+  const presentationSubmission = {
+    definition_id: `${uuid.v4()}`,
+    id: `${uuid.v4()}`,
+    descriptor_map: [{
+      id: "PersonIdentificationData",
+      path: "$.vp_token[0].vp",
+      format: "vc+sd-jwt"
+    }, {
+      id: "WalletAttestation",
+      path: "$.vp_token[1].vp",
+      format: "jwt"
+    }]
+  };
+  const authzResponsePayload = encodeBase64(JSON.stringify({
+    state: requestObject.state,
+    presentation_submission: presentationSubmission,
+    vp_token: [pidWpToken, wiaWpToken]
+  }));
+
+  // Note: according to the spec, the response should be encrypted with the public key of the RP however this is not implemented yet
+  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-response
+  // const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
+  // const encrypted = await new EncryptJwe(authzResponsePayload, {
+  //   alg: "RSA-OAEP-256",
+  //   enc: "A256CBC-HS512",
+  //   kid: rsaPublicJwk.kid,
+  // }).encrypt(rsaPublicJwk);
+
+  const body = new URLSearchParams({
+    response: authzResponsePayload
+  }).toString();
+  const resUriRes = await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body
+  }).then(hasStatus(200)).then(reqUri => reqUri.json());
+  const responseUri = ResponseUriResultShape.safeParse(resUriRes);
+  if (!responseUri.success) {
+    throw new ValidationFailed("Response Uri validation failed", responseUri.error.message);
+  }
+  return await appFetch(responseUri.data.redirect_uri).then(hasStatus(200)).then(res => res.text()).then(getJwtFromFormPost).then(cbRes => parseAuthroizationResponse(cbRes.decodedJwt.payload));
+};
+
+/**
+ * Parse the authorization response and return the result which contains code, state and iss.
+ * @throws {AuthorizationError} if an error occurs during the parsing process
+ * @throws {AuthorizationIdpError} if an error occurs during the parsing process and the error is related to the IDP
+ * @param authRes the authorization response to be parsed
+ * @returns the authorization result which contains code, state and iss
+ */
+export const parseAuthroizationResponse = authRes => {
+  const authResParsed = AuthorizationResultShape.safeParse(authRes);
+  if (!authResParsed.success) {
+    const authErr = AuthorizationErrorShape.safeParse(authRes);
     if (!authErr.success) {
-      throw new AuthorizationError(authRes.error.message); // an error occured while parsing the result and the error
+      throw new AuthorizationError(authResParsed.error.message); // an error occured while parsing the result and the error
     }
 
     throw new AuthorizationIdpError(authErr.data.error, authErr.data.error_description);
   }
-  return authRes.data;
-};
-
-// TODO: SIW-1120 implement generic credential issuance flow
-export const completeUserAuthorizationWithFormPostJwtMode = () => {
-  throw new Error("Not implemented");
+  return authResParsed.data;
 };
 //# sourceMappingURL=04-complete-user-authorization.js.map

package/lib/module/credential/issuance/04-complete-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","until","parseUrl","AuthorizationError","AuthorizationIdpError","Linking","completeUserAuthorizationWithQueryMode","issuerRequestUri","clientId","issuerConf","idpHint","redirectUri","authorizationContext","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","idphint","authUrl","authRedirectUrl","redirectSchema","URL","protocol","replace","authorize","catch","e","message","addEventListener","_ref","url","includes","openAuthUrlInBrowser","openURL","unitAuthRedirectIsNotUndefined","undefined","Promise","all","urlParse","authRes","safeParse","query","success","authErr","error","data","error_description","completeUserAuthorizationWithFormPostJwtMode","Error"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAGnB,kBAAkB;AACzB,SAASC,KAAK,QAAkB,kBAAkB;AAElD,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,oBAAoB;AAE9E,SAASC,OAAO,QAAQ,cAAc;;AAEtC;AACA;AACA;;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAAA,CACEC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,EACPC,WAAW,EACXC,oBAAoB,KACjB;EACH;AACJ;AACA;AACA;AACA;EACI,MAAMC,oBAAoB,GACxBJ,UAAU,CAACK,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEV,QAAQ;IACnBW,WAAW,EAAEZ,gBAAgB;IAC7Ba,OAAO,EAAEV;EACX,CAAC,CAAC;EACF,MAAMW,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EACnD,IAAIM,eAAmC;EAEvC,IAAIV,oBAAoB,EAAE;IACxB,MAAMW,cAAc,GAAG,IAAIC,GAAG,CAACb,WAAW,CAAC,CAACc,QAAQ,CAACC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;IACrEJ,eAAe,GAAG,MAAMV,oBAAoB,CACzCe,SAAS,CAACN,OAAO,EAAEE,cAAc,CAAC,CAClCK,KAAK,CAAEC,CAAC,IAAK;MACZ,MAAM,IAAI1B,kBAAkB,CAAC0B,CAAC,CAACC,OAAO,CAAC;IACzC,CAAC,CAAC;EACN,CAAC,MAAM;IACL;IACAzB,OAAO,CAAC0B,gBAAgB,CAAC,KAAK,EAAEC,IAAA,IAAa;MAAA,IAAZ;QAAEC;MAAI,CAAC,GAAAD,IAAA;MACtC,IAAIC,GAAG,CAACC,QAAQ,CAACvB,WAAW,CAAC,EAAE;QAC7BW,eAAe,GAAGW,GAAG;MACvB;IACF,CAAC,CAAC;IAEF,MAAME,oBAAoB,GAAG9B,OAAO,CAAC+B,OAAO,CAACf,OAAO,CAAC;;IAErD;AACN;AACA;AACA;IACM,MAAMgB,8BAA8B,GAAGpC,KAAK,CAC1C,MAAMqB,eAAe,KAAKgB,SAAS,EACnC,GACF,CAAC;IAED,MAAMC,OAAO,CAACC,GAAG,CAAC,CAACL,oBAAoB,EAAEE,8BAA8B,CAAC,CAAC;IAEzE,IAAIf,eAAe,KAAKgB,SAAS,EAAE;MACjC,MAAM,IAAInC,kBAAkB,CAAC,qCAAqC,CAAC;IACrE;EACF;EAEA,MAAMsC,QAAQ,GAAGvC,QAAQ,CAACoB,eAAe,CAAC;EAC1C,MAAMoB,OAAO,GAAG1C,wBAAwB,CAAC2C,SAAS,CAACF,QAAQ,CAACG,KAAK,CAAC;EAClE,IAAI,CAACF,OAAO,CAACG,OAAO,EAAE;IACpB,MAAMC,OAAO,GAAG/C,uBAAuB,CAAC4C,SAAS,CAACF,QAAQ,CAACG,KAAK,CAAC;IACjE,IAAI,CAACE,OAAO,CAACD,OAAO,EAAE;MACpB,MAAM,IAAI1C,kBAAkB,CAACuC,OAAO,CAACK,KAAK,CAACjB,OAAO,CAAC,CAAC,CAAC;IACvD;;IACA,MAAM,IAAI1B,qBAAqB,CAC7B0C,OAAO,CAACE,IAAI,CAACD,KAAK,EAClBD,OAAO,CAACE,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOP,OAAO,CAACM,IAAI;AACrB,CAAC;;AAEH;AACA,OAAO,MAAME,4CAA4C,GAAGA,CAAA,KAAM;EAChE,MAAM,IAAIC,KAAK,CAAC,iBAAiB,CAAC;AACpC,CAAC"}
+{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","hasStatus","until","parseUrl","AuthorizationError","AuthorizationIdpError","ValidationFailed","Linking","decode","encodeBase64","SignJWT","RequestObject","uuid","ResponseUriResultShape","getJwtFromFormPost","completeUserAuthorizationWithQueryMode","issuerRequestUri","clientId","issuerConf","idpHint","redirectUri","authorizationContext","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","idphint","authUrl","authRedirectUrl","redirectSchema","URL","protocol","replace","authorize","catch","e","message","addEventListener","_ref","url","includes","openAuthUrlInBrowser","openURL","unitAuthRedirectIsNotUndefined","undefined","Promise","all","query","parseAuthroizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","fetch","requestObject","toString","method","then","res","text","jws","reqObj","safeParse","payload","success","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","setProtectedHeader","alg","typ","setPayload","vp","jti","v4","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","authResParsed","authErr","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAGnB,kBAAkB;AACzB,SAASC,SAAS,EAAEC,KAAK,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SACEC,kBAAkB,EAClBC,qBAAqB,EACrBC,gBAAgB,QACX,oBAAoB;AAE3B,SAASC,OAAO,QAAQ,cAAc;AACtC,SACEC,MAAM,EACNC,YAAY,EACZC,OAAO,QAEF,6BAA6B;AACpC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,4BAA4B;;AAE/D;AACA;AACA;;AA4BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAAA,CACEC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,EACPC,WAAW,EACXC,oBAAoB,KACjB;EACH,MAAMC,oBAAoB,GACxBJ,UAAU,CAACK,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEV,QAAQ;IACnBW,WAAW,EAAEZ,gBAAgB;IAC7Ba,OAAO,EAAEV;EACX,CAAC,CAAC;EACF,MAAMW,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EACnD,IAAIM,eAAmC;EAEvC,IAAIV,oBAAoB,EAAE;IACxB,MAAMW,cAAc,GAAG,IAAIC,GAAG,CAACb,WAAW,CAAC,CAACc,QAAQ,CAACC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;IACrEJ,eAAe,GAAG,MAAMV,oBAAoB,CACzCe,SAAS,CAACN,OAAO,EAAEE,cAAc,CAAC,CAClCK,KAAK,CAAEC,CAAC,IAAK;MACZ,MAAM,IAAIlC,kBAAkB,CAACkC,CAAC,CAACC,OAAO,CAAC;IACzC,CAAC,CAAC;EACN,CAAC,MAAM;IACL;IACAhC,OAAO,CAACiC,gBAAgB,CAAC,KAAK,EAAEC,IAAA,IAAa;MAAA,IAAZ;QAAEC;MAAI,CAAC,GAAAD,IAAA;MACtC,IAAIC,GAAG,CAACC,QAAQ,CAACvB,WAAW,CAAC,EAAE;QAC7BW,eAAe,GAAGW,GAAG;MACvB;IACF,CAAC,CAAC;IAEF,MAAME,oBAAoB,GAAGrC,OAAO,CAACsC,OAAO,CAACf,OAAO,CAAC;;IAErD;AACN;AACA;AACA;IACM,MAAMgB,8BAA8B,GAAG5C,KAAK,CAC1C,MAAM6B,eAAe,KAAKgB,SAAS,EACnC,GACF,CAAC;IAED,MAAMC,OAAO,CAACC,GAAG,CAAC,CAACL,oBAAoB,EAAEE,8BAA8B,CAAC,CAAC;IAEzE,IAAIf,eAAe,KAAKgB,SAAS,EAAE;MACjC,MAAM,IAAI3C,kBAAkB,CAAC,qCAAqC,CAAC;IACrE;EACF;EAEA,MAAM8C,KAAK,GAAG/C,QAAQ,CAAC4B,eAAe,CAAC,CAACmB,KAAK;EAC7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,mCAAwE,GACnF,eAAAA,CAAOpC,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBmC,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAP,SAAA,GAAAO,SAAA,MAAGE,KAAK;EAC7D,MAAMlC,oBAAoB,GACxBJ,UAAU,CAACK,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEV,QAAQ;IACnBW,WAAW,EAAEZ;EACf,CAAC,CAAC;EAEF,MAAMyC,aAAa,GAAG,MAAMJ,QAAQ,CACjC,GAAE/B,oBAAqB,IAAGG,MAAM,CAACiC,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC3D,SAAS,CAAC,GAAG,CAAC,CAAC,CACpB2D,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKvD,MAAM,CAACuD,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKrD,aAAa,CAACsD,SAAS,CAACD,MAAM,CAACE,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACT,aAAa,CAACU,OAAO,EAAE;IAC1B,MAAM,IAAI7D,gBAAgB,CACxB,kCAAkC,EAClCmD,aAAa,CAACW,KAAK,CAAC7B,OACtB,CAAC;EACH;EACA,OAAOkB,aAAa,CAACY,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,4CAA0F,GACrG,MAAAA,CAAOb,aAAa,EAAEc,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzBtB,QAAQ,GAAGG;EACb,CAAC,GAAGe,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAIlE,OAAO,CAAC8D,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEN,yBAAyB;IAC7BO,GAAG,EAAEtE,IAAI,CAACuE,EAAE,CAAC,CAAC,CAACzB,QAAQ,CAAC,CAAC;IACzB0B,KAAK,EAAE3B,aAAa,CAAC2B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAC9B,aAAa,CAAC+B,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAIhF,OAAO,CAAC+D,gBAAgB,CAAC,CACnDI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,GAAG;IACPQ,GAAG,EAAEtE,IAAI,CAACuE,EAAE,CAAC,CAAC,CAACzB,QAAQ,CAAC,CAAC;IACzB0B,KAAK,EAAE3B,aAAa,CAAC2B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAC9B,aAAa,CAAC+B,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAEhF,IAAI,CAACuE,EAAE,CAAC,CAAE,EAAC;IAC7BU,EAAE,EAAG,GAAEjF,IAAI,CAACuE,EAAE,CAAC,CAAE,EAAC;IAClBW,cAAc,EAAE,CACd;MACED,EAAE,EAAE,0BAA0B;MAC9BE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAGxF,YAAY,CACvCyF,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAE3C,aAAa,CAAC2C,KAAK;IAC1BC,uBAAuB,EAAEV,sBAAsB;IAC/CW,QAAQ,EAAE,CAACZ,UAAU,EAAEd,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM2B,IAAI,GAAG,IAAI7E,eAAe,CAAC;IAC/B8E,QAAQ,EAAEP;EACZ,CAAC,CAAC,CAACvC,QAAQ,CAAC,CAAC;EACb,MAAM+C,SAAS,GAAG,MAAMpD,QAAQ,CAACI,aAAa,CAAC+B,YAAY,EAAE;IAC3D7B,MAAM,EAAE,MAAM;IACd+C,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC3C,IAAI,CAAC3D,SAAS,CAAC,GAAG,CAAC,CAAC,CACpB2D,IAAI,CAAE+C,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGhG,sBAAsB,CAACoD,SAAS,CAACwC,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC1C,OAAO,EAAE;IACxB,MAAM,IAAI7D,gBAAgB,CACxB,gCAAgC,EAChCuG,WAAW,CAACzC,KAAK,CAAC7B,OACpB,CAAC;EACH;EAEA,OAAO,MAAMc,QAAQ,CAACwD,WAAW,CAACxC,IAAI,CAACyC,YAAY,CAAC,CACjDlD,IAAI,CAAC3D,SAAS,CAAC,GAAG,CAAC,CAAC,CACpB2D,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC9C,kBAAkB,CAAC,CACxB8C,IAAI,CAAEmD,KAAK,IAAK5D,0BAA0B,CAAC4D,KAAK,CAACC,UAAU,CAAC9C,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMf,0BAA0B,GACrC8D,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGlH,wBAAwB,CAACiE,SAAS,CAACgD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAAC/C,OAAO,EAAE;IAC1B,MAAMgD,OAAO,GAAGpH,uBAAuB,CAACkE,SAAS,CAACgD,OAAO,CAAC;IAC1D,IAAI,CAACE,OAAO,CAAChD,OAAO,EAAE;MACpB,MAAM,IAAI/D,kBAAkB,CAAC8G,aAAa,CAAC9C,KAAK,CAAC7B,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAIlC,qBAAqB,CAC7B8G,OAAO,CAAC9C,IAAI,CAACD,KAAK,EAClB+C,OAAO,CAAC9C,IAAI,CAAC+C,iBACf,CAAC;EACH;EACA,OAAOF,aAAa,CAAC7C,IAAI;AAC3B,CAAC"}

package/lib/module/credential/issuance/07-verify-and-parse-credential.js

@@ -6,11 +6,12 @@ import { verify as verifySdJwt } from "../../sd-jwt";
 
 // handy alias
 
-const parseCredentialSdJwt = (credentials_supported, _ref) => {
+const parseCredentialSdJwt = function (credentials_supported, _ref) {
   let {
     sdJwt,
     disclosures
   } = _ref;
+  let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
   const credentialSubject = credentials_supported[sdJwt.payload.vct];
   if (!credentialSubject) {
     throw new IoWalletError("Credential type not supported by the issuer");
@@ -20,6 +21,10 @@ const parseCredentialSdJwt = (credentials_supported, _ref) => {
   }
 
   // transfrom a record { key: value } in an iterable of pairs [key, value]
+  if (!credentialSubject.claims) {
+    throw new IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
+  }
+
   const attrDefinitions = Object.entries(credentialSubject.claims);
 
   // the key of the attribute defintion must match the disclosure's name
@@ -33,7 +38,9 @@ const parseCredentialSdJwt = (credentials_supported, _ref) => {
   if (attrsNotInDisclosures.length > 0) {
     const missing = attrsNotInDisclosures.map(_ => _[0 /* key */]).join(", ");
     const received = disclosures.map(_ => _[1 /* name */]).join(", ");
-    throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
+    if (!ignoreMissingAttributes) {
+      throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
+    }
   }
 
   // attributes that are defined in the issuer configuration
@@ -117,10 +124,11 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
 
 const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) => {
   let {
-    credentialCryptoContext
+    credentialCryptoContext,
+    ignoreMissingAttributes
   } = _ref8;
   const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
-  const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credential_configurations_supported, decoded);
+  const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credential_configurations_supported, decoded, ignoreMissingAttributes);
   return {
     parsedCredential
   };

package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","credentialSubject","payload","vct","format","header","typ","attrDefinitions","Object","entries","claims","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","length","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","credential_configurations_supported","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAEA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;;AAcpD;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAGA,CAE3BC,qBAAgI,EAAAC,IAAA,KAE3G;EAAA,IADrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAE9C,MAAMG,iBAAiB,GAAGJ,qBAAqB,CAACE,KAAK,CAACG,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtB,MAAM,IAAIT,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIS,iBAAiB,CAACG,MAAM,KAAKL,KAAK,CAACM,MAAM,CAACC,GAAG,EAAE;IACjD,MAAM,IAAId,aAAa,CACpB,gEAA+DS,iBAAiB,CAACG,MAAO,gBAAeL,KAAK,CAACM,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,MAAMC,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACR,iBAAiB,CAACS,MAAM,CAAC;;EAEhE;EACA,MAAMC,qBAAqB,GAAGJ,eAAe,CAACK,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAACb,WAAW,CAACe,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACO,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMC,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAGvB,WAAW,CAACoB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,MAAM,IAAI9B,aAAa,CACpB,4DAA2D2B,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;EACH;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGhB,MAAM,CAACiB,WAAW,CACtClB;EACE;EAAA,CACCa,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACb,OAAO,EAAEc,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEZ,OAAO,EACP;MACE,GAAGc,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAE3B,WAAW,CAAC8B,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKP,OAC7B,CAAC,cAAAa,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAACjB,OAAO,EAAE;MAAEkB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEjB,OAAO,EACP;MACE,GAAGc,UAAU;MACbX,IAAI,EAAEe,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEnB;QAAK,CAAC,GAAAkB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGnB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;;EAED;EACA;EACA,MAAMoB,eAAe,GAAG7B,MAAM,CAACiB,WAAW,CACxCzB,WAAW,CACRY,MAAM,CAAES,CAAC,IAAK,CAACb,MAAM,CAAC8B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEZ,KAAK;MAAEZ,IAAI,EAAEwB;IAAI,CAAC,CAAC;EAAA,EACxD,CAAC;EAED,OAAO;IACL,GAAGjB,aAAa;IAChB,GAAGa;EACL,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeK,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChBtD,WAAW,CAACgD,aAAa,EAAEC,UAAU,EAAEnD,QAAQ,CAAC,EAChDoD,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAAC/C,KAAK,CAACG,OAAO;EAE/C,IAAI,CAACiD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAI7D,aAAa,CACpB,kDAAiDuD,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAAC/C,KAAK,CAACG,OAAO,CAACiD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVnC,CAAC,EAAAoC,KAAA,KAEE;EAAA,IADH;IAAEC;EAAwB,CAAC,GAAAD,KAAA;EAE3B,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACvB,IAAI,EAC7CoB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAGlE,oBAAoB,CAC3C2D,UAAU,CAACK,wBAAwB,CAACG,mCAAmC,EACvEJ,OACF,CAAC;EAED,OAAO;IAAEG;EAAiB,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,wBAAkD,GAAG,MAAAA,CAChET,UAAU,EACVC,UAAU,EACVpD,MAAM,EACN6D,OAAO,KACJ;EACH,IAAI7D,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOkD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVpD,MAAM,EACN6D,OACF,CAAC;EACH;EAEA,MAAM,IAAIzE,aAAa,CAAE,kCAAiCY,MAAO,EAAC,CAAC;AACrE,CAAC"}
+{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","payload","vct","format","header","typ","claims","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","credential_configurations_supported","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAEA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;;AAepD;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAgI,EAAAC,IAAA,EAG3G;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC,MAAMG,iBAAiB,GAAGR,qBAAqB,CAACE,KAAK,CAACO,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtB,MAAM,IAAIb,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIa,iBAAiB,CAACG,MAAM,KAAKT,KAAK,CAACU,MAAM,CAACC,GAAG,EAAE;IACjD,MAAM,IAAIlB,aAAa,CACpB,gEAA+Da,iBAAiB,CAACG,MAAO,gBAAeT,KAAK,CAACU,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,IAAI,CAACL,iBAAiB,CAACM,MAAM,EAAE;IAC7B,MAAM,IAAInB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAMoB,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACT,iBAAiB,CAACM,MAAM,CAAC;;EAEhE;EACA,MAAMI,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAACjB,WAAW,CAACmB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACZ,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMmB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAG1B,WAAW,CAACuB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAACxB,uBAAuB,EAAE;MAC5B,MAAM,IAAIT,aAAa,CACpB,4DAA2D8B,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd,MAAM,CAACe,WAAW,CACtChB;EACE;EAAA,CACCW,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACZ,OAAO,EAAEa,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEX,OAAO,EACP;MACE,GAAGa,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAE9B,WAAW,CAACiC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKN,OAC7B,CAAC,cAAAY,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAAChB,OAAO,EAAE;MAAEiB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEhB,OAAO,EACP;MACE,GAAGa,UAAU;MACbV,IAAI,EAAEc,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAElB;QAAK,CAAC,GAAAiB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGlB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;;EAED;EACA;EACA,MAAMmB,eAAe,GAAG3B,MAAM,CAACe,WAAW,CACxC5B,WAAW,CACRgB,MAAM,CAAEQ,CAAC,IAAK,CAACX,MAAM,CAAC4B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEZ,KAAK;MAAEX,IAAI,EAAEuB;IAAI,CAAC,CAAC;EAAA,EACxD,CAAC;EAED,OAAO;IACL,GAAGjB,aAAa;IAChB,GAAGa;EACL,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeK,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChBzD,WAAW,CAACmD,aAAa,EAAEC,UAAU,EAAEtD,QAAQ,CAAC,EAChDuD,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAAClD,KAAK,CAACO,OAAO;EAE/C,IAAI,CAACgD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAIhE,aAAa,CACpB,kDAAiD0D,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAAClD,KAAK,CAACO,OAAO,CAACgD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVnC,CAAC,EAAAoC,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAE5D;EAAwB,CAAC,GAAA2D,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACvB,IAAI,EAC7CoB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAGrE,oBAAoB,CAC3C8D,UAAU,CAACK,wBAAwB,CAACG,mCAAmC,EACvEJ,OAAO,EACP7D,uBACF,CAAC;EAED,OAAO;IAAEgE;EAAiB,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,wBAAkD,GAAG,MAAAA,CAChET,UAAU,EACVC,UAAU,EACVnD,MAAM,EACN4D,OAAO,KACJ;EACH,IAAI5D,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOiD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVnD,MAAM,EACN4D,OACF,CAAC;EACH;EAEA,MAAM,IAAI5E,aAAa,CAAE,kCAAiCgB,MAAO,EAAC,CAAC;AACrE,CAAC"}

package/lib/module/credential/issuance/index.js

@@ -1,8 +1,8 @@
 import { evaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import { startUserAuthorization } from "./03-start-user-authorization";
-import { completeUserAuthorizationWithQueryMode } from "./04-complete-user-authorization";
+import { completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthroizationResponse, getRequestedCredentialToBePresented } from "./04-complete-user-authorization";
 import { authorizeAccess } from "./05-authorize-access";
 import { obtainCredential } from "./06-obtain-credential";
 import { verifyAndParseCredential } from "./07-verify-and-parse-credential";
-export { evaluateIssuerTrust, startUserAuthorization, completeUserAuthorizationWithQueryMode, authorizeAccess, obtainCredential, verifyAndParseCredential };
+export { evaluateIssuerTrust, startUserAuthorization, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthroizationResponse };
 //# sourceMappingURL=index.js.map

package/lib/module/credential/issuance/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","completeUserAuthorizationWithQueryMode","authorizeAccess","obtainCredential","verifyAndParseCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,QAEjC,kCAAkC;AACzC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AAEzC,SACEL,mBAAmB,EACnBC,sBAAsB,EACtBC,sCAAsC,EACtCC,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB"}
+{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","parseAuthroizationResponse","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","verifyAndParseCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,EACtCC,4CAA4C,EAC5CC,0BAA0B,EAI1BC,mCAAmC,QAC9B,kCAAkC;AACzC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AAEzC,SACER,mBAAmB,EACnBC,sBAAsB,EACtBC,sCAAsC,EACtCG,mCAAmC,EACnCF,4CAA4C,EAC5CG,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB,EACxBJ,0BAA0B"}

package/lib/module/credential/issuance/types.js

@@ -15,4 +15,11 @@ export const CredentialResponse = z.object({
   credential: z.string(),
   format: SupportedCredentialFormat
 });
+
+/**
+ * Shape from parsing a response given by a request uri during the EAA credential issuance flow with response mode "form_post.jwt".
+ */
+export const ResponseUriResultShape = z.object({
+  redirect_uri: z.string()
+});
 //# sourceMappingURL=types.js.map

package/lib/module/credential/issuance/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["AuthorizationDetail","z","SupportedCredentialFormat","TokenResponse","object","access_token","string","authorization_details","array","c_nonce","c_nonce_expires_in","number","expires_in","token_type","CredentialResponse","credential","format"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,iBAAiB;AACrD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,yBAAyB,QAAQ,SAAS;AAInD,OAAO,MAAMC,aAAa,GAAGF,CAAC,CAACG,MAAM,CAAC;EACpCC,YAAY,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBC,qBAAqB,EAAEN,CAAC,CAACO,KAAK,CAACR,mBAAmB,CAAC;EACnDS,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BC,UAAU,EAAEX,CAAC,CAACU,MAAM,CAAC,CAAC;EACtBE,UAAU,EAAEZ,CAAC,CAACK,MAAM,CAAC;AACvB,CAAC,CAAC;AAIF,OAAO,MAAMQ,kBAAkB,GAAGb,CAAC,CAACG,MAAM,CAAC;EACzCK,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BI,UAAU,EAAEd,CAAC,CAACK,MAAM,CAAC,CAAC;EACtBU,MAAM,EAAEd;AACV,CAAC,CAAC"}
+{"version":3,"names":["AuthorizationDetail","z","SupportedCredentialFormat","TokenResponse","object","access_token","string","authorization_details","array","c_nonce","c_nonce_expires_in","number","expires_in","token_type","CredentialResponse","credential","format","ResponseUriResultShape","redirect_uri"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,iBAAiB;AACrD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,yBAAyB,QAAQ,SAAS;AAInD,OAAO,MAAMC,aAAa,GAAGF,CAAC,CAACG,MAAM,CAAC;EACpCC,YAAY,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBC,qBAAqB,EAAEN,CAAC,CAACO,KAAK,CAACR,mBAAmB,CAAC;EACnDS,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BC,UAAU,EAAEX,CAAC,CAACU,MAAM,CAAC,CAAC;EACtBE,UAAU,EAAEZ,CAAC,CAACK,MAAM,CAAC;AACvB,CAAC,CAAC;AAIF,OAAO,MAAMQ,kBAAkB,GAAGb,CAAC,CAACG,MAAM,CAAC;EACzCK,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BI,UAAU,EAAEd,CAAC,CAACK,MAAM,CAAC,CAAC;EACtBU,MAAM,EAAEd;AACV,CAAC,CAAC;;AAEF;AACA;AACA;AACA,OAAO,MAAMe,sBAAsB,GAAGhB,CAAC,CAACG,MAAM,CAAC;EAC7Cc,YAAY,EAAEjB,CAAC,CAACK,MAAM,CAAC;AACzB,CAAC,CAAC"}

package/lib/module/index.js

@@ -9,7 +9,8 @@ import * as Errors from "./utils/errors";
 import * as WalletInstanceAttestation from "./wallet-instance-attestation";
 import * as Trust from "./trust";
 import * as WalletInstance from "./wallet-instance";
+import * as Cie from "./cie";
 import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
 import { createCryptoContextFor } from "./utils/crypto";
-export { SdJwt, PID, Credential, WalletInstanceAttestation, WalletInstance, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails, fixBase64EncodingOnKey };
+export { SdJwt, PID, Credential, WalletInstanceAttestation, WalletInstance, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails, fixBase64EncodingOnKey, Cie };
 //# sourceMappingURL=index.js.map

package/lib/module/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["fixBase64EncodingOnKey","Credential","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","WalletInstance","AuthorizationDetail","AuthorizationDetails","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"AACA,SAASA,sBAAsB,QAAQ,aAAa;AACpD;AACA;AACA,OAAO,gCAAgC;AAEvC,OAAO,KAAKC,UAAU,MAAM,cAAc;AAC1C,OAAO,KAAKC,GAAG,MAAM,OAAO;AAC5B,OAAO,KAAKC,KAAK,MAAM,UAAU;AACjC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,yBAAyB,MAAM,+BAA+B;AAC1E,OAAO,KAAKC,KAAK,MAAM,SAAS;AAChC,OAAO,KAAKC,cAAc,MAAM,mBAAmB;AACnD,SAASC,mBAAmB,EAAEC,oBAAoB,QAAQ,aAAa;AACvE,SAASC,sBAAsB,QAAQ,gBAAgB;AAGvD,SACEP,KAAK,EACLD,GAAG,EACHD,UAAU,EACVI,yBAAyB,EACzBE,cAAc,EACdH,MAAM,EACNE,KAAK,EACLI,sBAAsB,EACtBF,mBAAmB,EACnBC,oBAAoB,EACpBT,sBAAsB"}
+{"version":3,"names":["fixBase64EncodingOnKey","Credential","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","WalletInstance","Cie","AuthorizationDetail","AuthorizationDetails","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"AACA,SAASA,sBAAsB,QAAQ,aAAa;AACpD;AACA;AACA,OAAO,gCAAgC;AAEvC,OAAO,KAAKC,UAAU,MAAM,cAAc;AAC1C,OAAO,KAAKC,GAAG,MAAM,OAAO;AAC5B,OAAO,KAAKC,KAAK,MAAM,UAAU;AACjC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,yBAAyB,MAAM,+BAA+B;AAC1E,OAAO,KAAKC,KAAK,MAAM,SAAS;AAChC,OAAO,KAAKC,cAAc,MAAM,mBAAmB;AACnD,OAAO,KAAKC,GAAG,MAAM,OAAO;AAC5B,SAASC,mBAAmB,EAAEC,oBAAoB,QAAQ,aAAa;AACvE,SAASC,sBAAsB,QAAQ,gBAAgB;AAGvD,SACER,KAAK,EACLD,GAAG,EACHD,UAAU,EACVI,yBAAyB,EACzBE,cAAc,EACdH,MAAM,EACNE,KAAK,EACLK,sBAAsB,EACtBF,mBAAmB,EACnBC,oBAAoB,EACpBV,sBAAsB,EACtBQ,GAAG"}

package/lib/module/trust/types.js

@@ -39,8 +39,9 @@ const CredentialIssuerDisplayMetadata = z.object({
   logo: z.object({
     url: z.string(),
     alt_text: z.string()
-  })
+  }).optional() // TODO [SIW-1268]: should not be optional
 });
+
 const ClaimsMetadata = z.record(z.object({
   value_type: z.string(),
   display: z.array(z.object({
@@ -55,7 +56,8 @@ const SupportedCredentialMetadata = z.object({
   format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
   scope: z.string(),
   display: z.array(CredentialDisplayMetadata),
-  claims: ClaimsMetadata,
+  claims: ClaimsMetadata.optional(),
+  // TODO [SIW-1268]: should not be optional
   cryptographic_binding_methods_supported: z.array(z.string()),
   credential_signing_alg_values_supported: z.array(z.string())
 });
@@ -174,7 +176,7 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z
       /** Credential Issuers act as Relying Party
           when they require the presentation of other credentials.
           This does not apply for PID issuance, which requires CIE authz. */
-      openid_relying_party: RelyingPartyMetadata.optional()
+      wallet_relying_party: RelyingPartyMetadata.optional()
     })
   })
 }));