npm - @pagopa/io-react-native-wallet - Versions diffs - 0.2.2 → 0.2.4 - Mend

@pagopa/io-react-native-wallet 0.2.2 → 0.2.4

Files changed (118) hide show

package/lib/typescript/src/rp/index.d.ts ADDED Viewed

@@ -0,0 +1,89 @@
+import { QRCodePayload, RequestObject, RpEntityConfiguration, type Presentation } from "./types";
+import type { JWK } from "@pagopa/io-react-native-jwt/lib/typescript/types";
+export declare class RelyingPartySolution {
+    relyingPartyBaseUrl: string;
+    walletInstanceAttestation: string;
+    appFetch: GlobalFetch["fetch"];
+    constructor(relyingPartyBaseUrl: string, walletInstanceAttestation: string, appFetch?: GlobalFetch["fetch"]);
+    /**
+     * Decode a QR code content to an authentication request url.
+     * @function
+     * @param qrcode QR code content
+     *
+     * @returns The authentication request url
+     *
+     */
+    static decodeAuthRequestQR(qrcode: string): QRCodePayload;
+    /**
+     * Obtain the unsigned wallet instance DPoP for authentication request
+     *
+     * @function
+     * @param walletInstanceAttestationJwk JWT of the Wallet Instance Attestation
+     * @param authRequestUrl authentication request url
+     *
+     * @returns The unsigned wallet instance DPoP
+     *
+     */
+    getUnsignedWalletInstanceDPoP(walletInstanceAttestationJwk: JWK, authRequestUrl: string): Promise<string>;
+    /**
+     * Obtain the Request Object for RP authentication
+     * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
+     *
+     * @async @function
+     * @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
+     *
+     * @returns The Request Object JWT
+     * @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
+     *
+     */
+    getRequestObject(signedWalletInstanceDPoP: string, entity: RpEntityConfiguration): Promise<RequestObject>;
+    /**
+     * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
+     * The presentation is prepared by disclosing data from provided credentials, according to requested claims
+     * Each Verified Credential come along with the claims the user accepts to disclose from it.
+     *
+     * The returned token is unsigned (sign should be apply by the caller).
+     *
+     * @todo accept more than a Verified Credential
+     *
+     * @param requestObj The incoming request object, which the requirements for the requested authorization
+     * @param presentation The Verified Credential containing user data along with the list of claims to be disclosed.
+     * @returns The unsigned Verified Presentation token
+     * @throws {ClaimsNotFoundBetweenDislosures} If the Verified Credential does not contain one or more requested claims.
+     *
+     */
+    prepareVpToken(requestObj: RequestObject, [vc, claims]: Presentation): Promise<{
+        vp_token: string;
+        presentation_submission: Record<string, unknown>;
+    }>;
+    /**
+     * Compose and send an Authorization Response in the context of an authorization request flow.
+     *
+     * @todo MUST add presentation_submission
+     *
+     * @param requestObj The incoming request object, which the requirements for the requested authorization
+     * @param vp_token The signed Verified Presentation token with data to send.
+     * @param presentation_submission
+     * @param entity The RP entity configuration
+     * @returns The response from the RP
+     * @throws {IoWalletError} if the submission fails.
+     * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key
+     *
+     */
+    sendAuthorizationResponse(requestObj: RequestObject, vp_token: string, presentation_submission: Record<string, unknown>, entity: RpEntityConfiguration): Promise<string>;
+    /**
+     * Select a public key from those provided by the RP.
+     * Keys with algorithm "RSA-OAEP-256" or "RSA-OAEP" are expected, the firsts to be preferred.
+     *
+     * @param entity The RP entity configuration
+     * @returns A suitable public key with its compatible encryption algorithm
+     * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
+     */
+    private choosePublicKeyToEncrypt;
+    private getEncryptionAlgByJwk;
+    /**
+     * Obtain the relying party entity configuration.
+     */
+    getEntityConfiguration(): Promise<RpEntityConfiguration>;
+}
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/src/rp/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/rp/index.ts"],"names":[],"mappings":"AAaA,OAAO,EACL,aAAa,EACb,aAAa,EACb,qBAAqB,EACrB,KAAK,YAAY,EAClB,MAAM,SAAS,CAAC;AAGjB,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kDAAkD,CAAC;AAG5E,qBAAa,oBAAoB;IAC/B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;gBAG7B,mBAAmB,EAAE,MAAM,EAC3B,yBAAyB,EAAE,MAAM,EACjC,QAAQ,GAAE,WAAW,CAAC,OAAO,CAAS;IAOxC;;;;;;;OAOG;IACH,MAAM,CAAC,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa;IAqBzD;;;;;;;;;OASG;IACG,6BAA6B,CACjC,4BAA4B,EAAE,GAAG,EACjC,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,MAAM,CAAC;IAiBlB;;;;;;;;;;OAUG;IACG,gBAAgB,CACpB,wBAAwB,EAAE,MAAM,EAChC,MAAM,EAAE,qBAAqB,GAC5B,OAAO,CAAC,aAAa,CAAC;IA2CzB;;;;;;;;;;;;;;OAcG;IACG,cAAc,CAClB,UAAU,EAAE,aAAa,EACzB,CAAC,EAAE,EAAE,MAAM,CAAC,EAAE,YAAY,GACzB,OAAO,CAAC;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAClD,CAAC;IA6BF;;;;;;;;;;;;;OAaG;IACG,yBAAyB,CAC7B,UAAU,EAAE,aAAa,EACzB,QAAQ,EAAE,MAAM,EAChB,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChD,MAAM,EAAE,qBAAqB,GAC5B,OAAO,CAAC,MAAM,CAAC;IAkClB;;;;;;;OAOG;IACH,OAAO,CAAC,wBAAwB;IA6BhC,OAAO,CAAC,qBAAqB;IAY7B;;OAEG;IACG,sBAAsB,IAAI,OAAO,CAAC,qBAAqB,CAAC;CAuB/D"}

package/lib/typescript/{rp → src/rp}/types.d.ts RENAMED Viewed

@@ -366,7 +366,6 @@ export declare const RpEntityConfiguration: z.ZodObject<{
                 }>;
                 contacts: z.ZodArray<z.ZodString, "many">;
             }, "strip", z.ZodTypeAny, {
-                client_id: string;
                 jwks: {
                     keys: {
                         kty: "RSA" | "EC";
@@ -393,11 +392,11 @@ export declare const RpEntityConfiguration: z.ZodObject<{
                         x5u?: string | undefined;
                     }[];
                 };
+                client_id: string;
                 application_type: string;
                 client_name: string;
                 contacts: string[];
             }, {
-                client_id: string;
                 jwks: {
                     keys: {
                         kty: "RSA" | "EC";
@@ -424,6 +423,7 @@ export declare const RpEntityConfiguration: z.ZodObject<{
                         x5u?: string | undefined;
                     }[];
                 };
+                client_id: string;
                 application_type: string;
                 client_name: string;
                 contacts: string[];
@@ -436,20 +436,26 @@ export declare const RpEntityConfiguration: z.ZodObject<{
                 contacts: z.ZodArray<z.ZodString, "many">;
             }, "strip", z.ZodTypeAny, {
                 organization_name: string;
-                contacts: string[];
                 homepage_uri: string;
                 policy_uri: string;
                 logo_uri: string;
+                contacts: string[];
             }, {
                 organization_name: string;
-                contacts: string[];
                 homepage_uri: string;
                 policy_uri: string;
                 logo_uri: string;
+                contacts: string[];
             }>;
         }, "strip", z.ZodTypeAny, {
+            federation_entity: {
+                organization_name: string;
+                homepage_uri: string;
+                policy_uri: string;
+                logo_uri: string;
+                contacts: string[];
+            };
             wallet_relying_party: {
-                client_id: string;
                 jwks: {
                     keys: {
                         kty: "RSA" | "EC";
@@ -476,20 +482,20 @@ export declare const RpEntityConfiguration: z.ZodObject<{
                         x5u?: string | undefined;
                     }[];
                 };
+                client_id: string;
                 application_type: string;
                 client_name: string;
                 contacts: string[];
             };
+        }, {
             federation_entity: {
                 organization_name: string;
-                contacts: string[];
                 homepage_uri: string;
                 policy_uri: string;
                 logo_uri: string;
+                contacts: string[];
             };
-        }, {
             wallet_relying_party: {
-                client_id: string;
                 jwks: {
                     keys: {
                         kty: "RSA" | "EC";
@@ -516,17 +522,11 @@ export declare const RpEntityConfiguration: z.ZodObject<{
                         x5u?: string | undefined;
                     }[];
                 };
+                client_id: string;
                 application_type: string;
                 client_name: string;
                 contacts: string[];
             };
-            federation_entity: {
-                organization_name: string;
-                contacts: string[];
-                homepage_uri: string;
-                policy_uri: string;
-                logo_uri: string;
-            };
         }>;
         authority_hints: z.ZodArray<z.ZodString, "many">;
     }, "strip", z.ZodTypeAny, {
@@ -561,8 +561,14 @@ export declare const RpEntityConfiguration: z.ZodObject<{
             }[];
         };
         metadata: {
+            federation_entity: {
+                organization_name: string;
+                homepage_uri: string;
+                policy_uri: string;
+                logo_uri: string;
+                contacts: string[];
+            };
             wallet_relying_party: {
-                client_id: string;
                 jwks: {
                     keys: {
                         kty: "RSA" | "EC";
@@ -589,17 +595,11 @@ export declare const RpEntityConfiguration: z.ZodObject<{
                         x5u?: string | undefined;
                     }[];
                 };
+                client_id: string;
                 application_type: string;
                 client_name: string;
                 contacts: string[];
             };
-            federation_entity: {
-                organization_name: string;
-                contacts: string[];
-                homepage_uri: string;
-                policy_uri: string;
-                logo_uri: string;
-            };
         };
         authority_hints: string[];
     }, {
@@ -634,8 +634,14 @@ export declare const RpEntityConfiguration: z.ZodObject<{
             }[];
         };
         metadata: {
+            federation_entity: {
+                organization_name: string;
+                homepage_uri: string;
+                policy_uri: string;
+                logo_uri: string;
+                contacts: string[];
+            };
             wallet_relying_party: {
-                client_id: string;
                 jwks: {
                     keys: {
                         kty: "RSA" | "EC";
@@ -662,17 +668,11 @@ export declare const RpEntityConfiguration: z.ZodObject<{
                         x5u?: string | undefined;
                     }[];
                 };
+                client_id: string;
                 application_type: string;
                 client_name: string;
                 contacts: string[];
             };
-            federation_entity: {
-                organization_name: string;
-                contacts: string[];
-                homepage_uri: string;
-                policy_uri: string;
-                logo_uri: string;
-            };
         };
         authority_hints: string[];
     }>;
@@ -714,8 +714,14 @@ export declare const RpEntityConfiguration: z.ZodObject<{
             }[];
         };
         metadata: {
+            federation_entity: {
+                organization_name: string;
+                homepage_uri: string;
+                policy_uri: string;
+                logo_uri: string;
+                contacts: string[];
+            };
             wallet_relying_party: {
-                client_id: string;
                 jwks: {
                     keys: {
                         kty: "RSA" | "EC";
@@ -742,17 +748,11 @@ export declare const RpEntityConfiguration: z.ZodObject<{
                         x5u?: string | undefined;
                     }[];
                 };
+                client_id: string;
                 application_type: string;
                 client_name: string;
                 contacts: string[];
             };
-            federation_entity: {
-                organization_name: string;
-                contacts: string[];
-                homepage_uri: string;
-                policy_uri: string;
-                logo_uri: string;
-            };
         };
         authority_hints: string[];
     };
@@ -794,8 +794,14 @@ export declare const RpEntityConfiguration: z.ZodObject<{
             }[];
         };
         metadata: {
+            federation_entity: {
+                organization_name: string;
+                homepage_uri: string;
+                policy_uri: string;
+                logo_uri: string;
+                contacts: string[];
+            };
             wallet_relying_party: {
-                client_id: string;
                 jwks: {
                     keys: {
                         kty: "RSA" | "EC";
@@ -822,17 +828,11 @@ export declare const RpEntityConfiguration: z.ZodObject<{
                         x5u?: string | undefined;
                     }[];
                 };
+                client_id: string;
                 application_type: string;
                 client_name: string;
                 contacts: string[];
             };
-            federation_entity: {
-                organization_name: string;
-                contacts: string[];
-                homepage_uri: string;
-                policy_uri: string;
-                logo_uri: string;
-            };
         };
         authority_hints: string[];
     };
@@ -854,4 +854,11 @@ export declare const QRCodePayload: z.ZodObject<{
     clientId: string;
     requestURI: string;
 }>;
+/**
+ * A pair that associate a tokenized Verified Credential with the claims presented or requested to present.
+ */
+export type Presentation = [
+    string,
+    string[]
+];
 //# sourceMappingURL=types.d.ts.map

package/lib/typescript/{rp → src/rp}/types.d.ts.map RENAMED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["~~../../../~~src/rp/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoBxB,CAAC;AAGH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkChC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;EAKxB,CAAC"}
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/rp/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoBxB,CAAC;AAGH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkChC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;EAKxB,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,MAAM,EAAE;CACtB,CAAC"}

package/lib/typescript/src/sd-jwt/__test__/converters.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"converters.test.d.ts","sourceRoot":"","sources":["../../../../../src/sd-jwt/__test__/converters.test.ts"],"names":[],"mappings":""}

package/lib/typescript/src/sd-jwt/__test__/index.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=index.test.d.ts.map

package/lib/typescript/src/sd-jwt/__test__/index.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.test.d.ts","sourceRoot":"","sources":["../../../../../src/sd-jwt/__test__/index.test.ts"],"names":[],"mappings":""}

package/lib/typescript/src/sd-jwt/__test__/types.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.test.d.ts","sourceRoot":"","sources":["../../../../../src/sd-jwt/__test__/types.test.ts"],"names":[],"mappings":""}

package/lib/typescript/src/sd-jwt/converters.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"converters.d.ts","sourceRoot":"","sources":["../../../../src/sd-jwt/converters.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAE1C,wBAAgB,uBAAuB,CACrC,WAAW,EAAE,UAAU,EAAE,EACzB,SAAS,EAAE,MAAM,OAmBlB"}

package/lib/typescript/{sd-jwt → src/sd-jwt}/index.d.ts RENAMED Viewed

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { Disclosure } from "./types";
+import { Disclosure, type DisclosureWithEncoded } from "./types";
 import type { JWK } from "src/utils/jwk";
 /**
  * Decode a given SD-JWT with Disclosures to get the parsed SD-JWT object they define.
@@ -17,8 +17,28 @@ import type { JWK } from "src/utils/jwk";
  */
 export declare const decode: <S extends z.AnyZodObject>(token: string, schema: S) => {
     sdJwt: z.TypeOf<S>;
-    disclosures: Disclosure[];
+    disclosures: DisclosureWithEncoded[];
 };
+/**
+ * Select disclosures from a given SD-JWT with Disclosures.
+ * Claims relate with disclosures by their name.
+ *
+ * @function
+ * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
+ * @param claims The list of claims to be disclosed
+ *
+ * @throws {ClaimsNotFoundBetweenDislosures} When one or more claims does not relate to any discloure.
+ * @throws {ClaimsNotFoundInToken} When one or more claims are not contained in the SD-JWT token.
+ * @returns The encoded token with only the requested disclosures, along with the path each claim can be found on the SD-JWT token
+ *
+ */
+export declare const disclose: (token: string, claims: string[]) => Promise<{
+    token: string;
+    paths: {
+        claim: string;
+        path: string;
+    }[];
+}>;
 /**
  * Verify a given SD-JWT with Disclosures
  * Same as {@link decode} plus:

package/lib/typescript/src/sd-jwt/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/sd-jwt/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,OAAO,EAAE,UAAU,EAAY,KAAK,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAE3E,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAWzC;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,oCACV,MAAM;;iBAIA,qBAAqB,EAAE;CAsBrC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,QAAQ,UACZ,MAAM,UACL,MAAM,EAAE;WACE,MAAM;WAAS;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE;EA8CnE,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,MAAM,oCACV,MAAM,aACF,GAAG;;iBAE6B,UAAU,EAAE;EAwBxD,CAAC"}

package/lib/typescript/{sd-jwt → src/sd-jwt}/types.d.ts RENAMED Viewed

@@ -17,6 +17,18 @@ export declare const ObfuscatedDisclosures: z.ZodObject<{
  */
 export type Disclosure = z.infer<typeof Disclosure>;
 export declare const Disclosure: z.ZodTuple<[z.ZodString, z.ZodString, z.ZodUnknown], null>;
+/**
+ * Encoding depends on the serialization algorithm used when generating the disclosure tokens.
+ * The SD-JWT reference itself take no decision about how to handle whitespaces in serialized objects.
+ * For such reason, we may find conveninent to have encoded and decode values stored explicitly in the same structure.
+ * Please note that `encoded` can always decode into `decode`, but `decode` may or may not be encoded with the same value of `encoded`
+ *
+ * @see https://www.ietf.org/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-disclosures-for-object-prop
+ */
+export type DisclosureWithEncoded = {
+    decoded: Disclosure;
+    encoded: string;
+};
 export type SdJwt4VC = z.infer<typeof SdJwt4VC>;
 export declare const SdJwt4VC: z.ZodObject<{
     header: z.ZodObject<{

package/lib/typescript/src/sd-jwt/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/sd-jwt/types.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,QAAQ,aAAuC,CAAC;AAC7D,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,QAAQ,CAAC,CAAC;AAEhD,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;EAAyC,CAAC;AAE5E;;;;;GAKG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AACpD,eAAO,MAAM,UAAU,4DAIrB,CAAC;AAEH;;;;;;;GAOG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC,OAAO,EAAE,UAAU,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,QAAQ,CAAC,CAAC;AAChD,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA8BnB,CAAC"}

package/lib/typescript/src/sd-jwt/verifier.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { DisclosureWithEncoded, ObfuscatedDisclosures } from "./types";
+export declare const verifyDisclosure: ({ encoded, decoded }: DisclosureWithEncoded, claims: ObfuscatedDisclosures["_sd"]) => Promise<void>;
+//# sourceMappingURL=verifier.d.ts.map

package/lib/typescript/src/sd-jwt/verifier.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../../../src/sd-jwt/verifier.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAE5E,eAAO,MAAM,gBAAgB,yBACL,qBAAqB,UACnC,qBAAqB,CAAC,KAAK,CAAC,kBAUrC,CAAC"}

package/lib/typescript/src/utils/dpop.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"dpop.d.ts","sourceRoot":"","sources":["../../../../src/utils/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAGzB,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAEjC,eAAO,MAAM,eAAe,QAAS,GAAG,WAAW,WAAW,KAAG,MAWhE,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AACtD,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;EAKtB,CAAC"}

package/lib/typescript/{utils → src/utils}/errors.d.ts RENAMED Viewed

@@ -68,4 +68,45 @@ export declare class PidIssuingError extends IoWalletError {
     reason: string;
     constructor(message: string, claim?: string, reason?: string);
 }
+/**
+ * When claims are requested but not found in the credential
+ *
+ */
+export declare class ClaimsNotFoundBetweenDislosures extends Error {
+    static get code(): "ERR_CLAIMS_NOT_FOUND";
+    code: string;
+    /** The Claims not found */
+    claims: string[];
+    constructor(claims: string | string[]);
+}
+/**
+ * When the SD-JWT does not contain an hashed reference to a given set of claims
+ */
+export declare class ClaimsNotFoundInToken extends Error {
+    static get code(): "ERR_CLAIMS_NOT_FOUND_IN_TOKEN";
+    code: string;
+    /** The Claims not found */
+    claims: string[];
+    constructor(claims: string | string[]);
+}
+/**
+ * When selecting a public key from an entity configuration, and no one meets the requirements for the scenario
+ *
+ */
+export declare class NoSuitableKeysFoundInEntityConfiguration extends Error {
+    static get code(): "ERR_NO_SUITABLE_KEYS_NOT_FOUND";
+    code: string;
+    /**
+     * @param scenario describe the scenario in which the error arise
+     */
+    constructor(scenario: string);
+}
+/**
+ * When selecting a public key from an entity configuration, and no one meets the requirements for the scenario
+ *
+ */
+export declare class PidMetadataError extends Error {
+    static get code(): "PID_METADATA_ERROR";
+    constructor(message: string);
+}
 //# sourceMappingURL=errors.d.ts.map

package/lib/typescript/src/utils/errors.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../src/utils/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACtC,6DAA6D;IAC7D,MAAM,KAAK,IAAI,IAAI,MAAM,CAExB;IAED,6DAA6D;IAC7D,IAAI,EAAE,MAAM,CAA2B;gBAE3B,OAAO,CAAC,EAAE,MAAM;CAM7B;AACD;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,aAAa;IACjD,MAAM,KAAK,IAAI,IAAI,iCAAiC,CAEnD;IAED,IAAI,SAAqC;IAEzC,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAEH,OAAO,EAAE,MAAM,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAK3E;AAED;;;GAGG;AACH,qBAAa,qCAAsC,SAAQ,aAAa;IACtE,MAAM,KAAK,IAAI,IAAI,mDAAmD,CAErE;IAED,IAAI,SAAuD;IAE3D,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAEH,OAAO,EAAE,MAAM,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAK3E;AAED;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,MAAM,KAAK,IAAI,IAAI,oDAAoD,CAEtE;IAED,IAAI,SAAwD;IAE5D,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAEH,OAAO,EAAE,MAAM,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAK3E;AAED;;;GAGG;AACH,qBAAa,eAAgB,SAAQ,aAAa;IAChD,MAAM,KAAK,IAAI,IAAI,kCAAkC,CAEpD;IAED,IAAI,SAAsC;IAE1C,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAEH,OAAO,EAAE,MAAM,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAK3E;AAED;;;GAGG;AACH,qBAAa,+BAAgC,SAAQ,KAAK;IACxD,MAAM,KAAK,IAAI,IAAI,sBAAsB,CAExC;IAED,IAAI,SAA0B;IAE9B,2BAA2B;IAC3B,MAAM,EAAE,MAAM,EAAE,CAAC;gBAEL,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE;CAQtC;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;IAC9C,MAAM,KAAK,IAAI,IAAI,+BAA+B,CAEjD;IAED,IAAI,SAAmC;IAEvC,2BAA2B;IAC3B,MAAM,EAAE,MAAM,EAAE,CAAC;gBAEL,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE;CAQtC;AAED;;;GAGG;AACH,qBAAa,wCAAyC,SAAQ,KAAK;IACjE,MAAM,KAAK,IAAI,IAAI,gCAAgC,CAElD;IAED,IAAI,SAAoC;IAExC;;OAEG;gBACS,QAAQ,EAAE,MAAM;CAI7B;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,MAAM,KAAK,IAAI,IAAI,oBAAoB,CAEtC;gBAEW,OAAO,EAAE,MAAM;CAG5B"}

package/lib/typescript/src/utils/jwk.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jwk.d.ts","sourceRoot":"","sources":["../../../../src/utils/jwk.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;AACtC,eAAO,MAAM,GAAG;IACd,uCAAuC;;;;;;;IAOvC,yCAAyC;;;IAGzC,gDAAgD;;IAEhD,oCAAoC;;IAEpC;;kCAE8B;;;;;;IAM9B,4CAA4C;;;;IAI5C,qDAAqD;;IAErD,gEAAgE;;IAEhE,mEAAmE;;IAEnE,uCAAuC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEvC,CAAC"}

package/lib/typescript/src/wallet-instance-attestation/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/wallet-instance-attestation/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,4BAA4B,EAAE,MAAM,SAAS,CAAC;AAIvD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,CAAC;AACnB;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,4BAA4B,CAQlE;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,MAAM,CAC1B,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,4BAA4B,CAAC,CAOvC"}

package/lib/typescript/src/wallet-instance-attestation/issuing.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../../src/wallet-instance-attestation/issuing.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAKnC,qBAAa,OAAO;IAClB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;gBAE7B,qBAAqB,EAAE,MAAM,EAC7B,QAAQ,GAAE,WAAW,CAAC,OAAO,CAAS;IAMxC;;;;;;;;;OASG;IACG,2BAA2B,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IA0B5D;;;;;;;;;;;;OAYG;IACG,cAAc,CAClB,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;CAqCnB"}

package/lib/typescript/{wallet-instance-attestation → src/wallet-instance-attestation}/types.d.ts RENAMED Viewed

@@ -574,11 +574,11 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
         presentation_definition_uri_supported: z.ZodBoolean;
     }, "strip", z.ZodTypeAny, {
         type: "WalletInstanceAttestation";
+        authorization_endpoint: string;
         policy_uri: string;
-        logo_uri: string;
         tos_uri: string;
+        logo_uri: string;
         asc: string;
-        authorization_endpoint: string;
         response_types_supported: string[];
         vp_formats_supported: {
             jwt_vp_json: {
@@ -592,11 +592,11 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
         presentation_definition_uri_supported: boolean;
     }, {
         type: "WalletInstanceAttestation";
+        authorization_endpoint: string;
         policy_uri: string;
-        logo_uri: string;
         tos_uri: string;
+        logo_uri: string;
         asc: string;
-        authorization_endpoint: string;
         response_types_supported: string[];
         vp_formats_supported: {
             jwt_vp_json: {
@@ -652,11 +652,11 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
         };
     } & {
         type: "WalletInstanceAttestation";
+        authorization_endpoint: string;
         policy_uri: string;
-        logo_uri: string;
         tos_uri: string;
+        logo_uri: string;
         asc: string;
-        authorization_endpoint: string;
         response_types_supported: string[];
         vp_formats_supported: {
             jwt_vp_json: {
@@ -712,11 +712,11 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
         };
     } & {
         type: "WalletInstanceAttestation";
+        authorization_endpoint: string;
         policy_uri: string;
-        logo_uri: string;
         tos_uri: string;
+        logo_uri: string;
         asc: string;
-        authorization_endpoint: string;
         response_types_supported: string[];
         vp_formats_supported: {
             jwt_vp_json: {

package/lib/typescript/{wallet-instance-attestation → src/wallet-instance-attestation}/types.d.ts.map RENAMED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["~~../../../~~src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAwBzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BvC,CAAC"}
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAwBzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BvC,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -53,7 +53,7 @@
   "devDependencies": {
     "@pagopa/eslint-config": "^3.0.0",
     "@pagopa/io-react-native-crypto": "^0.2.3",
-    "@pagopa/io-react-native-jwt": "^0.4.0",
+    "@pagopa/io-react-native-jwt": "^0.6.0",
     "@react-native-community/eslint-config": "^3.2.0",
     "@rushstack/eslint-patch": "^1.3.2",
     "@types/jest": "^28.1.2",
@@ -62,6 +62,7 @@
     "del-cli": "^5.0.0",
     "eslint": "^8.4.1",
     "jest": "^28.1.1",
+    "js-sha256": "^0.9.0",
     "pod-install": "^0.1.0",
     "prettier": "^2.0.5",
     "react": "18.2.0",

package/src/pid/issuing.ts CHANGED Viewed

@@ -1,14 +1,16 @@
 import {
   decode as decodeJwt,
+  verify as verifyJwt,
   sha256ToBase64,
 } from "@pagopa/io-react-native-jwt";
 import { SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
 import { JWK } from "../utils/jwk";
 import uuid from "react-native-uuid";
-import { PidIssuingError } from "../utils/errors";
+import { PidIssuingError, PidMetadataError } from "../utils/errors";
 import { getUnsignedDPop } from "../utils/dpop";
 import { sign, generate, deleteKey } from "@pagopa/io-react-native-crypto";
+import { PidIssuerEntityConfiguration } from "./metadata";
 // This is a temporary type that will be used for demo purposes only
 export type CieData = {
@@ -302,4 +304,39 @@ export class Issuing {
     throw new PidIssuingError(`Unable to obtain credential!`);
   }
+  /**
+   * Obtain the PID issuer metadata
+   *
+   * @function
+   * @returns PID issuer metadata
+   *
+   */
+  async getEntityConfiguration(): Promise<PidIssuerEntityConfiguration> {
+    const metadataUrl = new URL(
+      ".well-known/openid-federation",
+      this.pidProviderBaseUrl
+    ).href;
+    const response = await this.appFetch(metadataUrl);
+    if (response.status === 200) {
+      const jwtMetadata = await response.text();
+      const { payload } = decodeJwt(jwtMetadata);
+      const result = PidIssuerEntityConfiguration.safeParse(payload);
+      if (result.success) {
+        const parsedMetadata = result.data;
+        await verifyJwt(jwtMetadata, parsedMetadata.jwks.keys);
+        return parsedMetadata;
+      } else {
+        throw new PidMetadataError(result.error.message);
+      }
+    }
+    throw new PidMetadataError(
+      `Unable to obtain PID metadata. Response: ${await response.text()} with status: ${
+        response.status
+      }`
+    );
+  }
 }