@pagopa/io-react-native-wallet 0.2.2 → 0.2.4

package/src/pid/metadata.ts

@@ -0,0 +1,46 @@
+import { JWK } from "../utils/jwk";
+import { z } from "zod";
+
+export type PidDisplayMetadata = z.infer<typeof PidDisplayMetadata>;
+export const PidDisplayMetadata = z.object({
+  name: z.string(),
+  locale: z.string(),
+  logo: z.object({
+    url: z.string(),
+    alt_text: z.string(),
+  }),
+  background_color: z.string(),
+  text_color: z.string(),
+});
+
+export type PidIssuerEntityConfiguration = z.infer<
+  typeof PidIssuerEntityConfiguration
+>;
+export const PidIssuerEntityConfiguration = z.object({
+  jwks: z.object({ keys: z.array(JWK) }),
+  metadata: z.object({
+    openid_credential_issuer: z.object({
+      credential_issuer: z.string(),
+      authorization_endpoint: z.string(),
+      token_endpoint: z.string(),
+      pushed_authorization_request_endpoint: z.string(),
+      dpop_signing_alg_values_supported: z.array(z.string()),
+      credential_endpoint: z.string(),
+      credentials_supported: z.object({
+        "eu.eudiw.pid.it": z.object({
+          format: z.literal("vc+sd-jwt"),
+          cryptographic_binding_methods_supported: z.array(z.string()),
+          cryptographic_suites_supported: z.array(z.string()),
+          display: z.array(PidDisplayMetadata),
+        }),
+      }),
+    }),
+    federation_entity: z.object({
+      organization_name: z.string(),
+      homepage_uri: z.string(),
+      policy_uri: z.string(),
+      tos_uri: z.string(),
+      logo_uri: z.string(),
+    }),
+  }),
+});

package/src/pid/sd-jwt/index.ts

@@ -1,5 +1,4 @@
-import { decode as decodeJwt } from "../../sd-jwt";
-import { verify as verifyJwt } from "../../sd-jwt";
+import { decode as decodeJwt, verify as verifyJwt } from "../../sd-jwt";
 import { PID } from "./types";
 import { pidFromToken } from "./converters";
 import { Disclosure, SdJwt4VC } from "../../sd-jwt/types";
@@ -20,7 +19,11 @@ import { Disclosure, SdJwt4VC } from "../../sd-jwt/types";
  *
  */
 export function decode(token: string): PidWithToken {
-  let { sdJwt, disclosures } = decodeJwt(token, SdJwt4VC);
+  let { sdJwt, disclosures: disclosuresWithOriginal } = decodeJwt(
+    token,
+    SdJwt4VC
+  );
+  const disclosures = disclosuresWithOriginal.map((d) => d.decoded);
   const pid = pidFromToken(sdJwt, disclosures);
 
   return { pid, sdJwt, disclosures };

package/src/rp/index.ts

@@ -1,14 +1,26 @@
-import { AuthRequestDecodeError, IoWalletError } from "../utils/errors";
+import {
+  AuthRequestDecodeError,
+  IoWalletError,
+  NoSuitableKeysFoundInEntityConfiguration,
+} from "../utils/errors";
 import {
   decode as decodeJwt,
   decodeBase64,
   sha256ToBase64,
   SignJWT,
+  EncryptJwe,
+  verify,
 } from "@pagopa/io-react-native-jwt";
-import { QRCodePayload, RequestObject, RpEntityConfiguration } from "./types";
+import {
+  QRCodePayload,
+  RequestObject,
+  RpEntityConfiguration,
+  type Presentation,
+} from "./types";
 
 import uuid from "react-native-uuid";
 import type { JWK } from "@pagopa/io-react-native-jwt/lib/typescript/types";
+import { disclose } from "../sd-jwt";
 
 export class RelyingPartySolution {
   relyingPartyBaseUrl: string;
@@ -86,15 +98,18 @@ export class RelyingPartySolution {
 
   /**
    * Obtain the Request Object for RP authentication
+   * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
    *
-   * @function
+   * @async @function
    * @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
    *
    * @returns The Request Object JWT
+   * @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
    *
    */
   async getRequestObject(
-    signedWalletInstanceDPoP: string
+    signedWalletInstanceDPoP: string,
+    entity: RpEntityConfiguration
   ): Promise<RequestObject> {
     const decodedJwtDPop = await decodeJwt(signedWalletInstanceDPoP);
     const requestUri = decodedJwtDPop.payload.htu as string;
@@ -108,11 +123,28 @@ export class RelyingPartySolution {
 
     if (response.status === 200) {
       const responseText = await response.text();
-      const responseJwt = await decodeJwt(responseText);
+      const responseJwt = decodeJwt(responseText);
+
+      // verify token signature according to RP's entity configuration
+      // to ensure the request object is authentic
+      {
+        const pubKey = entity.payload.jwks.keys.find(
+          ({ kid }) => kid === responseJwt.protectedHeader.kid
+        );
+        if (!pubKey) {
+          throw new NoSuitableKeysFoundInEntityConfiguration(
+            "Request Object signature verification"
+          );
+        }
+        await verify(responseText, pubKey);
+      }
+
+      // parse request object it has the expected shape by specification
       const requestObj = RequestObject.parse({
         header: responseJwt.protectedHeader,
         payload: responseJwt.payload,
       });
+
       return requestObj;
     }
 
@@ -121,6 +153,158 @@ export class RelyingPartySolution {
     );
   }
 
+  /**
+   * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
+   * The presentation is prepared by disclosing data from provided credentials, according to requested claims
+   * Each Verified Credential come along with the claims the user accepts to disclose from it.
+   *
+   * The returned token is unsigned (sign should be apply by the caller).
+   *
+   * @todo accept more than a Verified Credential
+   *
+   * @param requestObj The incoming request object, which the requirements for the requested authorization
+   * @param presentation The Verified Credential containing user data along with the list of claims to be disclosed.
+   * @returns The unsigned Verified Presentation token
+   * @throws {ClaimsNotFoundBetweenDislosures} If the Verified Credential does not contain one or more requested claims.
+   *
+   */
+  async prepareVpToken(
+    requestObj: RequestObject,
+    [vc, claims]: Presentation // TODO: [SIW-353] support multiple presentations
+  ): Promise<{
+    vp_token: string;
+    presentation_submission: Record<string, unknown>;
+  }> {
+    // this throws if vc cannot satisfy all the requested claims
+    const { token: vp, paths } = await disclose(vc, claims);
+
+    // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
+
+    const vp_token = new SignJWT({ vp })
+      .setAudience(requestObj.payload.response_uri)
+      .setExpirationTime("1h")
+      .setProtectedHeader({
+        typ: "JWT",
+        alg: "ES256",
+      })
+      .toSign();
+
+    const [definition_id, vc_scope] = requestObj.payload.scope;
+    const presentation_submission = {
+      definition_id,
+      id: `${uuid.v4()}`,
+      descriptor_map: paths.map((p) => ({
+        id: vc_scope,
+        path: `$.vp_token.${p.path}`,
+        format: "vc+sd-jwt",
+      })),
+    };
+
+    return { vp_token, presentation_submission };
+  }
+
+  /**
+   * Compose and send an Authorization Response in the context of an authorization request flow.
+   *
+   * @todo MUST add presentation_submission
+   *
+   * @param requestObj The incoming request object, which the requirements for the requested authorization
+   * @param vp_token The signed Verified Presentation token with data to send.
+   * @param presentation_submission
+   * @param entity The RP entity configuration
+   * @returns The response from the RP
+   * @throws {IoWalletError} if the submission fails.
+   * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key
+   *
+   */
+  async sendAuthorizationResponse(
+    requestObj: RequestObject,
+    vp_token: string,
+    presentation_submission: Record<string, unknown>,
+    entity: RpEntityConfiguration
+  ): Promise<string> {
+    // the request is an unsigned jws without iss, aud, exp
+    // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
+    const jwk = this.choosePublicKeyToEncrypt(entity);
+    const enc = this.getEncryptionAlgByJwk(jwk);
+
+    const authzResponsePayload = JSON.stringify({
+      state: requestObj.payload.state,
+      presentation_submission,
+      vp_token,
+    });
+    const encrypted = await new EncryptJwe(authzResponsePayload, {
+      alg: jwk.alg,
+      enc,
+    }).encrypt(jwk);
+
+    const formBody = new URLSearchParams({ response: encrypted });
+    const response = await this.appFetch(requestObj.payload.response_uri, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+      },
+      body: formBody.toString(),
+    });
+
+    if (response.status === 200) {
+      return response.text();
+    }
+
+    throw new IoWalletError(
+      `Unable to send Authorization Response. Response code: ${response.status}`
+    );
+  }
+
+  /**
+   * Select a public key from those provided by the RP.
+   * Keys with algorithm "RSA-OAEP-256" or "RSA-OAEP" are expected, the firsts to be preferred.
+   *
+   * @param entity The RP entity configuration
+   * @returns A suitable public key with its compatible encryption algorithm
+   * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
+   */
+  private choosePublicKeyToEncrypt(
+    entity: RpEntityConfiguration
+  ): (JWK & { alg: "RSA-OAEP-256" }) | (JWK & { alg: "RSA-OAEP" }) {
+    // Look for keys using "RSA-OAEP-256", and pick a random one
+    const [usingRsa256] = entity.payload.jwks.keys.filter(
+      <T>(k: T & { alg?: string }): k is T & { alg: "RSA-OAEP-256" } =>
+        typeof k.alg === "string" && k.alg === "RSA-OAEP-256"
+    );
+
+    if (usingRsa256) {
+      return usingRsa256;
+    }
+
+    // Look for keys using "RSA-OAEP", and pick a random one
+    const [usingRsa] = entity.payload.jwks.keys.filter(
+      <T>(k: T & { alg?: string }): k is T & { alg: "RSA-OAEP" } =>
+        typeof k.alg === "string" && k.alg === "RSA-OAEP"
+    );
+
+    if (usingRsa) {
+      return usingRsa;
+    }
+
+    // No suitable key has been found
+    throw new NoSuitableKeysFoundInEntityConfiguration(
+      "Encrypt with RP public key"
+    );
+  }
+
+  private getEncryptionAlgByJwk({
+    alg,
+  }: (JWK & { alg: "RSA-OAEP-256" }) | (JWK & { alg: "RSA-OAEP" })):
+    | "A128CBC-HS256"
+    | "A256CBC-HS512" {
+    if (alg === "RSA-OAEP-256") return "A256CBC-HS512";
+    if (alg === "RSA-OAEP") return "A128CBC-HS256";
+
+    const _: never = alg;
+    throw new Error(`Invalid jwk algorithm: ${_}`);
+  }
+
   /**
    * Obtain the relying party entity configuration.
    */

package/src/rp/types.ts

@@ -70,3 +70,11 @@ export const QRCodePayload = z.object({
   clientId: z.string(),
   requestURI: z.string(),
 });
+
+/**
+ * A pair that associate a tokenized Verified Credential with the claims presented or requested to present.
+ */
+export type Presentation = [
+  /* verified credential token */ string,
+  /* claims */ string[]
+];

package/src/sd-jwt/__test__/index.test.ts

@@ -0,0 +1,171 @@
+import { decode, disclose } from "../index";
+
+import { encodeBase64, decodeBase64 } from "@pagopa/io-react-native-jwt";
+import { SdJwt4VC } from "../types";
+
+// Examples from https://www.ietf.org/id/draft-terbu-sd-jwt-vc-02.html#name-example-4
+// but adapted to adhere to format declared in https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/pid-eaa-data-model.html#id2
+// In short, the token is a Frankenstein composed as follows:
+//  - the header is taken from the italian specification, with kid and alg valued according to the signing keys
+//  - disclosures are taken from the SD-JWT-4-VC standard
+//  - payload is taken from the italian specification, but _sd are compiled with:
+//    - "address" is used as verification._sd
+//    - all others disclosures are in claims._sd
+const token =
+  "eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImIxODZlYTBjMTkyNTc5MzA5N2JmMDFiOGEyODlhNDVmIiwidHJ1c3RfY2hhaW4iOlsiTkVoUmRFUnBZbmxIWTNNNVdsZFdUV1oyYVVobSAuLi4iLCJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2IC4uLiIsIklrSllkbVp5Ykc1b1FVMTFTRkl3TjJGcVZXMUIgLi4uIl19.eyJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tL2lzc3VlciIsInN1YiI6Ik56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcy4uLiIsImp0aSI6InVybjp1dWlkOjZjNWMwYTQ5LWI1ODktNDMxZC1iYWU3LTIxOTEyMmE5ZWMyYyIsImlhdCI6MTU0MTQ5MzcyNCwiZXhwIjoxNTQxNDkzNzI0LCJzdGF0dXMiOiJodHRwczovL2V4YW1wbGUuY29tL3N0YXR1cyIsImNuZiI6eyJqd2siOnsia3R5IjoiUlNBIiwidXNlIjoic2lnIiwibiI6IjFUYS1zRSIsImUiOiJBUUFCIiwia2lkIjoiWWhORlMzWW5DOXRqaUNhaXZoV0xWVUozQXh3R0d6Xzk4dVJGYXFNRUVzIn19LCJ0eXBlIjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwidmVyaWZpZWRfY2xhaW1zIjp7InZlcmlmaWNhdGlvbiI6eyJfc2QiOlsiSnpZakg0c3ZsaUgwUjNQeUVNZmVadTZKdDY5dTVxZWhabzdGN0VQWWxTRSJdLCJ0cnVzdF9mcmFtZXdvcmsiOiJlaWRhcyIsImFzc3VyYW5jZV9sZXZlbCI6ImhpZ2gifSwiY2xhaW1zIjp7Il9zZCI6WyIwOXZLckpNT2x5VFdNMHNqcHVfcGRPQlZCUTJNMXkzS2hwSDUxNW5Ya3BZIiwiMnJzakdiYUMwa3k4bVQwcEpyUGlvV1RxMF9kYXcxc1g3NnBvVWxnQ3diSSIsIkVrTzhkaFcwZEhFSmJ2VUhsRV9WQ2V1Qzl1UkVMT2llTFpoaDdYYlVUdEEiLCJJbER6SUtlaVpkRHdwcXBLNlpmYnlwaEZ2ejVGZ25XYS1zTjZ3cVFYQ2l3IiwiUG9yRmJwS3VWdTZ4eW1KYWd2a0ZzRlhBYlJvYzJKR2xBVUEyQkE0bzdjSSIsIlRHZjRvTGJnd2Q1SlFhSHlLVlFaVTlVZEdFMHc1cnREc3JaemZVYW9tTG8iLCJqZHJURThZY2JZNEVpZnVnaWhpQWVfQlBla3hKUVpJQ2VpVVF3WTlRcXhJIiwianN1OXlWdWx3UVFsaEZsTV8zSmx6TWFTRnpnbGhRRzBEcGZheVF3TFVLNCJdfX0sIl9zZF9hbGciOiJzaGEtMjU2In0.8wwSHCd47wCgzRYXvvPTTRXGS-hk9V8jRzy7WSjRBTZxSHxJkGOSWwBVAA-kpJ-IvQS7699aLWxIMqAvr34sOA~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgIkRvZSJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX251bWJlciIsICIrMS0yMDItNTU1LTAxMDEiXQ~WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImJpcnRoZGF0ZSIsICIxOTQwLTAxLTAxIl0~WyJQYzMzSk0yTGNoY1VfbEhnZ3ZfdWZRIiwgImlzX292ZXJfMTgiLCB0cnVlXQ~WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgImlzX292ZXJfMjEiLCB0cnVlXQ~WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLCB0cnVlXQ~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0";
+
+const unsigned =
+  "eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImIxODZlYTBjMTkyNTc5MzA5N2JmMDFiOGEyODlhNDVmIiwidHJ1c3RfY2hhaW4iOlsiTkVoUmRFUnBZbmxIWTNNNVdsZFdUV1oyYVVobSAuLi4iLCJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2IC4uLiIsIklrSllkbVp5Ykc1b1FVMTFTRkl3TjJGcVZXMUIgLi4uIl19.eyJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tL2lzc3VlciIsInN1YiI6Ik56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcy4uLiIsImp0aSI6InVybjp1dWlkOjZjNWMwYTQ5LWI1ODktNDMxZC1iYWU3LTIxOTEyMmE5ZWMyYyIsImlhdCI6MTU0MTQ5MzcyNCwiZXhwIjoxNTQxNDkzNzI0LCJzdGF0dXMiOiJodHRwczovL2V4YW1wbGUuY29tL3N0YXR1cyIsImNuZiI6eyJqd2siOnsia3R5IjoiUlNBIiwidXNlIjoic2lnIiwibiI6IjFUYS1zRSIsImUiOiJBUUFCIiwia2lkIjoiWWhORlMzWW5DOXRqaUNhaXZoV0xWVUozQXh3R0d6Xzk4dVJGYXFNRUVzIn19LCJ0eXBlIjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwidmVyaWZpZWRfY2xhaW1zIjp7InZlcmlmaWNhdGlvbiI6eyJfc2QiOlsiSnpZakg0c3ZsaUgwUjNQeUVNZmVadTZKdDY5dTVxZWhabzdGN0VQWWxTRSJdLCJ0cnVzdF9mcmFtZXdvcmsiOiJlaWRhcyIsImFzc3VyYW5jZV9sZXZlbCI6ImhpZ2gifSwiY2xhaW1zIjp7Il9zZCI6WyIwOXZLckpNT2x5VFdNMHNqcHVfcGRPQlZCUTJNMXkzS2hwSDUxNW5Ya3BZIiwiMnJzakdiYUMwa3k4bVQwcEpyUGlvV1RxMF9kYXcxc1g3NnBvVWxnQ3diSSIsIkVrTzhkaFcwZEhFSmJ2VUhsRV9WQ2V1Qzl1UkVMT2llTFpoaDdYYlVUdEEiLCJJbER6SUtlaVpkRHdwcXBLNlpmYnlwaEZ2ejVGZ25XYS1zTjZ3cVFYQ2l3IiwiUG9yRmJwS3VWdTZ4eW1KYWd2a0ZzRlhBYlJvYzJKR2xBVUEyQkE0bzdjSSIsIlRHZjRvTGJnd2Q1SlFhSHlLVlFaVTlVZEdFMHc1cnREc3JaemZVYW9tTG8iLCJqZHJURThZY2JZNEVpZnVnaWhpQWVfQlBla3hKUVpJQ2VpVVF3WTlRcXhJIiwianN1OXlWdWx3UVFsaEZsTV8zSmx6TWFTRnpnbGhRRzBEcGZheVF3TFVLNCJdfX0sIl9zZF9hbGciOiJzaGEtMjU2In0";
+
+const signature =
+  "8wwSHCd47wCgzRYXvvPTTRXGS-hk9V8jRzy7WSjRBTZxSHxJkGOSWwBVAA-kpJ-IvQS7699aLWxIMqAvr34sOA";
+
+const signed = `${unsigned}.${signature}`;
+
+const tokenizedDisclosures = [
+  "WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd",
+  "WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgIkRvZSJd",
+  "WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ",
+  "WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX251bWJlciIsICIrMS0yMDItNTU1LTAxMDEiXQ",
+  "WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImJpcnRoZGF0ZSIsICIxOTQwLTAxLTAxIl0",
+  "WyJQYzMzSk0yTGNoY1VfbEhnZ3ZfdWZRIiwgImlzX292ZXJfMTgiLCB0cnVlXQ",
+  "WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgImlzX292ZXJfMjEiLCB0cnVlXQ",
+  "WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLCB0cnVlXQ",
+  "WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0",
+];
+
+const sdJwt = {
+  header: {
+    typ: "vc+sd-jwt",
+    alg: "ES256",
+    kid: "b186ea0c1925793097bf01b8a289a45f",
+    trust_chain: [
+      "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
+      "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...",
+      "IkJYdmZybG5oQU11SFIwN2FqVW1B ...",
+    ],
+  },
+  payload: {
+    iss: "https://example.com/issuer",
+    sub: "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs...",
+    jti: "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c",
+    iat: 1541493724,
+    exp: 1541493724,
+    status: "https://example.com/status",
+    cnf: {
+      jwk: {
+        kty: "RSA",
+        use: "sig",
+        n: "1Ta-sE",
+        e: "AQAB",
+        kid: "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
+      },
+    },
+    type: "PersonIdentificationData",
+    verified_claims: {
+      verification: {
+        _sd: ["JzYjH4svliH0R3PyEMfeZu6Jt69u5qehZo7F7EPYlSE"],
+        trust_framework: "eidas",
+        assurance_level: "high",
+      },
+      claims: {
+        _sd: [
+          "09vKrJMOlyTWM0sjpu_pdOBVBQ2M1y3KhpH515nXkpY",
+          "2rsjGbaC0ky8mT0pJrPioWTq0_daw1sX76poUlgCwbI",
+          "EkO8dhW0dHEJbvUHlE_VCeuC9uRELOieLZhh7XbUTtA",
+          "IlDzIKeiZdDwpqpK6ZfbyphFvz5FgnWa-sN6wqQXCiw",
+          "PorFbpKuVu6xymJagvkFsFXAbRoc2JGlAUA2BA4o7cI",
+          "TGf4oLbgwd5JQaHyKVQZU9UdGE0w5rtDsrZzfUaomLo",
+          "jdrTE8YcbY4EifugihiAe_BPekxJQZICeiUQwY9QqxI",
+          "jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4",
+        ],
+      },
+    },
+    _sd_alg: "sha-256",
+  },
+};
+
+// In the very same order than tokenizedDisclosures
+const disclosures = [
+  ["2GLC42sKQveCfGfryNRN9w", "given_name", "John"],
+  ["eluV5Og3gSNII8EYnsxA_A", "family_name", "Doe"],
+  ["6Ij7tM-a5iVPGboS5tmvVA", "email", "johndoe@example.com"],
+  ["eI8ZWm9QnKPpNPeNenHdhQ", "phone_number", "+1-202-555-0101"],
+  ["AJx-095VPrpTtN4QMOqROA", "birthdate", "1940-01-01"],
+  ["Pc33JM2LchcU_lHggv_ufQ", "is_over_18", true],
+  ["G02NSrQfjFXQ7Io09syajA", "is_over_21", true],
+  ["lklxF5jMYlGTPUovMNIvCA", "is_over_65", true],
+  [
+    "Qg_O64zqAxe412a108iroA",
+    "address",
+    {
+      street_address: "123 Main St",
+      locality: "Anytown",
+      region: "Anystate",
+      country: "US",
+    },
+  ],
+];
+it("Ensures example data correctness", () => {
+  expect(
+    JSON.parse(decodeBase64(encodeBase64(JSON.stringify(sdJwt.header))))
+  ).toEqual(sdJwt.header);
+  expect([signed, ...tokenizedDisclosures].join("~")).toBe(token);
+});
+
+describe("decode", () => {
+  it("should decode a valid token", () => {
+    const result = decode(token, SdJwt4VC);
+    expect(result).toEqual({
+      sdJwt,
+      disclosures: disclosures.map((decoded, i) => ({
+        decoded,
+        encoded: tokenizedDisclosures[i],
+      })),
+    });
+  });
+});
+
+describe("disclose", () => {
+  it("should encode a valid sdjwt (one claim)", async () => {
+    const result = await disclose(token, ["given_name"]);
+    const expected = {
+      token: `${signed}~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd`,
+      paths: [{ claim: "given_name", path: "verified_claims.claims._sd[7]" }],
+    };
+
+    expect(result).toEqual(expected);
+  });
+
+  it("should encode a valid sdjwt (no claims)", async () => {
+    const result = await disclose(token, []);
+    const expected = { token: `${signed}`, paths: [] };
+
+    expect(result).toEqual(expected);
+  });
+
+  it("should encode a valid sdjwt (multiple claims)", async () => {
+    const result = await disclose(token, ["given_name", "email"]);
+    const expected = {
+      token: `${signed}~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ`,
+      paths: [
+        {
+          claim: "given_name",
+          path: "verified_claims.claims._sd[7]",
+        },
+        {
+          claim: "email",
+          path: "verified_claims.verification._sd[0]",
+        },
+      ],
+    };
+
+    expect(result).toEqual(expected);
+  });
+
+  it("should fail on unknown claim", async () => {
+    const fn = async () => disclose(token, ["unknown"]);
+
+    await expect(fn()).rejects.toEqual(expect.any(Error));
+  });
+});

package/src/sd-jwt/index.ts

@@ -2,11 +2,21 @@ import { z } from "zod";
 
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
+import { sha256ToBase64 } from "@pagopa/io-react-native-jwt";
 
 import { decodeBase64 } from "@pagopa/io-react-native-jwt";
-import { Disclosure } from "./types";
+import { Disclosure, SdJwt4VC, type DisclosureWithEncoded } from "./types";
 import { verifyDisclosure } from "./verifier";
 import type { JWK } from "src/utils/jwk";
+import {
+  ClaimsNotFoundBetweenDislosures,
+  ClaimsNotFoundInToken,
+} from "../utils/errors";
+
+const decodeDisclosure = (encoded: string): DisclosureWithEncoded => {
+  const decoded = Disclosure.parse(JSON.parse(decodeBase64(encoded)));
+  return { decoded, encoded };
+};
 
 /**
  * Decode a given SD-JWT with Disclosures to get the parsed SD-JWT object they define.
@@ -25,7 +35,10 @@ import type { JWK } from "src/utils/jwk";
 export const decode = <S extends z.AnyZodObject>(
   token: string,
   schema: S
-): { sdJwt: z.infer<S>; disclosures: Disclosure[] } => {
+): {
+  sdJwt: z.infer<S>;
+  disclosures: DisclosureWithEncoded[];
+} => {
   // token are expected in the form "sd-jwt~disclosure0~disclosure1~...~disclosureN~"
   if (token.slice(-1) === "~") {
     token = token.slice(0, -1);
@@ -43,14 +56,75 @@ export const decode = <S extends z.AnyZodObject>(
   // get disclosures as list of triples
   // validate each triple
   // throw a validation error if at least one fails to parse
-  const disclosures = rawDisclosures
-    .map(decodeBase64)
-    .map((e) => JSON.parse(e))
-    .map((e) => Disclosure.parse(e));
+  const disclosures = rawDisclosures.map(decodeDisclosure);
 
   return { sdJwt, disclosures };
 };
 
+/**
+ * Select disclosures from a given SD-JWT with Disclosures.
+ * Claims relate with disclosures by their name.
+ *
+ * @function
+ * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
+ * @param claims The list of claims to be disclosed
+ *
+ * @throws {ClaimsNotFoundBetweenDislosures} When one or more claims does not relate to any discloure.
+ * @throws {ClaimsNotFoundInToken} When one or more claims are not contained in the SD-JWT token.
+ * @returns The encoded token with only the requested disclosures, along with the path each claim can be found on the SD-JWT token
+ *
+ */
+export const disclose = async (
+  token: string,
+  claims: string[]
+): Promise<{ token: string; paths: { claim: string; path: string }[] }> => {
+  const [rawSdJwt, ...rawDisclosures] = token.split("~");
+  const { sdJwt, disclosures } = decode(token, SdJwt4VC);
+
+  // for each claim, return the path on which they are located in the SD-JWT token
+  const paths = await Promise.all(
+    claims.map(async (claim) => {
+      const disclosure = disclosures.find(
+        ({ decoded: [, name] }) => name === claim
+      );
+
+      // check every claim represents a known disclosure
+      if (!disclosure) {
+        throw new ClaimsNotFoundBetweenDislosures(claim);
+      }
+
+      const hash = await sha256ToBase64(disclosure.encoded);
+
+      // _sd is defined in verified_claims.claims and verified_claims.verification
+      // we must look into both
+      if (sdJwt.payload.verified_claims.claims._sd.includes(hash)) {
+        const index = sdJwt.payload.verified_claims.claims._sd.indexOf(hash);
+        return { claim, path: `verified_claims.claims._sd[${index}]` };
+      } else if (
+        sdJwt.payload.verified_claims.verification._sd.includes(hash)
+      ) {
+        const index =
+          sdJwt.payload.verified_claims.verification._sd.indexOf(hash);
+        return { claim, path: `verified_claims.verification._sd[${index}]` };
+      }
+
+      throw new ClaimsNotFoundInToken(claim);
+    })
+  );
+
+  const filteredDisclosures = rawDisclosures.filter((d) => {
+    const {
+      decoded: [, name],
+    } = decodeDisclosure(d);
+    return claims.includes(name);
+  });
+
+  // compose the final disclosed token
+  const disclosedToken = [rawSdJwt, ...filteredDisclosures].join("~");
+
+  return { token: disclosedToken, paths };
+};
+
 /**
  * Verify a given SD-JWT with Disclosures
  * Same as {@link decode} plus:
@@ -91,5 +165,8 @@ export const verify = async <S extends z.AnyZodObject>(
     )
   );
 
-  return decoded;
+  return {
+    sdJwt: decoded.sdJwt,
+    disclosures: decoded.disclosures.map((d) => d.decoded),
+  };
 };

package/src/sd-jwt/types.ts

@@ -20,6 +20,19 @@ export const Disclosure = z.tuple([
   /* claim value */ z.unknown(),
 ]);
 
+/**
+ * Encoding depends on the serialization algorithm used when generating the disclosure tokens.
+ * The SD-JWT reference itself take no decision about how to handle whitespaces in serialized objects.
+ * For such reason, we may find conveninent to have encoded and decode values stored explicitly in the same structure.
+ * Please note that `encoded` can always decode into `decode`, but `decode` may or may not be encoded with the same value of `encoded`
+ *
+ * @see https://www.ietf.org/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-disclosures-for-object-prop
+ */
+export type DisclosureWithEncoded = {
+  decoded: Disclosure;
+  encoded: string;
+};
+
 export type SdJwt4VC = z.infer<typeof SdJwt4VC>;
 export const SdJwt4VC = z.object({
   header: z.object({

package/src/sd-jwt/verifier.ts

@@ -1,19 +1,17 @@
-import { encodeBase64, sha256ToBase64 } from "@pagopa/io-react-native-jwt";
+import { sha256ToBase64 } from "@pagopa/io-react-native-jwt";
 
 import { ValidationFailed } from "../utils/errors";
-import type { Disclosure, ObfuscatedDisclosures } from "./types";
+import type { DisclosureWithEncoded, ObfuscatedDisclosures } from "./types";
 
 export const verifyDisclosure = async (
-  disclosure: Disclosure,
+  { encoded, decoded }: DisclosureWithEncoded,
   claims: ObfuscatedDisclosures["_sd"]
 ) => {
-  let disclosureString = JSON.stringify(disclosure);
-  let encodedDisclosure = encodeBase64(disclosureString);
-  let hash = await sha256ToBase64(encodedDisclosure);
+  let hash = await sha256ToBase64(encoded);
   if (!claims.includes(hash)) {
     throw new ValidationFailed(
       "Validation of disclosure failed",
-      `${disclosure}`,
+      `${decoded}`,
       "Disclosure hash not found in claims"
     );
   }