@pagopa/io-react-native-wallet 0.24.1 → 0.26.0

package/src/client/index.ts

@@ -1,12 +1,16 @@
+import { parseRawHttpResponse } from "../utils/misc";
 import { WalletProviderResponseError } from "../utils/errors";
 import {
   ProblemDetail,
   createApiClient as createWalletProviderApiClient,
+  ApiClient as WalletProviderApiClient,
+  type EndpointParameters,
 } from "./generated/wallet-provider";
-import { ApiClient as WalletProviderApiClient } from "./generated/wallet-provider";
 
 export type WalletProviderClient = WalletProviderApiClient;
 
+type RawHttpResponse = Awaited<ReturnType<typeof parseRawHttpResponse>>;
+
 const validateResponse = async (response: Response) => {
   if (!response.ok) {
     let problemDetail: ProblemDetail = {};
@@ -18,12 +22,11 @@ const validateResponse = async (response: Response) => {
       };
     }
 
-    throw new WalletProviderResponseError(
-      problemDetail.title ?? "Invalid response from Wallet Provider",
-      problemDetail.type,
-      problemDetail.detail,
-      response.status
-    );
+    throw new WalletProviderResponseError({
+      message: problemDetail.title ?? "Invalid response from Wallet Provider",
+      reason: problemDetail,
+      statusCode: response.status,
+    });
   }
   return response;
 };
@@ -36,7 +39,7 @@ export const getWalletProviderClient = (context: {
 
   return createWalletProviderApiClient(
     (method, url, params) =>
-      appFetch(url, {
+      appFetch(interpolateUrl(url, params), {
         method,
         body: params ? JSON.stringify(params.body) : undefined,
         headers: {
@@ -44,13 +47,23 @@ export const getWalletProviderClient = (context: {
         },
       })
         .then(validateResponse)
-        .then((res) => {
-          const contentType = res.headers.get("content-type");
-          if (contentType?.includes("application/json")) {
-            return res.json();
-          }
-          return res.text();
-        }),
+        .then<RawHttpResponse>(parseRawHttpResponse),
     walletProviderBaseUrl
   );
 };
+
+/**
+ * Function to interpolate the url when the request includes path params.
+ * The client generator expects the literal name of the param in the url
+ * and passes the actual values in a separate object.
+ */
+export const interpolateUrl = (url: string, params?: EndpointParameters) => {
+  if (!params?.path) return url;
+
+  for (const [key, value] of Object.entries(params.path)) {
+    if (typeof value === "string") {
+      url = url.replace(`{${key}}`, value);
+    }
+  }
+  return url;
+};

package/src/credential/issuance/03-start-user-authorization.ts

@@ -79,7 +79,7 @@ const selectResponseMode = (
 
 /**
  * WARNING: This function must be called after {@link evaluateIssuerTrust} and {@link startFlow}. The next steam is {@link compeUserAuthorizationWithQueryMode} or {@link compeUserAuthorizationWithFormPostJwtMode}
- * Creates and sends a PAR request to the /as/par endpoint of the authroization server.
+ * Creates and sends a PAR request to the /as/par endpoint of the authorization server.
  * This starts the authentication flow to obtain an access token.
  * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer.
  * This is an HTTP POST request containing the Wallet Instance identifier (client id), the code challenge and challenge method as specified by PKCE according to RFC 9126
@@ -88,7 +88,7 @@ const selectResponseMode = (
  * the application session identifier on the Wallet Instance side (state),
  * the method (query or form_post.jwt) by which the Authorization Server
  * should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
- * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirect_uri of the Wallet Instance where the Authorization Response
+ * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
  * should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
  * @param issuerConf The issuer configuration
  * @param credentialType The type of the credential to be requested returned by {@link selectCredentialDefinition}

package/src/credential/issuance/04-complete-user-authorization.ts

@@ -1,26 +1,13 @@
 import {
   AuthorizationErrorShape,
   AuthorizationResultShape,
-  type AuthorizationContext,
   type AuthorizationResult,
 } from "../../utils/auth";
-import {
-  createAbortPromiseFromSignal,
-  hasStatus,
-  isDefined,
-  until,
-  type Out,
-} from "../../utils/misc";
+import { hasStatusOrThrow, type Out } from "../../utils/misc";
 import type { StartUserAuthorization } from "./03-start-user-authorization";
 import parseUrl from "parse-url";
-import {
-  AuthorizationError,
-  AuthorizationIdpError,
-  OperationAbortedError,
-  ValidationFailed,
-} from "../../utils/errors";
+import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
-import { Linking } from "react-native";
 import {
   decode,
   encodeBase64,
@@ -31,18 +18,13 @@ import { RequestObject } from "../presentation/types";
 import uuid from "react-native-uuid";
 import { ResponseUriResultShape } from "./types";
 import { getJwtFromFormPost } from "../../utils/decoder";
+import { AuthorizationError, AuthorizationIdpError } from "./errors";
 
 /**
  * The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
  */
 export type CompleteUserAuthorizationWithQueryMode = (
-  issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"],
-  clientId: Out<StartUserAuthorization>["clientId"],
-  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
-  idpHint: string,
-  redirectUri: string,
-  authorizationContext?: AuthorizationContext,
-  signal?: AbortSignal
+  authRedirectUrl: string
 ) => Promise<AuthorizationResult>;
 
 export type CompleteUserAuthorizationWithFormPostJwtMode = (
@@ -63,99 +45,56 @@ export type GetRequestedCredentialToBePresented = (
   appFetch?: GlobalFetch["fetch"]
 ) => Promise<RequestObject>;
 
+export type BuildAuthorizationUrl = (
+  issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"],
+  clientId: Out<StartUserAuthorization>["clientId"],
+  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
+  idpHint: string
+) => Promise<{
+  authUrl: string;
+}>;
+
 /**
- * WARNING: This function must be called after {@link startUserAuthorization}. The next function to be called is {@link authorizeAccess}.
- * The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
- * It is used to complete the user authorization by catching the redirectSchema from the authorization server which then contains the authorization response.
- * This function utilizes the authorization context to open an in-app browser capable of catching the redirectSchema to perform a get request to the authorization endpoint.
- * If the 302 redirect happens and the redirectSchema is caught, the function will return the authorization response after parsing it from the query string.
+ * WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
+ * Builds the authorization URL to which the end user should be redirected to continue the authentication flow.
  * @param issuerRequestUri the URI of the issuer where the request is sent
  * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
  * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param authorizationContext The context to identify the user which will be used to start the authorization. It's needed only when requesting a PersonalIdentificationData credential. The implementantion should open an in-app browser capable of catching the redirectSchema.
- * If not specified, the default browser is used
- * @param idphint Unique identifier of the SPID IDP selected by the user
- * @param redirectUri The url to reach to complete the user authorization which is the custom URL scheme that the Wallet Instance is registered to handle, usually a custom URL or deeplink
- * @param signal An optional {@link AbortSignal} to abort the operation when using the default browser
- * @throws {AuthorizationError} if an error occurs during the authorization process
- * @throws {AuthorizationIdpError} if an error occurs during the authorization process and the error is related to the IDP
- * @throws {OperationAbortedError} if the caller aborts the operation via the provided signal
- * @returns the authorization response which contains code, state and iss
+ * @param idpHint Unique identifier of the IDP selected by the user
+ * @returns An object containing the authorization URL
  */
-export const completeUserAuthorizationWithQueryMode: CompleteUserAuthorizationWithQueryMode =
-  async (
-    issuerRequestUri,
-    clientId,
-    issuerConf,
-    idpHint,
-    redirectUri,
-    authorizationContext,
-    signal
-  ) => {
-    const authzRequestEndpoint =
-      issuerConf.oauth_authorization_server.authorization_endpoint;
-    const params = new URLSearchParams({
-      client_id: clientId,
-      request_uri: issuerRequestUri,
-      idphint: idpHint,
-    });
-    const authUrl = `${authzRequestEndpoint}?${params}`;
-    var authRedirectUrl: string | undefined;
-
-    if (authorizationContext) {
-      const redirectSchema = new URL(redirectUri).protocol.replace(":", "");
-      authRedirectUrl = await authorizationContext
-        .authorize(authUrl, redirectSchema)
-        .catch((e) => {
-          throw new AuthorizationError(e.message);
-        });
-    } else {
-      // handler for redirectUri
-      const urlEventListener = Linking.addEventListener("url", ({ url }) => {
-        if (url.includes(redirectUri)) {
-          authRedirectUrl = url;
-        }
-      });
+export const buildAuthorizationUrl: BuildAuthorizationUrl = async (
+  issuerRequestUri,
+  clientId,
+  issuerConf,
+  idpHint
+) => {
+  const authzRequestEndpoint =
+    issuerConf.oauth_authorization_server.authorization_endpoint;
 
-      const operationIsAborted = signal
-        ? createAbortPromiseFromSignal(signal)
-        : undefined;
-      await Linking.openURL(authUrl);
+  const params = new URLSearchParams({
+    client_id: clientId,
+    request_uri: issuerRequestUri,
+    idphint: idpHint,
+  });
 
-      /*
-       * Waits for 120 seconds for the identificationRedirectUrl variable to be set
-       * by the custom url handler. If the timeout is exceeded, throw an exception
-       */
-      const unitAuthRedirectIsNotUndefined = until(
-        () => authRedirectUrl !== undefined,
-        120
-      );
+  const authUrl = `${authzRequestEndpoint}?${params}`;
 
-      /**
-       * Simultaneously listen for the abort signal (when provided) and the redirect url.
-       * The first event that occurs will resolve the promise.
-       * This is useful to properly cleanup when the caller aborts this operation.
-       */
-      const winner = await Promise.race(
-        [operationIsAborted?.listen(), unitAuthRedirectIsNotUndefined].filter(
-          isDefined
-        )
-      ).finally(() => {
-        urlEventListener.remove();
-        operationIsAborted?.remove();
-      });
-
-      if (winner === "OPERATION_ABORTED") {
-        throw new OperationAbortedError("DefaultQueryModeAuthorization");
-      }
-
-      if (authRedirectUrl === undefined) {
-        throw new AuthorizationError("Invalid authentication redirect url");
-      }
-    }
+  return { authUrl };
+};
 
+/**
+ * WARNING: This function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID.
+ * Complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
+ * This function parses the authorization redirect URL to extract the authorization response.
+ * @param authRedirectUrl The URL to which the end user should be redirected to start the authentication flow
+ * @returns the authorization response which contains code, state and iss
+ */
+export const completeUserAuthorizationWithQueryMode: CompleteUserAuthorizationWithQueryMode =
+  async (authRedirectUrl) => {
     const query = parseUrl(authRedirectUrl).query;
-    return parseAuthroizationResponse(query);
+
+    return parseAuthorizationResponse(query);
   };
 
 /**
@@ -183,16 +122,16 @@ export const getRequestedCredentialToBePresented: GetRequestedCredentialToBePres
       `${authzRequestEndpoint}?${params.toString()}`,
       { method: "GET" }
     )
-      .then(hasStatus(200))
+      .then(hasStatusOrThrow(200, IssuerResponseError))
       .then((res) => res.text())
       .then((jws) => decode(jws))
       .then((reqObj) => RequestObject.safeParse(reqObj.payload));
 
     if (!requestObject.success) {
-      throw new ValidationFailed(
-        "Request Object validation failed",
-        requestObject.error.message
-      );
+      throw new ValidationFailed({
+        message: "Request Object validation failed",
+        reason: requestObject.error.message,
+      });
     }
     return requestObject.data;
   };
@@ -300,22 +239,22 @@ export const completeUserAuthorizationWithFormPostJwtMode: CompleteUserAuthoriza
       },
       body,
     })
-      .then(hasStatus(200))
+      .then(hasStatusOrThrow(200, IssuerResponseError))
       .then((reqUri) => reqUri.json());
 
     const responseUri = ResponseUriResultShape.safeParse(resUriRes);
     if (!responseUri.success) {
-      throw new ValidationFailed(
-        "Response Uri validation failed",
-        responseUri.error.message
-      );
+      throw new ValidationFailed({
+        message: "Response Uri validation failed",
+        reason: responseUri.error.message,
+      });
     }
 
     return await appFetch(responseUri.data.redirect_uri)
-      .then(hasStatus(200))
+      .then(hasStatusOrThrow(200, IssuerResponseError))
       .then((res) => res.text())
       .then(getJwtFromFormPost)
-      .then((cbRes) => parseAuthroizationResponse(cbRes.decodedJwt.payload));
+      .then((cbRes) => parseAuthorizationResponse(cbRes.decodedJwt.payload));
   };
 
 /**
@@ -325,7 +264,7 @@ export const completeUserAuthorizationWithFormPostJwtMode: CompleteUserAuthoriza
  * @param authRes the authorization response to be parsed
  * @returns the authorization result which contains code, state and iss
  */
-export const parseAuthroizationResponse = (
+export const parseAuthorizationResponse = (
   authRes: unknown
 ): AuthorizationResult => {
   const authResParsed = AuthorizationResultShape.safeParse(authRes);

package/src/credential/issuance/05-authorize-access.ts

@@ -1,4 +1,4 @@
-import { hasStatus, type Out } from "../../utils/misc";
+import { hasStatusOrThrow, type Out } from "../../utils/misc";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import type { StartUserAuthorization } from "./03-start-user-authorization";
 import { createDPopToken } from "../../utils/dpop";
@@ -8,7 +8,7 @@ import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
 import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 import { ASSERTION_TYPE } from "./const";
 import { TokenResponse } from "./types";
-import { ValidationFailed } from "../../utils/errors";
+import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
 import type { CompleteUserAuthorizationWithQueryMode } from "./04-complete-user-authorization";
 
 export type AuthorizeAccess = (
@@ -103,12 +103,15 @@ export const authorizeAccess: AuthorizeAccess = async (
     },
     body: authorizationRequestFormBody.toString(),
   })
-    .then(hasStatus(200))
+    .then(hasStatusOrThrow(200, IssuerResponseError))
     .then((res) => res.json())
     .then((body) => TokenResponse.safeParse(body));
 
   if (!tokenRes.success) {
-    throw new ValidationFailed(tokenRes.error.message);
+    throw new ValidationFailed({
+      message: "Token Response validation failed",
+      reason: tokenRes.error.message,
+    });
   }
 
   return { accessToken: tokenRes.data };

package/src/credential/issuance/06-obtain-credential.ts

@@ -1,21 +1,20 @@
 import {
+  type CryptoContext,
   sha256ToBase64,
   SignJWT,
-  type CryptoContext,
 } from "@pagopa/io-react-native-jwt";
 import type { AuthorizeAccess } from "./05-authorize-access";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
-import { hasStatus, safeJsonParse, type Out } from "../../utils/misc";
+import { hasStatusOrThrow, type Out } from "../../utils/misc";
 import type { StartUserAuthorization } from "./03-start-user-authorization";
 import {
-  CredentialInvalidStatusError,
-  CredentialIssuingNotSynchronousError,
-  CredentialRequestError,
+  IssuerResponseError,
+  IssuerResponseErrorCodes,
+  ResponseErrorBuilder,
   UnexpectedStatusCodeError,
   ValidationFailed,
 } from "../../utils/errors";
-import { CredentialIssuanceFailureResponse, CredentialResponse } from "./types";
-
+import { CredentialResponse } from "./types";
 import { createDPopToken } from "../../utils/dpop";
 import uuid from "react-native-uuid";
 
@@ -97,7 +96,7 @@ export const obtainCredential: ObtainCredential = async (
   );
 
   // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
-  const constainsCredentialDefinition = accessToken.authorization_details.some(
+  const containsCredentialDefinition = accessToken.authorization_details.some(
     (c) =>
       c.credential_configuration_id ===
         credentialDefinition.credential_configuration_id &&
@@ -105,10 +104,11 @@ export const obtainCredential: ObtainCredential = async (
       c.type === credentialDefinition.type
   );
 
-  if (!constainsCredentialDefinition) {
-    throw new ValidationFailed(
-      "The access token response does not contain the requested credential"
-    );
+  if (!containsCredentialDefinition) {
+    throw new ValidationFailed({
+      message:
+        "The access token response does not contain the requested credential",
+    });
   }
 
   /** The credential request body */
@@ -123,7 +123,7 @@ export const obtainCredential: ObtainCredential = async (
     },
   };
 
-  const tokenRequestSignedDPop = await await createDPopToken(
+  const tokenRequestSignedDPop = await createDPopToken(
     {
       htm: "POST",
       htu: credentialUrl,
@@ -141,13 +141,16 @@ export const obtainCredential: ObtainCredential = async (
     },
     body: JSON.stringify(credentialRequestFormBody),
   })
-    .then(hasStatus(200))
+    .then(hasStatusOrThrow(200))
     .then((res) => res.json())
     .then((body) => CredentialResponse.safeParse(body))
     .catch(handleObtainCredentialError);
 
   if (!credentialRes.success) {
-    throw new ValidationFailed(credentialRes.error.message);
+    throw new ValidationFailed({
+      message: "Credential Response validation failed",
+      reason: credentialRes.error.message,
+    });
   }
 
   return credentialRes.data;
@@ -165,28 +168,25 @@ const handleObtainCredentialError = (e: unknown) => {
     throw e;
   }
 
-  // Although it is technically not an error, we handle it as such to avoid
-  // changing the return type of `obtainCredential` and introduce a breaking change.
-  if (e.statusCode === 201) {
-    throw new CredentialIssuingNotSynchronousError(
-      "This credential cannot be issued synchronously. It will be available at a later time.",
-      e.message
-    );
-  }
-
-  if ([403, 404].includes(e.statusCode)) {
-    const maybeError = CredentialIssuanceFailureResponse.safeParse(
-      safeJsonParse(e.responseBody)
-    );
-    throw new CredentialInvalidStatusError(
-      "Invalid status found for the given credential",
-      maybeError.success ? maybeError.data.error : "unknown",
-      e.message
-    );
-  }
-
-  throw new CredentialRequestError(
-    `Unable to obtain the requested credential [response status code: ${e.statusCode}]`,
-    e.message
-  );
+  throw new ResponseErrorBuilder(IssuerResponseError)
+    .handle(201, {
+      // Although it is technically not an error, we handle it as such to avoid
+      // changing the return type of `obtainCredential` and introduce a breaking change.
+      code: IssuerResponseErrorCodes.CredentialIssuingNotSynchronous,
+      message:
+        "This credential cannot be issued synchronously. It will be available at a later time.",
+    })
+    .handle(403, {
+      code: IssuerResponseErrorCodes.CredentialInvalidStatus,
+      message: "Invalid status found for the given credential",
+    })
+    .handle(404, {
+      code: IssuerResponseErrorCodes.CredentialInvalidStatus,
+      message: "Invalid status found for the given credential",
+    })
+    .handle("*", {
+      code: IssuerResponseErrorCodes.CredentialRequestFailed,
+      message: "Unable to obtain the requested credential",
+    })
+    .buildFrom(e);
 };

package/src/credential/issuance/README.md

@@ -39,20 +39,14 @@ graph TD;
 
 ## Mapped results
 
-### 201 Created (CredentialIssuingNotSynchronousError)
+The following errors are mapped to a `IssuerResponseError` with specific codes.
 
-A `201 Created` response is returned by the credential issuer when the request has been queued because the credential cannot be issued synchronously. The consumer should try to obtain the credential at a later time.
-
-Although `201 Created` is not considered an error, it is mapped as an error in this context in order to handle the case where the credential issuance is not synchronous.
-This allows keeping the flow consistent and handle the case where the credential is not immediately available.
-
-### 403 Forbidden (CredentialInvalidStatusError)
-
-A `403 Forbidden` response is returned by the credential issuer when the requested credential has an invalid status. It might contain more details in the `errorCode` property.
-
-### 404 Not Found (CredentialInvalidStatusError)
-
-A `404 Not Found` response is returned by the credential issuer when the authenticated user is not entitled to receive the requested credential. It might contain more details in the `errorCode` property.
+|HTTP Status|Error Code|Description|
+|-----------|----------|-----------|
+|`201 Created`|`ERR_CREDENTIAL_ISSUING_NOT_SYNCHRONOUS`| This response is returned by the credential issuer when the request has been queued because the credential cannot be issued synchronously. The consumer should try to obtain the credential at a later time. Although `201 Created` is not considered an error, it is mapped as an error in this context in order to handle the case where the credential issuance is not synchronous. This allows keeping the flow consistent and handle the case where the credential is not immediately available.|
+|`403 Forbidden`|`ERR_CREDENTIAL_INVALID_STATUS`|This response is returned by the credential issuer when the requested credential has an invalid status. It might contain more details in the `reason` property.|
+|`404 Not Found`|`ERR_CREDENTIAL_INVALID_STATUS`| This response is returned by the credential issuer when the authenticated user is not entitled to receive the requested credential. It might contain more details in the `reason` property.|
+|`*`|`ERR_ISSUER_GENERIC_ERROR`|This is a generic error code to map unexpected errors that occurred when interacting with the Issuer.|
 
 ## Strong authentication for eID issuance (Query Mode)
 
@@ -278,7 +272,7 @@ const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
     appFetch,
   });
 
-// Complete the authroization process with query mode with the authorizationContext which opens the browser
+// Complete the authorization process with query mode with the authorizationContext which opens the browser
 const { code } =
   await Credential.Issuance.completeUserAuthorizationWithQueryMode(
     issuerRequestUri,

package/src/credential/issuance/errors.ts

@@ -0,0 +1,44 @@
+import { IoWalletError, serializeAttrs } from "../../utils/errors";
+
+/**
+ * An error subclass thrown when an error occurs during the authorization process.
+ */
+export class AuthorizationError extends IoWalletError {
+  code = "ERR_IO_WALLET_AUTHORIZATION_ERROR";
+
+  constructor(message?: string) {
+    super(message);
+  }
+}
+
+/**
+ * An error subclass thrown when an error occurs during the authorization process with the IDP.
+ * It contains the error and error description returned by the IDP.
+ */
+export class AuthorizationIdpError extends IoWalletError {
+  code = "ERR_IO_WALLET_IDENTIFICATION_RESPONSE_PARSING_FAILED";
+
+  error: string;
+  errorDescription?: string;
+
+  constructor(error: string, errorDescription?: string) {
+    super(serializeAttrs({ error, errorDescription }));
+    this.error = error;
+    this.errorDescription = errorDescription;
+  }
+}
+
+/**
+ * Error subclass thrown when an operation has been aborted.
+ */
+export class OperationAbortedError extends IoWalletError {
+  code = "ERR_IO_WALLET_OPERATION_ABORTED";
+
+  /** The aborted operation */
+  operation: string;
+
+  constructor(operation: string) {
+    super(serializeAttrs({ operation }));
+    this.operation = operation;
+  }
+}

package/src/credential/issuance/index.ts

@@ -10,10 +10,12 @@ import {
 import {
   completeUserAuthorizationWithQueryMode,
   completeUserAuthorizationWithFormPostJwtMode,
-  parseAuthroizationResponse,
+  parseAuthorizationResponse,
+  buildAuthorizationUrl,
   type CompleteUserAuthorizationWithQueryMode,
   type CompleteUserAuthorizationWithFormPostJwtMode,
   type GetRequestedCredentialToBePresented,
+  type BuildAuthorizationUrl,
   getRequestedCredentialToBePresented,
 } from "./04-complete-user-authorization";
 import { authorizeAccess, type AuthorizeAccess } from "./05-authorize-access";
@@ -25,22 +27,26 @@ import {
   verifyAndParseCredential,
   type VerifyAndParseCredential,
 } from "./07-verify-and-parse-credential";
+import * as Errors from "./errors";
 
 export {
   evaluateIssuerTrust,
   startUserAuthorization,
+  buildAuthorizationUrl,
   completeUserAuthorizationWithQueryMode,
   getRequestedCredentialToBePresented,
   completeUserAuthorizationWithFormPostJwtMode,
   authorizeAccess,
   obtainCredential,
   verifyAndParseCredential,
-  parseAuthroizationResponse,
+  parseAuthorizationResponse,
+  Errors,
 };
 export type {
   StartFlow,
   EvaluateIssuerTrust,
   StartUserAuthorization,
+  BuildAuthorizationUrl,
   CompleteUserAuthorizationWithQueryMode,
   GetRequestedCredentialToBePresented,
   CompleteUserAuthorizationWithFormPostJwtMode,

package/src/credential/issuance/types.ts

@@ -30,11 +30,3 @@ export const ResponseUriResultShape = z.object({
 });
 
 export type ResponseMode = "query" | "form_post.jwt";
-
-export const CredentialIssuanceFailureResponse = z.object({
-  error: z.string(),
-});
-
-export type CredentialIssuanceFailureResponse = z.infer<
-  typeof CredentialIssuanceFailureResponse
->;

package/src/credential/presentation/01-start-flow.ts

@@ -1,6 +1,6 @@
 import * as z from "zod";
 import { decodeBase64 } from "@pagopa/io-react-native-jwt";
-import { AuthRequestDecodeError } from "../../utils/errors";
+import { AuthRequestDecodeError } from "./errors";
 
 const QRCodePayload = z.object({
   protocol: z.string(),