@pagopa/io-react-native-wallet 0.28.0 → 0.28.2

package/lib/commonjs/credential/issuance/03-start-user-authorization.js

@@ -72,6 +72,9 @@ const startUserAuthorization = async (issuerConf, credentialType, ctx) => {
     appFetch = fetch
   } = ctx;
   const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
+  if (!clientId) {
+    throw new Error("No public key found");
+  }
   const codeVerifier = (0, _misc.generateRandomAlphaNumericString)(64);
   const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
   const credentialDefinition = selectCredentialDefinition(issuerConf, credentialType);

package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["_misc","require","_par","_const","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","format","type","Error","selectResponseMode","responseModeSupported","oauth_authorization_server","response_modes_supported","responseMode","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","generateRandomAlphaNumericString","parEndpoint","pushed_authorization_request_endpoint","credentialDefinition","getPar","makeParRequest","issuerRequestUri","ASSERTION_TYPE","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":";;;;;;AAEA,IAAAA,KAAA,GAAAC,OAAA;AAGA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMG,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,cAAc,CAAC,CAAC,CACzCS,GAAG,CAAEF,CAAC,KAAM;IACXG,2BAA2B,EAAEV,cAAc;IAC3CW,MAAM,EAAEV,mCAAmC,CAACM,CAAC,CAAC,CAAEI,MAAM;IACtDC,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACT,MAAM,EAAE;IACX,MAAM,IAAIU,KAAK,CAAE,mCAAkCb,cAAe,GAAE,CAAC;EACvE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMW,kBAAkB,GAAGA,CACzBf,UAAkD,EAClDC,cAAgD,KAC/B;EACjB,MAAMe,qBAAqB,GACzBhB,UAAU,CAACiB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,YAAY,GAChBlB,cAAc,KAAK,0BAA0B,GAAG,OAAO,GAAG,eAAe;EAE3E,IAAI,CAACe,qBAAqB,CAACP,QAAQ,CAACU,YAAY,CAAC,EAAE;IACjD,MAAM,IAAIL,KAAK,CAAE,sCAAqCb,cAAe,GAAE,CAAC;EAC1E;EAEA,OAAOkB,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,sBAA8C,GAAG,MAAAA,CAC5DpB,UAAU,EACVC,cAAc,EACdoB,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,MAAMC,YAAY,GAAG,IAAAC,sCAAgC,EAAC,EAAE,CAAC;EACzD,MAAMC,WAAW,GACflC,UAAU,CAACiB,0BAA0B,CAACkB,qCAAqC;EAC7E,MAAMC,oBAAoB,GAAGrC,0BAA0B,CACrDC,UAAU,EACVC,cACF,CAAC;EACD,MAAMkB,YAAY,GAAGJ,kBAAkB,CAACf,UAAU,EAAEC,cAAc,CAAC;EAEnE,MAAMoC,MAAM,GAAG,IAAAC,mBAAc,EAAC;IAAEhB,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,MAAMc,gBAAgB,GAAG,MAAMF,MAAM,CACnCV,QAAQ,EACRK,YAAY,EACZR,WAAW,EACXL,YAAY,EACZe,WAAW,EACXX,yBAAyB,EACzB,CAACa,oBAAoB,CAAC,EACtBI,qBACF,CAAC;EAED,OAAO;IAAED,gBAAgB;IAAEZ,QAAQ;IAAEK,YAAY;IAAEI;EAAqB,CAAC;AAC3E,CAAC;AAACK,OAAA,CAAArB,sBAAA,GAAAA,sBAAA"}
+{"version":3,"names":["_misc","require","_par","_const","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","format","type","Error","selectResponseMode","responseModeSupported","oauth_authorization_server","response_modes_supported","responseMode","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","generateRandomAlphaNumericString","parEndpoint","pushed_authorization_request_endpoint","credentialDefinition","getPar","makeParRequest","issuerRequestUri","ASSERTION_TYPE","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":";;;;;;AAEA,IAAAA,KAAA,GAAAC,OAAA;AAGA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMG,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,cAAc,CAAC,CAAC,CACzCS,GAAG,CAAEF,CAAC,KAAM;IACXG,2BAA2B,EAAEV,cAAc;IAC3CW,MAAM,EAAEV,mCAAmC,CAACM,CAAC,CAAC,CAAEI,MAAM;IACtDC,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACT,MAAM,EAAE;IACX,MAAM,IAAIU,KAAK,CAAE,mCAAkCb,cAAe,GAAE,CAAC;EACvE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMW,kBAAkB,GAAGA,CACzBf,UAAkD,EAClDC,cAAgD,KAC/B;EACjB,MAAMe,qBAAqB,GACzBhB,UAAU,CAACiB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,YAAY,GAChBlB,cAAc,KAAK,0BAA0B,GAAG,OAAO,GAAG,eAAe;EAE3E,IAAI,CAACe,qBAAqB,CAACP,QAAQ,CAACU,YAAY,CAAC,EAAE;IACjD,MAAM,IAAIL,KAAK,CAAE,sCAAqCb,cAAe,GAAE,CAAC;EAC1E;EAEA,OAAOkB,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,sBAA8C,GAAG,MAAAA,CAC5DpB,UAAU,EACVC,cAAc,EACdoB,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,IAAI,CAACJ,QAAQ,EAAE;IACb,MAAM,IAAIb,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAMkB,YAAY,GAAG,IAAAC,sCAAgC,EAAC,EAAE,CAAC;EACzD,MAAMC,WAAW,GACflC,UAAU,CAACiB,0BAA0B,CAACkB,qCAAqC;EAC7E,MAAMC,oBAAoB,GAAGrC,0BAA0B,CACrDC,UAAU,EACVC,cACF,CAAC;EACD,MAAMkB,YAAY,GAAGJ,kBAAkB,CAACf,UAAU,EAAEC,cAAc,CAAC;EAEnE,MAAMoC,MAAM,GAAG,IAAAC,mBAAc,EAAC;IAAEhB,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,MAAMc,gBAAgB,GAAG,MAAMF,MAAM,CACnCV,QAAQ,EACRK,YAAY,EACZR,WAAW,EACXL,YAAY,EACZe,WAAW,EACXX,yBAAyB,EACzB,CAACa,oBAAoB,CAAC,EACtBI,qBACF,CAAC;EAED,OAAO;IAAED,gBAAgB;IAAEZ,QAAQ;IAAEK,YAAY;IAAEI;EAAqB,CAAC;AAC3E,CAAC;AAACK,OAAA,CAAArB,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/credential/issuance/04-complete-user-authorization.js

@@ -25,16 +25,18 @@ function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { de
  * @param issuerRequestUri the URI of the issuer where the request is sent
  * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
  * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param idpHint Unique identifier of the IDP selected by the user
+ * @param idpHint Unique identifier of the IDP selected by the user (optional)
  * @returns An object containing the authorization URL
  */
 const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerConf, idpHint) => {
   const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
   const params = new URLSearchParams({
     client_id: clientId,
-    request_uri: issuerRequestUri,
-    idphint: idpHint
+    request_uri: issuerRequestUri
   });
+  if (idpHint) {
+    params.append("idphint", idpHint);
+  }
   const authUrl = `${authzRequestEndpoint}?${params}`;
   return {
     authUrl

package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["_auth","require","_misc","_parseUrl","_interopRequireDefault","_errors","_ioReactNativeJwt","_types","_uuid","_types2","_decoder","_errors2","obj","__esModule","default","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","idphint","authUrl","exports","completeUserAuthorizationWithQueryMode","authRedirectUrl","query","parseUrl","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","requestObject","toString","method","then","hasStatusOrThrow","IssuerResponseError","res","text","jws","decode","reqObj","RequestObject","safeParse","payload","success","ValidationFailed","message","reason","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","SignJWT","setProtectedHeader","alg","typ","setPayload","vp","jti","uuidv4","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","encodeBase64","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","ResponseUriResultShape","redirect_uri","getJwtFromFormPost","cbRes","decodedJwt","authRes","authResParsed","AuthorizationResultShape","authErr","AuthorizationErrorShape","AuthorizationError","AuthorizationIdpError","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,SAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAEA,IAAAK,iBAAA,GAAAL,OAAA;AAMA,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,KAAA,GAAAP,OAAA;AACA,IAAAQ,OAAA,GAAAR,OAAA;AACA,IAAAS,QAAA,GAAAT,OAAA;AACA,IAAAU,QAAA,GAAAV,OAAA;AAAqE,SAAAG,uBAAAQ,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAErE;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV,gBAAgB;IAC7BW,OAAO,EAAER;EACX,CAAC,CAAC;EAEF,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAd,qBAAA,GAAAA,qBAAA;AAOO,MAAMe,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzB,MAAMC,KAAK,GAAG,IAAAC,iBAAQ,EAACF,eAAe,CAAC,CAACC,KAAK;EAE7C,OAAOE,0BAA0B,CAACF,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAXAH,OAAA,CAAAC,sCAAA,GAAAA,sCAAA;AAYO,MAAMK,mCAAwE,GACnF,eAAAA,CAAOnB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBkB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D,MAAMpB,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,MAAMyB,aAAa,GAAG,MAAML,QAAQ,CACjC,GAAEhB,oBAAqB,IAAGG,MAAM,CAACmB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAEK,GAAG,IAAK,IAAAC,wBAAM,EAACD,GAAG,CAAC,CAAC,CAC1BL,IAAI,CAAEO,MAAM,IAAKC,oBAAa,CAACC,SAAS,CAACF,MAAM,CAACG,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACb,aAAa,CAACc,OAAO,EAAE;IAC1B,MAAM,IAAIC,wBAAgB,CAAC;MACzBC,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEjB,aAAa,CAACkB,KAAK,CAACF;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOhB,aAAa,CAACmB,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfA/B,OAAA,CAAAM,mCAAA,GAAAA,mCAAA;AAgBO,MAAM0B,4CAA0F,GACrG,MAAAA,CAAOpB,aAAa,EAAEqB,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzB9B,QAAQ,GAAGI;EACb,CAAC,GAAGsB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAIC,yBAAO,CAACL,gBAAgB,CAAC,CACnDM,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,yBAAyB;IAC7BQ,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC,CAACjC,QAAQ,CAAC,CAAC;IACxBkC,KAAK,EAAEnC,aAAa,CAACmC;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAACtC,aAAa,CAACuC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAId,yBAAO,CAACJ,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAER,GAAG;IACPS,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC,CAACjC,QAAQ,CAAC,CAAC;IACxBkC,KAAK,EAAEnC,aAAa,CAACmC;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAACtC,aAAa,CAACuC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAE,IAAAT,QAAM,EAAC,CAAE,EAAC;IAC5BU,EAAE,EAAG,GAAE,IAAAV,QAAM,EAAC,CAAE,EAAC;IACjBW,cAAc,EAAE,CACd;MACED,EAAE,EAAE,0BAA0B;MAC9BE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAG,IAAAC,8BAAY,EACvCC,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAEpD,aAAa,CAACoD,KAAK;IAC1BC,uBAAuB,EAAEX,sBAAsB;IAC/CY,QAAQ,EAAE,CAACb,UAAU,EAAEf,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM6B,IAAI,GAAG,IAAIxE,eAAe,CAAC;IAC/ByE,QAAQ,EAAER;EACZ,CAAC,CAAC,CAAC/C,QAAQ,CAAC,CAAC;EACb,MAAMwD,SAAS,GAAG,MAAM9D,QAAQ,CAACK,aAAa,CAACuC,YAAY,EAAE;IAC3DrC,MAAM,EAAE,MAAM;IACdwD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACCpD,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEwD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGC,8BAAsB,CAAClD,SAAS,CAAC6C,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC/C,OAAO,EAAE;IACxB,MAAM,IAAIC,wBAAgB,CAAC;MACzBC,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAE4C,WAAW,CAAC3C,KAAK,CAACF;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMrB,QAAQ,CAACkE,WAAW,CAAC1C,IAAI,CAAC4C,YAAY,CAAC,CACjD5D,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAC6D,2BAAkB,CAAC,CACxB7D,IAAI,CAAE8D,KAAK,IAAKxE,0BAA0B,CAACwE,KAAK,CAACC,UAAU,CAACrD,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANAzB,OAAA,CAAAgC,4CAAA,GAAAA,4CAAA;AAOO,MAAM3B,0BAA0B,GACrC0E,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGC,8BAAwB,CAACzD,SAAS,CAACuD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACtD,OAAO,EAAE;IAC1B,MAAMwD,OAAO,GAAGC,6BAAuB,CAAC3D,SAAS,CAACuD,OAAO,CAAC;IAC1D,IAAI,CAACG,OAAO,CAACxD,OAAO,EAAE;MACpB,MAAM,IAAI0D,2BAAkB,CAACJ,aAAa,CAAClD,KAAK,CAACF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAIyD,8BAAqB,CAC7BH,OAAO,CAACnD,IAAI,CAACD,KAAK,EAClBoD,OAAO,CAACnD,IAAI,CAACuD,iBACf,CAAC;EACH;EACA,OAAON,aAAa,CAACjD,IAAI;AAC3B,CAAC;AAAC/B,OAAA,CAAAK,0BAAA,GAAAA,0BAAA"}
+{"version":3,"names":["_auth","require","_misc","_parseUrl","_interopRequireDefault","_errors","_ioReactNativeJwt","_types","_uuid","_types2","_decoder","_errors2","obj","__esModule","default","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","exports","completeUserAuthorizationWithQueryMode","authRedirectUrl","query","parseUrl","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","requestObject","toString","method","then","hasStatusOrThrow","IssuerResponseError","res","text","jws","decode","reqObj","RequestObject","safeParse","payload","success","ValidationFailed","message","reason","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","SignJWT","setProtectedHeader","alg","typ","setPayload","vp","jti","uuidv4","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","encodeBase64","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","ResponseUriResultShape","redirect_uri","getJwtFromFormPost","cbRes","decodedJwt","authRes","authResParsed","AuthorizationResultShape","authErr","AuthorizationErrorShape","AuthorizationError","AuthorizationIdpError","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,SAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAEA,IAAAK,iBAAA,GAAAL,OAAA;AAMA,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,KAAA,GAAAP,OAAA;AACA,IAAAQ,OAAA,GAAAR,OAAA;AACA,IAAAS,QAAA,GAAAT,OAAA;AACA,IAAAU,QAAA,GAAAV,OAAA;AAAqE,SAAAG,uBAAAQ,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAErE;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXI,MAAM,CAACI,MAAM,CAAC,SAAS,EAAER,OAAO,CAAC;EACnC;EAEA,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAd,qBAAA,GAAAA,qBAAA;AAOO,MAAMe,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzB,MAAMC,KAAK,GAAG,IAAAC,iBAAQ,EAACF,eAAe,CAAC,CAACC,KAAK;EAE7C,OAAOE,0BAA0B,CAACF,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAXAH,OAAA,CAAAC,sCAAA,GAAAA,sCAAA;AAYO,MAAMK,mCAAwE,GACnF,eAAAA,CAAOnB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBkB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D,MAAMpB,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,MAAMyB,aAAa,GAAG,MAAML,QAAQ,CACjC,GAAEhB,oBAAqB,IAAGG,MAAM,CAACmB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAEK,GAAG,IAAK,IAAAC,wBAAM,EAACD,GAAG,CAAC,CAAC,CAC1BL,IAAI,CAAEO,MAAM,IAAKC,oBAAa,CAACC,SAAS,CAACF,MAAM,CAACG,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACb,aAAa,CAACc,OAAO,EAAE;IAC1B,MAAM,IAAIC,wBAAgB,CAAC;MACzBC,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEjB,aAAa,CAACkB,KAAK,CAACF;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOhB,aAAa,CAACmB,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfA/B,OAAA,CAAAM,mCAAA,GAAAA,mCAAA;AAgBO,MAAM0B,4CAA0F,GACrG,MAAAA,CAAOpB,aAAa,EAAEqB,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzB9B,QAAQ,GAAGI;EACb,CAAC,GAAGsB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAIC,yBAAO,CAACL,gBAAgB,CAAC,CACnDM,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,yBAAyB;IAC7BQ,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC,CAACjC,QAAQ,CAAC,CAAC;IACxBkC,KAAK,EAAEnC,aAAa,CAACmC;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAACtC,aAAa,CAACuC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAId,yBAAO,CAACJ,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAER,GAAG;IACPS,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC,CAACjC,QAAQ,CAAC,CAAC;IACxBkC,KAAK,EAAEnC,aAAa,CAACmC;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAACtC,aAAa,CAACuC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAE,IAAAT,QAAM,EAAC,CAAE,EAAC;IAC5BU,EAAE,EAAG,GAAE,IAAAV,QAAM,EAAC,CAAE,EAAC;IACjBW,cAAc,EAAE,CACd;MACED,EAAE,EAAE,0BAA0B;MAC9BE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAG,IAAAC,8BAAY,EACvCC,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAEpD,aAAa,CAACoD,KAAK;IAC1BC,uBAAuB,EAAEX,sBAAsB;IAC/CY,QAAQ,EAAE,CAACb,UAAU,EAAEf,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM6B,IAAI,GAAG,IAAIxE,eAAe,CAAC;IAC/ByE,QAAQ,EAAER;EACZ,CAAC,CAAC,CAAC/C,QAAQ,CAAC,CAAC;EACb,MAAMwD,SAAS,GAAG,MAAM9D,QAAQ,CAACK,aAAa,CAACuC,YAAY,EAAE;IAC3DrC,MAAM,EAAE,MAAM;IACdwD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACCpD,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEwD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGC,8BAAsB,CAAClD,SAAS,CAAC6C,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC/C,OAAO,EAAE;IACxB,MAAM,IAAIC,wBAAgB,CAAC;MACzBC,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAE4C,WAAW,CAAC3C,KAAK,CAACF;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMrB,QAAQ,CAACkE,WAAW,CAAC1C,IAAI,CAAC4C,YAAY,CAAC,CACjD5D,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAC6D,2BAAkB,CAAC,CACxB7D,IAAI,CAAE8D,KAAK,IAAKxE,0BAA0B,CAACwE,KAAK,CAACC,UAAU,CAACrD,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANAzB,OAAA,CAAAgC,4CAAA,GAAAA,4CAAA;AAOO,MAAM3B,0BAA0B,GACrC0E,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGC,8BAAwB,CAACzD,SAAS,CAACuD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACtD,OAAO,EAAE;IAC1B,MAAMwD,OAAO,GAAGC,6BAAuB,CAAC3D,SAAS,CAACuD,OAAO,CAAC;IAC1D,IAAI,CAACG,OAAO,CAACxD,OAAO,EAAE;MACpB,MAAM,IAAI0D,2BAAkB,CAACJ,aAAa,CAAClD,KAAK,CAACF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAIyD,8BAAqB,CAC7BH,OAAO,CAACnD,IAAI,CAACD,KAAK,EAClBoD,OAAO,CAACnD,IAAI,CAACuD,iBACf,CAAC;EACH;EACA,OAAON,aAAa,CAACjD,IAAI;AAC3B,CAAC;AAAC/B,OAAA,CAAAK,0BAAA,GAAAA,0BAAA"}

package/lib/commonjs/credential/presentation/01-start-flow.js

@@ -5,51 +5,40 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.startFlowFromQR = void 0;
 var z = _interopRequireWildcard(require("zod"));
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _errors = require("./errors");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-const QRCodePayload = z.object({
-  protocol: z.string(),
-  resource: z.string(),
-  // TODO: refine to known paths using literals
-  clientId: z.string(),
-  requestURI: z.string()
+const PresentationParams = z.object({
+  clientId: z.string().nonempty(),
+  requestUri: z.string().url(),
+  requestUriMethod: z.enum(["get", "post"]),
+  state: z.string().optional()
 });
 
 /**
  * The beginning of the presentation flow.
  * To be implemented accordind to the user touchpoint
  *
- * @param Optional parameters, depending on the starting touchoint
+ * @param params Presentation parameters, depending on the starting touchoint
  * @returns The url for the Relying Party to connect with
  */
 
 /**
  * Start a presentation flow by decoding an incoming QR-code
  *
- * @param qrcode The encoded QR-code content
+ * @param params The encoded QR-code content
  * @returns The url for the Relying Party to connect with
  * @throws If the provided qr code fails to be decoded
  */
-const startFlowFromQR = qrcode => {
-  const decoded = (0, _ioReactNativeJwt.decodeBase64)(qrcode);
-  const decodedUrl = new URL(decoded);
-  const protocol = decodedUrl.protocol;
-  const resource = decodedUrl.hostname;
-  const requestURI = decodedUrl.searchParams.get("request_uri");
-  const clientId = decodedUrl.searchParams.get("client_id");
-  const result = QRCodePayload.safeParse({
-    protocol,
-    resource,
-    requestURI,
-    clientId
+const startFlowFromQR = params => {
+  const result = PresentationParams.safeParse({
+    ...params,
+    requestUriMethod: params.requestUriMethod ?? "get"
   });
   if (result.success) {
     return result.data;
-  } else {
-    throw new _errors.AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
   }
+  throw new _errors.InvalidQRCodeError(result.error.message);
 };
 exports.startFlowFromQR = startFlowFromQR;
 //# sourceMappingURL=01-start-flow.js.map

package/lib/commonjs/credential/presentation/01-start-flow.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","_interopRequireWildcard","require","_ioReactNativeJwt","_errors","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decoded","decodeBase64","decodedUrl","URL","hostname","searchParams","result","safeParse","success","data","AuthRequestDecodeError","error","message","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAAkD,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAElD,MAAMW,aAAa,GAAG3B,CAAC,CAAC4B,MAAM,CAAC;EAC7BC,QAAQ,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAE/B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAEhC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAEjC,CAAC,CAAC8B,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,eAAoC,GAAIC,MAAM,IAAK;EAC9D,MAAMC,OAAO,GAAG,IAAAC,8BAAY,EAACF,MAAM,CAAC;EACpC,MAAMG,UAAU,GAAG,IAAIC,GAAG,CAACH,OAAO,CAAC;EACnC,MAAMP,QAAQ,GAAGS,UAAU,CAACT,QAAQ;EACpC,MAAME,QAAQ,GAAGO,UAAU,CAACE,QAAQ;EACpC,MAAMP,UAAU,GAAGK,UAAU,CAACG,YAAY,CAAC1B,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMiB,QAAQ,GAAGM,UAAU,CAACG,YAAY,CAAC1B,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAM2B,MAAM,GAAGf,aAAa,CAACgB,SAAS,CAAC;IACrCd,QAAQ;IACRE,QAAQ;IACRE,UAAU;IACVD;EACF,CAAC,CAAC;EAEF,IAAIU,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIC,8BAAsB,CAACJ,MAAM,CAACK,KAAK,CAACC,OAAO,EAAG,GAAEV,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAACW,OAAA,CAAAf,eAAA,GAAAA,eAAA"}
+{"version":3,"names":["z","_interopRequireWildcard","require","_errors","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","PresentationParams","object","clientId","string","nonempty","requestUri","url","requestUriMethod","enum","state","optional","startFlowFromQR","params","result","safeParse","success","data","InvalidQRCodeError","error","message","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AAA8C,SAAAE,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE9C,MAAMW,kBAAkB,GAAG1B,CAAC,CAAC2B,MAAM,CAAC;EAClCC,QAAQ,EAAE5B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC/BC,UAAU,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC,CAAC;EAC5BC,gBAAgB,EAAEjC,CAAC,CAACkC,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;EACzCC,KAAK,EAAEnC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AAC7B,CAAC,CAAC;;AAGF;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,eAA0B,GAAIC,MAAM,IAAK;EACpD,MAAMC,MAAM,GAAGb,kBAAkB,CAACc,SAAS,CAAC;IAC1C,GAAGF,MAAM;IACTL,gBAAgB,EAAEK,MAAM,CAACL,gBAAgB,IAAI;EAC/C,CAAC,CAAC;EAEF,IAAIM,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB;EAEA,MAAM,IAAIC,0BAAkB,CAACJ,MAAM,CAACK,KAAK,CAACC,OAAO,CAAC;AACpD,CAAC;AAACC,OAAA,CAAAT,eAAA,GAAAA,eAAA"}

package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js

@@ -19,13 +19,15 @@ const evaluateRelyingPartyTrust = async function (rpUrl) {
   } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
   const {
     payload: {
-      metadata: rpConf
+      metadata: rpConf,
+      sub
     }
   } = await (0, _trust.getRelyingPartyEntityConfiguration)(rpUrl, {
     appFetch
   });
   return {
-    rpConf
+    rpConf,
+    subject: sub
   };
 };
 exports.evaluateRelyingPartyTrust = evaluateRelyingPartyTrust;

package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js.map

@@ -1 +1 @@
-{"version":3,"names":["_trust","require","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf","getRelyingPartyEntityConfiguration","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAcA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC;IAAO;EAC9B,CAAC,GAAG,MAAM,IAAAC,yCAAkC,EAACT,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO;EAAO,CAAC;AACnB,CAAC;AAACE,OAAA,CAAAX,yBAAA,GAAAA,yBAAA"}
+{"version":3,"names":["_trust","require","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf","sub","getRelyingPartyEntityConfiguration","subject","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAeA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC,MAAM;MAAEC;IAAI;EACnC,CAAC,GAAG,MAAM,IAAAC,yCAAkC,EAACV,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO,MAAM;IAAEG,OAAO,EAAEF;EAAI,CAAC;AACjC,CAAC;AAACG,OAAA,CAAAb,yBAAA,GAAAA,yBAAA"}

package/lib/commonjs/credential/presentation/03-get-request-object.js

@@ -4,63 +4,51 @@ Object.defineProperty(exports, "__esModule", {
   value: true
 });
 exports.getRequestObject = void 0;
-var _uuid = require("uuid");
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _dpop = require("../../utils/dpop");
-var _errors = require("./errors");
 var _misc = require("../../utils/misc");
 var _types = require("./types");
 /**
- * Obtain the Request Object for RP authentication
+ * Obtain the Request Object for RP authentication. Both the GET and POST `request_uri_method` are supported.
  * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
  *
  * @param requestUri The url for the Relying Party to connect with
- * @param rpConf The Relying Party's configuration
- * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
+ * @param rpConf The Relying Party's configuration * @param context.walletInstanceAttestation The Wallet Instance Attestation token
+ * @param context.walletCapabilities (optional) An object containing the wallet technical capabilities that will be sent with a POST request
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
  * @returns The Request Object that describes the presentation
  */
-const getRequestObject = async (requestUri, rpConf, _ref) => {
+const getRequestObject = async function (requestUri) {
   let {
-    wiaCryptoContext,
     appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref;
-  const signedWalletInstanceDPoP = await (0, _dpop.createDPopToken)({
-    jti: `${(0, _uuid.v4)()}`,
-    htm: "GET",
-    htu: requestUri,
-    ath: await (0, _ioReactNativeJwt.sha256ToBase64)(walletInstanceAttestation)
-  }, wiaCryptoContext);
-  const responseEncodedJwt = await appFetch(requestUri, {
-    method: "GET",
-    headers: {
-      Authorization: `DPoP ${walletInstanceAttestation}`,
-      DPoP: signedWalletInstanceDPoP
-    }
-  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(responseJson => responseJson.response);
-  const responseJwt = (0, _ioReactNativeJwt.decode)(responseEncodedJwt);
-
-  // verify token signature according to RP's entity configuration
-  // to ensure the request object is authentic
-  {
-    const pubKey = rpConf.wallet_relying_party.jwks.keys.find(_ref2 => {
-      let {
-        kid
-      } = _ref2;
-      return kid === responseJwt.protectedHeader.kid;
+    walletCapabilities
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  if (walletCapabilities) {
+    // Validate external input
+    const {
+      wallet_metadata,
+      wallet_nonce
+    } = _types.RequestObjectWalletCapabilities.parse(walletCapabilities);
+    const formUrlEncodedBody = new URLSearchParams({
+      wallet_metadata: JSON.stringify(wallet_metadata),
+      ...(wallet_nonce && {
+        wallet_nonce
+      })
     });
-    if (!pubKey) {
-      throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
-    }
-    await (0, _ioReactNativeJwt.verify)(responseEncodedJwt, pubKey);
+    const requestObjectEncodedJwt = await appFetch(requestUri, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: formUrlEncodedBody.toString()
+    }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
+    return {
+      requestObjectEncodedJwt
+    };
   }
-
-  // Ensure that the request object conforms to the expected specification.
-  const requestObject = _types.RequestObject.parse(responseJwt.payload);
+  const requestObjectEncodedJwt = await appFetch(requestUri, {
+    method: "GET"
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
   return {
-    requestObject
+    requestObjectEncodedJwt
   };
 };
 exports.getRequestObject = getRequestObject;

package/lib/commonjs/credential/presentation/03-get-request-object.js.map

@@ -1 +1 @@
-{"version":3,"names":["_uuid","require","_ioReactNativeJwt","_dpop","_errors","_misc","_types","getRequestObject","requestUri","rpConf","_ref","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","signedWalletInstanceDPoP","createDPopToken","jti","uuidv4","htm","htu","ath","sha256ToBase64","responseEncodedJwt","method","headers","Authorization","DPoP","then","hasStatusOrThrow","res","json","responseJson","response","responseJwt","decodeJwt","pubKey","wallet_relying_party","jwks","keys","find","_ref2","kid","protectedHeader","NoSuitableKeysFoundInEntityConfiguration","verify","requestObject","RequestObject","parse","payload","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AAOA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA,IAAAI,KAAA,GAAAJ,OAAA;AAEA,IAAAK,MAAA,GAAAL,OAAA;AAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,MAAM,EAAAC,IAAA,KAEH;EAAA,IADH;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAA0B,CAAC,GAAAJ,IAAA;EAEjE,MAAMK,wBAAwB,GAAG,MAAM,IAAAC,qBAAe,EACpD;IACEC,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;IAClBC,GAAG,EAAE,KAAK;IACVC,GAAG,EAAEZ,UAAU;IACfa,GAAG,EAAE,MAAM,IAAAC,gCAAc,EAACR,yBAAyB;EACrD,CAAC,EACDH,gBACF,CAAC;EAED,MAAMY,kBAAkB,GAAG,MAAMX,QAAQ,CAACJ,UAAU,EAAE;IACpDgB,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MACPC,aAAa,EAAG,QAAOZ,yBAA0B,EAAC;MAClDa,IAAI,EAAEZ;IACR;EACF,CAAC,CAAC,CACCa,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEI,YAAY,IAAKA,YAAY,CAACC,QAAQ,CAAC;EAEhD,MAAMC,WAAW,GAAG,IAAAC,wBAAS,EAACZ,kBAAkB,CAAC;;EAEjD;EACA;EACA;IACE,MAAMa,MAAM,GAAG3B,MAAM,CAAC4B,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,IAAI,CACvDC,KAAA;MAAA,IAAC;QAAEC;MAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,GAAG,KAAKR,WAAW,CAACS,eAAe,CAACD,GAAG;IAAA,CACtD,CAAC;IACD,IAAI,CAACN,MAAM,EAAE;MACX,MAAM,IAAIQ,gDAAwC,CAChD,uCACF,CAAC;IACH;IACA,MAAM,IAAAC,wBAAM,EAACtB,kBAAkB,EAAEa,MAAM,CAAC;EAC1C;;EAEA;EACA,MAAMU,aAAa,GAAGC,oBAAa,CAACC,KAAK,CAACd,WAAW,CAACe,OAAO,CAAC;EAE9D,OAAO;IACLH;EACF,CAAC;AACH,CAAC;AAACI,OAAA,CAAA3C,gBAAA,GAAAA,gBAAA"}
+{"version":3,"names":["_misc","require","_types","getRequestObject","requestUri","appFetch","fetch","walletCapabilities","arguments","length","undefined","wallet_metadata","wallet_nonce","RequestObjectWalletCapabilities","parse","formUrlEncodedBody","URLSearchParams","JSON","stringify","requestObjectEncodedJwt","method","headers","body","toString","then","hasStatusOrThrow","res","text","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAEA,IAAAC,MAAA,GAAAD,OAAA;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,gBAAkC,GAAG,eAAAA,CAChDC,UAAU,EAEP;EAAA,IADH;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAAmB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE7C,IAAID,kBAAkB,EAAE;IACtB;IACA,MAAM;MAAEI,eAAe;MAAEC;IAAa,CAAC,GACrCC,sCAA+B,CAACC,KAAK,CAACP,kBAAkB,CAAC;IAE3D,MAAMQ,kBAAkB,GAAG,IAAIC,eAAe,CAAC;MAC7CL,eAAe,EAAEM,IAAI,CAACC,SAAS,CAACP,eAAe,CAAC;MAChD,IAAIC,YAAY,IAAI;QAAEA;MAAa,CAAC;IACtC,CAAC,CAAC;IAEF,MAAMO,uBAAuB,GAAG,MAAMd,QAAQ,CAACD,UAAU,EAAE;MACzDgB,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEP,kBAAkB,CAACQ,QAAQ,CAAC;IACpC,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;IAE5B,OAAO;MACLR;IACF,CAAC;EACH;EAEA,MAAMA,uBAAuB,GAAG,MAAMd,QAAQ,CAACD,UAAU,EAAE;IACzDgB,MAAM,EAAE;EACV,CAAC,CAAC,CACCI,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,OAAO;IACLR;EACF,CAAC;AACH,CAAC;AAACS,OAAA,CAAAzB,gBAAA,GAAAA,gBAAA"}

package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js

@@ -0,0 +1,32 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getJwksFromConfig = void 0;
+/**
+ * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
+ *
+ * @template T - The tuple type representing the function arguments.
+ * @param args - The arguments passed to the function.
+ * @returns A promise resolving to an object containing an array of JWKs.
+ */
+
+/**
+ * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.
+ *
+ * @param rpConfig - The configuration object of the Relying Party entity.
+ * @returns An object containing an array of JWKs.
+ * @throws Will throw an error if the configuration is invalid or if JWKS is not found.
+ */
+const getJwksFromConfig = rpConfig => {
+  const jwks = rpConfig.openid_credential_verifier.jwks;
+  if (!jwks || !Array.isArray(jwks.keys)) {
+    throw new Error("JWKS not found in Relying Party configuration.");
+  }
+  return {
+    keys: jwks.keys
+  };
+};
+exports.getJwksFromConfig = getJwksFromConfig;
+//# sourceMappingURL=04-retrieve-rp-jwks.js.map

package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getJwksFromConfig","rpConfig","jwks","openid_credential_verifier","Array","isArray","keys","Error","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-retrieve-rp-jwks.ts"],"mappings":";;;;;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMA,iBAEZ,GAAIC,QAAQ,IAAK;EAChB,MAAMC,IAAI,GAAGD,QAAQ,CAACE,0BAA0B,CAACD,IAAI;EAErD,IAAI,CAACA,IAAI,IAAI,CAACE,KAAK,CAACC,OAAO,CAACH,IAAI,CAACI,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIC,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLD,IAAI,EAAEJ,IAAI,CAACI;EACb,CAAC;AACH,CAAC;AAACE,OAAA,CAAAR,iBAAA,GAAAA,iBAAA"}

package/lib/commonjs/credential/presentation/05-verify-request-object.js

@@ -0,0 +1,60 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyRequestObject = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _errors = require("./errors");
+var _types = require("./types");
+var _retrieveRpJwks = require("./04-retrieve-rp-jwks");
+/**
+ * Function to verify the Request Object's signature and the client ID.
+ * @param requestObjectEncodedJwt The Request Object in JWT format
+ * @param context.clientId The client ID to verify
+ * @param context.rpConf The Entity Configuration of the Relying Party
+ * @param context.state Optional state
+ * @returns The verified Request Object
+ */
+const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
+  let {
+    clientId,
+    rpConf,
+    rpSubject,
+    state
+  } = _ref;
+  const requestObjectJwt = (0, _ioReactNativeJwt.decode)(requestObjectEncodedJwt);
+  const {
+    keys
+  } = (0, _retrieveRpJwks.getJwksFromConfig)(rpConf);
+
+  // Verify token signature to ensure the request object is authentic
+  const pubKey = keys === null || keys === void 0 ? void 0 : keys.find(_ref2 => {
+    let {
+      kid
+    } = _ref2;
+    return kid === requestObjectJwt.protectedHeader.kid;
+  });
+  if (!pubKey) {
+    throw new _errors.UnverifiedEntityError("Request Object signature verification!");
+  }
+
+  // Standard claims are verified within `verify`
+  await (0, _ioReactNativeJwt.verify)(requestObjectEncodedJwt, pubKey, {
+    issuer: clientId
+  });
+  const requestObject = _types.RequestObject.parse(requestObjectJwt.payload);
+  const isClientIdMatch = clientId === requestObject.client_id && clientId === rpSubject;
+  if (!isClientIdMatch) {
+    throw new _errors.UnverifiedEntityError("Client ID does not match Request Object or Entity Configuration");
+  }
+  const isStateMatch = state && requestObject.state ? state === requestObject.state : true;
+  if (!isStateMatch) {
+    throw new _errors.UnverifiedEntityError("State does not match Request Object");
+  }
+  return {
+    requestObject
+  };
+};
+exports.verifyRequestObject = verifyRequestObject;
+//# sourceMappingURL=05-verify-request-object.js.map

package/lib/commonjs/credential/presentation/05-verify-request-object.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioReactNativeJwt","require","_errors","_types","_retrieveRpJwks","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","rpSubject","state","requestObjectJwt","decodeJwt","keys","getJwksFromConfig","pubKey","find","_ref2","kid","protectedHeader","UnverifiedEntityError","verify","issuer","requestObject","RequestObject","parse","payload","isClientIdMatch","client_id","isStateMatch","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAEA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,mBAAwC,GAAG,MAAAA,CACtDC,uBAAuB,EAAAC,IAAA,KAEpB;EAAA,IADH;IAAEC,QAAQ;IAAEC,MAAM;IAAEC,SAAS;IAAEC;EAAM,CAAC,GAAAJ,IAAA;EAEtC,MAAMK,gBAAgB,GAAG,IAAAC,wBAAS,EAACP,uBAAuB,CAAC;EAC3D,MAAM;IAAEQ;EAAK,CAAC,GAAG,IAAAC,iCAAiB,EAACN,MAAM,CAAC;;EAE1C;EACA,MAAMO,MAAM,GAAGF,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAEG,IAAI,CACvBC,KAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,GAAG,KAAKP,gBAAgB,CAACQ,eAAe,CAACD,GAAG;EAAA,CAC3D,CAAC;EAED,IAAI,CAACH,MAAM,EAAE;IACX,MAAM,IAAIK,6BAAqB,CAAC,wCAAwC,CAAC;EAC3E;;EAEA;EACA,MAAM,IAAAC,wBAAM,EAAChB,uBAAuB,EAAEU,MAAM,EAAE;IAAEO,MAAM,EAAEf;EAAS,CAAC,CAAC;EAEnE,MAAMgB,aAAa,GAAGC,oBAAa,CAACC,KAAK,CAACd,gBAAgB,CAACe,OAAO,CAAC;EAEnE,MAAMC,eAAe,GACnBpB,QAAQ,KAAKgB,aAAa,CAACK,SAAS,IAAIrB,QAAQ,KAAKE,SAAS;EAEhE,IAAI,CAACkB,eAAe,EAAE;IACpB,MAAM,IAAIP,6BAAqB,CAC7B,iEACF,CAAC;EACH;EAEA,MAAMS,YAAY,GAChBnB,KAAK,IAAIa,aAAa,CAACb,KAAK,GAAGA,KAAK,KAAKa,aAAa,CAACb,KAAK,GAAG,IAAI;EAErE,IAAI,CAACmB,YAAY,EAAE;IACjB,MAAM,IAAIT,6BAAqB,CAAC,qCAAqC,CAAC;EACxE;EAEA,OAAO;IAAEG;EAAc,CAAC;AAC1B,CAAC;AAACO,OAAA,CAAA1B,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/presentation/06-fetch-presentation-definition.js

@@ -0,0 +1,39 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.fetchPresentDefinition = void 0;
+/**
+ * Retrieves a PresentationDefinition based on the given parameters.
+ *
+ * The method attempts the following strategies in order:
+ * 1. Checks if `presentation_definition` is directly available in the request object.
+ * 2. Uses a pre-configured `presentation_definition` from the relying party configuration if the `scope` is present in the request object.
+ *
+ * If none of the above conditions are met, the function throws an error indicating the definition could not be found. Note that `presentation_definition_uri` is not supported in 0.9.x.
+ *
+ * @param {RequestObject} requestObject - The request object containing the presentation definition or references to it.
+ * @param {RelyingPartyEntityConfiguration["payload"]["metadata"]} [rpConf] - Optional relying party configuration.
+ * @returns {Promise<{ presentationDefinition: PresentationDefinition }>} - Resolves with the presentation definition.
+ * @throws {Error} - Throws if the presentation definition cannot be found or fetched.
+ */
+const fetchPresentDefinition = async (requestObject, rpConf) => {
+  var _rpConf$openid_creden;
+  // Check if `presentation_definition` is directly available in the request object
+  if (requestObject.presentation_definition) {
+    return {
+      presentationDefinition: requestObject.presentation_definition
+    };
+  }
+
+  // Check if `scope` is present in the request object and a pre-configured presentation definition exists
+  if (requestObject.scope && rpConf !== null && rpConf !== void 0 && (_rpConf$openid_creden = rpConf.openid_credential_verifier) !== null && _rpConf$openid_creden !== void 0 && _rpConf$openid_creden.presentation_definition) {
+    return {
+      presentationDefinition: rpConf.openid_credential_verifier.presentation_definition
+    };
+  }
+  throw new Error("Presentation definition not found");
+};
+exports.fetchPresentDefinition = fetchPresentDefinition;
+//# sourceMappingURL=06-fetch-presentation-definition.js.map

package/lib/commonjs/credential/presentation/06-fetch-presentation-definition.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["fetchPresentDefinition","requestObject","rpConf","_rpConf$openid_creden","presentation_definition","presentationDefinition","scope","openid_credential_verifier","Error","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/06-fetch-presentation-definition.ts"],"mappings":";;;;;;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMA,sBAAmD,GAAG,MAAAA,CACjEC,aAAa,EACbC,MAAM,KACH;EAAA,IAAAC,qBAAA;EACH;EACA,IAAIF,aAAa,CAACG,uBAAuB,EAAE;IACzC,OAAO;MACLC,sBAAsB,EAAEJ,aAAa,CAACG;IACxC,CAAC;EACH;;EAEA;EACA,IACEH,aAAa,CAACK,KAAK,IACnBJ,MAAM,aAANA,MAAM,gBAAAC,qBAAA,GAAND,MAAM,CAAEK,0BAA0B,cAAAJ,qBAAA,eAAlCA,qBAAA,CAAoCC,uBAAuB,EAC3D;IACA,OAAO;MACLC,sBAAsB,EACpBH,MAAM,CAACK,0BAA0B,CAACH;IACtC,CAAC;EACH;EAEA,MAAM,IAAII,KAAK,CAAC,mCAAmC,CAAC;AACtD,CAAC;AAACC,OAAA,CAAAT,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js

@@ -0,0 +1,134 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.prepareRemotePresentations = exports.evaluateDcqlQuery = void 0;
+var _dcql = require("dcql");
+var _valibot = require("valibot");
+var _sdJwt = require("../../sd-jwt");
+var _errors = require("../../utils/errors");
+var _crypto = require("../../utils/crypto");
+/**
+ * The purpose for the credential request by the RP.
+ */
+
+/**
+ * Convert a credential in JWT format to an object with claims
+ * for correct parsing by the `dcql` library.
+ */
+const mapCredentialToObject = jwt => {
+  const {
+    sdJwt,
+    disclosures
+  } = (0, _sdJwt.decode)(jwt);
+  const credentialFormat = sdJwt.header.typ;
+
+  // TODO [SIW-2082]: support MDOC credentials
+  if (credentialFormat !== "vc+sd-jwt") {
+    throw new Error(`Unsupported credential format: ${credentialFormat}`);
+  }
+  return {
+    vct: sdJwt.payload.vct,
+    credential_format: credentialFormat,
+    claims: disclosures.reduce((acc, disclosure) => ({
+      ...acc,
+      [disclosure.decoded[1]]: disclosure.decoded
+    }), {})
+  };
+};
+
+/**
+ * Extract only successful matches from the DCQL query result.
+ */
+const getDcqlQueryMatches = result => Object.entries(result.credential_matches).filter(_ref => {
+  let [, match] = _ref;
+  return match.success === true;
+});
+const evaluateDcqlQuery = (credentialsSdJwt, query) => {
+  const credentials = credentialsSdJwt.map(_ref2 => {
+    let [, credential] = _ref2;
+    return mapCredentialToObject(credential);
+  });
+  try {
+    // Validate the query
+    const parsedQuery = _dcql.DcqlQuery.parse(query);
+    _dcql.DcqlQuery.validate(parsedQuery);
+    const queryResult = _dcql.DcqlQuery.query(parsedQuery, credentials);
+    if (!queryResult.canBeSatisfied) {
+      throw new Error("No credential can satisfy the provided DCQL query");
+    }
+    // Build an object vct:credentialJwt to map matched credentials to their JWT
+    const credentialsSdJwtByVct = credentials.reduce((acc, c, i) => ({
+      ...acc,
+      [c.vct]: credentialsSdJwt[i]
+    }), {});
+    return getDcqlQueryMatches(queryResult).map(_ref3 => {
+      var _queryResult$credenti;
+      let [id, match] = _ref3;
+      if (match.output.credential_format !== "vc+sd-jwt") {
+        throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
+      }
+
+      const {
+        vct,
+        claims
+      } = match.output;
+      const purposes = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 || (_queryResult$credenti = _queryResult$credenti.filter(set => {
+        var _set$matching_options;
+        return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(id);
+      })) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.map(credentialSet => {
+        var _credentialSet$purpos;
+        return {
+          description: (_credentialSet$purpos = credentialSet.purpose) === null || _credentialSet$purpos === void 0 ? void 0 : _credentialSet$purpos.toString(),
+          required: Boolean(credentialSet.required)
+        };
+      });
+      const [keyTag, credential] = credentialsSdJwtByVct[vct];
+      const requiredDisclosures = Object.values(claims);
+      return {
+        id,
+        vct,
+        keyTag,
+        credential,
+        requiredDisclosures,
+        // When it is a match but no credential_sets are found, the credential is required by default
+        // See https://openid.net/specs/openid-4-verifiable-presentations-1_0-24.html#section-6.3.1.2-2.1
+        purposes: purposes ?? [{
+          required: true
+        }]
+      };
+    });
+  } catch (error) {
+    // Invalid DCQL query structure
+    if ((0, _valibot.isValiError)(error)) {
+      throw new _errors.ValidationFailed({
+        message: "Invalid DCQL query",
+        reason: error.issues.map(issue => issue.message).join(", ")
+      });
+    }
+    if (error instanceof _dcql.DcqlError) {
+      // TODO [SIW-2110]: handle invalid DQCL query or let the error propagate
+    }
+    if (error instanceof _dcql.DcqlCredentialSetError) {
+      // TODO [SIW-2110]: handle missing credentials or let the error propagate
+    }
+    throw error;
+  }
+};
+exports.evaluateDcqlQuery = evaluateDcqlQuery;
+const prepareRemotePresentations = async (credentials, nonce, clientId) => {
+  return Promise.all(credentials.map(async item => {
+    const {
+      vp_token
+    } = await (0, _sdJwt.prepareVpToken)(nonce, clientId, [item.credential, item.requestedClaims, (0, _crypto.createCryptoContextFor)(item.keyTag)]);
+    return {
+      credentialId: item.id,
+      requestedClaims: item.requestedClaims,
+      vpToken: vp_token,
+      format: "vc+sd-jwt"
+    };
+  }));
+};
+exports.prepareRemotePresentations = prepareRemotePresentations;
+//# sourceMappingURL=07-evaluate-dcql-query.js.map

package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_dcql","require","_valibot","_sdJwt","_errors","_crypto","mapCredentialToObject","jwt","sdJwt","disclosures","decode","credentialFormat","header","typ","Error","vct","payload","credential_format","claims","reduce","acc","disclosure","decoded","getDcqlQueryMatches","result","Object","entries","credential_matches","filter","_ref","match","success","evaluateDcqlQuery","credentialsSdJwt","query","credentials","map","_ref2","credential","parsedQuery","DcqlQuery","parse","validate","queryResult","canBeSatisfied","credentialsSdJwtByVct","c","i","_ref3","_queryResult$credenti","id","output","purposes","credential_sets","set","_set$matching_options","matching_options","flat","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","keyTag","requiredDisclosures","values","error","isValiError","ValidationFailed","message","reason","issues","issue","join","DcqlError","DcqlCredentialSetError","exports","prepareRemotePresentations","nonce","clientId","Promise","all","item","vp_token","prepareVpToken","requestedClaims","createCryptoContextFor","credentialId","vpToken","format"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-dcql-query.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAMA,IAAAC,QAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAGA;AACA;AACA;;AAkCA;AACA;AACA;AACA;AACA,MAAMK,qBAAqB,GAAIC,GAAW,IAAK;EAC7C,MAAM;IAAEC,KAAK;IAAEC;EAAY,CAAC,GAAG,IAAAC,aAAM,EAACH,GAAG,CAAC;EAC1C,MAAMI,gBAAgB,GAAGH,KAAK,CAACI,MAAM,CAACC,GAAG;;EAEzC;EACA,IAAIF,gBAAgB,KAAK,WAAW,EAAE;IACpC,MAAM,IAAIG,KAAK,CAAE,kCAAiCH,gBAAiB,EAAC,CAAC;EACvE;EAEA,OAAO;IACLI,GAAG,EAAEP,KAAK,CAACQ,OAAO,CAACD,GAAG;IACtBE,iBAAiB,EAAEN,gBAAgB;IACnCO,MAAM,EAAET,WAAW,CAACU,MAAM,CACxB,CAACC,GAAG,EAAEC,UAAU,MAAM;MACpB,GAAGD,GAAG;MACN,CAACC,UAAU,CAACC,OAAO,CAAC,CAAC,CAAC,GAAGD,UAAU,CAACC;IACtC,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,MAAMC,mBAAmB,GAAIC,MAAuB,IAClDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CC,IAAA;EAAA,IAAC,GAAGC,KAAK,CAAC,GAAAD,IAAA;EAAA,OAAKC,KAAK,CAACC,OAAO,KAAK,IAAI;AAAA,CACvC,CAAiC;AAE5B,MAAMC,iBAAoC,GAAGA,CAClDC,gBAAgB,EAChBC,KAAK,KACF;EACH,MAAMC,WAAW,GAAGF,gBAAgB,CAACG,GAAG,CAACC,KAAA;IAAA,IAAC,GAAGC,UAAU,CAAC,GAAAD,KAAA;IAAA,OACtD/B,qBAAqB,CAACgC,UAAU,CAAC;EAAA,CACnC,CAAC;EAED,IAAI;IACF;IACA,MAAMC,WAAW,GAAGC,eAAS,CAACC,KAAK,CAACP,KAAK,CAAC;IAC1CM,eAAS,CAACE,QAAQ,CAACH,WAAW,CAAC;IAE/B,MAAMI,WAAW,GAAGH,eAAS,CAACN,KAAK,CAACK,WAAW,EAAEJ,WAAW,CAAC;IAE7D,IAAI,CAACQ,WAAW,CAACC,cAAc,EAAE;MAC/B,MAAM,IAAI9B,KAAK,CAAC,mDAAmD,CAAC;IACtE;IACA;IACA,MAAM+B,qBAAqB,GAAGV,WAAW,CAAChB,MAAM,CAC9C,CAACC,GAAG,EAAE0B,CAAC,EAAEC,CAAC,MAAM;MAAE,GAAG3B,GAAG;MAAE,CAAC0B,CAAC,CAAC/B,GAAG,GAAGkB,gBAAgB,CAACc,CAAC;IAAG,CAAC,CAAC,EAC1D,CAAC,CACH,CAAC;IAED,OAAOxB,mBAAmB,CAACoB,WAAW,CAAC,CAACP,GAAG,CAACY,KAAA,IAAiB;MAAA,IAAAC,qBAAA;MAAA,IAAhB,CAACC,EAAE,EAAEpB,KAAK,CAAC,GAAAkB,KAAA;MACtD,IAAIlB,KAAK,CAACqB,MAAM,CAAClC,iBAAiB,KAAK,WAAW,EAAE;QAClD,MAAM,IAAIH,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;MACzC;;MACA,MAAM;QAAEC,GAAG;QAAEG;MAAO,CAAC,GAAGY,KAAK,CAACqB,MAAM;MAEpC,MAAMC,QAAQ,IAAAH,qBAAA,GAAGN,WAAW,CAACU,eAAe,cAAAJ,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACbrB,MAAM,CAAE0B,GAAG;QAAA,IAAAC,qBAAA;QAAA,QAAAA,qBAAA,GAAKD,GAAG,CAACE,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBE,IAAI,CAAC,CAAC,CAACC,QAAQ,CAACR,EAAE,CAAC;MAAA,EAAC,cAAAD,qBAAA,uBAD7CA,qBAAA,CAEbb,GAAG,CAAqBuB,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAM,CAACE,MAAM,EAAE5B,UAAU,CAAC,GAAGO,qBAAqB,CAAC9B,GAAG,CAAE;MACxD,MAAMoD,mBAAmB,GAAG1C,MAAM,CAAC2C,MAAM,CAAClD,MAAM,CAAiB;MACjE,OAAO;QACLgC,EAAE;QACFnC,GAAG;QACHmD,MAAM;QACN5B,UAAU;QACV6B,mBAAmB;QACnB;QACA;QACAf,QAAQ,EAAEA,QAAQ,IAAI,CAAC;UAAEY,QAAQ,EAAE;QAAK,CAAC;MAC3C,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOK,KAAK,EAAE;IACd;IACA,IAAI,IAAAC,oBAAW,EAACD,KAAK,CAAC,EAAE;MACtB,MAAM,IAAIE,wBAAgB,CAAC;QACzBC,OAAO,EAAE,oBAAoB;QAC7BC,MAAM,EAAEJ,KAAK,CAACK,MAAM,CAACtC,GAAG,CAAEuC,KAAK,IAAKA,KAAK,CAACH,OAAO,CAAC,CAACI,IAAI,CAAC,IAAI;MAC9D,CAAC,CAAC;IACJ;IAEA,IAAIP,KAAK,YAAYQ,eAAS,EAAE;MAC9B;IAAA;IAEF,IAAIR,KAAK,YAAYS,4BAAsB,EAAE;MAC3C;IAAA;IAEF,MAAMT,KAAK;EACb;AACF,CAAC;AAACU,OAAA,CAAA/C,iBAAA,GAAAA,iBAAA;AAEK,MAAMgD,0BAAsD,GAAG,MAAAA,CACpE7C,WAAW,EACX8C,KAAK,EACLC,QAAQ,KACL;EACH,OAAOC,OAAO,CAACC,GAAG,CAChBjD,WAAW,CAACC,GAAG,CAAC,MAAOiD,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAS,CAAC,GAAG,MAAM,IAAAC,qBAAc,EAACN,KAAK,EAAEC,QAAQ,EAAE,CACzDG,IAAI,CAAC/C,UAAU,EACf+C,IAAI,CAACG,eAAe,EACpB,IAAAC,8BAAsB,EAACJ,IAAI,CAACnB,MAAM,CAAC,CACpC,CAAC;IAEF,OAAO;MACLwB,YAAY,EAAEL,IAAI,CAACnC,EAAE;MACrBsC,eAAe,EAAEH,IAAI,CAACG,eAAe;MACrCG,OAAO,EAAEL,QAAQ;MACjBM,MAAM,EAAE;IACV,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC;AAACb,OAAA,CAAAC,0BAAA,GAAAA,0BAAA"}