@pagopa/io-react-native-wallet 0.28.0 → 0.28.2

package/src/credential/presentation/errors.ts

@@ -39,3 +39,67 @@ export class NoSuitableKeysFoundInEntityConfiguration extends IoWalletError {
     super(message);
   }
 }
+
+/**
+ * When a QR code is not valid.
+ *
+ */
+export class InvalidQRCodeError extends IoWalletError {
+  code = "ERR_INVALID_QR_CODE";
+
+  /** Detailed reason for the QR code validation failure. */
+  reason: string;
+
+  constructor(reason: string) {
+    super("Invalid QR code");
+    this.reason = reason;
+  }
+}
+
+/**
+ * When the entity is unverified because the Relying Party is not trusted.
+ *
+ */
+export class UnverifiedEntityError extends IoWalletError {
+  code = "ERR_UNVERIFIED_RP_ENTITY";
+
+  /**
+   * @param reason A description of why the entity cannot be verified.
+   */
+  constructor(reason: string) {
+    const message = `Unverified entity: ${reason}.`;
+    super(message);
+  }
+}
+
+/**
+ * When some required data is missing to continue because certain attributes are not contained inside the wallet.
+ *
+ */
+export class MissingDataError extends IoWalletError {
+  code = "ERR_MISSING_DATA";
+
+  /**
+   * @param missingAttributes An array or description of the attributes that are missing.
+   */
+  constructor(missingAttributes: string) {
+    const message = `Some required data is missing: ${missingAttributes}.`;
+    super(message);
+  }
+}
+
+/**
+ * When a credential is not found in the wallet.
+ *
+ */
+export class CredentialNotFoundError extends IoWalletError {
+  code = "ERR_CREDENTIAL_NOT_FOUND";
+
+  /**
+   * @param credentialId The ID of the credential that was not found.
+   */
+  constructor(credentialId: string) {
+    const message = `Credential not found: ${credentialId}.`;
+    super(message);
+  }
+}

package/src/credential/presentation/index.ts

@@ -7,22 +7,61 @@ import {
   getRequestObject,
   type GetRequestObject,
 } from "./03-get-request-object";
+import { getJwksFromConfig, type FetchJwks } from "./04-retrieve-rp-jwks";
+import {
+  verifyRequestObject,
+  type VerifyRequestObject,
+} from "./05-verify-request-object";
+import {
+  fetchPresentDefinition,
+  type FetchPresentationDefinition,
+} from "./06-fetch-presentation-definition";
+import {
+  evaluateInputDescriptors,
+  prepareLegacyRemotePresentations,
+  type EvaluateInputDescriptors,
+  type PrepareLegacyRemotePresentations,
+} from "./07-evaluate-input-descriptor";
+import {
+  evaluateDcqlQuery,
+  prepareRemotePresentations,
+  type EvaluateDcqlQuery,
+  type PrepareRemotePresentations,
+} from "./07-evaluate-dcql-query";
 import {
   sendAuthorizationResponse,
   type SendAuthorizationResponse,
-} from "./04-send-authorization-response";
+  sendLegacyAuthorizationResponse,
+  type SendLegacyAuthorizationResponse,
+} from "./08-send-authorization-response";
 import * as Errors from "./errors";
 
 export {
   startFlowFromQR,
   evaluateRelyingPartyTrust,
   getRequestObject,
+  getJwksFromConfig,
+  verifyRequestObject,
+  fetchPresentDefinition,
+  evaluateInputDescriptors,
+  evaluateDcqlQuery,
+  prepareLegacyRemotePresentations,
+  prepareRemotePresentations,
   sendAuthorizationResponse,
+  sendLegacyAuthorizationResponse,
   Errors,
 };
 export type {
   StartFlow,
   EvaluateRelyingPartyTrust,
   GetRequestObject,
+  FetchJwks,
+  VerifyRequestObject,
+  FetchPresentationDefinition,
+  EvaluateInputDescriptors,
+  EvaluateDcqlQuery,
+  PrepareLegacyRemotePresentations,
+  PrepareRemotePresentations,
   SendAuthorizationResponse,
+  SendLegacyAuthorizationResponse,
 };

package/src/credential/presentation/types.ts

@@ -8,20 +8,151 @@ import * as z from "zod";
 export type Presentation = [
   /* verified credential token */ string,
   /* claims */ string[],
-  /* the context for the key associated to the credential */ CryptoContext
+  /* the context for the key associated to the credential */ CryptoContext,
 ];
 
+/**
+ * A object that associate the information needed to multiple remote presentation
+ * Used with `presentation_definition`
+ * @deprecated Use `RemotePresentation`
+ */
+export type LegacyRemotePresentation = {
+  requestedClaims: string[];
+  inputDescriptor: InputDescriptor;
+  format: string;
+  vpToken: string;
+};
+
+/**
+ * A object that associate the information needed to multiple remote presentation
+ * Used with DCQL queries
+ */
+export type RemotePresentation = {
+  requestedClaims: string[];
+  credentialId: string;
+  format: string;
+  vpToken: string;
+};
+
+const Fields = z.object({
+  path: z.array(z.string().min(1)), // Array of JSONPath string expressions
+  id: z.string().optional(), // Unique string ID
+  purpose: z.string().optional(), // Purpose of the field
+  name: z.string().optional(), // Human-friendly name
+  filter: z.any().optional(), // JSON Schema descriptor for filtering
+  optional: z.boolean().optional(), // Boolean indicating if the field is optional
+  intent_to_retain: z.boolean().optional(), // Boolean indicating that the Verifier intends to retain the Claim's data being requested
+});
+
+// Define the Constraints Object Schema
+const Constraints = z.object({
+  fields: z.array(Fields).optional(), // Array of Field Objects
+  limit_disclosure: z.enum(["required", "preferred"]).optional(), // Limit disclosure property
+});
+
+// Define the Input Descriptor Object Schema
+export type InputDescriptor = z.infer<typeof InputDescriptor>;
+export const InputDescriptor = z.object({
+  id: z.string().min(1), // Mandatory unique string ID
+  name: z.string().optional(), // Human-friendly name
+  purpose: z.string().optional(), // Purpose of the schema
+  format: z.record(z.string(), z.any()).optional(), // Object with Claim Format Designations
+  constraints: Constraints, // Constraints Object (mandatory)
+  group: z.string().optional(), // Match one of the grouping strings listed in the "from" values of a Submission Requirement Rule
+});
+
+const SubmissionRequirement = z.object({
+  name: z.string().optional(),
+  purpose: z.string().optional(),
+  rule: z.string(), // "all": all group's rules must be present, or "pick": at least group's "count" rules must be present
+  from: z.string().optional(), // MUST contain either a "from" or "from_nested" property
+  from_nested: z
+    .array(
+      z.object({
+        name: z.string().optional(),
+        purpose: z.string().optional(),
+        rule: z.string(),
+        from: z.string(),
+      })
+    )
+    .optional(),
+  count: z.number().optional(),
+  //"count", "min", and "max" may be present with a "pick" rule
+});
+
+export type PresentationDefinition = z.infer<typeof PresentationDefinition>;
+export const PresentationDefinition = z.object({
+  id: z.string(),
+  name: z.string().optional(),
+  purpose: z.string().optional(),
+  input_descriptors: z.array(InputDescriptor),
+  submission_requirements: z.array(SubmissionRequirement).optional(),
+});
+
 export type RequestObject = z.infer<typeof RequestObject>;
 export const RequestObject = z.object({
   iss: z.string(),
   iat: UnixTime,
   exp: UnixTime,
-  state: z.string(),
+  state: z.string().optional(),
   nonce: z.string(),
   response_uri: z.string(),
+  response_uri_method: z.string().optional(),
   response_type: z.literal("vp_token"),
   response_mode: z.literal("direct_post.jwt"),
   client_id: z.string(),
-  client_id_scheme: z.literal("entity_id"),
-  scope: z.string(),
+  dcql_query: z.record(z.string(), z.any()).optional(), // Validation happens within the `dcql` library, no need to duplicate it here
+  scope: z.string().optional(),
+  presentation_definition: PresentationDefinition.optional(),
+});
+
+export type WalletMetadata = z.infer<typeof WalletMetadata>;
+export const WalletMetadata = z.object({
+  presentation_definition_uri_supported: z.boolean().optional(),
+  client_id_schemes_supported: z.array(z.string()).optional(),
+  request_object_signing_alg_values_supported: z.array(z.string()).optional(),
+  vp_formats_supported: z.record(
+    z.string(), // TODO [SIW-2110]: use explicit credential format?
+    z.object({
+      "sd-jwt_alg_values": z.array(z.string()).optional(), // alg_values_supported?
+    })
+  ),
+  // TODO [SIW-2110]: include other metadata?
+});
+
+/**
+ * Wallet capabilities that must be submitted to get the Request Object
+ * via POST request when the `request_uri_method` is `post`.
+ */
+export type RequestObjectWalletCapabilities = z.infer<
+  typeof RequestObjectWalletCapabilities
+>;
+export const RequestObjectWalletCapabilities = z.object({
+  wallet_metadata: WalletMetadata,
+  wallet_nonce: z.string().optional(),
+});
+
+/**
+ * Authorization Response payload when using `presentation_definition`.
+ * @deprecated Use `DirectAuthorizationBodyPayload`
+ */
+export type LegacyDirectAuthorizationBodyPayload = z.infer<
+  typeof LegacyDirectAuthorizationBodyPayload
+>;
+/**
+ * @deprecated Use `DirectAuthorizationBodyPayload`
+ */
+export const LegacyDirectAuthorizationBodyPayload = z.object({
+  vp_token: z.union([z.string(), z.array(z.string())]).optional(),
+  presentation_submission: z.record(z.string(), z.unknown()),
+});
+
+/**
+ * Authorization Response payload when using DCQL queries.
+ */
+export type DirectAuthorizationBodyPayload = z.infer<
+  typeof DirectAuthorizationBodyPayload
+>;
+export const DirectAuthorizationBodyPayload = z.object({
+  vp_token: z.record(z.string(), z.string()),
 });

package/src/sd-jwt/index.ts

@@ -2,12 +2,13 @@ import { z } from "zod";
 
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
-import { sha256ToBase64 } from "@pagopa/io-react-native-jwt";
+import { SignJWT, sha256ToBase64 } from "@pagopa/io-react-native-jwt";
 import { Disclosure, SdJwt4VC, type DisclosureWithEncoded } from "./types";
 import { verifyDisclosure } from "./verifier";
 import type { JWK } from "../utils/jwk";
 import * as Errors from "./errors";
 import { Base64 } from "js-base64";
+import { type Presentation } from "../credential/presentation/types";
 
 const decodeDisclosure = (encoded: string): DisclosureWithEncoded => {
   const utf8String = Base64.decode(encoded); // Decode Base64 into UTF-8 string
@@ -163,4 +164,51 @@ export const verify = async <S extends z.ZodType<SdJwt4VC>>(
   };
 };
 
+/**
+ * Prepares a Verified Presentation (VP) token to be sent as part of an
+ * authorization response in an OpenID 4 Verifiable Presentations flow.
+ *
+ * @param nonce - The nonce provided by the relying party.
+ * @param client_id - The client identifier of the relying party.
+ * @param presentation - An object containing the verifiable credential, the claims to disclose,
+ *                       and the cryptographic context for signing.
+ * @returns An object containing the signed VP token (`vp_token`).
+ *
+ * @remarks
+ *  1. The `disclose()` function is used to produce a token with only the requested claims.
+ *  2. A KB-JWT is then signed, including sd_hash and `nonce`.
+ *  3. The `vp_token` is composed of the disclosed VP and the KB-JWT.
+ */
+export const prepareVpToken = async (
+  nonce: string,
+  client_id: string,
+  [verifiableCredential, requestedClaims, cryptoContext]: Presentation
+): Promise<{
+  vp_token: string;
+}> => {
+  // Produce a VP token with only requested claims from the verifiable credential
+  const { token: vp } = await disclose(verifiableCredential, requestedClaims);
+
+  // <Issuer-signed JWT>~<Disclosure 1>~<Disclosure N>~
+  const sd_hash = await sha256ToBase64(`${vp}~`);
+
+  const kbJwt = await new SignJWT(cryptoContext)
+    .setProtectedHeader({
+      typ: "kb+jwt",
+      alg: "ES256",
+    })
+    .setPayload({
+      sd_hash,
+      nonce: nonce,
+    })
+    .setAudience(client_id)
+    .setIssuedAt()
+    .sign();
+
+  // <Issuer-signed JWT>~<Disclosure 1>~...~<Disclosure N>~<KB-JWT>
+  const vp_token = [vp, kbJwt].join("~");
+
+  return { vp_token };
+};
+
 export { SdJwt4VC, Errors };

package/src/trust/chain.ts

@@ -42,8 +42,8 @@ export async function validateTrustChain(
     elementIndex === 0
       ? FirstElementShape
       : elementIndex === chain.length - 1
-      ? LastElementShape
-      : MiddleElementShape;
+        ? LastElementShape
+        : MiddleElementShape;
 
   // select the kid from the current index
   const selectKid = (currentIndex: number): string => {

package/src/trust/types.ts

@@ -1,6 +1,7 @@
 import { UnixTime } from "../sd-jwt/types";
 import { JWK } from "../utils/jwk";
 import * as z from "zod";
+import { PresentationDefinition } from "../credential/presentation/types";
 
 export const TrustMark = z.object({ id: z.string(), trust_mark: z.string() });
 export type TrustMark = z.infer<typeof TrustMark>;
@@ -11,6 +12,11 @@ const RelyingPartyMetadata = z.object({
   client_name: z.string().optional(),
   jwks: z.object({ keys: z.array(JWK) }),
   contacts: z.array(z.string()).optional(),
+  presentation_definition: PresentationDefinition.optional(),
+  request_uris: z.array(z.string()).optional(),
+  authorization_signed_response_alg: z.string().optional(),
+  authorization_encrypted_response_alg: z.string().optional(),
+  authorization_encrypted_response_enc: z.string().optional(),
 });
 
 // Display metadata for a credential, used by the issuer to
@@ -173,10 +179,24 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(
           token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
           request_object_signing_alg_values_supported: z.array(z.string()),
         }),
-        /** Credential Issuers act as Relying Party
-            when they require the presentation of other credentials.
-            This does not apply for PID issuance, which requires CIE authz. */
-        wallet_relying_party: RelyingPartyMetadata.optional(),
+        /**
+         * Credential Issuers act as Relying Party when they require the presentation of other credentials.
+         * This does not apply for PID issuance, which requires CIE authz.
+         */
+        openid_credential_verifier: RelyingPartyMetadata.optional(),
+        /**
+         * @deprecated use `openid_credential_verifier`
+         * TODO [SIW-2111]: remove after migrating to 0.9.x
+         */
+        wallet_relying_party: z
+          .object({
+            application_type: z.string().optional(),
+            client_id: z.string().optional(),
+            client_name: z.string().optional(),
+            jwks: z.object({ keys: z.array(JWK) }),
+            contacts: z.array(z.string()).optional(),
+          })
+          .optional(),
       }),
     }),
   })
@@ -190,7 +210,7 @@ export const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(
   z.object({
     payload: z.object({
       metadata: z.object({
-        wallet_relying_party: RelyingPartyMetadata,
+        openid_credential_verifier: RelyingPartyMetadata,
       }),
     }),
   })

package/src/trust/utils.ts

@@ -3,8 +3,7 @@ import {
   verify as verifyJwt,
 } from "@pagopa/io-react-native-jwt";
 
-import type { JWK } from "../utils/jwk";
-import type { JWTDecodeResult } from "@pagopa/io-react-native-jwt/lib/typescript/types";
+import type { JWK, JWTDecodeResult } from "../utils/jwk";
 
 export type ParsedToken = {
   header: JWTDecodeResult["protectedHeader"];
@@ -26,7 +25,11 @@ export const verify = async (
   return { header, payload };
 };
 
-export const decode = (token: string) => {
+/**
+ * Return type for this function is necessary to avoid an issue during the bob build process.
+ * It seems like typescript can't correctly infer the return type of the function.
+ */
+export const decode = (token: string): ParsedToken => {
   const { protectedHeader: header, payload } = decodeJwt(token);
   return { header, payload };
 };

package/src/utils/decoder.ts

@@ -1,5 +1,5 @@
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
-import type { JWTDecodeResult } from "@pagopa/io-react-native-jwt/lib/typescript/types";
+import type { JWTDecodeResult } from "./jwk";
 import { ValidationFailed } from "./errors";
 
 /*

package/src/utils/errors.ts

@@ -225,8 +225,8 @@ export const isWalletProviderResponseError = (
 type ErrorCodeMap<T> = T extends typeof IssuerResponseError
   ? IssuerResponseErrorCode
   : T extends typeof WalletProviderResponseError
-  ? WalletProviderResponseErrorCode
-  : never;
+    ? WalletProviderResponseErrorCode
+    : never;
 
 type ErrorCase<T> = {
   code: ErrorCodeMap<T>;

package/src/utils/jwk.ts

@@ -1,4 +1,4 @@
-import { removePadding } from "@pagopa/io-react-native-jwt";
+import { decode, removePadding } from "@pagopa/io-react-native-jwt";
 import { z } from "zod";
 
 export type JWK = z.infer<typeof JWK>;
@@ -58,3 +58,10 @@ export function fixBase64EncodingOnKey(key: JWK): JWK {
     ...(n ? { n: removePadding(n) } : {}),
   };
 }
+
+export type JWKS = z.infer<typeof JWKS>;
+export const JWKS = z.object({
+  keys: z.array(JWK),
+});
+
+export type JWTDecodeResult = ReturnType<typeof decode>;

package/src/utils/misc.ts

@@ -37,8 +37,8 @@ export const parseRawHttpResponse = <T extends Record<string, unknown>>(
 export type Out<FN> = FN extends (...args: any[]) => Promise<any>
   ? Awaited<ReturnType<FN>>
   : FN extends (...args: any[]) => any
-  ? ReturnType<FN>
-  : never;
+    ? ReturnType<FN>
+    : never;
 
 /**
  * TODO [SIW-1310]: replace this function with a cryptographically secure one.

package/lib/commonjs/credential/presentation/04-send-authorization-response.js

@@ -1,138 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.sendAuthorizationResponse = exports.AuthorizationResponse = void 0;
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _uuid = require("uuid");
-var WalletInstanceAttestation = _interopRequireWildcard(require("../../wallet-instance-attestation"));
-var _errors = require("./errors");
-var _misc = require("../../utils/misc");
-var _sdJwt = require("../../sd-jwt");
-var z = _interopRequireWildcard(require("zod"));
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z.string() /**
-                            FIXME: [SIW-627] we expect this value from every RP implementation
-                            Actually some RP does not return the value
-                            We make it optional to not break the flow.
-                            */.optional()
-});
-
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-exports.AuthorizationResponse = AuthorizationResponse;
-const chooseRSAPublicKeyToEncrypt = entity => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-
-  // No suitable key has been found
-  throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-};
-
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (requestObject, walletInstanceAttestation, _ref) => {
-  let [vc, claims, cryptoCtx] = _ref;
-  // this throws if vc cannot satisfy all the requested claims
-  const {
-    token: vp,
-    paths
-  } = await (0, _sdJwt.disclose)(vc, claims);
-
-  // obtain issuer from Wallet Instance
-  const {
-    payload: {
-      iss
-    }
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then(_ => _.kid);
-
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new _ioReactNativeJwt.SignJWT(cryptoCtx).setProtectedHeader({
-    typ: "JWT",
-    kid: pidKid
-  }).setPayload({
-    vp: vp,
-    jti: `${(0, _uuid.v4)()}`,
-    iss,
-    nonce: requestObject.nonce
-  }).setAudience(requestObject.response_uri).setIssuedAt().setExpirationTime("1h").sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${(0, _uuid.v4)()}`,
-    id: `${(0, _uuid.v4)()}`,
-    descriptor_map: paths.map(p => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt"
-    }))
-  };
-  return {
-    vp_token,
-    presentation_submission
-  };
-};
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-const sendAuthorizationResponse = async (requestObject, rpConf, presentation, _ref2) => {
-  let {
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref2;
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const {
-    vp_token,
-    presentation_submission
-  } = await prepareVpToken(requestObject, walletInstanceAttestation, presentation);
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token
-  });
-  const encrypted = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({
-    response: encrypted
-  });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body
-  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(AuthorizationResponse.parse);
-};
-exports.sendAuthorizationResponse = sendAuthorizationResponse;
-//# sourceMappingURL=04-send-authorization-response.js.map

package/lib/commonjs/credential/presentation/04-send-authorization-response.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_ioReactNativeJwt","require","_uuid","WalletInstanceAttestation","_interopRequireWildcard","_errors","_misc","_sdJwt","z","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationResponse","object","status","string","response_code","optional","exports","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","NoSuitableKeysFoundInEntityConfiguration","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","disclose","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","SignJWT","setProtectedHeader","typ","setPayload","jti","uuidv4","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","EncryptJwe","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","hasStatusOrThrow","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-send-authorization-response.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,yBAAA,GAAAC,uBAAA,CAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAEA,IAAAM,MAAA,GAAAN,OAAA;AAGA,IAAAO,CAAA,GAAAJ,uBAAA,CAAAH,OAAA;AAAyB,SAAAQ,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAN,wBAAAU,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGlB,MAAMW,qBAAqB,GAAGvB,CAAC,CAACwB,MAAM,CAAC;EAC5CC,MAAM,EAAEzB,CAAC,CAAC0B,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAE3B,CAAC,CACb0B,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAN,qBAAA,GAAAA,qBAAA;AAOA,MAAMO,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIQ,gDAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM,IAAAC,eAAQ,EAACN,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJM,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAG1D,yBAAyB,CAAC2D,MAAM,CAACX,yBAAyB,CAAC;EAE/D,MAAMY,MAAM,GAAG,MAAMR,SAAS,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAIC,yBAAO,CAACd,SAAS,CAAC,CAC1Ce,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVJ,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDS,UAAU,CAAC;IACVf,EAAE,EAAEA,EAAE;IACNgB,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;IAClBb,GAAG;IACHc,KAAK,EAAEzB,aAAa,CAACyB;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC1B,aAAa,CAAC2B,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAG/B,aAAa,CAACgC,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAE,IAAAV,QAAM,EAAC,CAAE,EAAC;IAC5BW,EAAE,EAAG,GAAE,IAAAX,QAAM,EAAC,CAAE,EAAC;IACjBY,cAAc,EAAE5B,KAAK,CAAC6B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAEtB,QAAQ;IAAEe;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClEzC,aAAa,EACb0C,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE7C;EAA0B,CAAC,GAAA2C,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAG3D,2BAA2B,CAACsD,MAAM,CAAC;EAExD,MAAM;IAAExB,QAAQ;IAAEe;EAAwB,CAAC,GAAG,MAAMlC,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzB0C,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEnD,aAAa,CAACmD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAEzB,aAAa,CAACyB,KAAK;IAC1BP;EACF,CAAC,CAAC;EAEF,MAAMkC,SAAS,GAAG,MAAM,IAAIC,4BAAU,CAACL,oBAAoB,EAAE;IAC3DM,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBtC,GAAG,EAAE8B,YAAY,CAAC9B;EACpB,CAAC,CAAC,CAACuC,OAAO,CAACT,YAAY,CAAC;EAExB,MAAMU,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEP;EAAU,CAAC,CAAC;EAC7D,MAAMQ,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOhB,QAAQ,CAAC7C,aAAa,CAAC2B,YAAY,EAAE;IAC1CmC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC7C,IAAI,CAAC,IAAAiD,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BjD,IAAI,CAAEkD,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBnD,IAAI,CAAClC,qBAAqB,CAACsF,KAAK,CAAC;AACtC,CAAC;AAAChF,OAAA,CAAAsD,yBAAA,GAAAA,yBAAA"}