@pagopa/io-react-native-wallet 0.28.0 → 0.28.2

package/lib/module/credential/issuance/04-complete-user-authorization.js

@@ -19,16 +19,18 @@ import { AuthorizationError, AuthorizationIdpError } from "./errors";
  * @param issuerRequestUri the URI of the issuer where the request is sent
  * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
  * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param idpHint Unique identifier of the IDP selected by the user
+ * @param idpHint Unique identifier of the IDP selected by the user (optional)
  * @returns An object containing the authorization URL
  */
 export const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerConf, idpHint) => {
   const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
   const params = new URLSearchParams({
     client_id: clientId,
-    request_uri: issuerRequestUri,
-    idphint: idpHint
+    request_uri: issuerRequestUri
   });
+  if (idpHint) {
+    params.append("idphint", idpHint);
+  }
   const authUrl = `${authzRequestEndpoint}?${params}`;
   return {
     authUrl

package/lib/module/credential/issuance/04-complete-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","encodeBase64","SignJWT","RequestObject","v4","uuidv4","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","idphint","authUrl","completeUserAuthorizationWithQueryMode","authRedirectUrl","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","requestObject","toString","method","then","res","text","jws","reqObj","safeParse","payload","success","message","reason","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","setProtectedHeader","alg","typ","setPayload","vp","jti","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","authResParsed","authErr","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,YAAY,EACZC,OAAO,QAEF,6BAA6B;AACpC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;;AAEpE;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV,gBAAgB;IAC7BW,OAAO,EAAER;EACX,CAAC,CAAC;EAEF,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzB,MAAMC,KAAK,GAAG7B,QAAQ,CAAC4B,eAAe,CAAC,CAACC,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,mCAAwE,GACnF,eAAAA,CAAOjB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBgB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D,MAAMlB,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,MAAMuB,aAAa,GAAG,MAAML,QAAQ,CACjC,GAAEd,oBAAqB,IAAGG,MAAM,CAACiB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACzC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKxC,MAAM,CAACwC,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKtC,aAAa,CAACuC,SAAS,CAACD,MAAM,CAACE,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACT,aAAa,CAACU,OAAO,EAAE;IAC1B,MAAM,IAAI7C,gBAAgB,CAAC;MACzB8C,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEZ,aAAa,CAACa,KAAK,CAACF;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOX,aAAa,CAACc,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,4CAA0F,GACrG,MAAAA,CAAOf,aAAa,EAAEgB,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzBzB,QAAQ,GAAGI;EACb,CAAC,GAAGiB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAIrD,OAAO,CAACiD,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEN,yBAAyB;IAC7BO,GAAG,EAAExD,MAAM,CAAC,CAAC,CAAC8B,QAAQ,CAAC,CAAC;IACxB2B,KAAK,EAAE5B,aAAa,CAAC4B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAC/B,aAAa,CAACgC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAIlE,OAAO,CAACkD,gBAAgB,CAAC,CACnDI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,GAAG;IACPQ,GAAG,EAAExD,MAAM,CAAC,CAAC,CAAC8B,QAAQ,CAAC,CAAC;IACxB2B,KAAK,EAAE5B,aAAa,CAAC4B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAC/B,aAAa,CAACgC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAEjE,MAAM,CAAC,CAAE,EAAC;IAC5BkE,EAAE,EAAG,GAAElE,MAAM,CAAC,CAAE,EAAC;IACjBmE,cAAc,EAAE,CACd;MACED,EAAE,EAAE,0BAA0B;MAC9BE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAG1E,YAAY,CACvC2E,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAE5C,aAAa,CAAC4C,KAAK;IAC1BC,uBAAuB,EAAEV,sBAAsB;IAC/CW,QAAQ,EAAE,CAACZ,UAAU,EAAEb,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM0B,IAAI,GAAG,IAAI9D,eAAe,CAAC;IAC/B+D,QAAQ,EAAEP;EACZ,CAAC,CAAC,CAACxC,QAAQ,CAAC,CAAC;EACb,MAAMgD,SAAS,GAAG,MAAMtD,QAAQ,CAACK,aAAa,CAACgC,YAAY,EAAE;IAC3D9B,MAAM,EAAE,MAAM;IACdgD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC5C,IAAI,CAACzC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuC,IAAI,CAAEgD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGjF,sBAAsB,CAACoC,SAAS,CAACyC,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC3C,OAAO,EAAE;IACxB,MAAM,IAAI7C,gBAAgB,CAAC;MACzB8C,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAEyC,WAAW,CAACxC,KAAK,CAACF;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMhB,QAAQ,CAAC0D,WAAW,CAACvC,IAAI,CAACwC,YAAY,CAAC,CACjDnD,IAAI,CAACzC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC9B,kBAAkB,CAAC,CACxB8B,IAAI,CAAEoD,KAAK,IAAK9D,0BAA0B,CAAC8D,KAAK,CAACC,UAAU,CAAC/C,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMhB,0BAA0B,GACrCgE,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGjG,wBAAwB,CAAC+C,SAAS,CAACiD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAAChD,OAAO,EAAE;IAC1B,MAAMiD,OAAO,GAAGnG,uBAAuB,CAACgD,SAAS,CAACiD,OAAO,CAAC;IAC1D,IAAI,CAACE,OAAO,CAACjD,OAAO,EAAE;MACpB,MAAM,IAAIpC,kBAAkB,CAACoF,aAAa,CAAC7C,KAAK,CAACF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAIpC,qBAAqB,CAC7BoF,OAAO,CAAC7C,IAAI,CAACD,KAAK,EAClB8C,OAAO,CAAC7C,IAAI,CAAC8C,iBACf,CAAC;EACH;EACA,OAAOF,aAAa,CAAC5C,IAAI;AAC3B,CAAC"}
+{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","encodeBase64","SignJWT","RequestObject","v4","uuidv4","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completeUserAuthorizationWithQueryMode","authRedirectUrl","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","requestObject","toString","method","then","res","text","jws","reqObj","safeParse","payload","success","message","reason","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","setProtectedHeader","alg","typ","setPayload","vp","jti","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","authResParsed","authErr","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,YAAY,EACZC,OAAO,QAEF,6BAA6B;AACpC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;;AAEpE;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXI,MAAM,CAACI,MAAM,CAAC,SAAS,EAAER,OAAO,CAAC;EACnC;EAEA,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzB,MAAMC,KAAK,GAAG7B,QAAQ,CAAC4B,eAAe,CAAC,CAACC,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,mCAAwE,GACnF,eAAAA,CAAOjB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBgB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D,MAAMlB,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,MAAMuB,aAAa,GAAG,MAAML,QAAQ,CACjC,GAAEd,oBAAqB,IAAGG,MAAM,CAACiB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACzC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKxC,MAAM,CAACwC,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKtC,aAAa,CAACuC,SAAS,CAACD,MAAM,CAACE,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACT,aAAa,CAACU,OAAO,EAAE;IAC1B,MAAM,IAAI7C,gBAAgB,CAAC;MACzB8C,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEZ,aAAa,CAACa,KAAK,CAACF;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOX,aAAa,CAACc,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,4CAA0F,GACrG,MAAAA,CAAOf,aAAa,EAAEgB,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzBzB,QAAQ,GAAGI;EACb,CAAC,GAAGiB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAIrD,OAAO,CAACiD,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEN,yBAAyB;IAC7BO,GAAG,EAAExD,MAAM,CAAC,CAAC,CAAC8B,QAAQ,CAAC,CAAC;IACxB2B,KAAK,EAAE5B,aAAa,CAAC4B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAC/B,aAAa,CAACgC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAIlE,OAAO,CAACkD,gBAAgB,CAAC,CACnDI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,GAAG;IACPQ,GAAG,EAAExD,MAAM,CAAC,CAAC,CAAC8B,QAAQ,CAAC,CAAC;IACxB2B,KAAK,EAAE5B,aAAa,CAAC4B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAC/B,aAAa,CAACgC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAEjE,MAAM,CAAC,CAAE,EAAC;IAC5BkE,EAAE,EAAG,GAAElE,MAAM,CAAC,CAAE,EAAC;IACjBmE,cAAc,EAAE,CACd;MACED,EAAE,EAAE,0BAA0B;MAC9BE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAG1E,YAAY,CACvC2E,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAE5C,aAAa,CAAC4C,KAAK;IAC1BC,uBAAuB,EAAEV,sBAAsB;IAC/CW,QAAQ,EAAE,CAACZ,UAAU,EAAEb,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM0B,IAAI,GAAG,IAAI9D,eAAe,CAAC;IAC/B+D,QAAQ,EAAEP;EACZ,CAAC,CAAC,CAACxC,QAAQ,CAAC,CAAC;EACb,MAAMgD,SAAS,GAAG,MAAMtD,QAAQ,CAACK,aAAa,CAACgC,YAAY,EAAE;IAC3D9B,MAAM,EAAE,MAAM;IACdgD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC5C,IAAI,CAACzC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuC,IAAI,CAAEgD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGjF,sBAAsB,CAACoC,SAAS,CAACyC,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC3C,OAAO,EAAE;IACxB,MAAM,IAAI7C,gBAAgB,CAAC;MACzB8C,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAEyC,WAAW,CAACxC,KAAK,CAACF;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMhB,QAAQ,CAAC0D,WAAW,CAACvC,IAAI,CAACwC,YAAY,CAAC,CACjDnD,IAAI,CAACzC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDuC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC9B,kBAAkB,CAAC,CACxB8B,IAAI,CAAEoD,KAAK,IAAK9D,0BAA0B,CAAC8D,KAAK,CAACC,UAAU,CAAC/C,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMhB,0BAA0B,GACrCgE,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGjG,wBAAwB,CAAC+C,SAAS,CAACiD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAAChD,OAAO,EAAE;IAC1B,MAAMiD,OAAO,GAAGnG,uBAAuB,CAACgD,SAAS,CAACiD,OAAO,CAAC;IAC1D,IAAI,CAACE,OAAO,CAACjD,OAAO,EAAE;MACpB,MAAM,IAAIpC,kBAAkB,CAACoF,aAAa,CAAC7C,KAAK,CAACF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAIpC,qBAAqB,CAC7BoF,OAAO,CAAC7C,IAAI,CAACD,KAAK,EAClB8C,OAAO,CAAC7C,IAAI,CAAC8C,iBACf,CAAC;EACH;EACA,OAAOF,aAAa,CAAC5C,IAAI;AAC3B,CAAC"}

package/lib/module/credential/presentation/01-start-flow.js

@@ -1,46 +1,35 @@
 import * as z from "zod";
-import { decodeBase64 } from "@pagopa/io-react-native-jwt";
-import { AuthRequestDecodeError } from "./errors";
-const QRCodePayload = z.object({
-  protocol: z.string(),
-  resource: z.string(),
-  // TODO: refine to known paths using literals
-  clientId: z.string(),
-  requestURI: z.string()
+import { InvalidQRCodeError } from "./errors";
+const PresentationParams = z.object({
+  clientId: z.string().nonempty(),
+  requestUri: z.string().url(),
+  requestUriMethod: z.enum(["get", "post"]),
+  state: z.string().optional()
 });
 
 /**
  * The beginning of the presentation flow.
  * To be implemented accordind to the user touchpoint
  *
- * @param Optional parameters, depending on the starting touchoint
+ * @param params Presentation parameters, depending on the starting touchoint
  * @returns The url for the Relying Party to connect with
  */
 
 /**
  * Start a presentation flow by decoding an incoming QR-code
  *
- * @param qrcode The encoded QR-code content
+ * @param params The encoded QR-code content
  * @returns The url for the Relying Party to connect with
  * @throws If the provided qr code fails to be decoded
  */
-export const startFlowFromQR = qrcode => {
-  const decoded = decodeBase64(qrcode);
-  const decodedUrl = new URL(decoded);
-  const protocol = decodedUrl.protocol;
-  const resource = decodedUrl.hostname;
-  const requestURI = decodedUrl.searchParams.get("request_uri");
-  const clientId = decodedUrl.searchParams.get("client_id");
-  const result = QRCodePayload.safeParse({
-    protocol,
-    resource,
-    requestURI,
-    clientId
+export const startFlowFromQR = params => {
+  const result = PresentationParams.safeParse({
+    ...params,
+    requestUriMethod: params.requestUriMethod ?? "get"
   });
   if (result.success) {
     return result.data;
-  } else {
-    throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
   }
+  throw new InvalidQRCodeError(result.error.message);
 };
 //# sourceMappingURL=01-start-flow.js.map

package/lib/module/credential/presentation/01-start-flow.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","decodeBase64","AuthRequestDecodeError","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decoded","decodedUrl","URL","hostname","searchParams","get","result","safeParse","success","data","error","message"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,YAAY,QAAQ,6BAA6B;AAC1D,SAASC,sBAAsB,QAAQ,UAAU;AAEjD,MAAMC,aAAa,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC7BC,QAAQ,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAEP,CAAC,CAACM,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAER,CAAC,CAACM,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAET,CAAC,CAACM,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMI,eAAoC,GAAIC,MAAM,IAAK;EAC9D,MAAMC,OAAO,GAAGX,YAAY,CAACU,MAAM,CAAC;EACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;EACnC,MAAMP,QAAQ,GAAGQ,UAAU,CAACR,QAAQ;EACpC,MAAME,QAAQ,GAAGM,UAAU,CAACE,QAAQ;EACpC,MAAMN,UAAU,GAAGI,UAAU,CAACG,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMT,QAAQ,GAAGK,UAAU,CAACG,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAMC,MAAM,GAAGf,aAAa,CAACgB,SAAS,CAAC;IACrCd,QAAQ;IACRE,QAAQ;IACRE,UAAU;IACVD;EACF,CAAC,CAAC;EAEF,IAAIU,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAInB,sBAAsB,CAACgB,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEV,UAAW,EAAC,CAAC;EACzE;AACF,CAAC"}
+{"version":3,"names":["z","InvalidQRCodeError","PresentationParams","object","clientId","string","nonempty","requestUri","url","requestUriMethod","enum","state","optional","startFlowFromQR","params","result","safeParse","success","data","error","message"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,kBAAkB,QAAQ,UAAU;AAE7C,MAAMC,kBAAkB,GAAGF,CAAC,CAACG,MAAM,CAAC;EAClCC,QAAQ,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC/BC,UAAU,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC,CAAC;EAC5BC,gBAAgB,EAAET,CAAC,CAACU,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;EACzCC,KAAK,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AAC7B,CAAC,CAAC;;AAGF;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAA0B,GAAIC,MAAM,IAAK;EACpD,MAAMC,MAAM,GAAGb,kBAAkB,CAACc,SAAS,CAAC;IAC1C,GAAGF,MAAM;IACTL,gBAAgB,EAAEK,MAAM,CAACL,gBAAgB,IAAI;EAC/C,CAAC,CAAC;EAEF,IAAIM,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB;EAEA,MAAM,IAAIjB,kBAAkB,CAACc,MAAM,CAACI,KAAK,CAACC,OAAO,CAAC;AACpD,CAAC"}

package/lib/module/credential/presentation/02-evaluate-rp-trust.js

@@ -13,13 +13,15 @@ export const evaluateRelyingPartyTrust = async function (rpUrl) {
   } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
   const {
     payload: {
-      metadata: rpConf
+      metadata: rpConf,
+      sub
     }
   } = await getRelyingPartyEntityConfiguration(rpUrl, {
     appFetch
   });
   return {
-    rpConf
+    rpConf,
+    subject: sub
   };
 };
 //# sourceMappingURL=02-evaluate-rp-trust.js.map

package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map

@@ -1 +1 @@
-{"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAAA,SAASA,kCAAkC,QAAQ,aAAa;AAchE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC;IAAO;EAC9B,CAAC,GAAG,MAAMV,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO;EAAO,CAAC;AACnB,CAAC"}
+{"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf","sub","subject"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAAA,SAASA,kCAAkC,QAAQ,aAAa;AAehE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC,MAAM;MAAEC;IAAI;EACnC,CAAC,GAAG,MAAMX,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO,MAAM;IAAEE,OAAO,EAAED;EAAI,CAAC;AACjC,CAAC"}

package/lib/module/credential/presentation/03-get-request-object.js

@@ -1,60 +1,48 @@
-import { v4 as uuidv4 } from "uuid";
-import { decode as decodeJwt, sha256ToBase64, verify } from "@pagopa/io-react-native-jwt";
-import { createDPopToken } from "../../utils/dpop";
-import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
 import { hasStatusOrThrow } from "../../utils/misc";
-import { RequestObject } from "./types";
+import { RequestObjectWalletCapabilities } from "./types";
 /**
- * Obtain the Request Object for RP authentication
+ * Obtain the Request Object for RP authentication. Both the GET and POST `request_uri_method` are supported.
  * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
  *
  * @param requestUri The url for the Relying Party to connect with
- * @param rpConf The Relying Party's configuration
- * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
+ * @param rpConf The Relying Party's configuration * @param context.walletInstanceAttestation The Wallet Instance Attestation token
+ * @param context.walletCapabilities (optional) An object containing the wallet technical capabilities that will be sent with a POST request
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
  * @returns The Request Object that describes the presentation
  */
-export const getRequestObject = async (requestUri, rpConf, _ref) => {
+export const getRequestObject = async function (requestUri) {
   let {
-    wiaCryptoContext,
     appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref;
-  const signedWalletInstanceDPoP = await createDPopToken({
-    jti: `${uuidv4()}`,
-    htm: "GET",
-    htu: requestUri,
-    ath: await sha256ToBase64(walletInstanceAttestation)
-  }, wiaCryptoContext);
-  const responseEncodedJwt = await appFetch(requestUri, {
-    method: "GET",
-    headers: {
-      Authorization: `DPoP ${walletInstanceAttestation}`,
-      DPoP: signedWalletInstanceDPoP
-    }
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(responseJson => responseJson.response);
-  const responseJwt = decodeJwt(responseEncodedJwt);
-
-  // verify token signature according to RP's entity configuration
-  // to ensure the request object is authentic
-  {
-    const pubKey = rpConf.wallet_relying_party.jwks.keys.find(_ref2 => {
-      let {
-        kid
-      } = _ref2;
-      return kid === responseJwt.protectedHeader.kid;
+    walletCapabilities
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  if (walletCapabilities) {
+    // Validate external input
+    const {
+      wallet_metadata,
+      wallet_nonce
+    } = RequestObjectWalletCapabilities.parse(walletCapabilities);
+    const formUrlEncodedBody = new URLSearchParams({
+      wallet_metadata: JSON.stringify(wallet_metadata),
+      ...(wallet_nonce && {
+        wallet_nonce
+      })
     });
-    if (!pubKey) {
-      throw new NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
-    }
-    await verify(responseEncodedJwt, pubKey);
+    const requestObjectEncodedJwt = await appFetch(requestUri, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: formUrlEncodedBody.toString()
+    }).then(hasStatusOrThrow(200)).then(res => res.text());
+    return {
+      requestObjectEncodedJwt
+    };
   }
-
-  // Ensure that the request object conforms to the expected specification.
-  const requestObject = RequestObject.parse(responseJwt.payload);
+  const requestObjectEncodedJwt = await appFetch(requestUri, {
+    method: "GET"
+  }).then(hasStatusOrThrow(200)).then(res => res.text());
   return {
-    requestObject
+    requestObjectEncodedJwt
   };
 };
 //# sourceMappingURL=03-get-request-object.js.map

package/lib/module/credential/presentation/03-get-request-object.js.map

@@ -1 +1 @@
-{"version":3,"names":["v4","uuidv4","decode","decodeJwt","sha256ToBase64","verify","createDPopToken","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","RequestObject","getRequestObject","requestUri","rpConf","_ref","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","signedWalletInstanceDPoP","jti","htm","htu","ath","responseEncodedJwt","method","headers","Authorization","DPoP","then","res","json","responseJson","response","responseJwt","pubKey","wallet_relying_party","jwks","keys","find","_ref2","kid","protectedHeader","requestObject","parse","payload"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":"AAAA,SAASA,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SACEC,MAAM,IAAIC,SAAS,EACnBC,cAAc,EACdC,MAAM,QAED,6BAA6B;AAEpC,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,wCAAwC,QAAQ,UAAU;AAEnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,aAAa,QAAQ,SAAS;AAYvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,MAAM,EAAAC,IAAA,KAEH;EAAA,IADH;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAA0B,CAAC,GAAAJ,IAAA;EAEjE,MAAMK,wBAAwB,GAAG,MAAMZ,eAAe,CACpD;IACEa,GAAG,EAAG,GAAElB,MAAM,CAAC,CAAE,EAAC;IAClBmB,GAAG,EAAE,KAAK;IACVC,GAAG,EAAEV,UAAU;IACfW,GAAG,EAAE,MAAMlB,cAAc,CAACa,yBAAyB;EACrD,CAAC,EACDH,gBACF,CAAC;EAED,MAAMS,kBAAkB,GAAG,MAAMR,QAAQ,CAACJ,UAAU,EAAE;IACpDa,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MACPC,aAAa,EAAG,QAAOT,yBAA0B,EAAC;MAClDU,IAAI,EAAET;IACR;EACF,CAAC,CAAC,CACCU,IAAI,CAACpB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BoB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,YAAY,IAAKA,YAAY,CAACC,QAAQ,CAAC;EAEhD,MAAMC,WAAW,GAAG9B,SAAS,CAACoB,kBAAkB,CAAC;;EAEjD;EACA;EACA;IACE,MAAMW,MAAM,GAAGtB,MAAM,CAACuB,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,IAAI,CACvDC,KAAA;MAAA,IAAC;QAAEC;MAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,GAAG,KAAKP,WAAW,CAACQ,eAAe,CAACD,GAAG;IAAA,CACtD,CAAC;IACD,IAAI,CAACN,MAAM,EAAE;MACX,MAAM,IAAI3B,wCAAwC,CAChD,uCACF,CAAC;IACH;IACA,MAAMF,MAAM,CAACkB,kBAAkB,EAAEW,MAAM,CAAC;EAC1C;;EAEA;EACA,MAAMQ,aAAa,GAAGjC,aAAa,CAACkC,KAAK,CAACV,WAAW,CAACW,OAAO,CAAC;EAE9D,OAAO;IACLF;EACF,CAAC;AACH,CAAC"}
+{"version":3,"names":["hasStatusOrThrow","RequestObjectWalletCapabilities","getRequestObject","requestUri","appFetch","fetch","walletCapabilities","arguments","length","undefined","wallet_metadata","wallet_nonce","parse","formUrlEncodedBody","URLSearchParams","JSON","stringify","requestObjectEncodedJwt","method","headers","body","toString","then","res","text"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,+BAA+B,QAAQ,SAAS;AAUzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,eAAAA,CAChDC,UAAU,EAEP;EAAA,IADH;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAAmB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE7C,IAAID,kBAAkB,EAAE;IACtB;IACA,MAAM;MAAEI,eAAe;MAAEC;IAAa,CAAC,GACrCV,+BAA+B,CAACW,KAAK,CAACN,kBAAkB,CAAC;IAE3D,MAAMO,kBAAkB,GAAG,IAAIC,eAAe,CAAC;MAC7CJ,eAAe,EAAEK,IAAI,CAACC,SAAS,CAACN,eAAe,CAAC;MAChD,IAAIC,YAAY,IAAI;QAAEA;MAAa,CAAC;IACtC,CAAC,CAAC;IAEF,MAAMM,uBAAuB,GAAG,MAAMb,QAAQ,CAACD,UAAU,EAAE;MACzDe,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEP,kBAAkB,CAACQ,QAAQ,CAAC;IACpC,CAAC,CAAC,CACCC,IAAI,CAACtB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BsB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;IAE5B,OAAO;MACLP;IACF,CAAC;EACH;EAEA,MAAMA,uBAAuB,GAAG,MAAMb,QAAQ,CAACD,UAAU,EAAE;IACzDe,MAAM,EAAE;EACV,CAAC,CAAC,CACCI,IAAI,CAACtB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BsB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,OAAO;IACLP;EACF,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/04-retrieve-rp-jwks.js

@@ -0,0 +1,25 @@
+/**
+ * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
+ *
+ * @template T - The tuple type representing the function arguments.
+ * @param args - The arguments passed to the function.
+ * @returns A promise resolving to an object containing an array of JWKs.
+ */
+
+/**
+ * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.
+ *
+ * @param rpConfig - The configuration object of the Relying Party entity.
+ * @returns An object containing an array of JWKs.
+ * @throws Will throw an error if the configuration is invalid or if JWKS is not found.
+ */
+export const getJwksFromConfig = rpConfig => {
+  const jwks = rpConfig.openid_credential_verifier.jwks;
+  if (!jwks || !Array.isArray(jwks.keys)) {
+    throw new Error("JWKS not found in Relying Party configuration.");
+  }
+  return {
+    keys: jwks.keys
+  };
+};
+//# sourceMappingURL=04-retrieve-rp-jwks.js.map

package/lib/module/credential/presentation/04-retrieve-rp-jwks.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getJwksFromConfig","rpConfig","jwks","openid_credential_verifier","Array","isArray","keys","Error"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-retrieve-rp-jwks.ts"],"mappings":"AAGA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMA,iBAEZ,GAAIC,QAAQ,IAAK;EAChB,MAAMC,IAAI,GAAGD,QAAQ,CAACE,0BAA0B,CAACD,IAAI;EAErD,IAAI,CAACA,IAAI,IAAI,CAACE,KAAK,CAACC,OAAO,CAACH,IAAI,CAACI,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIC,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLD,IAAI,EAAEJ,IAAI,CAACI;EACb,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/05-verify-request-object.js

@@ -0,0 +1,53 @@
+import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
+import { UnverifiedEntityError } from "./errors";
+import { RequestObject } from "./types";
+import { getJwksFromConfig } from "./04-retrieve-rp-jwks";
+/**
+ * Function to verify the Request Object's signature and the client ID.
+ * @param requestObjectEncodedJwt The Request Object in JWT format
+ * @param context.clientId The client ID to verify
+ * @param context.rpConf The Entity Configuration of the Relying Party
+ * @param context.state Optional state
+ * @returns The verified Request Object
+ */
+export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
+  let {
+    clientId,
+    rpConf,
+    rpSubject,
+    state
+  } = _ref;
+  const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
+  const {
+    keys
+  } = getJwksFromConfig(rpConf);
+
+  // Verify token signature to ensure the request object is authentic
+  const pubKey = keys === null || keys === void 0 ? void 0 : keys.find(_ref2 => {
+    let {
+      kid
+    } = _ref2;
+    return kid === requestObjectJwt.protectedHeader.kid;
+  });
+  if (!pubKey) {
+    throw new UnverifiedEntityError("Request Object signature verification!");
+  }
+
+  // Standard claims are verified within `verify`
+  await verify(requestObjectEncodedJwt, pubKey, {
+    issuer: clientId
+  });
+  const requestObject = RequestObject.parse(requestObjectJwt.payload);
+  const isClientIdMatch = clientId === requestObject.client_id && clientId === rpSubject;
+  if (!isClientIdMatch) {
+    throw new UnverifiedEntityError("Client ID does not match Request Object or Entity Configuration");
+  }
+  const isStateMatch = state && requestObject.state ? state === requestObject.state : true;
+  if (!isStateMatch) {
+    throw new UnverifiedEntityError("State does not match Request Object");
+  }
+  return {
+    requestObject
+  };
+};
+//# sourceMappingURL=05-verify-request-object.js.map

package/lib/module/credential/presentation/05-verify-request-object.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["decode","decodeJwt","verify","UnverifiedEntityError","RequestObject","getJwksFromConfig","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","rpSubject","state","requestObjectJwt","keys","pubKey","find","_ref2","kid","protectedHeader","issuer","requestObject","parse","payload","isClientIdMatch","client_id","isStateMatch"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AAEzE,SAASC,qBAAqB,QAAQ,UAAU;AAChD,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,iBAAiB,QAAQ,uBAAuB;AAYzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAwC,GAAG,MAAAA,CACtDC,uBAAuB,EAAAC,IAAA,KAEpB;EAAA,IADH;IAAEC,QAAQ;IAAEC,MAAM;IAAEC,SAAS;IAAEC;EAAM,CAAC,GAAAJ,IAAA;EAEtC,MAAMK,gBAAgB,GAAGZ,SAAS,CAACM,uBAAuB,CAAC;EAC3D,MAAM;IAAEO;EAAK,CAAC,GAAGT,iBAAiB,CAACK,MAAM,CAAC;;EAE1C;EACA,MAAMK,MAAM,GAAGD,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAEE,IAAI,CACvBC,KAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,GAAG,KAAKL,gBAAgB,CAACM,eAAe,CAACD,GAAG;EAAA,CAC3D,CAAC;EAED,IAAI,CAACH,MAAM,EAAE;IACX,MAAM,IAAIZ,qBAAqB,CAAC,wCAAwC,CAAC;EAC3E;;EAEA;EACA,MAAMD,MAAM,CAACK,uBAAuB,EAAEQ,MAAM,EAAE;IAAEK,MAAM,EAAEX;EAAS,CAAC,CAAC;EAEnE,MAAMY,aAAa,GAAGjB,aAAa,CAACkB,KAAK,CAACT,gBAAgB,CAACU,OAAO,CAAC;EAEnE,MAAMC,eAAe,GACnBf,QAAQ,KAAKY,aAAa,CAACI,SAAS,IAAIhB,QAAQ,KAAKE,SAAS;EAEhE,IAAI,CAACa,eAAe,EAAE;IACpB,MAAM,IAAIrB,qBAAqB,CAC7B,iEACF,CAAC;EACH;EAEA,MAAMuB,YAAY,GAChBd,KAAK,IAAIS,aAAa,CAACT,KAAK,GAAGA,KAAK,KAAKS,aAAa,CAACT,KAAK,GAAG,IAAI;EAErE,IAAI,CAACc,YAAY,EAAE;IACjB,MAAM,IAAIvB,qBAAqB,CAAC,qCAAqC,CAAC;EACxE;EAEA,OAAO;IAAEkB;EAAc,CAAC;AAC1B,CAAC"}

package/lib/module/credential/presentation/06-fetch-presentation-definition.js

@@ -0,0 +1,32 @@
+/**
+ * Retrieves a PresentationDefinition based on the given parameters.
+ *
+ * The method attempts the following strategies in order:
+ * 1. Checks if `presentation_definition` is directly available in the request object.
+ * 2. Uses a pre-configured `presentation_definition` from the relying party configuration if the `scope` is present in the request object.
+ *
+ * If none of the above conditions are met, the function throws an error indicating the definition could not be found. Note that `presentation_definition_uri` is not supported in 0.9.x.
+ *
+ * @param {RequestObject} requestObject - The request object containing the presentation definition or references to it.
+ * @param {RelyingPartyEntityConfiguration["payload"]["metadata"]} [rpConf] - Optional relying party configuration.
+ * @returns {Promise<{ presentationDefinition: PresentationDefinition }>} - Resolves with the presentation definition.
+ * @throws {Error} - Throws if the presentation definition cannot be found or fetched.
+ */
+export const fetchPresentDefinition = async (requestObject, rpConf) => {
+  var _rpConf$openid_creden;
+  // Check if `presentation_definition` is directly available in the request object
+  if (requestObject.presentation_definition) {
+    return {
+      presentationDefinition: requestObject.presentation_definition
+    };
+  }
+
+  // Check if `scope` is present in the request object and a pre-configured presentation definition exists
+  if (requestObject.scope && rpConf !== null && rpConf !== void 0 && (_rpConf$openid_creden = rpConf.openid_credential_verifier) !== null && _rpConf$openid_creden !== void 0 && _rpConf$openid_creden.presentation_definition) {
+    return {
+      presentationDefinition: rpConf.openid_credential_verifier.presentation_definition
+    };
+  }
+  throw new Error("Presentation definition not found");
+};
+//# sourceMappingURL=06-fetch-presentation-definition.js.map

package/lib/module/credential/presentation/06-fetch-presentation-definition.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["fetchPresentDefinition","requestObject","rpConf","_rpConf$openid_creden","presentation_definition","presentationDefinition","scope","openid_credential_verifier","Error"],"sourceRoot":"../../../../src","sources":["credential/presentation/06-fetch-presentation-definition.ts"],"mappings":"AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMA,sBAAmD,GAAG,MAAAA,CACjEC,aAAa,EACbC,MAAM,KACH;EAAA,IAAAC,qBAAA;EACH;EACA,IAAIF,aAAa,CAACG,uBAAuB,EAAE;IACzC,OAAO;MACLC,sBAAsB,EAAEJ,aAAa,CAACG;IACxC,CAAC;EACH;;EAEA;EACA,IACEH,aAAa,CAACK,KAAK,IACnBJ,MAAM,aAANA,MAAM,gBAAAC,qBAAA,GAAND,MAAM,CAAEK,0BAA0B,cAAAJ,qBAAA,eAAlCA,qBAAA,CAAoCC,uBAAuB,EAC3D;IACA,OAAO;MACLC,sBAAsB,EACpBH,MAAM,CAACK,0BAA0B,CAACH;IACtC,CAAC;EACH;EAEA,MAAM,IAAII,KAAK,CAAC,mCAAmC,CAAC;AACtD,CAAC"}

package/lib/module/credential/presentation/07-evaluate-dcql-query.js

@@ -0,0 +1,127 @@
+import { DcqlQuery, DcqlError, DcqlCredentialSetError } from "dcql";
+import { isValiError } from "valibot";
+import { decode, prepareVpToken } from "../../sd-jwt";
+import { ValidationFailed } from "../../utils/errors";
+import { createCryptoContextFor } from "../../utils/crypto";
+
+/**
+ * The purpose for the credential request by the RP.
+ */
+
+/**
+ * Convert a credential in JWT format to an object with claims
+ * for correct parsing by the `dcql` library.
+ */
+const mapCredentialToObject = jwt => {
+  const {
+    sdJwt,
+    disclosures
+  } = decode(jwt);
+  const credentialFormat = sdJwt.header.typ;
+
+  // TODO [SIW-2082]: support MDOC credentials
+  if (credentialFormat !== "vc+sd-jwt") {
+    throw new Error(`Unsupported credential format: ${credentialFormat}`);
+  }
+  return {
+    vct: sdJwt.payload.vct,
+    credential_format: credentialFormat,
+    claims: disclosures.reduce((acc, disclosure) => ({
+      ...acc,
+      [disclosure.decoded[1]]: disclosure.decoded
+    }), {})
+  };
+};
+
+/**
+ * Extract only successful matches from the DCQL query result.
+ */
+const getDcqlQueryMatches = result => Object.entries(result.credential_matches).filter(_ref => {
+  let [, match] = _ref;
+  return match.success === true;
+});
+export const evaluateDcqlQuery = (credentialsSdJwt, query) => {
+  const credentials = credentialsSdJwt.map(_ref2 => {
+    let [, credential] = _ref2;
+    return mapCredentialToObject(credential);
+  });
+  try {
+    // Validate the query
+    const parsedQuery = DcqlQuery.parse(query);
+    DcqlQuery.validate(parsedQuery);
+    const queryResult = DcqlQuery.query(parsedQuery, credentials);
+    if (!queryResult.canBeSatisfied) {
+      throw new Error("No credential can satisfy the provided DCQL query");
+    }
+    // Build an object vct:credentialJwt to map matched credentials to their JWT
+    const credentialsSdJwtByVct = credentials.reduce((acc, c, i) => ({
+      ...acc,
+      [c.vct]: credentialsSdJwt[i]
+    }), {});
+    return getDcqlQueryMatches(queryResult).map(_ref3 => {
+      var _queryResult$credenti;
+      let [id, match] = _ref3;
+      if (match.output.credential_format !== "vc+sd-jwt") {
+        throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
+      }
+
+      const {
+        vct,
+        claims
+      } = match.output;
+      const purposes = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 || (_queryResult$credenti = _queryResult$credenti.filter(set => {
+        var _set$matching_options;
+        return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(id);
+      })) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.map(credentialSet => {
+        var _credentialSet$purpos;
+        return {
+          description: (_credentialSet$purpos = credentialSet.purpose) === null || _credentialSet$purpos === void 0 ? void 0 : _credentialSet$purpos.toString(),
+          required: Boolean(credentialSet.required)
+        };
+      });
+      const [keyTag, credential] = credentialsSdJwtByVct[vct];
+      const requiredDisclosures = Object.values(claims);
+      return {
+        id,
+        vct,
+        keyTag,
+        credential,
+        requiredDisclosures,
+        // When it is a match but no credential_sets are found, the credential is required by default
+        // See https://openid.net/specs/openid-4-verifiable-presentations-1_0-24.html#section-6.3.1.2-2.1
+        purposes: purposes ?? [{
+          required: true
+        }]
+      };
+    });
+  } catch (error) {
+    // Invalid DCQL query structure
+    if (isValiError(error)) {
+      throw new ValidationFailed({
+        message: "Invalid DCQL query",
+        reason: error.issues.map(issue => issue.message).join(", ")
+      });
+    }
+    if (error instanceof DcqlError) {
+      // TODO [SIW-2110]: handle invalid DQCL query or let the error propagate
+    }
+    if (error instanceof DcqlCredentialSetError) {
+      // TODO [SIW-2110]: handle missing credentials or let the error propagate
+    }
+    throw error;
+  }
+};
+export const prepareRemotePresentations = async (credentials, nonce, clientId) => {
+  return Promise.all(credentials.map(async item => {
+    const {
+      vp_token
+    } = await prepareVpToken(nonce, clientId, [item.credential, item.requestedClaims, createCryptoContextFor(item.keyTag)]);
+    return {
+      credentialId: item.id,
+      requestedClaims: item.requestedClaims,
+      vpToken: vp_token,
+      format: "vc+sd-jwt"
+    };
+  }));
+};
+//# sourceMappingURL=07-evaluate-dcql-query.js.map

package/lib/module/credential/presentation/07-evaluate-dcql-query.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["DcqlQuery","DcqlError","DcqlCredentialSetError","isValiError","decode","prepareVpToken","ValidationFailed","createCryptoContextFor","mapCredentialToObject","jwt","sdJwt","disclosures","credentialFormat","header","typ","Error","vct","payload","credential_format","claims","reduce","acc","disclosure","decoded","getDcqlQueryMatches","result","Object","entries","credential_matches","filter","_ref","match","success","evaluateDcqlQuery","credentialsSdJwt","query","credentials","map","_ref2","credential","parsedQuery","parse","validate","queryResult","canBeSatisfied","credentialsSdJwtByVct","c","i","_ref3","_queryResult$credenti","id","output","purposes","credential_sets","set","_set$matching_options","matching_options","flat","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","keyTag","requiredDisclosures","values","error","message","reason","issues","issue","join","prepareRemotePresentations","nonce","clientId","Promise","all","item","vp_token","requestedClaims","credentialId","vpToken","format"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-dcql-query.ts"],"mappings":"AAAA,SACEA,SAAS,EACTC,SAAS,EACTC,sBAAsB,QAEjB,MAAM;AACb,SAASC,WAAW,QAAQ,SAAS;AACrC,SAASC,MAAM,EAAEC,cAAc,QAAQ,cAAc;AAErD,SAASC,gBAAgB,QAAQ,oBAAoB;AACrD,SAASC,sBAAsB,QAAQ,oBAAoB;;AAG3D;AACA;AACA;;AAkCA;AACA;AACA;AACA;AACA,MAAMC,qBAAqB,GAAIC,GAAW,IAAK;EAC7C,MAAM;IAAEC,KAAK;IAAEC;EAAY,CAAC,GAAGP,MAAM,CAACK,GAAG,CAAC;EAC1C,MAAMG,gBAAgB,GAAGF,KAAK,CAACG,MAAM,CAACC,GAAG;;EAEzC;EACA,IAAIF,gBAAgB,KAAK,WAAW,EAAE;IACpC,MAAM,IAAIG,KAAK,CAAE,kCAAiCH,gBAAiB,EAAC,CAAC;EACvE;EAEA,OAAO;IACLI,GAAG,EAAEN,KAAK,CAACO,OAAO,CAACD,GAAG;IACtBE,iBAAiB,EAAEN,gBAAgB;IACnCO,MAAM,EAAER,WAAW,CAACS,MAAM,CACxB,CAACC,GAAG,EAAEC,UAAU,MAAM;MACpB,GAAGD,GAAG;MACN,CAACC,UAAU,CAACC,OAAO,CAAC,CAAC,CAAC,GAAGD,UAAU,CAACC;IACtC,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,MAAMC,mBAAmB,GAAIC,MAAuB,IAClDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CC,IAAA;EAAA,IAAC,GAAGC,KAAK,CAAC,GAAAD,IAAA;EAAA,OAAKC,KAAK,CAACC,OAAO,KAAK,IAAI;AAAA,CACvC,CAAiC;AAEnC,OAAO,MAAMC,iBAAoC,GAAGA,CAClDC,gBAAgB,EAChBC,KAAK,KACF;EACH,MAAMC,WAAW,GAAGF,gBAAgB,CAACG,GAAG,CAACC,KAAA;IAAA,IAAC,GAAGC,UAAU,CAAC,GAAAD,KAAA;IAAA,OACtD9B,qBAAqB,CAAC+B,UAAU,CAAC;EAAA,CACnC,CAAC;EAED,IAAI;IACF;IACA,MAAMC,WAAW,GAAGxC,SAAS,CAACyC,KAAK,CAACN,KAAK,CAAC;IAC1CnC,SAAS,CAAC0C,QAAQ,CAACF,WAAW,CAAC;IAE/B,MAAMG,WAAW,GAAG3C,SAAS,CAACmC,KAAK,CAACK,WAAW,EAAEJ,WAAW,CAAC;IAE7D,IAAI,CAACO,WAAW,CAACC,cAAc,EAAE;MAC/B,MAAM,IAAI7B,KAAK,CAAC,mDAAmD,CAAC;IACtE;IACA;IACA,MAAM8B,qBAAqB,GAAGT,WAAW,CAAChB,MAAM,CAC9C,CAACC,GAAG,EAAEyB,CAAC,EAAEC,CAAC,MAAM;MAAE,GAAG1B,GAAG;MAAE,CAACyB,CAAC,CAAC9B,GAAG,GAAGkB,gBAAgB,CAACa,CAAC;IAAG,CAAC,CAAC,EAC1D,CAAC,CACH,CAAC;IAED,OAAOvB,mBAAmB,CAACmB,WAAW,CAAC,CAACN,GAAG,CAACW,KAAA,IAAiB;MAAA,IAAAC,qBAAA;MAAA,IAAhB,CAACC,EAAE,EAAEnB,KAAK,CAAC,GAAAiB,KAAA;MACtD,IAAIjB,KAAK,CAACoB,MAAM,CAACjC,iBAAiB,KAAK,WAAW,EAAE;QAClD,MAAM,IAAIH,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;MACzC;;MACA,MAAM;QAAEC,GAAG;QAAEG;MAAO,CAAC,GAAGY,KAAK,CAACoB,MAAM;MAEpC,MAAMC,QAAQ,IAAAH,qBAAA,GAAGN,WAAW,CAACU,eAAe,cAAAJ,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACbpB,MAAM,CAAEyB,GAAG;QAAA,IAAAC,qBAAA;QAAA,QAAAA,qBAAA,GAAKD,GAAG,CAACE,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBE,IAAI,CAAC,CAAC,CAACC,QAAQ,CAACR,EAAE,CAAC;MAAA,EAAC,cAAAD,qBAAA,uBAD7CA,qBAAA,CAEbZ,GAAG,CAAqBsB,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAM,CAACE,MAAM,EAAE3B,UAAU,CAAC,GAAGM,qBAAqB,CAAC7B,GAAG,CAAE;MACxD,MAAMmD,mBAAmB,GAAGzC,MAAM,CAAC0C,MAAM,CAACjD,MAAM,CAAiB;MACjE,OAAO;QACL+B,EAAE;QACFlC,GAAG;QACHkD,MAAM;QACN3B,UAAU;QACV4B,mBAAmB;QACnB;QACA;QACAf,QAAQ,EAAEA,QAAQ,IAAI,CAAC;UAAEY,QAAQ,EAAE;QAAK,CAAC;MAC3C,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOK,KAAK,EAAE;IACd;IACA,IAAIlE,WAAW,CAACkE,KAAK,CAAC,EAAE;MACtB,MAAM,IAAI/D,gBAAgB,CAAC;QACzBgE,OAAO,EAAE,oBAAoB;QAC7BC,MAAM,EAAEF,KAAK,CAACG,MAAM,CAACnC,GAAG,CAAEoC,KAAK,IAAKA,KAAK,CAACH,OAAO,CAAC,CAACI,IAAI,CAAC,IAAI;MAC9D,CAAC,CAAC;IACJ;IAEA,IAAIL,KAAK,YAAYpE,SAAS,EAAE;MAC9B;IAAA;IAEF,IAAIoE,KAAK,YAAYnE,sBAAsB,EAAE;MAC3C;IAAA;IAEF,MAAMmE,KAAK;EACb;AACF,CAAC;AAED,OAAO,MAAMM,0BAAsD,GAAG,MAAAA,CACpEvC,WAAW,EACXwC,KAAK,EACLC,QAAQ,KACL;EACH,OAAOC,OAAO,CAACC,GAAG,CAChB3C,WAAW,CAACC,GAAG,CAAC,MAAO2C,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAS,CAAC,GAAG,MAAM5E,cAAc,CAACuE,KAAK,EAAEC,QAAQ,EAAE,CACzDG,IAAI,CAACzC,UAAU,EACfyC,IAAI,CAACE,eAAe,EACpB3E,sBAAsB,CAACyE,IAAI,CAACd,MAAM,CAAC,CACpC,CAAC;IAEF,OAAO;MACLiB,YAAY,EAAEH,IAAI,CAAC9B,EAAE;MACrBgC,eAAe,EAAEF,IAAI,CAACE,eAAe;MACrCE,OAAO,EAAEH,QAAQ;MACjBI,MAAM,EAAE;IACV,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC"}