npm - @pagopa/io-react-native-wallet - Versions diffs - 0.28.2 → 0.30.0 - Mend

@pagopa/io-react-native-wallet 0.28.2 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (173) hide show

package/src/credential/presentation/08-send-authorization-response.ts CHANGED Viewed

@@ -7,12 +7,18 @@ import { hasStatusOrThrow, type Out } from "../../utils/misc";
 import {
   type RemotePresentation,
   DirectAuthorizationBodyPayload,
+  ErrorResponse,
   type LegacyRemotePresentation,
-  LegacyDirectAuthorizationBodyPayload,
 } from "./types";
 import * as z from "zod";
 import type { JWK } from "../../utils/jwk";
 import type { RelyingPartyEntityConfiguration } from "../../trust";
+import {
+  RelyingPartyResponseError,
+  ResponseErrorBuilder,
+  UnexpectedStatusCodeError,
+  RelyingPartyResponseErrorCodes,
+} from "../../utils/errors";
 export type AuthorizationResponse = z.infer<typeof AuthorizationResponse>;
 export const AuthorizationResponse = z.object({
@@ -61,7 +67,7 @@ export const choosePublicKeyToEncrypt = (
 export const buildDirectPostJwtBody = async (
   requestObject: Out<VerifyRequestObject>["requestObject"],
   rpConf: RelyingPartyEntityConfiguration["payload"]["metadata"],
-  payload: DirectAuthorizationBodyPayload | LegacyDirectAuthorizationBodyPayload
+  payload: DirectAuthorizationBodyPayload
 ): Promise<string> => {
   type Jwe = ConstructorParameters<typeof EncryptJwe>[1];
@@ -98,6 +104,34 @@ export const buildDirectPostJwtBody = async (
   return formBody.toString();
 };
+/**
+ * Builds a URL-encoded form body for a direct POST response without encryption.
+ *
+ * @param requestObject - Contains state, nonce, and other relevant info.
+ * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
+ * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
+ */
+export const buildDirectPostBody = async (
+  requestObject: Out<VerifyRequestObject>["requestObject"],
+  payload: DirectAuthorizationBodyPayload
+): Promise<string> => {
+  const formUrlEncodedBody = new URLSearchParams({
+    ...(requestObject.state && { state: requestObject.state }),
+    ...Object.entries(payload).reduce(
+      (acc, [key, value]) => ({
+        ...acc,
+        [key]:
+          Array.isArray(value) || typeof value === "object"
+            ? JSON.stringify(value)
+            : value,
+      }),
+      {} as Record<string, string>
+    ),
+  });
+  return formUrlEncodedBody.toString();
+};
 /**
  * Type definition for the function that sends the authorization response
  * to the Relying Party, completing the presentation flow.
@@ -218,5 +252,78 @@ export const sendAuthorizationResponse: SendAuthorizationResponse = async (
   })
     .then(hasStatusOrThrow(200))
     .then((res) => res.json())
-    .then(AuthorizationResponse.parse);
+    .then(AuthorizationResponse.parse)
+    .catch(handleAuthorizationResponseError);
+};
+/**
+ * Type definition for the function that sends the authorization response
+ * to the Relying Party, completing the presentation flow.
+ */
+export type SendAuthorizationErrorResponse = (
+  requestObject: Out<VerifyRequestObject>["requestObject"],
+  error: { error: ErrorResponse; errorDescription: string },
+  context?: {
+    appFetch?: GlobalFetch["fetch"];
+  }
+) => Promise<AuthorizationResponse>;
+/**
+ * Sends the authorization error response to the Relying Party (RP) using the specified `response_mode`.
+ * This function completes the presentation flow in an OpenID 4 Verifiable Presentations scenario.
+ *
+ * @param requestObject - The request details, including presentation requirements.
+ * @param error - The response error value, with description
+ * @param context - Contains optional custom fetch implementation.
+ * @returns Parsed and validated authorization response from the Relying Party.
+ */
+export const sendAuthorizationErrorResponse: SendAuthorizationErrorResponse =
+  async (
+    requestObject,
+    { error, errorDescription },
+    { appFetch = fetch } = {}
+  ): Promise<AuthorizationResponse> => {
+    const requestBody = await buildDirectPostBody(requestObject, {
+      error,
+      error_description: errorDescription,
+    });
+    return await appFetch(requestObject.response_uri, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+      },
+      body: requestBody,
+    })
+      .then(hasStatusOrThrow(200, RelyingPartyResponseError))
+      .then((res) => res.json())
+      .then(AuthorizationResponse.parse);
+  };
+/**
+ * Handle the the presentation error by mapping it to a custom exception.
+ * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
+ * @param e - The error to be handled
+ * @throws {RelyingPartyResponseError} with a specific code for more context
+ */
+const handleAuthorizationResponseError = (e: unknown) => {
+  if (!(e instanceof UnexpectedStatusCodeError)) {
+    throw e;
+  }
+  throw new ResponseErrorBuilder(RelyingPartyResponseError)
+    .handle(400, {
+      code: RelyingPartyResponseErrorCodes.InvalidAuthorizationResponse,
+      message:
+        "The Authorization Response contains invalid parameters or it is malformed",
+    })
+    .handle(403, {
+      code: RelyingPartyResponseErrorCodes.InvalidAuthorizationResponse,
+      message: "The Authorization Response was forbidden",
+    })
+    .handle("*", {
+      code: RelyingPartyResponseErrorCodes.RelyingPartyGenericError,
+      message: "Unable to successfully send the Authorization Response",
+    })
+    .buildFrom(e);
 };

package/src/credential/presentation/README.md CHANGED Viewed

@@ -15,12 +15,30 @@ sequenceDiagram
   O->>+I: QR-CODE: Authorization Request (`request_uri`)
   I->>+O: GET: Verifier's Entity Configuration
   O->>+I: Respond with metadata (including public keys)
-  I->>+O: GET: Request Object, resolved from the `request_uri`
+  I->>+O: GET: Request Object, resolved from `request_uri`
   O->>+I: Respond with the Request Object
-  I->>+O: POST: VP token encrypted response
-  O->>+I: Redirect: Authorization Response
+  I->>+I: Validate Request Object and give consent
+  I->>+O: POST: Authorization Response with encrypted VP token
+  O->>+I: Respond with optional `redirect_uri`
 ```
+## Mapped results
+| Error                       | Description|
+| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `InvalidRequestObject`      | The Request Object is not valid, for instance it is malformed or its signature cannot be verified.                                                     |
+| `DcqlError`                 | The DCQL query cannot be evaluated because it contains errors.                                                                                         |
+| `CredentialsNotFoundError`  | The presentation cannot be completed because the Wallet does not contain all requested credentials. The missing credentials can be found in `details`. |
+| `RelyingPartyResponseError` | Error in the Relying Party's response. See the next table for more details.                                                                            |
+#### RelyingPartyResponseError
+The following HTTP errors are mapped to a `RelyingPartyResponseError` with specific codes.
+| HTTP Status  | Error Code                              | Description                                                                                                  |
+| ------------ | --------------------------------------- | ------------------------------------------------------------------------------------------------------------ |
+| `400`, `403` | `ERR_RP_INVALID_AUTHORIZATION_RESPONSE` | The Relying Party rejected the Authorization Response sent by the Wallet because it was deemed invalid.      |
+| `*`          | `ERR_RP_GENERIC_ERROR`                  | This is a generic error code to map unexpected errors that occurred when interacting with the Relying Party. |
 ## Examples
@@ -35,23 +53,23 @@ const qrCodeParams = decodeQrCode(qrCode)
 // Start the issuance flow
 const {
-  requestUri,
-  clientId,
-  requestUriMethod,
+  request_uri,
+  client_id,
+  request_uri_method,
   state
 } = Credential.Presentation.startFlowFromQR(qrCodeParams);
 // Get the Relying Party's Entity Configuration and evaluate trust
-const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(clientId);
+const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(client_id);
 // Get the Request Object from the RP
 const { requestObjectEncodedJwt } =
-  await Credential.Presentation.getRequestObject(requestUri);
+  await Credential.Presentation.getRequestObject(request_uri);
 // Validate the Request Object
 const { requestObject } = await Credential.Presentation.verifyRequestObject(
   requestObjectEncodedJwt,
-  { clientId, rpConf }
+  { clientId: client_id, rpConf }
 );
 // All the credentials that might be requested by the Relying Party

package/src/credential/presentation/errors.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { IoWalletError, serializeAttrs } from "../../utils/errors";
+export { DcqlError } from "dcql";
 /**
  * An error subclass thrown when auth request decode fail
@@ -57,18 +58,17 @@ export class InvalidQRCodeError extends IoWalletError {
 }
 /**
- * When the entity is unverified because the Relying Party is not trusted.
- *
+ * When the Request Object sent by the Relying Party is not valid
  */
-export class UnverifiedEntityError extends IoWalletError {
-  code = "ERR_UNVERIFIED_RP_ENTITY";
+export class InvalidRequestObjectError extends IoWalletError {
+  code = "ERR_INVALID_REQUEST_OBJECT";
-  /**
-   * @param reason A description of why the entity cannot be verified.
-   */
-  constructor(reason: string) {
-    const message = `Unverified entity: ${reason}.`;
+  /** Detailed reason for the Request Object validation failure. */
+  reason: string;
+  constructor(message: string, reason = "unspecified") {
     super(message);
+    this.reason = reason;
   }
 }
@@ -88,18 +88,25 @@ export class MissingDataError extends IoWalletError {
   }
 }
+export type NotFoundDetail = {
+  id: string;
+  reason?: string;
+  vctValues?: string[];
+};
 /**
- * When a credential is not found in the wallet.
- *
+ * Error thrown when one or more credentials cannot be found in the wallet
+ * and the presentation request cannot be satisfied.
  */
-export class CredentialNotFoundError extends IoWalletError {
-  code = "ERR_CREDENTIAL_NOT_FOUND";
+export class CredentialsNotFoundError extends IoWalletError {
+  code = "ERR_CREDENTIALS_NOT_FOUND";
+  details: NotFoundDetail[];
   /**
-   * @param credentialId The ID of the credential that was not found.
+   * @param details The details of the credentials that could not be found.
    */
-  constructor(credentialId: string) {
-    const message = `Credential not found: ${credentialId}.`;
-    super(message);
+  constructor(details: NotFoundDetail[]) {
+    super("One or more credentials cannot be found in the wallet");
+    this.details = details;
   }
 }

package/src/credential/presentation/index.ts CHANGED Viewed

@@ -33,6 +33,8 @@ import {
   type SendAuthorizationResponse,
   sendLegacyAuthorizationResponse,
   type SendLegacyAuthorizationResponse,
+  sendAuthorizationErrorResponse,
+  type SendAuthorizationErrorResponse,
 } from "./08-send-authorization-response";
 import * as Errors from "./errors";
@@ -49,6 +51,7 @@ export {
   prepareRemotePresentations,
   sendAuthorizationResponse,
   sendLegacyAuthorizationResponse,
+  sendAuthorizationErrorResponse,
   Errors,
 };
 export type {
@@ -64,4 +67,5 @@ export type {
   PrepareRemotePresentations,
   SendAuthorizationResponse,
   SendLegacyAuthorizationResponse,
+  SendAuthorizationErrorResponse,
 };

package/src/credential/presentation/types.ts CHANGED Viewed

@@ -133,26 +133,38 @@ export const RequestObjectWalletCapabilities = z.object({
 });
 /**
- * Authorization Response payload when using `presentation_definition`.
- * @deprecated Use `DirectAuthorizationBodyPayload`
+ * This type models the possible error responses the OpenID4VP protocol allows for a presentation of a credential.
+ * When the Wallet encounters one of these errors, it will notify the Relying Party through the `response_uri` endpoint.
+ * See https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/pid-eaa-presentation.html#authorization-response-errors for more information.
  */
-export type LegacyDirectAuthorizationBodyPayload = z.infer<
-  typeof LegacyDirectAuthorizationBodyPayload
->;
+export type ErrorResponse = z.infer<typeof ErrorResponse>;
+export const ErrorResponse = z.enum([
+  "invalid_request_object",
+  "invalid_request_uri",
+  "vp_formats_not_supported",
+  "invalid_request",
+  "access_denied",
+  "invalid_client",
+]);
 /**
  * @deprecated Use `DirectAuthorizationBodyPayload`
  */
-export const LegacyDirectAuthorizationBodyPayload = z.object({
+const LegacyDirectAuthorizationBodyPayload = z.object({
   vp_token: z.union([z.string(), z.array(z.string())]).optional(),
   presentation_submission: z.record(z.string(), z.unknown()),
 });
 /**
- * Authorization Response payload when using DCQL queries.
+ * Authorization Response payload sent to the Relying Party.
  */
 export type DirectAuthorizationBodyPayload = z.infer<
   typeof DirectAuthorizationBodyPayload
 >;
-export const DirectAuthorizationBodyPayload = z.object({
-  vp_token: z.record(z.string(), z.string()),
-});
+export const DirectAuthorizationBodyPayload = z.union([
+  z.object({
+    vp_token: z.record(z.string(), z.string()),
+  }),
+  z.object({ error: ErrorResponse, error_description: z.string() }),
+  LegacyDirectAuthorizationBodyPayload,
+]);

package/src/credential/status/02-status-attestation.ts CHANGED Viewed

@@ -13,6 +13,7 @@ import {
   ResponseErrorBuilder,
   UnexpectedStatusCodeError,
 } from "../../utils/errors";
+import { LogLevel, Logger } from "../../utils/logging";
 export type StatusAttestation = (
   issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
@@ -63,6 +64,8 @@ export const statusAttestation: StatusAttestation = async (
     credential_pop: credentialPop,
   };
+  Logger.log(LogLevel.DEBUG, `Credential pop: ${credentialPop}`);
   const result = await appFetch(statusAttUrl, {
     method: "POST",
     headers: {

package/src/credential/status/03-verify-and-parse-status-attestation.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { verify, type CryptoContext } from "@pagopa/io-react-native-jwt";
 import type { EvaluateIssuerTrust, StatusAttestation } from "../status";
 import { ParsedStatusAttestation } from "./types";
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
+import { LogLevel, Logger } from "../../utils/logging";
 export type VerifyAndParseStatusAttestation = (
   issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
@@ -43,9 +44,18 @@ export const verifyAndParseStatusAttestation: VerifyAndParseStatusAttestation =
         payload: decodedJwt.payload,
       });
+      Logger.log(
+        LogLevel.DEBUG,
+        `Parsed status attestation: ${JSON.stringify(parsedStatusAttestation)}`
+      );
       const holderBindingKey = await credentialCryptoContext.getPublicKey();
       const { cnf } = parsedStatusAttestation.payload;
       if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
+        Logger.log(
+          LogLevel.ERROR,
+          `Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`
+        );
         throw new IoWalletError(
           `Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`
         );

package/src/credential/trustmark/get-credential-trustmark.ts CHANGED Viewed

@@ -7,6 +7,7 @@ import {
 import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
 import { IoWalletError } from "../../utils/errors";
 import { obfuscateString } from "../../utils/string";
+import { LogLevel, Logger } from "../../utils/logging";
 export type GetCredentialTrustmarkJwt = (params: {
   /**
@@ -73,10 +74,19 @@ export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
     walletInstanceAttestation
   );
+  Logger.log(
+    LogLevel.DEBUG,
+    `Decoded wia ${JSON.stringify(decodedWia.payload)} with holder binding key ${JSON.stringify(holderBindingKey)}`
+  );
   /**
    * Check that the WIA is not expired
    */
   if (decodedWia.payload.exp * 1000 < Date.now()) {
+    Logger.log(
+      LogLevel.ERROR,
+      `Wallet Instance Attestation expired with exp: ${decodedWia.payload.exp}`
+    );
     throw new IoWalletError("Wallet Instance Attestation expired");
   }
@@ -87,11 +97,20 @@ export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
   const cryptoContextThumbprint = await thumbprint(holderBindingKey);
   if (wiaThumbprint !== cryptoContextThumbprint) {
+    Logger.log(
+      LogLevel.ERROR,
+      `Failed to verify holder binding for status attestation, expected thumbprint: ${cryptoContextThumbprint}, got: ${wiaThumbprint}`
+    );
     throw new IoWalletError(
       `Failed to verify holder binding for status attestation, expected thumbprint: ${cryptoContextThumbprint}, got: ${wiaThumbprint}`
     );
   }
+  Logger.log(
+    LogLevel.DEBUG,
+    `Wia thumbprint: ${wiaThumbprint} CryptoContext thumbprint: ${cryptoContextThumbprint}`
+  );
   /**
    * Generate Trustmark signed JWT
    */

package/src/index.ts CHANGED Viewed

@@ -11,6 +11,7 @@ import * as Errors from "./utils/errors";
 import * as WalletInstanceAttestation from "./wallet-instance-attestation";
 import * as Trust from "./trust";
 import * as WalletInstance from "./wallet-instance";
+import * as Logging from "./utils/logging";
 import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
 import { createCryptoContextFor } from "./utils/crypto";
 import type { IntegrityContext } from "./utils/integrity";
@@ -27,6 +28,7 @@ export {
   AuthorizationDetail,
   AuthorizationDetails,
   fixBase64EncodingOnKey,
+  Logging,
 };
 export type { IntegrityContext, AuthorizationContext };

package/src/utils/decoder.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import type { JWTDecodeResult } from "./jwk";
 import { ValidationFailed } from "./errors";
+import { LogLevel, Logger } from "./logging";
 /*
  * Decode a form_post.jwt and return the final JWT.
@@ -47,6 +48,10 @@ export const getJwtFromFormPost = async (
     }
   }
+  Logger.log(
+    LogLevel.ERROR,
+    `Unable to obtain JWT from form_post.jwt. Form data: ${formData}`
+  );
   throw new ValidationFailed({
     message: `Unable to obtain JWT from form_post.jwt. Form data: ${formData}`,
   });

package/src/utils/error-codes.ts CHANGED Viewed

@@ -43,8 +43,19 @@ export const WalletProviderResponseErrorCodes = {
   WalletInstanceNotFound: "ERR_IO_WALLET_INSTANCE_NOT_FOUND",
 } as const;
+export const RelyingPartyResponseErrorCodes = {
+  RelyingPartyGenericError: "ERR_RP_GENERIC_ERROR",
+  /**
+   * An error code thrown then the Relying Party rejects the Wallet's Authorization Response.
+   */
+  InvalidAuthorizationResponse: "ERR_RP_INVALID_AUTHORIZATION_RESPONSE",
+} as const;
 export type IssuerResponseErrorCode =
   (typeof IssuerResponseErrorCodes)[keyof typeof IssuerResponseErrorCodes];
 export type WalletProviderResponseErrorCode =
   (typeof WalletProviderResponseErrorCodes)[keyof typeof WalletProviderResponseErrorCodes];
+export type RelyingPartyResponseErrorCode =
+  (typeof RelyingPartyResponseErrorCodes)[keyof typeof RelyingPartyResponseErrorCodes];

package/src/utils/errors.ts CHANGED Viewed

@@ -3,11 +3,17 @@ import type { CredentialIssuerEntityConfiguration } from "../trust";
 import {
   IssuerResponseErrorCodes,
   WalletProviderResponseErrorCodes,
+  RelyingPartyResponseErrorCodes,
   type IssuerResponseErrorCode,
   type WalletProviderResponseErrorCode,
+  type RelyingPartyResponseErrorCode,
 } from "./error-codes";
-export { IssuerResponseErrorCodes, WalletProviderResponseErrorCodes };
+export {
+  IssuerResponseErrorCodes,
+  WalletProviderResponseErrorCodes,
+  RelyingPartyResponseErrorCodes,
+};
 // An error reason that supports both a string and a generic JSON object
 type GenericErrorReason = string | Record<string, unknown>;
@@ -110,8 +116,6 @@ export class UnexpectedStatusCodeError extends IoWalletError {
 /**
  * An error subclass thrown when an Issuer HTTP request fails.
  * The specific error can be found in the `code` property.
- *
- * The class is generic over the error code to narrow down the reason.
  */
 export class IssuerResponseError extends UnexpectedStatusCodeError {
   code: IssuerResponseErrorCode;
@@ -149,6 +153,25 @@ export class WalletProviderResponseError extends UnexpectedStatusCodeError {
   }
 }
+/**
+ * An error subclass thrown when a Relying Party HTTP request fails.
+ * The specific error can be found in the `code` property.
+ */
+export class RelyingPartyResponseError extends UnexpectedStatusCodeError {
+  code: RelyingPartyResponseErrorCode;
+  constructor(params: {
+    code?: RelyingPartyResponseErrorCode;
+    message: string;
+    reason: GenericErrorReason;
+    statusCode: number;
+  }) {
+    super(params);
+    this.code =
+      params.code ?? RelyingPartyResponseErrorCodes.RelyingPartyGenericError;
+  }
+}
 type LocalizedIssuanceError = {
   [locale: string]: {
     title: string;
@@ -200,36 +223,43 @@ export function extractErrorMessageFromIssuerConf(
 }
 /**
- * Type guard for issuer errors.
- * @param error The error to check
- * @param code Optional code to narrow down the issuer error
+ * Factory function to create a type guard for specific error classes.
+ *
+ * @param errorClass The error class to create the type guard for
+ * @returns A type guard that checks if the error is an instance of the given class and has the expected code
  */
-export const isIssuerResponseError = (
-  error: unknown,
-  code?: IssuerResponseErrorCode
-): error is IssuerResponseError =>
-  error instanceof IssuerResponseError && error.code === (code ?? error.code);
+const makeErrorTypeGuard =
+  <T extends typeof UnexpectedStatusCodeError>(ErrorClass: T) =>
+  (error: unknown, code?: ExtractErrorCode<T>): error is InstanceType<T> =>
+    error instanceof ErrorClass && error.code === (code ?? error.code);
+export const isIssuerResponseError = makeErrorTypeGuard(IssuerResponseError);
+export const isWalletProviderResponseError = makeErrorTypeGuard(
+  WalletProviderResponseError
+);
+export const isRelyingPartyResponseError = makeErrorTypeGuard(
+  RelyingPartyResponseError
+);
+// Mapping type between error classes and their allowed codes
+type ErrorCodeMap =
+  | {
+      type: typeof IssuerResponseError;
+      code: IssuerResponseErrorCode;
+    }
+  | {
+      type: typeof WalletProviderResponseError;
+      code: WalletProviderResponseErrorCode;
+    }
+  | {
+      type: typeof RelyingPartyResponseError;
+      code: RelyingPartyResponseErrorCode;
+    };
-/**
- * Type guard for wallet provider errors.
- * @param error The error to check
- * @param code Optional code to narrow down the wallet provider error
- */
-export const isWalletProviderResponseError = (
-  error: unknown,
-  code?: WalletProviderResponseErrorCode
-): error is WalletProviderResponseError =>
-  error instanceof WalletProviderResponseError &&
-  error.code === (code ?? error.code);
-type ErrorCodeMap<T> = T extends typeof IssuerResponseError
-  ? IssuerResponseErrorCode
-  : T extends typeof WalletProviderResponseError
-    ? WalletProviderResponseErrorCode
-    : never;
+type ExtractErrorCode<T> = Extract<ErrorCodeMap, { type: T }>["code"];
 type ErrorCase<T> = {
-  code: ErrorCodeMap<T>;
+  code: ExtractErrorCode<T>;
   message: string;
   reason?: GenericErrorReason;
 };