@pagopa/io-react-native-wallet 0.9.2 → 0.10.2

package/lib/commonjs/credential/issuance/06-obtain-credential.js

@@ -7,11 +7,9 @@ exports.obtainCredential = exports.createNonceProof = void 0;
 var z = _interopRequireWildcard(require("zod"));
 var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
 var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _sdJwt = require("../../sd-jwt");
 var _dpop = require("../../utils/dpop");
 var _misc = require("../../utils/misc");
-var _types = require("../../sd-jwt/types");
-var _errors = require("../../utils/errors");
+var _const = require("./const");
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
@@ -26,36 +24,10 @@ const createNonceProof = async (nonce, issuer, audience, ctx) => {
     type: "openid4vci-proof+jwt"
   }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
 };
-
-/**
- * Given a credential, verify it's in the supported format
- * and the credential is correctly signed
- * and it's bound to the given key
- *
- * @param rawCredential The received credential
- * @param issuerKeys The set of public keys of the issuer,
- * which will be used to verify the signature
- * @param holderBindingContext The access to the holder's key
- *
- * @throws If the signature verification fails
- * @throws If the credential is not in the SdJwt4VC format
- * @throws If the holder binding is not properly configured
- *
- */
 exports.createNonceProof = createNonceProof;
-async function verifyCredential(rawCredential, issuerKeys, holderBindingContext) {
-  const [{
-    sdJwt
-  }, holderBindingKey] =
-  // parallel for optimization
-  await Promise.all([(0, _sdJwt.verify)(rawCredential, issuerKeys, _types.SdJwt4VC), holderBindingContext.getPublicKey()]);
-  if (!sdJwt.payload.cnf.jwk.kid || sdJwt.payload.cnf.jwk.kid !== holderBindingKey.kid) {
-    throw new _errors.IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${sdJwt.payload.cnf.jwk.kid}`);
-  }
-}
 const CredentialEndpointResponse = z.object({
   credential: z.string(),
-  format: z.literal("vc+sd-jwt")
+  format: _const.SupportedCredentialFormat
 });
 /**
  * Fetch a credential from the issuer
@@ -115,10 +87,6 @@ const obtainCredential = async (issuerConf, accessToken, nonce, clientId, creden
     },
     body: formBody.toString()
   }).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(CredentialEndpointResponse.parse);
-
-  /** validate the received credential signature
-      is correct and refers to the public keys of the issuer */
-  await verifyCredential(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
   return {
     credential,
     format

package/lib/commonjs/credential/issuance/06-obtain-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_sdJwt","_dpop","_misc","_types","_errors","obj","__esModule","default","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createNonceProof","nonce","issuer","audience","ctx","SignJWT","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","verifyCredential","rawCredential","issuerKeys","holderBindingContext","sdJwt","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","payload","cnf","kid","IoWalletError","CredentialEndpointResponse","object","credential","string","format","literal","obtainCredential","issuerConf","accessToken","clientId","credentialType","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","credentialUrl","openid_credential_issuer","credential_endpoint","signedDPopForPid","createDPopToken","htm","htu","jti","uuid","v4","signedNonceProof","formBody","URLSearchParams","credential_definition","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","hasStatus","res","json","parse","jwks","keys"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAGA,IAAAM,KAAA,GAAAN,OAAA;AAGA,IAAAO,MAAA,GAAAP,OAAA;AACA,IAAAQ,OAAA,GAAAR,OAAA;AAAmD,SAAAE,uBAAAO,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAd,wBAAAU,GAAA,EAAAI,WAAA,SAAAA,WAAA,IAAAJ,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAQ,KAAA,GAAAL,wBAAA,CAAAC,WAAA,OAAAI,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAT,GAAA,YAAAQ,KAAA,CAAAE,GAAA,CAAAV,GAAA,SAAAW,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAhB,GAAA,QAAAgB,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAnB,GAAA,EAAAgB,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAf,GAAA,EAAAgB,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAhB,GAAA,CAAAgB,GAAA,SAAAL,MAAA,CAAAT,OAAA,GAAAF,GAAA,MAAAQ,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAArB,GAAA,EAAAW,MAAA,YAAAA,MAAA;AAGnD;AACA;AACA;AACO,MAAMW,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIC,yBAAO,CAACD,GAAG,CAAC,CACpBE,UAAU,CAAC;IACVL,KAAK;IACLM,GAAG,EAAE,MAAMH,GAAG,CAACI,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAdAC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAeA,eAAeiB,gBAAgBA,CAC7BC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACpB;EACf,MAAM,CAAC;IAAEC;EAAM,CAAC,EAAEC,gBAAgB,CAAC;EACjC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACZ,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,IACE,CAACa,KAAK,CAACM,OAAO,CAACC,GAAG,CAACrB,GAAG,CAACsB,GAAG,IAC1BR,KAAK,CAACM,OAAO,CAACC,GAAG,CAACrB,GAAG,CAACsB,GAAG,KAAKP,gBAAgB,CAACO,GAAG,EAClD;IACA,MAAM,IAAIC,qBAAa,CACpB,kDAAiDR,gBAAgB,CAACO,GAAI,UAASR,KAAK,CAACM,OAAO,CAACC,GAAG,CAACrB,GAAG,CAACsB,GAAI,EAC5G,CAAC;EACH;AACF;AAEA,MAAME,0BAA0B,GAAGhE,CAAC,CAACiE,MAAM,CAAC;EAC1CC,UAAU,EAAElE,CAAC,CAACmE,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEpE,CAAC,CAACqE,OAAO,CAAC,WAAW;AAC/B,CAAC,CAAC;AAeF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXtC,KAAK,EACLuC,QAAQ,EACRC,cAAc,EACdC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,qBAAe,EAC5C;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEN,aAAa;IAClBO,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDb,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMc,gBAAgB,GAAG,MAAMzD,gBAAgB,CAC7CC,KAAK,EACLuC,QAAQ,EACRI,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMe,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;MACpCpD,IAAI,EAAE,CAAC+B,cAAc;IACvB,CAAC,CAAC;IACFN,MAAM,EAAE,WAAW;IACnB4B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEP,gBAAgB;MACrBQ,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAEhC,UAAU;IAAEE;EAAO,CAAC,GAAG,MAAMU,QAAQ,CAACE,aAAa,EAAE;IAC3DmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAElB,gBAAgB;MACtBmB,aAAa,EAAE9B;IACjB,CAAC;IACD+B,IAAI,EAAEZ,QAAQ,CAACa,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,eAAS,EAAC,GAAG,CAAC,CAAC,CACpBD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACzC,0BAA0B,CAAC6C,KAAK,CAAC;;EAEzC;AACF;EACE,MAAM3D,gBAAgB,CACpBgB,UAAU,EACVK,UAAU,CAACU,wBAAwB,CAAC6B,IAAI,CAACC,IAAI,EAC7CnC,uBACF,CAAC;EAED,OAAO;IAAEV,UAAU;IAAEE;EAAO,CAAC;AAC/B,CAAC;AAACnB,OAAA,CAAAqB,gBAAA,GAAAA,gBAAA"}
+{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_dpop","_misc","_const","obj","__esModule","default","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createNonceProof","nonce","issuer","audience","ctx","SignJWT","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","CredentialEndpointResponse","object","credential","string","format","SupportedCredentialFormat","obtainCredential","issuerConf","accessToken","clientId","credentialType","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","credentialUrl","openid_credential_issuer","credential_endpoint","signedDPopForPid","createDPopToken","htm","htu","jti","uuid","v4","signedNonceProof","formBody","URLSearchParams","credential_definition","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","hasStatus","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAGA,IAAAK,KAAA,GAAAL,OAAA;AAGA,IAAAM,MAAA,GAAAN,OAAA;AAAoD,SAAAE,uBAAAK,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAZ,wBAAAQ,GAAA,EAAAI,WAAA,SAAAA,WAAA,IAAAJ,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAQ,KAAA,GAAAL,wBAAA,CAAAC,WAAA,OAAAI,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAT,GAAA,YAAAQ,KAAA,CAAAE,GAAA,CAAAV,GAAA,SAAAW,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAhB,GAAA,QAAAgB,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAnB,GAAA,EAAAgB,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAf,GAAA,EAAAgB,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAhB,GAAA,CAAAgB,GAAA,SAAAL,MAAA,CAAAT,OAAA,GAAAF,GAAA,MAAAQ,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAArB,GAAA,EAAAW,MAAA,YAAAA,MAAA;AAEpD;AACA;AACA;AACO,MAAMW,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIC,yBAAO,CAACD,GAAG,CAAC,CACpBE,UAAU,CAAC;IACVL,KAAK;IACLM,GAAG,EAAE,MAAMH,GAAG,CAACI,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAEF,MAAMiB,0BAA0B,GAAGhD,CAAC,CAACiD,MAAM,CAAC;EAC1CC,UAAU,EAAElD,CAAC,CAACmD,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEC;AACV,CAAC,CAAC;AAeF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXxB,KAAK,EACLyB,QAAQ,EACRC,cAAc,EACdC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,qBAAe,EAC5C;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEN,aAAa;IAClBO,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDb,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMc,gBAAgB,GAAG,MAAM3C,gBAAgB,CAC7CC,KAAK,EACLyB,QAAQ,EACRI,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMe,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;MACpCtC,IAAI,EAAE,CAACiB,cAAc;IACvB,CAAC,CAAC;IACFN,MAAM,EAAE,WAAW;IACnB4B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEP,gBAAgB;MACrBQ,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAEhC,UAAU;IAAEE;EAAO,CAAC,GAAG,MAAMU,QAAQ,CAACE,aAAa,EAAE;IAC3DmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAElB,gBAAgB;MACtBmB,aAAa,EAAE9B;IACjB,CAAC;IACD+B,IAAI,EAAEZ,QAAQ,CAACa,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,eAAS,EAAC,GAAG,CAAC,CAAC,CACpBD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACzC,0BAA0B,CAAC6C,KAAK,CAAC;EAEzC,OAAO;IAAE3C,UAAU;IAAEE;EAAO,CAAC;AAC/B,CAAC;AAACL,OAAA,CAAAO,gBAAA,GAAAA,gBAAA"}

package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js

@@ -0,0 +1,169 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyAndParseCredential = void 0;
+var _errors = require("../../utils/errors");
+var _types = require("../../sd-jwt/types");
+var _sdJwt = require("../../sd-jwt");
+// The credential as a collection of attributes in plain value
+
+// handy alias
+
+const parseCredentialSdJwt = function (credentials_supported, _ref) {
+  var _credentials_supporte;
+  let {
+    sdJwt,
+    disclosures
+  } = _ref;
+  let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
+  // find the definition that matches the received credential's type
+  // warning: if more then a defintion is found, the first is retrieved
+  const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
+
+  // the received credential matches no supported credential, throw an exception
+  if (!credentialSubject) {
+    const expected = credentials_supported.flatMap(_ => _.credential_definition.type).join(", ");
+    throw new _errors.IoWalletError(`Received credential is of an unknwown type. Expected one of [${expected}], received '${sdJwt.payload.type}', `);
+  }
+
+  // transfrom a record { key: value } in an iterable of pairs [key, value]
+  const attrDefinitions = Object.entries(credentialSubject);
+
+  // every mandatory attribute must be present in the credential's disclosures
+  // the key of the attribute defintion must match the disclosure's name
+  const attrsNotInDisclosures = attrDefinitions.filter(_ref2 => {
+    let [attrKey, {
+      mandatory
+    }] = _ref2;
+    return mandatory && !disclosures.some(_ref3 => {
+      let [, name] = _ref3;
+      return name === attrKey;
+    });
+  });
+  if (attrsNotInDisclosures.length > 0) {
+    const missing = attrsNotInDisclosures.map(_ => _[0 /* key */]).join(", ");
+    const received = disclosures.map(_ => _[1 /* name */]).join(", ");
+    // the rationale of this condition is that we may want to be permissive
+    // on incomplete credentials in the test phase of the project.
+    // we might want to be strict once in production, hence remove this condition
+    if (!ignoreMissingAttributes) {
+      throw new _errors.IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
+    }
+  }
+
+  // attributes that are defined in the issuer configuration
+  // and are present in the disclosure set
+  const definedValues = attrDefinitions
+  // retrieve the value from the disclosure set
+  .map(_ref4 => {
+    var _disclosures$find;
+    let [attrKey, definition] = _ref4;
+    return [attrKey, {
+      ...definition,
+      value: (_disclosures$find = disclosures.find(_ => _[1 /* name */] === attrKey)) === null || _disclosures$find === void 0 ? void 0 : _disclosures$find[2 /* value */]
+    }];
+  })
+  // add a human readable attribute name, with i18n, in the form { locale: name }
+  // example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
+  .map(_ref5 => {
+    let [attrKey, {
+      display,
+      ...definition
+    }] = _ref5;
+    return [attrKey, {
+      ...definition,
+      name: display.reduce((names, _ref6) => {
+        let {
+          locale,
+          name
+        } = _ref6;
+        return {
+          ...names,
+          [locale]: name
+        };
+      }, {})
+    }];
+  });
+
+  // attributes that are in the disclosure set
+  // but are not defined in the issuer configuration
+  const undefinedValues = disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
+    let [, key, value] = _ref7;
+    return [key, {
+      value,
+      mandatory: false,
+      name: key
+    }];
+  });
+  return {
+    ...Object.fromEntries(definedValues),
+    ...Object.fromEntries(undefinedValues)
+  };
+};
+
+/**
+ * Given a credential, verify it's in the supported format
+ * and the credential is correctly signed
+ * and it's bound to the given key
+ *
+ * @param rawCredential The received credential
+ * @param issuerKeys The set of public keys of the issuer,
+ * which will be used to verify the signature
+ * @param holderBindingContext The access to the holder's key
+ *
+ * @throws If the signature verification fails
+ * @throws If the credential is not in the SdJwt4VC format
+ * @throws If the holder binding is not properly configured
+ *
+ */
+async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingContext) {
+  const [decodedCredential, holderBindingKey] =
+  // parallel for optimization
+  await Promise.all([(0, _sdJwt.verify)(rawCredential, issuerKeys, _types.SdJwt4VC), holderBindingContext.getPublicKey()]);
+  const {
+    cnf
+  } = decodedCredential.sdJwt.payload;
+  if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
+    throw new _errors.IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
+  }
+  return decodedCredential;
+}
+
+// utility type that specialize VerifyAndParseCredential for given format
+
+const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) => {
+  let {
+    credentialCryptoContext,
+    ignoreMissingAttributes
+  } = _ref8;
+  const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
+  const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credentials_supported, decoded, ignoreMissingAttributes);
+  return {
+    parsedCredential
+  };
+};
+
+/**
+ * Verify and parse an encoded credential
+ *
+ * @param issuerConf The Issuer configuration
+ * @param credential The encoded credential
+ * @param format The format of the credentual
+ * @param context.credentialCryptoContext The context to access the key the Credential will be bound to
+ * @param context.ignoreMissingAttributes (optional) Whether to fail if a defined attribute is note present in the credentual. Default: false
+ * @returns A parsed credential with attributes in plain value
+ * @throws If the credential signature is not verified with the Issuer key set
+ * @throws If the credential is not bound to the provided user key
+ * @throws If the credential data fail to parse
+ */
+const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
+  if (format === "vc+sd-jwt") {
+    return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
+  }
+  const _ = format;
+  throw new _errors.IoWalletError(`Unsupported credential format: ${_}`);
+};
+exports.verifyAndParseCredential = verifyAndParseCredential;
+//# sourceMappingURL=07-verify-and-parse-credential.js.map

package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_errors","require","_types","_sdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","credential_definition","type","includes","payload","expected","flatMap","_","join","IoWalletError","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","fromEntries","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","verifyAndParseCredential","format","context","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAcA;;AAmBA;;AAKA,MAAMG,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAkH,EAAAC,IAAA,EAG7F;EAAA,IAAAC,qBAAA;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAH,IAAA;EAAA,IAC9CI,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC;EACA;EACA,MAAMG,iBAAiB,IAAAP,qBAAA,GAAGF,qBAAqB,CAACU,IAAI,CAAEC,CAAC,IACrDA,CAAC,CAACC,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACX,KAAK,CAACY,OAAO,CAACF,IAAI,CAC1D,CAAC,cAAAX,qBAAA,uBAFyBA,qBAAA,CAEvBU,qBAAqB,CAACH,iBAAiB;;EAE1C;EACA,IAAI,CAACA,iBAAiB,EAAE;IACtB,MAAMO,QAAQ,GAAGhB,qBAAqB,CACnCiB,OAAO,CAAEC,CAAC,IAAKA,CAAC,CAACN,qBAAqB,CAACC,IAAI,CAAC,CAC5CM,IAAI,CAAC,IAAI,CAAC;IACb,MAAM,IAAIC,qBAAa,CACpB,gEAA+DJ,QAAS,gBAAeb,KAAK,CAACY,OAAO,CAACF,IAAK,KAC7G,CAAC;EACH;;EAEA;EACA,MAAMQ,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACd,iBAAiB,CAAC;;EAEzD;EACA;EACA,MAAMe,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC;IAAU,CAAC,CAAC,GAAAF,KAAA;IAAA,OACvBE,SAAS,IAAI,CAACxB,WAAW,CAACyB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACjB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMyB,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMe,QAAQ,GAAG9B,WAAW,CAAC6B,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE;IACA;IACA;IACA,IAAI,CAACd,uBAAuB,EAAE;MAC5B,MAAM,IAAIe,qBAAa,CACpB,4DAA2DY,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd;EACpB;EAAA,CACCY,GAAG,CACFG,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACV,OAAO,EAAEW,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACET,OAAO,EACP;MACE,GAAGW,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEjC,WAAW,CAACM,IAAI,CACpBQ,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKS,OAC7B,CAAC,cAAAU,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCJ,GAAG,CACFO,KAAA;IAAA,IAAC,CAACb,OAAO,EAAE;MAAEc,OAAO;MAAE,GAAGH;IAAW,CAAC,CAAC,GAAAE,KAAA;IAAA,OACpC,CACEb,OAAO,EACP;MACE,GAAGW,UAAU;MACbP,IAAI,EAAEU,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEd;QAAK,CAAC,GAAAa,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGd;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CAAC;;EAEH;EACA;EACA,MAAMe,eAAe,GAAG1C,WAAW,CAChCqB,MAAM,CAAEP,CAAC,IAAK,CAACI,MAAM,CAACyB,IAAI,CAACZ,aAAa,CAAC,CAACrB,QAAQ,CAACI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDe,GAAG,CAACe,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEV,KAAK,CAAC,GAAAS,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEV,KAAK;MAAEX,SAAS,EAAE,KAAK;MAAEG,IAAI,EAAEkB;IAAI,CAAC,CAAC;EAAA,EAAC;EAEzE,OAAO;IACL,GAAG3B,MAAM,CAAC4B,WAAW,CAACf,aAAa,CAAC;IACpC,GAAGb,MAAM,CAAC4B,WAAW,CAACJ,eAAe;EACvC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeK,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACO,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGP,iBAAiB,CAACpD,KAAK,CAACY,OAAO;EAE/C,IAAI,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKR,gBAAgB,CAACQ,GAAG,EAAE;IACxD,MAAM,IAAI5C,qBAAa,CACpB,kDAAiDoC,gBAAgB,CAACQ,GAAI,UAAST,iBAAiB,CAACpD,KAAK,CAACY,OAAO,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOT,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMU,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVjD,CAAC,EAAAkD,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAEhE;EAAwB,CAAC,GAAA+D,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMnB,qBAAqB,CACzCgB,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACzB,IAAI,EAC7CsB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAG1E,oBAAoB,CAC3CmE,UAAU,CAACK,wBAAwB,CAACvE,qBAAqB,EACzDsE,OAAO,EACPjE,uBACF,CAAC;EAED,OAAO;IAAEoE;EAAiB,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,wBAAkD,GAAG,MAAAA,CAChER,UAAU,EACVC,UAAU,EACVQ,MAAM,EACNC,OAAO,KACJ;EACH,IAAID,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOV,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVQ,MAAM,EACNC,OACF,CAAC;EACH;EAEA,MAAM1D,CAAQ,GAAGyD,MAAM;EACvB,MAAM,IAAIvD,qBAAa,CAAE,kCAAiCF,CAAE,EAAC,CAAC;AAChE,CAAC;AAAC2D,OAAA,CAAAH,wBAAA,GAAAA,wBAAA"}

package/lib/commonjs/credential/issuance/08-confirm-credential.js

@@ -0,0 +1,6 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+//# sourceMappingURL=08-confirm-credential.js.map

package/lib/commonjs/credential/issuance/08-confirm-credential.js.map

@@ -0,0 +1 @@
+{"version":3,"names":[],"sourceRoot":"../../../../src","sources":["credential/issuance/08-confirm-credential.ts"],"mappings":""}

package/lib/commonjs/credential/issuance/const.js

@@ -3,7 +3,12 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.ASSERTION_TYPE = void 0;
+exports.SupportedCredentialFormat = exports.ASSERTION_TYPE = void 0;
+var z = _interopRequireWildcard(require("zod"));
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
 exports.ASSERTION_TYPE = ASSERTION_TYPE;
+const SupportedCredentialFormat = z.literal("vc+sd-jwt");
+exports.SupportedCredentialFormat = SupportedCredentialFormat;
 //# sourceMappingURL=const.js.map

package/lib/commonjs/credential/issuance/const.js.map

@@ -1 +1 @@
-{"version":3,"names":["ASSERTION_TYPE","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;AAAO,MAAMA,cAAc,GACzB,oEAAoE;AAACC,OAAA,CAAAD,cAAA,GAAAA,cAAA"}
+{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","ASSERTION_TYPE","exports","SupportedCredentialFormat","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAClB,MAAMW,cAAc,GACzB,oEAAoE;AAACC,OAAA,CAAAD,cAAA,GAAAA,cAAA;AAKhE,MAAME,yBAAyB,GAAG3B,CAAC,CAAC4B,OAAO,CAAC,WAAW,CAAC;AAACF,OAAA,CAAAC,yBAAA,GAAAA,yBAAA"}

package/lib/commonjs/credential/issuance/index.js

@@ -27,8 +27,15 @@ Object.defineProperty(exports, "startUserAuthorization", {
     return _startUserAuthorization.startUserAuthorization;
   }
 });
+Object.defineProperty(exports, "verifyAndParseCredential", {
+  enumerable: true,
+  get: function () {
+    return _verifyAndParseCredential.verifyAndParseCredential;
+  }
+});
 var _evaluateIssuerTrust = require("./02-evaluate-issuer-trust");
 var _startUserAuthorization = require("./03-start-user-authorization");
 var _authorizeAccess = require("./05-authorize-access");
 var _obtainCredential = require("./06-obtain-credential");
+var _verifyAndParseCredential = require("./07-verify-and-parse-credential");
 //# sourceMappingURL=index.js.map

package/lib/commonjs/credential/issuance/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_authorizeAccess","_obtainCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,oBAAA,GAAAC,OAAA;AAIA,IAAAC,uBAAA,GAAAD,OAAA;AAKA,IAAAE,gBAAA,GAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA"}
+{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_authorizeAccess","_obtainCredential","_verifyAndParseCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,oBAAA,GAAAC,OAAA;AAIA,IAAAC,uBAAA,GAAAD,OAAA;AAKA,IAAAE,gBAAA,GAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AAIA,IAAAI,yBAAA,GAAAJ,OAAA"}

package/lib/commonjs/index.js

@@ -15,7 +15,7 @@ Object.defineProperty(exports, "AuthorizationDetails", {
     return _par.AuthorizationDetails;
   }
 });
-exports.WalletInstanceAttestation = exports.Trust = exports.PID = exports.Errors = exports.Credential = void 0;
+exports.WalletInstanceAttestation = exports.Trust = exports.SdJwt = exports.PID = exports.Errors = exports.Credential = void 0;
 Object.defineProperty(exports, "createCryptoContextFor", {
   enumerable: true,
   get: function () {
@@ -27,6 +27,8 @@ var Credential = _interopRequireWildcard(require("./credential"));
 exports.Credential = Credential;
 var PID = _interopRequireWildcard(require("./pid"));
 exports.PID = PID;
+var SdJwt = _interopRequireWildcard(require("./sd-jwt"));
+exports.SdJwt = SdJwt;
 var Errors = _interopRequireWildcard(require("./utils/errors"));
 exports.Errors = Errors;
 var WalletInstanceAttestation = _interopRequireWildcard(require("./wallet-instance-attestation"));

package/lib/commonjs/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["require","Credential","_interopRequireWildcard","exports","PID","Errors","WalletInstanceAttestation","Trust","_par","_crypto","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAEAA,OAAA;AAEA,IAAAC,UAAA,GAAAC,uBAAA,CAAAF,OAAA;AAA2CG,OAAA,CAAAF,UAAA,GAAAA,UAAA;AAC3C,IAAAG,GAAA,GAAAF,uBAAA,CAAAF,OAAA;AAA6BG,OAAA,CAAAC,GAAA,GAAAA,GAAA;AAC7B,IAAAC,MAAA,GAAAH,uBAAA,CAAAF,OAAA;AAAyCG,OAAA,CAAAE,MAAA,GAAAA,MAAA;AACzC,IAAAC,yBAAA,GAAAJ,uBAAA,CAAAF,OAAA;AAA2EG,OAAA,CAAAG,yBAAA,GAAAA,yBAAA;AAC3E,IAAAC,KAAA,GAAAL,uBAAA,CAAAF,OAAA;AAAiCG,OAAA,CAAAI,KAAA,GAAAA,KAAA;AACjC,IAAAC,IAAA,GAAAR,OAAA;AACA,IAAAS,OAAA,GAAAT,OAAA;AAAwD,SAAAU,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAT,wBAAAa,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
+{"version":3,"names":["require","Credential","_interopRequireWildcard","exports","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","_par","_crypto","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAEAA,OAAA;AAEA,IAAAC,UAAA,GAAAC,uBAAA,CAAAF,OAAA;AAA2CG,OAAA,CAAAF,UAAA,GAAAA,UAAA;AAC3C,IAAAG,GAAA,GAAAF,uBAAA,CAAAF,OAAA;AAA6BG,OAAA,CAAAC,GAAA,GAAAA,GAAA;AAC7B,IAAAC,KAAA,GAAAH,uBAAA,CAAAF,OAAA;AAAkCG,OAAA,CAAAE,KAAA,GAAAA,KAAA;AAClC,IAAAC,MAAA,GAAAJ,uBAAA,CAAAF,OAAA;AAAyCG,OAAA,CAAAG,MAAA,GAAAA,MAAA;AACzC,IAAAC,yBAAA,GAAAL,uBAAA,CAAAF,OAAA;AAA2EG,OAAA,CAAAI,yBAAA,GAAAA,yBAAA;AAC3E,IAAAC,KAAA,GAAAN,uBAAA,CAAAF,OAAA;AAAiCG,OAAA,CAAAK,KAAA,GAAAA,KAAA;AACjC,IAAAC,IAAA,GAAAT,OAAA;AACA,IAAAU,OAAA,GAAAV,OAAA;AAAwD,SAAAW,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAV,wBAAAc,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}

package/lib/commonjs/sd-jwt/__test__/index.test.js

@@ -1,9 +1,10 @@
 "use strict";
 
+var _zod = require("zod");
 var _index = require("../index");
 var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _types = require("../types");
-// Examples from https://www.ietf.org/id/draft-terbu-sd-jwt-vc-02.html#name-example-4
+// Examples from https://www.ietf.org/archive/id/draft-terbu-sd-jwt-vc-02.html#name-example-4
 // but adapted to adhere to format declared in https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/pid-eaa-data-model.html#id2
 // In short, the token is a Frankenstein composed as follows:
 //  - the header is taken from the italian specification, with kid and alg valued according to the signing keys
@@ -76,6 +77,37 @@ describe("decode", () => {
       }))
     });
   });
+  it("should decode with default decoder", () => {
+    const result = (0, _index.decode)(token);
+    expect(result).toEqual({
+      sdJwt,
+      disclosures: disclosures.map((decoded, i) => ({
+        decoded,
+        encoded: tokenizedDisclosures[i]
+      }))
+    });
+  });
+  it("should accept only decoders that extend SdJwt4VC", () => {
+    const validDecoder = _types.SdJwt4VC.and(_zod.z.object({
+      payload: _zod.z.object({
+        customField: _zod.z.string()
+      })
+    }));
+    const invalidDecoder = _zod.z.object({
+      payload: _zod.z.object({
+        customField: _zod.z.string()
+      })
+    });
+    try {
+      // ts is fine
+      (0, _index.decode)(token, validDecoder);
+      // @ts-expect-error break types
+      (0, _index.decode)(token, invalidDecoder);
+    } catch (error) {
+      // ignore actual result, just focus on types
+      // spot the error during type checking phase
+    }
+  });
 });
 describe("disclose", () => {
   it("should encode a valid sdjwt (one claim)", async () => {

package/lib/commonjs/sd-jwt/__test__/index.test.js.map

@@ -1 +1 @@
-{"version":3,"names":["_index","require","_ioReactNativeJwt","_types","token","unsigned","signature","signed","tokenizedDisclosures","sdJwt","header","typ","alg","kid","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","kty","use","n","e","type","verified_claims","verification","_sd","trust_framework","assurance_level","claims","_sd_alg","disclosures","street_address","locality","region","country","it","expect","JSON","parse","decodeBase64","encodeBase64","stringify","toEqual","join","toBe","describe","result","decode","SdJwt4VC","map","decoded","i","encoded","disclose","expected","paths","claim","path","fn","rejects","any","Error"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/index.test.ts"],"mappings":";;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAEA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMG,KAAK,GACT,kvEAAkvE;AAEpvE,MAAMC,QAAQ,GACZ,87CAA87C;AAEh8C,MAAMC,SAAS,GACb,wFAAwF;AAE1F,MAAMC,MAAM,GAAI,GAAEF,QAAS,IAAGC,SAAU,EAAC;AAEzC,MAAME,oBAAoB,GAAG,CAC3B,kEAAkE,EAClE,kEAAkE,EAClE,gFAAgF,EAChF,oFAAoF,EACpF,yEAAyE,EACzE,gEAAgE,EAChE,gEAAgE,EAChE,gEAAgE,EAChE,qLAAqL,CACtL;AAED,MAAMC,KAAK,GAAG;EACZC,MAAM,EAAE;IACNC,GAAG,EAAE,WAAW;IAChBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,kCAAkC;IACvCC,WAAW,EAAE,CACX,kCAAkC,EAClC,kCAAkC,EAClC,kCAAkC;EAEtC,CAAC;EACDC,OAAO,EAAE;IACPC,GAAG,EAAE,4BAA4B;IACjCC,GAAG,EAAE,sCAAsC;IAC3CC,GAAG,EAAE,+CAA+C;IACpDC,GAAG,EAAE,UAAU;IACfC,GAAG,EAAE,UAAU;IACfC,MAAM,EAAE,4BAA4B;IACpCC,GAAG,EAAE;MACHC,GAAG,EAAE;QACHC,GAAG,EAAE,KAAK;QACVC,GAAG,EAAE,KAAK;QACVC,CAAC,EAAE,QAAQ;QACXC,CAAC,EAAE,MAAM;QACTd,GAAG,EAAE;MACP;IACF,CAAC;IACDe,IAAI,EAAE,0BAA0B;IAChCC,eAAe,EAAE;MACfC,YAAY,EAAE;QACZC,GAAG,EAAE,CAAC,6CAA6C,CAAC;QACpDC,eAAe,EAAE,OAAO;QACxBC,eAAe,EAAE;MACnB,CAAC;MACDC,MAAM,EAAE;QACNH,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C;MAEjD;IACF,CAAC;IACDI,OAAO,EAAE;EACX;AACF,CAAC;;AAED;AACA,MAAMC,WAAW,GAAG,CAClB,CAAC,wBAAwB,EAAE,YAAY,EAAE,MAAM,CAAC,EAChD,CAAC,wBAAwB,EAAE,aAAa,EAAE,KAAK,CAAC,EAChD,CAAC,wBAAwB,EAAE,OAAO,EAAE,qBAAqB,CAAC,EAC1D,CAAC,wBAAwB,EAAE,cAAc,EAAE,iBAAiB,CAAC,EAC7D,CAAC,wBAAwB,EAAE,WAAW,EAAE,YAAY,CAAC,EACrD,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CACE,wBAAwB,EACxB,SAAS,EACT;EACEC,cAAc,EAAE,aAAa;EAC7BC,QAAQ,EAAE,SAAS;EACnBC,MAAM,EAAE,UAAU;EAClBC,OAAO,EAAE;AACX,CAAC,CACF,CACF;AACDC,EAAE,CAAC,kCAAkC,EAAE,MAAM;EAC3CC,MAAM,CACJC,IAAI,CAACC,KAAK,CAAC,IAAAC,8BAAY,EAAC,IAAAC,8BAAY,EAACH,IAAI,CAACI,SAAS,CAACtC,KAAK,CAACC,MAAM,CAAC,CAAC,CAAC,CACrE,CAAC,CAACsC,OAAO,CAACvC,KAAK,CAACC,MAAM,CAAC;EACvBgC,MAAM,CAAC,CAACnC,MAAM,EAAE,GAAGC,oBAAoB,CAAC,CAACyC,IAAI,CAAC,GAAG,CAAC,CAAC,CAACC,IAAI,CAAC9C,KAAK,CAAC;AACjE,CAAC,CAAC;AAEF+C,QAAQ,CAAC,QAAQ,EAAE,MAAM;EACvBV,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC,MAAMW,MAAM,GAAG,IAAAC,aAAM,EAACjD,KAAK,EAAEkD,eAAQ,CAAC;IACtCZ,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrBvC,KAAK;MACL2B,WAAW,EAAEA,WAAW,CAACmB,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAElD,oBAAoB,CAACiD,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFN,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBV,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMW,MAAM,GAAG,MAAM,IAAAO,eAAQ,EAACvD,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC;IACpD,MAAMwD,QAAQ,GAAG;MACfxD,KAAK,EAAG,GAAEG,MAAO,mEAAkE;MACnFsD,KAAK,EAAE,CAAC;QAAEC,KAAK,EAAE,YAAY;QAAEC,IAAI,EAAE;MAAgC,CAAC;IACxE,CAAC;IAEDrB,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACY,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEFnB,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMW,MAAM,GAAG,MAAM,IAAAO,eAAQ,EAACvD,KAAK,EAAE,EAAE,CAAC;IACxC,MAAMwD,QAAQ,GAAG;MAAExD,KAAK,EAAG,GAAEG,MAAO,EAAC;MAAEsD,KAAK,EAAE;IAAG,CAAC;IAElDnB,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACY,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEFnB,EAAE,CAAC,+CAA+C,EAAE,YAAY;IAC9D,MAAMW,MAAM,GAAG,MAAM,IAAAO,eAAQ,EAACvD,KAAK,EAAE,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC7D,MAAMwD,QAAQ,GAAG;MACfxD,KAAK,EAAG,GAAEG,MAAO,kJAAiJ;MAClKsD,KAAK,EAAE,CACL;QACEC,KAAK,EAAE,YAAY;QACnBC,IAAI,EAAE;MACR,CAAC,EACD;QACED,KAAK,EAAE,OAAO;QACdC,IAAI,EAAE;MACR,CAAC;IAEL,CAAC;IAEDrB,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACY,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEFnB,EAAE,CAAC,8BAA8B,EAAE,YAAY;IAC7C,MAAMuB,EAAE,GAAG,MAAAA,CAAA,KAAY,IAAAL,eAAQ,EAACvD,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC;IAEnD,MAAMsC,MAAM,CAACsB,EAAE,CAAC,CAAC,CAAC,CAACC,OAAO,CAACjB,OAAO,CAACN,MAAM,CAACwB,GAAG,CAACC,KAAK,CAAC,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC,CAAC"}
+{"version":3,"names":["_zod","require","_index","_ioReactNativeJwt","_types","token","unsigned","signature","signed","tokenizedDisclosures","sdJwt","header","typ","alg","kid","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","kty","use","n","e","type","verified_claims","verification","_sd","trust_framework","assurance_level","claims","_sd_alg","disclosures","street_address","locality","region","country","it","expect","JSON","parse","decodeBase64","encodeBase64","stringify","toEqual","join","toBe","describe","result","decode","SdJwt4VC","map","decoded","i","encoded","validDecoder","and","z","object","customField","string","invalidDecoder","error","disclose","expected","paths","claim","path","fn","rejects","any","Error"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/index.test.ts"],"mappings":";;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAEA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMI,KAAK,GACT,kvEAAkvE;AAEpvE,MAAMC,QAAQ,GACZ,87CAA87C;AAEh8C,MAAMC,SAAS,GACb,wFAAwF;AAE1F,MAAMC,MAAM,GAAI,GAAEF,QAAS,IAAGC,SAAU,EAAC;AAEzC,MAAME,oBAAoB,GAAG,CAC3B,kEAAkE,EAClE,kEAAkE,EAClE,gFAAgF,EAChF,oFAAoF,EACpF,yEAAyE,EACzE,gEAAgE,EAChE,gEAAgE,EAChE,gEAAgE,EAChE,qLAAqL,CACtL;AAED,MAAMC,KAAK,GAAG;EACZC,MAAM,EAAE;IACNC,GAAG,EAAE,WAAW;IAChBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,kCAAkC;IACvCC,WAAW,EAAE,CACX,kCAAkC,EAClC,kCAAkC,EAClC,kCAAkC;EAEtC,CAAC;EACDC,OAAO,EAAE;IACPC,GAAG,EAAE,4BAA4B;IACjCC,GAAG,EAAE,sCAAsC;IAC3CC,GAAG,EAAE,+CAA+C;IACpDC,GAAG,EAAE,UAAU;IACfC,GAAG,EAAE,UAAU;IACfC,MAAM,EAAE,4BAA4B;IACpCC,GAAG,EAAE;MACHC,GAAG,EAAE;QACHC,GAAG,EAAE,KAAK;QACVC,GAAG,EAAE,KAAK;QACVC,CAAC,EAAE,QAAQ;QACXC,CAAC,EAAE,MAAM;QACTd,GAAG,EAAE;MACP;IACF,CAAC;IACDe,IAAI,EAAE,0BAA0B;IAChCC,eAAe,EAAE;MACfC,YAAY,EAAE;QACZC,GAAG,EAAE,CAAC,6CAA6C,CAAC;QACpDC,eAAe,EAAE,OAAO;QACxBC,eAAe,EAAE;MACnB,CAAC;MACDC,MAAM,EAAE;QACNH,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C;MAEjD;IACF,CAAC;IACDI,OAAO,EAAE;EACX;AACF,CAAC;;AAED;AACA,MAAMC,WAAW,GAAG,CAClB,CAAC,wBAAwB,EAAE,YAAY,EAAE,MAAM,CAAC,EAChD,CAAC,wBAAwB,EAAE,aAAa,EAAE,KAAK,CAAC,EAChD,CAAC,wBAAwB,EAAE,OAAO,EAAE,qBAAqB,CAAC,EAC1D,CAAC,wBAAwB,EAAE,cAAc,EAAE,iBAAiB,CAAC,EAC7D,CAAC,wBAAwB,EAAE,WAAW,EAAE,YAAY,CAAC,EACrD,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CACE,wBAAwB,EACxB,SAAS,EACT;EACEC,cAAc,EAAE,aAAa;EAC7BC,QAAQ,EAAE,SAAS;EACnBC,MAAM,EAAE,UAAU;EAClBC,OAAO,EAAE;AACX,CAAC,CACF,CACF;AACDC,EAAE,CAAC,kCAAkC,EAAE,MAAM;EAC3CC,MAAM,CACJC,IAAI,CAACC,KAAK,CAAC,IAAAC,8BAAY,EAAC,IAAAC,8BAAY,EAACH,IAAI,CAACI,SAAS,CAACtC,KAAK,CAACC,MAAM,CAAC,CAAC,CAAC,CACrE,CAAC,CAACsC,OAAO,CAACvC,KAAK,CAACC,MAAM,CAAC;EACvBgC,MAAM,CAAC,CAACnC,MAAM,EAAE,GAAGC,oBAAoB,CAAC,CAACyC,IAAI,CAAC,GAAG,CAAC,CAAC,CAACC,IAAI,CAAC9C,KAAK,CAAC;AACjE,CAAC,CAAC;AAEF+C,QAAQ,CAAC,QAAQ,EAAE,MAAM;EACvBV,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC,MAAMW,MAAM,GAAG,IAAAC,aAAM,EAACjD,KAAK,EAAEkD,eAAQ,CAAC;IACtCZ,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrBvC,KAAK;MACL2B,WAAW,EAAEA,WAAW,CAACmB,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAElD,oBAAoB,CAACiD,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFhB,EAAE,CAAC,oCAAoC,EAAE,MAAM;IAC7C,MAAMW,MAAM,GAAG,IAAAC,aAAM,EAACjD,KAAK,CAAC;IAC5BsC,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrBvC,KAAK;MACL2B,WAAW,EAAEA,WAAW,CAACmB,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAElD,oBAAoB,CAACiD,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFhB,EAAE,CAAC,kDAAkD,EAAE,MAAM;IAC3D,MAAMkB,YAAY,GAAGL,eAAQ,CAACM,GAAG,CAC/BC,MAAC,CAACC,MAAM,CAAC;MAAE/C,OAAO,EAAE8C,MAAC,CAACC,MAAM,CAAC;QAAEC,WAAW,EAAEF,MAAC,CAACG,MAAM,CAAC;MAAE,CAAC;IAAE,CAAC,CAC7D,CAAC;IACD,MAAMC,cAAc,GAAGJ,MAAC,CAACC,MAAM,CAAC;MAC9B/C,OAAO,EAAE8C,MAAC,CAACC,MAAM,CAAC;QAAEC,WAAW,EAAEF,MAAC,CAACG,MAAM,CAAC;MAAE,CAAC;IAC/C,CAAC,CAAC;IAEF,IAAI;MACF;MACA,IAAAX,aAAM,EAACjD,KAAK,EAAEuD,YAAY,CAAC;MAC3B;MACA,IAAAN,aAAM,EAACjD,KAAK,EAAE6D,cAAc,CAAC;IAC/B,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd;MACA;IAAA;EAEJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFf,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBV,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAAC/D,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC;IACpD,MAAMgE,QAAQ,GAAG;MACfhE,KAAK,EAAG,GAAEG,MAAO,mEAAkE;MACnF8D,KAAK,EAAE,CAAC;QAAEC,KAAK,EAAE,YAAY;QAAEC,IAAI,EAAE;MAAgC,CAAC;IACxE,CAAC;IAED7B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAAC/D,KAAK,EAAE,EAAE,CAAC;IACxC,MAAMgE,QAAQ,GAAG;MAAEhE,KAAK,EAAG,GAAEG,MAAO,EAAC;MAAE8D,KAAK,EAAE;IAAG,CAAC;IAElD3B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,+CAA+C,EAAE,YAAY;IAC9D,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAAC/D,KAAK,EAAE,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC7D,MAAMgE,QAAQ,GAAG;MACfhE,KAAK,EAAG,GAAEG,MAAO,kJAAiJ;MAClK8D,KAAK,EAAE,CACL;QACEC,KAAK,EAAE,YAAY;QACnBC,IAAI,EAAE;MACR,CAAC,EACD;QACED,KAAK,EAAE,OAAO;QACdC,IAAI,EAAE;MACR,CAAC;IAEL,CAAC;IAED7B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,8BAA8B,EAAE,YAAY;IAC7C,MAAM+B,EAAE,GAAG,MAAAA,CAAA,KAAY,IAAAL,eAAQ,EAAC/D,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC;IAEnD,MAAMsC,MAAM,CAAC8B,EAAE,CAAC,CAAC,CAAC,CAACC,OAAO,CAACzB,OAAO,CAACN,MAAM,CAACgC,GAAG,CAACC,KAAK,CAAC,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/lib/commonjs/sd-jwt/index.js

@@ -3,6 +3,12 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
+Object.defineProperty(exports, "SdJwt4VC", {
+  enumerable: true,
+  get: function () {
+    return _types.SdJwt4VC;
+  }
+});
 exports.verify = exports.disclose = exports.decode = void 0;
 var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _types = require("./types");
@@ -25,12 +31,12 @@ const decodeDisclosure = encoded => {
  *
  * @function
  * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
- * @param schema Schema to use to parse the SD-JWT
+ * @param customSchema (optional) Schema to use to parse the SD-JWT. Default: SdJwt4VC
  *
  * @returns The parsed SD-JWT token and the parsed disclosures
  *
  */
-const decode = (token, schema) => {
+const decode = (token, customSchema) => {
   // token are expected in the form "sd-jwt~disclosure0~disclosure1~...~disclosureN~"
   if (token.slice(-1) === "~") {
     token = token.slice(0, -1);
@@ -40,7 +46,10 @@ const decode = (token, schema) => {
   // get the sd-jwt as object
   // validate it's a valid SD-JWT for Verifiable Credentials
   const decodedJwt = (0, _ioReactNativeJwt.decode)(rawSdJwt);
-  const sdJwt = schema.parse({
+
+  // use a custom parsed if provided, otherwise use base SdJwt4VC
+  const parser = customSchema || _types.SdJwt4VC;
+  const sdJwt = parser.parse({
     header: decodedJwt.protectedHeader,
     payload: decodedJwt.payload
   });
@@ -134,16 +143,16 @@ const disclose = async (token, claims) => {
  *
  * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
  * @param publicKey The single public key or an array of public keys to validate the signature.
- * @param schema Schema to use to parse the SD-JWT
+ * @param customSchema Schema to use to parse the SD-JWT
  *
  * @returns The parsed SD-JWT token and the parsed disclosures
  *
  */
 exports.disclose = disclose;
-const verify = async (token, publicKey, schema) => {
+const verify = async (token, publicKey, customSchema) => {
   // get decoded data
   const [rawSdJwt = ""] = token.split("~");
-  const decoded = decode(token, schema);
+  const decoded = decode(token, customSchema);
 
   //Check signature
   await (0, _ioReactNativeJwt.verify)(rawSdJwt, publicKey);

package/lib/commonjs/sd-jwt/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","_errors","decodeDisclosure","encoded","decoded","Disclosure","parse","JSON","decodeBase64","decode","token","schema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","decodeJwt","sdJwt","header","protectedHeader","payload","disclosures","map","exports","disclose","claims","SdJwt4VC","paths","Promise","all","claim","disclosure","find","_ref","name","ClaimsNotFoundBetweenDislosures","hash","sha256ToBase64","verified_claims","_sd","includes","index","indexOf","path","verification","ClaimsNotFoundInToken","filteredDisclosures","filter","d","disclosedToken","join","verify","publicKey","verifyJwt","verifyDisclosure"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;AAEA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,SAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AAKA,MAAMI,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,OAAO,GAAGC,iBAAU,CAACC,KAAK,CAACC,IAAI,CAACD,KAAK,CAAC,IAAAE,8BAAY,EAACL,OAAO,CAAC,CAAC,CAAC;EACnE,OAAO;IAAEC,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,MAAM,GAAGA,CACpBC,KAAa,EACbC,MAAS,KAIN;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACJ,QAAQ,CAAC;EACtC,MAAMK,KAAK,GAAGP,MAAM,CAACL,KAAK,CAAC;IACzBa,MAAM,EAAEH,UAAU,CAACI,eAAe;IAClCC,OAAO,EAAEL,UAAU,CAACK;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGR,cAAc,CAACS,GAAG,CAACrB,gBAAgB,CAAC;EAExD,OAAO;IAAEgB,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAZAE,OAAA,CAAAf,MAAA,GAAAA,MAAA;AAaO,MAAMgB,QAAQ,GAAG,MAAAA,CACtBf,KAAa,EACbgB,MAAgB,KACyD;EACzE,MAAM,CAACb,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEG,KAAK;IAAEI;EAAY,CAAC,GAAGb,MAAM,CAACC,KAAK,EAAEiB,eAAQ,CAAC;;EAEtD;EACA,MAAMC,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BJ,MAAM,CAACH,GAAG,CAAC,MAAOQ,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGV,WAAW,CAACW,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAE9B,OAAO,EAAE,GAAG+B,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAII,uCAA+B,CAACL,KAAK,CAAC;IAClD;IAEA,MAAMM,IAAI,GAAG,MAAM,IAAAC,gCAAc,EAACN,UAAU,CAAC7B,OAAO,CAAC;;IAErD;IACA;IACA,IAAIe,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACb,MAAM,CAACc,GAAG,CAACC,QAAQ,CAACJ,IAAI,CAAC,EAAE;MAC3D,MAAMK,KAAK,GAAGxB,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACb,MAAM,CAACc,GAAG,CAACG,OAAO,CAACN,IAAI,CAAC;MACpE,OAAO;QAAEN,KAAK;QAAEa,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE,CAAC,MAAM,IACLxB,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACM,YAAY,CAACL,GAAG,CAACC,QAAQ,CAACJ,IAAI,CAAC,EAC7D;MACA,MAAMK,KAAK,GACTxB,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACM,YAAY,CAACL,GAAG,CAACG,OAAO,CAACN,IAAI,CAAC;MAC9D,OAAO;QAAEN,KAAK;QAAEa,IAAI,EAAG,oCAAmCF,KAAM;MAAG,CAAC;IACtE;IAEA,MAAM,IAAII,6BAAqB,CAACf,KAAK,CAAC;EACxC,CAAC,CACH,CAAC;EAED,MAAMgB,mBAAmB,GAAGjC,cAAc,CAACkC,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJ7C,OAAO,EAAE,GAAG+B,IAAI;IAClB,CAAC,GAAGjC,gBAAgB,CAAC+C,CAAC,CAAC;IACvB,OAAOvB,MAAM,CAACe,QAAQ,CAACN,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMe,cAAc,GAAG,CAACrC,QAAQ,EAAE,GAAGkC,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAEzC,KAAK,EAAEwC,cAAc;IAAEtB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAJ,OAAA,CAAAC,QAAA,GAAAA,QAAA;AAgBO,MAAM2B,MAAM,GAAG,MAAAA,CACpB1C,KAAa,EACb2C,SAAsB,EACtB1C,MAAS,KACqD;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMX,OAAO,GAAGK,MAAM,CAACC,KAAK,EAAEC,MAAM,CAAC;;EAErC;EACA,MAAM,IAAA2C,wBAAS,EAACzC,QAAQ,EAAEwC,SAAS,CAAC;;EAEpC;EACA,MAAM3B,MAAM,GAAG,CACb,GAAGtB,OAAO,CAACc,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACM,YAAY,CAACL,GAAG,EACzD,GAAGpC,OAAO,CAACc,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACb,MAAM,CAACc,GAAG,CACpD;EAED,MAAMX,OAAO,CAACC,GAAG,CACf1B,OAAO,CAACkB,WAAW,CAACC,GAAG,CACrB,MAAOS,UAAU,IAAK,MAAM,IAAAuB,0BAAgB,EAACvB,UAAU,EAAEN,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLR,KAAK,EAAEd,OAAO,CAACc,KAAK;IACpBI,WAAW,EAAElB,OAAO,CAACkB,WAAW,CAACC,GAAG,CAAE0B,CAAC,IAAKA,CAAC,CAAC7C,OAAO;EACvD,CAAC;AACH,CAAC;AAACoB,OAAA,CAAA4B,MAAA,GAAAA,MAAA"}
+{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","_errors","decodeDisclosure","encoded","decoded","Disclosure","parse","JSON","decodeBase64","decode","token","customSchema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","decodeJwt","parser","SdJwt4VC","sdJwt","header","protectedHeader","payload","disclosures","map","exports","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","ClaimsNotFoundBetweenDislosures","hash","sha256ToBase64","verified_claims","_sd","includes","index","indexOf","path","verification","ClaimsNotFoundInToken","filteredDisclosures","filter","d","disclosedToken","join","verify","publicKey","verifyJwt","verifyDisclosure"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;;;;;;;AAEA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,SAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AAKA,MAAMI,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,OAAO,GAAGC,iBAAU,CAACC,KAAK,CAACC,IAAI,CAACD,KAAK,CAAC,IAAAE,8BAAY,EAACL,OAAO,CAAC,CAAC,CAAC;EACnE,OAAO;IAAEC,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,MAAM,GAAGA,CACpBC,KAAa,EACbC,YAAgB,KAIb;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACJ,QAAQ,CAAC;;EAEtC;EACA,MAAMK,MAAM,GAAGP,YAAY,IAAIQ,eAAQ;EAEvC,MAAMC,KAAK,GAAGF,MAAM,CAACZ,KAAK,CAAC;IACzBe,MAAM,EAAEL,UAAU,CAACM,eAAe;IAClCC,OAAO,EAAEP,UAAU,CAACO;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGV,cAAc,CAACW,GAAG,CAACvB,gBAAgB,CAAC;EAExD,OAAO;IAAEkB,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAZAE,OAAA,CAAAjB,MAAA,GAAAA,MAAA;AAaO,MAAMkB,QAAQ,GAAG,MAAAA,CACtBjB,KAAa,EACbkB,MAAgB,KACyD;EACzE,MAAM,CAACf,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEK,KAAK;IAAEI;EAAY,CAAC,GAAGf,MAAM,CAACC,KAAK,EAAES,eAAQ,CAAC;;EAEtD;EACA,MAAMU,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACH,GAAG,CAAC,MAAOO,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGT,WAAW,CAACU,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAE/B,OAAO,EAAE,GAAGgC,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAII,uCAA+B,CAACL,KAAK,CAAC;IAClD;IAEA,MAAMM,IAAI,GAAG,MAAM,IAAAC,gCAAc,EAACN,UAAU,CAAC9B,OAAO,CAAC;;IAErD;IACA;IACA,IAAIiB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACZ,MAAM,CAACa,GAAG,CAACC,QAAQ,CAACJ,IAAI,CAAC,EAAE;MAC3D,MAAMK,KAAK,GAAGvB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACZ,MAAM,CAACa,GAAG,CAACG,OAAO,CAACN,IAAI,CAAC;MACpE,OAAO;QAAEN,KAAK;QAAEa,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE,CAAC,MAAM,IACLvB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACM,YAAY,CAACL,GAAG,CAACC,QAAQ,CAACJ,IAAI,CAAC,EAC7D;MACA,MAAMK,KAAK,GACTvB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACM,YAAY,CAACL,GAAG,CAACG,OAAO,CAACN,IAAI,CAAC;MAC9D,OAAO;QAAEN,KAAK;QAAEa,IAAI,EAAG,oCAAmCF,KAAM;MAAG,CAAC;IACtE;IAEA,MAAM,IAAII,6BAAqB,CAACf,KAAK,CAAC;EACxC,CAAC,CACH,CAAC;EAED,MAAMgB,mBAAmB,GAAGlC,cAAc,CAACmC,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJ9C,OAAO,EAAE,GAAGgC,IAAI;IAClB,CAAC,GAAGlC,gBAAgB,CAACgD,CAAC,CAAC;IACvB,OAAOtB,MAAM,CAACc,QAAQ,CAACN,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMe,cAAc,GAAG,CAACtC,QAAQ,EAAE,GAAGmC,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAE1C,KAAK,EAAEyC,cAAc;IAAEtB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAH,OAAA,CAAAC,QAAA,GAAAA,QAAA;AAgBO,MAAM0B,MAAM,GAAG,MAAAA,CACpB3C,KAAa,EACb4C,SAAsB,EACtB3C,YAAgB,KAC8C;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMX,OAAO,GAAGK,MAAM,CAACC,KAAK,EAAEC,YAAY,CAAC;;EAE3C;EACA,MAAM,IAAA4C,wBAAS,EAAC1C,QAAQ,EAAEyC,SAAS,CAAC;;EAEpC;EACA,MAAM1B,MAAM,GAAG,CACb,GAAGxB,OAAO,CAACgB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACM,YAAY,CAACL,GAAG,EACzD,GAAGrC,OAAO,CAACgB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACZ,MAAM,CAACa,GAAG,CACpD;EAED,MAAMX,OAAO,CAACC,GAAG,CACf3B,OAAO,CAACoB,WAAW,CAACC,GAAG,CACrB,MAAOQ,UAAU,IAAK,MAAM,IAAAuB,0BAAgB,EAACvB,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLR,KAAK,EAAEhB,OAAO,CAACgB,KAAK;IACpBI,WAAW,EAAEpB,OAAO,CAACoB,WAAW,CAACC,GAAG,CAAEyB,CAAC,IAAKA,CAAC,CAAC9C,OAAO;EACvD,CAAC;AACH,CAAC;AAACsB,OAAA,CAAA2B,MAAA,GAAAA,MAAA"}

package/lib/commonjs/sd-jwt/types.js

@@ -27,7 +27,7 @@ const Disclosure = _zod.z.tuple([/* salt */_zod.z.string(), /* claim name */_zod
  * For such reason, we may find conveninent to have encoded and decode values stored explicitly in the same structure.
  * Please note that `encoded` can always decode into `decode`, but `decode` may or may not be encoded with the same value of `encoded`
  *
- * @see https://www.ietf.org/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-disclosures-for-object-prop
+ * @see https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-disclosures-for-object-prop
  */
 exports.Disclosure = Disclosure;
 const SdJwt4VC = _zod.z.object({

package/lib/commonjs/trust/types.js

@@ -52,7 +52,7 @@ const CredentialDefinitionMetadata = z.object({
 
 const SupportedCredentialMetadata = z.object({
   id: z.string(),
-  format: z.literal("vc+sd-jwt"),
+  format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
   cryptographic_binding_methods_supported: z.array(z.string()),
   cryptographic_suites_supported: z.array(z.string()),
   display: z.array(CredentialDisplayMetadata),
@@ -81,6 +81,10 @@ const EntityConfigurationHeader = z.object({
   alg: z.string(),
   kid: z.string()
 });
+
+/**
+ * @see https://openid.net/specs/openid-connect-federation-1_0-29.html#name-federation-entity
+ */
 exports.EntityConfigurationHeader = EntityConfigurationHeader;
 const FederationEntityMetadata = z.object({
   federation_fetch_endpoint: z.string().optional(),
@@ -88,6 +92,7 @@ const FederationEntityMetadata = z.object({
   federation_resolve_endpoint: z.string().optional(),
   federation_trust_mark_status_endpoint: z.string().optional(),
   federation_trust_mark_list_endpoint: z.string().optional(),
+  organization_name: z.string().optional(),
   homepage_uri: z.string().optional(),
   policy_uri: z.string().optional(),
   logo_uri: z.string().optional(),
@@ -136,7 +141,7 @@ const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z.object
           keys: z.array(_jwk.JWK)
         })
       }),
-      /** Credential Issuers act as Relying Party 
+      /** Credential Issuers act as Relying Party
           when they require the presentation of other credentials.
           This does not apply for PID issuance, which requires CIE authz. */
       wallet_relying_party: RelyingPartyMetadata.optional()