@pagopa/io-react-native-wallet 1.0.0 → 1.1.1

package/lib/module/credential/issuance/06-obtain-credential.js

@@ -20,7 +20,7 @@ export const createNonceProof = async (nonce, issuer, audience, ctx) => {
  * of the Credential Issuer to request the issuance of a credential linked to the public key contained in the JWT proof.
  * The Openid4vci proof JWT incapsulates the nonce extracted from the token response from the {@link authorizeAccess} step.
  * The credential request is sent to the Credential Endpoint of the Credential Issuer via HTTP POST with the type of the credential, its format, the access token and the JWT proof.
- * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param issuerConf The issuer configuration returned by {@link getIssuerConfig}
  * @param accessToken The access token response returned by {@link authorizeAccess}
  * @param clientId The client id returned by {@link startUserAuthorization}
  * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link startUserAuthorization}
@@ -36,7 +36,7 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
     appFetch = fetch,
     dPopCryptoContext
   } = context;
-  const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
+  const credentialUrl = issuerConf.credential_endpoint;
 
   /**
    * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
@@ -44,21 +44,29 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
    * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
    */
   const signedNonceProof = await createNonceProof(accessToken.c_nonce, clientId, credentialUrl, credentialCryptoContext);
-
-  // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
-  const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credentialDefinition.credential_configuration_id && c.format === credentialDefinition.format && c.type === credentialDefinition.type);
+  const containsCredentialDefinition = accessToken.authorization_details.credential_configuration_id === credentialDefinition.credential_configuration_id && accessToken.authorization_details.type === credentialDefinition.type;
   if (!containsCredentialDefinition) {
     throw new ValidationFailed({
       message: "The access token response does not contain the requested credential"
     });
   }
+  const credential = issuerConf.credential_configurations_supported[credentialDefinition.credential_configuration_id];
+  if (!credential) {
+    throw new ValidationFailed({
+      message: "The credential configuration is not supported by the issuer"
+    });
+  }
+  const format = credential.format;
+  if (!format) {
+    throw new ValidationFailed({
+      message: "The credential doesn't contain the format required by the issuer"
+    });
+  }
 
   /** The credential request body */
   const credentialRequestFormBody = {
-    credential_definition: {
-      type: [credentialDefinition.credential_configuration_id]
-    },
-    format: credentialDefinition.format,
+    vct: credentialDefinition.credential_configuration_id,
+    format,
     proof: {
       jwt: signedNonceProof,
       proof_type: "jwt"
@@ -98,18 +106,7 @@ const handleObtainCredentialError = e => {
   if (!(e instanceof UnexpectedStatusCodeError)) {
     throw e;
   }
-  throw new ResponseErrorBuilder(IssuerResponseError).handle(201, {
-    // Although it is technically not an error, we handle it as such to avoid
-    // changing the return type of `obtainCredential` and introduce a breaking change.
-    code: IssuerResponseErrorCodes.CredentialIssuingNotSynchronous,
-    message: "This credential cannot be issued synchronously. It will be available at a later time."
-  }).handle(403, {
-    code: IssuerResponseErrorCodes.CredentialInvalidStatus,
-    message: "Invalid status found for the given credential"
-  }).handle(404, {
-    code: IssuerResponseErrorCodes.CredentialInvalidStatus,
-    message: "Invalid status found for the given credential"
-  }).handle("*", {
+  throw new ResponseErrorBuilder(IssuerResponseError).handle("*", {
     code: IssuerResponseErrorCodes.CredentialRequestFailed,
     message: "Unable to obtain the requested credential"
   }).buildFrom(e);

package/lib/module/credential/issuance/06-obtain-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","createDPopToken","uuid","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credentialUrl","openid_credential_issuer","credential_endpoint","signedNonceProof","c_nonce","containsCredentialDefinition","authorization_details","some","c","credential_configuration_id","format","type","message","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","tokenRequestSignedDPop","htm","htu","jti","v4","ath","access_token","credentialRes","method","headers","DPoP","Authorization","token_type","body","JSON","stringify","then","res","json","safeParse","catch","handleObtainCredentialError","success","reason","error","data","e","handle","code","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,QAAQ,SAAS;AAC5C,SAASC,eAAe,QAAQ,kBAAkB;AAClD,OAAOC,IAAI,MAAM,mBAAmB;AAcpC,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIhB,OAAO,CAACc,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM5B,gBAAgB,CAC7CiB,WAAW,CAACY,OAAO,EACnBX,QAAQ,EACRO,aAAa,EACbJ,uBACF,CAAC;;EAED;EACA,MAAMS,4BAA4B,GAAGb,WAAW,CAACc,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACC,2BAA2B,KAC3Bf,oBAAoB,CAACe,2BAA2B,IAClDD,CAAC,CAACE,MAAM,KAAKhB,oBAAoB,CAACgB,MAAM,IACxCF,CAAC,CAACG,IAAI,KAAKjB,oBAAoB,CAACiB,IACpC,CAAC;EAED,IAAI,CAACN,4BAA4B,EAAE;IACjC,MAAM,IAAIlC,gBAAgB,CAAC;MACzByC,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;EACA,MAAMC,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBH,IAAI,EAAE,CAACjB,oBAAoB,CAACe,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEhB,oBAAoB,CAACgB,MAAM;IACnCK,KAAK,EAAE;MACLC,GAAG,EAAEb,gBAAgB;MACrBc,UAAU,EAAE;IACd;EACF,CAAC;EAED,MAAMC,sBAAsB,GAAG,MAAM7C,eAAe,CAClD;IACE8C,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEpB,aAAa;IAClBqB,GAAG,EAAG,GAAE/C,IAAI,CAACgD,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,MAAM3D,cAAc,CAAC4B,WAAW,CAACgC,YAAY;EACpD,CAAC,EACDzB,iBACF,CAAC;EACD,MAAM0B,aAAa,GAAG,MAAM5B,QAAQ,CAACG,aAAa,EAAE;IAClD0B,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAEV,sBAAsB;MAC5BW,aAAa,EAAG,GAAErC,WAAW,CAACsC,UAAW,IAAGtC,WAAW,CAACgC,YAAa;IACvE,CAAC;IACDO,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACpB,yBAAyB;EAChD,CAAC,CAAC,CACCqB,IAAI,CAACpE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BoE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEH,IAAI,IAAK3D,kBAAkB,CAACiE,SAAS,CAACN,IAAI,CAAC,CAAC,CAClDO,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACd,aAAa,CAACe,OAAO,EAAE;IAC1B,MAAM,IAAIrE,gBAAgB,CAAC;MACzByC,OAAO,EAAE,uCAAuC;MAChD6B,MAAM,EAAEhB,aAAa,CAACiB,KAAK,CAAC9B;IAC9B,CAAC,CAAC;EACJ;EAEA,OAAOa,aAAa,CAACkB,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMJ,2BAA2B,GAAIK,CAAU,IAAK;EAClD,IAAI,EAAEA,CAAC,YAAY1E,yBAAyB,CAAC,EAAE;IAC7C,MAAM0E,CAAC;EACT;EAEA,MAAM,IAAI3E,oBAAoB,CAACF,mBAAmB,CAAC,CAChD8E,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAE9E,wBAAwB,CAAC+E,+BAA+B;IAC9DnC,OAAO,EACL;EACJ,CAAC,CAAC,CACDiC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE9E,wBAAwB,CAACgF,uBAAuB;IACtDpC,OAAO,EAAE;EACX,CAAC,CAAC,CACDiC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE9E,wBAAwB,CAACgF,uBAAuB;IACtDpC,OAAO,EAAE;EACX,CAAC,CAAC,CACDiC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE9E,wBAAwB,CAACiF,uBAAuB;IACtDrC,OAAO,EAAE;EACX,CAAC,CAAC,CACDsC,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}
+{"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","createDPopToken","uuid","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credentialUrl","credential_endpoint","signedNonceProof","c_nonce","containsCredentialDefinition","authorization_details","credential_configuration_id","type","message","credential","credential_configurations_supported","format","credentialRequestFormBody","vct","proof","jwt","proof_type","tokenRequestSignedDPop","htm","htu","jti","v4","ath","access_token","credentialRes","method","headers","DPoP","Authorization","token_type","body","JSON","stringify","then","res","json","safeParse","catch","handleObtainCredentialError","success","reason","error","data","e","handle","code","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,QAAQ,SAAS;AAC5C,SAASC,eAAe,QAAQ,kBAAkB;AAClD,OAAOC,IAAI,MAAM,mBAAmB;AAcpC,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIhB,OAAO,CAACc,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,mBAAmB;;EAEpD;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM3B,gBAAgB,CAC7CiB,WAAW,CAACW,OAAO,EACnBV,QAAQ,EACRO,aAAa,EACbJ,uBACF,CAAC;EAED,MAAMQ,4BAA4B,GAChCZ,WAAW,CAACa,qBAAqB,CAACC,2BAA2B,KAC3DZ,oBAAoB,CAACY,2BAA2B,IAClDd,WAAW,CAACa,qBAAqB,CAACE,IAAI,KAAKb,oBAAoB,CAACa,IAAI;EAEtE,IAAI,CAACH,4BAA4B,EAAE;IACjC,MAAM,IAAIjC,gBAAgB,CAAC;MACzBqC,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;EAEA,MAAMC,UAAU,GACdlB,UAAU,CAACmB,mCAAmC,CAC5ChB,oBAAoB,CAACY,2BAA2B,CACjD;EAEH,IAAI,CAACG,UAAU,EAAE;IACf,MAAM,IAAItC,gBAAgB,CAAC;MACzBqC,OAAO,EAAE;IACX,CAAC,CAAC;EACJ;EAEA,MAAMG,MAAM,GAAGF,UAAU,CAACE,MAAM;EAEhC,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAIxC,gBAAgB,CAAC;MACzBqC,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;EACA,MAAMI,yBAAyB,GAAG;IAChCC,GAAG,EAAEnB,oBAAoB,CAACY,2BAA2B;IACrDK,MAAM;IACNG,KAAK,EAAE;MACLC,GAAG,EAAEb,gBAAgB;MACrBc,UAAU,EAAE;IACd;EACF,CAAC;EAED,MAAMC,sBAAsB,GAAG,MAAM5C,eAAe,CAClD;IACE6C,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEnB,aAAa;IAClBoB,GAAG,EAAG,GAAE9C,IAAI,CAAC+C,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,MAAM1D,cAAc,CAAC4B,WAAW,CAAC+B,YAAY;EACpD,CAAC,EACDxB,iBACF,CAAC;EACD,MAAMyB,aAAa,GAAG,MAAM3B,QAAQ,CAACG,aAAa,EAAE;IAClDyB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAEV,sBAAsB;MAC5BW,aAAa,EAAG,GAAEpC,WAAW,CAACqC,UAAW,IAAGrC,WAAW,CAAC+B,YAAa;IACvE,CAAC;IACDO,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACpB,yBAAyB;EAChD,CAAC,CAAC,CACCqB,IAAI,CAACnE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BmE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEH,IAAI,IAAK1D,kBAAkB,CAACgE,SAAS,CAACN,IAAI,CAAC,CAAC,CAClDO,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACd,aAAa,CAACe,OAAO,EAAE;IAC1B,MAAM,IAAIpE,gBAAgB,CAAC;MACzBqC,OAAO,EAAE,uCAAuC;MAChDgC,MAAM,EAAEhB,aAAa,CAACiB,KAAK,CAACjC;IAC9B,CAAC,CAAC;EACJ;EAEA,OAAOgB,aAAa,CAACkB,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMJ,2BAA2B,GAAIK,CAAU,IAAK;EAClD,IAAI,EAAEA,CAAC,YAAYzE,yBAAyB,CAAC,EAAE;IAC7C,MAAMyE,CAAC;EACT;EAEA,MAAM,IAAI1E,oBAAoB,CAACF,mBAAmB,CAAC,CAChD6E,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE7E,wBAAwB,CAAC8E,uBAAuB;IACtDtC,OAAO,EAAE;EACX,CAAC,CAAC,CACDuC,SAAS,CAACJ,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/credential/issuance/07-verify-and-parse-credential.js

@@ -132,8 +132,8 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
     ignoreMissingAttributes,
     includeUndefinedAttributes
   } = _ref8;
-  const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
-  const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credential_configurations_supported, decoded, ignoreMissingAttributes, includeUndefinedAttributes);
+  const decoded = await verifyCredentialSdJwt(credential, issuerConf.keys, credentialCryptoContext);
+  const parsedCredential = parseCredentialSdJwt(issuerConf.credential_configurations_supported, decoded, ignoreMissingAttributes, includeUndefinedAttributes);
   const maybeIssuedAt = getValueFromDisclosures(decoded.disclosures, "iat");
   return {
     parsedCredential,
@@ -144,7 +144,7 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
 
 /**
  * Verify and parse an encoded credential.
- * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param issuerConf The Issuer configuration returned by {@link getIssuerConfig}
  * @param credential The encoded credential returned by {@link obtainCredential}
  * @param format The format of the credentual returned by {@link obtainCredential}
  * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}

package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","getValueFromDisclosures","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","credentialSubject","payload","vct","format","header","typ","claims","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","credential_configurations_supported","maybeIssuedAt","expiration","Date","exp","issuedAt","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;AACpD,SAASC,uBAAuB,QAAQ,yBAAyB;;AAyBjE;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAgI,EAAAC,IAAA,EAI3G;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,iBAAiB,GAAGT,qBAAqB,CAACE,KAAK,CAACQ,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtB,MAAM,IAAIf,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIe,iBAAiB,CAACG,MAAM,KAAKV,KAAK,CAACW,MAAM,CAACC,GAAG,EAAE;IACjD,MAAM,IAAIpB,aAAa,CACpB,gEAA+De,iBAAiB,CAACG,MAAO,gBAAeV,KAAK,CAACW,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,IAAI,CAACL,iBAAiB,CAACM,MAAM,EAAE;IAC7B,MAAM,IAAIrB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAMsB,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACT,iBAAiB,CAACM,MAAM,CAAC;;EAEhE;EACA,MAAMI,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAAClB,WAAW,CAACoB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACb,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMoB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAG3B,WAAW,CAACwB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAACzB,uBAAuB,EAAE;MAC5B,MAAM,IAAIV,aAAa,CACpB,4DAA2DgC,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd,MAAM,CAACe,WAAW,CACtChB;EACE;EAAA,CACCW,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACZ,OAAO,EAAEa,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEX,OAAO,EACP;MACE,GAAGa,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAE/B,WAAW,CAACkC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKN,OAC7B,CAAC,cAAAY,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAAChB,OAAO,EAAE;MAAEiB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEhB,OAAO,EACP;MACE,GAAGa,UAAU;MACbV,IAAI,EAAEc,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAElB;QAAK,CAAC,GAAAiB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGlB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAIjB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMoC,eAAe,GAAG3B,MAAM,CAACe,WAAW,CACxC7B,WAAW,CACRiB,MAAM,CAAEQ,CAAC,IAAK,CAACX,MAAM,CAAC4B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEZ,KAAK;QAAEX,IAAI,EAAEuB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGjB,aAAa;MAChB,GAAGa;IACL,CAAC;EACH;EAEA,OAAOb,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAekB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB3D,WAAW,CAACqD,aAAa,EAAEC,UAAU,EAAExD,QAAQ,CAAC,EAChDyD,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACnD,KAAK,CAACQ,OAAO;EAE/C,IAAI,CAACgD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAIlE,aAAa,CACpB,kDAAiD4D,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACnD,KAAK,CAACQ,OAAO,CAACgD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVnC,CAAC,EAAAoC,KAAA,KAME;EAAA,IALH;IACEC,uBAAuB;IACvB7D,uBAAuB;IACvBI;EACF,CAAC,GAAAwD,KAAA;EAED,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACvB,IAAI,EAC7CoB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAGtE,oBAAoB,CAC3C+D,UAAU,CAACK,wBAAwB,CAACG,mCAAmC,EACvEJ,OAAO,EACP9D,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAM+D,aAAa,GAAGzE,uBAAuB,CAACoE,OAAO,CAAC/D,WAAW,EAAE,KAAK,CAAC;EAEzE,OAAO;IACLkE,gBAAgB;IAChBG,UAAU,EAAE,IAAIC,IAAI,CAACP,OAAO,CAAChE,KAAK,CAACQ,OAAO,CAACgE,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOJ,aAAa,KAAK,QAAQ,GAC7B,IAAIE,IAAI,CAACF,aAAa,GAAG,IAAI,CAAC,GAC9BhE;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMqE,wBAAkD,GAAG,MAAAA,CAChEd,UAAU,EACVC,UAAU,EACVnD,MAAM,EACNiE,OAAO,KACJ;EACH,IAAIjE,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOiD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVnD,MAAM,EACNiE,OACF,CAAC;EACH;EAEA,MAAM,IAAInF,aAAa,CAAE,kCAAiCkB,MAAO,EAAC,CAAC;AACrE,CAAC"}
+{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","getValueFromDisclosures","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","credentialSubject","payload","vct","format","header","typ","claims","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","parsedCredential","credential_configurations_supported","maybeIssuedAt","expiration","Date","exp","issuedAt","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;AACpD,SAASC,uBAAuB,QAAQ,yBAAyB;;AAyBjE;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAgG,EAAAC,IAAA,EAI3E;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,iBAAiB,GAAGT,qBAAqB,CAACE,KAAK,CAACQ,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtB,MAAM,IAAIf,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIe,iBAAiB,CAACG,MAAM,KAAKV,KAAK,CAACW,MAAM,CAACC,GAAG,EAAE;IACjD,MAAM,IAAIpB,aAAa,CACpB,gEAA+De,iBAAiB,CAACG,MAAO,gBAAeV,KAAK,CAACW,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,IAAI,CAACL,iBAAiB,CAACM,MAAM,EAAE;IAC7B,MAAM,IAAIrB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAMsB,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACT,iBAAiB,CAACM,MAAM,CAAC;;EAEhE;EACA,MAAMI,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAAClB,WAAW,CAACoB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACb,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMoB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAG3B,WAAW,CAACwB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAACzB,uBAAuB,EAAE;MAC5B,MAAM,IAAIV,aAAa,CACpB,4DAA2DgC,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd,MAAM,CAACe,WAAW,CACtChB;EACE;EAAA,CACCW,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACZ,OAAO,EAAEa,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEX,OAAO,EACP;MACE,GAAGa,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAE/B,WAAW,CAACkC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKN,OAC7B,CAAC,cAAAY,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAAChB,OAAO,EAAE;MAAEiB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEhB,OAAO,EACP;MACE,GAAGa,UAAU;MACbV,IAAI,EAAEc,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAElB;QAAK,CAAC,GAAAiB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGlB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAIjB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMoC,eAAe,GAAG3B,MAAM,CAACe,WAAW,CACxC7B,WAAW,CACRiB,MAAM,CAAEQ,CAAC,IAAK,CAACX,MAAM,CAAC4B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEZ,KAAK;QAAEX,IAAI,EAAEuB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGjB,aAAa;MAChB,GAAGa;IACL,CAAC;EACH;EAEA,OAAOb,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAekB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB3D,WAAW,CAACqD,aAAa,EAAEC,UAAU,EAAExD,QAAQ,CAAC,EAChDyD,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACnD,KAAK,CAACQ,OAAO;EAE/C,IAAI,CAACgD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAIlE,aAAa,CACpB,kDAAiD4D,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACnD,KAAK,CAACQ,OAAO,CAACgD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVnC,CAAC,EAAAoC,KAAA,KAME;EAAA,IALH;IACEC,uBAAuB;IACvB7D,uBAAuB;IACvBI;EACF,CAAC,GAAAwD,KAAA;EAED,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACjB,IAAI,EACfoB,uBACF,CAAC;EAED,MAAME,gBAAgB,GAAGpE,oBAAoB,CAC3C+D,UAAU,CAACM,mCAAmC,EAC9CF,OAAO,EACP9D,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAM6D,aAAa,GAAGvE,uBAAuB,CAACoE,OAAO,CAAC/D,WAAW,EAAE,KAAK,CAAC;EAEzE,OAAO;IACLgE,gBAAgB;IAChBG,UAAU,EAAE,IAAIC,IAAI,CAACL,OAAO,CAAChE,KAAK,CAACQ,OAAO,CAAC8D,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOJ,aAAa,KAAK,QAAQ,GAC7B,IAAIE,IAAI,CAACF,aAAa,GAAG,IAAI,CAAC,GAC9B9D;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMmE,wBAAkD,GAAG,MAAAA,CAChEZ,UAAU,EACVC,UAAU,EACVnD,MAAM,EACN+D,OAAO,KACJ;EACH,IAAI/D,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOiD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVnD,MAAM,EACN+D,OACF,CAAC;EACH;EAEA,MAAM,IAAIjF,aAAa,CAAE,kCAAiCkB,MAAO,EAAC,CAAC;AACrE,CAAC"}

package/lib/module/credential/issuance/README.md

@@ -6,7 +6,7 @@ There's a fork in the flow which is based on the type of the credential that is
 This is due to the fact that eID credentials require a different authorization flow than other credentials, which is accomplished by a strong authentication method like SPID or CIE.
 Credentials instead require a simpler authorization flow and they require other credentials to be presented in order to be issued.
 
-The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step.
+The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `getIssuerConfig` step.
 
 ## Sequence Diagram
 
@@ -14,7 +14,7 @@ The supported credentials are defined in the entity configuration of the issuer
 graph TD;
     0[WalletInstanceAttestation.getAttestation]
     1[startFlow]
-    2[evaluateIssuerTrust]
+    2[getIssuerConfig]
     3[startUserAuthorization]
     C4[getRequestedCredentialToBePresented]
     C4.1[completeUserAuthorizationWithFormPostJwtMode]
@@ -41,12 +41,9 @@ graph TD;
 
 The following errors are mapped to a `IssuerResponseError` with specific codes.
 
-|HTTP Status|Error Code|Description|
-|-----------|----------|-----------|
-|`201 Created`|`ERR_CREDENTIAL_ISSUING_NOT_SYNCHRONOUS`| This response is returned by the credential issuer when the request has been queued because the credential cannot be issued synchronously. The consumer should try to obtain the credential at a later time. Although `201 Created` is not considered an error, it is mapped as an error in this context in order to handle the case where the credential issuance is not synchronous. This allows keeping the flow consistent and handle the case where the credential is not immediately available.|
-|`403 Forbidden`|`ERR_CREDENTIAL_INVALID_STATUS`|This response is returned by the credential issuer when the requested credential has an invalid status. It might contain more details in the `reason` property.|
-|`404 Not Found`|`ERR_CREDENTIAL_INVALID_STATUS`| This response is returned by the credential issuer when the authenticated user is not entitled to receive the requested credential. It might contain more details in the `reason` property.|
-|`*`|`ERR_ISSUER_GENERIC_ERROR`|This is a generic error code to map unexpected errors that occurred when interacting with the Issuer.|
+| HTTP Status | Error Code                 | Description                                                                                           |
+| ----------- | -------------------------- | ----------------------------------------------------------------------------------------------------- |
+| `*`         | `ERR_ISSUER_GENERIC_ERROR` | This is a generic error code to map unexpected errors that occurred when interacting with the Issuer. |
 
 ## Strong authentication for eID issuance (Query Mode)
 
@@ -121,7 +118,7 @@ const startFlow: Credential.Issuance.StartFlow = () => ({
 const { issuerUrl } = startFlow();
 
 // Evaluate issuer trust
-const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(issuerUrl);
+const { issuerConf } = await Credential.Issuance.getIssuerConfig(issuerUrl);
 
 // Start user authorization
 const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
@@ -251,17 +248,16 @@ const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
 // Start the issuance flow
 const startFlow: Credential.Issuance.StartFlow = () => ({
   issuerUrl: WALLET_EID_PROVIDER_BASE_URL,
-  credentialType: "PersonIdentificationData",
+  credentialType: "urn:eu.europa.ec.eudi:pid:1",
   appFetch,
 });
 
 const { issuerUrl } = startFlow();
 
 // Evaluate issuer trust
-const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
-  issuerUrl,
-  { appFetch }
-);
+const { issuerConf } = await Credential.Issuance.getIssuerConfig(issuerUrl, {
+  appFetch,
+});
 
 // Start user authorization
 const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
@@ -315,12 +311,13 @@ const { credential, format } = await Credential.Issuance.obtainCredential(
 );
 
 // Parse and verify the eID credential
-const { parsedCredential, issuedAt, expiration } = await Credential.Issuance.verifyAndParseCredential(
-  issuerConf,
-  credential,
-  format,
-  { credentialCryptoContext }
-);
+const { parsedCredential, issuedAt, expiration } =
+  await Credential.Issuance.verifyAndParseCredential(
+    issuerConf,
+    credential,
+    format,
+    { credentialCryptoContext }
+  );
 
 return {
   parsedCredential,
@@ -328,7 +325,7 @@ return {
   keyTag: credentialKeyTag,
   credentialType,
   issuedAt,
-  expiration
+  expiration,
 };
 ```
 

package/lib/module/credential/issuance/index.js

@@ -1,9 +1,9 @@
-import { evaluateIssuerTrust } from "./02-evaluate-issuer-trust";
+import { getIssuerConfig } from "./02-get-issuer-config";
 import { startUserAuthorization } from "./03-start-user-authorization";
 import { completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthorizationResponse, buildAuthorizationUrl, getRequestedCredentialToBePresented } from "./04-complete-user-authorization";
 import { authorizeAccess } from "./05-authorize-access";
 import { obtainCredential } from "./06-obtain-credential";
 import { verifyAndParseCredential } from "./07-verify-and-parse-credential";
 import * as Errors from "./errors";
-export { evaluateIssuerTrust, startUserAuthorization, buildAuthorizationUrl, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors };
+export { getIssuerConfig, startUserAuthorization, buildAuthorizationUrl, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors };
 //# sourceMappingURL=index.js.map

package/lib/module/credential/issuance/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","parseAuthorizationResponse","buildAuthorizationUrl","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","verifyAndParseCredential","Errors"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,EACtCC,4CAA4C,EAC5CC,0BAA0B,EAC1BC,qBAAqB,EAKrBC,mCAAmC,QAC9B,kCAAkC;AACzC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACEV,mBAAmB,EACnBC,sBAAsB,EACtBI,qBAAqB,EACrBH,sCAAsC,EACtCI,mCAAmC,EACnCH,4CAA4C,EAC5CI,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB,EACxBL,0BAA0B,EAC1BM,MAAM"}
+{"version":3,"names":["getIssuerConfig","startUserAuthorization","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","parseAuthorizationResponse","buildAuthorizationUrl","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","verifyAndParseCredential","Errors"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SAASA,eAAe,QAA8B,wBAAwB;AAC9E,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,EACtCC,4CAA4C,EAC5CC,0BAA0B,EAC1BC,qBAAqB,EAKrBC,mCAAmC,QAC9B,kCAAkC;AACzC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACEV,eAAe,EACfC,sBAAsB,EACtBI,qBAAqB,EACrBH,sCAAsC,EACtCI,mCAAmC,EACnCH,4CAA4C,EAC5CI,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB,EACxBL,0BAA0B,EAC1BM,MAAM"}

package/lib/module/credential/issuance/types.js

@@ -3,7 +3,7 @@ import * as z from "zod";
 import { SupportedCredentialFormat } from "./const";
 export const TokenResponse = z.object({
   access_token: z.string(),
-  authorization_details: z.array(AuthorizationDetail),
+  authorization_details: AuthorizationDetail,
   c_nonce: z.string(),
   c_nonce_expires_in: z.number(),
   expires_in: z.number(),

package/lib/module/credential/issuance/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["AuthorizationDetail","z","SupportedCredentialFormat","TokenResponse","object","access_token","string","authorization_details","array","c_nonce","c_nonce_expires_in","number","expires_in","token_type","CredentialResponse","credential","format","ResponseUriResultShape","redirect_uri"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,iBAAiB;AACrD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,yBAAyB,QAAQ,SAAS;AAInD,OAAO,MAAMC,aAAa,GAAGF,CAAC,CAACG,MAAM,CAAC;EACpCC,YAAY,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBC,qBAAqB,EAAEN,CAAC,CAACO,KAAK,CAACR,mBAAmB,CAAC;EACnDS,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BC,UAAU,EAAEX,CAAC,CAACU,MAAM,CAAC,CAAC;EACtBE,UAAU,EAAEZ,CAAC,CAACK,MAAM,CAAC;AACvB,CAAC,CAAC;AAIF,OAAO,MAAMQ,kBAAkB,GAAGb,CAAC,CAACG,MAAM,CAAC;EACzCK,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BI,UAAU,EAAEd,CAAC,CAACK,MAAM,CAAC,CAAC;EACtBU,MAAM,EAAEd;AACV,CAAC,CAAC;;AAEF;AACA;AACA;AACA,OAAO,MAAMe,sBAAsB,GAAGhB,CAAC,CAACG,MAAM,CAAC;EAC7Cc,YAAY,EAAEjB,CAAC,CAACK,MAAM,CAAC;AACzB,CAAC,CAAC"}
+{"version":3,"names":["AuthorizationDetail","z","SupportedCredentialFormat","TokenResponse","object","access_token","string","authorization_details","c_nonce","c_nonce_expires_in","number","expires_in","token_type","CredentialResponse","credential","format","ResponseUriResultShape","redirect_uri"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,iBAAiB;AACrD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,yBAAyB,QAAQ,SAAS;AAInD,OAAO,MAAMC,aAAa,GAAGF,CAAC,CAACG,MAAM,CAAC;EACpCC,YAAY,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBC,qBAAqB,EAAEP,mBAAmB;EAC1CQ,OAAO,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBG,kBAAkB,EAAER,CAAC,CAACS,MAAM,CAAC,CAAC;EAC9BC,UAAU,EAAEV,CAAC,CAACS,MAAM,CAAC,CAAC;EACtBE,UAAU,EAAEX,CAAC,CAACK,MAAM,CAAC;AACvB,CAAC,CAAC;AAIF,OAAO,MAAMO,kBAAkB,GAAGZ,CAAC,CAACG,MAAM,CAAC;EACzCI,OAAO,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBG,kBAAkB,EAAER,CAAC,CAACS,MAAM,CAAC,CAAC;EAC9BI,UAAU,EAAEb,CAAC,CAACK,MAAM,CAAC,CAAC;EACtBS,MAAM,EAAEb;AACV,CAAC,CAAC;;AAEF;AACA;AACA;AACA,OAAO,MAAMc,sBAAsB,GAAGf,CAAC,CAACG,MAAM,CAAC;EAC7Ca,YAAY,EAAEhB,CAAC,CAACK,MAAM,CAAC;AACzB,CAAC,CAAC"}

package/lib/module/credential/presentation/01-start-flow.js

@@ -25,8 +25,13 @@ const QRCodePayload = z.object({
  * @throws If the provided qr code fails to be decoded
  */
 export const startFlowFromQR = qrcode => {
-  const decoded = decodeBase64(qrcode);
-  const decodedUrl = new URL(decoded);
+  let decodedUrl;
+  try {
+    const decoded = decodeBase64(qrcode);
+    decodedUrl = new URL(decoded);
+  } catch (error) {
+    throw new AuthRequestDecodeError("Failed to decode QR code: ", qrcode);
+  }
   const protocol = decodedUrl.protocol;
   const resource = decodedUrl.hostname;
   const requestURI = decodedUrl.searchParams.get("request_uri");

package/lib/module/credential/presentation/01-start-flow.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","decodeBase64","AuthRequestDecodeError","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decoded","decodedUrl","URL","hostname","searchParams","get","result","safeParse","success","data","error","message"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,YAAY,QAAQ,6BAA6B;AAC1D,SAASC,sBAAsB,QAAQ,UAAU;AAEjD,MAAMC,aAAa,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC7BC,QAAQ,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAEP,CAAC,CAACM,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAER,CAAC,CAACM,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAET,CAAC,CAACM,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMI,eAAoC,GAAIC,MAAM,IAAK;EAC9D,MAAMC,OAAO,GAAGX,YAAY,CAACU,MAAM,CAAC;EACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;EACnC,MAAMP,QAAQ,GAAGQ,UAAU,CAACR,QAAQ;EACpC,MAAME,QAAQ,GAAGM,UAAU,CAACE,QAAQ;EACpC,MAAMN,UAAU,GAAGI,UAAU,CAACG,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMT,QAAQ,GAAGK,UAAU,CAACG,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAMC,MAAM,GAAGf,aAAa,CAACgB,SAAS,CAAC;IACrCd,QAAQ;IACRE,QAAQ;IACRE,UAAU;IACVD;EACF,CAAC,CAAC;EAEF,IAAIU,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAInB,sBAAsB,CAACgB,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEV,UAAW,EAAC,CAAC;EACzE;AACF,CAAC"}
+{"version":3,"names":["z","decodeBase64","AuthRequestDecodeError","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decodedUrl","decoded","URL","error","hostname","searchParams","get","result","safeParse","success","data","message"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,YAAY,QAAQ,6BAA6B;AAC1D,SAASC,sBAAsB,QAAQ,UAAU;AAEjD,MAAMC,aAAa,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC7BC,QAAQ,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAEP,CAAC,CAACM,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAER,CAAC,CAACM,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAET,CAAC,CAACM,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMI,eAAoC,GAAIC,MAAM,IAAK;EAC9D,IAAIC,UAAe;EACnB,IAAI;IACF,MAAMC,OAAO,GAAGZ,YAAY,CAACU,MAAM,CAAC;IACpCC,UAAU,GAAG,IAAIE,GAAG,CAACD,OAAO,CAAC;EAC/B,CAAC,CAAC,OAAOE,KAAK,EAAE;IACd,MAAM,IAAIb,sBAAsB,CAAC,4BAA4B,EAAES,MAAM,CAAC;EACxE;EAEA,MAAMN,QAAQ,GAAGO,UAAU,CAACP,QAAQ;EACpC,MAAME,QAAQ,GAAGK,UAAU,CAACI,QAAQ;EACpC,MAAMP,UAAU,GAAGG,UAAU,CAACK,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMV,QAAQ,GAAGI,UAAU,CAACK,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAMC,MAAM,GAAGhB,aAAa,CAACiB,SAAS,CAAC;IACrCf,QAAQ;IACRE,QAAQ;IACRE,UAAU;IACVD;EACF,CAAC,CAAC;EAEF,IAAIW,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIpB,sBAAsB,CAACiB,MAAM,CAACJ,KAAK,CAACQ,OAAO,EAAG,GAAEX,UAAW,EAAC,CAAC;EACzE;AACF,CAAC"}

package/lib/module/credential/presentation/02-evaluate-rp-trust.js

@@ -1,4 +1,4 @@
-import { getRelyingPartyEntityConfiguration } from "../../trust";
+import { getRelyingPartyEntityConfiguration } from "../../entity/trust/index";
 /**
  * The Relying Party trust evaluation phase.
  * Fetch the  Relying Party's configuration and verify trust.

package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map

@@ -1 +1 @@
-{"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAAA,SAASA,kCAAkC,QAAQ,aAAa;AAchE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC;IAAO;EAC9B,CAAC,GAAG,MAAMV,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO;EAAO,CAAC;AACnB,CAAC"}
+{"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAAA,SAASA,kCAAkC,QAAQ,0BAA0B;AAc7E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC;IAAO;EAC9B,CAAC,GAAG,MAAMV,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO;EAAO,CAAC;AACnB,CAAC"}

package/lib/module/credential/presentation/03-retrieve-jwks.js

@@ -0,0 +1,61 @@
+import { JWKS } from "../../utils/jwk";
+import { hasStatusOrThrow } from "../../utils/misc";
+import { RelyingPartyEntityConfiguration } from "../../entity/trust/types";
+
+/**
+ * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
+ *
+ * @template T - The tuple type representing the function arguments.
+ * @param args - The arguments passed to the function.
+ * @returns A promise resolving to an object containing an array of JWKs.
+ */
+
+/**
+ * Retrieves the JSON Web Key Set (JWKS) from the specified client's well-known endpoint.
+ *
+ * @param clientUrl - The base URL of the client entity from which to retrieve the JWKS.
+ * @param options - Optional context containing a custom fetch implementation.
+ * @param options.context - Optional context object.
+ * @param options.context.appFetch - Optional custom fetch function to use instead of the global `fetch`.
+ * @returns A promise resolving to an object containing an array of JWKs.
+ * @throws Will throw an error if the JWKS retrieval fails.
+ */
+export const fetchJwksFromUri = async function (clientUrl) {
+  let {
+    context = {}
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const {
+    appFetch = fetch
+  } = context;
+  const wellKnownUrl = new URL("/.well-known/jar-issuer/jwk", clientUrl).toString();
+
+  // Fetches the JWKS from a specific endpoint of the entity's well-known configuration
+  const jwks = await appFetch(wellKnownUrl, {
+    method: "GET"
+  }).then(hasStatusOrThrow(200)).then(raw => raw.json()).then(json => JWKS.parse(json));
+  return {
+    keys: jwks.keys
+  };
+};
+
+/**
+ * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.
+ *
+ * @param rpConfig - The configuration object of the Relying Party entity.
+ * @returns An object containing an array of JWKs.
+ * @throws Will throw an error if the configuration is invalid or if JWKS is not found.
+ */
+export const fetchJwksFromConfig = async rpConfig => {
+  const parsedConfig = RelyingPartyEntityConfiguration.safeParse(rpConfig);
+  if (!parsedConfig.success) {
+    throw new Error("Invalid Relying Party configuration.");
+  }
+  const jwks = parsedConfig.data.payload.metadata.wallet_relying_party.jwks;
+  if (!jwks || !Array.isArray(jwks.keys)) {
+    throw new Error("JWKS not found in Relying Party configuration.");
+  }
+  return {
+    keys: jwks.keys
+  };
+};
+//# sourceMappingURL=03-retrieve-jwks.js.map

package/lib/module/credential/presentation/03-retrieve-jwks.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["JWKS","hasStatusOrThrow","RelyingPartyEntityConfiguration","fetchJwksFromUri","clientUrl","context","arguments","length","undefined","appFetch","fetch","wellKnownUrl","URL","toString","jwks","method","then","raw","json","parse","keys","fetchJwksFromConfig","rpConfig","parsedConfig","safeParse","success","Error","data","payload","metadata","wallet_relying_party","Array","isArray"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-retrieve-jwks.ts"],"mappings":"AAAA,SAASA,IAAI,QAAa,iBAAiB;AAC3C,SAASC,gBAAgB,QAAQ,kBAAkB;AACnD,SAASC,+BAA+B,QAAQ,0BAA0B;;AAE1E;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAEZ,GAAG,eAAAA,CAAOC,SAAS,EAA4B;EAAA,IAA1B;IAAEC,OAAO,GAAG,CAAC;EAAE,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACzC,MAAM;IAAEG,QAAQ,GAAGC;EAAM,CAAC,GAAGL,OAAO;EAEpC,MAAMM,YAAY,GAAG,IAAIC,GAAG,CAC1B,6BAA6B,EAC7BR,SACF,CAAC,CAACS,QAAQ,CAAC,CAAC;;EAEZ;EACA,MAAMC,IAAI,GAAG,MAAML,QAAQ,CAACE,YAAY,EAAE;IACxCI,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACf,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3Be,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAKlB,IAAI,CAACmB,KAAK,CAACD,IAAI,CAAC,CAAC;EAEnC,OAAO;IACLE,IAAI,EAAEN,IAAI,CAACM;EACb,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAEZ,GAAG,MAAOC,QAAQ,IAAK;EACtB,MAAMC,YAAY,GAAGrB,+BAA+B,CAACsB,SAAS,CAACF,QAAQ,CAAC;EACxE,IAAI,CAACC,YAAY,CAACE,OAAO,EAAE;IACzB,MAAM,IAAIC,KAAK,CAAC,sCAAsC,CAAC;EACzD;EAEA,MAAMZ,IAAI,GAAGS,YAAY,CAACI,IAAI,CAACC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAAChB,IAAI;EAEzE,IAAI,CAACA,IAAI,IAAI,CAACiB,KAAK,CAACC,OAAO,CAAClB,IAAI,CAACM,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIM,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLN,IAAI,EAAEN,IAAI,CAACM;EACb,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/{03-get-request-object.js → 04-get-request-object.js}

@@ -15,7 +15,7 @@ import { RequestObject } from "./types";
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
  * @returns The Request Object that describes the presentation
  */
-export const getRequestObject = async (requestUri, rpConf, _ref) => {
+export const getRequestObject = async (requestUri, _ref, jwkKeys) => {
   let {
     wiaCryptoContext,
     appFetch = fetch,
@@ -35,11 +35,20 @@ export const getRequestObject = async (requestUri, rpConf, _ref) => {
     }
   }).then(hasStatusOrThrow(200)).then(res => res.json()).then(responseJson => responseJson.response);
   const responseJwt = decodeJwt(responseEncodedJwt);
+  await verifyTokenSignature(jwkKeys, responseJwt);
 
-  // verify token signature according to RP's entity configuration
-  // to ensure the request object is authentic
-  {
-    const pubKey = rpConf.wallet_relying_party.jwks.keys.find(_ref2 => {
+  // Ensure that the request object conforms to the expected specification.
+  const requestObject = RequestObject.parse(responseJwt.payload);
+  return {
+    requestObject
+  };
+};
+const verifyTokenSignature = async (jwkKeys, responseJwt) => {
+  var _responseJwt$protecte;
+  // verify token signature to ensure the request object is authentic
+  // 1. according to entity configuration if present
+  if (jwkKeys) {
+    const pubKey = jwkKeys.find(_ref2 => {
       let {
         kid
       } = _ref2;
@@ -48,13 +57,18 @@ export const getRequestObject = async (requestUri, rpConf, _ref) => {
     if (!pubKey) {
       throw new NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
     }
-    await verify(responseEncodedJwt, pubKey);
+    await verify(responseJwt, pubKey);
+    return;
   }
 
-  // Ensure that the request object conforms to the expected specification.
-  const requestObject = RequestObject.parse(responseJwt.payload);
-  return {
-    requestObject
-  };
+  // 2. If jwk is not retrieved from entity config, check if the token contains the 'jwk' attribute
+  if ((_responseJwt$protecte = responseJwt.protectedHeader) !== null && _responseJwt$protecte !== void 0 && _responseJwt$protecte.jwk) {
+    const pubKey = responseJwt.protectedHeader.jwk;
+    await verify(responseJwt, pubKey);
+    return;
+  }
+
+  // No verification condition matched: skipping signature verification for now.
+  // TODO: [EUDIW-215] Remove skipping signature verification
 };
-//# sourceMappingURL=03-get-request-object.js.map
+//# sourceMappingURL=04-get-request-object.js.map

package/lib/module/credential/presentation/04-get-request-object.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["uuid","decode","decodeJwt","sha256ToBase64","verify","createDPopToken","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","RequestObject","getRequestObject","requestUri","_ref","jwkKeys","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","responseEncodedJwt","method","headers","Authorization","DPoP","then","res","json","responseJson","response","responseJwt","verifyTokenSignature","requestObject","parse","payload","_responseJwt$protecte","pubKey","find","_ref2","kid","protectedHeader","jwk"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-get-request-object.ts"],"mappings":"AAAA,OAAOA,IAAI,MAAM,mBAAmB;AACpC,SACEC,MAAM,IAAIC,SAAS,EACnBC,cAAc,EACdC,MAAM,QAED,6BAA6B;AAEpC,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,wCAAwC,QAAQ,UAAU;AAEnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,aAAa,QAAQ,SAAS;AAYvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EAAAC,IAAA,EAEVC,OAAO,KACJ;EAAA,IAFH;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAA0B,CAAC,GAAAL,IAAA;EAGjE,MAAMM,wBAAwB,GAAG,MAAMZ,eAAe,CACpD;IACEa,GAAG,EAAG,GAAElB,IAAI,CAACmB,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,KAAK;IACVC,GAAG,EAAEX,UAAU;IACfY,GAAG,EAAE,MAAMnB,cAAc,CAACa,yBAAyB;EACrD,CAAC,EACDH,gBACF,CAAC;EAED,MAAMU,kBAAkB,GAAG,MAAMT,QAAQ,CAACJ,UAAU,EAAE;IACpDc,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MACPC,aAAa,EAAG,QAAOV,yBAA0B,EAAC;MAClDW,IAAI,EAAEV;IACR;EACF,CAAC,CAAC,CACCW,IAAI,CAACrB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BqB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,YAAY,IAAKA,YAAY,CAACC,QAAQ,CAAC;EAEhD,MAAMC,WAAW,GAAG/B,SAAS,CAACqB,kBAAkB,CAAC;EAEjD,MAAMW,oBAAoB,CAACtB,OAAO,EAAEqB,WAAW,CAAC;;EAEhD;EACA,MAAME,aAAa,GAAG3B,aAAa,CAAC4B,KAAK,CAACH,WAAW,CAACI,OAAO,CAAC;EAE9D,OAAO;IACLF;EACF,CAAC;AACH,CAAC;AAED,MAAMD,oBAAoB,GAAG,MAAAA,CAC3BtB,OAAgC,EAChCqB,WAAiB,KACC;EAAA,IAAAK,qBAAA;EAClB;EACA;EACA,IAAI1B,OAAO,EAAE;IACX,MAAM2B,MAAM,GAAG3B,OAAO,CAAC4B,IAAI,CACzBC,KAAA;MAAA,IAAC;QAAEC;MAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,GAAG,KAAKT,WAAW,CAACU,eAAe,CAACD,GAAG;IAAA,CACtD,CAAC;IACD,IAAI,CAACH,MAAM,EAAE;MACX,MAAM,IAAIjC,wCAAwC,CAChD,uCACF,CAAC;IACH;IACA,MAAMF,MAAM,CAAC6B,WAAW,EAAEM,MAAM,CAAC;IACjC;EACF;;EAEA;EACA,KAAAD,qBAAA,GAAIL,WAAW,CAACU,eAAe,cAAAL,qBAAA,eAA3BA,qBAAA,CAA6BM,GAAG,EAAE;IACpC,MAAML,MAAM,GAAGN,WAAW,CAACU,eAAe,CAACC,GAAG;IAC9C,MAAMxC,MAAM,CAAC6B,WAAW,EAAEM,MAAM,CAAC;IACjC;EACF;;EAEA;EACA;AACF,CAAC"}

package/lib/module/credential/presentation/{04-send-authorization-response.js → 05-send-authorization-response.js}

@@ -125,4 +125,4 @@ export const sendAuthorizationResponse = async (requestObject, rpConf, presentat
     body
   }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse);
 };
-//# sourceMappingURL=04-send-authorization-response.js.map
+//# sourceMappingURL=05-send-authorization-response.js.map

package/lib/module/credential/presentation/{04-send-authorization-response.js.map → 05-send-authorization-response.js.map}

@@ -1 +1 @@
-{"version":3,"names":["EncryptJwe","SignJWT","uuid","WalletInstanceAttestation","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","disclose","z","AuthorizationResponse","object","status","string","response_code","optional","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","setProtectedHeader","typ","setPayload","jti","v4","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,EAAEC,OAAO,QAAQ,6BAA6B;AACjE,OAAOC,IAAI,MAAM,mBAAmB;AACpC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,QAAQ,QAAQ,cAAc;AAGvC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,qBAAqB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAEL,CAAC,CACbI,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIZ,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMoB,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM3B,QAAQ,CAACsB,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJK,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAGhC,yBAAyB,CAACiC,MAAM,CAACV,yBAAyB,CAAC;EAE/D,MAAMW,MAAM,GAAG,MAAMP,SAAS,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAIzC,OAAO,CAAC6B,SAAS,CAAC,CAC1Ca,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDQ,UAAU,CAAC;IACVb,EAAE,EAAEA,EAAE;IACNc,GAAG,EAAG,GAAE5C,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IACnBZ,GAAG;IACHa,KAAK,EAAEvB,aAAa,CAACuB;EACvB,CAAC,CAAC,CACDC,WAAW,CAACxB,aAAa,CAACyB,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAG7B,aAAa,CAAC8B,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAEvD,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IAC7BW,EAAE,EAAG,GAAExD,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IAClBY,cAAc,EAAE1B,KAAK,CAAC2B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAErB,QAAQ;IAAEc;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClEvC,aAAa,EACbwC,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE3C;EAA0B,CAAC,GAAAyC,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAGxD,2BAA2B,CAACmD,MAAM,CAAC;EAExD,MAAM;IAAEvB,QAAQ;IAAEc;EAAwB,CAAC,GAAG,MAAMhC,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzBwC,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEjD,aAAa,CAACiD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAEvB,aAAa,CAACuB,KAAK;IAC1BN;EACF,CAAC,CAAC;EAEF,MAAMiC,SAAS,GAAG,MAAM,IAAI3E,UAAU,CAACuE,oBAAoB,EAAE;IAC3DK,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBpC,GAAG,EAAE6B,YAAY,CAAC7B;EACpB,CAAC,CAAC,CAACqC,OAAO,CAACR,YAAY,CAAC;EAExB,MAAMS,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEN;EAAU,CAAC,CAAC;EAC7D,MAAMO,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOf,QAAQ,CAAC3C,aAAa,CAACyB,YAAY,EAAE;IAC1CkC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC3C,IAAI,CAAClC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BkC,IAAI,CAAE+C,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBhD,IAAI,CAAC/B,qBAAqB,CAACgF,KAAK,CAAC;AACtC,CAAC"}
+{"version":3,"names":["EncryptJwe","SignJWT","uuid","WalletInstanceAttestation","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","disclose","z","AuthorizationResponse","object","status","string","response_code","optional","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","setProtectedHeader","typ","setPayload","jti","v4","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,EAAEC,OAAO,QAAQ,6BAA6B;AACjE,OAAOC,IAAI,MAAM,mBAAmB;AACpC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,QAAQ,QAAQ,cAAc;AAGvC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,qBAAqB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAEL,CAAC,CACbI,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIZ,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMoB,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM3B,QAAQ,CAACsB,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJK,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAGhC,yBAAyB,CAACiC,MAAM,CAACV,yBAAyB,CAAC;EAE/D,MAAMW,MAAM,GAAG,MAAMP,SAAS,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAIzC,OAAO,CAAC6B,SAAS,CAAC,CAC1Ca,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDQ,UAAU,CAAC;IACVb,EAAE,EAAEA,EAAE;IACNc,GAAG,EAAG,GAAE5C,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IACnBZ,GAAG;IACHa,KAAK,EAAEvB,aAAa,CAACuB;EACvB,CAAC,CAAC,CACDC,WAAW,CAACxB,aAAa,CAACyB,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAG7B,aAAa,CAAC8B,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAEvD,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IAC7BW,EAAE,EAAG,GAAExD,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IAClBY,cAAc,EAAE1B,KAAK,CAAC2B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAErB,QAAQ;IAAEc;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClEvC,aAAa,EACbwC,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE3C;EAA0B,CAAC,GAAAyC,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAGxD,2BAA2B,CAACmD,MAAM,CAAC;EAExD,MAAM;IAAEvB,QAAQ;IAAEc;EAAwB,CAAC,GAAG,MAAMhC,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzBwC,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEjD,aAAa,CAACiD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAEvB,aAAa,CAACuB,KAAK;IAC1BN;EACF,CAAC,CAAC;EAEF,MAAMiC,SAAS,GAAG,MAAM,IAAI3E,UAAU,CAACuE,oBAAoB,EAAE;IAC3DK,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBpC,GAAG,EAAE6B,YAAY,CAAC7B;EACpB,CAAC,CAAC,CAACqC,OAAO,CAACR,YAAY,CAAC;EAExB,MAAMS,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEN;EAAU,CAAC,CAAC;EAC7D,MAAMO,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOf,QAAQ,CAAC3C,aAAa,CAACyB,YAAY,EAAE;IAC1CkC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC3C,IAAI,CAAClC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BkC,IAAI,CAAE+C,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBhD,IAAI,CAAC/B,qBAAqB,CAACgF,KAAK,CAAC;AACtC,CAAC"}

package/lib/module/credential/presentation/README.md

@@ -1,3 +1,75 @@
-# Credential presentation
+# Credential Presentation
 
-Currently this flow is outdated.
+## Sequence Diagram
+
+```mermaid
+sequenceDiagram
+      autonumber
+      participant I as Individual using EUDI Wallet
+      participant O as Organisational Wallet (Verifier)
+      participant A as Organisational Wallet (Issuer)
+
+      O->>+I: QR-CODE: Authorisation request (`request_uri`)
+      I->>+O: GET: Request object, resolved from the `request_uri`
+      O->>+I: Respond with the Request object
+      I->>+O: GET: /.well-known/jar-issuer/jwk
+      O->>+I: Respond with the public key
+
+      I->>+O: POST: VP token response
+      O->>+A: GET: /.well-known/jwt-vc-issuer/jwk
+      A->>+O: Respond with the public key
+      O->>+I: Redirect: Authorisation response
+```
+
+## Mapped results
+
+## Examples
+
+<details>
+  <summary>Remote Presentation flow</summary>
+
+```ts
+// Scan e retrive qr-code
+const qrcode = ...
+
+// Retrieve the integrity key tag from the store and create its context
+const integrityKeyTag = "example"; // Let's assume this is the key tag used to create the wallet instance
+const integrityContext = getIntegrityContext(integrityKeyTag);
+
+// Let's assume the key esists befor starting the presentation process
+const wiaCryptoContext = createCryptoContextFor(WIA_KEYTAG);
+
+const { WALLET_PROVIDER_BASE_URL, WALLET_EAA_PROVIDER_BASE_URL, REDIRECT_URI } =
+  env; // Let's assume these are the environment variables
+
+/**
+ * Obtains a new Wallet Instance Attestation.
+ * WARNING: The integrity context must be the same used when creating the Wallet Instance with the same keytag.
+ */
+const walletInstanceAttestation =
+  await WalletInstanceAttestation.getAttestation({
+    wiaCryptoContext,
+    integrityContext,
+    walletProviderBaseUrl: WALLET_PROVIDER_BASE_URL,
+    appFetch,
+  });
+
+// Start the issuance flow
+const { requestURI, clientId } = Credential.Presentation.startFlowFromQR(qrcode);
+
+// If use trust federation: Evaluate issuer trust
+const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(clientId);
+
+// If use trust federation: Fetch Jwks from rpConf
+const jwks = await Credential.Presentation.fetchJwksFromConfig(rpConf);
+
+// If not use trust: Fetch Jwks from well-know
+const jwks = await Credential.Presentation.fetchJwksFromUri(
+  requestURI,
+  appFetch,
+);
+
+
+```
+
+</details>

package/lib/module/credential/presentation/index.js

@@ -1,7 +1,8 @@
 import { startFlowFromQR } from "./01-start-flow";
 import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
-import { getRequestObject } from "./03-get-request-object";
-import { sendAuthorizationResponse } from "./04-send-authorization-response";
+import { fetchJwksFromUri, fetchJwksFromConfig } from "./03-retrieve-jwks";
+import { getRequestObject } from "./04-get-request-object";
+import { sendAuthorizationResponse } from "./05-send-authorization-response";
 import * as Errors from "./errors";
-export { startFlowFromQR, evaluateRelyingPartyTrust, getRequestObject, sendAuthorizationResponse, Errors };
+export { startFlowFromQR, evaluateRelyingPartyTrust, fetchJwksFromUri, fetchJwksFromConfig, getRequestObject, sendAuthorizationResponse, Errors };
 //# sourceMappingURL=index.js.map

package/lib/module/credential/presentation/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","sendAuthorizationResponse","Errors"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":"AAAA,SAASA,eAAe,QAAwB,iBAAiB;AACjE,SACEC,yBAAyB,QAEpB,wBAAwB;AAC/B,SACEC,gBAAgB,QAEX,yBAAyB;AAChC,SACEC,yBAAyB,QAEpB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACEJ,eAAe,EACfC,yBAAyB,EACzBC,gBAAgB,EAChBC,yBAAyB,EACzBC,MAAM"}
+{"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","fetchJwksFromUri","fetchJwksFromConfig","getRequestObject","sendAuthorizationResponse","Errors"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":"AAAA,SAASA,eAAe,QAAwB,iBAAiB;AACjE,SACEC,yBAAyB,QAEpB,wBAAwB;AAC/B,SACEC,gBAAgB,EAChBC,mBAAmB,QAEd,oBAAoB;AAC3B,SACEC,gBAAgB,QAEX,yBAAyB;AAChC,SACEC,yBAAyB,QAEpB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACEN,eAAe,EACfC,yBAAyB,EACzBC,gBAAgB,EAChBC,mBAAmB,EACnBC,gBAAgB,EAChBC,yBAAyB,EACzBC,MAAM"}