@pagopa/io-react-native-wallet 1.1.1 → 1.2.2

package/lib/module/credential/issuance/04-complete-user-authorization.js

@@ -27,7 +27,9 @@ export const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerCo
   const params = new URLSearchParams({
     client_id: clientId,
     request_uri: issuerRequestUri,
-    idphint: idpHint
+    ...(idpHint && {
+      idphint: idpHint
+    })
   });
   const authUrl = `${authzRequestEndpoint}?${params}`;
   return {

package/lib/module/credential/issuance/04-complete-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","encodeBase64","SignJWT","RequestObject","uuid","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","idphint","authUrl","completeUserAuthorizationWithQueryMode","authRedirectUrl","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","requestObject","toString","method","then","res","text","jws","reqObj","safeParse","payload","success","message","reason","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","setProtectedHeader","alg","typ","setPayload","vp","jti","v4","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","authResParsed","authErr","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,YAAY,EACZC,OAAO,QAEF,6BAA6B;AACpC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;;AAEpE;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET,gBAAgB;IAC7BU,OAAO,EAAEP;EACX,CAAC,CAAC;EAEF,MAAMQ,OAAO,GAAI,GAAEP,oBAAqB,IAAGE,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzB,MAAMC,KAAK,GAAG3B,QAAQ,CAAC0B,eAAe,CAAC,CAACC,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,mCAAwE,GACnF,eAAAA,CAAOhB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBe,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D,MAAMjB,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEF,MAAMsB,aAAa,GAAG,MAAML,QAAQ,CACjC,GAAEb,oBAAqB,IAAGE,MAAM,CAACiB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACvC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKtC,MAAM,CAACsC,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKpC,aAAa,CAACqC,SAAS,CAACD,MAAM,CAACE,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACT,aAAa,CAACU,OAAO,EAAE;IAC1B,MAAM,IAAI3C,gBAAgB,CAAC;MACzB4C,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEZ,aAAa,CAACa,KAAK,CAACF;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOX,aAAa,CAACc,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,4CAA0F,GACrG,MAAAA,CAAOf,aAAa,EAAEgB,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzBzB,QAAQ,GAAGI;EACb,CAAC,GAAGiB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAInD,OAAO,CAAC+C,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEN,yBAAyB;IAC7BO,GAAG,EAAEvD,IAAI,CAACwD,EAAE,CAAC,CAAC,CAAC3B,QAAQ,CAAC,CAAC;IACzB4B,KAAK,EAAE7B,aAAa,CAAC6B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAChC,aAAa,CAACiC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAIjE,OAAO,CAACgD,gBAAgB,CAAC,CACnDI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,GAAG;IACPQ,GAAG,EAAEvD,IAAI,CAACwD,EAAE,CAAC,CAAC,CAAC3B,QAAQ,CAAC,CAAC;IACzB4B,KAAK,EAAE7B,aAAa,CAAC6B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAChC,aAAa,CAACiC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAEjE,IAAI,CAACwD,EAAE,CAAC,CAAE,EAAC;IAC7BU,EAAE,EAAG,GAAElE,IAAI,CAACwD,EAAE,CAAC,CAAE,EAAC;IAClBW,cAAc,EAAE,CACd;MACED,EAAE,EAAE,6BAA6B;MACjCE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAGzE,YAAY,CACvC0E,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAE7C,aAAa,CAAC6C,KAAK;IAC1BC,uBAAuB,EAAEV,sBAAsB;IAC/CW,QAAQ,EAAE,CAACZ,UAAU,EAAEd,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM2B,IAAI,GAAG,IAAI/D,eAAe,CAAC;IAC/BgE,QAAQ,EAAEP;EACZ,CAAC,CAAC,CAACzC,QAAQ,CAAC,CAAC;EACb,MAAMiD,SAAS,GAAG,MAAMvD,QAAQ,CAACK,aAAa,CAACiC,YAAY,EAAE;IAC3D/B,MAAM,EAAE,MAAM;IACdiD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC7C,IAAI,CAACvC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqC,IAAI,CAAEiD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGjF,sBAAsB,CAACmC,SAAS,CAAC0C,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC5C,OAAO,EAAE;IACxB,MAAM,IAAI3C,gBAAgB,CAAC;MACzB4C,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAE0C,WAAW,CAACzC,KAAK,CAACF;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMhB,QAAQ,CAAC2D,WAAW,CAACxC,IAAI,CAACyC,YAAY,CAAC,CACjDpD,IAAI,CAACvC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC7B,kBAAkB,CAAC,CACxB6B,IAAI,CAAEqD,KAAK,IAAK/D,0BAA0B,CAAC+D,KAAK,CAACC,UAAU,CAAChD,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMhB,0BAA0B,GACrCiE,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGhG,wBAAwB,CAAC6C,SAAS,CAACkD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACjD,OAAO,EAAE;IAC1B,MAAMkD,OAAO,GAAGlG,uBAAuB,CAAC8C,SAAS,CAACkD,OAAO,CAAC;IAC1D,IAAI,CAACE,OAAO,CAAClD,OAAO,EAAE;MACpB,MAAM,IAAInC,kBAAkB,CAACoF,aAAa,CAAC9C,KAAK,CAACF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAInC,qBAAqB,CAC7BoF,OAAO,CAAC9C,IAAI,CAACD,KAAK,EAClB+C,OAAO,CAAC9C,IAAI,CAAC+C,iBACf,CAAC;EACH;EACA,OAAOF,aAAa,CAAC7C,IAAI;AAC3B,CAAC"}
+{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","encodeBase64","SignJWT","RequestObject","uuid","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","idphint","authUrl","completeUserAuthorizationWithQueryMode","authRedirectUrl","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","requestObject","toString","method","then","res","text","jws","reqObj","safeParse","payload","success","message","reason","error","data","completeUserAuthorizationWithFormPostJwtMode","ctx","wiaCryptoContext","pidCryptoContext","pid","walletInstanceAttestation","wiaWpToken","setProtectedHeader","alg","typ","setPayload","vp","jti","v4","nonce","setIssuedAt","setExpirationTime","setAudience","response_uri","sign","pidWpToken","presentationSubmission","definition_id","id","descriptor_map","path","format","authzResponsePayload","JSON","stringify","state","presentation_submission","vp_token","body","response","resUriRes","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","authResParsed","authErr","error_description"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,YAAY,EACZC,OAAO,QAEF,6BAA6B;AACpC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;;AAEpE;AACA;AACA;;AAgCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET,gBAAgB;IAC7B,IAAIG,OAAO,IAAI;MAAEO,OAAO,EAAEP;IAAQ,CAAC;EACrC,CAAC,CAAC;EAEF,MAAMQ,OAAO,GAAI,GAAEP,oBAAqB,IAAGE,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzB,MAAMC,KAAK,GAAG3B,QAAQ,CAAC0B,eAAe,CAAC,CAACC,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,mCAAwE,GACnF,eAAAA,CAAOhB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBe,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D,MAAMjB,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEF,MAAMsB,aAAa,GAAG,MAAML,QAAQ,CACjC,GAAEb,oBAAqB,IAAGE,MAAM,CAACiB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACvC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKtC,MAAM,CAACsC,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKpC,aAAa,CAACqC,SAAS,CAACD,MAAM,CAACE,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACT,aAAa,CAACU,OAAO,EAAE;IAC1B,MAAM,IAAI3C,gBAAgB,CAAC;MACzB4C,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEZ,aAAa,CAACa,KAAK,CAACF;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOX,aAAa,CAACc,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,4CAA0F,GACrG,MAAAA,CAAOf,aAAa,EAAEgB,GAAG,KAAK;EAC5B,MAAM;IACJC,gBAAgB;IAChBC,gBAAgB;IAChBC,GAAG;IACHC,yBAAyB;IACzBzB,QAAQ,GAAGI;EACb,CAAC,GAAGiB,GAAG;EAEP,MAAMK,UAAU,GAAG,MAAM,IAAInD,OAAO,CAAC+C,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEN,yBAAyB;IAC7BO,GAAG,EAAEvD,IAAI,CAACwD,EAAE,CAAC,CAAC,CAAC3B,QAAQ,CAAC,CAAC;IACzB4B,KAAK,EAAE7B,aAAa,CAAC6B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAChC,aAAa,CAACiC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;EAET,MAAMC,UAAU,GAAG,MAAM,IAAIjE,OAAO,CAACgD,gBAAgB,CAAC,CACnDI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,EAAE,EAAEP,GAAG;IACPQ,GAAG,EAAEvD,IAAI,CAACwD,EAAE,CAAC,CAAC,CAAC3B,QAAQ,CAAC,CAAC;IACzB4B,KAAK,EAAE7B,aAAa,CAAC6B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,WAAW,CAAChC,aAAa,CAACiC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC;;EAET;AACJ;AACA;EACI,MAAME,sBAAsB,GAAG;IAC7BC,aAAa,EAAG,GAAEjE,IAAI,CAACwD,EAAE,CAAC,CAAE,EAAC;IAC7BU,EAAE,EAAG,GAAElE,IAAI,CAACwD,EAAE,CAAC,CAAE,EAAC;IAClBW,cAAc,EAAE,CACd;MACED,EAAE,EAAE,6BAA6B;MACjCE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC,EACD;MACEH,EAAE,EAAE,mBAAmB;MACvBE,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;IACV,CAAC;EAEL,CAAC;EAED,MAAMC,oBAAoB,GAAGzE,YAAY,CACvC0E,IAAI,CAACC,SAAS,CAAC;IACbC,KAAK,EAAE7C,aAAa,CAAC6C,KAAK;IAC1BC,uBAAuB,EAAEV,sBAAsB;IAC/CW,QAAQ,EAAE,CAACZ,UAAU,EAAEd,UAAU;EACnC,CAAC,CACH,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAM2B,IAAI,GAAG,IAAI/D,eAAe,CAAC;IAC/BgE,QAAQ,EAAEP;EACZ,CAAC,CAAC,CAACzC,QAAQ,CAAC,CAAC;EACb,MAAMiD,SAAS,GAAG,MAAMvD,QAAQ,CAACK,aAAa,CAACiC,YAAY,EAAE;IAC3D/B,MAAM,EAAE,MAAM;IACdiD,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC7C,IAAI,CAACvC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqC,IAAI,CAAEiD,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGjF,sBAAsB,CAACmC,SAAS,CAAC0C,SAAS,CAAC;EAC/D,IAAI,CAACI,WAAW,CAAC5C,OAAO,EAAE;IACxB,MAAM,IAAI3C,gBAAgB,CAAC;MACzB4C,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAE0C,WAAW,CAACzC,KAAK,CAACF;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMhB,QAAQ,CAAC2D,WAAW,CAACxC,IAAI,CAACyC,YAAY,CAAC,CACjDpD,IAAI,CAACvC,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC7B,kBAAkB,CAAC,CACxB6B,IAAI,CAAEqD,KAAK,IAAK/D,0BAA0B,CAAC+D,KAAK,CAACC,UAAU,CAAChD,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMhB,0BAA0B,GACrCiE,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGhG,wBAAwB,CAAC6C,SAAS,CAACkD,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACjD,OAAO,EAAE;IAC1B,MAAMkD,OAAO,GAAGlG,uBAAuB,CAAC8C,SAAS,CAACkD,OAAO,CAAC;IAC1D,IAAI,CAACE,OAAO,CAAClD,OAAO,EAAE;MACpB,MAAM,IAAInC,kBAAkB,CAACoF,aAAa,CAAC9C,KAAK,CAACF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA,MAAM,IAAInC,qBAAqB,CAC7BoF,OAAO,CAAC9C,IAAI,CAACD,KAAK,EAClB+C,OAAO,CAAC9C,IAAI,CAAC+C,iBACf,CAAC;EACH;EACA,OAAOF,aAAa,CAAC7C,IAAI;AAC3B,CAAC"}

package/lib/module/credential/presentation/01-start-flow.js

@@ -1,6 +1,5 @@
 import * as z from "zod";
-import { decodeBase64 } from "@pagopa/io-react-native-jwt";
-import { AuthRequestDecodeError } from "./errors";
+import { InvalidQRCodeError } from "./errors";
 const QRCodePayload = z.object({
   protocol: z.string(),
   resource: z.string(),
@@ -27,10 +26,13 @@ const QRCodePayload = z.object({
 export const startFlowFromQR = qrcode => {
   let decodedUrl;
   try {
-    const decoded = decodeBase64(qrcode);
-    decodedUrl = new URL(decoded);
+    var _originalQrCode$;
+    // splitting qrcode to identify which is link format
+    const originalQrCode = qrcode.split("://");
+    const replacedQrcode = (_originalQrCode$ = originalQrCode[1]) !== null && _originalQrCode$ !== void 0 && _originalQrCode$.startsWith("?") ? qrcode.replace(`${originalQrCode[0]}://`, "https://wallet.example/") : qrcode;
+    decodedUrl = new URL(replacedQrcode);
   } catch (error) {
-    throw new AuthRequestDecodeError("Failed to decode QR code: ", qrcode);
+    throw new InvalidQRCodeError(`Failed to decode QR code:  ${qrcode}`);
   }
   const protocol = decodedUrl.protocol;
   const resource = decodedUrl.hostname;
@@ -45,7 +47,7 @@ export const startFlowFromQR = qrcode => {
   if (result.success) {
     return result.data;
   } else {
-    throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
+    throw new InvalidQRCodeError(`${result.error.message}, ${decodedUrl}`);
   }
 };
 //# sourceMappingURL=01-start-flow.js.map

package/lib/module/credential/presentation/01-start-flow.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","decodeBase64","AuthRequestDecodeError","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decodedUrl","decoded","URL","error","hostname","searchParams","get","result","safeParse","success","data","message"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,YAAY,QAAQ,6BAA6B;AAC1D,SAASC,sBAAsB,QAAQ,UAAU;AAEjD,MAAMC,aAAa,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC7BC,QAAQ,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAEP,CAAC,CAACM,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAER,CAAC,CAACM,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAET,CAAC,CAACM,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMI,eAAoC,GAAIC,MAAM,IAAK;EAC9D,IAAIC,UAAe;EACnB,IAAI;IACF,MAAMC,OAAO,GAAGZ,YAAY,CAACU,MAAM,CAAC;IACpCC,UAAU,GAAG,IAAIE,GAAG,CAACD,OAAO,CAAC;EAC/B,CAAC,CAAC,OAAOE,KAAK,EAAE;IACd,MAAM,IAAIb,sBAAsB,CAAC,4BAA4B,EAAES,MAAM,CAAC;EACxE;EAEA,MAAMN,QAAQ,GAAGO,UAAU,CAACP,QAAQ;EACpC,MAAME,QAAQ,GAAGK,UAAU,CAACI,QAAQ;EACpC,MAAMP,UAAU,GAAGG,UAAU,CAACK,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMV,QAAQ,GAAGI,UAAU,CAACK,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAMC,MAAM,GAAGhB,aAAa,CAACiB,SAAS,CAAC;IACrCf,QAAQ;IACRE,QAAQ;IACRE,UAAU;IACVD;EACF,CAAC,CAAC;EAEF,IAAIW,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIpB,sBAAsB,CAACiB,MAAM,CAACJ,KAAK,CAACQ,OAAO,EAAG,GAAEX,UAAW,EAAC,CAAC;EACzE;AACF,CAAC"}
+{"version":3,"names":["z","InvalidQRCodeError","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decodedUrl","_originalQrCode$","originalQrCode","split","replacedQrcode","startsWith","replace","URL","error","hostname","searchParams","get","result","safeParse","success","data","message"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,kBAAkB,QAAQ,UAAU;AAE7C,MAAMC,aAAa,GAAGF,CAAC,CAACG,MAAM,CAAC;EAC7BC,QAAQ,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAEN,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAER,CAAC,CAACK,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMI,eAAoC,GAAIC,MAAM,IAAK;EAC9D,IAAIC,UAAe;EACnB,IAAI;IAAA,IAAAC,gBAAA;IACF;IACA,MAAMC,cAAc,GAAGH,MAAM,CAACI,KAAK,CAAC,KAAK,CAAC;IAC1C,MAAMC,cAAc,GAAG,CAAAH,gBAAA,GAAAC,cAAc,CAAC,CAAC,CAAC,cAAAD,gBAAA,eAAjBA,gBAAA,CAAmBI,UAAU,CAAC,GAAG,CAAC,GACrDN,MAAM,CAACO,OAAO,CAAE,GAAEJ,cAAc,CAAC,CAAC,CAAE,KAAI,EAAE,yBAAyB,CAAC,GACpEH,MAAM;IAEVC,UAAU,GAAG,IAAIO,GAAG,CAACH,cAAc,CAAC;EACtC,CAAC,CAAC,OAAOI,KAAK,EAAE;IACd,MAAM,IAAIlB,kBAAkB,CAAE,8BAA6BS,MAAO,EAAC,CAAC;EACtE;EAEA,MAAMN,QAAQ,GAAGO,UAAU,CAACP,QAAQ;EACpC,MAAME,QAAQ,GAAGK,UAAU,CAACS,QAAQ;EACpC,MAAMZ,UAAU,GAAGG,UAAU,CAACU,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMf,QAAQ,GAAGI,UAAU,CAACU,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAMC,MAAM,GAAGrB,aAAa,CAACsB,SAAS,CAAC;IACrCpB,QAAQ;IACRE,QAAQ;IACRE,UAAU;IACVD;EACF,CAAC,CAAC;EAEF,IAAIgB,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIzB,kBAAkB,CAAE,GAAEsB,MAAM,CAACJ,KAAK,CAACQ,OAAQ,KAAIhB,UAAW,EAAC,CAAC;EACxE;AACF,CAAC"}

package/lib/module/credential/presentation/03-get-request-object.js

@@ -0,0 +1,39 @@
+import uuid from "react-native-uuid";
+import { sha256ToBase64 } from "@pagopa/io-react-native-jwt";
+import { createDPopToken } from "../../utils/dpop";
+import { hasStatusOrThrow } from "../../utils/misc";
+/**
+ * Obtain the Request Object for RP authentication
+ * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
+ *
+ * @param requestUri The url for the Relying Party to connect with
+ * @param rpConf The Relying Party's configuration
+ * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
+ * @param context.walletInstanceAttestation The Wallet Instance Attestation token
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @returns The Request Object that describes the presentation
+ */
+export const getRequestObject = async (requestUri, _ref) => {
+  let {
+    wiaCryptoContext,
+    appFetch = fetch,
+    walletInstanceAttestation
+  } = _ref;
+  const signedWalletInstanceDPoP = await createDPopToken({
+    jti: `${uuid.v4()}`,
+    htm: "GET",
+    htu: requestUri,
+    ath: await sha256ToBase64(walletInstanceAttestation)
+  }, wiaCryptoContext);
+  const requestObjectEncodedJwt = await appFetch(requestUri, {
+    method: "GET",
+    headers: {
+      Authorization: `DPoP ${walletInstanceAttestation}`,
+      DPoP: signedWalletInstanceDPoP
+    }
+  }).then(hasStatusOrThrow(200)).then(res => res.text());
+  return {
+    requestObjectEncodedJwt
+  };
+};
+//# sourceMappingURL=03-get-request-object.js.map

package/lib/module/credential/presentation/03-get-request-object.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["uuid","sha256ToBase64","createDPopToken","hasStatusOrThrow","getRequestObject","requestUri","_ref","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","requestObjectEncodedJwt","method","headers","Authorization","DPoP","then","res","text"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":"AAAA,OAAOA,IAAI,MAAM,mBAAmB;AACpC,SACEC,cAAc,QAET,6BAA6B;AAEpC,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,gBAAgB,QAAkB,kBAAkB;AAY7D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EAAAC,IAAA,KAEP;EAAA,IADH;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAA0B,CAAC,GAAAJ,IAAA;EAEjE,MAAMK,wBAAwB,GAAG,MAAMT,eAAe,CACpD;IACEU,GAAG,EAAG,GAAEZ,IAAI,CAACa,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,KAAK;IACVC,GAAG,EAAEV,UAAU;IACfW,GAAG,EAAE,MAAMf,cAAc,CAACS,yBAAyB;EACrD,CAAC,EACDH,gBACF,CAAC;EAED,MAAMU,uBAAuB,GAAG,MAAMT,QAAQ,CAACH,UAAU,EAAE;IACzDa,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MACPC,aAAa,EAAG,QAAOV,yBAA0B,EAAC;MAClDW,IAAI,EAAEV;IACR;EACF,CAAC,CAAC,CACCW,IAAI,CAACnB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BmB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,OAAO;IACLP;EACF,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/04-retrieve-rp-jwks.js

@@ -0,0 +1,75 @@
+import { JWKS, JWK } from "../../utils/jwk";
+import { hasStatusOrThrow } from "../../utils/misc";
+import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
+import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
+
+/**
+ * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
+ *
+ * @template T - The tuple type representing the function arguments.
+ * @param args - The arguments passed to the function.
+ * @returns A promise resolving to an object containing an array of JWKs.
+ */
+
+/**
+ * Retrieves the JSON Web Key Set (JWKS) from the specified client's well-known endpoint.
+ * It is formed using `{issUrl.base}/.well-known/jar-issuer${issUrl.pah}` as explained in SD-JWT VC issuer metadata section
+ *
+ * @param requestObjectEncodedJwt - Request Object in JWT format.
+ * @param options - Optional context containing a custom fetch implementation.
+ * @param options.context - Optional context object.
+ * @param options.context.appFetch - Optional custom fetch function to use instead of the global `fetch`.
+ * @returns A promise resolving to an object containing an array of JWKs.
+ * @throws Will throw an error if the JWKS retrieval fails.
+ */
+export const fetchJwksFromRequestObject = async function (requestObjectEncodedJwt) {
+  var _requestObjectJwt$pro, _requestObjectJwt$pay;
+  let {
+    context = {}
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const {
+    appFetch = fetch
+  } = context;
+  const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
+
+  // 1. check if request object jwt contains the 'jwk' attribute
+  if ((_requestObjectJwt$pro = requestObjectJwt.protectedHeader) !== null && _requestObjectJwt$pro !== void 0 && _requestObjectJwt$pro.jwk) {
+    return {
+      keys: [JWK.parse(requestObjectJwt.protectedHeader.jwk)]
+    };
+  }
+
+  // 2. According to Potential profile, retrieve from RP endpoint using iss claim
+  const issClaimValue = (_requestObjectJwt$pay = requestObjectJwt.payload) === null || _requestObjectJwt$pay === void 0 ? void 0 : _requestObjectJwt$pay.iss;
+  if (issClaimValue) {
+    const issUrl = new URL(issClaimValue);
+    const wellKnownUrl = new URL(`/.well-known/jar-issuer${issUrl.pathname}`, `${issUrl.protocol}//${issUrl.host}`).toString();
+
+    // Fetches the JWKS from a specific endpoint of the entity's well-known configuration
+    const jwks = await appFetch(wellKnownUrl, {
+      method: "GET"
+    }).then(hasStatusOrThrow(200)).then(raw => raw.json()).then(json => JWKS.parse(json.jwks));
+    return {
+      keys: jwks.keys
+    };
+  }
+  throw new NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
+};
+
+/**
+ * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.
+ *
+ * @param rpConfig - The configuration object of the Relying Party entity.
+ * @returns An object containing an array of JWKs.
+ * @throws Will throw an error if the configuration is invalid or if JWKS is not found.
+ */
+export const fetchJwksFromConfig = async rpConfig => {
+  const jwks = rpConfig.wallet_relying_party.jwks;
+  if (!jwks || !Array.isArray(jwks.keys)) {
+    throw new Error("JWKS not found in Relying Party configuration.");
+  }
+  return {
+    keys: jwks.keys
+  };
+};
+//# sourceMappingURL=04-retrieve-rp-jwks.js.map

package/lib/module/credential/presentation/04-retrieve-rp-jwks.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["JWKS","JWK","hasStatusOrThrow","decode","decodeJwt","NoSuitableKeysFoundInEntityConfiguration","fetchJwksFromRequestObject","requestObjectEncodedJwt","_requestObjectJwt$pro","_requestObjectJwt$pay","context","arguments","length","undefined","appFetch","fetch","requestObjectJwt","protectedHeader","jwk","keys","parse","issClaimValue","payload","iss","issUrl","URL","wellKnownUrl","pathname","protocol","host","toString","jwks","method","then","raw","json","fetchJwksFromConfig","rpConfig","wallet_relying_party","Array","isArray","Error"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-retrieve-rp-jwks.ts"],"mappings":"AAAA,SAASA,IAAI,EAAEC,GAAG,QAAQ,iBAAiB;AAC3C,SAASC,gBAAgB,QAAQ,kBAAkB;AAEnD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,wCAAwC,QAAQ,UAAU;;AAEnE;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,0BAEZ,GAAG,eAAAA,CAAOC,uBAAuB,EAA4B;EAAA,IAAAC,qBAAA,EAAAC,qBAAA;EAAA,IAA1B;IAAEC,OAAO,GAAG,CAAC;EAAE,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACvD,MAAM;IAAEG,QAAQ,GAAGC;EAAM,CAAC,GAAGL,OAAO;EACpC,MAAMM,gBAAgB,GAAGZ,SAAS,CAACG,uBAAuB,CAAC;;EAE3D;EACA,KAAAC,qBAAA,GAAIQ,gBAAgB,CAACC,eAAe,cAAAT,qBAAA,eAAhCA,qBAAA,CAAkCU,GAAG,EAAE;IACzC,OAAO;MACLC,IAAI,EAAE,CAAClB,GAAG,CAACmB,KAAK,CAACJ,gBAAgB,CAACC,eAAe,CAACC,GAAG,CAAC;IACxD,CAAC;EACH;;EAEA;EACA,MAAMG,aAAa,IAAAZ,qBAAA,GAAGO,gBAAgB,CAACM,OAAO,cAAAb,qBAAA,uBAAxBA,qBAAA,CAA0Bc,GAAa;EAC7D,IAAIF,aAAa,EAAE;IACjB,MAAMG,MAAM,GAAG,IAAIC,GAAG,CAACJ,aAAa,CAAC;IACrC,MAAMK,YAAY,GAAG,IAAID,GAAG,CACzB,0BAAyBD,MAAM,CAACG,QAAS,EAAC,EAC1C,GAAEH,MAAM,CAACI,QAAS,KAAIJ,MAAM,CAACK,IAAK,EACrC,CAAC,CAACC,QAAQ,CAAC,CAAC;;IAEZ;IACA,MAAMC,IAAI,GAAG,MAAMjB,QAAQ,CAACY,YAAY,EAAE;MACxCM,MAAM,EAAE;IACV,CAAC,CAAC,CACCC,IAAI,CAAC/B,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3B+B,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAKnC,IAAI,CAACoB,KAAK,CAACe,IAAI,CAACJ,IAAI,CAAC,CAAC;IAExC,OAAO;MACLZ,IAAI,EAAEY,IAAI,CAACZ;IACb,CAAC;EACH;EAEA,MAAM,IAAId,wCAAwC,CAChD,uCACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM+B,mBAEZ,GAAG,MAAOC,QAAQ,IAAK;EACtB,MAAMN,IAAI,GAAGM,QAAQ,CAACC,oBAAoB,CAACP,IAAI;EAE/C,IAAI,CAACA,IAAI,IAAI,CAACQ,KAAK,CAACC,OAAO,CAACT,IAAI,CAACZ,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIsB,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLtB,IAAI,EAAEY,IAAI,CAACZ;EACb,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/05-verify-request-object.js

@@ -0,0 +1,28 @@
+import { UnverifiedEntityError } from "./errors";
+import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
+import { RequestObject } from "./types";
+export const verifyRequestObjectSignature = async (requestObjectEncodedJwt, jwkKeys) => {
+  const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
+
+  // verify token signature to ensure the request object is authentic
+  const pubKey = jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref => {
+    let {
+      kid
+    } = _ref;
+    return kid === requestObjectJwt.protectedHeader.kid;
+  });
+  if (!pubKey) {
+    throw new UnverifiedEntityError("Request Object signature verification!");
+  }
+  await verify(requestObjectEncodedJwt, pubKey);
+  const requestObject = RequestObject.parse(requestObjectJwt.payload);
+  // Check if exp exists and is expired
+  // exp is typically in seconds since epoch, Get current time in seconds
+  if (requestObject.exp && requestObject.exp <= Date.now() / 1000) {
+    throw new UnverifiedEntityError("Request Object is expired!");
+  }
+  return {
+    requestObject
+  };
+};
+//# sourceMappingURL=05-verify-request-object.js.map

package/lib/module/credential/presentation/05-verify-request-object.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["UnverifiedEntityError","decode","decodeJwt","verify","RequestObject","verifyRequestObjectSignature","requestObjectEncodedJwt","jwkKeys","requestObjectJwt","pubKey","find","_ref","kid","protectedHeader","requestObject","parse","payload","exp","Date","now"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":"AAAA,SAASA,qBAAqB,QAAQ,UAAU;AAEhD,SAASC,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AACzE,SAASC,aAAa,QAAQ,SAAS;AASvC,OAAO,MAAMC,4BAA0D,GACrE,MAAAA,CAAOC,uBAAuB,EAAEC,OAAO,KAAK;EAC1C,MAAMC,gBAAgB,GAAGN,SAAS,CAACI,uBAAuB,CAAC;;EAE3D;EACA,MAAMG,MAAM,GAAGF,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEG,IAAI,CAC1BC,IAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,IAAA;IAAA,OAAKC,GAAG,KAAKJ,gBAAgB,CAACK,eAAe,CAACD,GAAG;EAAA,CAC3D,CAAC;EAED,IAAI,CAACH,MAAM,EAAE;IACX,MAAM,IAAIT,qBAAqB,CAAC,wCAAwC,CAAC;EAC3E;EACA,MAAMG,MAAM,CAACG,uBAAuB,EAAEG,MAAM,CAAC;EAE7C,MAAMK,aAAa,GAAGV,aAAa,CAACW,KAAK,CAACP,gBAAgB,CAACQ,OAAO,CAAC;EACnE;EACA;EACA,IAAIF,aAAa,CAACG,GAAG,IAAIH,aAAa,CAACG,GAAG,IAAIC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE;IAC/D,MAAM,IAAInB,qBAAqB,CAAC,4BAA4B,CAAC;EAC/D;EAEA,OAAO;IAAEc;EAAc,CAAC;AAC1B,CAAC"}

package/lib/module/credential/presentation/06-fetch-presentation-definition.js

@@ -0,0 +1,56 @@
+import { PresentationDefinition } from "./types";
+import { hasStatusOrThrow } from "../../utils/misc";
+/**
+ * Retrieves a PresentationDefinition based on the given parameters.
+ *
+ * The method attempts the following strategies in order:
+ * 1. Checks if `presentation_definition` is directly available in the request object.
+ * 2. Fetches the `presentation_definition` from the URI provided in the relying party configuration.
+ * 3. Uses a pre-configured `presentation_definition` from the relying party configuration if the `scope` is present in the request object.
+ *
+ * If none of the above conditions are met, the function throws an error indicating the definition could not be found.
+ *
+ * @param {RequestObject} requestObject - The request object containing the presentation definition or references to it.
+ * @param {RelyingPartyEntityConfiguration["payload"]["metadata"]} [rpConf] - Optional relying party configuration.
+ * @param {Object} [context] - Optional context for providing a custom fetch implementation.
+ * @param {GlobalFetch["fetch"]} [context.appFetch] - Custom fetch function, defaults to global `fetch`.
+ * @returns {Promise<{ presentationDefinition: PresentationDefinition }>} - Resolves with the presentation definition.
+ * @throws {Error} - Throws if the presentation definition cannot be found or fetched.
+ */
+export const fetchPresentDefinition = async function (requestObject) {
+  var _rpConf$wallet_relyin, _rpConf$wallet_relyin2;
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  let rpConf = arguments.length > 2 ? arguments[2] : undefined;
+  // Check if `presentation_definition` is directly available in the request object
+  if (requestObject.presentation_definition) {
+    return {
+      presentationDefinition: requestObject.presentation_definition
+    };
+  }
+
+  // Check if `presentation_definition_uri` is provided in the relying party configuration
+  if (rpConf !== null && rpConf !== void 0 && (_rpConf$wallet_relyin = rpConf.wallet_relying_party) !== null && _rpConf$wallet_relyin !== void 0 && _rpConf$wallet_relyin.presentation_definition_uri) {
+    try {
+      // Fetch the presentation definition from the provided URI
+      const presentationDefinition = await appFetch(rpConf === null || rpConf === void 0 ? void 0 : rpConf.wallet_relying_party.presentation_definition_uri, {
+        method: "GET"
+      }).then(hasStatusOrThrow(200)).then(raw => raw.json()).then(json => PresentationDefinition.parse(json));
+      return {
+        presentationDefinition
+      };
+    } catch (error) {
+      throw new Error(`Failed to fetch presentation definition: ${error}`);
+    }
+  }
+
+  // Check if `scope` is present in the request object and a pre-configured presentation definition exists
+  if (requestObject.scope && rpConf !== null && rpConf !== void 0 && (_rpConf$wallet_relyin2 = rpConf.wallet_relying_party) !== null && _rpConf$wallet_relyin2 !== void 0 && _rpConf$wallet_relyin2.presentation_definition) {
+    return {
+      presentationDefinition: rpConf.wallet_relying_party.presentation_definition
+    };
+  }
+  throw new Error("Presentation definition not found");
+};
+//# sourceMappingURL=06-fetch-presentation-definition.js.map

package/lib/module/credential/presentation/06-fetch-presentation-definition.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["PresentationDefinition","hasStatusOrThrow","fetchPresentDefinition","requestObject","_rpConf$wallet_relyin","_rpConf$wallet_relyin2","appFetch","fetch","arguments","length","undefined","rpConf","presentation_definition","presentationDefinition","wallet_relying_party","presentation_definition_uri","method","then","raw","json","parse","error","Error","scope"],"sourceRoot":"../../../../src","sources":["credential/presentation/06-fetch-presentation-definition.ts"],"mappings":"AAAA,SAASA,sBAAsB,QAAuB,SAAS;AAE/D,SAASC,gBAAgB,QAAQ,kBAAkB;AAYnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAmD,GAAG,eAAAA,CACjEC,aAAa,EAGV;EAAA,IAAAC,qBAAA,EAAAC,sBAAA;EAAA,IAFH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,IACzBG,MAAM,GAAAH,SAAA,CAAAC,MAAA,OAAAD,SAAA,MAAAE,SAAA;EAEN;EACA,IAAIP,aAAa,CAACS,uBAAuB,EAAE;IACzC,OAAO;MACLC,sBAAsB,EAAEV,aAAa,CAACS;IACxC,CAAC;EACH;;EAEA;EACA,IAAID,MAAM,aAANA,MAAM,gBAAAP,qBAAA,GAANO,MAAM,CAAEG,oBAAoB,cAAAV,qBAAA,eAA5BA,qBAAA,CAA8BW,2BAA2B,EAAE;IAC7D,IAAI;MACF;MACA,MAAMF,sBAAsB,GAAG,MAAMP,QAAQ,CAC3CK,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEG,oBAAoB,CAACC,2BAA2B,EACxD;QACEC,MAAM,EAAE;MACV,CACF,CAAC,CACEC,IAAI,CAAChB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BgB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAKnB,sBAAsB,CAACoB,KAAK,CAACD,IAAI,CAAC,CAAC;MAErD,OAAO;QACLN;MACF,CAAC;IACH,CAAC,CAAC,OAAOQ,KAAK,EAAE;MACd,MAAM,IAAIC,KAAK,CAAE,4CAA2CD,KAAM,EAAC,CAAC;IACtE;EACF;;EAEA;EACA,IACElB,aAAa,CAACoB,KAAK,IACnBZ,MAAM,aAANA,MAAM,gBAAAN,sBAAA,GAANM,MAAM,CAAEG,oBAAoB,cAAAT,sBAAA,eAA5BA,sBAAA,CAA8BO,uBAAuB,EACrD;IACA,OAAO;MACLC,sBAAsB,EACpBF,MAAM,CAACG,oBAAoB,CAACF;IAChC,CAAC;EACH;EAEA,MAAM,IAAIU,KAAK,CAAC,mCAAmC,CAAC;AACtD,CAAC"}

package/lib/module/credential/presentation/07-evaluate-input-descriptor.js

@@ -0,0 +1,161 @@
+import { JSONPath } from "jsonpath-plus";
+import { MissingDataError } from "./errors";
+import Ajv from "ajv";
+const ajv = new Ajv({
+  allErrors: true
+});
+const INDEX_CLAIM_NAME = 1;
+/**
+ * Transforms an array of DisclosureWithEncoded objects into a key-value map.
+ * @param disclosures - An array of DisclosureWithEncoded, each containing a decoded property with [?, claimName, claimValue].
+ * @returns An object mapping claim names to their corresponding values.
+ */
+const mapDisclosuresToObject = disclosures => {
+  return disclosures.reduce((obj, _ref) => {
+    let {
+      decoded
+    } = _ref;
+    const [, claimName, claimValue] = decoded;
+    obj[claimName] = claimValue;
+    return obj;
+  }, {});
+};
+
+/**
+ * Finds a claim within the payload based on provided JSONPath expressions.
+ * @param paths - An array of JSONPath expressions to search for in the payload.
+ * @param payload - The object to search within using JSONPath.
+ * @returns A tuple with the first matched JSONPath and its corresponding value, or [undefined, undefined] if not found.
+ */
+const findMatchedClaim = (paths, payload) => {
+  let matchedPath;
+  let matchedValue;
+  paths.some(singlePath => {
+    try {
+      const result = JSONPath({
+        path: singlePath,
+        json: payload
+      });
+      if (result.length > 0) {
+        matchedPath = singlePath;
+        matchedValue = result[0];
+        return true;
+      }
+    } catch (error) {
+      throw new MissingDataError(`JSONPath for "${singlePath}" does not match the provided payload.`);
+    }
+    return false;
+  });
+  return [matchedPath, matchedValue];
+};
+
+/**
+ * Extracts the claim name from a path that can be in one of the following formats:
+ * 1. $.propertyName
+ * 2. $["propertyName"] or $['propertyName']
+ *
+ * @param path - The path string containing the claim reference.
+ * @returns The extracted claim name if matched; otherwise, throws an exception.
+ */
+const extractClaimName = path => {
+  // Define a regular expression that matches both formats:
+  // 1. $.propertyName
+  // 2. $["propertyName"] or $['propertyName']
+  const regex = /^\$\.(\w+)$|^\$\[(?:'|")(\w+)(?:'|")\]$/;
+  const match = path.match(regex);
+  if (match) {
+    // match[1] corresponds to the first capture group (\w+) after $.
+    // match[2] corresponds to the second capture group (\w+) inside [""] or ['']
+    return match[1] || match[2];
+  }
+
+  // If the input doesn't match any of the expected formats, return null
+
+  throw new Error(`Invalid input format: "${path}". Expected formats are "$.propertyName", "$['propertyName']", or '$["propertyName"]'.`);
+};
+
+/**
+ * Evaluates an InputDescriptor for an SD-JWT-based verifiable credential.
+ *
+ * - Checks each field in the InputDescriptor against the provided `payloadCredential`
+ *   and `disclosures` (selectively disclosed claims).
+ * - Validates whether required fields are present (unless marked optional)
+ *   and match any specified JSONPath.
+ * - If a field includes a JSON Schema filter, validates the claim value against that schema.
+ * - Enforces `limit_disclosure` rules by returning only disclosures matching the specified fields
+ *   if set to "required". Otherwise return the array of all disclosures.
+ * - Throws an error if a required field is invalid or missing.
+ *
+ * @param inputDescriptor - Describes constraints (fields, filters, etc.) that must be satisfied.
+ * @param payloadCredential - The credential payload to check against.
+ * @param disclosures - An array of DisclosureWithEncoded objects representing selective disclosures.
+ * @returns A filtered list of disclosures satisfying the descriptor constraints, or throws an error if not.
+ * @throws Will throw an error if any required constraint fails or if JSONPath lookups are invalid.
+ */
+export const evaluateInputDescriptorForSdJwt4VC = (inputDescriptor, payloadCredential, disclosures) => {
+  var _inputDescriptor$cons;
+  if (!(inputDescriptor !== null && inputDescriptor !== void 0 && (_inputDescriptor$cons = inputDescriptor.constraints) !== null && _inputDescriptor$cons !== void 0 && _inputDescriptor$cons.fields)) {
+    // No validation, all field are optional
+    return {
+      requiredDisclosures: [],
+      optionalDisclosures: disclosures
+    };
+  }
+  const requiredClaimNames = [];
+  const optionalClaimNames = [];
+
+  // Transform disclosures to find claim using JSONPath
+  const disclosuresAsPayload = mapDisclosuresToObject(disclosures);
+
+  // For each field, we need at least one matching path
+  // If we succeed, we push the matched disclosure in matchedDisclosures and stop checking further paths
+  const allFieldsValid = inputDescriptor.constraints.fields.every(field => {
+    // For Potential profile, selectively disclosed claims will always be built as an individual object property, by using a name-value pair.
+    // Hence that selective claim for array element and recursive disclosures are not supported by Potential for the first iteration of Piloting.
+    // We need to check inside disclosures or inside credential payload. Example path: "$.given_name"
+    let [matchedPath, matchedValue] = findMatchedClaim(field.path, disclosuresAsPayload);
+    if (!matchedPath) {
+      [matchedPath, matchedValue] = findMatchedClaim(field.path, payloadCredential);
+      if (!matchedPath) {
+        // Path could be optional, in this case no need to validate! continue to next field
+        return field === null || field === void 0 ? void 0 : field.optional;
+      }
+    } else {
+      // if match a disclouse we save which is required or optional
+      const claimName = extractClaimName(matchedPath);
+      if (claimName) {
+        (field !== null && field !== void 0 && field.optional ? optionalClaimNames : requiredClaimNames).push(claimName);
+      }
+    }
+
+    // FILTER validation
+    // If this field has a "filter" (JSON Schema), validate the claimValue
+    if (field.filter) {
+      try {
+        const validateSchema = ajv.compile(field.filter);
+        if (!validateSchema(matchedValue)) {
+          throw new MissingDataError(`Claim value "${matchedValue}" for path "${matchedPath}" does not match the provided JSON Schema.`);
+        }
+      } catch (error) {
+        return false;
+      }
+    }
+    // Submission Requirements validation
+    // TODO: [EUDIW-216] Read rule value if “all” o “pick” and validate
+
+    return true;
+  });
+  if (!allFieldsValid) {
+    throw new MissingDataError("Credential validation failed: Required fields are missing or do not match the input descriptor.");
+  }
+
+  // Categorizes disclosures into required and optional based on claim names and disclosure constraints.
+  const isNotLimitDisclosure = !(inputDescriptor.constraints.limit_disclosure === "required");
+  const requiredDisclosures = disclosures.filter(disclosure => requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
+  const optionalDisclosures = disclosures.filter(disclosure => optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]) || isNotLimitDisclosure && !requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
+  return {
+    requiredDisclosures,
+    optionalDisclosures
+  };
+};
+//# sourceMappingURL=07-evaluate-input-descriptor.js.map

package/lib/module/credential/presentation/07-evaluate-input-descriptor.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["JSONPath","MissingDataError","Ajv","ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","obj","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","path","json","length","error","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","isNotLimitDisclosure","limit_disclosure","disclosure","includes"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":"AAEA,SAASA,QAAQ,QAAQ,eAAe;AACxC,SAASC,gBAAgB,QAAQ,UAAU;AAC3C,OAAOC,GAAG,MAAM,KAAK;AACrB,MAAMC,GAAG,GAAG,IAAID,GAAG,CAAC;EAAEE,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;AAa1B;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CAAC,CAACC,GAAG,EAAAC,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACzC,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCF,GAAG,CAACG,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOJ,GAAG;EACZ,CAAC,EAAE,CAAC,CAA4B,CAAC;AACnC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMK,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAGrB,QAAQ,CAAC;QAAEsB,IAAI,EAAEF,UAAU;QAAEG,IAAI,EAAEP;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACG,MAAM,GAAG,CAAC,EAAE;QACrBP,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOI,KAAK,EAAE;MACd,MAAM,IAAIxB,gBAAgB,CACvB,iBAAgBmB,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMQ,gBAAgB,GAAIJ,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMK,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGN,IAAI,CAACM,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBP,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAEzB,WAAW,KAAK;EAAA,IAAA0B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE9B;IACvB,CAAC;EACH;EACA,MAAM+B,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGlC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMkC,cAAc,GAAGV,eAAe,CAACG,WAAW,CAACC,MAAM,CAACO,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC1B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChD6B,KAAK,CAACrB,IAAI,EACVkB,oBACF,CAAC;IAED,IAAI,CAACvB,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5C6B,KAAK,CAACrB,IAAI,EACVU,iBACF,CAAC;MAED,IAAI,CAACf,WAAW,EAAE;QAChB;QACA,OAAO0B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMhC,SAAS,GAAGc,gBAAgB,CAACT,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAAC+B,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DjC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAI+B,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG5C,GAAG,CAAC6C,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAC7B,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIjB,gBAAgB,CACvB,gBAAeiB,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOQ,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACgB,cAAc,EAAE;IACnB,MAAM,IAAIxC,gBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;EACA,MAAMgD,oBAAoB,GAAG,EAC3BlB,eAAe,CAACG,WAAW,CAACgB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMd,mBAAmB,GAAG7B,WAAW,CAACuC,MAAM,CAAEK,UAAU,IACxDb,kBAAkB,CAACc,QAAQ,CAACD,UAAU,CAACxC,OAAO,CAACN,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMgC,mBAAmB,GAAG9B,WAAW,CAACuC,MAAM,CAC3CK,UAAU,IACTZ,kBAAkB,CAACa,QAAQ,CAACD,UAAU,CAACxC,OAAO,CAACN,gBAAgB,CAAC,CAAC,IAChE4C,oBAAoB,IACnB,CAACX,kBAAkB,CAACc,QAAQ,CAACD,UAAU,CAACxC,OAAO,CAACN,gBAAgB,CAAC,CACvE,CAAC;EAED,OAAO;IACL+B,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC"}