npm - @pagopa/io-react-native-wallet - Versions diffs - 1.3.0 → 1.3.1 - Mend

@pagopa/io-react-native-wallet 1.3.0 → 1.3.1

Files changed (50) hide show

package/src/credential/presentation/08-send-authorization-response.ts CHANGED Viewed

@@ -9,7 +9,12 @@ import type { VerifyRequestObjectSignature } from "./05-verify-request-object";
 import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
 import { hasStatusOrThrow, type Out } from "../../utils/misc";
 import { disclose } from "../../sd-jwt";
-import { PresentationDefinition, type Presentation } from "./types";
+import {
+  DirectAuthorizationBodyPayload,
+  ErrorResponse,
+  PresentationDefinition,
+  type Presentation,
+} from "./types";
 import * as z from "zod";
 import type { JWK } from "../../utils/jwk";
@@ -125,19 +130,20 @@ export const prepareVpToken = async (
  * Builds a URL-encoded form body for a direct POST response without encryption.
  *
  * @param requestObject - Contains state, nonce, and other relevant info.
- * @param vpToken - The signed VP token to include.
- * @param presentationSubmission - Object mapping credential disclosures.
+ * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
  * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
  */
 export const buildDirectPostBody = async (
   requestObject: Out<VerifyRequestObjectSignature>["requestObject"],
-  vpToken: string,
-  presentationSubmission: Record<string, unknown>
+  payload: DirectAuthorizationBodyPayload
 ): Promise<string> => {
   const formUrlEncodedBody = new URLSearchParams({
     state: requestObject.state,
-    presentation_submission: JSON.stringify(presentationSubmission),
-    vp_token: vpToken,
+    ...Object.fromEntries(
+      Object.entries(payload).map(([key, value]) => {
+        return [key, typeof value === "object" ? JSON.stringify(value) : value];
+      })
+    ),
   });
   return formUrlEncodedBody.toString();
@@ -148,22 +154,19 @@ export const buildDirectPostBody = async (
  *
  * @param jwkKeys - Array of JWKs from the Relying Party for encryption.
  * @param requestObject - Contains state, nonce, and other relevant info.
- * @param vpToken - The signed VP token to encrypt.
- * @param presentationSubmission - Object mapping credential disclosures.
+ * @param payload - Object that contains either the VP token to encrypt and the mapping of the credential disclosures or the error code
  * @returns A URL-encoded string for an `application/x-www-form-urlencoded` POST body,
  *          where `response` contains the encrypted JWE.
  */
 export const buildDirectPostJwtBody = async (
   jwkKeys: Out<FetchJwks>["keys"],
   requestObject: Out<VerifyRequestObjectSignature>["requestObject"],
-  vpToken: string,
-  presentationSubmission: Record<string, unknown>
+  payload: DirectAuthorizationBodyPayload
 ): Promise<string> => {
   // Prepare the authorization response payload to be encrypted
   const authzResponsePayload = JSON.stringify({
     state: requestObject.state,
-    presentation_submission: presentationSubmission,
-    vp_token: vpToken,
+    ...payload,
   });
   // Choose a suitable RSA public key for encryption
@@ -233,17 +236,14 @@ export const sendAuthorizationResponse: SendAuthorizationResponse = async (
   // 2. Choose the appropriate request body builder based on response mode
   const requestBody =
     requestObject.response_mode === "direct_post.jwt"
-      ? await buildDirectPostJwtBody(
-          jwkKeys,
-          requestObject,
+      ? await buildDirectPostJwtBody(jwkKeys, requestObject, {
           vp_token,
-          presentation_submission
-        )
-      : await buildDirectPostBody(
-          requestObject,
+          presentation_submission,
+        })
+      : await buildDirectPostBody(requestObject, {
           vp_token,
-          presentation_submission
-        );
+          presentation_submission: presentation_submission,
+        });
   // 3. Send the authorization response via HTTP POST and validate the response
   return await appFetch(requestObject.response_uri, {
@@ -257,3 +257,51 @@ export const sendAuthorizationResponse: SendAuthorizationResponse = async (
     .then((res) => res.json())
     .then(AuthorizationResponse.parse);
 };
+/**
+ * Type definition for the function that sends the authorization response
+ * to the Relying Party, completing the presentation flow.
+ */
+export type SendAuthorizationErrorResponse = (
+  requestObject: Out<VerifyRequestObjectSignature>["requestObject"],
+  error: ErrorResponse,
+  jwkKeys: Out<FetchJwks>["keys"],
+  context?: {
+    appFetch?: GlobalFetch["fetch"];
+  }
+) => Promise<AuthorizationResponse>;
+/**
+ * Sends the authorization error response to the Relying Party (RP) using the specified `response_mode`.
+ * This function completes the presentation flow in an OpenID 4 Verifiable Presentations scenario.
+ *
+ * @param requestObject - The request details, including presentation requirements.
+ * @param error - The response error value
+ * @param jwkKeys - Array of JWKs from the Relying Party for optional encryption.
+ * @param context - Contains optional custom fetch implementation.
+ * @returns Parsed and validated authorization response from the Relying Party.
+ */
+export const sendAuthorizationErrorResponse: SendAuthorizationErrorResponse =
+  async (
+    requestObject,
+    error,
+    jwkKeys,
+    { appFetch = fetch } = {}
+  ): Promise<AuthorizationResponse> => {
+    // 2. Choose the appropriate request body builder based on response mode
+    const requestBody =
+      requestObject.response_mode === "direct_post.jwt"
+        ? await buildDirectPostJwtBody(jwkKeys, requestObject, { error })
+        : await buildDirectPostBody(requestObject, { error });
+    // 3. Send the authorization error response via HTTP POST and validate the response
+    return await appFetch(requestObject.response_uri, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+      },
+      body: requestBody,
+    })
+      .then(hasStatusOrThrow(200))
+      .then((res) => res.json())
+      .then(AuthorizationResponse.parse);
+  };

package/src/credential/presentation/README.md CHANGED Viewed

@@ -62,9 +62,7 @@ const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(clien
 const { requestObjectEncodedJwt } =
     await Credential.Presentation.getRequestObject(requestURI, {
-      wiaCryptoContext: wiaCryptoContext,
-      appFetch: appFetch,
-      walletInstanceAttestation: walletInstanceAttestation,
+      appFetch: appFetch
     });
 // Retrieve RP JWK

package/src/credential/presentation/index.ts CHANGED Viewed

@@ -27,6 +27,8 @@ import {
 import {
   sendAuthorizationResponse,
   type SendAuthorizationResponse,
+  sendAuthorizationErrorResponse,
+  type SendAuthorizationErrorResponse,
 } from "./08-send-authorization-response";
 import * as Errors from "./errors";
@@ -40,6 +42,7 @@ export {
   fetchPresentDefinition,
   evaluateInputDescriptorForSdJwt4VC,
   sendAuthorizationResponse,
+  sendAuthorizationErrorResponse,
   Errors,
 };
 export type {
@@ -51,4 +54,5 @@ export type {
   FetchPresentationDefinition,
   EvaluateInputDescriptorSdJwt4VC,
   SendAuthorizationResponse,
+  SendAuthorizationErrorResponse,
 };

package/src/credential/presentation/types.ts CHANGED Viewed

@@ -90,3 +90,29 @@ export const RequestObject = z.object({
   scope: z.string().optional(),
   presentation_definition: PresentationDefinition.optional(),
 });
+/**
+ * This type models the possible error responses the OpenID4VP protocol allows for a presentation of a credential.
+ * See https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#name-error-response for more information.
+ */
+export type ErrorResponse = z.infer<typeof ErrorResponse>;
+export const ErrorResponse = z.enum([
+  "invalid_scope",
+  "invalid_request",
+  "invalid_client",
+  "access_denied",
+]);
+/**
+ * Type that defines the possible payload formats accepted by {@link buildDirectPostJwtBody} and {@link buildDirectPostBody}
+ */
+export type DirectAuthorizationBodyPayload = z.infer<
+  typeof DirectAuthorizationBodyPayload
+>;
+export const DirectAuthorizationBodyPayload = z.union([
+  z.object({
+    vp_token: z.string(),
+    presentation_submission: z.record(z.string(), z.unknown()),
+  }),
+  z.object({ error: ErrorResponse }),
+]);