npm - @pagopa/io-react-native-wallet - Versions diffs - 1.3.0 → 1.3.1 - Mend

@pagopa/io-react-native-wallet 1.3.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/src/credential/presentation/08-send-authorization-response.ts CHANGED Viewed

@@ -9,7 +9,12 @@ import type { VerifyRequestObjectSignature } from "./05-verify-request-object";
 import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
 import { hasStatusOrThrow, type Out } from "../../utils/misc";
 import { disclose } from "../../sd-jwt";
-import { PresentationDefinition, type Presentation } from "./types";
+import {
+  DirectAuthorizationBodyPayload,
+  ErrorResponse,
+  PresentationDefinition,
+  type Presentation,
+} from "./types";
 import * as z from "zod";
 import type { JWK } from "../../utils/jwk";
@@ -125,19 +130,20 @@ export const prepareVpToken = async (
  * Builds a URL-encoded form body for a direct POST response without encryption.
  *
  * @param requestObject - Contains state, nonce, and other relevant info.
- * @param vpToken - The signed VP token to include.
- * @param presentationSubmission - Object mapping credential disclosures.
+ * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
  * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
  */
 export const buildDirectPostBody = async (
   requestObject: Out<VerifyRequestObjectSignature>["requestObject"],
-  vpToken: string,
-  presentationSubmission: Record<string, unknown>
+  payload: DirectAuthorizationBodyPayload
 ): Promise<string> => {
   const formUrlEncodedBody = new URLSearchParams({
     state: requestObject.state,
-    presentation_submission: JSON.stringify(presentationSubmission),
-    vp_token: vpToken,
+    ...Object.fromEntries(
+      Object.entries(payload).map(([key, value]) => {
+        return [key, typeof value === "object" ? JSON.stringify(value) : value];
+      })
+    ),
   });
   return formUrlEncodedBody.toString();
@@ -148,22 +154,19 @@ export const buildDirectPostBody = async (
  *
  * @param jwkKeys - Array of JWKs from the Relying Party for encryption.
  * @param requestObject - Contains state, nonce, and other relevant info.
- * @param vpToken - The signed VP token to encrypt.
- * @param presentationSubmission - Object mapping credential disclosures.
+ * @param payload - Object that contains either the VP token to encrypt and the mapping of the credential disclosures or the error code
  * @returns A URL-encoded string for an `application/x-www-form-urlencoded` POST body,
  *          where `response` contains the encrypted JWE.
  */
 export const buildDirectPostJwtBody = async (
   jwkKeys: Out<FetchJwks>["keys"],
   requestObject: Out<VerifyRequestObjectSignature>["requestObject"],
-  vpToken: string,
-  presentationSubmission: Record<string, unknown>
+  payload: DirectAuthorizationBodyPayload
 ): Promise<string> => {
   // Prepare the authorization response payload to be encrypted
   const authzResponsePayload = JSON.stringify({
     state: requestObject.state,
-    presentation_submission: presentationSubmission,
-    vp_token: vpToken,
+    ...payload,
   });
   // Choose a suitable RSA public key for encryption
@@ -233,17 +236,14 @@ export const sendAuthorizationResponse: SendAuthorizationResponse = async (
   // 2. Choose the appropriate request body builder based on response mode
   const requestBody =
     requestObject.response_mode === "direct_post.jwt"
-      ? await buildDirectPostJwtBody(
-          jwkKeys,
-          requestObject,
+      ? await buildDirectPostJwtBody(jwkKeys, requestObject, {
           vp_token,
-          presentation_submission
-        )
-      : await buildDirectPostBody(
-          requestObject,
+          presentation_submission,
+        })
+      : await buildDirectPostBody(requestObject, {
           vp_token,
-          presentation_submission
-        );
+          presentation_submission: presentation_submission,
+        });
   // 3. Send the authorization response via HTTP POST and validate the response
   return await appFetch(requestObject.response_uri, {
@@ -257,3 +257,51 @@ export const sendAuthorizationResponse: SendAuthorizationResponse = async (
     .then((res) => res.json())
     .then(AuthorizationResponse.parse);
 };
+/**
+ * Type definition for the function that sends the authorization response
+ * to the Relying Party, completing the presentation flow.
+ */
+export type SendAuthorizationErrorResponse = (
+  requestObject: Out<VerifyRequestObjectSignature>["requestObject"],
+  error: ErrorResponse,
+  jwkKeys: Out<FetchJwks>["keys"],
+  context?: {
+    appFetch?: GlobalFetch["fetch"];
+  }
+) => Promise<AuthorizationResponse>;
+/**
+ * Sends the authorization error response to the Relying Party (RP) using the specified `response_mode`.
+ * This function completes the presentation flow in an OpenID 4 Verifiable Presentations scenario.
+ *
+ * @param requestObject - The request details, including presentation requirements.
+ * @param error - The response error value
+ * @param jwkKeys - Array of JWKs from the Relying Party for optional encryption.
+ * @param context - Contains optional custom fetch implementation.
+ * @returns Parsed and validated authorization response from the Relying Party.
+ */
+export const sendAuthorizationErrorResponse: SendAuthorizationErrorResponse =
+  async (
+    requestObject,
+    error,
+    jwkKeys,
+    { appFetch = fetch } = {}
+  ): Promise<AuthorizationResponse> => {
+    // 2. Choose the appropriate request body builder based on response mode
+    const requestBody =
+      requestObject.response_mode === "direct_post.jwt"
+        ? await buildDirectPostJwtBody(jwkKeys, requestObject, { error })
+        : await buildDirectPostBody(requestObject, { error });
+    // 3. Send the authorization error response via HTTP POST and validate the response
+    return await appFetch(requestObject.response_uri, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+      },
+      body: requestBody,
+    })
+      .then(hasStatusOrThrow(200))
+      .then((res) => res.json())
+      .then(AuthorizationResponse.parse);
+  };

package/src/credential/presentation/README.md CHANGED Viewed

@@ -62,9 +62,7 @@ const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(clien
 const { requestObjectEncodedJwt } =
     await Credential.Presentation.getRequestObject(requestURI, {
-      wiaCryptoContext: wiaCryptoContext,
-      appFetch: appFetch,
-      walletInstanceAttestation: walletInstanceAttestation,
+      appFetch: appFetch
     });
 // Retrieve RP JWK

package/src/credential/presentation/index.ts CHANGED Viewed

@@ -27,6 +27,8 @@ import {
 import {
   sendAuthorizationResponse,
   type SendAuthorizationResponse,
+  sendAuthorizationErrorResponse,
+  type SendAuthorizationErrorResponse,
 } from "./08-send-authorization-response";
 import * as Errors from "./errors";
@@ -40,6 +42,7 @@ export {
   fetchPresentDefinition,
   evaluateInputDescriptorForSdJwt4VC,
   sendAuthorizationResponse,
+  sendAuthorizationErrorResponse,
   Errors,
 };
 export type {
@@ -51,4 +54,5 @@ export type {
   FetchPresentationDefinition,
   EvaluateInputDescriptorSdJwt4VC,
   SendAuthorizationResponse,
+  SendAuthorizationErrorResponse,
 };

package/src/credential/presentation/types.ts CHANGED Viewed

@@ -90,3 +90,29 @@ export const RequestObject = z.object({
   scope: z.string().optional(),
   presentation_definition: PresentationDefinition.optional(),
 });
+/**
+ * This type models the possible error responses the OpenID4VP protocol allows for a presentation of a credential.
+ * See https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#name-error-response for more information.
+ */
+export type ErrorResponse = z.infer<typeof ErrorResponse>;
+export const ErrorResponse = z.enum([
+  "invalid_scope",
+  "invalid_request",
+  "invalid_client",
+  "access_denied",
+]);
+/**
+ * Type that defines the possible payload formats accepted by {@link buildDirectPostJwtBody} and {@link buildDirectPostBody}
+ */
+export type DirectAuthorizationBodyPayload = z.infer<
+  typeof DirectAuthorizationBodyPayload
+>;
+export const DirectAuthorizationBodyPayload = z.union([
+  z.object({
+    vp_token: z.string(),
+    presentation_submission: z.record(z.string(), z.unknown()),
+  }),
+  z.object({ error: ErrorResponse }),
+]);