@pagopa/io-react-native-wallet 1.3.0 → 1.4.0

package/lib/typescript/entity/trust/types.d.ts

@@ -2164,7 +2164,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     } | undefined;
                 }>, "many">;
                 credential_configurations_supported: z.ZodRecord<z.ZodString, z.ZodObject<{
-                    format: z.ZodUnion<[z.ZodLiteral<"vc+sd-jwt">, z.ZodLiteral<"vc+mdoc-cbor">]>;
+                    format: z.ZodUnion<[z.ZodLiteral<"vc+sd-jwt">, z.ZodLiteral<"mso_mdoc">]>;
                     scope: z.ZodString;
                     display: z.ZodArray<z.ZodObject<{
                         name: z.ZodString;
@@ -2268,7 +2268,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -2298,7 +2298,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -2460,7 +2460,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -2530,7 +2530,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -3327,7 +3327,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -3517,7 +3517,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -3735,7 +3735,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -3953,7 +3953,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -4173,7 +4173,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -4393,7 +4393,7 @@ export declare const CredentialIssuerEntityConfiguration: z.ZodIntersection<z.Zo
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -10230,7 +10230,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     } | undefined;
                 }>, "many">;
                 credential_configurations_supported: z.ZodRecord<z.ZodString, z.ZodObject<{
-                    format: z.ZodUnion<[z.ZodLiteral<"vc+sd-jwt">, z.ZodLiteral<"vc+mdoc-cbor">]>;
+                    format: z.ZodUnion<[z.ZodLiteral<"vc+sd-jwt">, z.ZodLiteral<"mso_mdoc">]>;
                     scope: z.ZodString;
                     display: z.ZodArray<z.ZodObject<{
                         name: z.ZodString;
@@ -10334,7 +10334,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -10364,7 +10364,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -10526,7 +10526,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -10596,7 +10596,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -11393,7 +11393,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -11583,7 +11583,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -11801,7 +11801,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -12019,7 +12019,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -12239,7 +12239,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {
@@ -12459,7 +12459,7 @@ export declare const EntityConfiguration: z.ZodUnion<[z.ZodIntersection<z.ZodObj
                     }[];
                     scope: string;
                     cryptographic_binding_methods_supported: string[];
-                    format: "vc+sd-jwt" | "vc+mdoc-cbor";
+                    format: "vc+sd-jwt" | "mso_mdoc";
                     credential_signing_alg_values_supported: string[];
                     claims?: Record<string, {
                         display: {

package/lib/typescript/mdoc/converters.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Extracts the date value of a given elementIdentifier from an MDOC object.
+ * Searches through the issuerSigned namespaces and attempts to parse the value as a Date.
+ * The expected date format is "DD-MM-YYYY".
+ * Returns the Date object if found, otherwise returns null.
+ */
+export declare function extractElementValueAsDate(elementValue: string): Date | null;
+//# sourceMappingURL=converters.d.ts.map

package/lib/typescript/mdoc/converters.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"converters.d.ts","sourceRoot":"","sources":["../../../src/mdoc/converters.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,yBAAyB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAmB3E"}

package/lib/typescript/mdoc/index.d.ts

@@ -0,0 +1,6 @@
+import { CBOR } from "@pagopa/io-react-native-cbor";
+import type { JWK } from "../utils/jwk";
+export declare const verify: (token: string, publicKey: JWK | JWK[]) => Promise<{
+    mDoc: CBOR.MDOC;
+}>;
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/mdoc/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/mdoc/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAExC,eAAO,MAAM,MAAM,UACV,MAAM,aACF,GAAG,GAAG,GAAG,EAAE;UACL,KAAK,IAAI;EAqB3B,CAAC"}

package/lib/typescript/sd-jwt/index.d.ts

@@ -19,7 +19,7 @@ import * as Errors from "./errors";
 export declare const decode: <S extends z.ZodType<{
     header: {
         alg: string;
-        typ: "vc+sd-jwt" | "example+sd-jwt";
+        typ: "vc+sd-jwt" | "mso_mdoc";
         kid?: string | undefined;
         x5c?: string | undefined;
         vctm?: string[] | undefined;
@@ -76,7 +76,7 @@ export declare const decode: <S extends z.ZodType<{
 }, z.ZodTypeDef, {
     header: {
         alg: string;
-        typ: "vc+sd-jwt" | "example+sd-jwt";
+        typ: "vc+sd-jwt" | "mso_mdoc";
         kid?: string | undefined;
         x5c?: string | undefined;
         vctm?: string[] | undefined;
@@ -173,7 +173,7 @@ export declare const disclose: (token: string, claims: string[]) => Promise<{
 export declare const verify: <S extends z.ZodType<{
     header: {
         alg: string;
-        typ: "vc+sd-jwt" | "example+sd-jwt";
+        typ: "vc+sd-jwt" | "mso_mdoc";
         kid?: string | undefined;
         x5c?: string | undefined;
         vctm?: string[] | undefined;
@@ -230,7 +230,7 @@ export declare const verify: <S extends z.ZodType<{
 }, z.ZodTypeDef, {
     header: {
         alg: string;
-        typ: "vc+sd-jwt" | "example+sd-jwt";
+        typ: "vc+sd-jwt" | "mso_mdoc";
         kid?: string | undefined;
         x5c?: string | undefined;
         vctm?: string[] | undefined;

package/lib/typescript/sd-jwt/types.d.ts

@@ -56,20 +56,20 @@ export declare const Verification: z.ZodObject<{
 export type SdJwt4VC = z.infer<typeof SdJwt4VC>;
 export declare const SdJwt4VC: z.ZodObject<{
     header: z.ZodObject<{
-        typ: z.ZodUnion<[z.ZodLiteral<"vc+sd-jwt">, z.ZodLiteral<"example+sd-jwt">]>;
+        typ: z.ZodUnion<[z.ZodLiteral<"vc+sd-jwt">, z.ZodLiteral<"mso_mdoc">]>;
         alg: z.ZodString;
         kid: z.ZodOptional<z.ZodString>;
         x5c: z.ZodOptional<z.ZodString>;
         vctm: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     }, "strip", z.ZodTypeAny, {
         alg: string;
-        typ: "vc+sd-jwt" | "example+sd-jwt";
+        typ: "vc+sd-jwt" | "mso_mdoc";
         kid?: string | undefined;
         x5c?: string | undefined;
         vctm?: string[] | undefined;
     }, {
         alg: string;
-        typ: "vc+sd-jwt" | "example+sd-jwt";
+        typ: "vc+sd-jwt" | "mso_mdoc";
         kid?: string | undefined;
         x5c?: string | undefined;
         vctm?: string[] | undefined;
@@ -346,7 +346,7 @@ export declare const SdJwt4VC: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
     header: {
         alg: string;
-        typ: "vc+sd-jwt" | "example+sd-jwt";
+        typ: "vc+sd-jwt" | "mso_mdoc";
         kid?: string | undefined;
         x5c?: string | undefined;
         vctm?: string[] | undefined;
@@ -403,7 +403,7 @@ export declare const SdJwt4VC: z.ZodObject<{
 }, {
     header: {
         alg: string;
-        typ: "vc+sd-jwt" | "example+sd-jwt";
+        typ: "vc+sd-jwt" | "mso_mdoc";
         kid?: string | undefined;
         x5c?: string | undefined;
         vctm?: string[] | undefined;

package/lib/typescript/utils/string.d.ts

@@ -14,4 +14,11 @@
  * @returns The obfuscated string with random characters replaced
  */
 export declare const obfuscateString: (value: string, percentage?: number, obfuscatedChar?: string) => string;
+/**
+ * Converts a hexadecimal byte string to a Base64 URL-encoded string.
+ *
+ * @param byteString - The input string in hexadecimal format.
+ * @returns The Base64 URL-encoded string.
+ */
+export declare const byteStringToBase64Url: (byteString: string) => string;
 //# sourceMappingURL=string.d.ts.map

package/lib/typescript/utils/string.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"string.d.ts","sourceRoot":"","sources":["../../../src/utils/string.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,eAAe,UACnB,MAAM,eACD,MAAM,mBACF,MAAM,KACrB,MAyBF,CAAC"}
+{"version":3,"file":"string.d.ts","sourceRoot":"","sources":["../../../src/utils/string.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,eAAe,UACnB,MAAM,eACD,MAAM,mBACF,MAAM,KACrB,MAyBF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,eAAgB,MAAM,KAAG,MAE1D,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -56,6 +56,7 @@
     "@pagopa/eslint-config": "^3.0.0",
     "@pagopa/io-react-native-crypto": "^0.2.3",
     "@pagopa/io-react-native-jwt": "^2.0.0",
+    "@pagopa/io-react-native-cbor": "^1.0.0",
     "@react-native/eslint-config": "^0.72.2",
     "@rushstack/eslint-patch": "^1.3.2",
     "@types/jest": "^28.1.2",
@@ -79,6 +80,7 @@
   "peerDependencies": {
     "@pagopa/io-react-native-crypto": "*",
     "@pagopa/io-react-native-jwt": "*",
+    "@pagopa/io-react-native-cbor": "*",
     "react": "*",
     "react-native": "*"
   },

package/src/credential/issuance/06-obtain-credential.ts

@@ -17,6 +17,7 @@ import {
 import { CredentialResponse } from "./types";
 import { createDPopToken } from "../../utils/dpop";
 import uuid from "react-native-uuid";
+import { byteStringToBase64Url } from "../../utils/string";
 
 export type ObtainCredential = (
   issuerConf: Out<GetIssuerConfig>["issuerConf"],
@@ -95,10 +96,12 @@ export const obtainCredential: ObtainCredential = async (
     credentialCryptoContext
   );
 
-  const containsCredentialDefinition =
-    accessToken.authorization_details.credential_configuration_id ===
-      credentialDefinition.credential_configuration_id &&
-    accessToken.authorization_details.type === credentialDefinition.type;
+  const containsCredentialDefinition = accessToken.authorization_details.some(
+    (detail) =>
+      detail.credential_configuration_id ===
+        credentialDefinition.credential_configuration_id &&
+      detail.type === credentialDefinition.type
+  );
 
   if (!containsCredentialDefinition) {
     throw new ValidationFailed({
@@ -167,7 +170,13 @@ export const obtainCredential: ObtainCredential = async (
     });
   }
 
-  return credentialRes.data;
+  /* temporary base64 parsing for the "mso_mdoc" format until the credential submission with this format is fixed. */
+  return format === "mso_mdoc"
+    ? {
+        ...credentialRes.data,
+        credential: byteStringToBase64Url(credentialRes.data.credential),
+      }
+    : credentialRes.data;
 };
 
 /**

package/src/credential/issuance/07-verify-and-parse-credential.ts

@@ -1,12 +1,19 @@
 import type { CryptoContext } from "@pagopa/io-react-native-jwt";
+import { CBOR } from "@pagopa/io-react-native-cbor";
 import type { Out } from "../../utils/misc";
 import type { GetIssuerConfig } from "./02-get-issuer-config";
 import { IoWalletError } from "../../utils/errors";
 import { SdJwt4VC } from "../../sd-jwt/types";
 import { verify as verifySdJwt } from "../../sd-jwt";
+import { verify as verifyMdoc } from "../../mdoc";
 import { getValueFromDisclosures } from "../../sd-jwt/converters";
 import type { JWK } from "../../utils/jwk";
 import type { ObtainCredential } from "./06-obtain-credential";
+import {
+  CredentialSdJwtClaims,
+  CredentialClaim,
+} from "../../entity/openid-connect/issuer/types";
+import { extractElementValueAsDate } from "../../mdoc/converters";
 
 export type VerifyAndParseCredential = (
   issuerConf: Out<GetIssuerConfig>["issuerConf"],
@@ -52,6 +59,10 @@ type DecodedSdJwtCredential = Out<typeof verifySdJwt> & {
   sdJwt: SdJwt4VC;
 };
 
+type DecodedMDocCredential = Out<typeof verifyMdoc> & {
+  mDoc: CBOR.MDOC;
+};
+
 const parseCredentialSdJwt = (
   // the list of supported credentials, as defined in the issuer configuration
   credentials_supported: Out<GetIssuerConfig>["issuerConf"]["credential_configurations_supported"],
@@ -75,7 +86,8 @@ const parseCredentialSdJwt = (
   if (!credentialSubject.claims) {
     throw new IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
   }
-  const attrDefinitions = Object.entries(credentialSubject.claims);
+  const claims = credentialSubject.claims as CredentialSdJwtClaims;
+  const attrDefinitions = Object.entries(claims);
 
   // the key of the attribute defintion must match the disclosure's name
   const attrsNotInDisclosures = attrDefinitions.filter(
@@ -142,6 +154,108 @@ const parseCredentialSdJwt = (
   return definedValues;
 };
 
+const parseCredentialMDoc = (
+  // the list of supported credentials, as defined in the issuer configuration
+  credentials_supported: Out<GetIssuerConfig>["issuerConf"]["credential_configurations_supported"],
+  { mDoc }: DecodedMDocCredential,
+  includeUndefinedAttributes: boolean = false
+): ParsedCredential => {
+  const credentialSubject = credentials_supported[mDoc.docType];
+
+  if (!credentialSubject) {
+    throw new IoWalletError("Credential type not supported by the issuer");
+  }
+
+  // transfrom a record { key: value } in an iterable of pairs [key, value]
+  if (!credentialSubject.claims) {
+    throw new IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
+  }
+
+  const claims = credentialSubject.claims as Record<
+    string,
+    CredentialSdJwtClaims
+  >;
+
+  const attrDefinitions: [string, string, CredentialClaim][] = Object.entries(
+    claims
+  ).flatMap(([namespace, claimName]) =>
+    Object.entries(claimName).map(
+      ([claimNameKey, definition]) =>
+        [namespace, claimNameKey, definition] as [
+          string,
+          string,
+          CredentialClaim
+        ]
+    )
+  );
+
+  if (!mDoc.issuerSigned.nameSpaces) {
+    throw new IoWalletError("Missing claims in the credential");
+  }
+
+  const flatNamespaces: [string, string, string][] = Object.entries(
+    mDoc.issuerSigned.nameSpaces
+  ).flatMap(([namespace, values]) =>
+    values.map(
+      (v) =>
+        [namespace, v.elementIdentifier, v.elementValue] as [
+          string,
+          string,
+          string
+        ]
+    )
+  );
+
+  // Attributes defined in the issuer configuration and present in the disclosure set
+  const definedValues = Object.fromEntries(
+    attrDefinitions
+      // Retrieve the value from the corresponding disclosure
+      .map(
+        ([attrDefNamespace, attrKey, definition]) =>
+          [
+            attrKey,
+            {
+              ...definition,
+              value: flatNamespaces.find(
+                ([namespace, name]) =>
+                  attrDefNamespace === namespace && name === attrKey
+              )?.[2],
+            },
+          ] as const
+      )
+      // Add a human-readable attribute name, with i18n, in the form { locale: name }
+      // Example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
+      .map(
+        ([attrKey, { display, ...definition }]) =>
+          [
+            attrKey,
+            {
+              ...definition,
+              name: display.reduce(
+                (names, { locale, name }) => ({ ...names, [locale]: name }),
+                {} as Record<string, string>
+              ),
+            },
+          ] as const
+      )
+  );
+
+  if (includeUndefinedAttributes) {
+    // Attributes that are present in the disclosure set but not defined in the issuer configuration
+    const undefinedValues = Object.fromEntries(
+      flatNamespaces
+        .filter(([, key]) => !Object.keys(definedValues).includes(key))
+        .map(([, key, value]) => [key, { value, name: key }])
+    );
+    return {
+      ...definedValues,
+      ...undefinedValues,
+    };
+  }
+
+  return definedValues;
+};
+
 /**
  * Given a credential, verify it's in the supported format
  * and the credential is correctly signed
@@ -180,6 +294,46 @@ async function verifyCredentialSdJwt(
   return decodedCredential;
 }
 
+/**
+ * Given a credential, verify it's in the supported format
+ * and the credential is correctly signed
+ * and it's bound to the given key
+ *
+ * @param rawCredential The received credential
+ * @param issuerKeys The set of public keys of the issuer,
+ * which will be used to verify the signature
+ * @param holderBindingContext The access to the holder's key
+ *
+ * @throws If the signature verification fails
+ * @throws If the credential is not in the SdJwt4VC format
+ * @throws If the holder binding is not properly configured
+ *
+ */
+async function verifyCredentialMDoc(
+  rawCredential: string,
+  issuerKeys: JWK[],
+  holderBindingContext: CryptoContext
+): Promise<DecodedMDocCredential> {
+  const [decodedCredential] =
+    // parallel for optimization
+    await Promise.all([
+      verifyMdoc(rawCredential, issuerKeys),
+      holderBindingContext.getPublicKey(),
+    ]);
+
+  // TODO Implement the holder binding verification for MDOC
+
+  // Get only the first decoded credential
+
+  if (!decodedCredential) {
+    throw new IoWalletError("No MDOC credentials found!");
+  }
+
+  return {
+    mDoc: decodedCredential.mDoc,
+  };
+}
+
 // utility type that specialize VerifyAndParseCredential for given format
 type WithFormat<Format extends Parameters<VerifyAndParseCredential>[2]> = (
   _0: Parameters<VerifyAndParseCredential>[0],
@@ -223,6 +377,44 @@ const verifyAndParseCredentialSdJwt: WithFormat<"vc+sd-jwt"> = async (
   };
 };
 
+const verifyAndParseCredentialMDoc: WithFormat<"mso_mdoc"> = async (
+  issuerConf,
+  credential,
+  _,
+  { credentialCryptoContext, ignoreMissingAttributes }
+) => {
+  const decoded = await verifyCredentialMDoc(
+    credential,
+    issuerConf.keys,
+    credentialCryptoContext
+  );
+
+  const parsedCredential = parseCredentialMDoc(
+    issuerConf.credential_configurations_supported,
+    decoded,
+    ignoreMissingAttributes
+  );
+
+  const expirationDate = extractElementValueAsDate(
+    parsedCredential?.expiry_date?.value as string
+  );
+  if (!expirationDate) {
+    throw new IoWalletError(`expirationDate must be present!!`);
+  }
+  expirationDate?.setDate(expirationDate.getDate() + 1);
+
+  const maybeIssuedAt = extractElementValueAsDate(
+    parsedCredential?.issue_date?.value as string
+  );
+  maybeIssuedAt?.setDate(maybeIssuedAt.getDate() + 1);
+
+  return {
+    parsedCredential,
+    expiration: expirationDate ?? new Date(),
+    issuedAt: maybeIssuedAt ?? undefined,
+  };
+};
+
 /**
  * Verify and parse an encoded credential.
  * @param issuerConf The Issuer configuration returned by {@link getIssuerConfig}
@@ -250,6 +442,14 @@ export const verifyAndParseCredential: VerifyAndParseCredential = async (
       context
     );
   }
+  if (format === "mso_mdoc") {
+    return verifyAndParseCredentialMDoc(
+      issuerConf,
+      credential,
+      format,
+      context
+    );
+  }
 
   throw new IoWalletError(`Unsupported credential format: ${format}`);
 };

package/src/credential/issuance/const.ts

@@ -7,5 +7,5 @@ export type SupportedCredentialFormat = z.infer<
 >;
 export const SupportedCredentialFormat = z.union([
   z.literal("vc+sd-jwt"),
-  z.literal("vc+mdoc-cbor"),
+  z.literal("mso_mdoc"),
 ]);

package/src/credential/issuance/types.ts

@@ -6,7 +6,7 @@ export type TokenResponse = z.infer<typeof TokenResponse>;
 
 export const TokenResponse = z.object({
   access_token: z.string(),
-  authorization_details: AuthorizationDetail,
+  authorization_details: z.array(AuthorizationDetail),
   c_nonce: z.string(),
   c_nonce_expires_in: z.number(),
   expires_in: z.number(),