@pagopa/io-react-native-wallet 1.7.0 → 1.8.0

package/src/client/generated/wallet-provider.ts

@@ -1,5 +1,11 @@
 import z from "zod";
 
+export type ApplicationInfo = z.infer<typeof ApplicationInfo>;
+export const ApplicationInfo = z.object({
+  name: z.string(),
+  version: z.string(),
+});
+
 export type NonceDetailView = z.infer<typeof NonceDetailView>;
 export const NonceDetailView = z.object({
   nonce: z.string(),
@@ -10,6 +16,16 @@ export const WalletAttestationView = z.object({
   wallet_attestation: z.string(),
 });
 
+export type WalletAttestationsView = z.infer<typeof WalletAttestationsView>;
+export const WalletAttestationsView = z.object({
+  wallet_attestations: z.array(
+    z.object({
+      format: z.union([z.literal("jwt"), z.literal("dc+sd-jwt")]),
+      wallet_attestation: z.string(),
+    }),
+  ),
+});
+
 export type CreateWalletInstanceBody = z.infer<typeof CreateWalletInstanceBody>;
 export const CreateWalletInstanceBody = z.object({
   challenge: z.string(),
@@ -23,13 +39,9 @@ export const CreateWalletAttestationBody = z.object({
   assertion: z.string(),
 });
 
-export type ProblemDetail = z.infer<typeof ProblemDetail>;
-export const ProblemDetail = z.object({
-  type: z.string().optional(),
-  title: z.string().optional(),
-  status: z.number().optional(),
-  detail: z.string().optional(),
-  instance: z.string().optional(),
+export type CreateWalletAttestationV2Body = z.infer<typeof CreateWalletAttestationV2Body>;
+export const CreateWalletAttestationV2Body = z.object({
+  assertion: z.string(),
 });
 
 export type SetWalletInstanceStatusBody = z.infer<typeof SetWalletInstanceStatusBody>;
@@ -51,6 +63,15 @@ export const WalletInstanceData = z.object({
   revocation_reason: z.union([RevocationReason, z.undefined()]).optional(),
 });
 
+export type ProblemDetail = z.infer<typeof ProblemDetail>;
+export const ProblemDetail = z.object({
+  type: z.string().optional(),
+  title: z.string().optional(),
+  status: z.number().optional(),
+  detail: z.string().optional(),
+  instance: z.string().optional(),
+});
+
 export type get_GetNonce = typeof get_GetNonce;
 export const get_GetNonce = {
   method: z.literal("GET"),
@@ -104,6 +125,16 @@ export const post_CreateWalletAttestation = {
   response: WalletAttestationView,
 };
 
+export type post_CreateWalletAttestationV2 = typeof post_CreateWalletAttestationV2;
+export const post_CreateWalletAttestationV2 = {
+  method: z.literal("POST"),
+  path: z.literal("/wallet-attestations"),
+  parameters: z.object({
+    body: CreateWalletAttestationV2Body,
+  }),
+  response: WalletAttestationsView,
+};
+
 // <EndpointByMethod>
 export const EndpointByMethod = {
   get: {
@@ -113,6 +144,7 @@ export const EndpointByMethod = {
   post: {
     "/wallet-instances": post_CreateWalletInstance,
     "/token": post_CreateWalletAttestation,
+    "/wallet-attestations": post_CreateWalletAttestationV2,
   },
   put: {
     "/wallet-instances/{id}/status": put_SetWalletInstanceStatus,

package/src/credential/issuance/02-get-issuer-config.ts

@@ -3,6 +3,7 @@ import type { Out } from "../../utils/misc";
 import type { JWK } from "src/utils/jwk";
 import { getCredentialIssuerMetadata } from "../../entity/openid-connect/issuer";
 import type { CredentialConfigurationSupported } from "../../entity/openid-connect/issuer/types";
+import { getCredentialIssuerEntityConfiguration } from "@pagopa/io-react-native-wallet";
 
 export type GetIssuerConfig = (
   issuerUrl: Out<StartFlow>["issuerUrl"],
@@ -21,12 +22,16 @@ export type IssuerConfig = {
   pushed_authorization_request_endpoint: string;
   authorization_endpoint: string;
   token_endpoint: string;
+  nonce_endpoint?: string;
   credential_endpoint: string;
+  issuer: string;
   keys: Array<JWK>;
 };
 
 /**
  * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
+ * WARNING: This function extracts the {@link IssuerConfig} from the OpenID Connect endpoint. For the OpenID Federation variant, use {@link getIssuerConfigOIDFED}.
+ * WARNING: The variants should not be used in conjunction.
  * Get the Issuer's configuration from the Issuer's metadata.
  * Currently it only supports a mixed configuration based on OpenID Connect partial implementation.
  * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
@@ -44,6 +49,27 @@ export const getIssuerConfig: GetIssuerConfig = async (
   return credentialIssuerRationalization(res);
 };
 
+/**
+ * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
+ * WARNING: This function extracts the {@link IssuerConfig} from the OpenID Federation EC. For the OpenID Connect variant, use {@link getIssuerConfig}.
+ * WARNING: The variants should not be used in conjunction.
+ * Get the Issuer's configuration from the Issuer's metadata fetched from the OpenID Federation system.
+ * Currently it only supports a mixed configuration based on OpenID Federation partial implementation.
+ * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @returns The Issuer's configuration
+ */
+export const getIssuerConfigOIDFED: GetIssuerConfig = async (
+  issuerUrl,
+  context = {}
+): ReturnType<GetIssuerConfig> => {
+  const res = await getCredentialIssuerEntityConfiguration(issuerUrl, {
+    appFetch: context.appFetch,
+  });
+
+  return credentialIssuerRationalizationOIDFED(res);
+};
+
 /**
  * Rationalize the issuer's metadata to the issuer's configuration which is then used in our flows to interact with the issuer.
  * @param issuerMetadata - The issuer's metadata
@@ -62,6 +88,97 @@ const credentialIssuerRationalization = (
       token_endpoint: issuerMetadata.token_endpoint,
       credential_endpoint: issuerMetadata.credential_endpoint,
       keys: issuerMetadata.jwks.keys,
+      issuer: issuerMetadata.authorization_endpoint,
+    },
+  };
+};
+
+/**
+ * Rationalize the issuer's metadata taken from OpenID Federation to the issuer's configuration which is then used in our flows to interact with the issuer.
+ * @param issuerMetadata - The issuer's metadata
+ * @returns the isssuer configuration to be used later in our flows
+ */
+const credentialIssuerRationalizationOIDFED = (
+  issuerMetadata: Awaited<
+    ReturnType<typeof getCredentialIssuerEntityConfiguration>
+  >
+): Awaited<ReturnType<GetIssuerConfig>> => {
+  const adapted_credential_configurations_supported: CredentialConfigurationSupported =
+    Object.fromEntries(
+      Object.entries(
+        issuerMetadata.payload.metadata.openid_credential_issuer
+          .credential_configurations_supported
+      ).map(([key, config]) => {
+        const claimsRaw = config.claims;
+        // we need to evaluate how claims is in oder to support Federation and OID4VCI
+        // claim structure is different in both case
+        let claims: CredentialConfigurationSupported[string]["claims"];
+
+        if (
+          claimsRaw &&
+          typeof Object.values(claimsRaw)[0] === "object" &&
+          "mandatory" in Object.values(claimsRaw)[0]!
+        ) {
+          // claims is Record<string, { mandatory: boolean; display: Display[] }>
+          claims = Object.fromEntries(
+            Object.entries(claimsRaw).map(([, v]) => [
+              [v.path[0]],
+              {
+                mandatory: true,
+                display: v.display,
+              },
+            ])
+          );
+        } else {
+          // claims is Record<string, Record<string, { mandatory; display }>>
+          claims = Object.fromEntries(
+            Object.entries(claimsRaw).map(([k, inner]) => [
+              [k],
+              Object.fromEntries(
+                Object.entries(inner).map(([innerK, v]: any) => [
+                  [innerK],
+                  {
+                    mandatory: v.mandatory,
+                    display: v.display,
+                  },
+                ])
+              ),
+            ])
+          );
+        }
+        const newConfig: CredentialConfigurationSupported[string] = {
+          ...config,
+          claims,
+          // cryptographic_suites_supported have been renamed credential_signing_alg_values_supported.
+          // We mantain it for Potential compatibility
+          cryptographic_suites_supported:
+            config.credential_signing_alg_values_supported!,
+        };
+
+        return [key, newConfig];
+      })
+    );
+
+  return {
+    issuerConf: {
+      credential_configurations_supported:
+        adapted_credential_configurations_supported,
+      pushed_authorization_request_endpoint:
+        issuerMetadata.payload.metadata.oauth_authorization_server
+          .pushed_authorization_request_endpoint,
+      authorization_endpoint:
+        issuerMetadata.payload.metadata.oauth_authorization_server
+          .authorization_endpoint,
+      token_endpoint:
+        issuerMetadata.payload.metadata.oauth_authorization_server
+          .token_endpoint,
+      credential_endpoint:
+        issuerMetadata.payload.metadata.openid_credential_issuer
+          .credential_endpoint,
+      keys: issuerMetadata.payload.metadata.openid_credential_issuer.jwks.keys,
+      issuer: issuerMetadata.payload.metadata.oauth_authorization_server.issuer,
+      nonce_endpoint:
+        issuerMetadata.payload.metadata.openid_credential_issuer.nonce_endpoint,
     },
   };
 };

package/src/credential/issuance/03-start-user-authorization.ts

@@ -39,18 +39,17 @@ const selectCredentialDefinition = (
   const credential_configurations_supported =
     issuerConf.credential_configurations_supported;
 
-  const credential = credential_configurations_supported[credentialType];
+  const [result] = Object.keys(credential_configurations_supported)
+    .filter((e) => e.includes(credentialType))
+    .map(() => ({
+      credential_configuration_id: credentialType,
+      type: "openid_credential" as const,
+    }));
 
-  if (!credential) {
+  if (!result) {
     throw new Error(`No credential support the type '${credentialType}'`);
   }
 
-  const result = {
-    credential_configuration_id: credentialType,
-    format: credential.format,
-    type: "openid_credential" as const,
-  };
-
   return result;
 };
 

package/src/credential/issuance/06-obtain-credential.ts

@@ -14,7 +14,7 @@ import {
   UnexpectedStatusCodeError,
   ValidationFailed,
 } from "../../utils/errors";
-import { CredentialResponse } from "./types";
+import { CredentialResponse, NonceResponse } from "./types";
 import { createDPopToken } from "../../utils/dpop";
 import uuid from "react-native-uuid";
 
@@ -22,13 +22,16 @@ export type ObtainCredential = (
   issuerConf: Out<GetIssuerConfig>["issuerConf"],
   accessToken: Out<AuthorizeAccess>["accessToken"],
   clientId: Out<StartUserAuthorization>["clientId"],
-  credentialDefinition: Out<StartUserAuthorization>["credentialDefinition"],
+  credentialDefinition: {
+    credential_configuration_id: string;
+    credential_identifier?: string;
+  },
   context: {
     dPopCryptoContext: CryptoContext;
     credentialCryptoContext: CryptoContext;
     appFetch?: GlobalFetch["fetch"];
   }
-) => Promise<CredentialResponse>;
+) => Promise<CredentialResponse["credentials"][number] & { format: string }>;
 
 export const createNonceProof = async (
   nonce: string,
@@ -82,6 +85,25 @@ export const obtainCredential: ObtainCredential = async (
   } = context;
 
   const credentialUrl = issuerConf.credential_endpoint;
+  const issuerUrl = issuerConf.issuer;
+  const nonceUrl = issuerConf.nonce_endpoint;
+
+  // Fetch the nonce from the Credential Issuer
+  const { c_nonce } = nonceUrl
+    ? await appFetch(nonceUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+      })
+        .then(hasStatusOrThrow(200))
+        .then((res) => res.json())
+        .then((body) => NonceResponse.parse(body))
+    : accessToken;
+  if (!c_nonce) {
+    throw new ValidationFailed({
+      message:
+        "Nonce Endpoint not found or access token does not contain the c_nonce",
+    });
+  }
 
   /**
    * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
@@ -89,17 +111,22 @@ export const obtainCredential: ObtainCredential = async (
    * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
    */
   const signedNonceProof = await createNonceProof(
-    accessToken.c_nonce,
+    c_nonce,
     clientId,
-    credentialUrl,
+    issuerUrl,
     credentialCryptoContext
   );
 
+  // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
   const containsCredentialDefinition = accessToken.authorization_details.some(
-    (detail) =>
-      detail.credential_configuration_id ===
+    (c) =>
+      c.credential_configuration_id ===
         credentialDefinition.credential_configuration_id &&
-      detail.type === credentialDefinition.type
+      (credentialDefinition.credential_identifier
+        ? c.credential_identifiers.includes(
+            credentialDefinition.credential_identifier
+          )
+        : true)
   );
 
   if (!containsCredentialDefinition) {
@@ -131,10 +158,7 @@ export const obtainCredential: ObtainCredential = async (
 
   /** The credential request body */
   const credentialRequestFormBody = {
-    ...(format === "mso_mdoc"
-      ? { doctype: credentialDefinition.credential_configuration_id }
-      : { vct: credentialDefinition.credential_configuration_id }),
-    format,
+    credential_identifier: credentialDefinition.credential_configuration_id,
     proof: {
       jwt: signedNonceProof,
       proof_type: "jwt",
@@ -171,8 +195,11 @@ export const obtainCredential: ObtainCredential = async (
     });
   }
 
-  /* temporary base64 parsing for the "mso_mdoc" format until the credential submission with this format is fixed. */
-  return credentialRes.data;
+  // We support only one credential for now
+  return {
+    format,
+    ...credentialRes.data.credentials.at(0)!,
+  };
 };
 
 /**

package/src/credential/issuance/07-verify-and-parse-credential.ts

@@ -72,7 +72,9 @@ export const parseCredentialSdJwt = (
   ignoreMissingAttributes: boolean = false,
   includeUndefinedAttributes: boolean = false
 ): ParsedCredential => {
-  const credentialSubject = credentials_supported[sdJwt.payload.vct];
+  const credentialSubject = Object.entries(credentials_supported).find(
+    ([, vl]) => vl.vct === sdJwt.payload.vct
+  )?.[1];
 
   if (!credentialSubject) {
     throw new IoWalletError("Credential type not supported by the issuer");
@@ -388,7 +390,9 @@ type WithFormat<Format extends Parameters<VerifyAndParseCredential>[2]> = (
   _4: Parameters<VerifyAndParseCredential>[4]
 ) => ReturnType<VerifyAndParseCredential>;
 
-const verifyAndParseCredentialSdJwt: WithFormat<"vc+sd-jwt"> = async (
+const verifyAndParseCredentialSdJwt: WithFormat<
+  "vc+sd-jwt" | "dc+sd-jwt"
+> = async (
   issuerConf,
   credential,
   _,
@@ -485,7 +489,7 @@ export const verifyAndParseCredential: VerifyAndParseCredential = async (
   credentialType,
   context
 ) => {
-  if (format === "vc+sd-jwt") {
+  if (format === "vc+sd-jwt" || format === "dc+sd-jwt") {
     return verifyAndParseCredentialSdJwt(
       issuerConf,
       credential,

package/src/credential/issuance/README.md

@@ -248,7 +248,7 @@ const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
 // Start the issuance flow
 const startFlow: Credential.Issuance.StartFlow = () => ({
   issuerUrl: WALLET_EID_PROVIDER_BASE_URL,
-  credentialType: "urn:eu.europa.ec.eudi:pid:1",
+  credentialType: "dc_sd_jwt_PersonIdentificationData",
   appFetch,
 });
 

package/src/credential/issuance/const.ts

@@ -7,5 +7,6 @@ export type SupportedCredentialFormat = z.infer<
 >;
 export const SupportedCredentialFormat = z.union([
   z.literal("vc+sd-jwt"),
+  z.literal("dc+sd-jwt"),
   z.literal("mso_mdoc"),
 ]);

package/src/credential/issuance/index.ts

@@ -1,5 +1,9 @@
 import { type StartFlow } from "./01-start-flow";
-import { getIssuerConfig, type GetIssuerConfig } from "./02-get-issuer-config";
+import {
+  getIssuerConfig,
+  getIssuerConfigOIDFED,
+  type GetIssuerConfig,
+} from "./02-get-issuer-config";
 import {
   startUserAuthorization,
   type StartUserAuthorization,
@@ -28,6 +32,7 @@ import * as Errors from "./errors";
 
 export {
   getIssuerConfig,
+  getIssuerConfigOIDFED,
   startUserAuthorization,
   buildAuthorizationUrl,
   completeUserAuthorizationWithQueryMode,

package/src/credential/issuance/types.ts

@@ -1,14 +1,20 @@
-import { AuthorizationDetail } from "../../utils/par";
 import * as z from "zod";
-import { SupportedCredentialFormat } from "./const";
+
+export type AuthorizationDetail = z.infer<typeof AuthorizationDetail>;
+export const AuthorizationDetail = z.object({
+  type: z.literal("openid_credential"),
+  credential_configuration_id: z.string(),
+  credential_identifiers: z.array(z.string()),
+});
 
 export type TokenResponse = z.infer<typeof TokenResponse>;
 
 export const TokenResponse = z.object({
   access_token: z.string(),
   authorization_details: z.array(AuthorizationDetail),
-  c_nonce: z.string(),
-  c_nonce_expires_in: z.number(),
+  // IT Wallet 1.0 remove c_nonce from token, mantain optional for compatibility with Potential
+  c_nonce: z.string().optional(),
+  c_nonce_expires_in: z.number().optional(),
   expires_in: z.number(),
   token_type: z.string(),
 });
@@ -16,10 +22,12 @@ export const TokenResponse = z.object({
 export type CredentialResponse = z.infer<typeof CredentialResponse>;
 
 export const CredentialResponse = z.object({
-  c_nonce: z.string(),
-  c_nonce_expires_in: z.number(),
-  credential: z.string(),
-  format: SupportedCredentialFormat,
+  credentials: z.array(
+    z.object({
+      credential: z.string(),
+    })
+  ),
+  notification_id: z.string().optional(),
 });
 
 /**
@@ -30,3 +38,8 @@ export const ResponseUriResultShape = z.object({
 });
 
 export type ResponseMode = "query" | "form_post.jwt";
+
+export type NonceResponse = z.infer<typeof NonceResponse>;
+export const NonceResponse = z.object({
+  c_nonce: z.string(),
+});

package/src/credential/presentation/07-evaluate-dcql-query.ts

@@ -12,6 +12,7 @@ import { ValidationFailed } from "../../utils/errors";
 import { CredentialNotFoundError } from "./errors";
 import type { CredentialFormat, EvaluatedDisclosure } from "./types";
 import { CBOR } from "@pagopa/io-react-native-cbor";
+import { b64utob64 } from "jsrsasign";
 
 /**
  * The purpose for the credential request by the RP.
@@ -80,7 +81,7 @@ const mapCredentialsMdocToObj = async (
   return await Promise.all(
     credentialsMdoc?.map(async ([type, _, credential]) => {
       const issuerSigned = credential
-        ? await CBOR.decodeIssuerSigned(credential)
+        ? await CBOR.decodeIssuerSigned(b64utob64(credential))
         : undefined;
       if (!issuerSigned) {
         throw new CredentialNotFoundError(
@@ -151,15 +152,24 @@ export const evaluateDcqlQuery: EvaluateDcqlQuery = async (
           required: Boolean(credentialSet.required),
         }));
 
-      if (match.output.credential_format === "vc+sd-jwt") {
+      if (
+        match.output.credential_format === "vc+sd-jwt" ||
+        match.output.credential_format === "dc+sd-jwt"
+      ) {
         const { vct, claims } = match.output;
 
         const [, keyTag, credential] = credentialsSdJwt.find(
           ([type]) => type === vct
         )!;
-        const requiredDisclosures = Object.values(
-          claims
-        ) as EvaluatedDisclosure[];
+
+        const requiredDisclosures = Object.values(claims).map((item) => {
+          const [_, name, value] = item as [string, string, string];
+          return {
+            name,
+            value,
+          };
+        }) as EvaluatedDisclosure[];
+
         return {
           id,
           vct,

package/src/credential/presentation/07-evaluate-input-descriptor.ts

@@ -5,6 +5,7 @@ import { JSONPath } from "jsonpath-plus";
 import { MissingDataError, CredentialNotFoundError } from "./errors";
 import Ajv from "ajv";
 import { CBOR } from "@pagopa/io-react-native-cbor";
+import { b64utob64 } from "jsrsasign";
 
 const ajv = new Ajv({ allErrors: true });
 
@@ -253,6 +254,12 @@ export const evaluateInputDescriptorForMdoc: EvaluateInputDescriptorMdoc = (
     );
   }
 
+  if (requiredDisclosures.length === 0 && optionalDisclosures.length === 0) {
+    throw new MissingDataError(
+      "Credential validation failed: No required fields were requested and no optional field has been requested or found."
+    );
+  }
+
   return {
     requiredDisclosures,
     optionalDisclosures,
@@ -348,6 +355,12 @@ export const evaluateInputDescriptorForSdJwt4VC: EvaluateInputDescriptorSdJwt4VC
       );
     }
 
+    if (requiredDisclosures.length === 0 && optionalDisclosures.length === 0) {
+      throw new MissingDataError(
+        "Credential validation failed: No required fields were requested and no optional field has been requested or found."
+      );
+    }
+
     return {
       requiredDisclosures,
       optionalDisclosures,
@@ -465,7 +478,9 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
   const decodedMdocCredentials =
     (await Promise.all(
       credentialsMdoc?.map(async ([, keyTag, credential]) => {
-        const issuerSigned = await CBOR.decodeIssuerSigned(credential);
+        const issuerSigned = await CBOR.decodeIssuerSigned(
+          b64utob64(credential)
+        );
         if (!issuerSigned) {
           throw new CredentialNotFoundError(
             "mso_mdoc credential is not present."
@@ -483,7 +498,6 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
             "mso_mdoc credential is not supported."
           );
         }
-
         const { matchedEvaluation, matchedKeyTag, matchedCredential } =
           findCredentialMDoc(descriptor, decodedMdocCredentials);
 
@@ -495,10 +509,13 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
         };
       }
 
-      if (descriptor.format?.["vc+sd-jwt"]) {
+      if (
+        descriptor.format?.["vc+sd-jwt"] ||
+        descriptor.format?.["dc+sd-jwt"]
+      ) {
         if (!decodedSdJwtCredentials.length) {
           throw new CredentialNotFoundError(
-            "vc+sd-jwt credential is not supported."
+            "vc+sd-jwt or dc+sd-jwt credential is not supported."
           );
         }
 

package/src/credential/presentation/08-send-authorization-response.ts

@@ -338,7 +338,7 @@ export const sendAuthorizationResponseDcql: SendAuthorizationResponseDcql =
  * Prepares remote presentations for a set of credentials.
  *
  * For each credential, this function:
- * - Validates the credential format (currently supports 'mso_mdoc' and 'vc+sd-jwt').
+ * - Validates the credential format (currently supports 'mso_mdoc', 'vc+sd-jwt' or 'dc+sd-jwt').
  * - Generates a verifiable presentation token (vpToken) using the appropriate method.
  * - For ISO 18013-7, generates a special nonce with minimum entropy of 16.
  *
@@ -381,7 +381,7 @@ export const prepareRemotePresentations: PrepareRemotePresentations = async (
         };
       }
 
-      if (format === "vc+sd-jwt") {
+      if (format === "vc+sd-jwt" || format === "dc+sd-jwt") {
         const { vp_token } = await prepareVpToken(
           authRequestObject.nonce,
           authRequestObject.clientId,
@@ -396,7 +396,7 @@ export const prepareRemotePresentations: PrepareRemotePresentations = async (
           requestedClaims: [...item.requestedClaims.map(({ name }) => name)],
           credentialId: credentialInputId,
           vpToken: vp_token,
-          format: "vc+sd-jwt",
+          format,
         };
       }
 

package/src/credential/presentation/types.ts

@@ -13,6 +13,9 @@ export type CredentialFormat =
   | {
       format: "vc+sd-jwt";
     }
+  | {
+      format: "dc+sd-jwt";
+    }
   | {
       format: "mso_mdoc";
       doctype: string;

package/src/entity/openid-connect/issuer/types.ts

@@ -24,6 +24,7 @@ export const CredentialClaimDisplay = z.object({
 
 export const CredentialFormat = z.union([
   z.literal("vc+sd-jwt"),
+  z.literal("dc+sd-jwt"),
   z.literal("mso_mdoc"),
 ]);
 
@@ -41,7 +42,7 @@ export type CredentialConfigurationSupported = z.infer<
 >;
 export const CredentialConfigurationSupported = z.record(
   z.object({
-    cryptographic_suites_supported: z.array(z.string()),
+    cryptographic_suites_supported: z.array(z.string()).optional(),
     vct: z.string().optional(),
     scope: z.string().optional(),
     cryptographic_binding_methods_supported: z.array(z.string()),