@pagopa/io-react-native-wallet 1.7.0 → 2.0.0-next.0

package/lib/typescript/wallet-instance-attestation/types.d.ts

@@ -20,11 +20,11 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
         x5c?: string[] | undefined;
         trust_chain?: string[] | undefined;
     }>, z.ZodObject<{
-        typ: z.ZodLiteral<"war+jwt">;
+        typ: z.ZodLiteral<"wp-war+jwt">;
     }, "strip", z.ZodTypeAny, {
-        typ: "war+jwt";
+        typ: "wp-war+jwt";
     }, {
-        typ: "war+jwt";
+        typ: "wp-war+jwt";
     }>>;
     payload: z.ZodIntersection<z.ZodObject<{
         iss: z.ZodString;
@@ -228,27 +228,24 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
         };
     }>, z.ZodObject<{
         aud: z.ZodString;
-        jti: z.ZodString;
         nonce: z.ZodString;
+        hardware_signature: z.ZodString;
+        integrity_assertion: z.ZodString;
+        hardware_key_tag: z.ZodString;
     }, "strip", z.ZodTypeAny, {
         nonce: string;
+        hardware_key_tag: string;
         aud: string;
-        jti: string;
+        hardware_signature: string;
+        integrity_assertion: string;
     }, {
         nonce: string;
+        hardware_key_tag: string;
         aud: string;
-        jti: string;
+        hardware_signature: string;
+        integrity_assertion: string;
     }>>;
 }, "strip", z.ZodTypeAny, {
-    header: {
-        alg: string;
-        kid: string;
-        typ: string;
-        x5c?: string[] | undefined;
-        trust_chain?: string[] | undefined;
-    } & {
-        typ: "war+jwt";
-    };
     payload: {
         iss: string;
         iat: number;
@@ -283,10 +280,11 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
         };
     } & {
         nonce: string;
+        hardware_key_tag: string;
         aud: string;
-        jti: string;
+        hardware_signature: string;
+        integrity_assertion: string;
     };
-}, {
     header: {
         alg: string;
         kid: string;
@@ -294,8 +292,9 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
         x5c?: string[] | undefined;
         trust_chain?: string[] | undefined;
     } & {
-        typ: "war+jwt";
+        typ: "wp-war+jwt";
     };
+}, {
     payload: {
         iss: string;
         iat: number;
@@ -330,8 +329,19 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
         };
     } & {
         nonce: string;
+        hardware_key_tag: string;
         aud: string;
-        jti: string;
+        hardware_signature: string;
+        integrity_assertion: string;
+    };
+    header: {
+        alg: string;
+        kid: string;
+        typ: string;
+        x5c?: string[] | undefined;
+        trust_chain?: string[] | undefined;
+    } & {
+        typ: "wp-war+jwt";
     };
 }>;
 export type WalletInstanceAttestationJwt = z.infer<typeof WalletInstanceAttestationJwt>;
@@ -355,11 +365,14 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
         x5c?: string[] | undefined;
         trust_chain?: string[] | undefined;
     }>, z.ZodObject<{
-        typ: z.ZodLiteral<"wallet-attestation+jwt">;
+        typ: z.ZodLiteral<"oauth-client-attestation+jwt">;
+        trust_chain: z.ZodArray<z.ZodString, "many">;
     }, "strip", z.ZodTypeAny, {
-        typ: "wallet-attestation+jwt";
+        typ: "oauth-client-attestation+jwt";
+        trust_chain: string[];
     }, {
-        typ: "wallet-attestation+jwt";
+        typ: "oauth-client-attestation+jwt";
+        trust_chain: string[];
     }>>;
     payload: z.ZodIntersection<z.ZodObject<{
         iss: z.ZodString;
@@ -564,81 +577,20 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
     }>, z.ZodObject<{
         sub: z.ZodString;
         aal: z.ZodString;
-        authorization_endpoint: z.ZodString;
-        response_types_supported: z.ZodArray<z.ZodString, "many">;
-        vp_formats_supported: z.ZodObject<{
-            "vc+sd-jwt": z.ZodOptional<z.ZodObject<{
-                "sd-jwt_alg_values": z.ZodArray<z.ZodString, "many">;
-            }, "strip", z.ZodTypeAny, {
-                "sd-jwt_alg_values": string[];
-            }, {
-                "sd-jwt_alg_values": string[];
-            }>>;
-            "vp+sd-jwt": z.ZodOptional<z.ZodObject<{
-                "sd-jwt_alg_values": z.ZodArray<z.ZodString, "many">;
-            }, "strip", z.ZodTypeAny, {
-                "sd-jwt_alg_values": string[];
-            }, {
-                "sd-jwt_alg_values": string[];
-            }>>;
-        }, "strip", z.ZodTypeAny, {
-            "vc+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-            "vp+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-        }, {
-            "vc+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-            "vp+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-        }>;
-        request_object_signing_alg_values_supported: z.ZodArray<z.ZodString, "many">;
-        presentation_definition_uri_supported: z.ZodBoolean;
+        wallet_link: z.ZodOptional<z.ZodString>;
+        wallet_name: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
-        authorization_endpoint: string;
         sub: string;
         aal: string;
-        response_types_supported: string[];
-        vp_formats_supported: {
-            "vc+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-            "vp+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-        };
-        request_object_signing_alg_values_supported: string[];
-        presentation_definition_uri_supported: boolean;
+        wallet_link?: string | undefined;
+        wallet_name?: string | undefined;
     }, {
-        authorization_endpoint: string;
         sub: string;
         aal: string;
-        response_types_supported: string[];
-        vp_formats_supported: {
-            "vc+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-            "vp+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-        };
-        request_object_signing_alg_values_supported: string[];
-        presentation_definition_uri_supported: boolean;
+        wallet_link?: string | undefined;
+        wallet_name?: string | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
-    header: {
-        alg: string;
-        kid: string;
-        typ: string;
-        x5c?: string[] | undefined;
-        trust_chain?: string[] | undefined;
-    } & {
-        typ: "wallet-attestation+jwt";
-    };
     payload: {
         iss: string;
         iat: number;
@@ -672,22 +624,11 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
             };
         };
     } & {
-        authorization_endpoint: string;
         sub: string;
         aal: string;
-        response_types_supported: string[];
-        vp_formats_supported: {
-            "vc+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-            "vp+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-        };
-        request_object_signing_alg_values_supported: string[];
-        presentation_definition_uri_supported: boolean;
+        wallet_link?: string | undefined;
+        wallet_name?: string | undefined;
     };
-}, {
     header: {
         alg: string;
         kid: string;
@@ -695,8 +636,10 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
         x5c?: string[] | undefined;
         trust_chain?: string[] | undefined;
     } & {
-        typ: "wallet-attestation+jwt";
+        typ: "oauth-client-attestation+jwt";
+        trust_chain: string[];
     };
+}, {
     payload: {
         iss: string;
         iat: number;
@@ -730,28 +673,43 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
             };
         };
     } & {
-        authorization_endpoint: string;
         sub: string;
         aal: string;
-        response_types_supported: string[];
-        vp_formats_supported: {
-            "vc+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-            "vp+sd-jwt"?: {
-                "sd-jwt_alg_values": string[];
-            } | undefined;
-        };
-        request_object_signing_alg_values_supported: string[];
-        presentation_definition_uri_supported: boolean;
+        wallet_link?: string | undefined;
+        wallet_name?: string | undefined;
+    };
+    header: {
+        alg: string;
+        kid: string;
+        typ: string;
+        x5c?: string[] | undefined;
+        trust_chain?: string[] | undefined;
+    } & {
+        typ: "oauth-client-attestation+jwt";
+        trust_chain: string[];
     };
 }>;
-export type TokenResponse = z.infer<typeof TokenResponse>;
-export declare const TokenResponse: z.ZodObject<{
-    wallet_attestation: z.ZodString;
+export type WalletAttestationResponse = z.infer<typeof WalletAttestationResponse>;
+export declare const WalletAttestationResponse: z.ZodObject<{
+    wallet_attestations: z.ZodArray<z.ZodObject<{
+        wallet_attestation: z.ZodString;
+        format: z.ZodEnum<["jwt", "dc+sd-jwt", "mso_mdoc"]>;
+    }, "strip", z.ZodTypeAny, {
+        format: "jwt" | "dc+sd-jwt" | "mso_mdoc";
+        wallet_attestation: string;
+    }, {
+        format: "jwt" | "dc+sd-jwt" | "mso_mdoc";
+        wallet_attestation: string;
+    }>, "many">;
 }, "strip", z.ZodTypeAny, {
-    wallet_attestation: string;
+    wallet_attestations: {
+        format: "jwt" | "dc+sd-jwt" | "mso_mdoc";
+        wallet_attestation: string;
+    }[];
 }, {
-    wallet_attestation: string;
+    wallet_attestations: {
+        format: "jwt" | "dc+sd-jwt" | "mso_mdoc";
+        wallet_attestation: string;
+    }[];
 }>;
 //# sourceMappingURL=types.d.ts.map

package/lib/typescript/wallet-instance-attestation/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AA2BzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAe9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA8BvC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;EAExB,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AA2BzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiB9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiBvC,CAAC;AAEH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,yBAAyB,CACjC,CAAC;AACF,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;EAOpC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "1.7.0",
+  "version": "2.0.0-next.0",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -55,7 +55,6 @@
   "devDependencies": {
     "@pagopa/io-react-native-crypto": "^0.2.3",
     "@pagopa/io-react-native-jwt": "^2.1.0",
-    "@pagopa/io-react-native-cbor": "^1.2.4",
     "@react-native/eslint-config": "^0.75.5",
     "@rushstack/eslint-patch": "^1.3.2",
     "@types/jest": "^28.1.2",
@@ -80,7 +79,6 @@
   "peerDependencies": {
     "@pagopa/io-react-native-crypto": "*",
     "@pagopa/io-react-native-jwt": "*",
-    "@pagopa/io-react-native-cbor": "*",
     "react": "*",
     "react-native": "*"
   },
@@ -95,7 +93,10 @@
       "<rootDir>/lib/"
     ],
     "transformIgnorePatterns": [
-      "node_modules/(?!(jest-)?@react-native|react-native|uuid|@pagopa/io-react-native-cbor)"
+      "node_modules/(?!(jest-)?@react-native|react-native|uuid)"
+    ],
+    "setupFiles": [
+      "<rootDir>/jestSetup.js"
     ]
   },
   "react-native-builder-bob": {
@@ -113,16 +114,14 @@
     ]
   },
   "dependencies": {
-    "@types/jsrsasign": "^10.5.15",
-    "ajv": "^8.17.1",
-    "dcql": "^0.2.22",
+    "dcql": "^0.2.21",
     "js-base64": "^3.7.7",
     "js-sha256": "^0.9.0",
-    "jsonpath-plus": "^10.3.0",
-    "jsrsasign": "^11.1.0",
+    "jsonpath-plus": "^10.2.0",
     "parse-url": "^9.2.0",
     "react-native-url-polyfill": "^2.0.0",
     "react-native-uuid": "^2.0.1",
+    "uuid": "^11.0.3",
     "zod": "^3.21.4"
   }
 }

package/src/client/generated/wallet-provider.ts

@@ -10,6 +10,16 @@ export const WalletAttestationView = z.object({
   wallet_attestation: z.string(),
 });
 
+export type WalletAttestationsView = z.infer<typeof WalletAttestationsView>;
+export const WalletAttestationsView = z.object({
+  wallet_attestations: z.array(
+    z.object({
+      format: z.union([z.literal("jwt"), z.literal("dc+sd-jwt")]),
+      wallet_attestation: z.string(),
+    }),
+  ),
+});
+
 export type CreateWalletInstanceBody = z.infer<typeof CreateWalletInstanceBody>;
 export const CreateWalletInstanceBody = z.object({
   challenge: z.string(),
@@ -23,13 +33,9 @@ export const CreateWalletAttestationBody = z.object({
   assertion: z.string(),
 });
 
-export type ProblemDetail = z.infer<typeof ProblemDetail>;
-export const ProblemDetail = z.object({
-  type: z.string().optional(),
-  title: z.string().optional(),
-  status: z.number().optional(),
-  detail: z.string().optional(),
-  instance: z.string().optional(),
+export type CreateWalletAttestationV2Body = z.infer<typeof CreateWalletAttestationV2Body>;
+export const CreateWalletAttestationV2Body = z.object({
+  assertion: z.string(),
 });
 
 export type SetWalletInstanceStatusBody = z.infer<typeof SetWalletInstanceStatusBody>;
@@ -51,6 +57,15 @@ export const WalletInstanceData = z.object({
   revocation_reason: z.union([RevocationReason, z.undefined()]).optional(),
 });
 
+export type ProblemDetail = z.infer<typeof ProblemDetail>;
+export const ProblemDetail = z.object({
+  type: z.string().optional(),
+  title: z.string().optional(),
+  status: z.number().optional(),
+  detail: z.string().optional(),
+  instance: z.string().optional(),
+});
+
 export type get_GetNonce = typeof get_GetNonce;
 export const get_GetNonce = {
   method: z.literal("GET"),
@@ -69,6 +84,34 @@ export const post_CreateWalletInstance = {
   response: z.unknown(),
 };
 
+export type post_CreateWalletAttestation = typeof post_CreateWalletAttestation;
+export const post_CreateWalletAttestation = {
+  method: z.literal("POST"),
+  path: z.literal("/token"),
+  parameters: z.object({
+    body: CreateWalletAttestationBody,
+  }),
+  response: WalletAttestationView,
+};
+
+export type post_CreateWalletAttestationV2 = typeof post_CreateWalletAttestationV2;
+export const post_CreateWalletAttestationV2 = {
+  method: z.literal("POST"),
+  path: z.literal("/wallet-attestations"),
+  parameters: z.object({
+    body: CreateWalletAttestationV2Body,
+  }),
+  response: WalletAttestationsView,
+};
+
+export type get_GetCurrentWalletInstanceStatus = typeof get_GetCurrentWalletInstanceStatus;
+export const get_GetCurrentWalletInstanceStatus = {
+  method: z.literal("GET"),
+  path: z.literal("/wallet-instances/current/status"),
+  parameters: z.never(),
+  response: WalletInstanceData,
+};
+
 export type get_GetWalletInstanceStatus = typeof get_GetWalletInstanceStatus;
 export const get_GetWalletInstanceStatus = {
   method: z.literal("GET"),
@@ -94,25 +137,17 @@ export const put_SetWalletInstanceStatus = {
   response: z.unknown(),
 };
 
-export type post_CreateWalletAttestation = typeof post_CreateWalletAttestation;
-export const post_CreateWalletAttestation = {
-  method: z.literal("POST"),
-  path: z.literal("/token"),
-  parameters: z.object({
-    body: CreateWalletAttestationBody,
-  }),
-  response: WalletAttestationView,
-};
-
 // <EndpointByMethod>
 export const EndpointByMethod = {
   get: {
     "/nonce": get_GetNonce,
+    "/wallet-instances/current/status": get_GetCurrentWalletInstanceStatus,
     "/wallet-instances/{id}/status": get_GetWalletInstanceStatus,
   },
   post: {
     "/wallet-instances": post_CreateWalletInstance,
     "/token": post_CreateWalletAttestation,
+    "/wallet-attestations": post_CreateWalletAttestationV2,
   },
   put: {
     "/wallet-instances/{id}/status": put_SetWalletInstanceStatus,

package/src/credential/index.ts

@@ -1,3 +1,6 @@
 import * as Issuance from "./issuance";
 import * as Presentation from "./presentation";
-export { Issuance, Presentation };
+import * as Status from "./status";
+import * as Trustmark from "./trustmark";
+
+export { Issuance, Presentation, Status, Trustmark };

package/src/credential/issuance/01-start-flow.ts

@@ -1,5 +1,5 @@
 /**
- * WARNING: This is the first function to be called in the issuing flow. The next function to be called is {@link getIssuerConfig}.
+ * WARNING: This is the first function to be called in the issuing flow. The next function to be called is {@link evaluateIssuerTrust}.
  * The beginning of the issuing flow.
  * To be implemented accordind to the user touchpoint
  *

package/src/credential/issuance/02-evaluate-issuer-trust.ts

@@ -0,0 +1,32 @@
+import { getCredentialIssuerEntityConfiguration } from "../../trust";
+import { CredentialIssuerEntityConfiguration } from "../../trust/types";
+import type { StartFlow } from "./01-start-flow";
+import type { Out } from "../../utils/misc";
+
+export type EvaluateIssuerTrust = (
+  issuerUrl: Out<StartFlow>["issuerUrl"],
+  context?: {
+    appFetch?: GlobalFetch["fetch"];
+  }
+) => Promise<{
+  issuerConf: CredentialIssuerEntityConfiguration["payload"]["metadata"];
+}>;
+
+/**
+ * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
+ * The Issuer trust evaluation phase.
+ * Fetch the Issuer's configuration and verify trust.
+ *
+ * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @returns The Issuer's configuration
+ */
+export const evaluateIssuerTrust: EvaluateIssuerTrust = async (
+  issuerUrl,
+  context = {}
+) => {
+  const issuerConf = await getCredentialIssuerEntityConfiguration(issuerUrl, {
+    appFetch: context.appFetch,
+  }).then((_) => _.payload.metadata);
+  return { issuerConf };
+};

package/src/credential/issuance/03-start-user-authorization.ts

@@ -1,12 +1,14 @@
 import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 import type { ResponseMode } from "./types";
 import { generateRandomAlphaNumericString, type Out } from "../../utils/misc";
+import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import type { StartFlow } from "./01-start-flow";
 import { AuthorizationDetail, makeParRequest } from "../../utils/par";
-import type { GetIssuerConfig } from "./02-get-issuer-config";
+import { ASSERTION_TYPE } from "./const";
+import { LogLevel, Logger } from "../../utils/logging";
 
 export type StartUserAuthorization = (
-  issuerConf: Out<GetIssuerConfig>["issuerConf"],
+  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
   credentialType: Out<StartFlow>["credentialType"],
   context: {
     wiaCryptoContext: CryptoContext;
@@ -24,7 +26,7 @@ export type StartUserAuthorization = (
 /**
  * Ensures that the credential type requested is supported by the issuer and contained in the
  * issuer configuration.
- * @param issuerConf The issuer configuration returned by {@link getIssuerConfig}
+ * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
  * @param credentialType The type of the credential to be requested returned by {@link startFlow}
  * @param context.wiaCryptoContext The Wallet Instance's crypto context
  * @param context.walletInstanceAttestation The Wallet Instance's attestation
@@ -33,24 +35,27 @@ export type StartUserAuthorization = (
  * @returns The credential definition to be used in the request which includes the format and the type and its type
  */
 const selectCredentialDefinition = (
-  issuerConf: Out<GetIssuerConfig>["issuerConf"],
+  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
   credentialType: Out<StartFlow>["credentialType"]
 ): AuthorizationDetail => {
   const credential_configurations_supported =
-    issuerConf.credential_configurations_supported;
+    issuerConf.openid_credential_issuer.credential_configurations_supported;
 
-  const credential = credential_configurations_supported[credentialType];
+  const [result] = Object.keys(credential_configurations_supported)
+    .filter((e) => e.includes(credentialType))
+    .map((e) => ({
+      credential_configuration_id: credentialType,
+      format: credential_configurations_supported[e]!.format,
+      type: "openid_credential" as const,
+    }));
 
-  if (!credential) {
+  if (!result) {
+    Logger.log(
+      LogLevel.ERROR,
+      `Requested credential type ${credentialType} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`
+    );
     throw new Error(`No credential support the type '${credentialType}'`);
   }
-
-  const result = {
-    credential_configuration_id: credentialType,
-    format: credential.format,
-    type: "openid_credential" as const,
-  };
-
   return result;
 };
 
@@ -58,21 +63,36 @@ const selectCredentialDefinition = (
  * Ensures that the response mode requested is supported by the issuer and contained in the issuer configuration.
  * @param issuerConf The issuer configuration
  * @param credentialType The type of the credential to be requested
- * @returns The response mode to be used in the request, "query" for urn:eu.europa.ec.eudi:pid:1 and "form_post.jwt" for all other types.
+ * @returns The response mode to be used in the request, "query" for PersonIdentificationData and "form_post.jwt" for all other types.
  */
 const selectResponseMode = (
+  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
   credentialType: Out<StartFlow>["credentialType"]
 ): ResponseMode => {
+  const responseModeSupported =
+    issuerConf.oauth_authorization_server.response_modes_supported;
+
   const responseMode =
-    credentialType === "urn:eu.europa.ec.eudi:pid:1"
-      ? "query"
-      : "form_post.jwt";
+    credentialType === "PersonIdentificationData" ? "query" : "form_post.jwt";
+
+  Logger.log(
+    LogLevel.DEBUG,
+    `Selected response mode ${responseMode} for credential type ${credentialType}`
+  );
+
+  if (!responseModeSupported.includes(responseMode)) {
+    Logger.log(
+      LogLevel.ERROR,
+      `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`
+    );
+    throw new Error(`No response mode support the type '${credentialType}'`);
+  }
 
   return responseMode;
 };
 
 /**
- * WARNING: This function must be called after {@link getIssuerConfig} and {@link startFlow}. The next steam is {@link compeUserAuthorizationWithQueryMode} or {@link compeUserAuthorizationWithFormPostJwtMode}
+ * WARNING: This function must be called after {@link evaluateIssuerTrust} and {@link startFlow}. The next steam is {@link compeUserAuthorizationWithQueryMode} or {@link compeUserAuthorizationWithFormPostJwtMode}
  * Creates and sends a PAR request to the /as/par endpoint of the authorization server.
  * This starts the authentication flow to obtain an access token.
  * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer.
@@ -103,15 +123,20 @@ export const startUserAuthorization: StartUserAuthorization = async (
 
   const clientId = await wiaCryptoContext.getPublicKey().then((_) => _.kid);
   if (!clientId) {
+    Logger.log(
+      LogLevel.ERROR,
+      `Public key associated with kid ${clientId} not found in the device`
+    );
     throw new Error("No public key found");
   }
   const codeVerifier = generateRandomAlphaNumericString(64);
-  const parEndpoint = issuerConf.pushed_authorization_request_endpoint;
+  const parEndpoint =
+    issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
   const credentialDefinition = selectCredentialDefinition(
     issuerConf,
     credentialType
   );
-  const responseMode = selectResponseMode(credentialType);
+  const responseMode = selectResponseMode(issuerConf, credentialType);
 
   const getPar = makeParRequest({ wiaCryptoContext, appFetch });
   const issuerRequestUri = await getPar(
@@ -121,7 +146,8 @@ export const startUserAuthorization: StartUserAuthorization = async (
     responseMode,
     parEndpoint,
     walletInstanceAttestation,
-    [credentialDefinition]
+    [credentialDefinition],
+    ASSERTION_TYPE
   );
 
   return { issuerRequestUri, clientId, codeVerifier, credentialDefinition };