@pagopa/io-react-native-wallet 1.7.0 → 2.0.0-next.0

package/src/{entity/trust → trust}/types.ts

@@ -1,7 +1,7 @@
-import { UnixTime } from "../../sd-jwt/types";
-import { JWK } from "../../utils/jwk";
+import { UnixTime } from "../sd-jwt/types";
+import { JWK } from "../utils/jwk";
 import * as z from "zod";
-import { PresentationDefinition } from "../../credential/presentation/types";
+import { PresentationDefinition } from "../credential/presentation/types";
 
 export const TrustMark = z.object({ id: z.string(), trust_mark: z.string() });
 export type TrustMark = z.infer<typeof TrustMark>;
@@ -13,9 +13,11 @@ const RelyingPartyMetadata = z.object({
   jwks: z.object({ keys: z.array(JWK) }),
   contacts: z.array(z.string()).optional(),
   presentation_definition: PresentationDefinition.optional(),
-  presentation_definition_uri: z.string().optional(),
+  request_uris: z.array(z.string()).optional(),
+  authorization_signed_response_alg: z.string().optional(),
+  authorization_encrypted_response_alg: z.string().optional(),
+  authorization_encrypted_response_enc: z.string().optional(),
 });
-//.passthrough();
 
 // Display metadata for a credential, used by the issuer to
 // instruct the Wallet Solution on how to render the credential correctly
@@ -23,14 +25,6 @@ type CredentialDisplayMetadata = z.infer<typeof CredentialDisplayMetadata>;
 const CredentialDisplayMetadata = z.object({
   name: z.string(),
   locale: z.string(),
-  logo: z
-    .object({
-      url: z.string(),
-      alt_text: z.string(),
-    })
-    .optional(), // TODO [SIW-1268]: should not be optional
-  background_color: z.string().optional(), // TODO [SIW-1268]: should not be optional
-  text_color: z.string().optional(), // TODO [SIW-1268]: should not be optional
 });
 
 // Metadata for displaying issuer information
@@ -40,12 +34,6 @@ type CredentialIssuerDisplayMetadata = z.infer<
 const CredentialIssuerDisplayMetadata = z.object({
   name: z.string(),
   locale: z.string(),
-  logo: z
-    .object({
-      url: z.string(),
-      alt_text: z.string(),
-    })
-    .optional(), // TODO [SIW-1268]: should not be optional
 });
 
 type ClaimsMetadata = z.infer<typeof ClaimsMetadata>;
@@ -67,13 +55,13 @@ const IssuanceErrorSupported = z.object({
   ),
 });
 
-// Metadata for a credentia which is supported by a Issuer
+// Metadata for a credential which is supported by an Issuer
 type SupportedCredentialMetadata = z.infer<typeof SupportedCredentialMetadata>;
 const SupportedCredentialMetadata = z.object({
-  format: z.union([z.literal("vc+sd-jwt"), z.literal("mso_mdoc")]),
+  format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
   scope: z.string(),
   display: z.array(CredentialDisplayMetadata),
-  claims: ClaimsMetadata.optional(), // TODO [SIW-1268]: should not be optional
+  claims: ClaimsMetadata,
   cryptographic_binding_methods_supported: z.array(z.string()),
   credential_signing_alg_values_supported: z.array(z.string()),
   authentic_source: z.string().optional(),
@@ -91,7 +79,7 @@ export const EntityStatement = z.object({
     iss: z.string(),
     sub: z.string(),
     jwks: z.object({ keys: z.array(JWK) }),
-    trust_marks: z.array(TrustMark),
+    trust_marks: z.array(TrustMark).optional(),
     iat: z.number(),
     exp: z.number(),
   }),
@@ -107,7 +95,7 @@ export const EntityConfigurationHeader = z.object({
 });
 
 /**
- * @see https://openid.net/specs/openid-connect-federation-1_0-29.html#name-federation-entity
+ * @see https://openid.net/specs/openid-federation-1_0-41.html
  */
 const FederationEntityMetadata = z
   .object({
@@ -116,6 +104,9 @@ const FederationEntityMetadata = z
     federation_resolve_endpoint: z.string().optional(),
     federation_trust_mark_status_endpoint: z.string().optional(),
     federation_trust_mark_list_endpoint: z.string().optional(),
+    federation_trust_mark_endpoint: z.string().optional(),
+    federation_historical_keys_endpoint: z.string().optional(),
+    endpoint_auth_signing_alg_values_supported: z.string().optional(),
     organization_name: z.string().optional(),
     homepage_uri: z.string().optional(),
     policy_uri: z.string().optional(),
@@ -124,7 +115,7 @@ const FederationEntityMetadata = z
   })
   .passthrough();
 
-// Structuire common to every Entity Configuration document
+// Structure common to every Entity Configuration document
 const BaseEntityConfiguration = z.object({
   header: EntityConfigurationHeader,
   payload: z
@@ -175,30 +166,24 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(
         oauth_authorization_server: z.object({
           authorization_endpoint: z.string(),
           pushed_authorization_request_endpoint: z.string(),
-          dpop_signing_alg_values_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional
           token_endpoint: z.string(),
-          introspection_endpoint: z.string().optional(), // TODO [SIW-1268]: should not be optional
           client_registration_types_supported: z.array(z.string()),
           code_challenge_methods_supported: z.array(z.string()),
-          authorization_details_types_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional,
           acr_values_supported: z.array(z.string()),
           grant_types_supported: z.array(z.string()),
           issuer: z.string(),
           jwks: z.object({ keys: z.array(JWK) }),
           scopes_supported: z.array(z.string()),
-          request_parameter_supported: z.boolean().optional(), // TODO [SIW-1268]: should not be optional
-          request_uri_parameter_supported: z.boolean().optional(), // TODO [SIW-1268]: should not be optional
-          response_types_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional
           response_modes_supported: z.array(z.string()),
-          subject_types_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional
           token_endpoint_auth_methods_supported: z.array(z.string()),
           token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
           request_object_signing_alg_values_supported: z.array(z.string()),
         }),
-        /** Credential Issuers act as Relying Party
-            when they require the presentation of other credentials.
-            This does not apply for PID issuance, which requires CIE authz. */
-        wallet_relying_party: RelyingPartyMetadata.optional(),
+        /**
+         * Credential Issuers act as Relying Party when they require the presentation of other credentials.
+         * This does not apply for PID issuance, which requires CIE authz.
+         */
+        openid_credential_verifier: RelyingPartyMetadata.optional(),
       }),
     }),
   })
@@ -212,7 +197,7 @@ export const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(
   z.object({
     payload: z.object({
       metadata: z.object({
-        wallet_relying_party: RelyingPartyMetadata,
+        openid_credential_verifier: RelyingPartyMetadata,
       }),
     }),
   })
@@ -256,3 +241,5 @@ export const EntityConfiguration = z.union(
     description: "Any kind of Entity Configuration allowed in the ecosystem",
   }
 );
+
+export const FederationListResponse = z.array(z.string());

package/src/trust/utils.ts

@@ -0,0 +1,35 @@
+import {
+  decode as decodeJwt,
+  verify as verifyJwt,
+} from "@pagopa/io-react-native-jwt";
+
+import type { JWK, JWTDecodeResult } from "../utils/jwk";
+
+export type ParsedToken = {
+  header: JWTDecodeResult["protectedHeader"];
+  payload: JWTDecodeResult["payload"];
+};
+
+// Verify a token signature
+// The kid is extracted from the token header
+export const verify = async (
+  token: string,
+  kid: string,
+  jwks: JWK[]
+): Promise<ParsedToken> => {
+  const jwk = jwks.find((k) => k.kid === kid);
+  if (!jwk) {
+    throw new Error(`Invalid kid: ${kid}, token: ${token}`);
+  }
+  const { protectedHeader: header, payload } = await verifyJwt(token, jwk);
+  return { header, payload };
+};
+
+/**
+ * Return type for this function is necessary to avoid an issue during the bob build process.
+ * It seems like typescript can't correctly infer the return type of the function.
+ */
+export const decode = (token: string): ParsedToken => {
+  const { protectedHeader: header, payload } = decodeJwt(token);
+  return { header, payload };
+};

package/src/utils/crypto.ts

@@ -3,14 +3,10 @@ import {
   sign,
   generate,
   deleteKey,
-  type PublicKey,
 } from "@pagopa/io-react-native-crypto";
-import uuid from "react-native-uuid";
+import { v4 as uuidv4 } from "uuid";
 import { thumbprint, type CryptoContext } from "@pagopa/io-react-native-jwt";
-import { X509, KEYUTIL, RSAKey, KJUR } from "jsrsasign";
-import { JWK } from "./jwk";
-import { removePadding } from "@pagopa/io-react-native-jwt";
-import { Buffer } from "buffer";
+import { fixBase64EncodingOnKey } from "./jwk";
 
 /**
  * Create a CryptoContext bound to a key pair.
@@ -28,7 +24,7 @@ export const createCryptoContextFor = (keytag: string): CryptoContext => {
      */
     async getPublicKey() {
       return getPublicKey(keytag)
-        .then(fixBase64WithLeadingZero)
+        .then(fixBase64EncodingOnKey)
         .then(async (jwk) => ({
           ...jwk,
           // Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
@@ -50,45 +46,6 @@ export const createCryptoContextFor = (keytag: string): CryptoContext => {
   };
 };
 
-/**
- * This function takes a JSON Web Key (JWK) and returns a new JWK with its base64-url properties (x, y, e, n) processed.
- * Each property is passed through the `removeLeadingZeroAndParseb64u` function if it exists, which fixes any unwanted leading zeros.
- *
- * @param key - The input JSON Web Key that may contain properties with potential leading zero issues.
- * @returns A new JSON Web Key with the processed properties.
- */
-const fixBase64WithLeadingZero = (key: JWK): JWK => {
-  const { x, y, e, n, ...pk } = key;
-
-  return {
-    ...pk,
-    ...(x ? { x: removeLeadingZeroAndParseb64u(x) } : {}),
-    ...(y ? { y: removeLeadingZeroAndParseb64u(y) } : {}),
-    ...(e ? { e: removeLeadingZeroAndParseb64u(e) } : {}),
-    ...(n ? { n: removeLeadingZeroAndParseb64u(n) } : {}),
-  };
-};
-
-/**
- * This function processes a base64-encoded string to remove any unwanted leading zeros.
- * It converts the input base64 string into a buffer, then to a hex string, checks for a leading "00",
- * and removes it if present. The result is then converted back to a base64-url.
- *
- * @param input - The base64 encoded string to process.
- * @returns A new base64-url encoded string with any leading zero removed.
- */
-const removeLeadingZeroAndParseb64u = (input: string): string => {
-  // Decode base64 input into a Buffer
-  const buffer = Buffer.from(input, "base64");
-  const hex = buffer.toString("hex");
-  // If the hex string starts with "00", remove the first two characters
-  const fixedHex = hex.startsWith("00") ? hex.slice(2) : hex;
-  const newBuffer = Buffer.from(fixedHex, "hex");
-
-  // removePadding convert base64 string to base64-url
-  return removePadding(newBuffer.toString("base64"));
-};
-
 /**
  * Executes the input function injecting an ephemeral crypto context.
  * An ephemeral crypto context is a context which is bound to a key
@@ -101,67 +58,8 @@ export const withEphemeralKey = async <R>(
   fn: (ephemeralContext: CryptoContext) => Promise<R>
 ): Promise<R> => {
   // Use an ephemeral key to be destroyed after use
-  const keytag = `ephemeral-${uuid.v4()}`;
+  const keytag = `ephemeral-${uuidv4()}`;
   await generate(keytag);
   const ephemeralContext = createCryptoContextFor(keytag);
   return fn(ephemeralContext).finally(() => deleteKey(keytag));
 };
-
-/**
- * Converts a certificate string to PEM format.
- *
- * @param certificate - The certificate string.
- * @returns The PEM-formatted certificate.
- */
-export const convertCertToPem = (certificate: string): string =>
-  `-----BEGIN CERTIFICATE-----\n${certificate}\n-----END CERTIFICATE-----`;
-
-/**
- * Parses the public key from a PEM-formatted certificate.
- *
- * @param pemCert - The PEM-formatted certificate.
- * @returns The public key object.
- * @throws Will throw an error if the public key is unsupported.
- */
-export const parsePublicKey = (
-  pemCert: string
-): RSAKey | KJUR.crypto.ECDSA | undefined => {
-  const x509 = new X509();
-  x509.readCertPEM(pemCert);
-  const publicKey = x509.getPublicKey();
-
-  if (publicKey instanceof RSAKey || publicKey instanceof KJUR.crypto.ECDSA) {
-    return publicKey;
-  }
-
-  return undefined;
-};
-
-/**
- * Retrieves the signing JWK from the public key.
- *
- * @param publicKey - The public key object.
- * @returns The signing JWK.
- */
-export const getSigningJwk = (publicKey: RSAKey | KJUR.crypto.ECDSA): JWK => ({
-  ...JWK.parse(KEYUTIL.getJWKFromKey(publicKey)),
-  use: "sig",
-});
-
-/**
- * This function takes two {@link PublicKey} and evaluates and compares their thumbprints
- * @param key1 The first key
- * @param key2 The second key
- * @returns true if the keys' thumbprints are equal, false otherwise
- */
-export const compareKeysByThumbprint = async (
-  key1: PublicKey,
-  key2: PublicKey
-) => {
-  //Parallel for optimization
-  const [thumbprint1, thumbprint2] = await Promise.all([
-    thumbprint(key1),
-    thumbprint(key2),
-  ]);
-  return thumbprint1 === thumbprint2;
-};

package/src/utils/decoder.ts

@@ -1,6 +1,7 @@
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
-import { ValidationFailed } from "./errors";
 import type { JWTDecodeResult } from "./jwk";
+import { ValidationFailed } from "./errors";
+import { LogLevel, Logger } from "./logging";
 
 /*
  * Decode a form_post.jwt and return the final JWT.
@@ -47,6 +48,10 @@ export const getJwtFromFormPost = async (
     }
   }
 
+  Logger.log(
+    LogLevel.ERROR,
+    `Unable to obtain JWT from form_post.jwt. Form data: ${formData}`
+  );
   throw new ValidationFailed({
     message: `Unable to obtain JWT from form_post.jwt. Form data: ${formData}`,
   });

package/src/utils/error-codes.ts

@@ -1,9 +1,21 @@
 export const IssuerResponseErrorCodes = {
   IssuerGenericError: "ERR_ISSUER_GENERIC_ERROR",
+  /**
+   * Error code thrown when a credential cannot be issued immediately because it follows the async flow.
+   */
+  CredentialIssuingNotSynchronous: "ERR_CREDENTIAL_ISSUING_NOT_SYNCHRONOUS",
   /**
    * Error code thrown when an error occurs while requesting a credential.
    */
   CredentialRequestFailed: "ERR_CREDENTIAL_REQUEST_FAILED",
+  /**
+   * Error code thrown when a credential status is invalid, either during issuance or when requesting a status attestation.
+   */
+  CredentialInvalidStatus: "ERR_CREDENTIAL_INVALID_STATUS",
+  /**
+   * Error code thrown when an error occurs while obtaining a status attestation for a credential.
+   */
+  StatusAttestationRequestFailed: "ERR_STATUS_ATTESTATION_REQUEST_FAILED",
 } as const;
 
 export const WalletProviderResponseErrorCodes = {
@@ -31,8 +43,19 @@ export const WalletProviderResponseErrorCodes = {
   WalletInstanceNotFound: "ERR_IO_WALLET_INSTANCE_NOT_FOUND",
 } as const;
 
+export const RelyingPartyResponseErrorCodes = {
+  RelyingPartyGenericError: "ERR_RP_GENERIC_ERROR",
+  /**
+   * An error code thrown then the Relying Party rejects the Wallet's Authorization Response.
+   */
+  InvalidAuthorizationResponse: "ERR_RP_INVALID_AUTHORIZATION_RESPONSE",
+} as const;
+
 export type IssuerResponseErrorCode =
   (typeof IssuerResponseErrorCodes)[keyof typeof IssuerResponseErrorCodes];
 
 export type WalletProviderResponseErrorCode =
   (typeof WalletProviderResponseErrorCodes)[keyof typeof WalletProviderResponseErrorCodes];
+
+export type RelyingPartyResponseErrorCode =
+  (typeof RelyingPartyResponseErrorCodes)[keyof typeof RelyingPartyResponseErrorCodes];

package/src/utils/errors.ts

@@ -1,12 +1,19 @@
 import type { ProblemDetail } from "../client/generated/wallet-provider";
+import type { CredentialIssuerEntityConfiguration } from "../trust";
 import {
   IssuerResponseErrorCodes,
   WalletProviderResponseErrorCodes,
+  RelyingPartyResponseErrorCodes,
   type IssuerResponseErrorCode,
   type WalletProviderResponseErrorCode,
+  type RelyingPartyResponseErrorCode,
 } from "./error-codes";
 
-export { IssuerResponseErrorCodes, WalletProviderResponseErrorCodes };
+export {
+  IssuerResponseErrorCodes,
+  WalletProviderResponseErrorCodes,
+  RelyingPartyResponseErrorCodes,
+};
 
 // An error reason that supports both a string and a generic JSON object
 type GenericErrorReason = string | Record<string, unknown>;
@@ -109,8 +116,6 @@ export class UnexpectedStatusCodeError extends IoWalletError {
 /**
  * An error subclass thrown when an Issuer HTTP request fails.
  * The specific error can be found in the `code` property.
- *
- * The class is generic over the error code to narrow down the reason.
  */
 export class IssuerResponseError extends UnexpectedStatusCodeError {
   code: IssuerResponseErrorCode;
@@ -148,6 +153,117 @@ export class WalletProviderResponseError extends UnexpectedStatusCodeError {
   }
 }
 
+/**
+ * An error subclass thrown when a Relying Party HTTP request fails.
+ * The specific error can be found in the `code` property.
+ */
+export class RelyingPartyResponseError extends UnexpectedStatusCodeError {
+  code: RelyingPartyResponseErrorCode;
+
+  constructor(params: {
+    code?: RelyingPartyResponseErrorCode;
+    message: string;
+    reason: GenericErrorReason;
+    statusCode: number;
+  }) {
+    super(params);
+    this.code =
+      params.code ?? RelyingPartyResponseErrorCodes.RelyingPartyGenericError;
+  }
+}
+
+type LocalizedIssuanceError = {
+  [locale: string]: {
+    title: string;
+    description: string;
+  };
+};
+
+/**
+ * Function to extract the error message from the Entity Configuration's supported error codes.
+ * @param errorCode The error code to map to a meaningful message
+ * @param issuerConf The entity configuration for credentials
+ * @param credentialType The type of credential the error belongs to
+ * @returns A localized error {@link LocalizedIssuanceError} or undefined
+ * @throws {IoWalletError} When no credential config is found
+ */
+export function extractErrorMessageFromIssuerConf(
+  errorCode: string,
+  {
+    issuerConf,
+    credentialType,
+  }: {
+    issuerConf: CredentialIssuerEntityConfiguration["payload"]["metadata"];
+    credentialType: string;
+  }
+): LocalizedIssuanceError | undefined {
+  const credentialConfiguration =
+    issuerConf.openid_credential_issuer.credential_configurations_supported[
+      credentialType
+    ];
+
+  if (!credentialConfiguration) {
+    throw new IoWalletError(
+      `No configuration found for ${credentialType} in the provided EC`
+    );
+  }
+
+  const { issuance_errors_supported } = credentialConfiguration;
+
+  if (!issuance_errors_supported?.[errorCode]) {
+    return undefined;
+  }
+
+  const localesList = issuance_errors_supported[errorCode]!.display;
+
+  return localesList.reduce(
+    (acc, { locale, ...rest }) => ({ ...acc, [locale]: rest }),
+    {} as LocalizedIssuanceError
+  );
+}
+
+/**
+ * Factory function to create a type guard for specific error classes.
+ *
+ * @param errorClass The error class to create the type guard for
+ * @returns A type guard that checks if the error is an instance of the given class and has the expected code
+ */
+const makeErrorTypeGuard =
+  <T extends typeof UnexpectedStatusCodeError>(ErrorClass: T) =>
+  (error: unknown, code?: ExtractErrorCode<T>): error is InstanceType<T> =>
+    error instanceof ErrorClass && error.code === (code ?? error.code);
+
+export const isIssuerResponseError = makeErrorTypeGuard(IssuerResponseError);
+export const isWalletProviderResponseError = makeErrorTypeGuard(
+  WalletProviderResponseError
+);
+export const isRelyingPartyResponseError = makeErrorTypeGuard(
+  RelyingPartyResponseError
+);
+
+// Mapping type between error classes and their allowed codes
+type ErrorCodeMap =
+  | {
+      type: typeof IssuerResponseError;
+      code: IssuerResponseErrorCode;
+    }
+  | {
+      type: typeof WalletProviderResponseError;
+      code: WalletProviderResponseErrorCode;
+    }
+  | {
+      type: typeof RelyingPartyResponseError;
+      code: RelyingPartyResponseErrorCode;
+    };
+
+type ExtractErrorCode<T> = Extract<ErrorCodeMap, { type: T }>["code"];
+
+type ErrorCase<T> = {
+  code: ExtractErrorCode<T>;
+  message: string;
+  reason?: GenericErrorReason;
+};
+
 /**
  * Builder class used to create specialized errors from type {@link UnexpectedStatusCodeError} that handles multiple status codes.
  *
@@ -185,15 +301,3 @@ export class ResponseErrorBuilder<T extends typeof UnexpectedStatusCodeError> {
     return originalError;
   }
 }
-
-type ErrorCodeMap<T> = T extends typeof IssuerResponseError
-  ? IssuerResponseErrorCode
-  : T extends typeof WalletProviderResponseError
-    ? WalletProviderResponseErrorCode
-    : never;
-
-type ErrorCase<T> = {
-  code: ErrorCodeMap<T>;
-  message: string;
-  reason?: GenericErrorReason;
-};

package/src/utils/logging.ts

@@ -0,0 +1,68 @@
+/**
+ * Logger interface which can be provided to the Logger class as a custom implementation.
+ */
+export interface LoggingContext {
+  logDebug: (msg: string) => void;
+  logInfo: (msg: string) => void;
+  logWarn: (msg: string) => void;
+  logError: (msg: string) => void;
+}
+
+/**
+ * Supported debug levels.
+ */
+export enum LogLevel {
+  DEBUG,
+  INFO,
+  WARN,
+  ERROR,
+}
+
+/**
+ * Logger singleton class which provides a simple logging interface with an init function to set the logging context and
+ * a static log function to log messages based on the debug level.
+ * This can be used as follows:
+ * const logger = Logger.getInstance();
+ * logger.initLogging(yourLoggingContext);
+ * logger.log(LogLevel.DEBUG, "Debug message");
+ */
+export class Logger {
+  private static instance: Logger | null = null;
+  private static loggingContext?: LoggingContext;
+
+  // Private constructor to prevent direct instantiation
+  private constructor() {}
+
+  // Public static method to get the Logger instance
+  public static getInstance(): Logger {
+    if (Logger.instance === null) {
+      Logger.instance = new Logger();
+    }
+    return Logger.instance;
+  }
+
+  // Method to initialize the logging context
+  public initLogging(loggingCtx: LoggingContext): void {
+    Logger.loggingContext = loggingCtx;
+  }
+
+  // Method to log based on the level which wraps the null check for the logging context
+  public static log(level: LogLevel, msg: string): void {
+    if (Logger.loggingContext) {
+      switch (level) {
+        case LogLevel.DEBUG:
+          Logger.loggingContext.logDebug(msg);
+          break;
+        case LogLevel.INFO:
+          Logger.loggingContext.logInfo(msg);
+          break;
+        case LogLevel.WARN:
+          Logger.loggingContext.logWarn(msg);
+          break;
+        case LogLevel.ERROR:
+          Logger.loggingContext.logError(msg);
+          break;
+      }
+    }
+  }
+}

package/src/utils/misc.ts

@@ -1,5 +1,6 @@
 import { IoWalletError, UnexpectedStatusCodeError } from "./errors";
 import { sha256 } from "js-sha256";
+import { LogLevel, Logger } from "./logging";
 
 /**
  * Check if a response is in the expected status, otherwise throw an error
@@ -13,6 +14,10 @@ export const hasStatusOrThrow =
   async (res: Response): Promise<Response> => {
     if (res.status !== status) {
       const ErrorClass = customError ?? UnexpectedStatusCodeError;
+      Logger.log(
+        LogLevel.ERROR,
+        `Http request failed. Expected ${status}, got ${res.status}, url: ${res.url}`
+      );
       throw new ErrorClass({
         message: `Http request failed. Expected ${status}, got ${res.status}, url: ${res.url}`,
         statusCode: res.status,