npm - @pagopa/io-react-native-wallet - Versions diffs - 1.7.1 → 1.8.1 - Mend

@pagopa/io-react-native-wallet 1.7.1 → 1.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (153) hide show

package/src/client/generated/wallet-provider.ts CHANGED Viewed

@@ -1,5 +1,11 @@
 import z from "zod";
+export type ApplicationInfo = z.infer<typeof ApplicationInfo>;
+export const ApplicationInfo = z.object({
+  name: z.string(),
+  version: z.string(),
+});
 export type NonceDetailView = z.infer<typeof NonceDetailView>;
 export const NonceDetailView = z.object({
   nonce: z.string(),
@@ -10,6 +16,16 @@ export const WalletAttestationView = z.object({
   wallet_attestation: z.string(),
 });
+export type WalletAttestationsView = z.infer<typeof WalletAttestationsView>;
+export const WalletAttestationsView = z.object({
+  wallet_attestations: z.array(
+    z.object({
+      format: z.union([z.literal("jwt"), z.literal("dc+sd-jwt")]),
+      wallet_attestation: z.string(),
+    }),
+  ),
+});
 export type CreateWalletInstanceBody = z.infer<typeof CreateWalletInstanceBody>;
 export const CreateWalletInstanceBody = z.object({
   challenge: z.string(),
@@ -23,13 +39,9 @@ export const CreateWalletAttestationBody = z.object({
   assertion: z.string(),
 });
-export type ProblemDetail = z.infer<typeof ProblemDetail>;
-export const ProblemDetail = z.object({
-  type: z.string().optional(),
-  title: z.string().optional(),
-  status: z.number().optional(),
-  detail: z.string().optional(),
-  instance: z.string().optional(),
+export type CreateWalletAttestationV2Body = z.infer<typeof CreateWalletAttestationV2Body>;
+export const CreateWalletAttestationV2Body = z.object({
+  assertion: z.string(),
 });
 export type SetWalletInstanceStatusBody = z.infer<typeof SetWalletInstanceStatusBody>;
@@ -51,6 +63,15 @@ export const WalletInstanceData = z.object({
   revocation_reason: z.union([RevocationReason, z.undefined()]).optional(),
 });
+export type ProblemDetail = z.infer<typeof ProblemDetail>;
+export const ProblemDetail = z.object({
+  type: z.string().optional(),
+  title: z.string().optional(),
+  status: z.number().optional(),
+  detail: z.string().optional(),
+  instance: z.string().optional(),
+});
 export type get_GetNonce = typeof get_GetNonce;
 export const get_GetNonce = {
   method: z.literal("GET"),
@@ -104,6 +125,16 @@ export const post_CreateWalletAttestation = {
   response: WalletAttestationView,
 };
+export type post_CreateWalletAttestationV2 = typeof post_CreateWalletAttestationV2;
+export const post_CreateWalletAttestationV2 = {
+  method: z.literal("POST"),
+  path: z.literal("/wallet-attestations"),
+  parameters: z.object({
+    body: CreateWalletAttestationV2Body,
+  }),
+  response: WalletAttestationsView,
+};
 // <EndpointByMethod>
 export const EndpointByMethod = {
   get: {
@@ -113,6 +144,7 @@ export const EndpointByMethod = {
   post: {
     "/wallet-instances": post_CreateWalletInstance,
     "/token": post_CreateWalletAttestation,
+    "/wallet-attestations": post_CreateWalletAttestationV2,
   },
   put: {
     "/wallet-instances/{id}/status": put_SetWalletInstanceStatus,

package/src/credential/issuance/02-get-issuer-config.ts CHANGED Viewed

@@ -1,8 +1,9 @@
 import type { StartFlow } from "./01-start-flow";
-import type { Out } from "../../utils/misc";
+import { pathInsert, type Out } from "../../utils/misc";
 import type { JWK } from "src/utils/jwk";
 import { getCredentialIssuerMetadata } from "../../entity/openid-connect/issuer";
 import type { CredentialConfigurationSupported } from "../../entity/openid-connect/issuer/types";
+import { getCredentialIssuerEntityConfiguration } from "@pagopa/io-react-native-wallet";
 export type GetIssuerConfig = (
   issuerUrl: Out<StartFlow>["issuerUrl"],
@@ -21,12 +22,16 @@ export type IssuerConfig = {
   pushed_authorization_request_endpoint: string;
   authorization_endpoint: string;
   token_endpoint: string;
+  nonce_endpoint?: string;
   credential_endpoint: string;
+  issuer: string;
   keys: Array<JWK>;
 };
 /**
  * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
+ * WARNING: This function extracts the {@link IssuerConfig} from the OpenID Connect endpoint. For the OpenID Federation variant, use {@link getIssuerConfigOIDFED}.
+ * WARNING: The variants should not be used in conjunction.
  * Get the Issuer's configuration from the Issuer's metadata.
  * Currently it only supports a mixed configuration based on OpenID Connect partial implementation.
  * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
@@ -44,6 +49,27 @@ export const getIssuerConfig: GetIssuerConfig = async (
   return credentialIssuerRationalization(res);
 };
+/**
+ * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
+ * WARNING: This function extracts the {@link IssuerConfig} from the OpenID Federation EC. For the OpenID Connect variant, use {@link getIssuerConfig}.
+ * WARNING: The variants should not be used in conjunction.
+ * Get the Issuer's configuration from the Issuer's metadata fetched from the OpenID Federation system.
+ * Currently it only supports a mixed configuration based on OpenID Federation partial implementation.
+ * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @returns The Issuer's configuration
+ */
+export const getIssuerConfigOIDFED: GetIssuerConfig = async (
+  issuerUrl,
+  context = {}
+): ReturnType<GetIssuerConfig> => {
+  const res = await getCredentialIssuerEntityConfiguration(issuerUrl, {
+    appFetch: context.appFetch,
+  });
+  return credentialIssuerRationalizationOIDFED(res);
+};
 /**
  * Rationalize the issuer's metadata to the issuer's configuration which is then used in our flows to interact with the issuer.
  * @param issuerMetadata - The issuer's metadata
@@ -62,6 +88,77 @@ const credentialIssuerRationalization = (
       token_endpoint: issuerMetadata.token_endpoint,
       credential_endpoint: issuerMetadata.credential_endpoint,
       keys: issuerMetadata.jwks.keys,
+      issuer: issuerMetadata.authorization_endpoint,
+    },
+  };
+};
+/**
+ * Rationalize the issuer's metadata taken from OpenID Federation to the issuer's configuration which is then used in our flows to interact with the issuer.
+ * @param issuerMetadata - The issuer's metadata
+ * @returns the isssuer configuration to be used later in our flows
+ */
+const credentialIssuerRationalizationOIDFED = (
+  issuerMetadata: Awaited<
+    ReturnType<typeof getCredentialIssuerEntityConfiguration>
+  >
+): Awaited<ReturnType<GetIssuerConfig>> => {
+  const adapted_credential_configurations_supported: CredentialConfigurationSupported =
+    Object.fromEntries(
+      Object.entries(
+        issuerMetadata.payload.metadata.openid_credential_issuer
+          .credential_configurations_supported
+      ).map(([key, config]) => {
+        const claimsRaw = config.claims;
+        const claims: CredentialConfigurationSupported[string]["claims"] =
+          Object.entries(claimsRaw)
+            .map(([, v]) => ({
+              path: v.path,
+              details: {
+                mandatory: v.mandatory,
+                display: v.display,
+              },
+            }))
+            .reduce(
+              (cumulated, entry) =>
+                pathInsert(cumulated, entry.path, entry.details),
+              {}
+            );
+        const newConfig: CredentialConfigurationSupported[string] = {
+          ...config,
+          claims,
+          // cryptographic_suites_supported have been renamed credential_signing_alg_values_supported.
+          // We mantain it for Potential compatibility
+          cryptographic_suites_supported:
+            config.credential_signing_alg_values_supported!,
+        };
+        return [key, newConfig];
+      })
+    );
+  return {
+    issuerConf: {
+      credential_configurations_supported:
+        adapted_credential_configurations_supported,
+      pushed_authorization_request_endpoint:
+        issuerMetadata.payload.metadata.oauth_authorization_server
+          .pushed_authorization_request_endpoint,
+      authorization_endpoint:
+        issuerMetadata.payload.metadata.oauth_authorization_server
+          .authorization_endpoint,
+      token_endpoint:
+        issuerMetadata.payload.metadata.oauth_authorization_server
+          .token_endpoint,
+      credential_endpoint:
+        issuerMetadata.payload.metadata.openid_credential_issuer
+          .credential_endpoint,
+      keys: issuerMetadata.payload.metadata.openid_credential_issuer.jwks.keys,
+      issuer: issuerMetadata.payload.metadata.oauth_authorization_server.issuer,
+      nonce_endpoint:
+        issuerMetadata.payload.metadata.openid_credential_issuer.nonce_endpoint,
     },
   };
 };

package/src/credential/issuance/03-start-user-authorization.ts CHANGED Viewed

@@ -39,18 +39,17 @@ const selectCredentialDefinition = (
   const credential_configurations_supported =
     issuerConf.credential_configurations_supported;
-  const credential = credential_configurations_supported[credentialType];
+  const [result] = Object.keys(credential_configurations_supported)
+    .filter((e) => e.includes(credentialType))
+    .map(() => ({
+      credential_configuration_id: credentialType,
+      type: "openid_credential" as const,
+    }));
-  if (!credential) {
+  if (!result) {
     throw new Error(`No credential support the type '${credentialType}'`);
   }
-  const result = {
-    credential_configuration_id: credentialType,
-    format: credential.format,
-    type: "openid_credential" as const,
-  };
   return result;
 };

package/src/credential/issuance/06-obtain-credential.ts CHANGED Viewed

@@ -14,7 +14,7 @@ import {
   UnexpectedStatusCodeError,
   ValidationFailed,
 } from "../../utils/errors";
-import { CredentialResponse } from "./types";
+import { CredentialResponse, NonceResponse } from "./types";
 import { createDPopToken } from "../../utils/dpop";
 import uuid from "react-native-uuid";
@@ -22,13 +22,16 @@ export type ObtainCredential = (
   issuerConf: Out<GetIssuerConfig>["issuerConf"],
   accessToken: Out<AuthorizeAccess>["accessToken"],
   clientId: Out<StartUserAuthorization>["clientId"],
-  credentialDefinition: Out<StartUserAuthorization>["credentialDefinition"],
+  credentialDefinition: {
+    credential_configuration_id: string;
+    credential_identifier?: string;
+  },
   context: {
     dPopCryptoContext: CryptoContext;
     credentialCryptoContext: CryptoContext;
     appFetch?: GlobalFetch["fetch"];
   }
-) => Promise<CredentialResponse>;
+) => Promise<CredentialResponse["credentials"][number] & { format: string }>;
 export const createNonceProof = async (
   nonce: string,
@@ -82,6 +85,25 @@ export const obtainCredential: ObtainCredential = async (
   } = context;
   const credentialUrl = issuerConf.credential_endpoint;
+  const issuerUrl = issuerConf.issuer;
+  const nonceUrl = issuerConf.nonce_endpoint;
+  // Fetch the nonce from the Credential Issuer
+  const { c_nonce } = nonceUrl
+    ? await appFetch(nonceUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+      })
+        .then(hasStatusOrThrow(200))
+        .then((res) => res.json())
+        .then((body) => NonceResponse.parse(body))
+    : accessToken;
+  if (!c_nonce) {
+    throw new ValidationFailed({
+      message:
+        "Nonce Endpoint not found or access token does not contain the c_nonce",
+    });
+  }
   /**
    * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
@@ -89,17 +111,22 @@ export const obtainCredential: ObtainCredential = async (
    * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
    */
   const signedNonceProof = await createNonceProof(
-    accessToken.c_nonce,
+    c_nonce,
     clientId,
-    credentialUrl,
+    issuerUrl,
     credentialCryptoContext
   );
+  // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
   const containsCredentialDefinition = accessToken.authorization_details.some(
-    (detail) =>
-      detail.credential_configuration_id ===
+    (c) =>
+      c.credential_configuration_id ===
         credentialDefinition.credential_configuration_id &&
-      detail.type === credentialDefinition.type
+      (credentialDefinition.credential_identifier
+        ? c.credential_identifiers.includes(
+            credentialDefinition.credential_identifier
+          )
+        : true)
   );
   if (!containsCredentialDefinition) {
@@ -131,10 +158,7 @@ export const obtainCredential: ObtainCredential = async (
   /** The credential request body */
   const credentialRequestFormBody = {
-    ...(format === "mso_mdoc"
-      ? { doctype: credentialDefinition.credential_configuration_id }
-      : { vct: credentialDefinition.credential_configuration_id }),
-    format,
+    credential_identifier: credentialDefinition.credential_configuration_id,
     proof: {
       jwt: signedNonceProof,
       proof_type: "jwt",
@@ -171,8 +195,11 @@ export const obtainCredential: ObtainCredential = async (
     });
   }
-  /* temporary base64 parsing for the "mso_mdoc" format until the credential submission with this format is fixed. */
-  return credentialRes.data;
+  // We support only one credential for now
+  return {
+    format,
+    ...credentialRes.data.credentials.at(0)!,
+  };
 };
 /**

package/src/credential/issuance/07-verify-and-parse-credential.ts CHANGED Viewed

@@ -72,7 +72,9 @@ export const parseCredentialSdJwt = (
   ignoreMissingAttributes: boolean = false,
   includeUndefinedAttributes: boolean = false
 ): ParsedCredential => {
-  const credentialSubject = credentials_supported[sdJwt.payload.vct];
+  const credentialSubject = Object.entries(credentials_supported).find(
+    ([, vl]) => vl.vct === sdJwt.payload.vct
+  )?.[1];
   if (!credentialSubject) {
     throw new IoWalletError("Credential type not supported by the issuer");
@@ -388,7 +390,9 @@ type WithFormat<Format extends Parameters<VerifyAndParseCredential>[2]> = (
   _4: Parameters<VerifyAndParseCredential>[4]
 ) => ReturnType<VerifyAndParseCredential>;
-const verifyAndParseCredentialSdJwt: WithFormat<"vc+sd-jwt"> = async (
+const verifyAndParseCredentialSdJwt: WithFormat<
+  "vc+sd-jwt" | "dc+sd-jwt"
+> = async (
   issuerConf,
   credential,
   _,
@@ -485,7 +489,7 @@ export const verifyAndParseCredential: VerifyAndParseCredential = async (
   credentialType,
   context
 ) => {
-  if (format === "vc+sd-jwt") {
+  if (format === "vc+sd-jwt" || format === "dc+sd-jwt") {
     return verifyAndParseCredentialSdJwt(
       issuerConf,
       credential,

package/src/credential/issuance/README.md CHANGED Viewed

@@ -248,7 +248,7 @@ const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
 // Start the issuance flow
 const startFlow: Credential.Issuance.StartFlow = () => ({
   issuerUrl: WALLET_EID_PROVIDER_BASE_URL,
-  credentialType: "urn:eu.europa.ec.eudi:pid:1",
+  credentialType: "dc_sd_jwt_PersonIdentificationData",
   appFetch,
 });

package/src/credential/issuance/const.ts CHANGED Viewed

@@ -7,5 +7,6 @@ export type SupportedCredentialFormat = z.infer<
 >;
 export const SupportedCredentialFormat = z.union([
   z.literal("vc+sd-jwt"),
+  z.literal("dc+sd-jwt"),
   z.literal("mso_mdoc"),
 ]);

package/src/credential/issuance/index.ts CHANGED Viewed

@@ -1,5 +1,9 @@
 import { type StartFlow } from "./01-start-flow";
-import { getIssuerConfig, type GetIssuerConfig } from "./02-get-issuer-config";
+import {
+  getIssuerConfig,
+  getIssuerConfigOIDFED,
+  type GetIssuerConfig,
+} from "./02-get-issuer-config";
 import {
   startUserAuthorization,
   type StartUserAuthorization,
@@ -28,6 +32,7 @@ import * as Errors from "./errors";
 export {
   getIssuerConfig,
+  getIssuerConfigOIDFED,
   startUserAuthorization,
   buildAuthorizationUrl,
   completeUserAuthorizationWithQueryMode,

package/src/credential/issuance/types.ts CHANGED Viewed

@@ -1,14 +1,20 @@
-import { AuthorizationDetail } from "../../utils/par";
 import * as z from "zod";
-import { SupportedCredentialFormat } from "./const";
+export type AuthorizationDetail = z.infer<typeof AuthorizationDetail>;
+export const AuthorizationDetail = z.object({
+  type: z.literal("openid_credential"),
+  credential_configuration_id: z.string(),
+  credential_identifiers: z.array(z.string()),
+});
 export type TokenResponse = z.infer<typeof TokenResponse>;
 export const TokenResponse = z.object({
   access_token: z.string(),
   authorization_details: z.array(AuthorizationDetail),
-  c_nonce: z.string(),
-  c_nonce_expires_in: z.number(),
+  // IT Wallet 1.0 remove c_nonce from token, mantain optional for compatibility with Potential
+  c_nonce: z.string().optional(),
+  c_nonce_expires_in: z.number().optional(),
   expires_in: z.number(),
   token_type: z.string(),
 });
@@ -16,10 +22,12 @@ export const TokenResponse = z.object({
 export type CredentialResponse = z.infer<typeof CredentialResponse>;
 export const CredentialResponse = z.object({
-  c_nonce: z.string(),
-  c_nonce_expires_in: z.number(),
-  credential: z.string(),
-  format: SupportedCredentialFormat,
+  credentials: z.array(
+    z.object({
+      credential: z.string(),
+    })
+  ),
+  notification_id: z.string().optional(),
 });
 /**
@@ -30,3 +38,8 @@ export const ResponseUriResultShape = z.object({
 });
 export type ResponseMode = "query" | "form_post.jwt";
+export type NonceResponse = z.infer<typeof NonceResponse>;
+export const NonceResponse = z.object({
+  c_nonce: z.string(),
+});

package/src/credential/presentation/07-evaluate-dcql-query.ts CHANGED Viewed

@@ -12,6 +12,7 @@ import { ValidationFailed } from "../../utils/errors";
 import { CredentialNotFoundError } from "./errors";
 import type { CredentialFormat, EvaluatedDisclosure } from "./types";
 import { CBOR } from "@pagopa/io-react-native-cbor";
+import { b64utob64 } from "jsrsasign";
 /**
  * The purpose for the credential request by the RP.
@@ -80,7 +81,7 @@ const mapCredentialsMdocToObj = async (
   return await Promise.all(
     credentialsMdoc?.map(async ([type, _, credential]) => {
       const issuerSigned = credential
-        ? await CBOR.decodeIssuerSigned(credential)
+        ? await CBOR.decodeIssuerSigned(b64utob64(credential))
         : undefined;
       if (!issuerSigned) {
         throw new CredentialNotFoundError(
@@ -151,15 +152,24 @@ export const evaluateDcqlQuery: EvaluateDcqlQuery = async (
           required: Boolean(credentialSet.required),
         }));
-      if (match.output.credential_format === "vc+sd-jwt") {
+      if (
+        match.output.credential_format === "vc+sd-jwt" ||
+        match.output.credential_format === "dc+sd-jwt"
+      ) {
         const { vct, claims } = match.output;
         const [, keyTag, credential] = credentialsSdJwt.find(
           ([type]) => type === vct
         )!;
-        const requiredDisclosures = Object.values(
-          claims
-        ) as EvaluatedDisclosure[];
+        const requiredDisclosures = Object.values(claims).map((item) => {
+          const [_, name, value] = item as [string, string, string];
+          return {
+            name,
+            value,
+          };
+        }) as EvaluatedDisclosure[];
         return {
           id,
           vct,

package/src/credential/presentation/07-evaluate-input-descriptor.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import { JSONPath } from "jsonpath-plus";
 import { MissingDataError, CredentialNotFoundError } from "./errors";
 import Ajv from "ajv";
 import { CBOR } from "@pagopa/io-react-native-cbor";
+import { b64utob64 } from "jsrsasign";
 const ajv = new Ajv({ allErrors: true });
@@ -253,6 +254,12 @@ export const evaluateInputDescriptorForMdoc: EvaluateInputDescriptorMdoc = (
     );
   }
+  if (requiredDisclosures.length === 0 && optionalDisclosures.length === 0) {
+    throw new MissingDataError(
+      "Credential validation failed: No required fields were requested and no optional field has been requested or found."
+    );
+  }
   return {
     requiredDisclosures,
     optionalDisclosures,
@@ -348,6 +355,12 @@ export const evaluateInputDescriptorForSdJwt4VC: EvaluateInputDescriptorSdJwt4VC
       );
     }
+    if (requiredDisclosures.length === 0 && optionalDisclosures.length === 0) {
+      throw new MissingDataError(
+        "Credential validation failed: No required fields were requested and no optional field has been requested or found."
+      );
+    }
     return {
       requiredDisclosures,
       optionalDisclosures,
@@ -465,7 +478,9 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
   const decodedMdocCredentials =
     (await Promise.all(
       credentialsMdoc?.map(async ([, keyTag, credential]) => {
-        const issuerSigned = await CBOR.decodeIssuerSigned(credential);
+        const issuerSigned = await CBOR.decodeIssuerSigned(
+          b64utob64(credential)
+        );
         if (!issuerSigned) {
           throw new CredentialNotFoundError(
             "mso_mdoc credential is not present."
@@ -483,7 +498,6 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
             "mso_mdoc credential is not supported."
           );
         }
         const { matchedEvaluation, matchedKeyTag, matchedCredential } =
           findCredentialMDoc(descriptor, decodedMdocCredentials);
@@ -495,10 +509,13 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
         };
       }
-      if (descriptor.format?.["vc+sd-jwt"]) {
+      if (
+        descriptor.format?.["vc+sd-jwt"] ||
+        descriptor.format?.["dc+sd-jwt"]
+      ) {
         if (!decodedSdJwtCredentials.length) {
           throw new CredentialNotFoundError(
-            "vc+sd-jwt credential is not supported."
+            "vc+sd-jwt or dc+sd-jwt credential is not supported."
           );
         }

package/src/credential/presentation/08-send-authorization-response.ts CHANGED Viewed

@@ -338,7 +338,7 @@ export const sendAuthorizationResponseDcql: SendAuthorizationResponseDcql =
  * Prepares remote presentations for a set of credentials.
  *
  * For each credential, this function:
- * - Validates the credential format (currently supports 'mso_mdoc' and 'vc+sd-jwt').
+ * - Validates the credential format (currently supports 'mso_mdoc', 'vc+sd-jwt' or 'dc+sd-jwt').
  * - Generates a verifiable presentation token (vpToken) using the appropriate method.
  * - For ISO 18013-7, generates a special nonce with minimum entropy of 16.
  *
@@ -381,7 +381,7 @@ export const prepareRemotePresentations: PrepareRemotePresentations = async (
         };
       }
-      if (format === "vc+sd-jwt") {
+      if (format === "vc+sd-jwt" || format === "dc+sd-jwt") {
         const { vp_token } = await prepareVpToken(
           authRequestObject.nonce,
           authRequestObject.clientId,
@@ -396,7 +396,7 @@ export const prepareRemotePresentations: PrepareRemotePresentations = async (
           requestedClaims: [...item.requestedClaims.map(({ name }) => name)],
           credentialId: credentialInputId,
           vpToken: vp_token,
-          format: "vc+sd-jwt",
+          format,
         };
       }

package/src/credential/presentation/types.ts CHANGED Viewed

@@ -13,6 +13,9 @@ export type CredentialFormat =
   | {
       format: "vc+sd-jwt";
     }
+  | {
+      format: "dc+sd-jwt";
+    }
   | {
       format: "mso_mdoc";
       doctype: string;

package/src/entity/openid-connect/issuer/types.ts CHANGED Viewed

@@ -24,6 +24,7 @@ export const CredentialClaimDisplay = z.object({
 export const CredentialFormat = z.union([
   z.literal("vc+sd-jwt"),
+  z.literal("dc+sd-jwt"),
   z.literal("mso_mdoc"),
 ]);
@@ -41,7 +42,7 @@ export type CredentialConfigurationSupported = z.infer<
 >;
 export const CredentialConfigurationSupported = z.record(
   z.object({
-    cryptographic_suites_supported: z.array(z.string()),
+    cryptographic_suites_supported: z.array(z.string()).optional(),
     vct: z.string().optional(),
     scope: z.string().optional(),
     cryptographic_binding_methods_supported: z.array(z.string()),