npm - @pagopa/io-react-native-wallet - Versions diffs - 1.7.1 → 2.0.0-next.1 - Mend

@pagopa/io-react-native-wallet 1.7.1 → 2.0.0-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (443) hide show

package/lib/module/credential/presentation/08-send-authorization-response.js CHANGED Viewed

@@ -1,13 +1,10 @@
 import { EncryptJwe } from "@pagopa/io-react-native-jwt";
 import uuid from "react-native-uuid";
-import { NoSuitableKeysFoundInEntityConfiguration, CredentialNotFoundError } from "./errors";
+import { getJwksFromConfig } from "./04-retrieve-rp-jwks";
+import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
 import { hasStatusOrThrow } from "../../utils/misc";
 import * as z from "zod";
-import { Base64 } from "js-base64";
-import { prepareVpTokenMdoc } from "../../mdoc";
-import { generateRandomAlphaNumericString } from "../../utils/misc";
-import { createCryptoContextFor } from "../../utils/crypto";
-import { prepareVpToken } from "../../sd-jwt";
+import { RelyingPartyResponseError, ResponseErrorBuilder, UnexpectedStatusCodeError, RelyingPartyResponseErrorCodes } from "../../utils/errors";
 export const AuthorizationResponse = z.object({
   status: z.string().optional(),
   response_code: z.string() /**
@@ -22,24 +19,12 @@ export const AuthorizationResponse = z.object({
  * Selects a public key (with `use = enc`) from the set of JWK keys
  * offered by the Relying Party (RP) for encryption.
  *
- * Preference is given to EC keys (P-256 or P-384), followed by RSA keys,
- * based on compatibility and common usage for encryption.
- *
  * @param rpJwkKeys - The array of JWKs retrieved from the RP entity configuration.
  * @returns The first suitable public key found in the list.
  * @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable encryption key is found.
  */
 export const choosePublicKeyToEncrypt = rpJwkKeys => {
-  // First try to find RSA keys which are more commonly used for encryption
-  const encKeys = rpJwkKeys.filter(jwk => jwk.use === "enc");
-  // Prioritize EC keys first, then fall back to RSA keys if needed
-  // io-react-native-jwt support only EC keys with P-256 or P-384 curves
-  const ecEncKeys = encKeys.filter(jwk => jwk.kty === "EC" && (jwk.crv === "P-256" || jwk.crv === "P-384"));
-  const rsaEncKeys = encKeys.filter(jwk => jwk.kty === "RSA");
-  // Select the first available key based on priority
-  const encKey = ecEncKeys[0] || rsaEncKeys[0] || encKeys[0];
+  const encKey = rpJwkKeys.find(jwk => jwk.use === "enc");
   if (encKey) {
     return encKey;
   }
@@ -48,56 +33,36 @@ export const choosePublicKeyToEncrypt = rpJwkKeys => {
   throw new NoSuitableKeysFoundInEntityConfiguration("No suitable public key found for encryption.");
 };
-/**
- * Builds a URL-encoded form body for a direct POST response without encryption.
- *
- * @param requestObject - Contains state, nonce, and other relevant info.
- * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
- * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
- */
-export const buildDirectPostBody = async (requestObject, payload) => {
-  const formUrlEncodedBody = new URLSearchParams({
-    ...(requestObject.state ? {
-      state: requestObject.state
-    } : {}),
-    ...Object.fromEntries(Object.entries(payload).map(_ref => {
-      let [key, value] = _ref;
-      return [key, Array.isArray(value) || typeof value === "object" ? JSON.stringify(value) : value];
-    }))
-  });
-  return formUrlEncodedBody.toString();
-};
 /**
  * Builds a URL-encoded form body for a direct POST response using JWT encryption.
  *
  * @param jwkKeys - Array of JWKs from the Relying Party for encryption.
  * @param requestObject - Contains state, nonce, and other relevant info.
- * @param payload - Object that contains either the VP token to encrypt and the mapping of the credential disclosures or the error code
- * @param generatedNonce - Optional nonce for the `apu` claim in the JWE header, it is used during ISO 18013-7.
- * @returns A URL-encoded string for an `application/x-www-form-urlencoded` POST body,
- *          where `response` contains the encrypted JWE.
+ * @param payload - Object that contains the VP token to encrypt and the mapping of the credential disclosures
+ * @returns A URL-encoded string for an `application/x-www-form-urlencoded` POST body, where `response` contains the encrypted JWE.
  */
-export const buildDirectPostJwtBody = async (jwkKeys, requestObject, payload, generatedNonce) => {
+export const buildDirectPostJwtBody = async (requestObject, rpConf, payload) => {
   // Prepare the authorization response payload to be encrypted
   const authzResponsePayload = JSON.stringify({
     state: requestObject.state,
     ...payload
   });
-  const encPublicJwk = choosePublicKeyToEncrypt(jwkKeys);
+  // Choose a suitable public key for encryption
+  const {
+    keys
+  } = getJwksFromConfig(rpConf);
+  const encPublicJwk = choosePublicKeyToEncrypt(keys);
   // Encrypt the authorization payload
   const {
-    client_metadata
-  } = requestObject;
+    authorization_encrypted_response_alg,
+    authorization_encrypted_response_enc
+  } = rpConf.openid_credential_verifier;
+  const defaultAlg = encPublicJwk.kty === "EC" ? "ECDH-ES" : "RSA-OAEP-256";
   const encryptedResponse = await new EncryptJwe(authzResponsePayload, {
-    alg: (client_metadata === null || client_metadata === void 0 ? void 0 : client_metadata.authorization_encrypted_response_alg) || "RSA-OAEP-256",
-    enc: (client_metadata === null || client_metadata === void 0 ? void 0 : client_metadata.authorization_encrypted_response_enc) || "A256CBC-HS512",
-    kid: encPublicJwk.kid,
-    /* ISO 18013-7 */
-    apv: Base64.encodeURI(requestObject.nonce),
-    ...(generatedNonce ? {
-      apu: Base64.encodeURI(generatedNonce)
-    } : {})
+    alg: authorization_encrypted_response_alg || defaultAlg,
+    enc: authorization_encrypted_response_enc || "A256CBC-HS512",
+    kid: encPublicJwk.kid
   }).encrypt(encPublicJwk);
   // Build the x-www-form-urlencoded form body
@@ -111,13 +76,33 @@ export const buildDirectPostJwtBody = async (jwkKeys, requestObject, payload, ge
 };
 /**
- * Type definition for the function that sends the authorization response
- * to the Relying Party, completing the presentation flow.
+ * Builds a URL-encoded form body for a direct POST response without encryption.
+ *
+ * @param requestObject - Contains state, nonce, and other relevant info.
+ * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
+ * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
  */
+export const buildDirectPostBody = async (requestObject, payload) => {
+  const formUrlEncodedBody = new URLSearchParams({
+    ...(requestObject.state && {
+      state: requestObject.state
+    }),
+    ...Object.entries(payload).reduce((acc, _ref) => {
+      let [key, value] = _ref;
+      return {
+        ...acc,
+        [key]: Array.isArray(value) || typeof value === "object" ? JSON.stringify(value) : value
+      };
+    }, {})
+  });
+  return formUrlEncodedBody.toString();
+};
 /**
  * Type definition for the function that sends the authorization response
  * to the Relying Party, completing the presentation flow.
+ * Use with `presentation_definition`.
+ * @deprecated Use `sendAuthorizationResponse`
  */
 /**
@@ -131,172 +116,124 @@ export const buildDirectPostJwtBody = async (jwkKeys, requestObject, payload, ge
  * @param context - Contains optional custom fetch implementation.
  * @returns Parsed and validated authorization response from the Relying Party.
  */
-export const sendAuthorizationResponse = async function (requestObject, presentationDefinitionId, jwkKeys, remotePresentation) {
-  var _presentations$;
+export const sendLegacyAuthorizationResponse = async function (requestObject, presentationDefinitionId, remotePresentations, rpConf) {
+  var _remotePresentations$;
   let {
     appFetch = fetch
   } = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : {};
-  const {
-    generatedNonce,
-    presentations
-  } = remotePresentation;
   /**
    * 1. Prepare the VP token and presentation submission
    * If there is only one credential, `vpToken` is a single string.
    * If there are multiple credential, `vpToken` is an array of string.
    **/
-  const vp_token = (presentations === null || presentations === void 0 ? void 0 : presentations.length) === 1 ? (_presentations$ = presentations[0]) === null || _presentations$ === void 0 ? void 0 : _presentations$.vpToken : presentations.map(presentation => presentation.vpToken);
-  const descriptor_map = presentations.map((presentation, index) => ({
-    id: presentation.credentialId,
-    path: (presentations === null || presentations === void 0 ? void 0 : presentations.length) === 1 ? `$` : `$[${index}]`,
-    format: presentation.format
+  const vp_token = (remotePresentations === null || remotePresentations === void 0 ? void 0 : remotePresentations.length) === 1 ? (_remotePresentations$ = remotePresentations[0]) === null || _remotePresentations$ === void 0 ? void 0 : _remotePresentations$.vpToken : remotePresentations.map(remotePresentation => remotePresentation.vpToken);
+  const descriptor_map = remotePresentations.map((remotePresentation, index) => ({
+    id: remotePresentation.inputDescriptor.id,
+    path: remotePresentations.length === 1 ? `$` : `$[${index}]`,
+    format: remotePresentation.format
   }));
   const presentation_submission = {
     id: uuid.v4(),
     definition_id: presentationDefinitionId,
     descriptor_map
   };
-  // 2. Choose the appropriate request body builder based on response mode
-  const requestBody = requestObject.response_mode === "direct_post.jwt" ? await buildDirectPostJwtBody(jwkKeys, requestObject, {
+  const requestBody = await buildDirectPostJwtBody(requestObject, rpConf, {
     vp_token,
     presentation_submission
-  }, generatedNonce) : await buildDirectPostBody(requestObject, {
-    vp_token,
-    presentation_submission: presentation_submission
   });
   // 3. Send the authorization response via HTTP POST and validate the response
-  const authResponse = await appFetch(requestObject.response_uri, {
+  return await appFetch(requestObject.response_uri, {
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded"
     },
     body: requestBody
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.safeParse);
-  // Some Relying Parties may return an empty body.
-  return authResponse.success ? authResponse.data : {};
+  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse);
 };
 /**
  * Type definition for the function that sends the authorization response
  * to the Relying Party, completing the presentation flow.
+ * Use with DCQL queries.
  */
-/**
- * Sends the authorization error response to the Relying Party (RP) using the specified `response_mode`.
- * This function completes the presentation flow in an OpenID 4 Verifiable Presentations scenario.
- *
- * @param requestObject - The request details, including presentation requirements.
- * @param error - The response error value
- * @param jwkKeys - Array of JWKs from the Relying Party for optional encryption.
- * @param context - Contains optional custom fetch implementation.
- * @returns Parsed and validated authorization response from the Relying Party.
- */
-export const sendAuthorizationErrorResponse = async function (requestObject, error, jwkKeys) {
+export const sendAuthorizationResponse = async function (requestObject, remotePresentations, rpConf) {
   let {
     appFetch = fetch
   } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
-  // 2. Choose the appropriate request body builder based on response mode
-  const requestBody = requestObject.response_mode === "direct_post.jwt" ? await buildDirectPostJwtBody(jwkKeys, requestObject, {
-    error
-  }) : await buildDirectPostBody(requestObject, {
-    error
+  // 1. Prepare the VP token as a JSON object with keys corresponding to the DCQL query credential IDs
+  const requestBody = await buildDirectPostJwtBody(requestObject, rpConf, {
+    vp_token: remotePresentations.reduce((acc, presentation) => ({
+      ...acc,
+      [presentation.credentialId]: presentation.vpToken
+    }), {})
   });
-  // 3. Send the authorization error response via HTTP POST and validate the response
+  // 2. Send the authorization response via HTTP POST and validate the response
   return await appFetch(requestObject.response_uri, {
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded"
     },
     body: requestBody
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse);
+  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse).catch(handleAuthorizationResponseError);
 };
-export const sendAuthorizationResponseDcql = async function (requestObject, jwkKeys, remotePresentation) {
+/**
+ * Type definition for the function that sends the authorization response
+ * to the Relying Party, completing the presentation flow.
+ */
+/**
+ * Sends the authorization error response to the Relying Party (RP) using the specified `response_mode`.
+ * This function completes the presentation flow in an OpenID 4 Verifiable Presentations scenario.
+ *
+ * @param requestObject - The request details, including presentation requirements.
+ * @param error - The response error value, with description
+ * @param context - Contains optional custom fetch implementation.
+ * @returns Parsed and validated authorization response from the Relying Party.
+ */
+export const sendAuthorizationErrorResponse = async function (requestObject, _ref2) {
+  let {
+    error,
+    errorDescription
+  } = _ref2;
   let {
     appFetch = fetch
-  } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
-  const {
-    generatedNonce,
-    presentations
-  } = remotePresentation;
-  // 1. Prepare the VP token as a JSON object with keys corresponding to the DCQL query credential IDs
-  const requestBody = await buildDirectPostJwtBody(jwkKeys, requestObject, {
-    vp_token: presentations.reduce((acc, presentation) => ({
-      ...acc,
-      [presentation.credentialId]: presentation.vpToken
-    }), {})
-  }, generatedNonce);
-  // 2. Send the authorization response via HTTP POST and validate the response
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const requestBody = await buildDirectPostBody(requestObject, {
+    error,
+    error_description: errorDescription
+  });
   return await appFetch(requestObject.response_uri, {
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded"
     },
     body: requestBody
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse);
+  }).then(hasStatusOrThrow(200, RelyingPartyResponseError)).then(res => res.json()).then(AuthorizationResponse.parse);
 };
 /**
- * Prepares remote presentations for a set of credentials.
- *
- * For each credential, this function:
- * - Validates the credential format (currently supports 'mso_mdoc' and 'vc+sd-jwt').
- * - Generates a verifiable presentation token (vpToken) using the appropriate method.
- * - For ISO 18013-7, generates a special nonce with minimum entropy of 16.
- *
- * @param credentials - An array of credential items containing format, credential data, requested claims, and key information.
- * @param authRequestObject - The authentication request object containing nonce, clientId, and responseUri.
- * @returns A promise that resolves to an object containing an array of presentations and the generated nonce.
- * @throws {CredentialNotFoundError} When the credential format is unsupported.
+ * Handle the the presentation error by mapping it to a custom exception.
+ * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
+ * @param e - The error to be handled
+ * @throws {RelyingPartyResponseError} with a specific code for more context
  */
-export const prepareRemotePresentations = async (credentials, authRequestObject) => {
-  /* In case of ISO 18013-7 we need a nonce, it shall have a minimum entropy of 16  */
-  const generatedNonce = generateRandomAlphaNumericString(16);
-  const presentations = await Promise.all(credentials.map(async item => {
-    const {
-      credentialInputId,
-      format
-    } = item;
-    if (format === "mso_mdoc") {
-      const {
-        vp_token
-      } = await prepareVpTokenMdoc(authRequestObject.nonce, generatedNonce, authRequestObject.clientId, authRequestObject.responseUri, item.doctype, item.keyTag, [item.credential, item.requestedClaims, createCryptoContextFor(item.keyTag)]);
-      return {
-        requestedClaims: [...item.requestedClaims.map(_ref2 => {
-          let {
-            name
-          } = _ref2;
-          return name;
-        })],
-        credentialId: credentialInputId,
-        vpToken: vp_token,
-        format: "mso_mdoc"
-      };
-    }
-    if (format === "vc+sd-jwt") {
-      const {
-        vp_token
-      } = await prepareVpToken(authRequestObject.nonce, authRequestObject.clientId, [item.credential, item.requestedClaims, createCryptoContextFor(item.keyTag)]);
-      return {
-        requestedClaims: [...item.requestedClaims.map(_ref3 => {
-          let {
-            name
-          } = _ref3;
-          return name;
-        })],
-        credentialId: credentialInputId,
-        vpToken: vp_token,
-        format: "vc+sd-jwt"
-      };
-    }
-    throw new CredentialNotFoundError(`${format} format is not supported.`);
-  }));
-  return {
-    presentations,
-    generatedNonce
-  };
+const handleAuthorizationResponseError = e => {
+  if (!(e instanceof UnexpectedStatusCodeError)) {
+    throw e;
+  }
+  throw new ResponseErrorBuilder(RelyingPartyResponseError).handle(400, {
+    code: RelyingPartyResponseErrorCodes.InvalidAuthorizationResponse,
+    message: "The Authorization Response contains invalid parameters or it is malformed"
+  }).handle(403, {
+    code: RelyingPartyResponseErrorCodes.InvalidAuthorizationResponse,
+    message: "The Authorization Response was forbidden"
+  }).handle("*", {
+    code: RelyingPartyResponseErrorCodes.RelyingPartyGenericError,
+    message: "Unable to successfully send the Authorization Response"
+  }).buildFrom(e);
 };
 //# sourceMappingURL=08-send-authorization-response.js.map

package/lib/module/credential/presentation/08-send-authorization-response.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["EncryptJwe","uuid","~~NoSuitableKeysFoundInEntityConfiguration~~","~~CredentialNotFoundError~~","hasStatusOrThrow","z","~~Base64~~","~~prepareVpTokenMdoc~~","~~generateRandomAlphaNumericString~~","~~createCryptoContextFor~~","~~prepareVpToken","~~AuthorizationResponse","object","status","string","optional","response_code","redirect_uri","choosePublicKeyToEncrypt","rpJwkKeys","~~encKeys~~","~~filter~~","jwk","use","~~ecEncKeys~~","~~kty~~","~~crv~~","~~rsaEncKeys~~","~~encKey~~","~~buildDirectPostBody~~","~~requestObject~~","~~payload","formUrlEncodedBody","URLSearchParams","~~state","~~Object~~","~~fromEntries~~","~~entries~~","~~map~~","~~_ref~~","~~key~~","~~value~~","~~Array~~","~~isArray~~","~~JSON~~","~~stringify~~","~~toString~~","~~buildDirectPostJwtBody~~","~~jwkKeys~~","~~generatedNonce~~","~~authzResponsePayload~~","~~encPublicJwk~~","~~client_metadata~~","~~encryptedResponse~~","~~alg~~","~~authorization_encrypted_response_alg~~","~~enc~~","~~authorization_encrypted_response_enc~~","~~kid~~","~~apv~~","~~encodeURI~~","~~nonce~~","~~apu~~","~~encrypt","formBody","response","sendAuthorizationResponse","~~presentationDefinitionId","~~remotePresentation~~","~~_presentations~~$","appFetch","fetch","arguments","length","undefined","~~presentations~~","~~vp_token~~","~~vpToken~~","~~presentation~~","descriptor_map","index","id","~~credentialId~~","path","format","presentation_submission","v4","definition_id","requestBody","~~response_mode","authResponse","~~response_uri","method","headers","body","then","res","json","~~safeParse","success","data","sendAuthorizationErrorResponse","error","~~parse","~~sendAuthorizationResponseDcql~~","~~reduce~~","~~acc~~","~~prepareRemotePresentations~~","~~credentials~~","~~authRequestObject~~","~~Promise~~","~~all~~","~~item~~","~~credentialInputId~~","~~clientId~~","~~responseUri~~","~~doctype~~","~~keyTag~~","~~credential~~","~~requestedClaims~~","~~_ref2~~"~~,"name","_ref3"~~],"sourceRoot":"../../../../src","sources":["credential/presentation/08-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,QAAQ,6BAA6B;AACxD,OAAOC,IAAI,MAAM,mBAAmB;~~AAGpC~~,~~SACEC~~,~~wCAAwC~~,~~EACxCC~~,uBAAuB,~~QAClB~~,UAAU;~~AACjB~~,SAASC,gBAAgB,QAAkB,kBAAkB;AAO7D,OAAO,KAAKC,CAAC,MAAM,KAAK;~~AAExB~~,~~SAASC~~,~~MAAM~~,~~QAAQ~~,~~WAAW;AAElC~~,~~SAASC~~,~~kBAAkB~~,~~QAAQ~~,~~YAAY;AAC/C~~,~~SAASC~~,~~gCAAgC,QAAQ,kBAAkB;AACnE,SAASC,sBAAsB,QAAQ,~~oBAAoB;~~AAC3D~~,~~SAASC,cAAc,QAAQ,cAAc;AAG7C,~~OAAO,MAAMC,qBAAqB,~~GAAGN~~,CAAC,~~CAACO~~,MAAM,CAAC;EAC5CC,MAAM,~~EAAER~~,CAAC,~~CAACS~~,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC7BC,aAAa,~~EAAEX~~,CAAC,~~CACbS~~,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTC,QAAQ,CAAC,CAAC;EACbE,YAAY,~~EAAEZ~~,CAAC,~~CAACS~~,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA~~;AACA;AACA;AACA~~,OAAO,MAAMG,wBAAwB,GACnCC,SAAiC,IACzB;EACR~~;EACA~~,MAAMC,~~OAAO~~,GAAGD,SAAS,CAACE,~~MAAM~~,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC~~;;EAE5D~~;~~EACA;EACA~~,~~MAAMC~~,~~SAAS~~,~~GAAGJ~~,~~OAAO~~,~~CAACC~~,MAAM,~~CAC7BC~~,~~GAAG~~,~~IAAKA~~,~~GAAG~~,~~CAACG~~,~~GAAG~~,~~KAAK~~,~~IAAI~~,~~KAAKH~~,GAAG,~~CAACI~~,~~GAAG~~,~~KAAK~~,~~OAAO~~,~~IAAIJ~~,~~GAAG~~,~~CAACI~~,~~GAAG,KAAK,OAAO,CAC1E,CAAC~~;~~EACD~~,MAAMC,~~UAAU~~,~~GAAGP~~,~~OAAO~~,CAACC,~~MAAM~~,~~CAAEC~~,~~GAAG~~,~~IAAKA~~,~~GAAG~~,~~CAACG~~,~~GAAG,~~KAAK,~~KAAK~~,CAAC~~;;EAE7D~~;EACA,~~MAAMG,~~MAAM,~~GAAGJ,SAAS,~~CAAC,~~CAAC~~,~~CAAC~~,~~IAAIG~~,~~UAAU~~,CAAC,~~CAAC~~,~~CAAC~~,~~IAAIP~~,~~OAAO~~,~~CAAC~~,~~CAAC~~,CAAC;~~EAE1D~~,~~IAAIQ,~~MAAM~~,EAAE~~;~~IACV~~,~~OAAOA,MAAM~~;~~EACf;;EAEA~~;~~EACA~~,~~MAAM~~,~~IAAI1B~~,~~wCAAwC~~,~~CAChD~~,~~8CACF,CAAC~~;~~AACH~~,~~CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA~~,~~OAAO~~,~~MAAM2B~~,~~mBAAmB~~,GAAG,~~MAAAA~~,~~CACjCC~~,~~aAAiE~~,~~EACjEC~~,~~OAAuC~~,~~KACnB~~;~~EACpB~~,MAAMC,~~kBAAkB~~,GAAG,~~IAAIC~~,~~eAAe~~,~~CAAC;IAC7C~~,~~IAAIH~~,~~aAAa~~,~~CAACI~~,~~KAAK,~~GAAG~~;MAAEA~~,~~KAAK~~,~~EAAEJ~~,~~aAAa~~,~~CAACI~~;~~IAAM~~,~~CAAC,~~GAAG,~~CAAC~~,~~CAAC~~,~~CAAC~~;~~IAC9D~~,~~GAAGC~~,~~MAAM~~,~~CAACC~~,~~WAAW~~,~~CACnBD~~,~~MAAM~~,~~CAACE~~,OAAO,~~CAACN~~,~~OAAO~~,CAAC~~,CAACO,GAAG,CAACC,IAAA,IAAkB~~;~~MAAA~~,~~IAAjB~~,~~CAACC~~,GAAG,~~EAAEC~~,~~KAAK~~,CAAC~~,GAAAF,IAAA~~;~~MACvC~~,~~OAAO~~,~~CACLC~~,~~GAAG~~,~~EACHE~~,~~KAAK~~,~~CAACC~~,~~OAAO,CAACF,~~KAAK,~~CAAC~~,~~IAAI,OAAOA,~~KAAK,~~KAAK~~,~~QAAQ~~,~~GAC7CG~~,~~IAAI~~,~~CAACC~~,~~SAAS,CAACJ,KAAK,~~CAAC,~~GACrBA,KAAK,CACV;IACH,~~CAAC~~,CACH~~;~~EACF~~,CAAC,CAAC;~~EAEF~~,~~OAAOT~~,~~kBAAkB~~,~~CAACc~~,QAAQ,CAAC,CAAC;~~AACtC~~,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA~~;AACA;AACA;AACA~~,OAAO,MAAMC,~~sBAAsB~~,GAAG,MAAAA,~~CACpCC~~,~~OAA+B~~,~~EAC/BlB~~,~~aAAiE,EACjEC,~~OAAuC,~~EACvCkB,cAAuB,KACH~~;EACpB~~;EACA~~,~~MAAMC~~,~~oBAAoB~~,~~GAAGN~~,~~IAAI~~,~~CAACC~~,~~SAAS,~~CAAC;~~IAC1CX~~,~~KAAK~~,~~EAAEJ,~~aAAa,~~CAACI~~,KAAK~~;IAC1B~~,~~GAAGH~~;~~EACL~~,~~CAAC~~,~~CAAC;EAEF~~,~~MAAMoB~~,~~YAAY~~,~~GAAGjC,wBAAwB,CAAC8B,OAAO,~~CAAC~~;EACtD;EACA~~,~~MAAM;IAAEI;EAAgB,~~CAAC~~,GAAGtB,aAAa~~;~~EACzC~~,~~MAAMuB~~,~~iBAAiB,GAAG,~~MAAM,~~IAAIrD~~,~~UAAU~~,~~CAACkD~~,~~oBAAoB~~,~~EAAE;IACnEI~~,~~GAAG~~,~~EACD~~,~~CAACF~~,~~eAAe~~,~~aAAfA,eAAe,uBAAfA,eAAe,CAAEG,oCAAoC,KAEnC,cAAc;IACnCC,~~GAAG,~~EACD~~,~~CAACJ,eAAe,aAAfA,eAAe,uBAAfA,eAAe,CAAEK,oCAAoC,KAE9B,eAAe~~;~~IACzCC~~,~~GAAG~~,~~EAAEP~~,~~YAAY,CAACO,~~GAAG~~;IACrB;IACAC~~,~~GAAG~~,~~EAAErD~~,~~MAAM,CAACsD,SAAS,CAAC9B,aAAa,~~CAAC+B,~~KAAK~~,~~CAAC~~;~~IAC1C~~,~~IAAIZ~~,~~cAAc~~,GAAG;~~MAAEa~~,~~GAAG~~,~~EAAExD,MAAM,CAACsD,SAAS,CAACX,cAAc;IAAE,CAAC,~~GAAG,~~CAAC~~,~~CAAC;EACrE~~,~~CAAC~~,~~CAAC,CAACc,~~OAAO,~~CAACZ~~,~~YAAY~~,CAAC~~;;EAExB;EACA~~,~~MAAMa~~,~~QAAQ~~,~~GAAG~~,~~IAAI/B~~,~~eAAe,CAAC;IACnCgC,~~QAAQ,~~EAAEZ~~,~~iBAAiB;IAC3B~~,~~IAAIvB~~,~~aAAa~~,~~CAACI~~,KAAK,~~GAAG~~;~~MAAEA~~,~~KAAK,EAAEJ,aAAa,CAACI~~;~~IAAM~~,CAAC,~~GAAG~~,CAAC,~~CAAC~~;~~EAC/D~~,CAAC,CAAC;~~EACF~~,~~OAAO8B~~,~~QAAQ~~,~~CAAClB~~,QAAQ,CAAC,CAAC;~~AAC5B~~,CAAC;;AAED;AACA;AACA;AACA~~;;AAWA~~;AACA;AACA~~;AACA~~;;~~AAUA~~;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,~~MAAMoB~~,~~yBAAoD~~,~~GAAG,~~eAAAA,~~CAClEpC~~,aAAa,~~EACbqC~~,wBAAwB,~~EACxBnB~~,~~OAAO~~,~~EACPoB~~,~~kBAAkB~~,~~EAEiB~~;EAAA,~~IAAAC~~,~~eAAA~~;EAAA,IADnC;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB~~,MAAM~~;~~IAAEvB,cAAc~~;~~IAAE0B;EAAc,CAAC,GAAGP,kBAAkB;EAC5D;AACF;~~AACA;AACA;AACA;~~EACE~~,~~MAAMQ~~,QAAQ,GACZ,~~CAAAD~~,~~aAAa~~,~~aAAbA~~,~~aAAa~~,~~uBAAbA~~,~~aAAa~~,~~CAAEF~~,MAAM,MAAK,CAAC,IAAAJ,~~eAAA~~,~~GACvBM~~,~~aAAa~~,CAAC,CAAC,CAAC,~~cAAAN~~,~~eAAA~~,~~uBAAhBA~~,~~eAAA~~,~~CAAkBQ~~,OAAO,~~GACzBF~~,~~aAAa~~,~~CAACrC~~,GAAG,~~CAAEwC~~,~~YAAY~~,IAAKA,~~YAAY~~,~~CAACD~~,~~OAAO~~,CAAC;~~EAE/D~~,~~MAAME~~,cAAc,~~GAAGJ~~,~~aAAa~~,~~CAACrC~~,GAAG,~~CAAC~~,~~CAACwC~~,~~YAAY~~,EAAEE,KAAK,MAAM;~~IACjEC~~,EAAE,EAAEH,~~YAAY~~,CAACI,~~YAAY;IAC7BC~~,~~IAAI~~,EAAE,~~CAAAR~~,~~aAAa~~,~~aAAbA~~,~~aAAa~~,~~uBAAbA,aAAa,CAAEF,~~MAAM,~~MAAK~~,CAAC,GAAI,GAAE,GAAI,KAAIO,KAAM,GAAE;~~IACvDI~~,MAAM,EAAEN,~~YAAY~~,CAACM;~~EACvB~~,CAAC,~~CAAC~~,CAAC;~~EAEH~~,MAAMC,uBAAuB,GAAG;IAC9BJ,EAAE,~~EAAEhF~~,IAAI,~~CAACqF~~,EAAE,CAAC,CAAC;IACbC,aAAa,EAAEpB,wBAAwB;IACvCY;EACF,CAAC;;EAED~~;EACA~~,MAAMS,WAAW,~~GACf1D~~,~~aAAa~~,~~CAAC2D,aAAa,KAAK,iBAAiB,GAC7C,MAAM1C,~~sBAAsB,~~CAC1BC~~,~~OAAO,EACPlB,~~aAAa,~~EACb;IACE8C~~,~~QAAQ;IACRS;EACF~~,~~CAAC,EACDpC,cACF,CAAC,GACD,MAAMpB,mBAAmB,CAACC,aAAa,~~EAAE;~~IACvC8C~~,QAAQ;~~IACRS,uBAAuB,EAAEA~~;~~EAC3B~~,CAAC,CAAC;;~~EAER~~;EACA,~~MAAMK~~,~~YAAY~~,~~GAAG,MAAMpB,~~QAAQ,~~CAACxC~~,aAAa,~~CAAC6D~~,YAAY,EAAE;~~IAC9DC~~,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,~~EAAEN~~;EACR,CAAC,CAAC,~~CACCO~~,IAAI,~~CAAC3F~~,gBAAgB,CAAC,GAAG,CAAC,CAAC,~~CAC3B2F~~,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,~~CAACpF~~,qBAAqB,~~CAACuF~~,~~SAAS~~,CAAC~~;;EAExC~~;~~EACA~~,~~OAAOR,YAAY,CAACS,OAAO,GAAGT,YAAY,CAACU,IAAI,GAAG,~~CAAC~~,CAAC;AACtD,CAAC~~;;~~AAED~~;AACA;AACA;AACA;;AAUA~~;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA~~,OAAO,MAAMC,~~8BAA8D~~,~~GACzE~~,eAAAA,~~CACEvE~~,aAAa,~~EACbwE~~,~~KAAK~~,~~EACLtD~~,~~OAAO~~,~~EAE4B~~;EAAA,IADnC;~~IAAEsB~~,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;EACA,MAAMgB,WAAW,~~GACf1D~~,~~aAAa~~,~~CAAC2D~~,aAAa,~~KAAK~~,~~iBAAiB~~,~~GAC7C~~,~~MAAM1C~~,~~sBAAsB~~,CAACC,~~OAAO~~,~~EAAElB~~,~~aAAa~~,~~EAAE~~;~~IAAEwE~~;~~EAAM~~,~~CAAC~~,~~CAAC~~,~~GAC/D~~,~~MAAMzE~~,~~mBAAmB~~,~~CAACC~~,~~aAAa~~,~~EAAE~~;~~IAAEwE;EAAM~~,CAAC,CAAC;~~EACzD;~~EACA,OAAO,~~MAAMhC~~,QAAQ,~~CAACxC~~,aAAa,~~CAAC6D~~,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,~~EAAEN~~;EACR,CAAC,CAAC,~~CACCO~~,IAAI,~~CAAC3F~~,gBAAgB,CAAC,GAAG,CAAC,CAAC,~~CAC3B2F~~,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,~~CAACpF~~,qBAAqB,~~CAAC4F~~,KAAK,CAAC;~~AACtC~~,CAAC;~~AAEH~~,OAAO,MAAMC,~~6BAA4D~~,~~GACvE~~,eAAAA,~~CACE1E~~,aAAa,~~EACbkB~~,~~OAAO~~,~~EACPoB~~,~~kBAAkB~~,~~EAEiB~~;EAAA,~~IADnC~~;~~IAAEE~~,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,~~MAAM;IAAEvB~~,~~cAAc;IAAE0B;EAAc,CAAC,GAAGP,kBAAkB;EAC5D;EACA,MAAMoB,~~WAAW,GAAG,~~MAAMzC~~,~~sBAAsB~~,~~CAC9CC~~,~~OAAO,EACPlB,~~aAAa,~~EACb~~;~~IACE8C~~,~~QAAQ,EAAED,aAAa,CAAC8B,MAAM,CAC5B,CAACC,GAAG,EAAE5B,YAAY,MAAM~~;~~MACtB~~,~~GAAG4B~~,~~GAAG~~;~~MACN~~,~~CAAC5B,YAAY,CAACI,YAAY,GAAGJ,YAAY,CAACD;IAC5C,~~CAAC,CAAC~~,EACF,CAAC,CACH~~;~~EACF~~,~~CAAC,EACD5B,cACF,CAAC;;EAED;EACA,~~OAAO,~~MAAMqB~~,QAAQ,~~CAACxC~~,aAAa,~~CAAC6D~~,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,~~EAAEN~~;EACR,CAAC,CAAC,~~CACCO~~,IAAI,~~CAAC3F~~,gBAAgB,CAAC,GAAG,CAAC,CAAC,~~CAC3B2F~~,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,~~CAACpF~~,qBAAqB,~~CAAC4F~~,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA~~;AACA;AACA;AACA;AACA;AACA;AACA;AACA~~,~~OAAO~~,~~MAAMI~~,~~0BAAsD~~,~~GAAG~~,~~MAAAA~~,~~CACpEC~~,~~WAAW~~,~~EACXC~~,~~iBAAiB~~,~~KACd;EACH;EACA~~,~~MAAM5D,cAAc,GAAGzC,gCAAgC,~~CAAC,EAAE~~,CAAC~~;~~EAE3D~~,~~MAAMmE~~,~~aAAa,GAAG,MAAMmC,OAAO,CAACC,GAAG,CACrCH,WAAW,CAACtE,GAAG,~~CAAC~~,MAAO0E,IAAI,IAAK~~;~~IAC9B,MAAM~~;~~MAAEC~~,~~iBAAiB;MAAE7B;IAAO,CAAC,GAAG4B,IAAI;IAE1C,IAAI5B,~~MAAM,~~KAAK~~,~~UAAU~~,~~EAAE;MACzB~~,~~MAAM;QAAER;MAAS~~,CAAC,~~GAAG~~,~~MAAMrE,kBAAkB,CAC3CsG,iBAAiB,CAAChD,KAAK,EACvBZ,cAAc,EACd4D,iBAAiB,CAACK,QAAQ,EAC1BL,iBAAiB,CAACM,WAAW,EAC7BH,IAAI,CAACI,OAAO,EACZJ,IAAI,CAACK,~~MAAM,~~EACX,CACEL,IAAI,CAACM,UAAU,EACfN,IAAI,CAACO,eAAe,EACpB9G,sBAAsB,CAACuG,IAAI,CAACK,MAAM,~~CAAC,~~CAEvC~~,~~CAAC;MAED,OAAO;QACLE,eAAe,~~EAAE~~,CAAC,GAAGP,IAAI,CAACO,eAAe,CAACjF,GAAG,CAACkF,KAAA~~;~~UAAA~~,~~IAAC;YAAEC;UAAK,CAAC,GAAAD,KAAA;UAAA,OAAKC,~~IAAI~~;QAAA~~,~~EAAC~~,~~CAAC;QAClEvC~~,~~YAAY~~,~~EAAE+B,iBAAiB~~;~~QAC/BpC~~,OAAO,~~EAAED,QAAQ~~;~~QACjBQ~~,~~MAAM~~,~~EAAE;MACV,~~CAAC~~;IACH;IAEA~~,~~IAAIA~~,MAAM,~~KAAK~~,~~WAAW~~,EAAE;~~MAC1B~~,~~MAAM;QAAER;MAAS,CAAC,GAAG,MAAMlE,cAAc,CACvCmG,iBAAiB,CAAChD,KAAK,EACvBgD,iBAAiB,CAACK,QAAQ,EAC1B,CACEF,~~IAAI,~~CAACM~~,~~UAAU~~,~~EACfN~~,~~IAAI,CAACO,eAAe,EACpB9G,sBAAsB,CAACuG,IAAI,CAACK,MAAM,CAAC,CAEvC,CAAC~~;~~MAED~~,OAAO~~;QACLE~~,~~eAAe,~~EAAE,CAAC,~~GAAGP~~,~~IAAI~~,~~CAACO~~,~~eAAe~~,~~CAACjF,~~GAAG,~~CAACoF,KAAA~~;~~UAAA~~,~~IAAC;YAAED;UAAK~~,~~CAAC~~,~~GAAAC~~,~~KAAA;UAAA,OAAKD,IAAI;QAAA,EAAC,~~CAAC~~;QAClEvC,YAAY,EAAE~~+B,~~iBAAiB~~;~~QAC/BpC~~,OAAO,~~EAAED,QAAQ;QACjBQ,MAAM,~~EAAE;~~MACV~~,CAAC~~;IACH;IAEA~~,~~MAAM~~,~~IAAIjF~~,~~uBAAuB~~,~~CAAE~~,~~GAAEiF,MAAO,2BAA0B,~~CAAC~~;EACzE~~,CAAC~~,CACH,CAAC~~;~~EAED~~,~~OAAO;IACLT,aAAa;IACb1B;EACF,~~CAAC~~;AACH,CAAC~~"}
1	+ {"version":3,"names":["EncryptJwe","uuid","getJwksFromConfig","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","z","RelyingPartyResponseError","ResponseErrorBuilder","UnexpectedStatusCodeError","RelyingPartyResponseErrorCodes","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","encPublicJwk","authorization_encrypted_response_alg","authorization_encrypted_response_enc","openid_credential_verifier","defaultAlg","kty","encryptedResponse","alg","enc","kid","encrypt","formBody","URLSearchParams","response","toString","buildDirectPostBody","formUrlEncodedBody","Object","entries","reduce","acc","_ref","key","value","Array","isArray","sendLegacyAuthorizationResponse","presentationDefinitionId","remotePresentations","_remotePresentations$","appFetch","fetch","arguments","length","undefined","vp_token","vpToken","map","remotePresentation","descriptor_map","index","id","inputDescriptor","path","format","presentation_submission","v4","definition_id","requestBody","response_uri","method","headers","body","then","res","json","parse","sendAuthorizationResponse","presentation","credentialId","catch","handleAuthorizationResponseError","sendAuthorizationErrorResponse","_ref2","error","errorDescription","error_description","e","handle","code","InvalidAuthorizationResponse","message","RelyingPartyGenericError","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/presentation/08-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,QAAQ,6BAA6B;AACxD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,iBAAiB,QAAwB,uBAAuB;AAEzE,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAO7D,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,SACEC,yBAAyB,EACzBC,oBAAoB,EACpBC,yBAAyB,EACzBC,8BAA8B,QACzB,oBAAoB;AAG3B,OAAO,MAAMC,qBAAqB,GAAGL,CAAC,CAACM,MAAM,CAAC;EAC5CC,MAAM,EAAEP,CAAC,CAACQ,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC7BC,aAAa,EAAEV,CAAC,CACbQ,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTC,QAAQ,CAAC,CAAC;EACbE,YAAY,EAAEX,CAAC,CAACQ,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMG,wBAAwB,GACnCC,SAAiC,IACzB;EACR,MAAMC,MAAM,GAAGD,SAAS,CAACE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EAEzD,IAAIH,MAAM,EAAE;IACV,OAAOA,MAAM;EACf;;EAEA;EACA,MAAM,IAAIhB,wCAAwC,CAChD,8CACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMoB,sBAAsB,GAAG,MAAAA,CACpCC,aAAwD,EACxDC,MAA8D,EAC9DC,OAAuC,KACnB;EAGpB;EACA,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEN,aAAa,CAACM,KAAK;IAC1B,GAAGJ;EACL,CAAC,CAAC;EACF;EACA,MAAM;IAAEK;EAAK,CAAC,GAAG7B,iBAAiB,CAACuB,MAAM,CAAC;EAC1C,MAAMO,YAAY,GAAGf,wBAAwB,CAACc,IAAI,CAAC;;EAEnD;EACA,MAAM;IACJE,oCAAoC;IACpCC;EACF,CAAC,GAAGT,MAAM,CAACU,0BAA0B;EAErC,MAAMC,UAAsB,GAC1BJ,YAAY,CAACK,GAAG,KAAK,IAAI,GAAG,SAAS,GAAG,cAAc;EAExD,MAAMC,iBAAiB,GAAG,MAAM,IAAItC,UAAU,CAAC2B,oBAAoB,EAAE;IACnEY,GAAG,EAAGN,oCAAoC,IAAmBG,UAAU;IACvEI,GAAG,EACAN,oCAAoC,IAAmB,eAAe;IACzEO,GAAG,EAAET,YAAY,CAACS;EACpB,CAAC,CAAC,CAACC,OAAO,CAACV,YAAY,CAAC;;EAExB;EACA,MAAMW,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,QAAQ,EAAEP,iBAAiB;IAC3B,IAAId,aAAa,CAACM,KAAK,GAAG;MAAEA,KAAK,EAAEN,aAAa,CAACM;IAAM,CAAC,GAAG,CAAC,CAAC;EAC/D,CAAC,CAAC;EACF,OAAOa,QAAQ,CAACG,QAAQ,CAAC,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAmB,GAAG,MAAAA,CACjCvB,aAAwD,EACxDE,OAAuC,KACnB;EACpB,MAAMsB,kBAAkB,GAAG,IAAIJ,eAAe,CAAC;IAC7C,IAAIpB,aAAa,CAACM,KAAK,IAAI;MAAEA,KAAK,EAAEN,aAAa,CAACM;IAAM,CAAC,CAAC;IAC1D,GAAGmB,MAAM,CAACC,OAAO,CAACxB,OAAO,CAAC,CAACyB,MAAM,CAC/B,CAACC,GAAG,EAAAC,IAAA;MAAA,IAAE,CAACC,GAAG,EAAEC,KAAK,CAAC,GAAAF,IAAA;MAAA,OAAM;QACtB,GAAGD,GAAG;QACN,CAACE,GAAG,GACFE,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,IAAI,OAAOA,KAAK,KAAK,QAAQ,GAC7C3B,IAAI,CAACC,SAAS,CAAC0B,KAAK,CAAC,GACrBA;MACR,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;EAEF,OAAOP,kBAAkB,CAACF,QAAQ,CAAC,CAAC;AACtC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;;AAWA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMY,+BAAgE,GAC3E,eAAAA,CACElC,aAAa,EACbmC,wBAAwB,EACxBC,mBAAmB,EACnBnC,MAAM,EAE6B;EAAA,IAAAoC,qBAAA;EAAA,IADnC;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;AACJ;AACA;AACA;AACA;EACI,MAAMG,QAAQ,GACZ,CAAAP,mBAAmB,aAAnBA,mBAAmB,uBAAnBA,mBAAmB,CAAEK,MAAM,MAAK,CAAC,IAAAJ,qBAAA,GAC7BD,mBAAmB,CAAC,CAAC,CAAC,cAAAC,qBAAA,uBAAtBA,qBAAA,CAAwBO,OAAO,GAC/BR,mBAAmB,CAACS,GAAG,CACpBC,kBAAkB,IAAKA,kBAAkB,CAACF,OAC7C,CAAC;EAEP,MAAMG,cAAc,GAAGX,mBAAmB,CAACS,GAAG,CAC5C,CAACC,kBAAkB,EAAEE,KAAK,MAAM;IAC9BC,EAAE,EAAEH,kBAAkB,CAACI,eAAe,CAACD,EAAE;IACzCE,IAAI,EAAEf,mBAAmB,CAACK,MAAM,KAAK,CAAC,GAAI,GAAE,GAAI,KAAIO,KAAM,GAAE;IAC5DI,MAAM,EAAEN,kBAAkB,CAACM;EAC7B,CAAC,CACH,CAAC;EAED,MAAMC,uBAAuB,GAAG;IAC9BJ,EAAE,EAAExE,IAAI,CAAC6E,EAAE,CAAC,CAAC;IACbC,aAAa,EAAEpB,wBAAwB;IACvCY;EACF,CAAC;EAED,MAAMS,WAAW,GAAG,MAAMzD,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtE0C,QAAQ;IACRU;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMf,QAAQ,CAACtC,aAAa,CAACyD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAACjF,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiF,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC3E,qBAAqB,CAAC8E,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;;AAUA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEjE,aAAa,EACboC,mBAAmB,EACnBnC,MAAM,EAE6B;EAAA,IADnC;IAAEqC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;EACA,MAAMgB,WAAW,GAAG,MAAMzD,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtE0C,QAAQ,EAAEP,mBAAmB,CAACT,MAAM,CAClC,CAACC,GAAG,EAAEsC,YAAY,MAAM;MACtB,GAAGtC,GAAG;MACN,CAACsC,YAAY,CAACC,YAAY,GAAGD,YAAY,CAACtB;IAC5C,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMN,QAAQ,CAACtC,aAAa,CAACyD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAACjF,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiF,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC3E,qBAAqB,CAAC8E,KAAK,CAAC,CACjCI,KAAK,CAACC,gCAAgC,CAAC;AAC5C,CAAC;;AAED;AACA;AACA;AACA;;AASA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,8BAA8D,GACzE,eAAAA,CACEtE,aAAa,EAAAuE,KAAA,EAGsB;EAAA,IAFnC;IAAEC,KAAK;IAAEC;EAAiB,CAAC,GAAAF,KAAA;EAAA,IAC3B;IAAEjC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAMgB,WAAW,GAAG,MAAMjC,mBAAmB,CAACvB,aAAa,EAAE;IAC3DwE,KAAK;IACLE,iBAAiB,EAAED;EACrB,CAAC,CAAC;EAEF,OAAO,MAAMnC,QAAQ,CAACtC,aAAa,CAACyD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAACjF,gBAAgB,CAAC,GAAG,EAAEE,yBAAyB,CAAC,CAAC,CACtD+E,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC3E,qBAAqB,CAAC8E,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA,MAAMK,gCAAgC,GAAIM,CAAU,IAAK;EACvD,IAAI,EAAEA,CAAC,YAAY3F,yBAAyB,CAAC,EAAE;IAC7C,MAAM2F,CAAC;EACT;EAEA,MAAM,IAAI5F,oBAAoB,CAACD,yBAAyB,CAAC,CACtD8F,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE5F,8BAA8B,CAAC6F,4BAA4B;IACjEC,OAAO,EACL;EACJ,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE5F,8BAA8B,CAAC6F,4BAA4B;IACjEC,OAAO,EAAE;EACX,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE5F,8BAA8B,CAAC+F,wBAAwB;IAC7DD,OAAO,EAAE;EACX,CAAC,CAAC,CACDE,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/credential/presentation/README.md CHANGED Viewed

@@ -1,112 +1,107 @@
 # Credential Presentation
+This flow is used for remote presentation, allowing a user with a valid Wallet Instance to remotely present credentials to a Relying Party (Verifier). The presentation flow adheres to the [IT Wallet 0.9.x specification](https://italia.github.io/eid-wallet-it-docs/v0.9.3/en/relying-party-solution.html).
+The Relying Party provides the Wallet with a Request Object that contains the requested credentials and claims. The Wallet validates the Request Object and asks the user for consent. Then the Wallet creates an encrypted Authorization Response that contains the Verifiable Presentation with the requested data (`vp_token`) and sends it to the Relying Party.
 ## Sequence Diagram
 ```mermaid
 sequenceDiagram
-      autonumber
-      participant I as Individual using EUDI Wallet
-      participant O as Organisational Wallet (Verifier)
-      participant A as Organisational Wallet (Issuer)
-      O->>+I: QR-CODE: Authorisation request (`request_uri`)
-      I->>+O: GET: Request object, resolved from the `request_uri`
-      O->>+I: Respond with the Request object
-      I->>+O: GET: /.well-known/jar-issuer/jwk
-      O->>+I: Respond with the public key
-      I->>+O: POST: VP token response
-      O->>+A: GET: /.well-known/jwt-vc-issuer/jwk
-      A->>+O: Respond with the public key
-      O->>+I: Redirect: Authorisation response
+  autonumber
+  participant I as User (Wallet Instance)
+  participant O as Relying Party (Verifier)
+  O->>+I: QR-CODE: Authorization Request (`request_uri`)
+  I->>+O: GET: Verifier's Entity Configuration
+  O->>+I: Respond with metadata (including public keys)
+  I->>+O: GET: Request Object, resolved from `request_uri`
+  O->>+I: Respond with the Request Object
+  I->>+I: Validate Request Object and give consent
+  I->>+O: POST: Authorization Response with encrypted VP token
+  O->>+I: Respond with optional `redirect_uri`
 ```
 ## Mapped results
+| Error                       | Description|
+| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `InvalidRequestObject`      | The Request Object is not valid, for instance it is malformed or its signature cannot be verified.                                                     |
+| `DcqlError`                 | The DCQL query cannot be evaluated because it contains errors.                                                                                         |
+| `CredentialsNotFoundError`  | The presentation cannot be completed because the Wallet does not contain all requested credentials. The missing credentials can be found in `details`. |
+| `RelyingPartyResponseError` | Error in the Relying Party's response. See the next table for more details.                                                                            |
+#### RelyingPartyResponseError
+The following HTTP errors are mapped to a `RelyingPartyResponseError` with specific codes.
+| HTTP Status  | Error Code                              | Description                                                                                                  |
+| ------------ | --------------------------------------- | ------------------------------------------------------------------------------------------------------------ |
+| `400`, `403` | `ERR_RP_INVALID_AUTHORIZATION_RESPONSE` | The Relying Party rejected the Authorization Response sent by the Wallet because it was deemed invalid.      |
+| `*`          | `ERR_RP_GENERIC_ERROR`                  | This is a generic error code to map unexpected errors that occurred when interacting with the Relying Party. |
 ## Examples
 <details>
   <summary>Remote Presentation flow</summary>
+**Note:** To successfully complete a remote presentation, the Wallet Instance must be in a valid state with a valid Wallet Instance Attestation.
 ```ts
-// Scan e retrive qr-code, decode it and get its parameters
-const {requestUri, clientId} = ...
-// Retrieve the integrity key tag from the store and create its context
-const integrityKeyTag = "example"; // Let's assume this is the key tag used to create the wallet instance
-const integrityContext = getIntegrityContext(integrityKeyTag);
-// Let's assume the key esists befor starting the presentation process
-const wiaCryptoContext = createCryptoContextFor(WIA_KEYTAG);
-const { WALLET_PROVIDER_BASE_URL, WALLET_EAA_PROVIDER_BASE_URL, REDIRECT_URI } =
-  env; // Let's assume these are the environment variables
-/**
- * Obtains a new Wallet Instance Attestation.
- * WARNING: The integrity context must be the same used when creating the Wallet Instance with the same keytag.
- */
-const walletInstanceAttestation =
-  await WalletInstanceAttestation.getAttestation({
-    wiaCryptoContext,
-    integrityContext,
-    walletProviderBaseUrl: WALLET_PROVIDER_BASE_URL,
-    appFetch,
-  });
+// Retrieve and scan the qr-code, decode it and get its parameters
+const qrCodeParams = decodeQrCode(qrCode)
 // Start the issuance flow
-const { requestURI, clientId } = Credential.Presentation.startFlowFromQR(requestUri, clientId);
+const {
+  request_uri,
+  client_id,
+  request_uri_method,
+  state
+} = Credential.Presentation.startFlowFromQR(qrCodeParams);
-// If use trust federation: Evaluate issuer trust
-const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(clientId);
+// Get the Relying Party's Entity Configuration and evaluate trust
+const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(client_id);
+// Get the Request Object from the RP
 const { requestObjectEncodedJwt } =
-    await Credential.Presentation.getRequestObject(requestURI, {
-      appFetch: appFetch
-    });
-// Retrieve RP JWK
-// If use trust federation: Fetch Jwks from rpConf
-const jwks = await Credential.Presentation.fetchJwksFromConfig(rpConf);
+  await Credential.Presentation.getRequestObject(request_uri);
-// If not use trust: Fetch Jwks from request object
-const jwks = await Credential.Presentation.fetchJwksFromRequestObject(
+// Validate the Request Object
+const { requestObject } = await Credential.Presentation.verifyRequestObject(
   requestObjectEncodedJwt,
-  { context: { appFetch } }
+  { clientId: client_id, rpConf }
 );
-// Verify signature Request Object
-const { requestObject } =
-    await Credential.Presentation.verifyRequestObjectSignature(
-      requestObjectEncodedJwt,
-      jwks.keys
-    );
+// All the credentials that might be requested by the Relying Party
+const credentialsSdJwt = [
+  ["credential1_keytag", "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2"],
+  ["credential2_keytag", "eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6Ii1GXzZVZ2E4bjNWZWdqWTJVN1lVSEsxekxvYUQtTlBUYzYzUk1JU25MYXcifQ.ew0KIC"]
+];
-const { presentationDefinition } = await Credential.Presentation.fetchPresentDefinition(
-  requestObject,
-  {
-    appFetch: appFetch,
-  },
-  rpConf // If trust federation is used
+const result = Credential.Presentation.evaluateDcqlQuery(
+  credentialsSdJwt,
+  requestObject.dcql_query as DcqlQuery
 );
-// For each credential, find it and evaluate input descriptor and disclosures
-  const { requiredDisclosures } = Credential.Presentation.evaluateInputDescriptionForSdJwt4VC(
-    inputDescriptor,
-    credential.payload,
-    disclosures
-  );
+const credentialsToPresent = result.map(
+  ({ requiredDisclosures, ...rest }) => ({
+    ...rest,
+    requestedClaims: requiredDisclosures.map(([, claimName]) => claimName),
+  })
+);
-// After confirm disclosures in app
-  const authResponse = Credential.Presentation.sendAuthorizationResponse(
-    requestObject,
-    presentationDefinition,
-    jwks,
-    [credential, disclosuresRequested, { appFetch: appFetch }]
+const remotePresentations =
+  await Credential.Presentation.prepareRemotePresentations(
+    credentialsToPresent,
+    requestObject.nonce,
+    requestObject.client_id
   );
+const authResponse = await Credential.Presentation.sendAuthorizationResponse(
+  requestObject,
+  remotePresentations,
+  rpConf
+);
 ```
-</details>
+</details>