@pagopa/io-react-native-wallet 2.0.0-next.1 → 2.0.0-next.3

package/src/credential/issuance/06-obtain-credential.ts

@@ -14,7 +14,7 @@ import {
   UnexpectedStatusCodeError,
   ValidationFailed,
 } from "../../utils/errors";
-import { CredentialResponse } from "./types";
+import { CredentialResponse, NonceResponse } from "./types";
 import { createDPopToken } from "../../utils/dpop";
 import { v4 as uuidv4 } from "uuid";
 import { LogLevel, Logger } from "../../utils/logging";
@@ -23,14 +23,17 @@ export type ObtainCredential = (
   issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
   accessToken: Out<AuthorizeAccess>["accessToken"],
   clientId: Out<StartUserAuthorization>["clientId"],
-  credentialDefinition: Out<StartUserAuthorization>["credentialDefinition"],
+  credentialDefinition: {
+    credential_configuration_id: string;
+    credential_identifier?: string;
+  },
   context: {
     dPopCryptoContext: CryptoContext;
     credentialCryptoContext: CryptoContext;
     appFetch?: GlobalFetch["fetch"];
   },
   operationType?: "reissuing"
-) => Promise<CredentialResponse>;
+) => Promise<{ credential: string; format: string }>;
 
 export const createNonceProof = async (
   nonce: string,
@@ -63,11 +66,11 @@ export const createNonceProof = async (
  * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
  * @param accessToken The access token response returned by {@link authorizeAccess}
  * @param clientId The client id returned by {@link startUserAuthorization}
- * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link startUserAuthorization}
- * @param tokenRequestSignedDPop The DPoP signed token request returned by {@link authorizeAccess}
+ * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link authorizeAccess}
  * @param context.credentialCryptoContext The crypto context used to obtain the credential
  * @param context.dPopCryptoContext The DPoP crypto context
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @param operationType Specify the type of credential issuance (used for reissuing)
  * @returns The credential response containing the credential
  */
 export const obtainCredential: ObtainCredential = async (
@@ -83,8 +86,21 @@ export const obtainCredential: ObtainCredential = async (
     appFetch = fetch,
     dPopCryptoContext,
   } = context;
+  const { credential_configuration_id, credential_identifier } =
+    credentialDefinition;
 
   const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
+  const issuerUrl = issuerConf.oauth_authorization_server.issuer;
+  const nonceUrl = issuerConf.openid_credential_issuer.nonce_endpoint;
+
+  // Fetch the nonce from the Credential Issuer
+  const { c_nonce } = await appFetch(nonceUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+  })
+    .then(hasStatusOrThrow(200))
+    .then((res) => res.json())
+    .then((body) => NonceResponse.parse(body));
 
   /**
    * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
@@ -92,9 +108,9 @@ export const obtainCredential: ObtainCredential = async (
    * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
    */
   const signedNonceProof = await createNonceProof(
-    accessToken.c_nonce,
+    c_nonce,
     clientId,
-    credentialUrl,
+    issuerUrl,
     credentialCryptoContext
   );
 
@@ -103,10 +119,10 @@ export const obtainCredential: ObtainCredential = async (
   // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
   const containsCredentialDefinition = accessToken.authorization_details.some(
     (c) =>
-      c.credential_configuration_id ===
-        credentialDefinition.credential_configuration_id &&
-      c.format === credentialDefinition.format &&
-      c.type === credentialDefinition.type
+      c.credential_configuration_id === credential_configuration_id &&
+      (credential_identifier
+        ? c.credential_identifiers.includes(credential_identifier)
+        : true)
   );
 
   if (!containsCredentialDefinition) {
@@ -120,17 +136,21 @@ export const obtainCredential: ObtainCredential = async (
     });
   }
 
-  /** The credential request body */
-  const credentialRequestFormBody = {
-    credential_definition: {
-      type: [credentialDefinition.credential_configuration_id],
-    },
-    format: credentialDefinition.format,
-    proof: {
-      jwt: signedNonceProof,
-      proof_type: "jwt",
-    },
-  };
+  /**
+   * The credential request body.
+   * We accept both `credential_identifier` (recommended) and `credential_configuration_id`
+   * when the Authorization Server does not support `credential_identifier`.
+   * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#section-3.3.4
+   */
+  const credentialRequestFormBody = credential_identifier
+    ? {
+        credential_identifier: credential_identifier,
+        proof: { jwt: signedNonceProof, proof_type: "jwt" },
+      }
+    : {
+        credential_configuration_id: credential_configuration_id,
+        proof: { jwt: signedNonceProof, proof_type: "jwt" },
+      };
 
   Logger.log(
     LogLevel.DEBUG,
@@ -180,7 +200,17 @@ export const obtainCredential: ObtainCredential = async (
     `Credential Response: ${JSON.stringify(credentialRes.data)}`
   );
 
-  return credentialRes.data;
+  // Extract the format corresponding to the credential_configuration_id used
+  const issuerCredentialConfig =
+    issuerConf.openid_credential_issuer.credential_configurations_supported[
+      credential_configuration_id
+    ];
+
+  // TODO: [SIW-2264] Handle multiple credentials
+  return {
+    credential: credentialRes.data.credentials.at(0)!.credential,
+    format: issuerCredentialConfig!.format,
+  };
 };
 
 /**

package/src/credential/issuance/07-verify-and-parse-credential.ts

@@ -9,10 +9,14 @@ import type { JWK } from "../../utils/jwk";
 import type { ObtainCredential } from "./06-obtain-credential";
 import { LogLevel, Logger } from "../../utils/logging";
 
+type IssuerConf = Out<EvaluateIssuerTrust>["issuerConf"];
+type CredentialConf =
+  IssuerConf["openid_credential_issuer"]["credential_configurations_supported"][string];
+
 export type VerifyAndParseCredential = (
-  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
+  issuerConf: IssuerConf,
   credential: Out<ObtainCredential>["credential"],
-  format: Out<ObtainCredential>["format"],
+  credentialConfigurationId: string,
   context: {
     credentialCryptoContext: CryptoContext;
     /**
@@ -54,54 +58,35 @@ type DecodedSdJwtCredential = Out<typeof verifySdJwt> & {
 };
 
 const parseCredentialSdJwt = (
-  // the list of supported credentials, as defined in the issuer configuration
-  credentials_supported: Out<EvaluateIssuerTrust>["issuerConf"]["openid_credential_issuer"]["credential_configurations_supported"],
+  // The credential configuration to use to parse the provided credential
+  credentialConfig: CredentialConf,
   { sdJwt, disclosures }: DecodedSdJwtCredential,
   ignoreMissingAttributes: boolean = false,
   includeUndefinedAttributes: boolean = false
 ): ParsedCredential => {
-  const credentialSubject = credentials_supported[sdJwt.payload.vct];
-
-  if (!credentialSubject) {
-    Logger.log(
-      LogLevel.ERROR,
-      `Credential type not supported by the issuer: ${sdJwt.payload.vct}`
-    );
-    throw new IoWalletError("Credential type not supported by the issuer");
+  if (credentialConfig.format !== sdJwt.header.typ) {
+    const message = `Received credential is of an unknwown type. Expected one of [${credentialConfig.format}], received '${sdJwt.header.typ}'`;
+    Logger.log(LogLevel.ERROR, message);
+    throw new IoWalletError(message);
   }
 
-  if (credentialSubject.format !== sdJwt.header.typ) {
-    Logger.log(
-      LogLevel.ERROR,
-      `Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}'`
-    );
-    throw new IoWalletError(
-      `Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}', `
-    );
-  }
-
-  // transfrom a record { key: value } in an iterable of pairs [key, value]
-  if (!credentialSubject.claims) {
+  if (!credentialConfig.claims) {
     Logger.log(LogLevel.ERROR, "Missing claims in the credential subject");
     throw new IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
   }
-  const attrDefinitions = Object.entries(credentialSubject.claims);
+  const attrDefinitions = credentialConfig.claims;
 
   // the key of the attribute defintion must match the disclosure's name
   const attrsNotInDisclosures = attrDefinitions.filter(
-    ([attrKey]) => !disclosures.some(([, name]) => name === attrKey)
+    (definition) => !disclosures.some(([, name]) => name === definition.path[0]) // Ignore nested paths for now, see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#name-claims-path-pointer
   );
   if (attrsNotInDisclosures.length > 0) {
-    const missing = attrsNotInDisclosures.map((_) => _[0 /* key */]).join(", ");
+    const missing = attrsNotInDisclosures.map((_) => _.path[0]).join(", ");
     const received = disclosures.map((_) => _[1 /* name */]).join(", ");
     if (!ignoreMissingAttributes) {
-      Logger.log(
-        LogLevel.ERROR,
-        `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`
-      );
-      throw new IoWalletError(
-        `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`
-      );
+      const message = `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`;
+      Logger.log(LogLevel.ERROR, message);
+      throw new IoWalletError(message);
     }
   }
 
@@ -111,13 +96,13 @@ const parseCredentialSdJwt = (
     attrDefinitions
       // retrieve the value from the disclosure set
       .map(
-        ([attrKey, definition]) =>
+        ({ path, ...definition }) =>
           [
-            attrKey,
+            path[0],
             {
               ...definition,
               value: disclosures.find(
-                (_) => _[1 /* name */] === attrKey
+                (_) => _[1 /* name */] === path[0]
               )?.[2 /* value */],
             },
           ] as const
@@ -186,30 +171,18 @@ async function verifyCredentialSdJwt(
   const { cnf } = decodedCredential.sdJwt.payload;
 
   if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
-    Logger.log(
-      LogLevel.ERROR,
-      `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`
-    );
-    throw new IoWalletError(
-      `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`
-    );
+    const message = `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`;
+    Logger.log(LogLevel.ERROR, message);
+    throw new IoWalletError(message);
   }
 
   return decodedCredential;
 }
 
-// utility type that specialize VerifyAndParseCredential for given format
-type WithFormat<Format extends Parameters<VerifyAndParseCredential>[2]> = (
-  _0: Parameters<VerifyAndParseCredential>[0],
-  _1: Parameters<VerifyAndParseCredential>[1],
-  _2: Format,
-  _3: Parameters<VerifyAndParseCredential>[3]
-) => ReturnType<VerifyAndParseCredential>;
-
-const verifyAndParseCredentialSdJwt: WithFormat<"vc+sd-jwt"> = async (
+const verifyAndParseCredentialSdJwt: VerifyAndParseCredential = async (
   issuerConf,
   credential,
-  _,
+  credentialConfigurationId,
   {
     credentialCryptoContext,
     ignoreMissingAttributes,
@@ -224,8 +197,21 @@ const verifyAndParseCredentialSdJwt: WithFormat<"vc+sd-jwt"> = async (
 
   Logger.log(LogLevel.DEBUG, `Decoded credential: ${JSON.stringify(decoded)}`);
 
+  const credentialConfig =
+    issuerConf.openid_credential_issuer.credential_configurations_supported[
+      credentialConfigurationId
+    ];
+
+  if (!credentialConfig) {
+    Logger.log(
+      LogLevel.ERROR,
+      `Credential type not supported by the issuer: ${credentialConfigurationId}`
+    );
+    throw new IoWalletError("Credential type not supported by the issuer");
+  }
+
   const parsedCredential = parseCredentialSdJwt(
-    issuerConf.openid_credential_issuer.credential_configurations_supported,
+    credentialConfig,
     decoded,
     ignoreMissingAttributes,
     includeUndefinedAttributes
@@ -251,7 +237,7 @@ const verifyAndParseCredentialSdJwt: WithFormat<"vc+sd-jwt"> = async (
  * Verify and parse an encoded credential.
  * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
  * @param credential The encoded credential returned by {@link obtainCredential}
- * @param format The format of the credentual returned by {@link obtainCredential}
+ * @param credentialConfigurationId The credential configuration ID that defines the provided credential
  * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
  * @param context.ignoreMissingAttributes Skip error when attributes declared in the issuer configuration are not found within disclosures
  * @param context.includeUndefinedAttributes Include attributes not explicitly declared in the issuer configuration
@@ -263,19 +249,25 @@ const verifyAndParseCredentialSdJwt: WithFormat<"vc+sd-jwt"> = async (
 export const verifyAndParseCredential: VerifyAndParseCredential = async (
   issuerConf,
   credential,
-  format,
+  credentialConfigurationId,
   context
 ) => {
-  if (format === "vc+sd-jwt") {
-    Logger.log(LogLevel.DEBUG, "Parsing credential in vc+sd-jwt format");
+  const format =
+    issuerConf.openid_credential_issuer.credential_configurations_supported[
+      credentialConfigurationId
+    ]?.format;
+
+  if (format === "dc+sd-jwt") {
+    Logger.log(LogLevel.DEBUG, "Parsing credential in dc+sd-jwt format");
     return verifyAndParseCredentialSdJwt(
       issuerConf,
       credential,
-      format,
+      credentialConfigurationId,
       context
     );
   }
 
-  Logger.log(LogLevel.ERROR, `Unsupported credential format: ${format}`);
-  throw new IoWalletError(`Unsupported credential format: ${format}`);
+  const message = `Unsupported credential format: ${format}`;
+  Logger.log(LogLevel.ERROR, message);
+  throw new IoWalletError(message);
 };

package/src/credential/issuance/README.md

@@ -6,7 +6,7 @@ There's a fork in the flow which is based on the type of the credential that is
 This is due to the fact that eID credentials require a different authorization flow than other credentials, which is accomplished by a strong authentication method like SPID or CIE.
 Credentials instead require a simpler authorization flow and they require other credentials to be presented in order to be issued.
 
-The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step.
+The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step. Available credentials are identified with a unique `credential_configuration_id`, that must be used when requesting authorization. The Authorization Server returns an array of **credential identifiers** that map to the `credential_configuration_id` provided: to obtain the credential, one of the credential identifiers (or all of them) must be requested to the credential endpoint.
 
 ## Sequence Diagram
 
@@ -72,6 +72,8 @@ The expected result from the authentication process is in `form_post.jwt` format
   <summary>Credential issuance flow</summary>
 
 ```ts
+// TODO: [SIW-2209] update documentation in PR #219
+
 // Retrieve the integrity key tag from the store and create its context
 const integrityKeyTag = "example"; // Let's assume this is the key tag used to create the wallet instance
 const integrityContext = getIntegrityContext(integrityKeyTag);
@@ -251,11 +253,10 @@ const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
 // Start the issuance flow
 const startFlow: Credential.Issuance.StartFlow = () => ({
   issuerUrl: WALLET_EID_PROVIDER_BASE_URL,
-  credentialType: "PersonIdentificationData",
-  appFetch,
+  credentialId: "dc_sd_jwt_PersonIdentificationData",
 });
 
-const { issuerUrl } = startFlow();
+const { issuerUrl, credentialId } = startFlow();
 
 // Evaluate issuer trust
 const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
@@ -265,12 +266,16 @@ const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
 
 // Start user authorization
 const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
-  await Credential.Issuance.startUserAuthorization(issuerConf, credentialType, {
-    walletInstanceAttestation,
-    redirectUri,
-    wiaCryptoContext,
-    appFetch,
-  });
+  await Credential.Issuance.startUserAuthorization(
+    issuerConf,
+    [credentialId], // Request authorization for one or more credentials
+    {
+      walletInstanceAttestation,
+      redirectUri,
+      wiaCryptoContext,
+      appFetch,
+    }
+  );
 
 // Complete the authorization process with query mode with the authorizationContext which opens the browser
 const { code } =
@@ -301,12 +306,27 @@ const { accessToken } = await Credential.Issuance.authorizeAccess(
   }
 );
 
+
+const [pidCredentialDefinition] = credentialDefinition;
+
+// Extract the credential_identifier(s) from the access token
+// For each one of them, a credential can be obtained by calling `obtainCredential`
+const { credential_configuration_id, credential_identifiers } =
+    accessToken.authorization_details.find(
+      (authDetails) =>
+        authDetails.credential_configuration_id ===
+        pidCredentialDefinition.credential_configuration_id
+    );
+
 // Obtain che eID credential
 const { credential, format } = await Credential.Issuance.obtainCredential(
   issuerConf,
   accessToken,
   clientId,
-  credentialDefinition,
+  {
+    credential_configuration_id,
+    credential_identifier: credential_identifiers.at(0),
+  },
   {
     credentialCryptoContext,
     dPopCryptoContext,
@@ -318,15 +338,16 @@ const { credential, format } = await Credential.Issuance.obtainCredential(
 const { parsedCredential, issuedAt, expiration } = await Credential.Issuance.verifyAndParseCredential(
   issuerConf,
   credential,
-  format,
+  credential_configuration_id,
   { credentialCryptoContext }
 );
 
 return {
   parsedCredential,
   credential,
+  credentialConfigurationId: credential_configuration_id
+  credentialType: "PersonIdentificationData",
   keyTag: credentialKeyTag,
-  credentialType,
   issuedAt,
   expiration
 };

package/src/credential/issuance/const.ts

@@ -6,6 +6,6 @@ export type SupportedCredentialFormat = z.infer<
   typeof SupportedCredentialFormat
 >;
 export const SupportedCredentialFormat = z.union([
-  z.literal("vc+sd-jwt"),
+  z.literal("dc+sd-jwt"),
   z.literal("vc+mdoc-cbor"),
 ]);

package/src/credential/issuance/types.ts

@@ -1,14 +1,17 @@
-import { AuthorizationDetail } from "../../utils/par";
 import * as z from "zod";
-import { SupportedCredentialFormat } from "./const";
+
+export type AuthorizationDetail = z.infer<typeof AuthorizationDetail>;
+export const AuthorizationDetail = z.object({
+  type: z.literal("openid_credential"),
+  credential_configuration_id: z.string(),
+  credential_identifiers: z.array(z.string()),
+});
 
 export type TokenResponse = z.infer<typeof TokenResponse>;
 
 export const TokenResponse = z.object({
   access_token: z.string(),
   authorization_details: z.array(AuthorizationDetail),
-  c_nonce: z.string(),
-  c_nonce_expires_in: z.number(),
   expires_in: z.number(),
   token_type: z.string(),
 });
@@ -16,10 +19,12 @@ export const TokenResponse = z.object({
 export type CredentialResponse = z.infer<typeof CredentialResponse>;
 
 export const CredentialResponse = z.object({
-  c_nonce: z.string(),
-  c_nonce_expires_in: z.number(),
-  credential: z.string(),
-  format: SupportedCredentialFormat,
+  credentials: z.array(
+    z.object({
+      credential: z.string(),
+    })
+  ),
+  notification_id: z.string().optional(),
 });
 
 /**
@@ -30,3 +35,8 @@ export const ResponseUriResultShape = z.object({
 });
 
 export type ResponseMode = "query" | "form_post.jwt";
+
+export type NonceResponse = z.infer<typeof NonceResponse>;
+export const NonceResponse = z.object({
+  c_nonce: z.string(),
+});

package/src/credential/presentation/02-evaluate-rp-trust.ts

@@ -1,7 +1,7 @@
-import { getRelyingPartyEntityConfiguration } from "../../trust";
 import { RelyingPartyEntityConfiguration } from "../../trust/types";
 import type { StartFlow } from "../issuance/01-start-flow";
 import type { Out } from "../../utils/misc";
+import { getRelyingPartyEntityConfiguration } from "../../trust/build-chain";
 
 export type EvaluateRelyingPartyTrust = (
   rpUrl: Out<StartFlow>["issuerUrl"],

package/src/credential/presentation/05-verify-request-object.ts

@@ -1,8 +1,8 @@
 import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
-import type { RelyingPartyEntityConfiguration } from "../../trust";
 import { InvalidRequestObjectError } from "./errors";
 import { RequestObject } from "./types";
 import { getJwksFromConfig } from "./04-retrieve-rp-jwks";
+import type { RelyingPartyEntityConfiguration } from "../../trust/types";
 
 export type VerifyRequestObject = (
   requestObjectEncodedJwt: string,

package/src/credential/presentation/07-evaluate-dcql-query.ts

@@ -56,7 +56,7 @@ const mapCredentialToObject = (jwt: string) => {
   const credentialFormat = sdJwt.header.typ;
 
   // TODO [SIW-2082]: support MDOC credentials
-  if (credentialFormat !== "vc+sd-jwt") {
+  if (credentialFormat !== "dc+sd-jwt") {
     throw new Error(`Unsupported credential format: ${credentialFormat}`);
   }
 
@@ -100,7 +100,7 @@ const extractMissingCredentials = (
 ): NotFoundDetail[] => {
   return getDcqlQueryFailedMatches(queryResult).map(([id]) => {
     const credential = originalQuery.credentials.find((c) => c.id === id);
-    if (credential?.format !== "vc+sd-jwt") {
+    if (credential?.format !== "dc+sd-jwt") {
       throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
     }
     return { id, vctValues: credential.meta?.vct_values };
@@ -135,7 +135,7 @@ export const evaluateDcqlQuery: EvaluateDcqlQuery = (
     );
 
     return getDcqlQueryMatches(queryResult).map(([id, match]) => {
-      if (match.output.credential_format !== "vc+sd-jwt") {
+      if (match.output.credential_format !== "dc+sd-jwt") {
         throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
       }
       const { vct, claims } = match.output;
@@ -192,7 +192,7 @@ export const prepareRemotePresentations: PrepareRemotePresentations = async (
         credentialId: item.id,
         requestedClaims: item.requestedClaims,
         vpToken: vp_token,
-        format: "vc+sd-jwt",
+        format: "dc+sd-jwt",
       };
     })
   );

package/src/credential/presentation/07-evaluate-input-descriptor.ts

@@ -326,7 +326,7 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
 
   return Promise.all(
     inputDescriptors.map(async (descriptor) => {
-      if (descriptor.format?.["vc+sd-jwt"]) {
+      if (descriptor.format?.["dc+sd-jwt"]) {
         if (!decodedSdJwtCredentials.length) {
           throw new CredentialsNotFoundError([
             {
@@ -379,7 +379,7 @@ export const prepareLegacyRemotePresentations: PrepareLegacyRemotePresentations
       credentialAndDescriptors.map(async (item) => {
         const descriptor = item.inputDescriptor;
 
-        if (descriptor.format?.["vc+sd-jwt"]) {
+        if (descriptor.format?.["dc+sd-jwt"]) {
           const { vp_token } = await prepareVpToken(nonce, client_id, [
             item.credential,
             item.requestedClaims,
@@ -390,7 +390,7 @@ export const prepareLegacyRemotePresentations: PrepareLegacyRemotePresentations
             requestedClaims: item.requestedClaims,
             inputDescriptor: descriptor,
             vpToken: vp_token,
-            format: "vc+sd-jwt",
+            format: "dc+sd-jwt",
           };
         }
 

package/src/credential/presentation/08-send-authorization-response.ts

@@ -1,24 +1,24 @@
 import { EncryptJwe } from "@pagopa/io-react-native-jwt";
 import uuid from "react-native-uuid";
-import { getJwksFromConfig, type FetchJwks } from "./04-retrieve-rp-jwks";
+import { type FetchJwks, getJwksFromConfig } from "./04-retrieve-rp-jwks";
 import type { VerifyRequestObject } from "./05-verify-request-object";
 import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
 import { hasStatusOrThrow, type Out } from "../../utils/misc";
 import {
-  type RemotePresentation,
   DirectAuthorizationBodyPayload,
   ErrorResponse,
   type LegacyRemotePresentation,
+  type RemotePresentation,
 } from "./types";
 import * as z from "zod";
 import type { JWK } from "../../utils/jwk";
-import type { RelyingPartyEntityConfiguration } from "../../trust";
 import {
   RelyingPartyResponseError,
+  RelyingPartyResponseErrorCodes,
   ResponseErrorBuilder,
   UnexpectedStatusCodeError,
-  RelyingPartyResponseErrorCodes,
 } from "../../utils/errors";
+import type { RelyingPartyEntityConfiguration } from "../../trust/types";
 
 export type AuthorizationResponse = z.infer<typeof AuthorizationResponse>;
 export const AuthorizationResponse = z.object({

package/src/credential/status/README.md

@@ -60,7 +60,6 @@ const { parsedStatusAttestation } =
 return {
   statusAttestation: res.statusAttestation,
   parsedStatusAttestation,
-  credentialType,
 };
 ```