@pagopa/io-react-native-wallet 2.0.0-next.1 → 2.0.0-next.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (174) hide show
  1. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js +2 -2
  2. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
  3. package/lib/commonjs/credential/issuance/03-start-user-authorization.js +38 -24
  4. package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
  5. package/lib/commonjs/credential/issuance/05-authorize-access.js +6 -10
  6. package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
  7. package/lib/commonjs/credential/issuance/06-obtain-credential.js +43 -11
  8. package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
  9. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +51 -48
  10. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  11. package/lib/commonjs/credential/issuance/README.md +34 -13
  12. package/lib/commonjs/credential/issuance/const.js +1 -1
  13. package/lib/commonjs/credential/issuance/types.js +16 -10
  14. package/lib/commonjs/credential/issuance/types.js.map +1 -1
  15. package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js +2 -2
  16. package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js.map +1 -1
  17. package/lib/commonjs/credential/presentation/05-verify-request-object.js.map +1 -1
  18. package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js +4 -4
  19. package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +3 -3
  20. package/lib/commonjs/credential/presentation/08-send-authorization-response.js.map +1 -1
  21. package/lib/commonjs/credential/status/README.md +0 -1
  22. package/lib/commonjs/sd-jwt/__test__/index.test.js +11 -15
  23. package/lib/commonjs/sd-jwt/__test__/index.test.js.map +1 -1
  24. package/lib/commonjs/sd-jwt/__test__/types.test.js +5 -2
  25. package/lib/commonjs/sd-jwt/__test__/types.test.js.map +1 -1
  26. package/lib/commonjs/sd-jwt/__test__/utils.test.js +37 -0
  27. package/lib/commonjs/sd-jwt/__test__/utils.test.js.map +1 -0
  28. package/lib/commonjs/sd-jwt/index.js +20 -0
  29. package/lib/commonjs/sd-jwt/index.js.map +1 -1
  30. package/lib/commonjs/sd-jwt/types.js +51 -4
  31. package/lib/commonjs/sd-jwt/types.js.map +1 -1
  32. package/lib/commonjs/sd-jwt/utils.js +64 -0
  33. package/lib/commonjs/sd-jwt/utils.js.map +1 -0
  34. package/lib/commonjs/trust/build-chain.js +252 -0
  35. package/lib/commonjs/trust/build-chain.js.map +1 -0
  36. package/lib/commonjs/trust/index.js +11 -282
  37. package/lib/commonjs/trust/index.js.map +1 -1
  38. package/lib/commonjs/trust/types.js +18 -13
  39. package/lib/commonjs/trust/types.js.map +1 -1
  40. package/lib/commonjs/trust/{chain.js → verify-chain.js} +40 -5
  41. package/lib/commonjs/trust/verify-chain.js.map +1 -0
  42. package/lib/commonjs/utils/errors.js.map +1 -1
  43. package/lib/commonjs/utils/par.js +32 -22
  44. package/lib/commonjs/utils/par.js.map +1 -1
  45. package/lib/commonjs/utils/pop.js +1 -1
  46. package/lib/commonjs/utils/pop.js.map +1 -1
  47. package/lib/commonjs/wallet-instance-attestation/types.js +5 -1
  48. package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
  49. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js +1 -1
  50. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
  51. package/lib/module/credential/issuance/03-start-user-authorization.js +38 -24
  52. package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
  53. package/lib/module/credential/issuance/05-authorize-access.js +6 -10
  54. package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
  55. package/lib/module/credential/issuance/06-obtain-credential.js +44 -12
  56. package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
  57. package/lib/module/credential/issuance/07-verify-and-parse-credential.js +51 -48
  58. package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  59. package/lib/module/credential/issuance/README.md +34 -13
  60. package/lib/module/credential/issuance/const.js +1 -1
  61. package/lib/module/credential/issuance/types.js +12 -8
  62. package/lib/module/credential/issuance/types.js.map +1 -1
  63. package/lib/module/credential/presentation/02-evaluate-rp-trust.js +1 -1
  64. package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map +1 -1
  65. package/lib/module/credential/presentation/05-verify-request-object.js.map +1 -1
  66. package/lib/module/credential/presentation/07-evaluate-dcql-query.js +4 -4
  67. package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +3 -3
  68. package/lib/module/credential/presentation/08-send-authorization-response.js +1 -1
  69. package/lib/module/credential/presentation/08-send-authorization-response.js.map +1 -1
  70. package/lib/module/credential/status/README.md +0 -1
  71. package/lib/module/sd-jwt/__test__/index.test.js +11 -16
  72. package/lib/module/sd-jwt/__test__/index.test.js.map +1 -1
  73. package/lib/module/sd-jwt/__test__/types.test.js +5 -2
  74. package/lib/module/sd-jwt/__test__/types.test.js.map +1 -1
  75. package/lib/module/sd-jwt/__test__/utils.test.js +35 -0
  76. package/lib/module/sd-jwt/__test__/utils.test.js.map +1 -0
  77. package/lib/module/sd-jwt/index.js +1 -0
  78. package/lib/module/sd-jwt/index.js.map +1 -1
  79. package/lib/module/sd-jwt/types.js +50 -3
  80. package/lib/module/sd-jwt/types.js.map +1 -1
  81. package/lib/module/sd-jwt/utils.js +57 -0
  82. package/lib/module/sd-jwt/utils.js.map +1 -0
  83. package/lib/module/trust/build-chain.js +235 -0
  84. package/lib/module/trust/build-chain.js.map +1 -0
  85. package/lib/module/trust/index.js +5 -268
  86. package/lib/module/trust/index.js.map +1 -1
  87. package/lib/module/trust/types.js +18 -13
  88. package/lib/module/trust/types.js.map +1 -1
  89. package/lib/module/trust/{chain.js → verify-chain.js} +36 -2
  90. package/lib/module/trust/verify-chain.js.map +1 -0
  91. package/lib/module/utils/errors.js +1 -1
  92. package/lib/module/utils/errors.js.map +1 -1
  93. package/lib/module/utils/par.js +29 -20
  94. package/lib/module/utils/par.js.map +1 -1
  95. package/lib/module/utils/pop.js +1 -1
  96. package/lib/module/utils/pop.js.map +1 -1
  97. package/lib/module/wallet-instance-attestation/types.js +5 -1
  98. package/lib/module/wallet-instance-attestation/types.js.map +1 -1
  99. package/lib/typescript/client/generated/wallet-provider.d.ts +12 -12
  100. package/lib/typescript/credential/issuance/01-start-flow.d.ts +2 -2
  101. package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -1
  102. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map +1 -1
  103. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +7 -6
  104. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
  105. package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
  106. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +10 -5
  107. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
  108. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts +3 -2
  109. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
  110. package/lib/typescript/credential/issuance/const.d.ts +1 -1
  111. package/lib/typescript/credential/issuance/types.d.ts +46 -26
  112. package/lib/typescript/credential/issuance/types.d.ts.map +1 -1
  113. package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts.map +1 -1
  114. package/lib/typescript/credential/presentation/05-verify-request-object.d.ts +1 -1
  115. package/lib/typescript/credential/presentation/05-verify-request-object.d.ts.map +1 -1
  116. package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts +2 -2
  117. package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts.map +1 -1
  118. package/lib/typescript/credential/presentation/types.d.ts +4 -4
  119. package/lib/typescript/pid/sd-jwt/types.d.ts +7 -7
  120. package/lib/typescript/sd-jwt/__test__/utils.test.d.ts +2 -0
  121. package/lib/typescript/sd-jwt/__test__/utils.test.d.ts.map +1 -0
  122. package/lib/typescript/sd-jwt/index.d.ts +21 -8
  123. package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
  124. package/lib/typescript/sd-jwt/types.d.ts +194 -12
  125. package/lib/typescript/sd-jwt/types.d.ts.map +1 -1
  126. package/lib/typescript/sd-jwt/utils.d.ts +18 -0
  127. package/lib/typescript/sd-jwt/utils.d.ts.map +1 -0
  128. package/lib/typescript/trust/build-chain.d.ts +1300 -0
  129. package/lib/typescript/trust/build-chain.d.ts.map +1 -0
  130. package/lib/typescript/trust/index.d.ts +5 -1301
  131. package/lib/typescript/trust/index.d.ts.map +1 -1
  132. package/lib/typescript/trust/types.d.ts +788 -624
  133. package/lib/typescript/trust/types.d.ts.map +1 -1
  134. package/lib/typescript/trust/{chain.d.ts → verify-chain.d.ts} +17 -1
  135. package/lib/typescript/trust/verify-chain.d.ts.map +1 -0
  136. package/lib/typescript/utils/errors.d.ts +2 -2
  137. package/lib/typescript/utils/errors.d.ts.map +1 -1
  138. package/lib/typescript/utils/par.d.ts +29 -13
  139. package/lib/typescript/utils/par.d.ts.map +1 -1
  140. package/lib/typescript/wallet-instance-attestation/types.d.ts +9 -9
  141. package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
  142. package/package.json +1 -1
  143. package/src/credential/issuance/01-start-flow.ts +2 -2
  144. package/src/credential/issuance/02-evaluate-issuer-trust.ts +1 -1
  145. package/src/credential/issuance/03-start-user-authorization.ts +57 -38
  146. package/src/credential/issuance/05-authorize-access.ts +5 -11
  147. package/src/credential/issuance/06-obtain-credential.ts +53 -23
  148. package/src/credential/issuance/07-verify-and-parse-credential.ts +54 -62
  149. package/src/credential/issuance/README.md +34 -13
  150. package/src/credential/issuance/const.ts +1 -1
  151. package/src/credential/issuance/types.ts +18 -8
  152. package/src/credential/presentation/02-evaluate-rp-trust.ts +1 -1
  153. package/src/credential/presentation/05-verify-request-object.ts +1 -1
  154. package/src/credential/presentation/07-evaluate-dcql-query.ts +4 -4
  155. package/src/credential/presentation/07-evaluate-input-descriptor.ts +3 -3
  156. package/src/credential/presentation/08-send-authorization-response.ts +4 -4
  157. package/src/credential/status/README.md +0 -1
  158. package/src/sd-jwt/__test__/index.test.ts +8 -29
  159. package/src/sd-jwt/__test__/types.test.ts +6 -2
  160. package/src/sd-jwt/__test__/utils.test.ts +37 -0
  161. package/src/sd-jwt/index.ts +2 -0
  162. package/src/sd-jwt/types.ts +49 -2
  163. package/src/sd-jwt/utils.ts +73 -0
  164. package/src/trust/build-chain.ts +395 -0
  165. package/src/trust/index.ts +5 -442
  166. package/src/trust/types.ts +23 -17
  167. package/src/trust/{chain.ts → verify-chain.ts} +41 -1
  168. package/src/utils/errors.ts +4 -4
  169. package/src/utils/par.ts +37 -21
  170. package/src/utils/pop.ts +1 -1
  171. package/src/wallet-instance-attestation/types.ts +3 -1
  172. package/lib/commonjs/trust/chain.js.map +0 -1
  173. package/lib/module/trust/chain.js.map +0 -1
  174. package/lib/typescript/trust/chain.d.ts.map +0 -1
package/lib/commonjs/utils/par.js CHANGED
@@ -3,7 +3,7 @@
3
3
  Object.defineProperty(exports, "__esModule", {
4
4
  value: true
5
5
  });
6
- exports.makeParRequest = exports.AuthorizationDetails = exports.AuthorizationDetail = void 0;
6
+ exports.makeParRequest = exports.ParResponse = exports.AuthorizationDetails = exports.AuthorizationDetail = void 0;
7
7
  var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
8
8
  var _uuid = require("uuid");
9
9
  var z = _interopRequireWildcard(require("zod"));
@@ -15,26 +15,36 @@ var _logging = require("./logging");
15
15
  function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
16
16
  function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
17
17
  const AuthorizationDetail = z.object({
18
- credential_configuration_id: z.string(),
19
- format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
20
- type: z.literal("openid_credential")
18
+ type: z.literal("openid_credential"),
19
+ credential_configuration_id: z.string()
21
20
  });
22
21
  exports.AuthorizationDetail = AuthorizationDetail;
23
22
  const AuthorizationDetails = z.array(AuthorizationDetail);
24
-
23
+ exports.AuthorizationDetails = AuthorizationDetails;
24
+ const ParResponse = z.object({
25
+ request_uri: z.string(),
26
+ expires_in: z.number()
27
+ });
28
+ exports.ParResponse = ParResponse;
25
29
  /**
26
30
  * Make a PAR request to the issuer and return the response url
27
31
  */
28
- exports.AuthorizationDetails = AuthorizationDetails;
29
32
  const makeParRequest = _ref => {
30
33
  let {
31
34
  wiaCryptoContext,
32
35
  appFetch
33
36
  } = _ref;
34
- return async (clientId, codeVerifier, redirectUri, responseMode, parEndpoint, walletInstanceAttestation, authorizationDetails, assertionType) => {
37
+ return async (parEndpoint, walletInstanceAttestation, _ref2) => {
38
+ let {
39
+ codeVerifier,
40
+ responseMode,
41
+ clientId,
42
+ redirectUri,
43
+ authorizationDetails,
44
+ scope,
45
+ aud
46
+ } = _ref2;
35
47
  const wiaPublicKey = await wiaCryptoContext.getPublicKey();
36
- const parUrl = new URL(parEndpoint);
37
- const aud = `${parUrl.protocol}//${parUrl.hostname}`;
38
48
  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
39
49
  const signedWiaPoP = await (0, _pop.createPopToken)({
40
50
  jti: `${(0, _uuid.v4)()}`,
@@ -53,7 +63,7 @@ const makeParRequest = _ref => {
53
63
  with the it will ship the Wallet Instance Attestation.
54
64
  The key is matched by its kid */
55
65
  const signedJwtForPar = await new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setProtectedHeader({
56
- typ: "jwk",
66
+ typ: "jwt",
57
67
  kid: wiaPublicKey.kid
58
68
  }).setPayload({
59
69
  jti: `${(0, _uuid.v4)()}`,
@@ -65,31 +75,31 @@ const makeParRequest = _ref => {
65
75
  state: (0, _misc.generateRandomAlphaNumericString)(32),
66
76
  code_challenge: codeChallenge,
67
77
  code_challenge_method: codeChallengeMethod,
68
- authorization_details: authorizationDetails,
69
78
  redirect_uri: redirectUri,
70
- client_assertion_type: assertionType,
71
- client_assertion: walletInstanceAttestation + "~" + signedWiaPoP
72
- }).setIssuedAt() //iat is set to now
79
+ ...(authorizationDetails && {
80
+ authorization_details: authorizationDetails
81
+ }),
82
+ ...(scope && {
83
+ scope
84
+ })
85
+ }).setIssuedAt() // iat is set to now
73
86
  .setExpirationTime("5min").sign();
74
87
 
75
88
  /** The request body for the Pushed Authorization Request */
76
89
  var formBody = new URLSearchParams({
77
- response_type: "code",
78
90
  client_id: clientId,
79
- code_challenge: codeChallenge,
80
- code_challenge_method: "S256",
81
- request: signedJwtForPar,
82
- client_assertion_type: assertionType,
83
- client_assertion: walletInstanceAttestation + "~" + signedWiaPoP
91
+ request: signedJwtForPar
84
92
  });
85
93
  _logging.Logger.log(_logging.LogLevel.DEBUG, `Sending to PAR endpoint ${parEndpoint}: ${formBody}`);
86
94
  return await appFetch(parEndpoint, {
87
95
  method: "POST",
88
96
  headers: {
89
- "Content-Type": "application/x-www-form-urlencoded"
97
+ "Content-Type": "application/x-www-form-urlencoded",
98
+ "OAuth-Client-Attestation": walletInstanceAttestation,
99
+ "OAuth-Client-Attestation-PoP": signedWiaPoP
90
100
  },
91
101
  body: formBody.toString()
92
- }).then((0, _misc.hasStatusOrThrow)(201, _errors.IssuerResponseError)).then(res => res.json()).then(result => result.request_uri);
102
+ }).then((0, _misc.hasStatusOrThrow)(201, _errors.IssuerResponseError)).then(res => res.json()).then(ParResponse.parse).then(result => result.request_uri);
93
103
  };
94
104
  };
95
105
  exports.makeParRequest = makeParRequest;
package/lib/commonjs/utils/par.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_ioReactNativeJwt","require","_uuid","z","_interopRequireWildcard","WalletInstanceAttestation","_misc","_pop","_errors","_logging","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationDetail","object","credential_configuration_id","string","format","union","literal","type","exports","AuthorizationDetails","array","makeParRequest","_ref","wiaCryptoContext","appFetch","clientId","codeVerifier","redirectUri","responseMode","parEndpoint","walletInstanceAttestation","authorizationDetails","assertionType","wiaPublicKey","getPublicKey","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","kid","signedWiaPoP","createPopToken","jti","uuidv4","codeChallengeMethod","codeChallenge","sha256ToBase64","signedJwtForPar","SignJWT","setProtectedHeader","typ","setPayload","response_type","response_mode","client_id","state","generateRandomAlphaNumericString","code_challenge","code_challenge_method","authorization_details","redirect_uri","client_assertion_type","client_assertion","setIssuedAt","setExpirationTime","sign","formBody","URLSearchParams","request","Logger","log","LogLevel","DEBUG","method","headers","body","toString","then","hasStatusOrThrow","IssuerResponseError","res","json","result","request_uri"],"sourceRoot":"../../../src","sources":["utils/par.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AACA,IAAAI,yBAAA,GAAAD,uBAAA,CAAAH,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AACA,IAAAM,IAAA,GAAAN,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AACA,IAAAQ,QAAA,GAAAR,OAAA;AAA6C,SAAAS,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAP,wBAAAW,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGtC,MAAMW,mBAAmB,GAAG7B,CAAC,CAAC8B,MAAM,CAAC;EAC1CC,2BAA2B,EAAE/B,CAAC,CAACgC,MAAM,CAAC,CAAC;EACvCC,MAAM,EAAEjC,CAAC,CAACkC,KAAK,CAAC,CAAClC,CAAC,CAACmC,OAAO,CAAC,WAAW,CAAC,EAAEnC,CAAC,CAACmC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;EACpEC,IAAI,EAAEpC,CAAC,CAACmC,OAAO,CAAC,mBAAmB;AACrC,CAAC,CAAC;AAACE,OAAA,CAAAR,mBAAA,GAAAA,mBAAA;AAGI,MAAMS,oBAAoB,GAAGtC,CAAC,CAACuC,KAAK,CAACV,mBAAmB,CAAC;;AAEhE;AACA;AACA;AAFAQ,OAAA,CAAAC,oBAAA,GAAAA,oBAAA;AAGO,MAAME,cAAc,GACzBC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC;EAIF,CAAC,GAAAF,IAAA;EAAA,OACD,OACEG,QAAgB,EAChBC,YAAoB,EACpBC,WAAmB,EACnBC,YAAoB,EACpBC,WAAmB,EACnBC,yBAAiC,EACjCC,oBAA0C,EAC1CC,aAAqB,KACD;IACpB,MAAMC,YAAY,GAAG,MAAMV,gBAAgB,CAACW,YAAY,CAAC,CAAC;IAE1D,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACP,WAAW,CAAC;IACnC,MAAMQ,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;IAEpD,MAAMC,GAAG,GAAGzD,yBAAyB,CAAC0D,MAAM,CAACX,yBAAyB,CAAC,CACpEY,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,YAAY,GAAG,MAAM,IAAAC,mBAAc,EACvC;MACEC,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;MAClBZ,GAAG;MACHG;IACF,CAAC,EACDjB,gBACF,CAAC;;IAED;AACJ;AACA;IACI,MAAM2B,mBAAmB,GAAG,MAAM;IAClC,MAAMC,aAAa,GAAG,MAAM,IAAAC,gCAAc,EAAC1B,YAAY,CAAC;;IAExD;AACJ;AACA;AACA;IACI,MAAM2B,eAAe,GAAG,MAAM,IAAIC,yBAAO,CAAC/B,gBAAgB,CAAC,CACxDgC,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVX,GAAG,EAAEZ,YAAY,CAACY;IACpB,CAAC,CAAC,CACDY,UAAU,CAAC;MACVT,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;MAClBZ,GAAG;MACHqB,aAAa,EAAE,MAAM;MACrBC,aAAa,EAAE/B,YAAY;MAC3BgC,SAAS,EAAEnC,QAAQ;MACnBe,GAAG;MACHqB,KAAK,EAAE,IAAAC,sCAAgC,EAAC,EAAE,CAAC;MAC3CC,cAAc,EAAEZ,aAAa;MAC7Ba,qBAAqB,EAAEd,mBAAmB;MAC1Ce,qBAAqB,EAAElC,oBAAoB;MAC3CmC,YAAY,EAAEvC,WAAW;MACzBwC,qBAAqB,EAAEnC,aAAa;MACpCoC,gBAAgB,EAAEtC,yBAAyB,GAAG,GAAG,GAAGgB;IACtD,CAAC,CAAC,CACDuB,WAAW,CAAC,CAAC,CAAC;IAAA,CACdC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;;IAET;IACA,IAAIC,QAAQ,GAAG,IAAIC,eAAe,CAAC;MACjCf,aAAa,EAAE,MAAM;MACrBE,SAAS,EAAEnC,QAAQ;MACnBsC,cAAc,EAAEZ,aAAa;MAC7Ba,qBAAqB,EAAE,MAAM;MAC7BU,OAAO,EAAErB,eAAe;MACxBc,qBAAqB,EAAEnC,aAAa;MACpCoC,gBAAgB,EAAEtC,yBAAyB,GAAG,GAAG,GAAGgB;IACtD,CAAC,CAAC;IAEF6B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0BjD,WAAY,KAAI2C,QAAS,EACtD,CAAC;IAED,OAAO,MAAMhD,QAAQ,CAACK,WAAW,EAAE;MACjCkD,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAET,QAAQ,CAACU,QAAQ,CAAC;IAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAEK,MAAM,IAAKA,MAAM,CAACC,WAAW,CAAC;EACzC,CAAC;AAAA;AAACvE,OAAA,CAAAG,cAAA,GAAAA,cAAA"}
1
+ {"version":3,"names":["_ioReactNativeJwt","require","_uuid","z","_interopRequireWildcard","WalletInstanceAttestation","_misc","_pop","_errors","_logging","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationDetail","object","type","literal","credential_configuration_id","string","exports","AuthorizationDetails","array","ParResponse","request_uri","expires_in","number","makeParRequest","_ref","wiaCryptoContext","appFetch","parEndpoint","walletInstanceAttestation","_ref2","codeVerifier","responseMode","clientId","redirectUri","authorizationDetails","scope","aud","wiaPublicKey","getPublicKey","iss","decode","payload","cnf","jwk","kid","signedWiaPoP","createPopToken","jti","uuidv4","codeChallengeMethod","codeChallenge","sha256ToBase64","signedJwtForPar","SignJWT","setProtectedHeader","typ","setPayload","response_type","response_mode","client_id","state","generateRandomAlphaNumericString","code_challenge","code_challenge_method","redirect_uri","authorization_details","setIssuedAt","setExpirationTime","sign","formBody","URLSearchParams","request","Logger","log","LogLevel","DEBUG","method","headers","body","toString","then","hasStatusOrThrow","IssuerResponseError","res","json","parse","result"],"sourceRoot":"../../../src","sources":["utils/par.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AACA,IAAAI,yBAAA,GAAAD,uBAAA,CAAAH,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AACA,IAAAM,IAAA,GAAAN,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AACA,IAAAQ,QAAA,GAAAR,OAAA;AAA6C,SAAAS,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAP,wBAAAW,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGtC,MAAMW,mBAAmB,GAAG7B,CAAC,CAAC8B,MAAM,CAAC;EAC1CC,IAAI,EAAE/B,CAAC,CAACgC,OAAO,CAAC,mBAAmB,CAAC;EACpCC,2BAA2B,EAAEjC,CAAC,CAACkC,MAAM,CAAC;AACxC,CAAC,CAAC;AAACC,OAAA,CAAAN,mBAAA,GAAAA,mBAAA;AAGI,MAAMO,oBAAoB,GAAGpC,CAAC,CAACqC,KAAK,CAACR,mBAAmB,CAAC;AAACM,OAAA,CAAAC,oBAAA,GAAAA,oBAAA;AAG1D,MAAME,WAAW,GAAGtC,CAAC,CAAC8B,MAAM,CAAC;EAClCS,WAAW,EAAEvC,CAAC,CAACkC,MAAM,CAAC,CAAC;EACvBM,UAAU,EAAExC,CAAC,CAACyC,MAAM,CAAC;AACvB,CAAC,CAAC;AAACN,OAAA,CAAAG,WAAA,GAAAA,WAAA;AAcH;AACA;AACA;AACO,MAAMI,cAAc,GACzBC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC;EAIF,CAAC,GAAAF,IAAA;EAAA,OACD,OACEG,WAAmB,EACnBC,yBAAiC,EAAAC,KAAA,KAUb;IAAA,IATpB;MACEC,YAAY;MACZC,YAAY;MACZC,QAAQ;MACRC,WAAW;MACXC,oBAAoB;MACpBC,KAAK;MACLC;IACiB,CAAC,GAAAP,KAAA;IAEpB,MAAMQ,YAAY,GAAG,MAAMZ,gBAAgB,CAACa,YAAY,CAAC,CAAC;IAE1D,MAAMC,GAAG,GAAGxD,yBAAyB,CAACyD,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,YAAY,GAAG,MAAM,IAAAC,mBAAc,EACvC;MACEC,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;MAClBZ,GAAG;MACHG;IACF,CAAC,EACDd,gBACF,CAAC;;IAED;AACJ;AACA;IACI,MAAMwB,mBAAmB,GAAG,MAAM;IAClC,MAAMC,aAAa,GAAG,MAAM,IAAAC,gCAAc,EAACrB,YAAY,CAAC;;IAExD;AACJ;AACA;AACA;IACI,MAAMsB,eAAe,GAAG,MAAM,IAAIC,yBAAO,CAAC5B,gBAAgB,CAAC,CACxD6B,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVX,GAAG,EAAEP,YAAY,CAACO;IACpB,CAAC,CAAC,CACDY,UAAU,CAAC;MACVT,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;MAClBZ,GAAG;MACHqB,aAAa,EAAE,MAAM;MACrBC,aAAa,EAAE3B,YAAY;MAC3B4B,SAAS,EAAE3B,QAAQ;MACnBO,GAAG;MACHqB,KAAK,EAAE,IAAAC,sCAAgC,EAAC,EAAE,CAAC;MAC3CC,cAAc,EAAEZ,aAAa;MAC7Ba,qBAAqB,EAAEd,mBAAmB;MAC1Ce,YAAY,EAAE/B,WAAW;MACzB,IAAIC,oBAAoB,IAAI;QAC1B+B,qBAAqB,EAAE/B;MACzB,CAAC,CAAC;MACF,IAAIC,KAAK,IAAI;QAAEA;MAAM,CAAC;IACxB,CAAC,CAAC,CACD+B,WAAW,CAAC,CAAC,CAAC;IAAA,CACdC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;;IAET;IACA,IAAIC,QAAQ,GAAG,IAAIC,eAAe,CAAC;MACjCX,SAAS,EAAE3B,QAAQ;MACnBuC,OAAO,EAAEnB;IACX,CAAC,CAAC;IAEFoB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0BhD,WAAY,KAAI0C,QAAS,EACtD,CAAC;IAED,OAAO,MAAM3C,QAAQ,CAACC,WAAW,EAAE;MACjCiD,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD,0BAA0B,EAAEjD,yBAAyB;QACrD,8BAA8B,EAAEiB;MAClC,CAAC;MACDiC,IAAI,EAAET,QAAQ,CAACU,QAAQ,CAAC;IAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAC7D,WAAW,CAACkE,KAAK,CAAC,CACvBL,IAAI,CAAEM,MAAM,IAAKA,MAAM,CAAClE,WAAW,CAAC;EACzC,CAAC;AAAA;AAACJ,OAAA,CAAAO,cAAA,GAAAA,cAAA"}
package/lib/commonjs/utils/pop.js CHANGED
@@ -19,7 +19,7 @@ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj &&
19
19
  const createPopToken = async (payload, crypto) => {
20
20
  const kid = await crypto.getPublicKey().then(_ => _.kid);
21
21
  return new _ioReactNativeJwt.SignJWT(crypto).setPayload(payload).setProtectedHeader({
22
- typ: "jwt-client-attestation-pop",
22
+ typ: "oauth-client-attestation-pop+jwt",
23
23
  kid
24
24
  }).setIssuedAt().setExpirationTime("5min").sign();
25
25
  };
package/lib/commonjs/utils/pop.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["z","_interopRequireWildcard","require","_ioReactNativeJwt","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createPopToken","payload","crypto","kid","getPublicKey","then","_","SignJWT","setPayload","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","exports","PoPPayload","object","jti","string","aud","iss"],"sourceRoot":"../../../src","sources":["utils/pop.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAEA,IAAAC,iBAAA,GAAAD,OAAA;AAA0E,SAAAE,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMW,cAAc,GAAG,MAAAA,CAC5BC,OAAmB,EACnBC,MAAqB,KACD;EACpB,MAAMC,GAAG,GAAG,MAAMD,MAAM,CAACE,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACH,GAAG,CAAC;EAC1D,OAAO,IAAII,yBAAO,CAACL,MAAM,CAAC,CACvBM,UAAU,CAACP,OAAO,CAAC,CACnBQ,kBAAkB,CAAC;IAClBC,GAAG,EAAE,4BAA4B;IACjCP;EACF,CAAC,CAAC,CACDQ,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACC,OAAA,CAAAd,cAAA,GAAAA,cAAA;AAGK,MAAMe,UAAU,GAAGzC,CAAC,CAAC0C,MAAM,CAAC;EACjCC,GAAG,EAAE3C,CAAC,CAAC4C,MAAM,CAAC,CAAC;EACfC,GAAG,EAAE7C,CAAC,CAAC4C,MAAM,CAAC,CAAC;EACfE,GAAG,EAAE9C,CAAC,CAAC4C,MAAM,CAAC;AAChB,CAAC,CAAC;AAACJ,OAAA,CAAAC,UAAA,GAAAA,UAAA"}
1
+ {"version":3,"names":["z","_interopRequireWildcard","require","_ioReactNativeJwt","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createPopToken","payload","crypto","kid","getPublicKey","then","_","SignJWT","setPayload","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","exports","PoPPayload","object","jti","string","aud","iss"],"sourceRoot":"../../../src","sources":["utils/pop.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAEA,IAAAC,iBAAA,GAAAD,OAAA;AAA0E,SAAAE,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMW,cAAc,GAAG,MAAAA,CAC5BC,OAAmB,EACnBC,MAAqB,KACD;EACpB,MAAMC,GAAG,GAAG,MAAMD,MAAM,CAACE,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACH,GAAG,CAAC;EAC1D,OAAO,IAAII,yBAAO,CAACL,MAAM,CAAC,CACvBM,UAAU,CAACP,OAAO,CAAC,CACnBQ,kBAAkB,CAAC;IAClBC,GAAG,EAAE,kCAAkC;IACvCP;EACF,CAAC,CAAC,CACDQ,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACC,OAAA,CAAAd,cAAA,GAAAA,cAAA;AAGK,MAAMe,UAAU,GAAGzC,CAAC,CAAC0C,MAAM,CAAC;EACjCC,GAAG,EAAE3C,CAAC,CAAC4C,MAAM,CAAC,CAAC;EACfC,GAAG,EAAE7C,CAAC,CAAC4C,MAAM,CAAC,CAAC;EACfE,GAAG,EAAE9C,CAAC,CAAC4C,MAAM,CAAC;AAChB,CAAC,CAAC;AAACJ,OAAA,CAAAC,UAAA,GAAAA,UAAA"}
package/lib/commonjs/wallet-instance-attestation/types.js CHANGED
@@ -42,12 +42,16 @@ const WalletInstanceAttestationRequestJwt = z.object({
42
42
  hardware_key_tag: z.string()
43
43
  }))
44
44
  });
45
+
46
+ // TODO: [SIW-2089] add type for Wallet Attestation in SD-JWT and MDOC format
47
+ // See https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/wallet-solution.html#wallet-attestation-issuance step 18
45
48
  exports.WalletInstanceAttestationRequestJwt = WalletInstanceAttestationRequestJwt;
46
49
  const WalletInstanceAttestationJwt = z.object({
47
50
  header: z.intersection(Jwt.shape.header, z.object({
48
51
  typ: z.literal("oauth-client-attestation+jwt"),
49
- trust_chain: z.array(z.string())
52
+ trust_chain: z.array(z.string()).optional() // TODO: [SIW-2264] Make mandatory
50
53
  })),
54
+
51
55
  payload: z.intersection(Jwt.shape.payload, z.object({
52
56
  sub: z.string(),
53
57
  aal: z.string(),
package/lib/commonjs/wallet-instance-attestation/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_jwk","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","UnixTime","number","min","max","Jwt","object","header","alg","string","kid","typ","x5c","array","optional","trust_chain","payload","iss","iat","exp","cnf","jwk","intersection","JWK","WalletInstanceAttestationRequestJwt","shape","literal","aud","nonce","hardware_signature","integrity_assertion","hardware_key_tag","exports","WalletInstanceAttestationJwt","sub","aal","wallet_link","wallet_name","WalletAttestationResponse","wallet_attestations","wallet_attestation","format","enum"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB,MAAMW,QAAQ,GAAGxB,CAAC,CAACyB,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAGrD,MAAMC,GAAG,GAAG5B,CAAC,CAAC6B,MAAM,CAAC;EACnBC,MAAM,EAAE9B,CAAC,CAAC6B,MAAM,CAAC;IACfE,GAAG,EAAE/B,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEjC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfE,GAAG,EAAElC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfG,GAAG,EAAEnC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IACnCC,WAAW,EAAEtC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;EAC5C,CAAC,CAAC;EACFE,OAAO,EAAEvC,CAAC,CAAC6B,MAAM,CAAC;IAChBW,GAAG,EAAExC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfS,GAAG,EAAEjB,QAAQ;IACbkB,GAAG,EAAElB,QAAQ;IACbmB,GAAG,EAAE3C,CAAC,CAAC6B,MAAM,CAAC;MACZe,GAAG,EAAE5C,CAAC,CAAC6C,YAAY,CACjBC,QAAG;MACH;MACA9C,CAAC,CAAC6B,MAAM,CAAC;QAAEI,GAAG,EAAEjC,CAAC,CAACgC,MAAM,CAAC;MAAE,CAAC,CAC9B;IACF,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAKK,MAAMe,mCAAmC,GAAG/C,CAAC,CAAC6B,MAAM,CAAC;EAC1DC,MAAM,EAAE9B,CAAC,CAAC6C,YAAY,CACpBjB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChB9B,CAAC,CAAC6B,MAAM,CAAC;IACPK,GAAG,EAAElC,CAAC,CAACiD,OAAO,CAAC,YAAY;EAC7B,CAAC,CACH,CAAC;EACDV,OAAO,EAAEvC,CAAC,CAAC6C,YAAY,CACrBjB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBvC,CAAC,CAAC6B,MAAM,CAAC;IACPqB,GAAG,EAAElD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfmB,KAAK,EAAEnD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACjBoB,kBAAkB,EAAEpD,CAAC,CAACgC,MAAM,CAAC,CAAC;IAC9BqB,mBAAmB,EAAErD,CAAC,CAACgC,MAAM,CAAC,CAAC;IAC/BsB,gBAAgB,EAAEtD,CAAC,CAACgC,MAAM,CAAC;EAC7B,CAAC,CACH;AACF,CAAC,CAAC;AAACuB,OAAA,CAAAR,mCAAA,GAAAA,mCAAA;AAKI,MAAMS,4BAA4B,GAAGxD,CAAC,CAAC6B,MAAM,CAAC;EACnDC,MAAM,EAAE9B,CAAC,CAAC6C,YAAY,CACpBjB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChB9B,CAAC,CAAC6B,MAAM,CAAC;IACPK,GAAG,EAAElC,CAAC,CAACiD,OAAO,CAAC,8BAA8B,CAAC;IAC9CX,WAAW,EAAEtC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC;EACjC,CAAC,CACH,CAAC;EACDO,OAAO,EAAEvC,CAAC,CAAC6C,YAAY,CACrBjB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBvC,CAAC,CAAC6B,MAAM,CAAC;IACP4B,GAAG,EAAEzD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACf0B,GAAG,EAAE1D,CAAC,CAACgC,MAAM,CAAC,CAAC;IACf2B,WAAW,EAAE3D,CAAC,CAACgC,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IAClCuB,WAAW,EAAE5D,CAAC,CAACgC,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC;EACnC,CAAC,CACH;AACF,CAAC,CAAC;AAACkB,OAAA,CAAAC,4BAAA,GAAAA,4BAAA;AAKI,MAAMK,yBAAyB,GAAG7D,CAAC,CAAC6B,MAAM,CAAC;EAChDiC,mBAAmB,EAAE9D,CAAC,CAACoC,KAAK,CAC1BpC,CAAC,CAAC6B,MAAM,CAAC;IACPkC,kBAAkB,EAAE/D,CAAC,CAACgC,MAAM,CAAC,CAAC;IAC9BgC,MAAM,EAAEhE,CAAC,CAACiE,IAAI,CAAC,CAAC,KAAK,EAAE,WAAW,EAAE,UAAU,CAAC;EACjD,CAAC,CACH;AACF,CAAC,CAAC;AAACV,OAAA,CAAAM,yBAAA,GAAAA,yBAAA"}
1
+ {"version":3,"names":["_jwk","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","UnixTime","number","min","max","Jwt","object","header","alg","string","kid","typ","x5c","array","optional","trust_chain","payload","iss","iat","exp","cnf","jwk","intersection","JWK","WalletInstanceAttestationRequestJwt","shape","literal","aud","nonce","hardware_signature","integrity_assertion","hardware_key_tag","exports","WalletInstanceAttestationJwt","sub","aal","wallet_link","wallet_name","WalletAttestationResponse","wallet_attestations","wallet_attestation","format","enum"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB,MAAMW,QAAQ,GAAGxB,CAAC,CAACyB,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAGrD,MAAMC,GAAG,GAAG5B,CAAC,CAAC6B,MAAM,CAAC;EACnBC,MAAM,EAAE9B,CAAC,CAAC6B,MAAM,CAAC;IACfE,GAAG,EAAE/B,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEjC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfE,GAAG,EAAElC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfG,GAAG,EAAEnC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IACnCC,WAAW,EAAEtC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;EAC5C,CAAC,CAAC;EACFE,OAAO,EAAEvC,CAAC,CAAC6B,MAAM,CAAC;IAChBW,GAAG,EAAExC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfS,GAAG,EAAEjB,QAAQ;IACbkB,GAAG,EAAElB,QAAQ;IACbmB,GAAG,EAAE3C,CAAC,CAAC6B,MAAM,CAAC;MACZe,GAAG,EAAE5C,CAAC,CAAC6C,YAAY,CACjBC,QAAG;MACH;MACA9C,CAAC,CAAC6B,MAAM,CAAC;QAAEI,GAAG,EAAEjC,CAAC,CAACgC,MAAM,CAAC;MAAE,CAAC,CAC9B;IACF,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAKK,MAAMe,mCAAmC,GAAG/C,CAAC,CAAC6B,MAAM,CAAC;EAC1DC,MAAM,EAAE9B,CAAC,CAAC6C,YAAY,CACpBjB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChB9B,CAAC,CAAC6B,MAAM,CAAC;IACPK,GAAG,EAAElC,CAAC,CAACiD,OAAO,CAAC,YAAY;EAC7B,CAAC,CACH,CAAC;EACDV,OAAO,EAAEvC,CAAC,CAAC6C,YAAY,CACrBjB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBvC,CAAC,CAAC6B,MAAM,CAAC;IACPqB,GAAG,EAAElD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfmB,KAAK,EAAEnD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACjBoB,kBAAkB,EAAEpD,CAAC,CAACgC,MAAM,CAAC,CAAC;IAC9BqB,mBAAmB,EAAErD,CAAC,CAACgC,MAAM,CAAC,CAAC;IAC/BsB,gBAAgB,EAAEtD,CAAC,CAACgC,MAAM,CAAC;EAC7B,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;AACA;AAAAuB,OAAA,CAAAR,mCAAA,GAAAA,mCAAA;AAIO,MAAMS,4BAA4B,GAAGxD,CAAC,CAAC6B,MAAM,CAAC;EACnDC,MAAM,EAAE9B,CAAC,CAAC6C,YAAY,CACpBjB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChB9B,CAAC,CAAC6B,MAAM,CAAC;IACPK,GAAG,EAAElC,CAAC,CAACiD,OAAO,CAAC,8BAA8B,CAAC;IAC9CX,WAAW,EAAEtC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC,CAAE;EAC/C,CAAC,CACH,CAAC;;EACDE,OAAO,EAAEvC,CAAC,CAAC6C,YAAY,CACrBjB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBvC,CAAC,CAAC6B,MAAM,CAAC;IACP4B,GAAG,EAAEzD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACf0B,GAAG,EAAE1D,CAAC,CAACgC,MAAM,CAAC,CAAC;IACf2B,WAAW,EAAE3D,CAAC,CAACgC,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IAClCuB,WAAW,EAAE5D,CAAC,CAACgC,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC;EACnC,CAAC,CACH;AACF,CAAC,CAAC;AAACkB,OAAA,CAAAC,4BAAA,GAAAA,4BAAA;AAKI,MAAMK,yBAAyB,GAAG7D,CAAC,CAAC6B,MAAM,CAAC;EAChDiC,mBAAmB,EAAE9D,CAAC,CAACoC,KAAK,CAC1BpC,CAAC,CAAC6B,MAAM,CAAC;IACPkC,kBAAkB,EAAE/D,CAAC,CAACgC,MAAM,CAAC,CAAC;IAC9BgC,MAAM,EAAEhE,CAAC,CAACiE,IAAI,CAAC,CAAC,KAAK,EAAE,WAAW,EAAE,UAAU,CAAC;EACjD,CAAC,CACH;AACF,CAAC,CAAC;AAACV,OAAA,CAAAM,yBAAA,GAAAA,yBAAA"}
package/lib/module/credential/issuance/02-evaluate-issuer-trust.js CHANGED
@@ -1,4 +1,4 @@
1
- import { getCredentialIssuerEntityConfiguration } from "../../trust";
1
+ import { getCredentialIssuerEntityConfiguration } from "../../trust/build-chain";
2
2
  /**
3
3
  * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
4
4
  * The Issuer trust evaluation phase.
package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["getCredentialIssuerEntityConfiguration","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","appFetch","then","_","payload","metadata"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":"AAAA,SAASA,sCAAsC,QAAQ,aAAa;AAcpE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAMP,sCAAsC,CAACE,SAAS,EAAE;IACzEM,QAAQ,EAAEL,OAAO,CAACK;EACpB,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAACC,QAAQ,CAAC;EAClC,OAAO;IAAEL;EAAW,CAAC;AACvB,CAAC"}
1
+ {"version":3,"names":["getCredentialIssuerEntityConfiguration","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","appFetch","then","_","payload","metadata"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":"AAGA,SAASA,sCAAsC,QAAQ,yBAAyB;AAWhF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAMP,sCAAsC,CAACE,SAAS,EAAE;IACzEM,QAAQ,EAAEL,OAAO,CAACK;EACpB,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAACC,QAAQ,CAAC;EAClC,OAAO;IAAEL;EAAW,CAAC;AACvB,CAAC"}
package/lib/module/credential/issuance/03-start-user-authorization.js CHANGED
@@ -1,54 +1,59 @@
1
1
  import { generateRandomAlphaNumericString } from "../../utils/misc";
2
2
  import { makeParRequest } from "../../utils/par";
3
- import { ASSERTION_TYPE } from "./const";
4
3
  import { LogLevel, Logger } from "../../utils/logging";
5
4
  /**
6
5
  * Ensures that the credential type requested is supported by the issuer and contained in the
7
6
  * issuer configuration.
8
7
  * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
9
- * @param credentialType The type of the credential to be requested returned by {@link startFlow}
10
- * @param context.wiaCryptoContext The Wallet Instance's crypto context
11
- * @param context.walletInstanceAttestation The Wallet Instance's attestation
12
- * @param context.redirectUri The redirect URI which is the custom URL scheme that the Wallet Instance is registered to handle
13
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
8
+ * @param credentialId The credential configuration ID to be requested;
14
9
  * @returns The credential definition to be used in the request which includes the format and the type and its type
15
10
  */
16
- const selectCredentialDefinition = (issuerConf, credentialType) => {
11
+ const selectCredentialDefinition = (issuerConf, credentialId) => {
17
12
  const credential_configurations_supported = issuerConf.openid_credential_issuer.credential_configurations_supported;
18
- const [result] = Object.keys(credential_configurations_supported).filter(e => e.includes(credentialType)).map(e => ({
19
- credential_configuration_id: credentialType,
20
- format: credential_configurations_supported[e].format,
13
+ const [result] = Object.keys(credential_configurations_supported).filter(e => e.includes(credentialId)).map(() => ({
14
+ credential_configuration_id: credentialId,
21
15
  type: "openid_credential"
22
16
  }));
23
17
  if (!result) {
24
- Logger.log(LogLevel.ERROR, `Requested credential type ${credentialType} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
25
- throw new Error(`No credential support the type '${credentialType}'`);
18
+ Logger.log(LogLevel.ERROR, `Requested credential ${credentialId} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
19
+ throw new Error(`No credential support the type '${credentialId}'`);
26
20
  }
27
21
  return result;
28
22
  };
29
23
 
30
24
  /**
31
25
  * Ensures that the response mode requested is supported by the issuer and contained in the issuer configuration.
26
+ * When multiple credentials are provided, all of them must support the same response_mode.
32
27
  * @param issuerConf The issuer configuration
33
- * @param credentialType The type of the credential to be requested
28
+ * @param credentialIds The credential configuration IDs to be requested
34
29
  * @returns The response mode to be used in the request, "query" for PersonIdentificationData and "form_post.jwt" for all other types.
35
30
  */
36
- const selectResponseMode = (issuerConf, credentialType) => {
31
+ const selectResponseMode = (issuerConf, credentialIds) => {
37
32
  const responseModeSupported = issuerConf.oauth_authorization_server.response_modes_supported;
38
- const responseMode = credentialType === "PersonIdentificationData" ? "query" : "form_post.jwt";
39
- Logger.log(LogLevel.DEBUG, `Selected response mode ${responseMode} for credential type ${credentialType}`);
33
+ const responseModeSet = new Set();
34
+ for (const credentialId of credentialIds) {
35
+ responseModeSet.add(credentialId.match(/PersonIdentificationData/i) ? "query" : "form_post.jwt");
36
+ }
37
+ if (responseModeSet.size !== 1) {
38
+ Logger.log(LogLevel.ERROR, `${credentialIds} have incompatible response_mode: ${[...responseModeSet.values()]}`);
39
+ throw new Error("Requested credentials have incompatible response_mode and cannot be requested with the same PAR request");
40
+ }
41
+ const [responseMode] = responseModeSet.values();
42
+ Logger.log(LogLevel.DEBUG, `Selected response mode ${responseMode} for credential IDs ${credentialIds}`);
40
43
  if (!responseModeSupported.includes(responseMode)) {
41
44
  Logger.log(LogLevel.ERROR, `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`);
42
- throw new Error(`No response mode support the type '${credentialType}'`);
45
+ throw new Error(`No response mode support for IDs '${credentialIds}'`);
43
46
  }
44
47
  return responseMode;
45
48
  };
46
49
 
47
50
  /**
48
51
  * WARNING: This function must be called after {@link evaluateIssuerTrust} and {@link startFlow}. The next steam is {@link compeUserAuthorizationWithQueryMode} or {@link compeUserAuthorizationWithFormPostJwtMode}
52
+ *
49
53
  * Creates and sends a PAR request to the /as/par endpoint of the authorization server.
50
54
  * This starts the authentication flow to obtain an access token.
51
- * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer.
55
+ * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer; when multiple credential types are passed,
56
+ * it is possible to use the same access token for the issuance of all requested credentials.
52
57
  * This is an HTTP POST request containing the Wallet Instance identifier (client id), the code challenge and challenge method as specified by PKCE according to RFC 9126
53
58
  * along with the WTE and its proof of possession (WTE-PoP).
54
59
  * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details),
@@ -58,11 +63,12 @@ const selectResponseMode = (issuerConf, credentialType) => {
58
63
  * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
59
64
  * should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
60
65
  * @param issuerConf The issuer configuration
61
- * @param credentialType The type of the credential to be requested returned by {@link selectCredentialDefinition}
66
+ * @param credentialIds The credential configuration IDs to be requested
62
67
  * @param ctx The context object containing the Wallet Instance's cryptographic context, the Wallet Instance's attestation, the redirect URI and the fetch implementation
63
- * @returns The URI to which the end user should be redirected to start the authentication flow, along with the client id, the code verifier and the credential definition
68
+ * @returns The URI to which the end user should be redirected to start the authentication flow, along with the client id, the code verifier and the credential definition(s)
64
69
  */
65
- export const startUserAuthorization = async (issuerConf, credentialType, ctx) => {
70
+
71
+ export const startUserAuthorization = async (issuerConf, credentialIds, ctx) => {
66
72
  const {
67
73
  wiaCryptoContext,
68
74
  walletInstanceAttestation,
@@ -76,13 +82,21 @@ export const startUserAuthorization = async (issuerConf, credentialType, ctx) =>
76
82
  }
77
83
  const codeVerifier = generateRandomAlphaNumericString(64);
78
84
  const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
79
- const credentialDefinition = selectCredentialDefinition(issuerConf, credentialType);
80
- const responseMode = selectResponseMode(issuerConf, credentialType);
85
+ const aud = issuerConf.openid_credential_issuer.credential_issuer;
86
+ const credentialDefinition = credentialIds.map(c => selectCredentialDefinition(issuerConf, c));
87
+ const responseMode = selectResponseMode(issuerConf, credentialIds);
81
88
  const getPar = makeParRequest({
82
89
  wiaCryptoContext,
83
90
  appFetch
84
91
  });
85
- const issuerRequestUri = await getPar(clientId, codeVerifier, redirectUri, responseMode, parEndpoint, walletInstanceAttestation, [credentialDefinition], ASSERTION_TYPE);
92
+ const issuerRequestUri = await getPar(parEndpoint, walletInstanceAttestation, {
93
+ aud,
94
+ clientId,
95
+ codeVerifier,
96
+ redirectUri,
97
+ responseMode,
98
+ authorizationDetails: credentialDefinition
99
+ });
86
100
  return {
87
101
  issuerRequestUri,
88
102
  clientId,
package/lib/module/credential/issuance/03-start-user-authorization.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","ASSERTION_TYPE","LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","format","type","log","ERROR","JSON","stringify","Error","selectResponseMode","responseModeSupported","oauth_authorization_server","response_modes_supported","responseMode","DEBUG","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","credentialDefinition","getPar","issuerRequestUri"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAG7E,SAA8BC,cAAc,QAAQ,iBAAiB;AACrE,SAASC,cAAc,QAAQ,SAAS;AACxC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAkBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,cAAc,CAAC,CAAC,CACzCS,GAAG,CAAEF,CAAC,KAAM;IACXG,2BAA2B,EAAEV,cAAc;IAC3CW,MAAM,EAAEV,mCAAmC,CAACM,CAAC,CAAC,CAAEI,MAAM;IACtDC,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACT,MAAM,EAAE;IACXN,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAACkB,KAAK,EACb,6BAA4Bd,cAAe,kEAAiEe,IAAI,CAACC,SAAS,CAACf,mCAAmC,CAAE,EACnK,CAAC;IACD,MAAM,IAAIgB,KAAK,CAAE,mCAAkCjB,cAAe,GAAE,CAAC;EACvE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMe,kBAAkB,GAAGA,CACzBnB,UAAkD,EAClDC,cAAgD,KAC/B;EACjB,MAAMmB,qBAAqB,GACzBpB,UAAU,CAACqB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,YAAY,GAChBtB,cAAc,KAAK,0BAA0B,GAAG,OAAO,GAAG,eAAe;EAE3EH,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAAC2B,KAAK,EACb,0BAAyBD,YAAa,wBAAuBtB,cAAe,EAC/E,CAAC;EAED,IAAI,CAACmB,qBAAqB,CAACX,QAAQ,CAACc,YAAY,CAAC,EAAE;IACjDzB,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAACkB,KAAK,EACb,2BAA0BQ,YAAa,kEAAiEP,IAAI,CAACC,SAAS,CAACG,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAIF,KAAK,CAAE,sCAAqCjB,cAAe,GAAE,CAAC;EAC1E;EAEA,OAAOsB,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,sBAA8C,GAAG,MAAAA,CAC5DzB,UAAU,EACVC,cAAc,EACdyB,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,IAAI,CAACJ,QAAQ,EAAE;IACblC,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAACkB,KAAK,EACb,kCAAiCiB,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAId,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAMmB,YAAY,GAAG3C,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAM4C,WAAW,GACftC,UAAU,CAACqB,0BAA0B,CAACkB,qCAAqC;EAC7E,MAAMC,oBAAoB,GAAGzC,0BAA0B,CACrDC,UAAU,EACVC,cACF,CAAC;EACD,MAAMsB,YAAY,GAAGJ,kBAAkB,CAACnB,UAAU,EAAEC,cAAc,CAAC;EAEnE,MAAMwC,MAAM,GAAG9C,cAAc,CAAC;IAAEgC,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,MAAMY,gBAAgB,GAAG,MAAMD,MAAM,CACnCT,QAAQ,EACRK,YAAY,EACZR,WAAW,EACXN,YAAY,EACZe,WAAW,EACXV,yBAAyB,EACzB,CAACY,oBAAoB,CAAC,EACtB5C,cACF,CAAC;EAED,OAAO;IAAE8C,gBAAgB;IAAEV,QAAQ;IAAEK,YAAY;IAAEG;EAAqB,CAAC;AAC3E,CAAC"}
1
+ {"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","log","ERROR","JSON","stringify","Error","selectResponseMode","credentialIds","responseModeSupported","oauth_authorization_server","response_modes_supported","responseModeSet","Set","add","match","size","values","responseMode","DEBUG","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","aud","credential_issuer","credentialDefinition","c","getPar","issuerRequestUri","authorizationDetails"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAG7E,SAA8BC,cAAc,QAAQ,iBAAiB;AACrE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAkBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,YAA4C,KACpB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,YAAY,CAAC,CAAC,CACvCS,GAAG,CAAC,OAAO;IACVC,2BAA2B,EAAEV,YAAY;IACzCW,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACXN,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,wBAAuBb,YAAa,kEAAiEc,IAAI,CAACC,SAAS,CAACd,mCAAmC,CAAE,EAC5J,CAAC;IACD,MAAM,IAAIe,KAAK,CAAE,mCAAkChB,YAAa,GAAE,CAAC;EACrE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,kBAAkB,GAAGA,CACzBlB,UAAkD,EAClDmB,aAAuB,KACN;EACjB,MAAMC,qBAAqB,GACzBpB,UAAU,CAACqB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,eAAe,GAAG,IAAIC,GAAG,CAAe,CAAC;EAE/C,KAAK,MAAMvB,YAAY,IAAIkB,aAAa,EAAE;IACxCI,eAAe,CAACE,GAAG,CACjBxB,YAAY,CAACyB,KAAK,CAAC,2BAA2B,CAAC,GAC3C,OAAO,GACP,eACN,CAAC;EACH;EAEA,IAAIH,eAAe,CAACI,IAAI,KAAK,CAAC,EAAE;IAC9B7B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,GAAEK,aAAc,qCAAoC,CAAC,GAAGI,eAAe,CAACK,MAAM,CAAC,CAAC,CAAE,EACrF,CAAC;IACD,MAAM,IAAIX,KAAK,CACb,yGACF,CAAC;EACH;EAEA,MAAM,CAACY,YAAY,CAAC,GAAGN,eAAe,CAACK,MAAM,CAAC,CAAC;EAE/C9B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiC,KAAK,EACb,0BAAyBD,YAAa,uBAAsBV,aAAc,EAC7E,CAAC;EAED,IAAI,CAACC,qBAAqB,CAACX,QAAQ,CAACoB,YAAa,CAAC,EAAE;IAClD/B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,2BAA0Be,YAAa,kEAAiEd,IAAI,CAACC,SAAS,CAACI,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAIH,KAAK,CAAE,qCAAoCE,aAAc,GAAE,CAAC;EACxE;EAEA,OAAOU,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAME,sBAA8C,GAAG,MAAAA,CAC5D/B,UAAU,EACVmB,aAAa,EACba,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbxC,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,kCAAiCwB,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIrB,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAM0B,YAAY,GAAGhD,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAMiD,WAAW,GACf5C,UAAU,CAACqB,0BAA0B,CAACwB,qCAAqC;EAC7E,MAAMC,GAAG,GAAG9C,UAAU,CAACG,wBAAwB,CAAC4C,iBAAiB;EACjE,MAAMC,oBAAoB,GAAG7B,aAAa,CAACT,GAAG,CAAEuC,CAAC,IAC/ClD,0BAA0B,CAACC,UAAU,EAAEiD,CAAC,CAC1C,CAAC;EACD,MAAMpB,YAAY,GAAGX,kBAAkB,CAAClB,UAAU,EAAEmB,aAAa,CAAC;EAClE,MAAM+B,MAAM,GAAGtD,cAAc,CAAC;IAAEqC,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,MAAMe,gBAAgB,GAAG,MAAMD,MAAM,CACnCN,WAAW,EACXV,yBAAyB,EACzB;IACEY,GAAG;IACHR,QAAQ;IACRK,YAAY;IACZR,WAAW;IACXN,YAAY;IACZuB,oBAAoB,EAAEJ;EACxB,CACF,CAAC;EAED,OAAO;IAAEG,gBAAgB;IAAEb,QAAQ;IAAEK,YAAY;IAAEK;EAAqB,CAAC;AAC3E,CAAC"}
package/lib/module/credential/issuance/05-authorize-access.js CHANGED
@@ -3,7 +3,6 @@ import { createDPopToken } from "../../utils/dpop";
3
3
  import { v4 as uuidv4 } from "uuid";
4
4
  import { createPopToken } from "../../utils/pop";
5
5
  import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
6
- import { ASSERTION_TYPE } from "./const";
7
6
  import { TokenResponse } from "./types";
8
7
  import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
9
8
  import { LogLevel, Logger } from "../../utils/logging";
@@ -25,16 +24,14 @@ import { LogLevel, Logger } from "../../utils/logging";
25
24
  * @throws {IssuerResponseError} with a specific code for more context
26
25
  * @return The token response containing the access token along with the token request signed with DPoP which has to be used in the {@link obtainCredential} step.
27
26
  */
28
- export const authorizeAccess = async (issuerConf, code, clientId, redirectUri, codeVerifier, context) => {
27
+ export const authorizeAccess = async (issuerConf, code, _, redirectUri, codeVerifier, context) => {
29
28
  const {
30
29
  appFetch = fetch,
31
30
  walletInstanceAttestation,
32
31
  wiaCryptoContext,
33
32
  dPopCryptoContext
34
33
  } = context;
35
- const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
36
- const parUrl = new URL(parEndpoint);
37
- const aud = `${parUrl.protocol}//${parUrl.hostname}`;
34
+ const aud = issuerConf.openid_credential_issuer.credential_issuer;
38
35
  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
39
36
  const tokenUrl = issuerConf.oauth_authorization_server.token_endpoint;
40
37
  const tokenRequestSignedDPop = await createDPopToken({
@@ -51,12 +48,9 @@ export const authorizeAccess = async (issuerConf, code, clientId, redirectUri, c
51
48
  Logger.log(LogLevel.DEBUG, `WIA DPoP token: ${signedWiaPoP}`);
52
49
  const requestBody = {
53
50
  grant_type: "authorization_code",
54
- client_id: clientId,
55
51
  code,
56
- redirect_uri: redirectUri,
57
52
  code_verifier: codeVerifier,
58
- client_assertion_type: ASSERTION_TYPE,
59
- client_assertion: walletInstanceAttestation + "~" + signedWiaPoP
53
+ redirect_uri: redirectUri
60
54
  };
61
55
  const authorizationRequestFormBody = new URLSearchParams(requestBody);
62
56
  Logger.log(LogLevel.DEBUG, `Auth form request body: ${authorizationRequestFormBody}`);
@@ -64,7 +58,9 @@ export const authorizeAccess = async (issuerConf, code, clientId, redirectUri, c
64
58
  method: "POST",
65
59
  headers: {
66
60
  "Content-Type": "application/x-www-form-urlencoded",
67
- DPoP: tokenRequestSignedDPop
61
+ DPoP: tokenRequestSignedDPop,
62
+ "OAuth-Client-Attestation": walletInstanceAttestation,
63
+ "OAuth-Client-Attestation-PoP": signedWiaPoP
68
64
  },
69
65
  body: authorizationRequestFormBody.toString()
70
66
  }).then(hasStatusOrThrow(200, IssuerResponseError)).then(res => res.json()).then(body => TokenResponse.safeParse(body));
package/lib/module/credential/issuance/05-authorize-access.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["hasStatusOrThrow","createDPopToken","v4","uuidv4","createPopToken","WalletInstanceAttestation","ASSERTION_TYPE","TokenResponse","IssuerResponseError","ValidationFailed","LogLevel","Logger","authorizeAccess","issuerConf","code","clientId","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","parEndpoint","oauth_authorization_server","pushed_authorization_request_endpoint","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","kid","tokenUrl","token_endpoint","tokenRequestSignedDPop","htm","htu","jti","log","DEBUG","signedWiaPoP","requestBody","grant_type","client_id","redirect_uri","code_verifier","client_assertion_type","client_assertion","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","res","json","safeParse","success","ERROR","error","message","reason","accessToken","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAG7D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,cAAc,QAAQ,iBAAiB;AAChD,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,cAAc,QAAQ,SAAS;AACxC,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAgBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,QAAQ,EACRC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,WAAW,GACfX,UAAU,CAACY,0BAA0B,CAACC,qCAAqC;EAC7E,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACJ,WAAW,CAAC;EACnC,MAAMK,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAG3B,yBAAyB,CAAC4B,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGzB,UAAU,CAACY,0BAA0B,CAACc,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAMvC,eAAe,CAClD;IACEwC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEJ,QAAQ;IACbK,GAAG,EAAG,GAAExC,MAAM,CAAC,CAAE;EACnB,CAAC,EACDoB,iBACF,CAAC;EAEDZ,MAAM,CAACiC,GAAG,CAAClC,QAAQ,CAACmC,KAAK,EAAG,uBAAsBL,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,YAAY,GAAG,MAAM1C,cAAc,CACvC;IACEuC,GAAG,EAAG,GAAExC,MAAM,CAAC,CAAE,EAAC;IAClB0B,GAAG;IACHG;EACF,CAAC,EACDV,gBACF,CAAC;EAEDX,MAAM,CAACiC,GAAG,CAAClC,QAAQ,CAACmC,KAAK,EAAG,mBAAkBC,YAAa,EAAC,CAAC;EAE7D,MAAMC,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCC,SAAS,EAAElC,QAAQ;IACnBD,IAAI;IACJoC,YAAY,EAAElC,WAAW;IACzBmC,aAAa,EAAElC,YAAY;IAC3BmC,qBAAqB,EAAE9C,cAAc;IACrC+C,gBAAgB,EAAEhC,yBAAyB,GAAG,GAAG,GAAGyB;EACtD,CAAC;EAED,MAAMQ,4BAA4B,GAAG,IAAIC,eAAe,CAACR,WAAW,CAAC;EAErEpC,MAAM,CAACiC,GAAG,CACRlC,QAAQ,CAACmC,KAAK,EACb,2BAA0BS,4BAA6B,EAC1D,CAAC;EAED,MAAME,QAAQ,GAAG,MAAMrC,QAAQ,CAACmB,QAAQ,EAAE;IACxCmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEnB;IACR,CAAC;IACDoB,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAAC9D,gBAAgB,CAAC,GAAG,EAAEQ,mBAAmB,CAAC,CAAC,CAChDsD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,IAAKrD,aAAa,CAAC0D,SAAS,CAACL,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACU,OAAO,EAAE;IACrBvD,MAAM,CAACiC,GAAG,CACRlC,QAAQ,CAACyD,KAAK,EACb,qCAAoCX,QAAQ,CAACY,KAAK,CAACC,OAAQ,EAC9D,CAAC;IAED,MAAM,IAAI5D,gBAAgB,CAAC;MACzB4D,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEd,QAAQ,CAACY,KAAK,CAACC;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEE,WAAW,EAAEf,QAAQ,CAACgB;EAAK,CAAC;AACvC,CAAC"}
1
+ {"version":3,"names":["hasStatusOrThrow","createDPopToken","v4","uuidv4","createPopToken","WalletInstanceAttestation","TokenResponse","IssuerResponseError","ValidationFailed","LogLevel","Logger","authorizeAccess","issuerConf","code","_","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","aud","openid_credential_issuer","credential_issuer","iss","decode","payload","cnf","jwk","kid","tokenUrl","oauth_authorization_server","token_endpoint","tokenRequestSignedDPop","htm","htu","jti","log","DEBUG","signedWiaPoP","requestBody","grant_type","code_verifier","redirect_uri","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","res","json","safeParse","success","ERROR","error","message","reason","accessToken","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAG7D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,cAAc,QAAQ,iBAAiB;AAChD,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAgBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,CAAC,EACDC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EACX,MAAMM,GAAG,GAAGX,UAAU,CAACY,wBAAwB,CAACC,iBAAiB;EACjE,MAAMC,GAAG,GAAGrB,yBAAyB,CAACsB,MAAM,CAACP,yBAAyB,CAAC,CACpEQ,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGpB,UAAU,CAACqB,0BAA0B,CAACC,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAMlC,eAAe,CAClD;IACEmC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEL,QAAQ;IACbM,GAAG,EAAG,GAAEnC,MAAM,CAAC,CAAE;EACnB,CAAC,EACDmB,iBACF,CAAC;EAEDZ,MAAM,CAAC6B,GAAG,CAAC9B,QAAQ,CAAC+B,KAAK,EAAG,uBAAsBL,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,YAAY,GAAG,MAAMrC,cAAc,CACvC;IACEkC,GAAG,EAAG,GAAEnC,MAAM,CAAC,CAAE,EAAC;IAClBoB,GAAG;IACHG;EACF,CAAC,EACDL,gBACF,CAAC;EAEDX,MAAM,CAAC6B,GAAG,CAAC9B,QAAQ,CAAC+B,KAAK,EAAG,mBAAkBC,YAAa,EAAC,CAAC;EAE7D,MAAMC,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChC9B,IAAI;IACJ+B,aAAa,EAAE5B,YAAY;IAC3B6B,YAAY,EAAE9B;EAChB,CAAC;EAED,MAAM+B,4BAA4B,GAAG,IAAIC,eAAe,CAACL,WAAW,CAAC;EAErEhC,MAAM,CAAC6B,GAAG,CACR9B,QAAQ,CAAC+B,KAAK,EACb,2BAA0BM,4BAA6B,EAC1D,CAAC;EAED,MAAME,QAAQ,GAAG,MAAM9B,QAAQ,CAACc,QAAQ,EAAE;IACxCiB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEhB,sBAAsB;MAC5B,0BAA0B,EAAEf,yBAAyB;MACrD,8BAA8B,EAAEqB;IAClC,CAAC;IACDW,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAACtD,gBAAgB,CAAC,GAAG,EAAEO,mBAAmB,CAAC,CAAC,CAChD+C,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,IAAK9C,aAAa,CAACmD,SAAS,CAACL,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACU,OAAO,EAAE;IACrBhD,MAAM,CAAC6B,GAAG,CACR9B,QAAQ,CAACkD,KAAK,EACb,qCAAoCX,QAAQ,CAACY,KAAK,CAACC,OAAQ,EAC9D,CAAC;IAED,MAAM,IAAIrD,gBAAgB,CAAC;MACzBqD,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEd,QAAQ,CAACY,KAAK,CAACC;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEE,WAAW,EAAEf,QAAQ,CAACgB;EAAK,CAAC;AACvC,CAAC"}
package/lib/module/credential/issuance/06-obtain-credential.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import { sha256ToBase64, SignJWT } from "@pagopa/io-react-native-jwt";
2
2
  import { hasStatusOrThrow } from "../../utils/misc";
3
3
  import { IssuerResponseError, IssuerResponseErrorCodes, ResponseErrorBuilder, UnexpectedStatusCodeError, ValidationFailed } from "../../utils/errors";
4
- import { CredentialResponse } from "./types";
4
+ import { CredentialResponse, NonceResponse } from "./types";
5
5
  import { createDPopToken } from "../../utils/dpop";
6
6
  import { v4 as uuidv4 } from "uuid";
7
7
  import { LogLevel, Logger } from "../../utils/logging";
@@ -24,11 +24,11 @@ export const createNonceProof = async (nonce, issuer, audience, ctx) => {
24
24
  * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
25
25
  * @param accessToken The access token response returned by {@link authorizeAccess}
26
26
  * @param clientId The client id returned by {@link startUserAuthorization}
27
- * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link startUserAuthorization}
28
- * @param tokenRequestSignedDPop The DPoP signed token request returned by {@link authorizeAccess}
27
+ * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link authorizeAccess}
29
28
  * @param context.credentialCryptoContext The crypto context used to obtain the credential
30
29
  * @param context.dPopCryptoContext The DPoP crypto context
31
30
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
31
+ * @param operationType Specify the type of credential issuance (used for reissuing)
32
32
  * @returns The credential response containing the credential
33
33
  */
34
34
  export const obtainCredential = async (issuerConf, accessToken, clientId, credentialDefinition, context, operationType) => {
@@ -37,18 +37,34 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
37
37
  appFetch = fetch,
38
38
  dPopCryptoContext
39
39
  } = context;
40
+ const {
41
+ credential_configuration_id,
42
+ credential_identifier
43
+ } = credentialDefinition;
40
44
  const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
45
+ const issuerUrl = issuerConf.oauth_authorization_server.issuer;
46
+ const nonceUrl = issuerConf.openid_credential_issuer.nonce_endpoint;
47
+
48
+ // Fetch the nonce from the Credential Issuer
49
+ const {
50
+ c_nonce
51
+ } = await appFetch(nonceUrl, {
52
+ method: "POST",
53
+ headers: {
54
+ "Content-Type": "application/json"
55
+ }
56
+ }).then(hasStatusOrThrow(200)).then(res => res.json()).then(body => NonceResponse.parse(body));
41
57
 
42
58
  /**
43
59
  * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
44
60
  * This is presented along with the access token to the Credential Endpoint as proof of possession of the private key used to sign the Access Token.
45
61
  * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
46
62
  */
47
- const signedNonceProof = await createNonceProof(accessToken.c_nonce, clientId, credentialUrl, credentialCryptoContext);
63
+ const signedNonceProof = await createNonceProof(c_nonce, clientId, issuerUrl, credentialCryptoContext);
48
64
  Logger.log(LogLevel.DEBUG, `Signed nonce proof: ${signedNonceProof}`);
49
65
 
50
66
  // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
51
- const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credentialDefinition.credential_configuration_id && c.format === credentialDefinition.format && c.type === credentialDefinition.type);
67
+ const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credential_configuration_id && (credential_identifier ? c.credential_identifiers.includes(credential_identifier) : true));
52
68
  if (!containsCredentialDefinition) {
53
69
  Logger.log(LogLevel.ERROR, `Credential definition not found in the access token response ${accessToken.authorization_details}`);
54
70
  throw new ValidationFailed({
@@ -56,12 +72,20 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
56
72
  });
57
73
  }
58
74
 
59
- /** The credential request body */
60
- const credentialRequestFormBody = {
61
- credential_definition: {
62
- type: [credentialDefinition.credential_configuration_id]
63
- },
64
- format: credentialDefinition.format,
75
+ /**
76
+ * The credential request body.
77
+ * We accept both `credential_identifier` (recommended) and `credential_configuration_id`
78
+ * when the Authorization Server does not support `credential_identifier`.
79
+ * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#section-3.3.4
80
+ */
81
+ const credentialRequestFormBody = credential_identifier ? {
82
+ credential_identifier: credential_identifier,
83
+ proof: {
84
+ jwt: signedNonceProof,
85
+ proof_type: "jwt"
86
+ }
87
+ } : {
88
+ credential_configuration_id: credential_configuration_id,
65
89
  proof: {
66
90
  jwt: signedNonceProof,
67
91
  proof_type: "jwt"
@@ -95,7 +119,15 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
95
119
  });
96
120
  }
97
121
  Logger.log(LogLevel.DEBUG, `Credential Response: ${JSON.stringify(credentialRes.data)}`);
98
- return credentialRes.data;
122
+
123
+ // Extract the format corresponding to the credential_configuration_id used
124
+ const issuerCredentialConfig = issuerConf.openid_credential_issuer.credential_configurations_supported[credential_configuration_id];
125
+
126
+ // TODO: [SIW-2264] Handle multiple credentials
127
+ return {
128
+ credential: credentialRes.data.credentials.at(0).credential,
129
+ format: issuerCredentialConfig.format
130
+ };
99
131
  };
100
132
 
101
133
  /**
package/lib/module/credential/issuance/06-obtain-credential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","createDPopToken","v4","uuidv4","LogLevel","Logger","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","operationType","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credentialUrl","openid_credential_issuer","credential_endpoint","signedNonceProof","c_nonce","log","DEBUG","containsCredentialDefinition","authorization_details","some","c","credential_configuration_id","format","type","ERROR","message","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","JSON","stringify","tokenRequestSignedDPop","htm","htu","jti","ath","access_token","credentialRes","method","headers","DPoP","Authorization","token_type","body","then","res","json","safeParse","catch","handleObtainCredentialError","success","error","reason","data","e","handle","code","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,QAAQ,SAAS;AAC5C,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAetD,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAInB,OAAO,CAACiB,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,EACPC,aAAa,KACV;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,aAAa,GAAGV,UAAU,CAACW,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM7B,gBAAgB,CAC7CiB,WAAW,CAACa,OAAO,EACnBZ,QAAQ,EACRQ,aAAa,EACbJ,uBACF,CAAC;EAEDvB,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAACkC,KAAK,EAAG,uBAAsBH,gBAAiB,EAAC,CAAC;;EAErE;EACA,MAAMI,4BAA4B,GAAGhB,WAAW,CAACiB,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACC,2BAA2B,KAC3BlB,oBAAoB,CAACkB,2BAA2B,IAClDD,CAAC,CAACE,MAAM,KAAKnB,oBAAoB,CAACmB,MAAM,IACxCF,CAAC,CAACG,IAAI,KAAKpB,oBAAoB,CAACoB,IACpC,CAAC;EAED,IAAI,CAACN,4BAA4B,EAAE;IACjClC,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAAC0C,KAAK,EACb,gEAA+DvB,WAAW,CAACiB,qBAAsB,EACpG,CAAC;IACD,MAAM,IAAIzC,gBAAgB,CAAC;MACzBgD,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;EACA,MAAMC,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBJ,IAAI,EAAE,CAACpB,oBAAoB,CAACkB,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEnB,oBAAoB,CAACmB,MAAM;IACnCM,KAAK,EAAE;MACLC,GAAG,EAAEhB,gBAAgB;MACrBiB,UAAU,EAAE;IACd;EACF,CAAC;EAED/C,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAACkC,KAAK,EACb,4BAA2Be,IAAI,CAACC,SAAS,CAACN,yBAAyB,CAAE,EACxE,CAAC;EAED,MAAMO,sBAAsB,GAAG,MAAMtD,eAAe,CAClD;IACEuD,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEzB,aAAa;IAClB0B,GAAG,EAAG,GAAEvD,MAAM,CAAC,CAAE,EAAC;IAClBwD,GAAG,EAAE,MAAMnE,cAAc,CAAC+B,WAAW,CAACqC,YAAY;EACpD,CAAC,EACD7B,iBACF,CAAC;EAED1B,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAACkC,KAAK,EAAG,uBAAsBiB,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,aAAa,GAAG,MAAMhC,QAAQ,CAACG,aAAa,EAAE;IAClD8B,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAET,sBAAsB;MAC5BU,aAAa,EAAG,GAAE1C,WAAW,CAAC2C,UAAW,IAAG3C,WAAW,CAACqC,YAAa,EAAC;MACtE,IAAIjC,aAAa,KAAK,WAAW,IAAI;QAAEA;MAAc,CAAC;IACxD,CAAC;IACDwC,IAAI,EAAEd,IAAI,CAACC,SAAS,CAACN,yBAAyB;EAChD,CAAC,CAAC,CACCoB,IAAI,CAAC1E,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3B0E,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAED,IAAI,IAAKnE,kBAAkB,CAACuE,SAAS,CAACJ,IAAI,CAAC,CAAC,CAClDK,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACZ,aAAa,CAACa,OAAO,EAAE;IAC1BrE,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAAC0C,KAAK,EACb,0CAAyCe,aAAa,CAACc,KAAK,CAAC5B,OAAQ,EACxE,CAAC;IACD,MAAM,IAAIhD,gBAAgB,CAAC;MACzBgD,OAAO,EAAE,uCAAuC;MAChD6B,MAAM,EAAEf,aAAa,CAACc,KAAK,CAAC5B;IAC9B,CAAC,CAAC;EACJ;EAEA1C,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAACkC,KAAK,EACb,wBAAuBe,IAAI,CAACC,SAAS,CAACO,aAAa,CAACgB,IAAI,CAAE,EAC7D,CAAC;EAED,OAAOhB,aAAa,CAACgB,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMJ,2BAA2B,GAAIK,CAAU,IAAK;EAClDzE,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAAC0C,KAAK,EAAG,8CAA6CgC,CAAE,EAAC,CAAC;EAE7E,IAAI,EAAEA,CAAC,YAAYhF,yBAAyB,CAAC,EAAE;IAC7C,MAAMgF,CAAC;EACT;EAEA,MAAM,IAAIjF,oBAAoB,CAACF,mBAAmB,CAAC,CAChDoF,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAEpF,wBAAwB,CAACqF,+BAA+B;IAC9DlC,OAAO,EACL;EACJ,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpF,wBAAwB,CAACsF,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpF,wBAAwB,CAACsF,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpF,wBAAwB,CAACuF,uBAAuB;IACtDpC,OAAO,EAAE;EACX,CAAC,CAAC,CACDqC,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}
1
+ {"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","NonceResponse","createDPopToken","v4","uuidv4","LogLevel","Logger","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","operationType","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credential_configuration_id","credential_identifier","credentialUrl","openid_credential_issuer","credential_endpoint","issuerUrl","oauth_authorization_server","nonceUrl","nonce_endpoint","c_nonce","method","headers","then","res","json","body","parse","signedNonceProof","log","DEBUG","containsCredentialDefinition","authorization_details","some","c","credential_identifiers","includes","ERROR","message","credentialRequestFormBody","proof","jwt","proof_type","JSON","stringify","tokenRequestSignedDPop","htm","htu","jti","ath","access_token","credentialRes","DPoP","Authorization","token_type","safeParse","catch","handleObtainCredentialError","success","error","reason","data","issuerCredentialConfig","credential_configurations_supported","credential","credentials","at","format","e","handle","code","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,EAAEC,aAAa,QAAQ,SAAS;AAC3D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAkBtD,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIpB,OAAO,CAACkB,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,EACPC,aAAa,KACV;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGL,OAAO;EACX,MAAM;IAAEM,2BAA2B;IAAEC;EAAsB,CAAC,GAC1DR,oBAAoB;EAEtB,MAAMS,aAAa,GAAGZ,UAAU,CAACa,wBAAwB,CAACC,mBAAmB;EAC7E,MAAMC,SAAS,GAAGf,UAAU,CAACgB,0BAA0B,CAAC9B,MAAM;EAC9D,MAAM+B,QAAQ,GAAGjB,UAAU,CAACa,wBAAwB,CAACK,cAAc;;EAEnE;EACA,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMZ,QAAQ,CAACU,QAAQ,EAAE;IAC3CG,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MAAE,cAAc,EAAE;IAAmB;EAChD,CAAC,CAAC,CACCC,IAAI,CAACnD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BmD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,IAAI,IAAK/C,aAAa,CAACgD,KAAK,CAACD,IAAI,CAAC,CAAC;;EAE5C;AACF;AACA;AACA;AACA;EACE,MAAME,gBAAgB,GAAG,MAAM3C,gBAAgB,CAC7CmC,OAAO,EACPjB,QAAQ,EACRa,SAAS,EACTT,uBACF,CAAC;EAEDvB,MAAM,CAAC6C,GAAG,CAAC9C,QAAQ,CAAC+C,KAAK,EAAG,uBAAsBF,gBAAiB,EAAC,CAAC;;EAErE;EACA,MAAMG,4BAA4B,GAAG7B,WAAW,CAAC8B,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACvB,2BAA2B,KAAKA,2BAA2B,KAC5DC,qBAAqB,GAClBsB,CAAC,CAACC,sBAAsB,CAACC,QAAQ,CAACxB,qBAAqB,CAAC,GACxD,IAAI,CACZ,CAAC;EAED,IAAI,CAACmB,4BAA4B,EAAE;IACjC/C,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAACsD,KAAK,EACb,gEAA+DnC,WAAW,CAAC8B,qBAAsB,EACpG,CAAC;IACD,MAAM,IAAIvD,gBAAgB,CAAC;MACzB6D,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;AACF;AACA;AACA;AACA;AACA;EACE,MAAMC,yBAAyB,GAAG3B,qBAAqB,GACnD;IACEA,qBAAqB,EAAEA,qBAAqB;IAC5C4B,KAAK,EAAE;MAAEC,GAAG,EAAEb,gBAAgB;MAAEc,UAAU,EAAE;IAAM;EACpD,CAAC,GACD;IACE/B,2BAA2B,EAAEA,2BAA2B;IACxD6B,KAAK,EAAE;MAAEC,GAAG,EAAEb,gBAAgB;MAAEc,UAAU,EAAE;IAAM;EACpD,CAAC;EAEL1D,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAAC+C,KAAK,EACb,4BAA2Ba,IAAI,CAACC,SAAS,CAACL,yBAAyB,CAAE,EACxE,CAAC;EAED,MAAMM,sBAAsB,GAAG,MAAMjE,eAAe,CAClD;IACEkE,GAAG,EAAE,MAAM;IACXC,GAAG,EAAElC,aAAa;IAClBmC,GAAG,EAAG,GAAElE,MAAM,CAAC,CAAE,EAAC;IAClBmE,GAAG,EAAE,MAAM/E,cAAc,CAACgC,WAAW,CAACgD,YAAY;EACpD,CAAC,EACDxC,iBACF,CAAC;EAED1B,MAAM,CAAC6C,GAAG,CAAC9C,QAAQ,CAAC+C,KAAK,EAAG,uBAAsBe,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,aAAa,GAAG,MAAM3C,QAAQ,CAACK,aAAa,EAAE;IAClDQ,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClC8B,IAAI,EAAEP,sBAAsB;MAC5BQ,aAAa,EAAG,GAAEnD,WAAW,CAACoD,UAAW,IAAGpD,WAAW,CAACgD,YAAa,EAAC;MACtE,IAAI5C,aAAa,KAAK,WAAW,IAAI;QAAEA;MAAc,CAAC;IACxD,CAAC;IACDoB,IAAI,EAAEiB,IAAI,CAACC,SAAS,CAACL,yBAAyB;EAChD,CAAC,CAAC,CACChB,IAAI,CAACnD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BmD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,IAAI,IAAKhD,kBAAkB,CAAC6E,SAAS,CAAC7B,IAAI,CAAC,CAAC,CAClD8B,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACN,aAAa,CAACO,OAAO,EAAE;IAC1B1E,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAACsD,KAAK,EACb,0CAAyCc,aAAa,CAACQ,KAAK,CAACrB,OAAQ,EACxE,CAAC;IACD,MAAM,IAAI7D,gBAAgB,CAAC;MACzB6D,OAAO,EAAE,uCAAuC;MAChDsB,MAAM,EAAET,aAAa,CAACQ,KAAK,CAACrB;IAC9B,CAAC,CAAC;EACJ;EAEAtD,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAAC+C,KAAK,EACb,wBAAuBa,IAAI,CAACC,SAAS,CAACO,aAAa,CAACU,IAAI,CAAE,EAC7D,CAAC;;EAED;EACA,MAAMC,sBAAsB,GAC1B7D,UAAU,CAACa,wBAAwB,CAACiD,mCAAmC,CACrEpD,2BAA2B,CAC5B;;EAEH;EACA,OAAO;IACLqD,UAAU,EAAEb,aAAa,CAACU,IAAI,CAACI,WAAW,CAACC,EAAE,CAAC,CAAC,CAAC,CAAEF,UAAU;IAC5DG,MAAM,EAAEL,sBAAsB,CAAEK;EAClC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMV,2BAA2B,GAAIW,CAAU,IAAK;EAClDpF,MAAM,CAAC6C,GAAG,CAAC9C,QAAQ,CAACsD,KAAK,EAAG,8CAA6C+B,CAAE,EAAC,CAAC;EAE7E,IAAI,EAAEA,CAAC,YAAY5F,yBAAyB,CAAC,EAAE;IAC7C,MAAM4F,CAAC;EACT;EAEA,MAAM,IAAI7F,oBAAoB,CAACF,mBAAmB,CAAC,CAChDgG,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAEhG,wBAAwB,CAACiG,+BAA+B;IAC9DjC,OAAO,EACL;EACJ,CAAC,CAAC,CACD+B,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEhG,wBAAwB,CAACkG,uBAAuB;IACtDlC,OAAO,EAAE;EACX,CAAC,CAAC,CACD+B,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEhG,wBAAwB,CAACkG,uBAAuB;IACtDlC,OAAO,EAAE;EACX,CAAC,CAAC,CACD+B,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEhG,wBAAwB,CAACmG,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDoC,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}