@pagopa/io-react-native-wallet 2.0.0-next.2 → 2.0.0-next.3

package/lib/module/credential/issuance/05-authorize-access.js.map

@@ -1 +1 @@
-{"version":3,"names":["hasStatusOrThrow","createDPopToken","v4","uuidv4","createPopToken","WalletInstanceAttestation","ASSERTION_TYPE","TokenResponse","IssuerResponseError","ValidationFailed","LogLevel","Logger","authorizeAccess","issuerConf","code","clientId","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","parEndpoint","oauth_authorization_server","pushed_authorization_request_endpoint","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","kid","tokenUrl","token_endpoint","tokenRequestSignedDPop","htm","htu","jti","log","DEBUG","signedWiaPoP","requestBody","grant_type","client_id","redirect_uri","code_verifier","client_assertion_type","client_assertion","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","res","json","safeParse","success","ERROR","error","message","reason","accessToken","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAG7D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,cAAc,QAAQ,iBAAiB;AAChD,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,cAAc,QAAQ,SAAS;AACxC,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAgBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,QAAQ,EACRC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,WAAW,GACfX,UAAU,CAACY,0BAA0B,CAACC,qCAAqC;EAC7E,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACJ,WAAW,CAAC;EACnC,MAAMK,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAG3B,yBAAyB,CAAC4B,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGzB,UAAU,CAACY,0BAA0B,CAACc,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAMvC,eAAe,CAClD;IACEwC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEJ,QAAQ;IACbK,GAAG,EAAG,GAAExC,MAAM,CAAC,CAAE;EACnB,CAAC,EACDoB,iBACF,CAAC;EAEDZ,MAAM,CAACiC,GAAG,CAAClC,QAAQ,CAACmC,KAAK,EAAG,uBAAsBL,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,YAAY,GAAG,MAAM1C,cAAc,CACvC;IACEuC,GAAG,EAAG,GAAExC,MAAM,CAAC,CAAE,EAAC;IAClB0B,GAAG;IACHG;EACF,CAAC,EACDV,gBACF,CAAC;EAEDX,MAAM,CAACiC,GAAG,CAAClC,QAAQ,CAACmC,KAAK,EAAG,mBAAkBC,YAAa,EAAC,CAAC;EAE7D,MAAMC,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCC,SAAS,EAAElC,QAAQ;IACnBD,IAAI;IACJoC,YAAY,EAAElC,WAAW;IACzBmC,aAAa,EAAElC,YAAY;IAC3BmC,qBAAqB,EAAE9C,cAAc;IACrC+C,gBAAgB,EAAEhC,yBAAyB,GAAG,GAAG,GAAGyB;EACtD,CAAC;EAED,MAAMQ,4BAA4B,GAAG,IAAIC,eAAe,CAACR,WAAW,CAAC;EAErEpC,MAAM,CAACiC,GAAG,CACRlC,QAAQ,CAACmC,KAAK,EACb,2BAA0BS,4BAA6B,EAC1D,CAAC;EAED,MAAME,QAAQ,GAAG,MAAMrC,QAAQ,CAACmB,QAAQ,EAAE;IACxCmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEnB;IACR,CAAC;IACDoB,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAAC9D,gBAAgB,CAAC,GAAG,EAAEQ,mBAAmB,CAAC,CAAC,CAChDsD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,IAAKrD,aAAa,CAAC0D,SAAS,CAACL,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACU,OAAO,EAAE;IACrBvD,MAAM,CAACiC,GAAG,CACRlC,QAAQ,CAACyD,KAAK,EACb,qCAAoCX,QAAQ,CAACY,KAAK,CAACC,OAAQ,EAC9D,CAAC;IAED,MAAM,IAAI5D,gBAAgB,CAAC;MACzB4D,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEd,QAAQ,CAACY,KAAK,CAACC;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEE,WAAW,EAAEf,QAAQ,CAACgB;EAAK,CAAC;AACvC,CAAC"}
+{"version":3,"names":["hasStatusOrThrow","createDPopToken","v4","uuidv4","createPopToken","WalletInstanceAttestation","TokenResponse","IssuerResponseError","ValidationFailed","LogLevel","Logger","authorizeAccess","issuerConf","code","_","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","aud","openid_credential_issuer","credential_issuer","iss","decode","payload","cnf","jwk","kid","tokenUrl","oauth_authorization_server","token_endpoint","tokenRequestSignedDPop","htm","htu","jti","log","DEBUG","signedWiaPoP","requestBody","grant_type","code_verifier","redirect_uri","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","res","json","safeParse","success","ERROR","error","message","reason","accessToken","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAG7D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,cAAc,QAAQ,iBAAiB;AAChD,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAgBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,CAAC,EACDC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EACX,MAAMM,GAAG,GAAGX,UAAU,CAACY,wBAAwB,CAACC,iBAAiB;EACjE,MAAMC,GAAG,GAAGrB,yBAAyB,CAACsB,MAAM,CAACP,yBAAyB,CAAC,CACpEQ,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGpB,UAAU,CAACqB,0BAA0B,CAACC,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAMlC,eAAe,CAClD;IACEmC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEL,QAAQ;IACbM,GAAG,EAAG,GAAEnC,MAAM,CAAC,CAAE;EACnB,CAAC,EACDmB,iBACF,CAAC;EAEDZ,MAAM,CAAC6B,GAAG,CAAC9B,QAAQ,CAAC+B,KAAK,EAAG,uBAAsBL,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,YAAY,GAAG,MAAMrC,cAAc,CACvC;IACEkC,GAAG,EAAG,GAAEnC,MAAM,CAAC,CAAE,EAAC;IAClBoB,GAAG;IACHG;EACF,CAAC,EACDL,gBACF,CAAC;EAEDX,MAAM,CAAC6B,GAAG,CAAC9B,QAAQ,CAAC+B,KAAK,EAAG,mBAAkBC,YAAa,EAAC,CAAC;EAE7D,MAAMC,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChC9B,IAAI;IACJ+B,aAAa,EAAE5B,YAAY;IAC3B6B,YAAY,EAAE9B;EAChB,CAAC;EAED,MAAM+B,4BAA4B,GAAG,IAAIC,eAAe,CAACL,WAAW,CAAC;EAErEhC,MAAM,CAAC6B,GAAG,CACR9B,QAAQ,CAAC+B,KAAK,EACb,2BAA0BM,4BAA6B,EAC1D,CAAC;EAED,MAAME,QAAQ,GAAG,MAAM9B,QAAQ,CAACc,QAAQ,EAAE;IACxCiB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEhB,sBAAsB;MAC5B,0BAA0B,EAAEf,yBAAyB;MACrD,8BAA8B,EAAEqB;IAClC,CAAC;IACDW,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAACtD,gBAAgB,CAAC,GAAG,EAAEO,mBAAmB,CAAC,CAAC,CAChD+C,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,IAAK9C,aAAa,CAACmD,SAAS,CAACL,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACU,OAAO,EAAE;IACrBhD,MAAM,CAAC6B,GAAG,CACR9B,QAAQ,CAACkD,KAAK,EACb,qCAAoCX,QAAQ,CAACY,KAAK,CAACC,OAAQ,EAC9D,CAAC;IAED,MAAM,IAAIrD,gBAAgB,CAAC;MACzBqD,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEd,QAAQ,CAACY,KAAK,CAACC;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEE,WAAW,EAAEf,QAAQ,CAACgB;EAAK,CAAC;AACvC,CAAC"}

package/lib/module/credential/issuance/06-obtain-credential.js

@@ -1,7 +1,7 @@
 import { sha256ToBase64, SignJWT } from "@pagopa/io-react-native-jwt";
 import { hasStatusOrThrow } from "../../utils/misc";
 import { IssuerResponseError, IssuerResponseErrorCodes, ResponseErrorBuilder, UnexpectedStatusCodeError, ValidationFailed } from "../../utils/errors";
-import { CredentialResponse } from "./types";
+import { CredentialResponse, NonceResponse } from "./types";
 import { createDPopToken } from "../../utils/dpop";
 import { v4 as uuidv4 } from "uuid";
 import { LogLevel, Logger } from "../../utils/logging";
@@ -24,11 +24,11 @@ export const createNonceProof = async (nonce, issuer, audience, ctx) => {
  * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
  * @param accessToken The access token response returned by {@link authorizeAccess}
  * @param clientId The client id returned by {@link startUserAuthorization}
- * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link startUserAuthorization}
- * @param tokenRequestSignedDPop The DPoP signed token request returned by {@link authorizeAccess}
+ * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link authorizeAccess}
  * @param context.credentialCryptoContext The crypto context used to obtain the credential
  * @param context.dPopCryptoContext The DPoP crypto context
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @param operationType Specify the type of credential issuance (used for reissuing)
  * @returns The credential response containing the credential
  */
 export const obtainCredential = async (issuerConf, accessToken, clientId, credentialDefinition, context, operationType) => {
@@ -37,18 +37,34 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
     appFetch = fetch,
     dPopCryptoContext
   } = context;
+  const {
+    credential_configuration_id,
+    credential_identifier
+  } = credentialDefinition;
   const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
+  const issuerUrl = issuerConf.oauth_authorization_server.issuer;
+  const nonceUrl = issuerConf.openid_credential_issuer.nonce_endpoint;
+
+  // Fetch the nonce from the Credential Issuer
+  const {
+    c_nonce
+  } = await appFetch(nonceUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    }
+  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(body => NonceResponse.parse(body));
 
   /**
    * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
    * This is presented along with the access token to the Credential Endpoint as proof of possession of the private key used to sign the Access Token.
    * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
    */
-  const signedNonceProof = await createNonceProof(accessToken.c_nonce, clientId, credentialUrl, credentialCryptoContext);
+  const signedNonceProof = await createNonceProof(c_nonce, clientId, issuerUrl, credentialCryptoContext);
   Logger.log(LogLevel.DEBUG, `Signed nonce proof: ${signedNonceProof}`);
 
   // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
-  const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credentialDefinition.credential_configuration_id && c.format === credentialDefinition.format && c.type === credentialDefinition.type);
+  const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credential_configuration_id && (credential_identifier ? c.credential_identifiers.includes(credential_identifier) : true));
   if (!containsCredentialDefinition) {
     Logger.log(LogLevel.ERROR, `Credential definition not found in the access token response ${accessToken.authorization_details}`);
     throw new ValidationFailed({
@@ -56,12 +72,20 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
     });
   }
 
-  /** The credential request body */
-  const credentialRequestFormBody = {
-    credential_definition: {
-      type: [credentialDefinition.credential_configuration_id]
-    },
-    format: credentialDefinition.format,
+  /**
+   * The credential request body.
+   * We accept both `credential_identifier` (recommended) and `credential_configuration_id`
+   * when the Authorization Server does not support `credential_identifier`.
+   * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#section-3.3.4
+   */
+  const credentialRequestFormBody = credential_identifier ? {
+    credential_identifier: credential_identifier,
+    proof: {
+      jwt: signedNonceProof,
+      proof_type: "jwt"
+    }
+  } : {
+    credential_configuration_id: credential_configuration_id,
     proof: {
       jwt: signedNonceProof,
       proof_type: "jwt"
@@ -95,7 +119,15 @@ export const obtainCredential = async (issuerConf, accessToken, clientId, creden
     });
   }
   Logger.log(LogLevel.DEBUG, `Credential Response: ${JSON.stringify(credentialRes.data)}`);
-  return credentialRes.data;
+
+  // Extract the format corresponding to the credential_configuration_id used
+  const issuerCredentialConfig = issuerConf.openid_credential_issuer.credential_configurations_supported[credential_configuration_id];
+
+  // TODO: [SIW-2264] Handle multiple credentials
+  return {
+    credential: credentialRes.data.credentials.at(0).credential,
+    format: issuerCredentialConfig.format
+  };
 };
 
 /**

package/lib/module/credential/issuance/06-obtain-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","createDPopToken","v4","uuidv4","LogLevel","Logger","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","operationType","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credentialUrl","openid_credential_issuer","credential_endpoint","signedNonceProof","c_nonce","log","DEBUG","containsCredentialDefinition","authorization_details","some","c","credential_configuration_id","format","type","ERROR","message","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","JSON","stringify","tokenRequestSignedDPop","htm","htu","jti","ath","access_token","credentialRes","method","headers","DPoP","Authorization","token_type","body","then","res","json","safeParse","catch","handleObtainCredentialError","success","error","reason","data","e","handle","code","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,QAAQ,SAAS;AAC5C,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAetD,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAInB,OAAO,CAACiB,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,EACPC,aAAa,KACV;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,aAAa,GAAGV,UAAU,CAACW,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM7B,gBAAgB,CAC7CiB,WAAW,CAACa,OAAO,EACnBZ,QAAQ,EACRQ,aAAa,EACbJ,uBACF,CAAC;EAEDvB,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAACkC,KAAK,EAAG,uBAAsBH,gBAAiB,EAAC,CAAC;;EAErE;EACA,MAAMI,4BAA4B,GAAGhB,WAAW,CAACiB,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACC,2BAA2B,KAC3BlB,oBAAoB,CAACkB,2BAA2B,IAClDD,CAAC,CAACE,MAAM,KAAKnB,oBAAoB,CAACmB,MAAM,IACxCF,CAAC,CAACG,IAAI,KAAKpB,oBAAoB,CAACoB,IACpC,CAAC;EAED,IAAI,CAACN,4BAA4B,EAAE;IACjClC,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAAC0C,KAAK,EACb,gEAA+DvB,WAAW,CAACiB,qBAAsB,EACpG,CAAC;IACD,MAAM,IAAIzC,gBAAgB,CAAC;MACzBgD,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;EACA,MAAMC,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBJ,IAAI,EAAE,CAACpB,oBAAoB,CAACkB,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEnB,oBAAoB,CAACmB,MAAM;IACnCM,KAAK,EAAE;MACLC,GAAG,EAAEhB,gBAAgB;MACrBiB,UAAU,EAAE;IACd;EACF,CAAC;EAED/C,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAACkC,KAAK,EACb,4BAA2Be,IAAI,CAACC,SAAS,CAACN,yBAAyB,CAAE,EACxE,CAAC;EAED,MAAMO,sBAAsB,GAAG,MAAMtD,eAAe,CAClD;IACEuD,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEzB,aAAa;IAClB0B,GAAG,EAAG,GAAEvD,MAAM,CAAC,CAAE,EAAC;IAClBwD,GAAG,EAAE,MAAMnE,cAAc,CAAC+B,WAAW,CAACqC,YAAY;EACpD,CAAC,EACD7B,iBACF,CAAC;EAED1B,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAACkC,KAAK,EAAG,uBAAsBiB,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,aAAa,GAAG,MAAMhC,QAAQ,CAACG,aAAa,EAAE;IAClD8B,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAET,sBAAsB;MAC5BU,aAAa,EAAG,GAAE1C,WAAW,CAAC2C,UAAW,IAAG3C,WAAW,CAACqC,YAAa,EAAC;MACtE,IAAIjC,aAAa,KAAK,WAAW,IAAI;QAAEA;MAAc,CAAC;IACxD,CAAC;IACDwC,IAAI,EAAEd,IAAI,CAACC,SAAS,CAACN,yBAAyB;EAChD,CAAC,CAAC,CACCoB,IAAI,CAAC1E,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3B0E,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAED,IAAI,IAAKnE,kBAAkB,CAACuE,SAAS,CAACJ,IAAI,CAAC,CAAC,CAClDK,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACZ,aAAa,CAACa,OAAO,EAAE;IAC1BrE,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAAC0C,KAAK,EACb,0CAAyCe,aAAa,CAACc,KAAK,CAAC5B,OAAQ,EACxE,CAAC;IACD,MAAM,IAAIhD,gBAAgB,CAAC;MACzBgD,OAAO,EAAE,uCAAuC;MAChD6B,MAAM,EAAEf,aAAa,CAACc,KAAK,CAAC5B;IAC9B,CAAC,CAAC;EACJ;EAEA1C,MAAM,CAACgC,GAAG,CACRjC,QAAQ,CAACkC,KAAK,EACb,wBAAuBe,IAAI,CAACC,SAAS,CAACO,aAAa,CAACgB,IAAI,CAAE,EAC7D,CAAC;EAED,OAAOhB,aAAa,CAACgB,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMJ,2BAA2B,GAAIK,CAAU,IAAK;EAClDzE,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAAC0C,KAAK,EAAG,8CAA6CgC,CAAE,EAAC,CAAC;EAE7E,IAAI,EAAEA,CAAC,YAAYhF,yBAAyB,CAAC,EAAE;IAC7C,MAAMgF,CAAC;EACT;EAEA,MAAM,IAAIjF,oBAAoB,CAACF,mBAAmB,CAAC,CAChDoF,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAEpF,wBAAwB,CAACqF,+BAA+B;IAC9DlC,OAAO,EACL;EACJ,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpF,wBAAwB,CAACsF,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpF,wBAAwB,CAACsF,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDgC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpF,wBAAwB,CAACuF,uBAAuB;IACtDpC,OAAO,EAAE;EACX,CAAC,CAAC,CACDqC,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}
+{"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","NonceResponse","createDPopToken","v4","uuidv4","LogLevel","Logger","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","operationType","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credential_configuration_id","credential_identifier","credentialUrl","openid_credential_issuer","credential_endpoint","issuerUrl","oauth_authorization_server","nonceUrl","nonce_endpoint","c_nonce","method","headers","then","res","json","body","parse","signedNonceProof","log","DEBUG","containsCredentialDefinition","authorization_details","some","c","credential_identifiers","includes","ERROR","message","credentialRequestFormBody","proof","jwt","proof_type","JSON","stringify","tokenRequestSignedDPop","htm","htu","jti","ath","access_token","credentialRes","DPoP","Authorization","token_type","safeParse","catch","handleObtainCredentialError","success","error","reason","data","issuerCredentialConfig","credential_configurations_supported","credential","credentials","at","format","e","handle","code","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,EAAEC,aAAa,QAAQ,SAAS;AAC3D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAkBtD,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIpB,OAAO,CAACkB,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,EACPC,aAAa,KACV;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGL,OAAO;EACX,MAAM;IAAEM,2BAA2B;IAAEC;EAAsB,CAAC,GAC1DR,oBAAoB;EAEtB,MAAMS,aAAa,GAAGZ,UAAU,CAACa,wBAAwB,CAACC,mBAAmB;EAC7E,MAAMC,SAAS,GAAGf,UAAU,CAACgB,0BAA0B,CAAC9B,MAAM;EAC9D,MAAM+B,QAAQ,GAAGjB,UAAU,CAACa,wBAAwB,CAACK,cAAc;;EAEnE;EACA,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMZ,QAAQ,CAACU,QAAQ,EAAE;IAC3CG,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MAAE,cAAc,EAAE;IAAmB;EAChD,CAAC,CAAC,CACCC,IAAI,CAACnD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BmD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,IAAI,IAAK/C,aAAa,CAACgD,KAAK,CAACD,IAAI,CAAC,CAAC;;EAE5C;AACF;AACA;AACA;AACA;EACE,MAAME,gBAAgB,GAAG,MAAM3C,gBAAgB,CAC7CmC,OAAO,EACPjB,QAAQ,EACRa,SAAS,EACTT,uBACF,CAAC;EAEDvB,MAAM,CAAC6C,GAAG,CAAC9C,QAAQ,CAAC+C,KAAK,EAAG,uBAAsBF,gBAAiB,EAAC,CAAC;;EAErE;EACA,MAAMG,4BAA4B,GAAG7B,WAAW,CAAC8B,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACvB,2BAA2B,KAAKA,2BAA2B,KAC5DC,qBAAqB,GAClBsB,CAAC,CAACC,sBAAsB,CAACC,QAAQ,CAACxB,qBAAqB,CAAC,GACxD,IAAI,CACZ,CAAC;EAED,IAAI,CAACmB,4BAA4B,EAAE;IACjC/C,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAACsD,KAAK,EACb,gEAA+DnC,WAAW,CAAC8B,qBAAsB,EACpG,CAAC;IACD,MAAM,IAAIvD,gBAAgB,CAAC;MACzB6D,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;AACF;AACA;AACA;AACA;AACA;EACE,MAAMC,yBAAyB,GAAG3B,qBAAqB,GACnD;IACEA,qBAAqB,EAAEA,qBAAqB;IAC5C4B,KAAK,EAAE;MAAEC,GAAG,EAAEb,gBAAgB;MAAEc,UAAU,EAAE;IAAM;EACpD,CAAC,GACD;IACE/B,2BAA2B,EAAEA,2BAA2B;IACxD6B,KAAK,EAAE;MAAEC,GAAG,EAAEb,gBAAgB;MAAEc,UAAU,EAAE;IAAM;EACpD,CAAC;EAEL1D,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAAC+C,KAAK,EACb,4BAA2Ba,IAAI,CAACC,SAAS,CAACL,yBAAyB,CAAE,EACxE,CAAC;EAED,MAAMM,sBAAsB,GAAG,MAAMjE,eAAe,CAClD;IACEkE,GAAG,EAAE,MAAM;IACXC,GAAG,EAAElC,aAAa;IAClBmC,GAAG,EAAG,GAAElE,MAAM,CAAC,CAAE,EAAC;IAClBmE,GAAG,EAAE,MAAM/E,cAAc,CAACgC,WAAW,CAACgD,YAAY;EACpD,CAAC,EACDxC,iBACF,CAAC;EAED1B,MAAM,CAAC6C,GAAG,CAAC9C,QAAQ,CAAC+C,KAAK,EAAG,uBAAsBe,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,aAAa,GAAG,MAAM3C,QAAQ,CAACK,aAAa,EAAE;IAClDQ,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClC8B,IAAI,EAAEP,sBAAsB;MAC5BQ,aAAa,EAAG,GAAEnD,WAAW,CAACoD,UAAW,IAAGpD,WAAW,CAACgD,YAAa,EAAC;MACtE,IAAI5C,aAAa,KAAK,WAAW,IAAI;QAAEA;MAAc,CAAC;IACxD,CAAC;IACDoB,IAAI,EAAEiB,IAAI,CAACC,SAAS,CAACL,yBAAyB;EAChD,CAAC,CAAC,CACChB,IAAI,CAACnD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BmD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,IAAI,IAAKhD,kBAAkB,CAAC6E,SAAS,CAAC7B,IAAI,CAAC,CAAC,CAClD8B,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACN,aAAa,CAACO,OAAO,EAAE;IAC1B1E,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAACsD,KAAK,EACb,0CAAyCc,aAAa,CAACQ,KAAK,CAACrB,OAAQ,EACxE,CAAC;IACD,MAAM,IAAI7D,gBAAgB,CAAC;MACzB6D,OAAO,EAAE,uCAAuC;MAChDsB,MAAM,EAAET,aAAa,CAACQ,KAAK,CAACrB;IAC9B,CAAC,CAAC;EACJ;EAEAtD,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAAC+C,KAAK,EACb,wBAAuBa,IAAI,CAACC,SAAS,CAACO,aAAa,CAACU,IAAI,CAAE,EAC7D,CAAC;;EAED;EACA,MAAMC,sBAAsB,GAC1B7D,UAAU,CAACa,wBAAwB,CAACiD,mCAAmC,CACrEpD,2BAA2B,CAC5B;;EAEH;EACA,OAAO;IACLqD,UAAU,EAAEb,aAAa,CAACU,IAAI,CAACI,WAAW,CAACC,EAAE,CAAC,CAAC,CAAC,CAAEF,UAAU;IAC5DG,MAAM,EAAEL,sBAAsB,CAAEK;EAClC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMV,2BAA2B,GAAIW,CAAU,IAAK;EAClDpF,MAAM,CAAC6C,GAAG,CAAC9C,QAAQ,CAACsD,KAAK,EAAG,8CAA6C+B,CAAE,EAAC,CAAC;EAE7E,IAAI,EAAEA,CAAC,YAAY5F,yBAAyB,CAAC,EAAE;IAC7C,MAAM4F,CAAC;EACT;EAEA,MAAM,IAAI7F,oBAAoB,CAACF,mBAAmB,CAAC,CAChDgG,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAEhG,wBAAwB,CAACiG,+BAA+B;IAC9DjC,OAAO,EACL;EACJ,CAAC,CAAC,CACD+B,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEhG,wBAAwB,CAACkG,uBAAuB;IACtDlC,OAAO,EAAE;EACX,CAAC,CAAC,CACD+B,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEhG,wBAAwB,CAACkG,uBAAuB;IACtDlC,OAAO,EAAE;EACX,CAAC,CAAC,CACD+B,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEhG,wBAAwB,CAACmG,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDoC,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/credential/issuance/07-verify-and-parse-credential.js

@@ -8,45 +8,39 @@ import { LogLevel, Logger } from "../../utils/logging";
 
 // handy alias
 
-const parseCredentialSdJwt = function (credentials_supported, _ref) {
+const parseCredentialSdJwt = function (credentialConfig, _ref) {
   let {
     sdJwt,
     disclosures
   } = _ref;
   let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
   let includeUndefinedAttributes = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
-  const credentialSubject = credentials_supported[sdJwt.payload.vct];
-  if (!credentialSubject) {
-    Logger.log(LogLevel.ERROR, `Credential type not supported by the issuer: ${sdJwt.payload.vct}`);
-    throw new IoWalletError("Credential type not supported by the issuer");
-  }
-  if (credentialSubject.format !== sdJwt.header.typ) {
-    Logger.log(LogLevel.ERROR, `Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}'`);
-    throw new IoWalletError(`Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}', `);
+  if (credentialConfig.format !== sdJwt.header.typ) {
+    const message = `Received credential is of an unknwown type. Expected one of [${credentialConfig.format}], received '${sdJwt.header.typ}'`;
+    Logger.log(LogLevel.ERROR, message);
+    throw new IoWalletError(message);
   }
-
-  // transfrom a record { key: value } in an iterable of pairs [key, value]
-  if (!credentialSubject.claims) {
+  if (!credentialConfig.claims) {
     Logger.log(LogLevel.ERROR, "Missing claims in the credential subject");
     throw new IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
   }
 
-  const attrDefinitions = Object.entries(credentialSubject.claims);
+  const attrDefinitions = credentialConfig.claims;
 
   // the key of the attribute defintion must match the disclosure's name
-  const attrsNotInDisclosures = attrDefinitions.filter(_ref2 => {
-    let [attrKey] = _ref2;
-    return !disclosures.some(_ref3 => {
-      let [, name] = _ref3;
-      return name === attrKey;
-    });
-  });
+  const attrsNotInDisclosures = attrDefinitions.filter(definition => !disclosures.some(_ref2 => {
+    let [, name] = _ref2;
+    return name === definition.path[0];
+  }) // Ignore nested paths for now, see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#name-claims-path-pointer
+  );
+
   if (attrsNotInDisclosures.length > 0) {
-    const missing = attrsNotInDisclosures.map(_ => _[0 /* key */]).join(", ");
+    const missing = attrsNotInDisclosures.map(_ => _.path[0]).join(", ");
     const received = disclosures.map(_ => _[1 /* name */]).join(", ");
     if (!ignoreMissingAttributes) {
-      Logger.log(LogLevel.ERROR, `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
-      throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
+      const message = `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`;
+      Logger.log(LogLevel.ERROR, message);
+      throw new IoWalletError(message);
     }
   }
 
@@ -54,28 +48,31 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
   // and are present in the disclosure set
   const definedValues = Object.fromEntries(attrDefinitions
   // retrieve the value from the disclosure set
-  .map(_ref4 => {
+  .map(_ref3 => {
     var _disclosures$find;
-    let [attrKey, definition] = _ref4;
-    return [attrKey, {
+    let {
+      path,
+      ...definition
+    } = _ref3;
+    return [path[0], {
       ...definition,
-      value: (_disclosures$find = disclosures.find(_ => _[1 /* name */] === attrKey)) === null || _disclosures$find === void 0 ? void 0 : _disclosures$find[2 /* value */]
+      value: (_disclosures$find = disclosures.find(_ => _[1 /* name */] === path[0])) === null || _disclosures$find === void 0 ? void 0 : _disclosures$find[2 /* value */]
     }];
   })
   // add a human readable attribute name, with i18n, in the form { locale: name }
   // example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
-  .map(_ref5 => {
+  .map(_ref4 => {
     let [attrKey, {
       display,
       ...definition
-    }] = _ref5;
+    }] = _ref4;
     return [attrKey, {
       ...definition,
-      name: display.reduce((names, _ref6) => {
+      name: display.reduce((names, _ref5) => {
         let {
           locale,
           name
-        } = _ref6;
+        } = _ref5;
         return {
           ...names,
           [locale]: name
@@ -86,8 +83,8 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
   if (includeUndefinedAttributes) {
     // attributes that are in the disclosure set
     // but are not defined in the issuer configuration
-    const undefinedValues = Object.fromEntries(disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
-      let [, key, value] = _ref7;
+    const undefinedValues = Object.fromEntries(disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref6 => {
+      let [, key, value] = _ref6;
       return [key, {
         value,
         name: key
@@ -124,23 +121,26 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
     cnf
   } = decodedCredential.sdJwt.payload;
   if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
-    Logger.log(LogLevel.ERROR, `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
-    throw new IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
+    const message = `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`;
+    Logger.log(LogLevel.ERROR, message);
+    throw new IoWalletError(message);
   }
   return decodedCredential;
 }
-
-// utility type that specialize VerifyAndParseCredential for given format
-
-const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) => {
+const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref7) => {
   let {
     credentialCryptoContext,
     ignoreMissingAttributes,
     includeUndefinedAttributes
-  } = _ref8;
+  } = _ref7;
   const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
   Logger.log(LogLevel.DEBUG, `Decoded credential: ${JSON.stringify(decoded)}`);
-  const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credential_configurations_supported, decoded, ignoreMissingAttributes, includeUndefinedAttributes);
+  const credentialConfig = issuerConf.openid_credential_issuer.credential_configurations_supported[credentialConfigurationId];
+  if (!credentialConfig) {
+    Logger.log(LogLevel.ERROR, `Credential type not supported by the issuer: ${credentialConfigurationId}`);
+    throw new IoWalletError("Credential type not supported by the issuer");
+  }
+  const parsedCredential = parseCredentialSdJwt(credentialConfig, decoded, ignoreMissingAttributes, includeUndefinedAttributes);
   const maybeIssuedAt = getValueFromDisclosures(decoded.disclosures, "iat");
   Logger.log(LogLevel.DEBUG, `Parsed credential: ${JSON.stringify(parsedCredential)}\nIssued at: ${maybeIssuedAt}`);
   return {
@@ -154,7 +154,7 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
  * Verify and parse an encoded credential.
  * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
  * @param credential The encoded credential returned by {@link obtainCredential}
- * @param format The format of the credentual returned by {@link obtainCredential}
+ * @param credentialConfigurationId The credential configuration ID that defines the provided credential
  * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
  * @param context.ignoreMissingAttributes Skip error when attributes declared in the issuer configuration are not found within disclosures
  * @param context.includeUndefinedAttributes Include attributes not explicitly declared in the issuer configuration
@@ -163,12 +163,15 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
  * @throws {IoWalletError} If the credential is not bound to the provided user key
  * @throws {IoWalletError} If the credential data fail to parse
  */
-export const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
-  if (format === "vc+sd-jwt") {
-    Logger.log(LogLevel.DEBUG, "Parsing credential in vc+sd-jwt format");
-    return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
+export const verifyAndParseCredential = async (issuerConf, credential, credentialConfigurationId, context) => {
+  var _issuerConf$openid_cr;
+  const format = (_issuerConf$openid_cr = issuerConf.openid_credential_issuer.credential_configurations_supported[credentialConfigurationId]) === null || _issuerConf$openid_cr === void 0 ? void 0 : _issuerConf$openid_cr.format;
+  if (format === "dc+sd-jwt") {
+    Logger.log(LogLevel.DEBUG, "Parsing credential in dc+sd-jwt format");
+    return verifyAndParseCredentialSdJwt(issuerConf, credential, credentialConfigurationId, context);
   }
-  Logger.log(LogLevel.ERROR, `Unsupported credential format: ${format}`);
-  throw new IoWalletError(`Unsupported credential format: ${format}`);
+  const message = `Unsupported credential format: ${format}`;
+  Logger.log(LogLevel.ERROR, message);
+  throw new IoWalletError(message);
 };
 //# sourceMappingURL=07-verify-and-parse-credential.js.map

package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","getValueFromDisclosures","LogLevel","Logger","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","credentialSubject","payload","vct","log","ERROR","format","header","typ","claims","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","DEBUG","JSON","stringify","parsedCredential","credential_configurations_supported","maybeIssuedAt","expiration","Date","exp","issuedAt","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;AACpD,SAASC,uBAAuB,QAAQ,yBAAyB;AAGjE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;;AAuBtD;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAgI,EAAAC,IAAA,EAI3G;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,iBAAiB,GAAGT,qBAAqB,CAACE,KAAK,CAACQ,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtBX,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,gDAA+CX,KAAK,CAACQ,OAAO,CAACC,GAAI,EACpE,CAAC;IACD,MAAM,IAAInB,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIiB,iBAAiB,CAACK,MAAM,KAAKZ,KAAK,CAACa,MAAM,CAACC,GAAG,EAAE;IACjDlB,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,gEAA+DJ,iBAAiB,CAACK,MAAO,gBAAeZ,KAAK,CAACa,MAAM,CAACC,GAAI,GAC3H,CAAC;IACD,MAAM,IAAIxB,aAAa,CACpB,gEAA+DiB,iBAAiB,CAACK,MAAO,gBAAeZ,KAAK,CAACa,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,IAAI,CAACP,iBAAiB,CAACQ,MAAM,EAAE;IAC7BnB,MAAM,CAACc,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAE,0CAA0C,CAAC;IACtE,MAAM,IAAIrB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAM0B,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACX,iBAAiB,CAACQ,MAAM,CAAC;;EAEhE;EACA,MAAMI,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAACpB,WAAW,CAACsB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACf,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMsB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAG7B,WAAW,CAAC0B,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAAC3B,uBAAuB,EAAE;MAC5BN,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,4DAA2De,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;MACD,MAAM,IAAIxC,aAAa,CACpB,4DAA2DoC,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd,MAAM,CAACe,WAAW,CACtChB;EACE;EAAA,CACCW,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACZ,OAAO,EAAEa,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEX,OAAO,EACP;MACE,GAAGa,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEjC,WAAW,CAACoC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKN,OAC7B,CAAC,cAAAY,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAAChB,OAAO,EAAE;MAAEiB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEhB,OAAO,EACP;MACE,GAAGa,UAAU;MACbV,IAAI,EAAEc,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAElB;QAAK,CAAC,GAAAiB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGlB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAInB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMsC,eAAe,GAAG3B,MAAM,CAACe,WAAW,CACxC/B,WAAW,CACRmB,MAAM,CAAEQ,CAAC,IAAK,CAACX,MAAM,CAAC4B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEZ,KAAK;QAAEX,IAAI,EAAEuB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGjB,aAAa;MAChB,GAAGa;IACL,CAAC;EACH;EAEA,OAAOb,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAekB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB/D,WAAW,CAACyD,aAAa,EAAEC,UAAU,EAAE5D,QAAQ,CAAC,EAChD6D,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACrD,KAAK,CAACQ,OAAO;EAE/C,IAAI,CAACkD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxDhE,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,kDAAiD2C,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACrD,KAAK,CAACQ,OAAO,CAACkD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;IACD,MAAM,IAAItE,aAAa,CACpB,kDAAiDgE,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACrD,KAAK,CAACQ,OAAO,CAACkD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVnC,CAAC,EAAAoC,KAAA,KAME;EAAA,IALH;IACEC,uBAAuB;IACvB/D,uBAAuB;IACvBI;EACF,CAAC,GAAA0D,KAAA;EAED,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACvB,IAAI,EAC7CoB,uBACF,CAAC;EAEDrE,MAAM,CAACc,GAAG,CAACf,QAAQ,CAAC0E,KAAK,EAAG,uBAAsBC,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EAAC,CAAC;EAE5E,MAAMM,gBAAgB,GAAG3E,oBAAoB,CAC3CiE,UAAU,CAACK,wBAAwB,CAACM,mCAAmC,EACvEP,OAAO,EACPhE,uBAAuB,EACvBI,0BACF,CAAC;EACD,MAAMoE,aAAa,GAAGhF,uBAAuB,CAACwE,OAAO,CAACjE,WAAW,EAAE,KAAK,CAAC;EAEzEL,MAAM,CAACc,GAAG,CACRf,QAAQ,CAAC0E,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACC,gBAAgB,CAAE,gBAAeE,aAAc,EACtF,CAAC;EAED,OAAO;IACLF,gBAAgB;IAChBG,UAAU,EAAE,IAAIC,IAAI,CAACV,OAAO,CAAClE,KAAK,CAACQ,OAAO,CAACqE,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOJ,aAAa,KAAK,QAAQ,GAC7B,IAAIE,IAAI,CAACF,aAAa,GAAG,IAAI,CAAC,GAC9BrE;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM0E,wBAAkD,GAAG,MAAAA,CAChEjB,UAAU,EACVC,UAAU,EACVnD,MAAM,EACNoE,OAAO,KACJ;EACH,IAAIpE,MAAM,KAAK,WAAW,EAAE;IAC1BhB,MAAM,CAACc,GAAG,CAACf,QAAQ,CAAC0E,KAAK,EAAE,wCAAwC,CAAC;IACpE,OAAOR,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVnD,MAAM,EACNoE,OACF,CAAC;EACH;EAEApF,MAAM,CAACc,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAG,kCAAiCC,MAAO,EAAC,CAAC;EACtE,MAAM,IAAItB,aAAa,CAAE,kCAAiCsB,MAAO,EAAC,CAAC;AACrE,CAAC"}
+{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","getValueFromDisclosures","LogLevel","Logger","parseCredentialSdJwt","credentialConfig","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","format","header","typ","message","log","ERROR","claims","attrDefinitions","attrsNotInDisclosures","filter","definition","some","_ref2","name","path","missing","map","_","join","received","definedValues","Object","fromEntries","_ref3","_disclosures$find","value","find","_ref4","attrKey","display","reduce","names","_ref5","locale","undefinedValues","keys","includes","_ref6","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","payload","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref7","credentialCryptoContext","decoded","openid_credential_issuer","jwks","DEBUG","JSON","stringify","credential_configurations_supported","parsedCredential","maybeIssuedAt","expiration","Date","exp","issuedAt","verifyAndParseCredential","context","_issuerConf$openid_cr"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;AACpD,SAASC,uBAAuB,QAAQ,yBAAyB;AAGjE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;;AA2BtD;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,gBAAgC,EAAAC,IAAA,EAIX;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,IAAIL,gBAAgB,CAACS,MAAM,KAAKP,KAAK,CAACQ,MAAM,CAACC,GAAG,EAAE;IAChD,MAAMC,OAAO,GAAI,gEAA+DZ,gBAAgB,CAACS,MAAO,gBAAeP,KAAK,CAACQ,MAAM,CAACC,GAAI,GAAE;IAC1Ib,MAAM,CAACe,GAAG,CAAChB,QAAQ,CAACiB,KAAK,EAAEF,OAAO,CAAC;IACnC,MAAM,IAAIpB,aAAa,CAACoB,OAAO,CAAC;EAClC;EAEA,IAAI,CAACZ,gBAAgB,CAACe,MAAM,EAAE;IAC5BjB,MAAM,CAACe,GAAG,CAAChB,QAAQ,CAACiB,KAAK,EAAE,0CAA0C,CAAC;IACtE,MAAM,IAAItB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAMwB,eAAe,GAAGhB,gBAAgB,CAACe,MAAM;;EAE/C;EACA,MAAME,qBAAqB,GAAGD,eAAe,CAACE,MAAM,CACjDC,UAAU,IAAK,CAAChB,WAAW,CAACiB,IAAI,CAACC,KAAA;IAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,IAAI,KAAKH,UAAU,CAACI,IAAI,CAAC,CAAC,CAAC;EAAA,EAAC,CAAC;EAC/E,CAAC;;EACD,IAAIN,qBAAqB,CAACX,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMkB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACH,IAAI,CAAC,CAAC,CAAC,CAAC,CAACI,IAAI,CAAC,IAAI,CAAC;IACtE,MAAMC,QAAQ,GAAGzB,WAAW,CAACsB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAACvB,uBAAuB,EAAE;MAC5B,MAAMQ,OAAO,GAAI,4DAA2DY,OAAQ,iBAAgBI,QAAS,GAAE;MAC/G9B,MAAM,CAACe,GAAG,CAAChB,QAAQ,CAACiB,KAAK,EAAEF,OAAO,CAAC;MACnC,MAAM,IAAIpB,aAAa,CAACoB,OAAO,CAAC;IAClC;EACF;;EAEA;EACA;EACA,MAAMiB,aAAa,GAAGC,MAAM,CAACC,WAAW,CACtCf;EACE;EAAA,CACCS,GAAG,CACFO,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC;MAAEV,IAAI;MAAE,GAAGJ;IAAW,CAAC,GAAAa,KAAA;IAAA,OACtB,CACET,IAAI,CAAC,CAAC,CAAC,EACP;MACE,GAAGJ,UAAU;MACbe,KAAK,GAAAD,iBAAA,GAAE9B,WAAW,CAACgC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKH,IAAI,CAAC,CAAC,CACnC,CAAC,cAAAU,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCR,GAAG,CACFW,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC,OAAO;MAAE,GAAGnB;IAAW,CAAC,CAAC,GAAAiB,KAAA;IAAA,OACpC,CACEC,OAAO,EACP;MACE,GAAGlB,UAAU;MACbG,IAAI,EAAEgB,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEpB;QAAK,CAAC,GAAAmB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGpB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAId,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMmC,eAAe,GAAGb,MAAM,CAACC,WAAW,CACxC5B,WAAW,CACRe,MAAM,CAAEQ,CAAC,IAAK,CAACI,MAAM,CAACc,IAAI,CAACf,aAAa,CAAC,CAACgB,QAAQ,CAACnB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACqB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEb,KAAK,CAAC,GAAAY,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEb,KAAK;QAAEZ,IAAI,EAAEyB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGlB,aAAa;MAChB,GAAGc;IACL,CAAC;EACH;EAEA,OAAOd,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAemB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB5D,WAAW,CAACsD,aAAa,EAAEC,UAAU,EAAEzD,QAAQ,CAAC,EAChD0D,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAAClD,KAAK,CAACwD,OAAO;EAE/C,IAAI,CAACD,GAAG,CAACE,GAAG,CAACC,GAAG,IAAIH,GAAG,CAACE,GAAG,CAACC,GAAG,KAAKP,gBAAgB,CAACO,GAAG,EAAE;IACxD,MAAMhD,OAAO,GAAI,kDAAiDyC,gBAAgB,CAACO,GAAI,UAASR,iBAAiB,CAAClD,KAAK,CAACwD,OAAO,CAACD,GAAG,CAACE,GAAG,CAACC,GAAI,EAAC;IAC7I9D,MAAM,CAACe,GAAG,CAAChB,QAAQ,CAACiB,KAAK,EAAEF,OAAO,CAAC;IACnC,MAAM,IAAIpB,aAAa,CAACoB,OAAO,CAAC;EAClC;EAEA,OAAOwC,iBAAiB;AAC1B;AAEA,MAAMS,6BAAuD,GAAG,MAAAA,CAC9DC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,KAAA,KAMtB;EAAA,IALH;IACEC,uBAAuB;IACvB9D,uBAAuB;IACvBI;EACF,CAAC,GAAAyD,KAAA;EAED,MAAME,OAAO,GAAG,MAAMnB,qBAAqB,CACzCe,UAAU,EACVD,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAACzB,IAAI,EAC7CsB,uBACF,CAAC;EAEDpE,MAAM,CAACe,GAAG,CAAChB,QAAQ,CAACyE,KAAK,EAAG,uBAAsBC,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EAAC,CAAC;EAE5E,MAAMnE,gBAAgB,GACpB8D,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B;EAEH,IAAI,CAAChE,gBAAgB,EAAE;IACrBF,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,gDAA+CkD,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAIxE,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMkF,gBAAgB,GAAG3E,oBAAoB,CAC3CC,gBAAgB,EAChBmE,OAAO,EACP/D,uBAAuB,EACvBI,0BACF,CAAC;EACD,MAAMmE,aAAa,GAAG/E,uBAAuB,CAACuE,OAAO,CAAChE,WAAW,EAAE,KAAK,CAAC;EAEzEL,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACyE,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACE,gBAAgB,CAAE,gBAAeC,aAAc,EACtF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBE,UAAU,EAAE,IAAIC,IAAI,CAACV,OAAO,CAACjE,KAAK,CAACwD,OAAO,CAACoB,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOJ,aAAa,KAAK,QAAQ,GAC7B,IAAIE,IAAI,CAACF,aAAa,GAAG,IAAI,CAAC,GAC9BpE;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMyE,wBAAkD,GAAG,MAAAA,CAChElB,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBiB,OAAO,KACJ;EAAA,IAAAC,qBAAA;EACH,MAAMzE,MAAM,IAAAyE,qBAAA,GACVpB,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B,cAAAkB,qBAAA,uBAFDA,qBAAA,CAEGzE,MAAM;EAEX,IAAIA,MAAM,KAAK,WAAW,EAAE;IAC1BX,MAAM,CAACe,GAAG,CAAChB,QAAQ,CAACyE,KAAK,EAAE,wCAAwC,CAAC;IACpE,OAAOT,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBiB,OACF,CAAC;EACH;EAEA,MAAMrE,OAAO,GAAI,kCAAiCH,MAAO,EAAC;EAC1DX,MAAM,CAACe,GAAG,CAAChB,QAAQ,CAACiB,KAAK,EAAEF,OAAO,CAAC;EACnC,MAAM,IAAIpB,aAAa,CAACoB,OAAO,CAAC;AAClC,CAAC"}

package/lib/module/credential/issuance/README.md

@@ -6,7 +6,7 @@ There's a fork in the flow which is based on the type of the credential that is
 This is due to the fact that eID credentials require a different authorization flow than other credentials, which is accomplished by a strong authentication method like SPID or CIE.
 Credentials instead require a simpler authorization flow and they require other credentials to be presented in order to be issued.
 
-The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step.
+The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step. Available credentials are identified with a unique `credential_configuration_id`, that must be used when requesting authorization. The Authorization Server returns an array of **credential identifiers** that map to the `credential_configuration_id` provided: to obtain the credential, one of the credential identifiers (or all of them) must be requested to the credential endpoint.
 
 ## Sequence Diagram
 
@@ -72,6 +72,8 @@ The expected result from the authentication process is in `form_post.jwt` format
   <summary>Credential issuance flow</summary>
 
 ```ts
+// TODO: [SIW-2209] update documentation in PR #219
+
 // Retrieve the integrity key tag from the store and create its context
 const integrityKeyTag = "example"; // Let's assume this is the key tag used to create the wallet instance
 const integrityContext = getIntegrityContext(integrityKeyTag);
@@ -251,11 +253,10 @@ const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
 // Start the issuance flow
 const startFlow: Credential.Issuance.StartFlow = () => ({
   issuerUrl: WALLET_EID_PROVIDER_BASE_URL,
-  credentialType: "PersonIdentificationData",
-  appFetch,
+  credentialId: "dc_sd_jwt_PersonIdentificationData",
 });
 
-const { issuerUrl } = startFlow();
+const { issuerUrl, credentialId } = startFlow();
 
 // Evaluate issuer trust
 const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
@@ -265,12 +266,16 @@ const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
 
 // Start user authorization
 const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
-  await Credential.Issuance.startUserAuthorization(issuerConf, credentialType, {
-    walletInstanceAttestation,
-    redirectUri,
-    wiaCryptoContext,
-    appFetch,
-  });
+  await Credential.Issuance.startUserAuthorization(
+    issuerConf,
+    [credentialId], // Request authorization for one or more credentials
+    {
+      walletInstanceAttestation,
+      redirectUri,
+      wiaCryptoContext,
+      appFetch,
+    }
+  );
 
 // Complete the authorization process with query mode with the authorizationContext which opens the browser
 const { code } =
@@ -301,12 +306,27 @@ const { accessToken } = await Credential.Issuance.authorizeAccess(
   }
 );
 
+
+const [pidCredentialDefinition] = credentialDefinition;
+
+// Extract the credential_identifier(s) from the access token
+// For each one of them, a credential can be obtained by calling `obtainCredential`
+const { credential_configuration_id, credential_identifiers } =
+    accessToken.authorization_details.find(
+      (authDetails) =>
+        authDetails.credential_configuration_id ===
+        pidCredentialDefinition.credential_configuration_id
+    );
+
 // Obtain che eID credential
 const { credential, format } = await Credential.Issuance.obtainCredential(
   issuerConf,
   accessToken,
   clientId,
-  credentialDefinition,
+  {
+    credential_configuration_id,
+    credential_identifier: credential_identifiers.at(0),
+  },
   {
     credentialCryptoContext,
     dPopCryptoContext,
@@ -318,15 +338,16 @@ const { credential, format } = await Credential.Issuance.obtainCredential(
 const { parsedCredential, issuedAt, expiration } = await Credential.Issuance.verifyAndParseCredential(
   issuerConf,
   credential,
-  format,
+  credential_configuration_id,
   { credentialCryptoContext }
 );
 
 return {
   parsedCredential,
   credential,
+  credentialConfigurationId: credential_configuration_id
+  credentialType: "PersonIdentificationData",
   keyTag: credentialKeyTag,
-  credentialType,
   issuedAt,
   expiration
 };

package/lib/module/credential/issuance/const.js

@@ -1,4 +1,4 @@
 import * as z from "zod";
 export const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
-export const SupportedCredentialFormat = z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
+export const SupportedCredentialFormat = z.union([z.literal("dc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
 //# sourceMappingURL=const.js.map

package/lib/module/credential/issuance/types.js

@@ -1,19 +1,20 @@
-import { AuthorizationDetail } from "../../utils/par";
 import * as z from "zod";
-import { SupportedCredentialFormat } from "./const";
+export const AuthorizationDetail = z.object({
+  type: z.literal("openid_credential"),
+  credential_configuration_id: z.string(),
+  credential_identifiers: z.array(z.string())
+});
 export const TokenResponse = z.object({
   access_token: z.string(),
   authorization_details: z.array(AuthorizationDetail),
-  c_nonce: z.string(),
-  c_nonce_expires_in: z.number(),
   expires_in: z.number(),
   token_type: z.string()
 });
 export const CredentialResponse = z.object({
-  c_nonce: z.string(),
-  c_nonce_expires_in: z.number(),
-  credential: z.string(),
-  format: SupportedCredentialFormat
+  credentials: z.array(z.object({
+    credential: z.string()
+  })),
+  notification_id: z.string().optional()
 });
 
 /**
@@ -22,4 +23,7 @@ export const CredentialResponse = z.object({
 export const ResponseUriResultShape = z.object({
   redirect_uri: z.string()
 });
+export const NonceResponse = z.object({
+  c_nonce: z.string()
+});
 //# sourceMappingURL=types.js.map

package/lib/module/credential/issuance/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["AuthorizationDetail","z","SupportedCredentialFormat","TokenResponse","object","access_token","string","authorization_details","array","c_nonce","c_nonce_expires_in","number","expires_in","token_type","CredentialResponse","credential","format","ResponseUriResultShape","redirect_uri"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,iBAAiB;AACrD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,yBAAyB,QAAQ,SAAS;AAInD,OAAO,MAAMC,aAAa,GAAGF,CAAC,CAACG,MAAM,CAAC;EACpCC,YAAY,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBC,qBAAqB,EAAEN,CAAC,CAACO,KAAK,CAACR,mBAAmB,CAAC;EACnDS,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BC,UAAU,EAAEX,CAAC,CAACU,MAAM,CAAC,CAAC;EACtBE,UAAU,EAAEZ,CAAC,CAACK,MAAM,CAAC;AACvB,CAAC,CAAC;AAIF,OAAO,MAAMQ,kBAAkB,GAAGb,CAAC,CAACG,MAAM,CAAC;EACzCK,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BI,UAAU,EAAEd,CAAC,CAACK,MAAM,CAAC,CAAC;EACtBU,MAAM,EAAEd;AACV,CAAC,CAAC;;AAEF;AACA;AACA;AACA,OAAO,MAAMe,sBAAsB,GAAGhB,CAAC,CAACG,MAAM,CAAC;EAC7Cc,YAAY,EAAEjB,CAAC,CAACK,MAAM,CAAC;AACzB,CAAC,CAAC"}
+{"version":3,"names":["z","AuthorizationDetail","object","type","literal","credential_configuration_id","string","credential_identifiers","array","TokenResponse","access_token","authorization_details","expires_in","number","token_type","CredentialResponse","credentials","credential","notification_id","optional","ResponseUriResultShape","redirect_uri","NonceResponse","c_nonce"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,mBAAmB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC1CC,IAAI,EAAEH,CAAC,CAACI,OAAO,CAAC,mBAAmB,CAAC;EACpCC,2BAA2B,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EACvCC,sBAAsB,EAAEP,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACM,MAAM,CAAC,CAAC;AAC5C,CAAC,CAAC;AAIF,OAAO,MAAMG,aAAa,GAAGT,CAAC,CAACE,MAAM,CAAC;EACpCQ,YAAY,EAAEV,CAAC,CAACM,MAAM,CAAC,CAAC;EACxBK,qBAAqB,EAAEX,CAAC,CAACQ,KAAK,CAACP,mBAAmB,CAAC;EACnDW,UAAU,EAAEZ,CAAC,CAACa,MAAM,CAAC,CAAC;EACtBC,UAAU,EAAEd,CAAC,CAACM,MAAM,CAAC;AACvB,CAAC,CAAC;AAIF,OAAO,MAAMS,kBAAkB,GAAGf,CAAC,CAACE,MAAM,CAAC;EACzCc,WAAW,EAAEhB,CAAC,CAACQ,KAAK,CAClBR,CAAC,CAACE,MAAM,CAAC;IACPe,UAAU,EAAEjB,CAAC,CAACM,MAAM,CAAC;EACvB,CAAC,CACH,CAAC;EACDY,eAAe,EAAElB,CAAC,CAACM,MAAM,CAAC,CAAC,CAACa,QAAQ,CAAC;AACvC,CAAC,CAAC;;AAEF;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAGpB,CAAC,CAACE,MAAM,CAAC;EAC7CmB,YAAY,EAAErB,CAAC,CAACM,MAAM,CAAC;AACzB,CAAC,CAAC;AAKF,OAAO,MAAMgB,aAAa,GAAGtB,CAAC,CAACE,MAAM,CAAC;EACpCqB,OAAO,EAAEvB,CAAC,CAACM,MAAM,CAAC;AACpB,CAAC,CAAC"}

package/lib/module/credential/presentation/07-evaluate-dcql-query.js

@@ -20,7 +20,7 @@ const mapCredentialToObject = jwt => {
   const credentialFormat = sdJwt.header.typ;
 
   // TODO [SIW-2082]: support MDOC credentials
-  if (credentialFormat !== "vc+sd-jwt") {
+  if (credentialFormat !== "dc+sd-jwt") {
     throw new Error(`Unsupported credential format: ${credentialFormat}`);
   }
   return {
@@ -59,7 +59,7 @@ const extractMissingCredentials = (queryResult, originalQuery) => {
     var _credential$meta;
     let [id] = _ref3;
     const credential = originalQuery.credentials.find(c => c.id === id);
-    if ((credential === null || credential === void 0 ? void 0 : credential.format) !== "vc+sd-jwt") {
+    if ((credential === null || credential === void 0 ? void 0 : credential.format) !== "dc+sd-jwt") {
       throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
     }
 
@@ -91,7 +91,7 @@ export const evaluateDcqlQuery = (credentialsSdJwt, query) => {
     return getDcqlQueryMatches(queryResult).map(_ref5 => {
       var _queryResult$credenti;
       let [id, match] = _ref5;
-      if (match.output.credential_format !== "vc+sd-jwt") {
+      if (match.output.credential_format !== "dc+sd-jwt") {
         throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
       }
 
@@ -147,7 +147,7 @@ export const prepareRemotePresentations = async (credentials, nonce, clientId) =
       credentialId: item.id,
       requestedClaims: item.requestedClaims,
       vpToken: vp_token,
-      format: "vc+sd-jwt"
+      format: "dc+sd-jwt"
     };
   }));
 };

package/lib/module/credential/presentation/07-evaluate-input-descriptor.js

@@ -231,7 +231,7 @@ export const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJw
   })) || [];
   return Promise.all(inputDescriptors.map(async descriptor => {
     var _descriptor$format;
-    if ((_descriptor$format = descriptor.format) !== null && _descriptor$format !== void 0 && _descriptor$format["vc+sd-jwt"]) {
+    if ((_descriptor$format = descriptor.format) !== null && _descriptor$format !== void 0 && _descriptor$format["dc+sd-jwt"]) {
       if (!decodedSdJwtCredentials.length) {
         throw new CredentialsNotFoundError([{
           id: descriptor.id,
@@ -277,7 +277,7 @@ export const prepareLegacyRemotePresentations = async (credentialAndDescriptors,
   return Promise.all(credentialAndDescriptors.map(async item => {
     var _descriptor$format2;
     const descriptor = item.inputDescriptor;
-    if ((_descriptor$format2 = descriptor.format) !== null && _descriptor$format2 !== void 0 && _descriptor$format2["vc+sd-jwt"]) {
+    if ((_descriptor$format2 = descriptor.format) !== null && _descriptor$format2 !== void 0 && _descriptor$format2["dc+sd-jwt"]) {
       const {
         vp_token
       } = await prepareVpToken(nonce, client_id, [item.credential, item.requestedClaims, createCryptoContextFor(item.keyTag)]);
@@ -285,7 +285,7 @@ export const prepareLegacyRemotePresentations = async (credentialAndDescriptors,
         requestedClaims: item.requestedClaims,
         inputDescriptor: descriptor,
         vpToken: vp_token,
-        format: "vc+sd-jwt"
+        format: "dc+sd-jwt"
       };
     }
     throw new CredentialsNotFoundError([{