npm - @pagopa/io-react-native-wallet - Versions diffs - 2.0.0-next.2 → 2.0.0-next.4 - Mend

@pagopa/io-react-native-wallet 2.0.0-next.2 → 2.0.0-next.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

package/lib/commonjs/credential/issuance/03-start-user-authorization.js CHANGED Viewed

@@ -6,55 +6,60 @@ Object.defineProperty(exports, "__esModule", {
 exports.startUserAuthorization = void 0;
 var _misc = require("../../utils/misc");
 var _par = require("../../utils/par");
-var _const = require("./const");
 var _logging = require("../../utils/logging");
 /**
  * Ensures that the credential type requested is supported by the issuer and contained in the
  * issuer configuration.
  * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param credentialType The type of the credential to be requested returned by {@link startFlow}
- * @param context.wiaCryptoContext The Wallet Instance's crypto context
- * @param context.walletInstanceAttestation The Wallet Instance's attestation
- * @param context.redirectUri The redirect URI which is the custom URL scheme that the Wallet Instance is registered to handle
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @param credentialId The credential configuration ID to be requested;
  * @returns The credential definition to be used in the request which includes the format and the type and its type
  */
-const selectCredentialDefinition = (issuerConf, credentialType) => {
+const selectCredentialDefinition = (issuerConf, credentialId) => {
   const credential_configurations_supported = issuerConf.openid_credential_issuer.credential_configurations_supported;
-  const [result] = Object.keys(credential_configurations_supported).filter(e => e.includes(credentialType)).map(e => ({
-    credential_configuration_id: credentialType,
-    format: credential_configurations_supported[e].format,
+  const [result] = Object.keys(credential_configurations_supported).filter(e => e.includes(credentialId)).map(() => ({
+    credential_configuration_id: credentialId,
     type: "openid_credential"
   }));
   if (!result) {
-    _logging.Logger.log(_logging.LogLevel.ERROR, `Requested credential type ${credentialType} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
-    throw new Error(`No credential support the type '${credentialType}'`);
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Requested credential ${credentialId} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
+    throw new Error(`No credential support the type '${credentialId}'`);
   }
   return result;
 };
 /**
  * Ensures that the response mode requested is supported by the issuer and contained in the issuer configuration.
+ * When multiple credentials are provided, all of them must support the same response_mode.
  * @param issuerConf The issuer configuration
- * @param credentialType The type of the credential to be requested
+ * @param credentialIds The credential configuration IDs to be requested
  * @returns The response mode to be used in the request, "query" for PersonIdentificationData and "form_post.jwt" for all other types.
  */
-const selectResponseMode = (issuerConf, credentialType) => {
+const selectResponseMode = (issuerConf, credentialIds) => {
   const responseModeSupported = issuerConf.oauth_authorization_server.response_modes_supported;
-  const responseMode = credentialType === "PersonIdentificationData" ? "query" : "form_post.jwt";
-  _logging.Logger.log(_logging.LogLevel.DEBUG, `Selected response mode ${responseMode} for credential type ${credentialType}`);
+  const responseModeSet = new Set();
+  for (const credentialId of credentialIds) {
+    responseModeSet.add(credentialId.match(/PersonIdentificationData/i) ? "query" : "form_post.jwt");
+  }
+  if (responseModeSet.size !== 1) {
+    _logging.Logger.log(_logging.LogLevel.ERROR, `${credentialIds} have incompatible response_mode: ${[...responseModeSet.values()]}`);
+    throw new Error("Requested credentials have incompatible response_mode and cannot be requested with the same PAR request");
+  }
+  const [responseMode] = responseModeSet.values();
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `Selected response mode ${responseMode} for credential IDs ${credentialIds}`);
   if (!responseModeSupported.includes(responseMode)) {
     _logging.Logger.log(_logging.LogLevel.ERROR, `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`);
-    throw new Error(`No response mode support the type '${credentialType}'`);
+    throw new Error(`No response mode support for IDs '${credentialIds}'`);
   }
   return responseMode;
 };
 /**
  * WARNING: This function must be called after {@link evaluateIssuerTrust} and {@link startFlow}. The next steam is {@link compeUserAuthorizationWithQueryMode} or {@link compeUserAuthorizationWithFormPostJwtMode}
+ *
  * Creates and sends a PAR request to the /as/par endpoint of the authorization server.
  * This starts the authentication flow to obtain an access token.
- * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer.
+ * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer; when multiple credential types are passed,
+ * it is possible to use the same access token for the issuance of all requested credentials.
  * This is an HTTP POST request containing the Wallet Instance identifier (client id), the code challenge and challenge method as specified by PKCE according to RFC 9126
  * along with the WTE and its proof of possession (WTE-PoP).
  * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details),
@@ -64,11 +69,12 @@ const selectResponseMode = (issuerConf, credentialType) => {
  * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
  * should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
  * @param issuerConf The issuer configuration
- * @param credentialType The type of the credential to be requested returned by {@link selectCredentialDefinition}
+ * @param credentialIds The credential configuration IDs to be requested
  * @param ctx The context object containing the Wallet Instance's cryptographic context, the Wallet Instance's attestation, the redirect URI and the fetch implementation
- * @returns The URI to which the end user should be redirected to start the authentication flow, along with the client id, the code verifier and the credential definition
+ * @returns The URI to which the end user should be redirected to start the authentication flow, along with the client id, the code verifier and the credential definition(s)
  */
-const startUserAuthorization = async (issuerConf, credentialType, ctx) => {
+const startUserAuthorization = async (issuerConf, credentialIds, ctx) => {
   const {
     wiaCryptoContext,
     walletInstanceAttestation,
@@ -82,13 +88,21 @@ const startUserAuthorization = async (issuerConf, credentialType, ctx) => {
   }
   const codeVerifier = (0, _misc.generateRandomAlphaNumericString)(64);
   const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
-  const credentialDefinition = selectCredentialDefinition(issuerConf, credentialType);
-  const responseMode = selectResponseMode(issuerConf, credentialType);
+  const aud = issuerConf.openid_credential_issuer.credential_issuer;
+  const credentialDefinition = credentialIds.map(c => selectCredentialDefinition(issuerConf, c));
+  const responseMode = selectResponseMode(issuerConf, credentialIds);
   const getPar = (0, _par.makeParRequest)({
     wiaCryptoContext,
     appFetch
   });
-  const issuerRequestUri = await getPar(clientId, codeVerifier, redirectUri, responseMode, parEndpoint, walletInstanceAttestation, [credentialDefinition], _const.ASSERTION_TYPE);
+  const issuerRequestUri = await getPar(parEndpoint, walletInstanceAttestation, {
+    aud,
+    clientId,
+    codeVerifier,
+    redirectUri,
+    responseMode,
+    authorizationDetails: credentialDefinition
+  });
   return {
     issuerRequestUri,
     clientId,

package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_misc","require","_par","~~_const","~~_logging","selectCredentialDefinition","issuerConf","~~credentialType~~","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","~~format","~~type","Logger","log","LogLevel","ERROR","JSON","stringify","Error","selectResponseMode","responseModeSupported","oauth_authorization_server","response_modes_supported","responseMode","DEBUG","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","generateRandomAlphaNumericString","parEndpoint","pushed_authorization_request_endpoint","credentialDefinition","getPar","makeParRequest","issuerRequestUri","~~ASSERTION_TYPE~~","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":";;;;;;AAEA,IAAAA,KAAA,GAAAC,OAAA;AAGA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,~~MAAA~~,GAAAF,OAAA;~~AACA,IAAAG,QAAA,GAAAH,OAAA;~~AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA~~;AACA;AACA;AACA;AACA~~,~~MAAMI~~,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,~~cAAgD~~,~~KACxB~~;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,~~cAAc~~,CAAC,CAAC,~~CACzCS~~,GAAG,~~CAAEF,~~CAAC,~~KAAM~~;~~IACXG~~,2BAA2B,EAAEV,~~cAAc~~;~~IAC3CW~~,~~MAAM,EAAEV,mCAAmC,CAACM,CAAC,CAAC,CAAEI,MAAM;IACtDC,~~IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,~~CAACT~~,MAAM,EAAE;~~IACXU~~,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,~~6BAA4BhB~~,~~cAAe~~,~~kEAAiEiB~~,IAAI,CAACC,SAAS,~~CAACjB~~,mCAAmC,CAAE,~~EACnK~~,CAAC;IACD,MAAM,~~IAAIkB~~,KAAK,CAAE,~~mCAAkCnB~~,~~cAAe~~,GAAE,CAAC;~~EACvE~~;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,~~MAAMiB~~,kBAAkB,GAAGA,~~CACzBrB~~,UAAkD,~~EAClDC~~,~~cAAgD~~,~~KAC/B~~;EACjB,~~MAAMqB~~,qBAAqB,GACzBtB,UAAU,CAACuB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,~~YAAY~~,~~GAChBxB~~,~~cAAc~~,KAAK,~~0BAA0B~~,GAAG,OAAO,GAAG,eAAe;~~EAE3Ea~~,eAAM,CAACC,GAAG,CACRC,iBAAQ,~~CAACU~~,KAAK,EACb,0BAAyBD,YAAa,~~wBAAuBxB~~,~~cAAe~~,~~EAC/E~~,CAAC;EAED,IAAI,~~CAACqB~~,qBAAqB,CAACb,QAAQ,~~CAACgB~~,~~YAAY~~,CAAC,EAAE;~~IACjDX~~,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,~~2BAA0BQ~~,YAAa,~~kEAAiEP~~,IAAI,CAACC,SAAS,~~CAACG~~,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,~~IAAIF~~,KAAK,CAAE,~~sCAAqCnB~~,~~cAAe~~,GAAE,CAAC;~~EAC1E~~;EAEA,~~OAAOwB~~,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;~~AACO~~,MAAME,sBAA8C,GAAG,MAAAA,~~CAC5D3B~~,UAAU,~~EACVC~~,~~cAAc~~,~~EACd2B~~,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;~~EACzE~~,IAAI,CAACJ,QAAQ,EAAE;~~IACbpB~~,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,~~kCAAiCiB~~,QAAS,0BAC7C,CAAC;IACD,MAAM,~~IAAId~~,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,~~MAAMmB~~,YAAY,GAAG,IAAAC,sCAAgC,EAAC,EAAE,CAAC;EACzD,MAAMC,WAAW,~~GACfzC~~,UAAU,CAACuB,0BAA0B,~~CAACmB~~,qCAAqC;EAC7E,MAAMC,oBAAoB,~~GAAG5C~~,0BAA0B,~~CACrDC~~,UAAU,~~EACVC~~,~~cACF~~,CAAC;EACD,~~MAAMwB~~,YAAY,~~GAAGJ~~,kBAAkB,~~CAACrB~~,UAAU,~~EAAEC~~,~~cAAc~~,CAAC;~~EAEnE~~,~~MAAM2C~~,MAAM,GAAG,IAAAC,mBAAc,EAAC;~~IAAEhB~~,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,~~MAAMc~~,gBAAgB,GAAG,MAAMF,MAAM,~~CACnCV~~,~~QAAQ~~,~~EACRK~~,~~YAAY~~,~~EACZR~~,~~WAAW~~,~~EACXN~~,YAAY,~~EACZgB,~~WAAW,~~EACXX~~,~~yBAAyB,EACzB,CAACa,~~oBAAoB,~~CAAC~~,~~EACtBI~~,~~qBACF,~~CAAC;EAED,OAAO;~~IAAED~~,gBAAgB;~~IAAEZ~~,QAAQ;IAAEK,YAAY;~~IAAEI~~;EAAqB,CAAC;AAC3E,CAAC;~~AAACK~~,OAAA,~~CAAArB~~,sBAAA,GAAAA,sBAAA"}
1	+ {"version":3,"names":["_misc","require","_par","_logging","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","Logger","log","LogLevel","ERROR","JSON","stringify","Error","selectResponseMode","credentialIds","responseModeSupported","oauth_authorization_server","response_modes_supported","responseModeSet","Set","add","match","size","values","responseMode","DEBUG","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","generateRandomAlphaNumericString","parEndpoint","pushed_authorization_request_endpoint","aud","credential_issuer","credentialDefinition","c","getPar","makeParRequest","issuerRequestUri","authorizationDetails","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":";;;;;;AAEA,IAAAA,KAAA,GAAAC,OAAA;AAGA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMG,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,YAA4C,KACpB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,YAAY,CAAC,CAAC,CACvCS,GAAG,CAAC,OAAO;IACVC,2BAA2B,EAAEV,YAAY;IACzCW,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACXS,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,wBAAuBf,YAAa,kEAAiEgB,IAAI,CAACC,SAAS,CAAChB,mCAAmC,CAAE,EAC5J,CAAC;IACD,MAAM,IAAIiB,KAAK,CAAE,mCAAkClB,YAAa,GAAE,CAAC;EACrE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMgB,kBAAkB,GAAGA,CACzBpB,UAAkD,EAClDqB,aAAuB,KACN;EACjB,MAAMC,qBAAqB,GACzBtB,UAAU,CAACuB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,eAAe,GAAG,IAAIC,GAAG,CAAe,CAAC;EAE/C,KAAK,MAAMzB,YAAY,IAAIoB,aAAa,EAAE;IACxCI,eAAe,CAACE,GAAG,CACjB1B,YAAY,CAAC2B,KAAK,CAAC,2BAA2B,CAAC,GAC3C,OAAO,GACP,eACN,CAAC;EACH;EAEA,IAAIH,eAAe,CAACI,IAAI,KAAK,CAAC,EAAE;IAC9BhB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,GAAEK,aAAc,qCAAoC,CAAC,GAAGI,eAAe,CAACK,MAAM,CAAC,CAAC,CAAE,EACrF,CAAC;IACD,MAAM,IAAIX,KAAK,CACb,yGACF,CAAC;EACH;EAEA,MAAM,CAACY,YAAY,CAAC,GAAGN,eAAe,CAACK,MAAM,CAAC,CAAC;EAE/CjB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACiB,KAAK,EACb,0BAAyBD,YAAa,uBAAsBV,aAAc,EAC7E,CAAC;EAED,IAAI,CAACC,qBAAqB,CAACb,QAAQ,CAACsB,YAAa,CAAC,EAAE;IAClDlB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0Be,YAAa,kEAAiEd,IAAI,CAACC,SAAS,CAACI,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAIH,KAAK,CAAE,qCAAoCE,aAAc,GAAE,CAAC;EACxE;EAEA,OAAOU,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEO,MAAME,sBAA8C,GAAG,MAAAA,CAC5DjC,UAAU,EACVqB,aAAa,EACba,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACb3B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,kCAAiCwB,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIrB,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAM0B,YAAY,GAAG,IAAAC,sCAAgC,EAAC,EAAE,CAAC;EACzD,MAAMC,WAAW,GACf/C,UAAU,CAACuB,0BAA0B,CAACyB,qCAAqC;EAC7E,MAAMC,GAAG,GAAGjD,UAAU,CAACG,wBAAwB,CAAC+C,iBAAiB;EACjE,MAAMC,oBAAoB,GAAG9B,aAAa,CAACX,GAAG,CAAE0C,CAAC,IAC/CrD,0BAA0B,CAACC,UAAU,EAAEoD,CAAC,CAC1C,CAAC;EACD,MAAMrB,YAAY,GAAGX,kBAAkB,CAACpB,UAAU,EAAEqB,aAAa,CAAC;EAClE,MAAMgC,MAAM,GAAG,IAAAC,mBAAc,EAAC;IAAEnB,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,MAAMiB,gBAAgB,GAAG,MAAMF,MAAM,CACnCN,WAAW,EACXX,yBAAyB,EACzB;IACEa,GAAG;IACHT,QAAQ;IACRK,YAAY;IACZR,WAAW;IACXN,YAAY;IACZyB,oBAAoB,EAAEL;EACxB,CACF,CAAC;EAED,OAAO;IAAEI,gBAAgB;IAAEf,QAAQ;IAAEK,YAAY;IAAEM;EAAqB,CAAC;AAC3E,CAAC;AAACM,OAAA,CAAAxB,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/credential/issuance/04-complete-user-authorization.js CHANGED Viewed

@@ -10,11 +10,11 @@ var _parseUrl = _interopRequireDefault(require("parse-url"));
 var _errors = require("../../utils/errors");
 var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _types = require("../presentation/types");
-var _uuid = require("uuid");
 var _types2 = require("./types");
 var _decoder = require("../../utils/decoder");
 var _errors2 = require("./errors");
 var _logging = require("../../utils/logging");
+var _ = require("..");
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 /**
  * The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
@@ -94,71 +94,47 @@ const getRequestedCredentialToBePresented = async function (issuerRequestUri, cl
 };
 /**
- * WARNING: This function must be called after {@link startUserAuthorization}. The next function to be called is {@link completeUserAuthorizationWithFormPostJwtMode}.
+ * WARNING: This function must be called after {@link getRequestedCredentialToBePresented}. The next function to be called is {@link authorizeAccess}.
  * The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
- * It is used as a first step to complete the user authorization by obtaining the requested credential to be presented from the authorization server.
- * The information is obtained by performing a GET request to the authorization endpoint with request_uri and client_id parameters.
- * @param issuerRequestUri the URI of the issuer where the request is sent
- * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
- * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param context.walletInstanceAccestation the Wallet Instance's attestation to be presented
- * @param context.pid the PID to be presented
- * @param context.wiaCryptoContext The Wallet Instance's crypto context associated with the walletInstanceAttestation parameter
- * @param context.pidCryptoContext The PID crypto context associated with the pid parameter
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * The information is obtained by performing a POST request to the endpoint received in the response_uri field of the requestObject, where the Authorization Response payload is posted.
+ * Following this,the redirect_uri from the response is used to obtain the final authorization response.
+ * @param requestObject - The request object containing the necessary parameters for authorization.
+ * @param pid The `PID` that must be presented for the issuance of credentials.
+ * @param appFetch (optional) fetch api implementation. Default: built-in fetch
  * @throws {ValidationFailed} if an error while validating the response
  * @returns the authorization response which contains code, state and iss
  */
 exports.getRequestedCredentialToBePresented = getRequestedCredentialToBePresented;
-const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, ctx) => {
-  _logging.Logger.log(_logging.LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, completing the user authorization with form_post.jwt mode`);
-  const {
+const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, pid, _ref) => {
+  let {
     wiaCryptoContext,
     pidCryptoContext,
-    pid,
-    walletInstanceAttestation,
     appFetch = fetch
-  } = ctx;
-  const wiaWpToken = await new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setProtectedHeader({
-    alg: "ES256",
-    typ: "JWT"
-  }).setPayload({
-    vp: walletInstanceAttestation,
-    jti: (0, _uuid.v4)().toString(),
-    nonce: requestObject.nonce
-  }).setIssuedAt().setExpirationTime("5m").setAudience(requestObject.response_uri).sign();
-  const pidWpToken = await new _ioReactNativeJwt.SignJWT(pidCryptoContext).setProtectedHeader({
-    alg: "ES256",
-    typ: "JWT"
-  }).setPayload({
-    vp: pid,
-    jti: (0, _uuid.v4)().toString(),
-    nonce: requestObject.nonce
-  }).setIssuedAt().setExpirationTime("5m").setAudience(requestObject.response_uri).sign();
-  _logging.Logger.log(_logging.LogLevel.DEBUG, `Wallet instance attestation JWT token: ${wiaWpToken}`);
-  /* The path parameter refers to the vp_token variable of the authzResponsePayload and must point to the plain credential which
-   * is cointaned in the `vp` property of the signed jwt token payload
-   */
-  const presentationSubmission = {
-    definition_id: `${(0, _uuid.v4)()}`,
-    id: `${(0, _uuid.v4)()}`,
-    descriptor_map: [{
-      id: "PersonIdentificationData",
-      path: "$.vp_token[0].vp",
-      format: "vc+sd-jwt"
-    }, {
-      id: "WalletAttestation",
-      path: "$.vp_token[1].vp",
-      format: "jwt"
-    }]
-  };
-  _logging.Logger.log(_logging.LogLevel.DEBUG, `Presentation submission: ${JSON.stringify(presentationSubmission)}`);
-  const authzResponsePayload = (0, _ioReactNativeJwt.encodeBase64)(JSON.stringify({
+  } = _ref;
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, completing the user authorization with form_post.jwt mode`);
+  if (!requestObject.dcql_query) {
+    throw new Error("Invalid request object");
+  }
+  const dcqlQueryResult = _.Presentation.evaluateDcqlQuery([[pidCryptoContext, pid]], requestObject.dcql_query);
+  const credentialsToPresent = dcqlQueryResult.map(_ref2 => {
+    let {
+      requiredDisclosures,
+      ...rest
+    } = _ref2;
+    return {
+      ...rest,
+      requestedClaims: requiredDisclosures.map(_ref3 => {
+        let [, claimName] = _ref3;
+        return claimName;
+      })
+    };
+  });
+  const remotePresentations = await _.Presentation.prepareRemotePresentations(credentialsToPresent, requestObject.nonce, requestObject.client_id);
+  const authzResponsePayload = await createAuthzResponsePayload({
     state: requestObject.state,
-    presentation_submission: presentationSubmission,
-    vp_token: [pidWpToken, wiaWpToken]
-  }));
+    remotePresentations,
+    wiaCryptoContext
+  });
   _logging.Logger.log(_logging.LogLevel.DEBUG, `Authz response payload: ${authzResponsePayload}`);
   // Note: according to the spec, the response should be encrypted with the public key of the RP however this is not implemented yet
@@ -213,5 +189,47 @@ const parseAuthorizationResponse = authRes => {
   }
   return authResParsed.data;
 };
+/**
+ * Creates the authorization response payload to be sent.
+ * This payload includes the state and the VP tokens for the presented credentials.
+ * The payload is encoded in Base64.
+ * @param state - The state parameter from the request object (optional).
+ * @param remotePresentations - An array of remote presentations containing credential IDs and their corresponding VP tokens.
+ * @returns The Base64 encoded authorization response payload.
+ */
 exports.parseAuthorizationResponse = parseAuthorizationResponse;
+const createAuthzResponsePayload = async _ref4 => {
+  let {
+    state,
+    remotePresentations,
+    wiaCryptoContext
+  } = _ref4;
+  const {
+    kid
+  } = await wiaCryptoContext.getPublicKey();
+  return new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setProtectedHeader({
+    typ: "jwt",
+    kid
+  }).setPayload({
+    /**
+     * TODO [SIW-2264]: `state` coming from `requestObject` is marked as `optional`
+     * At the moment, it is not entirely clear whether this value can indeed be omitted
+     * and, if so, what the consequences of its absence might be.
+     */
+    ...(state ? {
+      state
+    } : {}),
+    vp_token: remotePresentations.reduce((vp_token, _ref5) => {
+      let {
+        credentialId,
+        vpToken
+      } = _ref5;
+      return {
+        ...vp_token,
+        [credentialId]: vpToken
+      };
+    }, {})
+  }).setIssuedAt().setExpirationTime("1h").sign();
+};
 //# sourceMappingURL=04-complete-user-authorization.js.map

package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_auth","require","_misc","_parseUrl","_interopRequireDefault","_errors","_ioReactNativeJwt","_types","~~_uuid","~~_types2","_decoder","_errors2","_logging","obj","__esModule","default","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","exports","completeUserAuthorizationWithQueryMode","authRedirectUrl","Logger","log","LogLevel","DEBUG","query","parseUrl","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObject","method","then","hasStatusOrThrow","IssuerResponseError","res","text","jws","decode","reqObj","RequestObject","safeParse","payload","success","ERROR","error","message","ValidationFailed","reason","data","completeUserAuthorizationWithFormPostJwtMode","~~ctx~~","wiaCryptoContext","pidCryptoContext","~~pid~~","~~walletInstanceAttestation~~","~~wiaWpToken~~","~~SignJWT~~","~~setProtectedHeader~~","~~alg~~","~~typ~~","~~setPayload~~","vp","~~jti~~","~~uuidv4~~","nonce","~~setIssuedAt~~","~~setExpirationTime~~","~~setAudience~~","~~response_uri~~","~~sign~~","~~pidWpToken~~","~~presentationSubmission~~","~~definition_id~~","id","~~descriptor_map~~","~~path~~","~~format~~","~~JSON~~","~~stringify~~","~~authzResponsePayload~~","~~encodeBase64~~","~~state~~","~~presentation_submission~~","~~vp_token~~","~~body~~","~~response~~","~~resUriRes~~","~~headers~~","~~reqUri~~","~~json~~","~~responseUri~~","~~ResponseUriResultShape~~","~~redirect_uri~~","~~getJwtFromFormPost~~","~~cbRes~~","~~decodedJwt~~","~~authRes~~","~~authResParsed~~","~~AuthorizationResultShape~~","~~authErr~~","~~AuthorizationErrorShape~~","~~AuthorizationError~~","~~AuthorizationIdpError~~","~~error_description~~"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,SAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAEA,IAAAK,iBAAA,GAAAL,OAAA;~~AAMA~~,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,~~KAAA~~,GAAAP,OAAA;AACA,IAAAQ,~~OAAA~~,GAAAR,OAAA;AACA,IAAAS,QAAA,GAAAT,OAAA;AACA,IAAAU,QAAA,GAAAV,OAAA;AACA,IAAAW,~~QAAA~~,GAAAX,OAAA;~~AAAuD~~,SAAAG,uBAAAS,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;~~AAEvD~~;AACA;AACA;;~~AAgCA~~;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXI,MAAM,CAACI,MAAM,CAAC,SAAS,EAAER,OAAO,CAAC;EACnC;EAEA,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAd,qBAAA,GAAAA,qBAAA;AAOO,MAAMe,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzBC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,0GACH,CAAC;EACD,MAAMC,KAAK,GAAG,IAAAC,iBAAQ,EAACN,eAAe,CAAC,CAACK,KAAK;EAE7C,OAAOE,0BAA0B,CAACF,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAXAP,OAAA,CAAAC,sCAAA,GAAAA,sCAAA;AAYO,MAAMS,mCAAwE,GACnF,eAAAA,CAAOvB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBsB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7DZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,sGACH,CAAC;EACD,MAAMf,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEFgB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,oCAAmCf,oBAAqB,IAAGG,MAAM,CAACsB,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMN,QAAQ,CACjC,GAAEpB,oBAAqB,IAAGG,MAAM,CAACsB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAEK,GAAG,IAAK,IAAAC,wBAAM,EAACD,GAAG,CAAC,CAAC,CAC1BL,IAAI,CAAEO,MAAM,IAAKC,oBAAa,CAACC,SAAS,CAACF,MAAM,CAACG,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACZ,aAAa,CAACa,OAAO,EAAE;IAC1B3B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC0B,KAAK,EACb,+CAA8Cd,aAAa,CAACe,KAAK,CAACC,OAAQ,EAC7E,CAAC;IACD,MAAM,IAAIC,wBAAgB,CAAC;MACzBD,OAAO,EAAE,kCAAkC;MAC3CE,MAAM,EAAElB,aAAa,CAACe,KAAK,CAACC;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOhB,aAAa,CAACmB,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;~~AACA;AACA;AACA;AACA;AACA;AAfApC~~,OAAA,CAAAU,mCAAA,GAAAA,mCAAA;~~AAgBO~~,MAAM2B,4CAA0F,GACrG,MAAAA,~~CAAOpB~~,aAAa,~~EAAEqB~~,GAAG,~~KAAK;EAC5BnC~~,~~eAAM~~,~~CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,sHACH,CAAC~~;~~EAED~~,~~MAAM~~;~~IACJiC~~,gBAAgB;~~IAChBC~~,gBAAgB;~~IAChBC~~,~~GAAG;IACHC,yBAAyB;IACzB/B,~~QAAQ,GAAGI;~~EACb~~,CAAC,~~GAAGuB~~,~~GAAG~~;~~EAEP~~,~~MAAMK~~,~~UAAU~~,GAAG,~~MAAM~~,~~IAAIC~~,~~yBAAO~~,~~CAACL~~,~~gBAAgB~~,~~CAAC~~,~~CACnDM,kBAAkB,~~CAAC;~~IAClBC~~,~~GAAG~~,~~EAAE~~,~~OAAO;IACZC~~,~~GAAG~~,~~EAAE;EACP,CAAC,CAAC,CACDC,~~UAAU,~~CAAC;IACVC,~~EAAE~~,EAAEP,yBAAyB~~;~~IAC7BQ~~,~~GAAG~~,~~EAAE~~,~~IAAAC~~,~~QAAM,EAAC,~~CAAC,~~CAACnC~~,~~QAAQ,~~CAAC~~,CAAC~~;~~IACxBoC~~,~~KAAK~~,~~EAAEnC~~,~~aAAa~~,~~CAACmC;EACvB~~,~~CAAC~~,~~CAAC~~,~~CACDC~~,~~WAAW,~~CAAC,~~CAAC~~,~~CACbC~~,~~iBAAiB~~,CAAC,~~IAAI,~~CAAC,~~CACvBC~~,~~WAAW,CAACtC,~~aAAa,~~CAACuC~~,~~YAAY~~,CAAC~~,CACvCC,IAAI,CAAC,CAAC~~;~~EAET~~,~~MAAMC~~,~~UAAU~~,~~GAAG~~,~~MAAM~~,~~IAAId~~,~~yBAAO,CAACJ,gBAAgB,CAAC,CACnDK,kBAAkB,CAAC;IAClBC,~~GAAG,~~EAAE~~,~~OAAO~~;~~IACZC~~,~~GAAG,EAAE~~;~~EACP~~,~~CAAC,CAAC,CACDC,UAAU,CAAC~~;~~IACVC~~,~~EAAE,EAAER,GAAG~~;~~IACPS~~,~~GAAG,EAAE,IAAAC,QAAM,EAAC,~~CAAC,~~CAACnC~~,~~QAAQ,CAAC,CAAC~~;~~IACxBoC~~,~~KAAK,EAAEnC,aAAa,CAACmC~~;~~EACvB~~,~~CAAC~~,~~CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,~~IAAI~~,CAAC,CACvBC,WAAW,CAACtC,aAAa,CAACuC,YAAY,CAAC,CACvCC,IAAI,CAAC,CAAC~~;~~EAETtD~~,~~eAAM~~,~~CAACC~~,~~GAAG~~,~~CACRC~~,~~iBAAQ,CAACC,KAAK,EACb,0CAAyCqC,UAAW,EACvD,CAAC;;EAED;AACJ;AACA;EACI,MAAMgB,sBAAsB,~~GAAG~~;IAC7BC~~,~~aAAa~~,~~EAAG,GAAE,IAAAT,QAAM,EAAC,CAAE,EAAC~~;~~IAC5BU~~,~~EAAE~~,~~EAAG~~,~~GAAE~~,~~IAAAV~~,~~QAAM~~,~~EAAC,CAAE,EAAC~~;~~IACjBW~~,~~cAAc~~,~~EAAE,CACd~~;~~MACED,EAAE,EAAE,0BAA0B~~;~~MAC9BE~~,~~IAAI,EAAE,kBAAkB~~;~~MACxBC~~,~~MAAM~~,~~EAAE;IACV,~~CAAC~~,EACD~~;~~MACEH~~,~~EAAE~~,~~EAAE,~~mBAAmB~~;MACvBE~~,~~IAAI~~,~~EAAE~~,~~kBAAkB;MACxBC~~,~~MAAM~~,~~EAAE;IACV~~,~~CAAC;EAEL~~,~~CAAC;EAED7D~~,~~eAAM~~,~~CAACC~~,~~GAAG~~,~~CACRC,iBAAQ,CAACC,~~KAAK,~~EACb~~,~~4BAA2B2D~~,~~IAAI~~,~~CAACC~~,~~SAAS,CAACP,sBAAsB,CAAE,EACrE,~~CAAC;EAED,~~MAAMQ~~,oBAAoB,GAAG,~~IAAAC~~,~~8BAAY~~,~~EACvCH,IAAI,CAACC,SAAS,~~CAAC;~~IACbG~~,KAAK,~~EAAEpD~~,aAAa,~~CAACoD~~,KAAK;~~IAC1BC~~,~~uBAAuB,EAAEX,sBAAsB~~;~~IAC/CY,QAAQ,EAAE,CAACb,UAAU,EAAEf,UAAU~~;~~EACnC~~,CAAC,~~CACH,~~CAAC;~~EAEDxC~~,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,~~2BAA0B6D~~,oBAAqB,EAClD,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,~~MAAMK~~,IAAI,GAAG,~~IAAI7E~~,eAAe,CAAC;IAC/~~B8E~~,QAAQ,~~EAAEN~~;EACZ,CAAC,CAAC,~~CAACnD~~,QAAQ,CAAC,CAAC;EAEb,~~MAAM0D~~,SAAS,GAAG,~~MAAM/D~~,QAAQ,CAACM,aAAa,~~CAACuC~~,YAAY,EAAE;~~IAC3DtC~~,MAAM,EAAE,MAAM;~~IACdyD~~,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;~~IACDH~~;EACF,CAAC,CAAC,~~CACCrD~~,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,~~CAAEyD~~,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGC,8BAAsB,~~CAACnD~~,SAAS,~~CAAC8C~~,SAAS,CAAC;EAC/D,IAAI,~~CAACI~~,WAAW,~~CAAChD~~,OAAO,EAAE;IACxB3B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC0B,KAAK,EACb,~~4CAA2C+C~~,WAAW,~~CAAC9C~~,KAAK,CAACC,OAAQ,EACxE,CAAC;IACD,MAAM,IAAIC,wBAAgB,CAAC;MACzBD,OAAO,EAAE,gCAAgC;MACzCE,MAAM,~~EAAE2C~~,WAAW,~~CAAC9C~~,KAAK,CAACC;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMtB,QAAQ,~~CAACmE~~,WAAW,~~CAAC1C~~,IAAI,~~CAAC4C~~,YAAY,CAAC,~~CACjD7D~~,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,~~CAAC8D~~,2BAAkB,CAAC,~~CACxB9D~~,IAAI,~~CAAE+D~~,KAAK,~~IAAKzE~~,0BAA0B,~~CAACyE~~,KAAK,CAACC,UAAU,~~CAACtD~~,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANA7B,OAAA,CAAAqC,4CAAA,GAAAA,4CAAA;AAOO,MAAM5B,0BAA0B,~~GACrC2E~~,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGC,8BAAwB,~~CAAC1D~~,SAAS,~~CAACwD~~,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,~~CAACvD~~,OAAO,EAAE;IAC1B,~~MAAMyD~~,OAAO,GAAGC,6BAAuB,~~CAAC5D~~,SAAS,~~CAACwD~~,OAAO,CAAC;IAC1D,IAAI,CAACG,OAAO,~~CAACzD~~,OAAO,EAAE;MACpB3B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC0B,KAAK,EACb,~~mDAAkDsD~~,aAAa,~~CAACrD~~,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,~~IAAIwD~~,2BAAkB,CAACJ,aAAa,~~CAACrD~~,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA9B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC0B,KAAK,EACb,~~2CAA0CkC~~,IAAI,CAACC,SAAS,~~CAACqB~~,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,~~IAAIG~~,8BAAqB,~~CAC7BH~~,OAAO,~~CAACnD~~,IAAI,CAACJ,KAAK,~~EAClBuD~~,OAAO,~~CAACnD~~,IAAI,~~CAACuD~~,iBACf,CAAC;EACH;EACA,~~OAAON~~,aAAa,~~CAACjD~~,IAAI;AAC3B,CAAC;~~AAACpC~~,OAAA,CAAAS,0BAAA,GAAAA,0BAAA"}
1	+ {"version":3,"names":["_auth","require","_misc","_parseUrl","_interopRequireDefault","_errors","_ioReactNativeJwt","_types","_types2","_decoder","_errors2","_logging","_","obj","__esModule","default","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","exports","completeUserAuthorizationWithQueryMode","authRedirectUrl","Logger","log","LogLevel","DEBUG","query","parseUrl","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObject","method","then","hasStatusOrThrow","IssuerResponseError","res","text","jws","decode","reqObj","RequestObject","safeParse","payload","success","ERROR","error","message","ValidationFailed","reason","data","completeUserAuthorizationWithFormPostJwtMode","pid","_ref","wiaCryptoContext","pidCryptoContext","dcql_query","Error","dcqlQueryResult","Presentation","evaluateDcqlQuery","credentialsToPresent","map","_ref2","requiredDisclosures","rest","requestedClaims","_ref3","claimName","remotePresentations","prepareRemotePresentations","nonce","authzResponsePayload","createAuthzResponsePayload","state","body","response","resUriRes","response_uri","headers","reqUri","json","responseUri","ResponseUriResultShape","redirect_uri","getJwtFromFormPost","cbRes","decodedJwt","authRes","authResParsed","AuthorizationResultShape","authErr","AuthorizationErrorShape","AuthorizationError","JSON","stringify","AuthorizationIdpError","error_description","_ref4","kid","getPublicKey","SignJWT","setProtectedHeader","typ","setPayload","vp_token","reduce","_ref5","credentialId","vpToken","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,SAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAEA,IAAAK,iBAAA,GAAAL,OAAA;AAKA,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AACA,IAAAQ,QAAA,GAAAR,OAAA;AACA,IAAAS,QAAA,GAAAT,OAAA;AACA,IAAAU,QAAA,GAAAV,OAAA;AACA,IAAAW,CAAA,GAAAX,OAAA;AAAkC,SAAAG,uBAAAS,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGlC;AACA;AACA;;AA+BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXI,MAAM,CAACI,MAAM,CAAC,SAAS,EAAER,OAAO,CAAC;EACnC;EAEA,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAd,qBAAA,GAAAA,qBAAA;AAOO,MAAMe,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzBC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,0GACH,CAAC;EACD,MAAMC,KAAK,GAAG,IAAAC,iBAAQ,EAACN,eAAe,CAAC,CAACK,KAAK;EAE7C,OAAOE,0BAA0B,CAACF,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAXAP,OAAA,CAAAC,sCAAA,GAAAA,sCAAA;AAYO,MAAMS,mCAAwE,GACnF,eAAAA,CAAOvB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBsB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7DZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,sGACH,CAAC;EACD,MAAMf,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEFgB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,oCAAmCf,oBAAqB,IAAGG,MAAM,CAACsB,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMN,QAAQ,CACjC,GAAEpB,oBAAqB,IAAGG,MAAM,CAACsB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAEK,GAAG,IAAK,IAAAC,wBAAM,EAACD,GAAG,CAAC,CAAC,CAC1BL,IAAI,CAAEO,MAAM,IAAKC,oBAAa,CAACC,SAAS,CAACF,MAAM,CAACG,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACZ,aAAa,CAACa,OAAO,EAAE;IAC1B3B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC0B,KAAK,EACb,+CAA8Cd,aAAa,CAACe,KAAK,CAACC,OAAQ,EAC7E,CAAC;IACD,MAAM,IAAIC,wBAAgB,CAAC;MACzBD,OAAO,EAAE,kCAAkC;MAC3CE,MAAM,EAAElB,aAAa,CAACe,KAAK,CAACC;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOhB,aAAa,CAACmB,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAVApC,OAAA,CAAAU,mCAAA,GAAAA,mCAAA;AAWO,MAAM2B,4CAA0F,GACrG,MAAAA,CACEpB,aAAa,EACbqB,GAAG,EAAAC,IAAA,KAEA;EAAA,IADH;IAAEC,gBAAgB;IAAEC,gBAAgB;IAAE9B,QAAQ,GAAGI;EAAM,CAAC,GAAAwB,IAAA;EAExDpC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,sHACH,CAAC;EAED,IAAI,CAACW,aAAa,CAACyB,UAAU,EAAE;IAC7B,MAAM,IAAIC,KAAK,CAAC,wBAAwB,CAAC;EAC3C;EAEA,MAAMC,eAAe,GAAGC,cAAY,CAACC,iBAAiB,CACpD,CAAC,CAACL,gBAAgB,EAAEH,GAAG,CAAC,CAAC,EACzBrB,aAAa,CAACyB,UAChB,CAAC;EAED,MAAMK,oBAAoB,GAAGH,eAAe,CAACI,GAAG,CAC9CC,KAAA;IAAA,IAAC;MAAEC,mBAAmB;MAAE,GAAGC;IAAK,CAAC,GAAAF,KAAA;IAAA,OAAM;MACrC,GAAGE,IAAI;MACPC,eAAe,EAAEF,mBAAmB,CAACF,GAAG,CAACK,KAAA;QAAA,IAAC,GAAGC,SAAS,CAAC,GAAAD,KAAA;QAAA,OAAKC,SAAS;MAAA;IACvE,CAAC;EAAA,CACH,CAAC;EAED,MAAMC,mBAAmB,GAAG,MAAMV,cAAY,CAACW,0BAA0B,CACvET,oBAAoB,EACpB9B,aAAa,CAACwC,KAAK,EACnBxC,aAAa,CAACrB,SAChB,CAAC;EAED,MAAM8D,oBAAoB,GAAG,MAAMC,0BAA0B,CAAC;IAC5DC,KAAK,EAAE3C,aAAa,CAAC2C,KAAK;IAC1BL,mBAAmB;IACnBf;EACF,CAAC,CAAC;EAEFrC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0BoD,oBAAqB,EAClD,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAMG,IAAI,GAAG,IAAIlE,eAAe,CAAC;IAC/BmE,QAAQ,EAAEJ;EACZ,CAAC,CAAC,CAAC1C,QAAQ,CAAC,CAAC;EAEb,MAAM+C,SAAS,GAAG,MAAMpD,QAAQ,CAACM,aAAa,CAAC+C,YAAY,EAAE;IAC3D9C,MAAM,EAAE,MAAM;IACd+C,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDJ;EACF,CAAC,CAAC,CACC1C,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAE+C,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGC,8BAAsB,CAACzC,SAAS,CAACmC,SAAS,CAAC;EAC/D,IAAI,CAACK,WAAW,CAACtC,OAAO,EAAE;IACxB3B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC0B,KAAK,EACb,4CAA2CqC,WAAW,CAACpC,KAAK,CAACC,OAAQ,EACxE,CAAC;IACD,MAAM,IAAIC,wBAAgB,CAAC;MACzBD,OAAO,EAAE,gCAAgC;MACzCE,MAAM,EAAEiC,WAAW,CAACpC,KAAK,CAACC;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMtB,QAAQ,CAACyD,WAAW,CAAChC,IAAI,CAACkC,YAAY,CAAC,CACjDnD,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAACoD,2BAAkB,CAAC,CACxBpD,IAAI,CAAEqD,KAAK,IAAK/D,0BAA0B,CAAC+D,KAAK,CAACC,UAAU,CAAC5C,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANA7B,OAAA,CAAAqC,4CAAA,GAAAA,4CAAA;AAOO,MAAM5B,0BAA0B,GACrCiE,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGC,8BAAwB,CAAChD,SAAS,CAAC8C,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAAC7C,OAAO,EAAE;IAC1B,MAAM+C,OAAO,GAAGC,6BAAuB,CAAClD,SAAS,CAAC8C,OAAO,CAAC;IAC1D,IAAI,CAACG,OAAO,CAAC/C,OAAO,EAAE;MACpB3B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC0B,KAAK,EACb,mDAAkD4C,aAAa,CAAC3C,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAI8C,2BAAkB,CAACJ,aAAa,CAAC3C,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACA9B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC0B,KAAK,EACb,2CAA0CiD,IAAI,CAACC,SAAS,CAACJ,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIK,8BAAqB,CAC7BL,OAAO,CAACzC,IAAI,CAACJ,KAAK,EAClB6C,OAAO,CAACzC,IAAI,CAAC+C,iBACf,CAAC;EACH;EACA,OAAOR,aAAa,CAACvC,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPApC,OAAA,CAAAS,0BAAA,GAAAA,0BAAA;AAQA,MAAMkD,0BAA0B,GAAG,MAAAyB,KAAA,IAQZ;EAAA,IARmB;IACxCxB,KAAK;IACLL,mBAAmB;IACnBf;EAKF,CAAC,GAAA4C,KAAA;EACC,MAAM;IAAEC;EAAI,CAAC,GAAG,MAAM7C,gBAAgB,CAAC8C,YAAY,CAAC,CAAC;EAErD,OAAO,IAAIC,yBAAO,CAAC/C,gBAAgB,CAAC,CACjCgD,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVJ;EACF,CAAC,CAAC,CACDK,UAAU,CAAC;IACV;AACN;AACA;AACA;AACA;IACM,IAAI9B,KAAK,GAAG;MAAEA;IAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B+B,QAAQ,EAAEpC,mBAAmB,CAACqC,MAAM,CAClC,CAACD,QAAQ,EAAAE,KAAA;MAAA,IAAE;QAAEC,YAAY;QAAEC;MAAQ,CAAC,GAAAF,KAAA;MAAA,OAAM;QACxC,GAAGF,QAAQ;QACX,CAACG,YAAY,GAAGC;MAClB,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC"}

package/lib/commonjs/credential/issuance/05-authorize-access.js CHANGED Viewed

@@ -9,7 +9,6 @@ var _dpop = require("../../utils/dpop");
 var _uuid = require("uuid");
 var _pop = require("../../utils/pop");
 var WalletInstanceAttestation = _interopRequireWildcard(require("../../wallet-instance-attestation"));
-var _const = require("./const");
 var _types = require("./types");
 var _errors = require("../../utils/errors");
 var _logging = require("../../utils/logging");
@@ -33,16 +32,14 @@ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj &&
  * @throws {IssuerResponseError} with a specific code for more context
  * @return The token response containing the access token along with the token request signed with DPoP which has to be used in the {@link obtainCredential} step.
  */
-const authorizeAccess = async (issuerConf, code, clientId, redirectUri, codeVerifier, context) => {
+const authorizeAccess = async (issuerConf, code, _, redirectUri, codeVerifier, context) => {
   const {
     appFetch = fetch,
     walletInstanceAttestation,
     wiaCryptoContext,
     dPopCryptoContext
   } = context;
-  const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
-  const parUrl = new URL(parEndpoint);
-  const aud = `${parUrl.protocol}//${parUrl.hostname}`;
+  const aud = issuerConf.openid_credential_issuer.credential_issuer;
   const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
   const tokenUrl = issuerConf.oauth_authorization_server.token_endpoint;
   const tokenRequestSignedDPop = await (0, _dpop.createDPopToken)({
@@ -59,12 +56,9 @@ const authorizeAccess = async (issuerConf, code, clientId, redirectUri, codeVeri
   _logging.Logger.log(_logging.LogLevel.DEBUG, `WIA DPoP token: ${signedWiaPoP}`);
   const requestBody = {
     grant_type: "authorization_code",
-    client_id: clientId,
     code,
-    redirect_uri: redirectUri,
     code_verifier: codeVerifier,
-    client_assertion_type: _const.ASSERTION_TYPE,
-    client_assertion: walletInstanceAttestation + "~" + signedWiaPoP
+    redirect_uri: redirectUri
   };
   const authorizationRequestFormBody = new URLSearchParams(requestBody);
   _logging.Logger.log(_logging.LogLevel.DEBUG, `Auth form request body: ${authorizationRequestFormBody}`);
@@ -72,7 +66,9 @@ const authorizeAccess = async (issuerConf, code, clientId, redirectUri, codeVeri
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded",
-      DPoP: tokenRequestSignedDPop
+      DPoP: tokenRequestSignedDPop,
+      "OAuth-Client-Attestation": walletInstanceAttestation,
+      "OAuth-Client-Attestation-PoP": signedWiaPoP
     },
     body: authorizationRequestFormBody.toString()
   }).then((0, _misc.hasStatusOrThrow)(200, _errors.IssuerResponseError)).then(res => res.json()).then(body => _types.TokenResponse.safeParse(body));

package/lib/commonjs/credential/issuance/05-authorize-access.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_misc","require","_dpop","_uuid","_pop","WalletInstanceAttestation","_interopRequireWildcard","~~_const","~~_types","_errors","_logging","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","authorizeAccess","issuerConf","code","~~clientId~~","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","~~parEndpoint","oauth_authorization_server","pushed_authorization_request_endpoint","parUrl","URL","~~aud","~~protocol~~","~~hostname~~","iss","decode","payload","cnf","jwk","kid","tokenUrl","token_endpoint","tokenRequestSignedDPop","createDPopToken","htm","htu","jti","uuidv4","Logger","log","LogLevel","DEBUG","signedWiaPoP","createPopToken","requestBody","grant_type","~~client_id~~","redirect_uri","~~code_verifier","client_assertion_type","ASSERTION_TYPE","client_assertion","~~authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","hasStatusOrThrow","IssuerResponseError","res","json","TokenResponse","safeParse","success","ERROR","error","message","ValidationFailed","reason","accessToken","data","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAGA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,IAAA,GAAAH,OAAA;AACA,IAAAI,yBAAA,GAAAC,uBAAA,CAAAL,OAAA;AAEA,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,~~MAAA~~,GAAAP,OAAA;~~AACA~~,IAAAQ,~~OAAA~~,GAAAR,OAAA;~~AAEA,IAAAS,QAAA,GAAAT,OAAA;~~AAAuD,~~SAAAU~~,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,~~SAAAN~~,~~wBAAAU~~,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAgBvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMW,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,~~QAAQ~~,~~EACRC~~,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;~~EAEX~~,MAAMM,~~WAAW~~,~~GACfX~~,UAAU,CAACY,~~0BAA0B~~,CAACC,~~qCAAqC~~;~~EAC7E~~,MAAMC,~~MAAM,~~GAAG,~~IAAIC~~,~~GAAG,CAACJ,WAAW,CAAC;EACnC,MAAMK,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAGhD,~~yBAAyB,~~CAACiD~~,MAAM,~~CAACZ~~,yBAAyB,CAAC,~~CACpEa~~,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,~~GAAGzB~~,UAAU,~~CAACY~~,0BAA0B,~~CAACc~~,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAM,IAAAC,qBAAe,EAClD;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,~~EAAEL~~,QAAQ;~~IACbM~~,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE;EACnB,CAAC,~~EACDtB~~,iBACF,CAAC;~~EAEDuB~~,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,uBAAsBT,sBAAuB,EAAC,CAAC;EAE3E,MAAMU,YAAY,GAAG,MAAM,IAAAC,mBAAc,EACvC;IACEP,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;~~IAClBhB~~,GAAG;IACHG;EACF,CAAC,~~EACDV~~,gBACF,CAAC;~~EAEDwB~~,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,mBAAkBC,YAAa,EAAC,CAAC;EAE7D,MAAME,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;~~IAChCC~~,~~SAAS,EAAEvC,QAAQ;IACnBD,~~IAAI;~~IACJyC~~,~~YAAY,EAAEvC,WAAW;IACzBwC,~~aAAa,~~EAAEvC~~,YAAY;~~IAC3BwC~~,~~qBAAqB~~,~~EAAEC,qBAAc~~;~~IACrCC~~,~~gBAAgB,EAAEtC,yBAAyB,GAAG,GAAG,GAAG6B;EACtD,~~CAAC;EAED,~~MAAMU~~,4BAA4B,GAAG,IAAIC,eAAe,~~CAACT~~,WAAW,CAAC;EAErEN,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,~~2BAA0BW~~,4BAA6B,EAC1D,CAAC;EAED,MAAME,QAAQ,GAAG,~~MAAM3C~~,QAAQ,~~CAACmB~~,QAAQ,EAAE;~~IACxCyB~~,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,~~EAAEzB~~;~~IACR~~,CAAC;~~IACD0B~~,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAEF,IAAI,IAAKO,oBAAa,CAACC,SAAS,CAACR,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACa,OAAO,EAAE;~~IACrB7B~~,eAAM,CAACC,GAAG,CACRC,iBAAQ,~~CAAC4B~~,KAAK,EACb,qCAAoCd,QAAQ,CAACe,KAAK,CAACC,OAAQ,EAC9D,CAAC;IAED,MAAM,IAAIC,wBAAgB,CAAC;MACzBD,OAAO,EAAE,kCAAkC;MAC3CE,MAAM,EAAElB,QAAQ,CAACe,KAAK,CAACC;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEG,WAAW,EAAEnB,QAAQ,CAACoB;EAAK,CAAC;AACvC,CAAC;AAACC,OAAA,~~CAAAvE~~,eAAA,GAAAA,eAAA"}
1	+ {"version":3,"names":["_misc","require","_dpop","_uuid","_pop","WalletInstanceAttestation","_interopRequireWildcard","_types","_errors","_logging","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","authorizeAccess","issuerConf","code","_","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","aud","openid_credential_issuer","credential_issuer","iss","decode","payload","cnf","jwk","kid","tokenUrl","oauth_authorization_server","token_endpoint","tokenRequestSignedDPop","createDPopToken","htm","htu","jti","uuidv4","Logger","log","LogLevel","DEBUG","signedWiaPoP","createPopToken","requestBody","grant_type","code_verifier","redirect_uri","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","hasStatusOrThrow","IssuerResponseError","res","json","TokenResponse","safeParse","success","ERROR","error","message","ValidationFailed","reason","accessToken","data","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAGA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,IAAA,GAAAH,OAAA;AACA,IAAAI,yBAAA,GAAAC,uBAAA,CAAAL,OAAA;AAEA,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AAEA,IAAAQ,QAAA,GAAAR,OAAA;AAAuD,SAAAS,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAgBvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMW,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,CAAC,EACDC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EACX,MAAMM,GAAG,GAAGX,UAAU,CAACY,wBAAwB,CAACC,iBAAiB;EACjE,MAAMC,GAAG,GAAG1C,yBAAyB,CAAC2C,MAAM,CAACP,yBAAyB,CAAC,CACpEQ,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGpB,UAAU,CAACqB,0BAA0B,CAACC,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAM,IAAAC,qBAAe,EAClD;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEN,QAAQ;IACbO,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE;EACnB,CAAC,EACDlB,iBACF,CAAC;EAEDmB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,uBAAsBT,sBAAuB,EAAC,CAAC;EAE3E,MAAMU,YAAY,GAAG,MAAM,IAAAC,mBAAc,EACvC;IACEP,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;IAClBjB,GAAG;IACHG;EACF,CAAC,EACDL,gBACF,CAAC;EAEDoB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,mBAAkBC,YAAa,EAAC,CAAC;EAE7D,MAAME,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCnC,IAAI;IACJoC,aAAa,EAAEjC,YAAY;IAC3BkC,YAAY,EAAEnC;EAChB,CAAC;EAED,MAAMoC,4BAA4B,GAAG,IAAIC,eAAe,CAACL,WAAW,CAAC;EAErEN,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0BO,4BAA6B,EAC1D,CAAC;EAED,MAAME,QAAQ,GAAG,MAAMnC,QAAQ,CAACc,QAAQ,EAAE;IACxCsB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAErB,sBAAsB;MAC5B,0BAA0B,EAAEf,yBAAyB;MACrD,8BAA8B,EAAEyB;IAClC,CAAC;IACDY,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAEF,IAAI,IAAKO,oBAAa,CAACC,SAAS,CAACR,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACa,OAAO,EAAE;IACrBzB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACwB,KAAK,EACb,qCAAoCd,QAAQ,CAACe,KAAK,CAACC,OAAQ,EAC9D,CAAC;IAED,MAAM,IAAIC,wBAAgB,CAAC;MACzBD,OAAO,EAAE,kCAAkC;MAC3CE,MAAM,EAAElB,QAAQ,CAACe,KAAK,CAACC;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEG,WAAW,EAAEnB,QAAQ,CAACoB;EAAK,CAAC;AACvC,CAAC;AAACC,OAAA,CAAA/D,eAAA,GAAAA,eAAA"}

package/lib/commonjs/credential/issuance/06-obtain-credential.js CHANGED Viewed

@@ -30,11 +30,11 @@ const createNonceProof = async (nonce, issuer, audience, ctx) => {
  * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
  * @param accessToken The access token response returned by {@link authorizeAccess}
  * @param clientId The client id returned by {@link startUserAuthorization}
- * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link startUserAuthorization}
- * @param tokenRequestSignedDPop The DPoP signed token request returned by {@link authorizeAccess}
+ * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link authorizeAccess}
  * @param context.credentialCryptoContext The crypto context used to obtain the credential
  * @param context.dPopCryptoContext The DPoP crypto context
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @param operationType Specify the type of credential issuance (used for reissuing)
  * @returns The credential response containing the credential
  */
 exports.createNonceProof = createNonceProof;
@@ -44,18 +44,34 @@ const obtainCredential = async (issuerConf, accessToken, clientId, credentialDef
     appFetch = fetch,
     dPopCryptoContext
   } = context;
+  const {
+    credential_configuration_id,
+    credential_identifier
+  } = credentialDefinition;
   const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
+  const issuerUrl = issuerConf.oauth_authorization_server.issuer;
+  const nonceUrl = issuerConf.openid_credential_issuer.nonce_endpoint;
+  // Fetch the nonce from the Credential Issuer
+  const {
+    c_nonce
+  } = await appFetch(nonceUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    }
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(body => _types.NonceResponse.parse(body));
   /**
    * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
    * This is presented along with the access token to the Credential Endpoint as proof of possession of the private key used to sign the Access Token.
    * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
    */
-  const signedNonceProof = await createNonceProof(accessToken.c_nonce, clientId, credentialUrl, credentialCryptoContext);
+  const signedNonceProof = await createNonceProof(c_nonce, clientId, issuerUrl, credentialCryptoContext);
   _logging.Logger.log(_logging.LogLevel.DEBUG, `Signed nonce proof: ${signedNonceProof}`);
   // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
-  const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credentialDefinition.credential_configuration_id && c.format === credentialDefinition.format && c.type === credentialDefinition.type);
+  const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credential_configuration_id && (credential_identifier ? c.credential_identifiers.includes(credential_identifier) : true));
   if (!containsCredentialDefinition) {
     _logging.Logger.log(_logging.LogLevel.ERROR, `Credential definition not found in the access token response ${accessToken.authorization_details}`);
     throw new _errors.ValidationFailed({
@@ -63,12 +79,20 @@ const obtainCredential = async (issuerConf, accessToken, clientId, credentialDef
     });
   }
-  /** The credential request body */
-  const credentialRequestFormBody = {
-    credential_definition: {
-      type: [credentialDefinition.credential_configuration_id]
-    },
-    format: credentialDefinition.format,
+  /**
+   * The credential request body.
+   * We accept both `credential_identifier` (recommended) and `credential_configuration_id`
+   * when the Authorization Server does not support `credential_identifier`.
+   * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#section-3.3.4
+   */
+  const credentialRequestFormBody = credential_identifier ? {
+    credential_identifier: credential_identifier,
+    proof: {
+      jwt: signedNonceProof,
+      proof_type: "jwt"
+    }
+  } : {
+    credential_configuration_id: credential_configuration_id,
     proof: {
       jwt: signedNonceProof,
       proof_type: "jwt"
@@ -102,7 +126,15 @@ const obtainCredential = async (issuerConf, accessToken, clientId, credentialDef
     });
   }
   _logging.Logger.log(_logging.LogLevel.DEBUG, `Credential Response: ${JSON.stringify(credentialRes.data)}`);
-  return credentialRes.data;
+  // Extract the format corresponding to the credential_configuration_id used
+  const issuerCredentialConfig = issuerConf.openid_credential_issuer.credential_configurations_supported[credential_configuration_id];
+  // TODO: [SIW-2264] Handle multiple credentials
+  return {
+    credential: credentialRes.data.credentials.at(0).credential,
+    format: issuerCredentialConfig.format
+  };
 };
 /**

package/lib/commonjs/credential/issuance/06-obtain-credential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_ioReactNativeJwt","require","_misc","_errors","_types","_dpop","_uuid","_logging","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","SignJWT","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","operationType","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credentialUrl","openid_credential_issuer","credential_endpoint","~~signedNonceProof~~","c_nonce","Logger","log","LogLevel","DEBUG","containsCredentialDefinition","authorization_details","some","c","~~credential_configuration_id~~","~~format~~","~~type","~~ERROR","ValidationFailed","message","credentialRequestFormBody","~~credential_definition","~~proof","jwt","proof_type","JSON","stringify","tokenRequestSignedDPop","createDPopToken","htm","htu","jti","uuidv4","ath","sha256ToBase64","access_token","credentialRes","~~method~~","~~headers~~","~~DPoP~~","~~Authorization~~","~~token_type~~","~~body~~","~~then~~","~~hasStatusOrThrow~~","~~res~~","~~json~~","~~CredentialResponse~~","~~safeParse~~","~~catch~~","~~handleObtainCredentialError~~","~~success~~","~~error~~","~~reason~~","~~data","~~e","UnexpectedStatusCodeError","ResponseErrorBuilder","IssuerResponseError","handle","code","IssuerResponseErrorCodes","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAOA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,OAAA,GAAAF,OAAA;AAOA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AACA,IAAAM,QAAA,GAAAN,OAAA;~~AAeO~~,MAAMO,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIC,yBAAO,CAACH,GAAG,CAAC,CACpBI,UAAU,CAAC;IACVP;EACF,CAAC,CAAC,CACDQ,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BL;EACF,CAAC,CAAC,CACDM,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAgBO,MAAMiB,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,EACPC,aAAa,KACV;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGL,OAAO;~~EAEX~~,~~MAAMM~~,aAAa,~~GAAGV~~,UAAU,~~CAACW~~,wBAAwB,CAACC,mBAAmB;;~~EAE7E~~;AACF;AACA;AACA;AACA;EACE,~~MAAMC~~,gBAAgB,GAAG,MAAM/B,gBAAgB,~~CAC7CmB~~,~~WAAW,CAACa,~~OAAO,~~EACnBZ~~,QAAQ,~~EACRQ~~,~~aAAa~~,~~EACbJ~~,uBACF,CAAC;~~EAEDS~~,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,~~uBAAsBL~~,gBAAiB,EAAC,CAAC;;EAErE;EACA,~~MAAMM~~,4BAA4B,~~GAAGlB~~,WAAW,~~CAACmB~~,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,~~CAACC~~,2BAA2B,~~KAC3BpB~~,~~oBAAoB~~,~~CAACoB~~,~~2BAA2B~~,~~IAClDD~~,CAAC,~~CAACE~~,~~MAAM~~,~~KAAKrB~~,~~oBAAoB~~,~~CAACqB~~,~~MAAM~~,~~IACxCF,~~CAAC,~~CAACG~~,IAAI,~~KAAKtB~~,~~oBAAoB,CAACsB,IACpC,~~CAAC;EAED,IAAI,~~CAACN~~,4BAA4B,EAAE;IACjCJ,eAAM,CAACC,GAAG,CACRC,iBAAQ,~~CAACS~~,KAAK,EACb,gEAA+~~DzB~~,WAAW,~~CAACmB~~,qBAAsB,EACpG,CAAC;IACD,MAAM,~~IAAIO~~,wBAAgB,CAAC;MACzBC,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;~~EACA~~,MAAMC,yBAAyB,~~GAAG~~;~~IAChCC~~,qBAAqB,~~EAAE~~;~~MACrBL~~,~~IAAI~~,EAAE,~~CAACtB~~,~~oBAAoB~~,~~CAACoB~~,~~2BAA2B~~;~~IACzD~~,CAAC;~~IACDC~~,~~MAAM~~,~~EAAErB~~,~~oBAAoB,CAACqB,MAAM~~;~~IACnCO~~,KAAK,EAAE;~~MACLC~~,GAAG,~~EAAEnB~~,gBAAgB;~~MACrBoB~~,UAAU,EAAE;~~IACd~~;~~EACF~~,CAAC;~~EAEDlB~~,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,~~4BAA2BgB~~,IAAI,CAACC,SAAS,~~CAACN~~,yBAAyB,CAAE,EACxE,CAAC;EAED,~~MAAMO~~,sBAAsB,GAAG,MAAM,IAAAC,qBAAe,EAClD;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,~~EAAE7B~~,aAAa;~~IAClB8B~~,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;IAClBC,GAAG,EAAE,MAAM,IAAAC,gCAAc,~~EAAC1C~~,WAAW,~~CAAC2C~~,YAAY;EACpD,CAAC,~~EACDnC~~,iBACF,CAAC;~~EAEDM~~,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,~~uBAAsBkB~~,sBAAuB,EAAC,CAAC;EAE3E,MAAMS,aAAa,GAAG,~~MAAMtC~~,QAAQ,~~CAACG~~,aAAa,EAAE;~~IAClDoC~~,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;~~MAClCC~~,IAAI,~~EAAEZ~~,sBAAsB;~~MAC5Ba~~,aAAa,EAAG,~~GAAEhD~~,WAAW,~~CAACiD~~,UAAW,~~IAAGjD~~,WAAW,~~CAAC2C~~,YAAa,EAAC;MACtE,~~IAAIvC~~,aAAa,KAAK,WAAW,IAAI;QAAEA;MAAc,CAAC;IACxD,CAAC;~~IACD8C~~,IAAI,~~EAAEjB~~,IAAI,CAACC,SAAS,~~CAACN~~,yBAAyB;EAChD,CAAC,CAAC,~~CACCuB~~,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,~~CAAED~~,IAAI,~~IAAKK~~,yBAAkB,CAACC,SAAS,~~CAACN~~,IAAI,CAAC,CAAC,~~CAClDO~~,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,~~CAACd~~,aAAa,~~CAACe~~,OAAO,EAAE;~~IAC1B7C~~,eAAM,CAACC,GAAG,CACRC,iBAAQ,~~CAACS~~,KAAK,EACb,~~0CAAyCmB~~,aAAa,~~CAACgB~~,KAAK,~~CAACjC~~,OAAQ,EACxE,CAAC;IACD,MAAM,IAAID,wBAAgB,CAAC;MACzBC,OAAO,EAAE,uCAAuC;~~MAChDkC~~,MAAM,~~EAAEjB~~,aAAa,~~CAACgB~~,KAAK,~~CAACjC~~;IAC9B,CAAC,CAAC;EACJ;~~EAEAb~~,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,~~wBAAuBgB~~,IAAI,CAACC,SAAS,CAACU,aAAa,~~CAACkB~~,IAAI,CAAE,EAC7D,CAAC;~~EAED~~,~~OAAOlB~~,aAAa,~~CAACkB~~,IAAI;~~AAC3B~~,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;~~AALAjE~~,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAMA,~~MAAM4D~~,2BAA2B,~~GAAIK~~,CAAU,IAAK;~~EAClDjD~~,eAAM,CAACC,GAAG,CAACC,iBAAQ,~~CAACS~~,KAAK,EAAG,~~8CAA6CsC~~,CAAE,EAAC,CAAC;EAE7E,IAAI,EAAEA,CAAC,YAAYC,iCAAyB,CAAC,EAAE;IAC7C,MAAMD,CAAC;EACT;EAEA,MAAM,IAAIE,4BAAoB,CAACC,2BAAmB,CAAC,CAChDC,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAEC,gCAAwB,CAACC,+BAA+B;~~IAC9D3C~~,OAAO,EACL;EACJ,CAAC,CAAC,~~CACDwC~~,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACE,uBAAuB;~~IACtD5C~~,OAAO,EAAE;EACX,CAAC,CAAC,~~CACDwC~~,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACE,uBAAuB;~~IACtD5C~~,OAAO,EAAE;EACX,CAAC,CAAC,~~CACDwC~~,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACG,uBAAuB;~~IACtD7C~~,OAAO,EAAE;EACX,CAAC,CAAC,~~CACD8C~~,SAAS,CAACV,CAAC,CAAC;AACjB,CAAC"}
1	+ {"version":3,"names":["_ioReactNativeJwt","require","_misc","_errors","_types","_dpop","_uuid","_logging","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","SignJWT","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","operationType","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credential_configuration_id","credential_identifier","credentialUrl","openid_credential_issuer","credential_endpoint","issuerUrl","oauth_authorization_server","nonceUrl","nonce_endpoint","c_nonce","method","headers","then","hasStatusOrThrow","res","json","body","NonceResponse","parse","signedNonceProof","Logger","log","LogLevel","DEBUG","containsCredentialDefinition","authorization_details","some","c","credential_identifiers","includes","ERROR","ValidationFailed","message","credentialRequestFormBody","proof","jwt","proof_type","JSON","stringify","tokenRequestSignedDPop","createDPopToken","htm","htu","jti","uuidv4","ath","sha256ToBase64","access_token","credentialRes","DPoP","Authorization","token_type","CredentialResponse","safeParse","catch","handleObtainCredentialError","success","error","reason","data","issuerCredentialConfig","credential_configurations_supported","credential","credentials","at","format","e","UnexpectedStatusCodeError","ResponseErrorBuilder","IssuerResponseError","handle","code","IssuerResponseErrorCodes","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAOA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,OAAA,GAAAF,OAAA;AAOA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AACA,IAAAM,QAAA,GAAAN,OAAA;AAqBO,MAAMO,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIC,yBAAO,CAACH,GAAG,CAAC,CACpBI,UAAU,CAAC;IACVP;EACF,CAAC,CAAC,CACDQ,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BL;EACF,CAAC,CAAC,CACDM,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAgBO,MAAMiB,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,EACPC,aAAa,KACV;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGL,OAAO;EACX,MAAM;IAAEM,2BAA2B;IAAEC;EAAsB,CAAC,GAC1DR,oBAAoB;EAEtB,MAAMS,aAAa,GAAGZ,UAAU,CAACa,wBAAwB,CAACC,mBAAmB;EAC7E,MAAMC,SAAS,GAAGf,UAAU,CAACgB,0BAA0B,CAAChC,MAAM;EAC9D,MAAMiC,QAAQ,GAAGjB,UAAU,CAACa,wBAAwB,CAACK,cAAc;;EAEnE;EACA,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMZ,QAAQ,CAACU,QAAQ,EAAE;IAC3CG,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MAAE,cAAc,EAAE;IAAmB;EAChD,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEI,IAAI,IAAKC,oBAAa,CAACC,KAAK,CAACF,IAAI,CAAC,CAAC;;EAE5C;AACF;AACA;AACA;AACA;EACE,MAAMG,gBAAgB,GAAG,MAAM/C,gBAAgB,CAC7CqC,OAAO,EACPjB,QAAQ,EACRa,SAAS,EACTT,uBACF,CAAC;EAEDwB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,uBAAsBJ,gBAAiB,EAAC,CAAC;;EAErE;EACA,MAAMK,4BAA4B,GAAGjC,WAAW,CAACkC,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAAC3B,2BAA2B,KAAKA,2BAA2B,KAC5DC,qBAAqB,GAClB0B,CAAC,CAACC,sBAAsB,CAACC,QAAQ,CAAC5B,qBAAqB,CAAC,GACxD,IAAI,CACZ,CAAC;EAED,IAAI,CAACuB,4BAA4B,EAAE;IACjCJ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACQ,KAAK,EACb,gEAA+DvC,WAAW,CAACkC,qBAAsB,EACpG,CAAC;IACD,MAAM,IAAIM,wBAAgB,CAAC;MACzBC,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;AACF;AACA;AACA;AACA;AACA;EACE,MAAMC,yBAAyB,GAAGhC,qBAAqB,GACnD;IACEA,qBAAqB,EAAEA,qBAAqB;IAC5CiC,KAAK,EAAE;MAAEC,GAAG,EAAEhB,gBAAgB;MAAEiB,UAAU,EAAE;IAAM;EACpD,CAAC,GACD;IACEpC,2BAA2B,EAAEA,2BAA2B;IACxDkC,KAAK,EAAE;MAAEC,GAAG,EAAEhB,gBAAgB;MAAEiB,UAAU,EAAE;IAAM;EACpD,CAAC;EAELhB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,4BAA2Bc,IAAI,CAACC,SAAS,CAACL,yBAAyB,CAAE,EACxE,CAAC;EAED,MAAMM,sBAAsB,GAAG,MAAM,IAAAC,qBAAe,EAClD;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAExC,aAAa;IAClByC,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;IAClBC,GAAG,EAAE,MAAM,IAAAC,gCAAc,EAACvD,WAAW,CAACwD,YAAY;EACpD,CAAC,EACDhD,iBACF,CAAC;EAEDqB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,uBAAsBgB,sBAAuB,EAAC,CAAC;EAE3E,MAAMS,aAAa,GAAG,MAAMnD,QAAQ,CAACK,aAAa,EAAE;IAClDQ,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCsC,IAAI,EAAEV,sBAAsB;MAC5BW,aAAa,EAAG,GAAE3D,WAAW,CAAC4D,UAAW,IAAG5D,WAAW,CAACwD,YAAa,EAAC;MACtE,IAAIpD,aAAa,KAAK,WAAW,IAAI;QAAEA;MAAc,CAAC;IACxD,CAAC;IACDqB,IAAI,EAAEqB,IAAI,CAACC,SAAS,CAACL,yBAAyB;EAChD,CAAC,CAAC,CACCrB,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEI,IAAI,IAAKoC,yBAAkB,CAACC,SAAS,CAACrC,IAAI,CAAC,CAAC,CAClDsC,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACP,aAAa,CAACQ,OAAO,EAAE;IAC1BpC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACQ,KAAK,EACb,0CAAyCkB,aAAa,CAACS,KAAK,CAACzB,OAAQ,EACxE,CAAC;IACD,MAAM,IAAID,wBAAgB,CAAC;MACzBC,OAAO,EAAE,uCAAuC;MAChD0B,MAAM,EAAEV,aAAa,CAACS,KAAK,CAACzB;IAC9B,CAAC,CAAC;EACJ;EAEAZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,wBAAuBc,IAAI,CAACC,SAAS,CAACU,aAAa,CAACW,IAAI,CAAE,EAC7D,CAAC;;EAED;EACA,MAAMC,sBAAsB,GAC1BtE,UAAU,CAACa,wBAAwB,CAAC0D,mCAAmC,CACrE7D,2BAA2B,CAC5B;;EAEH;EACA,OAAO;IACL8D,UAAU,EAAEd,aAAa,CAACW,IAAI,CAACI,WAAW,CAACC,EAAE,CAAC,CAAC,CAAC,CAAEF,UAAU;IAC5DG,MAAM,EAAEL,sBAAsB,CAAEK;EAClC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALA7E,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAMA,MAAMkE,2BAA2B,GAAIW,CAAU,IAAK;EAClD9C,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACQ,KAAK,EAAG,8CAA6CoC,CAAE,EAAC,CAAC;EAE7E,IAAI,EAAEA,CAAC,YAAYC,iCAAyB,CAAC,EAAE;IAC7C,MAAMD,CAAC;EACT;EAEA,MAAM,IAAIE,4BAAoB,CAACC,2BAAmB,CAAC,CAChDC,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAEC,gCAAwB,CAACC,+BAA+B;IAC9DzC,OAAO,EACL;EACJ,CAAC,CAAC,CACDsC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACE,uBAAuB;IACtD1C,OAAO,EAAE;EACX,CAAC,CAAC,CACDsC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACE,uBAAuB;IACtD1C,OAAO,EAAE;EACX,CAAC,CAAC,CACDsC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACG,uBAAuB;IACtD3C,OAAO,EAAE;EACX,CAAC,CAAC,CACD4C,SAAS,CAACV,CAAC,CAAC;AACjB,CAAC"}