@pagopa/io-react-native-wallet 2.0.0-next.2 → 2.0.0-next.4

package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js

@@ -13,45 +13,39 @@ var _logging = require("../../utils/logging");
 
 // handy alias
 
-const parseCredentialSdJwt = function (credentials_supported, _ref) {
+const parseCredentialSdJwt = function (credentialConfig, _ref) {
   let {
     sdJwt,
     disclosures
   } = _ref;
   let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
   let includeUndefinedAttributes = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
-  const credentialSubject = credentials_supported[sdJwt.payload.vct];
-  if (!credentialSubject) {
-    _logging.Logger.log(_logging.LogLevel.ERROR, `Credential type not supported by the issuer: ${sdJwt.payload.vct}`);
-    throw new _errors.IoWalletError("Credential type not supported by the issuer");
-  }
-  if (credentialSubject.format !== sdJwt.header.typ) {
-    _logging.Logger.log(_logging.LogLevel.ERROR, `Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}'`);
-    throw new _errors.IoWalletError(`Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}', `);
+  if (credentialConfig.format !== sdJwt.header.typ) {
+    const message = `Received credential is of an unknwown type. Expected one of [${credentialConfig.format}], received '${sdJwt.header.typ}'`;
+    _logging.Logger.log(_logging.LogLevel.ERROR, message);
+    throw new _errors.IoWalletError(message);
   }
-
-  // transfrom a record { key: value } in an iterable of pairs [key, value]
-  if (!credentialSubject.claims) {
+  if (!credentialConfig.claims) {
     _logging.Logger.log(_logging.LogLevel.ERROR, "Missing claims in the credential subject");
     throw new _errors.IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
   }
 
-  const attrDefinitions = Object.entries(credentialSubject.claims);
+  const attrDefinitions = credentialConfig.claims;
 
   // the key of the attribute defintion must match the disclosure's name
-  const attrsNotInDisclosures = attrDefinitions.filter(_ref2 => {
-    let [attrKey] = _ref2;
-    return !disclosures.some(_ref3 => {
-      let [, name] = _ref3;
-      return name === attrKey;
-    });
-  });
+  const attrsNotInDisclosures = attrDefinitions.filter(definition => !disclosures.some(_ref2 => {
+    let [, name] = _ref2;
+    return name === definition.path[0];
+  }) // Ignore nested paths for now, see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#name-claims-path-pointer
+  );
+
   if (attrsNotInDisclosures.length > 0) {
-    const missing = attrsNotInDisclosures.map(_ => _[0 /* key */]).join(", ");
+    const missing = attrsNotInDisclosures.map(_ => _.path[0]).join(", ");
     const received = disclosures.map(_ => _[1 /* name */]).join(", ");
     if (!ignoreMissingAttributes) {
-      _logging.Logger.log(_logging.LogLevel.ERROR, `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
-      throw new _errors.IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
+      const message = `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`;
+      _logging.Logger.log(_logging.LogLevel.ERROR, message);
+      throw new _errors.IoWalletError(message);
     }
   }
 
@@ -59,28 +53,31 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
   // and are present in the disclosure set
   const definedValues = Object.fromEntries(attrDefinitions
   // retrieve the value from the disclosure set
-  .map(_ref4 => {
+  .map(_ref3 => {
     var _disclosures$find;
-    let [attrKey, definition] = _ref4;
-    return [attrKey, {
+    let {
+      path,
+      ...definition
+    } = _ref3;
+    return [path[0], {
       ...definition,
-      value: (_disclosures$find = disclosures.find(_ => _[1 /* name */] === attrKey)) === null || _disclosures$find === void 0 ? void 0 : _disclosures$find[2 /* value */]
+      value: (_disclosures$find = disclosures.find(_ => _[1 /* name */] === path[0])) === null || _disclosures$find === void 0 ? void 0 : _disclosures$find[2 /* value */]
     }];
   })
   // add a human readable attribute name, with i18n, in the form { locale: name }
   // example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
-  .map(_ref5 => {
+  .map(_ref4 => {
     let [attrKey, {
       display,
       ...definition
-    }] = _ref5;
+    }] = _ref4;
     return [attrKey, {
       ...definition,
-      name: display.reduce((names, _ref6) => {
+      name: display.reduce((names, _ref5) => {
         let {
           locale,
           name
-        } = _ref6;
+        } = _ref5;
         return {
           ...names,
           [locale]: name
@@ -91,8 +88,8 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
   if (includeUndefinedAttributes) {
     // attributes that are in the disclosure set
     // but are not defined in the issuer configuration
-    const undefinedValues = Object.fromEntries(disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
-      let [, key, value] = _ref7;
+    const undefinedValues = Object.fromEntries(disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref6 => {
+      let [, key, value] = _ref6;
       return [key, {
         value,
         name: key
@@ -129,23 +126,26 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
     cnf
   } = decodedCredential.sdJwt.payload;
   if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
-    _logging.Logger.log(_logging.LogLevel.ERROR, `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
-    throw new _errors.IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
+    const message = `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`;
+    _logging.Logger.log(_logging.LogLevel.ERROR, message);
+    throw new _errors.IoWalletError(message);
   }
   return decodedCredential;
 }
-
-// utility type that specialize VerifyAndParseCredential for given format
-
-const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) => {
+const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref7) => {
   let {
     credentialCryptoContext,
     ignoreMissingAttributes,
     includeUndefinedAttributes
-  } = _ref8;
+  } = _ref7;
   const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
   _logging.Logger.log(_logging.LogLevel.DEBUG, `Decoded credential: ${JSON.stringify(decoded)}`);
-  const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credential_configurations_supported, decoded, ignoreMissingAttributes, includeUndefinedAttributes);
+  const credentialConfig = issuerConf.openid_credential_issuer.credential_configurations_supported[credentialConfigurationId];
+  if (!credentialConfig) {
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Credential type not supported by the issuer: ${credentialConfigurationId}`);
+    throw new _errors.IoWalletError("Credential type not supported by the issuer");
+  }
+  const parsedCredential = parseCredentialSdJwt(credentialConfig, decoded, ignoreMissingAttributes, includeUndefinedAttributes);
   const maybeIssuedAt = (0, _converters.getValueFromDisclosures)(decoded.disclosures, "iat");
   _logging.Logger.log(_logging.LogLevel.DEBUG, `Parsed credential: ${JSON.stringify(parsedCredential)}\nIssued at: ${maybeIssuedAt}`);
   return {
@@ -159,7 +159,7 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
  * Verify and parse an encoded credential.
  * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
  * @param credential The encoded credential returned by {@link obtainCredential}
- * @param format The format of the credentual returned by {@link obtainCredential}
+ * @param credentialConfigurationId The credential configuration ID that defines the provided credential
  * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
  * @param context.ignoreMissingAttributes Skip error when attributes declared in the issuer configuration are not found within disclosures
  * @param context.includeUndefinedAttributes Include attributes not explicitly declared in the issuer configuration
@@ -168,13 +168,16 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
  * @throws {IoWalletError} If the credential is not bound to the provided user key
  * @throws {IoWalletError} If the credential data fail to parse
  */
-const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
-  if (format === "vc+sd-jwt") {
-    _logging.Logger.log(_logging.LogLevel.DEBUG, "Parsing credential in vc+sd-jwt format");
-    return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
+const verifyAndParseCredential = async (issuerConf, credential, credentialConfigurationId, context) => {
+  var _issuerConf$openid_cr;
+  const format = (_issuerConf$openid_cr = issuerConf.openid_credential_issuer.credential_configurations_supported[credentialConfigurationId]) === null || _issuerConf$openid_cr === void 0 ? void 0 : _issuerConf$openid_cr.format;
+  if (format === "dc+sd-jwt") {
+    _logging.Logger.log(_logging.LogLevel.DEBUG, "Parsing credential in dc+sd-jwt format");
+    return verifyAndParseCredentialSdJwt(issuerConf, credential, credentialConfigurationId, context);
   }
-  _logging.Logger.log(_logging.LogLevel.ERROR, `Unsupported credential format: ${format}`);
-  throw new _errors.IoWalletError(`Unsupported credential format: ${format}`);
+  const message = `Unsupported credential format: ${format}`;
+  _logging.Logger.log(_logging.LogLevel.ERROR, message);
+  throw new _errors.IoWalletError(message);
 };
 exports.verifyAndParseCredential = verifyAndParseCredential;
 //# sourceMappingURL=07-verify-and-parse-credential.js.map

package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["_errors","require","_types","_sdJwt","_converters","_logging","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","credentialSubject","payload","vct","Logger","log","LogLevel","ERROR","IoWalletError","format","header","typ","claims","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","DEBUG","JSON","stringify","parsedCredential","credential_configurations_supported","maybeIssuedAt","getValueFromDisclosures","expiration","Date","exp","issuedAt","verifyAndParseCredential","context","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,WAAA,GAAAH,OAAA;AAGA,IAAAI,QAAA,GAAAJ,OAAA;AAuBA;;AAkBA;;AAKA,MAAMK,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAgI,EAAAC,IAAA,EAI3G;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,iBAAiB,GAAGT,qBAAqB,CAACE,KAAK,CAACQ,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtBG,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,gDAA+Cb,KAAK,CAACQ,OAAO,CAACC,GAAI,EACpE,CAAC;IACD,MAAM,IAAIK,qBAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIP,iBAAiB,CAACQ,MAAM,KAAKf,KAAK,CAACgB,MAAM,CAACC,GAAG,EAAE;IACjDP,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,gEAA+DN,iBAAiB,CAACQ,MAAO,gBAAef,KAAK,CAACgB,MAAM,CAACC,GAAI,GAC3H,CAAC;IACD,MAAM,IAAIH,qBAAa,CACpB,gEAA+DP,iBAAiB,CAACQ,MAAO,gBAAef,KAAK,CAACgB,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,IAAI,CAACV,iBAAiB,CAACW,MAAM,EAAE;IAC7BR,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAE,0CAA0C,CAAC;IACtE,MAAM,IAAIC,qBAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAMK,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACd,iBAAiB,CAACW,MAAM,CAAC;;EAEhE;EACA,MAAMI,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAACvB,WAAW,CAACyB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAAClB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMyB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAGhC,WAAW,CAAC6B,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAAC9B,uBAAuB,EAAE;MAC5BQ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,4DAA2DgB,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;MACD,MAAM,IAAInB,qBAAa,CACpB,4DAA2De,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd,MAAM,CAACe,WAAW,CACtChB;EACE;EAAA,CACCW,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACZ,OAAO,EAAEa,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEX,OAAO,EACP;MACE,GAAGa,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEpC,WAAW,CAACuC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKN,OAC7B,CAAC,cAAAY,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAAChB,OAAO,EAAE;MAAEiB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEhB,OAAO,EACP;MACE,GAAGa,UAAU;MACbV,IAAI,EAAEc,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAElB;QAAK,CAAC,GAAAiB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGlB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAItB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMyC,eAAe,GAAG3B,MAAM,CAACe,WAAW,CACxClC,WAAW,CACRsB,MAAM,CAAEQ,CAAC,IAAK,CAACX,MAAM,CAAC4B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEZ,KAAK;QAAEX,IAAI,EAAEuB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGjB,aAAa;MAChB,GAAGa;IACL,CAAC;EACH;EAEA,OAAOb,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAekB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACO,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGP,iBAAiB,CAACxD,KAAK,CAACQ,OAAO;EAE/C,IAAI,CAACuD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKR,gBAAgB,CAACQ,GAAG,EAAE;IACxDvD,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,kDAAiD4C,gBAAgB,CAACQ,GAAI,UAAST,iBAAiB,CAACxD,KAAK,CAACQ,OAAO,CAACuD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;IACD,MAAM,IAAInD,qBAAa,CACpB,kDAAiD2C,gBAAgB,CAACQ,GAAI,UAAST,iBAAiB,CAACxD,KAAK,CAACQ,OAAO,CAACuD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOT,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMU,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVrC,CAAC,EAAAsC,KAAA,KAME;EAAA,IALH;IACEC,uBAAuB;IACvBpE,uBAAuB;IACvBI;EACF,CAAC,GAAA+D,KAAA;EAED,MAAME,OAAO,GAAG,MAAMnB,qBAAqB,CACzCgB,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACzB,IAAI,EAC7CsB,uBACF,CAAC;EAED5D,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAAC8D,KAAK,EAAG,uBAAsBC,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EAAC,CAAC;EAE5E,MAAMM,gBAAgB,GAAGhF,oBAAoB,CAC3CsE,UAAU,CAACK,wBAAwB,CAACM,mCAAmC,EACvEP,OAAO,EACPrE,uBAAuB,EACvBI,0BACF,CAAC;EACD,MAAMyE,aAAa,GAAG,IAAAC,mCAAuB,EAACT,OAAO,CAACtE,WAAW,EAAE,KAAK,CAAC;EAEzES,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC8D,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACC,gBAAgB,CAAE,gBAAeE,aAAc,EACtF,CAAC;EAED,OAAO;IACLF,gBAAgB;IAChBI,UAAU,EAAE,IAAIC,IAAI,CAACX,OAAO,CAACvE,KAAK,CAACQ,OAAO,CAAC2E,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOL,aAAa,KAAK,QAAQ,GAC7B,IAAIG,IAAI,CAACH,aAAa,GAAG,IAAI,CAAC,GAC9B1E;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMgF,wBAAkD,GAAG,MAAAA,CAChElB,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNuE,OAAO,KACJ;EACH,IAAIvE,MAAM,KAAK,WAAW,EAAE;IAC1BL,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAAC8D,KAAK,EAAE,wCAAwC,CAAC;IACpE,OAAOR,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNuE,OACF,CAAC;EACH;EAEA5E,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,kCAAiCE,MAAO,EAAC,CAAC;EACtE,MAAM,IAAID,qBAAa,CAAE,kCAAiCC,MAAO,EAAC,CAAC;AACrE,CAAC;AAACwE,OAAA,CAAAF,wBAAA,GAAAA,wBAAA"}
+{"version":3,"names":["_errors","require","_types","_sdJwt","_converters","_logging","parseCredentialSdJwt","credentialConfig","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","format","header","typ","message","Logger","log","LogLevel","ERROR","IoWalletError","claims","attrDefinitions","attrsNotInDisclosures","filter","definition","some","_ref2","name","path","missing","map","_","join","received","definedValues","Object","fromEntries","_ref3","_disclosures$find","value","find","_ref4","attrKey","display","reduce","names","_ref5","locale","undefinedValues","keys","includes","_ref6","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","getPublicKey","cnf","payload","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref7","credentialCryptoContext","decoded","openid_credential_issuer","jwks","DEBUG","JSON","stringify","credential_configurations_supported","parsedCredential","maybeIssuedAt","getValueFromDisclosures","expiration","Date","exp","issuedAt","verifyAndParseCredential","context","_issuerConf$openid_cr","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,WAAA,GAAAH,OAAA;AAGA,IAAAI,QAAA,GAAAJ,OAAA;AA2BA;;AAkBA;;AAKA,MAAMK,oBAAoB,GAAG,SAAAA,CAE3BC,gBAAgC,EAAAC,IAAA,EAIX;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,IAAIL,gBAAgB,CAACS,MAAM,KAAKP,KAAK,CAACQ,MAAM,CAACC,GAAG,EAAE;IAChD,MAAMC,OAAO,GAAI,gEAA+DZ,gBAAgB,CAACS,MAAO,gBAAeP,KAAK,CAACQ,MAAM,CAACC,GAAI,GAAE;IAC1IE,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;IACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;EAClC;EAEA,IAAI,CAACZ,gBAAgB,CAACkB,MAAM,EAAE;IAC5BL,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAE,0CAA0C,CAAC;IACtE,MAAM,IAAIC,qBAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAME,eAAe,GAAGnB,gBAAgB,CAACkB,MAAM;;EAE/C;EACA,MAAME,qBAAqB,GAAGD,eAAe,CAACE,MAAM,CACjDC,UAAU,IAAK,CAACnB,WAAW,CAACoB,IAAI,CAACC,KAAA;IAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,IAAI,KAAKH,UAAU,CAACI,IAAI,CAAC,CAAC,CAAC;EAAA,EAAC,CAAC;EAC/E,CAAC;;EACD,IAAIN,qBAAqB,CAACd,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMqB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACH,IAAI,CAAC,CAAC,CAAC,CAAC,CAACI,IAAI,CAAC,IAAI,CAAC;IACtE,MAAMC,QAAQ,GAAG5B,WAAW,CAACyB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAAC1B,uBAAuB,EAAE;MAC5B,MAAMQ,OAAO,GAAI,4DAA2De,OAAQ,iBAAgBI,QAAS,GAAE;MAC/GlB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;MACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;IAClC;EACF;;EAEA;EACA;EACA,MAAMoB,aAAa,GAAGC,MAAM,CAACC,WAAW,CACtCf;EACE;EAAA,CACCS,GAAG,CACFO,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC;MAAEV,IAAI;MAAE,GAAGJ;IAAW,CAAC,GAAAa,KAAA;IAAA,OACtB,CACET,IAAI,CAAC,CAAC,CAAC,EACP;MACE,GAAGJ,UAAU;MACbe,KAAK,GAAAD,iBAAA,GAAEjC,WAAW,CAACmC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKH,IAAI,CAAC,CAAC,CACnC,CAAC,cAAAU,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCR,GAAG,CACFW,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC,OAAO;MAAE,GAAGnB;IAAW,CAAC,CAAC,GAAAiB,KAAA;IAAA,OACpC,CACEC,OAAO,EACP;MACE,GAAGlB,UAAU;MACbG,IAAI,EAAEgB,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEpB;QAAK,CAAC,GAAAmB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGpB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAIjB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMsC,eAAe,GAAGb,MAAM,CAACC,WAAW,CACxC/B,WAAW,CACRkB,MAAM,CAAEQ,CAAC,IAAK,CAACI,MAAM,CAACc,IAAI,CAACf,aAAa,CAAC,CAACgB,QAAQ,CAACnB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACqB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEb,KAAK,CAAC,GAAAY,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEb,KAAK;QAAEZ,IAAI,EAAEyB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGlB,aAAa;MAChB,GAAGc;IACL,CAAC;EACH;EAEA,OAAOd,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAemB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACO,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGP,iBAAiB,CAACrD,KAAK,CAAC6D,OAAO;EAE/C,IAAI,CAACD,GAAG,CAACE,GAAG,CAACC,GAAG,IAAIH,GAAG,CAACE,GAAG,CAACC,GAAG,KAAKT,gBAAgB,CAACS,GAAG,EAAE;IACxD,MAAMrD,OAAO,GAAI,kDAAiD4C,gBAAgB,CAACS,GAAI,UAASV,iBAAiB,CAACrD,KAAK,CAAC6D,OAAO,CAACD,GAAG,CAACE,GAAG,CAACC,GAAI,EAAC;IAC7IpD,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;IACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;EAClC;EAEA,OAAO2C,iBAAiB;AAC1B;AAEA,MAAMW,6BAAuD,GAAG,MAAAA,CAC9DC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,KAAA,KAMtB;EAAA,IALH;IACEC,uBAAuB;IACvBnE,uBAAuB;IACvBI;EACF,CAAC,GAAA8D,KAAA;EAED,MAAME,OAAO,GAAG,MAAMrB,qBAAqB,CACzCiB,UAAU,EACVD,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAAC3B,IAAI,EAC7CwB,uBACF,CAAC;EAED1D,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAAC4D,KAAK,EAAG,uBAAsBC,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EAAC,CAAC;EAE5E,MAAMxE,gBAAgB,GACpBmE,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B;EAEH,IAAI,CAACrE,gBAAgB,EAAE;IACrBa,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,gDAA+CqD,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAIpD,qBAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAM8D,gBAAgB,GAAGhF,oBAAoB,CAC3CC,gBAAgB,EAChBwE,OAAO,EACPpE,uBAAuB,EACvBI,0BACF,CAAC;EACD,MAAMwE,aAAa,GAAG,IAAAC,mCAAuB,EAACT,OAAO,CAACrE,WAAW,EAAE,KAAK,CAAC;EAEzEU,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC4D,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACE,gBAAgB,CAAE,gBAAeC,aAAc,EACtF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBG,UAAU,EAAE,IAAIC,IAAI,CAACX,OAAO,CAACtE,KAAK,CAAC6D,OAAO,CAACqB,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOL,aAAa,KAAK,QAAQ,GAC7B,IAAIG,IAAI,CAACH,aAAa,GAAG,IAAI,CAAC,GAC9BzE;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAM+E,wBAAkD,GAAG,MAAAA,CAChEnB,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBkB,OAAO,KACJ;EAAA,IAAAC,qBAAA;EACH,MAAM/E,MAAM,IAAA+E,qBAAA,GACVrB,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B,cAAAmB,qBAAA,uBAFDA,qBAAA,CAEG/E,MAAM;EAEX,IAAIA,MAAM,KAAK,WAAW,EAAE;IAC1BI,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAAC4D,KAAK,EAAE,wCAAwC,CAAC;IACpE,OAAOT,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBkB,OACF,CAAC;EACH;EAEA,MAAM3E,OAAO,GAAI,kCAAiCH,MAAO,EAAC;EAC1DI,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;EACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;AAClC,CAAC;AAAC6E,OAAA,CAAAH,wBAAA,GAAAA,wBAAA"}

package/lib/commonjs/credential/issuance/README.md

@@ -6,7 +6,7 @@ There's a fork in the flow which is based on the type of the credential that is
 This is due to the fact that eID credentials require a different authorization flow than other credentials, which is accomplished by a strong authentication method like SPID or CIE.
 Credentials instead require a simpler authorization flow and they require other credentials to be presented in order to be issued.
 
-The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step.
+The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step. Available credentials are identified with a unique `credential_configuration_id`, that must be used when requesting authorization. The Authorization Server returns an array of **credential identifiers** that map to the `credential_configuration_id` provided: to obtain the credential, one of the credential identifiers (or all of them) must be requested to the credential endpoint.
 
 ## Sequence Diagram
 
@@ -96,17 +96,13 @@ const walletInstanceAttestation =
     appFetch,
   });
 
-const credentialType = "someCredential"; // Let's assume this is the credential type
-
-const eid = {
+const pid = {
   credential: "example",
   parsedCredential: "example"
   keyTag: "example";
-  credentialType: "eid";
+  credentialType: "PersonIdentificationData";
 };
 
-const eidCryptoContext = createCryptoContextFor(eid.keyTag);
-
 // Create credential crypto context
 const credentialKeyTag = uuidv4().toString();
 await generate(credentialKeyTag); // Let's assume this function generates a new hardware-backed key pair
@@ -115,22 +111,26 @@ const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
 // Start the issuance flow
 const startFlow: Credential.Issuance.StartFlow = () => ({
   issuerUrl: WALLET_EAA_PROVIDER_BASE_URL,
-  credentialType,
+  credentialId: "someCredentialId",
 });
 
-const { issuerUrl } = startFlow();
+const { issuerUrl, credentialId } = startFlow();
 
 // Evaluate issuer trust
 const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(issuerUrl);
 
 // Start user authorization
-const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
-  await Credential.Issuance.startUserAuthorization(issuerConf, credentialType, {
-    walletInstanceAttestation,
-    redirectUri,
-    wiaCryptoContext,
-    appFetch,
-  });
+const { issuerRequestUri, clientId, codeVerifier } =
+  await Credential.Issuance.startUserAuthorization(
+    issuerConf, 
+    [credentialId], 
+    {
+      walletInstanceAttestation,
+      redirectUri: REDIRECT_URI,
+      wiaCryptoContext,
+      appFetch,
+    }
+  );
 
 const requestObject =
   await Credential.Issuance.getRequestedCredentialToBePresented(
@@ -140,13 +140,12 @@ const requestObject =
     appFetch
   );
 
-// The app here should ask the user to confirm the required data contained in the requestObject
-
 // Complete the user authorization via form_post.jwt mode
 const { code } =
   await Credential.Issuance.completeUserAuthorizationWithFormPostJwtMode(
     requestObject,
-    { wiaCryptoContext, pidCryptoContext, pid, walletInstanceAttestation }
+    pid.credential,
+    { wiaCryptoContext, pidCryptoContext: createCryptoContextFor(pid.keyTag) }
   );
 
 // Generate the DPoP context which will be used for the whole issuance flow
@@ -157,7 +156,7 @@ const { accessToken } = await Credential.Issuance.authorizeAccess(
   issuerConf,
   code,
   clientId,
-  redirectUri,
+  redirectUri: REDIRECT_URI,
   codeVerifier,
   {
     walletInstanceAttestation,
@@ -167,12 +166,19 @@ const { accessToken } = await Credential.Issuance.authorizeAccess(
   }
 );
 
-// Obtain the credential
-const { credential, format } = await Credential.Issuance.obtainCredential(
+// For simplicity, in this example flow we work on a single credential.
+const { credential_configuration_id, credential_identifiers } =
+    accessToken.authorization_details[0]!;
+
+ // Obtain the credential
+const { credential } = await Credential.Issuance.obtainCredential(
   issuerConf,
   accessToken,
   clientId,
-  credentialDefinition,
+  {
+    credential_configuration_id,
+    credential_identifier: credential_identifiers[0],
+  },
   {
     credentialCryptoContext,
     dPopCryptoContext,
@@ -184,22 +190,29 @@ const { credential, format } = await Credential.Issuance.obtainCredential(
  * Parse and verify the credential. The ignoreMissingAttributes flag must be set to false or omitted in production.
  * WARNING: includeUndefinedAttributes should not be set to true in production in order to get only claims explicitly declared by the issuer.
  */
-const { parsedCredential } = await Credential.Issuance.verifyAndParseCredential(
-  issuerConf,
-  credential,
-  format,
-  {
-    credentialCryptoContext,
-    ignoreMissingAttributes: true,
-    includeUndefinedAttributes: false
-  }
-);
+const { parsedCredential } =
+  await Credential.Issuance.verifyAndParseCredential(
+    issuerConf,
+    credential,
+    credential_configuration_id,
+    { 
+      credentialCryptoContext, 
+      ignoreMissingAttributes: true,
+      includeUndefinedAttributes: false 
+    }
+  );
+
+const credentialType =
+  issuerConf.openid_credential_issuer.credential_configurations_supported[
+    credential_configuration_id
+  ].scope;
 
 return {
   parsedCredential,
   credential,
   keyTag: credentialKeyTag,
   credentialType,
+  credentialConfigurationId: credential_configuration_id,
 };
 ```
 
@@ -251,11 +264,10 @@ const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
 // Start the issuance flow
 const startFlow: Credential.Issuance.StartFlow = () => ({
   issuerUrl: WALLET_EID_PROVIDER_BASE_URL,
-  credentialType: "PersonIdentificationData",
-  appFetch,
+  credentialId: "dc_sd_jwt_PersonIdentificationData",
 });
 
-const { issuerUrl } = startFlow();
+const { issuerUrl, credentialId } = startFlow();
 
 // Evaluate issuer trust
 const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
@@ -265,12 +277,16 @@ const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
 
 // Start user authorization
 const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
-  await Credential.Issuance.startUserAuthorization(issuerConf, credentialType, {
-    walletInstanceAttestation,
-    redirectUri,
-    wiaCryptoContext,
-    appFetch,
-  });
+  await Credential.Issuance.startUserAuthorization(
+    issuerConf,
+    [credentialId], // Request authorization for one or more credentials
+    {
+      walletInstanceAttestation,
+      redirectUri,
+      wiaCryptoContext,
+      appFetch,
+    }
+  );
 
 // Complete the authorization process with query mode with the authorizationContext which opens the browser
 const { code } =
@@ -301,12 +317,27 @@ const { accessToken } = await Credential.Issuance.authorizeAccess(
   }
 );
 
+
+const [pidCredentialDefinition] = credentialDefinition;
+
+// Extract the credential_identifier(s) from the access token
+// For each one of them, a credential can be obtained by calling `obtainCredential`
+const { credential_configuration_id, credential_identifiers } =
+    accessToken.authorization_details.find(
+      (authDetails) =>
+        authDetails.credential_configuration_id ===
+        pidCredentialDefinition.credential_configuration_id
+    );
+
 // Obtain che eID credential
 const { credential, format } = await Credential.Issuance.obtainCredential(
   issuerConf,
   accessToken,
   clientId,
-  credentialDefinition,
+  {
+    credential_configuration_id,
+    credential_identifier: credential_identifiers.at(0),
+  },
   {
     credentialCryptoContext,
     dPopCryptoContext,
@@ -318,15 +349,16 @@ const { credential, format } = await Credential.Issuance.obtainCredential(
 const { parsedCredential, issuedAt, expiration } = await Credential.Issuance.verifyAndParseCredential(
   issuerConf,
   credential,
-  format,
+  credential_configuration_id,
   { credentialCryptoContext }
 );
 
 return {
   parsedCredential,
   credential,
+  credentialConfigurationId: credential_configuration_id
+  credentialType: "PersonIdentificationData",
   keyTag: credentialKeyTag,
-  credentialType,
   issuedAt,
   expiration
 };

package/lib/commonjs/credential/issuance/const.js

@@ -9,6 +9,6 @@ function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "functio
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
 exports.ASSERTION_TYPE = ASSERTION_TYPE;
-const SupportedCredentialFormat = z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
+const SupportedCredentialFormat = z.union([z.literal("dc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
 exports.SupportedCredentialFormat = SupportedCredentialFormat;
 //# sourceMappingURL=const.js.map

package/lib/commonjs/credential/issuance/types.js

@@ -3,26 +3,29 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.TokenResponse = exports.ResponseUriResultShape = exports.CredentialResponse = void 0;
-var _par = require("../../utils/par");
+exports.TokenResponse = exports.ResponseUriResultShape = exports.NonceResponse = exports.CredentialResponse = exports.AuthorizationDetail = void 0;
 var z = _interopRequireWildcard(require("zod"));
-var _const = require("./const");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+const AuthorizationDetail = z.object({
+  type: z.literal("openid_credential"),
+  credential_configuration_id: z.string(),
+  credential_identifiers: z.array(z.string())
+});
+exports.AuthorizationDetail = AuthorizationDetail;
 const TokenResponse = z.object({
   access_token: z.string(),
-  authorization_details: z.array(_par.AuthorizationDetail),
-  c_nonce: z.string(),
-  c_nonce_expires_in: z.number(),
+  refresh_token: z.string().optional(),
+  authorization_details: z.array(AuthorizationDetail),
   expires_in: z.number(),
   token_type: z.string()
 });
 exports.TokenResponse = TokenResponse;
 const CredentialResponse = z.object({
-  c_nonce: z.string(),
-  c_nonce_expires_in: z.number(),
-  credential: z.string(),
-  format: _const.SupportedCredentialFormat
+  credentials: z.array(z.object({
+    credential: z.string()
+  })),
+  notification_id: z.string().optional()
 });
 
 /**
@@ -33,4 +36,8 @@ const ResponseUriResultShape = z.object({
   redirect_uri: z.string()
 });
 exports.ResponseUriResultShape = ResponseUriResultShape;
+const NonceResponse = z.object({
+  c_nonce: z.string()
+});
+exports.NonceResponse = NonceResponse;
 //# sourceMappingURL=types.js.map

package/lib/commonjs/credential/issuance/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["_par","require","z","_interopRequireWildcard","_const","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","TokenResponse","object","access_token","string","authorization_details","array","AuthorizationDetail","c_nonce","c_nonce_expires_in","number","expires_in","token_type","exports","CredentialResponse","credential","format","SupportedCredentialFormat","ResponseUriResultShape","redirect_uri"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAAoD,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAI7C,MAAMW,aAAa,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EACpCC,YAAY,EAAE3B,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACxBC,qBAAqB,EAAE7B,CAAC,CAAC8B,KAAK,CAACC,wBAAmB,CAAC;EACnDC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACnBK,kBAAkB,EAAEjC,CAAC,CAACkC,MAAM,CAAC,CAAC;EAC9BC,UAAU,EAAEnC,CAAC,CAACkC,MAAM,CAAC,CAAC;EACtBE,UAAU,EAAEpC,CAAC,CAAC4B,MAAM,CAAC;AACvB,CAAC,CAAC;AAACS,OAAA,CAAAZ,aAAA,GAAAA,aAAA;AAII,MAAMa,kBAAkB,GAAGtC,CAAC,CAAC0B,MAAM,CAAC;EACzCM,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACnBK,kBAAkB,EAAEjC,CAAC,CAACkC,MAAM,CAAC,CAAC;EAC9BK,UAAU,EAAEvC,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACtBY,MAAM,EAAEC;AACV,CAAC,CAAC;;AAEF;AACA;AACA;AAFAJ,OAAA,CAAAC,kBAAA,GAAAA,kBAAA;AAGO,MAAMI,sBAAsB,GAAG1C,CAAC,CAAC0B,MAAM,CAAC;EAC7CiB,YAAY,EAAE3C,CAAC,CAAC4B,MAAM,CAAC;AACzB,CAAC,CAAC;AAACS,OAAA,CAAAK,sBAAA,GAAAA,sBAAA"}
+{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationDetail","object","type","literal","credential_configuration_id","string","credential_identifiers","array","exports","TokenResponse","access_token","refresh_token","optional","authorization_details","expires_in","number","token_type","CredentialResponse","credentials","credential","notification_id","ResponseUriResultShape","redirect_uri","NonceResponse","c_nonce"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGlB,MAAMW,mBAAmB,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EAC1CC,IAAI,EAAE3B,CAAC,CAAC4B,OAAO,CAAC,mBAAmB,CAAC;EACpCC,2BAA2B,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACvCC,sBAAsB,EAAE/B,CAAC,CAACgC,KAAK,CAAChC,CAAC,CAAC8B,MAAM,CAAC,CAAC;AAC5C,CAAC,CAAC;AAACG,OAAA,CAAAR,mBAAA,GAAAA,mBAAA;AAII,MAAMS,aAAa,GAAGlC,CAAC,CAAC0B,MAAM,CAAC;EACpCS,YAAY,EAAEnC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACxBM,aAAa,EAAEpC,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC,CAAC;EACpCC,qBAAqB,EAAEtC,CAAC,CAACgC,KAAK,CAACP,mBAAmB,CAAC;EACnDc,UAAU,EAAEvC,CAAC,CAACwC,MAAM,CAAC,CAAC;EACtBC,UAAU,EAAEzC,CAAC,CAAC8B,MAAM,CAAC;AACvB,CAAC,CAAC;AAACG,OAAA,CAAAC,aAAA,GAAAA,aAAA;AAII,MAAMQ,kBAAkB,GAAG1C,CAAC,CAAC0B,MAAM,CAAC;EACzCiB,WAAW,EAAE3C,CAAC,CAACgC,KAAK,CAClBhC,CAAC,CAAC0B,MAAM,CAAC;IACPkB,UAAU,EAAE5C,CAAC,CAAC8B,MAAM,CAAC;EACvB,CAAC,CACH,CAAC;EACDe,eAAe,EAAE7C,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AACvC,CAAC,CAAC;;AAEF;AACA;AACA;AAFAJ,OAAA,CAAAS,kBAAA,GAAAA,kBAAA;AAGO,MAAMI,sBAAsB,GAAG9C,CAAC,CAAC0B,MAAM,CAAC;EAC7CqB,YAAY,EAAE/C,CAAC,CAAC8B,MAAM,CAAC;AACzB,CAAC,CAAC;AAACG,OAAA,CAAAa,sBAAA,GAAAA,sBAAA;AAKI,MAAME,aAAa,GAAGhD,CAAC,CAAC0B,MAAM,CAAC;EACpCuB,OAAO,EAAEjD,CAAC,CAAC8B,MAAM,CAAC;AACpB,CAAC,CAAC;AAACG,OAAA,CAAAe,aAAA,GAAAA,aAAA"}

package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js

@@ -7,7 +7,6 @@ exports.prepareRemotePresentations = exports.evaluateDcqlQuery = void 0;
 var _dcql = require("dcql");
 var _valibot = require("valibot");
 var _sdJwt = require("../../sd-jwt");
-var _crypto = require("../../utils/crypto");
 var _errors = require("./errors");
 /**
  * The purpose for the credential request by the RP.
@@ -23,11 +22,6 @@ const mapCredentialToObject = jwt => {
     disclosures
   } = (0, _sdJwt.decode)(jwt);
   const credentialFormat = sdJwt.header.typ;
-
-  // TODO [SIW-2082]: support MDOC credentials
-  if (credentialFormat !== "vc+sd-jwt") {
-    throw new Error(`Unsupported credential format: ${credentialFormat}`);
-  }
   return {
     vct: sdJwt.payload.vct,
     credential_format: credentialFormat,
@@ -64,7 +58,7 @@ const extractMissingCredentials = (queryResult, originalQuery) => {
     var _credential$meta;
     let [id] = _ref3;
     const credential = originalQuery.credentials.find(c => c.id === id);
-    if ((credential === null || credential === void 0 ? void 0 : credential.format) !== "vc+sd-jwt") {
+    if ((credential === null || credential === void 0 ? void 0 : credential.format) !== "dc+sd-jwt" && (credential === null || credential === void 0 ? void 0 : credential.format) !== "vc+sd-jwt") {
       throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
     }
 
@@ -96,7 +90,7 @@ const evaluateDcqlQuery = (credentialsSdJwt, query) => {
     return getDcqlQueryMatches(queryResult).map(_ref5 => {
       var _queryResult$credenti;
       let [id, match] = _ref5;
-      if (match.output.credential_format !== "vc+sd-jwt") {
+      if (match.output.credential_format !== "dc+sd-jwt" && match.output.credential_format !== "vc+sd-jwt") {
         throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
       }
 
@@ -114,12 +108,12 @@ const evaluateDcqlQuery = (credentialsSdJwt, query) => {
           required: Boolean(credentialSet.required)
         };
       });
-      const [keyTag, credential] = credentialsSdJwtByVct[vct];
+      const [cryptoContext, credential] = credentialsSdJwtByVct[vct];
       const requiredDisclosures = Object.values(claims);
       return {
         id,
         vct,
-        keyTag,
+        cryptoContext,
         credential,
         requiredDisclosures,
         // When it is a match but no credential_sets are found, the credential is required by default
@@ -148,12 +142,11 @@ const prepareRemotePresentations = async (credentials, nonce, clientId) => {
   return Promise.all(credentials.map(async item => {
     const {
       vp_token
-    } = await (0, _sdJwt.prepareVpToken)(nonce, clientId, [item.credential, item.requestedClaims, (0, _crypto.createCryptoContextFor)(item.keyTag)]);
+    } = await (0, _sdJwt.prepareVpToken)(nonce, clientId, [item.credential, item.requestedClaims, item.cryptoContext]);
     return {
       credentialId: item.id,
       requestedClaims: item.requestedClaims,
-      vpToken: vp_token,
-      format: "vc+sd-jwt"
+      vpToken: vp_token
     };
   }));
 };