@pagopa/io-react-native-wallet 2.0.0-next.3 → 2.0.0-next.5

package/src/credential/issuance/04-complete-user-authorization.ts

@@ -10,16 +10,16 @@ import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import {
   decode,
-  encodeBase64,
   SignJWT,
   type CryptoContext,
 } from "@pagopa/io-react-native-jwt";
-import { RequestObject } from "../presentation/types";
-import { v4 as uuidv4 } from "uuid";
+import { type RemotePresentation, RequestObject } from "../presentation/types";
 import { ResponseUriResultShape } from "./types";
 import { getJwtFromFormPost } from "../../utils/decoder";
 import { AuthorizationError, AuthorizationIdpError } from "./errors";
 import { LogLevel, Logger } from "../../utils/logging";
+import { Presentation } from "..";
+import type { DcqlQuery } from "dcql";
 
 /**
  * The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
@@ -30,11 +30,10 @@ export type CompleteUserAuthorizationWithQueryMode = (
 
 export type CompleteUserAuthorizationWithFormPostJwtMode = (
   requestObject: Out<GetRequestedCredentialToBePresented>,
+  pid: string,
   context: {
     wiaCryptoContext: CryptoContext;
     pidCryptoContext: CryptoContext;
-    pid: string;
-    walletInstanceAttestation: string;
     appFetch?: GlobalFetch["fetch"];
   }
 ) => Promise<AuthorizationResult>;
@@ -158,103 +157,54 @@ export const getRequestedCredentialToBePresented: GetRequestedCredentialToBePres
   };
 
 /**
- * WARNING: This function must be called after {@link startUserAuthorization}. The next function to be called is {@link completeUserAuthorizationWithFormPostJwtMode}.
+ * WARNING: This function must be called after {@link getRequestedCredentialToBePresented}. The next function to be called is {@link authorizeAccess}.
  * The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
- * It is used as a first step to complete the user authorization by obtaining the requested credential to be presented from the authorization server.
- * The information is obtained by performing a GET request to the authorization endpoint with request_uri and client_id parameters.
- * @param issuerRequestUri the URI of the issuer where the request is sent
- * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
- * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param context.walletInstanceAccestation the Wallet Instance's attestation to be presented
- * @param context.pid the PID to be presented
- * @param context.wiaCryptoContext The Wallet Instance's crypto context associated with the walletInstanceAttestation parameter
- * @param context.pidCryptoContext The PID crypto context associated with the pid parameter
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * The information is obtained by performing a POST request to the endpoint received in the response_uri field of the requestObject, where the Authorization Response payload is posted.
+ * Following this,the redirect_uri from the response is used to obtain the final authorization response.
+ * @param requestObject - The request object containing the necessary parameters for authorization.
+ * @param pid The `PID` that must be presented for the issuance of credentials.
+ * @param appFetch (optional) fetch api implementation. Default: built-in fetch
  * @throws {ValidationFailed} if an error while validating the response
  * @returns the authorization response which contains code, state and iss
  */
 export const completeUserAuthorizationWithFormPostJwtMode: CompleteUserAuthorizationWithFormPostJwtMode =
-  async (requestObject, ctx) => {
+  async (
+    requestObject,
+    pid,
+    { wiaCryptoContext, pidCryptoContext, appFetch = fetch }
+  ) => {
     Logger.log(
       LogLevel.DEBUG,
       `The requeste credential is not a PersonIdentificationData, completing the user authorization with form_post.jwt mode`
     );
 
-    const {
-      wiaCryptoContext,
-      pidCryptoContext,
-      pid,
-      walletInstanceAttestation,
-      appFetch = fetch,
-    } = ctx;
+    if (!requestObject.dcql_query) {
+      throw new Error("Invalid request object");
+    }
 
-    const wiaWpToken = await new SignJWT(wiaCryptoContext)
-      .setProtectedHeader({
-        alg: "ES256",
-        typ: "JWT",
-      })
-      .setPayload({
-        vp: walletInstanceAttestation,
-        jti: uuidv4().toString(),
-        nonce: requestObject.nonce,
-      })
-      .setIssuedAt()
-      .setExpirationTime("5m")
-      .setAudience(requestObject.response_uri)
-      .sign();
+    const dcqlQueryResult = Presentation.evaluateDcqlQuery(
+      [[pidCryptoContext, pid]],
+      requestObject.dcql_query as DcqlQuery
+    );
 
-    const pidWpToken = await new SignJWT(pidCryptoContext)
-      .setProtectedHeader({
-        alg: "ES256",
-        typ: "JWT",
+    const credentialsToPresent = dcqlQueryResult.map(
+      ({ requiredDisclosures, ...rest }) => ({
+        ...rest,
+        requestedClaims: requiredDisclosures.map(([, claimName]) => claimName),
       })
-      .setPayload({
-        vp: pid,
-        jti: uuidv4().toString(),
-        nonce: requestObject.nonce,
-      })
-      .setIssuedAt()
-      .setExpirationTime("5m")
-      .setAudience(requestObject.response_uri)
-      .sign();
-
-    Logger.log(
-      LogLevel.DEBUG,
-      `Wallet instance attestation JWT token: ${wiaWpToken}`
     );
 
-    /* The path parameter refers to the vp_token variable of the authzResponsePayload and must point to the plain credential which
-     * is cointaned in the `vp` property of the signed jwt token payload
-     */
-    const presentationSubmission = {
-      definition_id: `${uuidv4()}`,
-      id: `${uuidv4()}`,
-      descriptor_map: [
-        {
-          id: "PersonIdentificationData",
-          path: "$.vp_token[0].vp",
-          format: "vc+sd-jwt",
-        },
-        {
-          id: "WalletAttestation",
-          path: "$.vp_token[1].vp",
-          format: "jwt",
-        },
-      ],
-    };
-
-    Logger.log(
-      LogLevel.DEBUG,
-      `Presentation submission: ${JSON.stringify(presentationSubmission)}`
+    const remotePresentations = await Presentation.prepareRemotePresentations(
+      credentialsToPresent,
+      requestObject.nonce,
+      requestObject.client_id
     );
 
-    const authzResponsePayload = encodeBase64(
-      JSON.stringify({
-        state: requestObject.state,
-        presentation_submission: presentationSubmission,
-        vp_token: [pidWpToken, wiaWpToken],
-      })
-    );
+    const authzResponsePayload = await createAuthzResponsePayload({
+      state: requestObject.state,
+      remotePresentations,
+      wiaCryptoContext,
+    });
 
     Logger.log(
       LogLevel.DEBUG,
@@ -334,3 +284,47 @@ export const parseAuthorizationResponse = (
   }
   return authResParsed.data;
 };
+
+/**
+ * Creates the authorization response payload to be sent.
+ * This payload includes the state and the VP tokens for the presented credentials.
+ * The payload is encoded in Base64.
+ * @param state - The state parameter from the request object (optional).
+ * @param remotePresentations - An array of remote presentations containing credential IDs and their corresponding VP tokens.
+ * @returns The Base64 encoded authorization response payload.
+ */
+const createAuthzResponsePayload = async ({
+  state,
+  remotePresentations,
+  wiaCryptoContext,
+}: {
+  state?: string;
+  remotePresentations: RemotePresentation[];
+  wiaCryptoContext: CryptoContext;
+}): Promise<string> => {
+  const { kid } = await wiaCryptoContext.getPublicKey();
+
+  return new SignJWT(wiaCryptoContext)
+    .setProtectedHeader({
+      typ: "jwt",
+      kid,
+    })
+    .setPayload({
+      /**
+       * TODO [SIW-2264]: `state` coming from `requestObject` is marked as `optional`
+       * At the moment, it is not entirely clear whether this value can indeed be omitted
+       * and, if so, what the consequences of its absence might be.
+       */
+      ...(state ? { state } : {}),
+      vp_token: remotePresentations.reduce(
+        (vp_token, { credentialId, vpToken }) => ({
+          ...vp_token,
+          [credentialId]: vpToken,
+        }),
+        {}
+      ),
+    })
+    .setIssuedAt()
+    .setExpirationTime("1h")
+    .sign();
+};

package/src/credential/issuance/06-obtain-credential.ts

@@ -33,7 +33,10 @@ export type ObtainCredential = (
     appFetch?: GlobalFetch["fetch"];
   },
   operationType?: "reissuing"
-) => Promise<{ credential: string; format: string }>;
+) => Promise<{
+  credential: string;
+  format: string;
+}>;
 
 export const createNonceProof = async (
   nonce: string,

package/src/credential/issuance/07-verify-and-parse-credential.ts

@@ -2,12 +2,11 @@ import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 import type { Out } from "../../utils/misc";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import { IoWalletError } from "../../utils/errors";
-import { SdJwt4VC } from "../../sd-jwt/types";
-import { verify as verifySdJwt } from "../../sd-jwt";
+import { SdJwt4VC, verify as verifySdJwt } from "../../sd-jwt";
 import { getValueFromDisclosures } from "../../sd-jwt/converters";
-import type { JWK } from "../../utils/jwk";
+import { isSameThumbprint, type JWK } from "../../utils/jwk";
 import type { ObtainCredential } from "./06-obtain-credential";
-import { LogLevel, Logger } from "../../utils/logging";
+import { Logger, LogLevel } from "../../utils/logging";
 
 type IssuerConf = Out<EvaluateIssuerTrust>["issuerConf"];
 type CredentialConf =
@@ -169,8 +168,7 @@ async function verifyCredentialSdJwt(
     ]);
 
   const { cnf } = decodedCredential.sdJwt.payload;
-
-  if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
+  if (!(await isSameThumbprint(cnf.jwk, holderBindingKey as JWK))) {
     const message = `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`;
     Logger.log(LogLevel.ERROR, message);
     throw new IoWalletError(message);

package/src/credential/issuance/README.md

@@ -72,8 +72,6 @@ The expected result from the authentication process is in `form_post.jwt` format
   <summary>Credential issuance flow</summary>
 
 ```ts
-// TODO: [SIW-2209] update documentation in PR #219
-
 // Retrieve the integrity key tag from the store and create its context
 const integrityKeyTag = "example"; // Let's assume this is the key tag used to create the wallet instance
 const integrityContext = getIntegrityContext(integrityKeyTag);
@@ -98,17 +96,13 @@ const walletInstanceAttestation =
     appFetch,
   });
 
-const credentialType = "someCredential"; // Let's assume this is the credential type
-
-const eid = {
+const pid = {
   credential: "example",
   parsedCredential: "example"
   keyTag: "example";
-  credentialType: "eid";
+  credentialType: "PersonIdentificationData";
 };
 
-const eidCryptoContext = createCryptoContextFor(eid.keyTag);
-
 // Create credential crypto context
 const credentialKeyTag = uuidv4().toString();
 await generate(credentialKeyTag); // Let's assume this function generates a new hardware-backed key pair
@@ -117,22 +111,26 @@ const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
 // Start the issuance flow
 const startFlow: Credential.Issuance.StartFlow = () => ({
   issuerUrl: WALLET_EAA_PROVIDER_BASE_URL,
-  credentialType,
+  credentialId: "someCredentialId",
 });
 
-const { issuerUrl } = startFlow();
+const { issuerUrl, credentialId } = startFlow();
 
 // Evaluate issuer trust
 const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(issuerUrl);
 
 // Start user authorization
-const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
-  await Credential.Issuance.startUserAuthorization(issuerConf, credentialType, {
-    walletInstanceAttestation,
-    redirectUri,
-    wiaCryptoContext,
-    appFetch,
-  });
+const { issuerRequestUri, clientId, codeVerifier } =
+  await Credential.Issuance.startUserAuthorization(
+    issuerConf, 
+    [credentialId], 
+    {
+      walletInstanceAttestation,
+      redirectUri: REDIRECT_URI,
+      wiaCryptoContext,
+      appFetch,
+    }
+  );
 
 const requestObject =
   await Credential.Issuance.getRequestedCredentialToBePresented(
@@ -142,13 +140,12 @@ const requestObject =
     appFetch
   );
 
-// The app here should ask the user to confirm the required data contained in the requestObject
-
 // Complete the user authorization via form_post.jwt mode
 const { code } =
   await Credential.Issuance.completeUserAuthorizationWithFormPostJwtMode(
     requestObject,
-    { wiaCryptoContext, pidCryptoContext, pid, walletInstanceAttestation }
+    pid.credential,
+    { wiaCryptoContext, pidCryptoContext: createCryptoContextFor(pid.keyTag) }
   );
 
 // Generate the DPoP context which will be used for the whole issuance flow
@@ -159,7 +156,7 @@ const { accessToken } = await Credential.Issuance.authorizeAccess(
   issuerConf,
   code,
   clientId,
-  redirectUri,
+  redirectUri: REDIRECT_URI,
   codeVerifier,
   {
     walletInstanceAttestation,
@@ -169,12 +166,19 @@ const { accessToken } = await Credential.Issuance.authorizeAccess(
   }
 );
 
-// Obtain the credential
-const { credential, format } = await Credential.Issuance.obtainCredential(
+// For simplicity, in this example flow we work on a single credential.
+const { credential_configuration_id, credential_identifiers } =
+    accessToken.authorization_details[0]!;
+
+ // Obtain the credential
+const { credential } = await Credential.Issuance.obtainCredential(
   issuerConf,
   accessToken,
   clientId,
-  credentialDefinition,
+  {
+    credential_configuration_id,
+    credential_identifier: credential_identifiers[0],
+  },
   {
     credentialCryptoContext,
     dPopCryptoContext,
@@ -186,22 +190,29 @@ const { credential, format } = await Credential.Issuance.obtainCredential(
  * Parse and verify the credential. The ignoreMissingAttributes flag must be set to false or omitted in production.
  * WARNING: includeUndefinedAttributes should not be set to true in production in order to get only claims explicitly declared by the issuer.
  */
-const { parsedCredential } = await Credential.Issuance.verifyAndParseCredential(
-  issuerConf,
-  credential,
-  format,
-  {
-    credentialCryptoContext,
-    ignoreMissingAttributes: true,
-    includeUndefinedAttributes: false
-  }
-);
+const { parsedCredential } =
+  await Credential.Issuance.verifyAndParseCredential(
+    issuerConf,
+    credential,
+    credential_configuration_id,
+    { 
+      credentialCryptoContext, 
+      ignoreMissingAttributes: true,
+      includeUndefinedAttributes: false 
+    }
+  );
+
+const credentialType =
+  issuerConf.openid_credential_issuer.credential_configurations_supported[
+    credential_configuration_id
+  ].scope;
 
 return {
   parsedCredential,
   credential,
   keyTag: credentialKeyTag,
   credentialType,
+  credentialConfigurationId: credential_configuration_id,
 };
 ```
 

package/src/credential/issuance/types.ts

@@ -11,6 +11,7 @@ export type TokenResponse = z.infer<typeof TokenResponse>;
 
 export const TokenResponse = z.object({
   access_token: z.string(),
+  refresh_token: z.string().optional(),
   authorization_details: z.array(AuthorizationDetail),
   expires_in: z.number(),
   token_type: z.string(),

package/src/credential/presentation/07-evaluate-dcql-query.ts

@@ -2,9 +2,9 @@ import { DcqlQuery, DcqlError, DcqlQueryResult } from "dcql";
 import { isValiError } from "valibot";
 import { decode, prepareVpToken } from "../../sd-jwt";
 import type { Disclosure } from "../../sd-jwt/types";
-import { createCryptoContextFor } from "../../utils/crypto";
 import type { RemotePresentation } from "./types";
 import { CredentialsNotFoundError, type NotFoundDetail } from "./errors";
+import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 
 /**
  * The purpose for the credential request by the RP.
@@ -15,13 +15,13 @@ type CredentialPurpose = {
 };
 
 export type EvaluateDcqlQuery = (
-  credentialsSdJwt: [string /* keyTag */, string /* credential */][],
+  credentialsSdJwt: [CryptoContext, string /* credential */][],
   query: DcqlQuery.Input
 ) => {
   id: string;
   vct: string;
   credential: string;
-  keyTag: string;
+  cryptoContext: CryptoContext;
   requiredDisclosures: Disclosure[];
   purposes: CredentialPurpose[];
 }[];
@@ -30,7 +30,7 @@ export type PrepareRemotePresentations = (
   credentials: {
     id: string;
     credential: string;
-    keyTag: string;
+    cryptoContext: CryptoContext;
     requestedClaims: string[];
   }[],
   nonce: string,
@@ -55,11 +55,6 @@ const mapCredentialToObject = (jwt: string) => {
   const { sdJwt, disclosures } = decode(jwt);
   const credentialFormat = sdJwt.header.typ;
 
-  // TODO [SIW-2082]: support MDOC credentials
-  if (credentialFormat !== "dc+sd-jwt") {
-    throw new Error(`Unsupported credential format: ${credentialFormat}`);
-  }
-
   return {
     vct: sdJwt.payload.vct,
     credential_format: credentialFormat,
@@ -100,7 +95,10 @@ const extractMissingCredentials = (
 ): NotFoundDetail[] => {
   return getDcqlQueryFailedMatches(queryResult).map(([id]) => {
     const credential = originalQuery.credentials.find((c) => c.id === id);
-    if (credential?.format !== "dc+sd-jwt") {
+    if (
+      credential?.format !== "dc+sd-jwt" &&
+      credential?.format !== "vc+sd-jwt"
+    ) {
       throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
     }
     return { id, vctValues: credential.meta?.vct_values };
@@ -114,7 +112,6 @@ export const evaluateDcqlQuery: EvaluateDcqlQuery = (
   const credentials = credentialsSdJwt.map(([, credential]) =>
     mapCredentialToObject(credential)
   );
-
   try {
     // Validate the query
     const parsedQuery = DcqlQuery.parse(query);
@@ -131,11 +128,14 @@ export const evaluateDcqlQuery: EvaluateDcqlQuery = (
     // Build an object vct:credentialJwt to map matched credentials to their JWT
     const credentialsSdJwtByVct = credentials.reduce(
       (acc, c, i) => ({ ...acc, [c.vct]: credentialsSdJwt[i]! }),
-      {} as Record<string, [string /* keyTag */, string /* credential */]>
+      {} as Record<string, [CryptoContext, string /* credential */]>
     );
 
     return getDcqlQueryMatches(queryResult).map(([id, match]) => {
-      if (match.output.credential_format !== "dc+sd-jwt") {
+      if (
+        match.output.credential_format !== "dc+sd-jwt" &&
+        match.output.credential_format !== "vc+sd-jwt"
+      ) {
         throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
       }
       const { vct, claims } = match.output;
@@ -147,12 +147,12 @@ export const evaluateDcqlQuery: EvaluateDcqlQuery = (
           required: Boolean(credentialSet.required),
         }));
 
-      const [keyTag, credential] = credentialsSdJwtByVct[vct]!;
+      const [cryptoContext, credential] = credentialsSdJwtByVct[vct]!;
       const requiredDisclosures = Object.values(claims) as Disclosure[];
       return {
         id,
         vct,
-        keyTag,
+        cryptoContext,
         credential,
         requiredDisclosures,
         // When it is a match but no credential_sets are found, the credential is required by default
@@ -185,14 +185,13 @@ export const prepareRemotePresentations: PrepareRemotePresentations = async (
       const { vp_token } = await prepareVpToken(nonce, clientId, [
         item.credential,
         item.requestedClaims,
-        createCryptoContextFor(item.keyTag),
+        item.cryptoContext,
       ]);
 
       return {
         credentialId: item.id,
         requestedClaims: item.requestedClaims,
         vpToken: vp_token,
-        format: "dc+sd-jwt",
       };
     })
   );

package/src/credential/presentation/07-evaluate-input-descriptor.ts

@@ -1,10 +1,10 @@
 import { InputDescriptor, type LegacyRemotePresentation } from "./types";
 import { SdJwt4VC, type DisclosureWithEncoded } from "../../sd-jwt/types";
 import { decode, prepareVpToken } from "../../sd-jwt";
-import { createCryptoContextFor } from "../../utils/crypto";
 import { JSONPath } from "jsonpath-plus";
 import { CredentialsNotFoundError, MissingDataError } from "./errors";
 import Ajv from "ajv";
+import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 
 const ajv = new Ajv({ allErrors: true });
 const INDEX_CLAIM_NAME = 1;
@@ -23,13 +23,16 @@ export type EvaluateInputDescriptorSdJwt4VC = (
 
 export type EvaluateInputDescriptors = (
   descriptors: InputDescriptor[],
-  credentialsSdJwt: [string /* keyTag */, string /* credential */][]
+  credentialsSdJwt: [
+    CryptoContext /* cryptoContext */,
+    string /* credential */,
+  ][]
 ) => Promise<
   {
     evaluatedDisclosure: EvaluatedDisclosures;
     inputDescriptor: InputDescriptor;
     credential: string;
-    keyTag: string;
+    cryptoContext: CryptoContext;
   }[]
 >;
 
@@ -41,7 +44,7 @@ export type PrepareLegacyRemotePresentations = (
     requestedClaims: string[];
     inputDescriptor: InputDescriptor;
     credential: string;
-    keyTag: string;
+    cryptoContext: CryptoContext;
   }[],
   nonce: string,
   client_id: string
@@ -247,7 +250,7 @@ export const evaluateInputDescriptorForSdJwt4VC: EvaluateInputDescriptorSdJwt4VC
   };
 
 type DecodedCredentialSdJwt = {
-  keyTag: string;
+  cryptoContext: CryptoContext;
   credential: string;
   sdJwt: SdJwt4VC;
   disclosures: DisclosureWithEncoded[];
@@ -264,11 +267,11 @@ export const findCredentialSdJwt = (
   decodedSdJwtCredentials: DecodedCredentialSdJwt[]
 ): {
   matchedEvaluation: EvaluatedDisclosures;
-  matchedKeyTag: string;
   matchedCredential: string;
+  cryptoContext: CryptoContext;
 } => {
   for (const {
-    keyTag,
+    cryptoContext,
     credential,
     sdJwt,
     disclosures,
@@ -282,7 +285,7 @@ export const findCredentialSdJwt = (
 
       return {
         matchedEvaluation: evaluatedDisclosure,
-        matchedKeyTag: keyTag,
+        cryptoContext,
         matchedCredential: credential,
       };
     } catch {
@@ -319,9 +322,9 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
 ) => {
   // We need decode SD-JWT credentials for evaluation
   const decodedSdJwtCredentials =
-    credentialsSdJwt?.map(([keyTag, credential]) => {
+    credentialsSdJwt?.map(([cryptoContext, credential]) => {
       const { sdJwt, disclosures } = decode(credential);
-      return { keyTag, credential, sdJwt, disclosures };
+      return { cryptoContext, credential, sdJwt, disclosures };
     }) || [];
 
   return Promise.all(
@@ -336,14 +339,14 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
           ]);
         }
 
-        const { matchedEvaluation, matchedKeyTag, matchedCredential } =
+        const { matchedEvaluation, cryptoContext, matchedCredential } =
           findCredentialSdJwt(descriptor, decodedSdJwtCredentials);
 
         return {
           evaluatedDisclosure: matchedEvaluation,
           inputDescriptor: descriptor,
           credential: matchedCredential,
-          keyTag: matchedKeyTag,
+          cryptoContext,
         };
       }
 
@@ -383,7 +386,7 @@ export const prepareLegacyRemotePresentations: PrepareLegacyRemotePresentations
           const { vp_token } = await prepareVpToken(nonce, client_id, [
             item.credential,
             item.requestedClaims,
-            createCryptoContextFor(item.keyTag),
+            item.cryptoContext,
           ]);
 
           return {

package/src/credential/presentation/types.ts

@@ -30,7 +30,6 @@ export type LegacyRemotePresentation = {
 export type RemotePresentation = {
   requestedClaims: string[];
   credentialId: string;
-  format: string;
   vpToken: string;
 };
 
@@ -97,7 +96,7 @@ export const RequestObject = z.object({
   state: z.string().optional(),
   nonce: z.string(),
   response_uri: z.string(),
-  response_uri_method: z.string().optional(),
+  request_uri_method: z.string().optional(),
   response_type: z.literal("vp_token"),
   response_mode: z.literal("direct_post.jwt"),
   client_id: z.string(),