@pagopa/io-react-native-wallet 2.2.0 → 2.4.0

package/lib/module/credentials-catalogue/fetch-and-parse-catalogue.js

@@ -0,0 +1,35 @@
+import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
+import { hasStatusOrThrow } from "../utils/misc";
+import { IoWalletError } from "../utils/errors";
+import { DigitalCredentialsCatalogue } from "./types";
+import { getTrustAnchorEntityConfiguration } from "../trust/build-chain";
+/**
+ * Fetch and parse the Digital Credential Catalogue from the Trust Anchor.
+ * The catalogue's JWT signature is verified against the Trust Anchor's JWKs.
+ *
+ * @param trustAnchorUrl Base URL of the Trust Anchor
+ * @param context.appFetch (optional) fetch API implementation. Default: built-in fetch
+ * @returns The Digital Credential Catalogue payload
+ */
+export const fetchAndParseCatalogue = async function (trustAnchorBaseUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const trustAnchorConfig = await getTrustAnchorEntityConfiguration(trustAnchorBaseUrl);
+  const responseText = await appFetch(`${trustAnchorConfig.payload.sub}/.well-known/credential-catalogue`, {
+    method: "GET"
+  }).then(hasStatusOrThrow(200)).then(res => res.text());
+  const responseJwt = decodeJwt(responseText);
+  const catalogueKid = responseJwt.protectedHeader.kid;
+  const trustAnchorJwk = trustAnchorConfig.payload.jwks.keys.find(jwk => jwk.kid === catalogueKid);
+  if (!trustAnchorJwk) {
+    throw new IoWalletError(`Could not find JWK with kid ${catalogueKid} in Trust Anchor's Entity Configuration`);
+  }
+  await verify(responseText, trustAnchorJwk);
+  const parsedDigitalCredentialsCatalogue = DigitalCredentialsCatalogue.parse({
+    header: responseJwt.protectedHeader,
+    payload: responseJwt.payload
+  });
+  return parsedDigitalCredentialsCatalogue.payload;
+};
+//# sourceMappingURL=fetch-and-parse-catalogue.js.map

package/lib/module/credentials-catalogue/fetch-and-parse-catalogue.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["decode","decodeJwt","verify","hasStatusOrThrow","IoWalletError","DigitalCredentialsCatalogue","getTrustAnchorEntityConfiguration","fetchAndParseCatalogue","trustAnchorBaseUrl","appFetch","fetch","arguments","length","undefined","trustAnchorConfig","responseText","payload","sub","method","then","res","text","responseJwt","catalogueKid","protectedHeader","kid","trustAnchorJwk","jwks","keys","find","jwk","parsedDigitalCredentialsCatalogue","parse","header"],"sourceRoot":"../../../src","sources":["credentials-catalogue/fetch-and-parse-catalogue.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AACzE,SAASC,gBAAgB,QAAQ,eAAe;AAChD,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,2BAA2B,QAAQ,SAAS;AACrD,SAASC,iCAAiC,QAAQ,sBAAsB;AAMxE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAG,eAAAA,CACpCC,kBAA0B,EAE0B;EAAA,IADpD;IAAEC,QAAQ,GAAGC;EAA2B,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE9C,MAAMG,iBAAiB,GACrB,MAAMR,iCAAiC,CAACE,kBAAkB,CAAC;EAE7D,MAAMO,YAAY,GAAG,MAAMN,QAAQ,CAChC,GAAEK,iBAAiB,CAACE,OAAO,CAACC,GAAI,mCAAkC,EACnE;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAChB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BgB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,MAAMC,WAAW,GAAGrB,SAAS,CAACc,YAAY,CAAC;EAC3C,MAAMQ,YAAY,GAAGD,WAAW,CAACE,eAAe,CAACC,GAAG;EAEpD,MAAMC,cAAc,GAAGZ,iBAAiB,CAACE,OAAO,CAACW,IAAI,CAACC,IAAI,CAACC,IAAI,CAC5DC,GAAG,IAAKA,GAAG,CAACL,GAAG,KAAKF,YACvB,CAAC;EAED,IAAI,CAACG,cAAc,EAAE;IACnB,MAAM,IAAItB,aAAa,CACpB,+BAA8BmB,YAAa,yCAC9C,CAAC;EACH;EAEA,MAAMrB,MAAM,CAACa,YAAY,EAAEW,cAAc,CAAC;EAE1C,MAAMK,iCAAiC,GAAG1B,2BAA2B,CAAC2B,KAAK,CAAC;IAC1EC,MAAM,EAAEX,WAAW,CAACE,eAAe;IACnCR,OAAO,EAAEM,WAAW,CAACN;EACvB,CAAC,CAAC;EAEF,OAAOe,iCAAiC,CAACf,OAAO;AAClD,CAAC"}

package/lib/module/credentials-catalogue/index.js

@@ -0,0 +1,2 @@
+export { fetchAndParseCatalogue } from "./fetch-and-parse-catalogue";
+//# sourceMappingURL=index.js.map

package/lib/module/credentials-catalogue/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["fetchAndParseCatalogue"],"sourceRoot":"../../../src","sources":["credentials-catalogue/index.ts"],"mappings":"AAAA,SAASA,sBAAsB,QAAQ,6BAA6B"}

package/lib/module/credentials-catalogue/types.js

@@ -0,0 +1,89 @@
+import * as z from "zod";
+import { UnixTime } from "../sd-jwt/types";
+const CredentialPurpose = z.object({
+  id: z.string(),
+  description: z.string(),
+  category: z.string(),
+  subcategory: z.string(),
+  claims_required: z.array(z.string()),
+  claim_recommended: z.array(z.string())
+});
+const CredentialIssuer = z.object({
+  id: z.string(),
+  organization_name: z.string(),
+  organization_code: z.string(),
+  organization_country: z.string(),
+  contacts: z.array(z.string()).optional(),
+  homepage_uri: z.string().optional(),
+  logo_uri: z.string().optional(),
+  policy_uri: z.string().optional(),
+  tos_uri: z.string().optional()
+});
+const AuthenticSource = z.object({
+  id: z.string(),
+  organization_name: z.string(),
+  organization_code: z.string(),
+  organization_country: z.string(),
+  source_type: z.enum(["public", "private"]),
+  contacts: z.array(z.string()).optional(),
+  homepage_uri: z.string().optional(),
+  logo_uri: z.string().optional(),
+  user_information: z.string().optional()
+});
+const CredentialFormat = z.object({
+  configuration_id: z.string(),
+  format: z.enum(["dc+sd-jwt", "mso_mdoc"]),
+  vct: z.string().url().optional(),
+  docType: z.string().optional(),
+  schema_uri: z.string().url().optional(),
+  "schema_uri#integrity": z.string().optional()
+});
+const Claim = z.object({
+  name: z.string(),
+  taxonomy_ref: z.string(),
+  display_name: z.string()
+});
+export const DigitalCredential = z.object({
+  version: z.string(),
+  credential_type: z.string(),
+  legal_type: z.string(),
+  name: z.string(),
+  description: z.string(),
+  validity_info: z.object({
+    max_validity_days: z.number(),
+    status_methods: z.array(z.string()),
+    allowed_states: z.array(z.string())
+  }),
+  authentication: z.object({
+    user_auth_required: z.boolean(),
+    min_loa: z.string(),
+    supported_eid_schemes: z.array(z.string())
+  }),
+  purposes: z.array(CredentialPurpose),
+  issuers: z.array(CredentialIssuer),
+  authentic_sources: z.array(AuthenticSource),
+  formats: z.array(CredentialFormat),
+  claims: z.array(Claim)
+});
+
+/**
+ * The Digital Credentials Catalogue published by the Trust Anchor
+ *
+ * @version 1.1.0
+ * @see https://italia.github.io/eid-wallet-it-docs/releases/1.1.0/en/registry-catalogue.html
+ */
+export const DigitalCredentialsCatalogue = z.object({
+  header: z.object({
+    typ: z.string(),
+    alg: z.string(),
+    kid: z.string()
+  }),
+  payload: z.object({
+    catalog_version: z.string(),
+    taxonomy_uri: z.string().url(),
+    credentials: z.array(DigitalCredential),
+    iat: UnixTime,
+    exp: UnixTime
+  })
+});
+//# sourceMappingURL=types.js.map

package/lib/module/credentials-catalogue/types.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["z","UnixTime","CredentialPurpose","object","id","string","description","category","subcategory","claims_required","array","claim_recommended","CredentialIssuer","organization_name","organization_code","organization_country","contacts","optional","homepage_uri","logo_uri","policy_uri","tos_uri","AuthenticSource","source_type","enum","user_information","CredentialFormat","configuration_id","format","vct","url","docType","schema_uri","Claim","name","taxonomy_ref","display_name","DigitalCredential","version","credential_type","legal_type","validity_info","max_validity_days","number","status_methods","allowed_states","authentication","user_auth_required","boolean","min_loa","supported_eid_schemes","purposes","issuers","authentic_sources","formats","claims","DigitalCredentialsCatalogue","header","typ","alg","kid","payload","catalog_version","taxonomy_uri","credentials","iat","exp"],"sourceRoot":"../../../src","sources":["credentials-catalogue/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,QAAQ,QAAQ,iBAAiB;AAE1C,MAAMC,iBAAiB,GAAGF,CAAC,CAACG,MAAM,CAAC;EACjCC,EAAE,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACdC,WAAW,EAAEN,CAAC,CAACK,MAAM,CAAC,CAAC;EACvBE,QAAQ,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC;EACpBG,WAAW,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACvBI,eAAe,EAAET,CAAC,CAACU,KAAK,CAACV,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;EACpCM,iBAAiB,EAAEX,CAAC,CAACU,KAAK,CAACV,CAAC,CAACK,MAAM,CAAC,CAAC;AACvC,CAAC,CAAC;AAEF,MAAMO,gBAAgB,GAAGZ,CAAC,CAACG,MAAM,CAAC;EAChCC,EAAE,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACdQ,iBAAiB,EAAEb,CAAC,CAACK,MAAM,CAAC,CAAC;EAC7BS,iBAAiB,EAAEd,CAAC,CAACK,MAAM,CAAC,CAAC;EAC7BU,oBAAoB,EAAEf,CAAC,CAACK,MAAM,CAAC,CAAC;EAChCW,QAAQ,EAAEhB,CAAC,CAACU,KAAK,CAACV,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EACxCC,YAAY,EAAElB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EACnCE,QAAQ,EAAEnB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EAC/BG,UAAU,EAAEpB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EACjCI,OAAO,EAAErB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC;AAC/B,CAAC,CAAC;AAEF,MAAMK,eAAe,GAAGtB,CAAC,CAACG,MAAM,CAAC;EAC/BC,EAAE,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACdQ,iBAAiB,EAAEb,CAAC,CAACK,MAAM,CAAC,CAAC;EAC7BS,iBAAiB,EAAEd,CAAC,CAACK,MAAM,CAAC,CAAC;EAC7BU,oBAAoB,EAAEf,CAAC,CAACK,MAAM,CAAC,CAAC;EAChCkB,WAAW,EAAEvB,CAAC,CAACwB,IAAI,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;EAC1CR,QAAQ,EAAEhB,CAAC,CAACU,KAAK,CAACV,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EACxCC,YAAY,EAAElB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EACnCE,QAAQ,EAAEnB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EAC/BQ,gBAAgB,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC;AACxC,CAAC,CAAC;AAEF,MAAMS,gBAAgB,GAAG1B,CAAC,CAACG,MAAM,CAAC;EAChCwB,gBAAgB,EAAE3B,CAAC,CAACK,MAAM,CAAC,CAAC;EAC5BuB,MAAM,EAAE5B,CAAC,CAACwB,IAAI,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;EACzCK,GAAG,EAAE7B,CAAC,CAACK,MAAM,CAAC,CAAC,CAACyB,GAAG,CAAC,CAAC,CAACb,QAAQ,CAAC,CAAC;EAChCc,OAAO,EAAE/B,CAAC,CAACK,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC,CAAC;EAC9Be,UAAU,EAAEhC,CAAC,CAACK,MAAM,CAAC,CAAC,CAACyB,GAAG,CAAC,CAAC,CAACb,QAAQ,CAAC,CAAC;EACvC,sBAAsB,EAAEjB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACY,QAAQ,CAAC;AAC9C,CAAC,CAAC;AAEF,MAAMgB,KAAK,GAAGjC,CAAC,CAACG,MAAM,CAAC;EACrB+B,IAAI,EAAElC,CAAC,CAACK,MAAM,CAAC,CAAC;EAChB8B,YAAY,EAAEnC,CAAC,CAACK,MAAM,CAAC,CAAC;EACxB+B,YAAY,EAAEpC,CAAC,CAACK,MAAM,CAAC;AACzB,CAAC,CAAC;AAEF,OAAO,MAAMgC,iBAAiB,GAAGrC,CAAC,CAACG,MAAM,CAAC;EACxCmC,OAAO,EAAEtC,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBkC,eAAe,EAAEvC,CAAC,CAACK,MAAM,CAAC,CAAC;EAC3BmC,UAAU,EAAExC,CAAC,CAACK,MAAM,CAAC,CAAC;EACtB6B,IAAI,EAAElC,CAAC,CAACK,MAAM,CAAC,CAAC;EAChBC,WAAW,EAAEN,CAAC,CAACK,MAAM,CAAC,CAAC;EACvBoC,aAAa,EAAEzC,CAAC,CAACG,MAAM,CAAC;IACtBuC,iBAAiB,EAAE1C,CAAC,CAAC2C,MAAM,CAAC,CAAC;IAC7BC,cAAc,EAAE5C,CAAC,CAACU,KAAK,CAACV,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;IACnCwC,cAAc,EAAE7C,CAAC,CAACU,KAAK,CAACV,CAAC,CAACK,MAAM,CAAC,CAAC;EACpC,CAAC,CAAC;EACFyC,cAAc,EAAE9C,CAAC,CAACG,MAAM,CAAC;IACvB4C,kBAAkB,EAAE/C,CAAC,CAACgD,OAAO,CAAC,CAAC;IAC/BC,OAAO,EAAEjD,CAAC,CAACK,MAAM,CAAC,CAAC;IACnB6C,qBAAqB,EAAElD,CAAC,CAACU,KAAK,CAACV,CAAC,CAACK,MAAM,CAAC,CAAC;EAC3C,CAAC,CAAC;EACF8C,QAAQ,EAAEnD,CAAC,CAACU,KAAK,CAACR,iBAAiB,CAAC;EACpCkD,OAAO,EAAEpD,CAAC,CAACU,KAAK,CAACE,gBAAgB,CAAC;EAClCyC,iBAAiB,EAAErD,CAAC,CAACU,KAAK,CAACY,eAAe,CAAC;EAC3CgC,OAAO,EAAEtD,CAAC,CAACU,KAAK,CAACgB,gBAAgB,CAAC;EAClC6B,MAAM,EAAEvD,CAAC,CAACU,KAAK,CAACuB,KAAK;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMuB,2BAA2B,GAAGxD,CAAC,CAACG,MAAM,CAAC;EAClDsD,MAAM,EAAEzD,CAAC,CAACG,MAAM,CAAC;IACfuD,GAAG,EAAE1D,CAAC,CAACK,MAAM,CAAC,CAAC;IACfsD,GAAG,EAAE3D,CAAC,CAACK,MAAM,CAAC,CAAC;IACfuD,GAAG,EAAE5D,CAAC,CAACK,MAAM,CAAC;EAChB,CAAC,CAAC;EACFwD,OAAO,EAAE7D,CAAC,CAACG,MAAM,CAAC;IAChB2D,eAAe,EAAE9D,CAAC,CAACK,MAAM,CAAC,CAAC;IAC3B0D,YAAY,EAAE/D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACyB,GAAG,CAAC,CAAC;IAC9BkC,WAAW,EAAEhE,CAAC,CAACU,KAAK,CAAC2B,iBAAiB,CAAC;IACvC4B,GAAG,EAAEhE,QAAQ;IACbiE,GAAG,EAAEjE;EACP,CAAC;AACH,CAAC,CAAC"}

package/lib/module/index.js

@@ -3,6 +3,7 @@ import { fixBase64EncodingOnKey } from "./utils/jwk";
 // https://github.com/facebook/react-native/issues/24428
 import "react-native-url-polyfill/auto";
 import * as Credential from "./credential";
+import * as CredentialsCatalogue from "./credentials-catalogue";
 import * as PID from "./pid";
 import * as SdJwt from "./sd-jwt";
 import * as Mdoc from "./mdoc";
@@ -13,5 +14,5 @@ import * as WalletInstance from "./wallet-instance";
 import * as Logging from "./utils/logging";
 import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
 import { createCryptoContextFor } from "./utils/crypto";
-export { SdJwt, Mdoc, PID, Credential, WalletInstanceAttestation, WalletInstance, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails, fixBase64EncodingOnKey, Logging };
+export { SdJwt, Mdoc, PID, Credential, CredentialsCatalogue, WalletInstanceAttestation, WalletInstance, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails, fixBase64EncodingOnKey, Logging };
 //# sourceMappingURL=index.js.map

package/lib/module/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["fixBase64EncodingOnKey","Credential","PID","SdJwt","Mdoc","Errors","WalletInstanceAttestation","Trust","WalletInstance","Logging","AuthorizationDetail","AuthorizationDetails","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"AACA,SAASA,sBAAsB,QAAQ,aAAa;AACpD;AACA;AACA,OAAO,gCAAgC;AAEvC,OAAO,KAAKC,UAAU,MAAM,cAAc;AAC1C,OAAO,KAAKC,GAAG,MAAM,OAAO;AAC5B,OAAO,KAAKC,KAAK,MAAM,UAAU;AACjC,OAAO,KAAKC,IAAI,MAAM,QAAQ;AAC9B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,yBAAyB,MAAM,+BAA+B;AAC1E,OAAO,KAAKC,KAAK,MAAM,SAAS;AAChC,OAAO,KAAKC,cAAc,MAAM,mBAAmB;AACnD,OAAO,KAAKC,OAAO,MAAM,iBAAiB;AAC1C,SAASC,mBAAmB,EAAEC,oBAAoB,QAAQ,aAAa;AACvE,SAASC,sBAAsB,QAAQ,gBAAgB;AAGvD,SACET,KAAK,EACLC,IAAI,EACJF,GAAG,EACHD,UAAU,EACVK,yBAAyB,EACzBE,cAAc,EACdH,MAAM,EACNE,KAAK,EACLK,sBAAsB,EACtBF,mBAAmB,EACnBC,oBAAoB,EACpBX,sBAAsB,EACtBS,OAAO"}
+{"version":3,"names":["fixBase64EncodingOnKey","Credential","CredentialsCatalogue","PID","SdJwt","Mdoc","Errors","WalletInstanceAttestation","Trust","WalletInstance","Logging","AuthorizationDetail","AuthorizationDetails","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"AACA,SAASA,sBAAsB,QAAQ,aAAa;AACpD;AACA;AACA,OAAO,gCAAgC;AAEvC,OAAO,KAAKC,UAAU,MAAM,cAAc;AAC1C,OAAO,KAAKC,oBAAoB,MAAM,yBAAyB;AAC/D,OAAO,KAAKC,GAAG,MAAM,OAAO;AAC5B,OAAO,KAAKC,KAAK,MAAM,UAAU;AACjC,OAAO,KAAKC,IAAI,MAAM,QAAQ;AAC9B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,yBAAyB,MAAM,+BAA+B;AAC1E,OAAO,KAAKC,KAAK,MAAM,SAAS;AAChC,OAAO,KAAKC,cAAc,MAAM,mBAAmB;AACnD,OAAO,KAAKC,OAAO,MAAM,iBAAiB;AAC1C,SAASC,mBAAmB,EAAEC,oBAAoB,QAAQ,aAAa;AACvE,SAASC,sBAAsB,QAAQ,gBAAgB;AAGvD,SACET,KAAK,EACLC,IAAI,EACJF,GAAG,EACHF,UAAU,EACVC,oBAAoB,EACpBK,yBAAyB,EACzBE,cAAc,EACdH,MAAM,EACNE,KAAK,EACLK,sBAAsB,EACtBF,mBAAmB,EACnBC,oBAAoB,EACpBZ,sBAAsB,EACtBU,OAAO"}

package/lib/module/utils/auth.js

@@ -32,4 +32,12 @@ export const AuthorizationErrorShape = z.object({
 /**
  * Type of the identification result.
  */
+
+/**
+ * MRTD PoP Challenge Info response structure
+ */
+
+export const AuthorizationChallengeResultShape = z.object({
+  challenge_info: z.string()
+});
 //# sourceMappingURL=auth.js.map

package/lib/module/utils/auth.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","AuthorizationResultShape","object","code","string","state","iss","optional","AuthorizationErrorShape","error","error_description","error_uri"],"sourceRoot":"../../../src","sources":["utils/auth.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA,OAAO,MAAMC,wBAAwB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC/CC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBC,KAAK,EAAEL,CAAC,CAACI,MAAM,CAAC,CAAC;EACjBE,GAAG,EAAEN,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AAC3B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,uBAAuB,GAAGR,CAAC,CAACE,MAAM,CAAC;EAC9CO,KAAK,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC;EAAE;EACnBM,iBAAiB,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EACxCI,SAAS,EAAEX,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAChCF,KAAK,EAAEL,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AAC7B,CAAC,CAAC;;AAEF;AACA;AACA"}
+{"version":3,"names":["z","AuthorizationResultShape","object","code","string","state","iss","optional","AuthorizationErrorShape","error","error_description","error_uri","AuthorizationChallengeResultShape","challenge_info"],"sourceRoot":"../../../src","sources":["utils/auth.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA,OAAO,MAAMC,wBAAwB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC/CC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBC,KAAK,EAAEL,CAAC,CAACI,MAAM,CAAC,CAAC;EACjBE,GAAG,EAAEN,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AAC3B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,uBAAuB,GAAGR,CAAC,CAACE,MAAM,CAAC;EAC9CO,KAAK,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC;EAAE;EACnBM,iBAAiB,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EACxCI,SAAS,EAAEX,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAChCF,KAAK,EAAEL,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AAC7B,CAAC,CAAC;;AAEF;AACA;AACA;;AAGA;AACA;AACA;;AAEA,OAAO,MAAMK,iCAAiC,GAAGZ,CAAC,CAACE,MAAM,CAAC;EACxDW,cAAc,EAAEb,CAAC,CAACI,MAAM,CAAC;AAC3B,CAAC,CAAC"}

package/lib/module/utils/par.js

@@ -6,10 +6,15 @@ import { generateRandomAlphaNumericString, hasStatusOrThrow } from "./misc";
 import { createPopToken } from "./pop";
 import { IssuerResponseError } from "./errors";
 import { LogLevel, Logger } from "./logging";
-export const AuthorizationDetail = z.object({
+export const AuthorizationDetail = z.union([z.object({
   type: z.literal("openid_credential"),
   credential_configuration_id: z.string()
-});
+}), z.object({
+  type: z.literal("it_l2+document_proof"),
+  idphinting: z.string(),
+  challenge_method: z.literal("mrtd+ias"),
+  challenge_redirect_uri: z.string()
+})]);
 export const AuthorizationDetails = z.array(AuthorizationDetail);
 export const ParResponse = z.object({
   request_uri: z.string(),

package/lib/module/utils/par.js.map

@@ -1 +1 @@
-{"version":3,"names":["sha256ToBase64","SignJWT","v4","uuidv4","z","WalletInstanceAttestation","generateRandomAlphaNumericString","hasStatusOrThrow","createPopToken","IssuerResponseError","LogLevel","Logger","AuthorizationDetail","object","type","literal","credential_configuration_id","string","AuthorizationDetails","array","ParResponse","request_uri","expires_in","number","makeParRequest","_ref","wiaCryptoContext","appFetch","parEndpoint","walletInstanceAttestation","_ref2","codeVerifier","responseMode","clientId","redirectUri","authorizationDetails","scope","aud","wiaPublicKey","getPublicKey","iss","decode","payload","cnf","jwk","kid","signedWiaPoP","jti","codeChallengeMethod","codeChallenge","signedJwtForPar","setProtectedHeader","typ","setPayload","response_type","response_mode","client_id","state","code_challenge","code_challenge_method","redirect_uri","authorization_details","setIssuedAt","setExpirationTime","sign","formBody","URLSearchParams","request","log","DEBUG","method","headers","body","toString","then","res","json","parse","result"],"sourceRoot":"../../../src","sources":["utils/par.ts"],"mappings":"AAAA,SACEA,cAAc,EAEdC,OAAO,QACF,6BAA6B;AACpC,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,OAAO,KAAKC,yBAAyB,MAAM,gCAAgC;AAC3E,SAASC,gCAAgC,EAAEC,gBAAgB,QAAQ,QAAQ;AAC3E,SAASC,cAAc,QAAQ,OAAO;AACtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,QAAQ,EAAEC,MAAM,QAAQ,WAAW;AAG5C,OAAO,MAAMC,mBAAmB,GAAGR,CAAC,CAACS,MAAM,CAAC;EAC1CC,IAAI,EAAEV,CAAC,CAACW,OAAO,CAAC,mBAAmB,CAAC;EACpCC,2BAA2B,EAAEZ,CAAC,CAACa,MAAM,CAAC;AACxC,CAAC,CAAC;AAGF,OAAO,MAAMC,oBAAoB,GAAGd,CAAC,CAACe,KAAK,CAACP,mBAAmB,CAAC;AAGhE,OAAO,MAAMQ,WAAW,GAAGhB,CAAC,CAACS,MAAM,CAAC;EAClCQ,WAAW,EAAEjB,CAAC,CAACa,MAAM,CAAC,CAAC;EACvBK,UAAU,EAAElB,CAAC,CAACmB,MAAM,CAAC;AACvB,CAAC,CAAC;AAcF;AACA;AACA;AACA,OAAO,MAAMC,cAAc,GACzBC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC;EAIF,CAAC,GAAAF,IAAA;EAAA,OACD,OACEG,WAAmB,EACnBC,yBAAiC,EAAAC,KAAA,KAUb;IAAA,IATpB;MACEC,YAAY;MACZC,YAAY;MACZC,QAAQ;MACRC,WAAW;MACXC,oBAAoB;MACpBC,KAAK;MACLC;IACiB,CAAC,GAAAP,KAAA;IAEpB,MAAMQ,YAAY,GAAG,MAAMZ,gBAAgB,CAACa,YAAY,CAAC,CAAC;IAE1D,MAAMC,GAAG,GAAGnC,yBAAyB,CAACoC,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,YAAY,GAAG,MAAMtC,cAAc,CACvC;MACEuC,GAAG,EAAG,GAAE5C,MAAM,CAAC,CAAE,EAAC;MAClBkC,GAAG;MACHG;IACF,CAAC,EACDd,gBACF,CAAC;;IAED;AACJ;AACA;IACI,MAAMsB,mBAAmB,GAAG,MAAM;IAClC,MAAMC,aAAa,GAAG,MAAMjD,cAAc,CAAC+B,YAAY,CAAC;;IAExD;AACJ;AACA;AACA;IACI,MAAMmB,eAAe,GAAG,MAAM,IAAIjD,OAAO,CAACyB,gBAAgB,CAAC,CACxDyB,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVP,GAAG,EAAEP,YAAY,CAACO;IACpB,CAAC,CAAC,CACDQ,UAAU,CAAC;MACVN,GAAG,EAAG,GAAE5C,MAAM,CAAC,CAAE,EAAC;MAClBkC,GAAG;MACHiB,aAAa,EAAE,MAAM;MACrBC,aAAa,EAAEvB,YAAY;MAC3BwB,SAAS,EAAEvB,QAAQ;MACnBO,GAAG;MACHiB,KAAK,EAAEnD,gCAAgC,CAAC,EAAE,CAAC;MAC3CoD,cAAc,EAAET,aAAa;MAC7BU,qBAAqB,EAAEX,mBAAmB;MAC1CY,YAAY,EAAE1B,WAAW;MACzB,IAAIC,oBAAoB,IAAI;QAC1B0B,qBAAqB,EAAE1B;MACzB,CAAC,CAAC;MACF,IAAIC,KAAK,IAAI;QAAEA;MAAM,CAAC;IACxB,CAAC,CAAC,CACD0B,WAAW,CAAC,CAAC,CAAC;IAAA,CACdC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;;IAET;IACA,IAAIC,QAAQ,GAAG,IAAIC,eAAe,CAAC;MACjCV,SAAS,EAAEvB,QAAQ;MACnBkC,OAAO,EAAEjB;IACX,CAAC,CAAC;IAEFvC,MAAM,CAACyD,GAAG,CACR1D,QAAQ,CAAC2D,KAAK,EACb,2BAA0BzC,WAAY,KAAIqC,QAAS,EACtD,CAAC;IAED,OAAO,MAAMtC,QAAQ,CAACC,WAAW,EAAE;MACjC0C,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD,0BAA0B,EAAE1C,yBAAyB;QACrD,8BAA8B,EAAEiB;MAClC,CAAC;MACD0B,IAAI,EAAEP,QAAQ,CAACQ,QAAQ,CAAC;IAC1B,CAAC,CAAC,CACCC,IAAI,CAACnE,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDiE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACtD,WAAW,CAACyD,KAAK,CAAC,CACvBH,IAAI,CAAEI,MAAM,IAAKA,MAAM,CAACzD,WAAW,CAAC;EACzC,CAAC;AAAA"}
+{"version":3,"names":["sha256ToBase64","SignJWT","v4","uuidv4","z","WalletInstanceAttestation","generateRandomAlphaNumericString","hasStatusOrThrow","createPopToken","IssuerResponseError","LogLevel","Logger","AuthorizationDetail","union","object","type","literal","credential_configuration_id","string","idphinting","challenge_method","challenge_redirect_uri","AuthorizationDetails","array","ParResponse","request_uri","expires_in","number","makeParRequest","_ref","wiaCryptoContext","appFetch","parEndpoint","walletInstanceAttestation","_ref2","codeVerifier","responseMode","clientId","redirectUri","authorizationDetails","scope","aud","wiaPublicKey","getPublicKey","iss","decode","payload","cnf","jwk","kid","signedWiaPoP","jti","codeChallengeMethod","codeChallenge","signedJwtForPar","setProtectedHeader","typ","setPayload","response_type","response_mode","client_id","state","code_challenge","code_challenge_method","redirect_uri","authorization_details","setIssuedAt","setExpirationTime","sign","formBody","URLSearchParams","request","log","DEBUG","method","headers","body","toString","then","res","json","parse","result"],"sourceRoot":"../../../src","sources":["utils/par.ts"],"mappings":"AAAA,SACEA,cAAc,EAEdC,OAAO,QACF,6BAA6B;AACpC,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,OAAO,KAAKC,yBAAyB,MAAM,gCAAgC;AAC3E,SAASC,gCAAgC,EAAEC,gBAAgB,QAAQ,QAAQ;AAC3E,SAASC,cAAc,QAAQ,OAAO;AACtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,QAAQ,EAAEC,MAAM,QAAQ,WAAW;AAG5C,OAAO,MAAMC,mBAAmB,GAAGR,CAAC,CAACS,KAAK,CAAC,CACzCT,CAAC,CAACU,MAAM,CAAC;EACPC,IAAI,EAAEX,CAAC,CAACY,OAAO,CAAC,mBAAmB,CAAC;EACpCC,2BAA2B,EAAEb,CAAC,CAACc,MAAM,CAAC;AACxC,CAAC,CAAC,EACFd,CAAC,CAACU,MAAM,CAAC;EACPC,IAAI,EAAEX,CAAC,CAACY,OAAO,CAAC,sBAAsB,CAAC;EACvCG,UAAU,EAAEf,CAAC,CAACc,MAAM,CAAC,CAAC;EACtBE,gBAAgB,EAAEhB,CAAC,CAACY,OAAO,CAAC,UAAU,CAAC;EACvCK,sBAAsB,EAAEjB,CAAC,CAACc,MAAM,CAAC;AACnC,CAAC,CAAC,CACH,CAAC;AAGF,OAAO,MAAMI,oBAAoB,GAAGlB,CAAC,CAACmB,KAAK,CAACX,mBAAmB,CAAC;AAGhE,OAAO,MAAMY,WAAW,GAAGpB,CAAC,CAACU,MAAM,CAAC;EAClCW,WAAW,EAAErB,CAAC,CAACc,MAAM,CAAC,CAAC;EACvBQ,UAAU,EAAEtB,CAAC,CAACuB,MAAM,CAAC;AACvB,CAAC,CAAC;AAcF;AACA;AACA;AACA,OAAO,MAAMC,cAAc,GACzBC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC;EAIF,CAAC,GAAAF,IAAA;EAAA,OACD,OACEG,WAAmB,EACnBC,yBAAiC,EAAAC,KAAA,KAUb;IAAA,IATpB;MACEC,YAAY;MACZC,YAAY;MACZC,QAAQ;MACRC,WAAW;MACXC,oBAAoB;MACpBC,KAAK;MACLC;IACiB,CAAC,GAAAP,KAAA;IAEpB,MAAMQ,YAAY,GAAG,MAAMZ,gBAAgB,CAACa,YAAY,CAAC,CAAC;IAE1D,MAAMC,GAAG,GAAGvC,yBAAyB,CAACwC,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,YAAY,GAAG,MAAM1C,cAAc,CACvC;MACE2C,GAAG,EAAG,GAAEhD,MAAM,CAAC,CAAE,EAAC;MAClBsC,GAAG;MACHG;IACF,CAAC,EACDd,gBACF,CAAC;;IAED;AACJ;AACA;IACI,MAAMsB,mBAAmB,GAAG,MAAM;IAClC,MAAMC,aAAa,GAAG,MAAMrD,cAAc,CAACmC,YAAY,CAAC;;IAExD;AACJ;AACA;AACA;IACI,MAAMmB,eAAe,GAAG,MAAM,IAAIrD,OAAO,CAAC6B,gBAAgB,CAAC,CACxDyB,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVP,GAAG,EAAEP,YAAY,CAACO;IACpB,CAAC,CAAC,CACDQ,UAAU,CAAC;MACVN,GAAG,EAAG,GAAEhD,MAAM,CAAC,CAAE,EAAC;MAClBsC,GAAG;MACHiB,aAAa,EAAE,MAAM;MACrBC,aAAa,EAAEvB,YAAY;MAC3BwB,SAAS,EAAEvB,QAAQ;MACnBO,GAAG;MACHiB,KAAK,EAAEvD,gCAAgC,CAAC,EAAE,CAAC;MAC3CwD,cAAc,EAAET,aAAa;MAC7BU,qBAAqB,EAAEX,mBAAmB;MAC1CY,YAAY,EAAE1B,WAAW;MACzB,IAAIC,oBAAoB,IAAI;QAC1B0B,qBAAqB,EAAE1B;MACzB,CAAC,CAAC;MACF,IAAIC,KAAK,IAAI;QAAEA;MAAM,CAAC;IACxB,CAAC,CAAC,CACD0B,WAAW,CAAC,CAAC,CAAC;IAAA,CACdC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;;IAET;IACA,IAAIC,QAAQ,GAAG,IAAIC,eAAe,CAAC;MACjCV,SAAS,EAAEvB,QAAQ;MACnBkC,OAAO,EAAEjB;IACX,CAAC,CAAC;IAEF3C,MAAM,CAAC6D,GAAG,CACR9D,QAAQ,CAAC+D,KAAK,EACb,2BAA0BzC,WAAY,KAAIqC,QAAS,EACtD,CAAC;IAED,OAAO,MAAMtC,QAAQ,CAACC,WAAW,EAAE;MACjC0C,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD,0BAA0B,EAAE1C,yBAAyB;QACrD,8BAA8B,EAAEiB;MAClC,CAAC;MACD0B,IAAI,EAAEP,QAAQ,CAACQ,QAAQ,CAAC;IAC1B,CAAC,CAAC,CACCC,IAAI,CAACvE,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACtD,WAAW,CAACyD,KAAK,CAAC,CACvBH,IAAI,CAAEI,MAAM,IAAKA,MAAM,CAACzD,WAAW,CAAC;EACzC,CAAC;AAAA"}

package/lib/module/utils/zod.js

@@ -0,0 +1,20 @@
+/**
+ * @see https://github.com/JacobWeisenburger/zod_utilz/blob/main/src/stringToJSON.ts
+ */
+
+import { z } from "zod";
+const literalSchema = z.union([z.string(), z.number(), z.boolean(), z.null()]);
+const jsonSchema = z.lazy(() => z.union([literalSchema, z.array(jsonSchema), z.record(jsonSchema)]));
+export const json = () => jsonSchema;
+export const stringToJSONSchema = z.string().transform((str, ctx) => {
+  try {
+    return JSON.parse(str);
+  } catch (e) {
+    ctx.addIssue({
+      code: "custom",
+      message: "Invalid JSON"
+    });
+    return z.NEVER;
+  }
+});
+//# sourceMappingURL=zod.js.map

package/lib/module/utils/zod.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["z","literalSchema","union","string","number","boolean","null","jsonSchema","lazy","array","record","json","stringToJSONSchema","transform","str","ctx","JSON","parse","e","addIssue","code","message","NEVER"],"sourceRoot":"../../../src","sources":["utils/zod.ts"],"mappings":"AAAA;AACA;AACA;;AAEA,SAASA,CAAC,QAAQ,KAAK;AAEvB,MAAMC,aAAa,GAAGD,CAAC,CAACE,KAAK,CAAC,CAACF,CAAC,CAACG,MAAM,CAAC,CAAC,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC,EAAEJ,CAAC,CAACK,OAAO,CAAC,CAAC,EAAEL,CAAC,CAACM,IAAI,CAAC,CAAC,CAAC,CAAC;AAM9E,MAAMC,UAA2B,GAAGP,CAAC,CAACQ,IAAI,CAAC,MACzCR,CAAC,CAACE,KAAK,CAAC,CAACD,aAAa,EAAED,CAAC,CAACS,KAAK,CAACF,UAAU,CAAC,EAAEP,CAAC,CAACU,MAAM,CAACH,UAAU,CAAC,CAAC,CACpE,CAAC;AAED,OAAO,MAAMI,IAAI,GAAGA,CAAA,KAAMJ,UAAU;AAEpC,OAAO,MAAMK,kBAAkB,GAAGZ,CAAC,CAChCG,MAAM,CAAC,CAAC,CACRU,SAAS,CAAC,CAACC,GAAG,EAAEC,GAAG,KAAuC;EACzD,IAAI;IACF,OAAOC,IAAI,CAACC,KAAK,CAACH,GAAG,CAAC;EACxB,CAAC,CAAC,OAAOI,CAAC,EAAE;IACVH,GAAG,CAACI,QAAQ,CAAC;MAAEC,IAAI,EAAE,QAAQ;MAAEC,OAAO,EAAE;IAAe,CAAC,CAAC;IACzD,OAAOrB,CAAC,CAACsB,KAAK;EAChB;AACF,CAAC,CAAC"}

package/lib/typescript/credential/index.d.ts

@@ -2,5 +2,6 @@ import * as Issuance from "./issuance";
 import * as Presentation from "./presentation";
 import * as Status from "./status";
 import * as Trustmark from "./trustmark";
-export { Issuance, Presentation, Status, Trustmark };
+import * as Offer from "./offer";
+export { Issuance, Presentation, Status, Trustmark, Offer };
 //# sourceMappingURL=index.d.ts.map

package/lib/typescript/credential/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/credential/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,YAAY,MAAM,gBAAgB,CAAC;AAC/C,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/credential/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,YAAY,MAAM,gBAAgB,CAAC;AAC/C,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AACzC,OAAO,KAAK,KAAK,MAAM,SAAS,CAAC;AAEjC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC"}

package/lib/typescript/credential/issuance/01-start-flow.d.ts

@@ -1,7 +1,7 @@
 /**
  * WARNING: This is the first function to be called in the issuing flow. The next function to be called is {@link evaluateIssuerTrust}.
  * The beginning of the issuing flow.
- * To be implemented accordind to the user touchpoint
+ * To be implemented according to the user touchpoint
  *
  * @returns The configuration ID of the Credential to be issued and the url of the Issuer
  */

package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts

@@ -2,7 +2,12 @@ import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 import { type Out } from "../../utils/misc";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import { AuthorizationDetail } from "../../utils/par";
-export type StartUserAuthorization = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], credentialIds: string[], context: {
+export type StartUserAuthorization = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], credentialIds: string[], proof: {
+    proofType: "none";
+} | {
+    proofType: "mrtd-pop";
+    idpHinting: string;
+}, context: {
     wiaCryptoContext: CryptoContext;
     walletInstanceAttestation: string;
     redirectUri: string;
@@ -22,15 +27,20 @@ export type StartUserAuthorization = (issuerConf: Out<EvaluateIssuerTrust>["issu
  * it is possible to use the same access token for the issuance of all requested credentials.
  * This is an HTTP POST request containing the Wallet Instance identifier (client id), the code challenge and challenge method as specified by PKCE according to RFC 9126
  * along with the WTE and its proof of possession (WTE-PoP).
- * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details),
- * the application session identifier on the Wallet Instance side (state),
+ * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details), challenge method and
+ * redirect URI for the document proof step (if L2 flow), the application session identifier on the Wallet Instance side (state),
  * the method (query or form_post.jwt) by which the Authorization Server
  * should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
  * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
  * should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
  * @param issuerConf The issuer configuration
  * @param credentialIds The credential configuration IDs to be requested
- * @param ctx The context object containing the Wallet Instance's cryptographic context, the Wallet Instance's attestation, the redirect URI and the fetch implementation
+ * @param proof The configuration for the proof to be used in the request: "none" for standard flows, "document" for L2+ with MRTD verification.
+ * @param ctx The context object containing;
+ *  - wiaCryptoContext: the Wallet Instance's cryptographic context
+ *  - walletInstanceAttestation: the Wallet Instance's attestation
+ *  - redirectUri: the redirect URI
+ *  - appFetch: (optional) the fetch implementation
  * @returns The URI to which the end user should be redirected to start the authentication flow, along with the client id, the code verifier and the credential definition(s)
  */
 export declare const startUserAuthorization: StartUserAuthorization;

package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"03-start-user-authorization.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/03-start-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,EAAoC,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEtE,OAAO,EAAE,mBAAmB,EAAkB,MAAM,iBAAiB,CAAC;AAGtE,MAAM,MAAM,sBAAsB,GAAG,CACnC,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,aAAa,EAAE,MAAM,EAAE,EACvB,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,yBAAyB,EAAE,MAAM,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C,CAAC,CAAC;AAqFH;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,eAAO,MAAM,sBAAsB,EAAE,sBA4CpC,CAAC"}
+{"version":3,"file":"03-start-user-authorization.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/03-start-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,EAAoC,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEtE,OAAO,EAAE,mBAAmB,EAAkB,MAAM,iBAAiB,CAAC;AAGtE,MAAM,MAAM,sBAAsB,GAAG,CACnC,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,aAAa,EAAE,MAAM,EAAE,EACvB,KAAK,EAAE;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,SAAS,EAAE,UAAU,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,EAC5E,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,yBAAyB,EAAE,MAAM,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C,CAAC,CAAC;AAqFH;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,sBAAsB,EAAE,sBA8DpC,CAAC"}

package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts

@@ -1,4 +1,4 @@
-import { type AuthorizationResult } from "../../utils/auth";
+import { type AuthorizationChallengeResult, type AuthorizationResult } from "../../utils/auth";
 import { type Out } from "../../utils/misc";
 import type { StartUserAuthorization } from "./03-start-user-authorization";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
@@ -8,6 +8,7 @@ import { RequestObject } from "../presentation/types";
  * The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
  */
 export type CompleteUserAuthorizationWithQueryMode = (authRedirectUrl: string) => Promise<AuthorizationResult>;
+export type ContinueUserAuthorizationWithMRTDPoPChallenge = (authRedirectUrl: string) => Promise<AuthorizationChallengeResult>;
 export type CompleteUserAuthorizationWithFormPostJwtMode = (requestObject: Out<GetRequestedCredentialToBePresented>, pid: string, context: {
     wiaCryptoContext: CryptoContext;
     pidCryptoContext: CryptoContext;
@@ -17,6 +18,13 @@ export type GetRequestedCredentialToBePresented = (issuerRequestUri: Out<StartUs
 export type BuildAuthorizationUrl = (issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"], clientId: Out<StartUserAuthorization>["clientId"], issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], idpHint?: string) => Promise<{
     authUrl: string;
 }>;
+/**
+ * WARNING: this function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID, and the PID
+ * issuance requires a MRTD PoP challenge.
+ * @param authRedirectUrl The URL to which the end user should be redirected to start the MRTD PoP validation flow
+ * @returns the authorization response which contains the challenge
+ */
+export declare const continueUserAuthorizationWithMRTDPoPChallenge: ContinueUserAuthorizationWithMRTDPoPChallenge;
 /**
  * WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
  * Builds the authorization URL to which the end user should be redirected to continue the authentication flow.

package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"04-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/04-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAG5E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAGL,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAA2B,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAQ/E;;GAEG;AACH,MAAM,MAAM,sCAAsC,GAAG,CACnD,eAAe,EAAE,MAAM,KACpB,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,MAAM,MAAM,4CAA4C,GAAG,CACzD,aAAa,EAAE,GAAG,CAAC,mCAAmC,CAAC,EACvD,GAAG,EAAE,MAAM,EACX,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,gBAAgB,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,MAAM,MAAM,mCAAmC,GAAG,CAChD,gBAAgB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EACjE,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,aAAa,CAAC,CAAC;AAE5B,MAAM,MAAM,qBAAqB,GAAG,CAClC,gBAAgB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EACjE,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,OAAO,CAAC,EAAE,MAAM,KACb,OAAO,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,qBAAqB,EAAE,qBAqBnC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,sCAAsC,EAAE,sCASlD,CAAC;AAEJ;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mCAAmC,EAAE,mCAsC/C,CAAC;AAEJ;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4CAA4C,EAAE,4CAoFxD,CAAC;AAEJ;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,YAC5B,OAAO,KACf,mBAqBF,CAAC"}
+{"version":3,"file":"04-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/04-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,4BAA4B,EACjC,KAAK,mBAAmB,EACzB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAG5E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAGL,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAA2B,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAQ/E;;GAEG;AACH,MAAM,MAAM,sCAAsC,GAAG,CACnD,eAAe,EAAE,MAAM,KACpB,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,MAAM,MAAM,6CAA6C,GAAG,CAC1D,eAAe,EAAE,MAAM,KACpB,OAAO,CAAC,4BAA4B,CAAC,CAAC;AAE3C,MAAM,MAAM,4CAA4C,GAAG,CACzD,aAAa,EAAE,GAAG,CAAC,mCAAmC,CAAC,EACvD,GAAG,EAAE,MAAM,EACX,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,gBAAgB,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,MAAM,MAAM,mCAAmC,GAAG,CAChD,gBAAgB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EACjE,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,aAAa,CAAC,CAAC;AAE5B,MAAM,MAAM,qBAAqB,GAAG,CAClC,gBAAgB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EACjE,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,OAAO,CAAC,EAAE,MAAM,KACb,OAAO,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,6CAA6C,EAAE,6CA4BzD,CAAC;AAEJ;;;;;;;;GAQG;AACH,eAAO,MAAM,qBAAqB,EAAE,qBAqBnC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,sCAAsC,EAAE,sCASlD,CAAC;AAEJ;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mCAAmC,EAAE,mCAsC/C,CAAC;AAEJ;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4CAA4C,EAAE,4CAoFxD,CAAC;AAEJ;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,YAC5B,OAAO,KACf,mBAqBF,CAAC"}

package/lib/typescript/credential/issuance/index.d.ts

@@ -1,11 +1,12 @@
 import { type StartFlow } from "./01-start-flow";
 import { evaluateIssuerTrust, type EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import { startUserAuthorization, type StartUserAuthorization } from "./03-start-user-authorization";
-import { completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthorizationResponse, buildAuthorizationUrl, type CompleteUserAuthorizationWithQueryMode, type CompleteUserAuthorizationWithFormPostJwtMode, type GetRequestedCredentialToBePresented, type BuildAuthorizationUrl, getRequestedCredentialToBePresented } from "./04-complete-user-authorization";
+import { continueUserAuthorizationWithMRTDPoPChallenge, completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthorizationResponse, buildAuthorizationUrl, getRequestedCredentialToBePresented, type ContinueUserAuthorizationWithMRTDPoPChallenge, type CompleteUserAuthorizationWithQueryMode, type CompleteUserAuthorizationWithFormPostJwtMode, type GetRequestedCredentialToBePresented, type BuildAuthorizationUrl } from "./04-complete-user-authorization";
 import { authorizeAccess, type AuthorizeAccess } from "./05-authorize-access";
 import { obtainCredential, type ObtainCredential } from "./06-obtain-credential";
 import { verifyAndParseCredential, type VerifyAndParseCredential } from "./07-verify-and-parse-credential";
 import * as Errors from "./errors";
-export { evaluateIssuerTrust, startUserAuthorization, buildAuthorizationUrl, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors, };
-export type { StartFlow, EvaluateIssuerTrust, StartUserAuthorization, BuildAuthorizationUrl, CompleteUserAuthorizationWithQueryMode, GetRequestedCredentialToBePresented, CompleteUserAuthorizationWithFormPostJwtMode, AuthorizeAccess, ObtainCredential, VerifyAndParseCredential, };
+import * as MRTDPoP from "./mrtd-pop";
+export { MRTDPoP, evaluateIssuerTrust, startUserAuthorization, buildAuthorizationUrl, completeUserAuthorizationWithQueryMode, continueUserAuthorizationWithMRTDPoPChallenge, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors, };
+export type { StartFlow, EvaluateIssuerTrust, StartUserAuthorization, BuildAuthorizationUrl, ContinueUserAuthorizationWithMRTDPoPChallenge, CompleteUserAuthorizationWithQueryMode, GetRequestedCredentialToBePresented, CompleteUserAuthorizationWithFormPostJwtMode, AuthorizeAccess, ObtainCredential, VerifyAndParseCredential, };
 //# sourceMappingURL=index.d.ts.map

package/lib/typescript/credential/issuance/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EACL,mBAAmB,EACnB,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,sBAAsB,EACtB,KAAK,sBAAsB,EAC5B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,sCAAsC,EACtC,4CAA4C,EAC5C,0BAA0B,EAC1B,qBAAqB,EACrB,KAAK,sCAAsC,EAC3C,KAAK,4CAA4C,EACjD,KAAK,mCAAmC,EACxC,KAAK,qBAAqB,EAC1B,mCAAmC,EACpC,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,KAAK,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACtB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,wBAAwB,EACxB,KAAK,wBAAwB,EAC9B,MAAM,kCAAkC,CAAC;AAC1C,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAEnC,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,sCAAsC,EACtC,mCAAmC,EACnC,4CAA4C,EAC5C,eAAe,EACf,gBAAgB,EAChB,wBAAwB,EACxB,0BAA0B,EAC1B,MAAM,GACP,CAAC;AACF,YAAY,EACV,SAAS,EACT,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,sCAAsC,EACtC,mCAAmC,EACnC,4CAA4C,EAC5C,eAAe,EACf,gBAAgB,EAChB,wBAAwB,GACzB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EACL,mBAAmB,EACnB,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,sBAAsB,EACtB,KAAK,sBAAsB,EAC5B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,6CAA6C,EAC7C,sCAAsC,EACtC,4CAA4C,EAC5C,0BAA0B,EAC1B,qBAAqB,EACrB,mCAAmC,EACnC,KAAK,6CAA6C,EAClD,KAAK,sCAAsC,EAC3C,KAAK,4CAA4C,EACjD,KAAK,mCAAmC,EACxC,KAAK,qBAAqB,EAC3B,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,KAAK,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACtB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,wBAAwB,EACxB,KAAK,wBAAwB,EAC9B,MAAM,kCAAkC,CAAC;AAC1C,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,KAAK,OAAO,MAAM,YAAY,CAAC;AAEtC,OAAO,EACL,OAAO,EACP,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,sCAAsC,EACtC,6CAA6C,EAC7C,mCAAmC,EACnC,4CAA4C,EAC5C,eAAe,EACf,gBAAgB,EAChB,wBAAwB,EACxB,0BAA0B,EAC1B,MAAM,GACP,CAAC;AACF,YAAY,EACV,SAAS,EACT,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,6CAA6C,EAC7C,sCAAsC,EACtC,mCAAmC,EACnC,4CAA4C,EAC5C,eAAe,EACf,gBAAgB,EAChB,wBAAwB,GACzB,CAAC"}

package/lib/typescript/credential/issuance/mrtd-pop/01-verify-and-parse-challenge-info.d.ts

@@ -0,0 +1,25 @@
+import { type CryptoContext } from "@pagopa/io-react-native-jwt";
+import { MrtdProofChallengeInfo } from "./types";
+import type { EvaluateIssuerTrust } from "../../issuance";
+import type { Out } from "../../../utils/misc";
+export type VerifyAndParseChallengeInfo = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], challengeInfoJwt: string, context: {
+    wiaCryptoContext: CryptoContext;
+}) => Promise<MrtdProofChallengeInfo["payload"]>;
+/**
+ * Verifies and parses the payload of a MRTD Proof Challenge Info JWT obtained after the primary authentication.
+ *
+ * This function performs the following steps:
+ * 1. Validates the JWT signature using the issuer's JWKS.
+ * 2. Decodes the JWT and parses its structure according to the {@link MrtdProofChallengeInfo} schema.
+ * 3. Verifies that the `aud` claim matches the client's public key ID.
+ * 4. Checks that the JWT is not expired and was not issued in the future.
+ *
+ * @param issuerConf - The issuer configuration containing the JWKS for signature verification.
+ * @param challengeInfoJwt - The JWT string representing the MRTD Proof Challenge Info.
+ * @param context - The context containing the WIA crypto context used to retrieve the client public key.
+ * @returns The parsed payload of the MRTD Proof Challenge Info JWT.
+ * @throws {Error} If the JWT signature is invalid, the structure is malformed, the `aud` claim does not match,
+ * or the JWT is expired/not yet valid.
+ */
+export declare const verifyAndParseChallengeInfo: VerifyAndParseChallengeInfo;
+//# sourceMappingURL=01-verify-and-parse-challenge-info.d.ts.map

package/lib/typescript/credential/issuance/mrtd-pop/01-verify-and-parse-challenge-info.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"01-verify-and-parse-challenge-info.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/mrtd-pop/01-verify-and-parse-challenge-info.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;AAG/C,MAAM,MAAM,2BAA2B,GAAG,CACxC,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,gBAAgB,EAAE,MAAM,EACxB,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;CACjC,KACE,OAAO,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC,CAAC;AAEhD;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,2BAA2B,EAAE,2BAmCzC,CAAC"}

package/lib/typescript/credential/issuance/mrtd-pop/02-init-challenge.d.ts

@@ -0,0 +1,23 @@
+import { type Out } from "../../../utils/misc";
+import type { CryptoContext } from "@pagopa/io-react-native-jwt";
+import type { EvaluateIssuerTrust } from "../../issuance";
+import { MrtdPoPChallenge } from "./types";
+export type InitChallenge = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], initUrl: string, mrtd_auth_session: string, mrtd_pop_jwt_nonce: string, context: {
+    wiaCryptoContext: CryptoContext;
+    walletInstanceAttestation: string;
+    appFetch?: GlobalFetch["fetch"];
+}) => Promise<MrtdPoPChallenge["payload"]>;
+/**
+ * Initialaizes the MRTD challenge with the data received from the issuer after the primary authentication.
+ * This function must be called after {@link verifyAndParseChallengeInfo}.
+ *
+ * @param issuerConf - The issuer configuration containing the JWKS for signature verification.
+ * @param initUrl - The endpoint to call to initialize the challenge.
+ * @param mrtd_auth_session - Session identifier for session binding obtained from the MRTD Proof JWT.
+ * @param mrtd_pop_jwt_nonce - Nonce value obtained from the MRTD Proof JWT.
+ * @param context - The context containing the WIA crypto context used to retrieve the client public key,
+ * the wallet instance attestation and an optional fetch implementation.
+ * @returns The payload of the MRTD PoP Challenge JWT.
+ */
+export declare const initChallenge: InitChallenge;
+//# sourceMappingURL=02-init-challenge.d.ts.map

package/lib/typescript/credential/issuance/mrtd-pop/02-init-challenge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"02-init-challenge.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/mrtd-pop/02-init-challenge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,qBAAqB,CAAC;AACjE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAIjE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAG1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C,MAAM,MAAM,aAAa,GAAG,CAC1B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,OAAO,EAAE,MAAM,EACf,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,EAAE,MAAM,EAC1B,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,CAAC;AAE1C;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,aAAa,EAAE,aA+C3B,CAAC"}

package/lib/typescript/credential/issuance/mrtd-pop/03-validate-challenge.d.ts

@@ -0,0 +1,39 @@
+import { type CryptoContext } from "@pagopa/io-react-native-jwt";
+import { type Out } from "../../../utils/misc";
+import type { EvaluateIssuerTrust } from "../../issuance";
+import { MrtdPopVerificationResult, type IasPayload, type MrtdPayload } from "./types";
+import type { VerifyAndParseChallengeInfo } from "./01-verify-and-parse-challenge-info";
+export type ValidateChallenge = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], verifyUrl: string, mrtd_auth_session: string, mrtd_pop_nonce: string, mrtd: MrtdPayload, ias: IasPayload, context: {
+    wiaCryptoContext: CryptoContext;
+    walletInstanceAttestation: string;
+    appFetch?: GlobalFetch["fetch"];
+}) => Promise<MrtdPopVerificationResult>;
+export type BuildChallengeCallbackUrl = (redirectUri: Out<ValidateChallenge>["redirect_uri"], valPopNonce: Out<ValidateChallenge>["mrtd_val_pop_nonce"], authSession: Out<VerifyAndParseChallengeInfo>["mrtd_auth_session"]) => Promise<{
+    callbackUrl: string;
+}>;
+/**
+ * Validates the MRTD signed challenge by sending the MRTD and IAS payloads to the issuer.
+ * This function must be called after {@link initChallenge} and after obtaining the MRTD and IAS payloads
+ * through the CIE PACE process.
+ *
+ * @param issuerConf - The issuer configuration containing the JWKS for signature verification.
+ * @param verifyUrl - The endpoint to call to validate the challenge.
+ * @param mrtd_auth_session - Session identifier for session binding obtained from the MRTD Proof JWT.
+ * @param mrtd_pop_nonce - Nonce value obtained from the MRTD Proof JWT.
+ * @param mrtd - MRTD validation data containing Data Groups and SOD.
+ * @param ias - IAS validation data containing Anti-Cloning Public Key, and SOD.
+ * @param context - The context containing the WIA crypto context used to retrieve the client public key,
+ * the wallet instance attestation and an optional fetch implementation.
+ * @returns The MRTD PoP Verification Result containing the validation nonce and redirect URI to complete the flow.
+ */
+export declare const validateChallenge: ValidateChallenge;
+/**
+ * WARNING: This function must be called after {@link validateChallenge}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
+ * Builds the callback URL to which the end user should be redirected to continue the authentication flow after the MRTD challenge validation.
+ * @param redirectUri - The redirect URI provided by the issuer after the challenge validation to continue the authentication flow.
+ * @param valPopNonce - The MRTD validation PoP nonce obtained from the challenge validation response.
+ * @param authSession - The MRTD authentication session identifier used for session binding.
+ * @returns An object containing the callback URL
+ */
+export declare const buildChallengeCallbackUrl: BuildChallengeCallbackUrl;
+//# sourceMappingURL=03-validate-challenge.d.ts.map

package/lib/typescript/credential/issuance/mrtd-pop/03-validate-challenge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"03-validate-challenge.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/mrtd-pop/03-validate-challenge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAG1E,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,qBAAqB,CAAC;AAGjE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EACL,yBAAyB,EACzB,KAAK,UAAU,EACf,KAAK,WAAW,EACjB,MAAM,SAAS,CAAC;AACjB,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AAExF,MAAM,MAAM,iBAAiB,GAAG,CAC9B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,SAAS,EAAE,MAAM,EACjB,iBAAiB,EAAE,MAAM,EACzB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,WAAW,EACjB,GAAG,EAAE,UAAU,EACf,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,yBAAyB,CAAC,CAAC;AAExC,MAAM,MAAM,yBAAyB,GAAG,CACtC,WAAW,EAAE,GAAG,CAAC,iBAAiB,CAAC,CAAC,cAAc,CAAC,EACnD,WAAW,EAAE,GAAG,CAAC,iBAAiB,CAAC,CAAC,oBAAoB,CAAC,EACzD,WAAW,EAAE,GAAG,CAAC,2BAA2B,CAAC,CAAC,mBAAmB,CAAC,KAC/D,OAAO,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC,CAAC;AAEH;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,iBAAiB,EAAE,iBAkE/B,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,yBAAyB,EAAE,yBAYvC,CAAC"}

package/lib/typescript/credential/issuance/mrtd-pop/index.d.ts

@@ -0,0 +1,7 @@
+import { verifyAndParseChallengeInfo, type VerifyAndParseChallengeInfo } from "./01-verify-and-parse-challenge-info";
+import { initChallenge, type InitChallenge } from "./02-init-challenge";
+import { validateChallenge, buildChallengeCallbackUrl, type ValidateChallenge, type BuildChallengeCallbackUrl } from "./03-validate-challenge";
+import type { MrtdPayload, IasPayload } from "./types";
+export { verifyAndParseChallengeInfo, initChallenge, validateChallenge, buildChallengeCallbackUrl, };
+export type { VerifyAndParseChallengeInfo, InitChallenge, ValidateChallenge, BuildChallengeCallbackUrl, MrtdPayload, IasPayload, };
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/credential/issuance/mrtd-pop/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/mrtd-pop/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,2BAA2B,EAC3B,KAAK,2BAA2B,EACjC,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACxE,OAAO,EACL,iBAAiB,EACjB,yBAAyB,EACzB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC/B,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAEvD,OAAO,EACL,2BAA2B,EAC3B,aAAa,EACb,iBAAiB,EACjB,yBAAyB,GAC1B,CAAC;AACF,YAAY,EACV,2BAA2B,EAC3B,aAAa,EACb,iBAAiB,EACjB,yBAAyB,EACzB,WAAW,EACX,UAAU,GACX,CAAC"}