@pagopa/io-react-native-wallet 2.3.0 → 2.4.0

package/lib/commonjs/credential/issuance/mrtd-pop/03-validate-challenge.js

@@ -0,0 +1,95 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.validateChallenge = exports.buildChallengeCallbackUrl = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _uuid = require("uuid");
+var _errors = require("../../../utils/errors");
+var _misc = require("../../../utils/misc");
+var _pop = require("../../../utils/pop");
+var WalletInstanceAttestation = _interopRequireWildcard(require("../../../wallet-instance-attestation"));
+var _types = require("./types");
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+/**
+ * Validates the MRTD signed challenge by sending the MRTD and IAS payloads to the issuer.
+ * This function must be called after {@link initChallenge} and after obtaining the MRTD and IAS payloads
+ * through the CIE PACE process.
+ *
+ * @param issuerConf - The issuer configuration containing the JWKS for signature verification.
+ * @param verifyUrl - The endpoint to call to validate the challenge.
+ * @param mrtd_auth_session - Session identifier for session binding obtained from the MRTD Proof JWT.
+ * @param mrtd_pop_nonce - Nonce value obtained from the MRTD Proof JWT.
+ * @param mrtd - MRTD validation data containing Data Groups and SOD.
+ * @param ias - IAS validation data containing Anti-Cloning Public Key, and SOD.
+ * @param context - The context containing the WIA crypto context used to retrieve the client public key,
+ * the wallet instance attestation and an optional fetch implementation.
+ * @returns The MRTD PoP Verification Result containing the validation nonce and redirect URI to complete the flow.
+ */
+const validateChallenge = async (issuerConf, verifyUrl, mrtd_auth_session, mrtd_pop_nonce, mrtd, ias, context) => {
+  const {
+    appFetch = fetch,
+    walletInstanceAttestation,
+    wiaCryptoContext
+  } = context;
+  const aud = issuerConf.openid_credential_issuer.credential_issuer;
+  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
+  const signedWiaPoP = await (0, _pop.createPopToken)({
+    jti: `${(0, _uuid.v4)()}`,
+    aud,
+    iss
+  }, wiaCryptoContext);
+  const {
+    kid
+  } = await wiaCryptoContext.getPublicKey();
+  const mrtd_validation_jwt = await new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setProtectedHeader({
+    typ: "mrtd-ias+jwt",
+    kid
+  }).setPayload({
+    iss,
+    aud,
+    document_type: "cie",
+    mrtd,
+    ias
+  }).setIssuedAt().setExpirationTime("5m").sign();
+  const requestBody = {
+    mrtd_validation_jwt,
+    mrtd_auth_session,
+    mrtd_pop_nonce
+  };
+  const verifyResult = await appFetch(verifyUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "OAuth-Client-Attestation": walletInstanceAttestation,
+      "OAuth-Client-Attestation-PoP": signedWiaPoP
+    },
+    body: JSON.stringify(requestBody)
+  }).then((0, _misc.hasStatusOrThrow)(202, _errors.IssuerResponseError)).then(res => res.json());
+  const verifyResultParsed = _types.MrtdPopVerificationResult.parse(verifyResult);
+  return verifyResultParsed;
+};
+
+/**
+ * WARNING: This function must be called after {@link validateChallenge}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
+ * Builds the callback URL to which the end user should be redirected to continue the authentication flow after the MRTD challenge validation.
+ * @param redirectUri - The redirect URI provided by the issuer after the challenge validation to continue the authentication flow.
+ * @param valPopNonce - The MRTD validation PoP nonce obtained from the challenge validation response.
+ * @param authSession - The MRTD authentication session identifier used for session binding.
+ * @returns An object containing the callback URL
+ */
+exports.validateChallenge = validateChallenge;
+const buildChallengeCallbackUrl = async (redirectUri, valPopNonce, authSession) => {
+  const params = new URLSearchParams({
+    mrtd_val_pop_nonce: valPopNonce,
+    mrtd_auth_session: authSession
+  });
+  const callbackUrl = `${redirectUri}?${params}`;
+  return {
+    callbackUrl
+  };
+};
+exports.buildChallengeCallbackUrl = buildChallengeCallbackUrl;
+//# sourceMappingURL=03-validate-challenge.js.map

package/lib/commonjs/credential/issuance/mrtd-pop/03-validate-challenge.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioReactNativeJwt","require","_uuid","_errors","_misc","_pop","WalletInstanceAttestation","_interopRequireWildcard","_types","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","validateChallenge","issuerConf","verifyUrl","mrtd_auth_session","mrtd_pop_nonce","mrtd","ias","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","aud","openid_credential_issuer","credential_issuer","iss","decode","payload","cnf","jwk","kid","signedWiaPoP","createPopToken","jti","uuidv4","getPublicKey","mrtd_validation_jwt","SignJWT","setProtectedHeader","typ","setPayload","document_type","setIssuedAt","setExpirationTime","sign","requestBody","verifyResult","method","headers","body","JSON","stringify","then","hasStatusOrThrow","IssuerResponseError","res","json","verifyResultParsed","MrtdPopVerificationResult","parse","exports","buildChallengeCallbackUrl","redirectUri","valPopNonce","authSession","params","URLSearchParams","mrtd_val_pop_nonce","callbackUrl"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/03-validate-challenge.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,KAAA,GAAAH,OAAA;AACA,IAAAI,IAAA,GAAAJ,OAAA;AACA,IAAAK,yBAAA,GAAAC,uBAAA,CAAAN,OAAA;AAEA,IAAAO,MAAA,GAAAP,OAAA;AAIiB,SAAAQ,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAyBjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMW,iBAAoC,GAAG,MAAAA,CAClDC,UAAU,EACVC,SAAS,EACTC,iBAAiB,EACjBC,cAAc,EACdC,IAAI,EACJC,GAAG,EACHC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,GAAG,GAAGX,UAAU,CAACY,wBAAwB,CAACC,iBAAiB;EACjE,MAAMC,GAAG,GAAGxC,yBAAyB,CAACyC,MAAM,CAACN,yBAAyB,CAAC,CACpEO,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,YAAY,GAAG,MAAM,IAAAC,mBAAc,EACvC;IACEC,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;IAClBZ,GAAG;IACHG;EACF,CAAC,EACDJ,gBACF,CAAC;EAED,MAAM;IAAES;EAAI,CAAC,GAAG,MAAMT,gBAAgB,CAACc,YAAY,CAAC,CAAC;EAErD,MAAMC,mBAAmB,GAAG,MAAM,IAAIC,yBAAO,CAAChB,gBAAgB,CAAC,CAC5DiB,kBAAkB,CAAC;IAClBC,GAAG,EAAE,cAAc;IACnBT;EACF,CAAC,CAAC,CACDU,UAAU,CAAC;IACVf,GAAG;IACHH,GAAG;IACHmB,aAAa,EAAE,KAAK;IACpB1B,IAAI;IACJC;EACF,CAAC,CAAC,CACD0B,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,WAAW,GAAG;IAClBT,mBAAmB;IACnBvB,iBAAiB;IACjBC;EACF,CAAC;EAED,MAAMgC,YAAY,GAAG,MAAM5B,QAAQ,CAACN,SAAS,EAAE;IAC7CmC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClC,0BAA0B,EAAE5B,yBAAyB;MACrD,8BAA8B,EAAEW;IAClC,CAAC;IACDkB,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACN,WAAW;EAClC,CAAC,CAAC,CACCO,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,MAAMC,kBAAkB,GAAGC,gCAAyB,CAACC,KAAK,CAACb,YAAY,CAAC;EACxE,OAAOW,kBAAkB;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAG,OAAA,CAAAlD,iBAAA,GAAAA,iBAAA;AAQO,MAAMmD,yBAAoD,GAAG,MAAAA,CAClEC,WAAW,EACXC,WAAW,EACXC,WAAW,KACR;EACH,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,kBAAkB,EAAEJ,WAAW;IAC/BlD,iBAAiB,EAAEmD;EACrB,CAAC,CAAC;EAEF,MAAMI,WAAW,GAAI,GAAEN,WAAY,IAAGG,MAAO,EAAC;EAC9C,OAAO;IAAEG;EAAY,CAAC;AACxB,CAAC;AAACR,OAAA,CAAAC,yBAAA,GAAAA,yBAAA"}

package/lib/commonjs/credential/issuance/mrtd-pop/README.md

@@ -0,0 +1,92 @@
+# MRTD PoP flow
+
+**MRTD-PoP (Machine Readable Travel Document - Proof of Possession)** flow for the IO Wallet, following the [eID Wallet L2+ Credential Issuance specification](https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-issuance-l2plus.html).
+
+The MRTD-PoP flow is used to prove possession of an MRTD (such as a CIE) during the issuance of high-assurance credentials. The process involves a challenge-response protocol between the wallet and the issuer, leveraging JWTs and cryptographic attestation.
+
+This flow is part of the [PID issuance flow](../README.md) and must be started after the `continueUserAuthorizationWithMRTDPoPChallenge` function. Once MRTD PoP is completed, the PID issuance flow must continue with the `completeUserAuthorizationWithQueryMode` function with the authorization url obtained from the validation.
+
+> **⚠️ Important**: The entire flow must be initiated and concluded within the same web context (e.g., the same WebView instance) to maintain session continuity. Using different contexts (such as switching between an external browser and a WebView) will result in session loss and authentication failures due to cookie/session mismatch (JSESSIONID).
+
+## Sequence Diagram
+
+```mermaid
+graph TD;
+    A@{ shape: subproc, label: "continueUserAuthorizationWithMRTDPoPChallenge" }
+    subgraph MRTD PoP
+    B[verifyAndParseChallengeInfo]
+    C[initChallenge]
+    E[validateChallenge]
+    end
+    F@{ shape: subproc, label: "completeUserAuthorizationWithQueryModeChallenge" }
+
+
+    A -.-> B
+    B --> C
+    C -->E
+    E -.-> F
+
+```
+
+## Example
+
+```typescript
+// Verify and parse challenge info and extract challenge data: initialization url, session and nonce
+const {
+  htu: initUrl,
+  mrtd_auth_session,
+  mrtd_pop_jwt_nonce,
+} = await Credential.Issuance.MRTDPoP.verifyAndParseChallengeInfo(
+  issuerConf,
+  challenge_info,
+  { wiaCryptoContext }
+);
+
+// Initialize challenge and obtain the challenge text to sign the CIE PACE protocol and validation url
+const {
+  htu: validationUrl,
+  challenge,
+  mrtd_pop_nonce,
+} = await Credential.Issuance.MRTDPoP.initChallenge(
+  issuerConf,
+  initUrl,
+  mrtd_auth_session,
+  mrtd_pop_jwt_nonce,
+  {
+    walletInstanceAttestation,
+    wiaCryptoContext,
+    appFetch,
+  }
+);
+
+// CIE cryptographic interaction: you need to sign the challenge with the CIE through NFC interaction
+const { nis, mrtds } = /* NFC interactions functions */
+
+// Validate challenge
+const { mrtd_val_pop_nonce, redirect_uri } =
+  await Credential.Issuance.MRTDPoP.validateChallenge(
+    issuerConf,
+    validationUrl,
+    mrtd_auth_session,
+    mrtd_pop_nonce,
+    mrtd,
+    ias,
+    {
+      walletInstanceAttestation,
+      wiaCryptoContext,
+      appFetch,
+    }
+  );
+
+// Build the callback url
+const { callbackUrl } = await Credential.Issuance.buildChallengeCallbackUrl(
+  redirect_uri,
+  mrtd_val_pop_nonce,
+  mrtd_auth_session
+);
+
+// The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
+const authRedirectUrl = /* From a browser or webview redirect */
+
+// Use the authRedirectUrl to continue the PID issuance flow
+```

package/lib/commonjs/credential/issuance/mrtd-pop/index.js

@@ -0,0 +1,33 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "buildChallengeCallbackUrl", {
+  enumerable: true,
+  get: function () {
+    return _validateChallenge.buildChallengeCallbackUrl;
+  }
+});
+Object.defineProperty(exports, "initChallenge", {
+  enumerable: true,
+  get: function () {
+    return _initChallenge.initChallenge;
+  }
+});
+Object.defineProperty(exports, "validateChallenge", {
+  enumerable: true,
+  get: function () {
+    return _validateChallenge.validateChallenge;
+  }
+});
+Object.defineProperty(exports, "verifyAndParseChallengeInfo", {
+  enumerable: true,
+  get: function () {
+    return _verifyAndParseChallengeInfo.verifyAndParseChallengeInfo;
+  }
+});
+var _verifyAndParseChallengeInfo = require("./01-verify-and-parse-challenge-info");
+var _initChallenge = require("./02-init-challenge");
+var _validateChallenge = require("./03-validate-challenge");
+//# sourceMappingURL=index.js.map

package/lib/commonjs/credential/issuance/mrtd-pop/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_verifyAndParseChallengeInfo","require","_initChallenge","_validateChallenge"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,IAAAA,4BAAA,GAAAC,OAAA;AAIA,IAAAC,cAAA,GAAAD,OAAA;AACA,IAAAE,kBAAA,GAAAF,OAAA"}

package/lib/commonjs/credential/issuance/mrtd-pop/types.js

@@ -0,0 +1,57 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.MrtdProofChallengeInfo = exports.MrtdPopVerificationResult = exports.MrtdPoPChallenge = void 0;
+var z = _interopRequireWildcard(require("zod"));
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+const MrtdProofChallengeInfo = z.object({
+  protectedHeader: z.object({
+    typ: z.literal("mrtd-ias+jwt"),
+    alg: z.string(),
+    kid: z.string()
+  }),
+  payload: z.object({
+    iss: z.string(),
+    aud: z.string(),
+    iat: z.number(),
+    exp: z.number(),
+    status: z.literal("require_interaction"),
+    type: z.literal("mrtd+ias"),
+    mrtd_auth_session: z.string(),
+    state: z.string(),
+    mrtd_pop_jwt_nonce: z.string(),
+    htu: z.string(),
+    htm: z.literal("POST")
+  })
+});
+exports.MrtdProofChallengeInfo = MrtdProofChallengeInfo;
+const MrtdPoPChallenge = z.object({
+  protectedHeader: z.object({
+    typ: z.literal("mrtd-ias-pop+jwt"),
+    alg: z.string(),
+    kid: z.string()
+  }),
+  payload: z.object({
+    iss: z.string(),
+    aud: z.string(),
+    iat: z.number(),
+    exp: z.number(),
+    challenge: z.string(),
+    mrtd_pop_nonce: z.string(),
+    mrz: z.string().optional(),
+    htu: z.string(),
+    htm: z.literal("POST")
+  })
+});
+exports.MrtdPoPChallenge = MrtdPoPChallenge;
+const MrtdPopVerificationResult = z.object({
+  status: z.literal("require_interaction"),
+  type: z.literal("redirect_to_web"),
+  mrtd_val_pop_nonce: z.string(),
+  redirect_uri: z.string()
+});
+exports.MrtdPopVerificationResult = MrtdPopVerificationResult;
+//# sourceMappingURL=types.js.map

package/lib/commonjs/credential/issuance/mrtd-pop/types.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","MrtdProofChallengeInfo","object","protectedHeader","typ","literal","alg","string","kid","payload","iss","aud","iat","number","exp","status","type","mrtd_auth_session","state","mrtd_pop_jwt_nonce","htu","htm","exports","MrtdPoPChallenge","challenge","mrtd_pop_nonce","mrz","optional","MrtdPopVerificationResult","mrtd_val_pop_nonce","redirect_uri"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGlB,MAAMW,sBAAsB,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EAC7CC,eAAe,EAAE3B,CAAC,CAAC0B,MAAM,CAAC;IACxBE,GAAG,EAAE5B,CAAC,CAAC6B,OAAO,CAAC,cAAc,CAAC;IAC9BC,GAAG,EAAE9B,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEhC,CAAC,CAAC+B,MAAM,CAAC;EAChB,CAAC,CAAC;EACFE,OAAO,EAAEjC,CAAC,CAAC0B,MAAM,CAAC;IAChBQ,GAAG,EAAElC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfI,GAAG,EAAEnC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfK,GAAG,EAAEpC,CAAC,CAACqC,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEtC,CAAC,CAACqC,MAAM,CAAC,CAAC;IACfE,MAAM,EAAEvC,CAAC,CAAC6B,OAAO,CAAC,qBAAqB,CAAC;IACxCW,IAAI,EAAExC,CAAC,CAAC6B,OAAO,CAAC,UAAU,CAAC;IAC3BY,iBAAiB,EAAEzC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IAC7BW,KAAK,EAAE1C,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACjBY,kBAAkB,EAAE3C,CAAC,CAAC+B,MAAM,CAAC,CAAC;IAC9Ba,GAAG,EAAE5C,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfc,GAAG,EAAE7C,CAAC,CAAC6B,OAAO,CAAC,MAAM;EACvB,CAAC;AACH,CAAC,CAAC;AAACiB,OAAA,CAAArB,sBAAA,GAAAA,sBAAA;AAGI,MAAMsB,gBAAgB,GAAG/C,CAAC,CAAC0B,MAAM,CAAC;EACvCC,eAAe,EAAE3B,CAAC,CAAC0B,MAAM,CAAC;IACxBE,GAAG,EAAE5B,CAAC,CAAC6B,OAAO,CAAC,kBAAkB,CAAC;IAClCC,GAAG,EAAE9B,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEhC,CAAC,CAAC+B,MAAM,CAAC;EAChB,CAAC,CAAC;EACFE,OAAO,EAAEjC,CAAC,CAAC0B,MAAM,CAAC;IAChBQ,GAAG,EAAElC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfI,GAAG,EAAEnC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfK,GAAG,EAAEpC,CAAC,CAACqC,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEtC,CAAC,CAACqC,MAAM,CAAC,CAAC;IACfW,SAAS,EAAEhD,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACrBkB,cAAc,EAAEjD,CAAC,CAAC+B,MAAM,CAAC,CAAC;IAC1BmB,GAAG,EAAElD,CAAC,CAAC+B,MAAM,CAAC,CAAC,CAACoB,QAAQ,CAAC,CAAC;IAC1BP,GAAG,EAAE5C,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfc,GAAG,EAAE7C,CAAC,CAAC6B,OAAO,CAAC,MAAM;EACvB,CAAC;AACH,CAAC,CAAC;AAACiB,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAiBI,MAAMK,yBAAyB,GAAGpD,CAAC,CAAC0B,MAAM,CAAC;EAChDa,MAAM,EAAEvC,CAAC,CAAC6B,OAAO,CAAC,qBAAqB,CAAC;EACxCW,IAAI,EAAExC,CAAC,CAAC6B,OAAO,CAAC,iBAAiB,CAAC;EAClCwB,kBAAkB,EAAErD,CAAC,CAAC+B,MAAM,CAAC,CAAC;EAC9BuB,YAAY,EAAEtD,CAAC,CAAC+B,MAAM,CAAC;AACzB,CAAC,CAAC;AAACe,OAAA,CAAAM,yBAAA,GAAAA,yBAAA"}

package/lib/commonjs/utils/auth.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.AuthorizationResultShape = exports.AuthorizationErrorShape = void 0;
+exports.AuthorizationResultShape = exports.AuthorizationErrorShape = exports.AuthorizationChallengeResultShape = void 0;
 var z = _interopRequireWildcard(require("zod"));
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
@@ -41,4 +41,12 @@ const AuthorizationErrorShape = z.object({
  * Type of the identification result.
  */
 exports.AuthorizationErrorShape = AuthorizationErrorShape;
+/**
+ * MRTD PoP Challenge Info response structure
+ */
+
+const AuthorizationChallengeResultShape = z.object({
+  challenge_info: z.string()
+});
+exports.AuthorizationChallengeResultShape = AuthorizationChallengeResultShape;
 //# sourceMappingURL=auth.js.map

package/lib/commonjs/utils/auth.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationResultShape","object","code","string","state","iss","optional","exports","AuthorizationErrorShape","error","error_description","error_uri"],"sourceRoot":"../../../src","sources":["utils/auth.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACO,MAAMW,wBAAwB,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EAC/CC,IAAI,EAAE3B,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAChBC,KAAK,EAAE7B,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACjBE,GAAG,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AAC3B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AALAC,OAAA,CAAAP,wBAAA,GAAAA,wBAAA;AAMO,MAAMQ,uBAAuB,GAAGjC,CAAC,CAAC0B,MAAM,CAAC;EAC9CQ,KAAK,EAAElC,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAAE;EACnBO,iBAAiB,EAAEnC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EACxCK,SAAS,EAAEpC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAChCF,KAAK,EAAE7B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AAC7B,CAAC,CAAC;;AAEF;AACA;AACA;AAFAC,OAAA,CAAAC,uBAAA,GAAAA,uBAAA"}
+{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationResultShape","object","code","string","state","iss","optional","exports","AuthorizationErrorShape","error","error_description","error_uri","AuthorizationChallengeResultShape","challenge_info"],"sourceRoot":"../../../src","sources":["utils/auth.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACO,MAAMW,wBAAwB,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EAC/CC,IAAI,EAAE3B,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAChBC,KAAK,EAAE7B,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACjBE,GAAG,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AAC3B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AALAC,OAAA,CAAAP,wBAAA,GAAAA,wBAAA;AAMO,MAAMQ,uBAAuB,GAAGjC,CAAC,CAAC0B,MAAM,CAAC;EAC9CQ,KAAK,EAAElC,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAAE;EACnBO,iBAAiB,EAAEnC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EACxCK,SAAS,EAAEpC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAChCF,KAAK,EAAE7B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AAC7B,CAAC,CAAC;;AAEF;AACA;AACA;AAFAC,OAAA,CAAAC,uBAAA,GAAAA,uBAAA;AAKA;AACA;AACA;;AAEO,MAAMI,iCAAiC,GAAGrC,CAAC,CAAC0B,MAAM,CAAC;EACxDY,cAAc,EAAEtC,CAAC,CAAC4B,MAAM,CAAC;AAC3B,CAAC,CAAC;AAACI,OAAA,CAAAK,iCAAA,GAAAA,iCAAA"}

package/lib/commonjs/utils/par.js

@@ -14,10 +14,15 @@ var _errors = require("./errors");
 var _logging = require("./logging");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-const AuthorizationDetail = z.object({
+const AuthorizationDetail = z.union([z.object({
   type: z.literal("openid_credential"),
   credential_configuration_id: z.string()
-});
+}), z.object({
+  type: z.literal("it_l2+document_proof"),
+  idphinting: z.string(),
+  challenge_method: z.literal("mrtd+ias"),
+  challenge_redirect_uri: z.string()
+})]);
 exports.AuthorizationDetail = AuthorizationDetail;
 const AuthorizationDetails = z.array(AuthorizationDetail);
 exports.AuthorizationDetails = AuthorizationDetails;

package/lib/commonjs/utils/par.js.map

@@ -1 +1 @@
-{"version":3,"names":["_ioReactNativeJwt","require","_uuid","z","_interopRequireWildcard","WalletInstanceAttestation","_misc","_pop","_errors","_logging","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationDetail","object","type","literal","credential_configuration_id","string","exports","AuthorizationDetails","array","ParResponse","request_uri","expires_in","number","makeParRequest","_ref","wiaCryptoContext","appFetch","parEndpoint","walletInstanceAttestation","_ref2","codeVerifier","responseMode","clientId","redirectUri","authorizationDetails","scope","aud","wiaPublicKey","getPublicKey","iss","decode","payload","cnf","jwk","kid","signedWiaPoP","createPopToken","jti","uuidv4","codeChallengeMethod","codeChallenge","sha256ToBase64","signedJwtForPar","SignJWT","setProtectedHeader","typ","setPayload","response_type","response_mode","client_id","state","generateRandomAlphaNumericString","code_challenge","code_challenge_method","redirect_uri","authorization_details","setIssuedAt","setExpirationTime","sign","formBody","URLSearchParams","request","Logger","log","LogLevel","DEBUG","method","headers","body","toString","then","hasStatusOrThrow","IssuerResponseError","res","json","parse","result"],"sourceRoot":"../../../src","sources":["utils/par.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AACA,IAAAI,yBAAA,GAAAD,uBAAA,CAAAH,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AACA,IAAAM,IAAA,GAAAN,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AACA,IAAAQ,QAAA,GAAAR,OAAA;AAA6C,SAAAS,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAP,wBAAAW,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGtC,MAAMW,mBAAmB,GAAG7B,CAAC,CAAC8B,MAAM,CAAC;EAC1CC,IAAI,EAAE/B,CAAC,CAACgC,OAAO,CAAC,mBAAmB,CAAC;EACpCC,2BAA2B,EAAEjC,CAAC,CAACkC,MAAM,CAAC;AACxC,CAAC,CAAC;AAACC,OAAA,CAAAN,mBAAA,GAAAA,mBAAA;AAGI,MAAMO,oBAAoB,GAAGpC,CAAC,CAACqC,KAAK,CAACR,mBAAmB,CAAC;AAACM,OAAA,CAAAC,oBAAA,GAAAA,oBAAA;AAG1D,MAAME,WAAW,GAAGtC,CAAC,CAAC8B,MAAM,CAAC;EAClCS,WAAW,EAAEvC,CAAC,CAACkC,MAAM,CAAC,CAAC;EACvBM,UAAU,EAAExC,CAAC,CAACyC,MAAM,CAAC;AACvB,CAAC,CAAC;AAACN,OAAA,CAAAG,WAAA,GAAAA,WAAA;AAcH;AACA;AACA;AACO,MAAMI,cAAc,GACzBC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC;EAIF,CAAC,GAAAF,IAAA;EAAA,OACD,OACEG,WAAmB,EACnBC,yBAAiC,EAAAC,KAAA,KAUb;IAAA,IATpB;MACEC,YAAY;MACZC,YAAY;MACZC,QAAQ;MACRC,WAAW;MACXC,oBAAoB;MACpBC,KAAK;MACLC;IACiB,CAAC,GAAAP,KAAA;IAEpB,MAAMQ,YAAY,GAAG,MAAMZ,gBAAgB,CAACa,YAAY,CAAC,CAAC;IAE1D,MAAMC,GAAG,GAAGxD,yBAAyB,CAACyD,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,YAAY,GAAG,MAAM,IAAAC,mBAAc,EACvC;MACEC,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;MAClBZ,GAAG;MACHG;IACF,CAAC,EACDd,gBACF,CAAC;;IAED;AACJ;AACA;IACI,MAAMwB,mBAAmB,GAAG,MAAM;IAClC,MAAMC,aAAa,GAAG,MAAM,IAAAC,gCAAc,EAACrB,YAAY,CAAC;;IAExD;AACJ;AACA;AACA;IACI,MAAMsB,eAAe,GAAG,MAAM,IAAIC,yBAAO,CAAC5B,gBAAgB,CAAC,CACxD6B,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVX,GAAG,EAAEP,YAAY,CAACO;IACpB,CAAC,CAAC,CACDY,UAAU,CAAC;MACVT,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;MAClBZ,GAAG;MACHqB,aAAa,EAAE,MAAM;MACrBC,aAAa,EAAE3B,YAAY;MAC3B4B,SAAS,EAAE3B,QAAQ;MACnBO,GAAG;MACHqB,KAAK,EAAE,IAAAC,sCAAgC,EAAC,EAAE,CAAC;MAC3CC,cAAc,EAAEZ,aAAa;MAC7Ba,qBAAqB,EAAEd,mBAAmB;MAC1Ce,YAAY,EAAE/B,WAAW;MACzB,IAAIC,oBAAoB,IAAI;QAC1B+B,qBAAqB,EAAE/B;MACzB,CAAC,CAAC;MACF,IAAIC,KAAK,IAAI;QAAEA;MAAM,CAAC;IACxB,CAAC,CAAC,CACD+B,WAAW,CAAC,CAAC,CAAC;IAAA,CACdC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;;IAET;IACA,IAAIC,QAAQ,GAAG,IAAIC,eAAe,CAAC;MACjCX,SAAS,EAAE3B,QAAQ;MACnBuC,OAAO,EAAEnB;IACX,CAAC,CAAC;IAEFoB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0BhD,WAAY,KAAI0C,QAAS,EACtD,CAAC;IAED,OAAO,MAAM3C,QAAQ,CAACC,WAAW,EAAE;MACjCiD,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD,0BAA0B,EAAEjD,yBAAyB;QACrD,8BAA8B,EAAEiB;MAClC,CAAC;MACDiC,IAAI,EAAET,QAAQ,CAACU,QAAQ,CAAC;IAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAC7D,WAAW,CAACkE,KAAK,CAAC,CACvBL,IAAI,CAAEM,MAAM,IAAKA,MAAM,CAAClE,WAAW,CAAC;EACzC,CAAC;AAAA;AAACJ,OAAA,CAAAO,cAAA,GAAAA,cAAA"}
+{"version":3,"names":["_ioReactNativeJwt","require","_uuid","z","_interopRequireWildcard","WalletInstanceAttestation","_misc","_pop","_errors","_logging","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationDetail","union","object","type","literal","credential_configuration_id","string","idphinting","challenge_method","challenge_redirect_uri","exports","AuthorizationDetails","array","ParResponse","request_uri","expires_in","number","makeParRequest","_ref","wiaCryptoContext","appFetch","parEndpoint","walletInstanceAttestation","_ref2","codeVerifier","responseMode","clientId","redirectUri","authorizationDetails","scope","aud","wiaPublicKey","getPublicKey","iss","decode","payload","cnf","jwk","kid","signedWiaPoP","createPopToken","jti","uuidv4","codeChallengeMethod","codeChallenge","sha256ToBase64","signedJwtForPar","SignJWT","setProtectedHeader","typ","setPayload","response_type","response_mode","client_id","state","generateRandomAlphaNumericString","code_challenge","code_challenge_method","redirect_uri","authorization_details","setIssuedAt","setExpirationTime","sign","formBody","URLSearchParams","request","Logger","log","LogLevel","DEBUG","method","headers","body","toString","then","hasStatusOrThrow","IssuerResponseError","res","json","parse","result"],"sourceRoot":"../../../src","sources":["utils/par.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AACA,IAAAI,yBAAA,GAAAD,uBAAA,CAAAH,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AACA,IAAAM,IAAA,GAAAN,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AACA,IAAAQ,QAAA,GAAAR,OAAA;AAA6C,SAAAS,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAP,wBAAAW,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGtC,MAAMW,mBAAmB,GAAG7B,CAAC,CAAC8B,KAAK,CAAC,CACzC9B,CAAC,CAAC+B,MAAM,CAAC;EACPC,IAAI,EAAEhC,CAAC,CAACiC,OAAO,CAAC,mBAAmB,CAAC;EACpCC,2BAA2B,EAAElC,CAAC,CAACmC,MAAM,CAAC;AACxC,CAAC,CAAC,EACFnC,CAAC,CAAC+B,MAAM,CAAC;EACPC,IAAI,EAAEhC,CAAC,CAACiC,OAAO,CAAC,sBAAsB,CAAC;EACvCG,UAAU,EAAEpC,CAAC,CAACmC,MAAM,CAAC,CAAC;EACtBE,gBAAgB,EAAErC,CAAC,CAACiC,OAAO,CAAC,UAAU,CAAC;EACvCK,sBAAsB,EAAEtC,CAAC,CAACmC,MAAM,CAAC;AACnC,CAAC,CAAC,CACH,CAAC;AAACI,OAAA,CAAAV,mBAAA,GAAAA,mBAAA;AAGI,MAAMW,oBAAoB,GAAGxC,CAAC,CAACyC,KAAK,CAACZ,mBAAmB,CAAC;AAACU,OAAA,CAAAC,oBAAA,GAAAA,oBAAA;AAG1D,MAAME,WAAW,GAAG1C,CAAC,CAAC+B,MAAM,CAAC;EAClCY,WAAW,EAAE3C,CAAC,CAACmC,MAAM,CAAC,CAAC;EACvBS,UAAU,EAAE5C,CAAC,CAAC6C,MAAM,CAAC;AACvB,CAAC,CAAC;AAACN,OAAA,CAAAG,WAAA,GAAAA,WAAA;AAcH;AACA;AACA;AACO,MAAMI,cAAc,GACzBC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC;EAIF,CAAC,GAAAF,IAAA;EAAA,OACD,OACEG,WAAmB,EACnBC,yBAAiC,EAAAC,KAAA,KAUb;IAAA,IATpB;MACEC,YAAY;MACZC,YAAY;MACZC,QAAQ;MACRC,WAAW;MACXC,oBAAoB;MACpBC,KAAK;MACLC;IACiB,CAAC,GAAAP,KAAA;IAEpB,MAAMQ,YAAY,GAAG,MAAMZ,gBAAgB,CAACa,YAAY,CAAC,CAAC;IAE1D,MAAMC,GAAG,GAAG5D,yBAAyB,CAAC6D,MAAM,CAACZ,yBAAyB,CAAC,CACpEa,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,YAAY,GAAG,MAAM,IAAAC,mBAAc,EACvC;MACEC,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;MAClBZ,GAAG;MACHG;IACF,CAAC,EACDd,gBACF,CAAC;;IAED;AACJ;AACA;IACI,MAAMwB,mBAAmB,GAAG,MAAM;IAClC,MAAMC,aAAa,GAAG,MAAM,IAAAC,gCAAc,EAACrB,YAAY,CAAC;;IAExD;AACJ;AACA;AACA;IACI,MAAMsB,eAAe,GAAG,MAAM,IAAIC,yBAAO,CAAC5B,gBAAgB,CAAC,CACxD6B,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVX,GAAG,EAAEP,YAAY,CAACO;IACpB,CAAC,CAAC,CACDY,UAAU,CAAC;MACVT,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;MAClBZ,GAAG;MACHqB,aAAa,EAAE,MAAM;MACrBC,aAAa,EAAE3B,YAAY;MAC3B4B,SAAS,EAAE3B,QAAQ;MACnBO,GAAG;MACHqB,KAAK,EAAE,IAAAC,sCAAgC,EAAC,EAAE,CAAC;MAC3CC,cAAc,EAAEZ,aAAa;MAC7Ba,qBAAqB,EAAEd,mBAAmB;MAC1Ce,YAAY,EAAE/B,WAAW;MACzB,IAAIC,oBAAoB,IAAI;QAC1B+B,qBAAqB,EAAE/B;MACzB,CAAC,CAAC;MACF,IAAIC,KAAK,IAAI;QAAEA;MAAM,CAAC;IACxB,CAAC,CAAC,CACD+B,WAAW,CAAC,CAAC,CAAC;IAAA,CACdC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;;IAET;IACA,IAAIC,QAAQ,GAAG,IAAIC,eAAe,CAAC;MACjCX,SAAS,EAAE3B,QAAQ;MACnBuC,OAAO,EAAEnB;IACX,CAAC,CAAC;IAEFoB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0BhD,WAAY,KAAI0C,QAAS,EACtD,CAAC;IAED,OAAO,MAAM3C,QAAQ,CAACC,WAAW,EAAE;MACjCiD,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD,0BAA0B,EAAEjD,yBAAyB;QACrD,8BAA8B,EAAEiB;MAClC,CAAC;MACDiC,IAAI,EAAET,QAAQ,CAACU,QAAQ,CAAC;IAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAAC7D,WAAW,CAACkE,KAAK,CAAC,CACvBL,IAAI,CAAEM,MAAM,IAAKA,MAAM,CAAClE,WAAW,CAAC;EACzC,CAAC;AAAA;AAACJ,OAAA,CAAAO,cAAA,GAAAA,cAAA"}

package/lib/module/credential/issuance/03-start-user-authorization.js

@@ -56,19 +56,23 @@ const selectResponseMode = (issuerConf, credentialIds) => {
  * it is possible to use the same access token for the issuance of all requested credentials.
  * This is an HTTP POST request containing the Wallet Instance identifier (client id), the code challenge and challenge method as specified by PKCE according to RFC 9126
  * along with the WTE and its proof of possession (WTE-PoP).
- * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details),
- * the application session identifier on the Wallet Instance side (state),
+ * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details), challenge method and
+ * redirect URI for the document proof step (if L2 flow), the application session identifier on the Wallet Instance side (state),
  * the method (query or form_post.jwt) by which the Authorization Server
  * should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
  * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
  * should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
  * @param issuerConf The issuer configuration
  * @param credentialIds The credential configuration IDs to be requested
- * @param ctx The context object containing the Wallet Instance's cryptographic context, the Wallet Instance's attestation, the redirect URI and the fetch implementation
+ * @param proof The configuration for the proof to be used in the request: "none" for standard flows, "document" for L2+ with MRTD verification.
+ * @param ctx The context object containing;
+ *  - wiaCryptoContext: the Wallet Instance's cryptographic context
+ *  - walletInstanceAttestation: the Wallet Instance's attestation
+ *  - redirectUri: the redirect URI
+ *  - appFetch: (optional) the fetch implementation
  * @returns The URI to which the end user should be redirected to start the authentication flow, along with the client id, the code verifier and the credential definition(s)
  */
-
-export const startUserAuthorization = async (issuerConf, credentialIds, ctx) => {
+export const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) => {
   const {
     wiaCryptoContext,
     walletInstanceAttestation,
@@ -83,12 +87,26 @@ export const startUserAuthorization = async (issuerConf, credentialIds, ctx) =>
   const codeVerifier = generateRandomAlphaNumericString(64);
   const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
   const aud = issuerConf.openid_credential_issuer.credential_issuer;
-  const credentialDefinition = credentialIds.map(c => selectCredentialDefinition(issuerConf, c));
   const responseMode = selectResponseMode(issuerConf, credentialIds);
   const getPar = makeParRequest({
     wiaCryptoContext,
     appFetch
   });
+  const credentialDefinition = [...credentialIds.map(c => selectCredentialDefinition(issuerConf, c))];
+  if (proof.proofType === "mrtd-pop") {
+    /**
+     * When we requests a PID using eID Substantial Authentication with MRTD Verification, we must include
+     * an additional Authorization Details Object in the authorization_details
+     *
+     * See https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-issuance-endpoint.html#pushed-authorization-request-endpoint
+     */
+    credentialDefinition.push({
+      type: "it_l2+document_proof",
+      idphinting: proof.idpHinting,
+      challenge_method: "mrtd+ias",
+      challenge_redirect_uri: redirectUri
+    });
+  }
   const issuerRequestUri = await getPar(parEndpoint, walletInstanceAttestation, {
     aud,
     clientId,

package/lib/module/credential/issuance/03-start-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","log","ERROR","JSON","stringify","Error","selectResponseMode","credentialIds","responseModeSupported","oauth_authorization_server","response_modes_supported","responseModeSet","Set","add","match","size","values","responseMode","DEBUG","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","aud","credential_issuer","credentialDefinition","c","getPar","issuerRequestUri","authorizationDetails"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAG7E,SAA8BC,cAAc,QAAQ,iBAAiB;AACrE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAkBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,YAA4C,KACpB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,YAAY,CAAC,CAAC,CACvCS,GAAG,CAAC,OAAO;IACVC,2BAA2B,EAAEV,YAAY;IACzCW,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACXN,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,wBAAuBb,YAAa,kEAAiEc,IAAI,CAACC,SAAS,CAACd,mCAAmC,CAAE,EAC5J,CAAC;IACD,MAAM,IAAIe,KAAK,CAAE,mCAAkChB,YAAa,GAAE,CAAC;EACrE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,kBAAkB,GAAGA,CACzBlB,UAAkD,EAClDmB,aAAuB,KACN;EACjB,MAAMC,qBAAqB,GACzBpB,UAAU,CAACqB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,eAAe,GAAG,IAAIC,GAAG,CAAe,CAAC;EAE/C,KAAK,MAAMvB,YAAY,IAAIkB,aAAa,EAAE;IACxCI,eAAe,CAACE,GAAG,CACjBxB,YAAY,CAACyB,KAAK,CAAC,2BAA2B,CAAC,GAC3C,OAAO,GACP,eACN,CAAC;EACH;EAEA,IAAIH,eAAe,CAACI,IAAI,KAAK,CAAC,EAAE;IAC9B7B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,GAAEK,aAAc,qCAAoC,CAAC,GAAGI,eAAe,CAACK,MAAM,CAAC,CAAC,CAAE,EACrF,CAAC;IACD,MAAM,IAAIX,KAAK,CACb,yGACF,CAAC;EACH;EAEA,MAAM,CAACY,YAAY,CAAC,GAAGN,eAAe,CAACK,MAAM,CAAC,CAAC;EAE/C9B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiC,KAAK,EACb,0BAAyBD,YAAa,uBAAsBV,aAAc,EAC7E,CAAC;EAED,IAAI,CAACC,qBAAqB,CAACX,QAAQ,CAACoB,YAAa,CAAC,EAAE;IAClD/B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,2BAA0Be,YAAa,kEAAiEd,IAAI,CAACC,SAAS,CAACI,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAIH,KAAK,CAAE,qCAAoCE,aAAc,GAAE,CAAC;EACxE;EAEA,OAAOU,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAME,sBAA8C,GAAG,MAAAA,CAC5D/B,UAAU,EACVmB,aAAa,EACba,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbxC,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,kCAAiCwB,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIrB,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAM0B,YAAY,GAAGhD,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAMiD,WAAW,GACf5C,UAAU,CAACqB,0BAA0B,CAACwB,qCAAqC;EAC7E,MAAMC,GAAG,GAAG9C,UAAU,CAACG,wBAAwB,CAAC4C,iBAAiB;EACjE,MAAMC,oBAAoB,GAAG7B,aAAa,CAACT,GAAG,CAAEuC,CAAC,IAC/ClD,0BAA0B,CAACC,UAAU,EAAEiD,CAAC,CAC1C,CAAC;EACD,MAAMpB,YAAY,GAAGX,kBAAkB,CAAClB,UAAU,EAAEmB,aAAa,CAAC;EAClE,MAAM+B,MAAM,GAAGtD,cAAc,CAAC;IAAEqC,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,MAAMe,gBAAgB,GAAG,MAAMD,MAAM,CACnCN,WAAW,EACXV,yBAAyB,EACzB;IACEY,GAAG;IACHR,QAAQ;IACRK,YAAY;IACZR,WAAW;IACXN,YAAY;IACZuB,oBAAoB,EAAEJ;EACxB,CACF,CAAC;EAED,OAAO;IAAEG,gBAAgB;IAAEb,QAAQ;IAAEK,YAAY;IAAEK;EAAqB,CAAC;AAC3E,CAAC"}
+{"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","log","ERROR","JSON","stringify","Error","selectResponseMode","credentialIds","responseModeSupported","oauth_authorization_server","response_modes_supported","responseModeSet","Set","add","match","size","values","responseMode","DEBUG","startUserAuthorization","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","aud","credential_issuer","getPar","credentialDefinition","c","proofType","push","idphinting","idpHinting","challenge_method","challenge_redirect_uri","issuerRequestUri","authorizationDetails"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAG7E,SAA8BC,cAAc,QAAQ,iBAAiB;AACrE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAmBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,YAA4C,KACpB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,YAAY,CAAC,CAAC,CACvCS,GAAG,CAAC,OAAO;IACVC,2BAA2B,EAAEV,YAAY;IACzCW,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACXN,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,wBAAuBb,YAAa,kEAAiEc,IAAI,CAACC,SAAS,CAACd,mCAAmC,CAAE,EAC5J,CAAC;IACD,MAAM,IAAIe,KAAK,CAAE,mCAAkChB,YAAa,GAAE,CAAC;EACrE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,kBAAkB,GAAGA,CACzBlB,UAAkD,EAClDmB,aAAuB,KACN;EACjB,MAAMC,qBAAqB,GACzBpB,UAAU,CAACqB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,eAAe,GAAG,IAAIC,GAAG,CAAe,CAAC;EAE/C,KAAK,MAAMvB,YAAY,IAAIkB,aAAa,EAAE;IACxCI,eAAe,CAACE,GAAG,CACjBxB,YAAY,CAACyB,KAAK,CAAC,2BAA2B,CAAC,GAC3C,OAAO,GACP,eACN,CAAC;EACH;EAEA,IAAIH,eAAe,CAACI,IAAI,KAAK,CAAC,EAAE;IAC9B7B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,GAAEK,aAAc,qCAAoC,CAAC,GAAGI,eAAe,CAACK,MAAM,CAAC,CAAC,CAAE,EACrF,CAAC;IACD,MAAM,IAAIX,KAAK,CACb,yGACF,CAAC;EACH;EAEA,MAAM,CAACY,YAAY,CAAC,GAAGN,eAAe,CAACK,MAAM,CAAC,CAAC;EAE/C9B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiC,KAAK,EACb,0BAAyBD,YAAa,uBAAsBV,aAAc,EAC7E,CAAC;EAED,IAAI,CAACC,qBAAqB,CAACX,QAAQ,CAACoB,YAAa,CAAC,EAAE;IAClD/B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,2BAA0Be,YAAa,kEAAiEd,IAAI,CAACC,SAAS,CAACI,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAIH,KAAK,CAAE,qCAAoCE,aAAc,GAAE,CAAC;EACxE;EAEA,OAAOU,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,sBAA8C,GAAG,MAAAA,CAC5D/B,UAAU,EACVmB,aAAa,EACba,KAAK,EACLC,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbzC,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,kCAAiCyB,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAItB,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAM2B,YAAY,GAAGjD,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAMkD,WAAW,GACf7C,UAAU,CAACqB,0BAA0B,CAACyB,qCAAqC;EAC7E,MAAMC,GAAG,GAAG/C,UAAU,CAACG,wBAAwB,CAAC6C,iBAAiB;EACjE,MAAMnB,YAAY,GAAGX,kBAAkB,CAAClB,UAAU,EAAEmB,aAAa,CAAC;EAClE,MAAM8B,MAAM,GAAGrD,cAAc,CAAC;IAAEsC,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAE7D,MAAMa,oBAAoB,GAAG,CAC3B,GAAG/B,aAAa,CAACT,GAAG,CAAEyC,CAAC,IAAKpD,0BAA0B,CAACC,UAAU,EAAEmD,CAAC,CAAC,CAAC,CACvE;EAED,IAAInB,KAAK,CAACoB,SAAS,KAAK,UAAU,EAAE;IAClC;AACJ;AACA;AACA;AACA;AACA;IACIF,oBAAoB,CAACG,IAAI,CAAC;MACxBzC,IAAI,EAAE,sBAAsB;MAC5B0C,UAAU,EAAEtB,KAAK,CAACuB,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAErB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAMsB,gBAAgB,GAAG,MAAMT,MAAM,CACnCJ,WAAW,EACXV,yBAAyB,EACzB;IACEY,GAAG;IACHR,QAAQ;IACRK,YAAY;IACZR,WAAW;IACXP,YAAY;IACZ8B,oBAAoB,EAAET;EACxB,CACF,CAAC;EAED,OAAO;IAAEQ,gBAAgB;IAAEnB,QAAQ;IAAEK,YAAY;IAAEM;EAAqB,CAAC;AAC3E,CAAC"}

package/lib/module/credential/issuance/04-complete-user-authorization.js

@@ -1,4 +1,4 @@
-import { AuthorizationErrorShape, AuthorizationResultShape } from "../../utils/auth";
+import { AuthorizationChallengeResultShape, AuthorizationErrorShape, AuthorizationResultShape } from "../../utils/auth";
 import { hasStatusOrThrow } from "../../utils/misc";
 import parseUrl from "parse-url";
 import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
@@ -14,6 +14,29 @@ import { Presentation } from "..";
  * The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
  */
 
+/**
+ * WARNING: this function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID, and the PID
+ * issuance requires a MRTD PoP challenge.
+ * @param authRedirectUrl The URL to which the end user should be redirected to start the MRTD PoP validation flow
+ * @returns the authorization response which contains the challenge
+ */
+export const continueUserAuthorizationWithMRTDPoPChallenge = async authRedirectUrl => {
+  Logger.log(LogLevel.DEBUG, `The requested credential is a PersonIdentificationData and requires MRTD PoP, starting MRTD PoP validation from auth redirect`);
+  const query = parseUrl(authRedirectUrl).query;
+  const authResParsed = AuthorizationChallengeResultShape.safeParse(query);
+  if (!authResParsed.success) {
+    const authErr = AuthorizationErrorShape.safeParse(query);
+    if (!authErr.success) {
+      Logger.log(LogLevel.ERROR, `Error while parsing the authorization response: ${authResParsed.error.message}`);
+      throw new AuthorizationError(authResParsed.error.message); // an error occured while parsing the result and the error
+    }
+
+    Logger.log(LogLevel.ERROR, `Error while authorizating with the idp: ${JSON.stringify(authErr)}`);
+    throw new AuthorizationIdpError(authErr.data.error, authErr.data.error_description);
+  }
+  return authResParsed.data;
+};
+
 /**
  * WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
  * Builds the authorization URL to which the end user should be redirected to continue the authentication flow.
@@ -46,7 +69,7 @@ export const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerCo
  * @returns the authorization response which contains code, state and iss
  */
 export const completeUserAuthorizationWithQueryMode = async authRedirectUrl => {
-  Logger.log(LogLevel.DEBUG, `The requeste credential is a PersonIdentificationData, completing the user authorization with query mode`);
+  Logger.log(LogLevel.DEBUG, `The requested credential is a PersonIdentificationData, completing the user authorization with query mode`);
   const query = parseUrl(authRedirectUrl).query;
   return parseAuthorizationResponse(query);
 };

package/lib/module/credential/issuance/04-complete-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","SignJWT","RequestObject","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","LogLevel","Logger","Presentation","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completeUserAuthorizationWithQueryMode","authRedirectUrl","log","DEBUG","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObject","method","then","res","text","jws","reqObj","safeParse","payload","success","ERROR","error","message","reason","data","completeUserAuthorizationWithFormPostJwtMode","pid","_ref","wiaCryptoContext","pidCryptoContext","dcql_query","Error","dcqlQueryResult","evaluateDcqlQuery","credentialsToPresent","map","_ref2","requiredDisclosures","rest","requestedClaims","_ref3","claimName","remotePresentations","prepareRemotePresentations","nonce","authzResponsePayload","createAuthzResponsePayload","state","body","response","resUriRes","response_uri","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","authResParsed","authErr","JSON","stringify","error_description","_ref4","kid","getPublicKey","setProtectedHeader","typ","setPayload","vp_token","reduce","_ref5","credentialId","vpToken","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,OAAO,QAEF,6BAA6B;AACpC,SAAkCC,aAAa,QAAQ,uBAAuB;AAC9E,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;AACpE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AACtD,SAASC,YAAY,QAAQ,IAAI;;AAGjC;AACA;AACA;;AA+BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXI,MAAM,CAACI,MAAM,CAAC,SAAS,EAAER,OAAO,CAAC;EACnC;EAEA,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAOC,eAAe,IAAK;EACzBjB,MAAM,CAACkB,GAAG,CACRnB,QAAQ,CAACoB,KAAK,EACb,0GACH,CAAC;EACD,MAAMC,KAAK,GAAG/B,QAAQ,CAAC4B,eAAe,CAAC,CAACG,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,mCAAwE,GACnF,eAAAA,CAAOnB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBkB,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7D3B,MAAM,CAACkB,GAAG,CACRnB,QAAQ,CAACoB,KAAK,EACb,sGACH,CAAC;EACD,MAAMZ,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEFH,MAAM,CAACkB,GAAG,CACRnB,QAAQ,CAACoB,KAAK,EACb,oCAAmCZ,oBAAqB,IAAGG,MAAM,CAACkB,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMN,QAAQ,CACjC,GAAEhB,oBAAqB,IAAGG,MAAM,CAACkB,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAC3C,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDyC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAK1C,MAAM,CAAC0C,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKzC,aAAa,CAAC0C,SAAS,CAACD,MAAM,CAACE,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACR,aAAa,CAACS,OAAO,EAAE;IAC1BtC,MAAM,CAACkB,GAAG,CACRnB,QAAQ,CAACwC,KAAK,EACb,+CAA8CV,aAAa,CAACW,KAAK,CAACC,OAAQ,EAC7E,CAAC;IACD,MAAM,IAAIlD,gBAAgB,CAAC;MACzBkD,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEb,aAAa,CAACW,KAAK,CAACC;IAC9B,CAAC,CAAC;EACJ;EACA,OAAOZ,aAAa,CAACc,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,4CAA0F,GACrG,MAAAA,CACEf,aAAa,EACbgB,GAAG,EAAAC,IAAA,KAEA;EAAA,IADH;IAAEC,gBAAgB;IAAEC,gBAAgB;IAAEzB,QAAQ,GAAGI;EAAM,CAAC,GAAAmB,IAAA;EAExD9C,MAAM,CAACkB,GAAG,CACRnB,QAAQ,CAACoB,KAAK,EACb,sHACH,CAAC;EAED,IAAI,CAACU,aAAa,CAACoB,UAAU,EAAE;IAC7B,MAAM,IAAIC,KAAK,CAAC,wBAAwB,CAAC;EAC3C;EAEA,MAAMC,eAAe,GAAGlD,YAAY,CAACmD,iBAAiB,CACpD,CAAC,CAACJ,gBAAgB,EAAEH,GAAG,CAAC,CAAC,EACzBhB,aAAa,CAACoB,UAChB,CAAC;EAED,MAAMI,oBAAoB,GAAGF,eAAe,CAACG,GAAG,CAC9CC,KAAA;IAAA,IAAC;MAAEC,mBAAmB;MAAE,GAAGC;IAAK,CAAC,GAAAF,KAAA;IAAA,OAAM;MACrC,GAAGE,IAAI;MACPC,eAAe,EAAEF,mBAAmB,CAACF,GAAG,CAACK,KAAA;QAAA,IAAC,GAAGC,SAAS,CAAC,GAAAD,KAAA;QAAA,OAAKC,SAAS;MAAA;IACvE,CAAC;EAAA,CACH,CAAC;EAED,MAAMC,mBAAmB,GAAG,MAAM5D,YAAY,CAAC6D,0BAA0B,CACvET,oBAAoB,EACpBxB,aAAa,CAACkC,KAAK,EACnBlC,aAAa,CAACjB,SAChB,CAAC;EAED,MAAMoD,oBAAoB,GAAG,MAAMC,0BAA0B,CAAC;IAC5DC,KAAK,EAAErC,aAAa,CAACqC,KAAK;IAC1BL,mBAAmB;IACnBd;EACF,CAAC,CAAC;EAEF/C,MAAM,CAACkB,GAAG,CACRnB,QAAQ,CAACoB,KAAK,EACb,2BAA0B6C,oBAAqB,EAClD,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAMG,IAAI,GAAG,IAAIxD,eAAe,CAAC;IAC/ByD,QAAQ,EAAEJ;EACZ,CAAC,CAAC,CAACpC,QAAQ,CAAC,CAAC;EAEb,MAAMyC,SAAS,GAAG,MAAM9C,QAAQ,CAACM,aAAa,CAACyC,YAAY,EAAE;IAC3DxC,MAAM,EAAE,MAAM;IACdyC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDJ;EACF,CAAC,CAAC,CACCpC,IAAI,CAAC3C,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDyC,IAAI,CAAEyC,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAG/E,sBAAsB,CAACyC,SAAS,CAACiC,SAAS,CAAC;EAC/D,IAAI,CAACK,WAAW,CAACpC,OAAO,EAAE;IACxBtC,MAAM,CAACkB,GAAG,CACRnB,QAAQ,CAACwC,KAAK,EACb,4CAA2CmC,WAAW,CAAClC,KAAK,CAACC,OAAQ,EACxE,CAAC;IACD,MAAM,IAAIlD,gBAAgB,CAAC;MACzBkD,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAEgC,WAAW,CAAClC,KAAK,CAACC;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMlB,QAAQ,CAACmD,WAAW,CAAC/B,IAAI,CAACgC,YAAY,CAAC,CACjD5C,IAAI,CAAC3C,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDyC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACnC,kBAAkB,CAAC,CACxBmC,IAAI,CAAE6C,KAAK,IAAKvD,0BAA0B,CAACuD,KAAK,CAACC,UAAU,CAACxC,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMhB,0BAA0B,GACrCyD,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAG5F,wBAAwB,CAACiD,SAAS,CAAC0C,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACzC,OAAO,EAAE;IAC1B,MAAM0C,OAAO,GAAG9F,uBAAuB,CAACkD,SAAS,CAAC0C,OAAO,CAAC;IAC1D,IAAI,CAACE,OAAO,CAAC1C,OAAO,EAAE;MACpBtC,MAAM,CAACkB,GAAG,CACRnB,QAAQ,CAACwC,KAAK,EACb,mDAAkDwC,aAAa,CAACvC,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAI5C,kBAAkB,CAACkF,aAAa,CAACvC,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAzC,MAAM,CAACkB,GAAG,CACRnB,QAAQ,CAACwC,KAAK,EACb,2CAA0C0C,IAAI,CAACC,SAAS,CAACF,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIlF,qBAAqB,CAC7BkF,OAAO,CAACrC,IAAI,CAACH,KAAK,EAClBwC,OAAO,CAACrC,IAAI,CAACwC,iBACf,CAAC;EACH;EACA,OAAOJ,aAAa,CAACpC,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMsB,0BAA0B,GAAG,MAAAmB,KAAA,IAQZ;EAAA,IARmB;IACxClB,KAAK;IACLL,mBAAmB;IACnBd;EAKF,CAAC,GAAAqC,KAAA;EACC,MAAM;IAAEC;EAAI,CAAC,GAAG,MAAMtC,gBAAgB,CAACuC,YAAY,CAAC,CAAC;EAErD,OAAO,IAAI7F,OAAO,CAACsD,gBAAgB,CAAC,CACjCwC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH;EACF,CAAC,CAAC,CACDI,UAAU,CAAC;IACV;AACN;AACA;AACA;AACA;IACM,IAAIvB,KAAK,GAAG;MAAEA;IAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3BwB,QAAQ,EAAE7B,mBAAmB,CAAC8B,MAAM,CAClC,CAACD,QAAQ,EAAAE,KAAA;MAAA,IAAE;QAAEC,YAAY;QAAEC;MAAQ,CAAC,GAAAF,KAAA;MAAA,OAAM;QACxC,GAAGF,QAAQ;QACX,CAACG,YAAY,GAAGC;MAClB,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC"}
+{"version":3,"names":["AuthorizationChallengeResultShape","AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","SignJWT","RequestObject","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","LogLevel","Logger","Presentation","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","log","DEBUG","query","authResParsed","safeParse","success","authErr","ERROR","error","message","JSON","stringify","data","error_description","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completeUserAuthorizationWithQueryMode","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObject","method","then","res","text","jws","reqObj","payload","reason","completeUserAuthorizationWithFormPostJwtMode","pid","_ref","wiaCryptoContext","pidCryptoContext","dcql_query","Error","dcqlQueryResult","evaluateDcqlQuery","credentialsToPresent","map","_ref2","requiredDisclosures","rest","requestedClaims","_ref3","claimName","remotePresentations","prepareRemotePresentations","nonce","authzResponsePayload","createAuthzResponsePayload","state","body","response","resUriRes","response_uri","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","_ref4","kid","getPublicKey","setProtectedHeader","typ","setPayload","vp_token","reduce","_ref5","credentialId","vpToken","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,iCAAiC,EACjCC,uBAAuB,EACvBC,wBAAwB,QAGnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,OAAO,QAEF,6BAA6B;AACpC,SAAkCC,aAAa,QAAQ,uBAAuB;AAC9E,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;AACpE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AACtD,SAASC,YAAY,QAAQ,IAAI;;AAGjC;AACA;AACA;;AAmCA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,6CAA4F,GACvG,MAAOC,eAAe,IAAK;EACzBH,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,+HACH,CAAC;EACD,MAAMC,KAAK,GAAGjB,QAAQ,CAACc,eAAe,CAAC,CAACG,KAAK;EAE7C,MAAMC,aAAa,GAAGtB,iCAAiC,CAACuB,SAAS,CAACF,KAAK,CAAC;EACxE,IAAI,CAACC,aAAa,CAACE,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAGxB,uBAAuB,CAACsB,SAAS,CAACF,KAAK,CAAC;IACxD,IAAI,CAACI,OAAO,CAACD,OAAO,EAAE;MACpBT,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,mDAAkDJ,aAAa,CAACK,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIhB,kBAAkB,CAACU,aAAa,CAACK,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAb,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,2CAA0CG,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIZ,qBAAqB,CAC7BY,OAAO,CAACM,IAAI,CAACJ,KAAK,EAClBF,OAAO,CAACM,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOV,aAAa,CAACS,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXI,MAAM,CAACI,MAAM,CAAC,SAAS,EAAER,OAAO,CAAC;EACnC;EAEA,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAO7B,eAAe,IAAK;EACzBH,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,2GACH,CAAC;EACD,MAAMC,KAAK,GAAGjB,QAAQ,CAACc,eAAe,CAAC,CAACG,KAAK;EAE7C,OAAO2B,0BAA0B,CAAC3B,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM4B,mCAAwE,GACnF,eAAAA,CAAOf,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBc,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7DvC,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,sGACH,CAAC;EACD,MAAMkB,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEFnB,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,oCAAmCkB,oBAAqB,IAAGG,MAAM,CAACc,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMN,QAAQ,CACjC,GAAEZ,oBAAqB,IAAGG,MAAM,CAACc,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACvD,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKtD,MAAM,CAACsD,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKrD,aAAa,CAACc,SAAS,CAACuC,MAAM,CAACC,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACP,aAAa,CAAChC,OAAO,EAAE;IAC1BT,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,+CAA8C8B,aAAa,CAAC7B,KAAK,CAACC,OAAQ,EAC7E,CAAC;IACD,MAAM,IAAItB,gBAAgB,CAAC;MACzBsB,OAAO,EAAE,kCAAkC;MAC3CoC,MAAM,EAAER,aAAa,CAAC7B,KAAK,CAACC;IAC9B,CAAC,CAAC;EACJ;EACA,OAAO4B,aAAa,CAACzB,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMkC,4CAA0F,GACrG,MAAAA,CACET,aAAa,EACbU,GAAG,EAAAC,IAAA,KAEA;EAAA,IADH;IAAEC,gBAAgB;IAAEC,gBAAgB;IAAEnB,QAAQ,GAAGI;EAAM,CAAC,GAAAa,IAAA;EAExDpD,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,sHACH,CAAC;EAED,IAAI,CAACoC,aAAa,CAACc,UAAU,EAAE;IAC7B,MAAM,IAAIC,KAAK,CAAC,wBAAwB,CAAC;EAC3C;EAEA,MAAMC,eAAe,GAAGxD,YAAY,CAACyD,iBAAiB,CACpD,CAAC,CAACJ,gBAAgB,EAAEH,GAAG,CAAC,CAAC,EACzBV,aAAa,CAACc,UAChB,CAAC;EAED,MAAMI,oBAAoB,GAAGF,eAAe,CAACG,GAAG,CAC9CC,KAAA;IAAA,IAAC;MAAEC,mBAAmB;MAAE,GAAGC;IAAK,CAAC,GAAAF,KAAA;IAAA,OAAM;MACrC,GAAGE,IAAI;MACPC,eAAe,EAAEF,mBAAmB,CAACF,GAAG,CAACK,KAAA;QAAA,IAAC,GAAGC,SAAS,CAAC,GAAAD,KAAA;QAAA,OAAKC,SAAS;MAAA;IACvE,CAAC;EAAA,CACH,CAAC;EAED,MAAMC,mBAAmB,GAAG,MAAMlE,YAAY,CAACmE,0BAA0B,CACvET,oBAAoB,EACpBlB,aAAa,CAAC4B,KAAK,EACnB5B,aAAa,CAACb,SAChB,CAAC;EAED,MAAM0C,oBAAoB,GAAG,MAAMC,0BAA0B,CAAC;IAC5DC,KAAK,EAAE/B,aAAa,CAAC+B,KAAK;IAC1BL,mBAAmB;IACnBd;EACF,CAAC,CAAC;EAEFrD,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,2BAA0BiE,oBAAqB,EAClD,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAMG,IAAI,GAAG,IAAI9C,eAAe,CAAC;IAC/B+C,QAAQ,EAAEJ;EACZ,CAAC,CAAC,CAAC9B,QAAQ,CAAC,CAAC;EAEb,MAAMmC,SAAS,GAAG,MAAMxC,QAAQ,CAACM,aAAa,CAACmC,YAAY,EAAE;IAC3DlC,MAAM,EAAE,MAAM;IACdmC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDJ;EACF,CAAC,CAAC,CACC9B,IAAI,CAACvD,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqD,IAAI,CAAEmC,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGrF,sBAAsB,CAACa,SAAS,CAACmE,SAAS,CAAC;EAC/D,IAAI,CAACK,WAAW,CAACvE,OAAO,EAAE;IACxBT,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,4CAA2CqE,WAAW,CAACpE,KAAK,CAACC,OAAQ,EACxE,CAAC;IACD,MAAM,IAAItB,gBAAgB,CAAC;MACzBsB,OAAO,EAAE,gCAAgC;MACzCoC,MAAM,EAAE+B,WAAW,CAACpE,KAAK,CAACC;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMsB,QAAQ,CAAC6C,WAAW,CAAChE,IAAI,CAACiE,YAAY,CAAC,CACjDtC,IAAI,CAACvD,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC/C,kBAAkB,CAAC,CACxB+C,IAAI,CAAEuC,KAAK,IAAKjD,0BAA0B,CAACiD,KAAK,CAACC,UAAU,CAACnC,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMf,0BAA0B,GACrCmD,OAAgB,IACQ;EACxB,MAAM7E,aAAa,GAAGpB,wBAAwB,CAACqB,SAAS,CAAC4E,OAAO,CAAC;EACjE,IAAI,CAAC7E,aAAa,CAACE,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAGxB,uBAAuB,CAACsB,SAAS,CAAC4E,OAAO,CAAC;IAC1D,IAAI,CAAC1E,OAAO,CAACD,OAAO,EAAE;MACpBT,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,mDAAkDJ,aAAa,CAACK,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIhB,kBAAkB,CAACU,aAAa,CAACK,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAb,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,2CAA0CG,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIZ,qBAAqB,CAC7BY,OAAO,CAACM,IAAI,CAACJ,KAAK,EAClBF,OAAO,CAACM,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOV,aAAa,CAACS,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMuD,0BAA0B,GAAG,MAAAc,KAAA,IAQZ;EAAA,IARmB;IACxCb,KAAK;IACLL,mBAAmB;IACnBd;EAKF,CAAC,GAAAgC,KAAA;EACC,MAAM;IAAEC;EAAI,CAAC,GAAG,MAAMjC,gBAAgB,CAACkC,YAAY,CAAC,CAAC;EAErD,OAAO,IAAI9F,OAAO,CAAC4D,gBAAgB,CAAC,CACjCmC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH;EACF,CAAC,CAAC,CACDI,UAAU,CAAC;IACV;AACN;AACA;AACA;AACA;IACM,IAAIlB,KAAK,GAAG;MAAEA;IAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3BmB,QAAQ,EAAExB,mBAAmB,CAACyB,MAAM,CAClC,CAACD,QAAQ,EAAAE,KAAA;MAAA,IAAE;QAAEC,YAAY;QAAEC;MAAQ,CAAC,GAAAF,KAAA;MAAA,OAAM;QACxC,GAAGF,QAAQ;QACX,CAACG,YAAY,GAAGC;MAClB,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC"}