npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.1 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1551) hide show

package/lib/typescript/credential/issuance/api/IssuerConfig.d.ts ADDED Viewed

@@ -0,0 +1,423 @@
+import { z } from "zod";
+/**
+ * Common Issuer configuration, decoupled from specific IT-Wallet versions.
+ */
+export type IssuerConfig = z.infer<typeof IssuerConfig>;
+export declare const IssuerConfig: z.ZodObject<{
+    credential_issuer: z.ZodString;
+    pushed_authorization_request_endpoint: z.ZodString;
+    authorization_endpoint: z.ZodString;
+    token_endpoint: z.ZodString;
+    nonce_endpoint: z.ZodString;
+    status_assertion_endpoint: z.ZodOptional<z.ZodString>;
+    credential_endpoint: z.ZodString;
+    keys: z.ZodArray<z.ZodObject<{
+        alg: z.ZodOptional<z.ZodString>;
+        crv: z.ZodOptional<z.ZodString>;
+        d: z.ZodOptional<z.ZodString>;
+        dp: z.ZodOptional<z.ZodString>;
+        dq: z.ZodOptional<z.ZodString>;
+        e: z.ZodOptional<z.ZodString>;
+        ext: z.ZodOptional<z.ZodBoolean>;
+        k: z.ZodOptional<z.ZodString>;
+        key_ops: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        kid: z.ZodOptional<z.ZodString>;
+        kty: z.ZodUnion<[z.ZodLiteral<"RSA">, z.ZodLiteral<"EC">]>;
+        n: z.ZodOptional<z.ZodString>;
+        p: z.ZodOptional<z.ZodString>;
+        q: z.ZodOptional<z.ZodString>;
+        qi: z.ZodOptional<z.ZodString>;
+        use: z.ZodOptional<z.ZodString>;
+        x: z.ZodOptional<z.ZodString>;
+        y: z.ZodOptional<z.ZodString>;
+        x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        x5t: z.ZodOptional<z.ZodString>;
+        "x5t#S256": z.ZodOptional<z.ZodString>;
+        x5u: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        kty: "RSA" | "EC";
+        alg?: string | undefined;
+        crv?: string | undefined;
+        d?: string | undefined;
+        dp?: string | undefined;
+        dq?: string | undefined;
+        e?: string | undefined;
+        ext?: boolean | undefined;
+        k?: string | undefined;
+        key_ops?: string[] | undefined;
+        kid?: string | undefined;
+        n?: string | undefined;
+        p?: string | undefined;
+        q?: string | undefined;
+        qi?: string | undefined;
+        use?: string | undefined;
+        x?: string | undefined;
+        y?: string | undefined;
+        x5c?: string[] | undefined;
+        x5t?: string | undefined;
+        "x5t#S256"?: string | undefined;
+        x5u?: string | undefined;
+    }, {
+        kty: "RSA" | "EC";
+        alg?: string | undefined;
+        crv?: string | undefined;
+        d?: string | undefined;
+        dp?: string | undefined;
+        dq?: string | undefined;
+        e?: string | undefined;
+        ext?: boolean | undefined;
+        k?: string | undefined;
+        key_ops?: string[] | undefined;
+        kid?: string | undefined;
+        n?: string | undefined;
+        p?: string | undefined;
+        q?: string | undefined;
+        qi?: string | undefined;
+        use?: string | undefined;
+        x?: string | undefined;
+        y?: string | undefined;
+        x5c?: string[] | undefined;
+        x5t?: string | undefined;
+        "x5t#S256"?: string | undefined;
+        x5u?: string | undefined;
+    }>, "many">;
+    credential_configurations_supported: z.ZodRecord<z.ZodString, z.ZodIntersection<z.ZodDiscriminatedUnion<"format", [z.ZodObject<{
+        format: z.ZodLiteral<"dc+sd-jwt">;
+        vct: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        format: "dc+sd-jwt";
+        vct: string;
+    }, {
+        format: "dc+sd-jwt";
+        vct: string;
+    }>, z.ZodObject<{
+        format: z.ZodLiteral<"mso_mdoc">;
+        doctype: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        format: "mso_mdoc";
+        doctype: string;
+    }, {
+        format: "mso_mdoc";
+        doctype: string;
+    }>]>, z.ZodObject<{
+        scope: z.ZodString;
+        display: z.ZodArray<z.ZodObject<{
+            name: z.ZodString;
+            locale: z.ZodString;
+        }, "strip", z.ZodTypeAny, {
+            name: string;
+            locale: string;
+        }, {
+            name: string;
+            locale: string;
+        }>, "many">;
+        claims: z.ZodArray<z.ZodObject<{
+            path: z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodNull]>, "many">;
+            display: z.ZodArray<z.ZodObject<{
+                name: z.ZodString;
+                locale: z.ZodString;
+            }, "strip", z.ZodTypeAny, {
+                name: string;
+                locale: string;
+            }, {
+                name: string;
+                locale: string;
+            }>, "many">;
+        }, "strip", z.ZodTypeAny, {
+            path: (string | number | null)[];
+            display: {
+                name: string;
+                locale: string;
+            }[];
+        }, {
+            path: (string | number | null)[];
+            display: {
+                name: string;
+                locale: string;
+            }[];
+        }>, "many">;
+        /**
+         * @deprecated Use the Credentials Catalogue to get the Auth Source
+         */
+        authentic_source: z.ZodOptional<z.ZodString>;
+        /**
+         * @deprecated Kept for backward compatibility with v0.7.1
+         */
+        issuance_errors_supported: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+            display: z.ZodArray<z.ZodObject<{
+                title: z.ZodString;
+                description: z.ZodString;
+                locale: z.ZodString;
+            }, "strip", z.ZodTypeAny, {
+                title: string;
+                locale: string;
+                description: string;
+            }, {
+                title: string;
+                locale: string;
+                description: string;
+            }>, "many">;
+        }, "strip", z.ZodTypeAny, {
+            display: {
+                title: string;
+                locale: string;
+                description: string;
+            }[];
+        }, {
+            display: {
+                title: string;
+                locale: string;
+                description: string;
+            }[];
+        }>>>;
+    }, "strip", z.ZodTypeAny, {
+        display: {
+            name: string;
+            locale: string;
+        }[];
+        scope: string;
+        claims: {
+            path: (string | number | null)[];
+            display: {
+                name: string;
+                locale: string;
+            }[];
+        }[];
+        authentic_source?: string | undefined;
+        issuance_errors_supported?: Record<string, {
+            display: {
+                title: string;
+                locale: string;
+                description: string;
+            }[];
+        }> | undefined;
+    }, {
+        display: {
+            name: string;
+            locale: string;
+        }[];
+        scope: string;
+        claims: {
+            path: (string | number | null)[];
+            display: {
+                name: string;
+                locale: string;
+            }[];
+        }[];
+        authentic_source?: string | undefined;
+        issuance_errors_supported?: Record<string, {
+            display: {
+                title: string;
+                locale: string;
+                description: string;
+            }[];
+        }> | undefined;
+    }>>>;
+    federation_entity: z.ZodObject<{
+        federation_fetch_endpoint: z.ZodOptional<z.ZodString>;
+        federation_list_endpoint: z.ZodOptional<z.ZodString>;
+        federation_resolve_endpoint: z.ZodOptional<z.ZodString>;
+        federation_trust_mark_status_endpoint: z.ZodOptional<z.ZodString>;
+        federation_trust_mark_list_endpoint: z.ZodOptional<z.ZodString>;
+        federation_trust_mark_endpoint: z.ZodOptional<z.ZodString>;
+        federation_historical_keys_endpoint: z.ZodOptional<z.ZodString>;
+        endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodString>;
+        organization_name: z.ZodOptional<z.ZodString>;
+        homepage_uri: z.ZodOptional<z.ZodString>;
+        policy_uri: z.ZodOptional<z.ZodString>;
+        logo_uri: z.ZodOptional<z.ZodString>;
+        contacts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        federation_fetch_endpoint: z.ZodOptional<z.ZodString>;
+        federation_list_endpoint: z.ZodOptional<z.ZodString>;
+        federation_resolve_endpoint: z.ZodOptional<z.ZodString>;
+        federation_trust_mark_status_endpoint: z.ZodOptional<z.ZodString>;
+        federation_trust_mark_list_endpoint: z.ZodOptional<z.ZodString>;
+        federation_trust_mark_endpoint: z.ZodOptional<z.ZodString>;
+        federation_historical_keys_endpoint: z.ZodOptional<z.ZodString>;
+        endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodString>;
+        organization_name: z.ZodOptional<z.ZodString>;
+        homepage_uri: z.ZodOptional<z.ZodString>;
+        policy_uri: z.ZodOptional<z.ZodString>;
+        logo_uri: z.ZodOptional<z.ZodString>;
+        contacts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        federation_fetch_endpoint: z.ZodOptional<z.ZodString>;
+        federation_list_endpoint: z.ZodOptional<z.ZodString>;
+        federation_resolve_endpoint: z.ZodOptional<z.ZodString>;
+        federation_trust_mark_status_endpoint: z.ZodOptional<z.ZodString>;
+        federation_trust_mark_list_endpoint: z.ZodOptional<z.ZodString>;
+        federation_trust_mark_endpoint: z.ZodOptional<z.ZodString>;
+        federation_historical_keys_endpoint: z.ZodOptional<z.ZodString>;
+        endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodString>;
+        organization_name: z.ZodOptional<z.ZodString>;
+        homepage_uri: z.ZodOptional<z.ZodString>;
+        policy_uri: z.ZodOptional<z.ZodString>;
+        logo_uri: z.ZodOptional<z.ZodString>;
+        contacts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    }, z.ZodTypeAny, "passthrough">>;
+    credential_issuance_batch_size: z.ZodOptional<z.ZodNumber>;
+    /**
+     * @deprecated
+     */
+    response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "strip", z.ZodTypeAny, {
+    keys: {
+        kty: "RSA" | "EC";
+        alg?: string | undefined;
+        crv?: string | undefined;
+        d?: string | undefined;
+        dp?: string | undefined;
+        dq?: string | undefined;
+        e?: string | undefined;
+        ext?: boolean | undefined;
+        k?: string | undefined;
+        key_ops?: string[] | undefined;
+        kid?: string | undefined;
+        n?: string | undefined;
+        p?: string | undefined;
+        q?: string | undefined;
+        qi?: string | undefined;
+        use?: string | undefined;
+        x?: string | undefined;
+        y?: string | undefined;
+        x5c?: string[] | undefined;
+        x5t?: string | undefined;
+        "x5t#S256"?: string | undefined;
+        x5u?: string | undefined;
+    }[];
+    federation_entity: {
+        federation_fetch_endpoint?: string | undefined;
+        federation_list_endpoint?: string | undefined;
+        federation_resolve_endpoint?: string | undefined;
+        federation_trust_mark_status_endpoint?: string | undefined;
+        federation_trust_mark_list_endpoint?: string | undefined;
+        federation_trust_mark_endpoint?: string | undefined;
+        federation_historical_keys_endpoint?: string | undefined;
+        endpoint_auth_signing_alg_values_supported?: string | undefined;
+        organization_name?: string | undefined;
+        homepage_uri?: string | undefined;
+        policy_uri?: string | undefined;
+        logo_uri?: string | undefined;
+        contacts?: string[] | undefined;
+    } & {
+        [k: string]: unknown;
+    };
+    credential_issuer: string;
+    pushed_authorization_request_endpoint: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    nonce_endpoint: string;
+    credential_endpoint: string;
+    credential_configurations_supported: Record<string, ({
+        format: "dc+sd-jwt";
+        vct: string;
+    } | {
+        format: "mso_mdoc";
+        doctype: string;
+    }) & {
+        display: {
+            name: string;
+            locale: string;
+        }[];
+        scope: string;
+        claims: {
+            path: (string | number | null)[];
+            display: {
+                name: string;
+                locale: string;
+            }[];
+        }[];
+        authentic_source?: string | undefined;
+        issuance_errors_supported?: Record<string, {
+            display: {
+                title: string;
+                locale: string;
+                description: string;
+            }[];
+        }> | undefined;
+    }>;
+    status_assertion_endpoint?: string | undefined;
+    credential_issuance_batch_size?: number | undefined;
+    response_modes_supported?: string[] | undefined;
+}, {
+    keys: {
+        kty: "RSA" | "EC";
+        alg?: string | undefined;
+        crv?: string | undefined;
+        d?: string | undefined;
+        dp?: string | undefined;
+        dq?: string | undefined;
+        e?: string | undefined;
+        ext?: boolean | undefined;
+        k?: string | undefined;
+        key_ops?: string[] | undefined;
+        kid?: string | undefined;
+        n?: string | undefined;
+        p?: string | undefined;
+        q?: string | undefined;
+        qi?: string | undefined;
+        use?: string | undefined;
+        x?: string | undefined;
+        y?: string | undefined;
+        x5c?: string[] | undefined;
+        x5t?: string | undefined;
+        "x5t#S256"?: string | undefined;
+        x5u?: string | undefined;
+    }[];
+    federation_entity: {
+        federation_fetch_endpoint?: string | undefined;
+        federation_list_endpoint?: string | undefined;
+        federation_resolve_endpoint?: string | undefined;
+        federation_trust_mark_status_endpoint?: string | undefined;
+        federation_trust_mark_list_endpoint?: string | undefined;
+        federation_trust_mark_endpoint?: string | undefined;
+        federation_historical_keys_endpoint?: string | undefined;
+        endpoint_auth_signing_alg_values_supported?: string | undefined;
+        organization_name?: string | undefined;
+        homepage_uri?: string | undefined;
+        policy_uri?: string | undefined;
+        logo_uri?: string | undefined;
+        contacts?: string[] | undefined;
+    } & {
+        [k: string]: unknown;
+    };
+    credential_issuer: string;
+    pushed_authorization_request_endpoint: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    nonce_endpoint: string;
+    credential_endpoint: string;
+    credential_configurations_supported: Record<string, ({
+        format: "dc+sd-jwt";
+        vct: string;
+    } | {
+        format: "mso_mdoc";
+        doctype: string;
+    }) & {
+        display: {
+            name: string;
+            locale: string;
+        }[];
+        scope: string;
+        claims: {
+            path: (string | number | null)[];
+            display: {
+                name: string;
+                locale: string;
+            }[];
+        }[];
+        authentic_source?: string | undefined;
+        issuance_errors_supported?: Record<string, {
+            display: {
+                title: string;
+                locale: string;
+                description: string;
+            }[];
+        }> | undefined;
+    }>;
+    status_assertion_endpoint?: string | undefined;
+    credential_issuance_batch_size?: number | undefined;
+    response_modes_supported?: string[] | undefined;
+}>;
+//# sourceMappingURL=IssuerConfig.d.ts.map

package/lib/typescript/credential/issuance/api/IssuerConfig.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"IssuerConfig.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/api/IssuerConfig.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA4CxB;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AACxD,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAfrB;;WAEG;;QAEH;;WAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAqBL;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEH,CAAC"}

package/lib/typescript/credential/issuance/api/index.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { type EvaluateIssuerTrustApi } from "./01-evaluate-issuer-trust";
+import { type StartUserAuthorizationApi } from "./02-start-user-authorization";
+import { type CompleteUserAuthorizationApi } from "./03-complete-user-authorization";
+import { type AuthorizeAccessApi } from "./04-authorize-access";
+import { type ObtainCredentialApi } from "./05-obtain-credential";
+import { type VerifyAndParseCredentialApi } from "./06-verify-and-parse-credential";
+import { type MRTDPoPApi } from "./mrtd-pop";
+export interface IssuanceApi extends EvaluateIssuerTrustApi, StartUserAuthorizationApi, CompleteUserAuthorizationApi, AuthorizeAccessApi, ObtainCredentialApi, VerifyAndParseCredentialApi {
+    MRTDPoP: MRTDPoPApi;
+}
+export type { IssuerConfig } from "./IssuerConfig";
+export type * as MRTDPoP from "./mrtd-pop";
+export type * from "./types";
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/credential/issuance/api/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACzE,OAAO,EAAE,KAAK,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,KAAK,4BAA4B,EAAE,MAAM,kCAAkC,CAAC;AACrF,OAAO,EAAE,KAAK,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,KAAK,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AACpF,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,MAAM,WAAW,WACf,SAAQ,sBAAsB,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,kBAAkB,EAClB,mBAAmB,EACnB,2BAA2B;IAC7B,OAAO,EAAE,UAAU,CAAC;CACrB;AAED,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACnD,YAAY,KAAK,OAAO,MAAM,YAAY,CAAC;AAC3C,mBAAmB,SAAS,CAAC"}

package/lib/typescript/credential/issuance/api/mrtd-pop/index.d.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import type { CryptoContext } from "@pagopa/io-react-native-jwt";
+import type { IssuerConfig } from "../IssuerConfig";
+import type { IasPayload, MrtdPayload, MrtdPoPChallenge, MrtdPopVerificationResult, MrtdProofChallengeInfo } from "./types";
+export interface MRTDPoPApi {
+    /**
+     * Verifies and parses the payload of a MRTD Proof Challenge Info JWT obtained after the primary authentication.
+     *
+     * This function performs the following steps:
+     * 1. Validates the JWT signature using the issuer's JWKS.
+     * 2. Decodes the JWT and parses its structure according to the {@link MrtdProofChallengeInfo} schema.
+     * 3. Verifies that the `aud` claim matches the client's public key ID.
+     * 4. Checks that the JWT is not expired and was not issued in the future.
+     *
+     * @param issuerConf - The issuer configuration containing the JWKS for signature verification.
+     * @param challengeInfoJwt - The JWT string representing the MRTD Proof Challenge Info.
+     * @param context - The context containing the WIA crypto context used to retrieve the client public key.
+     * @returns The parsed payload of the MRTD Proof Challenge Info JWT.
+     * @throws {Error} If the JWT signature is invalid, the structure is malformed, the `aud` claim does not match,
+     * or the JWT is expired/not yet valid.
+     */
+    verifyAndParseChallengeInfo(issuerConf: IssuerConfig, challengeInfoJwt: string, context: {
+        wiaCryptoContext: CryptoContext;
+    }): Promise<MrtdProofChallengeInfo>;
+    /**
+     * Initializes the MRTD challenge with the data received from the issuer after the primary authentication.
+     * This function must be called after {@link verifyAndParseChallengeInfo}.
+     *
+     * @param issuerConf - The issuer configuration containing the JWKS for signature verification.
+     * @param initUrl - The endpoint to call to initialize the challenge.
+     * @param mrtd_auth_session - Session identifier for session binding obtained from the MRTD Proof JWT.
+     * @param mrtd_pop_jwt_nonce - Nonce value obtained from the MRTD Proof JWT.
+     * @param context - The context containing the WIA crypto context used to retrieve the client public key,
+     * the wallet instance attestation and an optional fetch implementation.
+     * @returns The payload of the MRTD PoP Challenge JWT.
+     */
+    initChallenge(issuerConf: IssuerConfig, initUrl: string, mrtd_auth_session: string, mrtd_pop_jwt_nonce: string, context: {
+        wiaCryptoContext: CryptoContext;
+        walletInstanceAttestation: string;
+        appFetch?: GlobalFetch["fetch"];
+    }): Promise<MrtdPoPChallenge>;
+    /**
+     * Validates the MRTD signed challenge by sending the MRTD and IAS payloads to the issuer.
+     * This function must be called after {@link initChallenge} and after obtaining the MRTD and IAS payloads
+     * through the CIE PACE process.
+     *
+     * @param issuerConf - The issuer configuration containing the JWKS for signature verification.
+     * @param verifyUrl - The endpoint to call to validate the challenge.
+     * @param mrtd_auth_session - Session identifier for session binding obtained from the MRTD Proof JWT.
+     * @param mrtd_pop_nonce - Nonce value obtained from the MRTD Proof JWT.
+     * @param mrtd - MRTD validation data containing Data Groups and SOD.
+     * @param ias - IAS validation data containing Anti-Cloning Public Key, and SOD.
+     * @param context - The context containing the WIA crypto context used to retrieve the client public key,
+     * the wallet instance attestation and an optional fetch implementation.
+     * @returns The MRTD PoP Verification Result containing the validation nonce and redirect URI to complete the flow.
+     */
+    validateChallenge(issuerConf: IssuerConfig, verifyUrl: string, mrtd_auth_session: string, mrtd_pop_nonce: string, mrtd: MrtdPayload, ias: IasPayload, context: {
+        wiaCryptoContext: CryptoContext;
+        walletInstanceAttestation: string;
+        appFetch?: GlobalFetch["fetch"];
+    }): Promise<MrtdPopVerificationResult>;
+    /**
+     * WARNING: This function must be called after {@link validateChallenge}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
+     * Builds the callback URL to which the end user should be redirected to continue the authentication flow after the MRTD challenge validation.
+     * @param redirectUri - The redirect URI provided by the issuer after the challenge validation to continue the authentication flow.
+     * @param valPopNonce - The MRTD validation PoP nonce obtained from the challenge validation response.
+     * @param authSession - The MRTD authentication session identifier used for session binding.
+     * @returns An object containing the callback URL
+     */
+    buildChallengeCallbackUrl(redirectUri: string, valPopNonce: string, authSession: string): Promise<{
+        callbackUrl: string;
+    }>;
+}
+export * from "./types";
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/credential/issuance/api/mrtd-pop/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/credential/issuance/api/mrtd-pop/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,KAAK,EACV,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,yBAAyB,EACzB,sBAAsB,EACvB,MAAM,SAAS,CAAC;AAEjB,MAAM,WAAW,UAAU;IACzB;;;;;;;;;;;;;;;OAeG;IACH,2BAA2B,CACzB,UAAU,EAAE,YAAY,EACxB,gBAAgB,EAAE,MAAM,EACxB,OAAO,EAAE;QACP,gBAAgB,EAAE,aAAa,CAAC;KACjC,GACA,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAEnC;;;;;;;;;;;OAWG;IACH,aAAa,CACX,UAAU,EAAE,YAAY,EACxB,OAAO,EAAE,MAAM,EACf,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,EAAE,MAAM,EAC1B,OAAO,EAAE;QACP,gBAAgB,EAAE,aAAa,CAAC;QAChC,yBAAyB,EAAE,MAAM,CAAC;QAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;KACjC,GACA,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAE7B;;;;;;;;;;;;;;OAcG;IACH,iBAAiB,CACf,UAAU,EAAE,YAAY,EACxB,SAAS,EAAE,MAAM,EACjB,iBAAiB,EAAE,MAAM,EACzB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,WAAW,EACjB,GAAG,EAAE,UAAU,EACf,OAAO,EAAE;QACP,gBAAgB,EAAE,aAAa,CAAC;QAChC,yBAAyB,EAAE,MAAM,CAAC;QAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;KACjC,GACA,OAAO,CAAC,yBAAyB,CAAC,CAAC;IAEtC;;;;;;;OAOG;IACH,yBAAyB,CACvB,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrC;AAED,cAAc,SAAS,CAAC"}

package/lib/typescript/credential/issuance/api/mrtd-pop/types.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+export type MrtdPayload = {
+    dg1: string;
+    dg11: string;
+    sod_mrtd: string;
+};
+export type IasPayload = {
+    ias_pk: string;
+    sod_ias: string;
+    challenge_signed: string;
+};
+export type MrtdProofChallengeInfo = {
+    iss: string;
+    aud: string;
+    iat: number;
+    exp: number;
+    status: "require_interaction";
+    type: "mrtd+ias";
+    mrtd_auth_session: string;
+    state: string;
+    mrtd_pop_jwt_nonce: string;
+    htu: string;
+    htm: "POST";
+};
+export type MrtdPoPChallenge = {
+    challenge: string;
+    mrtd_pop_nonce: string;
+    pop_verify_endpoint: string;
+    mrz?: string;
+};
+export type MrtdPopVerificationResult = {
+    mrtd_val_pop_nonce: string;
+    redirect_uri: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/lib/typescript/credential/issuance/api/mrtd-pop/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../../src/credential/issuance/api/mrtd-pop/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,WAAW,GAAG;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,qBAAqB,CAAC;IAC9B,IAAI,EAAE,UAAU,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,kBAAkB,EAAE,MAAM,CAAC;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC"}

package/lib/typescript/credential/issuance/api/types.d.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import * as z from "zod";
+export type CredentialFormat = "dc+sd-jwt" | "mso_mdoc";
+export type ParsedCredential = {
+    /** Attribute key */
+    [claim: string]: {
+        name: /* if i18n is provided */ Record<string, string> | /* if no i18n is provided */ string | undefined;
+        value: unknown;
+    };
+};
+export type AuthorizationDetail = z.infer<typeof AuthorizationDetail>;
+export declare const AuthorizationDetail: z.ZodObject<{
+    type: z.ZodLiteral<"openid_credential">;
+    credential_configuration_id: z.ZodString;
+    credential_identifiers: z.ZodArray<z.ZodString, "many">;
+}, "strip", z.ZodTypeAny, {
+    type: "openid_credential";
+    credential_configuration_id: string;
+    credential_identifiers: string[];
+}, {
+    type: "openid_credential";
+    credential_configuration_id: string;
+    credential_identifiers: string[];
+}>;
+export type TokenResponse = z.infer<typeof TokenResponse>;
+export declare const TokenResponse: z.ZodObject<{
+    access_token: z.ZodString;
+    refresh_token: z.ZodOptional<z.ZodString>;
+    authorization_details: z.ZodArray<z.ZodObject<{
+        type: z.ZodLiteral<"openid_credential">;
+        credential_configuration_id: z.ZodString;
+        credential_identifiers: z.ZodArray<z.ZodString, "many">;
+    }, "strip", z.ZodTypeAny, {
+        type: "openid_credential";
+        credential_configuration_id: string;
+        credential_identifiers: string[];
+    }, {
+        type: "openid_credential";
+        credential_configuration_id: string;
+        credential_identifiers: string[];
+    }>, "many">;
+    expires_in: z.ZodOptional<z.ZodNumber>;
+    token_type: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    authorization_details: {
+        type: "openid_credential";
+        credential_configuration_id: string;
+        credential_identifiers: string[];
+    }[];
+    access_token: string;
+    token_type: string;
+    expires_in?: number | undefined;
+    refresh_token?: string | undefined;
+}, {
+    authorization_details: {
+        type: "openid_credential";
+        credential_configuration_id: string;
+        credential_identifiers: string[];
+    }[];
+    access_token: string;
+    token_type: string;
+    expires_in?: number | undefined;
+    refresh_token?: string | undefined;
+}>;
+//# sourceMappingURL=types.d.ts.map

package/lib/typescript/credential/issuance/api/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/api/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,UAAU,CAAC;AAGxD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,oBAAoB;IACpB,CAAC,KAAK,EAAE,MAAM,GAAG;QACf,IAAI,EACA,yBAAyB,CAAC,MAAM,CAC9B,MAAM,EACN,MAAM,CACP,GACD,4BAA4B,CAAC,MAAM,GACnC,SAAS,CAAC;QACd,KAAK,EAAE,OAAO,CAAC;KAChB,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AACtE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;EAI9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMxB,CAAC"}

package/lib/typescript/credential/issuance/common/02-start-user-authorization.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { AuthorizationDetail } from "../../../utils/par";
+import type { IssuerConfig } from "../api";
+type ResponseMode = "query" | "form_post.jwt";
+/**
+ * Ensures that the credential type requested is supported by the issuer and contained in the
+ * issuer configuration.
+ * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param credentialId The credential configuration ID to be requested;
+ * @returns The credential definition to be used in the request which includes the format and the type and its type
+ */
+export declare const selectCredentialDefinition: (issuerConf: IssuerConfig, credentialId: string) => AuthorizationDetail;
+/**
+ * Ensures that the response mode requested is supported by the issuer and contained in the issuer configuration.
+ * When multiple credentials are provided, all of them must support the same response_mode.
+ * @param issuerConf The issuer configuration
+ * @param credentialIds The credential configuration IDs to be requested
+ * @returns The response mode to be used in the request, "query" for PersonIdentificationData and "form_post.jwt" for all other types.
+ */
+export declare const selectResponseMode: (issuerConf: IssuerConfig, credentialIds: string[]) => ResponseMode;
+export {};
+//# sourceMappingURL=02-start-user-authorization.d.ts.map

package/lib/typescript/credential/issuance/common/02-start-user-authorization.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"02-start-user-authorization.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/common/02-start-user-authorization.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAE3C,KAAK,YAAY,GAAG,OAAO,GAAG,eAAe,CAAC;AAE9C;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,eACzB,YAAY,gBACV,MAAM,KACnB,mBAmBF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,kBAAkB,eACjB,YAAY,iBACT,MAAM,EAAE,KACtB,YAsCF,CAAC"}

package/lib/typescript/credential/issuance/common/06-verify-and-parse-credential.mdoc.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { IssuanceApi } from "../api";
+export declare const verifyAndParseCredentialMDoc: IssuanceApi["verifyAndParseCredential"];
+//# sourceMappingURL=06-verify-and-parse-credential.mdoc.d.ts.map

package/lib/typescript/credential/issuance/common/06-verify-and-parse-credential.mdoc.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"06-verify-and-parse-credential.mdoc.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/common/06-verify-and-parse-credential.mdoc.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,WAAW,EAAkC,MAAM,QAAQ,CAAC;AA0K1E,eAAO,MAAM,4BAA4B,EAAE,WAAW,CAAC,0BAA0B,CAqD9E,CAAC"}

package/lib/typescript/credential/issuance/common/06-verify-and-parse-credential.sdjwt.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { IssuanceApi } from "../api";
+export declare const verifyAndParseCredentialSdJwt: IssuanceApi["verifyAndParseCredential"];
+//# sourceMappingURL=06-verify-and-parse-credential.sdjwt.d.ts.map