npm - @pagopa/io-react-native-wallet - Versions diffs - 3.0.0 → 3.1.0 - Mend

@pagopa/io-react-native-wallet 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (409) hide show

package/src/credential/issuance/v1.3.3/03-complete-user-authorization.ts CHANGED Viewed

@@ -20,6 +20,7 @@ import {
   IoWalletError,
   sdkUnexpectedStatusCodeToIssuerError,
 } from "../../../utils/errors";
+import { sdkConfigV1_3 } from "../../../utils/config";
 import type { IssuanceApi } from "../api";
 import { mapToRequestObject } from "./mappers";
 import type { RemotePresentation } from "../../presentation";
@@ -101,6 +102,7 @@ export const getRequestedCredentialToBePresented: IssuanceApi["getRequestedCrede
     }).catch(sdkUnexpectedStatusCodeToIssuerError);
     const parsedAuthRequest = await parseAuthorizeRequest({
+      config: sdkConfigV1_3,
       requestObjectJwt: authRequest.requestObjectJwt,
       callbacks: partialCallbacks,
     });

package/src/credential/issuance/v1.3.3/05-obtain-credential.ts CHANGED Viewed

@@ -3,11 +3,11 @@ import { createTokenDPoP } from "@pagopa/io-wallet-oauth2";
 import {
   fetchCredentialResponse,
   createCredentialRequest,
-  type CredentialRequestOptionsV1_3,
 } from "@pagopa/io-wallet-oid4vci";
 import { UnexpectedStatusCodeError as SdkUnexpectedStatusCodeError } from "@pagopa/io-wallet-utils";
 import { hasStatusOrThrow } from "../../../utils/misc";
 import {
+  IoWalletError,
   IssuerResponseError,
   IssuerResponseErrorCodes,
   ResponseErrorBuilder,
@@ -50,9 +50,17 @@ export const obtainCredential: IssuanceApi["obtainCredential"] = async (
 ) => {
   const {
     credentialCryptoContext,
-    appFetch = fetch,
     dPopCryptoContext,
+    walletUnitAttestation,
+    appFetch = fetch,
   } = context;
+  if (!walletUnitAttestation) {
+    throw new ValidationFailed({
+      message:
+        "The Wallet Unit Attestation is required to obtain the credential",
+    });
+  }
   const { credential_configuration_id, credential_identifier } =
     credentialDefinition;
@@ -88,8 +96,9 @@ export const obtainCredential: IssuanceApi["obtainCredential"] = async (
   const signerJwk = await credentialCryptoContext.getPublicKey();
   const credentialRequest = await createCredentialRequest({
-    config: sdkConfigV1_3 as CredentialRequestOptionsV1_3["config"],
+    config: sdkConfigV1_3,
     callbacks: {
+      hash: partialCallbacks.hash,
       signJwt: async (_, payload) => ({
         jwt: await new SignJWT(credentialCryptoContext)
           .setPayload(payload)
@@ -101,12 +110,14 @@ export const obtainCredential: IssuanceApi["obtainCredential"] = async (
     credential_identifier: credentialDefinition.credential_identifier!,
     issuerIdentifier: issuerConf.credential_issuer,
     nonce: c_nonce,
-    keyAttestation: "", // TODO
-    signer: {
-      alg: "ES256",
-      method: "jwk",
-      publicJwk: signerJwk,
-    },
+    keyAttestation: walletUnitAttestation,
+    signers: [
+      {
+        alg: "ES256",
+        method: "jwk",
+        publicJwk: signerJwk,
+      },
+    ],
   });
   const dPopSignerJwk = await dPopCryptoContext.getPublicKey();
@@ -131,7 +142,6 @@ export const obtainCredential: IssuanceApi["obtainCredential"] = async (
     accessToken: accessToken.access_token,
   });
-  // TODO: handle issuance errors
   const credentialRes = await fetchCredentialResponse({
     callbacks: {
       fetch: appFetch,
@@ -151,9 +161,13 @@ export const obtainCredential: IssuanceApi["obtainCredential"] = async (
   const issuerCredentialConfig =
     issuerConf.credential_configurations_supported[credential_configuration_id];
+  if ("transaction_id" in credentialRes) {
+    throw new IoWalletError("Deferred issuance is not supported");
+  }
   // TODO: [SIW-2264] Handle multiple credentials
   return {
-    credential: credentialRes.credentials!.at(0)!.credential,
+    credential: credentialRes.credentials.at(0)!.credential,
     format: issuerCredentialConfig!.format,
   };
 };

package/src/credential/issuance/v1.3.3/mappers.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { MetadataResponse } from "@pagopa/io-wallet-oid4vci";
+import type { MetadataResponseV1_3 } from "@pagopa/io-wallet-oid4vci";
 import type { ParsedAuthorizeRequestResult } from "@pagopa/io-wallet-oid4vp";
 import { assert } from "../../../utils/misc";
 import { createMapper } from "../../../utils/mappers";
@@ -9,12 +9,12 @@ import { IssuerConfig } from "../api/IssuerConfig";
 type CredentialConfigurations =
   IssuerConfig["credential_configurations_supported"];
 type OpenIdCredentialIssuer =
-  MetadataResponse["metadata"]["openid_credential_issuer"];
+  MetadataResponseV1_3["metadata"]["openid_credential_issuer"];
 const mapCredentialConfigurationsSupported = (
-  oidIssuer: OpenIdCredentialIssuer
+  oidIssuer: NonNullable<OpenIdCredentialIssuer>
 ): CredentialConfigurations =>
-  Object.entries(oidIssuer!.credential_configurations_supported).reduce(
+  Object.entries(oidIssuer.credential_configurations_supported).reduce(
     (acc, [key, config]) => {
       acc[key] = {
         ...(config.format === "dc+sd-jwt"
@@ -33,7 +33,10 @@ const mapCredentialConfigurationsSupported = (
     {} as CredentialConfigurations
   );
-export const mapToIssuerConfig = createMapper<MetadataResponse, IssuerConfig>(
+export const mapToIssuerConfig = createMapper<
+  MetadataResponseV1_3,
+  IssuerConfig
+>(
   (x) => {
     const {
       oauth_authorization_server,
@@ -61,8 +64,6 @@ export const mapToIssuerConfig = createMapper<MetadataResponse, IssuerConfig>(
       pushed_authorization_request_endpoint:
         oauth_authorization_server.pushed_authorization_request_endpoint,
       token_endpoint: oauth_authorization_server.token_endpoint,
-      status_assertion_endpoint:
-        openid_credential_issuer.status_attestation_endpoint,
       nonce_endpoint: openid_credential_issuer.nonce_endpoint!,
       federation_entity: federation_entity ?? {},
       credential_issuance_batch_size:
@@ -78,9 +79,9 @@ export const mapToRequestObject = createMapper<
 >(({ payload }) => ({
   iss: payload.iss ?? "UNKNOWN_ISSUER",
   client_id: payload.client_id,
-  dcql_query: payload.dcql_query!,
+  dcql_query: payload.dcql_query,
   nonce: payload.nonce,
-  response_uri: payload.response_uri!,
+  response_uri: payload.response_uri,
   state: payload.state,
   response_mode: payload.response_mode,
   response_type: payload.response_type,

package/src/credential/presentation/api/RelyingPartyConfig.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import * as z from "zod";
-import { jsonWebKeySchema } from "@openid-federation/core";
+import { jsonWebKeySchema } from "@pagopa/io-wallet-oid-federation";
 import { FederationEntityMetadata } from "../../../trust/common/types";
 /**

package/src/credential/presentation/common/utils/sd-jwt.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { digest } from "@sd-jwt/crypto-nodejs";
 import type { DcqlSdJwtVcCredential } from "dcql";
 import { IoWalletError } from "../../../../utils/errors";
 import { LEGACY_SD_JWT } from "../../../../sd-jwt/types";
+import { fixLegacyCredentialSdJwt } from "../../../../utils/credentials";
 import type { Credential4Dcql } from "../../api";
 type CustomDcqlSdJwtVcCredential = DcqlSdJwtVcCredential & {
@@ -51,7 +52,9 @@ export const mapCredentialsToObj = async (
   return Promise.all(
     credentials.map(async (credential) => {
-      const decodedRawSdJwt = await sdJwt.decode(credential[1]);
+      const decodedRawSdJwt = await sdJwt.decode(
+        fixLegacyCredentialSdJwt(credential[1])
+      );
       const claims = await getClaimsFromDecodedSdJwt(decodedRawSdJwt);
       return {
         vct: decodedRawSdJwt.jwt?.payload?.vct as string,

package/src/credential/presentation/v1.0.0/04-verify-request-object.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
-import { type typeToFlattenedError } from "zod";
+import { type z } from "zod";
 import type { RelyingPartyConfig, RemotePresentationApi } from "../api";
 import { InvalidRequestObjectError } from "../common/errors";
 import { RequestObjectPayload } from "./types";
@@ -97,7 +97,7 @@ const getSigPublicKey = (
  * Utility to format flattened Zod errors into a simplified string `key1: key1_error, key2: key2_error`
  */
 const formatFlattenedZodErrors = (
-  errors: typeToFlattenedError<RequestObjectPayload>
+  errors: z.core.$ZodFlattenedError<RequestObjectPayload>
 ): string =>
   Object.entries(errors.fieldErrors)
     .map(([key, error]) => `${key}: ${error[0]}`)

package/src/credential/presentation/v1.3.3/04-verify-request-object.ts CHANGED Viewed

@@ -1,13 +1,15 @@
 import type { RemotePresentationApi } from "../api";
 import { parseAuthorizeRequest as sdkParseAuthorizeRequest } from "@pagopa/io-wallet-oid4vp";
 import { partialCallbacks } from "../../../utils/callbacks";
-import { mapToRequestObject } from "./mappers";
-import { mapSdkRequestObjectError } from "./sdkErrorMapper";
+import { sdkConfigV1_3 } from "../../../utils/config";
 import { InvalidRequestObjectError } from "../common/errors";
+import { mapSdkRequestObjectError } from "./sdkErrorMapper";
+import { mapToRequestObject } from "./mappers";
 export const verifyRequestObject: RemotePresentationApi["verifyRequestObject"] =
   async (requestObjectEncodedJwt, { clientId, rpConf }) => {
     const parsedRequestObject = await sdkParseAuthorizeRequest({
+      config: sdkConfigV1_3,
       requestObjectJwt: requestObjectEncodedJwt,
       callbacks: {
         verifyJwt: partialCallbacks.verifyJwt,

package/src/credentials-catalogue/api/DigitalCredentialsCatalogue.ts CHANGED Viewed

@@ -1,28 +1,45 @@
 import * as z from "zod";
 import { UnixTime } from "../../utils/zod";
+const AdministrativeExpirationUserInfo = z.object({
+  title_l10n_id: z.string(),
+  description_l10n_id: z.string(),
+});
+const AllowedState = z
+  .object({
+    title_l10n_id: z.string(),
+    description_l10n_id: z.string(),
+  })
+  .catchall(z.string());
 const CredentialPurpose = z.object({
   id: z.string(),
-  description: z.string(),
-  claims_required: z.array(z.string()),
-  claim_recommended: z.array(z.string()),
+  description: z.string().optional(),
+  claims_required: z.array(z.string()).optional(),
+  claim_recommended: z.array(z.string()).optional(),
 });
 const CredentialIssuer = z.object({
   id: z.string(),
-  organization_name: z.string(),
+  organization_name: z.string().optional(),
+  organization_name_l10n_id: z.string().optional(),
   organization_code: z.string(),
   organization_country: z.string(),
+  legal_type: z.string().optional(),
   contacts: z.array(z.string()).optional(),
   homepage_uri: z.string().optional(),
   logo_uri: z.string().optional(),
   policy_uri: z.string().optional(),
   tos_uri: z.string().optional(),
+  service_documentation: z.string().optional(),
+  issuance_flows: z.object({ deferred_flow: z.boolean() }).optional(),
 });
 const AuthenticSource = z.object({
   id: z.string(),
-  organization_name: z.string(),
+  organization_name: z.string().optional(),
+  organization_name_l10n_id: z.string().optional(),
   organization_code: z.string().optional(),
   organization_country: z.string(),
   organization_type: z.string(),
@@ -57,17 +74,32 @@ export const DigitalCredential = z.object({
   version: z.string(),
   credential_type: z.string(),
   legal_type: z.string(),
-  name: z.string(),
-  description: z.string(),
+  name: z.string().optional(),
+  name_l10n_id: z.string().optional(),
+  description: z.string().optional(),
+  restriction_policy: z
+    .object({
+      presentation_flows: z.object({
+        remote: z.boolean(),
+        proximity: z.boolean(),
+      }),
+    })
+    .optional(),
   validity_info: z.object({
     max_validity_days: z.number(),
     status_methods: z.array(z.string()),
-    allowed_states: z.array(z.string()),
+    administrative_expiration_user_info:
+      AdministrativeExpirationUserInfo.optional(),
+    allowed_states: z.array(z.union([z.string(), AllowedState])),
   }),
-  purposes: z.array(CredentialPurpose),
+  administrative_expiration_user_info:
+    AdministrativeExpirationUserInfo.optional(),
+  domains: z.array(z.string()).optional(),
+  classes: z.array(z.string()).optional(),
+  purposes: z.array(z.union([z.string(), CredentialPurpose])),
   issuers: z.array(CredentialIssuer),
   authentic_sources: z.array(AuthenticSource),
-  formats: z.array(CredentialFormat),
+  formats: z.array(CredentialFormat).optional(),
   // claims: z.array(Claim), // TODO: [SIW-3978] Should we keep claims?
 });

package/src/credentials-catalogue/v1.0.0/mappers.ts CHANGED Viewed

@@ -1,18 +1,33 @@
 import { createMapper } from "../../utils/mappers";
-import { DigitalCredentialsCatalogue } from "../api/DigitalCredentialsCatalogue";
-import { DigitalCredentialsCatalogueJwt } from "./types";
+import {
+  DigitalCredentialsCatalogue,
+  type DigitalCredentialsCatalogue as DigitalCredentialsCatalogueType,
+} from "../api/DigitalCredentialsCatalogue";
+import {
+  DigitalCredentialsCatalogueJwt,
+  type DigitalCredentialsCatalogueJwt as DigitalCredentialsCatalogueJwtType,
+} from "./types";
-export const mapToCredentialsCatalogue = createMapper(
-  ({ payload }) => ({
-    ...payload,
-    credentials: payload.credentials.map((credential) => ({
-      ...credential,
-      authentic_sources: credential.authentic_sources.map((as) => ({
-        ...as,
-        organization_type: as.source_type,
+export const mapToCredentialsCatalogue = createMapper<
+  DigitalCredentialsCatalogueJwtType,
+  DigitalCredentialsCatalogueType
+>(
+  ({ payload }) => {
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    const { catalog_version, ...rest } = payload;
+    return {
+      ...rest,
+      credentials: payload.credentials.map((credential) => ({
+        ...credential,
+        authentic_sources: credential.authentic_sources.map(
+          ({ source_type, ...as }) => ({
+            ...as,
+            organization_type: source_type,
+          })
+        ),
       })),
-    })),
-  }),
+    };
+  },
   {
     inputSchema: DigitalCredentialsCatalogueJwt,
     outputSchema: DigitalCredentialsCatalogue,

package/src/credentials-catalogue/v1.3.3/mappers.ts CHANGED Viewed

@@ -40,8 +40,14 @@ export const mapToCredentialsCatalogue = createMapper<
     }): ApiAuthenticSource => {
       const as = authSourcesById.get(id);
       assert(as, `AS ${id} must be present in the Authentic Source Registry`);
-      const { ipa_code, ...rest } = as.organization_info;
-      return { id, organization_code: ipa_code, ...rest };
+      const { ipa_code, organization_name_l10n_id, ...rest } =
+        as.organization_info;
+      return {
+        id,
+        organization_name_l10n_id,
+        organization_code: ipa_code,
+        ...rest,
+      };
     };
     const resolveFormats = (credentialType: string): ApiCredentialFormat[] => {
@@ -60,8 +66,8 @@ export const mapToCredentialsCatalogue = createMapper<
       ...catalogueJwt.payload,
       taxonomy_uri: discoveryJwt.payload.endpoints.taxonomy,
       credentials: catalogueJwt.payload.credentials.map(
-        ({ authentic_sources, credential_name, ...credential }) => ({
-          name: credential_name,
+        ({ authentic_sources, credential_name_l10n_id, ...credential }) => ({
+          name_l10n_id: credential_name_l10n_id,
           formats: resolveFormats(credential.credential_type),
           authentic_sources: authentic_sources.map(resolveAuthSource),
           ...credential,

package/src/credentials-catalogue/v1.3.3/types.ts CHANGED Viewed

@@ -2,8 +2,8 @@ import * as z from "zod";
 import { UnixTime } from "../../utils/zod";
 const ASDataCapability = z.object({
+  // required per spec
   dataset_id: z.string(),
-  domains: z.array(z.string()),
   intended_purposes: z.array(z.string()),
   available_claims: z.array(
     z.object({
@@ -12,20 +12,48 @@ const ASDataCapability = z.object({
       mandatory: z.boolean(),
     })
   ),
-  user_information: z.string().optional(),
+  domains: z.array(z.string()).optional(),
+  data_origin_l10n_id: z.string(),
+  integration_endpoint: z.string(),
+  integration_method: z.string(),
+  user_information_l10n_id: z.string(),
+  // optional per spec (api_specification required in spec but absent in actual responses)
+  api_specification: z.string().optional(),
+  background_color: z.string().optional(),
+  contacts: z.array(z.string()).optional(),
+  data_provision: z
+    .object({
+      deferred_flow: z.boolean(),
+      immediate_flow: z.boolean(),
+    })
+    .optional(),
+  logo_uri: z.string().optional(),
+  "logo_uri#integrity": z.string().optional(),
+  service_documentation: z.string().optional(),
+  update_frequency: z.string().optional(),
 });
 export const AuthenticSource = z.object({
   entity_id: z.string(),
   organization_info: z.object({
-    organization_name: z.string(),
+    // required per spec
+    organization_name_l10n_id: z.string(),
     organization_type: z.string(),
     organization_country: z.string(),
+    legal_identifier: z.string(),
+    homepage_uri: z.string(),
+    contacts: z.array(z.string()),
+    policy_uri: z.string(),
+    // conditional: required for public AS
     ipa_code: z.string().optional(),
-    contacts: z.array(z.string()).optional(),
-    homepage_uri: z.string().optional(),
+    // conditional: required for private AS
+    tos_uri: z.string().optional(),
+    // optional per spec
     logo_uri: z.string().optional(),
-    policy_uri: z.string().optional(),
+    "logo_uri#integrity": z.string().optional(),
+    logo_extended_uri: z.string().optional(),
+    "logo_extended_uri#integrity": z.string().optional(),
+    dpa_contact: z.string().optional(),
   }),
   data_capabilities: z.array(ASDataCapability),
 });
@@ -44,42 +72,65 @@ export const Schema = z.object({
 });
 export type Schema = z.infer<typeof Schema>;
-const CredentialPurpose = z.object({
-  id: z.string(),
-  description: z.string(),
-  claims_required: z.array(z.string()),
-  claim_recommended: z.array(z.string()),
+const AdministrativeExpirationUserInfo = z.object({
+  title_l10n_id: z.string(),
+  description_l10n_id: z.string(),
 });
+const AllowedState = z
+  .object({
+    title_l10n_id: z.string(),
+    description_l10n_id: z.string(),
+  })
+  .catchall(z.string());
 const CredentialIssuer = z.object({
   id: z.string(),
-  organization_name: z.string(),
+  organization_name_l10n_id: z.string(),
   organization_code: z.string(),
   organization_country: z.string(),
+  legal_type: z.string().optional(),
   contacts: z.array(z.string()).optional(),
   homepage_uri: z.string().optional(),
   logo_uri: z.string().optional(),
   policy_uri: z.string().optional(),
   tos_uri: z.string().optional(),
+  service_documentation: z.string().optional(),
+  issuance_flows: z.object({ deferred_flow: z.boolean() }).optional(),
 });
 export const DigitalCredential = z.object({
   version: z.string(),
   credential_type: z.string(),
-  credential_name: z.string(),
+  credential_name_l10n_id: z.string(),
   legal_type: z.string(),
-  description: z.string(),
+  restriction_policy: z
+    .object({
+      allowed_wallet_ids: z.array(z.string()),
+      allowed_issuer_ids: z.array(z.string()),
+      presentation_flows: z.object({
+        remote: z.boolean(),
+        proximity: z.boolean(),
+      }),
+    })
+    .optional(),
   validity_info: z.object({
     max_validity_days: z.number(),
     status_methods: z.array(z.string()),
-    allowed_states: z.array(z.string()),
+    administrative_expiration_user_info:
+      AdministrativeExpirationUserInfo.optional(),
+    allowed_states: z.array(AllowedState),
   }),
+  administrative_expiration_user_info:
+    AdministrativeExpirationUserInfo.optional(),
   authentication: z.object({
     user_auth_required: z.boolean(),
     min_loa: z.string(),
-    supported_eid_schemes: z.array(z.string()),
+    supported_schemes: z.array(z.string()),
   }),
-  purposes: z.array(CredentialPurpose),
+  domains: z.array(z.string()).optional(),
+  classes: z.array(z.string()).optional(),
+  purposes: z.array(z.string()),
   issuers: z.array(CredentialIssuer),
   authentic_sources: z.array(
     z.object({
@@ -102,7 +153,8 @@ const JwtHeader = z.object({
  */
 export const SchemaRegistry = z.object({
   version: z.string(),
-  last_modified: z.string(),
+  last_modified: z.string().optional(),
+  last_updated: z.string().optional(),
   schemas: z.array(Schema),
 });
 export type SchemaRegistry = z.infer<typeof SchemaRegistry>;
@@ -112,8 +164,17 @@ export type SchemaRegistry = z.infer<typeof SchemaRegistry>;
  * @see https://italia.github.io/eid-wallet-it-docs/releases/1.3.3/en/registry.html#authentic-source-registry
  */
 export const AuthenticSourceRegistry = z.object({
+  id: z.string().optional(),
   version: z.string(),
   last_modified: z.string(),
+  localization: z
+    .object({
+      available_locales: z.array(z.string()),
+      base_uri: z.string(),
+      default_locale: z.string(),
+      version: z.string(),
+    })
+    .optional(),
   authentic_sources: z.array(AuthenticSource),
 });
 export type AuthenticSourceRegistry = z.infer<typeof AuthenticSourceRegistry>;
@@ -125,8 +186,18 @@ export type AuthenticSourceRegistry = z.infer<typeof AuthenticSourceRegistry>;
 export const DigitalCredentialsCatalogueJwt = z.object({
   header: JwtHeader,
   payload: z.object({
+    iss: z.string(),
+    id: z.string(),
     version: z.string(),
     last_modified: z.string(),
+    localization: z
+      .object({
+        available_locales: z.array(z.string()),
+        base_uri: z.string(),
+        default_locale: z.string(),
+        version: z.string(),
+      })
+      .optional(),
     credentials: z.array(DigitalCredential),
     iat: UnixTime,
     exp: UnixTime,
@@ -141,22 +212,24 @@ export type DigitalCredentialsCatalogueJwt = z.infer<
  * This is the entrypoint to build the full catalogue.
  * @see https://italia.github.io/eid-wallet-it-docs/releases/1.3.3/en/registry.html#registry-discovery-endpoint
  */
+const RegistryDiscoveryEndpoints = z.object({
+  claims_registry: z.string(),
+  authentic_sources: z.string(),
+  credential_catalog: z.string(),
+  taxonomy: z.string(),
+  schema_registry: z.string(),
+  federation_list_endpoint: z.string(),
+  federation_fetch_endpoint: z.string(),
+  federation_resolve_endpoint: z.string(),
+  federation_trust_mark_status_endpoint: z.string(),
+});
 export const RegistryDiscoveryJwt = z.object({
   header: JwtHeader,
   payload: z.object({
     registry_version: z.string(),
     last_updated: z.string(),
-    endpoints: z.object({
-      claims_registry: z.string(),
-      authentic_sources: z.string(),
-      credential_catalog: z.string(),
-      taxonomy: z.string(),
-      schema_registry: z.string(),
-      federation_list: z.string(),
-      federation_fetch: z.string(),
-      federation_resolve: z.string(),
-      federation_trust_mark_status: z.string(),
-    }),
+    endpoints: RegistryDiscoveryEndpoints,
   }),
 });
 export type RegistryDiscoveryJwt = z.infer<typeof RegistryDiscoveryJwt>;

package/src/credentials-catalogue/v1.3.3/utils.ts CHANGED Viewed

@@ -11,7 +11,7 @@ type FetchRegistryParams<T> = {
 /**
  * Utility to fetch an entity from the Registry Infrastructure.
- * The function supports both `application/json` and `application/jwt` responses.
+ * The function supports `application/json` and signed JOSE/JWT responses.
  * @see https://italia.github.io/eid-wallet-it-docs/releases/1.3.3/en/registry.html
  *
  * @param url The url to fetch from
@@ -30,7 +30,7 @@ export const fetchRegistry = async <T>(
   const response = await appFetch(url, {
     method: "GET",
     headers: {
-      Accept: asJson ? "application/json" : "application/jwt",
+      Accept: asJson ? "application/json" : "application/jose, application/jwt",
     },
   }).then(hasStatusOrThrow(200));
@@ -41,7 +41,10 @@ export const fetchRegistry = async <T>(
     return schema.parse(responseJson);
   }
-  if (contentType?.includes("application/jwt")) {
+  if (
+    contentType?.includes("application/jwt") ||
+    contentType?.includes("application/jose")
+  ) {
     assert("jwks" in params, "params.jwks required when response is JWT");
     const responseText = await response.text();
@@ -60,5 +63,7 @@ export const fetchRegistry = async <T>(
     });
   }
-  throw new IoWalletError(`Unsupported content-type: ${contentType}`);
+  throw new IoWalletError(
+    `Unsupported content-type for ${url}: ${contentType}`
+  );
 };

package/src/index.ts CHANGED Viewed

@@ -15,10 +15,14 @@ import * as SdJwt from "./sd-jwt";
 import * as Mdoc from "./mdoc";
 import * as Errors from "./utils/errors";
 import * as WalletInstanceAttestation from "./wallet-instance-attestation";
+import * as WalletUnitAttestation from "./wallet-unit-attestation";
 import * as WalletInstance from "./wallet-instance";
 import * as Logging from "./utils/logging";
 import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
-import { createCryptoContextFor } from "./utils/crypto";
+import {
+  createCryptoContextFor,
+  type KeyAttestationCryptoContext,
+} from "./utils/crypto";
 import type { IntegrityContext } from "./utils/integrity";
 export {
@@ -31,6 +35,7 @@ export {
   SdJwt,
   Mdoc,
   WalletInstanceAttestation,
+  WalletUnitAttestation,
   WalletInstance,
   Trustmark,
   Errors,
@@ -41,7 +46,11 @@ export {
   Logging,
 };
-export type { IntegrityContext, AuthorizationContext };
+export type {
+  IntegrityContext,
+  AuthorizationContext,
+  KeyAttestationCryptoContext,
+};
 export type * from "./api";