npm - @pagopa/io-react-native-wallet - Versions diffs - 3.0.1 → 3.1.1 - Mend

@pagopa/io-react-native-wallet 3.0.1 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (505) hide show

package/src/credential/issuance/v1.3.3/05-obtain-credential.ts CHANGED Viewed

@@ -3,11 +3,11 @@ import { createTokenDPoP } from "@pagopa/io-wallet-oauth2";
 import {
   fetchCredentialResponse,
   createCredentialRequest,
-  type CredentialRequestOptionsV1_3,
 } from "@pagopa/io-wallet-oid4vci";
 import { UnexpectedStatusCodeError as SdkUnexpectedStatusCodeError } from "@pagopa/io-wallet-utils";
 import { hasStatusOrThrow } from "../../../utils/misc";
 import {
+  IoWalletError,
   IssuerResponseError,
   IssuerResponseErrorCodes,
   ResponseErrorBuilder,
@@ -50,9 +50,17 @@ export const obtainCredential: IssuanceApi["obtainCredential"] = async (
 ) => {
   const {
     credentialCryptoContext,
-    appFetch = fetch,
     dPopCryptoContext,
+    walletUnitAttestation,
+    appFetch = fetch,
   } = context;
+  if (!walletUnitAttestation) {
+    throw new ValidationFailed({
+      message:
+        "The Wallet Unit Attestation is required to obtain the credential",
+    });
+  }
   const { credential_configuration_id, credential_identifier } =
     credentialDefinition;
@@ -88,8 +96,9 @@ export const obtainCredential: IssuanceApi["obtainCredential"] = async (
   const signerJwk = await credentialCryptoContext.getPublicKey();
   const credentialRequest = await createCredentialRequest({
-    config: sdkConfigV1_3 as CredentialRequestOptionsV1_3["config"],
+    config: sdkConfigV1_3,
     callbacks: {
+      hash: partialCallbacks.hash,
       signJwt: async (_, payload) => ({
         jwt: await new SignJWT(credentialCryptoContext)
           .setPayload(payload)
@@ -101,12 +110,14 @@ export const obtainCredential: IssuanceApi["obtainCredential"] = async (
     credential_identifier: credentialDefinition.credential_identifier!,
     issuerIdentifier: issuerConf.credential_issuer,
     nonce: c_nonce,
-    keyAttestation: "", // TODO
-    signer: {
-      alg: "ES256",
-      method: "jwk",
-      publicJwk: signerJwk,
-    },
+    keyAttestation: walletUnitAttestation,
+    signers: [
+      {
+        alg: "ES256",
+        method: "jwk",
+        publicJwk: signerJwk,
+      },
+    ],
   });
   const dPopSignerJwk = await dPopCryptoContext.getPublicKey();
@@ -131,7 +142,6 @@ export const obtainCredential: IssuanceApi["obtainCredential"] = async (
     accessToken: accessToken.access_token,
   });
-  // TODO: handle issuance errors
   const credentialRes = await fetchCredentialResponse({
     callbacks: {
       fetch: appFetch,
@@ -151,9 +161,13 @@ export const obtainCredential: IssuanceApi["obtainCredential"] = async (
   const issuerCredentialConfig =
     issuerConf.credential_configurations_supported[credential_configuration_id];
+  if ("transaction_id" in credentialRes) {
+    throw new IoWalletError("Deferred issuance is not supported");
+  }
   // TODO: [SIW-2264] Handle multiple credentials
   return {
-    credential: credentialRes.credentials!.at(0)!.credential,
+    credential: credentialRes.credentials.at(0)!.credential,
     format: issuerCredentialConfig!.format,
   };
 };

package/src/credential/issuance/v1.3.3/mappers.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { MetadataResponse } from "@pagopa/io-wallet-oid4vci";
+import type { MetadataResponseV1_3 } from "@pagopa/io-wallet-oid4vci";
 import type { ParsedAuthorizeRequestResult } from "@pagopa/io-wallet-oid4vp";
 import { assert } from "../../../utils/misc";
 import { createMapper } from "../../../utils/mappers";
@@ -9,12 +9,12 @@ import { IssuerConfig } from "../api/IssuerConfig";
 type CredentialConfigurations =
   IssuerConfig["credential_configurations_supported"];
 type OpenIdCredentialIssuer =
-  MetadataResponse["metadata"]["openid_credential_issuer"];
+  MetadataResponseV1_3["metadata"]["openid_credential_issuer"];
 const mapCredentialConfigurationsSupported = (
-  oidIssuer: OpenIdCredentialIssuer
+  oidIssuer: NonNullable<OpenIdCredentialIssuer>
 ): CredentialConfigurations =>
-  Object.entries(oidIssuer!.credential_configurations_supported).reduce(
+  Object.entries(oidIssuer.credential_configurations_supported).reduce(
     (acc, [key, config]) => {
       acc[key] = {
         ...(config.format === "dc+sd-jwt"
@@ -33,7 +33,10 @@ const mapCredentialConfigurationsSupported = (
     {} as CredentialConfigurations
   );
-export const mapToIssuerConfig = createMapper<MetadataResponse, IssuerConfig>(
+export const mapToIssuerConfig = createMapper<
+  MetadataResponseV1_3,
+  IssuerConfig
+>(
   (x) => {
     const {
       oauth_authorization_server,
@@ -61,8 +64,6 @@ export const mapToIssuerConfig = createMapper<MetadataResponse, IssuerConfig>(
       pushed_authorization_request_endpoint:
         oauth_authorization_server.pushed_authorization_request_endpoint,
       token_endpoint: oauth_authorization_server.token_endpoint,
-      status_assertion_endpoint:
-        openid_credential_issuer.status_attestation_endpoint,
       nonce_endpoint: openid_credential_issuer.nonce_endpoint!,
       federation_entity: federation_entity ?? {},
       credential_issuance_batch_size:
@@ -78,9 +79,9 @@ export const mapToRequestObject = createMapper<
 >(({ payload }) => ({
   iss: payload.iss ?? "UNKNOWN_ISSUER",
   client_id: payload.client_id,
-  dcql_query: payload.dcql_query!,
+  dcql_query: payload.dcql_query,
   nonce: payload.nonce,
-  response_uri: payload.response_uri!,
+  response_uri: payload.response_uri,
   state: payload.state,
   response_mode: payload.response_mode,
   response_type: payload.response_type,

package/src/credential/presentation/api/04-verify-certificate-chain.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import type { CertificateValidationResult } from "@pagopa/io-react-native-crypto";
+export interface VerifyAuthRequestCertificateChainApi {
+  /**
+   * Verify the X.509 certificate chain in the Request Object `x5c` header claim.
+   * @since 1.0.0
+   *
+   * @param requestObjectJwt The Request Object in JWT format
+   * @param params.caRootCert The CA root certificate used to validate the chain
+   * @returns The certificate validation result
+   * @throws {MissingX509CertsError} if the Request Object does not contain x5c
+   * @throws {X509ValidationError} if the certificate chain validation fails
+   */
+  verifyAuthRequestCertificateChain(
+    requestObjectJwt: string,
+    params: {
+      caRootCert: string;
+    }
+  ): Promise<CertificateValidationResult>;
+}

package/src/credential/presentation/api/{06-send-authorization-response.ts → 07-send-authorization-response.ts} RENAMED Viewed

@@ -5,7 +5,7 @@ import type {
   RequestObject,
 } from "./types";
 import type { RelyingPartyConfig } from "./RelyingPartyConfig";
-import type { EvaluateDcqlQueryApi } from "./05-evaluate-dcql-query";
+import type { EvaluateDcqlQueryApi } from "./06-evaluate-dcql-query";
 import type { Out } from "../../../../src/utils/misc";
 type FetchContext = { appFetch?: GlobalFetch["fetch"] };

package/src/credential/presentation/api/RelyingPartyConfig.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import * as z from "zod";
-import { jsonWebKeySchema } from "@openid-federation/core";
+import { jsonWebKeySchema } from "@pagopa/io-wallet-oid-federation";
 import { FederationEntityMetadata } from "../../../trust/common/types";
 /**

package/src/credential/presentation/api/index.ts CHANGED Viewed

@@ -1,15 +1,17 @@
 import type { StartFlowApi } from "./01-start-flow";
 import type { EvaluateRelyingPartyTrustApi } from "./02-evaluate-rp-trust";
 import type { GetRequestObjectApi } from "./03-get-request-object";
-import type { VerifyRequestObjectApi } from "./04-verify-request-object";
-import type { EvaluateDcqlQueryApi } from "./05-evaluate-dcql-query";
-import type { SendAuthorizationResponseApi } from "./06-send-authorization-response";
+import type { VerifyAuthRequestCertificateChainApi } from "./04-verify-certificate-chain";
+import type { VerifyRequestObjectApi } from "./05-verify-request-object";
+import type { EvaluateDcqlQueryApi } from "./06-evaluate-dcql-query";
+import type { SendAuthorizationResponseApi } from "./07-send-authorization-response";
 import type { RelyingPartyConfig } from "./RelyingPartyConfig";
 export interface RemotePresentationApi
   extends StartFlowApi,
     EvaluateRelyingPartyTrustApi,
     GetRequestObjectApi,
+    VerifyAuthRequestCertificateChainApi,
     VerifyRequestObjectApi,
     EvaluateDcqlQueryApi,
     SendAuthorizationResponseApi {}

package/src/credential/presentation/v1.0.0/04-verify-certificate-chain.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { UnimplementedFeatureError } from "../../../utils/errors";
+import { type RemotePresentationApi } from "../api";
+export const verifyAuthRequestCertificateChain: RemotePresentationApi["verifyAuthRequestCertificateChain"] =
+  async () => {
+    throw new UnimplementedFeatureError(
+      "verifyAuthRequestCertificateChain",
+      "1.0.0"
+    );
+  };

package/src/credential/presentation/v1.0.0/{04-verify-request-object.ts → 05-verify-request-object.ts} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
-import { type typeToFlattenedError } from "zod";
+import { type z } from "zod";
 import type { RelyingPartyConfig, RemotePresentationApi } from "../api";
 import { InvalidRequestObjectError } from "../common/errors";
 import { RequestObjectPayload } from "./types";
@@ -97,7 +97,7 @@ const getSigPublicKey = (
  * Utility to format flattened Zod errors into a simplified string `key1: key1_error, key2: key2_error`
  */
 const formatFlattenedZodErrors = (
-  errors: typeToFlattenedError<RequestObjectPayload>
+  errors: z.core.$ZodFlattenedError<RequestObjectPayload>
 ): string =>
   Object.entries(errors.fieldErrors)
     .map(([key, error]) => `${key}: ${error[0]}`)

package/src/credential/presentation/v1.0.0/{05-evaluate-dcql-query.ts → 06-evaluate-dcql-query.ts} RENAMED Viewed

@@ -2,7 +2,7 @@ import { DcqlQuery, DcqlError } from "dcql";
 import { isValiError } from "valibot";
 import { CredentialsNotFoundError } from "../common/errors";
 import type { Credential4Dcql, RemotePresentationApi } from "../api";
-import type { CredentialPurpose } from "../api/05-evaluate-dcql-query";
+import type { CredentialPurpose } from "../api/06-evaluate-dcql-query";
 import * as sdJwtUtils from "../common/utils/sd-jwt";
 import {
   extractFailedCredentialsDetails,

package/src/credential/presentation/v1.0.0/index.ts CHANGED Viewed

@@ -2,18 +2,20 @@ import type { RemotePresentationApi } from "../api";
 import { startFlowFromQR } from "./01-start-flow";
 import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
 import { getRequestObject } from "./03-get-request-object";
-import { verifyRequestObject } from "./04-verify-request-object";
-import { evaluateDcqlQuery } from "./05-evaluate-dcql-query";
+import { verifyAuthRequestCertificateChain } from "./04-verify-certificate-chain";
+import { verifyRequestObject } from "./05-verify-request-object";
+import { evaluateDcqlQuery } from "./06-evaluate-dcql-query";
 import {
   prepareRemotePresentations,
   sendAuthorizationResponse,
   sendAuthorizationErrorResponse,
-} from "./06-send-authorization-response";
+} from "./07-send-authorization-response";
 export const RemotePresentation: RemotePresentationApi = {
   startFlowFromQR,
   evaluateRelyingPartyTrust,
   getRequestObject,
+  verifyAuthRequestCertificateChain,
   verifyRequestObject,
   evaluateDcqlQuery,
   prepareRemotePresentations,

package/src/credential/presentation/v1.3.3/04-verify-certificate-chain.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import type { RemotePresentationApi } from "../api";
+import { decode } from "@pagopa/io-react-native-jwt";
+import {
+  verifyCertificateChain,
+  type X509CertificateOptions,
+} from "@pagopa/io-react-native-crypto";
+import {
+  MissingX509CertsError,
+  X509ValidationError,
+} from "../../../trust/common/errors";
+import { Logger, LogLevel } from "../../../utils/logging";
+export const verifyAuthRequestCertificateChain: RemotePresentationApi["verifyAuthRequestCertificateChain"] =
+  async (requestObjectJwt, { caRootCert }) => {
+    const x509Options: X509CertificateOptions = {
+      requireCrl: false,
+      connectTimeout: 10_000,
+      readTimeout: 10_000,
+    };
+    const requestObject = decode(requestObjectJwt);
+    const certChain = requestObject.protectedHeader.x5c;
+    if (!certChain) {
+      throw new MissingX509CertsError(
+        "No certificate chain (x5c) found in the Request Object"
+      );
+    }
+    const validationResult = await verifyCertificateChain(
+      certChain,
+      caRootCert,
+      x509Options
+    );
+    if (!validationResult.isValid) {
+      Logger.log(
+        LogLevel.ERROR,
+        `Certificate chain failure: ${validationResult.validationStatus} - ${validationResult.errorMessage}`
+      );
+      throw new X509ValidationError(
+        "X.509 certificate chain validation failed"
+      );
+    }
+    return validationResult;
+  };

package/src/credential/presentation/v1.3.3/{04-verify-request-object.ts → 05-verify-request-object.ts} RENAMED Viewed

@@ -1,13 +1,15 @@
 import type { RemotePresentationApi } from "../api";
 import { parseAuthorizeRequest as sdkParseAuthorizeRequest } from "@pagopa/io-wallet-oid4vp";
 import { partialCallbacks } from "../../../utils/callbacks";
-import { mapToRequestObject } from "./mappers";
-import { mapSdkRequestObjectError } from "./sdkErrorMapper";
+import { sdkConfigV1_3 } from "../../../utils/config";
 import { InvalidRequestObjectError } from "../common/errors";
+import { mapSdkRequestObjectError } from "./sdkErrorMapper";
+import { mapToRequestObject } from "./mappers";
 export const verifyRequestObject: RemotePresentationApi["verifyRequestObject"] =
   async (requestObjectEncodedJwt, { clientId, rpConf }) => {
     const parsedRequestObject = await sdkParseAuthorizeRequest({
+      config: sdkConfigV1_3,
       requestObjectJwt: requestObjectEncodedJwt,
       callbacks: {
         verifyJwt: partialCallbacks.verifyJwt,

package/src/credential/presentation/v1.3.3/{05-evaluate-dcql-query.ts → 06-evaluate-dcql-query.ts} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { DcqlQuery, DcqlError } from "dcql";
 import { isValiError } from "valibot";
 import { CredentialsNotFoundError } from "../common/errors";
-import type { CredentialPurpose } from "../api/05-evaluate-dcql-query";
+import type { CredentialPurpose } from "../api/06-evaluate-dcql-query";
 import * as mdocUtils from "./utils.mdoc";
 import type { Credential4Dcql, RemotePresentationApi } from "../api";
 import * as sdJwtUtils from "../common/utils/sd-jwt";

package/src/credential/presentation/v1.3.3/index.ts CHANGED Viewed

@@ -2,18 +2,20 @@ import type { RemotePresentationApi } from "../api";
 import { startFlowFromQR } from "./01-start-flow";
 import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
 import { getRequestObject } from "./03-get-request-object";
-import { verifyRequestObject } from "./04-verify-request-object";
-import { evaluateDcqlQuery } from "./05-evaluate-dcql-query";
+import { verifyAuthRequestCertificateChain } from "./04-verify-certificate-chain";
+import { verifyRequestObject } from "./05-verify-request-object";
+import { evaluateDcqlQuery } from "./06-evaluate-dcql-query";
 import {
   prepareRemotePresentations,
   sendAuthorizationResponse,
   sendAuthorizationErrorResponse,
-} from "./06-send-authorization-response";
+} from "./07-send-authorization-response";
 export const RemotePresentation: RemotePresentationApi = {
   startFlowFromQR,
   evaluateRelyingPartyTrust,
   getRequestObject,
+  verifyAuthRequestCertificateChain,
   verifyRequestObject,
   evaluateDcqlQuery,
   prepareRemotePresentations,

package/src/credentials-catalogue/api/DigitalCredentialsCatalogue.ts CHANGED Viewed

@@ -1,28 +1,59 @@
 import * as z from "zod";
 import { UnixTime } from "../../utils/zod";
+export const LocalizationInfo = z.object({
+  available_locales: z.array(z.string()),
+  base_uri: z.string(),
+  default_locale: z.string(),
+  version: z.string(),
+});
+export type LocalizationInfo = z.infer<typeof LocalizationInfo>;
+/**
+ * Merged translations for one or more locales, keyed by locale code.
+ * Each locale maps l10n_id keys to their translated string values.
+ */
+export type CatalogueTranslations = Record<string, Record<string, string>>;
+const AdministrativeExpirationUserInfo = z.object({
+  title_l10n_id: z.string(),
+  description_l10n_id: z.string(),
+});
+const AllowedState = z
+  .object({
+    title_l10n_id: z.string(),
+    description_l10n_id: z.string(),
+  })
+  .catchall(z.string());
 const CredentialPurpose = z.object({
   id: z.string(),
-  description: z.string(),
-  claims_required: z.array(z.string()),
-  claim_recommended: z.array(z.string()),
+  description: z.string().optional(),
+  claims_required: z.array(z.string()).optional(),
+  claim_recommended: z.array(z.string()).optional(),
 });
 const CredentialIssuer = z.object({
   id: z.string(),
-  organization_name: z.string(),
+  organization_name: z.string().optional(),
+  organization_name_l10n_id: z.string().optional(),
   organization_code: z.string(),
   organization_country: z.string(),
+  legal_type: z.string().optional(),
   contacts: z.array(z.string()).optional(),
   homepage_uri: z.string().optional(),
   logo_uri: z.string().optional(),
   policy_uri: z.string().optional(),
   tos_uri: z.string().optional(),
+  service_documentation: z.string().optional(),
+  issuance_flows: z.object({ deferred_flow: z.boolean() }).optional(),
 });
 const AuthenticSource = z.object({
   id: z.string(),
-  organization_name: z.string(),
+  organization_name: z.string().optional(),
+  organization_name_l10n_id: z.string().optional(),
   organization_code: z.string().optional(),
   organization_country: z.string(),
   organization_type: z.string(),
@@ -57,17 +88,32 @@ export const DigitalCredential = z.object({
   version: z.string(),
   credential_type: z.string(),
   legal_type: z.string(),
-  name: z.string(),
-  description: z.string(),
+  name: z.string().optional(),
+  name_l10n_id: z.string().optional(),
+  description: z.string().optional(),
+  restriction_policy: z
+    .object({
+      presentation_flows: z.object({
+        remote: z.boolean(),
+        proximity: z.boolean(),
+      }),
+    })
+    .optional(),
   validity_info: z.object({
     max_validity_days: z.number(),
     status_methods: z.array(z.string()),
-    allowed_states: z.array(z.string()),
+    administrative_expiration_user_info:
+      AdministrativeExpirationUserInfo.optional(),
+    allowed_states: z.array(z.union([z.string(), AllowedState])),
   }),
-  purposes: z.array(CredentialPurpose),
+  administrative_expiration_user_info:
+    AdministrativeExpirationUserInfo.optional(),
+  domains: z.array(z.string()).optional(),
+  classes: z.array(z.string()).optional(),
+  purposes: z.array(z.union([z.string(), CredentialPurpose])),
   issuers: z.array(CredentialIssuer),
   authentic_sources: z.array(AuthenticSource),
-  formats: z.array(CredentialFormat),
+  formats: z.array(CredentialFormat).optional(),
   // claims: z.array(Claim), // TODO: [SIW-3978] Should we keep claims?
 });
@@ -76,6 +122,8 @@ export const DigitalCredentialsCatalogue = z.object({
   credentials: z.array(DigitalCredential),
   iat: UnixTime,
   exp: UnixTime,
+  localization: LocalizationInfo.optional(),
+  as_localization: LocalizationInfo.optional(),
 });
 export type DigitalCredentialsCatalogue = z.infer<
   typeof DigitalCredentialsCatalogue

package/src/credentials-catalogue/api/index.ts CHANGED Viewed

@@ -1,7 +1,16 @@
-import { type DigitalCredentialsCatalogue } from "./DigitalCredentialsCatalogue";
+import {
+  type CatalogueTranslations,
+  type DigitalCredentialsCatalogue,
+  type LocalizationInfo,
+} from "./DigitalCredentialsCatalogue";
 type FetchContext = { appFetch?: GlobalFetch["fetch"] };
+type FetchTranslationsLocalizations = {
+  catalogue?: LocalizationInfo;
+  authenticSources?: LocalizationInfo;
+};
 export interface CredentialsCatalogueApi {
   /**
    * Fetch and parse the Digital Credential Catalogue from the Trust Anchor.
@@ -16,6 +25,31 @@ export interface CredentialsCatalogueApi {
     trustAnchorBaseUrl: string,
     ctx?: FetchContext
   ): Promise<DigitalCredentialsCatalogue>;
+  /**
+   * Fetch locale bundle files for the credential catalogue and authentic sources.
+   * For each requested locale, fetches translations from both registries (if the locale
+   * is listed in their respective `available_locales`) and merges the keys.
+   * Locales not present in a registry's `available_locales` are silently skipped for that source.
+   * On key conflicts, authentic-sources translations take precedence.
+   *
+   * Optional: not supported by all versions. Check for existence before calling.
+   *
+   * @since 1.3.3
+   * @param localizations Localization metadata from a previously fetched catalogue
+   * @param locales Array of locale codes to fetch (e.g. ["it", "en"])
+   * @param ctx.appFetch (optional) fetch API implementation. Default: built-in fetch
+   * @returns Record keyed by locale, each containing merged translation key→value pairs
+   */
+  fetchTranslations?(
+    localizations: FetchTranslationsLocalizations,
+    locales: string[],
+    ctx?: FetchContext
+  ): Promise<CatalogueTranslations>;
 }
-export { type DigitalCredentialsCatalogue };
+export {
+  type CatalogueTranslations,
+  type DigitalCredentialsCatalogue,
+  type LocalizationInfo,
+};

package/src/credentials-catalogue/v1.0.0/mappers.ts CHANGED Viewed

@@ -1,18 +1,33 @@
 import { createMapper } from "../../utils/mappers";
-import { DigitalCredentialsCatalogue } from "../api/DigitalCredentialsCatalogue";
-import { DigitalCredentialsCatalogueJwt } from "./types";
+import {
+  DigitalCredentialsCatalogue,
+  type DigitalCredentialsCatalogue as DigitalCredentialsCatalogueType,
+} from "../api/DigitalCredentialsCatalogue";
+import {
+  DigitalCredentialsCatalogueJwt,
+  type DigitalCredentialsCatalogueJwt as DigitalCredentialsCatalogueJwtType,
+} from "./types";
-export const mapToCredentialsCatalogue = createMapper(
-  ({ payload }) => ({
-    ...payload,
-    credentials: payload.credentials.map((credential) => ({
-      ...credential,
-      authentic_sources: credential.authentic_sources.map((as) => ({
-        ...as,
-        organization_type: as.source_type,
+export const mapToCredentialsCatalogue = createMapper<
+  DigitalCredentialsCatalogueJwtType,
+  DigitalCredentialsCatalogueType
+>(
+  ({ payload }) => {
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    const { catalog_version, ...rest } = payload;
+    return {
+      ...rest,
+      credentials: payload.credentials.map((credential) => ({
+        ...credential,
+        authentic_sources: credential.authentic_sources.map(
+          ({ source_type, ...as }) => ({
+            ...as,
+            organization_type: source_type,
+          })
+        ),
       })),
-    })),
-  }),
+    };
+  },
   {
     inputSchema: DigitalCredentialsCatalogueJwt,
     outputSchema: DigitalCredentialsCatalogue,

package/src/credentials-catalogue/v1.3.3/fetch-translations.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import type { CredentialsCatalogueApi as Api } from "../api";
+import { fetchLocaleBundle } from "./utils";
+export const fetchTranslations: NonNullable<Api["fetchTranslations"]> = async (
+  { catalogue, authenticSources },
+  locales,
+  { appFetch = fetch } = {}
+) => {
+  const result: Record<string, Record<string, string>> = {};
+  await Promise.all(
+    locales.map(async (locale) => {
+      const [catalogueBundle, asBundle] = await Promise.all([
+        catalogue?.available_locales.includes(locale)
+          ? fetchLocaleBundle(catalogue.base_uri, locale, appFetch)
+          : Promise.resolve({}),
+        authenticSources?.available_locales.includes(locale)
+          ? fetchLocaleBundle(authenticSources.base_uri, locale, appFetch)
+          : Promise.resolve({}),
+      ]);
+      const merged = { ...catalogueBundle, ...asBundle };
+      // Only include the locale in the result if at least one source provided translations
+      if (Object.keys(merged).length > 0) {
+        result[locale] = merged;
+      }
+    })
+  );
+  return result;
+};

package/src/credentials-catalogue/v1.3.3/index.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import type { CredentialsCatalogueApi } from "../api";
 import { fetchAndParseCatalogue } from "./fetch-and-parse-catalogue";
+import { fetchTranslations } from "./fetch-translations";
 export const CredentialsCatalogue: CredentialsCatalogueApi = {
   fetchAndParseCatalogue,
+  fetchTranslations,
 };

package/src/credentials-catalogue/v1.3.3/mappers.ts CHANGED Viewed

@@ -40,8 +40,14 @@ export const mapToCredentialsCatalogue = createMapper<
     }): ApiAuthenticSource => {
       const as = authSourcesById.get(id);
       assert(as, `AS ${id} must be present in the Authentic Source Registry`);
-      const { ipa_code, ...rest } = as.organization_info;
-      return { id, organization_code: ipa_code, ...rest };
+      const { ipa_code, organization_name_l10n_id, ...rest } =
+        as.organization_info;
+      return {
+        id,
+        organization_name_l10n_id,
+        organization_code: ipa_code,
+        ...rest,
+      };
     };
     const resolveFormats = (credentialType: string): ApiCredentialFormat[] => {
@@ -59,9 +65,11 @@ export const mapToCredentialsCatalogue = createMapper<
     return {
       ...catalogueJwt.payload,
       taxonomy_uri: discoveryJwt.payload.endpoints.taxonomy,
+      localization: catalogueJwt.payload.localization,
+      as_localization: authSourceRegistry.localization,
       credentials: catalogueJwt.payload.credentials.map(
-        ({ authentic_sources, credential_name, ...credential }) => ({
-          name: credential_name,
+        ({ authentic_sources, credential_name_l10n_id, ...credential }) => ({
+          name_l10n_id: credential_name_l10n_id,
           formats: resolveFormats(credential.credential_type),
           authentic_sources: authentic_sources.map(resolveAuthSource),
           ...credential,