@pagopa/io-react-native-wallet 3.2.0 → 3.3.0

package/lib/module/credential/issuance/mrtd-pop/02-init-challenge.js

@@ -1,41 +1,54 @@
-import { v4 as uuidv4 } from "uuid";
-import { fetchMrtdPopInit } from "@pagopa/io-wallet-oauth2";
+import { createClientAttestationPopJwt, fetchMrtdPopInit } from "@pagopa/io-wallet-oauth2";
 import { UnexpectedStatusCodeError as SdkUnexpectedStatusCodeError } from "@pagopa/io-wallet-utils";
-import { createPopToken } from "../../../utils/pop";
 import { Logger, LogLevel } from "../../../utils/logging";
-import * as WalletInstanceAttestation from "../../../wallet-instance-attestation/v1.0.0/utils"; // TODO: decouple from version 1.0.0
 import { IssuerResponseError, IssuerResponseErrorCodes, ResponseErrorBuilder } from "../../../utils/errors";
-import { createVerifyJwtFromJwks } from "../../../utils/callbacks";
-export const initChallenge = async (issuerConf, initUrl, mrtd_auth_session, mrtd_pop_jwt_nonce, context) => {
-  const {
-    appFetch = fetch,
-    walletInstanceAttestation,
-    wiaCryptoContext
-  } = context;
-  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
-  const signedWiaPoP = await createPopToken({
-    jti: uuidv4(),
-    aud: issuerConf.credential_issuer,
-    iss
-  }, wiaCryptoContext);
-  const initResult = await fetchMrtdPopInit({
-    popInitEndpoint: initUrl,
-    mrtdAuthSession: mrtd_auth_session,
-    mrtdPopJwtNonce: mrtd_pop_jwt_nonce,
-    walletAttestation: walletInstanceAttestation,
-    clientAttestationDPoP: signedWiaPoP,
-    callbacks: {
-      verifyJwt: createVerifyJwtFromJwks(issuerConf.keys),
-      fetch: appFetch
-    }
-  }).catch(handleInitChallengeError);
-  return {
-    challenge: initResult.challenge,
-    mrtd_pop_nonce: initResult.mrtdPopNonce,
-    pop_verify_endpoint: initResult.popVerifyEndpoint,
-    mrz: initResult.mrz
+import { createSignJwtFromCryptoContext, createVerifyJwtFromJwks, partialCallbacks } from "../../../utils/callbacks";
+/**
+ * Factory function to create `initChallenge` for MRTD PoP flow.
+ * The factory is needed to inject version specific SDK configuration.
+ * @param config Configuration object containing the IO Wallet SDK configuration
+ * @returns `initChallenge` function compliant with the public API
+ */
+export function createInitChallenge(config) {
+  return async function initChallenge(issuerConf, initUrl, mrtd_auth_session, mrtd_pop_jwt_nonce, context) {
+    const {
+      appFetch = fetch,
+      walletInstanceAttestation,
+      wiaCryptoContext
+    } = context;
+    const clientAttestationDPoP = await createClientAttestationPopJwt({
+      config: config.sdkConfig,
+      callbacks: {
+        generateRandom: partialCallbacks.generateRandom,
+        signJwt: createSignJwtFromCryptoContext(wiaCryptoContext)
+      },
+      clientAttestation: walletInstanceAttestation,
+      authorizationServer: issuerConf.credential_issuer,
+      signer: {
+        method: "jwk",
+        alg: "ES256",
+        publicJwk: await wiaCryptoContext.getPublicKey()
+      }
+    });
+    const initResult = await fetchMrtdPopInit({
+      popInitEndpoint: initUrl,
+      mrtdAuthSession: mrtd_auth_session,
+      mrtdPopJwtNonce: mrtd_pop_jwt_nonce,
+      walletAttestation: walletInstanceAttestation,
+      clientAttestationDPoP,
+      callbacks: {
+        verifyJwt: createVerifyJwtFromJwks(issuerConf.keys),
+        fetch: appFetch
+      }
+    }).catch(handleInitChallengeError);
+    return {
+      challenge: initResult.challenge,
+      mrtd_pop_nonce: initResult.mrtdPopNonce,
+      pop_verify_endpoint: initResult.popVerifyEndpoint,
+      mrz: initResult.mrz
+    };
   };
-};
+}
 const handleInitChallengeError = e => {
   Logger.log(LogLevel.ERROR, `Failed to get MRTD challenge: ${e}`);
   if (!(e instanceof SdkUnexpectedStatusCodeError)) {

package/lib/module/credential/issuance/mrtd-pop/02-init-challenge.js.map

@@ -1 +1 @@
-{"version":3,"names":["v4","uuidv4","fetchMrtdPopInit","UnexpectedStatusCodeError","SdkUnexpectedStatusCodeError","createPopToken","Logger","LogLevel","WalletInstanceAttestation","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","createVerifyJwtFromJwks","initChallenge","issuerConf","initUrl","mrtd_auth_session","mrtd_pop_jwt_nonce","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","iss","decode","payload","cnf","jwk","kid","signedWiaPoP","jti","aud","credential_issuer","initResult","popInitEndpoint","mrtdAuthSession","mrtdPopJwtNonce","walletAttestation","clientAttestationDPoP","callbacks","verifyJwt","keys","catch","handleInitChallengeError","challenge","mrtd_pop_nonce","mrtdPopNonce","pop_verify_endpoint","popVerifyEndpoint","mrz","e","log","ERROR","handle","code","MrtdChallengeInitRequestFailed","message","buildFrom"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/02-init-challenge.ts"],"mappings":"AAAA,SAASA,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,yBAAyB,IAAIC,4BAA4B,QAAQ,yBAAyB;AACnG,SAASC,cAAc,QAAQ,oBAAoB;AACnD,SAASC,MAAM,EAAEC,QAAQ,QAAQ,wBAAwB;AACzD,OAAO,KAAKC,yBAAyB,MAAM,mDAAmD,CAAC,CAAC;AAChG,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,QACf,uBAAuB;AAE9B,SAASC,uBAAuB,QAAQ,0BAA0B;AAElE,OAAO,MAAMC,aAA0C,GAAG,MAAAA,CACxDC,UAAU,EACVC,OAAO,EACPC,iBAAiB,EACjBC,kBAAkB,EAClBC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,GAAG,GAAGf,yBAAyB,CAACgB,MAAM,CAACH,yBAAyB,CAAC,CACpEI,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,YAAY,GAAG,MAAMxB,cAAc,CACvC;IACEyB,GAAG,EAAE7B,MAAM,CAAC,CAAC;IACb8B,GAAG,EAAEjB,UAAU,CAACkB,iBAAiB;IACjCT;EACF,CAAC,EACDD,gBACF,CAAC;EAED,MAAMW,UAAU,GAAG,MAAM/B,gBAAgB,CAAC;IACxCgC,eAAe,EAAEnB,OAAO;IACxBoB,eAAe,EAAEnB,iBAAiB;IAClCoB,eAAe,EAAEnB,kBAAkB;IACnCoB,iBAAiB,EAAEhB,yBAAyB;IAC5CiB,qBAAqB,EAAET,YAAY;IACnCU,SAAS,EAAE;MACTC,SAAS,EAAE5B,uBAAuB,CAACE,UAAU,CAAC2B,IAAI,CAAC;MACnDrB,KAAK,EAAED;IACT;EACF,CAAC,CAAC,CAACuB,KAAK,CAACC,wBAAwB,CAAC;EAElC,OAAO;IACLC,SAAS,EAAEX,UAAU,CAACW,SAAS;IAC/BC,cAAc,EAAEZ,UAAU,CAACa,YAAY;IACvCC,mBAAmB,EAAEd,UAAU,CAACe,iBAAiB;IACjDC,GAAG,EAAEhB,UAAU,CAACgB;EAClB,CAAC;AACH,CAAC;AAED,MAAMN,wBAAwB,GAAIO,CAAU,IAAK;EAC/C5C,MAAM,CAAC6C,GAAG,CAAC5C,QAAQ,CAAC6C,KAAK,EAAG,iCAAgCF,CAAE,EAAC,CAAC;EAEhE,IAAI,EAAEA,CAAC,YAAY9C,4BAA4B,CAAC,EAAE;IAChD,MAAM8C,CAAC;EACT;EAEA,MAAM,IAAIvC,oBAAoB,CAACF,mBAAmB,CAAC,CAChD4C,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE5C,wBAAwB,CAAC6C,8BAA8B;IAC7DC,OAAO,EAAE;EACX,CAAC,CAAC,CACDC,SAAS,CAACP,CAAC,CAAC;AACjB,CAAC"}
+{"version":3,"names":["createClientAttestationPopJwt","fetchMrtdPopInit","UnexpectedStatusCodeError","SdkUnexpectedStatusCodeError","Logger","LogLevel","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","createSignJwtFromCryptoContext","createVerifyJwtFromJwks","partialCallbacks","createInitChallenge","config","initChallenge","issuerConf","initUrl","mrtd_auth_session","mrtd_pop_jwt_nonce","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","clientAttestationDPoP","sdkConfig","callbacks","generateRandom","signJwt","clientAttestation","authorizationServer","credential_issuer","signer","method","alg","publicJwk","getPublicKey","initResult","popInitEndpoint","mrtdAuthSession","mrtdPopJwtNonce","walletAttestation","verifyJwt","keys","catch","handleInitChallengeError","challenge","mrtd_pop_nonce","mrtdPopNonce","pop_verify_endpoint","popVerifyEndpoint","mrz","e","log","ERROR","handle","code","MrtdChallengeInitRequestFailed","message","buildFrom"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/02-init-challenge.ts"],"mappings":"AAAA,SACEA,6BAA6B,EAC7BC,gBAAgB,QACX,0BAA0B;AACjC,SAEEC,yBAAyB,IAAIC,4BAA4B,QACpD,yBAAyB;AAChC,SAASC,MAAM,EAAEC,QAAQ,QAAQ,wBAAwB;AACzD,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,QACf,uBAAuB;AAE9B,SACEC,8BAA8B,EAC9BC,uBAAuB,EACvBC,gBAAgB,QACX,0BAA0B;AAMjC;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,mBAAmBA,CACjCC,MAAc,EACe;EAC7B,OAAO,eAAeC,aAAaA,CACjCC,UAAU,EACVC,OAAO,EACPC,iBAAiB,EACjBC,kBAAkB,EAClBC,OAAO,EACP;IACA,MAAM;MACJC,QAAQ,GAAGC,KAAK;MAChBC,yBAAyB;MACzBC;IACF,CAAC,GAAGJ,OAAO;IAEX,MAAMK,qBAAqB,GAAG,MAAMxB,6BAA6B,CAAC;MAChEa,MAAM,EAAEA,MAAM,CAACY,SAAS;MACxBC,SAAS,EAAE;QACTC,cAAc,EAAEhB,gBAAgB,CAACgB,cAAc;QAC/CC,OAAO,EAAEnB,8BAA8B,CAACc,gBAAgB;MAC1D,CAAC;MACDM,iBAAiB,EAAEP,yBAAyB;MAC5CQ,mBAAmB,EAAEf,UAAU,CAACgB,iBAAiB;MACjDC,MAAM,EAAE;QACNC,MAAM,EAAE,KAAK;QACbC,GAAG,EAAE,OAAO;QACZC,SAAS,EAAE,MAAMZ,gBAAgB,CAACa,YAAY,CAAC;MACjD;IACF,CAAC,CAAC;IAEF,MAAMC,UAAU,GAAG,MAAMpC,gBAAgB,CAAC;MACxCqC,eAAe,EAAEtB,OAAO;MACxBuB,eAAe,EAAEtB,iBAAiB;MAClCuB,eAAe,EAAEtB,kBAAkB;MACnCuB,iBAAiB,EAAEnB,yBAAyB;MAC5CE,qBAAqB;MACrBE,SAAS,EAAE;QACTgB,SAAS,EAAEhC,uBAAuB,CAACK,UAAU,CAAC4B,IAAI,CAAC;QACnDtB,KAAK,EAAED;MACT;IACF,CAAC,CAAC,CAACwB,KAAK,CAACC,wBAAwB,CAAC;IAElC,OAAO;MACLC,SAAS,EAAET,UAAU,CAACS,SAAS;MAC/BC,cAAc,EAAEV,UAAU,CAACW,YAAY;MACvCC,mBAAmB,EAAEZ,UAAU,CAACa,iBAAiB;MACjDC,GAAG,EAAEd,UAAU,CAACc;IAClB,CAAC;EACH,CAAC;AACH;AAEA,MAAMN,wBAAwB,GAAIO,CAAU,IAAK;EAC/ChD,MAAM,CAACiD,GAAG,CAAChD,QAAQ,CAACiD,KAAK,EAAG,iCAAgCF,CAAE,EAAC,CAAC;EAEhE,IAAI,EAAEA,CAAC,YAAYjD,4BAA4B,CAAC,EAAE;IAChD,MAAMiD,CAAC;EACT;EAEA,MAAM,IAAI5C,oBAAoB,CAACF,mBAAmB,CAAC,CAChDiD,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEjD,wBAAwB,CAACkD,8BAA8B;IAC7DC,OAAO,EAAE;EACX,CAAC,CAAC,CACDC,SAAS,CAACP,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/credential/issuance/mrtd-pop/03-validate-challenge.js

@@ -1,53 +1,64 @@
 import { SignJWT } from "@pagopa/io-react-native-jwt";
-import { fetchMrtdPopVerify } from "@pagopa/io-wallet-oauth2";
-import { v4 as uuidv4 } from "uuid";
-import { createPopToken } from "../../../utils/pop";
-import * as WalletInstanceAttestation from "../../../wallet-instance-attestation/v1.0.0/utils"; // TODO: decouple from 1.0.0 version
+import { createClientAttestationPopJwt, fetchMrtdPopVerify } from "@pagopa/io-wallet-oauth2";
 import { sdkUnexpectedStatusCodeToIssuerError } from "../../../utils/errors";
-import { partialCallbacks } from "../../../utils/callbacks";
-export const validateChallenge = async (issuerConf, verifyUrl, mrtd_auth_session, mrtd_pop_nonce, mrtd, ias, context) => {
-  const {
-    appFetch = fetch,
-    walletInstanceAttestation,
-    wiaCryptoContext
-  } = context;
-  const aud = issuerConf.credential_issuer;
-  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
-  const signedWiaPoP = await createPopToken({
-    jti: uuidv4(),
-    aud,
-    iss
-  }, wiaCryptoContext);
-  const {
-    kid
-  } = await wiaCryptoContext.getPublicKey();
-  const mrtdValidationJwt = await new SignJWT(wiaCryptoContext).setProtectedHeader({
-    typ: "mrtd-ias+jwt",
-    kid
-  }).setPayload({
-    iss,
-    aud,
-    document_type: "cie",
-    mrtd,
-    ias
-  }).setIssuedAt().setExpirationTime("5m").sign();
-  const verifyResult = await fetchMrtdPopVerify({
-    popVerifyEndpoint: verifyUrl,
-    mrtdAuthSession: mrtd_auth_session,
-    mrtdPopNonce: mrtd_pop_nonce,
-    clientAttestationDPoP: signedWiaPoP,
-    mrtdValidationJwt,
-    walletAttestation: walletInstanceAttestation,
-    callbacks: {
-      fetch: appFetch,
-      ...partialCallbacks
-    }
-  }).catch(sdkUnexpectedStatusCodeToIssuerError);
-  return {
-    redirect_uri: verifyResult.redirectUri,
-    mrtd_val_pop_nonce: verifyResult.mrtdValPopNonce
+import { createSignJwtFromCryptoContext, partialCallbacks } from "../../../utils/callbacks";
+/**
+ * Factory function to create `validateChallenge` for MRTD PoP flow.
+ * The factory is needed to inject version specific SDK configuration.
+ * @param config Configuration object containing the IO Wallet SDK configuration
+ * @returns `validateChallenge` function compliant with the public API
+ */
+export function createValidateChallenge(config) {
+  return async function validateChallenge(issuerConf, verifyUrl, mrtd_auth_session, mrtd_pop_nonce, mrtd, ias, context) {
+    const {
+      appFetch = fetch,
+      walletInstanceAttestation,
+      wiaCryptoContext
+    } = context;
+    const aud = issuerConf.credential_issuer;
+    const wiaPublicJwk = await wiaCryptoContext.getPublicKey();
+    const clientAttestationDPoP = await createClientAttestationPopJwt({
+      config: config.sdkConfig,
+      callbacks: {
+        generateRandom: partialCallbacks.generateRandom,
+        signJwt: createSignJwtFromCryptoContext(wiaCryptoContext)
+      },
+      clientAttestation: walletInstanceAttestation,
+      authorizationServer: aud,
+      signer: {
+        method: "jwk",
+        alg: "ES256",
+        publicJwk: wiaPublicJwk
+      }
+    });
+    const mrtdValidationJwt = await new SignJWT(wiaCryptoContext).setProtectedHeader({
+      typ: "mrtd-ias+jwt",
+      kid: wiaPublicJwk.kid
+    }).setPayload({
+      iss: wiaPublicJwk.kid,
+      aud,
+      document_type: "cie",
+      mrtd,
+      ias
+    }).setIssuedAt().setExpirationTime("5m").sign();
+    const verifyResult = await fetchMrtdPopVerify({
+      popVerifyEndpoint: verifyUrl,
+      mrtdAuthSession: mrtd_auth_session,
+      mrtdPopNonce: mrtd_pop_nonce,
+      clientAttestationDPoP,
+      mrtdValidationJwt,
+      walletAttestation: walletInstanceAttestation,
+      callbacks: {
+        fetch: appFetch,
+        ...partialCallbacks
+      }
+    }).catch(sdkUnexpectedStatusCodeToIssuerError);
+    return {
+      redirect_uri: verifyResult.redirectUri,
+      mrtd_val_pop_nonce: verifyResult.mrtdValPopNonce
+    };
   };
-};
+}
 export const buildChallengeCallbackUrl = async (redirectUri, valPopNonce, authSession) => {
   const params = new URLSearchParams({
     mrtd_val_pop_nonce: valPopNonce,

package/lib/module/credential/issuance/mrtd-pop/03-validate-challenge.js.map

@@ -1 +1 @@
-{"version":3,"names":["SignJWT","fetchMrtdPopVerify","v4","uuidv4","createPopToken","WalletInstanceAttestation","sdkUnexpectedStatusCodeToIssuerError","partialCallbacks","validateChallenge","issuerConf","verifyUrl","mrtd_auth_session","mrtd_pop_nonce","mrtd","ias","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","aud","credential_issuer","iss","decode","payload","cnf","jwk","kid","signedWiaPoP","jti","getPublicKey","mrtdValidationJwt","setProtectedHeader","typ","setPayload","document_type","setIssuedAt","setExpirationTime","sign","verifyResult","popVerifyEndpoint","mrtdAuthSession","mrtdPopNonce","clientAttestationDPoP","walletAttestation","callbacks","catch","redirect_uri","redirectUri","mrtd_val_pop_nonce","mrtdValPopNonce","buildChallengeCallbackUrl","valPopNonce","authSession","params","URLSearchParams","callbackUrl"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/03-validate-challenge.ts"],"mappings":"AAAA,SAASA,OAAO,QAAQ,6BAA6B;AACrD,SAASC,kBAAkB,QAAQ,0BAA0B;AAC7D,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,cAAc,QAAQ,oBAAoB;AACnD,OAAO,KAAKC,yBAAyB,MAAM,mDAAmD,CAAC,CAAC;AAChG,SAASC,oCAAoC,QAAQ,uBAAuB;AAC5E,SAASC,gBAAgB,QAAQ,0BAA0B;AAG3D,OAAO,MAAMC,iBAAkD,GAAG,MAAAA,CAChEC,UAAU,EACVC,SAAS,EACTC,iBAAiB,EACjBC,cAAc,EACdC,IAAI,EACJC,GAAG,EACHC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,GAAG,GAAGX,UAAU,CAACY,iBAAiB;EACxC,MAAMC,GAAG,GAAGjB,yBAAyB,CAACkB,MAAM,CAACL,yBAAyB,CAAC,CACpEM,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,YAAY,GAAG,MAAMxB,cAAc,CACvC;IACEyB,GAAG,EAAE1B,MAAM,CAAC,CAAC;IACbiB,GAAG;IACHE;EACF,CAAC,EACDH,gBACF,CAAC;EAED,MAAM;IAAEQ;EAAI,CAAC,GAAG,MAAMR,gBAAgB,CAACW,YAAY,CAAC,CAAC;EAErD,MAAMC,iBAAiB,GAAG,MAAM,IAAI/B,OAAO,CAACmB,gBAAgB,CAAC,CAC1Da,kBAAkB,CAAC;IAClBC,GAAG,EAAE,cAAc;IACnBN;EACF,CAAC,CAAC,CACDO,UAAU,CAAC;IACVZ,GAAG;IACHF,GAAG;IACHe,aAAa,EAAE,KAAK;IACpBtB,IAAI;IACJC;EACF,CAAC,CAAC,CACDsB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,YAAY,GAAG,MAAMtC,kBAAkB,CAAC;IAC5CuC,iBAAiB,EAAE9B,SAAS;IAC5B+B,eAAe,EAAE9B,iBAAiB;IAClC+B,YAAY,EAAE9B,cAAc;IAC5B+B,qBAAqB,EAAEf,YAAY;IACnCG,iBAAiB;IACjBa,iBAAiB,EAAE1B,yBAAyB;IAC5C2B,SAAS,EAAE;MACT5B,KAAK,EAAED,QAAQ;MACf,GAAGT;IACL;EACF,CAAC,CAAC,CAACuC,KAAK,CAACxC,oCAAoC,CAAC;EAE9C,OAAO;IACLyC,YAAY,EAAER,YAAY,CAACS,WAAW;IACtCC,kBAAkB,EAAEV,YAAY,CAACW;EACnC,CAAC;AACH,CAAC;AAED,OAAO,MAAMC,yBAAkE,GAC7E,MAAAA,CAAOH,WAAW,EAAEI,WAAW,EAAEC,WAAW,KAAK;EAC/C,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCN,kBAAkB,EAAEG,WAAW;IAC/BzC,iBAAiB,EAAE0C;EACrB,CAAC,CAAC;EAEF,MAAMG,WAAW,GAAI,GAAER,WAAY,IAAGM,MAAO,EAAC;EAC9C,OAAO;IAAEE;EAAY,CAAC;AACxB,CAAC"}
+{"version":3,"names":["SignJWT","createClientAttestationPopJwt","fetchMrtdPopVerify","sdkUnexpectedStatusCodeToIssuerError","createSignJwtFromCryptoContext","partialCallbacks","createValidateChallenge","config","validateChallenge","issuerConf","verifyUrl","mrtd_auth_session","mrtd_pop_nonce","mrtd","ias","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","aud","credential_issuer","wiaPublicJwk","getPublicKey","clientAttestationDPoP","sdkConfig","callbacks","generateRandom","signJwt","clientAttestation","authorizationServer","signer","method","alg","publicJwk","mrtdValidationJwt","setProtectedHeader","typ","kid","setPayload","iss","document_type","setIssuedAt","setExpirationTime","sign","verifyResult","popVerifyEndpoint","mrtdAuthSession","mrtdPopNonce","walletAttestation","catch","redirect_uri","redirectUri","mrtd_val_pop_nonce","mrtdValPopNonce","buildChallengeCallbackUrl","valPopNonce","authSession","params","URLSearchParams","callbackUrl"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/03-validate-challenge.ts"],"mappings":"AAAA,SAASA,OAAO,QAAQ,6BAA6B;AACrD,SACEC,6BAA6B,EAC7BC,kBAAkB,QACb,0BAA0B;AAEjC,SAASC,oCAAoC,QAAQ,uBAAuB;AAC5E,SACEC,8BAA8B,EAC9BC,gBAAgB,QACX,0BAA0B;AAOjC;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,uBAAuBA,CACrCC,MAAc,EACmB;EACjC,OAAO,eAAeC,iBAAiBA,CACrCC,UAAU,EACVC,SAAS,EACTC,iBAAiB,EACjBC,cAAc,EACdC,IAAI,EACJC,GAAG,EACHC,OAAO,EACP;IACA,MAAM;MACJC,QAAQ,GAAGC,KAAK;MAChBC,yBAAyB;MACzBC;IACF,CAAC,GAAGJ,OAAO;IAEX,MAAMK,GAAG,GAAGX,UAAU,CAACY,iBAAiB;IAExC,MAAMC,YAAY,GAAG,MAAMH,gBAAgB,CAACI,YAAY,CAAC,CAAC;IAE1D,MAAMC,qBAAqB,GAAG,MAAMvB,6BAA6B,CAAC;MAChEM,MAAM,EAAEA,MAAM,CAACkB,SAAS;MACxBC,SAAS,EAAE;QACTC,cAAc,EAAEtB,gBAAgB,CAACsB,cAAc;QAC/CC,OAAO,EAAExB,8BAA8B,CAACe,gBAAgB;MAC1D,CAAC;MACDU,iBAAiB,EAAEX,yBAAyB;MAC5CY,mBAAmB,EAAEV,GAAG;MACxBW,MAAM,EAAE;QACNC,MAAM,EAAE,KAAK;QACbC,GAAG,EAAE,OAAO;QACZC,SAAS,EAAEZ;MACb;IACF,CAAC,CAAC;IAEF,MAAMa,iBAAiB,GAAG,MAAM,IAAInC,OAAO,CAACmB,gBAAgB,CAAC,CAC1DiB,kBAAkB,CAAC;MAClBC,GAAG,EAAE,cAAc;MACnBC,GAAG,EAAEhB,YAAY,CAACgB;IACpB,CAAC,CAAC,CACDC,UAAU,CAAC;MACVC,GAAG,EAAElB,YAAY,CAACgB,GAAG;MACrBlB,GAAG;MACHqB,aAAa,EAAE,KAAK;MACpB5B,IAAI;MACJC;IACF,CAAC,CAAC,CACD4B,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,YAAY,GAAG,MAAM3C,kBAAkB,CAAC;MAC5C4C,iBAAiB,EAAEpC,SAAS;MAC5BqC,eAAe,EAAEpC,iBAAiB;MAClCqC,YAAY,EAAEpC,cAAc;MAC5BY,qBAAqB;MACrBW,iBAAiB;MACjBc,iBAAiB,EAAE/B,yBAAyB;MAC5CQ,SAAS,EAAE;QACTT,KAAK,EAAED,QAAQ;QACf,GAAGX;MACL;IACF,CAAC,CAAC,CAAC6C,KAAK,CAAC/C,oCAAoC,CAAC;IAE9C,OAAO;MACLgD,YAAY,EAAEN,YAAY,CAACO,WAAW;MACtCC,kBAAkB,EAAER,YAAY,CAACS;IACnC,CAAC;EACH,CAAC;AACH;AAEA,OAAO,MAAMC,yBAAkE,GAC7E,MAAAA,CAAOH,WAAW,EAAEI,WAAW,EAAEC,WAAW,KAAK;EAC/C,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCN,kBAAkB,EAAEG,WAAW;IAC/B7C,iBAAiB,EAAE8C;EACrB,CAAC,CAAC;EAEF,MAAMG,WAAW,GAAI,GAAER,WAAY,IAAGM,MAAO,EAAC;EAC9C,OAAO;IAAEE;EAAY,CAAC;AACxB,CAAC"}

package/lib/module/credential/issuance/mrtd-pop/index.js

@@ -1,10 +1,25 @@
+import { sdkConfigV1_0, sdkConfigV1_3 } from "../../../utils/config";
 import { verifyAndParseChallengeInfo } from "./01-verify-and-parse-challenge-info";
-import { initChallenge } from "./02-init-challenge";
-import { validateChallenge, buildChallengeCallbackUrl } from "./03-validate-challenge";
-export const MRTDPoP = {
+import { createInitChallenge } from "./02-init-challenge";
+import { createValidateChallenge, buildChallengeCallbackUrl } from "./03-validate-challenge";
+export const MRTDPoPv1_0 = {
   verifyAndParseChallengeInfo,
-  initChallenge,
-  validateChallenge,
+  initChallenge: createInitChallenge({
+    sdkConfig: sdkConfigV1_0
+  }),
+  validateChallenge: createValidateChallenge({
+    sdkConfig: sdkConfigV1_0
+  }),
+  buildChallengeCallbackUrl
+};
+export const MRTDPoPv1_3 = {
+  verifyAndParseChallengeInfo,
+  initChallenge: createInitChallenge({
+    sdkConfig: sdkConfigV1_3
+  }),
+  validateChallenge: createValidateChallenge({
+    sdkConfig: sdkConfigV1_3
+  }),
   buildChallengeCallbackUrl
 };
 //# sourceMappingURL=index.js.map

package/lib/module/credential/issuance/mrtd-pop/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["verifyAndParseChallengeInfo","initChallenge","validateChallenge","buildChallengeCallbackUrl","MRTDPoP"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/index.ts"],"mappings":"AACA,SAASA,2BAA2B,QAAQ,sCAAsC;AAClF,SAASC,aAAa,QAAQ,qBAAqB;AACnD,SACEC,iBAAiB,EACjBC,yBAAyB,QACpB,yBAAyB;AAEhC,OAAO,MAAMC,OAAmB,GAAG;EACjCJ,2BAA2B;EAC3BC,aAAa;EACbC,iBAAiB;EACjBC;AACF,CAAC"}
+{"version":3,"names":["sdkConfigV1_0","sdkConfigV1_3","verifyAndParseChallengeInfo","createInitChallenge","createValidateChallenge","buildChallengeCallbackUrl","MRTDPoPv1_0","initChallenge","sdkConfig","validateChallenge","MRTDPoPv1_3"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/index.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,aAAa,QAAQ,uBAAuB;AAEpE,SAASC,2BAA2B,QAAQ,sCAAsC;AAClF,SAASC,mBAAmB,QAAQ,qBAAqB;AACzD,SACEC,uBAAuB,EACvBC,yBAAyB,QACpB,yBAAyB;AAEhC,OAAO,MAAMC,WAAuB,GAAG;EACrCJ,2BAA2B;EAC3BK,aAAa,EAAEJ,mBAAmB,CAAC;IAAEK,SAAS,EAAER;EAAc,CAAC,CAAC;EAChES,iBAAiB,EAAEL,uBAAuB,CAAC;IAAEI,SAAS,EAAER;EAAc,CAAC,CAAC;EACxEK;AACF,CAAC;AAED,OAAO,MAAMK,WAAuB,GAAG;EACrCR,2BAA2B;EAC3BK,aAAa,EAAEJ,mBAAmB,CAAC;IAAEK,SAAS,EAAEP;EAAc,CAAC,CAAC;EAChEQ,iBAAiB,EAAEL,uBAAuB,CAAC;IAAEI,SAAS,EAAEP;EAAc,CAAC,CAAC;EACxEI;AACF,CAAC"}

package/lib/module/credential/issuance/v1.0.0/02-start-user-authorization.js

@@ -2,7 +2,7 @@ import { generateRandomAlphaNumericString } from "../../../utils/misc";
 import { makeParRequest } from "../../../utils/par";
 import { LogLevel, Logger } from "../../../utils/logging";
 import { IoWalletError } from "../../../utils/errors";
-import { selectCredentialDefinition, selectResponseMode } from "../common/authorization";
+import { selectCredentialDefinition, selectResponseMode } from "../common/02-start-user-authorization";
 export const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) => {
   const {
     wiaCryptoContext,

package/lib/module/credential/issuance/v1.0.0/02-start-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","LogLevel","Logger","IoWalletError","selectCredentialDefinition","selectResponseMode","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","log","ERROR","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","aud","credential_issuer","responseMode","getPar","credentialDefinition","map","c","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","issuerRequestUri","authorizationDetails"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/02-start-user-authorization.ts"],"mappings":"AAAA,SAASA,gCAAgC,QAAQ,qBAAqB;AACtE,SAASC,cAAc,QAAQ,oBAAoB;AACnD,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AACzD,SAASC,aAAa,QAAQ,uBAAuB;AAErD,SACEC,0BAA0B,EAC1BC,kBAAkB,QACb,yBAAyB;AAEhC,OAAO,MAAMC,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbd,MAAM,CAACmB,GAAG,CACRpB,QAAQ,CAACqB,KAAK,EACb,kCAAiCN,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIb,aAAa,CAAC,qBAAqB,CAAC;EAChD;EACA,MAAMoB,YAAY,GAAGxB,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAMyB,WAAW,GAAGjB,UAAU,CAACkB,qCAAqC;EACpE,MAAMC,GAAG,GAAGnB,UAAU,CAACoB,iBAAiB;EACxC,MAAMC,YAAY,GAAGvB,kBAAkB,CAACE,UAAU,EAAEC,aAAa,CAAC;EAClE,MAAMqB,MAAM,GAAG7B,cAAc,CAAC;IAAEW,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAE7D,MAAMgB,oBAAoB,GAAGtB,aAAa,CAACuB,GAAG,CAAEC,CAAC,IAC/C5B,0BAA0B,CAACG,UAAU,EAAEyB,CAAC,CAC1C,CAAC;EAED,IAAIvB,KAAK,CAACwB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMH,oBAAoB,CAACI,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAE3B,KAAK,CAAC4B,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAE1B;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAM2B,gBAAgB,GAAG,MAAMX,MAAM,CACnCL,WAAW,EACXZ,yBAAyB,EACzB;IACEc,GAAG;IACHV,QAAQ;IACRO,YAAY;IACZV,WAAW;IACXe,YAAY;IACZa,oBAAoB,EAAEX;EACxB,CACF,CAAC;EAED,OAAO;IAAEU,gBAAgB;IAAExB,QAAQ;IAAEO,YAAY;IAAEO;EAAqB,CAAC;AAC3E,CAAC"}
+{"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","LogLevel","Logger","IoWalletError","selectCredentialDefinition","selectResponseMode","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","log","ERROR","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","aud","credential_issuer","responseMode","getPar","credentialDefinition","map","c","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","issuerRequestUri","authorizationDetails"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/02-start-user-authorization.ts"],"mappings":"AAAA,SAASA,gCAAgC,QAAQ,qBAAqB;AACtE,SAASC,cAAc,QAAQ,oBAAoB;AACnD,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AACzD,SAASC,aAAa,QAAQ,uBAAuB;AAErD,SACEC,0BAA0B,EAC1BC,kBAAkB,QACb,uCAAuC;AAE9C,OAAO,MAAMC,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbd,MAAM,CAACmB,GAAG,CACRpB,QAAQ,CAACqB,KAAK,EACb,kCAAiCN,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIb,aAAa,CAAC,qBAAqB,CAAC;EAChD;EACA,MAAMoB,YAAY,GAAGxB,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAMyB,WAAW,GAAGjB,UAAU,CAACkB,qCAAqC;EACpE,MAAMC,GAAG,GAAGnB,UAAU,CAACoB,iBAAiB;EACxC,MAAMC,YAAY,GAAGvB,kBAAkB,CAACE,UAAU,EAAEC,aAAa,CAAC;EAClE,MAAMqB,MAAM,GAAG7B,cAAc,CAAC;IAAEW,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAE7D,MAAMgB,oBAAoB,GAAGtB,aAAa,CAACuB,GAAG,CAAEC,CAAC,IAC/C5B,0BAA0B,CAACG,UAAU,EAAEyB,CAAC,CAC1C,CAAC;EAED,IAAIvB,KAAK,CAACwB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMH,oBAAoB,CAACI,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAE3B,KAAK,CAAC4B,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAE1B;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAM2B,gBAAgB,GAAG,MAAMX,MAAM,CACnCL,WAAW,EACXZ,yBAAyB,EACzB;IACEc,GAAG;IACHV,QAAQ;IACRO,YAAY;IACZV,WAAW;IACXe,YAAY;IACZa,oBAAoB,EAAEX;EACxB,CACF,CAAC;EAED,OAAO;IAAEU,gBAAgB;IAAExB,QAAQ;IAAEO,YAAY;IAAEO;EAAqB,CAAC;AAC3E,CAAC"}

package/lib/module/credential/issuance/v1.0.0/index.js

@@ -4,7 +4,7 @@ import { continueUserAuthorizationWithMRTDPoPChallenge, completeUserAuthorizatio
 import { authorizeAccess } from "./04-authorize-access";
 import { obtainCredential, obtainCredentialsBatch } from "./05-obtain-credential";
 import { verifyAndParseCredential } from "./06-verify-and-parse-credential";
-import { MRTDPoP } from "../mrtd-pop";
+import { MRTDPoPv1_0 } from "../mrtd-pop";
 export const Issuance = {
   evaluateIssuerTrust,
   startUserAuthorization,
@@ -17,6 +17,6 @@ export const Issuance = {
   obtainCredential,
   obtainCredentialsBatch,
   verifyAndParseCredential,
-  MRTDPoP
+  MRTDPoP: MRTDPoPv1_0
 };
 //# sourceMappingURL=index.js.map

package/lib/module/credential/issuance/v1.0.0/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","continueUserAuthorizationWithMRTDPoPChallenge","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","buildAuthorizationUrl","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","obtainCredentialsBatch","verifyAndParseCredential","MRTDPoP","Issuance"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/index.ts"],"mappings":"AACA,SAASA,mBAAmB,QAAQ,4BAA4B;AAChE,SAASC,sBAAsB,QAAQ,+BAA+B;AACtE,SACEC,6CAA6C,EAC7CC,sCAAsC,EACtCC,4CAA4C,EAC5CC,qBAAqB,EACrBC,mCAAmC,QAC9B,kCAAkC;AACzC,SAASC,eAAe,QAAQ,uBAAuB;AACvD,SACEC,gBAAgB,EAChBC,sBAAsB,QACjB,wBAAwB;AAC/B,SAASC,wBAAwB,QAAQ,kCAAkC;AAC3E,SAASC,OAAO,QAAQ,aAAa;AAErC,OAAO,MAAMC,QAAqB,GAAG;EACnCZ,mBAAmB;EACnBC,sBAAsB;EACtBI,qBAAqB;EACrBF,sCAAsC;EACtCD,6CAA6C;EAC7CI,mCAAmC;EACnCF,4CAA4C;EAC5CG,eAAe;EACfC,gBAAgB;EAChBC,sBAAsB;EACtBC,wBAAwB;EACxBC;AACF,CAAC"}
+{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","continueUserAuthorizationWithMRTDPoPChallenge","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","buildAuthorizationUrl","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","obtainCredentialsBatch","verifyAndParseCredential","MRTDPoPv1_0","Issuance","MRTDPoP"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/index.ts"],"mappings":"AACA,SAASA,mBAAmB,QAAQ,4BAA4B;AAChE,SAASC,sBAAsB,QAAQ,+BAA+B;AACtE,SACEC,6CAA6C,EAC7CC,sCAAsC,EACtCC,4CAA4C,EAC5CC,qBAAqB,EACrBC,mCAAmC,QAC9B,kCAAkC;AACzC,SAASC,eAAe,QAAQ,uBAAuB;AACvD,SACEC,gBAAgB,EAChBC,sBAAsB,QACjB,wBAAwB;AAC/B,SAASC,wBAAwB,QAAQ,kCAAkC;AAC3E,SAASC,WAAW,QAAQ,aAAa;AAEzC,OAAO,MAAMC,QAAqB,GAAG;EACnCZ,mBAAmB;EACnBC,sBAAsB;EACtBI,qBAAqB;EACrBF,sCAAsC;EACtCD,6CAA6C;EAC7CI,mCAAmC;EACnCF,4CAA4C;EAC5CG,eAAe;EACfC,gBAAgB;EAChBC,sBAAsB;EACtBC,wBAAwB;EACxBG,OAAO,EAAEF;AACX,CAAC"}

package/lib/module/credential/issuance/v1.0.0/mappers.js

@@ -10,7 +10,7 @@ export const mapToIssuerConfig = createMapper(x => {
     credential_endpoint: openid_credential_issuer.credential_endpoint,
     credential_issuer: openid_credential_issuer.credential_issuer,
     credential_configurations_supported: openid_credential_issuer.credential_configurations_supported,
-    keys: openid_credential_issuer.jwks.keys,
+    keys: [...openid_credential_issuer.jwks.keys, ...oauth_authorization_server.jwks.keys],
     pushed_authorization_request_endpoint: oauth_authorization_server.pushed_authorization_request_endpoint,
     token_endpoint: oauth_authorization_server.token_endpoint,
     status_assertion_endpoint: openid_credential_issuer.status_attestation_endpoint,

package/lib/module/credential/issuance/v1.0.0/mappers.js.map

@@ -1 +1 @@
-{"version":3,"names":["createMapper","mapToIssuerConfig","x","oauth_authorization_server","openid_credential_issuer","federation_entity","payload","metadata","authorization_endpoint","credential_endpoint","credential_issuer","credential_configurations_supported","keys","jwks","pushed_authorization_request_endpoint","token_endpoint","status_assertion_endpoint","status_attestation_endpoint","nonce_endpoint"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/mappers.ts"],"mappings":"AACA,SAASA,YAAY,QAAQ,wBAAwB;AAGrD,OAAO,MAAMC,iBAAiB,GAAGD,YAAY,CAG1CE,CAAC,IAAK;EACP,MAAM;IACJC,0BAA0B;IAC1BC,wBAAwB;IACxBC;EACF,CAAC,GAAGH,CAAC,CAACI,OAAO,CAACC,QAAQ;EACtB,OAAO;IACLC,sBAAsB,EAAEL,0BAA0B,CAACK,sBAAsB;IACzEC,mBAAmB,EAAEL,wBAAwB,CAACK,mBAAmB;IACjEC,iBAAiB,EAAEN,wBAAwB,CAACM,iBAAiB;IAC7DC,mCAAmC,EACjCP,wBAAwB,CAACO,mCAAmC;IAC9DC,IAAI,EAAER,wBAAwB,CAACS,IAAI,CAACD,IAAI;IACxCE,qCAAqC,EACnCX,0BAA0B,CAACW,qCAAqC;IAClEC,cAAc,EAAEZ,0BAA0B,CAACY,cAAc;IACzDC,yBAAyB,EACvBZ,wBAAwB,CAACa,2BAA2B;IACtDC,cAAc,EAAEd,wBAAwB,CAACc,cAAc;IACvDb;EACF,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"names":["createMapper","mapToIssuerConfig","x","oauth_authorization_server","openid_credential_issuer","federation_entity","payload","metadata","authorization_endpoint","credential_endpoint","credential_issuer","credential_configurations_supported","keys","jwks","pushed_authorization_request_endpoint","token_endpoint","status_assertion_endpoint","status_attestation_endpoint","nonce_endpoint"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/mappers.ts"],"mappings":"AACA,SAASA,YAAY,QAAQ,wBAAwB;AAGrD,OAAO,MAAMC,iBAAiB,GAAGD,YAAY,CAG1CE,CAAC,IAAK;EACP,MAAM;IACJC,0BAA0B;IAC1BC,wBAAwB;IACxBC;EACF,CAAC,GAAGH,CAAC,CAACI,OAAO,CAACC,QAAQ;EACtB,OAAO;IACLC,sBAAsB,EAAEL,0BAA0B,CAACK,sBAAsB;IACzEC,mBAAmB,EAAEL,wBAAwB,CAACK,mBAAmB;IACjEC,iBAAiB,EAAEN,wBAAwB,CAACM,iBAAiB;IAC7DC,mCAAmC,EACjCP,wBAAwB,CAACO,mCAAmC;IAC9DC,IAAI,EAAE,CACJ,GAAGR,wBAAwB,CAACS,IAAI,CAACD,IAAI,EACrC,GAAGT,0BAA0B,CAACU,IAAI,CAACD,IAAI,CACxC;IACDE,qCAAqC,EACnCX,0BAA0B,CAACW,qCAAqC;IAClEC,cAAc,EAAEZ,0BAA0B,CAACY,cAAc;IACzDC,yBAAyB,EACvBZ,wBAAwB,CAACa,2BAA2B;IACtDC,cAAc,EAAEd,wBAAwB,CAACc,cAAc;IACvDb;EACF,CAAC;AACH,CAAC,CAAC"}

package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js

@@ -1,5 +1,4 @@
 import { fetchMetadata } from "@pagopa/io-wallet-oid4vci";
-import { partialCallbacks } from "../../../utils/callbacks";
 import { sdkConfigV1_3 } from "../../../utils/config";
 import { mapToIssuerConfig } from "./mappers";
 export const evaluateIssuerTrust = async function (issuerUrl) {
@@ -8,7 +7,6 @@ export const evaluateIssuerTrust = async function (issuerUrl) {
     config: sdkConfigV1_3,
     credentialIssuerUrl: issuerUrl,
     callbacks: {
-      ...partialCallbacks,
       fetch: context.appFetch
     }
   });

package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map

@@ -1 +1 @@
-{"version":3,"names":["fetchMetadata","partialCallbacks","sdkConfigV1_3","mapToIssuerConfig","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","config","credentialIssuerUrl","callbacks","fetch","appFetch","issuerConf"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":"AAAA,SACEA,aAAa,QAER,2BAA2B;AAClC,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,aAAa,QAAQ,uBAAuB;AAErD,SAASC,iBAAiB,QAAQ,WAAW;AAE7C,OAAO,MAAMC,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAMV,aAAa,CAAC;IAC1CW,MAAM,EAAET,aAAa;IACrBU,mBAAmB,EAAEP,SAAS;IAC9BQ,SAAS,EAAE;MACT,GAAGZ,gBAAgB;MACnBa,KAAK,EAAER,OAAO,CAACS;IACjB;EACF,CAAC,CAA0B;EAE3B,OAAO;IAAEC,UAAU,EAAEb,iBAAiB,CAACO,cAAc;EAAE,CAAC;AAC1D,CAAC"}
+{"version":3,"names":["fetchMetadata","sdkConfigV1_3","mapToIssuerConfig","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","config","credentialIssuerUrl","callbacks","fetch","appFetch","issuerConf"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":"AAAA,SACEA,aAAa,QAER,2BAA2B;AAClC,SAASC,aAAa,QAAQ,uBAAuB;AAErD,SAASC,iBAAiB,QAAQ,WAAW;AAE7C,OAAO,MAAMC,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAMT,aAAa,CAAC;IAC1CU,MAAM,EAAET,aAAa;IACrBU,mBAAmB,EAAEP,SAAS;IAC9BQ,SAAS,EAAE;MACTC,KAAK,EAAER,OAAO,CAACS;IACjB;EACF,CAAC,CAA0B;EAE3B,OAAO;IAAEC,UAAU,EAAEb,iBAAiB,CAACO,cAAc;EAAE,CAAC;AAC1D,CAAC"}

package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js

@@ -1,9 +1,10 @@
 import { createPushedAuthorizationRequest, fetchPushedAuthorizationResponse, createClientAttestationPopJwt } from "@pagopa/io-wallet-oauth2";
+import { v4 as uuidv4 } from "uuid";
 import { LogLevel, Logger } from "../../../utils/logging";
-import { SignJWT } from "@pagopa/io-react-native-jwt";
-import { partialCallbacks } from "../../../utils/callbacks";
+import { createSignJwtFromCryptoContext, partialCallbacks } from "../../../utils/callbacks";
 import { IoWalletError } from "../../../utils/errors";
-import { selectCredentialDefinition, selectResponseMode } from "../common/authorization";
+import { sdkConfigV1_3 } from "../../../utils/config";
+import { selectCredentialDefinition } from "../common/02-start-user-authorization";
 export const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) => {
   const {
     wiaCryptoContext,
@@ -16,7 +17,6 @@ export const startUserAuthorization = async (issuerConf, credentialIds, proof, c
     Logger.log(LogLevel.ERROR, `Public key associated with kid ${clientId} not found in the device`);
     throw new IoWalletError("No public key found");
   }
-  const responseMode = selectResponseMode(issuerConf, credentialIds);
   const credentialDefinition = credentialIds.map(c => selectCredentialDefinition(issuerConf, c));
   if (proof.proofType === "mrtd-pop") {
     /**
@@ -32,12 +32,14 @@ export const startUserAuthorization = async (issuerConf, credentialIds, proof, c
       challenge_redirect_uri: redirectUri
     });
   }
-  const signerJwk = await wiaCryptoContext.getPublicKey();
-  const signJwt = async (_, payload) => ({
-    jwt: await new SignJWT(wiaCryptoContext).setPayload(payload).sign(),
-    signerJwk
-  });
+  const wiaSigner = {
+    method: "jwk",
+    alg: "ES256",
+    publicJwk: await wiaCryptoContext.getPublicKey()
+  };
+  const signJwt = createSignJwtFromCryptoContext(wiaCryptoContext);
   const parRequest = await createPushedAuthorizationRequest({
+    config: sdkConfigV1_3,
     callbacks: {
       ...partialCallbacks,
       signJwt
@@ -45,24 +47,26 @@ export const startUserAuthorization = async (issuerConf, credentialIds, proof, c
     authorizationServerMetadata: {
       require_signed_request_object: true
     },
+    jti: uuidv4(),
     clientId,
     audience: issuerConf.credential_issuer,
     authorization_details: credentialDefinition,
     codeChallengeMethodsSupported: ["S256"],
-    responseMode,
-    redirectUri
+    redirectUri,
+    dpop: {
+      signer: wiaSigner
+    }
   });
   const clientAttestationPoP = await createClientAttestationPopJwt({
+    config: sdkConfigV1_3,
     callbacks: {
+      generateRandom: partialCallbacks.generateRandom,
       signJwt
     },
     clientAttestation: walletInstanceAttestation,
     authorizationServer: issuerConf.authorization_endpoint,
-    signer: {
-      method: "jwk",
-      alg: "ES256",
-      publicJwk: signerJwk
-    }
+    signer: wiaSigner,
+    jti: uuidv4()
   });
   const {
     request_uri

package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["createPushedAuthorizationRequest","fetchPushedAuthorizationResponse","createClientAttestationPopJwt","LogLevel","Logger","SignJWT","partialCallbacks","IoWalletError","selectCredentialDefinition","selectResponseMode","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","log","ERROR","responseMode","credentialDefinition","map","c","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","signerJwk","signJwt","payload","jwt","setPayload","sign","parRequest","callbacks","authorizationServerMetadata","require_signed_request_object","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","clientAttestationPoP","clientAttestation","authorizationServer","authorization_endpoint","signer","method","alg","publicJwk","request_uri","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":"AAAA,SACEA,gCAAgC,EAChCC,gCAAgC,EAChCC,6BAA6B,QACxB,0BAA0B;AAEjC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AAEzD,SAASC,OAAO,QAAQ,6BAA6B;AACrD,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SACEC,0BAA0B,EAC1BC,kBAAkB,QACb,yBAAyB;AAEhC,OAAO,MAAMC,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbhB,MAAM,CAACqB,GAAG,CACRtB,QAAQ,CAACuB,KAAK,EACb,kCAAiCN,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIb,aAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMoB,YAAY,GAAGlB,kBAAkB,CAACE,UAAU,EAAEC,aAAa,CAAC;EAElE,MAAMgB,oBAAoB,GAAGhB,aAAa,CAACiB,GAAG,CAAEC,CAAC,IAC/CtB,0BAA0B,CAACG,UAAU,EAAEmB,CAAC,CAC1C,CAAC;EAED,IAAIjB,KAAK,CAACkB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMH,oBAAoB,CAACI,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAErB,KAAK,CAACsB,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAEpB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAMqB,SAAS,GAAG,MAAMvB,gBAAgB,CAACM,YAAY,CAAC,CAAC;EACvD,MAAMkB,OAAmC,GAAG,MAAAA,CAAOhB,CAAC,EAAEiB,OAAO,MAAM;IACjEC,GAAG,EAAE,MAAM,IAAIpC,OAAO,CAACU,gBAAgB,CAAC,CAAC2B,UAAU,CAACF,OAAO,CAAC,CAACG,IAAI,CAAC,CAAC;IACnEL;EACF,CAAC,CAAC;EAEF,MAAMM,UAAU,GAAG,MAAM5C,gCAAgC,CAAC;IACxD6C,SAAS,EAAE;MACT,GAAGvC,gBAAgB;MACnBiC;IACF,CAAC;IACDO,2BAA2B,EAAE;MAC3BC,6BAA6B,EAAE;IACjC,CAAC;IACD3B,QAAQ;IACR4B,QAAQ,EAAErC,UAAU,CAACsC,iBAAiB;IACtCC,qBAAqB,EAAEtB,oBAAoB;IAC3CuB,6BAA6B,EAAE,CAAC,MAAM,CAAC;IACvCxB,YAAY;IACZV;EACF,CAAC,CAAC;EAEF,MAAMmC,oBAAoB,GAAG,MAAMlD,6BAA6B,CAAC;IAC/D2C,SAAS,EAAE;MACTN;IACF,CAAC;IACDc,iBAAiB,EAAErC,yBAAyB;IAC5CsC,mBAAmB,EAAE3C,UAAU,CAAC4C,sBAAsB;IACtDC,MAAM,EAAE;MACNC,MAAM,EAAE,KAAK;MACbC,GAAG,EAAE,OAAO;MACZC,SAAS,EAAErB;IACb;EACF,CAAC,CAAC;EAEF,MAAM;IAAEsB;EAAY,CAAC,GAAG,MAAM3D,gCAAgC,CAAC;IAC7D4C,SAAS,EAAE;MACT1B,KAAK,EAAED;IACT,CAAC;IACD2C,kCAAkC,EAChClD,UAAU,CAACmD,qCAAqC;IAClDC,0BAA0B,EAAEnB,UAAU;IACtCoB,qBAAqB,EAAEZ,oBAAoB;IAC3Ca,iBAAiB,EAAEjD;EACrB,CAAC,CAAC;EAEF,OAAO;IACLkD,gBAAgB,EAAEN,WAAW;IAC7BxC,QAAQ;IACR+C,YAAY,EAAEvB,UAAU,CAACwB,gBAAgB;IACzCxC;EACF,CAAC;AACH,CAAC"}
+{"version":3,"names":["createPushedAuthorizationRequest","fetchPushedAuthorizationResponse","createClientAttestationPopJwt","v4","uuidv4","LogLevel","Logger","createSignJwtFromCryptoContext","partialCallbacks","IoWalletError","sdkConfigV1_3","selectCredentialDefinition","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","log","ERROR","credentialDefinition","map","c","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","wiaSigner","method","alg","publicJwk","signJwt","parRequest","config","callbacks","authorizationServerMetadata","require_signed_request_object","jti","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","dpop","signer","clientAttestationPoP","generateRandom","clientAttestation","authorizationServer","authorization_endpoint","request_uri","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":"AAAA,SACEA,gCAAgC,EAChCC,gCAAgC,EAChCC,6BAA6B,QACxB,0BAA0B;AAEjC,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AAEzD,SACEC,8BAA8B,EAC9BC,gBAAgB,QACX,0BAA0B;AACjC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,0BAA0B,QAAQ,uCAAuC;AAElF,OAAO,MAAMC,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbhB,MAAM,CAACqB,GAAG,CACRtB,QAAQ,CAACuB,KAAK,EACb,kCAAiCN,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIb,aAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMoB,oBAAoB,GAAGf,aAAa,CAACgB,GAAG,CAAEC,CAAC,IAC/CpB,0BAA0B,CAACE,UAAU,EAAEkB,CAAC,CAC1C,CAAC;EAED,IAAIhB,KAAK,CAACiB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMH,oBAAoB,CAACI,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAEpB,KAAK,CAACqB,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAEnB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAMoB,SAAuB,GAAG;IAC9BC,MAAM,EAAE,KAAK;IACbC,GAAG,EAAE,OAAO;IACZC,SAAS,EAAE,MAAMzB,gBAAgB,CAACM,YAAY,CAAC;EACjD,CAAC;EAED,MAAMoB,OAAO,GAAGpC,8BAA8B,CAACU,gBAAgB,CAAC;EAEhE,MAAM2B,UAAU,GAAG,MAAM5C,gCAAgC,CAAC;IACxD6C,MAAM,EAAEnC,aAAa;IACrBoC,SAAS,EAAE;MACT,GAAGtC,gBAAgB;MACnBmC;IACF,CAAC;IACDI,2BAA2B,EAAE;MAC3BC,6BAA6B,EAAE;IACjC,CAAC;IACDC,GAAG,EAAE7C,MAAM,CAAC,CAAC;IACbkB,QAAQ;IACR4B,QAAQ,EAAErC,UAAU,CAACsC,iBAAiB;IACtCC,qBAAqB,EAAEvB,oBAAoB;IAC3CwB,6BAA6B,EAAE,CAAC,MAAM,CAAC;IACvClC,WAAW;IACXmC,IAAI,EAAE;MACJC,MAAM,EAAEhB;IACV;EACF,CAAC,CAAC;EAEF,MAAMiB,oBAAoB,GAAG,MAAMtD,6BAA6B,CAAC;IAC/D2C,MAAM,EAAEnC,aAAa;IACrBoC,SAAS,EAAE;MACTW,cAAc,EAAEjD,gBAAgB,CAACiD,cAAc;MAC/Cd;IACF,CAAC;IACDe,iBAAiB,EAAExC,yBAAyB;IAC5CyC,mBAAmB,EAAE9C,UAAU,CAAC+C,sBAAsB;IACtDL,MAAM,EAAEhB,SAAS;IACjBU,GAAG,EAAE7C,MAAM,CAAC;EACd,CAAC,CAAC;EAEF,MAAM;IAAEyD;EAAY,CAAC,GAAG,MAAM5D,gCAAgC,CAAC;IAC7D6C,SAAS,EAAE;MACTzB,KAAK,EAAED;IACT,CAAC;IACD0C,kCAAkC,EAChCjD,UAAU,CAACkD,qCAAqC;IAClDC,0BAA0B,EAAEpB,UAAU;IACtCqB,qBAAqB,EAAET,oBAAoB;IAC3CU,iBAAiB,EAAEhD;EACrB,CAAC,CAAC;EAEF,OAAO;IACLiD,gBAAgB,EAAEN,WAAW;IAC7BvC,QAAQ;IACR8C,YAAY,EAAExB,UAAU,CAACyB,gBAAgB;IACzCxC;EACF,CAAC;AACH,CAAC"}

package/lib/module/credential/issuance/v1.3.3/04-authorize-access.js

@@ -1,10 +1,8 @@
-import { SignJWT } from "@pagopa/io-react-native-jwt";
-import { createTokenDPoP, fetchTokenResponse } from "@pagopa/io-wallet-oauth2";
+import { createClientAttestationPopJwt, createTokenDPoP, fetchTokenResponse } from "@pagopa/io-wallet-oauth2";
 import { v4 as uuidv4 } from "uuid";
-import { createPopToken } from "../../../utils/pop";
-import * as WalletInstanceAttestation from "../../../wallet-instance-attestation/v1.0.0/utils";
-import { partialCallbacks } from "../../../utils/callbacks";
+import { createSignJwtFromCryptoContext, partialCallbacks } from "../../../utils/callbacks";
 import { IoWalletError } from "../../../utils/errors";
+import { sdkConfigV1_3 } from "../../../utils/config";
 export const authorizeAccess = async (issuerConf, code, redirectUri, codeVerifier, context) => {
   const {
     appFetch = fetch,
@@ -12,31 +10,36 @@ export const authorizeAccess = async (issuerConf, code, redirectUri, codeVerifie
     wiaCryptoContext,
     dPopCryptoContext
   } = context;
-  const dPopSignerJwk = await dPopCryptoContext.getPublicKey();
   const tokenDPoP = await createTokenDPoP({
     callbacks: {
       ...partialCallbacks,
-      signJwt: async (_, payload) => ({
-        jwt: await new SignJWT(wiaCryptoContext).setPayload(payload).sign(),
-        signerJwk: dPopSignerJwk
-      })
+      signJwt: createSignJwtFromCryptoContext(dPopCryptoContext)
     },
     signer: {
-      alg: "ES256",
       method: "jwk",
-      publicJwk: dPopSignerJwk
+      alg: "ES256",
+      publicJwk: await dPopCryptoContext.getPublicKey()
     },
+    jti: uuidv4(),
     tokenRequest: {
       method: "POST",
       url: issuerConf.token_endpoint
     }
   });
-  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
-  const signedWiaPoP = await createPopToken({
-    jti: uuidv4(),
-    aud: issuerConf.credential_issuer,
-    iss
-  }, wiaCryptoContext);
+  const clientAttestationDPoP = await createClientAttestationPopJwt({
+    config: sdkConfigV1_3,
+    callbacks: {
+      generateRandom: partialCallbacks.generateRandom,
+      signJwt: createSignJwtFromCryptoContext(wiaCryptoContext)
+    },
+    clientAttestation: walletInstanceAttestation,
+    authorizationServer: issuerConf.credential_issuer,
+    signer: {
+      method: "jwk",
+      alg: "ES256",
+      publicJwk: await wiaCryptoContext.getPublicKey()
+    }
+  });
   const tokenResponse = await fetchTokenResponse({
     accessTokenEndpoint: issuerConf.token_endpoint,
     callbacks: {
@@ -45,7 +48,7 @@ export const authorizeAccess = async (issuerConf, code, redirectUri, codeVerifie
     },
     walletAttestation: walletInstanceAttestation,
     dPoP: tokenDPoP.jwt,
-    clientAttestationDPoP: signedWiaPoP,
+    clientAttestationDPoP,
     accessTokenRequest: {
       code,
       grant_type: "authorization_code",

package/lib/module/credential/issuance/v1.3.3/04-authorize-access.js.map

@@ -1 +1 @@
-{"version":3,"names":["SignJWT","createTokenDPoP","fetchTokenResponse","v4","uuidv4","createPopToken","WalletInstanceAttestation","partialCallbacks","IoWalletError","authorizeAccess","issuerConf","code","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","dPopSignerJwk","getPublicKey","tokenDPoP","callbacks","signJwt","_","payload","jwt","setPayload","sign","signerJwk","signer","alg","method","publicJwk","tokenRequest","url","token_endpoint","iss","decode","cnf","jwk","kid","signedWiaPoP","jti","aud","credential_issuer","tokenResponse","accessTokenEndpoint","walletAttestation","dPoP","clientAttestationDPoP","accessTokenRequest","grant_type","code_verifier","redirect_uri","authorization_details","accessToken"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/04-authorize-access.ts"],"mappings":"AAAA,SAASA,OAAO,QAAQ,6BAA6B;AACrD,SAASC,eAAe,EAAEC,kBAAkB,QAAQ,0BAA0B;AAC9E,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,cAAc,QAAQ,oBAAoB;AACnD,OAAO,KAAKC,yBAAyB,MAAM,mDAAmD;AAC9F,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,aAAa,QAAQ,uBAAuB;AAGrD,OAAO,MAAMC,eAA+C,GAAG,MAAAA,CAC7DC,UAAU,EACVC,IAAI,EACJC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,aAAa,GAAG,MAAMD,iBAAiB,CAACE,YAAY,CAAC,CAAC;EAC5D,MAAMC,SAAS,GAAG,MAAMrB,eAAe,CAAC;IACtCsB,SAAS,EAAE;MACT,GAAGhB,gBAAgB;MACnBiB,OAAO,EAAE,MAAAA,CAAOC,CAAC,EAAEC,OAAO,MAAM;QAC9BC,GAAG,EAAE,MAAM,IAAI3B,OAAO,CAACkB,gBAAgB,CAAC,CAACU,UAAU,CAACF,OAAO,CAAC,CAACG,IAAI,CAAC,CAAC;QACnEC,SAAS,EAAEV;MACb,CAAC;IACH,CAAC;IACDW,MAAM,EAAE;MACNC,GAAG,EAAE,OAAO;MACZC,MAAM,EAAE,KAAK;MACbC,SAAS,EAAEd;IACb,CAAC;IACDe,YAAY,EAAE;MACZF,MAAM,EAAE,MAAM;MACdG,GAAG,EAAE1B,UAAU,CAAC2B;IAClB;EACF,CAAC,CAAC;EAEF,MAAMC,GAAG,GAAGhC,yBAAyB,CAACiC,MAAM,CAACtB,yBAAyB,CAAC,CACpES,OAAO,CAACc,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,YAAY,GAAG,MAAMtC,cAAc,CACvC;IACEuC,GAAG,EAAExC,MAAM,CAAC,CAAC;IACbyC,GAAG,EAAEnC,UAAU,CAACoC,iBAAiB;IACjCR;EACF,CAAC,EACDpB,gBACF,CAAC;EAED,MAAM6B,aAAa,GAAG,MAAM7C,kBAAkB,CAAC;IAC7C8C,mBAAmB,EAAEtC,UAAU,CAAC2B,cAAc;IAC9Cd,SAAS,EAAE;MACT,GAAGhB,gBAAgB;MACnBS,KAAK,EAAED;IACT,CAAC;IACDkC,iBAAiB,EAAEhC,yBAAyB;IAC5CiC,IAAI,EAAE5B,SAAS,CAACK,GAAG;IACnBwB,qBAAqB,EAAER,YAAY;IACnCS,kBAAkB,EAAE;MAClBzC,IAAI;MACJ0C,UAAU,EAAE,oBAAoB;MAChCC,aAAa,EAAEzC,YAAY;MAC3B0C,YAAY,EAAE3C;IAChB;EACF,CAAC,CAAC;;EAEF;EACA;EACA,IAAI,CAACmC,aAAa,CAACS,qBAAqB,EAAE;IACxC,MAAM,IAAIhD,aAAa,CACrB,6DACF,CAAC;EACH;EAEA,OAAO;IACLiD,WAAW,EAAEV;EACf,CAAC;AACH,CAAC"}
+{"version":3,"names":["createClientAttestationPopJwt","createTokenDPoP","fetchTokenResponse","v4","uuidv4","createSignJwtFromCryptoContext","partialCallbacks","IoWalletError","sdkConfigV1_3","authorizeAccess","issuerConf","code","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","tokenDPoP","callbacks","signJwt","signer","method","alg","publicJwk","getPublicKey","jti","tokenRequest","url","token_endpoint","clientAttestationDPoP","config","generateRandom","clientAttestation","authorizationServer","credential_issuer","tokenResponse","accessTokenEndpoint","walletAttestation","dPoP","jwt","accessTokenRequest","grant_type","code_verifier","redirect_uri","authorization_details","accessToken"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/04-authorize-access.ts"],"mappings":"AAAA,SACEA,6BAA6B,EAC7BC,eAAe,EACfC,kBAAkB,QACb,0BAA0B;AACjC,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SACEC,8BAA8B,EAC9BC,gBAAgB,QACX,0BAA0B;AACjC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,aAAa,QAAQ,uBAAuB;AAGrD,OAAO,MAAMC,eAA+C,GAAG,MAAAA,CAC7DC,UAAU,EACVC,IAAI,EACJC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,SAAS,GAAG,MAAMnB,eAAe,CAAC;IACtCoB,SAAS,EAAE;MACT,GAAGf,gBAAgB;MACnBgB,OAAO,EAAEjB,8BAA8B,CAACc,iBAAiB;IAC3D,CAAC;IACDI,MAAM,EAAE;MACNC,MAAM,EAAE,KAAK;MACbC,GAAG,EAAE,OAAO;MACZC,SAAS,EAAE,MAAMP,iBAAiB,CAACQ,YAAY,CAAC;IAClD,CAAC;IACDC,GAAG,EAAExB,MAAM,CAAC,CAAC;IACbyB,YAAY,EAAE;MACZL,MAAM,EAAE,MAAM;MACdM,GAAG,EAAEpB,UAAU,CAACqB;IAClB;EACF,CAAC,CAAC;EAEF,MAAMC,qBAAqB,GAAG,MAAMhC,6BAA6B,CAAC;IAChEiC,MAAM,EAAEzB,aAAa;IACrBa,SAAS,EAAE;MACTa,cAAc,EAAE5B,gBAAgB,CAAC4B,cAAc;MAC/CZ,OAAO,EAAEjB,8BAA8B,CAACa,gBAAgB;IAC1D,CAAC;IACDiB,iBAAiB,EAAElB,yBAAyB;IAC5CmB,mBAAmB,EAAE1B,UAAU,CAAC2B,iBAAiB;IACjDd,MAAM,EAAE;MACNC,MAAM,EAAE,KAAK;MACbC,GAAG,EAAE,OAAO;MACZC,SAAS,EAAE,MAAMR,gBAAgB,CAACS,YAAY,CAAC;IACjD;EACF,CAAC,CAAC;EAEF,MAAMW,aAAa,GAAG,MAAMpC,kBAAkB,CAAC;IAC7CqC,mBAAmB,EAAE7B,UAAU,CAACqB,cAAc;IAC9CV,SAAS,EAAE;MACT,GAAGf,gBAAgB;MACnBU,KAAK,EAAED;IACT,CAAC;IACDyB,iBAAiB,EAAEvB,yBAAyB;IAC5CwB,IAAI,EAAErB,SAAS,CAACsB,GAAG;IACnBV,qBAAqB;IACrBW,kBAAkB,EAAE;MAClBhC,IAAI;MACJiC,UAAU,EAAE,oBAAoB;MAChCC,aAAa,EAAEhC,YAAY;MAC3BiC,YAAY,EAAElC;IAChB;EACF,CAAC,CAAC;;EAEF;EACA;EACA,IAAI,CAAC0B,aAAa,CAACS,qBAAqB,EAAE;IACxC,MAAM,IAAIxC,aAAa,CACrB,6DACF,CAAC;EACH;EAEA,OAAO;IACLyC,WAAW,EAAEV;EACf,CAAC;AACH,CAAC"}