npm - @pagopa/io-react-native-wallet - Versions diffs - 3.2.0 → 3.3.0 - Mend

@pagopa/io-react-native-wallet 3.2.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/lib/typescript/wallet-unit-attestation/api/types.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/wallet-unit-attestation/api/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAWzB;;;GAGG;AACH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAmBvC~~,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,8BAA8B,GAAG;IAC3C,qBAAqB,EAAE,MAAM,CAAC;IAC9B,gBAAgB,EAAE,MAAM,CAAC;IACzB,qBAAqB,EAAE,MAAM,CAAC;CAC/B,CAAC"}
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/wallet-unit-attestation/api/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAWzB;;;GAGG;AACH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAQvC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,8BAA8B,GAAG;IAC3C,qBAAqB,EAAE,MAAM,CAAC;IAC9B,gBAAgB,EAAE,MAAM,CAAC;IACzB,qBAAqB,EAAE,MAAM,CAAC;CAC/B,CAAC"}

package/lib/typescript/wallet-unit-attestation/v1.3.3/mappers.d.ts CHANGED Viewed

@@ -41,17 +41,6 @@ export declare const mapToDecodedWalletUnitAttestation: (input: {
                 uri: string;
             };
         };
-        eudi_wallet_info: {
-            general_info: {
-                wallet_provider_name: string;
-                wallet_solution_id: string;
-                wallet_solution_version: string;
-            };
-            key_storage_info: {
-                keys_exportable: boolean;
-                storage_type: string;
-            };
-        };
         iss: string;
         iat: number;
         exp: number;
@@ -89,17 +78,6 @@ export declare const mapToDecodedWalletUnitAttestation: (input: {
             uri: string;
         };
     };
-    eudi_wallet_info: {
-        general_info: {
-            wallet_provider_name: string;
-            wallet_solution_id: string;
-            wallet_solution_version: string;
-        };
-        key_storage_info: {
-            keys_exportable: boolean;
-            storage_type: string;
-        };
-    };
     iss: string;
     iat: number;
     exp: number;

package/lib/typescript/wallet-unit-attestation/v1.3.3/mappers.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mappers.d.ts","sourceRoot":"","sources":["../../../../src/wallet-unit-attestation/v1.3.3/mappers.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,iCAAiC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAK5C,CAAC"}
1	+ {"version":3,"file":"mappers.d.ts","sourceRoot":"","sources":["../../../../src/wallet-unit-attestation/v1.3.3/mappers.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,iCAAiC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAK5C,CAAC"}

package/lib/typescript/wallet-unit-attestation/v1.3.3/types.d.ts CHANGED Viewed

@@ -46,17 +46,6 @@ export declare const WalletUnitAttestationJwt: z.ZodObject<{
                 uri: z.ZodString;
             }, z.core.$strip>;
         }, z.core.$strip>;
-        eudi_wallet_info: z.ZodObject<{
-            general_info: z.ZodObject<{
-                wallet_provider_name: z.ZodString;
-                wallet_solution_id: z.ZodString;
-                wallet_solution_version: z.ZodString;
-            }, z.core.$strip>;
-            key_storage_info: z.ZodObject<{
-                keys_exportable: z.ZodBoolean;
-                storage_type: z.ZodString;
-            }, z.core.$strip>;
-        }, z.core.$strip>;
         iss: z.ZodString;
         iat: z.ZodNumber;
         exp: z.ZodNumber;

package/lib/typescript/wallet-unit-attestation/v1.3.3/types.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/wallet-unit-attestation/v1.3.3/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAIzB,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAChF,eAAO,MAAM,wBAAwB~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~iBAQnC,CAAC;AAEH,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CACjD,OAAO,6BAA6B,CACrC,CAAC;AACF,eAAO,MAAM,6BAA6B;;iBAExC,CAAC"}
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/wallet-unit-attestation/v1.3.3/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAIzB,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAChF,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAQnC,CAAC;AAEH,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CACjD,OAAO,6BAA6B,CACrC,CAAC;AACF,eAAO,MAAM,6BAA6B;;iBAExC,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "3.2.0",
+  "version": "3.3.0",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -140,11 +140,11 @@
     ]
   },
   "dependencies": {
-    "@pagopa/io-wallet-oauth2": "1.2.1",
-    "@pagopa/io-wallet-oid4vci": "1.2.1",
-    "@pagopa/io-wallet-oid4vp": "1.2.1",
-    "@pagopa/io-wallet-oid-federation": "1.2.1",
-    "@pagopa/io-wallet-utils": "1.2.1",
+    "@pagopa/io-wallet-oauth2": "1.4.0",
+    "@pagopa/io-wallet-oid4vci": "1.4.0",
+    "@pagopa/io-wallet-oid4vp": "1.4.0",
+    "@pagopa/io-wallet-oid-federation": "1.4.0",
+    "@pagopa/io-wallet-utils": "1.4.0",
     "@sd-jwt/core": "^0.19.0",
     "@sd-jwt/crypto-nodejs": "^0.19.0",
     "@sd-jwt/jwt-status-list": "^0.19.0",

package/src/credential/issuance/api/06-verify-and-parse-credential.ts CHANGED Viewed

@@ -32,6 +32,10 @@ export interface VerifyAndParseCredentialApi {
        * Include attributes that are not explicitly mapped in the issuer configuration.
        */
       includeUndefinedAttributes?: boolean;
+      /**
+       * Validate the certificate chain of the credential against the provided `x509CertRoot`.
+       */
+      validateCertificateChain?: boolean;
     },
     x509CertRoot?: string
   ): Promise<{

package/src/credential/issuance/common/02-start-user-authorization.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { IoWalletError } from "../../../utils/errors";
 import { LogLevel, Logger } from "../../../utils/logging";
 import { AuthorizationDetail } from "../../../utils/par";
 import type { IssuerConfig } from "../api";
@@ -30,7 +31,7 @@ export const selectCredentialDefinition = (
       LogLevel.ERROR,
       `Requested credential ${credentialId} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`
     );
-    throw new Error(`No credential support the type '${credentialId}'`);
+    throw new IoWalletError(`No credential support the type '${credentialId}'`);
   }
   return result;
 };
@@ -61,7 +62,7 @@ export const selectResponseMode = (
       LogLevel.ERROR,
       `${credentialIds} have incompatible response_mode: ${[...responseModeSet.values()]}`
     );
-    throw new Error(
+    throw new IoWalletError(
       "Requested credentials have incompatible response_mode and cannot be requested with the same PAR request"
     );
   }
@@ -79,7 +80,9 @@ export const selectResponseMode = (
       LogLevel.ERROR,
       `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`
     );
-    throw new Error(`No response mode support for IDs '${credentialIds}'`);
+    throw new IoWalletError(
+      `No response mode support for IDs '${credentialIds}'`
+    );
   }
   return responseMode!;

package/src/credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts CHANGED Viewed

@@ -1,16 +1,18 @@
 import {
-  getJwkFromHeader,
   type CryptoContext,
-  decode,
+  verify as verifyJwt,
 } from "@pagopa/io-react-native-jwt";
 import { type SDJwt, SDJwtInstance } from "@sd-jwt/core";
-import { digest, ES256 } from "@sd-jwt/crypto-nodejs";
+import { digest } from "@sd-jwt/crypto-nodejs";
+import type { Verifier } from "@sd-jwt/types";
 import { isPathEqual, isPrefixOf } from "../../../utils/parser";
 import { IoWalletError } from "../../../utils/errors";
 import { LogLevel, Logger } from "../../../utils/logging";
 import { isSameThumbprint, type JWK } from "../../../utils/jwk";
 import type { SdJwt4VCBase } from "../../../sd-jwt/types";
 import { fixLegacyCredentialSdJwt } from "../../../utils/credentials";
+import { verifyX509Chain } from "../../../utils/x509";
+import { MissingX509CertsError } from "../../../trust/common/errors";
 import type { IssuanceApi, IssuerConfig, ParsedCredential } from "../api";
 type CredentialConf =
@@ -151,6 +153,27 @@ const parseCredentialSdJwt = (
   return processLevel(parsedCredentialRaw, []) as ParsedCredential;
 };
+/**
+ * JWT verifier implementing the interface expected by the SD-JWT library.
+ * Verification is delegated to `io-react-native-jwt` to leverage its support for multiple algorithms.
+ * @returns Boolean indicating whether the verification succeeded or not
+ */
+const sdJwtInstanceVerifier: Verifier<{ issuerKeys: JWK[] }> = async (
+  data,
+  signature,
+  options
+) => {
+  if (!options?.issuerKeys) {
+    return false;
+  }
+  try {
+    await verifyJwt(`${data}.${signature}`, options.issuerKeys);
+    return true;
+  } catch {
+    return false;
+  }
+};
 /**
  * Given a credential, verify it's in the supported format
  * and the credential is correctly signed
@@ -171,16 +194,13 @@ async function verifyCredentialSdJwt(
   issuerKeys: JWK[],
   holderBindingContext: CryptoContext
 ): Promise<SDJwt> {
-  const { protectedHeader } = decode(rawCredential);
-  const verifierJwk = getJwkFromHeader(protectedHeader, issuerKeys);
   const sdJwtInstance = new SDJwtInstance({
     hasher: digest,
-    verifier: await ES256.getVerifier(verifierJwk),
+    verifier: sdJwtInstanceVerifier,
   });
   const [verifiedCredential, holderBindingKey] = await Promise.all([
-    sdJwtInstance.verify(rawCredential),
+    sdJwtInstance.verify(rawCredential, { issuerKeys }),
     holderBindingContext.getPublicKey(),
   ]);
@@ -203,7 +223,9 @@ export const verifyAndParseCredentialSdJwt: IssuanceApi["verifyAndParseCredentia
       credentialCryptoContext,
       ignoreMissingAttributes,
       includeUndefinedAttributes,
-    }
+      validateCertificateChain,
+    },
+    x509CertRoot
   ) => {
     const decoded = await verifyCredentialSdJwt(
       credential,
@@ -216,6 +238,17 @@ export const verifyAndParseCredentialSdJwt: IssuanceApi["verifyAndParseCredentia
       `Decoded credential: ${JSON.stringify(decoded)}`
     );
+    if (validateCertificateChain) {
+      if (!x509CertRoot) {
+        throw new IoWalletError("Missing x509CertRoot");
+      }
+      const x5c = decoded.jwt?.header?.x5c as string[] | undefined;
+      if (!x5c || !Array.isArray(x5c) || x5c.length === 0) {
+        throw new MissingX509CertsError("Missing x509 certificates");
+      }
+      await verifyX509Chain(x5c, x509CertRoot);
+    }
     const credentialConfig =
       issuerConf.credential_configurations_supported[credentialConfigurationId];

package/src/credential/issuance/mrtd-pop/02-init-challenge.ts CHANGED Viewed

@@ -1,61 +1,85 @@
-import { v4 as uuidv4 } from "uuid";
-import { fetchMrtdPopInit } from "@pagopa/io-wallet-oauth2";
-import { UnexpectedStatusCodeError as SdkUnexpectedStatusCodeError } from "@pagopa/io-wallet-utils";
-import { createPopToken } from "../../../utils/pop";
+import {
+  createClientAttestationPopJwt,
+  fetchMrtdPopInit,
+} from "@pagopa/io-wallet-oauth2";
+import {
+  IoWalletSdkConfig,
+  UnexpectedStatusCodeError as SdkUnexpectedStatusCodeError,
+} from "@pagopa/io-wallet-utils";
 import { Logger, LogLevel } from "../../../utils/logging";
-import * as WalletInstanceAttestation from "../../../wallet-instance-attestation/v1.0.0/utils"; // TODO: decouple from version 1.0.0
 import {
   IssuerResponseError,
   IssuerResponseErrorCodes,
   ResponseErrorBuilder,
 } from "../../../utils/errors";
 import type { MRTDPoPApi } from "../api/mrtd-pop";
-import { createVerifyJwtFromJwks } from "../../../utils/callbacks";
+import {
+  createSignJwtFromCryptoContext,
+  createVerifyJwtFromJwks,
+  partialCallbacks,
+} from "../../../utils/callbacks";
-export const initChallenge: MRTDPoPApi["initChallenge"] = async (
-  issuerConf,
-  initUrl,
-  mrtd_auth_session,
-  mrtd_pop_jwt_nonce,
-  context
-) => {
-  const {
-    appFetch = fetch,
-    walletInstanceAttestation,
-    wiaCryptoContext,
-  } = context;
+type Config = {
+  sdkConfig: IoWalletSdkConfig;
+};
-  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation)
-    .payload.cnf.jwk.kid;
+/**
+ * Factory function to create `initChallenge` for MRTD PoP flow.
+ * The factory is needed to inject version specific SDK configuration.
+ * @param config Configuration object containing the IO Wallet SDK configuration
+ * @returns `initChallenge` function compliant with the public API
+ */
+export function createInitChallenge(
+  config: Config
+): MRTDPoPApi["initChallenge"] {
+  return async function initChallenge(
+    issuerConf,
+    initUrl,
+    mrtd_auth_session,
+    mrtd_pop_jwt_nonce,
+    context
+  ) {
+    const {
+      appFetch = fetch,
+      walletInstanceAttestation,
+      wiaCryptoContext,
+    } = context;
-  const signedWiaPoP = await createPopToken(
-    {
-      jti: uuidv4(),
-      aud: issuerConf.credential_issuer,
-      iss,
-    },
-    wiaCryptoContext
-  );
+    const clientAttestationDPoP = await createClientAttestationPopJwt({
+      config: config.sdkConfig,
+      callbacks: {
+        generateRandom: partialCallbacks.generateRandom,
+        signJwt: createSignJwtFromCryptoContext(wiaCryptoContext),
+      },
+      clientAttestation: walletInstanceAttestation,
+      authorizationServer: issuerConf.credential_issuer,
+      signer: {
+        method: "jwk",
+        alg: "ES256",
+        publicJwk: await wiaCryptoContext.getPublicKey(),
+      },
+    });
-  const initResult = await fetchMrtdPopInit({
-    popInitEndpoint: initUrl,
-    mrtdAuthSession: mrtd_auth_session,
-    mrtdPopJwtNonce: mrtd_pop_jwt_nonce,
-    walletAttestation: walletInstanceAttestation,
-    clientAttestationDPoP: signedWiaPoP,
-    callbacks: {
-      verifyJwt: createVerifyJwtFromJwks(issuerConf.keys),
-      fetch: appFetch,
-    },
-  }).catch(handleInitChallengeError);
+    const initResult = await fetchMrtdPopInit({
+      popInitEndpoint: initUrl,
+      mrtdAuthSession: mrtd_auth_session,
+      mrtdPopJwtNonce: mrtd_pop_jwt_nonce,
+      walletAttestation: walletInstanceAttestation,
+      clientAttestationDPoP,
+      callbacks: {
+        verifyJwt: createVerifyJwtFromJwks(issuerConf.keys),
+        fetch: appFetch,
+      },
+    }).catch(handleInitChallengeError);
-  return {
-    challenge: initResult.challenge,
-    mrtd_pop_nonce: initResult.mrtdPopNonce,
-    pop_verify_endpoint: initResult.popVerifyEndpoint,
-    mrz: initResult.mrz,
+    return {
+      challenge: initResult.challenge,
+      mrtd_pop_nonce: initResult.mrtdPopNonce,
+      pop_verify_endpoint: initResult.popVerifyEndpoint,
+      mrz: initResult.mrz,
+    };
   };
-};
+}
 const handleInitChallengeError = (e: unknown) => {
   Logger.log(LogLevel.ERROR, `Failed to get MRTD challenge: ${e}`);

package/src/credential/issuance/mrtd-pop/03-validate-challenge.ts CHANGED Viewed

@@ -1,76 +1,98 @@
 import { SignJWT } from "@pagopa/io-react-native-jwt";
-import { fetchMrtdPopVerify } from "@pagopa/io-wallet-oauth2";
-import { v4 as uuidv4 } from "uuid";
-import { createPopToken } from "../../../utils/pop";
-import * as WalletInstanceAttestation from "../../../wallet-instance-attestation/v1.0.0/utils"; // TODO: decouple from 1.0.0 version
+import {
+  createClientAttestationPopJwt,
+  fetchMrtdPopVerify,
+} from "@pagopa/io-wallet-oauth2";
+import type { IoWalletSdkConfig } from "@pagopa/io-wallet-utils";
 import { sdkUnexpectedStatusCodeToIssuerError } from "../../../utils/errors";
-import { partialCallbacks } from "../../../utils/callbacks";
+import {
+  createSignJwtFromCryptoContext,
+  partialCallbacks,
+} from "../../../utils/callbacks";
 import type { MRTDPoPApi } from "../api/mrtd-pop";
-export const validateChallenge: MRTDPoPApi["validateChallenge"] = async (
-  issuerConf,
-  verifyUrl,
-  mrtd_auth_session,
-  mrtd_pop_nonce,
-  mrtd,
-  ias,
-  context
-) => {
-  const {
-    appFetch = fetch,
-    walletInstanceAttestation,
-    wiaCryptoContext,
-  } = context;
+type Config = {
+  sdkConfig: IoWalletSdkConfig;
+};
+/**
+ * Factory function to create `validateChallenge` for MRTD PoP flow.
+ * The factory is needed to inject version specific SDK configuration.
+ * @param config Configuration object containing the IO Wallet SDK configuration
+ * @returns `validateChallenge` function compliant with the public API
+ */
+export function createValidateChallenge(
+  config: Config
+): MRTDPoPApi["validateChallenge"] {
+  return async function validateChallenge(
+    issuerConf,
+    verifyUrl,
+    mrtd_auth_session,
+    mrtd_pop_nonce,
+    mrtd,
+    ias,
+    context
+  ) {
+    const {
+      appFetch = fetch,
+      walletInstanceAttestation,
+      wiaCryptoContext,
+    } = context;
-  const aud = issuerConf.credential_issuer;
-  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation)
-    .payload.cnf.jwk.kid;
+    const aud = issuerConf.credential_issuer;
-  const signedWiaPoP = await createPopToken(
-    {
-      jti: uuidv4(),
-      aud,
-      iss,
-    },
-    wiaCryptoContext
-  );
+    const wiaPublicJwk = await wiaCryptoContext.getPublicKey();
-  const { kid } = await wiaCryptoContext.getPublicKey();
+    const clientAttestationDPoP = await createClientAttestationPopJwt({
+      config: config.sdkConfig,
+      callbacks: {
+        generateRandom: partialCallbacks.generateRandom,
+        signJwt: createSignJwtFromCryptoContext(wiaCryptoContext),
+      },
+      clientAttestation: walletInstanceAttestation,
+      authorizationServer: aud,
+      signer: {
+        method: "jwk",
+        alg: "ES256",
+        publicJwk: wiaPublicJwk,
+      },
+    });
-  const mrtdValidationJwt = await new SignJWT(wiaCryptoContext)
-    .setProtectedHeader({
-      typ: "mrtd-ias+jwt",
-      kid,
-    })
-    .setPayload({
-      iss,
-      aud,
-      document_type: "cie",
-      mrtd,
-      ias,
-    })
-    .setIssuedAt()
-    .setExpirationTime("5m")
-    .sign();
+    const mrtdValidationJwt = await new SignJWT(wiaCryptoContext)
+      .setProtectedHeader({
+        typ: "mrtd-ias+jwt",
+        kid: wiaPublicJwk.kid,
+      })
+      .setPayload({
+        iss: wiaPublicJwk.kid,
+        aud,
+        document_type: "cie",
+        mrtd,
+        ias,
+      })
+      .setIssuedAt()
+      .setExpirationTime("5m")
+      .sign();
-  const verifyResult = await fetchMrtdPopVerify({
-    popVerifyEndpoint: verifyUrl,
-    mrtdAuthSession: mrtd_auth_session,
-    mrtdPopNonce: mrtd_pop_nonce,
-    clientAttestationDPoP: signedWiaPoP,
-    mrtdValidationJwt,
-    walletAttestation: walletInstanceAttestation,
-    callbacks: {
-      fetch: appFetch,
-      ...partialCallbacks,
-    },
-  }).catch(sdkUnexpectedStatusCodeToIssuerError);
+    const verifyResult = await fetchMrtdPopVerify({
+      popVerifyEndpoint: verifyUrl,
+      mrtdAuthSession: mrtd_auth_session,
+      mrtdPopNonce: mrtd_pop_nonce,
+      clientAttestationDPoP,
+      mrtdValidationJwt,
+      walletAttestation: walletInstanceAttestation,
+      callbacks: {
+        fetch: appFetch,
+        ...partialCallbacks,
+      },
+    }).catch(sdkUnexpectedStatusCodeToIssuerError);
-  return {
-    redirect_uri: verifyResult.redirectUri,
-    mrtd_val_pop_nonce: verifyResult.mrtdValPopNonce,
+    return {
+      redirect_uri: verifyResult.redirectUri,
+      mrtd_val_pop_nonce: verifyResult.mrtdValPopNonce,
+    };
   };
-};
+}
 export const buildChallengeCallbackUrl: MRTDPoPApi["buildChallengeCallbackUrl"] =
   async (redirectUri, valPopNonce, authSession) => {

package/src/credential/issuance/mrtd-pop/index.ts CHANGED Viewed

@@ -1,14 +1,22 @@
+import { sdkConfigV1_0, sdkConfigV1_3 } from "../../../utils/config";
 import type { MRTDPoPApi } from "../api/mrtd-pop";
 import { verifyAndParseChallengeInfo } from "./01-verify-and-parse-challenge-info";
-import { initChallenge } from "./02-init-challenge";
+import { createInitChallenge } from "./02-init-challenge";
 import {
-  validateChallenge,
+  createValidateChallenge,
   buildChallengeCallbackUrl,
 } from "./03-validate-challenge";
-export const MRTDPoP: MRTDPoPApi = {
+export const MRTDPoPv1_0: MRTDPoPApi = {
   verifyAndParseChallengeInfo,
-  initChallenge,
-  validateChallenge,
+  initChallenge: createInitChallenge({ sdkConfig: sdkConfigV1_0 }),
+  validateChallenge: createValidateChallenge({ sdkConfig: sdkConfigV1_0 }),
+  buildChallengeCallbackUrl,
+};
+export const MRTDPoPv1_3: MRTDPoPApi = {
+  verifyAndParseChallengeInfo,
+  initChallenge: createInitChallenge({ sdkConfig: sdkConfigV1_3 }),
+  validateChallenge: createValidateChallenge({ sdkConfig: sdkConfigV1_3 }),
   buildChallengeCallbackUrl,
 };

package/src/credential/issuance/v1.0.0/02-start-user-authorization.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import type { IssuanceApi } from "../api";
 import {
   selectCredentialDefinition,
   selectResponseMode,
-} from "../common/authorization";
+} from "../common/02-start-user-authorization";
 export const startUserAuthorization: IssuanceApi["startUserAuthorization"] =
   async (issuerConf, credentialIds, proof, ctx) => {

package/src/credential/issuance/v1.0.0/index.ts CHANGED Viewed

@@ -14,7 +14,7 @@ import {
   obtainCredentialsBatch,
 } from "./05-obtain-credential";
 import { verifyAndParseCredential } from "./06-verify-and-parse-credential";
-import { MRTDPoP } from "../mrtd-pop";
+import { MRTDPoPv1_0 } from "../mrtd-pop";
 export const Issuance: IssuanceApi = {
   evaluateIssuerTrust,
@@ -28,5 +28,5 @@ export const Issuance: IssuanceApi = {
   obtainCredential,
   obtainCredentialsBatch,
   verifyAndParseCredential,
-  MRTDPoP,
+  MRTDPoP: MRTDPoPv1_0,
 };

package/src/credential/issuance/v1.0.0/mappers.ts CHANGED Viewed

@@ -17,7 +17,10 @@ export const mapToIssuerConfig = createMapper<
     credential_issuer: openid_credential_issuer.credential_issuer,
     credential_configurations_supported:
       openid_credential_issuer.credential_configurations_supported,
-    keys: openid_credential_issuer.jwks.keys,
+    keys: [
+      ...openid_credential_issuer.jwks.keys,
+      ...oauth_authorization_server.jwks.keys,
+    ],
     pushed_authorization_request_endpoint:
       oauth_authorization_server.pushed_authorization_request_endpoint,
     token_endpoint: oauth_authorization_server.token_endpoint,

package/src/credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts CHANGED Viewed

@@ -2,7 +2,6 @@ import {
   fetchMetadata,
   type MetadataResponseV1_3,
 } from "@pagopa/io-wallet-oid4vci";
-import { partialCallbacks } from "../../../utils/callbacks";
 import { sdkConfigV1_3 } from "../../../utils/config";
 import type { IssuanceApi } from "../api";
 import { mapToIssuerConfig } from "./mappers";
@@ -15,7 +14,6 @@ export const evaluateIssuerTrust: IssuanceApi["evaluateIssuerTrust"] = async (
     config: sdkConfigV1_3,
     credentialIssuerUrl: issuerUrl,
     callbacks: {
-      ...partialCallbacks,
       fetch: context.appFetch,
     },
   })) as MetadataResponseV1_3;