@pagopa/io-wallet-oid4vci 0.3.0 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +32 -4
- package/dist/index.d.mts +39 -27
- package/dist/index.d.ts +39 -27
- package/dist/index.js +28 -11
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +25 -13
- package/dist/index.mjs.map +1 -1
- package/package.json +13 -10
package/README.md
CHANGED
|
@@ -19,10 +19,10 @@ yarn add @pagopa/io-wallet-oid4vci
|
|
|
19
19
|
### Wallet Provider
|
|
20
20
|
|
|
21
21
|
```typescript
|
|
22
|
-
import {
|
|
22
|
+
import { WalletProvider } from '@pagopa/io-wallet-oid4vci';
|
|
23
23
|
|
|
24
24
|
// Initialize the provider with required options
|
|
25
|
-
const walletProvider = new
|
|
25
|
+
const walletProvider = new WalletProvider({
|
|
26
26
|
// Openid4vciWalletProviderOptions configuration
|
|
27
27
|
// Add your specific configuration here
|
|
28
28
|
});
|
|
@@ -33,7 +33,7 @@ const walletProvider = new ItWalletProvider({
|
|
|
33
33
|
Create wallet attestations required during the OID4VCI flow:
|
|
34
34
|
|
|
35
35
|
```typescript
|
|
36
|
-
import {
|
|
36
|
+
import { WalletProvider, WalletAttestationOptions } from '@pagopa/io-wallet-oid4vci';
|
|
37
37
|
|
|
38
38
|
// Create wallet attestation
|
|
39
39
|
const attestationOptions: WalletAttestationOptions = {
|
|
@@ -65,4 +65,32 @@ The wallet attestation JWT can then be used in the OID4VCI protocol flow to prov
|
|
|
65
65
|
|
|
66
66
|
## API Reference
|
|
67
67
|
|
|
68
|
-
`
|
|
68
|
+
`WalletProvider`: A class that extends Openid4vciWalletProvider to provide specialized methods for the Italian Wallet ecosystem.
|
|
69
|
+
|
|
70
|
+
## Errors
|
|
71
|
+
|
|
72
|
+
```typescript
|
|
73
|
+
export class Oid4vciError extends Error {
|
|
74
|
+
constructor(
|
|
75
|
+
message: string,
|
|
76
|
+
public readonly statusCode?: number,
|
|
77
|
+
) {
|
|
78
|
+
super(message);
|
|
79
|
+
this.name = "Oid4vciError";
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
```
|
|
83
|
+
Generic error thrown on Oid4vci operations
|
|
84
|
+
|
|
85
|
+
Error thrown in case the DPoP key passed to the `WalletProvider.createItWalletAttestationJwt` method doesn't contain a kid
|
|
86
|
+
```typescript
|
|
87
|
+
export class WalletProviderError extends Oid {
|
|
88
|
+
constructor(
|
|
89
|
+
message: string,
|
|
90
|
+
public readonly originalError?: unknown,
|
|
91
|
+
) {
|
|
92
|
+
super(message);
|
|
93
|
+
this.name = "WalletProviderError";
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
```
|
package/dist/index.d.mts
CHANGED
|
@@ -1,5 +1,22 @@
|
|
|
1
1
|
import { ClientAttestationJwtPayload } from '@openid4vc/oauth2';
|
|
2
|
-
import { Openid4vciWalletProvider
|
|
2
|
+
import { Openid4vciWalletProvider } from '@openid4vc/openid4vci';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Generic error thrown on Oid4vci operations
|
|
6
|
+
*/
|
|
7
|
+
declare class Oid4vciError extends Error {
|
|
8
|
+
readonly statusCode?: number | undefined;
|
|
9
|
+
constructor(message: string, statusCode?: number | undefined);
|
|
10
|
+
}
|
|
11
|
+
/**
|
|
12
|
+
* Error thrown in case the DPoP key passed to the
|
|
13
|
+
* {@link WalletProvider.createItWalletAttestationJwt} method
|
|
14
|
+
* doesn't contain a kid
|
|
15
|
+
*/
|
|
16
|
+
declare class WalletProviderError extends Oid4vciError {
|
|
17
|
+
readonly originalError?: unknown;
|
|
18
|
+
constructor(message: string, originalError?: unknown);
|
|
19
|
+
}
|
|
3
20
|
|
|
4
21
|
/**
|
|
5
22
|
* @interface WalletAttestationOptions
|
|
@@ -7,58 +24,53 @@ import { Openid4vciWalletProvider, Openid4vciWalletProviderOptions } from '@open
|
|
|
7
24
|
* This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.
|
|
8
25
|
*/
|
|
9
26
|
interface WalletAttestationOptions {
|
|
10
|
-
/**
|
|
11
|
-
* The issuer of the attestation, typically the Wallet Provider's identifier.
|
|
12
|
-
* @type {string}
|
|
13
|
-
*/
|
|
14
|
-
issuer: string;
|
|
15
27
|
/**
|
|
16
28
|
* The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.
|
|
17
29
|
* This key is used to bind the attestation to the client's session.
|
|
18
30
|
* @type {ClientAttestationJwtPayload['cnf']}
|
|
19
31
|
*/
|
|
20
32
|
dpopJwkPublic: ClientAttestationJwtPayload["cnf"]["jwk"];
|
|
33
|
+
/**
|
|
34
|
+
* The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.
|
|
35
|
+
* @type {Date}
|
|
36
|
+
*/
|
|
37
|
+
expiresAt?: Date;
|
|
38
|
+
/**
|
|
39
|
+
* The issuer of the attestation, typically the Wallet Provider's identifier.
|
|
40
|
+
* @type {string}
|
|
41
|
+
*/
|
|
42
|
+
issuer: string;
|
|
21
43
|
signer: {
|
|
22
|
-
/**
|
|
23
|
-
* The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.
|
|
24
|
-
* @type {string}
|
|
25
|
-
*/
|
|
26
|
-
walletProviderJwkPublicKid: string;
|
|
27
44
|
/**
|
|
28
45
|
* An array of JWTs representing the chain of trust from the federation's trust anchor
|
|
29
46
|
* to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.
|
|
30
47
|
* @type {[string, ...string[]]}
|
|
31
48
|
*/
|
|
32
49
|
trustChain: [string, ...string[]];
|
|
50
|
+
/**
|
|
51
|
+
* The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.
|
|
52
|
+
* @type {string}
|
|
53
|
+
*/
|
|
54
|
+
walletProviderJwkPublicKid: string;
|
|
33
55
|
};
|
|
34
|
-
/**
|
|
35
|
-
* An optional display name for the wallet.
|
|
36
|
-
* @type {string}
|
|
37
|
-
*/
|
|
38
|
-
walletName?: string;
|
|
39
56
|
/**
|
|
40
57
|
* An optional deep link or URL that can be used to open or interact with the wallet.
|
|
41
58
|
* @type {string}
|
|
42
59
|
*/
|
|
43
60
|
walletLink?: string;
|
|
44
61
|
/**
|
|
45
|
-
*
|
|
46
|
-
* @type {
|
|
62
|
+
* An optional display name for the wallet.
|
|
63
|
+
* @type {string}
|
|
47
64
|
*/
|
|
48
|
-
|
|
65
|
+
walletName?: string;
|
|
49
66
|
}
|
|
50
67
|
/**
|
|
51
|
-
* @class
|
|
68
|
+
* @class WalletProvider
|
|
52
69
|
* @extends Openid4vciWalletProvider
|
|
53
70
|
* @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).
|
|
54
71
|
* It handles the creation of wallet attestations required during the credential issuance flow.
|
|
55
72
|
*/
|
|
56
|
-
declare class
|
|
57
|
-
/**
|
|
58
|
-
* @constructor
|
|
59
|
-
* @param {Openid4vciWalletProviderOptions} options - The configuration options for the provider.
|
|
60
|
-
*/
|
|
61
|
-
constructor(options: Openid4vciWalletProviderOptions);
|
|
73
|
+
declare class WalletProvider extends Openid4vciWalletProvider {
|
|
62
74
|
/**
|
|
63
75
|
* Creates a wallet attestation JWT.
|
|
64
76
|
*
|
|
@@ -74,4 +86,4 @@ declare class ItWalletProvider extends Openid4vciWalletProvider {
|
|
|
74
86
|
createItWalletAttestationJwt(options: WalletAttestationOptions): Promise<string>;
|
|
75
87
|
}
|
|
76
88
|
|
|
77
|
-
export {
|
|
89
|
+
export { Oid4vciError, type WalletAttestationOptions, WalletProvider, WalletProviderError };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,22 @@
|
|
|
1
1
|
import { ClientAttestationJwtPayload } from '@openid4vc/oauth2';
|
|
2
|
-
import { Openid4vciWalletProvider
|
|
2
|
+
import { Openid4vciWalletProvider } from '@openid4vc/openid4vci';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Generic error thrown on Oid4vci operations
|
|
6
|
+
*/
|
|
7
|
+
declare class Oid4vciError extends Error {
|
|
8
|
+
readonly statusCode?: number | undefined;
|
|
9
|
+
constructor(message: string, statusCode?: number | undefined);
|
|
10
|
+
}
|
|
11
|
+
/**
|
|
12
|
+
* Error thrown in case the DPoP key passed to the
|
|
13
|
+
* {@link WalletProvider.createItWalletAttestationJwt} method
|
|
14
|
+
* doesn't contain a kid
|
|
15
|
+
*/
|
|
16
|
+
declare class WalletProviderError extends Oid4vciError {
|
|
17
|
+
readonly originalError?: unknown;
|
|
18
|
+
constructor(message: string, originalError?: unknown);
|
|
19
|
+
}
|
|
3
20
|
|
|
4
21
|
/**
|
|
5
22
|
* @interface WalletAttestationOptions
|
|
@@ -7,58 +24,53 @@ import { Openid4vciWalletProvider, Openid4vciWalletProviderOptions } from '@open
|
|
|
7
24
|
* This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.
|
|
8
25
|
*/
|
|
9
26
|
interface WalletAttestationOptions {
|
|
10
|
-
/**
|
|
11
|
-
* The issuer of the attestation, typically the Wallet Provider's identifier.
|
|
12
|
-
* @type {string}
|
|
13
|
-
*/
|
|
14
|
-
issuer: string;
|
|
15
27
|
/**
|
|
16
28
|
* The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.
|
|
17
29
|
* This key is used to bind the attestation to the client's session.
|
|
18
30
|
* @type {ClientAttestationJwtPayload['cnf']}
|
|
19
31
|
*/
|
|
20
32
|
dpopJwkPublic: ClientAttestationJwtPayload["cnf"]["jwk"];
|
|
33
|
+
/**
|
|
34
|
+
* The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.
|
|
35
|
+
* @type {Date}
|
|
36
|
+
*/
|
|
37
|
+
expiresAt?: Date;
|
|
38
|
+
/**
|
|
39
|
+
* The issuer of the attestation, typically the Wallet Provider's identifier.
|
|
40
|
+
* @type {string}
|
|
41
|
+
*/
|
|
42
|
+
issuer: string;
|
|
21
43
|
signer: {
|
|
22
|
-
/**
|
|
23
|
-
* The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.
|
|
24
|
-
* @type {string}
|
|
25
|
-
*/
|
|
26
|
-
walletProviderJwkPublicKid: string;
|
|
27
44
|
/**
|
|
28
45
|
* An array of JWTs representing the chain of trust from the federation's trust anchor
|
|
29
46
|
* to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.
|
|
30
47
|
* @type {[string, ...string[]]}
|
|
31
48
|
*/
|
|
32
49
|
trustChain: [string, ...string[]];
|
|
50
|
+
/**
|
|
51
|
+
* The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.
|
|
52
|
+
* @type {string}
|
|
53
|
+
*/
|
|
54
|
+
walletProviderJwkPublicKid: string;
|
|
33
55
|
};
|
|
34
|
-
/**
|
|
35
|
-
* An optional display name for the wallet.
|
|
36
|
-
* @type {string}
|
|
37
|
-
*/
|
|
38
|
-
walletName?: string;
|
|
39
56
|
/**
|
|
40
57
|
* An optional deep link or URL that can be used to open or interact with the wallet.
|
|
41
58
|
* @type {string}
|
|
42
59
|
*/
|
|
43
60
|
walletLink?: string;
|
|
44
61
|
/**
|
|
45
|
-
*
|
|
46
|
-
* @type {
|
|
62
|
+
* An optional display name for the wallet.
|
|
63
|
+
* @type {string}
|
|
47
64
|
*/
|
|
48
|
-
|
|
65
|
+
walletName?: string;
|
|
49
66
|
}
|
|
50
67
|
/**
|
|
51
|
-
* @class
|
|
68
|
+
* @class WalletProvider
|
|
52
69
|
* @extends Openid4vciWalletProvider
|
|
53
70
|
* @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).
|
|
54
71
|
* It handles the creation of wallet attestations required during the credential issuance flow.
|
|
55
72
|
*/
|
|
56
|
-
declare class
|
|
57
|
-
/**
|
|
58
|
-
* @constructor
|
|
59
|
-
* @param {Openid4vciWalletProviderOptions} options - The configuration options for the provider.
|
|
60
|
-
*/
|
|
61
|
-
constructor(options: Openid4vciWalletProviderOptions);
|
|
73
|
+
declare class WalletProvider extends Openid4vciWalletProvider {
|
|
62
74
|
/**
|
|
63
75
|
* Creates a wallet attestation JWT.
|
|
64
76
|
*
|
|
@@ -74,4 +86,4 @@ declare class ItWalletProvider extends Openid4vciWalletProvider {
|
|
|
74
86
|
createItWalletAttestationJwt(options: WalletAttestationOptions): Promise<string>;
|
|
75
87
|
}
|
|
76
88
|
|
|
77
|
-
export {
|
|
89
|
+
export { Oid4vciError, type WalletAttestationOptions, WalletProvider, WalletProviderError };
|
package/dist/index.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
"use strict";
|
|
1
2
|
var __defProp = Object.defineProperty;
|
|
2
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
@@ -19,21 +20,32 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
19
20
|
// src/index.ts
|
|
20
21
|
var index_exports = {};
|
|
21
22
|
__export(index_exports, {
|
|
22
|
-
|
|
23
|
+
Oid4vciError: () => Oid4vciError,
|
|
24
|
+
WalletProvider: () => WalletProvider,
|
|
25
|
+
WalletProviderError: () => WalletProviderError
|
|
23
26
|
});
|
|
24
27
|
module.exports = __toCommonJS(index_exports);
|
|
25
28
|
|
|
26
|
-
// src/
|
|
29
|
+
// src/errors.ts
|
|
30
|
+
var Oid4vciError = class extends Error {
|
|
31
|
+
constructor(message, statusCode) {
|
|
32
|
+
super(message);
|
|
33
|
+
this.statusCode = statusCode;
|
|
34
|
+
this.name = "Oid4vciError";
|
|
35
|
+
}
|
|
36
|
+
};
|
|
37
|
+
var WalletProviderError = class extends Oid4vciError {
|
|
38
|
+
constructor(message, originalError) {
|
|
39
|
+
super(message);
|
|
40
|
+
this.originalError = originalError;
|
|
41
|
+
this.name = "WalletProviderError";
|
|
42
|
+
}
|
|
43
|
+
};
|
|
44
|
+
|
|
45
|
+
// src/wallet-provider/WalletProvider.ts
|
|
27
46
|
var import_openid4vci = require("@openid4vc/openid4vci");
|
|
28
47
|
var import_utils = require("@openid4vc/utils");
|
|
29
|
-
var
|
|
30
|
-
/**
|
|
31
|
-
* @constructor
|
|
32
|
-
* @param {Openid4vciWalletProviderOptions} options - The configuration options for the provider.
|
|
33
|
-
*/
|
|
34
|
-
constructor(options) {
|
|
35
|
-
super(options);
|
|
36
|
-
}
|
|
48
|
+
var WalletProvider = class extends import_openid4vci.Openid4vciWalletProvider {
|
|
37
49
|
/**
|
|
38
50
|
* Creates a wallet attestation JWT.
|
|
39
51
|
*
|
|
@@ -47,6 +59,9 @@ var ItWalletProvider = class extends import_openid4vci.Openid4vciWalletProvider
|
|
|
47
59
|
* @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
|
|
48
60
|
*/
|
|
49
61
|
async createItWalletAttestationJwt(options) {
|
|
62
|
+
if (!options.dpopJwkPublic.kid) {
|
|
63
|
+
throw new WalletProviderError("The DPoP JWK must have a 'kid' property");
|
|
64
|
+
}
|
|
50
65
|
const walletAttestation = await this.createWalletAttestationJwt({
|
|
51
66
|
clientId: options.dpopJwkPublic.kid,
|
|
52
67
|
confirmation: {
|
|
@@ -70,6 +85,8 @@ var ItWalletProvider = class extends import_openid4vci.Openid4vciWalletProvider
|
|
|
70
85
|
};
|
|
71
86
|
// Annotate the CommonJS export names for ESM import in node:
|
|
72
87
|
0 && (module.exports = {
|
|
73
|
-
|
|
88
|
+
Oid4vciError,
|
|
89
|
+
WalletProvider,
|
|
90
|
+
WalletProviderError
|
|
74
91
|
});
|
|
75
92
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts","../src/
|
|
1
|
+
{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/wallet-provider/WalletProvider.ts"],"sourcesContent":["export * from \"./errors\";\nexport * from \"./wallet-provider/WalletProvider\";\n","/**\n * Generic error thrown on Oid4vci operations\n */\nexport class Oid4vciError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"Oid4vciError\";\n }\n}\n\n/**\n * Error thrown in case the DPoP key passed to the\n * {@link WalletProvider.createItWalletAttestationJwt} method\n * doesn't contain a kid\n */\nexport class WalletProviderError extends Oid4vciError {\n constructor(\n message: string,\n public readonly originalError?: unknown,\n ) {\n super(message);\n this.name = \"WalletProviderError\";\n }\n}\n","import { ClientAttestationJwtPayload } from \"@openid4vc/oauth2\";\nimport { Openid4vciWalletProvider } from \"@openid4vc/openid4vci\";\nimport { addSecondsToDate } from \"@openid4vc/utils\";\n\nimport { WalletProviderError } from \"../errors\";\n\n/**\n * @interface WalletAttestationOptions\n * @description Defines the options required to create a wallet attestation JWT.\n * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.\n */\nexport interface WalletAttestationOptions {\n /**\n * The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.\n * This key is used to bind the attestation to the client's session.\n * @type {ClientAttestationJwtPayload['cnf']}\n */\n dpopJwkPublic: ClientAttestationJwtPayload[\"cnf\"][\"jwk\"];\n\n /**\n * The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.\n * @type {Date}\n */\n expiresAt?: Date;\n /**\n * The issuer of the attestation, typically the Wallet Provider's identifier.\n * @type {string}\n */\n issuer: string;\n\n signer: {\n /**\n * An array of JWTs representing the chain of trust from the federation's trust anchor\n * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.\n * @type {[string, ...string[]]}\n */\n trustChain: [string, ...string[]];\n\n /**\n * The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.\n * @type {string}\n */\n walletProviderJwkPublicKid: string;\n };\n\n /**\n * An optional deep link or URL that can be used to open or interact with the wallet.\n * @type {string}\n */\n walletLink?: string;\n\n /**\n * An optional display name for the wallet.\n * @type {string}\n */\n walletName?: string;\n}\n\n/**\n * @class WalletProvider\n * @extends Openid4vciWalletProvider\n * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).\n * It handles the creation of wallet attestations required during the credential issuance flow.\n */\nexport class WalletProvider extends Openid4vciWalletProvider {\n /**\n * Creates a wallet attestation JWT.\n *\n * This method constructs a signed JWT that asserts the wallet's control over a specific\n * cryptographic key (DPoP key). This is a security measure to ensure that the entity\n * presenting the credential offer is the legitimate wallet instance.\n *\n * @public\n * @async\n * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.\n * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.\n */\n public async createItWalletAttestationJwt(\n options: WalletAttestationOptions,\n ): Promise<string> {\n if (!options.dpopJwkPublic.kid) {\n throw new WalletProviderError(\"The DPoP JWK must have a 'kid' property\");\n }\n\n const walletAttestation = await this.createWalletAttestationJwt({\n clientId: options.dpopJwkPublic.kid,\n confirmation: {\n // We use the same key for DPoP as the wallet attestation\n jwk: options.dpopJwkPublic,\n },\n expiresAt:\n options.expiresAt ?? addSecondsToDate(new Date(), 3600 * 24 * 60 * 60),\n issuer: options.issuer,\n signer: {\n alg: \"ES256\",\n kid: options.signer.walletProviderJwkPublicKid,\n method: \"federation\", // Indicates the validation method relies on a trust chain.\n trustChain: options.signer.trustChain,\n },\n walletLink: options.walletLink,\n walletName: options.walletName,\n });\n\n return walletAttestation;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACGO,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOO,IAAM,sBAAN,cAAkC,aAAa;AAAA,EACpD,YACE,SACgB,eAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;;;ACzBA,wBAAyC;AACzC,mBAAiC;AA8D1B,IAAM,iBAAN,cAA6B,2CAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAa3D,MAAa,6BACX,SACiB;AACjB,QAAI,CAAC,QAAQ,cAAc,KAAK;AAC9B,YAAM,IAAI,oBAAoB,yCAAyC;AAAA,IACzE;AAEA,UAAM,oBAAoB,MAAM,KAAK,2BAA2B;AAAA,MAC9D,UAAU,QAAQ,cAAc;AAAA,MAChC,cAAc;AAAA;AAAA,QAEZ,KAAK,QAAQ;AAAA,MACf;AAAA,MACA,WACE,QAAQ,iBAAa,+BAAiB,oBAAI,KAAK,GAAG,OAAO,KAAK,KAAK,EAAE;AAAA,MACvE,QAAQ,QAAQ;AAAA,MAChB,QAAQ;AAAA,QACN,KAAK;AAAA,QACL,KAAK,QAAQ,OAAO;AAAA,QACpB,QAAQ;AAAA;AAAA,QACR,YAAY,QAAQ,OAAO;AAAA,MAC7B;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,YAAY,QAAQ;AAAA,IACtB,CAAC;AAED,WAAO;AAAA,EACT;AACF;","names":[]}
|
package/dist/index.mjs
CHANGED
|
@@ -1,16 +1,23 @@
|
|
|
1
|
-
// src/
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
/**
|
|
8
|
-
* @constructor
|
|
9
|
-
* @param {Openid4vciWalletProviderOptions} options - The configuration options for the provider.
|
|
10
|
-
*/
|
|
11
|
-
constructor(options) {
|
|
12
|
-
super(options);
|
|
1
|
+
// src/errors.ts
|
|
2
|
+
var Oid4vciError = class extends Error {
|
|
3
|
+
constructor(message, statusCode) {
|
|
4
|
+
super(message);
|
|
5
|
+
this.statusCode = statusCode;
|
|
6
|
+
this.name = "Oid4vciError";
|
|
13
7
|
}
|
|
8
|
+
};
|
|
9
|
+
var WalletProviderError = class extends Oid4vciError {
|
|
10
|
+
constructor(message, originalError) {
|
|
11
|
+
super(message);
|
|
12
|
+
this.originalError = originalError;
|
|
13
|
+
this.name = "WalletProviderError";
|
|
14
|
+
}
|
|
15
|
+
};
|
|
16
|
+
|
|
17
|
+
// src/wallet-provider/WalletProvider.ts
|
|
18
|
+
import { Openid4vciWalletProvider } from "@openid4vc/openid4vci";
|
|
19
|
+
import { addSecondsToDate } from "@openid4vc/utils";
|
|
20
|
+
var WalletProvider = class extends Openid4vciWalletProvider {
|
|
14
21
|
/**
|
|
15
22
|
* Creates a wallet attestation JWT.
|
|
16
23
|
*
|
|
@@ -24,6 +31,9 @@ var ItWalletProvider = class extends Openid4vciWalletProvider {
|
|
|
24
31
|
* @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
|
|
25
32
|
*/
|
|
26
33
|
async createItWalletAttestationJwt(options) {
|
|
34
|
+
if (!options.dpopJwkPublic.kid) {
|
|
35
|
+
throw new WalletProviderError("The DPoP JWK must have a 'kid' property");
|
|
36
|
+
}
|
|
27
37
|
const walletAttestation = await this.createWalletAttestationJwt({
|
|
28
38
|
clientId: options.dpopJwkPublic.kid,
|
|
29
39
|
confirmation: {
|
|
@@ -46,6 +56,8 @@ var ItWalletProvider = class extends Openid4vciWalletProvider {
|
|
|
46
56
|
}
|
|
47
57
|
};
|
|
48
58
|
export {
|
|
49
|
-
|
|
59
|
+
Oid4vciError,
|
|
60
|
+
WalletProvider,
|
|
61
|
+
WalletProviderError
|
|
50
62
|
};
|
|
51
63
|
//# sourceMappingURL=index.mjs.map
|
package/dist/index.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/
|
|
1
|
+
{"version":3,"sources":["../src/errors.ts","../src/wallet-provider/WalletProvider.ts"],"sourcesContent":["/**\n * Generic error thrown on Oid4vci operations\n */\nexport class Oid4vciError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"Oid4vciError\";\n }\n}\n\n/**\n * Error thrown in case the DPoP key passed to the\n * {@link WalletProvider.createItWalletAttestationJwt} method\n * doesn't contain a kid\n */\nexport class WalletProviderError extends Oid4vciError {\n constructor(\n message: string,\n public readonly originalError?: unknown,\n ) {\n super(message);\n this.name = \"WalletProviderError\";\n }\n}\n","import { ClientAttestationJwtPayload } from \"@openid4vc/oauth2\";\nimport { Openid4vciWalletProvider } from \"@openid4vc/openid4vci\";\nimport { addSecondsToDate } from \"@openid4vc/utils\";\n\nimport { WalletProviderError } from \"../errors\";\n\n/**\n * @interface WalletAttestationOptions\n * @description Defines the options required to create a wallet attestation JWT.\n * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.\n */\nexport interface WalletAttestationOptions {\n /**\n * The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.\n * This key is used to bind the attestation to the client's session.\n * @type {ClientAttestationJwtPayload['cnf']}\n */\n dpopJwkPublic: ClientAttestationJwtPayload[\"cnf\"][\"jwk\"];\n\n /**\n * The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.\n * @type {Date}\n */\n expiresAt?: Date;\n /**\n * The issuer of the attestation, typically the Wallet Provider's identifier.\n * @type {string}\n */\n issuer: string;\n\n signer: {\n /**\n * An array of JWTs representing the chain of trust from the federation's trust anchor\n * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.\n * @type {[string, ...string[]]}\n */\n trustChain: [string, ...string[]];\n\n /**\n * The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.\n * @type {string}\n */\n walletProviderJwkPublicKid: string;\n };\n\n /**\n * An optional deep link or URL that can be used to open or interact with the wallet.\n * @type {string}\n */\n walletLink?: string;\n\n /**\n * An optional display name for the wallet.\n * @type {string}\n */\n walletName?: string;\n}\n\n/**\n * @class WalletProvider\n * @extends Openid4vciWalletProvider\n * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).\n * It handles the creation of wallet attestations required during the credential issuance flow.\n */\nexport class WalletProvider extends Openid4vciWalletProvider {\n /**\n * Creates a wallet attestation JWT.\n *\n * This method constructs a signed JWT that asserts the wallet's control over a specific\n * cryptographic key (DPoP key). This is a security measure to ensure that the entity\n * presenting the credential offer is the legitimate wallet instance.\n *\n * @public\n * @async\n * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.\n * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.\n */\n public async createItWalletAttestationJwt(\n options: WalletAttestationOptions,\n ): Promise<string> {\n if (!options.dpopJwkPublic.kid) {\n throw new WalletProviderError(\"The DPoP JWK must have a 'kid' property\");\n }\n\n const walletAttestation = await this.createWalletAttestationJwt({\n clientId: options.dpopJwkPublic.kid,\n confirmation: {\n // We use the same key for DPoP as the wallet attestation\n jwk: options.dpopJwkPublic,\n },\n expiresAt:\n options.expiresAt ?? addSecondsToDate(new Date(), 3600 * 24 * 60 * 60),\n issuer: options.issuer,\n signer: {\n alg: \"ES256\",\n kid: options.signer.walletProviderJwkPublicKid,\n method: \"federation\", // Indicates the validation method relies on a trust chain.\n trustChain: options.signer.trustChain,\n },\n walletLink: options.walletLink,\n walletName: options.walletName,\n });\n\n return walletAttestation;\n }\n}\n"],"mappings":";AAGO,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOO,IAAM,sBAAN,cAAkC,aAAa;AAAA,EACpD,YACE,SACgB,eAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;;;ACzBA,SAAS,gCAAgC;AACzC,SAAS,wBAAwB;AA8D1B,IAAM,iBAAN,cAA6B,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAa3D,MAAa,6BACX,SACiB;AACjB,QAAI,CAAC,QAAQ,cAAc,KAAK;AAC9B,YAAM,IAAI,oBAAoB,yCAAyC;AAAA,IACzE;AAEA,UAAM,oBAAoB,MAAM,KAAK,2BAA2B;AAAA,MAC9D,UAAU,QAAQ,cAAc;AAAA,MAChC,cAAc;AAAA;AAAA,QAEZ,KAAK,QAAQ;AAAA,MACf;AAAA,MACA,WACE,QAAQ,aAAa,iBAAiB,oBAAI,KAAK,GAAG,OAAO,KAAK,KAAK,EAAE;AAAA,MACvE,QAAQ,QAAQ;AAAA,MAChB,QAAQ;AAAA,QACN,KAAK;AAAA,QACL,KAAK,QAAQ,OAAO;AAAA,QACpB,QAAQ;AAAA;AAAA,QACR,YAAY,QAAQ,OAAO;AAAA,MAC7B;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,YAAY,QAAQ;AAAA,IACtB,CAAC;AAED,WAAO;AAAA,EACT;AACF;","names":[]}
|
package/package.json
CHANGED
|
@@ -1,15 +1,18 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pagopa/io-wallet-oid4vci",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.2",
|
|
4
4
|
"files": [
|
|
5
5
|
"dist"
|
|
6
6
|
],
|
|
7
7
|
"license": "Apache-2.0",
|
|
8
|
+
"main": "./dist/index.js",
|
|
9
|
+
"module": "./dist/index.mjs",
|
|
10
|
+
"types": "./dist/index.d.ts",
|
|
8
11
|
"exports": {
|
|
9
12
|
".": {
|
|
13
|
+
"types": "./dist/index.d.ts",
|
|
10
14
|
"import": "./dist/index.mjs",
|
|
11
|
-
"require": "./dist/index.js"
|
|
12
|
-
"types": "./dist/index.d.ts"
|
|
15
|
+
"require": "./dist/index.js"
|
|
13
16
|
},
|
|
14
17
|
"./package.json": "./package.json"
|
|
15
18
|
},
|
|
@@ -19,18 +22,18 @@
|
|
|
19
22
|
"url": "https://github.com/pagopa/io-wallet-sdk",
|
|
20
23
|
"directory": "packages/oid4vci"
|
|
21
24
|
},
|
|
25
|
+
"publishConfig": {
|
|
26
|
+
"access": "public"
|
|
27
|
+
},
|
|
22
28
|
"dependencies": {
|
|
23
29
|
"@openid-federation/core": "^0.2.0",
|
|
24
|
-
"@openid4vc/oauth2": "0.3.0-alpha-
|
|
25
|
-
"@openid4vc/openid4vci": "0.3.0-alpha-
|
|
26
|
-
"@openid4vc/utils": "
|
|
30
|
+
"@openid4vc/oauth2": "0.3.0-alpha-20250714110838",
|
|
31
|
+
"@openid4vc/openid4vci": "0.3.0-alpha-20250714110838",
|
|
32
|
+
"@openid4vc/utils": "0.3.0-alpha-20250714110838",
|
|
27
33
|
"zod": "^3.24.2"
|
|
28
34
|
},
|
|
29
35
|
"scripts": {
|
|
30
36
|
"build": "tsup src/index.ts --format cjs,esm --dts --clean --sourcemap",
|
|
31
37
|
"test": "vitest"
|
|
32
|
-
}
|
|
33
|
-
"main": "./dist/index.js",
|
|
34
|
-
"module": "./dist/index.mjs",
|
|
35
|
-
"types": "./dist/index.d.ts"
|
|
38
|
+
}
|
|
36
39
|
}
|