@pagopa/io-wallet-oid4vci 0.4.1 → 0.4.2

package/dist/index.d.mts

@@ -0,0 +1,89 @@
+import { ClientAttestationJwtPayload } from '@openid4vc/oauth2';
+import { Openid4vciWalletProvider } from '@openid4vc/openid4vci';
+
+/**
+ * Generic error thrown on Oid4vci operations
+ */
+declare class Oid4vciError extends Error {
+    readonly statusCode?: number | undefined;
+    constructor(message: string, statusCode?: number | undefined);
+}
+/**
+ * Error thrown in case the DPoP key passed to the
+ * {@link WalletProvider.createItWalletAttestationJwt} method
+ * doesn't contain a kid
+ */
+declare class WalletProviderError extends Oid4vciError {
+    readonly originalError?: unknown;
+    constructor(message: string, originalError?: unknown);
+}
+
+/**
+ * @interface WalletAttestationOptions
+ * @description Defines the options required to create a wallet attestation JWT.
+ * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.
+ */
+interface WalletAttestationOptions {
+    /**
+     * The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.
+     * This key is used to bind the attestation to the client's session.
+     * @type {ClientAttestationJwtPayload['cnf']}
+     */
+    dpopJwkPublic: ClientAttestationJwtPayload["cnf"]["jwk"];
+    /**
+     * The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.
+     * @type {Date}
+     */
+    expiresAt?: Date;
+    /**
+     * The issuer of the attestation, typically the Wallet Provider's identifier.
+     * @type {string}
+     */
+    issuer: string;
+    signer: {
+        /**
+         * An array of JWTs representing the chain of trust from the federation's trust anchor
+         * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.
+         * @type {[string, ...string[]]}
+         */
+        trustChain: [string, ...string[]];
+        /**
+         * The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.
+         * @type {string}
+         */
+        walletProviderJwkPublicKid: string;
+    };
+    /**
+     * An optional deep link or URL that can be used to open or interact with the wallet.
+     * @type {string}
+     */
+    walletLink?: string;
+    /**
+     * An optional display name for the wallet.
+     * @type {string}
+     */
+    walletName?: string;
+}
+/**
+ * @class WalletProvider
+ * @extends Openid4vciWalletProvider
+ * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).
+ * It handles the creation of wallet attestations required during the credential issuance flow.
+ */
+declare class WalletProvider extends Openid4vciWalletProvider {
+    /**
+     * Creates a wallet attestation JWT.
+     *
+     * This method constructs a signed JWT that asserts the wallet's control over a specific
+     * cryptographic key (DPoP key). This is a security measure to ensure that the entity
+     * presenting the credential offer is the legitimate wallet instance.
+     *
+     * @public
+     * @async
+     * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
+     * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
+     */
+    createItWalletAttestationJwt(options: WalletAttestationOptions): Promise<string>;
+}
+
+export { Oid4vciError, type WalletAttestationOptions, WalletProvider, WalletProviderError };

package/dist/index.d.ts

@@ -0,0 +1,89 @@
+import { ClientAttestationJwtPayload } from '@openid4vc/oauth2';
+import { Openid4vciWalletProvider } from '@openid4vc/openid4vci';
+
+/**
+ * Generic error thrown on Oid4vci operations
+ */
+declare class Oid4vciError extends Error {
+    readonly statusCode?: number | undefined;
+    constructor(message: string, statusCode?: number | undefined);
+}
+/**
+ * Error thrown in case the DPoP key passed to the
+ * {@link WalletProvider.createItWalletAttestationJwt} method
+ * doesn't contain a kid
+ */
+declare class WalletProviderError extends Oid4vciError {
+    readonly originalError?: unknown;
+    constructor(message: string, originalError?: unknown);
+}
+
+/**
+ * @interface WalletAttestationOptions
+ * @description Defines the options required to create a wallet attestation JWT.
+ * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.
+ */
+interface WalletAttestationOptions {
+    /**
+     * The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.
+     * This key is used to bind the attestation to the client's session.
+     * @type {ClientAttestationJwtPayload['cnf']}
+     */
+    dpopJwkPublic: ClientAttestationJwtPayload["cnf"]["jwk"];
+    /**
+     * The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.
+     * @type {Date}
+     */
+    expiresAt?: Date;
+    /**
+     * The issuer of the attestation, typically the Wallet Provider's identifier.
+     * @type {string}
+     */
+    issuer: string;
+    signer: {
+        /**
+         * An array of JWTs representing the chain of trust from the federation's trust anchor
+         * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.
+         * @type {[string, ...string[]]}
+         */
+        trustChain: [string, ...string[]];
+        /**
+         * The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.
+         * @type {string}
+         */
+        walletProviderJwkPublicKid: string;
+    };
+    /**
+     * An optional deep link or URL that can be used to open or interact with the wallet.
+     * @type {string}
+     */
+    walletLink?: string;
+    /**
+     * An optional display name for the wallet.
+     * @type {string}
+     */
+    walletName?: string;
+}
+/**
+ * @class WalletProvider
+ * @extends Openid4vciWalletProvider
+ * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).
+ * It handles the creation of wallet attestations required during the credential issuance flow.
+ */
+declare class WalletProvider extends Openid4vciWalletProvider {
+    /**
+     * Creates a wallet attestation JWT.
+     *
+     * This method constructs a signed JWT that asserts the wallet's control over a specific
+     * cryptographic key (DPoP key). This is a security measure to ensure that the entity
+     * presenting the credential offer is the legitimate wallet instance.
+     *
+     * @public
+     * @async
+     * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
+     * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
+     */
+    createItWalletAttestationJwt(options: WalletAttestationOptions): Promise<string>;
+}
+
+export { Oid4vciError, type WalletAttestationOptions, WalletProvider, WalletProviderError };

package/package.json

@@ -1,15 +1,18 @@
 {
   "name": "@pagopa/io-wallet-oid4vci",
-  "version": "0.4.1",
+  "version": "0.4.2",
   "files": [
     "dist"
   ],
   "license": "Apache-2.0",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
   "exports": {
     ".": {
+      "types": "./dist/index.d.ts",
       "import": "./dist/index.mjs",
-      "require": "./dist/index.js",
-      "types": "./dist/index.d.ts"
+      "require": "./dist/index.js"
     },
     "./package.json": "./package.json"
   },
@@ -32,8 +35,5 @@
   "scripts": {
     "build": "tsup src/index.ts --format cjs,esm --dts --clean --sourcemap",
     "test": "vitest"
-  },
-  "main": "./dist/index.js",
-  "module": "./dist/index.mjs",
-  "types": "./dist/index.d.ts"
+  }
 }