npm - @pagopa/io-wallet-oid4vci - Versions diffs - 0.4.1 → 0.5.0 - Mend

@pagopa/io-wallet-oid4vci 0.4.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,96 @@
+import { ClientAttestationJwtPayload } from '@openid4vc/oauth2';
+import { Openid4vciWalletProvider } from '@openid4vc/openid4vci';
+/**
+ * Generic error thrown on Oid4vci operations
+ */
+declare class Oid4vciError extends Error {
+    readonly statusCode?: number | undefined;
+    constructor(message: string, statusCode?: number | undefined);
+}
+/**
+ * Error thrown in case the DPoP key passed to the
+ * {@link WalletProvider.createItWalletAttestationJwt} method
+ * doesn't contain a kid
+ */
+declare class WalletProviderError extends Oid4vciError {
+    readonly originalError?: unknown;
+    constructor(message: string, originalError?: unknown);
+}
+/**
+ * Error thrown when an unexpected error occurs during nonce request.
+ */
+declare class NonceRequestError extends Error {
+    readonly statusCode?: number | undefined;
+    constructor(message: string, statusCode?: number | undefined);
+}
+/**
+ * @interface WalletAttestationOptions
+ * @description Defines the options required to create a wallet attestation JWT.
+ * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.
+ */
+interface WalletAttestationOptions {
+    /**
+     * The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.
+     * This key is used to bind the attestation to the client's session.
+     * @type {ClientAttestationJwtPayload['cnf']}
+     */
+    dpopJwkPublic: ClientAttestationJwtPayload["cnf"]["jwk"];
+    /**
+     * The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.
+     * @type {Date}
+     */
+    expiresAt?: Date;
+    /**
+     * The issuer of the attestation, typically the Wallet Provider's identifier.
+     * @type {string}
+     */
+    issuer: string;
+    signer: {
+        /**
+         * An array of JWTs representing the chain of trust from the federation's trust anchor
+         * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.
+         * @type {[string, ...string[]]}
+         */
+        trustChain: [string, ...string[]];
+        /**
+         * The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.
+         * @type {string}
+         */
+        walletProviderJwkPublicKid: string;
+    };
+    /**
+     * An optional deep link or URL that can be used to open or interact with the wallet.
+     * @type {string}
+     */
+    walletLink?: string;
+    /**
+     * An optional display name for the wallet.
+     * @type {string}
+     */
+    walletName?: string;
+}
+/**
+ * @class WalletProvider
+ * @extends Openid4vciWalletProvider
+ * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).
+ * It handles the creation of wallet attestations required during the credential issuance flow.
+ */
+declare class WalletProvider extends Openid4vciWalletProvider {
+    /**
+     * Creates a wallet attestation JWT.
+     *
+     * This method constructs a signed JWT that asserts the wallet's control over a specific
+     * cryptographic key (DPoP key). This is a security measure to ensure that the entity
+     * presenting the credential offer is the legitimate wallet instance.
+     *
+     * @public
+     * @async
+     * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
+     * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
+     */
+    createItWalletAttestationJwt(options: WalletAttestationOptions): Promise<string>;
+}
+export { NonceRequestError, Oid4vciError, type WalletAttestationOptions, WalletProvider, WalletProviderError };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,96 @@
+import { ClientAttestationJwtPayload } from '@openid4vc/oauth2';
+import { Openid4vciWalletProvider } from '@openid4vc/openid4vci';
+/**
+ * Generic error thrown on Oid4vci operations
+ */
+declare class Oid4vciError extends Error {
+    readonly statusCode?: number | undefined;
+    constructor(message: string, statusCode?: number | undefined);
+}
+/**
+ * Error thrown in case the DPoP key passed to the
+ * {@link WalletProvider.createItWalletAttestationJwt} method
+ * doesn't contain a kid
+ */
+declare class WalletProviderError extends Oid4vciError {
+    readonly originalError?: unknown;
+    constructor(message: string, originalError?: unknown);
+}
+/**
+ * Error thrown when an unexpected error occurs during nonce request.
+ */
+declare class NonceRequestError extends Error {
+    readonly statusCode?: number | undefined;
+    constructor(message: string, statusCode?: number | undefined);
+}
+/**
+ * @interface WalletAttestationOptions
+ * @description Defines the options required to create a wallet attestation JWT.
+ * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.
+ */
+interface WalletAttestationOptions {
+    /**
+     * The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.
+     * This key is used to bind the attestation to the client's session.
+     * @type {ClientAttestationJwtPayload['cnf']}
+     */
+    dpopJwkPublic: ClientAttestationJwtPayload["cnf"]["jwk"];
+    /**
+     * The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.
+     * @type {Date}
+     */
+    expiresAt?: Date;
+    /**
+     * The issuer of the attestation, typically the Wallet Provider's identifier.
+     * @type {string}
+     */
+    issuer: string;
+    signer: {
+        /**
+         * An array of JWTs representing the chain of trust from the federation's trust anchor
+         * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.
+         * @type {[string, ...string[]]}
+         */
+        trustChain: [string, ...string[]];
+        /**
+         * The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.
+         * @type {string}
+         */
+        walletProviderJwkPublicKid: string;
+    };
+    /**
+     * An optional deep link or URL that can be used to open or interact with the wallet.
+     * @type {string}
+     */
+    walletLink?: string;
+    /**
+     * An optional display name for the wallet.
+     * @type {string}
+     */
+    walletName?: string;
+}
+/**
+ * @class WalletProvider
+ * @extends Openid4vciWalletProvider
+ * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).
+ * It handles the creation of wallet attestations required during the credential issuance flow.
+ */
+declare class WalletProvider extends Openid4vciWalletProvider {
+    /**
+     * Creates a wallet attestation JWT.
+     *
+     * This method constructs a signed JWT that asserts the wallet's control over a specific
+     * cryptographic key (DPoP key). This is a security measure to ensure that the entity
+     * presenting the credential offer is the legitimate wallet instance.
+     *
+     * @public
+     * @async
+     * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
+     * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
+     */
+    createItWalletAttestationJwt(options: WalletAttestationOptions): Promise<string>;
+}
+export { NonceRequestError, Oid4vciError, type WalletAttestationOptions, WalletProvider, WalletProviderError };

package/dist/index.js CHANGED Viewed

@@ -20,6 +20,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  NonceRequestError: () => NonceRequestError,
   Oid4vciError: () => Oid4vciError,
   WalletProvider: () => WalletProvider,
   WalletProviderError: () => WalletProviderError
@@ -41,6 +42,13 @@ var WalletProviderError = class extends Oid4vciError {
     this.name = "WalletProviderError";
   }
 };
+var NonceRequestError = class extends Error {
+  constructor(message, statusCode) {
+    super(message);
+    this.statusCode = statusCode;
+    this.name = "NonceRequestError";
+  }
+};
 // src/wallet-provider/WalletProvider.ts
 var import_openid4vci = require("@openid4vc/openid4vci");
@@ -85,6 +93,7 @@ var WalletProvider = class extends import_openid4vci.Openid4vciWalletProvider {
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  NonceRequestError,
   Oid4vciError,
   WalletProvider,
   WalletProviderError

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/wallet-provider/WalletProvider.ts"],"sourcesContent":["export * from \"./errors\";\nexport * from \"./wallet-provider/WalletProvider\";\n","/*\n Generic error thrown on Oid4vci operations\n /\nexport class Oid4vciError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"Oid4vciError\";\n }\n}\n\n/\n Error thrown in case the DPoP key passed to the\n * {@link WalletProvider.createItWalletAttestationJwt} method\n * doesn't contain a kid\n /\nexport class WalletProviderError extends Oid4vciError {\n constructor(\n message: string,\n public readonly originalError?: unknown,\n ) {\n super(message);\n this.name = \"WalletProviderError\";\n }\n}\n","import { ClientAttestationJwtPayload } from \"@openid4vc/oauth2\";\nimport { Openid4vciWalletProvider } from \"@openid4vc/openid4vci\";\nimport { addSecondsToDate } from \"@openid4vc/utils\";\n\nimport { WalletProviderError } from \"../errors\";\n\n/\n @interface WalletAttestationOptions\n * @description Defines the options required to create a wallet attestation JWT.\n * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.\n /\nexport interface WalletAttestationOptions {\n /\n The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.\n * This key is used to bind the attestation to the client's session.\n * @type {ClientAttestationJwtPayload['cnf']}\n /\n dpopJwkPublic: ClientAttestationJwtPayload[\"cnf\"][\"jwk\"];\n\n /\n The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.\n * @type {Date}\n /\n expiresAt?: Date;\n /\n The issuer of the attestation, typically the Wallet Provider's identifier.\n * @type {string}\n /\n issuer: string;\n\n signer: {\n /\n An array of JWTs representing the chain of trust from the federation's trust anchor\n * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.\n * @type {[string, ...string[]]}\n /\n trustChain: [string, ...string[]];\n\n /\n The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.\n * @type {string}\n /\n walletProviderJwkPublicKid: string;\n };\n\n /\n An optional deep link or URL that can be used to open or interact with the wallet.\n * @type {string}\n /\n walletLink?: string;\n\n /\n An optional display name for the wallet.\n * @type {string}\n /\n walletName?: string;\n}\n\n/\n @class WalletProvider\n * @extends Openid4vciWalletProvider\n * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).\n * It handles the creation of wallet attestations required during the credential issuance flow.\n /\nexport class WalletProvider extends Openid4vciWalletProvider {\n /\n Creates a wallet attestation JWT.\n \n This method constructs a signed JWT that asserts the wallet's control over a specific\n * cryptographic key (DPoP key). This is a security measure to ensure that the entity\n * presenting the credential offer is the legitimate wallet instance.\n \n @public\n * @async\n * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.\n * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.\n /\n public async createItWalletAttestationJwt(\n options: WalletAttestationOptions,\n ): Promise<string> {\n if (!options.dpopJwkPublic.kid) {\n throw new WalletProviderError(\"The DPoP JWK must have a 'kid' property\");\n }\n\n const walletAttestation = await this.createWalletAttestationJwt({\n clientId: options.dpopJwkPublic.kid,\n confirmation: {\n // We use the same key for DPoP as the wallet attestation\n jwk: options.dpopJwkPublic,\n },\n expiresAt:\n options.expiresAt ?? addSecondsToDate(new Date(), 3600 24 * 60 * 60),\n issuer: options.issuer,\n signer: {\n alg: \"ES256\",\n kid: options.signer.walletProviderJwkPublicKid,\n method: \"federation\", // Indicates the validation method relies on a trust chain.\n trustChain: options.signer.trustChain,\n },\n walletLink: options.walletLink,\n walletName: options.walletName,\n });\n\n return walletAttestation;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACGO,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOO,IAAM,sBAAN,cAAkC,aAAa;AAAA,EACpD,YACE,SACgB,eAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;;;~~ACzBA~~,wBAAyC;AACzC,mBAAiC;AA8D1B,IAAM,iBAAN,cAA6B,2CAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAa3D,MAAa,6BACX,SACiB;AACjB,QAAI,CAAC,QAAQ,cAAc,KAAK;AAC9B,YAAM,IAAI,oBAAoB,yCAAyC;AAAA,IACzE;AAEA,UAAM,oBAAoB,MAAM,KAAK,2BAA2B;AAAA,MAC9D,UAAU,QAAQ,cAAc;AAAA,MAChC,cAAc;AAAA;AAAA,QAEZ,KAAK,QAAQ;AAAA,MACf;AAAA,MACA,WACE,QAAQ,iBAAa,+BAAiB,oBAAI,KAAK,GAAG,OAAO,KAAK,KAAK,EAAE;AAAA,MACvE,QAAQ,QAAQ;AAAA,MAChB,QAAQ;AAAA,QACN,KAAK;AAAA,QACL,KAAK,QAAQ,OAAO;AAAA,QACpB,QAAQ;AAAA;AAAA,QACR,YAAY,QAAQ,OAAO;AAAA,MAC7B;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,YAAY,QAAQ;AAAA,IACtB,CAAC;AAED,WAAO;AAAA,EACT;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/wallet-provider/WalletProvider.ts"],"sourcesContent":["export * from \"./errors\";\nexport * from \"./wallet-provider/WalletProvider\";\n","/*\n Generic error thrown on Oid4vci operations\n /\nexport class Oid4vciError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"Oid4vciError\";\n }\n}\n\n/\n Error thrown in case the DPoP key passed to the\n * {@link WalletProvider.createItWalletAttestationJwt} method\n * doesn't contain a kid\n /\nexport class WalletProviderError extends Oid4vciError {\n constructor(\n message: string,\n public readonly originalError?: unknown,\n ) {\n super(message);\n this.name = \"WalletProviderError\";\n }\n}\n\n/\n Error thrown when an unexpected error occurs during nonce request.\n /\nexport class NonceRequestError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"NonceRequestError\";\n }\n}\n","import { ClientAttestationJwtPayload } from \"@openid4vc/oauth2\";\nimport { Openid4vciWalletProvider } from \"@openid4vc/openid4vci\";\nimport { addSecondsToDate } from \"@openid4vc/utils\";\n\nimport { WalletProviderError } from \"../errors\";\n\n/\n @interface WalletAttestationOptions\n * @description Defines the options required to create a wallet attestation JWT.\n * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.\n /\nexport interface WalletAttestationOptions {\n /\n The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.\n * This key is used to bind the attestation to the client's session.\n * @type {ClientAttestationJwtPayload['cnf']}\n /\n dpopJwkPublic: ClientAttestationJwtPayload[\"cnf\"][\"jwk\"];\n\n /\n The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.\n * @type {Date}\n /\n expiresAt?: Date;\n /\n The issuer of the attestation, typically the Wallet Provider's identifier.\n * @type {string}\n /\n issuer: string;\n\n signer: {\n /\n An array of JWTs representing the chain of trust from the federation's trust anchor\n * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.\n * @type {[string, ...string[]]}\n /\n trustChain: [string, ...string[]];\n\n /\n The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.\n * @type {string}\n /\n walletProviderJwkPublicKid: string;\n };\n\n /\n An optional deep link or URL that can be used to open or interact with the wallet.\n * @type {string}\n /\n walletLink?: string;\n\n /\n An optional display name for the wallet.\n * @type {string}\n /\n walletName?: string;\n}\n\n/\n @class WalletProvider\n * @extends Openid4vciWalletProvider\n * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).\n * It handles the creation of wallet attestations required during the credential issuance flow.\n /\nexport class WalletProvider extends Openid4vciWalletProvider {\n /\n Creates a wallet attestation JWT.\n \n This method constructs a signed JWT that asserts the wallet's control over a specific\n * cryptographic key (DPoP key). This is a security measure to ensure that the entity\n * presenting the credential offer is the legitimate wallet instance.\n \n @public\n * @async\n * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.\n * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.\n /\n public async createItWalletAttestationJwt(\n options: WalletAttestationOptions,\n ): Promise<string> {\n if (!options.dpopJwkPublic.kid) {\n throw new WalletProviderError(\"The DPoP JWK must have a 'kid' property\");\n }\n\n const walletAttestation = await this.createWalletAttestationJwt({\n clientId: options.dpopJwkPublic.kid,\n confirmation: {\n // We use the same key for DPoP as the wallet attestation\n jwk: options.dpopJwkPublic,\n },\n expiresAt:\n options.expiresAt ?? addSecondsToDate(new Date(), 3600 24 * 60 * 60),\n issuer: options.issuer,\n signer: {\n alg: \"ES256\",\n kid: options.signer.walletProviderJwkPublicKid,\n method: \"federation\", // Indicates the validation method relies on a trust chain.\n trustChain: options.signer.trustChain,\n },\n walletLink: options.walletLink,\n walletName: options.walletName,\n });\n\n return walletAttestation;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACGO,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOO,IAAM,sBAAN,cAAkC,aAAa;AAAA,EACpD,YACE,SACgB,eAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,oBAAN,cAAgC,MAAM;AAAA,EAC3C,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;;;ACtCA,wBAAyC;AACzC,mBAAiC;AA8D1B,IAAM,iBAAN,cAA6B,2CAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAa3D,MAAa,6BACX,SACiB;AACjB,QAAI,CAAC,QAAQ,cAAc,KAAK;AAC9B,YAAM,IAAI,oBAAoB,yCAAyC;AAAA,IACzE;AAEA,UAAM,oBAAoB,MAAM,KAAK,2BAA2B;AAAA,MAC9D,UAAU,QAAQ,cAAc;AAAA,MAChC,cAAc;AAAA;AAAA,QAEZ,KAAK,QAAQ;AAAA,MACf;AAAA,MACA,WACE,QAAQ,iBAAa,+BAAiB,oBAAI,KAAK,GAAG,OAAO,KAAK,KAAK,EAAE;AAAA,MACvE,QAAQ,QAAQ;AAAA,MAChB,QAAQ;AAAA,QACN,KAAK;AAAA,QACL,KAAK,QAAQ,OAAO;AAAA,QACpB,QAAQ;AAAA;AAAA,QACR,YAAY,QAAQ,OAAO;AAAA,MAC7B;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,YAAY,QAAQ;AAAA,IACtB,CAAC;AAED,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/index.mjs CHANGED Viewed

@@ -13,6 +13,13 @@ var WalletProviderError = class extends Oid4vciError {
     this.name = "WalletProviderError";
   }
 };
+var NonceRequestError = class extends Error {
+  constructor(message, statusCode) {
+    super(message);
+    this.statusCode = statusCode;
+    this.name = "NonceRequestError";
+  }
+};
 // src/wallet-provider/WalletProvider.ts
 import { Openid4vciWalletProvider } from "@openid4vc/openid4vci";
@@ -56,6 +63,7 @@ var WalletProvider = class extends Openid4vciWalletProvider {
   }
 };
 export {
+  NonceRequestError,
   Oid4vciError,
   WalletProvider,
   WalletProviderError

package/dist/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/errors.ts","../src/wallet-provider/WalletProvider.ts"],"sourcesContent":["/*\n Generic error thrown on Oid4vci operations\n /\nexport class Oid4vciError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"Oid4vciError\";\n }\n}\n\n/\n Error thrown in case the DPoP key passed to the\n * {@link WalletProvider.createItWalletAttestationJwt} method\n * doesn't contain a kid\n /\nexport class WalletProviderError extends Oid4vciError {\n constructor(\n message: string,\n public readonly originalError?: unknown,\n ) {\n super(message);\n this.name = \"WalletProviderError\";\n }\n}\n","import { ClientAttestationJwtPayload } from \"@openid4vc/oauth2\";\nimport { Openid4vciWalletProvider } from \"@openid4vc/openid4vci\";\nimport { addSecondsToDate } from \"@openid4vc/utils\";\n\nimport { WalletProviderError } from \"../errors\";\n\n/\n @interface WalletAttestationOptions\n * @description Defines the options required to create a wallet attestation JWT.\n * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.\n /\nexport interface WalletAttestationOptions {\n /\n The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.\n * This key is used to bind the attestation to the client's session.\n * @type {ClientAttestationJwtPayload['cnf']}\n /\n dpopJwkPublic: ClientAttestationJwtPayload[\"cnf\"][\"jwk\"];\n\n /\n The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.\n * @type {Date}\n /\n expiresAt?: Date;\n /\n The issuer of the attestation, typically the Wallet Provider's identifier.\n * @type {string}\n /\n issuer: string;\n\n signer: {\n /\n An array of JWTs representing the chain of trust from the federation's trust anchor\n * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.\n * @type {[string, ...string[]]}\n /\n trustChain: [string, ...string[]];\n\n /\n The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.\n * @type {string}\n /\n walletProviderJwkPublicKid: string;\n };\n\n /\n An optional deep link or URL that can be used to open or interact with the wallet.\n * @type {string}\n /\n walletLink?: string;\n\n /\n An optional display name for the wallet.\n * @type {string}\n /\n walletName?: string;\n}\n\n/\n @class WalletProvider\n * @extends Openid4vciWalletProvider\n * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).\n * It handles the creation of wallet attestations required during the credential issuance flow.\n /\nexport class WalletProvider extends Openid4vciWalletProvider {\n /\n Creates a wallet attestation JWT.\n \n This method constructs a signed JWT that asserts the wallet's control over a specific\n * cryptographic key (DPoP key). This is a security measure to ensure that the entity\n * presenting the credential offer is the legitimate wallet instance.\n \n @public\n * @async\n * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.\n * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.\n /\n public async createItWalletAttestationJwt(\n options: WalletAttestationOptions,\n ): Promise<string> {\n if (!options.dpopJwkPublic.kid) {\n throw new WalletProviderError(\"The DPoP JWK must have a 'kid' property\");\n }\n\n const walletAttestation = await this.createWalletAttestationJwt({\n clientId: options.dpopJwkPublic.kid,\n confirmation: {\n // We use the same key for DPoP as the wallet attestation\n jwk: options.dpopJwkPublic,\n },\n expiresAt:\n options.expiresAt ?? addSecondsToDate(new Date(), 3600 24 * 60 * 60),\n issuer: options.issuer,\n signer: {\n alg: \"ES256\",\n kid: options.signer.walletProviderJwkPublicKid,\n method: \"federation\", // Indicates the validation method relies on a trust chain.\n trustChain: options.signer.trustChain,\n },\n walletLink: options.walletLink,\n walletName: options.walletName,\n });\n\n return walletAttestation;\n }\n}\n"],"mappings":";AAGO,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOO,IAAM,sBAAN,cAAkC,aAAa;AAAA,EACpD,YACE,SACgB,eAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;;;~~ACzBA~~,SAAS,gCAAgC;AACzC,SAAS,wBAAwB;AA8D1B,IAAM,iBAAN,cAA6B,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAa3D,MAAa,6BACX,SACiB;AACjB,QAAI,CAAC,QAAQ,cAAc,KAAK;AAC9B,YAAM,IAAI,oBAAoB,yCAAyC;AAAA,IACzE;AAEA,UAAM,oBAAoB,MAAM,KAAK,2BAA2B;AAAA,MAC9D,UAAU,QAAQ,cAAc;AAAA,MAChC,cAAc;AAAA;AAAA,QAEZ,KAAK,QAAQ;AAAA,MACf;AAAA,MACA,WACE,QAAQ,aAAa,iBAAiB,oBAAI,KAAK,GAAG,OAAO,KAAK,KAAK,EAAE;AAAA,MACvE,QAAQ,QAAQ;AAAA,MAChB,QAAQ;AAAA,QACN,KAAK;AAAA,QACL,KAAK,QAAQ,OAAO;AAAA,QACpB,QAAQ;AAAA;AAAA,QACR,YAAY,QAAQ,OAAO;AAAA,MAC7B;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,YAAY,QAAQ;AAAA,IACtB,CAAC;AAED,WAAO;AAAA,EACT;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/errors.ts","../src/wallet-provider/WalletProvider.ts"],"sourcesContent":["/*\n Generic error thrown on Oid4vci operations\n /\nexport class Oid4vciError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"Oid4vciError\";\n }\n}\n\n/\n Error thrown in case the DPoP key passed to the\n * {@link WalletProvider.createItWalletAttestationJwt} method\n * doesn't contain a kid\n /\nexport class WalletProviderError extends Oid4vciError {\n constructor(\n message: string,\n public readonly originalError?: unknown,\n ) {\n super(message);\n this.name = \"WalletProviderError\";\n }\n}\n\n/\n Error thrown when an unexpected error occurs during nonce request.\n /\nexport class NonceRequestError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"NonceRequestError\";\n }\n}\n","import { ClientAttestationJwtPayload } from \"@openid4vc/oauth2\";\nimport { Openid4vciWalletProvider } from \"@openid4vc/openid4vci\";\nimport { addSecondsToDate } from \"@openid4vc/utils\";\n\nimport { WalletProviderError } from \"../errors\";\n\n/\n @interface WalletAttestationOptions\n * @description Defines the options required to create a wallet attestation JWT.\n * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.\n /\nexport interface WalletAttestationOptions {\n /\n The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.\n * This key is used to bind the attestation to the client's session.\n * @type {ClientAttestationJwtPayload['cnf']}\n /\n dpopJwkPublic: ClientAttestationJwtPayload[\"cnf\"][\"jwk\"];\n\n /\n The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.\n * @type {Date}\n /\n expiresAt?: Date;\n /\n The issuer of the attestation, typically the Wallet Provider's identifier.\n * @type {string}\n /\n issuer: string;\n\n signer: {\n /\n An array of JWTs representing the chain of trust from the federation's trust anchor\n * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.\n * @type {[string, ...string[]]}\n /\n trustChain: [string, ...string[]];\n\n /\n The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.\n * @type {string}\n /\n walletProviderJwkPublicKid: string;\n };\n\n /\n An optional deep link or URL that can be used to open or interact with the wallet.\n * @type {string}\n /\n walletLink?: string;\n\n /\n An optional display name for the wallet.\n * @type {string}\n /\n walletName?: string;\n}\n\n/\n @class WalletProvider\n * @extends Openid4vciWalletProvider\n * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).\n * It handles the creation of wallet attestations required during the credential issuance flow.\n /\nexport class WalletProvider extends Openid4vciWalletProvider {\n /\n Creates a wallet attestation JWT.\n \n This method constructs a signed JWT that asserts the wallet's control over a specific\n * cryptographic key (DPoP key). This is a security measure to ensure that the entity\n * presenting the credential offer is the legitimate wallet instance.\n \n @public\n * @async\n * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.\n * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.\n /\n public async createItWalletAttestationJwt(\n options: WalletAttestationOptions,\n ): Promise<string> {\n if (!options.dpopJwkPublic.kid) {\n throw new WalletProviderError(\"The DPoP JWK must have a 'kid' property\");\n }\n\n const walletAttestation = await this.createWalletAttestationJwt({\n clientId: options.dpopJwkPublic.kid,\n confirmation: {\n // We use the same key for DPoP as the wallet attestation\n jwk: options.dpopJwkPublic,\n },\n expiresAt:\n options.expiresAt ?? addSecondsToDate(new Date(), 3600 24 * 60 * 60),\n issuer: options.issuer,\n signer: {\n alg: \"ES256\",\n kid: options.signer.walletProviderJwkPublicKid,\n method: \"federation\", // Indicates the validation method relies on a trust chain.\n trustChain: options.signer.trustChain,\n },\n walletLink: options.walletLink,\n walletName: options.walletName,\n });\n\n return walletAttestation;\n }\n}\n"],"mappings":";AAGO,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOO,IAAM,sBAAN,cAAkC,aAAa;AAAA,EACpD,YACE,SACgB,eAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,oBAAN,cAAgC,MAAM;AAAA,EAC3C,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;;;ACtCA,SAAS,gCAAgC;AACzC,SAAS,wBAAwB;AA8D1B,IAAM,iBAAN,cAA6B,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAa3D,MAAa,6BACX,SACiB;AACjB,QAAI,CAAC,QAAQ,cAAc,KAAK;AAC9B,YAAM,IAAI,oBAAoB,yCAAyC;AAAA,IACzE;AAEA,UAAM,oBAAoB,MAAM,KAAK,2BAA2B;AAAA,MAC9D,UAAU,QAAQ,cAAc;AAAA,MAChC,cAAc;AAAA;AAAA,QAEZ,KAAK,QAAQ;AAAA,MACf;AAAA,MACA,WACE,QAAQ,aAAa,iBAAiB,oBAAI,KAAK,GAAG,OAAO,KAAK,KAAK,EAAE;AAAA,MACvE,QAAQ,QAAQ;AAAA,MAChB,QAAQ;AAAA,QACN,KAAK;AAAA,QACL,KAAK,QAAQ,OAAO;AAAA,QACpB,QAAQ;AAAA;AAAA,QACR,YAAY,QAAQ,OAAO;AAAA,MAC7B;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,YAAY,QAAQ;AAAA,IACtB,CAAC;AAED,WAAO;AAAA,EACT;AACF;","names":[]}

package/package.json CHANGED Viewed

@@ -1,15 +1,18 @@
 {
   "name": "@pagopa/io-wallet-oid4vci",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "files": [
     "dist"
   ],
   "license": "Apache-2.0",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
   "exports": {
     ".": {
+      "types": "./dist/index.d.ts",
       "import": "./dist/index.mjs",
-      "require": "./dist/index.js",
-      "types": "./dist/index.d.ts"
+      "require": "./dist/index.js"
     },
     "./package.json": "./package.json"
   },
@@ -27,13 +30,11 @@
     "@openid4vc/oauth2": "0.3.0-alpha-20250714110838",
     "@openid4vc/openid4vci": "0.3.0-alpha-20250714110838",
     "@openid4vc/utils": "0.3.0-alpha-20250714110838",
-    "zod": "^3.24.2"
+    "zod": "^3.24.2",
+    "@pagopa/io-wallet-utils": "0.5.0"
   },
   "scripts": {
-    "build": "tsup src/index.ts --format cjs,esm --dts --clean --sourcemap",
+    "build": "tsup src/index.ts --format cjs,esm --dts --sourcemap",
     "test": "vitest"
-  },
-  "main": "./dist/index.js",
-  "module": "./dist/index.mjs",
-  "types": "./dist/index.d.ts"
+  }
 }