@pagopa/io-wallet-oid4vci 1.3.0 → 1.4.0

package/README.md

@@ -36,6 +36,7 @@ import { WalletProvider, WalletAttestationOptions } from '@pagopa/io-wallet-oid4
 
 // Create wallet attestation
 const attestationOptions: WalletAttestationOptions = {
+  callbacks: { hash: myHashCallback, signJwt: mySignJwtCallback },
   issuer: "https://wallet-provider.example.com",
   dpopJwkPublic: {
     // JWK public key for DPoP binding
@@ -306,7 +307,7 @@ export class Oid4vciError extends Error {
 ```
 Generic error thrown on Oid4vci operations
 
-Error thrown in case the DPoP key passed to the `WalletProvider.createItWalletAttestationJwt` method doesn't contain a kid
+Error thrown when wallet-provider options are invalid or when wallet attestation and key attestation JWT creation fails.
 ```typescript
 export class WalletProviderError extends Oid4vciError {
   constructor(message: string, cause?: unknown) {

package/dist/index.d.mts

@@ -1251,9 +1251,8 @@ declare class Oid4vciError extends Error {
     } & ErrorOptions);
 }
 /**
- * Error thrown in case the DPoP key passed to the
- * {@link WalletProvider.createItWalletAttestationJwt} method
- * doesn't contain a kid
+ * Error thrown when wallet-provider options are invalid or when wallet
+ * attestation and key attestation creation fails.
  */
 declare class WalletProviderError extends Oid4vciError {
     constructor(message: string, options?: ErrorOptions);
@@ -10015,18 +10014,22 @@ declare class WalletProvider {
      * - v1.0: Uses only `trust_chain` in header (federation method); no `status` claim
      * - v1.3: Requires `x5c` in header, optional `trust_chain`; supports optional `nbf` and `status` claims
      * - v1.4: Requires `x5c` in header, optional `trust_chain`; `status`, `wallet_link`, and `wallet_name`
-     *   are all **required**; optional `eudi_wallet_info` claim; sets `sub` to `dpopJwkPublic.kid`
+     *   are all **required**; optional `eudi_wallet_info` claim; sets `sub` to the DPoP JWK thumbprint
      *
      * @public
      * @async
      * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
      * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
-     * @throws {WalletProviderError} When dpopJwkPublic.kid is missing
-     * @throws {ItWalletSpecsVersionError} When version is not supported
+     * @throws {WalletProviderError} When the provided options do not match the configured IT-Wallet
+     * specification version, or when v1.4 options are missing `walletLink`, `walletName`, or `status`.
+     * @throws {ValidationError} When the generated wallet attestation JWT fails validation.
+     * @throws {ClientAttestationError} When wallet attestation JWT creation fails unexpectedly,
+     * including signing errors from the configured `signJwt` callback.
+     * @throws {ItWalletSpecsVersionError} When the configured IT-Wallet specification version is not supported.
      *
      * @example v1.0 - Basic wallet attestation with trust chain
      * const jwt = await provider.createItWalletAttestationJwt({
-     *   callbacks: { signJwt: mySignJwtCallback },
+     *   callbacks: { hash: myHashCallback, signJwt: mySignJwtCallback },
      *   dpopJwkPublic: myJwk,
      *   issuer: "https://wallet-provider.example.com",
      *   signer: {
@@ -10038,7 +10041,7 @@ declare class WalletProvider {
      *
      * @example v1.3 - Wallet attestation with x5c and optional fields
      * const jwt = await provider.createItWalletAttestationJwt({
-     *   callbacks: { signJwt: mySignJwtCallback },
+     *   callbacks: { hash: myHashCallback, signJwt: mySignJwtCallback },
      *   dpopJwkPublic: myJwk,
      *   issuer: "https://wallet-provider.example.com",
      *   signer: {
@@ -10053,7 +10056,7 @@ declare class WalletProvider {
      *
      * @example v1.4 - Wallet attestation with required status and optional eudi_wallet_info
      * const jwt = await provider.createItWalletAttestationJwt({
-     *   callbacks: { signJwt: mySignJwtCallback },
+     *   callbacks: { hash: myHashCallback, signJwt: mySignJwtCallback },
      *   dpopJwkPublic: myJwk,
      *   issuer: "https://wallet-provider.example.com",
      *   signer: {

package/dist/index.d.ts

@@ -1251,9 +1251,8 @@ declare class Oid4vciError extends Error {
     } & ErrorOptions);
 }
 /**
- * Error thrown in case the DPoP key passed to the
- * {@link WalletProvider.createItWalletAttestationJwt} method
- * doesn't contain a kid
+ * Error thrown when wallet-provider options are invalid or when wallet
+ * attestation and key attestation creation fails.
  */
 declare class WalletProviderError extends Oid4vciError {
     constructor(message: string, options?: ErrorOptions);
@@ -10015,18 +10014,22 @@ declare class WalletProvider {
      * - v1.0: Uses only `trust_chain` in header (federation method); no `status` claim
      * - v1.3: Requires `x5c` in header, optional `trust_chain`; supports optional `nbf` and `status` claims
      * - v1.4: Requires `x5c` in header, optional `trust_chain`; `status`, `wallet_link`, and `wallet_name`
-     *   are all **required**; optional `eudi_wallet_info` claim; sets `sub` to `dpopJwkPublic.kid`
+     *   are all **required**; optional `eudi_wallet_info` claim; sets `sub` to the DPoP JWK thumbprint
      *
      * @public
      * @async
      * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
      * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
-     * @throws {WalletProviderError} When dpopJwkPublic.kid is missing
-     * @throws {ItWalletSpecsVersionError} When version is not supported
+     * @throws {WalletProviderError} When the provided options do not match the configured IT-Wallet
+     * specification version, or when v1.4 options are missing `walletLink`, `walletName`, or `status`.
+     * @throws {ValidationError} When the generated wallet attestation JWT fails validation.
+     * @throws {ClientAttestationError} When wallet attestation JWT creation fails unexpectedly,
+     * including signing errors from the configured `signJwt` callback.
+     * @throws {ItWalletSpecsVersionError} When the configured IT-Wallet specification version is not supported.
      *
      * @example v1.0 - Basic wallet attestation with trust chain
      * const jwt = await provider.createItWalletAttestationJwt({
-     *   callbacks: { signJwt: mySignJwtCallback },
+     *   callbacks: { hash: myHashCallback, signJwt: mySignJwtCallback },
      *   dpopJwkPublic: myJwk,
      *   issuer: "https://wallet-provider.example.com",
      *   signer: {
@@ -10038,7 +10041,7 @@ declare class WalletProvider {
      *
      * @example v1.3 - Wallet attestation with x5c and optional fields
      * const jwt = await provider.createItWalletAttestationJwt({
-     *   callbacks: { signJwt: mySignJwtCallback },
+     *   callbacks: { hash: myHashCallback, signJwt: mySignJwtCallback },
      *   dpopJwkPublic: myJwk,
      *   issuer: "https://wallet-provider.example.com",
      *   signer: {
@@ -10053,7 +10056,7 @@ declare class WalletProvider {
      *
      * @example v1.4 - Wallet attestation with required status and optional eudi_wallet_info
      * const jwt = await provider.createItWalletAttestationJwt({
-     *   callbacks: { signJwt: mySignJwtCallback },
+     *   callbacks: { hash: myHashCallback, signJwt: mySignJwtCallback },
      *   dpopJwkPublic: myJwk,
      *   issuer: "https://wallet-provider.example.com",
      *   signer: {

package/dist/index.js

@@ -1593,18 +1593,22 @@ var WalletProvider = class {
    * - v1.0: Uses only `trust_chain` in header (federation method); no `status` claim
    * - v1.3: Requires `x5c` in header, optional `trust_chain`; supports optional `nbf` and `status` claims
    * - v1.4: Requires `x5c` in header, optional `trust_chain`; `status`, `wallet_link`, and `wallet_name`
-   *   are all **required**; optional `eudi_wallet_info` claim; sets `sub` to `dpopJwkPublic.kid`
+   *   are all **required**; optional `eudi_wallet_info` claim; sets `sub` to the DPoP JWK thumbprint
    *
    * @public
    * @async
    * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
    * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
-   * @throws {WalletProviderError} When dpopJwkPublic.kid is missing
-   * @throws {ItWalletSpecsVersionError} When version is not supported
+   * @throws {WalletProviderError} When the provided options do not match the configured IT-Wallet
+   * specification version, or when v1.4 options are missing `walletLink`, `walletName`, or `status`.
+   * @throws {ValidationError} When the generated wallet attestation JWT fails validation.
+   * @throws {ClientAttestationError} When wallet attestation JWT creation fails unexpectedly,
+   * including signing errors from the configured `signJwt` callback.
+   * @throws {ItWalletSpecsVersionError} When the configured IT-Wallet specification version is not supported.
    *
    * @example v1.0 - Basic wallet attestation with trust chain
    * const jwt = await provider.createItWalletAttestationJwt({
-   *   callbacks: { signJwt: mySignJwtCallback },
+   *   callbacks: { hash: myHashCallback, signJwt: mySignJwtCallback },
    *   dpopJwkPublic: myJwk,
    *   issuer: "https://wallet-provider.example.com",
    *   signer: {
@@ -1616,7 +1620,7 @@ var WalletProvider = class {
    *
    * @example v1.3 - Wallet attestation with x5c and optional fields
    * const jwt = await provider.createItWalletAttestationJwt({
-   *   callbacks: { signJwt: mySignJwtCallback },
+   *   callbacks: { hash: myHashCallback, signJwt: mySignJwtCallback },
    *   dpopJwkPublic: myJwk,
    *   issuer: "https://wallet-provider.example.com",
    *   signer: {
@@ -1631,7 +1635,7 @@ var WalletProvider = class {
    *
    * @example v1.4 - Wallet attestation with required status and optional eudi_wallet_info
    * const jwt = await provider.createItWalletAttestationJwt({
-   *   callbacks: { signJwt: mySignJwtCallback },
+   *   callbacks: { hash: myHashCallback, signJwt: mySignJwtCallback },
    *   dpopJwkPublic: myJwk,
    *   issuer: "https://wallet-provider.example.com",
    *   signer: {
@@ -1655,9 +1659,6 @@ var WalletProvider = class {
    * });
    */
   async createItWalletAttestationJwt(options) {
-    if (!options.dpopJwkPublic.kid) {
-      throw new WalletProviderError("The DPoP JWK must have a 'kid' property");
-    }
     if (this.specVersion === import_io_wallet_utils15.ItWalletSpecsVersion.V1_0) {
       assertV1_0Options(options);
       return (0, import_io_wallet_oauth29.createWalletAttestationJwtV1_0)({